Catalogue
Handling the os.Open() Warning from gosec

Handling the os.Open() Warning from gosec

🌐 日本語で読む

A note on dealing with the os.Open() warning reported by gosec.

When gosec encounters code like the following

1
os.Open(fname)

it reports a warning like this:

1
G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)

Specifying a file path with a variable carries the risk that an unintended file path could be supplied.

Fix

Use filepath.Clean() to sanitize problematic paths.

1
os.Open(filepath.Clean(fname))

That’s all.
I hope you find this helpful.

kenzo0107

kenzo0107