CodeQL library for Go
codeql/go-all 2.1.3-dev (changelog, source)
Index
Search

Module UnsafeUnzipSymlink

Provides a taint tracking configuration for reasoning about zip-slip vulnerabilities.

Import path

import semmle.go.security.UnsafeUnzipSymlink

Imports

UnsafeUnzipSymlink

Provides extension points for customizing the taint tracking configuration for reasoning about zip-slip vulnerabilities.

Classes

EvalSymlinksConfiguration

DEPRECATED: Use copies of EvalSymlinksConfig and EvalSymlinksFlow instead.

SymlinkConfiguration

DEPRECATED: Use Flow instead.

Aliases

Flow

Tracks taint flow from archive header fields to an os.Symlink call, which never flow to a path/filepath.EvalSymlinks call.