Skip to content
unfault

go.gin.request_validation

Correctness High

Detects Gin handlers without request validation.

Why It Matters

Section titled “Why It Matters”

Missing request validation:

  • Invalid data — Malformed input causes errors
  • Security risks — Unvalidated input enables attacks
  • Poor UX — Users get cryptic errors

Example

Section titled “Example”
// ❌ Before (no validation)
func CreateUser(c *gin.Context) {
    var user User
    c.BindJSON(&user)  // No error handling!
    // process user...
}
// ✅ After (with validation)
type CreateUserRequest struct {
    Name  string `json:"name" binding:"required,min=1,max=100"`
    Email string `json:"email" binding:"required,email"`
}


func CreateUser(c *gin.Context) {
    var req CreateUserRequest
    if err := c.ShouldBindJSON(&req); err != nil {
        c.JSON(http.StatusBadRequest, gin.H{
            "error": err.Error(),
        })
        return
    }
    // process validated request...
}

What Unfault Detects

Section titled “What Unfault Detects”
  • BindJSON without error handling
  • Missing struct validation tags
  • Handlers without request binding

Auto-Fix

Section titled “Auto-Fix”

Unfault can add proper ShouldBind patterns with error handling.

Section titled “Related Rules”