gin
gin copied to clipboard
SAST coverity scan - Unsafe Basic authentication in auth.go
- With issues:
- Use the search tool before opening a new issue.
- Please provide source code and commit sha if you found a bug.
- Review existing issues and provide feedback or react to them.
Description
It's a simple SAST scan report which highlights security vulnerability:
How to reproduce
package main
import (
"github.com/gin-gonic/gin"
)
func main() {
g := gin.Default()
g.GET("/hello/:name", func(c *gin.Context) {
c.String(200, "Hello %s", c.Param("name"))
})
g.Run(":9000")
}
Expectations
$ curl http://localhost:8201/hello/world
Hello world
Actual result
$ curl -i http://localhost:8201/hello/world
<YOUR RESULT>
Environment
- go version:
- 1.17, Image source for golang: us-docker.pkg.dev/google.com/api-project-999119582588/go-boringcrypto/golang:1.17.11b7
- gin version (or commit ref): github.com/gin-gonic/gin v1.7.7
- operating system: