* chore: Exclude CLAUDE.md from Cargo.toml

* feat: add callgraph module and integrate into main analysis flow

* feat: enhance CLI with new severity filtering and analysis modes

* feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling

* feat: implement state-model dataflow analysis for resource lifecycle and auth state

* feat: enhance diagnostic output formatting and add evidence structure

* feat: implement attack surface ranking for diagnostics with scoring and sorting

* feat: add comprehensive documentation for installation, usage, and rules reference

* feat: add multiple language support for command execution and evaluation endpoints

* feat: implement inline suppression for findings using `nyx:ignore` comments

* feat: add confidence levels to AST patterns and update output structure

* feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets

* feat: bump version to 0.4.0 and update changelog with new features and improvements

* feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs
This commit is contained in:
Eli Peter 2026-02-25 21:16:36 -05:00 committed by GitHub
parent 19b578c5c4
commit 1bbe4b1cfb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
456 changed files with 25628 additions and 1228 deletions

View file

@ -0,0 +1,25 @@
# Negative fixture: none of these should trigger security patterns.
def safe_yaml(data)
YAML.safe_load(data)
end
def safe_system
Dir.entries(".")
end
def safe_send(obj)
obj.send(:to_s)
end
def safe_open
File.open("config.yml", "r") do |f|
f.read
end
end
def safe_string_ops
x = "hello"
y = x.upcase
z = y.length
end

View file

@ -0,0 +1,51 @@
# Positive fixture: each snippet should trigger the named pattern.
# rb.code_exec.eval
def trigger_eval(code)
eval(code)
end
# rb.code_exec.instance_eval
def trigger_instance_eval(obj, code)
obj.instance_eval(code)
end
# rb.code_exec.class_eval
def trigger_class_eval(klass, code)
klass.class_eval(code)
end
# rb.cmdi.backtick
def trigger_backtick
`uname -a`
end
# rb.cmdi.system_interp
def trigger_system_interp(cmd)
system("run #{cmd}")
end
# rb.deser.yaml_load
def trigger_yaml_load(data)
YAML.load(data)
end
# rb.deser.marshal_load
def trigger_marshal_load(data)
Marshal.load(data)
end
# rb.reflection.send_dynamic
def trigger_send_dynamic(obj, method_name)
obj.send(method_name)
end
# rb.reflection.constantize
def trigger_constantize(name)
name.constantize
end
# rb.ssrf.open_uri
def trigger_open_uri
open("https://example.com/api")
end