CodeQL library for Go
codeql/go-all 2.1.4-dev (changelog, source)
Search

Module TaintedPath

Provides extension points for customizing the taint tracking configuration for reasoning about path-traversal vulnerabilities.

Import path

import semmle.go.security.TaintedPathCustomizations

Classes

DotDotCheck

A check of the form !strings.Contains(nd, ".."), considered as a sanitizer guard for path traversal.

DotDotReplaceAll

A replacement of the form !strings.ReplaceAll(nd, "..") or !strings.ReplaceAll(nd, "."), considered as a sanitizer for path traversal.

FilepathCleanSanitizer

A call to filepath.Clean("/" + e), considered to sanitize e against path traversal.

FilepathRelSanitizer

A call to filepath.Rel, considered as a sanitizer for path traversal.

MimeMultipartFileHeaderFilenameSanitizer

A read from the field Filename of the type mime/multipart.FileHeader, considered as a sanitizer for path traversal.

MimeMultipartPartFileNameSanitizer

A call to mime/multipart.Part.FileName, considered as a sanitizer against path traversal.

NumericOrBooleanSanitizer

A numeric- or boolean-typed node, considered a sanitizer for path traversal.

PathAsSink

A path expression, considered as a taint sink for path traversal.

PathContainmentCheck

A node nd guarded by a check that ensures it is contained within some root folder, considered as a sanitizer for path traversal.

PrefixCheck

A call of the form strings.HasPrefix(path, ...) considered as a sanitizer guard for path.

RegexpCheckAsSanitizerGuard

A call to a regexp match function, considered as a sanitizer guard for paths.

Sanitizer

A sanitizer for path-traversal vulnerabilities.

SanitizerGuard

A sanitizer guard for path-traversal vulnerabilities.

Sink

A data flow sink for path-traversal vulnerabilities.

Source

A data flow source for path-traversal vulnerabilities.

UntrustedFlowAsSource

DEPRECATED: Use ActiveThreatModelSource or Source instead.