GoHTTPResponseWriter

Represents net/http.ResponseWriter. Write() and WriteString() are XSS sinks when writing unsanitized user input into the HTTP response body.

1 sink

Taint flow0 sources → 1 sink

Sinks — dangerous call

.Write()Writes raw bytes to response

Sinks

— dangerous functions taint must not reach

.Write()Sink

Signature

Write(b []byte) (int, error)

Writes raw bytes to response. XSS sink when b contains user input.

tracks:0

.WriteHeader()Neutral

Signature

WriteHeader(statusCode int)

Sets HTTP status code. Not a taint sink.

FQN	Field
net/http.ResponseWriter	fqns[0]
*.ResponseWriter	patterns

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoHTTPResponseWriter