Improve Go memory aliasing rule (!187) · Merge requests · GitLab.org / security-products / sast-rules

Current Go memory aliasing rule detects only for _, $ARG := range ... pattern, which cannot detect when index is not assigned to _.

e.g. for i, s := range array { fmt.Println("%d %p", i, &s) }

Current pattern:

        for _, $ARG := range $SLICE {
          <... &($ARG) ...>
        }

I think it should be the following pattern:

        for ..., $ARG := range $SLICE {
          <... &($ARG) ...>
        }

Edited Jul 04, 2023 by tyage

Improve Go memory aliasing rule