* chore: Exclude CLAUDE.md from Cargo.toml

* feat: add callgraph module and integrate into main analysis flow

* feat: enhance CLI with new severity filtering and analysis modes

* feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling

* feat: implement state-model dataflow analysis for resource lifecycle and auth state

* feat: enhance diagnostic output formatting and add evidence structure

* feat: implement attack surface ranking for diagnostics with scoring and sorting

* feat: add comprehensive documentation for installation, usage, and rules reference

* feat: add multiple language support for command execution and evaluation endpoints

* feat: implement inline suppression for findings using `nyx:ignore` comments

* feat: add confidence levels to AST patterns and update output structure

* feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets

* feat: bump version to 0.4.0 and update changelog with new features and improvements

* feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs
This commit is contained in:
Eli Peter 2026-02-25 21:16:36 -05:00 committed by GitHub
parent 19b578c5c4
commit 1bbe4b1cfb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
456 changed files with 25628 additions and 1228 deletions

23
tests/fixtures/patterns/go/negative.go vendored Normal file
View file

@ -0,0 +1,23 @@
package main
import (
"crypto/sha256"
"database/sql"
)
func safeHash(data []byte) {
sha256.Sum256(data)
}
func safeParamQuery(db *sql.DB, user string) {
db.Query("SELECT * FROM users WHERE name = $1", user)
}
func safeLiteralQuery(db *sql.DB) {
db.Query("SELECT COUNT(*) FROM users")
}
func safeStringOps() {
x := "hello"
_ = len(x)
}

55
tests/fixtures/patterns/go/positive.go vendored Normal file
View file

@ -0,0 +1,55 @@
package main
import (
"crypto/md5"
"crypto/sha1"
"database/sql"
"encoding/gob"
"os"
"os/exec"
"unsafe"
)
// go.cmdi.exec_command
func triggerExecCommand(cmd string) {
exec.Command("bash", "-c", cmd)
}
// go.memory.unsafe_pointer
func triggerUnsafePointer() {
x := 42
p := unsafe.Pointer(&x)
_ = p
}
// go.transport.insecure_skip_verify
func triggerInsecureSkipVerify() {
_ = struct{ InsecureSkipVerify bool }{InsecureSkipVerify: true}
}
// go.crypto.md5
func triggerMD5(data []byte) {
md5.Sum(data)
}
// go.crypto.sha1
func triggerSHA1(data []byte) {
sha1.Sum(data)
}
// go.sqli.query_concat
func triggerSQLConcat(db *sql.DB, user string) {
db.Query("SELECT * FROM users WHERE name = '" + user + "'")
}
// go.secrets.hardcoded_key
func triggerHardcodedSecret() {
password := "super_secret_password_12345"
_ = password
}
// go.deser.gob_decode
func triggerGobDecode(f *os.File) {
dec := gob.NewDecoder(f)
_ = dec
}