Use of inherently dangerous function (unsafe package)
Description
The `unsafe` package in Go allows low-level access to memory management features, which can lead to security-related issues such as buffer overflows, use after free, and information/memory leaks. Unless required, all calls to the `unsafe` package should be removed.
Examples
Insecure Code
go
unsafe.Alignof(myStruct)Secure Code
go
Use safe alternatives, such as reflect package or standard library functionsRemediation
Remove or refactor code using the `unsafe` package to avoid potential security vulnerabilities.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0797 |
| Category | InsecureConfig |
| Severity | HIGH |
| CWE | CWE-242 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | memory-safety, security |
| OWASP | A9:2017-Using Components with Known Vulnerabilities, A06:2021-Vulnerable and Outdated Components |