sdk/golang/Web Frameworks/GoGorillaMuxRouter

GoGorillaMuxRouter

Gorilla mux HTTP router (mux.Router). Path variables extracted via mux.Vars(r) are taint sources. Gorilla mux is the canonical router for larger Go web applications.

1 source

Taint flow1 source → 0 sinks

Sources — untrusted input

.Vars()Returns the route variables for the current request

Sources

— user-controlled input enters here

.Vars()Source

Signature

Vars(r *http.Request) map[string]string

Returns the route variables for the current request. All map values are user-controlled.

tracks:return

Other Methods

.CurrentRoute()Neutral

Signature

CurrentRoute(r *http.Request) *Route

Returns the matched route for the request. Metadata accessor (neutral).

.HandleFunc()Neutral

Signature

HandleFunc(path string, f func(http.ResponseWriter, *http.Request)) *Route

Registers a handler function for a path. Routing primitive (neutral).

.Handle()Neutral

Signature

Handle(path string, handler http.Handler) *Route

Registers an http.Handler for a path. Routing primitive (neutral).

.PathPrefix()Neutral

Signature

PathPrefix(tpl string) *Route

Registers a sub-router under a path prefix. Routing primitive (neutral).

Fully-Qualified Names

FQN	Field
github.com/gorilla/mux.Router	fqns[0]
*.Router	patterns

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

go.mod

require github.com/gorilla/mux v1.8.1

rule.py

from codepathfinder.go_rule import GoGorillaMuxRouter

← PreviousGoGoPlaygroundValidator