Go
This article covers Go support and vulnerability detection for Mend SAST.
Mend SAST-supported Go file types
**Note: These extensions are marked as ‘Secondary’ file extensions.
They will only be scanned if at least one file with any of the other ‘Primary’ file extensions is present to identify the language as the relevant language.
File Type |
|---|
.go |
.golan** |
Mend SAST-supported Go frameworks
Framework |
|---|
Beego |
Echo |
Gin |
Gorilla |
Revel |
Mend SAST-supported Go vulnerability types
The Go vulnerability types detected by SAST are provided below and are organized by CWE ID within each of their identified severities.
Go high-severity vulnerability types
CWE | Vulnerability Type |
CWE-22 | Path/Directory Traversal |
CWE-73 | File Manipulation |
CWE-78 | Command Injection |
CWE-79 | Cross-Site Scripting |
CWE-89 | SQL Injection |
CWE-643 | XPath Injection |
CWE-732 | Insecure File Permissions |
CWE-732 | Insecure Directory Permissions |
CWE-918 | Server-Side Request Forgery |
Go medium-severity vulnerability types
CWE | Vulnerability Type |
CWE-90 | LDAP Injection |
CWE-244 | Heap Inspection |
CWE-295 | Insecure TLS Configuration |
CWE-322 | Insecure SSH Configuration |
CWE-338 | Weak Pseudo-Random |
CWE-377 | Tempfile Predictable Path |
CWE-400 | Sleep Denial of Service |
CWE-472 | Hidden HTML Input |
CWE-676 | Miscellaneous Dangerous Functions |
CWE-798 | Hardcoded Password/Credentials |
CWE-1327 | Insecure Interface Binding |
Go low-severity vulnerability types
CWE | Vulnerability Type |
CWE-20 | Cookie Injection |
CWE-113 | HTTP Header Injection |
CWE-117 | Log Forging |
CWE-326 | Weak Encryption Strength |
CWE-434 | File Upload |
CWE-601 | Unvalidated/Open Redirect |
CWE-916 | Weak Hash Strength |