sdk/golang/Auth & Config/GoGRPCServerTransportStream
Auth & Config

GoGRPCServerTransportStream

google.golang.org/grpc.ServerTransportStream exposes transport-layer metadata for in-flight gRPC calls. Method() returns the fully-qualified gRPC method name — path-like and frequently user-influenced via client-supplied routing. Header/Trailer methods ship metadata back to the client.

1 source
Taint flow1 source 0 sinks
Sources — untrusted input
.Method()

Sources

.Method()Source
#
Signature
Method() string

Returns the fully-qualified gRPC method name. Source when the method path is used for authorization decisions.

tracks:return

Other Methods

.SetHeader()Neutral
#
Signature
SetHeader(md metadata.MD) error

Sets response headers. Neutral for outbound metadata, but secret leakage possible if md contains sensitive fields.

.SendHeader()Neutral
#
Signature
SendHeader(md metadata.MD) error

Sends response headers immediately. Same considerations as SetHeader.

.SetTrailer()Neutral
#
Signature
SetTrailer(md metadata.MD)

Sets response trailers. Neutral.

Fully-Qualified Names

FQNField
google.golang.org/grpc.ServerTransportStreamfqns[0]
*.ServerTransportStreampatterns

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

go.mod
require google.golang.org/grpc v1.62.1
rule.py
from codepathfinder.go_rule import GoGRPCServerTransportStream
Next →GoGoUberOrgZap