tainted-url-host
$REQUEST
. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, potentially exposing sensitive data. It is recommend where possible to not allow user-input to craft the base request, but to be treated as part of the path or query parameter. When user-input is necessary to craft the request, it is recommended to follow OWASP best practices to prevent abuse, including using an allowlist.raw-html-format
html/template
package which will safely render HTML instead, or inspect that the HTML is rendered safely.tainted-sql-string
db.Query("SELECT * FROM t WHERE id = ?", id)
) or a safe library.open-redirect
$REQUEST
. This can lead to open redirect vulnerabilities, potentially allowing attackers to redirect users to malicious web sites. It is recommend where possible to not allow user-input to craft the redirect URL. When user-input is necessary to craft the request, it is recommended to follow OWASP best practices to restrict the URL to domains in an allowlist.