Moving code to git for:

CWE-197 Control rounding when converting to less precise numbers Prior to moving doc as part of ossf#531 Signed-off-by: Helge Wehder <[email protected]>
myteron · Jun 28, 2024 · 00cea5f · 00cea5f
1 parent 9a1f0d0
commit 00cea5f
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 1 deletion.
diff --git a/docs/Secure-Coding-Guide-for-Python/CWE-664/CWE-197/01/compliant01.py b/docs/Secure-Coding-Guide-for-Python/CWE-664/CWE-197/01/compliant01.py
@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: OpenSSF project contributors
+# SPDX-License-Identifier: MIT
+""" Compliant Code Example """
+foo = int(round(0.9))
+type(foo)  # class int
+print(foo)  # 0
diff --git a/docs/Secure-Coding-Guide-for-Python/CWE-664/CWE-197/01/compliant02.py b/docs/Secure-Coding-Guide-for-Python/CWE-664/CWE-197/01/compliant02.py
@@ -0,0 +1,7 @@
+# SPDX-FileCopyrightText: OpenSSF project contributors
+# SPDX-License-Identifier: MIT
+""" Compliant Code Example """
+from decimal import Decimal, ROUND_HALF_UP, ROUND_HALF_DOWN
+
+print(Decimal("3.5").quantize(Decimal("1"), rounding=ROUND_HALF_UP))
+print(Decimal("3.5").quantize(Decimal("1"), rounding=ROUND_HALF_DOWN))
diff --git a/docs/Secure-Coding-Guide-for-Python/CWE-664/CWE-197/01/noncompliant01.py b/docs/Secure-Coding-Guide-for-Python/CWE-664/CWE-197/01/noncompliant01.py
@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: OpenSSF project contributors
+# SPDX-License-Identifier: MIT
+""" Non-compliant Code Example """
+foo = int(0.9)
+type(foo)   # class int
+print(foo)  #
diff --git a/docs/Secure-Coding-Guide-for-Python/readme.md b/docs/Secure-Coding-Guide-for-Python/readme.md
@@ -41,7 +41,8 @@ It is **not production code** and requires code-style or python best practices t
 |[CWE-664: Improper Control of a Resource Through its Lifetime](https://cwe.mitre.org/data/definitions/664.html)|Prominent CVE|
 |:-----------------------------------------------------------------------------------------------------------------------------------------------|:----|
 |[CWE-134: Use of Externally-Controlled Format String](CWE-664/CWE-134/README.md)|[CVE-2022-27177](https://www.cvedetails.com/cve/CVE-2022-27177/),<br/>CVSSv3.1: **9.8**,<br/>EPSS:**00.37**(01.12.2023)|
-|[CWE-197: Numeric Truncation Error](CWE-664/CWE-197/.)||
+|[CWE-197: Numeric Truncation Error](CWE-664/CWE-197/)||
+|[CWE-197: Control rounding when converting to less precise numbers](CWE-664/CWE-197/01/)||
 |[CWE-400: Uncontrolled Resource Consumption](CWE-664/CWE-400/README.md)||
 |[CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)](CWE-664/CWE-409/.)||
 |[CWE-410: Insufficient Resource Pool](CWE-664/CWE-410/README.md)||