entrygraph 0.1.35__tar.gz → 0.1.37__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (198) hide show
  1. {entrygraph-0.1.35 → entrygraph-0.1.37}/PKG-INFO +1 -1
  2. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/_version.py +2 -2
  3. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/entrypoints/golang.py +43 -20
  4. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/entrypoints/php.py +52 -6
  5. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_entrypoint_expansion.py +80 -0
  6. {entrygraph-0.1.35 → entrygraph-0.1.37}/.github/workflows/ci.yml +0 -0
  7. {entrygraph-0.1.35 → entrygraph-0.1.37}/.github/workflows/release.yml +0 -0
  8. {entrygraph-0.1.35 → entrygraph-0.1.37}/.gitignore +0 -0
  9. {entrygraph-0.1.35 → entrygraph-0.1.37}/LICENSE +0 -0
  10. {entrygraph-0.1.35 → entrygraph-0.1.37}/README.md +0 -0
  11. {entrygraph-0.1.35 → entrygraph-0.1.37}/RELEASING.md +0 -0
  12. {entrygraph-0.1.35 → entrygraph-0.1.37}/pyproject.toml +0 -0
  13. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/__init__.py +0 -0
  14. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/__main__.py +0 -0
  15. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/api.py +0 -0
  16. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/cli/__init__.py +0 -0
  17. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/cli/main.py +0 -0
  18. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/cli/render.py +0 -0
  19. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/data/sinks/csharp.toml +0 -0
  20. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/data/sinks/go.toml +0 -0
  21. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/data/sinks/java.toml +0 -0
  22. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/data/sinks/javascript.toml +0 -0
  23. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/data/sinks/lib_javascript.toml +0 -0
  24. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/data/sinks/lib_python.toml +0 -0
  25. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/data/sinks/php.toml +0 -0
  26. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/data/sinks/python.toml +0 -0
  27. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/data/sinks/ruby.toml +0 -0
  28. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/data/sinks/rust.toml +0 -0
  29. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/db/__init__.py +0 -0
  30. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/db/engine.py +0 -0
  31. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/db/meta.py +0 -0
  32. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/db/models.py +0 -0
  33. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/db/queries.py +0 -0
  34. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/__init__.py +0 -0
  35. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/entrypoints/__init__.py +0 -0
  36. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/entrypoints/base.py +0 -0
  37. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/entrypoints/configs.py +0 -0
  38. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/entrypoints/csharp.py +0 -0
  39. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/entrypoints/java.py +0 -0
  40. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/entrypoints/javascript.py +0 -0
  41. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/entrypoints/python.py +0 -0
  42. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/entrypoints/ruby.py +0 -0
  43. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/entrypoints/rust.py +0 -0
  44. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/frameworks.py +0 -0
  45. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/manifests.py +0 -0
  46. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/detect/taint.py +0 -0
  47. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/errors.py +0 -0
  48. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/extract/__init__.py +0 -0
  49. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/extract/base.py +0 -0
  50. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/extract/csharp.py +0 -0
  51. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/extract/golang.py +0 -0
  52. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/extract/ir.py +0 -0
  53. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/extract/java.py +0 -0
  54. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/extract/javascript.py +0 -0
  55. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/extract/php.py +0 -0
  56. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/extract/python.py +0 -0
  57. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/extract/registry.py +0 -0
  58. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/extract/ruby.py +0 -0
  59. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/extract/rust.py +0 -0
  60. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/fs/__init__.py +0 -0
  61. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/fs/hashing.py +0 -0
  62. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/fs/lang.py +0 -0
  63. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/fs/walker.py +0 -0
  64. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/graph/__init__.py +0 -0
  65. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/graph/adjacency.py +0 -0
  66. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/graph/cte.py +0 -0
  67. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/graph/scoring.py +0 -0
  68. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/kinds.py +0 -0
  69. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/parsing/__init__.py +0 -0
  70. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/parsing/parsers.py +0 -0
  71. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/parsing/queries.py +0 -0
  72. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/pipeline/__init__.py +0 -0
  73. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/pipeline/scanner.py +0 -0
  74. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/pipeline/worker.py +0 -0
  75. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/pipeline/writer.py +0 -0
  76. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/py.typed +0 -0
  77. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/csharp/calls.scm +0 -0
  78. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/csharp/definitions.scm +0 -0
  79. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/csharp/imports.scm +0 -0
  80. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/go/calls.scm +0 -0
  81. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/go/definitions.scm +0 -0
  82. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/go/imports.scm +0 -0
  83. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/java/calls.scm +0 -0
  84. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/java/definitions.scm +0 -0
  85. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/java/imports.scm +0 -0
  86. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/javascript/calls.scm +0 -0
  87. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/javascript/definitions.scm +0 -0
  88. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/javascript/imports.scm +0 -0
  89. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/php/calls.scm +0 -0
  90. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/php/definitions.scm +0 -0
  91. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/php/imports.scm +0 -0
  92. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/python/calls.scm +0 -0
  93. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/python/definitions.scm +0 -0
  94. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/python/imports.scm +0 -0
  95. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/ruby/calls.scm +0 -0
  96. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/ruby/definitions.scm +0 -0
  97. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/ruby/imports.scm +0 -0
  98. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/rust/calls.scm +0 -0
  99. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/rust/definitions.scm +0 -0
  100. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/queries/rust/imports.scm +0 -0
  101. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/resolve/__init__.py +0 -0
  102. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/resolve/externals.py +0 -0
  103. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/resolve/hierarchy.py +0 -0
  104. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/resolve/resolver.py +0 -0
  105. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/resolve/symbol_table.py +0 -0
  106. {entrygraph-0.1.35 → entrygraph-0.1.37}/src/entrygraph/results.py +0 -0
  107. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/conftest.py +0 -0
  108. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/csharp/aspnet_app/Controllers/ReportsController.cs +0 -0
  109. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/csharp/aspnet_app/Program.cs +0 -0
  110. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/csharp/aspnet_app/Services/ReportService.cs +0 -0
  111. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/csharp/aspnet_app/app.csproj +0 -0
  112. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/csharp/minimalapi_app/Program.cs +0 -0
  113. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/csharp/minimalapi_app/app.csproj +0 -0
  114. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/go/gin_app/go.mod +0 -0
  115. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/go/gin_app/main.go +0 -0
  116. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/go/gin_app/service.go +0 -0
  117. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/go/nethttp_app/go.mod +0 -0
  118. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/go/nethttp_app/main.go +0 -0
  119. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/java/methodref_app/pom.xml +0 -0
  120. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/java/methodref_app/src/main/java/com/example/App.java +0 -0
  121. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/java/spring_app/pom.xml +0 -0
  122. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/java/spring_app/src/main/java/com/example/Application.java +0 -0
  123. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/java/spring_app/src/main/java/com/example/ReportRunner.java +0 -0
  124. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/java/spring_app/src/main/java/com/example/ReportService.java +0 -0
  125. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/java/spring_app/src/main/java/com/example/UserController.java +0 -0
  126. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/javascript/commonjs_app/server.js +0 -0
  127. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/javascript/express_app/package.json +0 -0
  128. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/javascript/express_app/src/routes.js +0 -0
  129. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/javascript/express_app/src/services.js +0 -0
  130. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/php/laravel_app/app/Http/Controllers/ReportController.php +0 -0
  131. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/php/laravel_app/artisan +0 -0
  132. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/php/laravel_app/composer.json +0 -0
  133. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/php/laravel_app/routes/web.php +0 -0
  134. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/python/chained_sinks/app.py +0 -0
  135. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/python/flask_app/app/__init__.py +0 -0
  136. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/python/flask_app/app/db.py +0 -0
  137. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/python/flask_app/app/routes.py +0 -0
  138. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/python/flask_app/app/services.py +0 -0
  139. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/python/flask_app/cli.py +0 -0
  140. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/python/flask_app/requirements.txt +0 -0
  141. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/python/fuzzy_sink/app.py +0 -0
  142. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/python/heal_fidelity/caller.py +0 -0
  143. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/python/heal_fidelity/worker.py +0 -0
  144. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/python/may_continue/app.py +0 -0
  145. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/python/sanitizer/app.py +0 -0
  146. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/python/taint_source/handler.py +0 -0
  147. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/ruby/sinatra_app/Gemfile +0 -0
  148. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/ruby/sinatra_app/app.rb +0 -0
  149. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/ruby/sinatra_app/services/runner.rb +0 -0
  150. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/rust/axum_app/Cargo.toml +0 -0
  151. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/rust/axum_app/src/handlers.rs +0 -0
  152. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/rust/axum_app/src/main.rs +0 -0
  153. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/rust/axum_callback_app/Cargo.toml +0 -0
  154. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/rust/axum_callback_app/src/main.rs +0 -0
  155. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/rust/scoped_sink_app/Cargo.toml +0 -0
  156. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/fixtures/rust/scoped_sink_app/src/main.rs +0 -0
  157. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_api.py +0 -0
  158. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_cli.py +0 -0
  159. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_commonjs.py +0 -0
  160. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_csharp_callbacks.py +0 -0
  161. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_cte_bounds.py +0 -0
  162. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_engine_pragmas.py +0 -0
  163. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_entrypoints.py +0 -0
  164. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_extract_csharp.py +0 -0
  165. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_extract_go.py +0 -0
  166. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_extract_java.py +0 -0
  167. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_extract_javascript.py +0 -0
  168. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_extract_php.py +0 -0
  169. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_extract_python.py +0 -0
  170. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_extract_ruby.py +0 -0
  171. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_extract_rust.py +0 -0
  172. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_frameworks.py +0 -0
  173. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_fuzzy_sink.py +0 -0
  174. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_go_callbacks.py +0 -0
  175. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_hardening.py +0 -0
  176. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_heal_fidelity.py +0 -0
  177. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_incremental.py +0 -0
  178. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_indexer.py +0 -0
  179. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_java_callbacks.py +0 -0
  180. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_lang.py +0 -0
  181. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_manifests.py +0 -0
  182. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_may_continue.py +0 -0
  183. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_models.py +0 -0
  184. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_pool.py +0 -0
  185. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_reachability.py +0 -0
  186. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_registry_cache.py +0 -0
  187. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_render.py +0 -0
  188. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_resolver.py +0 -0
  189. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_rust_callbacks.py +0 -0
  190. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_rust_scoped_sinks.py +0 -0
  191. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_sanitizer_languages.py +0 -0
  192. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_scoring.py +0 -0
  193. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_sink_catalog.py +0 -0
  194. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_taint.py +0 -0
  195. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_taint_sanitizers.py +0 -0
  196. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_taint_sources.py +0 -0
  197. {entrygraph-0.1.35 → entrygraph-0.1.37}/tests/test_walker.py +0 -0
  198. {entrygraph-0.1.35 → entrygraph-0.1.37}/uv.lock +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: entrygraph
3
- Version: 0.1.35
3
+ Version: 0.1.37
4
4
  Summary: Language-agnostic code graph: query symbols, entrypoints, and source-to-sink call paths from a SQLite index
5
5
  Project-URL: Repository, https://github.com/brettbergin/entrygraph
6
6
  Author-email: Brett Bergin <brettberginbc@yahoo.com>
@@ -18,7 +18,7 @@ version_tuple: tuple[int | str, ...]
18
18
  commit_id: str | None
19
19
  __commit_id__: str | None
20
20
 
21
- __version__ = version = '0.1.35'
22
- __version_tuple__ = version_tuple = (0, 1, 35)
21
+ __version__ = version = '0.1.37'
22
+ __version_tuple__ = version_tuple = (0, 1, 37)
23
23
 
24
24
  __commit_id__ = commit_id = None
@@ -3,6 +3,8 @@ registration, gin router routes, and cobra CLI commands."""
3
3
 
4
4
  from __future__ import annotations
5
5
 
6
+ import re
7
+
6
8
  from entrygraph.detect.entrypoints.base import (
7
9
  EntrypointRule,
8
10
  first_string_arg,
@@ -114,30 +116,51 @@ def _gin_style(framework: str):
114
116
  return matcher
115
117
 
116
118
 
119
+ _QUOTED = re.compile(r'"([^"]+)"')
120
+
121
+
117
122
  def _gorilla_routes(x: FileExtraction) -> list[EntrypointHint]:
118
- """gorilla/mux: r.HandleFunc('/x', handler)."""
119
- hints = []
123
+ """gorilla/mux, including the chained builder forms.
124
+
125
+ A registration is a method chain on one statement:
126
+ r.HandleFunc("/x", h).Methods("GET")
127
+ r.Path("/x").Methods("GET", "POST").HandlerFunc(h)
128
+ so the route (Path/HandleFunc), verb(s) (Methods) and handler are aggregated
129
+ per line. Previously only bare HandleFunc was matched — the `.Path().Methods()`
130
+ form and any `.Methods()` verb were dropped (loki: ~0% of gorilla routes).
131
+ """
132
+ routes: dict[int, str] = {}
133
+ methods: dict[int, list[str]] = {}
134
+ handlers: dict[int, str | None] = {}
120
135
  for ref in x.references:
121
- if (
122
- ref.kind == "call"
123
- and ref.callee_name in ("HandleFunc", "Handle")
124
- and ref.receiver_text not in (None, "http")
125
- and ref.arg_preview
126
- ):
136
+ if ref.kind != "call" or not ref.arg_preview:
137
+ continue
138
+ line = ref.span.start_line
139
+ # a route is opened by HandleFunc("/x", h) or Path("/x") on the router;
140
+ # exclude net/http's own http.HandleFunc.
141
+ defines_route = (
142
+ ref.callee_name in ("HandleFunc", "Handle") and ref.receiver_text not in (None, "http")
143
+ ) or (ref.callee_name == "Path" and ref.receiver_text is not None)
144
+ if defines_route:
127
145
  route = first_string_arg("(" + ref.arg_preview.lstrip("("))
128
146
  if route is not None and route.startswith("/"):
129
- hints.append(
130
- EntrypointHint(
131
- rule_id="go.gorilla-mux.route",
132
- kind=EntrypointKind.HTTP_ROUTE,
133
- handler_qualified_name=ref.caller_qualified_name,
134
- route=route,
135
- http_methods=["*"],
136
- framework="gorilla-mux",
137
- metadata={"registration": ref.arg_preview},
138
- )
139
- )
140
- return hints
147
+ routes.setdefault(line, route)
148
+ handlers.setdefault(line, ref.caller_qualified_name)
149
+ elif ref.callee_name == "Methods":
150
+ verbs = [v.upper() for v in _QUOTED.findall(ref.arg_preview)]
151
+ if verbs:
152
+ methods.setdefault(line, []).extend(verbs)
153
+ return [
154
+ EntrypointHint(
155
+ rule_id="go.gorilla-mux.route",
156
+ kind=EntrypointKind.HTTP_ROUTE,
157
+ handler_qualified_name=handlers.get(line),
158
+ route=route,
159
+ http_methods=methods.get(line, ["*"]),
160
+ framework="gorilla-mux",
161
+ )
162
+ for line, route in routes.items()
163
+ ]
141
164
 
142
165
 
143
166
  def _cobra_commands(x: FileExtraction) -> list[EntrypointHint]:
@@ -21,21 +21,49 @@ from entrygraph.extract.ir import EntrypointHint, FileExtraction
21
21
  from entrygraph.kinds import EntrypointKind, SymbolKind
22
22
 
23
23
  _LARAVEL_VERBS = frozenset({"get", "post", "put", "delete", "patch", "any", "match"})
24
+ _LARAVEL_RESOURCE = frozenset({"resource", "apiResource"})
24
25
  _SYMFONY_ROUTE = re.compile(r"#\[\s*Route\s*\(")
25
26
  _WORDPRESS_HOOKS = frozenset({"add_action", "add_filter"})
26
27
 
27
28
 
29
+ def _resource_param(name: str) -> str:
30
+ """The Laravel resource param: singular of the last (dot-nested) segment —
31
+ `photos` -> `{photo}`, `blog.comments` -> `{comment}`."""
32
+ seg = name.strip("/").split(".")[-1]
33
+ singular = seg[:-1] if seg.endswith("s") and not seg.endswith("ss") else seg
34
+ return "{" + (singular or "id") + "}"
35
+
36
+
37
+ def _resource_routes(name: str, is_api: bool) -> list[tuple[str, str]]:
38
+ """Expand Route::resource/apiResource into its REST (method, path) routes.
39
+
40
+ apiResource omits the HTML create/edit forms that resource adds.
41
+ """
42
+ base = "/" + name.strip("/").replace(".", "/")
43
+ param = _resource_param(name)
44
+ routes = [
45
+ ("GET", base), # index
46
+ ("POST", base), # store
47
+ ("GET", f"{base}/{param}"), # show
48
+ ("PUT", f"{base}/{param}"), # update
49
+ ("DELETE", f"{base}/{param}"), # destroy
50
+ ]
51
+ if not is_api:
52
+ routes += [
53
+ ("GET", f"{base}/create"), # create form
54
+ ("GET", f"{base}/{param}/edit"), # edit form
55
+ ]
56
+ return routes
57
+
58
+
28
59
  def _laravel_routes(x: FileExtraction) -> list[EntrypointHint]:
29
60
  if not re.search(r"(^|/)routes/[^/]+\.php$", x.path):
30
61
  return []
31
62
  hints = []
32
63
  for ref in x.references:
33
- if (
34
- ref.kind == "call"
35
- and ref.receiver_text == "Route"
36
- and ref.callee_name in _LARAVEL_VERBS
37
- and ref.arg_preview
38
- ):
64
+ if ref.kind != "call" or ref.receiver_text != "Route" or not ref.arg_preview:
65
+ continue
66
+ if ref.callee_name in _LARAVEL_VERBS:
39
67
  route = first_string_arg("(" + ref.arg_preview.lstrip("("))
40
68
  hints.append(
41
69
  EntrypointHint(
@@ -50,6 +78,24 @@ def _laravel_routes(x: FileExtraction) -> list[EntrypointHint]:
50
78
  metadata={"registration": ref.arg_preview},
51
79
  )
52
80
  )
81
+ elif ref.callee_name in _LARAVEL_RESOURCE:
82
+ # Route::resource('photos', Ctrl) / apiResource(...) registers a fixed
83
+ # set of REST routes at once; expand them so they aren't all missed.
84
+ name = first_string_arg("(" + ref.arg_preview.lstrip("("))
85
+ if not name:
86
+ continue
87
+ for method, route in _resource_routes(name, ref.callee_name == "apiResource"):
88
+ hints.append(
89
+ EntrypointHint(
90
+ rule_id="php.laravel.resource",
91
+ kind=EntrypointKind.HTTP_ROUTE,
92
+ handler_qualified_name=None,
93
+ route=route,
94
+ http_methods=[method],
95
+ framework="laravel",
96
+ metadata={"registration": ref.arg_preview},
97
+ )
98
+ )
53
99
  return hints
54
100
 
55
101
 
@@ -440,3 +440,83 @@ def test_rails_routes_read_from_split_route_files():
440
440
  assert [h.route for h in main] == ["/health"]
441
441
  assert [h.route for h in split] == ["/users"] # the split file is now read
442
442
  assert unrelated == [] # a non-routes file is still ignored
443
+
444
+
445
+ def test_laravel_resource_expansion():
446
+ from entrygraph.detect.entrypoints.php import _resource_routes
447
+
448
+ api = _resource_routes("articles", is_api=True)
449
+ assert set(api) == {
450
+ ("GET", "/articles"),
451
+ ("POST", "/articles"),
452
+ ("GET", "/articles/{article}"),
453
+ ("PUT", "/articles/{article}"),
454
+ ("DELETE", "/articles/{article}"),
455
+ }
456
+ # resource() adds the HTML create/edit forms that apiResource omits
457
+ full = dict.fromkeys(r for r in _resource_routes("photos", is_api=False))
458
+ assert ("GET", "/photos/create") in full
459
+ assert ("GET", "/photos/{photo}/edit") in full
460
+ assert len(full) == 7
461
+ # nested resource: last segment is singularized, dots become path separators
462
+ nested = _resource_routes("blog.comments", is_api=True)
463
+ assert ("GET", "/blog/comments/{comment}") in nested
464
+
465
+
466
+ def test_laravel_apiresource_rule_emits_rest_routes():
467
+ from entrygraph.detect.entrypoints import rules_for
468
+
469
+ ref = RawReference(
470
+ kind="call",
471
+ callee_text="Route::apiResource",
472
+ callee_name="apiResource",
473
+ receiver_text="Route",
474
+ span=SPAN,
475
+ caller_qualified_name=None,
476
+ arg_preview="('articles', ArticleController::class)",
477
+ )
478
+ x = FileExtraction(
479
+ path="routes/api.php",
480
+ language="php",
481
+ module_path="routes.api",
482
+ parse_ok=True,
483
+ error_count=0,
484
+ symbols=[],
485
+ references=[ref],
486
+ )
487
+ rule = {r.id: r for r in rules_for("php", {"laravel"})}["php.laravel.route"]
488
+ got = {(h.http_methods[0], h.route) for h in rule.match(x)}
489
+ assert ("GET", "/articles") in got and ("DELETE", "/articles/{article}") in got
490
+ assert ("GET", "/articles/create") not in got # apiResource omits forms
491
+
492
+
493
+ def _go_call_ref(callee, receiver, arg, line=1):
494
+ return RawReference(
495
+ kind="call",
496
+ callee_text=f"{receiver}.{callee}",
497
+ callee_name=callee,
498
+ receiver_text=receiver,
499
+ span=Span(line, 0, line, 40),
500
+ caller_qualified_name="app.setup",
501
+ arg_preview=arg,
502
+ )
503
+
504
+
505
+ def test_gorilla_chained_routes_and_methods():
506
+ # gorilla registrations are method chains on one statement; the route (Path/
507
+ # HandleFunc) and verb(s) (Methods) must be aggregated per line (#37).
508
+ from entrygraph.detect.entrypoints import rules_for
509
+
510
+ refs = [
511
+ # r.HandleFunc("/users", h).Methods("GET") (line 1)
512
+ _go_call_ref("HandleFunc", "r", '("/users", listUsers)', line=1),
513
+ _go_call_ref("Methods", 'r.HandleFunc("/users", listUsers)', '("GET")', line=1),
514
+ # r.Path("/reports").Methods("POST", "PUT").Handler(h) (line 2)
515
+ _go_call_ref("Path", "r", '("/reports")', line=2),
516
+ _go_call_ref("Methods", 'r.Path("/reports")', '("POST", "PUT")', line=2),
517
+ _go_call_ref("Handler", 'r.Path("/reports").Methods("POST", "PUT")', "(h)", line=2),
518
+ ]
519
+ rule = {r.id: r for r in rules_for("go", {"gorilla-mux"})}["go.gorilla-mux.route"]
520
+ got = {(tuple(h.http_methods), h.route) for h in rule.match(_go_ext(refs))}
521
+ assert (("GET",), "/users") in got # HandleFunc route + chained method
522
+ assert (("POST", "PUT"), "/reports") in got # Path().Methods().Handler() form
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes