facebook pixelGo Static Analysis Rules
BACK TO LIST

Go rules

Go is a very powerful language that makes you write performant code while having a lot of verification. Still, developers can make issues. Thankfully, the Codiga Static Code Analysis engine checks your Go code and flags the most important issues.

G103

Security
High

Use of unsafe calls should be audited.

Learn more

G304

Best practice
High

Potential file inclusion via variable

G306

Security
High

Expect WriteFile permissions to be 0600 or less

G307

Security
Medium

Deferring unsafe method "Close" on type "*os.File"

G401

Security
High

Use of weak cryptographic primitive

G402

Best practice
Critical

TLS InsecureSkipVerify set true.

G501

Security
High

Blocklisted import crypto/md5: weak cryptographic primitive

G204

Security
High

Subprocess launched with variable

G302

Security
High

Expect file permissions to be 0600 or less

SA1019

Best practice
High

strings.Title has been deprecated since Go 1.18. Use golang.org/x/text/cases instead.

SA4006

Error prone
Minor

Value never used

SA9008

Error prone
Medium

Value refers to the result of a failed type assertion and is a zero value, not the value that was being type-asserted.

ST1005

Best practice
Medium

Error string should not be capitalized

U1000

Design
Medium

Unused field.

S1005

Best practice
Medium

Unnecessary assignment to the blank identifier

G101

Security
Critical

Hardcoded credentials

G104

Security
High

Audit errors not checked

G107

Security
High

Url provided to HTTP request as taint input

G201

Security
Critical

SQL query construction using format string/string concatenation

G202

Security
Critical

SQL query construction using format string/string concatenation

G108

Security
Medium

Profiling endpoint is automatically exposed on /debug/pprof

G301

Security
High

Expect directory permissions to be 0750 or less

G505

Best practice
High

Weak crypto primitive

revive/exported

Design
Minor

exported function should have comment or be unexported

revive/var-declaration

Best practice
Medium

should omit type string from declaration of var

G502

Security
High

Blocklisted import crypto/des: weak cryptographic primitive

G305

Security
Medium

File traversal when extracting zip/tar archive