TechQA.

Checkmarx Resource Exhaustion in Golang url.Parse

810 views Asked by At

I'm getting Checkmarx issue:

The resource Parse allocated by FUNCTION_X in the file FILE at line LINE is prone to resource exhaustion when used by FUNCTION_Y in the file FILE at line LINE.

I can see that data from Parse result is processed in a loop, so I added a length check before the loop, sth like this:

if len(query) > 100 {
    return nil, fmt.Errorf("too many query params [%d]", len(query))
}
for k := range query {
    // ...
}

But Checkmarx is still complaining. Does anyone know how to fix this?

Thank you.

go security checkmarx denial-of-service
Original Q&A
1

There are 1 answers

1
yaloner On

Having looked into it, it’s not about url.parse, it is about passing user inputs to a loop controlled by len().

Your code is fine, and Checkmarx SAST needs to understand that len() is the size/length function for Go.

You should mark this as Not Exploitable and report it as False Positive to Checkmarx.

Related Questions in GO

Related Questions in SECURITY

Related Questions in CHECKMARX

Related Questions in DENIAL-OF-SERVICE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions