Golang Snippet #05
Bookmarked!This challenge covers the review of a snippet of code written in Golang
In this challenge, you are provided with a Golang code snippet that contains a potential vulnerability. The main function maps the root path (/
) to an authentication handler, which checks user credentials passed through HTTP Basic Authentication. If the credentials don't match the expected values stored in environment variables, a 401 Unauthorized error is set. However, a critical issue arises because the code does not halt execution after setting the error, allowing unauthorized requests to proceed.
The video transcript thoroughly reviews the code, starting from the main function and moving through the auth
and check
functions. It highlights the omission of error handling in the BasicAuth
extraction and the lack of a return statement after setting the 401 error. This oversight can lead to unauthorized access despite the error message being sent to the user. The video also suggests improvements, such as using TLS to secure data transfer and ensuring that the password meets complexity requirements.