sdk/golang/Auth & Config/GoYAMLDecoder

GoYAMLDecoder

gopkg.in/yaml.v3 Decoder for YAML deserialization. Decode() hydrates arbitrary Go types from YAML input — a deserialization sink when the YAML source is user-controlled. Package-level yaml.Unmarshal has the same properties.

1 sink

Taint flow0 sources → 1 sink

Sinks — dangerous call

.Decode()Deserializes the next YAML document into v

Sinks

— dangerous functions taint must not reach

.Decode()Sink

Signature

Decode(v any) error

Deserializes the next YAML document into v. Sink when the underlying reader is user-controlled.

tracks:0

Other Methods

.KnownFields()Neutral

Signature

KnownFields(enable bool)

Configures the decoder to error on unknown fields. Hardening control (neutral).

Fully-Qualified Names

FQN	Field
gopkg.in/yaml.v3.Decoder	fqns[0]
*.Decoder	patterns

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

go.mod

require gopkg.in/yaml.v3 v3.0.1

rule.py

from codepathfinder.go_rule import GoYAMLDecoder

← PreviousGoViperConfig