Docs/defensive-coding-guide
2
0
Fork 0
Code Issues 3 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Update modules/ROOT/pages/programming-languages/Go.adoc

Browse source 
rfc/remove markdown from code block
This commit is contained in:
Judy Kelly 2022-02-11 11:40:24 +00:00
parent 187fffcf68
commit b3795f9f72
1 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

24
modules/ROOT/pages/programming-languages/Go.adoc
View file

@ -137,12 +137,12 @@ There are also third-party libraries you can use when developing web apps in Go.
[source, go]
----
```golang
name := r.FormValue("name")
template := template.Must(template.ParseGlob("xss.html"))
data["Name"] = name
err := template.ExecuteTemplate(w, name, data)
```
----
=== 4. Protect yourself from SQL injections
@ -151,10 +151,10 @@ But, the most critical piece of code youd need to include is the use of param
[source, go]
----
```golang
customerName := r.URL.Query().Get("name")
db.Exec("UPDATE creditcards SET name=? WHERE customerId=?", customerName, 233, 90)
```
----
If using the db.Query() function instead, ensure you sanitize the users input first, as above.
@ -167,18 +167,18 @@ To secure in-transit connection in the system isnt only about the app listeni
[source, go]
----
```golang
w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
```
----
You might also want to specify the server name in the TLS configuration, like this:
[source, go]
----
```golang
config := &tls.Config{ServerName: "yourSiteOrServiceName"}
```
----
Of Note: Its always a good practice to implement in-transit encryption even if your application is only for internal communication. Imagine if, for some reason, an attacker could sniff your internal traffic. Whenever you can, its always best to raise the difficulty bar for possible future attackers.
@ -202,18 +202,18 @@ Here are some problems with using Cgo in your application:
Go doesnt have exceptions. This means that youd need to handle errors differently than with other languages. The standard looks like this:
[source, go]
----
```golang
if err != nil {
// handle the error
}
```
----
Also, Go offers a native library to work with logs. The most simple code is like this:
[source, go]
----
```golang
package main
import (
@ -223,7 +223,7 @@ import (
func main() {
log.Print("Logging in Go!")
}
```
----