Fix G115 false positive when going from parsed uint to larger int

Signed-off-by: Dave Henderson <dhenderson@gmail.com>

Author: hairyhenderson

analyzers/conversion_overflow.go

@@ -226,7 +226,12 @@ func isStringToIntConversion(instr *ssa.Convert, dstType string) bool {
 						if err != nil {
 							return false
 						}
-						isSafe := bitSizeValue <= dstInt.size && signed == dstInt.signed
+
+						// we're good if:
+						// - signs match and bit size is <= than destination
+						// - parsing unsigned and bit size is < than destination
+						isSafe := (bitSizeValue <= dstInt.size && signed == dstInt.signed) ||
+							(bitSizeValue < dstInt.size && !signed)
 						return isSafe
 					}
 				}

testutils/g115_samples.go

@@ -426,6 +426,40 @@ import (
         "strconv"
 )
 
+func main() {
+        var a string = "13"
+        b, _ := strconv.ParseUint(a, 10, 16)
+        c := int(b)
+        fmt.Printf("%d\n", c)
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "strconv"
+)
+
+func main() {
+        var a string = "13"
+        b, _ := strconv.ParseUint(a, 10, 31)
+        c := int32(b)
+        fmt.Printf("%d\n", c)
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "strconv"
+)
+
 func main() {
         var a string = "13"
         b, _ := strconv.ParseInt(a, 10, 8)