{
"id": "63400632e6483ea31eb4c74a4815b653bec770c590ae66239a2866e129f1186a",
"category": "sast",
"name": "Use of inherently dangerous function (unsafe package)",
"description": "The `unsafe` package in Go allows low-level access to memory management features.\nThis includes pointers and direct access to memory. The Go compiler will no longer\nbe able to enforce type safety when working with the `unsafe` pointer types.\n\nWhile powerful, access to these functions can lead to many security related issues\n such as:\n\n- [Buffer overflows](https://owasp.org/www-community/vulnerabilities/Buffer_Overflow) which\ncan lead to code execution.\n- [Use after free](https://owasp.org/www-community/vulnerabilities/Using_freed_memory) which\ncan lead to code execution.\n- [Information/Memory leaks](https://owasp.org/www-community/vulnerabilities/Memory_leak)\nwhich can leak sensitive information, including data which can\ndefeat other protection mechanisms or cause the system to run out of memory.\n\nUnless required, all calls to the `unsafe` package should be removed.\n",
"cve": "semgrep_id:gosec.G103-1:329:329",
"severity": "High",
"scanner": {
"id": "semgrep",
"name": "Semgrep"
},
"location": {
"file": "lib/auth/touchid/api_darwin.go",
"start_line": 329
},
"identifiers": [
{
"type": "semgrep_id",
"name": "gosec.G103-1",
"value": "gosec.G103-1"
},
{
"type": "cwe",
"name": "CWE-242",
"value": "242",
"url": "https://cwe.mitre.org/data/definitions/242.html"
},
{
"type": "owasp",
"name": "A06:2021 - Vulnerable and Outdated Components",
"value": "A06:2021"
},
{
"type": "owasp",
"name": "A9:2017 - Using Components with Known Vulnerabilities",
"value": "A9:2017"
},
{
"type": "gosec_rule_id",
"name": "Gosec Rule ID G103",
"value": "G103"
}
]
}