.svg){kind=logo}
Mend SAST-supported Go file types
|
File Type |
|---|
|
.go |
|
.golan * |
* Note: These extensions are marked as ‘Secondary’ file extensions.
They will only be scanned if at least one file with any of the other ‘Primary’ file extensions is present to identify the language as the relevant language.
Mend SAST-supported Go frameworks
|
Framework |
|---|
|
net/http |
|
gin |
|
echo |
|
fiber |
|
chi |
|
gorilla/mux |
|
httprouter |
|
beego |
|
iris |
|
buffalo |
|
fasthttp |
|
revel |
|
graphql-go |
Mend SAST-supported Go vulnerability types
The Go vulnerability types detected by SAST are provided below and are organized by CWE ID within each of their identified severities.
Go high-severity vulnerability types
|
CWE |
Vulnerability Type |
Low Probability Impact |
|
CWE-22 |
Path/Directory Traversal |
|
|
CWE-78 |
Command Injection |
|
|
CWE-79 |
Cross-Site Scripting |
|
|
CWE-89 |
SQL Injection |
|
|
CWE-643 |
XPath Injection |
|
|
CWE-918 |
Server-Side Request Forgery |
|
|
CWE-943 |
No-SQL Injection |
|
Go medium-severity vulnerability types
|
CWE |
Vulnerability Type |
Low Probability Impact |
|
CWE-90 |
LDAP Injection |
|
|
CWE-295 |
Insecure TLS Configuration |
|
|
CWE-322 |
Insecure SSH Configuration |
|
|
CWE-327 |
Weak Crypto |
|
|
CWE-328 |
Weak Hash |
|
|
CWE-347 |
Improper Signature Verification |
|
|
CWE-377 |
Insecure Temporary File |
|
|
CWE-400 |
Sleep Denial of Service |
|
|
CWE-798 |
Hardcoded Password/Credentials |
|
|
CWE-1333 |
ReDoS |
|
Go low-severity vulnerability types
|
CWE |
Vulnerability Type |
Low Probability Impact |
|
CWE-20 |
Mail Relay |
|
|
CWE-20 |
Cookie Injection |
|
|
CWE-117 |
Log Injection |
|
|
CWE-242 |
Dangerous Function |
|
|
CWE-326 |
Weak Encryption Strength |
|
|
CWE-601 |
Open Redirect |
|
|
CWE-614 |
Sensitive Cookie Without 'Secure' |
|
|
CWE-1004 |
Sensitive Cookie Without 'HttpOnly' |
|