Uncontrolled NULL pointer dereference in ServerCodec ReadRequestBody
Description
The `func ($O *$CODEC) ReadRequestBody($ARG $TYPE) error` function does not handle `nil` argument, as the `ServerCodec` interface requires. An incorrect implementation could lead to denial of service
Examples
Insecure Code
go
func (c *MyCodec) ReadRequestBody(arg *MyType) error { /* no nil check */ }Secure Code
go
func (c *MyCodec) ReadRequestBody(arg *MyType) error { if arg == nil { return errors.New("nil argument") } /* rest of the function */ }Remediation
Add a nil check for the argument in the ReadRequestBody function
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0205 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-476 |
| Confidence | HIGH |
| Impact | LOW |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | denial of service |
| OWASP | N/A |