trailofbits
Written by the Trail of Bits security experts. See https://github.com/trailofbits/semgrep-rules for more.
Run Locally
Rules (46)
trailofbitsPossible race condition due to memory aliasing of variable `$X`
trailofbitsPotential goroutine leak due to unbuffered channel send inside loop or unbuffered channel receive in select block
trailofbitsIteration over a possibly empty map `$C`. This is likely a bug or redundant code.
trailofbitsPotential `$FOO` nil dereference when `$BAR` is called
trailofbitsLogic executed as a result of ticker `$TICKER` may execute more times than desired. When both `$TICKER` and `$DONECHAN` are written to at the same time, the scheduler randomly picks a case to execute. As a result, the `$TICKER.C` may excute one more time than expected.
trailofbitsShould `$X` be modified when an error could be returned?
trailofbitsAppending `$SLICE` from multiple goroutines is not concurrency safe
trailofbitsWriting `$MAP` from multiple goroutines is not concurrency safe
trailofbitsThe `func ($O *$CODEC) ReadRequestBody($ARG $TYPE) error` function does not handle `nil` argument, as the `ServerCodec` interface requires. An incorrect implementation could lead to denial of service
trailofbitsUsing `time.Sleep` for synchronizations is generally considered bad practice.
trailofbitsDowncasting or changing sign of an integer with `$CAST_METHOD` method
trailofbitsA `sync.Mutex` is copied in function `$FUNC` given that `$T` is value receiver. As a result, the struct `$T` may not be locked as intended
trailofbitsUnchecked type assertion.
trailofbitsCalling `$WG.Add` inside of an anonymous goroutine may result in `$WG.Wait` waiting for more or less calls to `$WG.Done()` than expected
trailofbitsCalling `$WG.Wait()` inside a loop blocks the call to `$WG.Done()`
trailofbitsPossible path traversal through `tarfile.open($PATH).extractall()` if the source tar is controlled by an attacker
trailofbitsVariable `$X` is likely modified and later used on error. In some cases this could result in panics due to a nil dereference
trailofbitsIteration over a possibly empty map `$C`. This is likely a bug or redundant code
trailofbitsMissing `RUnlock` on an `RWMutex` lock before returning from a function
trailofbitsMissing mutex unlock before returning from a function. This could result in panics resulting from double lock operations
trailofbitsThe function is vulnerable to DLL hijacking attacks. Use `windows.NewLazySystemDLL()` function to limit DLL search to the Windows directory
trailofbitsIf possible, it is better to rely on automatic pinning in PyTorch to avoid undefined behavior and for efficiency
trailofbitsFound usage of the `$FLAVOR` library, which is vulnerable to attacks such as XML external entity (XXE) attacks
trailofbitsNumPy distutils is deprecated, and will be removed in the future
trailofbitsCompiling arbitrary code can result in code execution. Ensure the source code is from a trusted location
trailofbitsUsing the NumPy RNG inside of a PyTorch dataset can lead to a number of issues with loading data, including identical augmentations. Instead, use the random number generators built into Python and PyTorch
trailofbitsUsage of NumPy library inside PyTorch `$MODULE` module was found. Avoid mixing these libraries for efficiency and proper ONNX loading
trailofbitsUsing the NumPy RNG inside of a Torch dataset can lead to a number of issues with loading data, including identical augmentations. Instead, use the random number generators built into Python and PyTorch
trailofbitsLoading custom operator libraries can result in arbitrary code execution
trailofbitsLoading custom operator libraries can result in arbitrary code execution
trailofbitsFunctions reliant on pickle can result in arbitrary code execution. Consider using fickling or switching to a safer serialization method
trailofbitsFunctions reliant on pickle can result in arbitrary code execution. Consider using fickling or switching to a safer serialization method
trailofbitsFunctions reliant on pickle can result in arbitrary code execution
trailofbitsFunctions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
trailofbitsFunctions reliant on pickle can result in arbitrary code execution
trailofbitsLoading custom operator libraries can result in arbitrary code execution
trailofbitsAvoid importing torch.package - it can result in arbitrary code execution via pickle
trailofbitsAvoid using `torch.Tensor()` to directly create a tensor for efficiency and proper parsing
trailofbitsScikit `joblib` uses pickle under the hood. Functions reliant on pickle can result in arbitrary code execution. Consider using `skops` instead.
trailofbitsLoading custom operator libraries can result in arbitrary code execution
trailofbitsLoading custom operator libraries can result in arbitrary code execution
trailofbitsAvoid importing torch.package - it can result in arbitrary code execution via pickle
trailofbitsAvoid using `torch.Tensor()` to directly create a tensor for efficiency and proper parsing
trailofbitsNot waiting for requests is a source of undefined behavior
trailofbitsNot waiting for requests is a source of undefined behavior
trailofbits`expect` or `unwrap` called in function returning a `Result`