DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Go

Go

Made by DeepSource
Use Analyzer

Exposure of directory listing using Static GO-S1036

Security
Major
 Autofix a01 owasp top 10 cwe-548

A directory listing is inappropriately exposed using github.com/gofiber/fiber/v2's Static, yielding potentially sensitive information to attackers.

Bad practice

package main

import (
    "github.com/gofiber/fiber/v2"
)

func main() {
    app := fiber.New()
    app.Static("/static", "./static", fiber.Static{Browse: true})
}

Recommended

package main

import (
    "github.com/gofiber/fiber/v2"
)

func main() {
    app := fiber.New()
    app.Static("/static", "./static", fiber.Static{Browse: false})
}

or

package main

import (
    "github.com/gofiber/fiber/v2"
)

func main() {
    app := fiber.New()
    app.Static("/static", "./static")
}

References