@runsec/mcp 1.0.35 → 1.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. package/dist/data/.rag-cache.json +1 -0
  2. package/dist/data/skills/_exploit_overrides.json +16 -0
  3. package/dist/data/skills/advanced-agent-cloud/index.md +94 -0
  4. package/dist/data/skills/advanced-agent-cloud/patterns.md +46 -0
  5. package/dist/data/skills/advanced-agent-cloud/skill.json +38 -0
  6. package/dist/data/skills/app-logic/index.md +69 -0
  7. package/dist/data/skills/app-logic/patterns.md +23 -0
  8. package/dist/data/skills/app-logic/skill.json +24 -0
  9. package/dist/data/skills/auth-keycloak/index.md +69 -0
  10. package/dist/data/skills/auth-keycloak/patterns.md +46 -0
  11. package/dist/data/skills/auth-keycloak/skill.json +51 -0
  12. package/dist/data/skills/browser-agent/index.md +58 -0
  13. package/dist/data/skills/browser-agent/patterns.md +15 -0
  14. package/dist/data/skills/browser-agent/skill.json +24 -0
  15. package/dist/data/skills/cloud-secrets/index.md +66 -0
  16. package/dist/data/skills/cloud-secrets/patterns.md +19 -0
  17. package/dist/data/skills/cloud-secrets/skill.json +28 -0
  18. package/dist/data/skills/csharp-dotnet/index.md +103 -0
  19. package/dist/data/skills/csharp-dotnet/patterns.md +270 -0
  20. package/dist/data/skills/csharp-dotnet/skill.json +27 -0
  21. package/dist/data/skills/desktop-vsto-suite/index.md +202 -0
  22. package/dist/data/skills/desktop-vsto-suite/patterns.md +154 -0
  23. package/dist/data/skills/desktop-vsto-suite/skill.json +26 -0
  24. package/dist/data/skills/devops-security/index.md +64 -0
  25. package/dist/data/skills/devops-security/patterns.md +23 -0
  26. package/dist/data/skills/devops-security/skill.json +42 -0
  27. package/dist/data/skills/domain-access-management/index.md +123 -0
  28. package/dist/data/skills/domain-access-management/patterns.md +58 -0
  29. package/dist/data/skills/domain-access-management/skill.json +36 -0
  30. package/dist/data/skills/domain-data-privacy/index.md +98 -0
  31. package/dist/data/skills/domain-data-privacy/patterns.md +48 -0
  32. package/dist/data/skills/domain-data-privacy/skill.json +36 -0
  33. package/dist/data/skills/domain-input-validation/index.md +210 -0
  34. package/dist/data/skills/domain-input-validation/patterns.md +158 -0
  35. package/dist/data/skills/domain-input-validation/skill.json +24 -0
  36. package/dist/data/skills/domain-platform-hardening/index.md +169 -0
  37. package/dist/data/skills/domain-platform-hardening/patterns.md +96 -0
  38. package/dist/data/skills/domain-platform-hardening/skill.json +27 -0
  39. package/dist/data/skills/ds-ml-security/patterns.md +137 -0
  40. package/dist/data/skills/fastapi-async/index.md +83 -0
  41. package/dist/data/skills/fastapi-async/patterns.md +329 -0
  42. package/dist/data/skills/fastapi-async/skill.json +32 -0
  43. package/dist/data/skills/frontend-react/index.md +26 -0
  44. package/dist/data/skills/frontend-react/patterns.md +226 -0
  45. package/dist/data/skills/frontend-react/skill.json +24 -0
  46. package/dist/data/skills/go-core/index.md +86 -0
  47. package/dist/data/skills/go-core/patterns.md +272 -0
  48. package/dist/data/skills/go-core/skill.json +22 -0
  49. package/dist/data/skills/hft-cpp-security/patterns.md +37 -0
  50. package/dist/data/skills/index.md +73 -0
  51. package/dist/data/skills/infra-k8s-helm/index.md +138 -0
  52. package/dist/data/skills/infra-k8s-helm/patterns.md +279 -0
  53. package/dist/data/skills/infra-k8s-helm/skill.json +41 -0
  54. package/dist/data/skills/integration-security/index.md +73 -0
  55. package/dist/data/skills/integration-security/patterns.md +132 -0
  56. package/dist/data/skills/integration-security/skill.json +30 -0
  57. package/dist/data/skills/java-enterprise/index.md +31 -0
  58. package/dist/data/skills/java-enterprise/patterns.md +816 -0
  59. package/dist/data/skills/java-enterprise/skill.json +26 -0
  60. package/dist/data/skills/java-spring/index.md +65 -0
  61. package/dist/data/skills/java-spring/patterns.md +22 -0
  62. package/dist/data/skills/java-spring/skill.json +23 -0
  63. package/dist/data/skills/license-compliance/index.md +58 -0
  64. package/dist/data/skills/license-compliance/patterns.md +12 -0
  65. package/dist/data/skills/license-compliance/skill.json +28 -0
  66. package/dist/data/skills/mobile-security/patterns.md +42 -0
  67. package/dist/data/skills/nodejs-nestjs/index.md +71 -0
  68. package/dist/data/skills/nodejs-nestjs/patterns.md +288 -0
  69. package/dist/data/skills/nodejs-nestjs/skill.json +24 -0
  70. package/dist/data/skills/observability/index.md +68 -0
  71. package/dist/data/skills/observability/patterns.md +22 -0
  72. package/dist/data/skills/observability/skill.json +26 -0
  73. package/dist/data/skills/php-security/patterns.md +202 -0
  74. package/dist/data/skills/ru-regulatory/index.md +72 -0
  75. package/dist/data/skills/ru-regulatory/patterns.md +28 -0
  76. package/dist/data/skills/ru-regulatory/skill.json +53 -0
  77. package/dist/data/skills/ruby-rails/index.md +65 -0
  78. package/dist/data/skills/ruby-rails/patterns.md +172 -0
  79. package/dist/data/skills/ruby-rails/skill.json +24 -0
  80. package/dist/data/skills/rust-security/patterns.md +152 -0
  81. package/dist/data/trufflehog-config.yaml +407 -0
  82. package/dist/index.js +3766 -372
  83. package/package.json +1 -1
package/dist/data/skills/go-core/patterns.md ADDED
@@ -0,0 +1,272 @@
1
+ | ID | Название метрики | Anti-Pattern (Vulnerable Code/YAML) | Safe-Pattern (Remediation) | Stack | Источник fix_template | Exploit scenario |
2
+ |---|---|---|---|---|---|---|
3
+ | GO-001 | Command Injection: `exec.Command("sh","-c", userInput)` | `cmd := r.URL.Query().Get("cmd")`<br>`...`<br>`exec.Command("sh", "-c", cmd).Run()` | `action := r.URL.Query().Get("action")`<br>`allowed := map[string][]string{"uptime": {"uptime"}}`<br>`...`<br>`exec.Command(allowed[action][0]).Run()` | Go | `CWE-78` | `action := r.URL.Query().Get("action")` `allowed := map[string][]string{"uptime": {"uptime"}}` `...` `exec.Command(allowed[action][0]).Run()` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-001 command injection exec sh c userinput cmd r url query get run action allowed map string uptime 0 -->
4
+ | GO-002 | OS Exec Injection: `exec.Command("bash","-c",...)` с конкатенацией | `host := r.URL.Query().Get("host")`<br>`...`<br>`exec.Command("bash", "-c", "ping -c 1 "+host).Run()` | `host := r.URL.Query().Get("host")`<br>`if !hostRe.MatchString(host) { return }`<br>`...`<br>`exec.Command("ping", "-c", "1", host).Run()` | Go | `CWE-77` | `host := r.URL.Query().Get("host")` `if !hostRe.MatchString(host) { return }` `...` `exec.Command("ping", "-c", "1", host).Run()` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-002 os exec injection command bash c с конкатенацией host r url query get ping 1 run if hostre matchstring return -->
5
+ | GO-003 | Unsafe SQL Fragment Injection | `order := r.URL.Query().Get("order")`<br>`...`<br>`q := "SELECT * FROM users ORDER BY " + order` | `order := r.URL.Query().Get("order")`<br>`if order != "name" && order != "created_at" { order = "name" }`<br>`...`<br>`q := "SELECT * FROM users ORDER BY " + order` | Go | `CWE-74` | `order := r.URL.Query().Get("order")` `if order != "name" && order != "created_at" { order = "name" }` `...` `q := "SELECT * FROM users ORDER BY " + order` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-003 unsafe sql fragment injection order r url query get q select from users by if name created at -->
6
+ | GO-004 | Unsafe Reflection by Name | `m := r.URL.Query().Get("method")`<br>`...`<br>`reflect.ValueOf(handler).MethodByName(m).Call(nil)` | `m := r.URL.Query().Get("method")`<br>`if m != "Health" && m != "Status" { return }`<br>`...`<br>`reflect.ValueOf(handler).MethodByName(m).Call(nil)` | Go | `CWE-470` | `m := r.URL.Query().Get("method")` `if m != "Health" && m != "Status" { return }` `...` `reflect.ValueOf(handler).MethodByName(m).Call(nil)` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-004 unsafe reflection by name m r url query get method reflect valueof handler methodbyname call nil if health status return -->
7
+ | GO-005 | Plugin Loading from User Input | `name := r.URL.Query().Get("plugin")`<br>`...`<br>`plugin.Open(name)` | `name := r.URL.Query().Get("plugin")`<br>`if _, ok := allowedPlugins[name]; !ok { return }`<br>`...`<br>`plugin.Open(allowedPlugins[name])` | Go | `CWE-470` | `name := r.URL.Query().Get("plugin")` `if _, ok := allowedPlugins[name]; !ok { return }` `...` `plugin.Open(allowedPlugins[name])` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-005 plugin loading from user input name r url query get open if ok allowedplugins return -->
8
+ | GO-006 | JavaScript Injection via goja/otto eval | `script := r.FormValue("script")`<br>`...`<br>`vm.RunString(script)` | `cmd := r.FormValue("cmd")`<br>`if cmd != "normalize" { return }`<br>`...`<br>`vm.RunString("normalize(input)")` | Go | `CWE-95` | `cmd := r.FormValue("cmd")` `if cmd != "normalize" { return }` `...` `vm.RunString("normalize(input)")` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-006 javascript injection via goja otto eval script r formvalue vm runstring cmd if normalize return input -->
9
+ | GO-007 | Template Expression Injection | `tpl := r.FormValue("tpl")`<br>`...`<br>`template.Must(template.New("x").Parse(tpl))` | `name := r.FormValue("template")`<br>`if _, ok := safeTemplates[name]; !ok { return }`<br>`...`<br>`template.Must(template.ParseFiles(safeTemplates[name]))` | Go | `CWE-94` | `name := r.FormValue("template")` `if _, ok := safeTemplates[name]; !ok { return }` `...` `template.Must(template.ParseFiles(safeTemplates[name]))` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-007 template expression injection tpl r formvalue must new x parse name if ok safetemplates return parsefiles -->
10
+ | GO-008 | Unsafe Command Router from User Field | `tool := payload["tool"]`<br>`...`<br>`exec.Command(tool.(string)).Run()` | `tool := payload["tool"]`<br>`allowed := map[string][]string{"date": {"date"}}`<br>`if _, ok := allowed[tool.(string)]; !ok { return }`<br>`...`<br>`exec.Command(allowed[tool.(string)][0]).Run()` | Go | `CWE-78` | `tool := payload["tool"]` `allowed := map[string][]string{"date": {"date"}}` `if _, ok := allowed[tool.(string)]; !ok { return }` `...` `exec.Command(allowed[tool.(string)][0]).Run()` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-008 unsafe command router from user field tool payload exec string run allowed map date if ok return 0 -->
11
+ | GO-009 | Goroutine Leak: бесконечная goroutine без `context`-остановки | `go func() {`<br>` for {`<br>` ...`<br>` }`<br>`}()` | `go func(ctx context.Context) {`<br>` for {`<br>` select {`<br>` case <-ctx.Done():`<br>` return`<br>` default:`<br>` ...`<br>` }`<br>` }`<br>`}(ctx)` | Go | `CWE-400` | `go func(ctx context.Context) {` ` for {` ` select {` ` case <-ctx.Done():` ` return` ` default:` ` ...` ` }` ` }` `}(ctx)` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-009 goroutine leak бесконечная без context остановки go func for ctx select case done return default -->
12
+ | GO-010 | Path Traversal: небезопасный путь через `filepath.Join(root, userInput)` | `name := r.URL.Query().Get("file")`<br>`...`<br>`target := filepath.Join(root, name)` | `name := r.URL.Query().Get("file")`<br>`clean := filepath.Clean("/" + name)`<br>`target := filepath.Join(root, clean)`<br>`if !strings.HasPrefix(target, root) {`<br>` return`<br>`}` | Go | `CWE-22` | `name := r.URL.Query().Get("file")` `clean := filepath.Clean("/" + name)` `target := filepath.Join(root, clean)` `if !strings.HasPrefix(target, root) {` ` return` `}` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-010 path traversal небезопасный путь через filepath join root userinput name r url query get file target clean if strings hasprefix -->
13
+ | GO-011 | SSRF: прямой `http.Get(userInputURL)` | `url := r.URL.Query().Get("url")`<br>`...`<br>`resp, _ := http.Get(url)` | `url := r.URL.Query().Get("url")`<br>`host := parseHost(url)`<br>`allowed := map[string]bool{"api.example.com": true}`<br>`if !allowed[host] {`<br>` return`<br>`}`<br>`resp, _ := http.Get(url)` | Go | `CWE-918` | `url := r.URL.Query().Get("url")` `host := parseHost(url)` `allowed := map[string]bool{"api.example.com": true}` `if !allowed[host] {` ` return` `}` `resp, _ := http.Get(url)` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-011 ssrf прямой http get userinputurl url r query resp host parsehost allowed map string bool api example com true if -->
14
+ | GO-012 | Unsafe Pointer Conversion: арифметика через `unsafe.Pointer` | `var ptr unsafe.Pointer`<br>`...`<br>`ptr2 := unsafe.Pointer(uintptr(ptr) + offset)` | `buf := make([]byte, n)`<br>`...`<br>`_ = buf[offset:]`<br>`// avoid unsafe pointer arithmetic` | Go | `CWE-242` | `buf := make([]byte, n)` `...` `_ = buf[offset:]` `// avoid unsafe pointer arithmetic` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-012 unsafe pointer conversion арифметика через var ptr ptr2 uintptr offset buf make byte n avoid arithmetic -->
15
+ | GO-013 | Weak Crypto: использование MD5/SHA1 | `...`<br>`h := md5.New()`<br>`...`<br>`h2 := sha1.New()` | `...`<br>`h := sha256.New()` | Go | `CWE-327` | `...` `h := sha256.New()` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-013 weak crypto использование md5 sha1 h new h2 sha256 -->
16
+ | GO-014 | Open Redirect: redirect на URL из query без проверки | `next := r.URL.Query().Get("next")`<br>`...`<br>`http.Redirect(w, r, next, http.StatusFound)` | `next := r.URL.Query().Get("next")`<br>`if !isRelativeOrAllowed(next) {`<br>` next = "/"`<br>`}`<br>`http.Redirect(w, r, next, http.StatusFound)` | Go | `CWE-601` | `next := r.URL.Query().Get("next")` `if !isRelativeOrAllowed(next) {` ` next = "/"` `}` `http.Redirect(w, r, next, http.StatusFound)` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-014 open redirect на url из query без проверки next r get http w statusfound if isrelativeorallowed -->
17
+ | GO-015 | Log Injection: CR/LF в логах из пользовательского ввода | `userInput := r.URL.Query().Get("user")`<br>`...`<br>`log.Printf("User: %s", userInput)` | `userInput := r.URL.Query().Get("user")`<br>`safe := strings.NewReplacer("\\n", "\\\\n", "\\r", "\\\\r").Replace(userInput)`<br>`...`<br>`log.Printf("User: %s", safe)` | Go | `CWE-117` | `userInput := r.URL.Query().Get("user")` `safe := strings.NewReplacer("\\n", "\\\\n", "\\r", "\\\\r").Replace(userInput)` `...` `log.Printf("User: %s", safe)` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-015 log injection cr lf в логах из пользовательского ввода userinput r url query get user printf s strings newreplacer n -->
18
+ | GO-016 | Hardcoded Credentials: секреты в константах/строках | `const apiKey = "prod-api-key-12345"`<br>`...`<br>`token := "hardcoded-token"` | `apiKey := os.Getenv("API_KEY")`<br>`if apiKey == "" {`<br>` panic("missing API_KEY")`<br>`}` | Go | `CWE-798` | `apiKey := os.Getenv("API_KEY")` `if apiKey == "" {` ` panic("missing API_KEY")` `}` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-016 hardcoded credentials секреты в константах строках const apikey prod api key 12345 token os getenv if panic missing -->
19
+ | GO-017 | Data Race: запись в общую переменную без `Mutex` | `...`<br>`counter++`<br>`...`<br>`go func() {`<br>` counter = counter + 1`<br>`}()` | `...`<br>`mu.Lock()`<br>`counter = counter + 1`<br>`mu.Unlock()` | Go | `CWE-362` | `...` `mu.Lock()` `counter = counter + 1` `mu.Unlock()` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-017 data race запись в общую переменную без mutex counter go func 1 mu lock unlock -->
20
+ | GO-018 | JWT Signature Validation Bypass: отсутствие проверки `alg` в `Keyfunc` | `token, _ := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {`<br>` return key, nil`<br>`})` | `token, _ := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {`<br>` if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {`<br>` return nil, fmt.Errorf("unexpected signing method")`<br>` }`<br>` return key, nil`<br>`})` | Go | `CWE-287` | `token, _ := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {` ` if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {` ` return nil, fmt.Errorf("unexpected signing method")` ` }` ` return key, nil` `})` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-018 jwt signature validation bypass отсутствие проверки alg в keyfunc token parse tokenstring func interface error return key nil if ok -->
21
+ | GO-019 | DB Connection Leak: `db.Query` без `defer rows.Close()` | `rows, _ := db.Query(query)`<br>`...`<br>`for rows.Next() {`<br>` ...`<br>`}` | `rows, err := db.Query(query)`<br>`if err != nil {`<br>` return err`<br>`}`<br>`defer rows.Close()`<br>`...` | Go | `CWE-770` | `rows, err := db.Query(query)` `if err != nil {` ` return err` `}` `defer rows.Close()` `...` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-019 db connection leak query без defer rows close for next err if nil return -->
22
+ | GO-020 | Insecure TLS Config: `InsecureSkipVerify: true` | `tr := &http.Transport{`<br>` TLSClientConfig: &tls.Config{InsecureSkipVerify: true},`<br>`}` | `tr := &http.Transport{`<br>` TLSClientConfig: &tls.Config{InsecureSkipVerify: false},`<br>`}` | Go | `CWE-295` | `tr := &http.Transport{` ` TLSClientConfig: &tls.Config{InsecureSkipVerify: false},` `}` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-020 insecure tls config insecureskipverify true tr http transport tlsclientconfig false -->
23
+ | GO-021 | Unclosed File/Resource: `os.Open` без `defer Close()` | `f, _ := os.Open(path)`<br>`...`<br>`data, _ := io.ReadAll(f)` | `f, err := os.Open(path)`<br>`if err != nil {`<br>` return err`<br>`}`<br>`defer f.Close()`<br>`...` | Go | `CWE-404` | `f, err := os.Open(path)` `if err != nil {` ` return err` `}` `defer f.Close()` `...` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-021 unclosed file resource os open без defer close f path data io readall err if nil return -->
24
+ | GO-022 | Improper Output Encoding (XSS): небезопасный вывод пользовательского ввода | `name := r.URL.Query().Get("name")`<br>`...`<br>`fmt.Fprintf(w, name)` | `tmpl := template.Must(template.New("x").Parse("Hello {{.Name}}"))`<br>`...`<br>`tmpl.Execute(w, map[string]string{"Name": name})` | Go | `CWE-116` | `tmpl := template.Must(template.New("x").Parse("Hello {{.Name}}"))` `...` `tmpl.Execute(w, map[string]string{"Name": name})` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-022 improper output encoding xss небезопасный вывод пользовательского ввода name r url query get fmt fprintf w tmpl template must new -->
25
+ | GO-023 | Missing Request Body Limit: чтение тела без лимита | `body, _ := ioutil.ReadAll(r.Body)`<br>`...`<br>`_ = body` | `body, _ := io.ReadAll(io.LimitReader(r.Body, maxBytes))`<br>`...`<br>`_ = body` | Go | `CWE-20` | `body, _ := io.ReadAll(io.LimitReader(r.Body, maxBytes))` `...` `_ = body` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-023 missing request body limit чтение тела без лимита ioutil readall r io limitreader maxbytes -->
26
+ | GO-024 | Debug Endpoint in Production: подключен `pprof` без feature flag | `import _ "net/http/pprof"`<br>`...`<br>`http.ListenAndServe(":6060", nil)` | `if debugEnabled {`<br>` mux := http.NewServeMux()`<br>` ...`<br>` http.ListenAndServe("127.0.0.1:6060", mux)`<br>`}` | Go | `CWE-489` | `if debugEnabled {` ` mux := http.NewServeMux()` ` ...` ` http.ListenAndServe("127.0.0.1:6060", mux)` `}` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-024 debug endpoint production подключен pprof без feature flag import net http listenandserve 6060 nil if debugenabled mux newservemux 127 0 -->
27
+ | GO-025 | gRPC Missing Auth: RPC метод без проверки metadata/auth | `func (s *Server) Transfer(ctx context.Context, req *pb.TransferRequest) (*pb.TransferReply, error) {`<br>` ...`<br>` return s.svc.Transfer(ctx, req)`<br>`}` | `srv := grpc.NewServer(grpc.UnaryInterceptor(grpc_auth.UnaryServerInterceptor(authFunc)))`<br>`...`<br>`func authFunc(ctx context.Context) (context.Context, error) {`<br>` md, _ := metadata.FromIncomingContext(ctx)`<br>` ...`<br>` return ctx, nil`<br>`}` | Go | `CWE-285` | `srv := grpc.NewServer(grpc.UnaryInterceptor(grpc_auth.UnaryServerInterceptor(authFunc)))` `...` `func authFunc(ctx context.Context) (context.Context, error) {` ` md, _ := metadata.FromIncomingContext(ctx)` ` ...` ` return ctx, nil` `}` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-025 grpc missing auth rpc метод без проверки metadata func s server transfer ctx context req pb transferrequest transferreply error return -->
28
+ | GO-026 | Zip Slip: распаковка архива без проверки пути назначения | `for _, f := range zipReader.File {`<br>` ...`<br>` targetPath := filepath.Join(dest, f.Name)`<br>` writeFile(targetPath, f)`<br>`}` | `for _, f := range zipReader.File {`<br>` targetPath := filepath.Join(dest, f.Name)`<br>` clean := filepath.Clean(targetPath)`<br>` if !strings.HasPrefix(clean, filepath.Clean(dest)+string(os.PathSeparator)) {`<br>` return fmt.Errorf("zip slip detected")`<br>` }`<br>` writeFile(clean, f)`<br>`}` | Go | `CWE-22` | `for _, f := range zipReader.File {` ` targetPath := filepath.Join(dest, f.Name)` ` clean := filepath.Clean(targetPath)` ` if !strings.HasPrefix(clean, filepath.Clean(dest)+string(os.PathSeparator)) {` ` return fmt.Errorf("zip slip detected")` ` }` ` writeFile(clean, f)` `}` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-026 zip slip распаковка архива без проверки пути назначения for f range zipreader file targetpath filepath join dest name writefile clean -->
29
+ | GO-027 | HTTP Proxy Header Injection: прямой прокси hop-by-hop заголовков | `proxy := &httputil.ReverseProxy{`<br>` Director: func(req *http.Request) {`<br>` ...`<br>` req.Header = r.Header`<br>` },`<br>`}` | `proxy := &httputil.ReverseProxy{`<br>` Director: func(req *http.Request) {`<br>` ...`<br>` req.Header = cloneAllowedHeaders(r.Header)`<br>` stripHopByHop(req.Header)`<br>` },`<br>`}` | Go | `CWE-444` | `proxy := &httputil.ReverseProxy{` ` Director: func(req *http.Request) {` ` ...` ` req.Header = cloneAllowedHeaders(r.Header)` ` stripHopByHop(req.Header)` ` },` `}` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-027 http proxy header injection прямой прокси hop by заголовков httputil reverseproxy director func req request r cloneallowedheaders striphopbyhop -->
30
+ | GO-028 | Unsafe Reflect-based Deep Copy: рекурсивный `reflect` без type-guard | `func DeepCopy(dst, src interface{}) {`<br>` ...`<br>` reflect.ValueOf(dst).Elem().Set(reflect.ValueOf(src).Elem())`<br>`}` | `func CopyMessage(msg proto.Message) proto.Message {`<br>` ...`<br>` return proto.Clone(msg)`<br>`}` | Go | `CWE-20` | `func CopyMessage(msg proto.Message) proto.Message {` ` ...` ` return proto.Clone(msg)` `}` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-028 unsafe reflect based deep copy рекурсивный без type guard func deepcopy dst src interface valueof elem set copymessage msg proto -->
31
+ | GO-029 | Hardcoded Root CAs: встроенные PEM в `tls.Config` | `const rootPEM = "-----BEGIN CERTIFICATE-----..."`<br>`...`<br>`pool.AppendCertsFromPEM([]byte(rootPEM))` | `pem, err := os.ReadFile("/etc/ssl/certs/internal-ca.pem")`<br>`...`<br>`pool.AppendCertsFromPEM(pem)` | Go | `CWE-295` | `pem, err := os.ReadFile("/etc/ssl/certs/internal-ca.pem")` `...` `pool.AppendCertsFromPEM(pem)` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-029 hardcoded root cas встроенные pem в tls config const rootpem begin certificate pool appendcertsfrompem byte err os readfile etc ssl -->
32
+ | GO-030 | gRPC Message Size Limit Missing: сервер без `MaxRecvMsgSize` | `srv := grpc.NewServer()`<br>`...`<br>`pb.RegisterApiServer(srv, api)` | `srv := grpc.NewServer(grpc.MaxRecvMsgSize(4*1024*1024))`<br>`...`<br>`pb.RegisterApiServer(srv, api)` | Go | `CWE-770` | `srv := grpc.NewServer(grpc.MaxRecvMsgSize(4*1024*1024))` `...` `pb.RegisterApiServer(srv, api)` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-030 grpc message size limit missing сервер без maxrecvmsgsize srv newserver pb registerapiserver api 4 1024 -->
33
+ | GO-031 | Insecure Randomness: `math/rand` для токенов/секретов | `b := make([]byte, 32)`<br>`...`<br>`for i := range b {`<br>` b[i] = byte(rand.Intn(256))`<br>`}` | `b := make([]byte, 32)`<br>`...`<br>`if _, err := cryptorand.Read(b); err != nil {`<br>` return err`<br>`}` | Go | `CWE-327` | `b := make([]byte, 32)` `...` `if _, err := cryptorand.Read(b); err != nil {` ` return err` `}` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-031 insecure randomness math rand для токенов секретов b make byte 32 for i range intn 256 if err cryptorand read -->
34
+ | GO-032 | Unbounded JSON Unmarshal: парсинг тела запроса без ограничения размера | `raw, _ := io.ReadAll(r.Body)`<br>`...`<br>`json.Unmarshal(raw, &payload)` | `raw, _ := io.ReadAll(io.LimitReader(r.Body, maxBytes))`<br>`...`<br>`json.Unmarshal(raw, &payload)` | Go | `CWE-400` | `raw, _ := io.ReadAll(io.LimitReader(r.Body, maxBytes))` `...` `json.Unmarshal(raw, &payload)` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-032 unbounded json unmarshal парсинг тела запроса без ограничения размера raw io readall r body payload limitreader maxbytes -->
35
+ | GO-033 | GORM Raw SQL Injection: конкатенация в `.Where()`/`.Raw()` | `name := r.URL.Query().Get("name")`<br>`...`<br>`db.Where("name = '" + name + "'").Find(&users)`<br>`...`<br>`db.Raw("SELECT * FROM users WHERE name = '" + name + "'").Scan(&users)` | `name := r.URL.Query().Get("name")`<br>`...`<br>`db.Where("name = ?", name).Find(&users)`<br>`...`<br>`db.Raw("SELECT * FROM users WHERE name = ?", name).Scan(&users)` | Go | `CWE-89` | `name := r.URL.Query().Get("name")` `...` `db.Where("name = ?", name).Find(&users)` `...` `db.Raw("SELECT * FROM users WHERE name = ?", name).Scan(&users)` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-033 gorm raw sql injection конкатенация в where name r url query get db find users select from scan -->
36
+ | GO-034 | Bypassing XSS protection via `template.HTML` | `input := r.URL.Query().Get("html")`<br>`...`<br>`unsafeHTML := template.HTML(input)`<br>`fmt.Fprint(w, unsafeHTML)` | `input := r.URL.Query().Get("html")`<br>`tmpl := template.Must(template.New("x").Parse("{{.Content}}"))`<br>`...`<br>`tmpl.Execute(w, map[string]string{"Content": input})` | Go | `CWE-79` | `input := r.URL.Query().Get("html")` `tmpl := template.Must(template.New("x").Parse("{{.Content}}"))` `...` `tmpl.Execute(w, map[string]string{"Content": input})` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-034 bypassing xss protection via template html input r url query get unsafehtml fmt fprint w tmpl must new x parse -->
37
+ | GO-035 | Sensitive Info Leak in Error Messages | `err := someInternalError`<br>`...`<br>`return fmt.Errorf("db=%s secret=%s path=%s", dsn, apiKey, filePath)` | `err := someInternalError`<br>`...`<br>`log.Printf("internal error: %v", err)`<br>`return errors.New("internal server error")` | Go | `CWE-209` | `err := someInternalError` `...` `log.Printf("internal error: %v", err)` `return errors.New("internal server error")` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-035 sensitive info leak error messages err someinternalerror return fmt errorf db s secret path dsn apikey filepath log printf internal -->
38
+ | GO-036 | Unsafe CGO Buffer: указатели в C без валидации буфера | `...`<br>`ptr := unsafe.Pointer(uintptr(cptr) + offset)`<br>`C.process(ptr)` | `buf := []byte(input)`<br>`cbuf := C.CBytes(buf)`<br>`defer C.free(cbuf)`<br>`...`<br>`C.process(cbuf)` | Go | `CWE-119` | `buf := []byte(input)` `cbuf := C.CBytes(buf)` `defer C.free(cbuf)` `...` `C.process(cbuf)` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-036 unsafe cgo buffer указатели в c без валидации буфера ptr pointer uintptr cptr offset process buf byte input cbuf cbytes -->
39
+ | GO-037 | Prototype Pollution / Map Assignment: копирование JSON-ключей без валидации | `for k, v := range incomingMap {`<br>` targetMap[k] = v`<br>`}` | `allowed := map[string]bool{"name": true, "email": true}`<br>`for k, v := range incomingMap {`<br>` if allowed[k] {`<br>` targetMap[k] = v`<br>` }`<br>`}` | Go | `CWE-915` | `allowed := map[string]bool{"name": true, "email": true}` `for k, v := range incomingMap {` ` if allowed[k] {` ` targetMap[k] = v` ` }` `}` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-037 prototype pollution map assignment копирование json ключей без валидации for k v range incomingmap targetmap allowed string bool name true -->
40
+ | GO-038 | Improper XML Entity Handling: парсер с дефолтными внешними сущностями | `xmlParser := customxml.NewParser()`<br>`...`<br>`xmlParser.Parse(rawXML)` | `xmlParser := customxml.NewParser()`<br>`...`<br>`xmlParser.DisableExternalEntities(true)`<br>`xmlParser.Parse(rawXML)` | Go | `CWE-611` | `xmlParser := customxml.NewParser()` `...` `xmlParser.DisableExternalEntities(true)` `xmlParser.Parse(rawXML)` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-038 improper xml entity handling парсер с дефолтными внешними сущностями xmlparser customxml newparser parse rawxml disableexternalentities true -->
41
+ | GO-039 | Regex DoS (ReDoS): сложный regex на длинном пользовательском вводе | `re := regexp.MustCompile(userRegex)`<br>`...`<br>`re.MatchString(longUserInput)` | `if len(longUserInput) > 2048 {`<br>` return`<br>`}`<br>`re := regexp.MustCompile(userRegex)`<br>`...`<br>`re.MatchString(longUserInput)` | Go | `CWE-400` | `if len(longUserInput) > 2048 {` ` return` `}` `re := regexp.MustCompile(userRegex)` `...` `re.MatchString(longUserInput)` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-039 regex dos redos сложный на длинном пользовательском вводе re regexp mustcompile userregex matchstring longuserinput if len 2048 return -->
42
+ | GO-040 | Hardcoded JWT Secret: ключ подписи зашит в коде | `jwtKey := []byte("my-secret-key")` | `jwtKey := []byte(os.Getenv("JWT_SECRET"))`<br>`if len(jwtKey) == 0 {`<br>` panic("missing JWT_SECRET")`<br>`}` | Go | `CWE-798` | `jwtKey := []byte(os.Getenv("JWT_SECRET"))` `if len(jwtKey) == 0 {` ` panic("missing JWT_SECRET")` `}` | Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия. | <!-- semantic_anchor: go-040 hardcoded jwt secret ключ подписи зашит в коде jwtkey byte my key os getenv if len 0 panic missing -->
43
+ | GO-041 | GraphQL: Missing query depth limit enables recursive DoS | `schema.Exec(ctx, queryFromClient, vars)` | `if depthAnalyzer.MaxDepth(queryFromClient) > 8 { return errDepthExceeded }`<br>`schema.Exec(ctx, queryFromClient, vars)` | Go/GraphQL | `CWE-400` | GraphQL query depth must be capped and enforced before execution. |
44
+ | GO-042 | GraphQL: Circular fragment recursion not detected | `result := gql.Exec(ctx, query)` | `if hasCircularFragments(query) { return errBadQuery }`<br>`result := gql.Exec(ctx, query)` | Go/GraphQL | `CWE-674` | Reject circular fragment references before resolver execution. |
45
+ | GO-043 | GraphQL: Missing field-level AuthZ in resolver | `func (r *Resolver) Account(ctx context.Context, id string) *Account { return repo.Get(id) }` | `func (r *Resolver) Account(ctx context.Context, id string) *Account { authz.Require(ctx, "account:read", id); return repo.GetOwned(ctx, id) }` | Go/GraphQL | `CWE-285` | Enforce object and field-level authorization in every resolver path. |
46
+ | GO-044 | GraphQL: Introspection enabled in production for untrusted clients | `srv := handler.NewDefaultServer(schema)` | `srv := handler.New(schema)`<br>`srv.Use(disableIntrospectionInProd())` | Go/GraphQL | `CWE-200` | Disable introspection for non-admin traffic in production. |
47
+ | GO-045 | GraphQL: Unbounded complexity score causes CPU exhaustion | `schema.Exec(ctx, query, vars)` | `score := complexityScore(query)`<br>`if score > 500 { return errTooComplex }`<br>`schema.Exec(ctx, query, vars)` | Go/GraphQL | `CWE-400` | Apply max complexity budget per request and tenant. |
48
+ | GO-046 | gRPC stream deadlock via bidirectional channel misuse (Logic: strong) | `for { in,_:=stream.Recv(); out <- in; stream.Send(<-out) }` | `ctx,cancel := context.WithTimeout(stream.Context(), 5*time.Second)`<br>`defer cancel()`<br>`select { case out <- in: case <-ctx.Done(): return ctx.Err() }` | Go/gRPC | `CWE-833` | Prevent stream deadlocks using timeout, bounded buffers, and non-blocking select. |
49
+ | GO-047 | gRPC unauthenticated metadata reflection endpoint | `func (s *Srv) Reflect(ctx context.Context, req *pb.ReflectReq) (*pb.ReflectResp, error) { return s.reflect(req), nil }` | `func (s *Srv) Reflect(ctx context.Context, req *pb.ReflectReq) (*pb.ReflectResp, error) { if !hasScope(ctx, "grpc:reflect") { return nil, status.Error(codes.PermissionDenied, "forbidden") }; return s.reflect(req), nil }` | Go/gRPC | `CWE-306` | Protect reflection and admin metadata services with explicit auth scopes. |
50
+ | GO-048 | gRPC missing protobuf payload size guard | `srv := grpc.NewServer()` | `srv := grpc.NewServer(grpc.MaxRecvMsgSize(2*1024*1024), grpc.MaxSendMsgSize(2*1024*1024))` | Go/gRPC | `CWE-770` | Set strict protobuf message size limits server-side. |
51
+ | GO-049 | gRPC metadata spoofing via trusted x-user-id header | `uid := md["x-user-id"][0]` | `uid := verifiedPrincipalFromMTLS(ctx)`<br>`if uid == "" { return status.Error(codes.Unauthenticated,"unauthenticated") }` | Go/gRPC | `CWE-290` | Derive identity from verified token/mTLS, never from caller-supplied metadata. |
52
+ | GO-050 | gRPC interceptor chain allows unauthenticated fallback | `grpc.NewServer(grpc.UnaryInterceptor(loggingOnly))` | `grpc.NewServer(grpc.ChainUnaryInterceptor(authn, authz, audit, logging))` | Go/gRPC | `CWE-306` | Ensure auth interceptors run before business handlers. |
53
+ | GO-051 | GraphQL DataLoader cache shared across tenants | `loader := globalLoader` | `loader := newTenantLoader(tenantFromCtx(ctx))` | Go/GraphQL | `CWE-639` | Isolate cache keys by tenant and subject context. |
54
+ | GO-052 | GraphQL subscription lacks connection-level auth revalidation | `return pubsub.Subscribe(topic)` | `principal := authn.FromWSContext(ctx); authz.RequireWS(principal, topic); return pubsub.Subscribe(topic)` | Go/GraphQL | `CWE-287` | Revalidate authorization on subscription establish and renew events. |
55
+ | GO-053 | GraphQL alias amplification bypasses resolver quotas | `schema.Exec(ctx, query)` | `if aliasCount(query) > 30 { return errTooManyAliases }`<br>`schema.Exec(ctx, query)` | Go/GraphQL | `CWE-770` | Cap alias count to stop fan-out abuse in single request. |
56
+ | GO-054 | Protobuf Any deserialization accepts arbitrary type URLs | `proto.Unmarshal(b, &a)` | `allowed := map[string]bool{"type.googleapis.com/payments.v1.Transfer":true}`<br>`if !allowed[a.TypeUrl] { return errTypeDenied }` | Go/gRPC | `CWE-502` | Allowlist `Any.type_url` before unmarshal/dispatch. |
57
+ | GO-055 | gRPC stream handler leaks goroutines on client disconnect | `go consume(stream)` | `ctx := stream.Context(); go func(){ defer wg.Done(); consumeWithContext(ctx, stream) }()` | Go/gRPC | `CWE-400` | Bind stream workers to context cancellation and cleanup. |
58
+ | GO-056 | Financial ledger update race in concurrent transfer (Logic: strong) | `if bal[from] >= amt { bal[from]-=amt; bal[to]+=amt }` | `tx := ledger.BeginSerializable()`<br>`defer tx.Close()`<br>`ledger.TransferWithRowLock(tx, from, to, amt)` | Go/Finance Logic | `CWE-362` | Enforce serializable transaction and row locking for monetary mutations. |
59
+ | GO-057 | TOCTOU race in idempotency key check for payouts (Logic: strong) | `if !seen(key) { mark(key); pay() }` | `ok := idemRepo.ReserveAtomically(key)`<br>`if !ok { return errDuplicate }`<br>`pay()` | Go/Finance Logic | `CWE-367` | Use atomic reservation to prevent duplicate payout execution. |
60
+ | GO-058 | GraphQL persisted query cache poisoning across environments | `cache.Set(hash, query)` | `cache.Set(env+":"+tenant+":"+hash, query)`<br>`if !sha256Matches(hash, query) { return errBadHash }` | Go/GraphQL | `CWE-349` | Namespace persisted-query cache and verify hash integrity. |
61
+ | GO-059 | gRPC deadline ignored causing worker pool exhaustion | `res,err := svc.Call(ctx,req)` | `ctx, cancel := context.WithTimeout(ctx, 2*time.Second)`<br>`defer cancel()`<br>`res,err := svc.Call(ctx,req)` | Go/gRPC | `CWE-400` | Propagate and enforce deadlines in all downstream calls. |
62
+ | GO-060 | gRPC reflection service exposed on public listener | `reflection.Register(grpcServer)` | `if cfg.EnableReflection && cfg.AdminListenerOnly { reflection.Register(adminGrpcServer) }` | Go/gRPC | `CWE-200` | Expose reflection only on trusted admin interface. |
63
+ | GOX-101 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
64
+ | GOX-102 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
65
+ | GOX-103 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
66
+ | GOX-104 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
67
+ | GOX-105 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
68
+ | GOX-106 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
69
+ | GOX-107 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
70
+ | GOX-108 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
71
+ | GOX-109 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
72
+ | GOX-110 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
73
+ | GOX-111 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
74
+ | GOX-112 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
75
+ | GOX-113 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
76
+ | GOX-114 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
77
+ | GOX-115 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
78
+ | GOX-116 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
79
+ | GOX-117 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
80
+ | GOX-118 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
81
+ | GOX-119 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
82
+ | GOX-120 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
83
+ | GOX-121 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
84
+ | GOX-122 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
85
+ | GOX-123 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
86
+ | GOX-124 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
87
+ | GOX-125 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
88
+ | GOX-126 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
89
+ | GOX-127 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
90
+ | GOX-128 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
91
+ | GOX-129 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
92
+ | GOX-130 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
93
+ | GOX-131 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
94
+ | GOX-132 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
95
+ | GOX-133 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
96
+ | GOX-134 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
97
+ | GOX-135 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
98
+ | GOX-136 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
99
+ | GOX-137 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
100
+ | GOX-138 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
101
+ | GOX-139 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
102
+ | GOX-140 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
103
+ | GOX-141 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
104
+ | GOX-142 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
105
+ | GOX-143 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
106
+ | GOX-144 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
107
+ | GOX-145 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
108
+ | GOX-146 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
109
+ | GOX-147 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
110
+ | GOX-148 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
111
+ | GOX-149 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
112
+ | GOX-150 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
113
+ | GOX-151 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
114
+ | GOX-152 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
115
+ | GOX-153 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
116
+ | GOX-154 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
117
+ | GOX-155 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
118
+ | GOX-156 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
119
+ | GOX-157 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
120
+ | GOX-158 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
121
+ | GOX-159 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
122
+ | GOX-160 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
123
+ | GOX-161 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
124
+ | GOX-162 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
125
+ | GOX-163 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
126
+ | GOX-164 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
127
+ | GOX-165 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
128
+ | GOX-166 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
129
+ | GOX-167 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
130
+ | GOX-168 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
131
+ | GOX-169 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
132
+ | GOX-170 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
133
+ | GOX-171 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
134
+ | GOX-172 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
135
+ | GOX-173 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
136
+ | GOX-174 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
137
+ | GOX-175 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
138
+ | GOX-176 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
139
+ | GOX-177 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
140
+ | GOX-178 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
141
+ | GOX-179 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
142
+ | GOX-180 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
143
+ | GOX-181 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
144
+ | GOX-182 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
145
+ | GOX-183 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
146
+ | GOX-184 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
147
+ | GOX-185 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
148
+ | GOX-186 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
149
+ | GOX-187 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
150
+ | GOX-188 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
151
+ | GOX-189 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
152
+ | GOX-190 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
153
+ | GOX-191 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
154
+ | GOX-192 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
155
+ | GOX-193 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
156
+ | GOX-194 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
157
+ | GOX-195 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
158
+ | GOX-196 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
159
+ | GOX-197 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
160
+ | GOX-198 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
161
+ | GOX-199 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
162
+ | GOX-200 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
163
+ | GOX-201 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
164
+ | GOX-202 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
165
+ | GOX-203 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
166
+ | GOX-204 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
167
+ | GOX-205 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
168
+ | GOX-206 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
169
+ | GOX-207 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
170
+ | GOX-208 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
171
+ | GOX-209 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
172
+ | GOX-210 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
173
+ | GOX-211 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
174
+ | GOX-212 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
175
+ | GOX-213 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
176
+ | GOX-214 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
177
+ | GOX-215 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
178
+ | GOX-216 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
179
+ | GOX-217 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
180
+ | GOX-218 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
181
+ | GOX-219 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
182
+ | GOX-220 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
183
+ | GOX-221 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
184
+ | GOX-222 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
185
+ | GOX-223 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
186
+ | GOX-224 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
187
+ | GOX-225 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
188
+ | GOX-226 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
189
+ | GOX-227 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
190
+ | GOX-228 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
191
+ | GOX-229 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
192
+ | GOX-230 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
193
+ | GOX-231 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
194
+ | GOX-232 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
195
+ | GOX-233 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
196
+ | GOX-234 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
197
+ | GOX-235 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
198
+ | GOX-236 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
199
+ | GOX-237 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
200
+ | GOX-238 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
201
+ | GOX-239 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
202
+ | GOX-240 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
203
+ | GOX-241 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
204
+ | GOX-242 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
205
+ | GOX-243 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
206
+ | GOX-244 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
207
+ | GOX-245 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
208
+ | GOX-246 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
209
+ | GOX-247 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
210
+ | GOX-248 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
211
+ | GOX-249 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
212
+ | GOX-250 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
213
+ | GOX-251 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
214
+ | GOX-252 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
215
+ | GOX-253 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
216
+ | GOX-254 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
217
+ | GOX-255 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
218
+ | GOX-256 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
219
+ | GOX-257 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
220
+ | GOX-258 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
221
+ | GOX-259 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
222
+ | GOX-260 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
223
+ | GOX-261 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
224
+ | GOX-262 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
225
+ | GOX-263 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
226
+ | GOX-264 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
227
+ | GOX-265 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
228
+ | GOX-266 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
229
+ | GOX-267 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
230
+ | GOX-268 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
231
+ | GOX-269 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
232
+ | GOX-270 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
233
+ | GOX-271 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
234
+ | GOX-272 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
235
+ | GOX-273 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
236
+ | GOX-274 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
237
+ | GOX-275 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
238
+ | GOX-276 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
239
+ | GOX-277 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
240
+ | GOX-278 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
241
+ | GOX-279 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
242
+ | GOX-280 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
243
+ | GOX-281 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
244
+ | GOX-282 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
245
+ | GOX-283 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
246
+ | GOX-284 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
247
+ | GOX-285 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
248
+ | GOX-286 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
249
+ | GOX-287 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
250
+ | GOX-288 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
251
+ | GOX-289 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
252
+ | GOX-290 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
253
+ | GOX-291 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
254
+ | GOX-292 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
255
+ | GOX-293 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
256
+ | GOX-294 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
257
+ | GOX-295 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
258
+ | GOX-296 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
259
+ | GOX-297 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
260
+ | GOX-298 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
261
+ | GOX-299 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
262
+ | GOX-300 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
263
+ | GOX-301 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
264
+ | GOX-302 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
265
+ | GOX-303 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
266
+ | GOX-304 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
267
+ | GOX-305 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
268
+ | GOX-306 | Mutex missing around shared state in goroutine (CWE-662) | `go func(){ sharedCounter++ }()` | `go func(){ mu.Lock(); sharedCounter++; mu.Unlock() }()` | Go | CWE-662 | Autofix: wrap shared state writes with mutex lock and unlock. | Concurrent writes produce inconsistent state and race-driven bypasses. |
269
+ | GOX-307 | Interface nil dereference in auth handler flow | `repo.GetUser(ctx, id)` | `if repo == nil { return }` | Go | CWE-476 | Autofix: add nil guard for interface dependencies before method calls. | Nil interface panic causes request crash and availability impact. |
270
+ | GOX-308 | Go BOLA: tenant object fetched by request id only (Logic: strong) | `orderID := r.URL.Query().Get("id")` | `orderID := ownedOrderID(ctx, r.URL.Query().Get("id"))` | Go | CWE-639 | Autofix: enforce tenant-bound ID resolver before object access. | Cross-tenant object read is possible when IDs are not ownership-scoped. |
271
+ | GOX-309 | Go mass assignment from JSON map into struct (Logic: strong) | `for k, v := range payload { applyField(&user, k, v) }` | `for _, k := range []string{"display_name","lang"} { applyField(&user, k, payload[k]) }` | Go | CWE-915 | Autofix: map only trusted keys instead of arbitrary payload map iteration. | Untrusted keys can alter privilege-related fields. |
272
+ | GOX-310 | Missing WaitGroup accounting leaks goroutines | `go worker(task)` | `wg.Add(1); go func(){ defer wg.Done(); worker(task) }()` | Go | CWE-667 | Autofix: add WaitGroup lifecycle around spawned goroutines. | Untracked goroutines leak resources and produce non-deterministic behavior. |
package/dist/data/skills/go-core/skill.json ADDED
@@ -0,0 +1,22 @@
1
+ {
2
+ "skill_id": "go-core",
3
+ "name": "Go Core Security",
4
+ "activation_triggers": [
5
+ "go-nethttp-ssrf",
6
+ "go-grpc-auth",
7
+ "go-goroutine-leak",
8
+ "go-unsafe-pointer"
9
+ ],
10
+ "relevant_extensions": [
11
+ ".go",
12
+ ".mod"
13
+ ],
14
+ "tools": [
15
+ "semgrep",
16
+ "syft",
17
+ "trufflehog"
18
+ ],
19
+ "rules_path": "core/skills/go-core/patterns.md",
20
+ "few_shot_examples": "core/gold-standard-testbed/multi_lang_vulnerable/go_vulnerable.go",
21
+ "security_priority": 5
22
+ }
package/dist/data/skills/hft-cpp-security/patterns.md ADDED
@@ -0,0 +1,37 @@
1
+ | ID | Название метрики | Anti-Pattern (Vulnerable Code/YAML) | Safe-Pattern (Remediation) | Stack | Источник fix_template | Exploit scenario |
2
+ |---|---|---|---|---|---|---|
3
+ | HFT-001 | Buffer overflow via strcpy in order parser | `strcpy(buf, input)` | use bounded copy (`strncpy_s`/`std::array` + size checks) | HFT C++ Security | CWE-119 | Prevent overwrite in low-latency parsing path. |
4
+ | HFT-002 | Buffer overflow via sprintf in hot loop | `sprintf(dst,"%s",src)` | use `snprintf` with explicit size | HFT C++ Security | CWE-120 | Bound formatted writes in critical loops. |
5
+ | HFT-003 | Use-after-free on order object reuse | access pointer after `delete` | use smart pointers / lifetime ownership model | HFT C++ Security | CWE-416 | Prevent stale pointer dereference. |
6
+ | HFT-004 | Double free on exception path | `delete p; ... delete p;` | RAII ownership and nullptr reset guards | HFT C++ Security | CWE-415 | Avoid memory corruption by double free. |
7
+ | HFT-005 | Integer overflow in price*volume | `int64_t notional = price * volume;` unchecked | checked arithmetic / widened type with overflow guard | HFT C++ Security | CWE-190 | Prevent financial logic corruption. |
8
+ | HFT-006 | Signed/unsigned mismatch in bounds checks | compare signed index to unsigned size | normalize types and validate range pre-cast | HFT C++ Security | CWE-190 | Avoid bypassed bounds logic. |
9
+ | HFT-007 | Out-of-bounds access in ring buffer | `buf[head++]` without wrap guard | modulo-safe indexing and capacity assertions | HFT C++ Security | CWE-787 | Preserve memory safety in lock-free queues. |
10
+ | HFT-008 | Unchecked memcpy length from network packet | `memcpy(dst, pkt, len)` | validate `len <= sizeof(dst)` before copy | HFT C++ Security | CWE-120 | Block packet-driven memory overwrite. |
11
+ | HFT-009 | Format string vulnerability in logging | `printf(userFmt)` | fixed format strings with escaped input | HFT C++ Security | CWE-134 | Prevent arbitrary memory disclosure/write. |
12
+ | HFT-010 | Heap allocation without failure handling in hot path | `new T(...)` unchecked | nothrow/allocator guards with fallback path | HFT C++ Security | CWE-703 | Keep engine stable under memory pressure. |
13
+ | HFT-011 | Missing null checks after map lookup pointer use | dereference optional pointer directly | check pointer/optional presence before use | HFT C++ Security | CWE-476 | Avoid crashes and undefined behavior. |
14
+ | HFT-012 | Race condition on shared order book state | mutable shared map without sync | lock-free design with atomic ownership or mutex discipline | HFT C++ Security | CWE-362 | Prevent inconsistent market state. |
15
+ | HFT-013 | ABA issue in lock-free stack/queue | CAS without ABA protection | tagged pointers/hazard pointers/epoch GC | HFT C++ Security | CWE-367 | Prevent stale CAS success conditions. |
16
+ | HFT-014 | Missing memory fence in producer-consumer queue | relaxed ops for publication | correct acquire-release ordering | HFT C++ Security | CWE-362 | Ensure visibility and ordering correctness. |
17
+ | HFT-015 | Dangling reference capture in async callback | lambda captures local by reference | capture by value or ownership-managed context | HFT C++ Security | CWE-416 | Prevent use-after-scope. |
18
+ | HFT-016 | Unsafe reinterpret_cast for protocol structs | cast unaligned packet buffer to struct | parse fields explicitly with bounds checks | HFT C++ Security | CWE-704 | Avoid UB and misparsed data. |
19
+ | HFT-017 | Fixed-size char arrays for symbol fields without truncation checks | write symbol blindly | validate length and enforce null termination | HFT C++ Security | CWE-120 | Prevent symbol parsing overflow. |
20
+ | HFT-018 | Insecure C string concatenation in risk rule builder | `strcat(rule, input)` | bounded append with explicit remaining capacity | HFT C++ Security | CWE-120 | Avoid overflow in dynamic rule composition. |
21
+ | HFT-019 | Missing timeout on market data socket reads | blocking read forever | set recv timeouts + heartbeat watchdog | HFT C++ Security | CWE-400 | Prevent thread/resource starvation. |
22
+ | HFT-020 | File descriptor leak in reconnect loop | open sockets/files without close on retry | RAII wrappers and deterministic close on all paths | HFT C++ Security | CWE-772 | Prevent FD exhaustion under churn. |
23
+ | HFT-021 | Unbounded retry loop on exchange gateway errors | `while(true) reconnect()` | bounded retries + jitter + circuit breaker | HFT C++ Security | CWE-400 | Avoid self-inflicted DoS. |
24
+ | HFT-022 | Unsafe deserialization of binary snapshots | trust snapshot blob layout blindly | versioned schema + checksum + bounds validation | HFT C++ Security | CWE-502 | Stop malformed snapshot exploitation. |
25
+ | HFT-023 | Missing authentication on admin command channel | plain command socket without auth | mTLS + signed command envelopes | HFT C++ Security | CWE-306 | Protect privileged runtime controls. |
26
+ | HFT-024 | Hardcoded credentials in market adapter | API keys in source constants | secure vault retrieval + ephemeral tokens | HFT C++ Security | CWE-798 | Remove embedded secrets from binaries. |
27
+ | HFT-025 | Integer truncation converting notional to int32 | cast large value to narrow type | explicit range checks before narrowing cast | HFT C++ Security | CWE-197 | Preserve financial precision/integrity. |
28
+ | HFT-026 | Overflow in timestamp arithmetic | `ts + latency_ns` unchecked | saturated arithmetic / overflow-safe helper | HFT C++ Security | CWE-190 | Prevent time drift and ordering faults. |
29
+ | HFT-027 | Missing input validation on protocol enum values | switch without default reject | strict enum validation with reject path | HFT C++ Security | CWE-20 | Block malformed protocol messages. |
30
+ | HFT-028 | Uninitialized memory used in message serialization | stack buffer partially filled | zero-init buffers before serialization | HFT C++ Security | CWE-457 | Prevent data leak and nondeterminism. |
31
+ | HFT-029 | Shared memory segment permissions too broad | world-readable/writable shm | least-privilege shm permissions and ownership | HFT C++ Security | CWE-732 | Protect interprocess market data integrity. |
32
+ | HFT-030 | Insecure random for session/order IDs | `rand()`/`std::mt19937` for security ids | CSPRNG for auth/session identifiers | HFT C++ Security | CWE-330 | Prevent identifier prediction attacks. |
33
+ | HFT-031 | Missing bounds checks in FIX tag parser | parse tag length from input unchecked | enforce max tag/value lengths | HFT C++ Security | CWE-130 | Defend against malformed FIX payloads. |
34
+ | HFT-032 | Unsafe temporary file usage for snapshots | predictable temp filename | secure temp creation and restricted permissions | HFT C++ Security | CWE-377 | Prevent temp file race/tampering. |
35
+ | HFT-033 | Exposure of sensitive config via debug dumps | dumps keys/endpoints in logs | redact secrets and restrict debug in prod | HFT C++ Security | CWE-532 | Reduce operational information leakage. |
36
+ | HFT-034 | Missing crypto-agility in transport ciphers config | fixed outdated cipher list | policy-driven cipher suite selection | HFT C++ Security | CWE-327 | Enable controlled crypto migration. |
37
+ | HFT-035 | Zeroization missing for in-memory private keys | key buffers persist after use | explicit secure memory wipe after operations | HFT C++ Security | CWE-1037 | Minimize secret retention in memory. |