Class TaintedPath::PathContainmentCheck
A node nd guarded by a check that ensures it is contained within some root folder,
considered as a sanitizer for path traversal.
We currently recognize checks of the following form:
..., err := filepath.Rel(base, path)
if err == nil {
// path is known to be contained in base
}
Import path
import semmle.go.security.TaintedPathCustomizationsDirect supertypes
Indirect supertypes
Inherited fields
| expr | from EqualityTestNode | |
| insn | from ExprNode | |
| left | from BinaryOperationNode | |
| op | from BinaryOperationNode | |
| right | from BinaryOperationNode |
Predicates
Inherited predicates
| asExpr | Gets the expression corresponding to this node, if any. | from ExprNode |
| asInstruction | Gets the IR instruction corresponding to this node, if any. | from InstructionNode |
| asParameter | Gets the parameter corresponding to this node, if any. | from Node |
| eq | Holds if this comparison evaluates to | from EqualityTestNode |
| getAPredecessor | Gets a data-flow node from which data may flow to this node in one (intra-procedural) step. | from Node |
| getASuccessor | Gets a data-flow node to which data may flow from this node in one (intra-procedural) step. | from Node |
| getAnOperand | Gets an operand of this operation. | from BinaryOperationNode |
| getBasicBlock | Gets the basic block to which this data-flow node belongs, if any. | from Node |
| getBoolValue | Gets the Boolean value this data-flow node contains, if any. | from Node |
| getEnclosingCallable | INTERNAL: Use | from Node |
| getEndColumn | Gets the end column of the location of this node. | from Node |
| getEndLine | Gets the end line of the location of this node. | from Node |
| getExactValue | Gets the string representation of the exact value this data-flow node contains, if any. | from Node |
| getExpr | Gets the underlying expression this node corresponds to. | from ExprNode |
| getFile | Gets the file in which this node appears. | from Node |
| getFloatValue | Gets the floating-point value this data-flow node contains, if any. | from Node |
| getIntValue | Gets the integer value this data-flow node contains, if any. | from Node |
| getLeftOperand | Gets the left operand of this operation. | from BinaryOperationNode |
| getLocation | Gets the location of this node. | from Node |
| getNodeKind | Gets a textual representation of the kind of this data-flow node. | from InstructionNode |
| getNumericValue | Gets either | from Node |
| getOperator | Gets the operator of this operation. | from BinaryOperationNode |
| getPolarity | Gets the polarity of this equality test, that is, | from EqualityTestNode |
| getRightOperand | Gets the right operand of this operation. | from BinaryOperationNode |
| getRoot | Gets the function to which this node belongs. | from InstructionNode |
| getStartColumn | Gets the start column of the location of this node. | from Node |
| getStartLine | Gets the start line of the location of this node. | from Node |
| getStringValue | Gets the string value this data-flow node contains, if any. | from Node |
| getType | Gets the type of this node. | from InstructionNode |
| getTypeBound | Gets an upper bound on the type of this node. | from Node |
| hasComplexValue | Holds if the complex value this data-flow node contains has real part | from Node |
| hasLocationInfo | Holds if this element is at the specified location. The location spans column | from InstructionNode |
| hasOperands | Holds if | from BinaryOperationNode |
| isConst | Holds if the value of this data-flow node is known at compile time. | from Node |
| isPlatformIndependentConstant | Holds if the result of this instruction is known at compile time, and is guaranteed not to depend on the platform where it is evaluated. | from Node |
| mayHaveSideEffects | Holds if this operation may have observable side effects. | from BinaryOperationNode |
| toString | Gets a textual representation of this element. | from InstructionNode |