mirror of
https://github.com/elicpeter/nyx.git
synced 2026-07-15 21:11:02 +02:00
Added experimental control flow analysis and syntax classification for rust lang (#22)
* Introduce control flow graph (CFG) support: - Added `cfg.rs` with CFG generation and analysis utilities. - Integrated `petgraph` library for graph-based computations. - Updated `ast.rs` to utilize CFG for function analysis. - Modified `Cargo.toml` and `Cargo.lock` to include new dependencies. - Improved static analysis with taint tracking through CFG paths. * feat: enhance control flow analysis with taint tracking and node labeling * feat: improve control flow graph with enhanced node handling and new tests * Remove unnecessary reference marker in `byte_offset_to_point` comment. * Remove unnecessary reference marker in `byte_offset_to_point` comment. * Refactor `ast.rs` for performance and clarity; enhance `cfg.rs` with recursive CFG generation and improved classification logic for AST analysis. * Refactor CFG and taint tracking logic: - Enhanced `cfg.rs` with inline helper function `text_of` for cleaner UTF-8 handling in AST nodes. - Expanded `labels.rs` rules with detailed `Sources`, `Sanitizers`, and `Sinks` for improved classification. - Refined `push_node` to handle method call expressions with object-function pairing. - Simplified code handling in trivia skipping and debug-only logic. * Enhance `cfg.rs` with `first_call_ident` helper and improve identifier extraction logic in `push_node`. * Add targeted CFG taint-tracking tests to enhance analysis coverage. * Enhance CFG generation with loop expression handling and improve taint tracking logic. Add new sanitization example in `examples/sanitize/example.rs`. * Update README with installation instructions for Cargo and GitHub releases. * Expand taint-tracking with precise `def-use` computation and enhance `labels.rs` for detailed classification. Extend `examples/sanitize` with realistic scenarios demonstrating new rules. * Refactor `labels.rs`: - Removed redundant `LabelRule` entries for cleaner rule definitions. - Adjusted matching logic to prioritize suffix and prefix matches effectively. * Refactor `labels.rs`: - Removed redundant `LabelRule` entries for cleaner rule definitions. - Adjusted matching logic to prioritize suffix and prefix matches effectively. * Add test for taint tracking with multiple sources in `cfg.rs`. * Add `function_summaries` table and implement summary upsert/load methods. Refactor to handle summary storage and retrieval efficiently, with placeholder clean/drop logic. * refactor: split `labels.rs` into modular structure with language-specific files * refactor: split `labels.rs` into modular structure with language-specific files * refactor: clean up SQL table definitions in `database.rs` for better readability * refactor: simplify CFG structure by removing lifetime parameters and enhancing taint metadata handling * refactor: update TODO comments in `cfg.rs` to clarify future enhancements for cap labels and function details * refactor: remove redundant header from README.md for improved clarity * feat: add PHF-based syntax classifiers and Kind enum for efficient syntax mapping across languages * feat: introduce analysis modes for enhanced scanner configuration and diagnostics * feat: define Kind enum for syntax classification in control flow analysis * feat: bump version to 0.2.0-alpha and update CHANGELOG for new features and fixes * refactor: clean up imports and formatting in AST and CFG modules for improved readability * refactor: simplify function signatures and improve code readability in CFG and module files * fix: correct rayon_thread_stack_size comment to reflect actual value of 8 MiB * refactor: update string formatting in clean and project modules for consistency * refactor: fix indentation in clean.rs for improved readability --------- Co-authored-by: elipeter <eli.peter@es.fcm.travel>
This commit is contained in:
parent
fd65360818
commit
3c21efba75
21 changed files with 1585 additions and 79 deletions
67
README.md
67
README.md
|
|
@ -1,13 +1,11 @@
|
|||
<div align="center">
|
||||
<img src="assets/logo.png" alt="nyx logo" width="300"/>
|
||||
|
||||
# Nyx
|
||||
|
||||
**Fast, cross-language cli vulnerability scanner.**
|
||||
|
||||
[](https://crates.io/crates/nyx-scanner)
|
||||
[](https://www.gnu.org/licenses/gpl-3.0)
|
||||
[](https://www.rust-lang.org)
|
||||
[](https://www.rust-lang.org)
|
||||
[](https://github.com/ecpeter23/nyx/actions)
|
||||
</div>
|
||||
|
||||
|
|
@ -18,7 +16,7 @@
|
|||
**Nyx** is a lightweight lightning-fast Rust‑native command‑line tool that detects potentially dangerous code patterns across several programming languages. It combines the accuracy of [`tree‑sitter`](https://tree-sitter.github.io/) parsing with a curated rule set and an optional SQLite‑backed index to deliver fast, repeatable scans on projects of any size.
|
||||
|
||||
> **Project status – Alpha**
|
||||
> Nyx is under active development. The public interface, rule set, and output formats may change without notice while we stabilize the core. Please pin exact versions in production environments.
|
||||
> Nyx is under active development. The public interface, rule set, and output formats may change without notice while we stabilise the core. The new CFG + taint engine is experimental and Rust-only for now – please report any crashes or false-positives. Pin exact versions in production environments
|
||||
|
||||
---
|
||||
|
||||
|
|
@ -50,17 +48,49 @@
|
|||
|
||||
## Installation
|
||||
|
||||
### Install crate
|
||||
```bash
|
||||
$ cargo install nyx-scanner
|
||||
```
|
||||
|
||||
### Install Github release
|
||||
1. Navigate to the [Releases](https://github.com/ecpeter23/nyx/releases) page of the repository.
|
||||
2. Download the appropriate binary for your system:
|
||||
|
||||
```nyx-x86_64-unknown-linux-gnu.zip``` for Linux
|
||||
|
||||
```nyx-x86_64-pc-windows-msvc.zip``` for Windows
|
||||
|
||||
```nyx-x86_64-apple-darwin.zip``` or ```nyx-aarch64-apple-darwin.zip``` for macOS (Intel or Apple Silicon)
|
||||
|
||||
3. Unzip the file and move the executable to a directory in your system PATH:
|
||||
```bash
|
||||
# Example for Unix systems
|
||||
unzip nyx-x86_64-unknown-linux-gnu.zip
|
||||
chmod +x nyx
|
||||
sudo mv nyx /usr/local/bin/
|
||||
```
|
||||
```bash
|
||||
# Example for Windows in PowerShell
|
||||
Expand-Archive -Path nyx-x86_64-pc-windows-msvc.zip -DestinationPath .
|
||||
Move-Item -Path .\nyx.exe -Destination "C:\Program Files\Nyx\" # Add to PATH manually if needed
|
||||
```
|
||||
|
||||
4. Verify the installation:
|
||||
```bash
|
||||
nyx --version
|
||||
```
|
||||
### Build from source
|
||||
|
||||
```bash
|
||||
$ git clone https://github.com/<your‑org>/nyx.git
|
||||
$ git clone https://github.com/ecpeter23/nyx.git
|
||||
$ cd nyx
|
||||
$ cargo build --release
|
||||
# optional – copy the binary into PATH
|
||||
$ cargo install --path .
|
||||
```
|
||||
|
||||
Nyx targets **stable Rust 1.78 or later**.
|
||||
Nyx targets **stable Rust 1.85 or later**.
|
||||
|
||||
---
|
||||
|
||||
|
|
@ -142,18 +172,29 @@ A fully documented `nyx.conf` is generated automatically on first run.
|
|||
|
||||
## Roadmap
|
||||
|
||||
| Area | Planned Improvements |
|
||||
|-----------------------|---------------------------------------------------------------------------|
|
||||
| More language support | Plans to create rule sets for over 100 languages for maximum coverage |
|
||||
| Control‑flow analysis | Generation of CFGs for deeper reasoning about execution paths |
|
||||
| Taint tracking | Intra‑ / inter‑procedural tracing of untrusted data from sources to sinks |
|
||||
| Output formats | Full SARIF 2.1.0, JUnit XML, HTML report generator |
|
||||
| Rule updates | Remote rule feed with signature verification |
|
||||
| Area | Planned Improvements |
|
||||
|-----------------------|-------------------------------------------------------------------------------------------------------|
|
||||
| More language support | Plans to create rule sets for over 100 languages for maximum coverage |
|
||||
| Control‑flow analysis | Inter‑procedural function summaries. Cap label propagation & bit‑flag checks. Loop/branch sensitivity |
|
||||
| Taint tracking | Intra‑ / inter‑procedural tracing of untrusted data from sources to sinks |
|
||||
| Output formats | Full SARIF 2.1.0, JUnit XML, HTML report generator |
|
||||
| Rule updates | Remote rule feed with signature verification |
|
||||
| Performance & UX | Incremental CFG cache, progress‑bar UX, smart file‑watch re‑scan |
|
||||
|
||||
Community feedback will help shape priorities; please open an issue to discuss proposed changes.
|
||||
|
||||
---
|
||||
|
||||
## Experimental Features & Feedback
|
||||
|
||||
The new Rust intra‑procedural CFG + taint engine is not enabled.
|
||||
|
||||
Expect rough edges: slightly slower scans, occasional false positives, limited language coverage.
|
||||
|
||||
Please open an issue for every crash, panic, or suspicious result – attach the minimal code snippet and mention the Nyx version.
|
||||
|
||||
---
|
||||
|
||||
## Contributing
|
||||
|
||||
Pull requests are welcome. To contribute:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue