* chore: Exclude CLAUDE.md from Cargo.toml
* feat: add callgraph module and integrate into main analysis flow
* feat: enhance CLI with new severity filtering and analysis modes
* feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling
* feat: implement state-model dataflow analysis for resource lifecycle and auth state
* feat: enhance diagnostic output formatting and add evidence structure
* feat: implement attack surface ranking for diagnostics with scoring and sorting
* feat: add comprehensive documentation for installation, usage, and rules reference
* feat: add multiple language support for command execution and evaluation endpoints
* feat: implement inline suppression for findings using `nyx:ignore` comments
* feat: add confidence levels to AST patterns and update output structure
* feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets
* feat: bump version to 0.4.0 and update changelog with new features and improvements
* feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs
* chore: Exclude CLAUDE.md from Cargo.toml
* feat: Add configurable analysis rules and CLI commands for custom sanitizers and terminators
* feat: Enhance resource management and analysis efficiency
- Implemented parallel summary merging in `scan_filesystem` using rayon for improved performance.
- Introduced `GlobalSummaries::merge()` for efficient merging of summaries.
- Optimized file reading and hashing to eliminate redundant I/O operations.
- Added `should_scan_with_hash()` and `upsert_file_with_hash()` methods to streamline file processing.
- Enhanced taint analysis with in-place mutations to reduce memory allocations.
- Updated resource acquisition patterns to exclude false positives for `freopen` and wrapper functions.
* feat: Implement severity downgrade for findings in non-production paths and add source kind inference
* feat: Update versioning information in SECURITY.md for new stable line
* feat: Update categories in Cargo.toml to include parser-implementations and text-processing
* feat: Update dependencies in Cargo.lock for improved compatibility and performance
* feat: Update dependencies in Cargo.lock and Cargo.toml for improved compatibility
* feat: Enhance control flow analysis with function summaries and taint analysis
* feat: Update taint analysis to utilize function summaries for enhanced tracking
* Refactor `walk.rs` batch processing and override handling:
- Renamed `Batcher` to `BatchSender` for clarity.
- Added `BatchSender::new` constructor for cleaner initialization.
- Simplified batch size management in `BatchSender`.
- Extracted `build_overrides` function for reusable override construction.
- Improved error handling and validation in override building.
- Enhanced performance with directory and file type filtering in `walk`.
* Improve logging and streamline directory walk process:
- Added detailed `tracing` logs for debugging batch flushes, override construction, and walk initialization/completion.
- Optimized and simplified `filter_entry` logic for directory and file type filters.
- Improved metadata checks and max file size enforcement during the scan.
* Refactor and optimize taint tracking, label rules, and directory walk process:
- Replaced `DefaultHasher` with `blake3::Hasher` for improved taint hashing.
- Enhanced sorting and hashing logic in `taint.rs` for consistency and efficiency.
- Removed unused `set_hash` function and redundant imports across files.
- Improved batch sender logic in `walk.rs`, renaming key components for clarity.
- Unified `spawn_senders` and `spawn_file_walker` with thread handling and channel tuple return.
- Expanded label rules with additional matchers for sources, sanitizers, and sinks.
- Deprecated `dump_cfg` and specific logging utilities in `cfg.rs` for code cleanup.
* fix: fixed let chains error in walk.rs
* fix: updated dependencies
* fix: updated dependencies
* chore: Remove standard error in scan.rs
* feat: Introduce function summaries for enhanced taint and control flow analysis
* feat: Enhance taint analysis with interop support and function summaries
* feat: Add configuration analysis module and enhance matcher rules
* feat: Add arity column to function_summaries and handle schema migration
* fix: fixed clippy &PathBuf warnings
* chore: Update dependencies and versioning in Cargo files
* docs: Update README to enhance clarity and detail on features and analysis modes
* chore: Update CHANGELOG for version 0.2.0 with new features, changes, and fixes
* docs: Update SECURITY.md to clarify version support status
---------
Co-authored-by: elipeter <eli.peter@es.fcm.travel>
* Introduce control flow graph (CFG) support:
- Added `cfg.rs` with CFG generation and analysis utilities.
- Integrated `petgraph` library for graph-based computations.
- Updated `ast.rs` to utilize CFG for function analysis.
- Modified `Cargo.toml` and `Cargo.lock` to include new dependencies.
- Improved static analysis with taint tracking through CFG paths.
* feat: enhance control flow analysis with taint tracking and node labeling
* feat: improve control flow graph with enhanced node handling and new tests
* Remove unnecessary reference marker in `byte_offset_to_point` comment.
* Remove unnecessary reference marker in `byte_offset_to_point` comment.
* Refactor `ast.rs` for performance and clarity; enhance `cfg.rs` with recursive CFG generation and improved classification logic for AST analysis.
* Refactor CFG and taint tracking logic:
- Enhanced `cfg.rs` with inline helper function `text_of` for cleaner UTF-8 handling in AST nodes.
- Expanded `labels.rs` rules with detailed `Sources`, `Sanitizers`, and `Sinks` for improved classification.
- Refined `push_node` to handle method call expressions with object-function pairing.
- Simplified code handling in trivia skipping and debug-only logic.
* Enhance `cfg.rs` with `first_call_ident` helper and improve identifier extraction logic in `push_node`.
* Add targeted CFG taint-tracking tests to enhance analysis coverage.
* Enhance CFG generation with loop expression handling and improve taint tracking logic. Add new sanitization example in `examples/sanitize/example.rs`.
* Update README with installation instructions for Cargo and GitHub releases.
* Expand taint-tracking with precise `def-use` computation and enhance `labels.rs` for detailed classification. Extend `examples/sanitize` with realistic scenarios demonstrating new rules.
* Refactor `labels.rs`:
- Removed redundant `LabelRule` entries for cleaner rule definitions.
- Adjusted matching logic to prioritize suffix and prefix matches effectively.
* Refactor `labels.rs`:
- Removed redundant `LabelRule` entries for cleaner rule definitions.
- Adjusted matching logic to prioritize suffix and prefix matches effectively.
* Add test for taint tracking with multiple sources in `cfg.rs`.
* Add `function_summaries` table and implement summary upsert/load methods. Refactor to handle summary storage and retrieval efficiently, with placeholder clean/drop logic.
* refactor: split `labels.rs` into modular structure with language-specific files
* refactor: split `labels.rs` into modular structure with language-specific files
* refactor: clean up SQL table definitions in `database.rs` for better readability
* refactor: simplify CFG structure by removing lifetime parameters and enhancing taint metadata handling
* refactor: update TODO comments in `cfg.rs` to clarify future enhancements for cap labels and function details
* refactor: remove redundant header from README.md for improved clarity
* feat: add PHF-based syntax classifiers and Kind enum for efficient syntax mapping across languages
* feat: introduce analysis modes for enhanced scanner configuration and diagnostics
* feat: define Kind enum for syntax classification in control flow analysis
* feat: bump version to 0.2.0-alpha and update CHANGELOG for new features and fixes
* refactor: clean up imports and formatting in AST and CFG modules for improved readability
* refactor: simplify function signatures and improve code readability in CFG and module files
* fix: correct rayon_thread_stack_size comment to reflect actual value of 8 MiB
* refactor: update string formatting in clean and project modules for consistency
* refactor: fix indentation in clean.rs for improved readability
---------
Co-authored-by: elipeter <eli.peter@es.fcm.travel>
* Update licensing to GPL-3:
- Changed project license from "MIT OR Apache-2.0" to "GPL-3".
- Added LICENSE file with GNU GPL-3 full text.
- Removed MIT and Apache-2.0 license files from the repository.
* docs: Update license badge in README to reflect GPL v3
* Update Cargo.toml
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* docs: updated README.md for new license
* docs: update license information to GPL-3.0 in README and Cargo.toml
---------
Co-authored-by: elipeter <eli.peter@es.fcm.travel>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix: Enhance release packaging for cross-platform compatibility
* fix: Resolve pipeline bug with zip command on Windows
* fix: Clarify changelog entry for Windows zip command issue in release pipeline
* Update CHANGELOG.MD
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* docs: Add section on advantages of using Nyx in README
* ci: Update branch references from 'main' to 'master' in CI configuration
* docs: Add third-party licenses documentation and update build process
* Update .github/workflows/release-build.yml
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* docs: Add third-party licenses documentation and update build process
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* test: Add unit tests for config merging and project name sanitization
* Update src/utils/project.rs
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* test: Update assertion for follow_symlinks in scanner configuration
* test: Fix typo in test function name for project info retrieval
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
- Introduced `DEFAULT_CONFIG_TOML` to simplify default configuration loading.
- Replaced `show_progress` with `quiet` in configuration for improved clarity.
- Refactored `create_example_config` to use `NyxResult` and streamline logic with fallback handling.
- Added `default-nyx.conf` file for default configuration management.
- Enhanced `merge_configs` to include new parameters like `scan_timeout_secs` and `quiet`.
- Standardized spacing and indentation across multiple modules for improved readability.
- Reorganized `patterns` and `utils` imports for consistency.
- Updated `NyxError` and `NyxResult` related implementations to maintain consistent formatting.
- Enhanced readability in AST patterns for better clarity and maintainability.
- Added `tree-sitter-ruby` dependency to `Cargo.toml` and `Cargo.lock`.
- Introduced `patterns/ruby.rs` with Ruby-specific AST patterns for vulnerability detection.
- Updated `patterns/mod.rs` and `ast.rs` to support Ruby AST parsing and pattern registry initialization.
- Replaced `Result` with `NyxResult` across the codebase for consistent error management.
- Enhanced `NyxError` with new variants and utility conversions for better flexibility.
- Added detailed `tracing::debug` logs in `file.rs` and `walk.rs` for improved traceability.
- Simplified conditionals and improved path handling in `file.rs`.
- Refined severity filtering logic in `scan.rs`.
- Introduced `NyxError` and `NyxResult` for unified error handling across modules.
- Refactored `scan.rs`, `index.rs`, and `walk.rs` with improved error management and consistent formatting.
- Replaced existing error handling in `database.rs` with `NyxResult`.
- Improved database maintenance by integrating `vacuum` and `clear` methods into workflows.
- Added `dashmap` for efficient parallel diagnostics result aggregation in `scan_with_index_parallel`.
- Enhanced readability and formatting of console outputs in multiple modules.
