sdk/golang/Standard Library/GoOSUser
Standard Library

GoOSUser

os/user package. Lookup() and LookupId() resolve usernames — source of OS-level user data. Relevant for privilege escalation analysis.

1 source1 sink
Taint flow1 source 1 sink
Sources — untrusted input
.Current()
taint
Sinks — dangerous call
.Lookup()

Sources

.Current()Source
#
Signature
Current() (*User, error)

Returns current OS user. Source of sensitive system information.

tracks:return

Sinks

.Lookup()Sink
#
Signature
Lookup(username string) (*User, error)

Looks up user by name. SSRF-like sink if username is user-controlled.

tracks:0

Fully-Qualified Names

FQNField
os/userfqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

go.mod
// standard library — no go.mod entry required
rule.py
from codepathfinder.go_rule import GoOSUser
Next →GoOsSignal