CodeQL library for Go
codeql/go-all 2.1.3 (changelog, source)
Search

Module StringBreak

Provides extension points for customizing the taint tracking configuration for reasoning about unsafe-quoting vulnerabilities.

Import path

import semmle.go.security.StringBreakCustomizations

Classes

JsonMarshalAsSource

A call to json.Marshal, considered as a taint source for unsafe quoting.

Quote

A (single or double) quote.

ReplaceSanitizer

An expression that is equivalent to strings.ReplaceAll(s, old, new), considered as a sanitizer for unsafe quoting.

Sanitizer

A sanitizer for unsafe-quoting vulnerabilities.

Sink

A data flow sink for unsafe-quoting vulnerabilities.

Source

A data flow source for unsafe-quoting vulnerabilities.

StringConcatenationAsSink

A string concatenation with quotes, considered as a taint sink for unsafe quoting.

UnmarshalSanitizer

A call to json.Unmarshal, considered as a sanitizer for unsafe quoting.