CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
      • Aws-lambda
      • Gin
      • Gorilla
        • Command-injection
        • Nosql
        • Path-traversal
        • Security
          • Audit
        • Sql
        • Ssrf
        • Xss
        • Xxe
      • Gorm
      • Grpc
      • Jwt-go
      • Lang
      • Net
      • Otto
      • Secrets
      • Template
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Security

Audit

session-cookie-missing-secure

A session cookie was detected without setting the ‘Secure’ flag. The ‘secure’ flag for cookies prevents the client from transmitting the cookie over insecure channels such as HTTP. Set the ‘Secure’ flag by setting ‘Secure’ to ‘true’ in the Options struct.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration

session-cookie-missing-httponly

A session cookie was detected without setting the ‘HttpOnly’ flag. The ‘HttpOnly’ flag for cookies instructs the browser to forbid client-side scripts from reading the cookie which mitigates XSS attacks. Set the ‘HttpOnly’ flag by setting ‘HttpOnly’ to ‘true’ in the Options struct.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration

websocket-missing-origin-check

The Origin header in the HTTP WebSocket handshake is used to guarantee that the connection accepted by the WebSocket is from a trusted origin domain. Failure to enforce can lead to Cross Site Request Forgery (CSRF). As per “gorilla/websocket” documentation: “A CheckOrigin function should carefully validate the request origin to prevent cross-site request forgery.”
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control

handler-assignment-from-multiple-sources

Variable VARisassignedfromtwodifferentsources:′VAR is assigned from two different sources: 'VARisassignedfromtwodifferentsources:′Y’ and ‘$R’. Make sure this is intended, as this could cause logic bugs if they are treated as they are the same object.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-289: Authentication Bypass by Alternate Name
Gorilla path traversal taintGorilla go vanillasql format string sqli taint med conf
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.