Httptrace FileServer As Handler High

Method http.FileServer should not be used as handler. This can lead to directory listing and grant malicious actors the ability to explore directories in search of confidential files. If directory listing is needed, it is imperative to implement access controls to safeguard specific directories and files to improve security.

Detector ID
go/http-trace-file-server-as-handler@v1.0
Category
Common Weakness Enumeration (CWE) external icon