sdk/golang/Web Frameworks/GoEchoContext

GoEchoContext

Represents echo.Context in the Echo HTTP framework (v4). Provides typed accessors for all parts of the HTTP request. All input methods are taint sources.

4 sources1 sink

Taint flow4 sources → 1 sink

Sources — untrusted input

.QueryParam()Returns URL query parameter value by name

.FormValue()Returns POST form value

.Param()Returns URL path parameter value

.Bind()Deserializes request body into i based on Content-Type

→

taint

Sinks — dangerous call

.Redirect()Redirects to url

Sources

— user-controlled input enters here

.QueryParam()Source

Signature

QueryParam(name string) string

Returns URL query parameter value by name.

tracks:return

.FormValue()Source

Signature

FormValue(name string) string

Returns POST form value. Reads application/x-www-form-urlencoded or multipart/form-data.

tracks:return

.Param()Source

Signature

Param(name string) string

Returns URL path parameter value.

tracks:return

.Bind()Source

Signature

Bind(i any) error

Deserializes request body into i based on Content-Type. i becomes tainted.

tracks:0

Sinks

— dangerous functions taint must not reach

.Redirect()Sink

Signature

Redirect(code int, url string) error

Redirects to url. Sink for open-redirect.

tracks:1

Fully-Qualified Names

FQN	Field
github.com/labstack/echo/v4.Context	fqns[0]
*.Context	patterns

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

go.mod

require github.com/labstack/echo/v4 v4.11.4

rule.py

from codepathfinder.go_rule import GoEchoContext

Rules Using This Class

GO-SEC-001 GO-SEC-002 GO-SSRF-001

← PreviousGoChiRouter

Next →GoFiberCtx