GoFiberCtx

Represents fiber.Ctx in the Fiber HTTP framework (v2), inspired by Express.js. Zero-allocation design. All input methods are taint sources.

4 sources1 sink

Taint flow4 sources → 1 sink

Sources — untrusted input

.Params()Returns URL path parameter value

.Query()Returns URL query parameter value

.FormValue()Returns POST form value

.BodyParser()Parses request body into out

→

taint

Sinks — dangerous call

.Redirect()Redirects to location

Sources

— user-controlled input enters here

.Params()Source

Signature

Params(key string, defaultValue ...string) string

Returns URL path parameter value.

tracks:return

.Query()Source

Signature

Query(key string, defaultValue ...string) string

Returns URL query parameter value.

tracks:return

.FormValue()Source

Signature

FormValue(key string, defaultValue ...string) string

Returns POST form value.

tracks:return

.BodyParser()Source

Signature

BodyParser(out any) error

Parses request body into out. out becomes tainted.

tracks:0

— dangerous functions taint must not reach

.Redirect()Sink

Signature

Redirect(location string, status ...int) error

Redirects to location. Sink for open-redirect.

tracks:0

FQN	Field
github.com/gofiber/fiber/v2.Ctx	fqns[0]
*.Ctx	patterns

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

go.mod

require github.com/gofiber/fiber/v2 v2.52.0

rule.py

from codepathfinder.go_rule import GoFiberCtx