DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Go

Go

Made by DeepSource
Use Analyzer

Categories

Programming language

Latest version

v1.25.0

Updated on

Jun 30, 2024

Total issues

394

Autofix

141

Sample configuration

[[analyzers]]

name = "go"

  [analyzers.meta]
  import_root = "github.com/deepsourcelabs/webapp"

Stats

Anti-pattern

94

Bug risk

181

Documentation

4

Performance

17

Security

78

Style

20

Issues

View all
gin.LoadHTMLGlob with ill-formed pattern would panic GO-E1000
Bug risk

gin.LoadHTMLGlob loads HTML files identified by glob pattern and associates the result with HTML renderer, but if the pattern passed is ill-formed, it would result in panic. Hence, one should check pattern before using it as an argument to LoadHTMLGlob.
Redis function called with an incorrect number of arguments GO-E1001
Bug risk

Some functions in go-redis/redis package are variadic functions, i.e., they accept any number of trailing arguments like fmt.Println. A few of them accept any number of trailing arguments, but there could be a runtime panic because of their undocumented behavior. If we look at the implementation of those functions, we will find calls to panic. Following functions are variadic, and if the number of trailing arguments are not correct, it might result in panic:
Audit required: Exposure of sensitive headers GO-S0901
Security

Use of headers like "Server", "X-Powered-By" and "X-AspNet-Version" can leak sensitive information of your application and server. If not necessary, usage of these headers should be avoided.
Audit required: XML package may be vulnerable to XXE attacks GO-S0903
Security

XML specification allows the use of entities that can be internal or external (file system/network access, etc.) which could lead to vulnerabilities such as SSRF or confidential file disclosures. XML package (Go binding to libxml2) might be vulnerable to XXE attacks. When dealing with external entities, one must be very careful when using the package, allowing an attacker to access sensitive data on the filesystem.
Audit required: Insecure gRPC server GO-S0902
Security

gRPC is designed to work with various authentication mechanisms, making it easy to use gRPC to talk to other systems. It is recommended to use the supported authentication mechanisms to shield against multiple types of attacks (e.g., MITM - Man in the Middle Attack).