Examples 1 and 2 are semantically equivalent yet example 2 has a false-positive. Example 3 is identical to example 2, but uses fmt.Sprintf instead of fmt.Errorf. Both have identical pre-defined summaries in the summaries package (FormatterPropagation).
There are some cases where the taint analysis reports data flows through
fmt.Errorf
as false-positives:All examples refer to the file
testdata/src/taint/agent-example/main.go
Example 1 (no taint flow reported):
Example 2 (taint flow reported):
Example 3 (no taint flow reported):
Examples 1 and 2 are semantically equivalent yet example 2 has a false-positive. Example 3 is identical to example 2, but uses
fmt.Sprintf
instead offmt.Errorf
. Both have identical pre-defined summaries in thesummaries
package (FormatterPropagation
).