Echo handlers should validate sensitive request bodies
Sensitive Echo binds should use struct tags or validators so mutations cannot accept empty or malformed credentials and roles.
#Metadata
#Why it matters
Regex-based heuristics flag Echo `Bind` usage when the file defines structs with sensitive fields that omit `validate` or `binding` style tags. This is intentionally conservative and may miss cross-file structs or middleware-protected routes.
#Remediation
Add `validate` tags, use Echo's binding helpers with explicit validation, or route through a hardened DTO layer.
#Repository path
The generated metadata points to critiq-rules/libs/rules/catalog/rules/go/go.security.echo-sensitive-binding-without-validation.rule.yaml.