entrygraph 0.1.30__tar.gz → 0.1.31__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {entrygraph-0.1.30 → entrygraph-0.1.31}/PKG-INFO +1 -1
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/_version.py +2 -2
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/api.py +14 -1
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_reachability.py +24 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/.github/workflows/ci.yml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/.github/workflows/release.yml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/.gitignore +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/LICENSE +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/README.md +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/RELEASING.md +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/pyproject.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/__main__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/cli/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/cli/main.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/cli/render.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/csharp.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/go.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/java.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/javascript.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/lib_javascript.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/lib_python.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/php.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/python.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/ruby.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/data/sinks/rust.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/db/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/db/engine.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/db/meta.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/db/models.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/db/queries.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/base.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/configs.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/csharp.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/golang.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/java.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/javascript.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/php.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/python.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/ruby.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/entrypoints/rust.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/frameworks.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/manifests.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/detect/taint.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/errors.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/base.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/csharp.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/golang.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/ir.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/java.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/javascript.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/php.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/python.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/registry.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/ruby.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/extract/rust.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/fs/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/fs/hashing.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/fs/lang.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/fs/walker.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/graph/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/graph/adjacency.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/graph/cte.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/graph/scoring.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/kinds.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/parsing/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/parsing/parsers.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/parsing/queries.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/pipeline/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/pipeline/scanner.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/pipeline/worker.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/pipeline/writer.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/py.typed +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/csharp/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/csharp/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/csharp/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/go/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/go/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/go/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/java/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/java/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/java/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/javascript/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/javascript/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/javascript/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/php/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/php/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/php/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/python/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/python/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/python/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/ruby/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/ruby/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/ruby/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/rust/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/rust/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/queries/rust/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/resolve/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/resolve/externals.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/resolve/hierarchy.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/resolve/resolver.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/resolve/symbol_table.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/src/entrygraph/results.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/conftest.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/csharp/aspnet_app/Controllers/ReportsController.cs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/csharp/aspnet_app/Program.cs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/csharp/aspnet_app/Services/ReportService.cs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/csharp/aspnet_app/app.csproj +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/csharp/minimalapi_app/Program.cs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/csharp/minimalapi_app/app.csproj +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/go/gin_app/go.mod +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/go/gin_app/main.go +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/go/gin_app/service.go +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/go/nethttp_app/go.mod +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/go/nethttp_app/main.go +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/java/methodref_app/pom.xml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/java/methodref_app/src/main/java/com/example/App.java +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/java/spring_app/pom.xml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/java/spring_app/src/main/java/com/example/Application.java +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/java/spring_app/src/main/java/com/example/ReportRunner.java +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/java/spring_app/src/main/java/com/example/ReportService.java +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/java/spring_app/src/main/java/com/example/UserController.java +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/javascript/commonjs_app/server.js +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/javascript/express_app/package.json +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/javascript/express_app/src/routes.js +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/javascript/express_app/src/services.js +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/php/laravel_app/app/Http/Controllers/ReportController.php +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/php/laravel_app/artisan +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/php/laravel_app/composer.json +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/php/laravel_app/routes/web.php +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/chained_sinks/app.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/flask_app/app/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/flask_app/app/db.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/flask_app/app/routes.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/flask_app/app/services.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/flask_app/cli.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/flask_app/requirements.txt +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/fuzzy_sink/app.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/heal_fidelity/caller.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/heal_fidelity/worker.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/may_continue/app.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/sanitizer/app.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/python/taint_source/handler.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/ruby/sinatra_app/Gemfile +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/ruby/sinatra_app/app.rb +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/ruby/sinatra_app/services/runner.rb +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/rust/axum_app/Cargo.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/rust/axum_app/src/handlers.rs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/rust/axum_app/src/main.rs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/rust/axum_callback_app/Cargo.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/rust/axum_callback_app/src/main.rs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/rust/scoped_sink_app/Cargo.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/rust/scoped_sink_app/src/main.rs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_api.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_cli.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_commonjs.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_csharp_callbacks.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_cte_bounds.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_engine_pragmas.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_entrypoint_expansion.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_entrypoints.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_csharp.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_go.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_java.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_javascript.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_php.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_python.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_ruby.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_extract_rust.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_frameworks.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_fuzzy_sink.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_go_callbacks.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_hardening.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_heal_fidelity.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_incremental.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_indexer.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_java_callbacks.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_lang.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_manifests.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_may_continue.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_models.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_pool.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_registry_cache.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_render.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_resolver.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_rust_callbacks.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_rust_scoped_sinks.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_sanitizer_languages.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_scoring.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_sink_catalog.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_taint.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_taint_sanitizers.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_taint_sources.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/tests/test_walker.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.31}/uv.lock +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: entrygraph
|
|
3
|
-
Version: 0.1.
|
|
3
|
+
Version: 0.1.31
|
|
4
4
|
Summary: Language-agnostic code graph: query symbols, entrypoints, and source-to-sink call paths from a SQLite index
|
|
5
5
|
Project-URL: Repository, https://github.com/brettbergin/entrygraph
|
|
6
6
|
Author-email: Brett Bergin <brettberginbc@yahoo.com>
|
|
@@ -18,7 +18,7 @@ version_tuple: tuple[int | str, ...]
|
|
|
18
18
|
commit_id: str | None
|
|
19
19
|
__commit_id__: str | None
|
|
20
20
|
|
|
21
|
-
__version__ = version = '0.1.
|
|
22
|
-
__version_tuple__ = version_tuple = (0, 1,
|
|
21
|
+
__version__ = version = '0.1.31'
|
|
22
|
+
__version_tuple__ = version_tuple = (0, 1, 31)
|
|
23
23
|
|
|
24
24
|
__commit_id__ = commit_id = None
|
|
@@ -26,7 +26,7 @@ from entrygraph.errors import (
|
|
|
26
26
|
)
|
|
27
27
|
from entrygraph.graph.adjacency import AdjacencyCache
|
|
28
28
|
from entrygraph.graph.scoring import is_constant_args, score_path
|
|
29
|
-
from entrygraph.kinds import Confidence
|
|
29
|
+
from entrygraph.kinds import Confidence, EntrypointKind
|
|
30
30
|
from entrygraph.results import (
|
|
31
31
|
CallPath,
|
|
32
32
|
DetectedFramework,
|
|
@@ -507,6 +507,19 @@ class CodeGraph:
|
|
|
507
507
|
)
|
|
508
508
|
).scalars()
|
|
509
509
|
ids |= set(rows)
|
|
510
|
+
if source_category == "http_input":
|
|
511
|
+
# Every HTTP route handler receives attacker-controlled request
|
|
512
|
+
# data, so the handler itself is an http_input source. This covers
|
|
513
|
+
# frameworks whose request access is a property read (Express
|
|
514
|
+
# `req.body`, Symfony `$request->get`) rather than a catalog-matched
|
|
515
|
+
# call, which otherwise yield zero source edges (F-H9) — Express/
|
|
516
|
+
# Symfony apps could never produce a taint path.
|
|
517
|
+
ep_rows = session.execute(
|
|
518
|
+
select(models.Entrypoint.symbol_id).where(
|
|
519
|
+
models.Entrypoint.kind == EntrypointKind.HTTP_ROUTE
|
|
520
|
+
)
|
|
521
|
+
).scalars()
|
|
522
|
+
ids |= set(ep_rows)
|
|
510
523
|
return ids
|
|
511
524
|
|
|
512
525
|
def _sink_ids(self, session: Session, sink, sink_category: str | None) -> set[int]:
|
|
@@ -146,3 +146,27 @@ def test_dfs_reports_truncation_when_budget_is_spent(monkeypatch):
|
|
|
146
146
|
result = cache.paths({1}, {3}, max_paths=10)
|
|
147
147
|
assert result == [] # budget spent before reaching the sink
|
|
148
148
|
assert result.truncated is True
|
|
149
|
+
|
|
150
|
+
|
|
151
|
+
def test_http_route_handler_is_an_http_input_source(tmp_path):
|
|
152
|
+
# Express reads request data as a property (`req.body`), not a catalog-matched
|
|
153
|
+
# call, so it produces no source edge — the handler itself must count as an
|
|
154
|
+
# http_input source or the app can never yield a taint path (#34 / F-H9).
|
|
155
|
+
src = tmp_path / "src"
|
|
156
|
+
src.mkdir(parents=True)
|
|
157
|
+
(tmp_path / "package.json").write_text('{"name":"app","dependencies":{"express":"^4"}}')
|
|
158
|
+
(src / "app.js").write_text(
|
|
159
|
+
'const express = require("express");\n'
|
|
160
|
+
'const { exec } = require("child_process");\n'
|
|
161
|
+
"const app = express();\n"
|
|
162
|
+
"function runReport(req, res) {\n"
|
|
163
|
+
" const name = req.body.name;\n" # property-read source (not a call)
|
|
164
|
+
' exec("report " + name);\n' # command_exec sink
|
|
165
|
+
"}\n"
|
|
166
|
+
'app.post("/reports", runReport);\n'
|
|
167
|
+
)
|
|
168
|
+
graph = CodeGraph.index(tmp_path, db=tmp_path / "g.db")
|
|
169
|
+
paths = graph.paths(source_category="http_input", sink_category="command_exec")
|
|
170
|
+
graph.close()
|
|
171
|
+
chains = [[s.qname for s in p.symbols] for p in paths]
|
|
172
|
+
assert ["app.runReport", "js:child_process.exec"] in chains
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/csharp/aspnet_app/Services/ReportService.cs
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{entrygraph-0.1.30 → entrygraph-0.1.31}/tests/fixtures/javascript/express_app/src/services.js
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|