GoNetDial

net.Dial and net.DialTCP create network connections. Dial() is an SSRF sink when the address is user-controlled.

3 sinks

Taint flow0 sources → 3 sinks

Sinks — dangerous call

.Dial()Creates network connection to address

.DialTCP()Creates TCP connection

.LookupHost()DNS lookup

Sinks

— dangerous functions taint must not reach

.Dial()Sink

Signature

Dial(network, address string) (Conn, error)

Creates network connection to address. SSRF sink when address is user-controlled.

tracks:1

.DialTCP()Sink

Signature

DialTCP(network string, laddr, raddr *TCPAddr) (*TCPConn, error)

Creates TCP connection. SSRF sink when raddr is user-controlled.

tracks:2

.LookupHost()Sink

Signature

LookupHost(host string) ([]string, error)

DNS lookup. SSRF vector when host is user-controlled.

tracks:0

FQN	Field
net	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoNetDial