Represents net/http.Client. Do(), Get(), Post() are SSRF sinks when the URL comes from user input.
.Get().Post().Do().Get()SinkGet(url string) (*Response, error)
Makes GET request. SSRF sink when url is user-controlled.
0.Post()SinkPost(url, contentType string, body io.Reader) (*Response, error)
Makes POST request. SSRF sink when url is user-controlled.
0.Do()SinkDo(req *Request) (*Response, error)
Executes arbitrary HTTP request. SSRF sink.
0| FQN | Field | |
|---|---|---|
| net/http.Client | fqns[0] | |
| net/http | fqns[1] | |
| http.Client | patterns |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
// standard library — no go.mod entry required
from codepathfinder.go_rule import GoHTTPClient