CodeQL library for Go
codeql/go-all 3.0.1-dev (changelog, source)
Search

Module AllocationSizeOverflow

Provides extension points for customizing the taint-tracking configuration for reasoning about allocation-size overflow.

Import path

import semmle.go.security.AllocationSizeOverflowCustomizations

Predicates

additionalStep

Holds if the value of pred can flow into succ in one step, either through a call to len or through an arithmetic operation (other than remainder).

Classes

AllocationSize

A data-flow node that represents the size argument of an allocation, such as the n in make([]byte, n).

AllocationSizeCheckBarrier

A check of the allocation size, acting as a guard to prevent allocation-size overflow.

DefaultSink

An arithmetic operation that might overflow, and whose result is used to compute an allocation size.

FileReadSource

A call to a function that reads from the file system or a stream, considered as a source of taint.

LengthCheckSanitizer

A length check, acting as a guard to prevent allocation-size overflow.

MarshalingSource

A call to a marshaling function, considered as a source of taint.

OverflowProneOperand

A data-flow node that is an operand to an operation that may overflow.

Sanitizer

A sanitizer node that prevents allocation-size overflow.

Sink

A data-flow node where an overflow might occur, and whose result is used to compute an allocation size.

Source

A source of data that might cause an allocation-size overflow.

WidenTo64BitSanitizer

A conversion to a 64-bit type, acting as a sanitizer to mitigate the risk of allocation-size overflow.