Usage of vulnerable 'unsafe' package

  • Rule ID: go_gosec_unsafe_unsafe
  • Languages: go
  • Source: unsafe.yml


The unsafe package in Go allows for low-level memory management, including direct memory access and pointer manipulation. While unsafe is a powerful library, using it bypasses Go's type safety checks and opens the door to security vulnerabilities and unpredictable behavior in your application.


  • Do not use the unsafe package unless it is absolutely necessary. If you must use it, ensure you fully understand the implications and thoroughly test your code.
  • Do ensure buffer boundaries are respected to avoid buffer overflows. This precaution helps prevent unauthorized code execution.
    buffer := make([]byte, 10)
  • Do not access memory after it has been freed to avoid use-after-free vulnerabilities, which can lead to unintended code execution or unpredictable system behavior.
    unsafePointer := unsafe.Pointer(&data)
    // now unsafe to access
  • Do regularly review and audit your code to prevent memory or information leaks that could compromise security or lead to system failures due to exhausted memory.


Associated CWE


To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=go_gosec_unsafe_unsafe

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=go_gosec_unsafe_unsafe