Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard #20056
Conversation
There was a problem hiding this comment.
Pull Request Overview
This pull request adds support for recognizing filepath.IsLocal() as a path traversal sanitizer in the Go security analysis. The change treats calls to this function as a security guard that can prevent path traversal attacks when the function returns true.
- Adds a new
IsLocalChecksanitizer guard class to recognizefilepath.IsLocal()calls - Updates test cases to include an example of the sanitized path usage pattern
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll | Implements the IsLocalCheck class to treat filepath.IsLocal() as a tainted-path sanitizer guard |
| go/ql/test/query-tests/Security/CWE-022/TaintedPath.go | Adds test case demonstrating proper usage of filepath.IsLocal() as a security check |
| if filepath.IsLocal(tainted_path) { | ||
| data, _ = ioutil.ReadFile(tainted_path) |
There was a problem hiding this comment.
The filepath.IsLocal() check alone may not provide complete path traversal protection. Consider combining it with additional validation such as filepath.Clean() or checking against an allowlist of permitted directories, as IsLocal() only validates that the path doesn't escape the current directory but doesn't prevent access to sensitive files within it.
| if filepath.IsLocal(tainted_path) { | |
| data, _ = ioutil.ReadFile(tainted_path) | |
| cleanedPath := filepath.Clean(tainted_path) | |
| allowedDir := "/allowed/directory" // Replace with the actual allowed directory | |
| if filepath.IsLocal(cleanedPath) && strings.HasPrefix(cleanedPath, allowedDir) { | |
| data, _ = ioutil.ReadFile(cleanedPath) |
No description provided.