sdk/golang/Standard Library/GoLogSlog
Standard Library

GoLogSlog

log/slog package (Go 1.21+). Structured logging — Info, Warn, Error are log injection sinks when message or attributes contain unsanitized user input.

3 sinks
Taint flow0 sources 3 sinks
Sinks — dangerous call
.Info()
.Warn()
.Error()

Sinks

.Info()Sink
#
Signature
Info(msg string, args ...any)

Logs at INFO level. Log injection sink when msg or args contain user input.

tracks:0
.Warn()Sink
#
Signature
Warn(msg string, args ...any)

Logs at WARN level. Log injection sink.

tracks:0
.Error()Sink
#
Signature
Error(msg string, args ...any)

Logs at ERROR level. Log injection sink.

tracks:0

Fully-Qualified Names

FQNField
log/slogfqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

go.mod
// standard library — no go.mod entry required
rule.py
from codepathfinder.go_rule import GoLogSlog
Next →GoLogSyslog