Release v0.0.26

What's New?

• You can now query multiple entities in a single query and compare with them in conditions and filter them like CodeQL 🚀
  Example:

  FIND method_declaration AS md, method_invocation AS mi
  WHERE md.getName() == mi.getName() &&
  md.getVisibility() != "private"

• The pathfinder cli now fresh look with code, line number, file name formatted
• If you make any mistakes in query, pathfinder cli advises you error message exactly line number and doesn't crash the program
• Posthog had issues in previous release due to breaking changes in golang sdk from posthog, which is now fixed.

Changelog

• moved to better output format ⭐ by @shivasurya in #120
• bug(posthog): upgrade posthog go version by @shivasurya in #121
• Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows in the github_actions group across 1 directory by @dependabot in #124
• Bump the npm_and_yarn group across 1 directory with 2 updates by @dependabot in #123
• Support multiple entity selection via cartesian product 📐 by @shivasurya in #116
• added better error handling for query parsing ⭐ by @shivasurya in #126
• Bump/v0.0.26 by @shivasurya in #127
• updated release upload action v4 by @shivasurya in #128

Full Changelog: v0.0.25...v0.0.26

Release v0.0.25

Code PathFinder 🥉 v0.0.25 (Quarter century 🏏 release)

This release has major improvements in cli capabilities, added extra core entities, able to execute queries as .cql file

1. Introduced BinaryExpr as core entity. You could now search for AddExpr, AndBitwiseExpr, ComparisonExpr, AndLogicalExpr, DivExpr, EqExpr, NEExpr , LeftShiftExpr, MulExpr, OrBitwiseExpr, OrLogicalExpr, RemExpr, RightShiftExpr, SubExpr, UnsignedRightShiftExpr, XorBitwiseExpr expressions in codebase. It has both LeftOperandString() and RightOperandString() as API

   Example:

     FIND add_expression AS ad WHERE ad.getBinaryExpr().GetLeftOperandString() != "int a"

2. Code Pathfinder queries now can be stored as .cql file and execute with pathfinder cli 💻

     $ pathfinder query --project ~/src/code-pathfinder/test-src/android --query-file ../pathfinder-rules/example.cql

3. Code Pathfinder command-line interface has been freshly revamped with spf13/cobra based library.

     Code Pathfinder is designed for identifying vulnerabilities in source code.
     Usage:
         pathfinder [command]
   
     Available Commands:
       ci          Scan a project for vulnerabilities with ruleset in ci mode
       completion  Generate the autocompletion script for the specified shell
       help        Help about any command
       query       Execute queries on the source code
       scan         Scan a project for vulnerabilities with ruleset
       version     Print the version and commit information
   
     Flags:
        --disable-metrics   Disable metrics collection
        -h, --help                 help for pathfinder
   
      Use "pathfinder [command] --help" for more information about a command.

4. Pathfinder queries (*.cql) will be available under pathfinder-rules directory in this repo.

What's New?

• Add posthog usage analytics log for cli tool by @shivasurya in #101
• feature(query): introduce to execute queries from CQL file 🚀 by @shivasurya in #102
• Refactor pathfinder cli to support cobra 🐍 cli format by @shivasurya in #104
• Bump micromatch from 4.0.7 to 4.0.8 in /docs in the npm_and_yarn group across 1 directory by @dependabot in #106
• cql(queries): Added Pathfinder CQL queries for WebView APIs 🏅 by @shivasurya in #112
• Added expr model and parsed basic binary expression by @shivasurya in #99

New Contributors

• @dependabot made their first contribution in #106

Full Changelog: v0.0.24...v0.0.25

Release v0.0.24

Method chaining is powerful feature to write models and expose methods to support runtime filtering instead of compile time/construction time of source code graph

from now on 🚀 you'll be able to chain methods for JavaDoc object and methods. More support for entities and methods coming soon in future releases.

FIND method_declaration AS md WHERE md.getDoc().GetCommentAuthor() == "shivasurya"

What's Changed

• Bump npm package version by @shivasurya in #88
• Move javadoc entity into primary core entity by @shivasurya in #92
• Support Method Chaining for Attributes and Entities by @shivasurya in #93
• Add more testcase by @shivasurya in #94
• v0.0.24 release by @shivasurya in #95

Full Changelog: v0.0.23...v0.0.24

Release v0.0.23

What's Changed 🚀

Introducing methods, alias and variety condition support (using expr-lang) in this release. From now on you could query the codebase, 🎉

FIND method_declaration AS md WHERE md.getName() == "main" && "@Override" in md.getAnnotation()

• Pathfinder now uses ANTLR for verifying queries, expr-lang to support variety of operators for condition based filtering support.
• Pathfinder now finds vulnerable configs in Android project codebase. Checkout pathfinder ruleset published in website
• Pathfinder is now available in npm. You could download using npm i codepathfinder

Detailed changes

• npm cleanup config and release by @shivasurya in #76
• Add version and git tag info into the release by @shivasurya in #77
• Fixed method invocation param by @shivasurya in #78
• Added query to find android webview setting by @shivasurya in #79
• Added posthog analytics to docs by @shivasurya in #80
• pathfinder queries: added few more webview api ruleset by @shivasurya in #81
• Add code coverage app by @shivasurya in #82
• Update issue and feature req templates by @shivasurya in #83
• Enhanced query parser: Added ANTLR parser for query lang by @shivasurya in #49
• Add codecov badge by @shivasurya in #84
• Fix in array query and documentation stuff by @shivasurya in #85
• Bump version to v0.0.23 by @shivasurya in #86
• fix(build): Fix windows powershell variables by @shivasurya in #87

Full Changelog: v0.0.22...v0.0.23

Release v0.0.22

What's Changed

• Fix binary name for release by @shivasurya in #75

Full Changelog: v0.0.21...v0.0.22

Release v0.0.21

What's Changed

• Bump npm version and release by @shivasurya in #74

Full Changelog: v0.0.20...v0.0.21

Release v0.0.18

What's Changed

• Bump version to 0.0.17 by @shivasurya in #65
• Bump npm version and fix install script by @shivasurya in #66
• [RELEASE] Bump version to 0.0.18 by @shivasurya in #67

Full Changelog: v0.0.17...v0.0.18

Release v0.0.17

CodePathFinder is now revamped and now has new design by Astro Starlight

What's Changed

• Added Sha256 release by @shivasurya in #58
• Migrate /docs to Astro Starlight ⭐ by @shivasurya in #59
• Fix branch name for deploy script by @shivasurya in #61
• Fix domain name by @shivasurya in #62
• Add sitemap and fix broken link by @shivasurya in #63
• Added npm publish config and fix release by @shivasurya in #64

Full Changelog: v0.0.16...v0.0.17

Release v0.0.16

What's Changed

• Added Annotation attr by @shivasurya in #45
• Update LICENSE by @shivasurya in #46
• Create CODE_OF_CONDUCT.md by @shivasurya in #47
• Moved to gradle build system by @shivasurya in #48
• Create CONTRIBUTING.md by @shivasurya in #51
• Fix module name by @shivasurya in #52
• Added status card report by @shivasurya in #53
• Add discord and license badges by @shivasurya in #54
• Improve javadoc tag data structure by @shivasurya in #55
• Bump version to 0.0.16 by @shivasurya in #56

Full Changelog: v0.0.15...v0.0.16

Release v0.0.15

What's Changed

• Remove unused config & files by @shivasurya in #41
• optimize binary - strip symbols by @shivasurya in #42
• Added makefile config and added version flag by @shivasurya in #43

Full Changelog: v0.0.14...v0.0.15