Movatterモバイル変換

[0]ホーム
URL:

Skip to content
DEV Community
Log in Create account

DEV Community

Christophe Colombier
Christophe Colombier

Posted on • Edited on

     

go-safecast: Safe number conversion in Go 🪄

I worked on my first open-source package last weekend.

GitHub logo ccoVeille / go-safecast

Safe number conversion in Go: address gosec G115 and cwe-190 Integer Overflow or Wraparound

🪄 go-safecast: safe numbers conversion

Go Report CardGoDoccodecovCode ClimateGo ImportsGitHub Repo stars

go-safecast solves the type conversion issues in Go

In Go, integer type conversion can lead to a silent and unexpected behavior and errors if not handled carefully.

This package helps to convert any number to another, and report an error when if there would be aloss or overflow in the conversion

Usage

package mainimport ("fmt""math""github.com/ccoveille/go-safecast")funcmain() {varainta=42b,err:=safecast.ToUint8(a)// everything is fineiferr!=nil {fmt.Println(err)  }fmt.Println(b)// Output: 42a=255+1_,err=safecast.ToUint8(a)// 256 is greater than uint8 maximum valueiferr!=nil {fmt.Println(err)// Output: conversion issue: 256
Enter fullscreen modeExit fullscreen mode

About the story behind this library, you can read my first article about integer overflow in Go

As I found nothing to cope with this kind of error, except adding a lot of boilerplate for each cast to do, so I decided to make my own Go package.

@ldemailly helped me to review the code, thank.

The package is now mature enough for me to talk about it.

So instead of this

varaintvarbuint8a=255+1b=uint8(a)ifa<0||a>math.MaxUint8{log.Println("overflow")}fmt.Println(b)a=-1b=uint8(a)ifa<0||a>math.MaxUint8{log.Println("overflow")}fmt.Println(b)c,d:=255,300res:=max(c,d)ifres<0||res>math.MaxInt8{log.Println("overflow")}fmt.Println(int8(res))str:="\x99"// hexadecimal representation of Trademark ASCII character: ™e:=str[0]ife<0||e>math.MaxInt8{log.Println("overflow")}fmt.Println(int8(e))
Enter fullscreen modeExit fullscreen mode

Go Playground

You can now do this

varaintvarbuint8a=255+1b,err:=safecast.ToUint8(a)iferr!=nil{log.Println(err)}fmt.Println(b)a=-1b,err=safecast.ToUint8(a)iferr!=nil{log.Println(err)}fmt.Println(b)c,d:=255,300res:=max(c,d)g,err:=safecast.ToInt8(res)iferr!=nil{log.Println(err)}fmt.Println(g)str:="\x99"// hexadecimal representation of Trademark ASCII character: ™e:=str[0]f,err:=safecast.ToUint8(e)iferr!=nil{log.Println(err)}fmt.Println(f)
Enter fullscreen modeExit fullscreen mode

Go Playground

I'm curious about your feedbacks

Top comments(1)

Subscribe
pic
Create template

Templates let you quickly answer FAQs or store snippets for re-use.

Dismiss
CollapseExpand
 
ldemailly profile image
Laurent Demailly
ex Yahoo, Facebook, Google and more
  • Joined
• Edited on• Edited

Great series on a serious problem, and thanks for the mention!

If you don’t mind I’d like to offer my smaller and simpler (I think) generic version:pkg.go.dev/fortio.org/safecast for people to consider. It also has Must* variant of the conversions.

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment'spermalink.

For further actions, you may consider blocking this person and/orreporting abuse

Smiling person, father of two, Husband, Senior Developer/Architect (in that exact order, it's important)Experience in development since 2004Linux user and advocate since 2001
  • Location
    Villeurbanne, France
  • Education
    Arts et Métiers
  • Work
    VP Technology
  • Joined

More fromChristophe Colombier

DEV Community

We're a place where coders share, stay up-to-date and grow their careers.

Log in Create account
[8]ページ先頭
©2009-2025 Movatter.jp