gin icon indicating copy to clipboard operation
gin copied to clipboard

Published 20 hours ago verified publisher icon gin-gonic

SAST coverity scan - Unsafe Basic authentication in auth.go

Open raghvendra-dixit opened this issue 1 year ago • 0 comments

  • With issues:
    • Use the search tool before opening a new issue.
    • Please provide source code and commit sha if you found a bug.
    • Review existing issues and provide feedback or react to them.

Description

It's a simple SAST scan report which highlights security vulnerability: image

How to reproduce

package main

import (
	"github.com/gin-gonic/gin"
)

func main() {
	g := gin.Default()
	g.GET("/hello/:name", func(c *gin.Context) {
		c.String(200, "Hello %s", c.Param("name"))
	})
	g.Run(":9000")
}

Expectations

$ curl http://localhost:8201/hello/world
Hello world

Actual result

$ curl -i http://localhost:8201/hello/world
<YOUR RESULT>

Environment

  • go version:
  • 1.17, Image source for golang: us-docker.pkg.dev/google.com/api-project-999119582588/go-boringcrypto/golang:1.17.11b7
  • gin version (or commit ref): github.com/gin-gonic/gin v1.7.7
  • operating system:

raghvendra-dixit avatar Aug 02 '22 17:08 raghvendra-dixit