tainted-sql-from-http-request
connection.PreparedStatement
) or a safe library.tainted-html-response
Ok()
response. This bypasses any view or template environments, including HTML escaping, which may expose this application to cross-site scripting (XSS) vulnerabilities. Consider using a view technology such as Twirl which automatically escapes HTML views.twirl-html-var
Html()
or consider properly sanitizing input data.conf-csrf-headers-bypass
tainted-slick-sqli
webservice-ssrf
WSClient
most likely lead to SSRF. This could allow an attacker to send data to their own server, potentially exposing sensitive data sent with this request. They could also probe internal servers or other resources that the server runnig this code can access. Do not allow arbitrary hosts. Instead, create an allowlist for approved hosts hardcode the correct host.conf-insecure-cookie-settings