The os standard library package. Getenv() is a source of environment variable data. Open(), Create(), Remove() are file operation sinks for path traversal.
.Getenv().Open().Create().Remove().ReadFile().Getenv()SourceGetenv(key string) string
Returns environment variable value. Source of external data.
return.Open()SinkOpen(name string) (*File, error)
Opens file for reading. Path traversal sink when name is user-controlled.
0.Create()SinkCreate(name string) (*File, error)
Creates file. Path traversal sink when name is user-controlled.
0.Remove()SinkRemove(name string) error
Removes file. Dangerous sink when name is user-controlled.
0.ReadFile()SinkReadFile(name string) ([]byte, error)
Reads entire file. Path traversal sink.
0| FQN | Field | |
|---|---|---|
| os | fqns[0] | |
| os.File | fqns[1] | |
| os.* | patterns |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
// standard library — no go.mod entry required
from codepathfinder.go_rule import GoOS