entrygraph 0.1.41__tar.gz → 0.1.43__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (200) hide show
  1. {entrygraph-0.1.41 → entrygraph-0.1.43}/PKG-INFO +1 -1
  2. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/_version.py +2 -2
  3. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/entrypoints/golang.py +57 -13
  4. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/entrypoints/javascript.py +50 -0
  5. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/extract/golang.py +20 -0
  6. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/extract/ir.py +4 -0
  7. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_entrypoints_go.py +89 -1
  8. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_entrypoints_javascript.py +52 -0
  9. {entrygraph-0.1.41 → entrygraph-0.1.43}/.github/workflows/ci.yml +0 -0
  10. {entrygraph-0.1.41 → entrygraph-0.1.43}/.github/workflows/release.yml +0 -0
  11. {entrygraph-0.1.41 → entrygraph-0.1.43}/.gitignore +0 -0
  12. {entrygraph-0.1.41 → entrygraph-0.1.43}/LICENSE +0 -0
  13. {entrygraph-0.1.41 → entrygraph-0.1.43}/README.md +0 -0
  14. {entrygraph-0.1.41 → entrygraph-0.1.43}/RELEASING.md +0 -0
  15. {entrygraph-0.1.41 → entrygraph-0.1.43}/pyproject.toml +0 -0
  16. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/__init__.py +0 -0
  17. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/__main__.py +0 -0
  18. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/api.py +0 -0
  19. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/cli/__init__.py +0 -0
  20. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/cli/main.py +0 -0
  21. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/cli/render.py +0 -0
  22. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/data/sinks/csharp.toml +0 -0
  23. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/data/sinks/go.toml +0 -0
  24. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/data/sinks/java.toml +0 -0
  25. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/data/sinks/javascript.toml +0 -0
  26. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/data/sinks/lib_javascript.toml +0 -0
  27. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/data/sinks/lib_python.toml +0 -0
  28. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/data/sinks/php.toml +0 -0
  29. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/data/sinks/python.toml +0 -0
  30. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/data/sinks/ruby.toml +0 -0
  31. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/data/sinks/rust.toml +0 -0
  32. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/db/__init__.py +0 -0
  33. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/db/engine.py +0 -0
  34. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/db/meta.py +0 -0
  35. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/db/models.py +0 -0
  36. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/db/queries.py +0 -0
  37. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/__init__.py +0 -0
  38. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/entrypoints/__init__.py +0 -0
  39. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/entrypoints/base.py +0 -0
  40. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/entrypoints/configs.py +0 -0
  41. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/entrypoints/csharp.py +0 -0
  42. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/entrypoints/java.py +0 -0
  43. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/entrypoints/php.py +0 -0
  44. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/entrypoints/python.py +0 -0
  45. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/entrypoints/ruby.py +0 -0
  46. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/entrypoints/rust.py +0 -0
  47. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/frameworks.py +0 -0
  48. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/manifests.py +0 -0
  49. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/detect/taint.py +0 -0
  50. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/errors.py +0 -0
  51. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/extract/__init__.py +0 -0
  52. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/extract/base.py +0 -0
  53. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/extract/csharp.py +0 -0
  54. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/extract/java.py +0 -0
  55. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/extract/javascript.py +0 -0
  56. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/extract/php.py +0 -0
  57. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/extract/python.py +0 -0
  58. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/extract/registry.py +0 -0
  59. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/extract/ruby.py +0 -0
  60. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/extract/rust.py +0 -0
  61. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/fs/__init__.py +0 -0
  62. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/fs/hashing.py +0 -0
  63. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/fs/lang.py +0 -0
  64. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/fs/walker.py +0 -0
  65. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/graph/__init__.py +0 -0
  66. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/graph/adjacency.py +0 -0
  67. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/graph/cte.py +0 -0
  68. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/graph/scoring.py +0 -0
  69. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/kinds.py +0 -0
  70. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/parsing/__init__.py +0 -0
  71. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/parsing/parsers.py +0 -0
  72. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/parsing/queries.py +0 -0
  73. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/pipeline/__init__.py +0 -0
  74. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/pipeline/scanner.py +0 -0
  75. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/pipeline/worker.py +0 -0
  76. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/pipeline/writer.py +0 -0
  77. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/py.typed +0 -0
  78. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/csharp/calls.scm +0 -0
  79. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/csharp/definitions.scm +0 -0
  80. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/csharp/imports.scm +0 -0
  81. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/go/calls.scm +0 -0
  82. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/go/definitions.scm +0 -0
  83. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/go/imports.scm +0 -0
  84. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/java/calls.scm +0 -0
  85. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/java/definitions.scm +0 -0
  86. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/java/imports.scm +0 -0
  87. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/javascript/calls.scm +0 -0
  88. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/javascript/definitions.scm +0 -0
  89. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/javascript/imports.scm +0 -0
  90. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/php/calls.scm +0 -0
  91. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/php/definitions.scm +0 -0
  92. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/php/imports.scm +0 -0
  93. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/python/calls.scm +0 -0
  94. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/python/definitions.scm +0 -0
  95. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/python/imports.scm +0 -0
  96. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/ruby/calls.scm +0 -0
  97. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/ruby/definitions.scm +0 -0
  98. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/ruby/imports.scm +0 -0
  99. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/rust/calls.scm +0 -0
  100. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/rust/definitions.scm +0 -0
  101. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/queries/rust/imports.scm +0 -0
  102. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/resolve/__init__.py +0 -0
  103. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/resolve/externals.py +0 -0
  104. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/resolve/hierarchy.py +0 -0
  105. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/resolve/resolver.py +0 -0
  106. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/resolve/symbol_table.py +0 -0
  107. {entrygraph-0.1.41 → entrygraph-0.1.43}/src/entrygraph/results.py +0 -0
  108. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/conftest.py +0 -0
  109. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/csharp/aspnet_app/Controllers/ReportsController.cs +0 -0
  110. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/csharp/aspnet_app/Program.cs +0 -0
  111. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/csharp/aspnet_app/Services/ReportService.cs +0 -0
  112. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/csharp/aspnet_app/app.csproj +0 -0
  113. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/csharp/minimalapi_app/Program.cs +0 -0
  114. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/csharp/minimalapi_app/app.csproj +0 -0
  115. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/go/gin_app/go.mod +0 -0
  116. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/go/gin_app/main.go +0 -0
  117. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/go/gin_app/service.go +0 -0
  118. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/go/nethttp_app/go.mod +0 -0
  119. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/go/nethttp_app/main.go +0 -0
  120. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/java/methodref_app/pom.xml +0 -0
  121. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/java/methodref_app/src/main/java/com/example/App.java +0 -0
  122. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/java/spring_app/pom.xml +0 -0
  123. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/java/spring_app/src/main/java/com/example/Application.java +0 -0
  124. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/java/spring_app/src/main/java/com/example/ReportRunner.java +0 -0
  125. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/java/spring_app/src/main/java/com/example/ReportService.java +0 -0
  126. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/java/spring_app/src/main/java/com/example/UserController.java +0 -0
  127. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/javascript/commonjs_app/server.js +0 -0
  128. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/javascript/express_app/package.json +0 -0
  129. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/javascript/express_app/src/routes.js +0 -0
  130. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/javascript/express_app/src/services.js +0 -0
  131. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/php/laravel_app/app/Http/Controllers/ReportController.php +0 -0
  132. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/php/laravel_app/artisan +0 -0
  133. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/php/laravel_app/composer.json +0 -0
  134. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/php/laravel_app/routes/web.php +0 -0
  135. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/python/chained_sinks/app.py +0 -0
  136. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/python/flask_app/app/__init__.py +0 -0
  137. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/python/flask_app/app/db.py +0 -0
  138. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/python/flask_app/app/routes.py +0 -0
  139. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/python/flask_app/app/services.py +0 -0
  140. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/python/flask_app/cli.py +0 -0
  141. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/python/flask_app/requirements.txt +0 -0
  142. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/python/fuzzy_sink/app.py +0 -0
  143. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/python/heal_fidelity/caller.py +0 -0
  144. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/python/heal_fidelity/worker.py +0 -0
  145. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/python/may_continue/app.py +0 -0
  146. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/python/sanitizer/app.py +0 -0
  147. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/python/taint_source/handler.py +0 -0
  148. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/ruby/sinatra_app/Gemfile +0 -0
  149. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/ruby/sinatra_app/app.rb +0 -0
  150. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/ruby/sinatra_app/services/runner.rb +0 -0
  151. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/rust/axum_app/Cargo.toml +0 -0
  152. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/rust/axum_app/src/handlers.rs +0 -0
  153. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/rust/axum_app/src/main.rs +0 -0
  154. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/rust/axum_callback_app/Cargo.toml +0 -0
  155. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/rust/axum_callback_app/src/main.rs +0 -0
  156. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/rust/scoped_sink_app/Cargo.toml +0 -0
  157. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/fixtures/rust/scoped_sink_app/src/main.rs +0 -0
  158. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_api.py +0 -0
  159. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_cli.py +0 -0
  160. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_commonjs.py +0 -0
  161. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_csharp_callbacks.py +0 -0
  162. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_cte_bounds.py +0 -0
  163. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_engine_pragmas.py +0 -0
  164. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_entrypoint_expansion.py +0 -0
  165. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_entrypoints.py +0 -0
  166. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_extract_csharp.py +0 -0
  167. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_extract_go.py +0 -0
  168. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_extract_java.py +0 -0
  169. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_extract_javascript.py +0 -0
  170. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_extract_php.py +0 -0
  171. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_extract_python.py +0 -0
  172. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_extract_ruby.py +0 -0
  173. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_extract_rust.py +0 -0
  174. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_frameworks.py +0 -0
  175. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_fuzzy_sink.py +0 -0
  176. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_go_callbacks.py +0 -0
  177. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_hardening.py +0 -0
  178. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_heal_fidelity.py +0 -0
  179. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_incremental.py +0 -0
  180. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_indexer.py +0 -0
  181. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_java_callbacks.py +0 -0
  182. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_lang.py +0 -0
  183. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_manifests.py +0 -0
  184. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_may_continue.py +0 -0
  185. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_models.py +0 -0
  186. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_pool.py +0 -0
  187. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_reachability.py +0 -0
  188. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_registry_cache.py +0 -0
  189. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_render.py +0 -0
  190. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_resolver.py +0 -0
  191. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_rust_callbacks.py +0 -0
  192. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_rust_scoped_sinks.py +0 -0
  193. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_sanitizer_languages.py +0 -0
  194. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_scoring.py +0 -0
  195. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_sink_catalog.py +0 -0
  196. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_taint.py +0 -0
  197. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_taint_sanitizers.py +0 -0
  198. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_taint_sources.py +0 -0
  199. {entrygraph-0.1.41 → entrygraph-0.1.43}/tests/test_walker.py +0 -0
  200. {entrygraph-0.1.41 → entrygraph-0.1.43}/uv.lock +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: entrygraph
3
- Version: 0.1.41
3
+ Version: 0.1.43
4
4
  Summary: Language-agnostic code graph: query symbols, entrypoints, and source-to-sink call paths from a SQLite index
5
5
  Project-URL: Repository, https://github.com/brettbergin/entrygraph
6
6
  Author-email: Brett Bergin <brettberginbc@yahoo.com>
@@ -18,7 +18,7 @@ version_tuple: tuple[int | str, ...]
18
18
  commit_id: str | None
19
19
  __commit_id__: str | None
20
20
 
21
- __version__ = version = '0.1.41'
22
- __version_tuple__ = version_tuple = (0, 1, 41)
21
+ __version__ = version = '0.1.43'
22
+ __version_tuple__ = version_tuple = (0, 1, 43)
23
23
 
24
24
  __commit_id__ = commit_id = None
@@ -67,7 +67,41 @@ def _nethttp_routes(x: FileExtraction) -> list[EntrypointHint]:
67
67
  return hints
68
68
 
69
69
 
70
+ def _group_prefixes(x: FileExtraction) -> dict[str, str]:
71
+ """Map each gin/fiber router-group variable to its composed path prefix.
72
+
73
+ `api := app.Group("/api"); v1 := api.Group("/v1")` -> {api: /api, v1: /api/v1}.
74
+ A nested group inherits its parent group's prefix; Go requires a variable to be
75
+ declared before use, so ascending line order resolves the chain in one pass. A
76
+ group with no assign target (`h(app.Group("/x"))`, passed straight into another
77
+ function) is out of static reach and contributes no prefix.
78
+ """
79
+ prefixes: dict[str, str] = {}
80
+ groups = sorted(
81
+ (
82
+ ref
83
+ for ref in x.references
84
+ if ref.kind == "call"
85
+ and ref.callee_name == "Group"
86
+ and ref.assign_target
87
+ and ref.receiver_text is not None
88
+ and ref.arg_preview
89
+ ),
90
+ key=lambda r: r.span.start_line,
91
+ )
92
+ for ref in groups:
93
+ if ref.arg_preview is None: # already filtered above; narrows for the type-checker
94
+ continue
95
+ local = first_string_arg("(" + ref.arg_preview.lstrip("("))
96
+ if local is None:
97
+ continue # closure-only group (chi-style middleware group) — no prefix
98
+ parent = prefixes.get(ref.receiver_text or "", "")
99
+ prefixes[ref.assign_target or ""] = _compose_prefixes([parent, local])
100
+ return prefixes
101
+
102
+
70
103
  def _gin_routes(x: FileExtraction) -> list[EntrypointHint]:
104
+ prefixes = _group_prefixes(x)
71
105
  hints = []
72
106
  for ref in x.references:
73
107
  if (
@@ -77,20 +111,30 @@ def _gin_routes(x: FileExtraction) -> list[EntrypointHint]:
77
111
  and ref.arg_preview
78
112
  ):
79
113
  route = first_string_arg("(" + ref.arg_preview.lstrip("("))
80
- if route is not None and route.startswith("/"):
81
- verb = ref.callee_name.upper()
82
- method = verb if verb in _HTTP_VERBS else "*"
83
- hints.append(
84
- EntrypointHint(
85
- rule_id="go.gin.route",
86
- kind=EntrypointKind.HTTP_ROUTE,
87
- handler_qualified_name=ref.caller_qualified_name,
88
- route=route,
89
- http_methods=[method],
90
- framework="gin",
91
- metadata={"registration": ref.arg_preview},
92
- )
114
+ if route is None:
115
+ continue
116
+ verb = ref.callee_name.upper()
117
+ is_verb = verb in _HTTP_VERBS
118
+ group_prefix = prefixes.get(ref.receiver_text)
119
+ # A grouped route often drops the leading slash (`v1.GET("users")`) since
120
+ # the group carries the prefix; accept that only for a concrete verb on a
121
+ # known group var. Otherwise keep the conservative leading-slash check
122
+ # (guards against Handle/Any's method-first arg and stray string args).
123
+ if not route.startswith("/") and not (is_verb and group_prefix is not None):
124
+ continue
125
+ method = verb if is_verb else "*"
126
+ full = _compose_prefixes([group_prefix or "", route])
127
+ hints.append(
128
+ EntrypointHint(
129
+ rule_id="go.gin.route",
130
+ kind=EntrypointKind.HTTP_ROUTE,
131
+ handler_qualified_name=ref.caller_qualified_name,
132
+ route=full,
133
+ http_methods=[method],
134
+ framework="gin",
135
+ metadata={"registration": ref.arg_preview},
93
136
  )
137
+ )
94
138
  return hints
95
139
 
96
140
 
@@ -239,6 +239,47 @@ def _next_handlers(x: FileExtraction) -> list[EntrypointHint]:
239
239
 
240
240
 
241
241
  _HTTP_METHODS_UPPER = frozenset(m.upper() for m in _HTTP_METHODS)
242
+ _NEXT_PAGES_EXTS = (".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs")
243
+
244
+
245
+ def _next_pages_handlers(x: FileExtraction) -> list[EntrypointHint]:
246
+ """Next.js Pages Router API routes: every file under `pages/api/**` is a route
247
+ (file-based routing), whatever the default-export shape — a named `handler`
248
+ function, a `createNextApiHandler(router)` wrapper, or a bare arrow. The IR has
249
+ no `export default` marker to key on, so we rely on the file convention itself.
250
+
251
+ The handler dispatches on `req.method` internally, so the route carries no
252
+ specific verb. Bind to a `handler`-named function when present (the Pages
253
+ Router convention) so taint reaches the real body; otherwise the module.
254
+ """
255
+ normalized = f"/{x.path}" # leading slash so a top-level `pages/` dir also matches
256
+ if "/pages/api/" not in normalized or not x.path.endswith(_NEXT_PAGES_EXTS):
257
+ return []
258
+ if x.path.endswith(".d.ts") or ".test." in x.path or ".spec." in x.path:
259
+ return [] # type decls and colocated tests aren't routes (#33)
260
+ tail = normalized.split("/pages/api/", 1)[1].rsplit(".", 1)[0] # after prefix, no ext
261
+ if tail == "index":
262
+ tail = ""
263
+ elif tail.endswith("/index"):
264
+ tail = tail[: -len("/index")]
265
+ route = "/api" + (f"/{tail}" if tail else "")
266
+ handler = next(
267
+ (
268
+ s.qualified_name
269
+ for s in x.symbols
270
+ if s.kind in (SymbolKind.FUNCTION, SymbolKind.METHOD) and s.name == "handler"
271
+ ),
272
+ None,
273
+ )
274
+ return [
275
+ EntrypointHint(
276
+ rule_id="javascript.next.pages-route",
277
+ kind=EntrypointKind.HTTP_ROUTE,
278
+ handler_qualified_name=handler,
279
+ route=route,
280
+ framework="next",
281
+ )
282
+ ]
242
283
 
243
284
 
244
285
  register(
@@ -323,3 +364,12 @@ register(
323
364
  "javascript.next.route", "javascript", "next", EntrypointKind.HTTP_ROUTE, _next_handlers
324
365
  )
325
366
  )
367
+ register(
368
+ EntrypointRule(
369
+ "javascript.next.pages-route",
370
+ "javascript",
371
+ "next",
372
+ EntrypointKind.HTTP_ROUTE,
373
+ _next_pages_handlers,
374
+ )
375
+ )
@@ -263,6 +263,7 @@ class GoExtractor:
263
263
  caller_qualified_name=caller,
264
264
  arg_count=len(args.named_children) if args is not None else 0,
265
265
  arg_preview=truncate(node_text(args)) if args is not None else None,
266
+ assign_target=self._assign_target(node),
266
267
  )
267
268
  )
268
269
  self._emit_callbacks(args, caller, out)
@@ -280,6 +281,25 @@ class GoExtractor:
280
281
  )
281
282
  )
282
283
 
284
+ def _assign_target(self, call: Node) -> str | None:
285
+ """LHS variable when `call` is the sole RHS of a single-var `:=`/`=`.
286
+
287
+ `api := app.Group("/api")` -> "api". Multi-assignment (`a, b := f()`) and
288
+ calls nested in a larger expression (`h(app.Group("/x"))`) return None —
289
+ the group there isn't bound to a reachable variable.
290
+ """
291
+ right = call.parent
292
+ if right is None or right.type != "expression_list":
293
+ return None
294
+ stmt = right.parent
295
+ if stmt is None or stmt.type not in ("short_var_declaration", "assignment_statement"):
296
+ return None
297
+ left = stmt.child_by_field_name("left")
298
+ if left is None or len(left.named_children) != 1 or len(right.named_children) != 1:
299
+ return None
300
+ ident = left.named_children[0]
301
+ return node_text(ident) if ident.type == "identifier" else None
302
+
283
303
  def _emit_callbacks(self, args: Node | None, caller: str | None, out: FileExtraction) -> None:
284
304
  """Bare-identifier arguments passed to a call — a function value that may be
285
305
  invoked later, e.g. ``http.HandleFunc("/", handler)``. Resolution keeps only
@@ -58,6 +58,10 @@ class RawReference:
58
58
  caller_qualified_name: str | None # FQN of enclosing def; None = module level
59
59
  arg_count: int = 0
60
60
  arg_preview: str | None = None # truncated literal args, for sink triage
61
+ # LHS variable when this call is the sole RHS of a single-var `:=`/`=`
62
+ # (`api := app.Group("/api")`). Lets router-group rules link routes registered
63
+ # on the group var back to its path prefix. Populated by the Go extractor.
64
+ assign_target: str | None = None
61
65
 
62
66
 
63
67
  @dataclass(slots=True)
@@ -19,7 +19,7 @@ def _go_ext(references, path="main.go"):
19
19
  )
20
20
 
21
21
 
22
- def _call(callee, receiver, arg, start=1, end=None):
22
+ def _call(callee, receiver, arg, start=1, end=None, assign=None):
23
23
  return RawReference(
24
24
  kind="call",
25
25
  callee_text=f"{receiver}.{callee}" if receiver else callee,
@@ -28,6 +28,7 @@ def _call(callee, receiver, arg, start=1, end=None):
28
28
  span=Span(start, 0, end if end is not None else start, 40),
29
29
  caller_qualified_name="app.routes",
30
30
  arg_preview=arg,
31
+ assign_target=assign,
31
32
  )
32
33
 
33
34
 
@@ -118,3 +119,90 @@ def test_grpc_test_harness_registrations_excluded():
118
119
  # A real service registered inside a *_test.go harness is not production surface.
119
120
  refs = [_call("RegisterFrontendServer", "frontendv1pb", "(grpcServer, v1)")]
120
121
  assert _grpc_rule().match(_go_ext(refs, path="pkg/frontend/frontend_test.go")) == []
122
+
123
+
124
+ def _gin_rule():
125
+ return {r.id: r for r in rules_for("go", {"gin"})}["go.gin.route"]
126
+
127
+
128
+ def _fiber_rule():
129
+ return {r.id: r for r in rules_for("go", {"fiber"})}["go.fiber.route"]
130
+
131
+
132
+ def test_gin_group_prefix_composed():
133
+ # api := router.Group("/api"); api.GET("/users", h) -> /api/users (#36). The
134
+ # group var is bound via the call's assign_target.
135
+ refs = [
136
+ _call("Group", "router", '("/api")', start=1, assign="api"),
137
+ _call("GET", "api", '("/users", listUsers)', start=2),
138
+ _call("GET", "router", '("/health", health)', start=3), # ungrouped
139
+ ]
140
+ got = {(h.http_methods[0], h.route) for h in _gin_rule().match(_go_ext(refs))}
141
+ assert got == {("GET", "/api/users"), ("GET", "/health")}
142
+
143
+
144
+ def test_gin_nested_groups_stack():
145
+ # api := app.Group("/api"); v1 := api.Group("/v1"); v1.GET("/users", h)
146
+ refs = [
147
+ _call("Group", "app", '("/api")', start=1, assign="api"),
148
+ _call("Group", "api", '("/v1")', start=2, assign="v1"),
149
+ _call("GET", "v1", '("/users", h)', start=3),
150
+ ]
151
+ got = {(h.http_methods[0], h.route) for h in _gin_rule().match(_go_ext(refs))}
152
+ assert got == {("GET", "/api/v1/users")}
153
+
154
+
155
+ def test_gin_grouped_route_without_leading_slash():
156
+ # Grouped routes commonly drop the leading slash (gin versioning example);
157
+ # accept it for a concrete verb on a known group var and still prefix it.
158
+ refs = [
159
+ _call("Group", "router", '("/v1")', start=1, assign="apiV1"),
160
+ _call("GET", "apiV1", '("users", h)', start=2),
161
+ ]
162
+ got = {(h.http_methods[0], h.route) for h in _gin_rule().match(_go_ext(refs))}
163
+ assert got == {("GET", "/v1/users")}
164
+
165
+
166
+ def test_gin_ungrouped_route_still_requires_leading_slash():
167
+ # A slash-less path on a non-group receiver stays filtered (guards against
168
+ # Handle/Any's method-first arg and stray string args).
169
+ refs = [_call("GET", "router", '("users", h)', start=1)]
170
+ assert _gin_rule().match(_go_ext(refs)) == []
171
+
172
+
173
+ def test_gin_group_passed_to_function_has_no_prefix():
174
+ # h(app.Group("/api")) has no assign target — out of static reach, so a later
175
+ # same-named receiver must not pick up a phantom prefix.
176
+ refs = [
177
+ _call("Group", "app", '("/api")', start=1, assign=None),
178
+ _call("GET", "app", '("/health", h)', start=2),
179
+ ]
180
+ got = {(h.http_methods[0], h.route) for h in _gin_rule().match(_go_ext(refs))}
181
+ assert got == {("GET", "/health")}
182
+
183
+
184
+ def test_fiber_group_prefix_end_to_end():
185
+ # Exercises the real Go extractor (assign_target capture) + fiber rule together.
186
+ from entrygraph.extract.base import FileContext
187
+ from entrygraph.extract.golang import GoExtractor
188
+ from entrygraph.parsing.parsers import parse
189
+
190
+ src = (
191
+ b"package router\n"
192
+ b"func SetupRoutes(app *fiber.App) {\n"
193
+ b' api := app.Group("/api")\n'
194
+ b' api.Get("/", handler.Hello)\n'
195
+ b' auth := api.Group("/auth")\n'
196
+ b' auth.Post("/login", handler.Login)\n'
197
+ b"}\n"
198
+ )
199
+ ctx = FileContext(
200
+ path="router/router.go",
201
+ language="go",
202
+ module_path="router",
203
+ source=src,
204
+ is_package=False,
205
+ )
206
+ x = GoExtractor().extract(parse("go", src), ctx)
207
+ got = {(h.http_methods[0], h.route) for h in _fiber_rule().match(x)}
208
+ assert got == {("GET", "/api"), ("POST", "/api/auth/login")}
@@ -73,3 +73,55 @@ def test_next_ignores_non_method_symbols_and_non_route_files():
73
73
  assert _next_rule().match(_js_ext([_sym("helper", SymbolKind.VARIABLE)])) == []
74
74
  off_route = _js_ext([_sym("GET", SymbolKind.VARIABLE)], path="apps/web/app/api/me/page.ts")
75
75
  assert _next_rule().match(off_route) == []
76
+
77
+
78
+ def _pages_rule():
79
+ return {r.id: r for r in rules_for("javascript", {"next"})}["javascript.next.pages-route"]
80
+
81
+
82
+ def _handler_sym(qname="apps.web.pages.api.book.event.handler"):
83
+ return RawSymbol(
84
+ kind=SymbolKind.FUNCTION, name="handler", qualified_name=qname, span=Span(1, 0, 1, 40)
85
+ )
86
+
87
+
88
+ def test_next_pages_route_binds_named_handler():
89
+ # Pages Router is file-based: pages/api/book/event.ts is the route /api/book/event,
90
+ # and the conventional `export default function handler` binds it (#37).
91
+ ext = _js_ext([_handler_sym()], path="apps/web/pages/api/book/event.ts")
92
+ hints = _pages_rule().match(ext)
93
+ assert len(hints) == 1
94
+ h = hints[0]
95
+ assert h.kind is EntrypointKind.HTTP_ROUTE
96
+ assert h.route == "/api/book/event"
97
+ assert h.http_methods == [] # method dispatched inside the handler
98
+ assert h.handler_qualified_name == "apps.web.pages.api.book.event.handler"
99
+
100
+
101
+ def test_next_pages_route_without_handler_falls_back_to_module():
102
+ # `export default createNextApiHandler(router)` (tRPC) defines no handler symbol;
103
+ # the route is still detected, left unbound for the scanner to anchor on module.
104
+ ext = _js_ext(path="apps/web/pages/api/trpc/[trpc].ts")
105
+ hint = _pages_rule().match(ext)[0]
106
+ assert hint.route == "/api/trpc/[trpc]"
107
+ assert hint.handler_qualified_name is None
108
+
109
+
110
+ def test_next_pages_index_files_map_to_parent():
111
+ foo = _pages_rule().match(_js_ext(path="apps/web/pages/api/foo/index.ts"))[0]
112
+ assert foo.route == "/api/foo"
113
+ assert _pages_rule().match(_js_ext(path="pages/api/index.ts"))[0].route == "/api"
114
+
115
+
116
+ def test_next_pages_excludes_tests_and_type_decls():
117
+ for path in (
118
+ "apps/web/pages/api/book/recurring-event.test.ts",
119
+ "apps/web/pages/api/foo.spec.ts",
120
+ "apps/web/pages/api/types.d.ts",
121
+ ):
122
+ assert _pages_rule().match(_js_ext(path=path)) == []
123
+
124
+
125
+ def test_next_pages_ignores_non_api_pages():
126
+ # A React page under pages/ (not pages/api/) is not an API route.
127
+ assert _pages_rule().match(_js_ext(path="apps/web/pages/about.tsx")) == []
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes