Comments (4)
OK, issue closed, but what's decision do you have? ๐
I mean, it's normal to have this issues now (Fiber is too young), but if we can use external tools (like gosec) for checking security (an not so) issues at code and save our users โ let's do it! ๐
This is some info about G103 (CWE-242) issue:
I fixed two similar issues at #4, but I need help, because I'm not author of Fiber, unfortunately, and don't know why it's important to use unsafe.Pointer()
...
from fiber.
@koddr , Fiber
is build on Fasthttp
and it use the same method to convert bytes to strings and vice-versa. https://github.com/valyala/fasthttp/blob/master/bytesconv.go#L332
So changing this won't matter since it's still being used by the fasthttp
engine. I think adding the // #nosec G103
and a description should be fine ๐
from fiber.
@koddr Thanks for your contribution!
I merged your pull request and addressed your gosec report in the source.
unsafe.Pointer()
is used to convert a byte slice to a string without memory allocation.
from fiber.
@Fenny thx for awesome framework, btw ๐
unsafe.Pointer() is used to convert a byte slice to a string without memory allocation.
Potentially, how we can solve this? Or not any other ways to do this (so easy as unsafe)?
I will go deep to this issue ๐
from fiber.
Related Issues (20)
- ๐ [Bug]: Data race on shutdown HOT 8
- ๐ค [Question]: Calling other endpoints without network HOT 7
- ๐ [Bug]: memory session store calculating expirations with uint32 HOT 3
- ๐ค [Question]: Parsing `map` in POST `form` HOT 3
- ๐งน [Maintenance]: Update docs to use a consistent indentation style HOT 4
- ๐งน [Maintenance]: Fix pushed merge-conflict in `/docs/api/middleware/earlydata.md`
- ๐ค [Question]: Is the Ctx.BodyParser missing in v3? HOT 3
- ๐ค [Question]: How can i upgrade websocket in fiber HOT 6
- ๐ค [Question]: can't se my cookie in the browser HOT 1
- ๐ค [Question]: How to use BodyParse in v3 ? HOT 3
- ๐ค [Question]: How can I disable 304 responses with c.SendFile(), c.Download(), or Filesystem middleware? HOT 4
- ๐ [docs]: Fix broken link in FAQ section HOT 1
- How to use Middleware handler HOT 3
- ๐ค [Question]: Why v3 has no option to DisableStartupMessage HOT 2
- ๐ค [Question]: upstream reply with long time HOT 8
- ๐ค [Question]: i get v3 docs are not exactly v3 docs HOT 1
- ๐ [Proposal]: Re-introduce the DisableStartupMessage configuration option in Fiber v3 HOT 2
- ๐ค [Question]: How to disable logger middleware in some endpoints HOT 2
- ๐ [Bug]: Prefork Not Working on Fiber v3 HOT 2
- ๐ [Proposal]: shutdown procedure
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fiber.