Dangerous API
ID |
go.dangerous_api |
Severity |
low |
Resource |
Api |
Language |
Go |
Tags |
CWE:676, NIST.SP.800-53 |
Rationale
The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
This rule specifically examines the use of the unsafe package in Go applications. Utilizing such package can undermine type and memory safety, resulting in unpredictable behavior and potential vulnerabilities, and may cause errors that are challenging to debug.
Remediation
Do not use the unsafe module. If you really need to use it follow these tips:
-
Assess Necessity: Determine if the use of the unsafe package is truly necessary. Often, there might be safer alternatives or native Go solutions that achieve the same result without compromising safety.
-
Refactor Code: Replace unsafe code with standard Go constructs wherever possible. Review the functionality and see if it can be achieved using safe libraries or techniques.
-
Implement Testing: Introduce thorough testing to ensure that changes maintain the intended functionality. Unit and integration tests can help catch issues early.
-
Code Review: Engage in peer code reviews to identify potential risks and validate that unsafe code has been appropriately handled or removed.
-
Documentation: Document any remaining use of unsafe packages, explaining why they are necessary and outlining the precautions taken to mitigate risks.
-
Monitor and Audit: Continuously monitor and audit the codebase for any new instances of unsafe package use, ensuring adherence to best practices in future development.