sdk/golang/Databases/GoRedisClient
Databases

GoRedisClient

go-redis Client for Redis operations. Most Redis commands are typed and safe, but Eval() and EvalSha() accept Lua scripts that can be injection sinks when the script body is user-controlled. ACL commands can also be sinks.

1 source4 sinks
Taint flow1 source 4 sinks
Sources — untrusted input
.Get()
taint
Sinks — dangerous call
.Eval()
.EvalSha()
.ScriptLoad()
.Do()

Sources

.Get()Source
#
Signature
Get(ctx context.Context, key string) *StringCmd

Fetches a string value. Source when cached data originated from user input.

tracks:return

Sinks

.Eval()Sink
#
Signature
Eval(ctx context.Context, script string, keys []string, args ...any) *Cmd

Executes a Lua script on the Redis server. Injection sink if script is user-controlled.

tracks:1
.EvalSha()Sink
#
Signature
EvalSha(ctx context.Context, sha1 string, keys []string, args ...any) *Cmd

Executes a cached Lua script by SHA. Less risky than Eval but tainted SHA can still trigger unintended scripts.

tracks:1
.ScriptLoad()Sink
#
Signature
ScriptLoad(ctx context.Context, script string) *StringCmd

Registers a Lua script for later EvalSha. Sink when script is user-controlled.

tracks:1
.Do()Sink
#
Signature
Do(ctx context.Context, args ...any) *Cmd

Sends an arbitrary command. Command-injection sink when the command name is user-controlled.

tracks:1

Other Methods

.Set()Neutral
#
Signature
Set(ctx context.Context, key string, value any, expiration time.Duration) *StatusCmd

Stores a value. Typed and generally safe.

Fully-Qualified Names

FQNField
github.com/redis/go-redis/v9.Clientfqns[0]
*.Clientpatterns

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

go.mod
require github.com/redis/go-redis/v9 v9.5.1
rule.py
from codepathfinder.go_rule import GoRedisClient
Next →GoSqlxDB