Module TaintedPath

Provides extension points for customizing the taint tracking configuration for reasoning about path-traversal vulnerabilities.

Import path

import semmle.go.security.TaintedPathCustomizations

DotDotCheck	A check of the form `!strings.Contains(nd, "..")`, considered as a sanitizer guard for path traversal.
FilepathCleanSanitizer	A call to `[file]path.Clean("/" + e)`, considered to sanitize `e` against path traversal.
FilepathRelSanitizer	A call to `filepath.Rel`, considered as a sanitizer for path traversal.
NumericOrBooleanSanitizer	A numeric- or boolean-typed node, considered a sanitizer for path traversal.
PathAsSink	A path expression, considered as a taint sink for path traversal.
PathContainmentCheck	A node `nd` guarded by a check that ensures it is contained within some root folder, considered as a sanitizer for path traversal.
PrefixCheck	A call of the form `strings.HasPrefix(path, ...)` considered as a sanitizer guard for `path`.
RegexpCheckAsSanitizerGuard	A call to a regexp match function, considered as a sanitizer guard for paths.
Sanitizer	A sanitizer for path-traversal vulnerabilities.
SanitizerGuard	A sanitizer guard for path-traversal vulnerabilities.
Sink	A data flow sink for path-traversal vulnerabilities.
Source	A data flow source for path-traversal vulnerabilities.
UntrustedFlowAsSource	A source of untrusted data, considered as a taint source for path traversal.