Categories

Programming language

Latest version

v1.4.3

Updated on

Jun 16, 2022

Issues

267

Autofix

94

Sample configuration


[[analyzers]]

name = "go"
enabled = true

  [analyzers.meta]
  import_root = "github.com/deepsourcelabs/webapp"

Stats


Anti-pattern

69

Bug risk

124

Performance

12

Security

50

Style

12

Issues


View all
`gin.LoadHTMLGlob` with ill-formed pattern would panicGO-E1000
Bug risk

gin.LoadHTMLGlob loads HTML files identified by glob pattern and associates the result with HTML renderer, but if the pattern passed is ill-formed, it would result in panic. Hence, one should check pattern before using it as an argument to LoadHTMLGlob.

Audit required: Exposure of sensitive headersGO-S0901
Security

Use of headers like "Server", "X-Powered-By" and "X-AspNet-Version" can leak sensitive information of your application and server. If not necessary, usage of these headers should be avoided.

Audit required: XML package may be vulnerable to XXE attacksGO-S0903
Security

XML specification allows the use of entities that can be internal or external (file system/network access, etc.) which could lead to vulnerabilities such as SSRF or confidential file disclosures. XML package (Go binding to libxml2) might be vulnerable to XXE attacks. When dealing with external entities, one must be very careful when using the package, allowing an attacker to access sensitive data on the filesystem.

Audit required: Insecure gRPC serverGO-S0902
Security

gRPC is designed to work with various authentication mechanisms, making it easy to use gRPC to talk to other systems. It is recommended to use the supported authentication mechanisms to shield against multiple types of attacks (e.g., MITM - Man in the Middle Attack).