mirror of
https://github.com/elicpeter/nyx.git
synced 2026-07-03 20:41:00 +02:00
Phase 1 (#33)
* chore: Exclude CLAUDE.md from Cargo.toml * feat: add callgraph module and integrate into main analysis flow * feat: enhance CLI with new severity filtering and analysis modes * feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling * feat: implement state-model dataflow analysis for resource lifecycle and auth state * feat: enhance diagnostic output formatting and add evidence structure * feat: implement attack surface ranking for diagnostics with scoring and sorting * feat: add comprehensive documentation for installation, usage, and rules reference * feat: add multiple language support for command execution and evaluation endpoints * feat: implement inline suppression for findings using `nyx:ignore` comments * feat: add confidence levels to AST patterns and update output structure * feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets * feat: bump version to 0.4.0 and update changelog with new features and improvements * feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs
This commit is contained in:
parent
19b578c5c4
commit
1bbe4b1cfb
456 changed files with 25628 additions and 1228 deletions
23
tests/fixtures/patterns/go/negative.go
vendored
Normal file
23
tests/fixtures/patterns/go/negative.go
vendored
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"database/sql"
|
||||
)
|
||||
|
||||
func safeHash(data []byte) {
|
||||
sha256.Sum256(data)
|
||||
}
|
||||
|
||||
func safeParamQuery(db *sql.DB, user string) {
|
||||
db.Query("SELECT * FROM users WHERE name = $1", user)
|
||||
}
|
||||
|
||||
func safeLiteralQuery(db *sql.DB) {
|
||||
db.Query("SELECT COUNT(*) FROM users")
|
||||
}
|
||||
|
||||
func safeStringOps() {
|
||||
x := "hello"
|
||||
_ = len(x)
|
||||
}
|
||||
55
tests/fixtures/patterns/go/positive.go
vendored
Normal file
55
tests/fixtures/patterns/go/positive.go
vendored
Normal file
|
|
@ -0,0 +1,55 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/md5"
|
||||
"crypto/sha1"
|
||||
"database/sql"
|
||||
"encoding/gob"
|
||||
"os"
|
||||
"os/exec"
|
||||
"unsafe"
|
||||
)
|
||||
|
||||
// go.cmdi.exec_command
|
||||
func triggerExecCommand(cmd string) {
|
||||
exec.Command("bash", "-c", cmd)
|
||||
}
|
||||
|
||||
// go.memory.unsafe_pointer
|
||||
func triggerUnsafePointer() {
|
||||
x := 42
|
||||
p := unsafe.Pointer(&x)
|
||||
_ = p
|
||||
}
|
||||
|
||||
// go.transport.insecure_skip_verify
|
||||
func triggerInsecureSkipVerify() {
|
||||
_ = struct{ InsecureSkipVerify bool }{InsecureSkipVerify: true}
|
||||
}
|
||||
|
||||
// go.crypto.md5
|
||||
func triggerMD5(data []byte) {
|
||||
md5.Sum(data)
|
||||
}
|
||||
|
||||
// go.crypto.sha1
|
||||
func triggerSHA1(data []byte) {
|
||||
sha1.Sum(data)
|
||||
}
|
||||
|
||||
// go.sqli.query_concat
|
||||
func triggerSQLConcat(db *sql.DB, user string) {
|
||||
db.Query("SELECT * FROM users WHERE name = '" + user + "'")
|
||||
}
|
||||
|
||||
// go.secrets.hardcoded_key
|
||||
func triggerHardcodedSecret() {
|
||||
password := "super_secret_password_12345"
|
||||
_ = password
|
||||
}
|
||||
|
||||
// go.deser.gob_decode
|
||||
func triggerGobDecode(f *os.File) {
|
||||
dec := gob.NewDecoder(f)
|
||||
_ = dec
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue