logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

Inappropriate coding practices - Unused properties - Go

Need

Elimination of unused properties in the codebase

Context

  1. Usage of Go 1.16 for building high-performance and scalable applications
  2. Usage of gin-gonic/gin for building web applications in Go

Description

Insecure Code Example

package main

import (
	"github.com/gin-gonic/gin"
)

type User struct {
	Name       string
	Email      string
	UnusedProp string
}

func main() {
	r := gin.Default()
	r.GET("/user/:name", func(c *gin.Context) {
		name := c.Param("name")
		user := User{Name: name, Email: "test@test.com"}
		c.JSON(200, gin.H{
			"user": user.Name,
			"email": user.Email,
		})
	})
	r.Run()
}

In the above Go code, we have a User struct that defines three properties: Name, Email, and UnusedProp. However, in our main function, where we define a GET endpoint to retrieve a user by name, we only use the Name and Email properties of the User struct. The UnusedProp property is never used in our code, which adds unnecessary complexity to our application. Even though it doesn't directly hurt the performance of the application, it can potentially lead to confusion for other developers maintaining or enhancing the code, and can be a source of bugs if it's mistakenly used in the future. Moreover, from a resource perspective, each instance of the User struct will consume more memory than needed, which could have a substantial impact on the performance and resource usage of the application if we create a large number of User instances.

Steps

  1. Identify and remove any unused properties in the code.
  2. Review the codebase to ensure that all properties are being used appropriately.
  3. Consider refactoring the code to remove any unnecessary complexity.
  4. Test the application to ensure that it functions correctly after removing the unused properties.

Secure Code Example

package main

import (
	"github.com/gin-gonic/gin"
)

type User struct {
	Name  string
	Email string
}

func main() {
	r := gin.Default()
	r.GET("/user/:name", func(c *gin.Context) {
		name := c.Param("name")
		user := User{Name: name, Email: "test@test.com"}
		c.JSON(200, gin.H{
			"user": user.Name,
			"email": user.Email,
		})
	})
	r.Run()
}

The original code had a struct `User` with an unused property `UnusedProp`. This unused property was adding unnecessary complexity to the code and could potentially affect the overall performance of the application. In the fixed code, the `UnusedProp` property has been removed from the `User` struct. This simplifies the struct and ensures that there are no unused properties in the code. The rest of the code remains the same. The `main` function sets up a default gin router, defines a GET route `/user/:name`, and starts the server. The GET route handler function retrieves the `name` parameter from the route, creates a `User` with the retrieved `name` and a static email "test@test.com", and returns a JSON response with the `user` and `email`. After removing the unused property, it's important to test the application to ensure that it still functions as expected.

References

  • 391 - Inappropriate coding practices - Unused properties

    • Last updated

    2023/09/18