Skip to content
Critiq Docs

Search docs

Search documentation pages and rules

security.memory-safety

Avoid the `unsafe` package outside vetted boundaries

Production Go code should not import the `unsafe` package, which bypasses the type system and memory safety guarantees.

#Metadata

Rule ID
go.security.unsafe-package-import
Severity
medium
Confidence
0.9
Languages
go
Presets
security, strict
Stability
experimental
Applies to
block
Tags
go, memory-safety, rules-catalog, security

#Why it matters

`unsafe.Pointer` lets callers reinterpret arbitrary memory, hiding undefined behaviour and creating vulnerabilities that escape Go's compiler checks.

#Remediation

Replace `unsafe.Pointer` usage with typed APIs from `reflect`, `encoding/binary`, or `cgo` boundaries that explicitly document and contain the unsafe scope.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/go/go.security.unsafe-package-import.rule.yaml.

Back to directoryOpen rule in repository