GoIOReader

io.Reader interface. ReadAll() from io package returns the full content of a reader — source of taint when the reader wraps HTTP request body.

1 source

Taint flow1 source → 0 sinks

Sources — untrusted input

.ReadAll()Reads all bytes from r

Sources

— user-controlled input enters here

.ReadAll()Source

Signature

ReadAll(r Reader) ([]byte, error)

Reads all bytes from r. Source when r is http.Request.Body.

tracks:return

.Copy()Neutral

Signature

Copy(dst Writer, src Reader) (int64, error)

Copies src to dst. Propagates taint from src to dst.

.Pipe()Neutral

Signature

Pipe() (*PipeReader, *PipeWriter)

Creates synchronized pipe. Propagates taint through the connection.

FQN	Field
io	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoIOReader