Module TaintedPath
Provides extension points for customizing the taint tracking configuration for reasoning about path-traversal vulnerabilities.
Import path
import semmle.go.security.TaintedPathCustomizations
Classes
DotDotCheck | A check of the form |
DotDotReplaceAll | A replacement of the form |
FilepathCleanSanitizer | A call to |
FilepathRelSanitizer | A call to |
MimeMultipartFileHeaderFilenameSanitizer | A read from the field |
MimeMultipartPartFileNameSanitizer | A call to |
NumericOrBooleanSanitizer | A numeric- or boolean-typed node, considered a sanitizer for path traversal. |
PathAsSink | A path expression, considered as a taint sink for path traversal. |
PathContainmentCheck | A node |
PrefixCheck | A call of the form |
RegexpCheckAsSanitizerGuard | A call to a regexp match function, considered as a sanitizer guard for paths. |
Sanitizer | A sanitizer for path-traversal vulnerabilities. |
SanitizerGuard | A sanitizer guard for path-traversal vulnerabilities. |
Sink | A data flow sink for path-traversal vulnerabilities. |
Source | A data flow source for path-traversal vulnerabilities. |
UntrustedFlowAsSource | DEPRECATED: Use |