GoGobDecoder

encoding/gob.Decoder. Decode() deserializes arbitrary Go values — unsafe deserialization when decoding user-supplied bytes.

2 sinks

Taint flow0 sources → 2 sinks

Sinks — dangerous call

.Decode()Deserializes next gob value into e

.DecodeValue()Decodes into reflect

Sinks

— dangerous functions taint must not reach

.Decode()Sink

Signature

Decode(e any) error

Deserializes next gob value into e. Unsafe deserialization sink.

tracks:0

.DecodeValue()Sink

Signature

DecodeValue(v reflect.Value) error

Decodes into reflect.Value. Unsafe deserialization sink.

tracks:0

FQN	Field
encoding/gob.Decoder	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoGobDecoder