apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-21 20:18:06 +02:00
Code Issues Projects Releases Packages Wiki Activity

Phase 1 (#33)

Browse source 
* chore: Exclude CLAUDE.md from Cargo.toml

* feat: add callgraph module and integrate into main analysis flow

* feat: enhance CLI with new severity filtering and analysis modes

* feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling

* feat: implement state-model dataflow analysis for resource lifecycle and auth state

* feat: enhance diagnostic output formatting and add evidence structure

* feat: implement attack surface ranking for diagnostics with scoring and sorting

* feat: add comprehensive documentation for installation, usage, and rules reference

* feat: add multiple language support for command execution and evaluation endpoints

* feat: implement inline suppression for findings using `nyx:ignore` comments

* feat: add confidence levels to AST patterns and update output structure

* feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets

* feat: bump version to 0.4.0 and update changelog with new features and improvements

* feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs
This commit is contained in:
Eli Peter 2026-02-25 21:16:36 -05:00 committed by GitHub
parent 19b578c5c4
commit 1bbe4b1cfb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
456 changed files with 25628 additions and 1228 deletions
Download patch file Download diff file Expand all files Collapse all files

60
src/output.rs
View file

@ -38,6 +38,11 @@ fn cfg_rule_description(id: &str) -> Option<&'static str> {
}
"cfg-resource-leak" => Some("Resource acquired but not released on all exit paths"),
"cfg-lock-not-released" => Some("Lock acquired but not released on all exit paths"),
"state-use-after-close" => Some("Variable used after its resource handle was closed"),
"state-double-close" => Some("Resource handle closed more than once"),
"state-resource-leak" => Some("Resource acquired but never closed"),
"state-resource-leak-possible" => Some("Resource may not be closed on all paths"),
"state-unauthed-access" => Some("Sensitive operation reached without authentication"),
_ => None,
}
}
@ -116,11 +121,17 @@ pub fn build_sarif(diags: &[Diag], scan_root: &Path) -> Value {
.map(|p| p.to_string_lossy().to_string())
.unwrap_or_else(|_| d.path.clone());
json!({
// Prefer the per-finding message (e.g. from state analysis) over the generic rule description.
let msg_text = d
.message
.as_deref()
.unwrap_or_else(|| rule_description(base));
let mut result = json!({
"ruleId": base,
"ruleIndex": rule_index,
"level": severity_to_level(d.severity),
"message": { "text": rule_description(base) },
"message": { "text": msg_text },
"locations": [{
"physicalLocation": {
"artifactLocation": { "uri": uri },
@ -130,7 +141,50 @@ pub fn build_sarif(diags: &[Diag], scan_root: &Path) -> Value {
}
}
}]
})
});
// Build properties object
let mut props = serde_json::Map::new();
props.insert("category".into(), json!(d.category.to_string()));
if let Some(conf) = d.confidence {
props.insert("confidence".into(), json!(conf.to_string()));
}
// Add rollup data if present
if let Some(ref rollup) = d.rollup {
props.insert(
"rollup".into(),
json!({
"count": rollup.count,
}),
);
// Add rollup occurrences as relatedLocations
let related: Vec<Value> = rollup
.occurrences
.iter()
.enumerate()
.map(|(idx, loc)| {
json!({
"id": idx,
"physicalLocation": {
"artifactLocation": { "uri": &uri },
"region": {
"startLine": loc.line,
"startColumn": loc.col
}
}
})
})
.collect();
if !related.is_empty() {
result["relatedLocations"] = json!(related);
}
}
result["properties"] = Value::Object(props);
result
})
.collect();