-
Notifications
You must be signed in to change notification settings - Fork 1
Home
The purpose of this wiki is to document all the best practices related to programming with go and go-kit .
Issue : hardcoded users and passwords
Description : sensitive information is hardcoded into the files which could be exploited by someone outside who has access to the code or modified to create a certain behavior
Solution : create env variables instead of hardcoding into the program files or adding them to configuration files
Suggestion : use the library https://github.com/caarlos0/env to retrieve env configuration
Issue : interface types defined in struct definition files Description : interface types are defined into the struct files that implement the interface exposing the expected behavior of the caller and making the implementation dependent of the struct file modification Solution : create interface types in the files who make use of this interfaces to avoid coupling of files Suggestion : create the interface as many times as needed in different files to avoid depending on one file definition
Issue : nil errors/values are not returned explicitly Description : if a validation of type err/val !=nil returns false and the return value of the function returns the err or val Solution : if err or val has already proven to be nil , return explicitly a "nil" instead of err or val named variable Suggestion : Always verify if a nil validation returns an explicit nil , in unit testing set nil explicitly as return value of a mock
Issue : sql inputs are not sanitized Description : sql inputs are not sanitized before used which can cause sql injection Solution : use a prepare statement Suggestion : use the defult db.prepare statement on each db call