facebook pixelCodiga Analysis Go Rules
BACK TO LIST

Go rules

Go is a very powerful language that makes you write performant code while having a lot of verification. Still, developers can make issues. Thankfully, the Codiga Static Code Analysis engine checks your Go code and flags the most important issues.

G103

Security
Error

Use of unsafe calls should be audited.

Learn more

G304

Best practice
Error

Potential file inclusion via variable

G306

Security
Error

Expect WriteFile permissions to be 0600 or less

G307

Security
Warning

Deferring unsafe method "Close" on type "*os.File"

G401

Security
Error

Use of weak cryptographic primitive

G402

Best practice
Critical

TLS InsecureSkipVerify set true.

G501

Security
Error

Blocklisted import crypto/md5: weak cryptographic primitive

G204

Security
Error

Subprocess launched with variable

G302

Security
Error

Expect file permissions to be 0600 or less

SA1019

Best practice
Error

strings.Title has been deprecated since Go 1.18. Use golang.org/x/text/cases instead.

SA4006

Error prone
Informational

Value never used

SA9008

Error prone
Warning

Value refers to the result of a failed type assertion and is a zero value, not the value that was being type-asserted.

ST1005

Best practice
Warning

Error string should not be capitalized

U1000

Design
Warning

Unused field.

S1005

Best practice
Warning

Unnecessary assignment to the blank identifier

G101

Security
Critical

Hardcoded credentials

G104

Security
Error

Audit errors not checked

G107

Security
Error

Url provided to HTTP request as taint input

G201

Security
Critical

SQL query construction using format string/string concatenation

G202

Security
Critical

SQL query construction using format string/string concatenation

G108

Security
Warning

Profiling endpoint is automatically exposed on /debug/pprof

G301

Security
Error

Expect directory permissions to be 0750 or less

G505

Best practice
Error

Weak crypto primitive

revive/exported

Design
Informational

exported function should have comment or be unexported

revive/var-declaration

Best practice
Warning

should omit type string from declaration of var

G502

Security
Error

Blocklisted import crypto/des: weak cryptographic primitive

G305

Security
Warning

File traversal when extracting zip/tar archive

revive/package-comments

Documentation
Informational

Packages should have comments.