feat: global taint flow detection + source/sink output display

- Fix summaryConfirmsFlow to accept ParamToSink as flow confirmation,
  enabling detection from HTTP handler functions (void, no return taint)
  that call a source internally and pass taint to callees.
- Fix global dedup to key by sink only (not source+sink), preventing
  the same sink from appearing once per source handler.
- Add SourceSnippet/SourceLocation to EnrichedDetection; text output
  now shows Source: <file:line> + snippet and Sink: <file:line> + snippet
  for Taint-Global findings.
- Rewrite command_injection.py and sql_injection.py as L1 QueryType rules;
  remove L4 path_traversal.py (bare calls, no source constraint).
- Add OLLAMA-SEC-001/002/003 rules targeting exec, filepath, and outbound
  HTTP sinks from gin/net-http sources.
- Add security_flows test fixture for verifying global inter-procedural
  taint detection end-to-end.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

Author: shivasurya

rules/golang/command_injection.py

@@ -93,15 +93,26 @@
 - OWASP A03:2021 Injection: https://owasp.org/Top10/A03_2021-Injection/
 """
 
-from codepathfinder import rule, calls
-
-@rule(
-    id="GO-SEC-002",
-    severity="CRITICAL",
-    cwe="CWE-78",
-    owasp="A03:2021"
-)
+from codepathfinder.go_rule import GoGinContext, GoHTTPRequest, GoOSExec
+from codepathfinder import flows
+from codepathfinder.presets import PropagationPresets
+from rules.go_decorators import go_rule
+
+
+@go_rule(id="GO-SEC-002", severity="CRITICAL", cwe="CWE-78", owasp="A03:2021")
 def go_command_injection():
-    """Detects OS command execution that may be vulnerable to injection.
-    Flags calls to exec.Command and exec.CommandContext."""
-    return calls("*Command", "*CommandContext")
+    """HTTP/Gin request input reaches os/exec — command injection.
+    L1: GoGinContext + GoHTTPRequest sources, GoOSExec sink — both sides QueryType."""
+    return flows(
+        from_sources=[
+            GoGinContext.method("Param", "Query", "PostForm", "GetRawData",
+                                "ShouldBindJSON", "BindJSON", "GetHeader"),
+            GoHTTPRequest.method("FormValue", "PostFormValue"),
+            GoHTTPRequest.attr("Body", "URL.Path", "URL.RawQuery"),
+        ],
+        to_sinks=[
+            GoOSExec.method("Command", "CommandContext"),
+        ],
+        propagates_through=PropagationPresets.standard(),
+        scope="global",
+    )

rules/golang/ollama_http_to_exec.py

@@ -0,0 +1,38 @@
+"""
+OLLAMA-SEC-001: HTTP / Gin Request Input Reaching OS Command Execution
+
+Sources: gin.Context params/body, net/http.Request body
+Sinks:   exec.Command, exec.CommandContext
+
+Variants targeted:
+- Model name from /api/pull, /api/chat JSON body → runner subprocess args
+  (llm/server.go, x/imagegen/server.go, x/mlxrunner/client.go)
+- Tool call command string → bash -c (x/tools/bash.go)
+- Path param → exec arg chain
+
+L1: GoGinContext + GoHTTPRequest sources, GoOSExec sink — both sides QueryType.
+"""
+
+from codepathfinder.go_rule import GoGinContext, GoHTTPRequest, GoOSExec
+from codepathfinder import flows
+from codepathfinder.presets import PropagationPresets
+from rules.go_decorators import go_rule
+
+
+@go_rule(id="OLLAMA-SEC-001", severity="CRITICAL", cwe="CWE-78", owasp="A03:2021")
+def ollama_http_to_exec():
+    """HTTP/Gin request input reaches os/exec — command injection variants."""
+    return flows(
+        from_sources=[
+            GoGinContext.method("Param", "Query", "PostForm", "GetRawData",
+                                "ShouldBindJSON", "BindJSON", "GetHeader"),
+            GoHTTPRequest.method("FormValue", "PostFormValue"),
+            GoHTTPRequest.attr("Body", "URL.Path", "URL.RawQuery", "Header"),
+        ],
+        to_sinks=[
+            GoOSExec.method("Command", "CommandContext"),
+        ],
+        sanitized_by=[],
+        propagates_through=PropagationPresets.standard(),
+        scope="global",
+    )

rules/golang/ollama_http_to_filepath.py

@@ -0,0 +1,43 @@
+"""
+OLLAMA-SEC-002: HTTP / Gin Request Input Reaching File System Operations
+
+Sources: gin.Context params/body, net/http.Request
+Sinks:   filepath.Join, os.Create, os.Open, os.OpenFile, os.WriteFile, os.ReadFile, os.MkdirAll
+
+Variants targeted:
+- Blob digest from URL path c.Param("digest") → manifest path → os.Create (CVE-2024-37032 regression)
+- Model name from JSON body → manifest filepath construction
+- req.Files paths from CreateHandler → os.Open
+- Zip entry name → filepath.Join (ZipSlip: CVE-2024-7773, CVE-2024-45436)
+
+L1: GoGinContext + GoHTTPRequest sources, GoFilepath + GoOS sinks — both sides QueryType.
+"""
+
+from codepathfinder.go_rule import GoGinContext, GoHTTPRequest, GoOS, GoFilepath
+from codepathfinder import flows
+from codepathfinder.presets import PropagationPresets
+from rules.go_decorators import go_rule
+
+
+@go_rule(id="OLLAMA-SEC-002", severity="HIGH", cwe="CWE-22", owasp="A01:2021")
+def ollama_http_to_filepath():
+    """HTTP/Gin request input reaches file system operations — path traversal variants."""
+    return flows(
+        from_sources=[
+            # c.Param("digest") is the confirmed direct user-controlled source
+            # that flows into manifest.BlobsPath() and file ops in ollama.
+            # ShouldBindJSON(&req) fills structs — struct field propagation
+            # is not yet covered by standard presets.
+            GoGinContext.method("Param", "Query", "PostForm", "GetHeader"),
+            GoHTTPRequest.method("FormValue", "PostFormValue"),
+            GoHTTPRequest.attr("URL.Path", "URL.RawQuery"),
+        ],
+        to_sinks=[
+            GoFilepath.method("Join"),
+            GoOS.method("Create", "Open", "OpenFile", "WriteFile",
+                        "ReadFile", "MkdirAll", "Remove", "Rename"),
+        ],
+        sanitized_by=[],
+        propagates_through=PropagationPresets.standard(),
+        scope="global",
+    )

rules/golang/ollama_http_to_outbound.py

@@ -0,0 +1,39 @@
+"""
+OLLAMA-SEC-003: HTTP / Gin Request Input Reaching Outbound HTTP Calls (SSRF)
+
+Sources: gin.Context params/body, net/http.Request
+Sinks:   http.Client.Do, http.Get, http.Post, http.NewRequest, http.NewRequestWithContext
+
+Variants targeted:
+- Model RemoteHost field (from JSON body) → outbound HTTP call (SSRF via model config)
+- Registry URL built from user-supplied model name → download request
+- WWW-Authenticate realm forwarded to attacker host (CVE-2025-51471 variant)
+- Cloud proxy path constructed from user model reference
+
+L1: GoGinContext + GoHTTPRequest sources, GoHTTPClient sink — both sides QueryType.
+"""
+
+from codepathfinder.go_rule import GoGinContext, GoHTTPRequest, GoHTTPClient
+from codepathfinder import flows
+from codepathfinder.presets import PropagationPresets
+from rules.go_decorators import go_rule
+
+
+@go_rule(id="OLLAMA-SEC-003", severity="HIGH", cwe="CWE-918", owasp="A10:2021")
+def ollama_http_to_outbound():
+    """HTTP/Gin request input reaches outbound HTTP calls — SSRF variants."""
+    return flows(
+        from_sources=[
+            GoGinContext.method("Param", "Query", "PostForm", "GetRawData",
+                                "ShouldBindJSON", "BindJSON", "GetHeader"),
+            GoHTTPRequest.method("FormValue", "PostFormValue"),
+            GoHTTPRequest.attr("Body", "URL.Path", "URL.RawQuery", "Header"),
+        ],
+        to_sinks=[
+            GoHTTPClient.method("Do", "Get", "Post", "Head",
+                                "NewRequest", "NewRequestWithContext"),
+        ],
+        sanitized_by=[],
+        propagates_through=PropagationPresets.standard(),
+        scope="global",
+    )