CodeQL library for Go
codeql/go-all 2.1.4-dev (changelog, source)
Search

Module UnsafeUnzipSymlink

Provides a taint tracking configuration for reasoning about zip-slip vulnerabilities.

Import path

import semmle.go.security.UnsafeUnzipSymlink

Imports

UnsafeUnzipSymlink

Provides extension points for customizing the taint tracking configuration for reasoning about zip-slip vulnerabilities.

Aliases

Flow

Tracks taint flow from archive header fields to an os.Symlink call, which never flow to a path/filepath.EvalSymlinks call.