Your environment:
- Fiber Web Framework [e.g.
1.2.3]: 1.2.3
- OS [e.g.
macOS 10.14.6]: macOS 10.14.6
- Golang [e.g.
1.13.7]: 1.13.7
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
- Install securego/gosec
- Run
$ gosec ./...
- See security report:
Issue G204 (CWE-78): Subprocess launched with function call as argument or cmd arguments:
[/Users/koddr/CodeProjects/fiber/listen.go:101] - G204 (CWE-78): Subprocess launched with function call as argument or cmd arguments (Confidence: HIGH, Severity: MEDIUM)
> exec.Command(os.Args[0], "-prefork", "-child")
Issue G103 (CWE-242): Use of unsafe calls should be audited:
[/Users/koddr/CodeProjects/fiber/utils.go:82] - G103 (CWE-242): Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
> unsafe.Pointer(&b)
[/Users/koddr/CodeProjects/fiber/utils.go:86] - G103 (CWE-242): Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
> unsafe.Pointer(&s)
Expected behavior
No security issues on report.
Screenshots
No need.
Additional context
Full console output:
$ sw_vers
ProductName: Mac OS X
ProductVersion: 10.14.6
BuildVersion: 18G2022
$ go version
go version go1.13.7 darwin/amd64
$ gosec ./...
[gosec] 2020/02/02 12:32:41 Including rules: default
[gosec] 2020/02/02 12:32:41 Excluding rules: default
[gosec] 2020/02/02 12:32:41 Import directory: /Users/koddr/CodeProjects/fiber
[gosec] 2020/02/02 12:32:42 Checking package: fiber
[gosec] 2020/02/02 12:32:42 Checking file: /Users/koddr/CodeProjects/fiber/application.go
[gosec] 2020/02/02 12:32:42 Checking file: /Users/koddr/CodeProjects/fiber/context.go
[gosec] 2020/02/02 12:32:42 Checking file: /Users/koddr/CodeProjects/fiber/listen.go
[gosec] 2020/02/02 12:32:42 Checking file: /Users/koddr/CodeProjects/fiber/methods.go
[gosec] 2020/02/02 12:32:42 Checking file: /Users/koddr/CodeProjects/fiber/request.go
[gosec] 2020/02/02 12:32:42 Checking file: /Users/koddr/CodeProjects/fiber/response.go
[gosec] 2020/02/02 12:32:42 Checking file: /Users/koddr/CodeProjects/fiber/router.go
[gosec] 2020/02/02 12:32:42 Checking file: /Users/koddr/CodeProjects/fiber/static.go
[gosec] 2020/02/02 12:32:42 Checking file: /Users/koddr/CodeProjects/fiber/status.go
[gosec] 2020/02/02 12:32:42 Checking file: /Users/koddr/CodeProjects/fiber/types.go
[gosec] 2020/02/02 12:32:42 Checking file: /Users/koddr/CodeProjects/fiber/utils.go
[gosec] 2020/02/02 12:32:42 Import directory: /Users/koddr/CodeProjects/fiber/middleware
[gosec] 2020/02/02 12:32:42 Checking package: middleware
[gosec] 2020/02/02 12:32:42 Checking file: /Users/koddr/CodeProjects/fiber/middleware/cors.go
[gosec] 2020/02/02 12:32:42 Checking file: /Users/koddr/CodeProjects/fiber/middleware/helmet.go
Results:
[/Users/koddr/CodeProjects/fiber/listen.go:101] - G204 (CWE-78): Subprocess launched with function call as argument or cmd arguments (Confidence: HIGH, Severity: MEDIUM)
> exec.Command(os.Args[0], "-prefork", "-child")
[/Users/koddr/CodeProjects/fiber/utils.go:82] - G103 (CWE-242): Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
> unsafe.Pointer(&b)
[/Users/koddr/CodeProjects/fiber/utils.go:86] - G103 (CWE-242): Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
> unsafe.Pointer(&s)
Summary:
Files: 13
Lines: 1671
Nosec: 0
Issues: 3
Your environment:
1.2.3]:1.2.3macOS 10.14.6]:macOS 10.14.61.13.7]:1.13.7Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
$ gosec ./...Issue G204 (CWE-78): Subprocess launched with function call as argument or cmd arguments:
Issue G103 (CWE-242): Use of unsafe calls should be audited:
Expected behavior
No security issues on report.
Screenshots
No need.
Additional context
Full console output: