Support
Dashboard
Dashboard

Join Community

Start Here

What is CodeAnt?

Setup

Github
Bitbucket
Gitlab
Azure Devops

Pull Request Review

Features
Customize Review
Quality Gates
Integrations

Scan center

Code Security
Code Quality
Cloud Security
Engineering Productivity

Integrations

Jira
Test Coverage
CI/CD

IDE

Setup
Review
Enhancements

Rule Reference

Compliance
Anti-Patterns
Code Governance
Infrastructure Security Database
Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
  - Aws-lambda
  - Gin
  - Gorilla
  - Gorm
  - Grpc
  - Jwt-go
  - Lang
  - Net
  - Otto
  - Secrets
  - Template
    - Security
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml

Resources

Open Source
Blogs

Template

Security

go-insecure-templates

usage of insecure template types. They are documented as a security risk. See https://golang.org/pkg/html/template/#HTML.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection

go-ssti

A server-side template injection occurs when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side. When using “html/template” always check that user inputs are validated and sanitized before included within the template.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine

Ssh hardcoded secret Best practice

twitter linkedin

Powered by Mintlify

Assistant

Responses are generated using AI and may contain mistakes.