Standard Library

archive/tar package. Reader.Next() returns headers with user-controlled filenames — Zip Slip path traversal sink when extracting to filesystem.

archive/zip package. OpenReader() and File[].Name are sources of user-controlled filenames — Zip Slip path traversal when extracting.

Go stdlib package — arena. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — go/ast. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

bufio.Reader wraps an io.Reader with buffering. ReadString() and ReadLine() are sources when the underlying reader is an HTTP request body or stdin.

bufio.Scanner reads tokens line-by-line. Text() and Bytes() are sources when the scanner wraps user-controlled input (stdin, HTTP body).

Go stdlib package — go/build. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — go/build/constraint. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — bytes. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

cipher package. NewGCMWithNonceSize() and AEAD.Seal() — finding when nonce is reused or predictable.

Go stdlib package — cmp. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — compress/bzip2. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — compress/flate. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — compress/gzip. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — compress/lzw. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — compress/zlib. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — go/constant. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — container/heap. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — container/list. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — container/ring. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Represents context.Context. Value() can propagate tainted data stored by upstream handlers — treat returned values as taint sources in inter-procedural analysis.

Weak cryptographic algorithms: crypto/md5, crypto/sha1, crypto/des, crypto/rc4. All New() and Sum() calls are findings — these algorithms are cryptographically broken.

crypto/aes package. NewCipher() with a weak mode (ECB, CBC without IV) is a cryptographic weakness finding.

Go stdlib package — crypto/boring. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — crypto/des. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — crypto/dsa. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — crypto/ecdh. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — crypto/ecdsa. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — crypto/ed25519. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — crypto/elliptic. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

crypto/hmac package. New() creates HMAC with a key. Equal() provides constant-time comparison. Using == instead of Equal() for MAC verification is a timing attack.

Go stdlib package — crypto/md5. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

crypto/rand package. The Reader is the cryptographically secure random source — use this instead of math/rand for tokens and session IDs.

Go stdlib package — crypto/rc4. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — crypto/rsa. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — crypto/sha1. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — crypto. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — crypto/subtle. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — crypto/tls/fipsonly. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — crypto/x509/pkix. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Alias reference: database/sql.Stmt. Prepared statement execution methods — safe when using ? placeholders, sink when mixing with string concatenation.

Go stdlib package — database/sql/driver. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — debug/buildinfo. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — debug/dwarf. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — debug/elf. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — debug/gosym. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — debug/macho. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — debug/pe. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — debug/plan9obj. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — go/doc. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — go/doc/comment. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — embed. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — encoding. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — encoding/ascii85. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — encoding/asn1. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — encoding/base32. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

encoding/base64 package. DecodeString() decodes user input — the result is still tainted and must be sanitized before use in sinks.

encoding/binary package. Read() deserializes binary data from a reader — source of taint when the reader is network or user input.

encoding/csv package. Reader.Read() and Reader.ReadAll() return user-controlled CSV data as string slices — treat as taint sources.

encoding/gob package. Decoder.Decode() deserializes arbitrary Go types — unsafe deserialization sink when decoding untrusted data.

encoding/hex package. DecodeString() converts hex to bytes — does not sanitize taint. EncodeToString() may be used as a sanitizer in specific contexts.

encoding/json package. Unmarshal and Decoder.Decode() are sources of tainted data from JSON input. Marshal() propagates taint to output.

Go stdlib package — encoding/pem. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

encoding/xml package. Unmarshal and Decoder.Decode() are sources. Can also be an XXE sink if xml.Decoder is used without disabling external entity processing.

Go stdlib package — errors. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — expvar. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

The path/filepath standard library package. Join(), Abs(), Clean() are used as sanitizers in path traversal rules when combined with containment checks.

Go stdlib package — flag. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

The fmt standard library package. Sprintf, Fprintf, Sscanf are sources of formatted string data. Fprintf to http.ResponseWriter is an XSS sink.

Go stdlib package — go/format. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

encoding/gob.Decoder. Decode() deserializes arbitrary Go values — unsafe deserialization when decoding user-supplied bytes.

html/template package — the safe version of text/template. Auto-escapes context-appropriately. HTML(), JS(), URL() types are escape bypasses when used with user input.

Represents net/http.Client. Do(), Get(), Post() are SSRF sinks when the URL comes from user input.

net/http.Cookie struct. Missing Secure, HttpOnly, or SameSite flags are security findings for session cookies.

net/http.ServeMux is the HTTP request multiplexer. Handle() and HandleFunc() register handlers — not typically a security sink but relevant for routing analysis.

Represents *http.Request from the net/http standard library. Used in standard http.HandlerFunc handlers. FormValue, URL.Query(), Header.Get(), and Body are all taint sources.

Represents net/http.ResponseWriter. Write() and WriteString() are XSS sinks when writing unsanitized user input into the HTTP response body.

net/http.Server. ListenAndServe() without TLS is a finding in server configurations that should enforce HTTPS.

Go stdlib package — hash. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — hash/adler32. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — hash/crc32. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — hash/crc64. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — hash/fnv. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — hash/maphash. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — html. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

The io standard library package. ReadAll and Copy move data from readers — sources when the underlying reader is user-controlled (e.g. an http.Request.Body). WriteString writes to a writer and is a sink when the writer is an HTTP response.

io/fs package (Go 1.16+). FS interface and ReadFile() operate on filesystem abstractions — path traversal sinks when path is user-controlled.

io.Reader interface. ReadAll() from io package returns the full content of a reader — source of taint when the reader wraps HTTP request body.

Go stdlib package — image. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — image/color. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — image/color/palette. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — image/draw. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — image/gif. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — image/jpeg. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — image/png. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — go/importer. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — index/suffixarray. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — io/ioutil. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

encoding/json for JSON encode/decode. Unmarshal and Decoder.Decode deserialize JSON into Go values — the destination struct becomes tainted if the input bytes are user-controlled. Encoder.Encode writes JSON to a writer, a sink when the writer is an HTTP response.

log standard library package. Printf, Println, and Fatal variants may log sensitive user input — a finding for privacy/compliance rules.

log/slog package (Go 1.21+). Structured logging — Info, Warn, Error are log injection sinks when message or attributes contain unsanitized user input.

Go stdlib package — log/syslog. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — maps. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — math. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — math/big. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — math/bits. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — math/cmplx. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

math/rand package. Intn(), Float64() and related functions use a deterministic PRNG — a finding when used for cryptographic purposes (tokens, session IDs).

Go stdlib package — mime. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

mime/multipart package. Reader.ReadForm() parses multipart form data including file uploads — source of user-controlled filenames and content.

Go stdlib package — mime/quotedprintable. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

net.Dial and net.DialTCP create network connections. Dial() is an SSRF sink when the address is user-controlled.

Package-level net/http functions: Get(), Post(), Head(). SSRF sinks when the URL argument is derived from user input.

Go stdlib package — net/http/cgi. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — net/http/cookiejar. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — net/http/fcgi. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — net/http/httptest. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — net/http/httptrace. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — net/http/httputil. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — net/http/pprof. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — net/mail. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — net/netip. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — net/rpc. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — net/rpc/jsonrpc. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

net/smtp package. SendMail() and SMTP.Mail() are email injection sinks when headers or body are built from user input without sanitization.

crypto/tls package. Config.InsecureSkipVerify = true disables certificate verification — a finding for all production code.

Go stdlib package — net/textproto. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

net/url package. Parse() returns a *url.URL from a string — source of taint when parsing user-supplied URLs. Used in SSRF detection for URL validation.

The os standard library package. Getenv() is a source of environment variable data. Open(), Create(), Remove() are file operation sinks for path traversal.

The os/exec standard library package. exec.Command and exec.CommandContext are command injection sinks when any argument comes from user-controlled input. Most dangerous with shell=true-equivalent patterns.

os/user package. Lookup() and LookupId() resolve usernames — source of OS-level user data. Relevant for privilege escalation analysis.

Go stdlib package — os/signal. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — go/parser. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — path. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

plugin package. Open() loads a shared library — code execution sink when the plugin path is user-controlled.

Go stdlib package — go/printer. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

reflect package. reflect.ValueOf() and reflect.New() with user-controlled type strings enable dynamic code execution — a finding for unsafe reflection rules.

regexp package. FindString() and FindAllString() return tainted matches. MustCompile() with user-controlled pattern is a ReDoS risk.

Go stdlib package — regexp/syntax. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

runtime package. SetFinalizer(), GOMAXPROCS() — not typical security sinks but relevant for resource exhaustion rules.

Go stdlib package — runtime/asan. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — runtime/cgo. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — runtime/coverage. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — runtime/debug. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — runtime/metrics. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — runtime/msan. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — runtime/pprof. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — runtime/race. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — runtime/trace. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Represents database/sql.DB and database/sql.Tx from the Go standard library. Query(), Exec(), and Prepare() are SQL injection sinks when the query string is built from user input instead of using ? placeholders.

Go stdlib package — go/scanner. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — slices. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — sort. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

The strconv standard library package. Atoi, ParseInt, ParseFloat, and related functions serve as sanitizers in SQL injection and path traversal rules — converting a string to a numeric type eliminates injection risk.

strings package. Contains(), HasPrefix(), ReplaceAll() are used as partial sanitizers. Builder is used to construct tainted strings.

sync package. Mutex, RWMutex, Once — not security sinks but relevant for race condition detection rules.

Go stdlib package — sync/atomic. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

sync.Map provides a concurrent map. Load() and Store() are relevant for data flow tracking in concurrent handlers where shared state is modified.

syscall package. Exec(), RawSyscall(), and socket operations are low-level command and network injection sinks.

Go stdlib package — syscall/js. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Represents html/template.Template and text/template.Template. Execute() and ExecuteTemplate() are XSS sinks when data contains unsanitized user input passed to text/template (not html/template).

Go stdlib package — testing. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — testing/fstest. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — testing/iotest. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — testing/quick. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — testing/slogtest. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — text/scanner. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — text/tabwriter. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — text/template/parse. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

time package. time.Parse() with user-controlled layout strings is a denial-of-service risk (algorithmic complexity). Not a typical injection sink.

Go stdlib package — time/tzdata. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — go/token. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — go/types. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — unicode. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — unicode/utf16. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — unicode/utf8. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

Go stdlib package — unsafe. Auto-indexed from CDN. Method-level security roles have not been annotated; rule writers should inspect the source before use.

crypto/x509 package. Certificate.Verify() is the TLS chain validation entry point. Skipping verification or using empty VerifyOptions is a finding.