gitlab.gosec.G103-1

unknown
Download Count*
MIT
License

Using the unsafe package in Go gives you low-level memory management and many of the strength of the C language but also gives flexibility to the attacker of your application. The pointer arithmetic is one of the examples from the unsafe package which can be used for data leak, memory corruption or even execution of attackers own script.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: gosec.G103-1
    patterns:
      - pattern-either:
          - pattern: unsafe.Alignof(...)
          - pattern: unsafe.Offsetof(...)
          - pattern: unsafe.Sizeof(...)
          - pattern: unsafe.Pointer(...)
    message: >
      Using the unsafe package in Go gives you low-level memory management and
      many

      of the strength of the C language but also gives flexibility to the attacker of

      your application. The pointer arithmetic is one of the examples from the unsafe

      package which can be used for data leak, memory corruption or even execution of

      attackers own script.
    metadata:
      cwe: "CWE-242: Audit the use of unsafe block"
      primary_identifier: gosec.G103-1
      secondary_identifiers:
        - name: Gosec Rule ID G103
          type: gosec_rule_id
          value: G103
      license: MIT
    severity: INFO
    languages:
      - go