Skip to content

SKILL.md

Latest commit

 

History

History
181 lines (103 loc) · 3.28 KB

SKILL.md

File metadata and controls

181 lines (103 loc) · 3.28 KB
name cwe-190-integer-overflow
description Use this skill when you need to remediate CWE-190 (Integer Overflow) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing integer overflow issues.
version 1.0.0
license MIT
tags
security
java
cwe-190
remediation
sast

CWE-190 Integer Overflow

Description

Integer Overflow

Reference: https://cwe.mitre.org/data/definitions/190.html

OWASP Category: A03:2021 – Injection

Vulnerable Pattern

❌ Example 1: Vulnerable Pattern

// VULNERABLE: Standard arithmetic can overflow silently
int userQuantity = Integer.parseInt(request.getParameter("quantity"));
int unitPrice = 100;
int total = userQuantity * unitPrice;  // Overflow wraps to negative!

// Array allocation with overflow
int size = width * height;  // Can overflow
byte[] buffer = new byte[size];

Why it's vulnerable: This pattern is vulnerable to Integer Overflow

Deterministic Fix

✅ Secure Implementation: Secure Implementation

// SECURE: Use Math.xxxExact() methods that throw on overflow
int userQuantity = Integer.parseInt(request.getParameter("quantity"));
int unitPrice = 100;

try {
    int total = Math.multiplyExact(userQuantity, unitPrice);
    int withTax = Math.addExact(total, Math.multiplyExact(total, taxRate) / 100);
} catch (ArithmeticException e) {
    throw new IllegalArgumentException("Quantity too large", e);
}

// For array allocations
try {
    int size = Math.multiplyExact(width, height);
    if (size > MAX_ALLOWED_SIZE) {
        throw new IllegalArgumentException("Size exceeds limit");
    }
    byte[] buffer = new byte[size];
} catch (ArithmeticException e) {
    throw new IllegalArgumentException("Dimensions cause overflow", e);
}

Why it's secure: Implements proper protection against Integer Overflow

Detection Pattern

Look for these patterns in your codebase:

# Find arithmetic with parsed input
grep -rn "parseInt\|parseLong" --include="*.java" -A5 | grep -E "\*|\+"

Remediation Steps

  1. Use Math.addExact(), Math.subtractExact(), Math.multiplyExact()

  2. Catch ArithmeticException and handle gracefully

  3. Validate input ranges before arithmetic operations

  4. Use BigInteger for arbitrary precision when needed

Key Imports

import java.lang.Math;

import java.math.BigInteger;

Verification

After remediation:

  • Run SAST scanner to confirm vulnerability is resolved

  • Review all instances of the vulnerable pattern

  • Add unit tests that verify the secure implementation

  • Check for similar patterns in related code

Trigger Examples

Fix CWE-190 vulnerability
Resolve Integer Overflow issue
Secure this Java code against integer overflow
SAST reports CWE-190

Common Vulnerable Locations

Layer Files Patterns

| Controller | *Controller.java | User input handling |

| Service | *Service.java | Business logic |

| Repository | *Repository.java | Data access |

References

Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07