logo

Database

Inappropriate coding practices - Wildcard export

Need

Enforce explicit exports in coding practices

Context

• Usage of Go 1.15 for building high-performance and scalable applications

• Usage of gin-gonic/gin for building web applications in Go

Description

1. Non compliant code

package main

import (
	"github.com/gin-gonic/gin"
	_ "github.com/gin-gonic/gin/binding"
)

	r := gin.Default()...

In the above code snippet, the wildcard operator (_) is used in the import statement to import all the functions of the "github.com/gin-gonic/gin/binding" library. This is a bad coding practice because it can lead to the import of unnecessary functions which may not be used in the application, but still consume resources. Moreover, it makes the code harder to understand and maintain, as it's not clear which functions are actually being used from that library. It also increases the risk of naming conflicts, as the wildcard import may include functions with the same name as those in the current scope. Another risk is that if the library is updated and new functions are added, they will be imported automatically, potentially introducing breaking changes or new vulnerabilities into your code. To resolve this issue, you should avoid using wildcard imports and instead only import the specific functions you need.

2. Steps

• Avoid using wildcard export when importing libraries

• Explicitly import only the necessary functions from the library

• Remove the wildcard import statement

• Update the code to import the required functions individually

3. Secure code example

package main

import (
	"github.com/gin-gonic/gin"
)

func main() {
	r.Run()...

The original code had a wildcard import statement (`_ "github.com/gin-gonic/gin/binding"`), which is considered a bad practice. This wildcard import statement imports all the functions from the `binding` package of the `gin` library. This can lead to complications in the use and maintenance of the module. The fixed code removes the wildcard import statement. Now, only the necessary functions from the `gin` library are imported. This makes the code cleaner, easier to maintain, and less prone to errors or vulnerabilities. Remember, it's always a good practice to only import the functions that you need. This not only makes your code more efficient but also reduces the risk of introducing unnecessary vulnerabilities.