dgryski.semgrep-go.json-writer.json-encoder-needs-type

dgryski

Author

581

Download Count*

MIT

License

calling json.Encode() on an http.ResponseWriter will set Content-Type text/plain

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: json-encoder-needs-type
    patterns:
      - pattern: |
          $ENC := json.NewEncoder(($W: http.ResponseWriter))
          ...
          $ENC.Encode(...)
      - pattern-not: |
          $ENC := json.NewEncoder(($W: http.ResponseWriter))
          ...
          $W.Header().Set("=~/Content-Type/i", "=~/application/json/")
          ...
          $ENC.Encode(...)
      - pattern-not-inside: |
          $W.Header().Set("=~/Content-Type/i", "=~/application/json/")
          ...
          $ENC := json.NewEncoder($W)
          ...
          $ENC.Encode(...)
      - pattern-not: |
          $ENC := json.NewEncoder(($W: http.ResponseWriter))
          ...
          $W.Header().Add("=~/Content-Type/i", "=~/application/json/")
          ...
          $ENC.Encode(...)
      - pattern-not-inside: |
          $W.Header().Add("=~/Content-Type/i", "=~/application/json/")
          ...
          $ENC := json.NewEncoder($W)
          ...
          $ENC.Encode(...)
    message: calling json.Encode() on an http.ResponseWriter will set Content-Type
      text/plain
    languages:
      - go
    severity: ERROR
    metadata:
      license: MIT

Short Link: https://sg.run/0Qdk