net/smtp package. SendMail() and SMTP.Mail() are email injection sinks when headers or body are built from user input without sanitization.
.SendMail().SendMail()SinkSendMail(addr string, a Auth, from string, to []string, msg []byte) error
Sends email. Header injection sink when from/to/msg contain user input.
2| FQN | Field | |
|---|---|---|
| net/smtp | fqns[0] |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
// standard library — no go.mod entry required
from codepathfinder.go_rule import GoNetSMTP