UNGOML, an automated classifier for Go’s unsafe package, uses deep learning to classify the purpose of unsafe usages. It achieves over 86% accuracy, aiding in tasks like refactoring and security audits by identifying what is done with the unsafe package and why.
We conducted an empirical study to understand how frequently the unsafe API is used in Go. We show that 38% of the analyzed projects directly use the unsafe API. Further, we introduce go-geiger and go-safer to assess usages of the API.
This paper presents a static taint analysis for Go, a statically typed language with concurrent programming features like goroutines and channel communication. The analysis focuses on secure information flow to prevent vulnerabilities caused by unchecked user input, offering solutions for both context-sensitive taint analysis and channel communication in Go.
This paper presents current information flow analyses for Go applications, discussing future uses of static analysis at runtime to enhance precision and optimize checks. It focuses on unique Go features like closures and message-based communication via channels