gorm-security
CommunityPrevent SQL injection in GORM code
Authorliurida
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Protect Go applications that use GORM from SQL injection and unsafe dynamic queries by enforcing parameterized arguments, input validation, and whitelist checks to avoid executing attacker-controlled SQL.
Core Features & Use Cases
- SQL injection prevention: Prescribe the use of parameter placeholders for all user-provided values and require numeric ID validation before use.
- Whitelist validation for non-escaped methods: Provide patterns and helper functions to safely handle Order, Table, Select, Group, Joins, Raw, Exec, and gorm.Expr usage.
- Audit and remediation guidance: Include a checklist and concrete code examples to find and fix vulnerable call sites during security reviews and CI checks.
- Use Case: During a security audit of a Go backend, identify occurrences of fmt.Sprintf-based queries, unvalidated Order or Table calls, and raw SQL usages, then replace them with parameterized queries or whitelist-validated helpers.
Quick Start
Run an audit of your Go codebase and replace any fmt.Sprintf or unvalidated Order/Table/Raw usages with parameterized queries and whitelist checks using the guidance in this skill.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: gorm-security Download link: https://github.com/liurida/gorm-development-skill/archive/main.zip#gorm-security Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.