Module UnsafeUnzipSymlink

Provides a taint tracking configuration for reasoning about zip-slip vulnerabilities.

Import path

import semmle.go.security.UnsafeUnzipSymlink

Provides extension points for customizing the taint tracking configuration for reasoning about zip-slip vulnerabilities.

EvalSymlinksConfiguration	DEPRECATED: Use copies of `EvalSymlinksConfig` and `EvalSymlinksFlow` instead.
SymlinkConfiguration	DEPRECATED: Use `Flow` instead.

Flow	Tracks taint flow from archive header fields to an `os.Symlink` call, which never flow to a `path/filepath.EvalSymlinks` call.