Go Gorm Plaintext Storage Of Password
Description
This detector identifies when passwords are stored in plaintext using GORM ORM operations in Go code. It flags database operations that insert or update password fields without proper hashing or encryption, which violates security best practices for credential storage.
Detection Strategy
• The detector first verifies that the GORM library (gorm.io/gorm) is imported in the Go code
• It then examines all method calls that end with GORM database operation patterns (like Create, Save, Update, etc.)
• For each GORM operation found, it analyzes the arguments passed to check if any contain unsafe password-related data
• A vulnerability is reported when a GORM database operation is called with arguments that appear to contain plaintext password values
Vulnerable code example
package main
import (
"net/http"
"gorm.io/gorm"
)
type User struct {...✅ Secure code example
package main
import (
"net/http"
"golang.org/x/crypto/bcrypt"
"gorm.io/gorm"
)...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.