ServeMux and a path traversal vulnerability
As a passionate Go developer, I’ve come to appreciate the language’s simplicity and power. However, even in a well-designed language like Go, security vulnerabilities can lurk in unexpected places. In this post, we’ll explore a common misconception about Go’s ServeMux that can lead to a path traversal vulnerability. TL;DR: Many developers assume that ServeMux always sanitizes URL request paths, but this isn’t always the case. The Issue Consider the following code snippet, where we let the user read the files content in /tmp folder:...