Héctor Hurtado Ruesga
Héctor Hurtado Ruesga
The cmd package doesn't manage correctly some error output as it goes to stdout instead to stderr. Probably is a misconfiguration of Cobra. The commands affected are get, set and...
Several options for each: Static analysis: Checkmarx (https://www.checkmarx.com/) Gosec GAS (http://github.com/GoASTScanner/gas) Go-staticcheck (https://github.com/dominikh/go-tools/tree/master/cmd/staticcheck) SonarQube (https://github.com/SonarSource/sonarqube) SideCi (https://sider.review) Dependency analysis: SideCi (https://sider.review) Nancy (https://github.com/sonatype-nexus-community/nancy) Snyk (https://snyk.io)
GO's implementation doesn't make any header key/value encoding validation. We need to add this validation.
We need to define how are we going to return the values associated to a param (/request/params/{name})
GO's current implemetation doesn't allow to set an arbitrary response status trough WriteHeader. We need a way by which circumvent this.
What should the behaviour be when an error occurs accesing the content of a file?
At this moment setResponseHeader adds values to the header with every call (a PUT). Should we use POST for this and PUT to overwrite?
At this moment setResponseCookie adds values to the cookie with every call (a PUT). Should we use POST for this and PUT to overwrite?
GO's implementation doesn't make any cookie key/value encoding validation. We need to add this validation.
The GO's implementation doesn't allow to decode form encoded data sent in a request with an arbitrary method and/or content type other than "application/x-www-form-urlencoded". This is needed for Kapow! semantic...