facebook pixelGo Static Analysis Rules
BACK TO LIST

Go rules

Go is a very powerful language that makes you write performant code while having a lot of verification. Still, developers can make issues. Thankfully, the Codiga Static Code Analysis engine checks your Go code and flags the most important issues.

      G103

      Security
      High

      Use of unsafe calls should be audited.

      Learn more

      G304

      Best practice
      High

      Potential file inclusion via variable

      G306

      Security
      High

      Expect WriteFile permissions to be 0600 or less

      G307

      Security
      Medium

      Deferring unsafe method "Close" on type "*os.File"

      G401

      Security
      High

      Use of weak cryptographic primitive

      G402

      Best practice
      Critical

      TLS InsecureSkipVerify set true.

      G501

      Security
      High

      Blocklisted import crypto/md5: weak cryptographic primitive

      G204

      Security
      High

      Subprocess launched with variable

      G302

      Security
      High

      Expect file permissions to be 0600 or less

      SA1019

      Best practice
      High

      strings.Title has been deprecated since Go 1.18. Use golang.org/x/text/cases instead.

      SA4006

      Error prone
      Minor

      Value never used

      SA9008

      Error prone
      Medium

      Value refers to the result of a failed type assertion and is a zero value, not the value that was being type-asserted.

      ST1005

      Best practice
      Medium

      Error string should not be capitalized

      U1000

      Design
      Medium

      Unused field.

      S1005

      Best practice
      Medium

      Unnecessary assignment to the blank identifier

      G101

      Security
      Critical

      Hardcoded credentials

      G104

      Security
      High

      Audit errors not checked

      G107

      Security
      High

      Url provided to HTTP request as taint input

      G201

      Security
      Critical

      SQL query construction using format string/string concatenation

      G202

      Security
      Critical

      SQL query construction using format string/string concatenation

      G108

      Security
      Medium

      Profiling endpoint is automatically exposed on /debug/pprof

      G301

      Security
      High

      Expect directory permissions to be 0750 or less

      G505

      Best practice
      High

      Weak crypto primitive

      revive/exported

      Design
      Minor

      exported function should have comment or be unexported