Fix Mass Assignment in Gin

Mass Assignment in Gin-gonic occurs when a developer binds untrusted HTTP request payloads directly to a database model. In Gin, functions like `c.ShouldBindJSON` map JSON keys to struct fields. If your DB model contains sensitive fields (e.g., `IsAdmin`, `Balance`) and you bind the request directly to it, an attacker can overwrite these fields by simply including them in the JSON body. This is a classic 'Over-posting' vulnerability.

The Vulnerable Pattern

type User struct {
    ID        uint   `json:"id" gorm:"primaryKey"` 
    Username  string `json:"username"` 
    IsAdmin   bool   `json:"is_admin"` 
}
func UpdateProfile(c *gin.Context) {
var user User
// VULNERABLE: Binding directly to the DB model struct
if err := c.ShouldBindJSON(&user); err != nil {
c.JSON(400, gin.H{“error”: “Invalid input”})
return
}
db.Save(&user) // Attacker can send {“is_admin”: true} and gain privs
}

The Secure Implementation

To kill Mass Assignment, implement the DTO pattern. Never expose your internal DB models to the binding layer. By creating a specific struct for incoming requests (e.g., `UpdateUserRequest`), you define a strict allow-list of fields the user is permitted to modify. Even if an attacker sends extra fields in the JSON payload, the Gin binder will ignore them because they aren't defined in the DTO struct. Finally, use explicit updates (`db.Model().Update()`) rather than saving the entire object to ensure only intended columns are touched.

type UpdateUserRequest struct {
    Username string `json:"username" binding:"required,min=3"` 
}
func UpdateProfile(c *gin.Context) {
var req UpdateUserRequest
// SECURE: Bind to a dedicated DTO (Data Transfer Object)
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(400, gin.H{“error”: err.Error()})
return
}
userID := c.MustGet("userID").(uint)
// Only update specific, allowed fields
db.Model(&User{}).Where("id = ?", userID).Update("username", req.Username)
c.JSON(200, gin.H{"status": "profile updated"})
}