GoHTTPServer

net/http.Server. ListenAndServe() without TLS is a finding in server configurations that should enforce HTTPS.

1 sink

Taint flow0 sources → 1 sink

Sinks — dangerous call

.ListenAndServe()Starts HTTP server without TLS

Sinks

— dangerous functions taint must not reach

.ListenAndServe()Sink

Signature

ListenAndServe() error

Starts HTTP server without TLS. Finding when used in production without HTTPS redirect.

.ListenAndServeTLS()Neutral

Signature

ListenAndServeTLS(certFile, keyFile string) error

Starts HTTPS server. Safe — preferred over ListenAndServe.

FQN	Field
net/http.Server	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoHTTPServer