CodeQL library for Go
codeql/go-all 2.1.4-dev (changelog, source)
Search

Module UnsafeUnzipSymlink

Provides extension points for customizing the taint tracking configuration for reasoning about zip-slip vulnerabilities.

Import path

import semmle.go.security.UnsafeUnzipSymlinkCustomizations

Classes

EvalSymlinksInvalidator

A data-flow sanitizer that prevents reaching an EvalSymlinksSink.

EvalSymlinksSink

A data flow sink at which symbolic links are resolved.

FileNameSource

A file name from a zip or tar entry, as a source for unsafe unzipping of symlinks.

FilenameWithSymlinks

A data-flow source of filenames that may contain unresolved symbolic links.

OsSymlink

An argument to a call to os.Symlink within a loop that extracts a zip or tar archive, taken as a sink for unsafe unzipping of symlinks.

StdlibSymlinkResolvers

An argument to path/filepath.EvalSymlinks or os.Readlink, taken as a sink for detecting target paths that are likely safe to extract to.

SymlinkSanitizer

A sanitizer for an unsafe symbolic-link unzip vulnerability.

SymlinkSink

A data flow sink for an unsafe symbolic-link unzip vulnerability.