entrygraph 0.1.30__tar.gz → 0.1.32__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {entrygraph-0.1.30 → entrygraph-0.1.32}/PKG-INFO +1 -1
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/_version.py +2 -2
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/api.py +14 -1
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/data/sinks/go.toml +6 -1
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/data/sinks/javascript.toml +12 -2
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_reachability.py +24 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_sink_catalog.py +24 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/.github/workflows/ci.yml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/.github/workflows/release.yml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/.gitignore +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/LICENSE +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/README.md +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/RELEASING.md +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/pyproject.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/__main__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/cli/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/cli/main.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/cli/render.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/data/sinks/csharp.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/data/sinks/java.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/data/sinks/lib_javascript.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/data/sinks/lib_python.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/data/sinks/php.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/data/sinks/python.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/data/sinks/ruby.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/data/sinks/rust.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/db/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/db/engine.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/db/meta.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/db/models.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/db/queries.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/entrypoints/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/entrypoints/base.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/entrypoints/configs.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/entrypoints/csharp.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/entrypoints/golang.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/entrypoints/java.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/entrypoints/javascript.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/entrypoints/php.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/entrypoints/python.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/entrypoints/ruby.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/entrypoints/rust.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/frameworks.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/manifests.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/detect/taint.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/errors.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/extract/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/extract/base.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/extract/csharp.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/extract/golang.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/extract/ir.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/extract/java.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/extract/javascript.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/extract/php.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/extract/python.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/extract/registry.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/extract/ruby.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/extract/rust.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/fs/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/fs/hashing.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/fs/lang.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/fs/walker.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/graph/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/graph/adjacency.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/graph/cte.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/graph/scoring.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/kinds.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/parsing/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/parsing/parsers.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/parsing/queries.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/pipeline/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/pipeline/scanner.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/pipeline/worker.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/pipeline/writer.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/py.typed +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/csharp/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/csharp/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/csharp/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/go/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/go/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/go/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/java/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/java/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/java/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/javascript/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/javascript/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/javascript/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/php/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/php/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/php/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/python/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/python/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/python/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/ruby/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/ruby/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/ruby/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/rust/calls.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/rust/definitions.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/queries/rust/imports.scm +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/resolve/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/resolve/externals.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/resolve/hierarchy.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/resolve/resolver.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/resolve/symbol_table.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/src/entrygraph/results.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/conftest.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/csharp/aspnet_app/Controllers/ReportsController.cs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/csharp/aspnet_app/Program.cs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/csharp/aspnet_app/Services/ReportService.cs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/csharp/aspnet_app/app.csproj +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/csharp/minimalapi_app/Program.cs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/csharp/minimalapi_app/app.csproj +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/go/gin_app/go.mod +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/go/gin_app/main.go +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/go/gin_app/service.go +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/go/nethttp_app/go.mod +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/go/nethttp_app/main.go +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/java/methodref_app/pom.xml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/java/methodref_app/src/main/java/com/example/App.java +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/java/spring_app/pom.xml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/java/spring_app/src/main/java/com/example/Application.java +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/java/spring_app/src/main/java/com/example/ReportRunner.java +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/java/spring_app/src/main/java/com/example/ReportService.java +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/java/spring_app/src/main/java/com/example/UserController.java +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/javascript/commonjs_app/server.js +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/javascript/express_app/package.json +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/javascript/express_app/src/routes.js +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/javascript/express_app/src/services.js +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/php/laravel_app/app/Http/Controllers/ReportController.php +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/php/laravel_app/artisan +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/php/laravel_app/composer.json +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/php/laravel_app/routes/web.php +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/python/chained_sinks/app.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/python/flask_app/app/__init__.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/python/flask_app/app/db.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/python/flask_app/app/routes.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/python/flask_app/app/services.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/python/flask_app/cli.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/python/flask_app/requirements.txt +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/python/fuzzy_sink/app.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/python/heal_fidelity/caller.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/python/heal_fidelity/worker.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/python/may_continue/app.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/python/sanitizer/app.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/python/taint_source/handler.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/ruby/sinatra_app/Gemfile +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/ruby/sinatra_app/app.rb +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/ruby/sinatra_app/services/runner.rb +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/rust/axum_app/Cargo.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/rust/axum_app/src/handlers.rs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/rust/axum_app/src/main.rs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/rust/axum_callback_app/Cargo.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/rust/axum_callback_app/src/main.rs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/rust/scoped_sink_app/Cargo.toml +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/rust/scoped_sink_app/src/main.rs +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_api.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_cli.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_commonjs.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_csharp_callbacks.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_cte_bounds.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_engine_pragmas.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_entrypoint_expansion.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_entrypoints.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_extract_csharp.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_extract_go.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_extract_java.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_extract_javascript.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_extract_php.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_extract_python.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_extract_ruby.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_extract_rust.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_frameworks.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_fuzzy_sink.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_go_callbacks.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_hardening.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_heal_fidelity.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_incremental.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_indexer.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_java_callbacks.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_lang.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_manifests.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_may_continue.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_models.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_pool.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_registry_cache.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_render.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_resolver.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_rust_callbacks.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_rust_scoped_sinks.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_sanitizer_languages.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_scoring.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_taint.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_taint_sanitizers.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_taint_sources.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/tests/test_walker.py +0 -0
- {entrygraph-0.1.30 → entrygraph-0.1.32}/uv.lock +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: entrygraph
|
|
3
|
-
Version: 0.1.
|
|
3
|
+
Version: 0.1.32
|
|
4
4
|
Summary: Language-agnostic code graph: query symbols, entrypoints, and source-to-sink call paths from a SQLite index
|
|
5
5
|
Project-URL: Repository, https://github.com/brettbergin/entrygraph
|
|
6
6
|
Author-email: Brett Bergin <brettberginbc@yahoo.com>
|
|
@@ -18,7 +18,7 @@ version_tuple: tuple[int | str, ...]
|
|
|
18
18
|
commit_id: str | None
|
|
19
19
|
__commit_id__: str | None
|
|
20
20
|
|
|
21
|
-
__version__ = version = '0.1.
|
|
22
|
-
__version_tuple__ = version_tuple = (0, 1,
|
|
21
|
+
__version__ = version = '0.1.32'
|
|
22
|
+
__version_tuple__ = version_tuple = (0, 1, 32)
|
|
23
23
|
|
|
24
24
|
__commit_id__ = commit_id = None
|
|
@@ -26,7 +26,7 @@ from entrygraph.errors import (
|
|
|
26
26
|
)
|
|
27
27
|
from entrygraph.graph.adjacency import AdjacencyCache
|
|
28
28
|
from entrygraph.graph.scoring import is_constant_args, score_path
|
|
29
|
-
from entrygraph.kinds import Confidence
|
|
29
|
+
from entrygraph.kinds import Confidence, EntrypointKind
|
|
30
30
|
from entrygraph.results import (
|
|
31
31
|
CallPath,
|
|
32
32
|
DetectedFramework,
|
|
@@ -507,6 +507,19 @@ class CodeGraph:
|
|
|
507
507
|
)
|
|
508
508
|
).scalars()
|
|
509
509
|
ids |= set(rows)
|
|
510
|
+
if source_category == "http_input":
|
|
511
|
+
# Every HTTP route handler receives attacker-controlled request
|
|
512
|
+
# data, so the handler itself is an http_input source. This covers
|
|
513
|
+
# frameworks whose request access is a property read (Express
|
|
514
|
+
# `req.body`, Symfony `$request->get`) rather than a catalog-matched
|
|
515
|
+
# call, which otherwise yield zero source edges (F-H9) — Express/
|
|
516
|
+
# Symfony apps could never produce a taint path.
|
|
517
|
+
ep_rows = session.execute(
|
|
518
|
+
select(models.Entrypoint.symbol_id).where(
|
|
519
|
+
models.Entrypoint.kind == EntrypointKind.HTTP_ROUTE
|
|
520
|
+
)
|
|
521
|
+
).scalars()
|
|
522
|
+
ids |= set(ep_rows)
|
|
510
523
|
return ids
|
|
511
524
|
|
|
512
525
|
def _sink_ids(self, session: Session, sink, sink_category: str | None) -> set[int]:
|
|
@@ -23,7 +23,12 @@ id = "go.sql-query"
|
|
|
23
23
|
category = "sql"
|
|
24
24
|
severity = "medium"
|
|
25
25
|
callee = "go:*.{Query,QueryRow,Exec,QueryContext,ExecContext,QueryRowContext}"
|
|
26
|
-
|
|
26
|
+
# Receiver-agnostic `.Query`/`.Exec` collide with non-SQL APIs (net/url
|
|
27
|
+
# `URL.Query()`, gin `c.Query("id")`, which take no arg or a constant). Require the
|
|
28
|
+
# argument to show string concatenation or fmt.Sprintf — the SQL-injection signal.
|
|
29
|
+
# A constant or parameterized ($1/?) query is not flagged.
|
|
30
|
+
require_arg_hint = "\\+|Sprintf"
|
|
31
|
+
description = "SQL statement execution (receiver-agnostic, dynamic-arg; database/sql)"
|
|
27
32
|
|
|
28
33
|
[[sink]]
|
|
29
34
|
id = "go.file-write"
|
|
@@ -13,7 +13,12 @@ description = "Child process execution"
|
|
|
13
13
|
id = "js.command-exec.member"
|
|
14
14
|
category = "command_exec"
|
|
15
15
|
severity = "high"
|
|
16
|
-
|
|
16
|
+
# `exec` is deliberately excluded from this unknown-receiver wildcard: it collides
|
|
17
|
+
# with RegExp.prototype.exec (a very common false positive), and real child_process
|
|
18
|
+
# exec — destructured `const {exec}` or aliased `cp.exec` — resolves to
|
|
19
|
+
# js:child_process.exec via the import map and is caught by the specific sink above.
|
|
20
|
+
# execSync/spawn/spawnSync have no built-in method collision, so they stay.
|
|
21
|
+
callee = "js:*.{execSync,spawn,spawnSync}"
|
|
17
22
|
description = "Child process execution (member call)"
|
|
18
23
|
|
|
19
24
|
[[sink]]
|
|
@@ -28,7 +33,12 @@ id = "js.sql-query"
|
|
|
28
33
|
category = "sql"
|
|
29
34
|
severity = "medium"
|
|
30
35
|
callee = "js:*.{query,execute,raw}"
|
|
31
|
-
|
|
36
|
+
# Receiver-agnostic `.query`/`.execute` collide with non-SQL APIs (DOM/tRPC/nock
|
|
37
|
+
# `.query`, `URL.query`). Require the argument to show string concatenation or
|
|
38
|
+
# template interpolation — the actual SQL-injection signal — mirroring the knex/
|
|
39
|
+
# sequelize lib patterns. A constant or parameterized query is not flagged.
|
|
40
|
+
require_arg_hint = "\\+|\\$\\{|`"
|
|
41
|
+
description = "SQL query execution (receiver-agnostic, dynamic-arg)"
|
|
32
42
|
|
|
33
43
|
[[sink]]
|
|
34
44
|
id = "js.file-write"
|
|
@@ -146,3 +146,27 @@ def test_dfs_reports_truncation_when_budget_is_spent(monkeypatch):
|
|
|
146
146
|
result = cache.paths({1}, {3}, max_paths=10)
|
|
147
147
|
assert result == [] # budget spent before reaching the sink
|
|
148
148
|
assert result.truncated is True
|
|
149
|
+
|
|
150
|
+
|
|
151
|
+
def test_http_route_handler_is_an_http_input_source(tmp_path):
|
|
152
|
+
# Express reads request data as a property (`req.body`), not a catalog-matched
|
|
153
|
+
# call, so it produces no source edge — the handler itself must count as an
|
|
154
|
+
# http_input source or the app can never yield a taint path (#34 / F-H9).
|
|
155
|
+
src = tmp_path / "src"
|
|
156
|
+
src.mkdir(parents=True)
|
|
157
|
+
(tmp_path / "package.json").write_text('{"name":"app","dependencies":{"express":"^4"}}')
|
|
158
|
+
(src / "app.js").write_text(
|
|
159
|
+
'const express = require("express");\n'
|
|
160
|
+
'const { exec } = require("child_process");\n'
|
|
161
|
+
"const app = express();\n"
|
|
162
|
+
"function runReport(req, res) {\n"
|
|
163
|
+
" const name = req.body.name;\n" # property-read source (not a call)
|
|
164
|
+
' exec("report " + name);\n' # command_exec sink
|
|
165
|
+
"}\n"
|
|
166
|
+
'app.post("/reports", runReport);\n'
|
|
167
|
+
)
|
|
168
|
+
graph = CodeGraph.index(tmp_path, db=tmp_path / "g.db")
|
|
169
|
+
paths = graph.paths(source_category="http_input", sink_category="command_exec")
|
|
170
|
+
graph.close()
|
|
171
|
+
chains = [[s.qname for s in p.symbols] for p in paths]
|
|
172
|
+
assert ["app.runReport", "js:child_process.exec"] in chains
|
|
@@ -49,3 +49,27 @@ def test_spot_check_new_sinks(registry):
|
|
|
49
49
|
def test_categories_are_queryable(registry):
|
|
50
50
|
for category in ("ssrf", "xxe", "weak_crypto", "path_traversal", "jndi"):
|
|
51
51
|
assert registry.ids_for_category(category), f"no sinks for {category}"
|
|
52
|
+
|
|
53
|
+
|
|
54
|
+
def test_regexp_exec_is_not_a_command_sink(registry):
|
|
55
|
+
# `js:*.exec` collided with RegExp.prototype.exec. Real child_process exec
|
|
56
|
+
# resolves to js:child_process.exec (imported/aliased) and stays tagged; the
|
|
57
|
+
# bare unknown-receiver `.exec` no longer matches command_exec.
|
|
58
|
+
assert registry.match("js:child_process.exec", "('ls ' + x)") == "js.command-exec.child_process"
|
|
59
|
+
assert registry.match("js:*.exec", "(input)") is None
|
|
60
|
+
# sibling child-process methods with no built-in collision still match
|
|
61
|
+
assert registry.match("js:*.spawn", "(cmd)") == "js.command-exec.member"
|
|
62
|
+
assert registry.match("js:*.execSync", "(cmd)") == "js.command-exec.member"
|
|
63
|
+
|
|
64
|
+
|
|
65
|
+
def test_receiver_agnostic_sql_requires_dynamic_arg(registry):
|
|
66
|
+
# `*.Query`/`*.query` collided with url.Query()/gin c.Query()/DOM .query.
|
|
67
|
+
# Only a concatenated or interpolated argument (the injection signal) tags.
|
|
68
|
+
assert registry.match("go:*.Exec", '("ALTER DATABASE COLLATE " + c)') == "go.sql-query"
|
|
69
|
+
assert registry.match("go:*.Query", "()") is None # url.Query()
|
|
70
|
+
assert registry.match("go:*.Query", '("offset")') is None # gin c.Query("offset")
|
|
71
|
+
assert (
|
|
72
|
+
registry.match("go:*.Exec", '(ctx, "UPDATE t SET k = ? WHERE id = ?")') is None
|
|
73
|
+
) # param'd
|
|
74
|
+
assert registry.match("js:*.query", "('SELECT * FROM t WHERE id = ' + id)") == "js.sql-query"
|
|
75
|
+
assert registry.match("js:*.query", "({ where: { id } })") is None # ORM/tRPC object arg
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/csharp/aspnet_app/Services/ReportService.cs
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{entrygraph-0.1.30 → entrygraph-0.1.32}/tests/fixtures/javascript/express_app/src/services.js
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|