CodeQL library for Go

codeql/go-all 5.0.6-dev (changelog, source)

Module TaintTrackingUtil

Provides Go-specific definitions for use in the taint-tracking library.

Import path

import semmle.go.dataflow.internal.TaintTrackingUtil

Imports

SpeculativeTaintFlow

Predicates

defaultAdditionalTaintStep	Holds if the additional step from `node1` to `node2` should be included in all global taint flow configurations.
defaultImplicitTaintRead	Holds if default `TaintTracking::Configuration`s should allow implicit reads of `c` at sinks and inputs to additional taint steps.
defaultTaintSanitizer	Holds if `node` should be a sanitizer in all global taint flow configurations but not in local taint.
elementStep	Holds if taint flows from `pred` to `succ` via an array, map, slice, or string index operation.
elementWriteStep	Holds if there is an assignment of the form `succ[idx] = pred`, meaning that `pred` may taint `succ`.
fieldReadStep	Holds if taint flows from `pred` to `succ` via a field read.
functionEnsuresInputIsConstant	Holds if whenever `outp` of function `f` satisfies `p`, the input `inp` of `f` matched a constant in a case clause of a switch statement.
inputIsConstantIfOutputHasProperty	Holds if whenever `outputNode` satisfies `p`, `inputNode` matched a constant in a case clause of a switch statement.
localAdditionalTaintStep	Holds if the additional step from `pred` to `succ` should be included in all global taint flow configurations.
localExprTaint	Holds if taint can flow from `src` to `sink` in zero or more local (intra-procedural) steps.
localTaint	Holds if taint can flow from `src` to `sink` in zero or more local (intra-procedural) steps.
localTaintStep	Holds if taint can flow in one local step from `src` to `sink`.
referenceStep	Holds if taint flows from `pred` to `succ` via a reference or dereference.
sliceStep	Holds if taint flows from `pred` to `succ` via a slice operation.
stringConcatStep	Holds if taint flows from `pred` to `succ` via string concatenation.
tupleStep	Holds if taint flows from `pred` to `succ` via an extract tuple operation.

Classes

AdditionalTaintStep	A unit class for adding additional taint steps.
DefaultTaintSanitizer	A sanitizer in all global taint flow configurations but not in local taint.
EqualityTestBarrier	An equality test acting as a sanitizer guard for `nonConstNode` by restricting it to a known value.
FunctionModel	A model of a function specifying that the function propagates taint from a parameter or qualifier to a result.
ListOfConstantsComparisonSanitizerGuard	A comparison against a list of constants, acting as a sanitizer guard for `guardedExpr` by restricting it to a known value.