The strconv standard library package. Atoi, ParseInt, ParseFloat, and related functions serve as sanitizers in SQL injection and path traversal rules — converting a string to a numeric type eliminates injection risk.
.Atoi()SanitizerAtoi(s string) (int, error)
Converts string to int. Use as sanitizer: parsed ints cannot inject SQL.
.ParseInt()SanitizerParseInt(s string, base int, bitSize int) (int64, error)
Parses string as integer with given base and bit size. Sanitizes SQL/path injection.
.ParseFloat()SanitizerParseFloat(s string, bitSize int) (float64, error)
Parses string as float. Sanitizes injection via numeric validation.
.ParseBool()SanitizerParseBool(str string) (bool, error)
Parses "true"/"false" string to bool. Sanitizes by constraining to boolean domain.
| FQN | Field | |
|---|---|---|
| strconv | fqns[0] | |
| strconv.* | patterns |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
// standard library — no go.mod entry required
from codepathfinder.go_rule import GoStrconv