Skip to content

gnovm/pkg/gnolang: Gno permits invalid compiler directive placements: Go rejects invalid compiler directives affixed as comments on statements but Gno accepts such #4127

New issue
New issue
Open
Open
gnovm/pkg/gnolang: Gno permits invalid compiler directive placements: Go rejects invalid compiler directives affixed as comments on statements but Gno accepts such#4127
Labels
🐞 bugSomething isn't working
@odeke-em

Description

@odeke-em
odeke-em
opened on Apr 13, 2025

Description

This code

package main //go:generate say "Pwned"

func main() {}

is invalid in Go because it doesn't match the rules per https://pkg.go.dev/cmd/compile#hdr-Compiler_Directives

but it successfully compiles and runs in Gno.

Implications

Allowing compiler directives in misplaced positions can result in a security vector whereby security and static analysis tools won't be able to detect such entirely for Gno and then later be used to run arbitrary code.

Metadata

Metadata

Assignees

No one assigned

    Labels

    🐞 bugSomething isn't working

    Type

    No type

    Projects

    🧙‍♂️gno.land core team

    Status

    Triage

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions