mirror of
https://github.com/elicpeter/nyx.git
synced 2026-07-12 21:02:11 +02:00
Phase 1 (#33)
* chore: Exclude CLAUDE.md from Cargo.toml * feat: add callgraph module and integrate into main analysis flow * feat: enhance CLI with new severity filtering and analysis modes * feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling * feat: implement state-model dataflow analysis for resource lifecycle and auth state * feat: enhance diagnostic output formatting and add evidence structure * feat: implement attack surface ranking for diagnostics with scoring and sorting * feat: add comprehensive documentation for installation, usage, and rules reference * feat: add multiple language support for command execution and evaluation endpoints * feat: implement inline suppression for findings using `nyx:ignore` comments * feat: add confidence levels to AST patterns and update output structure * feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets * feat: bump version to 0.4.0 and update changelog with new features and improvements * feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs
This commit is contained in:
parent
19b578c5c4
commit
1bbe4b1cfb
456 changed files with 25628 additions and 1228 deletions
|
|
@ -52,6 +52,11 @@ follow_symlinks = false
|
|||
## Scan hidden files (dot-files)
|
||||
scan_hidden_files = false
|
||||
|
||||
## Enable state-model dataflow analysis (resource lifecycle + auth state).
|
||||
## Detects use-after-close, double-close, resource leaks, and unauthed access.
|
||||
## Requires mode = "full" or "taint" (needs CFG). Default: off.
|
||||
enable_state_analysis = false
|
||||
|
||||
|
||||
[database]
|
||||
|
||||
|
|
@ -70,15 +75,48 @@ vacuum_on_startup = false
|
|||
|
||||
[output]
|
||||
|
||||
## Output format — only "console" exists for now
|
||||
## Output format: console | json | sarif
|
||||
default_format = "console"
|
||||
|
||||
## Suppress all console output (UNIMPLEMENTED)
|
||||
## Suppress all human-readable status output (stderr)
|
||||
quiet = false
|
||||
|
||||
## Enable attack-surface ranking (sort findings by exploitability score)
|
||||
attack_surface_ranking = true
|
||||
|
||||
## Cap the number of issues shown; null = unlimited
|
||||
max_results = null
|
||||
|
||||
## Minimum attack-surface score to include; null = no minimum
|
||||
## Findings below this threshold are dropped after ranking.
|
||||
## Requires attack_surface_ranking to be enabled.
|
||||
min_score = null
|
||||
|
||||
## Minimum confidence level to include in output; null = no minimum
|
||||
## Values: "low", "medium", "high"
|
||||
# min_confidence = "medium"
|
||||
|
||||
## Include Quality-category findings (excluded by default).
|
||||
## Quality findings (e.g. unwrap, expect, panic) are noise-heavy and hidden
|
||||
## unless this is set to true or --include-quality is passed.
|
||||
include_quality = false
|
||||
|
||||
## Show all findings: disables category filtering, rollups, and LOW budgets.
|
||||
## Equivalent to --all on the command line.
|
||||
show_all = false
|
||||
|
||||
## Maximum total LOW findings to show (rollups count as 1).
|
||||
max_low = 20
|
||||
|
||||
## Maximum LOW findings per file (rollups count as 1).
|
||||
max_low_per_file = 1
|
||||
|
||||
## Maximum LOW findings per rule (rollups count as 1).
|
||||
max_low_per_rule = 10
|
||||
|
||||
## Number of example locations stored in rollup findings.
|
||||
rollup_examples = 5
|
||||
|
||||
|
||||
[performance]
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue