Audit

gorm-dangerous-method-usage

Detected usage of dangerous method

METHOD which does not escape inputs (see link in references). If the argument is user-controlled, this can lead to SQL injection. When using

METHOD function, do not trust user-submitted data and only allow approved list of input (possibly, use an allowlist approach).
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection

Libxml2 xxe taint Grpc http command injection taint

⌘I

Start Here

Setup

Pull Request Review

Scan center

Integrations

IDE

Rule Reference

Resources