sdk/python/File System/PyPathlib

PyPathlib

The pathlib module is the modern OO path API. Path.resolve() expands symlinks (sanitizer when combined with containment check). Path.open / read_text / write_text are file I/O sinks when the path is user-controlled.

3 sinks1 sanitizer

Taint flow0 sources → 1 sanitizer → 3 sinks

Sanitizers — blocks taint

.resolve()

Sinks — dangerous call

.open()Opens the file at this path

.read_text()Reads the whole file as text

.write_text()Writes text

Sinks

— dangerous functions taint must not reach

.open()Sink

Signature

Path.open(mode='r', buffering=-1, ...) -> IO

Opens the file at this path. Path-traversal sink when path is user-controlled.

.read_text()Sink

Signature

Path.read_text(encoding=None, errors=None) -> str

Reads the whole file as text. Path-traversal sink.

.write_text()Sink

Signature

Path.write_text(data, encoding=None, errors=None, newline=None) -> int

Writes text. Path-traversal sink when path is user-controlled.

Sanitizers

— functions that neutralize taint

.resolve()Sanitizer

Signature

Path.resolve(strict=False) -> Path

Resolves symlinks and relative segments. Use with relative_to() for traversal defense.

tracks:return

Other Methods

.Path()Neutral

Signature

pathlib.Path(*pathsegments) -> Path

Constructs a path. Neutral; does not defend against traversal.

Fully-Qualified Names

FQN	Field
pathlib	fqns[0]
pathlib.Path	fqns[1]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py

from codepathfinder.go_rule import PyPathlib

← PreviousPyOSPath

Next →PyRe