The goal of this thesis is the identification and analysis of unsafe usages in popular Go applications. The unsafe API allows developers to circumvent the memory-safety functionality in Go. Previous research analyzed the usages and resulting security implications for related APIs in Java and Rust. In this thesis, we aim to evaluate the usage and security issues caused by unsafe usages in Go.

To achieve this aim, we analyzed possible security vulnerabilities due to unsafe usages in Go. To quantify the unsafe usages in Go, we implemented an analysis, go-geiger, to identify unsafe usages in the application code and its dependencies. Based on an analysis of the usages, we identified the main underlying reasons to integrate the unsafe library into the code. Further, we implemented go-safer to identify security-critical usages.

The thesis resulted in the publication: Uncovering the Hidden Dangers: Finding Unsafe Go Code in the Wild by Johannes Lauinger, Lars Baumgärtner, Anna-Katharina Wickert, and Mira Mezini published at TrustCom20.

Publications

• Johannes Lauinger: Identification and Analysis of unsafe.Pointer Usage Patterns in Open-Source Go Code.
• Lauinger, Johannes ; Baumgärtner, Lars ; Wickert, Anna-Katharina ; Mezini, Mira : Uncovering the Hidden Dangers: Finding Unsafe Go Code in the Wild.. In: Proceedings : 2020 IEEE 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 410-417, IEEE, TrustCom 2020, virtual Conference, 29.12.2020-01.01.2021, ISBN 978-0-7381-4380-4, [Conference or Workshop Item]