github.com/google/capslock@v0.2.3-0.20240517042941-dac19fc347c0/interesting/interesting.cm (about) 1 # This file contains mappings for functions or modules to concrete capabilities 2 # as well as some additional data that Capslock requires for analysis. 3 4 # The "func" keyword defines a mapping from a function to a capability. 5 # The following line marks the WriteString method on *bytes.Buffer as SAFE. 6 func (*bytes.Buffer).WriteString CAPABILITY_SAFE 7 8 func compress/bzip2.newHuffmanTree CAPABILITY_SAFE 9 func compress/flate.fixedHuffmanDecoderInit CAPABILITY_SAFE 10 func (*crypto/x509.Certificate).checkNameConstraints CAPABILITY_SAFE 11 func crypto/cipher.xorBytesSSE2 CAPABILITY_SAFE 12 func crypto/ecdh.init CAPABILITY_SAFE 13 func crypto/ecdsa.init CAPABILITY_SAFE 14 func crypto/internal/boring.init CAPABILITY_SAFE 15 func crypto/internal/nistec.init CAPABILITY_SAFE 16 func crypto/md5.init CAPABILITY_SAFE 17 func crypto/rand.Read CAPABILITY_SAFE 18 func crypto/rand.getRandom CAPABILITY_SAFE 19 func crypto/rand.init CAPABILITY_SAFE 20 func (*crypto/rand.reader).Read CAPABILITY_SAFE 21 func crypto/rsa.init CAPABILITY_SAFE 22 func crypto/sha1.init CAPABILITY_SAFE 23 func crypto/sha256.init CAPABILITY_SAFE 24 func crypto/sha512.init CAPABILITY_SAFE 25 func crypto/subtle.XORBytes CAPABILITY_SAFE 26 func crypto/tls.init CAPABILITY_SAFE 27 func (*crypto/tls.Conn).writeRecordLocked CAPABILITY_SAFE 28 func (*crypto/tls.certCache).active CAPABILITY_SAFE 29 func (*crypto/tls.certCache).newCert CAPABILITY_SAFE 30 func crypto/tls/fipsonly.init CAPABILITY_SAFE 31 func crypto/x509.ParseCertificate CAPABILITY_SAFE 32 func crypto/x509.init CAPABILITY_SAFE 33 func crypto/x509.loadSystemRoots CAPABILITY_SAFE 34 func (*crypto/x509.CertPool).AppendCertsFromPEM$1 CAPABILITY_SAFE 35 36 func go/internal/srcimporter.setUsesCgo CAPABILITY_SAFE 37 38 func internal/abi.FuncPCABI0 CAPABILITY_SAFE 39 func internal/abi.FuncPCABIInternal CAPABILITY_SAFE 40 41 func internal/godebug.init CAPABILITY_SAFE 42 func (*internal/godebug.Setting).register CAPABILITY_SAFE 43 func (*internal/godebug.Setting).Value CAPABILITY_SAFE 44 45 func (*internal/bisect.atomicPointerDedup).CompareAndSwap CAPABILITY_SAFE 46 func (*internal/bisect.atomicPointerDedup).Load CAPABILITY_SAFE 47 48 func (*index/suffixarray.Index).lookupAll CAPABILITY_SAFE 49 50 func log.Print CAPABILITY_SAFE 51 func log.Printf CAPABILITY_SAFE 52 func log.Println CAPABILITY_SAFE 53 func log.SetFlags CAPABILITY_MODIFY_SYSTEM_STATE 54 func log.SetOutput CAPABILITY_MODIFY_SYSTEM_STATE 55 56 func maps.clone CAPABILITY_SAFE 57 func maps.keys CAPABILITY_SAFE 58 func maps.values CAPABILITY_SAFE 59 60 func math/rand.fastrand64 CAPABILITY_SAFE 61 62 func net.CIDRMask CAPABILITY_SAFE 63 func net.Dial CAPABILITY_NETWORK 64 func net.DialIP CAPABILITY_NETWORK 65 func net.DialTCP CAPABILITY_NETWORK 66 func net.DialTimeout CAPABILITY_NETWORK 67 func net.DialUDP CAPABILITY_NETWORK 68 func net.DialUnix CAPABILITY_NETWORK 69 func net.FileConn CAPABILITY_NETWORK 70 func net.FileListener CAPABILITY_NETWORK 71 func net.FilePacketConn CAPABILITY_NETWORK 72 func net.IPv4 CAPABILITY_SAFE 73 func net.IPv4Mask CAPABILITY_SAFE 74 func net.InterfaceAddrs CAPABILITY_READ_SYSTEM_STATE 75 func net.InterfaceByIndex CAPABILITY_READ_SYSTEM_STATE 76 func net.InterfaceByName CAPABILITY_READ_SYSTEM_STATE 77 func net.Interfaces CAPABILITY_READ_SYSTEM_STATE 78 func net.JoinHostPort CAPABILITY_SAFE 79 func net.Listen CAPABILITY_NETWORK 80 func net.ListenIP CAPABILITY_NETWORK 81 func net.ListenMulticastUDP CAPABILITY_NETWORK 82 func net.ListenPacket CAPABILITY_NETWORK 83 func net.ListenTCP CAPABILITY_NETWORK 84 func net.ListenUDP CAPABILITY_NETWORK 85 func net.ListenUnix CAPABILITY_NETWORK 86 func net.ListenUnixgram CAPABILITY_NETWORK 87 func net.LookupAddr CAPABILITY_NETWORK 88 func net.LookupCNAME CAPABILITY_NETWORK 89 func net.LookupHost CAPABILITY_NETWORK 90 func net.LookupIP CAPABILITY_NETWORK 91 func net.LookupMX CAPABILITY_NETWORK 92 func net.LookupNS CAPABILITY_NETWORK 93 func net.LookupPort CAPABILITY_NETWORK 94 func net.LookupSRV CAPABILITY_NETWORK 95 func net.LookupTXT CAPABILITY_NETWORK 96 func net.ParseCIDR CAPABILITY_SAFE 97 func net.ParseIP CAPABILITY_SAFE 98 func net.ParseMAC CAPABILITY_SAFE 99 func net.Pipe CAPABILITY_SAFE 100 func net.ResolveIPAddr CAPABILITY_NETWORK 101 func net.ResolveTCPAddr CAPABILITY_NETWORK 102 func net.ResolveUDPAddr CAPABILITY_NETWORK 103 func net.ResolveUnixAddr CAPABILITY_NETWORK 104 func net.SplitHostPort CAPABILITY_SAFE 105 func net.init CAPABILITY_SAFE 106 func (*net.AddrError).Error CAPABILITY_SAFE 107 func (*net.DNSConfigError).Unwrap CAPABILITY_SAFE 108 func (*net.DNSError).Error CAPABILITY_SAFE 109 func (net.Flags).String CAPABILITY_SAFE 110 func (net.HardwareAddr).String CAPABILITY_SAFE 111 func (net.IP).DefaultMask CAPABILITY_SAFE 112 func (net.IP).Equal CAPABILITY_SAFE 113 func (net.IP).IsGlobalUnicast CAPABILITY_SAFE 114 func (net.IP).IsInterfaceLocalMulticast CAPABILITY_SAFE 115 func (net.IP).IsLinkLocalMulticast CAPABILITY_SAFE 116 func (net.IP).IsLinkLocalUnicast CAPABILITY_SAFE 117 func (net.IP).IsLoopback CAPABILITY_SAFE 118 func (net.IP).IsMulticast CAPABILITY_SAFE 119 func (net.IP).IsPrivate CAPABILITY_SAFE 120 func (net.IP).IsUnspecified CAPABILITY_SAFE 121 func (net.IP).MarshalText CAPABILITY_SAFE 122 func (net.IP).Mask CAPABILITY_SAFE 123 func (net.IP).String CAPABILITY_SAFE 124 func (net.IP).To16 CAPABILITY_SAFE 125 func (net.IP).To4 CAPABILITY_SAFE 126 func (*net.IP).UnmarshalText CAPABILITY_SAFE 127 func (*net.IPAddr).Network CAPABILITY_SAFE 128 func (*net.IPAddr).String CAPABILITY_SAFE 129 func (net.IPMask).Size CAPABILITY_SAFE 130 func (net.IPMask).String CAPABILITY_SAFE 131 func (*net.IPNet).Contains CAPABILITY_SAFE 132 func (*net.IPNet).Network CAPABILITY_SAFE 133 func (*net.IPNet).String CAPABILITY_SAFE 134 func (*net.OpError).Error CAPABILITY_SAFE 135 func (*net.OpError).Temporary CAPABILITY_SAFE 136 func (*net.OpError).Timeout CAPABILITY_SAFE 137 func (*net.OpError).Unwrap CAPABILITY_SAFE 138 func (*net.ParseError).Error CAPABILITY_SAFE 139 func (*net.TCPAddr).AddrPort CAPABILITY_SAFE 140 func (*net.TCPAddr).Network CAPABILITY_SAFE 141 func (*net.TCPAddr).String CAPABILITY_SAFE 142 func (*net.UDPAddr).String CAPABILITY_SAFE 143 func (*net.UnixAddr).String CAPABILITY_SAFE 144 func (net.UnknownNetworkError).Error CAPABILITY_SAFE 145 func (net.UnknownNetworkError).Temporary CAPABILITY_SAFE 146 func (net.addrinfoErrno).Error CAPABILITY_SAFE 147 func (net.canceledError).Error CAPABILITY_SAFE 148 func (net.canceledError).Is CAPABILITY_SAFE 149 func (*net.onlyValuesCtx).Value CAPABILITY_SAFE 150 func (*net.timeoutError).Error CAPABILITY_SAFE 151 func (*net.timeoutError).Is CAPABILITY_SAFE 152 func (*net.timeoutError).Temporary CAPABILITY_SAFE 153 154 func net/http.init CAPABILITY_SAFE 155 func (*net/http.ProtocolError).Error CAPABILITY_SAFE 156 func (*net/http.ProtocolError).Is CAPABILITY_SAFE 157 func (net/http.nothingWrittenError).Unwrap CAPABILITY_SAFE 158 159 func (net/netip.Addr).WithZone CAPABILITY_SAFE 160 161 func os.Chdir CAPABILITY_MODIFY_SYSTEM_STATE 162 func os.Chmod CAPABILITY_FILES 163 func os.Chown CAPABILITY_FILES 164 func os.Chtimes CAPABILITY_FILES 165 func os.Clearenv CAPABILITY_MODIFY_SYSTEM_STATE 166 func os.Create CAPABILITY_FILES 167 func os.CreateTemp CAPABILITY_FILES 168 func os.DirFS CAPABILITY_FILES 169 func os.Environ CAPABILITY_READ_SYSTEM_STATE 170 func os.Executable CAPABILITY_READ_SYSTEM_STATE 171 func os.Exit CAPABILITY_SAFE 172 func os.Expand CAPABILITY_SAFE 173 func os.ExpandEnv CAPABILITY_READ_SYSTEM_STATE 174 func os.Getegid CAPABILITY_READ_SYSTEM_STATE 175 func os.Getenv CAPABILITY_READ_SYSTEM_STATE 176 func os.Geteuid CAPABILITY_READ_SYSTEM_STATE 177 func os.Getgid CAPABILITY_READ_SYSTEM_STATE 178 func os.Getgroups CAPABILITY_READ_SYSTEM_STATE 179 func os.Getpagesize CAPABILITY_READ_SYSTEM_STATE 180 func os.Getpid CAPABILITY_READ_SYSTEM_STATE 181 func os.Getppid CAPABILITY_READ_SYSTEM_STATE 182 func os.Getuid CAPABILITY_READ_SYSTEM_STATE 183 func os.Getwd CAPABILITY_READ_SYSTEM_STATE 184 func os.Hostname CAPABILITY_READ_SYSTEM_STATE 185 func os.IsExist CAPABILITY_SAFE 186 func os.IsNotExist CAPABILITY_SAFE 187 func os.IsPathSeparator CAPABILITY_SAFE 188 func os.IsPermission CAPABILITY_SAFE 189 func os.IsTimeout CAPABILITY_SAFE 190 func os.Lchown CAPABILITY_FILES 191 func os.Link CAPABILITY_FILES 192 func os.LookupEnv CAPABILITY_READ_SYSTEM_STATE 193 func os.Lstat CAPABILITY_FILES 194 func os.Mkdir CAPABILITY_FILES 195 func os.MkdirAll CAPABILITY_FILES 196 func os.MkdirTemp CAPABILITY_FILES 197 func os.NewFile CAPABILITY_FILES 198 func os.NewSyscallError CAPABILITY_SAFE 199 func os.Open CAPABILITY_FILES 200 func os.OpenFile CAPABILITY_FILES 201 func os.Pipe CAPABILITY_FILES 202 func os.ReadDir CAPABILITY_FILES 203 func os.ReadFile CAPABILITY_FILES 204 func os.Readlink CAPABILITY_FILES 205 func os.Remove CAPABILITY_FILES 206 func os.RemoveAll CAPABILITY_FILES 207 func os.Rename CAPABILITY_FILES 208 func os.SameFile CAPABILITY_FILES 209 func os.Setenv CAPABILITY_MODIFY_SYSTEM_STATE 210 func os.Stat CAPABILITY_FILES 211 func os.Symlink CAPABILITY_FILES 212 func os.TempDir CAPABILITY_READ_SYSTEM_STATE 213 func os.Truncate CAPABILITY_FILES 214 func os.Unsetenv CAPABILITY_MODIFY_SYSTEM_STATE 215 func os.UserCacheDir CAPABILITY_READ_SYSTEM_STATE 216 func os.UserConfigDir CAPABILITY_READ_SYSTEM_STATE 217 func os.UserHomeDir CAPABILITY_READ_SYSTEM_STATE 218 func os.WriteFile CAPABILITY_FILES 219 func os.init CAPABILITY_SAFE 220 func os.init$1 CAPABILITY_SAFE 221 func (*os.File).Chdir CAPABILITY_FILES 222 func (*os.File).Chmod CAPABILITY_FILES 223 func (*os.File).Chown CAPABILITY_FILES 224 func (*os.File).Close CAPABILITY_FILES 225 func (*os.File).Fd CAPABILITY_FILES 226 func (*os.File).Name CAPABILITY_FILES 227 func (*os.File).Read CAPABILITY_FILES 228 func (*os.File).ReadAt CAPABILITY_FILES 229 func (*os.File).ReadDir CAPABILITY_FILES 230 func (*os.File).ReadFrom CAPABILITY_FILES 231 func (*os.File).Readdir CAPABILITY_FILES 232 func (*os.File).Readdirnames CAPABILITY_FILES 233 func (*os.File).Seek CAPABILITY_FILES 234 func (*os.File).SetDeadline CAPABILITY_FILES 235 func (*os.File).SetReadDeadline CAPABILITY_FILES 236 func (*os.File).SetWriteDeadline CAPABILITY_FILES 237 func (*os.File).Stat CAPABILITY_FILES 238 func (*os.File).Sync CAPABILITY_FILES 239 func (*os.File).SyscallConn CAPABILITY_FILES 240 func (*os.File).Truncate CAPABILITY_FILES 241 func (*os.File).Write CAPABILITY_FILES 242 func (*os.File).WriteAt CAPABILITY_FILES 243 func (*os.File).WriteString CAPABILITY_FILES 244 func (*os.LinkError).Error CAPABILITY_SAFE 245 func (*os.LinkError).Unwrap CAPABILITY_SAFE 246 func (*os.ProcessState).ExitCode CAPABILITY_SAFE 247 func (*os.ProcessState).Exited CAPABILITY_SAFE 248 func (*os.ProcessState).Pid CAPABILITY_SAFE 249 func (*os.ProcessState).String CAPABILITY_SAFE 250 func (*os.ProcessState).Success CAPABILITY_SAFE 251 func (*os.ProcessState).Sys CAPABILITY_SAFE 252 func (*os.ProcessState).SysUsage CAPABILITY_SAFE 253 func (*os.ProcessState).SystemTime CAPABILITY_SAFE 254 func (*os.ProcessState).UserTime CAPABILITY_SAFE 255 func (*os.SyscallError).Error CAPABILITY_SAFE 256 func (*os.SyscallError).Timeout CAPABILITY_SAFE 257 func (*os.SyscallError).Unwrap CAPABILITY_SAFE 258 func (*os.fileStat).IsDir CAPABILITY_FILES 259 func (*os.fileStat).ModTime CAPABILITY_FILES 260 func (*os.fileStat).Mode CAPABILITY_FILES 261 func (*os.fileStat).Name CAPABILITY_FILES 262 func (*os.fileStat).Size CAPABILITY_FILES 263 func (*os.fileStat).Sys CAPABILITY_FILES 264 func (*os.unixDirent).Name CAPABILITY_FILES 265 266 func os/exec.LookPath CAPABILITY_FILES 267 func os/exec.init CAPABILITY_SAFE 268 func (*os/exec.Error).Error CAPABILITY_SAFE 269 func (*os/exec.Error).Unwrap CAPABILITY_SAFE 270 func (*os/exec.ExitError).Error CAPABILITY_SAFE 271 func (os/exec.wrappedError).Error CAPABILITY_UNSPECIFIED 272 func (os/exec.wrappedError).Unwrap CAPABILITY_SAFE 273 274 func os/user.Current CAPABILITY_READ_SYSTEM_STATE 275 func os/user.Lookup CAPABILITY_READ_SYSTEM_STATE 276 func os/user.LookupGroup CAPABILITY_READ_SYSTEM_STATE 277 func os/user.LookupGroupId CAPABILITY_READ_SYSTEM_STATE 278 func os/user.LookupId CAPABILITY_READ_SYSTEM_STATE 279 func os/user.init CAPABILITY_SAFE 280 281 func plugin.Open CAPABILITY_EXEC 282 283 func reflect.DeepEqual CAPABILITY_SAFE 284 func reflect.Indirect CAPABILITY_SAFE 285 func reflect.TypeOf CAPABILITY_SAFE 286 func reflect.ValueOf CAPABILITY_SAFE 287 func reflect.VisibleFields CAPABILITY_SAFE 288 func reflect.init CAPABILITY_SAFE 289 func (reflect.ChanDir).String CAPABILITY_SAFE 290 func (reflect.Kind).String CAPABILITY_SAFE 291 func (reflect.Method).IsExported CAPABILITY_SAFE 292 func (reflect.StructField).IsExported CAPABILITY_SAFE 293 func (reflect.StructTag).Get CAPABILITY_SAFE 294 func (reflect.StructTag).Lookup CAPABILITY_SAFE 295 296 # Type construction functions. 297 func reflect.ArrayOf CAPABILITY_SAFE 298 func reflect.ChanOf CAPABILITY_SAFE 299 func reflect.FuncOf CAPABILITY_SAFE 300 func reflect.MapOf CAPABILITY_SAFE 301 func reflect.PointerTo CAPABILITY_SAFE 302 func reflect.PtrTo CAPABILITY_SAFE 303 func reflect.SliceOf CAPABILITY_SAFE 304 func reflect.StructOf CAPABILITY_SAFE 305 306 # Some reflect.Value methods that only do reads. 307 func (reflect.Value).Addr CAPABILITY_SAFE 308 func (reflect.Value).Bool CAPABILITY_SAFE 309 func (reflect.Value).Bytes CAPABILITY_SAFE 310 func (reflect.Value).CanAddr CAPABILITY_SAFE 311 func (reflect.Value).CanComplex CAPABILITY_SAFE 312 func (reflect.Value).CanConvert CAPABILITY_SAFE 313 func (reflect.Value).CanFloat CAPABILITY_SAFE 314 func (reflect.Value).CanInt CAPABILITY_SAFE 315 func (reflect.Value).CanInterface CAPABILITY_SAFE 316 func (reflect.Value).CanSet CAPABILITY_SAFE 317 func (reflect.Value).CanUint CAPABILITY_SAFE 318 func (reflect.Value).Cap CAPABILITY_SAFE 319 func (reflect.Value).Complex CAPABILITY_SAFE 320 func (reflect.Value).Elem CAPABILITY_SAFE 321 func (reflect.Value).Field CAPABILITY_SAFE 322 func (reflect.Value).FieldByIndex CAPABILITY_SAFE 323 func (reflect.Value).FieldByIndexErr CAPABILITY_SAFE 324 func (reflect.Value).FieldByName CAPABILITY_SAFE 325 func (reflect.Value).Float CAPABILITY_SAFE 326 func (reflect.Value).Index CAPABILITY_SAFE 327 func (reflect.Value).Int CAPABILITY_SAFE 328 func (reflect.Value).IsNil CAPABILITY_SAFE 329 func (reflect.Value).IsValid CAPABILITY_SAFE 330 func (reflect.Value).IsZero CAPABILITY_SAFE 331 func (reflect.Value).Kind CAPABILITY_SAFE 332 func (reflect.Value).Len CAPABILITY_SAFE 333 func (reflect.Value).Method CAPABILITY_SAFE 334 func (reflect.Value).MethodByName CAPABILITY_SAFE 335 func (reflect.Value).NumField CAPABILITY_SAFE 336 func (reflect.Value).NumMethod CAPABILITY_SAFE 337 func (reflect.Value).OverflowComplex CAPABILITY_SAFE 338 func (reflect.Value).OverflowFloat CAPABILITY_SAFE 339 func (reflect.Value).OverflowInt CAPABILITY_SAFE 340 func (reflect.Value).OverflowUint CAPABILITY_SAFE 341 func (reflect.Value).Pointer CAPABILITY_SAFE 342 func (reflect.Value).String CAPABILITY_SAFE 343 func (reflect.Value).Type CAPABILITY_SAFE 344 func (reflect.Value).Uint CAPABILITY_SAFE 345 func (reflect.Value).UnsafeAddr CAPABILITY_SAFE 346 347 # Some reflect.Value methods that write to plain data types. 348 func (reflect.Value).SetBool CAPABILITY_SAFE 349 func (reflect.Value).SetBytes CAPABILITY_SAFE 350 func (reflect.Value).SetComplex CAPABILITY_SAFE 351 func (reflect.Value).SetFloat CAPABILITY_SAFE 352 func (reflect.Value).SetInt CAPABILITY_SAFE 353 func (reflect.Value).SetString CAPABILITY_SAFE 354 func (reflect.Value).SetUint CAPABILITY_SAFE 355 func (*reflect.ValueError).Error CAPABILITY_SAFE 356 357 # Implementations of reflect.Type methods. 358 func (*reflect.interfaceType).Method CAPABILITY_SAFE 359 func (*reflect.interfaceType).MethodByName CAPABILITY_SAFE 360 func (*reflect.interfaceType).NumMethod CAPABILITY_SAFE 361 func (*reflect.rtype).Align CAPABILITY_SAFE 362 func (*reflect.rtype).AssignableTo CAPABILITY_SAFE 363 func (*reflect.rtype).Bits CAPABILITY_SAFE 364 func (*reflect.rtype).ChanDir CAPABILITY_SAFE 365 func (*reflect.rtype).Comparable CAPABILITY_SAFE 366 func (*reflect.rtype).ConvertibleTo CAPABILITY_SAFE 367 func (*reflect.rtype).Elem CAPABILITY_SAFE 368 func (*reflect.rtype).Field CAPABILITY_SAFE 369 func (*reflect.rtype).FieldAlign CAPABILITY_SAFE 370 func (*reflect.rtype).FieldByIndex CAPABILITY_SAFE 371 func (*reflect.rtype).FieldByName CAPABILITY_SAFE 372 func (*reflect.rtype).Implements CAPABILITY_SAFE 373 func (*reflect.rtype).In CAPABILITY_SAFE 374 func (*reflect.rtype).IsVariadic CAPABILITY_SAFE 375 func (*reflect.rtype).Key CAPABILITY_SAFE 376 func (*reflect.rtype).Kind CAPABILITY_SAFE 377 func (*reflect.rtype).Len CAPABILITY_SAFE 378 func (*reflect.rtype).Method CAPABILITY_SAFE 379 func (*reflect.rtype).MethodByName CAPABILITY_SAFE 380 func (*reflect.rtype).Name CAPABILITY_SAFE 381 func (*reflect.rtype).NumField CAPABILITY_SAFE 382 func (*reflect.rtype).NumIn CAPABILITY_SAFE 383 func (*reflect.rtype).NumMethod CAPABILITY_SAFE 384 func (*reflect.rtype).NumOut CAPABILITY_SAFE 385 func (*reflect.rtype).Out CAPABILITY_SAFE 386 func (*reflect.rtype).PkgPath CAPABILITY_SAFE 387 func (*reflect.rtype).Size CAPABILITY_SAFE 388 func (*reflect.rtype).String CAPABILITY_SAFE 389 func (*reflect.structType).FieldByIndex CAPABILITY_SAFE 390 func (*reflect.structType).FieldByName CAPABILITY_SAFE 391 func (*reflect.structType).Field CAPABILITY_SAFE 392 393 # We can mark the UnsafePointer method as Safe because we detect when 394 # unsafe.Pointers are used in ways that could allow code to gain 395 # interesting capabilities -- converting an unsafe.Pointer to a regular 396 # pointer type, or calling a standard library function that uses an 397 # unsafe.Pointer to write to memory (reflect.NewAt, runtime.SetCgoTraceback, 398 # sync/atomic.{CompareAndSwapPointer,StorePointer,SwapPointer}). 399 # 400 # The UnsafePointer method can be used in benign ways, e.g. to test if two 401 # func objects point to the same function. 402 func (reflect.Value).UnsafePointer CAPABILITY_SAFE 403 404 func regexp.newBitState CAPABILITY_SAFE 405 func (*regexp.Regexp).get CAPABILITY_SAFE 406 func regexp.newOnePassMachine CAPABILITY_SAFE 407 408 func runtime.BlockProfile CAPABILITY_SAFE 409 func runtime.Breakpoint CAPABILITY_RUNTIME 410 func runtime.CPUProfile CAPABILITY_RUNTIME 411 func runtime.Caller CAPABILITY_SAFE 412 func runtime.Callers CAPABILITY_SAFE 413 func runtime.CallersFrames CAPABILITY_SAFE 414 func runtime.FuncForPC CAPABILITY_SAFE 415 func runtime.GC CAPABILITY_SAFE 416 func runtime.GOMAXPROCS CAPABILITY_SAFE 417 func runtime.GOROOT CAPABILITY_READ_SYSTEM_STATE 418 func runtime.Goexit CAPABILITY_RUNTIME 419 func runtime.GoroutineProfile CAPABILITY_SAFE 420 func runtime.Gosched CAPABILITY_SAFE 421 func runtime.KeepAlive CAPABILITY_SAFE 422 func runtime.LockOSThread CAPABILITY_SAFE 423 func runtime.MemProfile CAPABILITY_SAFE 424 func runtime.MutexProfile CAPABILITY_SAFE 425 func runtime.NumCPU CAPABILITY_SAFE 426 func runtime.NumCgoCall CAPABILITY_SAFE 427 func runtime.NumGoroutine CAPABILITY_SAFE 428 func runtime.ReadMemStats CAPABILITY_SAFE 429 func runtime.ReadTrace CAPABILITY_SAFE 430 func runtime.SetBlockProfileRate CAPABILITY_SAFE 431 func runtime.SetCPUProfileRate CAPABILITY_SAFE 432 func runtime.SetCgoTraceback CAPABILITY_RUNTIME 433 func runtime.SetMutexProfileFraction CAPABILITY_SAFE 434 func runtime.Stack CAPABILITY_SAFE 435 func runtime.StartTrace CAPABILITY_SAFE 436 func runtime.StopTrace CAPABILITY_SAFE 437 func runtime.ThreadCreateProfile CAPABILITY_SAFE 438 func runtime.UnlockOSThread CAPABILITY_RUNTIME 439 func runtime.Version CAPABILITY_SAFE 440 func runtime.init CAPABILITY_SAFE 441 func (*runtime.BlockProfileRecord).Stack CAPABILITY_SAFE 442 func (*runtime.Frames).Next CAPABILITY_SAFE 443 func (*runtime.Func).Entry CAPABILITY_SAFE 444 func (*runtime.Func).FileLine CAPABILITY_SAFE 445 func (*runtime.Func).Name CAPABILITY_SAFE 446 func (*runtime.MemProfileRecord).InUseBytes CAPABILITY_SAFE 447 func (*runtime.MemProfileRecord).InUseObjects CAPABILITY_SAFE 448 func (*runtime.MemProfileRecord).Stack CAPABILITY_SAFE 449 func (*runtime.StackRecord).Stack CAPABILITY_SAFE 450 func (*runtime.TypeAssertionError).Error CAPABILITY_SAFE 451 func (*runtime.TypeAssertionError).RuntimeError CAPABILITY_SAFE 452 func (runtime.boundsError).Error CAPABILITY_SAFE 453 func (runtime.errorAddressString).Error CAPABILITY_SAFE 454 func (runtime.errorString).Error CAPABILITY_SAFE 455 func (runtime.plainError).Error CAPABILITY_SAFE 456 func (runtime.plainError).RuntimeError CAPABILITY_SAFE 457 func (runtime.waitReason).String CAPABILITY_SAFE 458 func runtime/cgo.init CAPABILITY_SAFE 459 func runtime/debug.FreeOSMemory CAPABILITY_SAFE 460 func runtime/debug.PrintStack CAPABILITY_SAFE 461 func runtime/debug.ReadBuildInfo CAPABILITY_READ_SYSTEM_STATE 462 func runtime/debug.ReadGCStats CAPABILITY_SAFE 463 func runtime/debug.SetGCPercent CAPABILITY_RUNTIME 464 func runtime/debug.SetMaxStack CAPABILITY_RUNTIME 465 func runtime/debug.SetMaxThreads CAPABILITY_RUNTIME 466 func runtime/debug.SetPanicOnFault CAPABILITY_RUNTIME 467 func runtime/debug.SetTraceback CAPABILITY_SAFE 468 func runtime/debug.Stack CAPABILITY_SAFE 469 func runtime/debug.WriteHeapDump CAPABILITY_FILES 470 func runtime/debug.init CAPABILITY_SAFE 471 func runtime/metrics.Read CAPABILITY_RUNTIME 472 func runtime/trace.userLog CAPABILITY_SAFE 473 func runtime/trace.userRegion CAPABILITY_SAFE 474 func runtime/trace.userTaskCreate CAPABILITY_SAFE 475 func runtime/trace.userTaskEnd CAPABILITY_SAFE 476 477 # Our analysis does not include finalizers being called, so we warn about 478 # calls to runtime.SetFinalizer instead. 479 func runtime.SetFinalizer CAPABILITY_RUNTIME 480 481 func sort.Float64s CAPABILITY_SAFE 482 func sort.Float64sAreSorted CAPABILITY_SAFE 483 func sort.Ints CAPABILITY_SAFE 484 func sort.IntsAreSorted CAPABILITY_SAFE 485 func sort.SearchFloat64s CAPABILITY_SAFE 486 func sort.SearchInts CAPABILITY_SAFE 487 func sort.SearchStrings CAPABILITY_SAFE 488 func sort.Strings CAPABILITY_SAFE 489 func sort.StringsAreSorted CAPABILITY_SAFE 490 func (sort.Float64Slice).Search CAPABILITY_SAFE 491 func (sort.Float64Slice).Sort CAPABILITY_SAFE 492 func (sort.FloatSlice).Search CAPABILITY_SAFE 493 func (sort.FloatSlice).Sort CAPABILITY_SAFE 494 func (sort.IntSlice).Search CAPABILITY_SAFE 495 func (sort.IntSlice).Sort CAPABILITY_SAFE 496 func (sort.StringSlice).Search CAPABILITY_SAFE 497 func (sort.StringSlice).Sort CAPABILITY_SAFE 498 499 func strings.Clone CAPABILITY_SAFE 500 func strings.Compare CAPABILITY_SAFE 501 func strings.Contains CAPABILITY_SAFE 502 func strings.ContainsAny CAPABILITY_SAFE 503 func strings.ContainsRune CAPABILITY_SAFE 504 func strings.Count CAPABILITY_SAFE 505 func strings.Cut CAPABILITY_SAFE 506 func strings.EqualFold CAPABILITY_SAFE 507 func strings.Fields CAPABILITY_SAFE 508 func strings.HasPrefix CAPABILITY_SAFE 509 func strings.HasSuffix CAPABILITY_SAFE 510 func strings.Index CAPABILITY_SAFE 511 func strings.IndexAny CAPABILITY_SAFE 512 func strings.IndexByte CAPABILITY_SAFE 513 func strings.IndexRune CAPABILITY_SAFE 514 func strings.Join CAPABILITY_SAFE 515 func strings.LastIndex CAPABILITY_SAFE 516 func strings.LastIndexAny CAPABILITY_SAFE 517 func strings.LastIndexByte CAPABILITY_SAFE 518 func strings.Repeat CAPABILITY_SAFE 519 func strings.Replace CAPABILITY_SAFE 520 func strings.ReplaceAll CAPABILITY_SAFE 521 func strings.Split CAPABILITY_SAFE 522 func strings.SplitAfter CAPABILITY_SAFE 523 func strings.SplitAfterN CAPABILITY_SAFE 524 func strings.SplitN CAPABILITY_SAFE 525 func strings.Title CAPABILITY_SAFE 526 func strings.ToLower CAPABILITY_SAFE 527 func strings.ToLowerSpecial CAPABILITY_SAFE 528 func strings.ToTitle CAPABILITY_SAFE 529 func strings.ToTitleSpecial CAPABILITY_SAFE 530 func strings.ToUpper CAPABILITY_SAFE 531 func strings.ToUpperSpecial CAPABILITY_SAFE 532 func strings.ToValidUTF8 CAPABILITY_SAFE 533 func strings.Trim CAPABILITY_SAFE 534 func strings.TrimLeft CAPABILITY_SAFE 535 func strings.TrimPrefix CAPABILITY_SAFE 536 func strings.TrimRight CAPABILITY_SAFE 537 func strings.TrimSpace CAPABILITY_SAFE 538 func strings.TrimSuffix CAPABILITY_SAFE 539 540 func sync.fastrandn CAPABILITY_SAFE 541 func sync.init CAPABILITY_SAFE 542 func sync.runtime_Semacquire CAPABILITY_SAFE 543 func sync.runtime_SemacquireMutex CAPABILITY_SAFE 544 func sync.runtime_Semrelease CAPABILITY_SAFE 545 func sync.runtime_notifyListAdd CAPABILITY_SAFE 546 func sync.runtime_notifyListNotifyAll CAPABILITY_SAFE 547 func sync.runtime_notifyListNotifyOne CAPABILITY_SAFE 548 func sync.runtime_notifyListWait CAPABILITY_SAFE 549 func (*sync.Map).Delete CAPABILITY_SAFE 550 func (*sync.Map).Load CAPABILITY_SAFE 551 func (*sync.Map).LoadAndDelete CAPABILITY_SAFE 552 func (*sync.Map).LoadOrStore CAPABILITY_SAFE 553 func (*sync.Map).Store CAPABILITY_SAFE 554 func (*sync.Mutex).Lock CAPABILITY_SAFE 555 func (*sync.Mutex).TryLock CAPABILITY_SAFE 556 func (*sync.Mutex).Unlock CAPABILITY_SAFE 557 func (*sync.Pool).Put CAPABILITY_SAFE 558 func (*sync.RWMutex).Lock CAPABILITY_SAFE 559 func (*sync.RWMutex).RLock CAPABILITY_SAFE 560 func (*sync.RWMutex).RLocker CAPABILITY_SAFE 561 func (*sync.RWMutex).RUnlock CAPABILITY_SAFE 562 func (*sync.RWMutex).TryLock CAPABILITY_SAFE 563 func (*sync.RWMutex).TryRLock CAPABILITY_SAFE 564 func (*sync.RWMutex).Unlock CAPABILITY_SAFE 565 566 func sync/atomic.CompareAndSwapPointer CAPABILITY_UNSAFE_POINTER 567 func sync/atomic.StorePointer CAPABILITY_UNSAFE_POINTER 568 func sync/atomic.SwapPointer CAPABILITY_UNSAFE_POINTER 569 570 func syscall.init CAPABILITY_SAFE 571 func (*syscall.DLLError).Error CAPABILITY_SAFE 572 func (*syscall.DLLError).Unwrap CAPABILITY_SAFE 573 func (syscall.Errno).Error CAPABILITY_SAFE 574 func (syscall.Errno).Is CAPABILITY_SAFE 575 func (syscall.Errno).Temporary CAPABILITY_SAFE 576 func (syscall.Errno).Timeout CAPABILITY_SAFE 577 func (syscall.WaitStatus).ExitStatus CAPABILITY_SAFE 578 579 func text/template.builtinFuncs CAPABILITY_SAFE 580 581 func unsafe.init CAPABILITY_SAFE 582 583 func (*golang.org/x/crypto/chacha20poly1305.chacha20poly1305).Seal CAPABILITY_SAFE 584 func (*vendor/golang.org/x/crypto/chacha20poly1305.chacha20poly1305).Seal CAPABILITY_SAFE 585 func (*vendor/golang.org/x/crypto/cryptobyte.String).ReadASN1Integer CAPABILITY_SAFE 586 func (*vendor/golang.org/x/crypto/cryptobyte.String).ReadOptionalASN1Integer CAPABILITY_SAFE 587 func vendor/golang.org/x/sys/cpu.init CAPABILITY_SAFE 588 589 func golang.org/x/crypto/sha3.copyOutUnaligned CAPABILITY_SAFE 590 func golang.org/x/crypto/sha3.keccakF1600 CAPABILITY_SAFE 591 func golang.org/x/crypto/sha3.xorInUnaligned CAPABILITY_SAFE 592 593 # Int.Rand uses an arbitrary random-number generator passed in a 594 # parameter, so it can reach code outside math/big. We classify 595 # Int.Rand as unspecified here so that we can declare the rest of the 596 # package safe in packageCategory. 597 func (*math/big.Int).Rand CAPABILITY_UNSPECIFIED 598 func (math/big.nat).random CAPABILITY_UNSPECIFIED 599 600 601 # In our current analysis, any call to any of the functions below are 602 # considered to be able to call any function provided at other callsites. 603 # For example, any call to sort.Sort could call the comparison function 604 # from any other call to sort.Sort. So we limit this behavior by giving 605 # these functions the Unanalyzed capability. 606 unanalyzed (*bufio.Reader).Read 607 unanalyzed (*bufio.Reader).ReadByte 608 unanalyzed (*bufio.Reader).ReadLine 609 unanalyzed (*bufio.Reader).ReadRune 610 unanalyzed (*bufio.Reader).ReadSlice 611 unanalyzed (*bufio.Reader).ReadString 612 unanalyzed (*bufio.Reader).UnreadByte 613 unanalyzed (*bufio.Writer).Flush 614 unanalyzed (*bufio.Writer).Reset 615 unanalyzed (*bufio.Writer).Write 616 unanalyzed (*bufio.Writer).WriteByte 617 unanalyzed (*bufio.Writer).WriteRune 618 unanalyzed bufio.Reader 619 unanalyzed bufio.Writer 620 unanalyzed (*bytes.Buffer).ReadFrom 621 unanalyzed errors.As 622 unanalyzed errors.Is 623 unanalyzed errors.Unwrap 624 unanalyzed io.Copy 625 unanalyzed io.CopyBuffer 626 unanalyzed io.CopyN 627 unanalyzed io.ReadAll 628 unanalyzed io.ReadAtLeast 629 unanalyzed io.ReadFull 630 unanalyzed io.WriteString 631 unanalyzed (*io.LimitedReader).Read 632 unanalyzed (*log.Logger).Output 633 unanalyzed (*log.Logger).Printf 634 unanalyzed sort.Find 635 unanalyzed sort.IsSorted 636 unanalyzed sort.Reverse 637 unanalyzed sort.Search 638 unanalyzed sort.Slice 639 unanalyzed sort.SliceIsSorted 640 unanalyzed sort.SliceStable 641 unanalyzed sort.Sort 642 unanalyzed sort.Stable 643 unanalyzed (*sync.Once).Do 644 unanalyzed (*sync.Pool).Get 645 646 # The following entries provide default categorizations for functions that are 647 # not yet in functionCategory. 648 649 # fmt, testing and time have interesting descendants, but we have declared 650 # these packages safe to call directly. 651 package fmt CAPABILITY_SAFE 652 package crypto/aes CAPABILITY_SAFE 653 package crypto/internal/boring/bcache CAPABILITY_SAFE 654 package crypto/internal/bigmod CAPABILITY_SAFE 655 package crypto/internal/boring/sig CAPABILITY_SAFE 656 package crypto/internal/edwards25519/field CAPABILITY_SAFE 657 package crypto/internal/nistec CAPABILITY_SAFE 658 package crypto/md5 CAPABILITY_SAFE 659 package crypto/sha1 CAPABILITY_SAFE 660 package crypto/sha256 CAPABILITY_SAFE 661 package crypto/sha512 CAPABILITY_SAFE 662 package crypto/subtle CAPABILITY_SAFE 663 package debug/dwarf CAPABILITY_SAFE 664 package debug/gosym CAPABILITY_SAFE 665 package encoding/asn1 CAPABILITY_SAFE 666 package hash/adler32 CAPABILITY_SAFE 667 package hash/crc32 CAPABILITY_SAFE 668 package hash/crc64 CAPABILITY_SAFE 669 package hash/fnv CAPABILITY_SAFE 670 package hash/maphash CAPABILITY_SAFE 671 package internal/bytealg CAPABILITY_SAFE 672 package internal/reflectlite CAPABILITY_SAFE 673 package math CAPABILITY_SAFE 674 package math/big CAPABILITY_SAFE 675 package sync/atomic CAPABILITY_SAFE 676 package testing CAPABILITY_SAFE 677 package time CAPABILITY_SAFE 678 package time/tzdata CAPABILITY_SAFE 679 package vendor/golang.org/x/crypto/chacha20poly1305 CAPABILITY_SAFE 680 package vendor/golang.org/x/crypto/internal/poly1305 CAPABILITY_SAFE 681 package vendor/golang.org/x/sys/cpu CAPABILITY_SAFE 682 683 package internal/syscall/execenv CAPABILITY_READ_SYSTEM_STATE 684 package internal/syscall/unix CAPABILITY_SYSTEM_CALLS 685 package internal/syscall/windows CAPABILITY_SYSTEM_CALLS 686 package internal/syscall/windows/registry CAPABILITY_SYSTEM_CALLS 687 package os CAPABILITY_OPERATING_SYSTEM 688 package os/exec CAPABILITY_EXEC 689 package os/signal CAPABILITY_MODIFY_SYSTEM_STATE 690 package os/user CAPABILITY_READ_SYSTEM_STATE 691 package reflect CAPABILITY_REFLECT 692 package runtime CAPABILITY_RUNTIME 693 package runtime/cgo CAPABILITY_RUNTIME 694 package runtime/debug CAPABILITY_RUNTIME 695 package runtime/internal/syscall CAPABILITY_SYSTEM_CALLS 696 package runtime/pprof CAPABILITY_RUNTIME 697 package syscall CAPABILITY_SYSTEM_CALLS 698 package net CAPABILITY_NETWORK 699 package net/http CAPABILITY_NETWORK 700 package unsafe CAPABILITY_ARBITRARY_EXECUTION 701 package golang.org/x/sys/unix CAPABILITY_SYSTEM_CALLS 702 703 # The ignore_edge directive causes the Capslock analyzer to disregard a 704 # particular function->function edge in the call graph. 705 ignore_edge (*encoding/gob.Encoder).encodeInterface (*sync.Pool).Get 706 ignore_edge (*vendor/golang.org/x/net/http2/hpack.Decoder).decodeString (*sync.Pool).Get 707 ignore_edge (*vendor/golang.org/x/net/http2/hpack.Decoder).readString (*sync.Pool).Get 708 ignore_edge (database/sql/driver.defaultConverter).ConvertValue (reflect.Value).Interface 709 ignore_edge (io.discard).ReadFrom (*sync.Pool).Get 710 ignore_edge (mime.WordEncoder).bEncode io.WriteString 711 ignore_edge archive/zip.newFlateReader (*sync.Pool).Get 712 ignore_edge archive/zip.newFlateWriter (*sync.Pool).Get 713 ignore_edge crypto/tls.signedMessage io.WriteString 714 ignore_edge database/sql.convertAssignRows (reflect.Value).Convert 715 ignore_edge database/sql.convertAssignRows (reflect.Value).Interface 716 ignore_edge database/sql.convertAssignRows (reflect.Value).Set 717 ignore_edge database/sql.convertAssignRows reflect.New 718 ignore_edge database/sql.convertAssignRows reflect.Zero 719 ignore_edge encoding/json.newEncodeState (*sync.Pool).Get 720 ignore_edge encoding/json.newScanner (*sync.Pool).Get 721 ignore_edge go/printer.newPrinter (*sync.Pool).Get 722 ignore_edge internal/coverage/encodemeta.NewCoverageMetaDataBuilder io.WriteString 723 ignore_edge internal/coverage/encodemeta.hashFuncDesc io.WriteString 724 ignore_edge internal/poll.getPipe (*sync.Pool).Get 725 ignore_edge net/http/httputil.DumpRequest io.WriteString 726 ignore_edge vendor/golang.org/x/net/http2/hpack.HuffmanDecode (*sync.Pool).Get 727 728 # cgo_suffix defines function name suffixes that are automatically generated 729 # by cgo. These are used to identify their presence as Capslock cannot analyze 730 # native code. 731 cgo_suffix _Cfunc_CBytes 732 cgo_suffix _Cfunc_CString 733 cgo_suffix _Cfunc_GoBytes 734 cgo_suffix _Cfunc_GoStringN 735 cgo_suffix _Cgo_use 736 cgo_suffix _cgoCheckPointer 737 cgo_suffix _cgoCheckResult 738 cgo_suffix _cgo_runtime_cgocall 739 cgo_suffix _cgo_runtime_gobytes 740 cgo_suffix _cgo_runtime_gostring 741 cgo_suffix _cgo_runtime_gostringn 742 cgo_suffix _Cfunc_GoString