rules/sdk: a conversion of a smaller uint type to a larger uint type MUST NEVER report an overflow/false positive

[odeke-em]

This code flags overflows

package inttests

func it() {
        _  = uint64(uint32(0))
        _  = uint(uint32(0))
        _  = uint(uint16(0))
        _  = uint(uint8(0))
}

sadly per

$ gosec ./...
[/inttests/it.go:7] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
    6:         _  = uint(uint16(0))
  > 7:         _  = uint(uint8(0))
    8: }

[/inttests/it.go:6] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
    5:         _  = uint(uint32(0))
  > 6:         _  = uint(uint16(0))
    7:         _  = uint(uint8(0))

[/inttests/it.go:5] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
    4:         _  = uint64(uint32(0))
  > 5:         _  = uint(uint32(0))
    6:         _  = uint(uint16(0))

[/inttests/it.go:4] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
    3: func it() {
  > 4:         _  = uint64(uint32(0))
    5:         _  = uint(uint32(0))

Summary:
   Files: 1
   Lines: 8
   Nosec: 0
  Issues: 4

but it really shouldn't report that as an overflow because for every uint* values that's smaller in range , the bits can fit in e..g

• max(uint8) < max(uint16) < max(uint32) < max(uint64)

[odeke-em]

The same thing happens for int to int conversions