encoding/gob package. Decoder.Decode() deserializes arbitrary Go types — unsafe deserialization sink when decoding untrusted data.
.Decode().Decode()SinkDecode(e any) error
Deserializes gob-encoded data. Unsafe deserialization sink when decoding user-controlled data.
0| FQN | Field | |
|---|---|---|
| encoding/gob | fqns[0] |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
// standard library — no go.mod entry required
from codepathfinder.go_rule import GoEncodingGob