Avoid relaying request-controlled data through outbound Go HTTP clients | Critiq Docs

#Metadata

Rule ID: go.security.sensitive-data-egress
Severity: high
Confidence: 0.78
Languages: go
Presets: security, strict
Stability: experimental
Applies to: block
Tags: egress, go, privacy, rules-catalog, security

#Why it matters

Tainted POST bodies can exfiltrate secrets, replay cookies, or forward attacker payloads to internal integrations.

#Remediation

Allowlist outbound hosts, strip secrets from relayed payloads, and route integrations through audited helpers.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/go/go.security.sensitive-data-egress.rule.yaml.

Back to directory Open rule in repository