CodeQL library for Go
codeql/go-all 2.1.3 (changelog, source)
Search

Module InsecureRandomness

Provides default sources, sinks and sanitizers for reasoning about random values that are not cryptographically secure, as well as extension points for adding your own.

Import path

import semmle.go.security.InsecureRandomnessCustomizations

Predicates

nonCryptoInterface

Gets an interface outside of the crypto package which is the same as an interface in the crypto package.

Classes

CryptographicSink

A cryptographic algorithm.

HashAlgorithm

A function that hashes input, which is considered as a taint propagator for use of cryptographically insecure random values.

InsecureRandomSource

A random source that is not sufficient for security use. So far this is only made up of the math package’s rand function, more insufficient random sources can be added here.

PasswordFnSink

A use in a function that heuristically deals with passwords.

Sanitizer

A sanitizer for insufficient random sources used as cryptographic keys

Sink

A data flow sink for cryptographic algorithms that take a key as input

Source

A data flow source for insufficient random sources