GoStrings

strings package. Contains(), HasPrefix(), ReplaceAll() are used as partial sanitizers. Builder is used to construct tainted strings.

2 sanitizers

Sanitizers

— functions that neutralize taint

.Contains()Sanitizer

Signature

Contains(s, substr string) bool

Checks if s contains substr. Used as a partial path containment sanitizer.

.HasPrefix()Sanitizer

Signature

HasPrefix(s, prefix string) bool

Checks string prefix. Partial sanitizer for path traversal when checking allowed root.

.ReplaceAll()Neutral

Signature

ReplaceAll(s, old, new string) string

Replaces all occurrences. Taint propagates — not a sanitizer by itself.

.TrimSpace()Neutral

Signature

TrimSpace(s string) string

Trims whitespace. Taint propagates.

FQN	Field
strings	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoStrings