entrygraph 0.1.26__tar.gz → 0.1.27__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {entrygraph-0.1.26 → entrygraph-0.1.27}/PKG-INFO +1 -1
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/_version.py +2 -2
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/data/sinks/csharp.toml +23 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/data/sinks/go.toml +30 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/data/sinks/java.toml +23 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/data/sinks/php.toml +44 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/data/sinks/ruby.toml +30 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/data/sinks/rust.toml +16 -0
- entrygraph-0.1.27/tests/test_sanitizer_languages.py +56 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_taint.py +25 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/.github/workflows/ci.yml +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/.github/workflows/release.yml +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/.gitignore +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/LICENSE +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/README.md +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/RELEASING.md +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/pyproject.toml +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/__init__.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/__main__.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/api.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/cli/__init__.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/cli/main.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/cli/render.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/data/sinks/javascript.toml +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/data/sinks/lib_javascript.toml +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/data/sinks/lib_python.toml +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/data/sinks/python.toml +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/db/__init__.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/db/engine.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/db/meta.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/db/models.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/db/queries.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/__init__.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/entrypoints/__init__.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/entrypoints/base.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/entrypoints/configs.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/entrypoints/csharp.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/entrypoints/golang.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/entrypoints/java.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/entrypoints/javascript.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/entrypoints/php.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/entrypoints/python.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/entrypoints/ruby.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/entrypoints/rust.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/frameworks.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/manifests.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/detect/taint.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/errors.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/extract/__init__.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/extract/base.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/extract/csharp.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/extract/golang.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/extract/ir.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/extract/java.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/extract/javascript.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/extract/php.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/extract/python.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/extract/registry.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/extract/ruby.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/extract/rust.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/fs/__init__.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/fs/hashing.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/fs/lang.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/fs/walker.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/graph/__init__.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/graph/adjacency.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/graph/cte.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/graph/scoring.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/kinds.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/parsing/__init__.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/parsing/parsers.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/parsing/queries.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/pipeline/__init__.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/pipeline/scanner.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/pipeline/worker.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/pipeline/writer.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/py.typed +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/csharp/calls.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/csharp/definitions.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/csharp/imports.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/go/calls.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/go/definitions.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/go/imports.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/java/calls.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/java/definitions.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/java/imports.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/javascript/calls.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/javascript/definitions.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/javascript/imports.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/php/calls.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/php/definitions.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/php/imports.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/python/calls.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/python/definitions.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/python/imports.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/ruby/calls.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/ruby/definitions.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/ruby/imports.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/rust/calls.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/rust/definitions.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/queries/rust/imports.scm +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/resolve/__init__.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/resolve/externals.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/resolve/hierarchy.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/resolve/resolver.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/resolve/symbol_table.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/src/entrygraph/results.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/conftest.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/csharp/aspnet_app/Controllers/ReportsController.cs +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/csharp/aspnet_app/Program.cs +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/csharp/aspnet_app/Services/ReportService.cs +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/csharp/aspnet_app/app.csproj +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/csharp/minimalapi_app/Program.cs +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/csharp/minimalapi_app/app.csproj +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/go/gin_app/go.mod +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/go/gin_app/main.go +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/go/gin_app/service.go +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/go/nethttp_app/go.mod +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/go/nethttp_app/main.go +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/java/methodref_app/pom.xml +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/java/methodref_app/src/main/java/com/example/App.java +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/java/spring_app/pom.xml +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/java/spring_app/src/main/java/com/example/Application.java +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/java/spring_app/src/main/java/com/example/ReportRunner.java +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/java/spring_app/src/main/java/com/example/ReportService.java +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/java/spring_app/src/main/java/com/example/UserController.java +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/javascript/commonjs_app/server.js +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/javascript/express_app/package.json +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/javascript/express_app/src/routes.js +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/javascript/express_app/src/services.js +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/php/laravel_app/app/Http/Controllers/ReportController.php +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/php/laravel_app/artisan +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/php/laravel_app/composer.json +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/php/laravel_app/routes/web.php +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/python/chained_sinks/app.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/python/flask_app/app/__init__.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/python/flask_app/app/db.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/python/flask_app/app/routes.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/python/flask_app/app/services.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/python/flask_app/cli.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/python/flask_app/requirements.txt +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/python/fuzzy_sink/app.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/python/heal_fidelity/caller.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/python/heal_fidelity/worker.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/python/may_continue/app.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/python/sanitizer/app.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/python/taint_source/handler.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/ruby/sinatra_app/Gemfile +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/ruby/sinatra_app/app.rb +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/ruby/sinatra_app/services/runner.rb +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/rust/axum_app/Cargo.toml +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/rust/axum_app/src/handlers.rs +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/rust/axum_app/src/main.rs +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/rust/axum_callback_app/Cargo.toml +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/rust/axum_callback_app/src/main.rs +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/rust/scoped_sink_app/Cargo.toml +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/rust/scoped_sink_app/src/main.rs +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_api.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_cli.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_commonjs.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_csharp_callbacks.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_cte_bounds.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_engine_pragmas.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_entrypoint_expansion.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_entrypoints.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_extract_csharp.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_extract_go.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_extract_java.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_extract_javascript.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_extract_php.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_extract_python.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_extract_ruby.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_extract_rust.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_frameworks.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_fuzzy_sink.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_go_callbacks.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_hardening.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_heal_fidelity.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_incremental.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_indexer.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_java_callbacks.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_lang.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_manifests.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_may_continue.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_models.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_pool.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_reachability.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_registry_cache.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_render.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_resolver.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_rust_callbacks.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_rust_scoped_sinks.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_scoring.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_sink_catalog.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_taint_sanitizers.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_taint_sources.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/tests/test_walker.py +0 -0
- {entrygraph-0.1.26 → entrygraph-0.1.27}/uv.lock +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: entrygraph
|
|
3
|
-
Version: 0.1.
|
|
3
|
+
Version: 0.1.27
|
|
4
4
|
Summary: Language-agnostic code graph: query symbols, entrypoints, and source-to-sink call paths from a SQLite index
|
|
5
5
|
Project-URL: Repository, https://github.com/brettbergin/entrygraph
|
|
6
6
|
Author-email: Brett Bergin <brettberginbc@yahoo.com>
|
|
@@ -18,7 +18,7 @@ version_tuple: tuple[int | str, ...]
|
|
|
18
18
|
commit_id: str | None
|
|
19
19
|
__commit_id__: str | None
|
|
20
20
|
|
|
21
|
-
__version__ = version = '0.1.
|
|
22
|
-
__version_tuple__ = version_tuple = (0, 1,
|
|
21
|
+
__version__ = version = '0.1.27'
|
|
22
|
+
__version_tuple__ = version_tuple = (0, 1, 27)
|
|
23
23
|
|
|
24
24
|
__commit_id__ = commit_id = None
|
|
@@ -104,3 +104,26 @@ id = "csharp.env"
|
|
|
104
104
|
category = "env_input"
|
|
105
105
|
callee = "cs:Environment.GetEnvironmentVariable"
|
|
106
106
|
description = "Environment variable input"
|
|
107
|
+
|
|
108
|
+
# ---------------- sanitizers ----------------
|
|
109
|
+
|
|
110
|
+
[[sanitizer]]
|
|
111
|
+
id = "cs.sanitize.path-getfilename"
|
|
112
|
+
category = "path_traversal"
|
|
113
|
+
callee = "cs:*.{GetFileName,GetFullPath}"
|
|
114
|
+
effect = "reduces"
|
|
115
|
+
description = "Path.GetFileName / GetFullPath normalization"
|
|
116
|
+
|
|
117
|
+
[[sanitizer]]
|
|
118
|
+
id = "cs.sanitize.uri-escape"
|
|
119
|
+
category = "ssrf"
|
|
120
|
+
callee = "cs:*.{EscapeDataString,EscapeUriString}"
|
|
121
|
+
effect = "reduces"
|
|
122
|
+
description = "Uri.EscapeDataString URL encoding"
|
|
123
|
+
|
|
124
|
+
[[sanitizer]]
|
|
125
|
+
id = "cs.sanitize.sql-parameter"
|
|
126
|
+
category = "sql"
|
|
127
|
+
callee = "cs:*.{AddWithValue}"
|
|
128
|
+
effect = "reduces"
|
|
129
|
+
description = "Parameterized query value binding (SqlParameter)"
|
|
@@ -85,3 +85,33 @@ id = "go.env"
|
|
|
85
85
|
category = "env_input"
|
|
86
86
|
callee = "go:os.Getenv"
|
|
87
87
|
description = "Environment variable input"
|
|
88
|
+
|
|
89
|
+
# ---------------- sanitizers ----------------
|
|
90
|
+
|
|
91
|
+
[[sanitizer]]
|
|
92
|
+
id = "go.sanitize.filepath-clean"
|
|
93
|
+
category = "path_traversal"
|
|
94
|
+
callee = "go:{path/filepath.Clean,path.Clean,path/filepath.Base,path.Base}"
|
|
95
|
+
effect = "reduces"
|
|
96
|
+
description = "Path normalization / basename"
|
|
97
|
+
|
|
98
|
+
[[sanitizer]]
|
|
99
|
+
id = "go.sanitize.html-escape"
|
|
100
|
+
category = "template_injection"
|
|
101
|
+
callee = "go:{html.EscapeString,template.HTMLEscapeString}"
|
|
102
|
+
effect = "reduces"
|
|
103
|
+
description = "HTML escaping"
|
|
104
|
+
|
|
105
|
+
[[sanitizer]]
|
|
106
|
+
id = "go.sanitize.url-escape"
|
|
107
|
+
category = "ssrf"
|
|
108
|
+
callee = "go:{url.QueryEscape,url.PathEscape}"
|
|
109
|
+
effect = "reduces"
|
|
110
|
+
description = "URL component escaping"
|
|
111
|
+
|
|
112
|
+
[[sanitizer]]
|
|
113
|
+
id = "go.sanitize.strconv-sql"
|
|
114
|
+
category = "sql"
|
|
115
|
+
callee = "go:{strconv.Atoi,strconv.ParseInt,strconv.ParseUint,strconv.ParseFloat}"
|
|
116
|
+
effect = "neutralizes"
|
|
117
|
+
description = "Numeric parse — a parsed number cannot carry SQL injection"
|
|
@@ -90,3 +90,26 @@ id = "java.env"
|
|
|
90
90
|
category = "env_input"
|
|
91
91
|
callee = "java:System.getenv"
|
|
92
92
|
description = "Environment variable input"
|
|
93
|
+
|
|
94
|
+
# ---------------- sanitizers ----------------
|
|
95
|
+
|
|
96
|
+
[[sanitizer]]
|
|
97
|
+
id = "java.sanitize.html-encode"
|
|
98
|
+
category = "template_injection"
|
|
99
|
+
callee = "java:*.{forHtml,forHtmlContent,forJavaScript,escapeHtml4,escapeHtml,escapeXml11,htmlEscape}"
|
|
100
|
+
effect = "reduces"
|
|
101
|
+
description = "OWASP Encoder / commons-text / Spring HTML escaping"
|
|
102
|
+
|
|
103
|
+
[[sanitizer]]
|
|
104
|
+
id = "java.sanitize.path-normalize"
|
|
105
|
+
category = "path_traversal"
|
|
106
|
+
callee = "java:*.{getFileName,normalize,getName}"
|
|
107
|
+
effect = "reduces"
|
|
108
|
+
description = "Path normalization / filename extraction (Path.getFileName, FilenameUtils.getName)"
|
|
109
|
+
|
|
110
|
+
[[sanitizer]]
|
|
111
|
+
id = "java.sanitize.url-encode"
|
|
112
|
+
category = "ssrf"
|
|
113
|
+
callee = "java:*.{urlEncode,encode}"
|
|
114
|
+
effect = "reduces"
|
|
115
|
+
description = "URL encoding (URLEncoder.encode)"
|
|
@@ -123,3 +123,47 @@ id = "php.laravel.request"
|
|
|
123
123
|
category = "http_input"
|
|
124
124
|
callee = "php:*.{input,query,post,cookie,header}"
|
|
125
125
|
description = "Laravel request accessors"
|
|
126
|
+
|
|
127
|
+
# ---------------- sanitizers ----------------
|
|
128
|
+
|
|
129
|
+
[[sanitizer]]
|
|
130
|
+
id = "php.sanitize.escapeshell"
|
|
131
|
+
category = "command_exec"
|
|
132
|
+
callee = "php:{escapeshellarg,escapeshellcmd}"
|
|
133
|
+
effect = "neutralizes"
|
|
134
|
+
description = "Shell argument/command escaping"
|
|
135
|
+
|
|
136
|
+
[[sanitizer]]
|
|
137
|
+
id = "php.sanitize.htmlspecialchars"
|
|
138
|
+
category = "template_injection"
|
|
139
|
+
callee = "php:{htmlspecialchars,htmlentities,strip_tags}"
|
|
140
|
+
effect = "reduces"
|
|
141
|
+
description = "HTML escaping"
|
|
142
|
+
|
|
143
|
+
[[sanitizer]]
|
|
144
|
+
id = "php.sanitize.sql-escape"
|
|
145
|
+
category = "sql"
|
|
146
|
+
callee = "php:{mysqli_real_escape_string,pg_escape_string,pg_escape_literal}"
|
|
147
|
+
effect = "reduces"
|
|
148
|
+
description = "SQL string escaping"
|
|
149
|
+
|
|
150
|
+
[[sanitizer]]
|
|
151
|
+
id = "php.sanitize.sql-quote"
|
|
152
|
+
category = "sql"
|
|
153
|
+
callee = "php:*.{quote,real_escape_string}"
|
|
154
|
+
effect = "reduces"
|
|
155
|
+
description = "PDO::quote / mysqli::real_escape_string"
|
|
156
|
+
|
|
157
|
+
[[sanitizer]]
|
|
158
|
+
id = "php.sanitize.intval"
|
|
159
|
+
category = "sql"
|
|
160
|
+
callee = "php:{intval,floatval}"
|
|
161
|
+
effect = "neutralizes"
|
|
162
|
+
description = "Numeric cast — a parsed number cannot carry SQL injection"
|
|
163
|
+
|
|
164
|
+
[[sanitizer]]
|
|
165
|
+
id = "php.sanitize.basename"
|
|
166
|
+
category = "path_traversal"
|
|
167
|
+
callee = "php:{basename,realpath}"
|
|
168
|
+
effect = "reduces"
|
|
169
|
+
description = "Basename / realpath resolution"
|
|
@@ -100,3 +100,33 @@ category = "env_input"
|
|
|
100
100
|
callee = "rb:*.{fetch}"
|
|
101
101
|
require_arg_hint = "ENV"
|
|
102
102
|
description = "Environment variable input"
|
|
103
|
+
|
|
104
|
+
# ---------------- sanitizers ----------------
|
|
105
|
+
|
|
106
|
+
[[sanitizer]]
|
|
107
|
+
id = "rb.sanitize.shellwords"
|
|
108
|
+
category = "command_exec"
|
|
109
|
+
callee = "rb:*.{shellescape}"
|
|
110
|
+
effect = "neutralizes"
|
|
111
|
+
description = "Shell argument quoting (Shellwords.escape / String#shellescape)"
|
|
112
|
+
|
|
113
|
+
[[sanitizer]]
|
|
114
|
+
id = "rb.sanitize.html-escape"
|
|
115
|
+
category = "template_injection"
|
|
116
|
+
callee = "rb:{CGI.escapeHTML,ERB.Util.html_escape,ERB.Util.h,Rack.Utils.escape_html}"
|
|
117
|
+
effect = "reduces"
|
|
118
|
+
description = "HTML escaping"
|
|
119
|
+
|
|
120
|
+
[[sanitizer]]
|
|
121
|
+
id = "rb.sanitize.sql"
|
|
122
|
+
category = "sql"
|
|
123
|
+
callee = "rb:*.{sanitize_sql,sanitize_sql_array,sanitize_sql_for_conditions,quote}"
|
|
124
|
+
effect = "reduces"
|
|
125
|
+
description = "ActiveRecord SQL sanitization"
|
|
126
|
+
|
|
127
|
+
[[sanitizer]]
|
|
128
|
+
id = "rb.sanitize.basename"
|
|
129
|
+
category = "path_traversal"
|
|
130
|
+
callee = "rb:{File.basename}"
|
|
131
|
+
effect = "reduces"
|
|
132
|
+
description = "Basename extraction"
|
|
@@ -66,3 +66,19 @@ id = "rust.stdin"
|
|
|
66
66
|
category = "stdin_input"
|
|
67
67
|
callee = "rs:{std.io.stdin,io.stdin}"
|
|
68
68
|
description = "Standard input"
|
|
69
|
+
|
|
70
|
+
# ---------------- sanitizers ----------------
|
|
71
|
+
|
|
72
|
+
[[sanitizer]]
|
|
73
|
+
id = "rs.sanitize.shell-escape"
|
|
74
|
+
category = "command_exec"
|
|
75
|
+
callee = "rs:{shell_escape.escape,shell_escape.unix.escape,shlex.quote,shlex.try_quote}"
|
|
76
|
+
effect = "neutralizes"
|
|
77
|
+
description = "Shell argument quoting (shell-escape / shlex crates)"
|
|
78
|
+
|
|
79
|
+
[[sanitizer]]
|
|
80
|
+
id = "rs.sanitize.path-filename"
|
|
81
|
+
category = "path_traversal"
|
|
82
|
+
callee = "rs:*.{file_name,canonicalize}"
|
|
83
|
+
effect = "reduces"
|
|
84
|
+
description = "Path::file_name / canonicalize"
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
"""End-to-end sanitizer detection across the newly-covered languages (Phase 5).
|
|
2
|
+
|
|
3
|
+
Regression: Go, Java, Ruby, C#, PHP, and Rust shipped zero sanitizers. A sibling
|
|
4
|
+
sanitizer call for the sink's category now discounts the path's risk (matched via
|
|
5
|
+
out-edges, per the query-time sanitizer machinery).
|
|
6
|
+
"""
|
|
7
|
+
|
|
8
|
+
from __future__ import annotations
|
|
9
|
+
|
|
10
|
+
import pytest
|
|
11
|
+
|
|
12
|
+
from entrygraph import CodeGraph
|
|
13
|
+
|
|
14
|
+
# (language, filename, source code, path source qname, sink category, expected sanitizer id)
|
|
15
|
+
CASES = [
|
|
16
|
+
(
|
|
17
|
+
"go",
|
|
18
|
+
"main.go",
|
|
19
|
+
'package main\nimport ("os"; "path/filepath")\n'
|
|
20
|
+
"func h(p string) { filepath.Clean(p); os.ReadFile(p) }\n",
|
|
21
|
+
"_root.h",
|
|
22
|
+
"path_traversal",
|
|
23
|
+
"go.sanitize.filepath-clean",
|
|
24
|
+
),
|
|
25
|
+
(
|
|
26
|
+
"php",
|
|
27
|
+
"i.php",
|
|
28
|
+
"<?php\nfunction h($c) { escapeshellarg($c); system($c); }\n",
|
|
29
|
+
"i.h",
|
|
30
|
+
"command_exec",
|
|
31
|
+
"php.sanitize.escapeshell",
|
|
32
|
+
),
|
|
33
|
+
(
|
|
34
|
+
"ruby",
|
|
35
|
+
"a.rb",
|
|
36
|
+
"def h(c)\n c.shellescape\n system(c)\nend\n",
|
|
37
|
+
"a.h",
|
|
38
|
+
"command_exec",
|
|
39
|
+
"rb.sanitize.shellwords",
|
|
40
|
+
),
|
|
41
|
+
]
|
|
42
|
+
|
|
43
|
+
|
|
44
|
+
@pytest.mark.parametrize("lang,fname,code,source,category,sanitizer", CASES)
|
|
45
|
+
def test_sibling_sanitizer_discounts_risk(tmp_path, lang, fname, code, source, category, sanitizer):
|
|
46
|
+
(tmp_path / fname).write_text(code)
|
|
47
|
+
g = CodeGraph.index(tmp_path, db=tmp_path / "g.db")
|
|
48
|
+
try:
|
|
49
|
+
paths = g.paths(source=source, sink_category=category, include_unresolved=True)
|
|
50
|
+
assert paths, f"{lang}: expected a {category} path from {source}"
|
|
51
|
+
path = paths[0]
|
|
52
|
+
assert sanitizer in {sid for e in path.edges for sid in e.sanitized_by}
|
|
53
|
+
# a detected sanitizer discounts risk without zeroing it
|
|
54
|
+
assert 0.0 < path.risk_score < 0.5
|
|
55
|
+
finally:
|
|
56
|
+
g.close()
|
|
@@ -79,6 +79,31 @@ def test_sanitizer_matching_and_category_lookup():
|
|
|
79
79
|
assert reg.sanitizers_for_category("command_exec")[0].id == "san"
|
|
80
80
|
|
|
81
81
|
|
|
82
|
+
def test_builtin_sanitizers_cover_all_languages():
|
|
83
|
+
# every supported language now ships sanitizers, matched against the exact
|
|
84
|
+
# canonical callee form its resolver produces.
|
|
85
|
+
reg = builtin_registry()
|
|
86
|
+
cases = [
|
|
87
|
+
("go:path/filepath.Clean", "go.sanitize.filepath-clean"),
|
|
88
|
+
("go:strconv.Atoi", "go.sanitize.strconv-sql"),
|
|
89
|
+
("java:*.forHtml", "java.sanitize.html-encode"),
|
|
90
|
+
("java:*.getFileName", "java.sanitize.path-normalize"),
|
|
91
|
+
("rb:*.shellescape", "rb.sanitize.shellwords"),
|
|
92
|
+
("rb:File.basename", "rb.sanitize.basename"),
|
|
93
|
+
("cs:System.IO.Path.GetFileName", "cs.sanitize.path-getfilename"),
|
|
94
|
+
("cs:*.AddWithValue", "cs.sanitize.sql-parameter"),
|
|
95
|
+
("php:escapeshellarg", "php.sanitize.escapeshell"),
|
|
96
|
+
("php:htmlspecialchars", "php.sanitize.htmlspecialchars"),
|
|
97
|
+
("rs:shell_escape.escape", "rs.sanitize.shell-escape"),
|
|
98
|
+
("rs:*.file_name", "rs.sanitize.path-filename"),
|
|
99
|
+
]
|
|
100
|
+
for callee, sid in cases:
|
|
101
|
+
assert sid in {s.id for s in reg.match_sanitizers(callee)}, callee
|
|
102
|
+
# all eight languages represented
|
|
103
|
+
langs = {sid.split(".")[0] for sid in reg.sanitizers}
|
|
104
|
+
assert langs == {"py", "js", "go", "java", "rb", "cs", "php", "rs"}
|
|
105
|
+
|
|
106
|
+
|
|
82
107
|
def test_match_source_and_source_category():
|
|
83
108
|
reg = SinkRegistry(
|
|
84
109
|
sinks=[],
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/csharp/aspnet_app/Services/ReportService.cs
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{entrygraph-0.1.26 → entrygraph-0.1.27}/tests/fixtures/javascript/express_app/src/services.js
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|