# Business Logic Bypass

- ID: go-business-logic-bypass
- Severity: HIGH
- CWE: CWE-840 (CWE-840)
- Languages: Go
- Frameworks: gin, echo, fiber, chi, gorilla, net/http

## Description

Client-controlled financial values flow to payment operations without server-side calculation.

## Detection Message

Client-controlled value from {source} flows to {sink} without server-side calculation.

## Remediation

Fetch prices from the database instead of trusting client values.

```go
func checkout(c *gin.Context) {
    productID := c.PostForm("product_id")
    var product Product
    db.First(&product, productID)
    total := product.Price * float64(quantity)
    processPayment(total)
}
```

Learn more: https://shoulder.dev/learn/go/cwe-840/business-logic-bypass

## Documentation

[object Object]

## Related Rules

- **Business Logic Bypass** [HIGH]: 
- **Business Logic Bypass** [HIGH]: