Documentation
¶
Index ¶
- func EscapeHTML(s string) string
- func EscapeJS(s string) string
- func EscapeSQLString(input string) string
- func IsSafeQuery(expr ast.Expr) bool
- func RequiresHTMLEscape(expr ast.Expr) bool
- func SanitizeSQL(input string) string
- func StripSQLComments(input string) string
- func SuggestHTMLEscape(expr ast.Expr) string
- type SQLInjectionDetector
- type SecurityWarning
- type XSSDetector
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EscapeHTML ¶
EscapeHTML escapes HTML special characters using the standard library.
func EscapeJS ¶
EscapeJS escapes characters for JavaScript context. Replacements are applied in a fixed order: backslash first to avoid double-escaping, then all other characters.
func EscapeSQLString ¶ added in v0.5.0
EscapeSQLString performs basic escaping of a string value for SQL contexts. WARNING: This is NOT a security measure. Always use parameterized queries ($1, $2 placeholders) for user-provided values. This function only escapes single quotes for contexts where parameterized queries are not available (e.g., identifiers). It does NOT protect against SQL injection.
func IsSafeQuery ¶
IsSafeQuery checks if a query expression is safe from SQL injection
func RequiresHTMLEscape ¶
RequiresHTMLEscape checks if an expression requires HTML escaping
func SanitizeSQL ¶
SanitizeSQL is deprecated. Use parameterized queries instead. Deprecated: This function provides a false sense of security. Use EscapeSQLString for non-security escaping, or preferably use parameterized queries.
func StripSQLComments ¶ added in v0.5.0
StripSQLComments removes SQL comments and escapes single quotes. WARNING: This is NOT a security measure against SQL injection. Always use parameterized queries for user-supplied values. This function only strips comments and performs basic escaping.
func SuggestHTMLEscape ¶
SuggestHTMLEscape generates a suggestion for HTML escaping
Types ¶
type SQLInjectionDetector ¶
type SQLInjectionDetector struct {
// contains filtered or unexported fields
}
SQLInjectionDetector detects potential SQL injection vulnerabilities
func NewSQLInjectionDetector ¶
func NewSQLInjectionDetector() *SQLInjectionDetector
NewSQLInjectionDetector creates a new SQL injection detector
func (*SQLInjectionDetector) DetectInRoute ¶
func (d *SQLInjectionDetector) DetectInRoute(route *ast.Route) []SecurityWarning
DetectInRoute analyzes a route for SQL injection vulnerabilities
type SecurityWarning ¶
type SecurityWarning struct {
Type string // "XSS", "SQL_INJECTION", etc.
Severity string // "HIGH", "MEDIUM", "LOW", "CRITICAL"
Message string
Location string
Suggestion string
UnsafeCode string // For SQL injection context
Expr ast.Expr // For XSS context (can be nil)
}
SecurityWarning represents a security issue found in code
func DetectXSS ¶
func DetectXSS(expr ast.Expr) []SecurityWarning
DetectXSS analyzes an expression for XSS vulnerabilities
type XSSDetector ¶
type XSSDetector struct {
// contains filtered or unexported fields
}
XSSDetector detects Cross-Site Scripting vulnerabilities
Source Files