Headline
CVE-2022-31259: GitHub - beego/beego at v2.0.2
The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
Beego is used for rapid development of enterprise application in Go, including RESTful APIs, web apps and backend services.
It is inspired by Tornado, Sinatra and Flask. beego has some Go-specific features such as interfaces and struct embedding.
Beego is composed of four parts:
- Base modules: including log module, config module, governor module;
- Task: is used for running timed tasks or periodic tasks;
- Client: including ORM module, httplib module, cache module;
- Server: including web module. We will support gRPC in the future;
Please use RELEASE version, or master branch which contains the latest bug fix
Quick Start
Official website
Example
If you could not open official website, go to beedoc
Web Application
Create hello directory, cd hello directory****Init module****Download and install
go get github.com/beego/beego/v2@latest
Create file hello.go
package main
import “github.com/beego/beego/v2/server/web”
func main() { web.Run() }
Build and run
go build hello.go
./hello
Go to http://localhost:8080
Congratulations! You’ve just built your first beego app.
Features
- RESTful support
- MVC architecture
- Modularity
- Auto API documents
- Annotation router
- Namespace
- Powerful development tools
- Full stack for Web & API
Modules
- orm
- session
- logs
- config
- cache
- context
- admin
- httplib
- task
- i18n
Community
- http://beego.me/community
- Welcome to join us in Slack: https://beego.slack.com invite,
- QQ Group Group ID:523992905
- Contribution Guide.
License
beego source code is licensed under the Apache Licence, Version 2.0 (https://www.apache.org/licenses/LICENSE-2.0.html).