entrygraph 0.1.30__tar.gz → 0.1.31__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (198) hide show
  1. {entrygraph-0.1.30 → entrygraph-0.1.31}/PKG-INFO +1 -1
  2. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/_version.py +2 -2
  3. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/api.py +14 -1
  4. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_reachability.py +24 -0
  5. {entrygraph-0.1.30 → entrygraph-0.1.31}/.github/workflows/ci.yml +0 -0
  6. {entrygraph-0.1.30 → entrygraph-0.1.31}/.github/workflows/release.yml +0 -0
  7. {entrygraph-0.1.30 → entrygraph-0.1.31}/.gitignore +0 -0
  8. {entrygraph-0.1.30 → entrygraph-0.1.31}/LICENSE +0 -0
  9. {entrygraph-0.1.30 → entrygraph-0.1.31}/README.md +0 -0
  10. {entrygraph-0.1.30 → entrygraph-0.1.31}/RELEASING.md +0 -0
  11. {entrygraph-0.1.30 → entrygraph-0.1.31}/pyproject.toml +0 -0
  12. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/__init__.py +0 -0
  13. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/__main__.py +0 -0
  14. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/cli/__init__.py +0 -0
  15. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/cli/main.py +0 -0
  16. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/cli/render.py +0 -0
  17. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/csharp.toml +0 -0
  18. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/go.toml +0 -0
  19. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/java.toml +0 -0
  20. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/javascript.toml +0 -0
  21. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/lib_javascript.toml +0 -0
  22. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/lib_python.toml +0 -0
  23. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/php.toml +0 -0
  24. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/python.toml +0 -0
  25. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/ruby.toml +0 -0
  26. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/rust.toml +0 -0
  27. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/db/__init__.py +0 -0
  28. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/db/engine.py +0 -0
  29. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/db/meta.py +0 -0
  30. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/db/models.py +0 -0
  31. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/db/queries.py +0 -0
  32. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/__init__.py +0 -0
  33. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/__init__.py +0 -0
  34. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/base.py +0 -0
  35. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/configs.py +0 -0
  36. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/csharp.py +0 -0
  37. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/golang.py +0 -0
  38. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/java.py +0 -0
  39. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/javascript.py +0 -0
  40. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/php.py +0 -0
  41. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/python.py +0 -0
  42. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/ruby.py +0 -0
  43. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/rust.py +0 -0
  44. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/frameworks.py +0 -0
  45. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/manifests.py +0 -0
  46. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/taint.py +0 -0
  47. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/errors.py +0 -0
  48. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/__init__.py +0 -0
  49. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/base.py +0 -0
  50. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/csharp.py +0 -0
  51. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/golang.py +0 -0
  52. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/ir.py +0 -0
  53. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/java.py +0 -0
  54. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/javascript.py +0 -0
  55. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/php.py +0 -0
  56. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/python.py +0 -0
  57. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/registry.py +0 -0
  58. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/ruby.py +0 -0
  59. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/rust.py +0 -0
  60. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/fs/__init__.py +0 -0
  61. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/fs/hashing.py +0 -0
  62. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/fs/lang.py +0 -0
  63. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/fs/walker.py +0 -0
  64. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/graph/__init__.py +0 -0
  65. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/graph/adjacency.py +0 -0
  66. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/graph/cte.py +0 -0
  67. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/graph/scoring.py +0 -0
  68. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/kinds.py +0 -0
  69. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/parsing/__init__.py +0 -0
  70. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/parsing/parsers.py +0 -0
  71. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/parsing/queries.py +0 -0
  72. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/pipeline/__init__.py +0 -0
  73. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/pipeline/scanner.py +0 -0
  74. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/pipeline/worker.py +0 -0
  75. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/pipeline/writer.py +0 -0
  76. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/py.typed +0 -0
  77. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/csharp/calls.scm +0 -0
  78. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/csharp/definitions.scm +0 -0
  79. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/csharp/imports.scm +0 -0
  80. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/go/calls.scm +0 -0
  81. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/go/definitions.scm +0 -0
  82. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/go/imports.scm +0 -0
  83. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/java/calls.scm +0 -0
  84. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/java/definitions.scm +0 -0
  85. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/java/imports.scm +0 -0
  86. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/javascript/calls.scm +0 -0
  87. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/javascript/definitions.scm +0 -0
  88. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/javascript/imports.scm +0 -0
  89. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/php/calls.scm +0 -0
  90. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/php/definitions.scm +0 -0
  91. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/php/imports.scm +0 -0
  92. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/python/calls.scm +0 -0
  93. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/python/definitions.scm +0 -0
  94. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/python/imports.scm +0 -0
  95. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/ruby/calls.scm +0 -0
  96. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/ruby/definitions.scm +0 -0
  97. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/ruby/imports.scm +0 -0
  98. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/rust/calls.scm +0 -0
  99. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/rust/definitions.scm +0 -0
  100. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/rust/imports.scm +0 -0
  101. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/resolve/__init__.py +0 -0
  102. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/resolve/externals.py +0 -0
  103. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/resolve/hierarchy.py +0 -0
  104. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/resolve/resolver.py +0 -0
  105. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/resolve/symbol_table.py +0 -0
  106. {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/results.py +0 -0
  107. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/conftest.py +0 -0
  108. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/csharp/aspnet_app/Controllers/ReportsController.cs +0 -0
  109. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/csharp/aspnet_app/Program.cs +0 -0
  110. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/csharp/aspnet_app/Services/ReportService.cs +0 -0
  111. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/csharp/aspnet_app/app.csproj +0 -0
  112. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/csharp/minimalapi_app/Program.cs +0 -0
  113. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/csharp/minimalapi_app/app.csproj +0 -0
  114. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/go/gin_app/go.mod +0 -0
  115. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/go/gin_app/main.go +0 -0
  116. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/go/gin_app/service.go +0 -0
  117. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/go/nethttp_app/go.mod +0 -0
  118. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/go/nethttp_app/main.go +0 -0
  119. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/java/methodref_app/pom.xml +0 -0
  120. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/java/methodref_app/src/main/java/com/example/App.java +0 -0
  121. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/java/spring_app/pom.xml +0 -0
  122. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/java/spring_app/src/main/java/com/example/Application.java +0 -0
  123. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/java/spring_app/src/main/java/com/example/ReportRunner.java +0 -0
  124. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/java/spring_app/src/main/java/com/example/ReportService.java +0 -0
  125. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/java/spring_app/src/main/java/com/example/UserController.java +0 -0
  126. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/javascript/commonjs_app/server.js +0 -0
  127. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/javascript/express_app/package.json +0 -0
  128. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/javascript/express_app/src/routes.js +0 -0
  129. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/javascript/express_app/src/services.js +0 -0
  130. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/php/laravel_app/app/Http/Controllers/ReportController.php +0 -0
  131. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/php/laravel_app/artisan +0 -0
  132. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/php/laravel_app/composer.json +0 -0
  133. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/php/laravel_app/routes/web.php +0 -0
  134. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/chained_sinks/app.py +0 -0
  135. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/flask_app/app/__init__.py +0 -0
  136. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/flask_app/app/db.py +0 -0
  137. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/flask_app/app/routes.py +0 -0
  138. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/flask_app/app/services.py +0 -0
  139. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/flask_app/cli.py +0 -0
  140. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/flask_app/requirements.txt +0 -0
  141. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/fuzzy_sink/app.py +0 -0
  142. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/heal_fidelity/caller.py +0 -0
  143. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/heal_fidelity/worker.py +0 -0
  144. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/may_continue/app.py +0 -0
  145. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/sanitizer/app.py +0 -0
  146. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/taint_source/handler.py +0 -0
  147. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/ruby/sinatra_app/Gemfile +0 -0
  148. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/ruby/sinatra_app/app.rb +0 -0
  149. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/ruby/sinatra_app/services/runner.rb +0 -0
  150. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/rust/axum_app/Cargo.toml +0 -0
  151. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/rust/axum_app/src/handlers.rs +0 -0
  152. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/rust/axum_app/src/main.rs +0 -0
  153. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/rust/axum_callback_app/Cargo.toml +0 -0
  154. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/rust/axum_callback_app/src/main.rs +0 -0
  155. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/rust/scoped_sink_app/Cargo.toml +0 -0
  156. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/rust/scoped_sink_app/src/main.rs +0 -0
  157. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_api.py +0 -0
  158. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_cli.py +0 -0
  159. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_commonjs.py +0 -0
  160. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_csharp_callbacks.py +0 -0
  161. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_cte_bounds.py +0 -0
  162. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_engine_pragmas.py +0 -0
  163. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_entrypoint_expansion.py +0 -0
  164. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_entrypoints.py +0 -0
  165. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_csharp.py +0 -0
  166. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_go.py +0 -0
  167. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_java.py +0 -0
  168. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_javascript.py +0 -0
  169. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_php.py +0 -0
  170. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_python.py +0 -0
  171. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_ruby.py +0 -0
  172. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_rust.py +0 -0
  173. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_frameworks.py +0 -0
  174. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_fuzzy_sink.py +0 -0
  175. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_go_callbacks.py +0 -0
  176. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_hardening.py +0 -0
  177. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_heal_fidelity.py +0 -0
  178. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_incremental.py +0 -0
  179. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_indexer.py +0 -0
  180. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_java_callbacks.py +0 -0
  181. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_lang.py +0 -0
  182. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_manifests.py +0 -0
  183. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_may_continue.py +0 -0
  184. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_models.py +0 -0
  185. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_pool.py +0 -0
  186. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_registry_cache.py +0 -0
  187. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_render.py +0 -0
  188. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_resolver.py +0 -0
  189. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_rust_callbacks.py +0 -0
  190. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_rust_scoped_sinks.py +0 -0
  191. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_sanitizer_languages.py +0 -0
  192. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_scoring.py +0 -0
  193. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_sink_catalog.py +0 -0
  194. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_taint.py +0 -0
  195. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_taint_sanitizers.py +0 -0
  196. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_taint_sources.py +0 -0
  197. {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_walker.py +0 -0
  198. {entrygraph-0.1.30 → entrygraph-0.1.31}/uv.lock +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: entrygraph
3
- Version: 0.1.30
3
+ Version: 0.1.31
4
4
  Summary: Language-agnostic code graph: query symbols, entrypoints, and source-to-sink call paths from a SQLite index
5
5
  Project-URL: Repository, https://github.com/brettbergin/entrygraph
6
6
  Author-email: Brett Bergin <brettberginbc@yahoo.com>
@@ -18,7 +18,7 @@ version_tuple: tuple[int | str, ...]
18
18
  commit_id: str | None
19
19
  __commit_id__: str | None
20
20
 
21
- __version__ = version = '0.1.30'
22
- __version_tuple__ = version_tuple = (0, 1, 30)
21
+ __version__ = version = '0.1.31'
22
+ __version_tuple__ = version_tuple = (0, 1, 31)
23
23
 
24
24
  __commit_id__ = commit_id = None
@@ -26,7 +26,7 @@ from entrygraph.errors import (
26
26
  )
27
27
  from entrygraph.graph.adjacency import AdjacencyCache
28
28
  from entrygraph.graph.scoring import is_constant_args, score_path
29
- from entrygraph.kinds import Confidence
29
+ from entrygraph.kinds import Confidence, EntrypointKind
30
30
  from entrygraph.results import (
31
31
  CallPath,
32
32
  DetectedFramework,
@@ -507,6 +507,19 @@ class CodeGraph:
507
507
  )
508
508
  ).scalars()
509
509
  ids |= set(rows)
510
+ if source_category == "http_input":
511
+ # Every HTTP route handler receives attacker-controlled request
512
+ # data, so the handler itself is an http_input source. This covers
513
+ # frameworks whose request access is a property read (Express
514
+ # `req.body`, Symfony `$request->get`) rather than a catalog-matched
515
+ # call, which otherwise yield zero source edges (F-H9) — Express/
516
+ # Symfony apps could never produce a taint path.
517
+ ep_rows = session.execute(
518
+ select(models.Entrypoint.symbol_id).where(
519
+ models.Entrypoint.kind == EntrypointKind.HTTP_ROUTE
520
+ )
521
+ ).scalars()
522
+ ids |= set(ep_rows)
510
523
  return ids
511
524
 
512
525
  def _sink_ids(self, session: Session, sink, sink_category: str | None) -> set[int]:
@@ -146,3 +146,27 @@ def test_dfs_reports_truncation_when_budget_is_spent(monkeypatch):
146
146
  result = cache.paths({1}, {3}, max_paths=10)
147
147
  assert result == [] # budget spent before reaching the sink
148
148
  assert result.truncated is True
149
+
150
+
151
+ def test_http_route_handler_is_an_http_input_source(tmp_path):
152
+ # Express reads request data as a property (`req.body`), not a catalog-matched
153
+ # call, so it produces no source edge — the handler itself must count as an
154
+ # http_input source or the app can never yield a taint path (#34 / F-H9).
155
+ src = tmp_path / "src"
156
+ src.mkdir(parents=True)
157
+ (tmp_path / "package.json").write_text('{"name":"app","dependencies":{"express":"^4"}}')
158
+ (src / "app.js").write_text(
159
+ 'const express = require("express");\n'
160
+ 'const { exec } = require("child_process");\n'
161
+ "const app = express();\n"
162
+ "function runReport(req, res) {\n"
163
+ " const name = req.body.name;\n" # property-read source (not a call)
164
+ ' exec("report " + name);\n' # command_exec sink
165
+ "}\n"
166
+ 'app.post("/reports", runReport);\n'
167
+ )
168
+ graph = CodeGraph.index(tmp_path, db=tmp_path / "g.db")
169
+ paths = graph.paths(source_category="http_input", sink_category="command_exec")
170
+ graph.close()
171
+ chains = [[s.qname for s in p.symbols] for p in paths]
172
+ assert ["app.runReport", "js:child_process.exec"] in chains
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes