GoRuntime

runtime package. SetFinalizer(), GOMAXPROCS() — not typical security sinks but relevant for resource exhaustion rules.

1 source1 sink

Taint flow1 source → 1 sink

Sources — untrusted input

.Stack()Writes goroutine stack trace

→

taint

Sinks — dangerous call

.GOMAXPROCS()Sets max OS threads

Sources

— user-controlled input enters here

.Stack()Source

Signature

Stack(buf []byte, all bool) int

Writes goroutine stack trace. Information disclosure if written to user-visible output.

— dangerous functions taint must not reach

.GOMAXPROCS()Sink

Signature

GOMAXPROCS(n int) int

Sets max OS threads. DoS risk when n is derived from user input without bounds check.

tracks:0

FQN	Field
runtime	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoRuntime