I'm getting Checkmarx issue:
The resource Parse allocated by FUNCTION_X in the file FILE at line LINE is prone to resource exhaustion when used by FUNCTION_Y in the file FILE at line LINE.
I can see that data from Parse result is processed in a loop, so I added a length check before the loop, sth like this:
if len(query) > 100 {
return nil, fmt.Errorf("too many query params [%d]", len(query))
}
for k := range query {
// ...
}
But Checkmarx is still complaining. Does anyone know how to fix this?
Thank you.
Having looked into it, it’s not about
url.parse, it is about passing user inputs to a loop controlled bylen().Your code is fine, and Checkmarx SAST needs to understand that
len()is the size/length function for Go.You should mark this as Not Exploitable and report it as False Positive to Checkmarx.