GoLog

log standard library package. Printf, Println, and Fatal variants may log sensitive user input — a finding for privacy/compliance rules.

3 sinks

Taint flow0 sources → 3 sinks

Sinks — dangerous call

.Printf()Logs formatted message

.Println()Logs values

.Fatal()Logs and calls os

Sinks

— dangerous functions taint must not reach

.Printf()Sink

Signature

Printf(format string, v ...any)

Logs formatted message. Log injection sink when v contains user input with newlines.

tracks:0

.Println()Sink

Signature

Println(v ...any)

Logs values. Potential log injection.

tracks:0

.Fatal()Sink

Signature

Fatal(v ...any)

Logs and calls os.Exit(1). Log injection sink.

tracks:0

FQN	Field
log	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoLog