Unmarshal Tag is Dash
Description
Struct field can be decoded with the `-` key because the JSON tag starts with a `-` but is followed by a comma, potentially leading to encoding errors.
Examples
Insecure Code
go
type T struct { X string `json:"- ,key"` }Secure Code
go
type T struct { X string `json:"-key"` }Remediation
Remove the comma after the `-` in the JSON tag to prevent encoding errors.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0245 |
| Category | InsecureConfig |
| Severity | MEDIUM |
| CWE | CWE-172 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | encoding-error, json-tag |
| OWASP | N/A |