InfrastructureAWSGoDatabaseMonitoringRaspberryPIPythonTerraformGitAIDIYData Analytics
Catalogue
Handling the os.Open() Warning from gosec
Posted 2019-12-09Goa few seconds read (About 83 words)

Handling the os.Open() Warning from gosec

🌐 日本語で読む

A note on dealing with the os.Open() warning reported by gosec.

When gosec encounters code like the following

1
os.Open(fname)

it reports a warning like this:

1
G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)

Specifying a file path with a variable carries the risk that an unintended file path could be supplied.

Fix

Use filepath.Clean() to sanitize problematic paths.

1
os.Open(filepath.Clean(fname))

That’s all.
I hope you find this helpful.

Handling the os.Open() Warning from gosec

https://kenzo0107.github.io/en/2019/12/09/gosec-os-open/

Author

Kenzo Tanaka

Posted on

2019-12-09

Licensed under

#

Like this article? Support the author with

Catalogue

×