mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
1bbe4b1cfb
* chore: Exclude CLAUDE.md from Cargo.toml * feat: add callgraph module and integrate into main analysis flow * feat: enhance CLI with new severity filtering and analysis modes * feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling * feat: implement state-model dataflow analysis for resource lifecycle and auth state * feat: enhance diagnostic output formatting and add evidence structure * feat: implement attack surface ranking for diagnostics with scoring and sorting * feat: add comprehensive documentation for installation, usage, and rules reference * feat: add multiple language support for command execution and evaluation endpoints * feat: implement inline suppression for findings using `nyx:ignore` comments * feat: add confidence levels to AST patterns and update output structure * feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets * feat: bump version to 0.4.0 and update changelog with new features and improvements * feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs
23 lines
449 B
Python
23 lines
449 B
Python
# Negative fixture: none of these should trigger security patterns.
|
|
|
|
import subprocess
|
|
import hashlib
|
|
|
|
def safe_subprocess():
|
|
# No shell=True
|
|
subprocess.run(["ls", "-la"])
|
|
|
|
def safe_hash():
|
|
hashlib.sha256(b"data")
|
|
|
|
def safe_literal_query(cursor):
|
|
cursor.execute("SELECT COUNT(*) FROM users")
|
|
|
|
def safe_yaml_load(data):
|
|
import yaml
|
|
yaml.safe_load(data)
|
|
|
|
def safe_string_ops():
|
|
x = "hello"
|
|
y = x.upper()
|
|
z = len(y)
|