entrygraph 0.1.24__tar.gz → 0.1.26__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (197) hide show
  1. {entrygraph-0.1.24 → entrygraph-0.1.26}/PKG-INFO +4 -2
  2. {entrygraph-0.1.24 → entrygraph-0.1.26}/README.md +3 -1
  3. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/_version.py +2 -2
  4. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/cli/main.py +8 -0
  5. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/extract/java.py +30 -1
  6. entrygraph-0.1.26/tests/fixtures/java/methodref_app/pom.xml +6 -0
  7. entrygraph-0.1.26/tests/fixtures/java/methodref_app/src/main/java/com/example/App.java +11 -0
  8. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_cli.py +24 -0
  9. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_extract_java.py +26 -0
  10. entrygraph-0.1.26/tests/test_java_callbacks.py +45 -0
  11. {entrygraph-0.1.24 → entrygraph-0.1.26}/.github/workflows/ci.yml +0 -0
  12. {entrygraph-0.1.24 → entrygraph-0.1.26}/.github/workflows/release.yml +0 -0
  13. {entrygraph-0.1.24 → entrygraph-0.1.26}/.gitignore +0 -0
  14. {entrygraph-0.1.24 → entrygraph-0.1.26}/LICENSE +0 -0
  15. {entrygraph-0.1.24 → entrygraph-0.1.26}/RELEASING.md +0 -0
  16. {entrygraph-0.1.24 → entrygraph-0.1.26}/pyproject.toml +0 -0
  17. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/__init__.py +0 -0
  18. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/__main__.py +0 -0
  19. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/api.py +0 -0
  20. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/cli/__init__.py +0 -0
  21. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/cli/render.py +0 -0
  22. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/data/sinks/csharp.toml +0 -0
  23. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/data/sinks/go.toml +0 -0
  24. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/data/sinks/java.toml +0 -0
  25. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/data/sinks/javascript.toml +0 -0
  26. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/data/sinks/lib_javascript.toml +0 -0
  27. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/data/sinks/lib_python.toml +0 -0
  28. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/data/sinks/php.toml +0 -0
  29. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/data/sinks/python.toml +0 -0
  30. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/data/sinks/ruby.toml +0 -0
  31. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/data/sinks/rust.toml +0 -0
  32. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/db/__init__.py +0 -0
  33. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/db/engine.py +0 -0
  34. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/db/meta.py +0 -0
  35. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/db/models.py +0 -0
  36. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/db/queries.py +0 -0
  37. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/__init__.py +0 -0
  38. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/entrypoints/__init__.py +0 -0
  39. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/entrypoints/base.py +0 -0
  40. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/entrypoints/configs.py +0 -0
  41. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/entrypoints/csharp.py +0 -0
  42. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/entrypoints/golang.py +0 -0
  43. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/entrypoints/java.py +0 -0
  44. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/entrypoints/javascript.py +0 -0
  45. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/entrypoints/php.py +0 -0
  46. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/entrypoints/python.py +0 -0
  47. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/entrypoints/ruby.py +0 -0
  48. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/entrypoints/rust.py +0 -0
  49. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/frameworks.py +0 -0
  50. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/manifests.py +0 -0
  51. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/detect/taint.py +0 -0
  52. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/errors.py +0 -0
  53. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/extract/__init__.py +0 -0
  54. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/extract/base.py +0 -0
  55. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/extract/csharp.py +0 -0
  56. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/extract/golang.py +0 -0
  57. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/extract/ir.py +0 -0
  58. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/extract/javascript.py +0 -0
  59. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/extract/php.py +0 -0
  60. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/extract/python.py +0 -0
  61. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/extract/registry.py +0 -0
  62. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/extract/ruby.py +0 -0
  63. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/extract/rust.py +0 -0
  64. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/fs/__init__.py +0 -0
  65. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/fs/hashing.py +0 -0
  66. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/fs/lang.py +0 -0
  67. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/fs/walker.py +0 -0
  68. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/graph/__init__.py +0 -0
  69. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/graph/adjacency.py +0 -0
  70. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/graph/cte.py +0 -0
  71. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/graph/scoring.py +0 -0
  72. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/kinds.py +0 -0
  73. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/parsing/__init__.py +0 -0
  74. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/parsing/parsers.py +0 -0
  75. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/parsing/queries.py +0 -0
  76. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/pipeline/__init__.py +0 -0
  77. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/pipeline/scanner.py +0 -0
  78. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/pipeline/worker.py +0 -0
  79. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/pipeline/writer.py +0 -0
  80. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/py.typed +0 -0
  81. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/csharp/calls.scm +0 -0
  82. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/csharp/definitions.scm +0 -0
  83. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/csharp/imports.scm +0 -0
  84. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/go/calls.scm +0 -0
  85. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/go/definitions.scm +0 -0
  86. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/go/imports.scm +0 -0
  87. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/java/calls.scm +0 -0
  88. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/java/definitions.scm +0 -0
  89. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/java/imports.scm +0 -0
  90. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/javascript/calls.scm +0 -0
  91. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/javascript/definitions.scm +0 -0
  92. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/javascript/imports.scm +0 -0
  93. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/php/calls.scm +0 -0
  94. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/php/definitions.scm +0 -0
  95. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/php/imports.scm +0 -0
  96. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/python/calls.scm +0 -0
  97. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/python/definitions.scm +0 -0
  98. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/python/imports.scm +0 -0
  99. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/ruby/calls.scm +0 -0
  100. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/ruby/definitions.scm +0 -0
  101. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/ruby/imports.scm +0 -0
  102. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/rust/calls.scm +0 -0
  103. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/rust/definitions.scm +0 -0
  104. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/queries/rust/imports.scm +0 -0
  105. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/resolve/__init__.py +0 -0
  106. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/resolve/externals.py +0 -0
  107. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/resolve/hierarchy.py +0 -0
  108. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/resolve/resolver.py +0 -0
  109. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/resolve/symbol_table.py +0 -0
  110. {entrygraph-0.1.24 → entrygraph-0.1.26}/src/entrygraph/results.py +0 -0
  111. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/conftest.py +0 -0
  112. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/csharp/aspnet_app/Controllers/ReportsController.cs +0 -0
  113. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/csharp/aspnet_app/Program.cs +0 -0
  114. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/csharp/aspnet_app/Services/ReportService.cs +0 -0
  115. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/csharp/aspnet_app/app.csproj +0 -0
  116. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/csharp/minimalapi_app/Program.cs +0 -0
  117. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/csharp/minimalapi_app/app.csproj +0 -0
  118. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/go/gin_app/go.mod +0 -0
  119. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/go/gin_app/main.go +0 -0
  120. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/go/gin_app/service.go +0 -0
  121. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/go/nethttp_app/go.mod +0 -0
  122. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/go/nethttp_app/main.go +0 -0
  123. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/java/spring_app/pom.xml +0 -0
  124. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/java/spring_app/src/main/java/com/example/Application.java +0 -0
  125. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/java/spring_app/src/main/java/com/example/ReportRunner.java +0 -0
  126. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/java/spring_app/src/main/java/com/example/ReportService.java +0 -0
  127. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/java/spring_app/src/main/java/com/example/UserController.java +0 -0
  128. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/javascript/commonjs_app/server.js +0 -0
  129. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/javascript/express_app/package.json +0 -0
  130. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/javascript/express_app/src/routes.js +0 -0
  131. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/javascript/express_app/src/services.js +0 -0
  132. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/php/laravel_app/app/Http/Controllers/ReportController.php +0 -0
  133. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/php/laravel_app/artisan +0 -0
  134. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/php/laravel_app/composer.json +0 -0
  135. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/php/laravel_app/routes/web.php +0 -0
  136. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/python/chained_sinks/app.py +0 -0
  137. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/python/flask_app/app/__init__.py +0 -0
  138. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/python/flask_app/app/db.py +0 -0
  139. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/python/flask_app/app/routes.py +0 -0
  140. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/python/flask_app/app/services.py +0 -0
  141. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/python/flask_app/cli.py +0 -0
  142. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/python/flask_app/requirements.txt +0 -0
  143. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/python/fuzzy_sink/app.py +0 -0
  144. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/python/heal_fidelity/caller.py +0 -0
  145. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/python/heal_fidelity/worker.py +0 -0
  146. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/python/may_continue/app.py +0 -0
  147. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/python/sanitizer/app.py +0 -0
  148. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/python/taint_source/handler.py +0 -0
  149. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/ruby/sinatra_app/Gemfile +0 -0
  150. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/ruby/sinatra_app/app.rb +0 -0
  151. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/ruby/sinatra_app/services/runner.rb +0 -0
  152. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/rust/axum_app/Cargo.toml +0 -0
  153. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/rust/axum_app/src/handlers.rs +0 -0
  154. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/rust/axum_app/src/main.rs +0 -0
  155. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/rust/axum_callback_app/Cargo.toml +0 -0
  156. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/rust/axum_callback_app/src/main.rs +0 -0
  157. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/rust/scoped_sink_app/Cargo.toml +0 -0
  158. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/fixtures/rust/scoped_sink_app/src/main.rs +0 -0
  159. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_api.py +0 -0
  160. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_commonjs.py +0 -0
  161. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_csharp_callbacks.py +0 -0
  162. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_cte_bounds.py +0 -0
  163. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_engine_pragmas.py +0 -0
  164. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_entrypoint_expansion.py +0 -0
  165. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_entrypoints.py +0 -0
  166. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_extract_csharp.py +0 -0
  167. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_extract_go.py +0 -0
  168. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_extract_javascript.py +0 -0
  169. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_extract_php.py +0 -0
  170. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_extract_python.py +0 -0
  171. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_extract_ruby.py +0 -0
  172. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_extract_rust.py +0 -0
  173. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_frameworks.py +0 -0
  174. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_fuzzy_sink.py +0 -0
  175. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_go_callbacks.py +0 -0
  176. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_hardening.py +0 -0
  177. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_heal_fidelity.py +0 -0
  178. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_incremental.py +0 -0
  179. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_indexer.py +0 -0
  180. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_lang.py +0 -0
  181. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_manifests.py +0 -0
  182. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_may_continue.py +0 -0
  183. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_models.py +0 -0
  184. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_pool.py +0 -0
  185. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_reachability.py +0 -0
  186. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_registry_cache.py +0 -0
  187. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_render.py +0 -0
  188. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_resolver.py +0 -0
  189. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_rust_callbacks.py +0 -0
  190. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_rust_scoped_sinks.py +0 -0
  191. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_scoring.py +0 -0
  192. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_sink_catalog.py +0 -0
  193. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_taint.py +0 -0
  194. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_taint_sanitizers.py +0 -0
  195. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_taint_sources.py +0 -0
  196. {entrygraph-0.1.24 → entrygraph-0.1.26}/tests/test_walker.py +0 -0
  197. {entrygraph-0.1.24 → entrygraph-0.1.26}/uv.lock +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: entrygraph
3
- Version: 0.1.24
3
+ Version: 0.1.26
4
4
  Summary: Language-agnostic code graph: query symbols, entrypoints, and source-to-sink call paths from a SQLite index
5
5
  Project-URL: Repository, https://github.com/brettbergin/entrygraph
6
6
  Author-email: Brett Bergin <brettberginbc@yahoo.com>
@@ -202,7 +202,9 @@ entrygraph paths --source '*' --sink-category command_exec
202
202
  `--source-category http_input` / `env`) — `entrygraph paths --source-category http_input --sink-category sql`. Combine with `--source` to union both.
203
203
  - **Precision/recall dial**: by default only high-confidence edges are traversed.
204
204
  Widen with `--include-unresolved` (wildcard `py:*.execute` sinks + dynamic
205
- calls) or `--include-fuzzy` (speculative class-hierarchy edges).
205
+ calls), `--include-fuzzy` (speculative class-hierarchy edges), or
206
+ `--include-callbacks` (function/method values passed as arguments — handler
207
+ registrations like `http.HandleFunc("/", handler)` or `this::handle`).
206
208
  - **Sanitizers**: a registered sanitizer for the sink's category called on a
207
209
  path (e.g. `shlex.quote`) *discounts* its risk score — heuristically, since
208
210
  there is no dataflow, so it never zeroes the risk or hides the path.
@@ -151,7 +151,9 @@ entrygraph paths --source '*' --sink-category command_exec
151
151
  `--source-category http_input` / `env`) — `entrygraph paths --source-category http_input --sink-category sql`. Combine with `--source` to union both.
152
152
  - **Precision/recall dial**: by default only high-confidence edges are traversed.
153
153
  Widen with `--include-unresolved` (wildcard `py:*.execute` sinks + dynamic
154
- calls) or `--include-fuzzy` (speculative class-hierarchy edges).
154
+ calls), `--include-fuzzy` (speculative class-hierarchy edges), or
155
+ `--include-callbacks` (function/method values passed as arguments — handler
156
+ registrations like `http.HandleFunc("/", handler)` or `this::handle`).
155
157
  - **Sanitizers**: a registered sanitizer for the sink's category called on a
156
158
  path (e.g. `shlex.quote`) *discounts* its risk score — heuristically, since
157
159
  there is no dataflow, so it never zeroes the risk or hides the path.
@@ -18,7 +18,7 @@ version_tuple: tuple[int | str, ...]
18
18
  commit_id: str | None
19
19
  __commit_id__: str | None
20
20
 
21
- __version__ = version = '0.1.24'
22
- __version_tuple__ = version_tuple = (0, 1, 24)
21
+ __version__ = version = '0.1.26'
22
+ __version_tuple__ = version_tuple = (0, 1, 26)
23
23
 
24
24
  __commit_id__ = commit_id = None
@@ -274,6 +274,7 @@ def cmd_paths(args) -> int:
274
274
  min_confidence=args.min_confidence,
275
275
  include_fuzzy=args.include_fuzzy,
276
276
  include_unresolved=args.include_unresolved,
277
+ include_callbacks=args.include_callbacks,
277
278
  prune_sanitized=args.prune_sanitized,
278
279
  )
279
280
  if args.json:
@@ -411,6 +412,13 @@ def build_parser() -> argparse.ArgumentParser:
411
412
  action="store_true",
412
413
  help="also traverse unresolved wildcard-sink and dynamic-call edges",
413
414
  )
415
+ p.add_argument(
416
+ "--include-callbacks",
417
+ dest="include_callbacks",
418
+ action="store_true",
419
+ help="also follow function/method values passed as arguments "
420
+ "(handler registrations, callbacks)",
421
+ )
414
422
  p.add_argument(
415
423
  "--prune-sanitized",
416
424
  dest="prune_sanitized",
@@ -206,6 +206,7 @@ class JavaExtractor:
206
206
  receiver = None
207
207
  callee_text = callee_name
208
208
  args = node.child_by_field_name("arguments")
209
+ caller = self._caller(node, ctx)
209
210
  out.references.append(
210
211
  RawReference(
211
212
  kind="call",
@@ -213,11 +214,12 @@ class JavaExtractor:
213
214
  callee_name=callee_name,
214
215
  receiver_text=receiver,
215
216
  span=span_of(node),
216
- caller_qualified_name=self._caller(node, ctx),
217
+ caller_qualified_name=caller,
217
218
  arg_count=len(args.named_children) if args is not None else 0,
218
219
  arg_preview=truncate(node_text(args)) if args is not None else None,
219
220
  )
220
221
  )
222
+ self._emit_callbacks(args, caller, out)
221
223
 
222
224
  for node in caps.get("new", []):
223
225
  type_node = node.child_by_field_name("type")
@@ -239,6 +241,33 @@ class JavaExtractor:
239
241
  )
240
242
  )
241
243
 
244
+ def _emit_callbacks(self, args: Node | None, caller: str | None, out: FileExtraction) -> None:
245
+ """Method-reference arguments passed to a call — a method value invoked
246
+ later, e.g. ``r.get("/run", this::handle)`` or ``stream.map(App::parse)``.
247
+ The qualifier becomes the receiver (``this`` resolves to the enclosing
248
+ class; a type/instance qualifier resolves by unique method name), so the
249
+ handler gets an inbound edge. Resolution keeps only project methods."""
250
+ if args is None:
251
+ return
252
+ for arg in args.named_children:
253
+ if arg.type != "method_reference":
254
+ continue
255
+ children = arg.named_children
256
+ if len(children) < 2 or children[-1].type != "identifier":
257
+ continue
258
+ receiver = node_text(children[0]) # "this" | "App" | "obj"
259
+ name = node_text(children[-1])
260
+ out.references.append(
261
+ RawReference(
262
+ kind="callback",
263
+ callee_text=f"{receiver}::{name}",
264
+ callee_name=name,
265
+ receiver_text=receiver,
266
+ span=span_of(arg),
267
+ caller_qualified_name=caller,
268
+ )
269
+ )
270
+
242
271
  # ---------------- helpers ----------------
243
272
 
244
273
  def _scope_chain(self, node: Node, ctx: FileContext) -> list[str]:
@@ -0,0 +1,6 @@
1
+ <project>
2
+ <modelVersion>4.0.0</modelVersion>
3
+ <groupId>com.example</groupId>
4
+ <artifactId>app</artifactId>
5
+ <version>1.0</version>
6
+ </project>
@@ -0,0 +1,11 @@
1
+ package com.example;
2
+
3
+ public class App {
4
+ void setup(Router r) {
5
+ r.get("/run", this::handle);
6
+ }
7
+
8
+ void handle() throws Exception {
9
+ Runtime.getRuntime().exec("sh");
10
+ }
11
+ }
@@ -80,6 +80,30 @@ def test_paths_by_category(db, capsys):
80
80
  assert paths and paths[0]["symbols"][-1] == "py:subprocess.run"
81
81
 
82
82
 
83
+ NETHTTP_APP = Path(__file__).parent / "fixtures" / "go" / "nethttp_app"
84
+
85
+
86
+ def test_paths_include_callbacks(tmp_path, capsys):
87
+ # a handler passed to http.HandleFunc is severed unless callback edges are
88
+ # traversed; --include-callbacks flips the query from unreachable to reachable.
89
+ db = str(tmp_path / "go.db")
90
+ assert main(["index", str(NETHTTP_APP), "--db", db]) == 0
91
+ args = [
92
+ "paths",
93
+ "--db",
94
+ db,
95
+ "--source",
96
+ "_root.main",
97
+ "--sink-category",
98
+ "command_exec",
99
+ "--include-unresolved",
100
+ ]
101
+ assert main(args) == 1 # handler severed -> no path
102
+ capsys.readouterr()
103
+ assert main([*args, "--include-callbacks"]) == 0 # reachable via the callback edge
104
+ assert "_root.handler" in capsys.readouterr().out
105
+
106
+
83
107
  def test_callers(db, capsys):
84
108
  assert main(["callers", "--db", db, "app.services.run_report"]) == 0
85
109
  assert "app.routes.create_report" in capsys.readouterr().out
@@ -199,6 +199,32 @@ public class C {
199
199
  assert "ProcessBuilder" in calls
200
200
 
201
201
 
202
+ def test_method_reference_argument_is_a_callback():
203
+ # r.get("/run", this::handle) / stream.map(App::parse) pass method values;
204
+ # they must be callbacks so the referenced method is reachable.
205
+ x = extract(
206
+ """
207
+ package com.example;
208
+
209
+ public class App {
210
+ void setup(Router r) {
211
+ r.get("/run", this::handle);
212
+ r.post("/x", App::parse);
213
+ }
214
+ void handle() {}
215
+ static void parse() {}
216
+ }
217
+ """,
218
+ path="src/main/java/com/example/App.java",
219
+ )
220
+ callbacks = {r.callee_name: r for r in x.references if r.kind == "callback"}
221
+ assert callbacks["handle"].receiver_text == "this"
222
+ assert callbacks["handle"].caller_qualified_name == "com.example.App.setup"
223
+ assert callbacks["parse"].receiver_text == "App"
224
+ # string literal args are not callbacks
225
+ assert "/run" not in callbacks
226
+
227
+
202
228
  # ---------------- unit: main detection ----------------
203
229
 
204
230
 
@@ -0,0 +1,45 @@
1
+ """End-to-end: Java method-reference callbacks connect handlers to their
2
+ registration site (Phase 4).
3
+
4
+ Regression: the Java extractor emitted no callback references, so a handler passed
5
+ as a method reference (`this::handle`) had no inbound edge and was unreachable.
6
+ """
7
+
8
+ from __future__ import annotations
9
+
10
+ from pathlib import Path
11
+
12
+ import pytest
13
+
14
+ from entrygraph import CodeGraph
15
+
16
+ METHODREF_APP = Path(__file__).parent / "fixtures" / "java" / "methodref_app"
17
+
18
+
19
+ @pytest.fixture(scope="module")
20
+ def graph(tmp_path_factory) -> CodeGraph:
21
+ db = tmp_path_factory.mktemp("db") / "graph.db"
22
+ g = CodeGraph.index(METHODREF_APP, db=db)
23
+ yield g
24
+ g.close()
25
+
26
+
27
+ def test_callback_edge_created(graph):
28
+ rows = graph.sql(
29
+ "SELECT src.qname AS src, e.dst_qname AS dst FROM edges e "
30
+ "JOIN symbols src ON e.src_symbol_id = src.id WHERE e.kind = 'callback'"
31
+ )
32
+ pairs = {(r["src"], r["dst"]) for r in rows}
33
+ assert ("com.example.App.setup", "com.example.App.handle") in pairs
34
+
35
+
36
+ def test_handler_reachable_only_with_callbacks(graph):
37
+ kw = {
38
+ "source": "com.example.App.setup",
39
+ "sink_category": "command_exec",
40
+ "include_unresolved": True,
41
+ }
42
+ assert graph.paths(**kw) == []
43
+ withcb = graph.paths(**kw, include_callbacks=True)
44
+ assert withcb
45
+ assert "com.example.App.handle" in [s.qname for s in withcb[0].symbols]
File without changes
File without changes
File without changes
File without changes
File without changes