GoNetTLS

crypto/tls package. Config.InsecureSkipVerify = true disables certificate verification — a finding for all production code.

1 sink

Taint flow0 sources → 1 sink

Sinks — dangerous call

.Dial()Creates TLS connection

Sinks

— dangerous functions taint must not reach

.Dial()Sink

Signature

Dial(network, addr string, config *Config) (*Conn, error)

Creates TLS connection. Finding when config.InsecureSkipVerify is true.

tracks:2

FQN	Field
crypto/tls	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoNetTLS