GoEncodingCSV

encoding/csv package. Reader.Read() and Reader.ReadAll() return user-controlled CSV data as string slices — treat as taint sources.

2 sources

Taint flow2 sources → 0 sinks

Sources — untrusted input

.Read()Reads one CSV record

.ReadAll()Reads all CSV records

Sources

— user-controlled input enters here

.Read()Source

Signature

Read() ([]string, error)

Reads one CSV record. Source of tainted strings when reading user-uploaded CSV.

tracks:return

.ReadAll()Source

Signature

ReadAll() ([][]string, error)

Reads all CSV records. Source of tainted string slices.

tracks:return

FQN	Field
encoding/csv	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoEncodingCSV