* chore: Exclude CLAUDE.md from Cargo.toml

* feat: add callgraph module and integrate into main analysis flow

* feat: enhance CLI with new severity filtering and analysis modes

* feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling

* feat: implement state-model dataflow analysis for resource lifecycle and auth state

* feat: enhance diagnostic output formatting and add evidence structure

* feat: implement attack surface ranking for diagnostics with scoring and sorting

* feat: add comprehensive documentation for installation, usage, and rules reference

* feat: add multiple language support for command execution and evaluation endpoints

* feat: implement inline suppression for findings using `nyx:ignore` comments

* feat: add confidence levels to AST patterns and update output structure

* feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets

* feat: bump version to 0.4.0 and update changelog with new features and improvements

* feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs
This commit is contained in:
Eli Peter 2026-02-25 21:16:36 -05:00 committed by GitHub
parent 19b578c5c4
commit 1bbe4b1cfb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
456 changed files with 25628 additions and 1228 deletions

View file

@ -0,0 +1,10 @@
#include <cstdio>
#include <cstdlib>
#include <string>
void dangerous(const char *user_input) {
char cmd[256];
sprintf(cmd, "cat %s", user_input);
system(cmd);
printf(user_input); // also format string vuln
}

View file

@ -0,0 +1,35 @@
{
"description": "Multiple vulnerabilities: command injection via system() and format string via printf(user_input)",
"tags": [
"cmdi",
"fmt",
"mixed"
],
"modes": [
"full"
],
"expected": [
{
"rule_id": "cpp.cmdi.system",
"severity": null,
"must_match": true,
"line_range": [
6,
10
],
"evidence_contains": [],
"notes": "system(cmd) where cmd built from user input via sprintf"
},
{
"rule_id": "cpp.memory.printf_no_fmt",
"severity": null,
"must_match": true,
"line_range": [
7,
11
],
"evidence_contains": [],
"notes": "printf(user_input) \u2014 user-controlled format string"
}
]
}

View file

@ -0,0 +1,10 @@
#include <cstdlib>
#include <cstdio>
void env_leak() {
const char *path = std::getenv("USER_PATH");
FILE *f = fopen(path, "r");
char buf[1024];
fgets(buf, sizeof(buf), f);
// taint (getenv -> fopen) + resource leak
}

View file

@ -0,0 +1,35 @@
{
"description": "Combined taint and resource leak: std::getenv flows to fopen, file handle never closed",
"tags": [
"taint",
"state",
"mixed"
],
"modes": [
"full"
],
"expected": [
{
"rule_id": "taint-unsanitised-flow",
"severity": null,
"must_match": true,
"line_range": [
3,
8
],
"evidence_contains": [],
"notes": "std::getenv(\"USER_PATH\") flows to fopen as file path \u2014 path traversal"
},
{
"rule_id": "state-resource-leak",
"severity": null,
"must_match": false,
"line_range": [
4,
11
],
"evidence_contains": [],
"notes": "fopen at line 6 never closed \u2014 aspirational state finding"
}
]
}