Go Secure Coding
Secure coding practices for Go applications.
SQL Injection Prevention
1// β Vulnerable
2username := r.FormValue("username")
3query := fmt.Sprintf("SELECT * FROM users WHERE username = '%s'", username)
4db.Query(query)
5
6// β
Secure
7username := r.FormValue("username")
8query := "SELECT * FROM users WHERE username = $1"
9db.Query(query, username)
Command Injection Prevention
1// β Vulnerable
2filename := r.FormValue("file")
3cmd := exec.Command("sh", "-c", "cat "+filename)
4output, _ := cmd.Output()
5
6// β
Secure
7filename := r.FormValue("file")
8if !regexp.MustCompile(`^[a-zA-Z0-9_.-]+$`).MatchString(filename) {
9 return errors.New("invalid filename")
10}
11cmd := exec.Command("cat", filename)
12output, err := cmd.Output()
XSS Prevention
1// β Vulnerable
2func handler(w http.ResponseWriter, r *http.Request) {
3 query := r.URL.Query().Get("q")
4 fmt.Fprintf(w, "<h1>Results: %s</h1>", query)
5}
6
7// β
Secure: Use html/template
8import "html/template"
9
10func handler(w http.ResponseWriter, r *http.Request) {
11 query := r.URL.Query().Get("q")
12 tmpl := template.Must(template.New("search").Parse("<h1>Results: {{.}}</h1>"))
13 tmpl.Execute(w, query)
14}
Secure Password Hashing
1// β Insecure
2import "crypto/md5"
3hash := md5.Sum([]byte(password))
4
5// β
Secure
6import "golang.org/x/crypto/bcrypt"
7
8hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
9err = bcrypt.CompareHashAndPassword(hashedPassword, []byte(password))
Secure Random Generation
1// β Insecure
2import "math/rand"
3token := make([]byte, 32)
4rand.Read(token)
5
6// β
Secure
7import "crypto/rand"
8token := make([]byte, 32)
9_, err := rand.Read(token)
Related Snippets
- C/C++ Code Smells
Common code smells in C/C++ and how to fix them. Memory Leaks 1// β Bad 2void β¦ - C/C++ Secure Coding
Secure coding practices for C/C++ applications. Buffer Overflow Prevention 1// β β¦ - C/C++ Vulnerability Checks
Tools for checking vulnerabilities in C/C++ code. Valgrind 1# Install 2sudo apt β¦ - Common Antipatterns
Common software antipatterns to avoid across all languages and architectures. β¦ - Common Code Smells
Common code smells to watch for during code reviews with examples and fixes. β¦ - Developer Pre-Submission Checklist
Comprehensive checklist for developers before submitting a pull request. Code β¦ - Go Code Smells
Common code smells in Go and how to fix them. Ignoring Errors 1// β Bad 2result, β¦ - Go Vulnerability Checks
Tools for checking vulnerabilities in Go code. Govulncheck 1# Install 2go β¦ - Haskell Code Smells
Common code smells in Haskell and how to fix them. Partial Functions 1-- β Bad: β¦ - Haskell Secure Coding
Secure coding practices for Haskell applications. SQL Injection Prevention 1-- β β¦ - Haskell Vulnerability Checks
Tools for checking vulnerabilities in Haskell code. Cabal Outdated 1# Check β¦ - Python Code Smells
Common code smells in Python and how to fix them. Mutable Default Arguments 1# β β¦ - Python Secure Coding
Secure coding practices for Python applications. SQL Injection Prevention 1# β β¦ - Python Vulnerability Checks
Tools for checking vulnerabilities in Python code. Safety - Dependency Scanner β¦ - Reviewer Checklist
Comprehensive checklist for code reviewers to ensure thorough and constructive β¦ - Rust Code Smells
Common code smells in Rust and how to fix them. Unwrap/Expect Abuse 1// β Bad β¦ - Rust Secure Coding
Secure coding practices for Rust applications. SQL Injection Prevention 1// β β¦ - Rust Vulnerability Checks
Tools for checking vulnerabilities in Rust code. Cargo Audit 1# Install 2cargo β¦ - TypeScript Code Smells
Common code smells in TypeScript and how to fix them. Using any 1// β Bad β¦ - TypeScript Secure Coding
Secure coding practices for TypeScript applications. XSS Prevention 1// β β¦ - TypeScript Vulnerability Checks
Tools for checking vulnerabilities in TypeScript/JavaScript code. npm audit 1# β¦