Redundant check for negative value¶
ID: go/negative-length-check Kind: problem Security severity: Severity: warning Precision: very-high Tags: - quality - reliability - correctness - external/cwe/cwe-571 Query suites: - go-code-quality.qls - go-security-and-quality.qls Click to see the query in the CodeQL repository
The built-in len function returns the length of an array, slice or similar, which is never less than zero. Hence, checking whether the result of a call to len is negative is either redundant or indicates a logic mistake.
The same applies to the built-in function cap, and to unsigned integer values.
Recommendation¶
Examine the length check to see whether it is redundant and can be removed, or a mistake that should be fixed.
Example¶
The example below shows a function that returns the first element of an array, triggering a panic if the array is empty:
package main func getFirst(xs []int) int { if len(xs) < 0 { panic("No elements provided") } return xs[0] } However, the emptiness check is ineffective: since len(xs) is never less than zero, the condition will never hold and no panic will be triggered. Instead, the index expression xs[0] will cause a panic.
The check should be rewritten like this:
package main func getFirstGood(xs []int) int { if len(xs) == 0 { panic("No elements provided") } return xs[0] }