Go

Binding to all network interfaces can potentially open up a service to traffic on unintended interfaces.

Detects imports of crypto/des since they are considered vulnerable.

Detects imports of crypto/rc4 since it is considered vulnerable.

Use of net/http/cgi is considered vulnerable in versions of Go lower than 1.15.1

Detects imports of crypto/sha1 since they are considered vulnerable.

Excessive permissions granted when creating a directory. This warning is triggered whenever permission greater than 0750 is given.

Excessive permissions granted to a file/directory. This warning is triggered whenever permission greater than 0600 is granted.

Use os.TempDir, ioutil.TempDir and ioutil.TempFile() to ensure filepath generated is correct and not predictable.

InsecureIgnoreHostKey is used to accept any host key. It should not be used for production code.

Potential unescaped data in HTML template.

math/rand is much faster for applications that don’t need crypto-level or security-related random data generation. crypto/rand is suited for secure and crypto-ready usage, but it’s slower. But in most cases, crypto/rand is likely to be more suitable, unless the performance is critical but the application's security is not (which is rare).

A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder.

DES, RC4, MD5, and SHA1 are relatively weak encryption/hashing algorithms. Consider using a more secure alternative.

Insecure configuration of TLS connection settings. Refer to the occurrence to understand the exact misconfiguration.

The strength of public-key-based cryptographic algorithm (like RSA) is determined by the time that it takes to derive the private key by using brute-force methods. RSA claims that 1024-bit keys are likely to become crackable some time between 2006 and 2010 and that 2048-bit keys are sufficient until 2030.

Detects imports of crypto/md5 since they are considered vulnerable.

gRPC is designed to work with various authentication mechanisms, making it easy to use gRPC to talk to other systems. It is recommended to use the supported authentication mechanisms to shield against multiple types of attacks (e.g., MITM - Man in the Middle Attack).

XML specification allows the use of entities that can be internal or external (file system/network access, etc.) which could lead to vulnerabilities such as SSRF or confidential file disclosures. XML package (Go binding to libxml2) might be vulnerable to XXE attacks. When dealing with external entities, one must be very careful when using the package, allowing an attacker to access sensitive data on the filesystem.

Possible insecure use of logger because of tainted, untrusted, or sensitive arguments passed to the logger. Logging invalidated user input can allow an attacker to forge log entries or inject malicious content into the logs.