Releases: shivasurya/code-pathfinder
Release v0.0.26
What's New?
- You can now query multiple entities in a single query and compare with them in conditions and filter them like CodeQL 🚀
Example:FIND method_declaration AS md, method_invocation AS mi WHERE md.getName() == mi.getName() && md.getVisibility() != "private"
- The pathfinder cli now fresh look with code, line number, file name formatted
- If you make any mistakes in query, pathfinder cli advises you error message exactly line number and doesn't crash the program
- Posthog had issues in previous release due to breaking changes in golang sdk from posthog, which is now fixed.
Changelog
- moved to better output format ⭐ by @shivasurya in #120
- bug(posthog): upgrade posthog go version by @shivasurya in #121
- Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows in the github_actions group across 1 directory by @dependabot in #124
- Bump the npm_and_yarn group across 1 directory with 2 updates by @dependabot in #123
- Support multiple entity selection via cartesian product 📐 by @shivasurya in #116
- added better error handling for query parsing ⭐ by @shivasurya in #126
- Bump/v0.0.26 by @shivasurya in #127
- updated release upload action v4 by @shivasurya in #128
Full Changelog: v0.0.25...v0.0.26
Release v0.0.25
Code PathFinder 🥉 v0.0.25 (Quarter century 🏏 release)
This release has major improvements in cli capabilities, added extra core entities, able to execute queries as .cql
file
-
Introduced
BinaryExpr
as core entity. You could now search forAddExpr
,AndBitwiseExpr
,ComparisonExpr
,AndLogicalExpr
,DivExpr
,EqExpr
,NEExpr
,LeftShiftExpr
,MulExpr
,OrBitwiseExpr
,OrLogicalExpr
,RemExpr
,RightShiftExpr
,SubExpr
,UnsignedRightShiftExpr
,XorBitwiseExpr
expressions in codebase. It has bothLeftOperandString()
andRightOperandString()
as APIExample:
FIND add_expression AS ad WHERE ad.getBinaryExpr().GetLeftOperandString() != "int a"
-
Code Pathfinder queries now can be stored as
.cql
file and execute withpathfinder
cli 💻$ pathfinder query --project ~/src/code-pathfinder/test-src/android --query-file ../pathfinder-rules/example.cql
-
Code Pathfinder command-line interface has been freshly revamped with
spf13/cobra
based library.Code Pathfinder is designed for identifying vulnerabilities in source code. Usage: pathfinder [command] Available Commands: ci Scan a project for vulnerabilities with ruleset in ci mode completion Generate the autocompletion script for the specified shell help Help about any command query Execute queries on the source code scan Scan a project for vulnerabilities with ruleset version Print the version and commit information Flags: --disable-metrics Disable metrics collection -h, --help help for pathfinder Use "pathfinder [command] --help" for more information about a command.
-
Pathfinder queries (*.cql) will be available under
pathfinder-rules
directory in this repo.
What's New?
- Add posthog usage analytics log for cli tool by @shivasurya in #101
- feature(query): introduce to execute queries from
CQL
file 🚀 by @shivasurya in #102 - Refactor pathfinder cli to support cobra 🐍 cli format by @shivasurya in #104
- Bump micromatch from 4.0.7 to 4.0.8 in /docs in the npm_and_yarn group across 1 directory by @dependabot in #106
- cql(queries): Added Pathfinder CQL queries for WebView APIs 🏅 by @shivasurya in #112
- Added expr model and parsed basic binary expression by @shivasurya in #99
New Contributors
- @dependabot made their first contribution in #106
Full Changelog: v0.0.24...v0.0.25
Release v0.0.24
Method chaining is powerful feature to write models and expose methods to support runtime filtering instead of compile time/construction time of source code graph
from now on 🚀 you'll be able to chain methods for JavaDoc
object and methods. More support for entities and methods coming soon in future releases.
FIND method_declaration AS md WHERE md.getDoc().GetCommentAuthor() == "shivasurya"
What's Changed
- Bump npm package version by @shivasurya in #88
- Move javadoc entity into primary core entity by @shivasurya in #92
- Support Method Chaining for Attributes and Entities by @shivasurya in #93
- Add more testcase by @shivasurya in #94
- v0.0.24 release by @shivasurya in #95
Full Changelog: v0.0.23...v0.0.24
Release v0.0.23
What's Changed 🚀
Introducing methods, alias and variety condition support (using expr-lang) in this release. From now on you could query the codebase, 🎉
FIND method_declaration AS md WHERE md.getName() == "main" && "@Override" in md.getAnnotation()
- Pathfinder now uses ANTLR for verifying queries, expr-lang to support variety of operators for condition based filtering support.
- Pathfinder now finds vulnerable configs in Android project codebase. Checkout pathfinder ruleset published in website
- Pathfinder is now available in
npm
. You could download usingnpm i codepathfinder
Detailed changes
- npm cleanup config and release by @shivasurya in #76
- Add version and git tag info into the release by @shivasurya in #77
- Fixed method invocation param by @shivasurya in #78
- Added query to find android webview setting by @shivasurya in #79
- Added posthog analytics to docs by @shivasurya in #80
- pathfinder queries: added few more webview api ruleset by @shivasurya in #81
- Add code coverage app by @shivasurya in #82
- Update issue and feature req templates by @shivasurya in #83
- Enhanced query parser: Added ANTLR parser for query lang by @shivasurya in #49
- Add codecov badge by @shivasurya in #84
- Fix
in
array query and documentation stuff by @shivasurya in #85 - Bump version to v0.0.23 by @shivasurya in #86
- fix(build): Fix windows powershell variables by @shivasurya in #87
Full Changelog: v0.0.22...v0.0.23
Release v0.0.22
Release v0.0.21
Release v0.0.18
What's Changed
- Bump version to 0.0.17 by @shivasurya in #65
- Bump npm version and fix install script by @shivasurya in #66
- [RELEASE] Bump version to 0.0.18 by @shivasurya in #67
Full Changelog: v0.0.17...v0.0.18
Release v0.0.17
CodePathFinder is now revamped and now has new design by Astro Starlight
What's Changed
- Added Sha256 release by @shivasurya in #58
- Migrate
/docs
to Astro Starlight ⭐ by @shivasurya in #59 - Fix branch name for deploy script by @shivasurya in #61
- Fix domain name by @shivasurya in #62
- Add sitemap and fix broken link by @shivasurya in #63
- Added npm publish config and fix release by @shivasurya in #64
Full Changelog: v0.0.16...v0.0.17
Release v0.0.16
What's Changed
- Added Annotation attr by @shivasurya in #45
- Update LICENSE by @shivasurya in #46
- Create CODE_OF_CONDUCT.md by @shivasurya in #47
- Moved to gradle build system by @shivasurya in #48
- Create CONTRIBUTING.md by @shivasurya in #51
- Fix module name by @shivasurya in #52
- Added status card report by @shivasurya in #53
- Add discord and license badges by @shivasurya in #54
- Improve javadoc tag data structure by @shivasurya in #55
- Bump version to 0.0.16 by @shivasurya in #56
Full Changelog: v0.0.15...v0.0.16
Release v0.0.15
What's Changed
- Remove unused config & files by @shivasurya in #41
- optimize binary - strip symbols by @shivasurya in #42
- Added makefile config and added version flag by @shivasurya in #43
Full Changelog: v0.0.14...v0.0.15