Module UnsafeUnzipSymlink

Provides extension points for customizing the taint tracking configuration for reasoning about zip-slip vulnerabilities.

Import path

import semmle.go.security.UnsafeUnzipSymlinkCustomizations

EvalSymlinksInvalidator	A data-flow sanitizer that prevents reaching an `EvalSymlinksSink`.
EvalSymlinksSink	A data flow sink at which symbolic links are resolved.
FileNameSource	A file name from a zip or tar entry, as a source for unsafe unzipping of symlinks.
FilenameWithSymlinks	A data-flow source of filenames that may contain unresolved symbolic links.
OsSymlink	An argument to a call to `os.Symlink` within a loop that extracts a zip or tar archive, taken as a sink for unsafe unzipping of symlinks.
StdlibSymlinkResolvers	An argument to `path/filepath.EvalSymlinks` or `os.Readlink`, taken as a sink for detecting target paths that are likely safe to extract to.
SymlinkSanitizer	A sanitizer for an unsafe symbolic-link unzip vulnerability.
SymlinkSink	A data flow sink for an unsafe symbolic-link unzip vulnerability.