GoRegexp

regexp package. FindString() and FindAllString() return tainted matches. MustCompile() with user-controlled pattern is a ReDoS risk.

2 sinks

Taint flow0 sources → 2 sinks

Sinks — dangerous call

.Compile()Compiles regex

.MustCompile()Compiles regex, panics on error

Sinks

— dangerous functions taint must not reach

.Compile()Sink

Signature

Compile(expr string) (*Regexp, error)

Compiles regex. ReDoS risk when expr is user-controlled.

tracks:0

.MustCompile()Sink

Signature

MustCompile(str string) *Regexp

Compiles regex, panics on error. ReDoS risk when str is user-controlled.

tracks:0

.FindString()Neutral

Signature

FindString(s string) string

Returns leftmost match. Source of tainted string from user input.

FQN	Field
regexp	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoRegexp