Go Security Rules

CWE-693 Protection Mechanism Failure 6 rules

Chi Missing Security Headers MEDIUM chi

Echo Missing Security Headers MEDIUM echo

Fiber Missing Security Headers MEDIUM fiber

Gin Missing Security Headers MEDIUM gin

Gorilla Missing Security Headers MEDIUM gorilla

Missing HTTP Security Headers MEDIUM gin echo fiber chi gorilla

CWE-307 CWE-307 5 rules

Missing Rate Limiting in Chi Router Application MEDIUM chi

Missing Rate Limiting in Echo Application MEDIUM echo

Missing Rate Limiting in Fiber Application MEDIUM fiber

Missing Rate Limiting in Gin Application MEDIUM gin

Missing Rate Limiting in Gorilla Mux Application MEDIUM gorilla

CWE-942 CWE-942 5 rules

Chi Permissive CORS MEDIUM chi

Echo Permissive CORS MEDIUM echo

Fiber Permissive CORS MEDIUM fiber

Gin Permissive CORS MEDIUM gin

Permissive CORS Configuration MEDIUM gin echo fiber chi gorilla

CWE-20 Improper Input Validation 4 rules

Business Logic Input Validation MEDIUM

Echo Missing Input Validation MEDIUM echo

Fiber Missing Input Validation MEDIUM fiber

Gin Missing Input Validation MEDIUM gin

CWE-200 Information Exposure 4 rules

Environment Variable Secret Exposure HIGH stdlib gin echo fiber chi

LLM Model Theft HIGH

LLM Sensitive Information Disclosure HIGH

Sensitive Field Exposure in API Response CRITICAL gin echo fiber chi gorilla net/http

CWE-362 Race Condition 4 rules

Concurrent Slice Access HIGH

Direct Map Access on Thread-Safe Struct HIGH

Potential Race Condition MEDIUM

WaitGroup Misuse HIGH

CWE-94 Code Injection 3 rules

Code Injection via os/exec CRITICAL

LLM Insecure Output Handling HIGH

Server-Side Template Injection CRITICAL

CWE-306 CWE-306 3 rules

Echo Missing JWT Middleware HIGH echo

Fiber Missing JWT Middleware HIGH fiber

Gin Missing JWT Middleware HIGH gin

CWE-319 CWE-319 3 rules

Echo Running Without TLS HIGH echo

Fiber Running Without TLS HIGH fiber

Gin Running Without TLS LOW gin

CWE-400 Resource Exhaustion 3 rules

LLM Denial of Service MEDIUM

Missing Request Size Limits MEDIUM

Denial of Service via Resource Exhaustion MEDIUM

CWE-489 CWE-489 3 rules

Echo Debug Mode in Production MEDIUM echo

Fiber Debug Mode in Production MEDIUM fiber

Gin Debug Mode in Production MEDIUM gin

CWE-639 Authorization Bypass Through User-Controlled Key 3 rules

Horizontal Privilege Escalation HIGH

Insecure Direct Object Reference (IDOR) HIGH

Potential IDOR - Generic Data Access MEDIUM gin echo fiber chi gorilla

CWE-22 Path Traversal 2 rules

Path Traversal via File Operations HIGH stdlib gin echo fiber chi gorilla

Zip Slip / Path Traversal in Archive HIGH

CWE-502 Deserialization of Untrusted Data 2 rules

Insecure Deserialization HIGH

LLM Training Data Poisoning HIGH

CWE-74 Injection 1 rules

AI Prompt Injection HIGH

CWE-78 OS Command Injection 1 rules

Command Injection via os/exec CRITICAL

CWE-89 SQL Injection 1 rules

SQL Injection via Database Queries CRITICAL stdlib gin echo fiber chi gorilla

CWE-90 LDAP Injection 1 rules

LDAP Injection HIGH

CWE-93 CWE-93 1 rules

Email Header Injection HIGH go gin echo fiber chi

CWE-113 HTTP Response Splitting 1 rules

HTTP Header Injection MEDIUM

CWE-117 Log Injection 1 rules

Log Injection / Log Forging MEDIUM stdlib gin echo fiber chi gorilla

CWE-176 CWE-176 1 rules

Unicode Normalization Security Issues MEDIUM stdlib gin echo fiber chi

CWE-190 CWE-190 1 rules

Integer Overflow via Unchecked Arithmetic MEDIUM stdlib gin echo fiber chi

CWE-201 CWE-201 1 rules

Credential Exfiltration via User-Controlled Endpoint CRITICAL stdlib gin echo fiber chi gorilla

CWE-209 Error Message Information Leak 1 rules

Database Error Information Exposure in HTTP Response MEDIUM stdlib gin echo fiber chi gorilla

CWE-252 Unchecked Return Value 1 rules

Unchecked Error Return Values MEDIUM

CWE-284 Improper Access Control 1 rules

LLM Insecure Plugin Design HIGH

CWE-295 Improper Certificate Validation 1 rules

Insecure TLS/SSL Configuration HIGH

CWE-327 Broken Cryptographic Algorithm 1 rules

Use of Weak Cryptographic Algorithm HIGH stdlib

CWE-330 CWE-330 1 rules

Non-deterministic Map Iteration MEDIUM

CWE-338 Weak PRNG 1 rules

Weak Random Number Generation for Security HIGH

CWE-347 Improper Signature Verification 1 rules

JWT Security Vulnerabilities HIGH

CWE-352 Cross-Site Request Forgery 1 rules

Missing CSRF Protection (Gin) HIGH gin

CWE-384 Session Fixation 1 rules

Insecure Session Management HIGH

CWE-391 CWE-391 1 rules

Empty Error Handling LOW

CWE-434 Unrestricted File Upload 1 rules

Unsafe File Upload HIGH

CWE-476 CWE-476 1 rules

Unsafe Type Assertion Without Ok Check MEDIUM

CWE-521 Weak Password Requirements 1 rules

Weak Password Policy MEDIUM

CWE-526 CWE-526 1 rules

Environment Variable Exposure HIGH

CWE-532 Information Exposure Through Logs 1 rules

Logging Sensitive Data MEDIUM

CWE-601 Open Redirect 1 rules

Open Redirect MEDIUM

CWE-611 XXE 1 rules

XML External Entity (XXE) Injection HIGH

CWE-636 CWE-636 1 rules

Failing Open on Error HIGH

CWE-640 Weak Password Recovery 1 rules

Weak Password Reset Token HIGH

CWE-667 CWE-667 1 rules

Mutex Misuse HIGH

CWE-755 CWE-755 1 rules

Incomplete Error Handling MEDIUM

CWE-798 Hardcoded Credentials 1 rules

Hardcoded Secrets in Source Code CRITICAL

CWE-829 Inclusion of Untrusted Functionality 1 rules

LLM Supply Chain Vulnerabilities HIGH

CWE-833 CWE-833 1 rules

Channel Misuse HIGH

CWE-840 CWE-840 1 rules

Business Logic Bypass HIGH gin echo fiber chi gorilla net/http

CWE-862 Missing Authorization 1 rules

LLM Excessive Agency HIGH

CWE-918 Server-Side Request Forgery 1 rules

Server-Side Request Forgery (SSRF) HIGH stdlib gin echo fiber chi gorilla

CWE-943 NoSQL Injection 1 rules

NoSQL Injection HIGH stdlib gin echo fiber chi

CWE-1333 ReDoS 1 rules

Regular Expression Denial of Service MEDIUM

Go Security Rules

Frameworks