* chore: Exclude CLAUDE.md from Cargo.toml
* feat: add callgraph module and integrate into main analysis flow
* feat: enhance CLI with new severity filtering and analysis modes
* feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling
* feat: implement state-model dataflow analysis for resource lifecycle and auth state
* feat: enhance diagnostic output formatting and add evidence structure
* feat: implement attack surface ranking for diagnostics with scoring and sorting
* feat: add comprehensive documentation for installation, usage, and rules reference
* feat: add multiple language support for command execution and evaluation endpoints
* feat: implement inline suppression for findings using `nyx:ignore` comments
* feat: add confidence levels to AST patterns and update output structure
* feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets
* feat: bump version to 0.4.0 and update changelog with new features and improvements
* feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs
* chore: Exclude CLAUDE.md from Cargo.toml
* feat: Add configurable analysis rules and CLI commands for custom sanitizers and terminators
* feat: Enhance resource management and analysis efficiency
- Implemented parallel summary merging in `scan_filesystem` using rayon for improved performance.
- Introduced `GlobalSummaries::merge()` for efficient merging of summaries.
- Optimized file reading and hashing to eliminate redundant I/O operations.
- Added `should_scan_with_hash()` and `upsert_file_with_hash()` methods to streamline file processing.
- Enhanced taint analysis with in-place mutations to reduce memory allocations.
- Updated resource acquisition patterns to exclude false positives for `freopen` and wrapper functions.
* feat: Implement severity downgrade for findings in non-production paths and add source kind inference
* feat: Update versioning information in SECURITY.md for new stable line
* feat: Update categories in Cargo.toml to include parser-implementations and text-processing
* feat: Update dependencies in Cargo.lock for improved compatibility and performance
* feat: Update dependencies in Cargo.lock and Cargo.toml for improved compatibility
* Introduce control flow graph (CFG) support:
- Added `cfg.rs` with CFG generation and analysis utilities.
- Integrated `petgraph` library for graph-based computations.
- Updated `ast.rs` to utilize CFG for function analysis.
- Modified `Cargo.toml` and `Cargo.lock` to include new dependencies.
- Improved static analysis with taint tracking through CFG paths.
* feat: enhance control flow analysis with taint tracking and node labeling
* feat: improve control flow graph with enhanced node handling and new tests
* Remove unnecessary reference marker in `byte_offset_to_point` comment.
* Remove unnecessary reference marker in `byte_offset_to_point` comment.
* Refactor `ast.rs` for performance and clarity; enhance `cfg.rs` with recursive CFG generation and improved classification logic for AST analysis.
* Refactor CFG and taint tracking logic:
- Enhanced `cfg.rs` with inline helper function `text_of` for cleaner UTF-8 handling in AST nodes.
- Expanded `labels.rs` rules with detailed `Sources`, `Sanitizers`, and `Sinks` for improved classification.
- Refined `push_node` to handle method call expressions with object-function pairing.
- Simplified code handling in trivia skipping and debug-only logic.
* Enhance `cfg.rs` with `first_call_ident` helper and improve identifier extraction logic in `push_node`.
* Add targeted CFG taint-tracking tests to enhance analysis coverage.
* Enhance CFG generation with loop expression handling and improve taint tracking logic. Add new sanitization example in `examples/sanitize/example.rs`.
* Update README with installation instructions for Cargo and GitHub releases.
* Expand taint-tracking with precise `def-use` computation and enhance `labels.rs` for detailed classification. Extend `examples/sanitize` with realistic scenarios demonstrating new rules.
* Refactor `labels.rs`:
- Removed redundant `LabelRule` entries for cleaner rule definitions.
- Adjusted matching logic to prioritize suffix and prefix matches effectively.
* Refactor `labels.rs`:
- Removed redundant `LabelRule` entries for cleaner rule definitions.
- Adjusted matching logic to prioritize suffix and prefix matches effectively.
* Add test for taint tracking with multiple sources in `cfg.rs`.
* Add `function_summaries` table and implement summary upsert/load methods. Refactor to handle summary storage and retrieval efficiently, with placeholder clean/drop logic.
* refactor: split `labels.rs` into modular structure with language-specific files
* refactor: split `labels.rs` into modular structure with language-specific files
* refactor: clean up SQL table definitions in `database.rs` for better readability
* refactor: simplify CFG structure by removing lifetime parameters and enhancing taint metadata handling
* refactor: update TODO comments in `cfg.rs` to clarify future enhancements for cap labels and function details
* refactor: remove redundant header from README.md for improved clarity
* feat: add PHF-based syntax classifiers and Kind enum for efficient syntax mapping across languages
* feat: introduce analysis modes for enhanced scanner configuration and diagnostics
* feat: define Kind enum for syntax classification in control flow analysis
* feat: bump version to 0.2.0-alpha and update CHANGELOG for new features and fixes
* refactor: clean up imports and formatting in AST and CFG modules for improved readability
* refactor: simplify function signatures and improve code readability in CFG and module files
* fix: correct rayon_thread_stack_size comment to reflect actual value of 8 MiB
* refactor: update string formatting in clean and project modules for consistency
* refactor: fix indentation in clean.rs for improved readability
---------
Co-authored-by: elipeter <eli.peter@es.fcm.travel>
- Standardized spacing and indentation across multiple modules for improved readability.
- Reorganized `patterns` and `utils` imports for consistency.
- Updated `NyxError` and `NyxResult` related implementations to maintain consistent formatting.
- Enhanced readability in AST patterns for better clarity and maintainability.
- Added `tree-sitter-ruby` dependency to `Cargo.toml` and `Cargo.lock`.
- Introduced `patterns/ruby.rs` with Ruby-specific AST patterns for vulnerability detection.
- Updated `patterns/mod.rs` and `ast.rs` to support Ruby AST parsing and pattern registry initialization.
- Introduced `NyxError` and `NyxResult` for unified error handling across modules.
- Refactored `scan.rs`, `index.rs`, and `walk.rs` with improved error management and consistent formatting.
- Replaced existing error handling in `database.rs` with `NyxResult`.
- Improved database maintenance by integrating `vacuum` and `clear` methods into workflows.
- Added `dashmap` for efficient parallel diagnostics result aggregation in `scan_with_index_parallel`.
- Enhanced readability and formatting of console outputs in multiple modules.
- Introduced `issues` table for detailed vulnerability storage.
- Enhanced `files` table with project scoping and unique constraints.
- Replaced `OutputFormat` enum with `String` for flexibility.
- Added support for formatted console output of scan results.
- Integrated file and issue updating logic for incremental scans.
- Optimized scanning by leveraging database-stored issues.
