codepathfinder 1.1.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- codepathfinder/__init__.py +48 -0
- codepathfinder/config.py +92 -0
- codepathfinder/dataflow.py +193 -0
- codepathfinder/decorators.py +104 -0
- codepathfinder/ir.py +107 -0
- codepathfinder/logic.py +101 -0
- codepathfinder/matchers.py +243 -0
- codepathfinder/presets.py +135 -0
- codepathfinder/propagation.py +250 -0
- codepathfinder-1.1.0.dist-info/METADATA +87 -0
- codepathfinder-1.1.0.dist-info/RECORD +14 -0
- codepathfinder-1.1.0.dist-info/WHEEL +5 -0
- codepathfinder-1.1.0.dist-info/licenses/LICENSE +661 -0
- codepathfinder-1.1.0.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: codepathfinder
|
|
3
|
+
Version: 1.1.0
|
|
4
|
+
Summary: Python DSL for code-pathfinder security patterns
|
|
5
|
+
Home-page: https://github.com/shivasurya/code-pathfinder
|
|
6
|
+
Author: code-pathfinder contributors
|
|
7
|
+
License: AGPL-3.0
|
|
8
|
+
Classifier: Development Status :: 4 - Beta
|
|
9
|
+
Classifier: Intended Audience :: Developers
|
|
10
|
+
Classifier: License :: OSI Approved :: GNU Affero General Public License v3
|
|
11
|
+
Classifier: Programming Language :: Python :: 3
|
|
12
|
+
Classifier: Programming Language :: Python :: 3.8
|
|
13
|
+
Classifier: Programming Language :: Python :: 3.9
|
|
14
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
15
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
17
|
+
Classifier: Topic :: Security
|
|
18
|
+
Classifier: Topic :: Software Development :: Testing
|
|
19
|
+
Requires-Python: >=3.8
|
|
20
|
+
Description-Content-Type: text/markdown
|
|
21
|
+
License-File: LICENSE
|
|
22
|
+
Provides-Extra: dev
|
|
23
|
+
Requires-Dist: pytest>=7.0.0; extra == "dev"
|
|
24
|
+
Requires-Dist: pytest-cov>=4.0.0; extra == "dev"
|
|
25
|
+
Requires-Dist: black>=23.0.0; extra == "dev"
|
|
26
|
+
Requires-Dist: mypy>=1.0.0; extra == "dev"
|
|
27
|
+
Requires-Dist: ruff>=0.1.0; extra == "dev"
|
|
28
|
+
Dynamic: home-page
|
|
29
|
+
Dynamic: license-file
|
|
30
|
+
Dynamic: requires-python
|
|
31
|
+
|
|
32
|
+
# Code-Pathfinder Python DSL
|
|
33
|
+
|
|
34
|
+
Python DSL for defining security patterns in Code Pathfinder - an open-source security suite combining structural code analysis with AI-powered vulnerability detection.
|
|
35
|
+
|
|
36
|
+
**Project Goals:**
|
|
37
|
+
- Real-time IDE integration bringing security insights directly into your editor
|
|
38
|
+
- AI-assisted analysis leveraging LLMs to understand context and identify vulnerabilities
|
|
39
|
+
- Unified workflow coverage from local development to CI/CD pipelines
|
|
40
|
+
- Flexible reporting supporting DefectDojo, GitHub Advanced Security, SARIF, and other platforms
|
|
41
|
+
|
|
42
|
+
**Documentation**: https://codepathfinder.dev/
|
|
43
|
+
|
|
44
|
+
## Installation
|
|
45
|
+
|
|
46
|
+
```bash
|
|
47
|
+
pip install codepathfinder
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
## Quick Example
|
|
51
|
+
|
|
52
|
+
```python
|
|
53
|
+
from codepathfinder import rule, flows, calls
|
|
54
|
+
from codepathfinder.presets import PropagationPresets
|
|
55
|
+
|
|
56
|
+
@rule(id="sql-injection", severity="critical", cwe="CWE-89")
|
|
57
|
+
def detect_sql_injection():
|
|
58
|
+
"""Detects SQL injection vulnerabilities"""
|
|
59
|
+
return flows(
|
|
60
|
+
from_sources=calls("request.GET", "request.POST"),
|
|
61
|
+
to_sinks=calls("execute", "executemany"),
|
|
62
|
+
sanitized_by=calls("quote_sql"),
|
|
63
|
+
propagates_through=PropagationPresets.standard(),
|
|
64
|
+
scope="global"
|
|
65
|
+
)
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
## Features
|
|
69
|
+
|
|
70
|
+
- **Matchers**: `calls()`, `variable()` for pattern matching
|
|
71
|
+
- **Dataflow Analysis**: `flows()` for source-to-sink taint tracking
|
|
72
|
+
- **Propagation**: Explicit propagation primitives (assignment, function args, returns)
|
|
73
|
+
- **Logic Operators**: `And()`, `Or()`, `Not()` for complex rules
|
|
74
|
+
- **JSON IR**: Serializes to JSON for Go executor integration
|
|
75
|
+
|
|
76
|
+
## Documentation
|
|
77
|
+
|
|
78
|
+
For detailed documentation, visit https://codepathfinder.dev/
|
|
79
|
+
|
|
80
|
+
## Requirements
|
|
81
|
+
|
|
82
|
+
- Python 3.8+
|
|
83
|
+
- No external dependencies (stdlib only!)
|
|
84
|
+
|
|
85
|
+
## License
|
|
86
|
+
|
|
87
|
+
AGPL-3.0 - GNU Affero General Public License v3
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
codepathfinder/__init__.py,sha256=ONvwrD5mjT2DpcaAGLbSkhocDmh0ly_lEdVO_8gVkas,1194
|
|
2
|
+
codepathfinder/config.py,sha256=jx1Q5QnX2zJKKhai6ISwFIWh7h9M4o06bgZpyieGx98,2473
|
|
3
|
+
codepathfinder/dataflow.py,sha256=H2X3uCc4Srl5WzmjmAeICJggUFSZnNhn1WbrWP7g8Cc,6815
|
|
4
|
+
codepathfinder/decorators.py,sha256=pkvHhf2TLHu1-Gjlqwu718yaIPsPZ4JiSSM2EReshg8,2870
|
|
5
|
+
codepathfinder/ir.py,sha256=K0YfGSFZyysDRd8B-o9gnyou5R3EbwApPsK3qSjmDSE,2837
|
|
6
|
+
codepathfinder/logic.py,sha256=cA76-mhE_A7WmWQtZtufZWxMKSrI4Bt7avJRWi20ud4,2418
|
|
7
|
+
codepathfinder/matchers.py,sha256=mCWG_FWw_CizCsKsnV9IOMaWDdrdETb_bbEeS7uF-LA,7978
|
|
8
|
+
codepathfinder/presets.py,sha256=_EU2WNtMY5PfY1iRcoZuiLkzKRddvtdn6H8tSy1dzGw,3914
|
|
9
|
+
codepathfinder/propagation.py,sha256=yz1ODauUD0hnzDjPWfTIdQojWcvkYbwrnvou4C9Fy6U,7695
|
|
10
|
+
codepathfinder-1.1.0.dist-info/licenses/LICENSE,sha256=hIahDEOTzuHCU5J2nd07LWwkLW7Hko4UFO__ffsvB-8,34523
|
|
11
|
+
codepathfinder-1.1.0.dist-info/METADATA,sha256=lV2lkJPdTLazsYK15NOIzGHNtuGl1sRDdcf84n7OMfI,2936
|
|
12
|
+
codepathfinder-1.1.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
|
|
13
|
+
codepathfinder-1.1.0.dist-info/top_level.txt,sha256=Ll603QFZoCmFBDISN1VT5QHmodZsgNiPs00voNqpOZ4,15
|
|
14
|
+
codepathfinder-1.1.0.dist-info/RECORD,,
|