Fiber handlers should validate sensitive request bodies | Critiq Docs

#Metadata

Rule ID: go.security.fiber-sensitive-binding-without-validation
Severity: medium
Confidence: 0.72
Languages: go
Presets: security, strict
Stability: experimental
Applies to: block
Tags: fiber, go, rules-catalog, security

#Why it matters

Regex heuristics flag `BodyParser`/`JSON` usage when structs in the same file define sensitive fields without `validate` or `binding` style tags.

#Remediation

Add `validate` struct tags, use Fiber validator middleware, or centralize DTO validation before business logic.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/go/go.security.fiber-sensitive-binding-without-validation.rule.yaml.

Back to directory Open rule in repository