Thông tin sản phẩm

G103: Use of unsafe block · Secure Go

Using the unsafe package in Go gives you low-level memory management and many of the strength of the C language but also gives flexibility to the attacker of your application. The pointer arithmetic is one of the examples from the unsafe package which can be used for data leak, memory corruption or even execution of attackers own script.

Also, you should keep in mind that the “unsafe” package is not protected by

Go 1 compatibility guidelines

.

If you want to ignore this rule you can do it, as usual, using the “exclude” option in the command line interface.

Bạn đang xem: G103: Use of unsafe block · Secure Go

Example code:

package main import ( "fmt" "unsafe" ) type Fake struct{} func (Fake) Good() {} func main() { unsafeM := Fake{} unsafeM.Good() intArray := [...]int{1, 2} fmt.Printf("nintArray: %vn", intArray) intPtr := &intArray[0] fmt.Printf("nintPtr=%p, *intPtr=%d.n", intPtr, *intPtr) addressHolder := uintptr(unsafe.Pointer(intPtr)) + unsafe.Sizeof(intArray[0]) intPtr = (*int)(unsafe.Pointer(addressHolder)) fmt.Printf("nintPtr=%p, *intPtr=%d.nn", intPtr, *intPtr) } 

Gosec command line output

[examples/main.go:18] - G103: Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW) > unsafe.Pointer(intPtr) [/Users/mvrachev/Martins/go/src/github.com/securego/examples/main.go:18] - G103: Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW) > unsafe.Sizeof(intArray[0]) [examples/main.go:19] - G103: Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW) > unsafe.Pointer(addressHolder) 

See also:

  • https://golang.org/pkg/unsafe/

Chuyên mục: Thông tin sản phẩm

Related Articles

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

Back to top button