GoBufioReader

bufio.Reader wraps an io.Reader with buffering. ReadString() and ReadLine() are sources when the underlying reader is an HTTP request body or stdin.

3 sources

Taint flow3 sources → 0 sinks

Sources — untrusted input

.ReadString()Reads until delimiter

.ReadLine()Reads one line

.ReadBytes()Reads until delimiter

Sources

— user-controlled input enters here

.ReadString()Source

Signature

ReadString(delim byte) (string, error)

Reads until delimiter. Source when wrapping user-controlled input.

tracks:return

.ReadLine()Source

Signature

ReadLine() (line []byte, isPrefix bool, err error)

Reads one line. Source when wrapping HTTP body or stdin.

tracks:return

.ReadBytes()Source

Signature

ReadBytes(delim byte) ([]byte, error)

Reads until delimiter. Source of tainted bytes.

tracks:return

FQN	Field
bufio.Reader	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoBufioReader