NotificationsYou must be signed in to change notification settings
Fork1.7k
Star8.5k

Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard#20056

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Merged

smowton merged 3 commits intomainfromsmowton/fix/tainted-path-is-local

Jul 15, 2025

Merged

Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard#20056

smowton merged 3 commits intomainfromsmowton/fix/tainted-path-is-local

Jul 15, 2025

+26 −0

Conversation

Copy link

Contributor

smowton commentedJul 15, 2025

No description provided.

Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard

c8eefb7

CopilotAI review requested due to automatic review settings

July 15, 2025 13:47

smowton requested a review froma team as acode owner

July 15, 2025 13:47

github-actionsbot added the Go label

Jul 15, 2025

CopilotAI reviewed

Jul 15, 2025

View reviewed changes

Copy link

Contributor

CopilotAI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Pull Request Overview

This pull request adds support for recognizingfilepath.IsLocal() as a path traversal sanitizer in the Go security analysis. The change treats calls to this function as a security guard that can prevent path traversal attacks when the function returns true.

Adds a newIsLocalCheck sanitizer guard class to recognizefilepath.IsLocal() calls
Updates test cases to include an example of the sanitized path usage pattern

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll	Implements the`IsLocalCheck` class to treat`filepath.IsLocal()` as a tainted-path sanitizer guard
go/ql/test/query-tests/Security/CWE-022/TaintedPath.go	Adds test case demonstrating proper usage of`filepath.IsLocal()` as a security check

go/ql/test/query-tests/Security/CWE-022/TaintedPath.go

Comment on lines +98 to +99

		if filepath.IsLocal(tainted_path) {
		data, _ = ioutil.ReadFile(tainted_path)

Copy link

Preview

CopilotAIJul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

The filepath.IsLocal() check alone may not provide complete path traversal protection. Consider combining it with additional validation such as filepath.Clean() or checking against an allowlist of permitted directories, as IsLocal() only validates that the path doesn't escape the current directory but doesn't prevent access to sensitive files within it.

Suggested change

	iffilepath.IsLocal(tainted_path) {
	data,_=ioutil.ReadFile(tainted_path)
	cleanedPath:=filepath.Clean(tainted_path)
	allowedDir:="/allowed/directory"// Replace with the actual allowed directory
	iffilepath.IsLocal(cleanedPath)&&strings.HasPrefix(cleanedPath,allowedDir) {
	data,_=ioutil.ReadFile(cleanedPath)