apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-06 19:35:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/CHANGELOG.md
Eli Peter f96a89e7c1
Feat/full cfg (#30) 
* feat: Enhance control flow analysis with function summaries and taint analysis

* feat: Update taint analysis to utilize function summaries for enhanced tracking

* Refactor `walk.rs` batch processing and override handling:

- Renamed `Batcher` to `BatchSender` for clarity.
- Added `BatchSender::new` constructor for cleaner initialization.
- Simplified batch size management in `BatchSender`.
- Extracted `build_overrides` function for reusable override construction.
- Improved error handling and validation in override building.
- Enhanced performance with directory and file type filtering in `walk`.

* Improve logging and streamline directory walk process:

- Added detailed `tracing` logs for debugging batch flushes, override construction, and walk initialization/completion.
- Optimized and simplified `filter_entry` logic for directory and file type filters.
- Improved metadata checks and max file size enforcement during the scan.

* Refactor and optimize taint tracking, label rules, and directory walk process:

- Replaced `DefaultHasher` with `blake3::Hasher` for improved taint hashing.
- Enhanced sorting and hashing logic in `taint.rs` for consistency and efficiency.
- Removed unused `set_hash` function and redundant imports across files.
- Improved batch sender logic in `walk.rs`, renaming key components for clarity.
- Unified `spawn_senders` and `spawn_file_walker` with thread handling and channel tuple return.
- Expanded label rules with additional matchers for sources, sanitizers, and sinks.
- Deprecated `dump_cfg` and specific logging utilities in `cfg.rs` for code cleanup.

* fix: fixed let chains error in walk.rs

* fix: updated dependencies

* fix: updated dependencies

* chore: Remove standard error in scan.rs

* feat: Introduce function summaries for enhanced taint and control flow analysis

* feat: Enhance taint analysis with interop support and function summaries

* feat: Add configuration analysis module and enhance matcher rules

* feat: Add arity column to function_summaries and handle schema migration

* fix: fixed clippy &PathBuf warnings

* chore: Update dependencies and versioning in Cargo files

* docs: Update README to enhance clarity and detail on features and analysis modes

* chore: Update CHANGELOG for version 0.2.0 with new features, changes, and fixes

* docs: Update SECURITY.md to clarify version support status

---------

Co-authored-by: elipeter <eli.peter@es.fcm.travel>
2026-02-24 23:44:07 -05:00

4.3 KiB
Raw Permalink Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.2.0] - 2026-02-24

Added

  • Cross-file taint analysis -- two-pass architecture: Pass 1 extracts FuncSummary per function (source/sanitizer/sink capabilities, taint propagation, callees), Pass 2 runs BFS taint propagation with cross-file callee resolution.
  • CFG analysis engine with five detectors: unguarded sinks (cfg-unguarded-sink), auth gaps in web handlers (cfg-auth-gap), unreachable security code (cfg-unreachable-*), error fallthrough (cfg-error-fallthrough), and resource leaks (cfg-resource-leak).
  • Cross-language interop -- taint flows across language boundaries via explicit InteropEdge structs without false-positive name collisions.
  • Function summaries persisted to SQLite (function_summaries table) with arity, parameter names, capability bitflags, and callee lists.
  • Multi-language CFG + taint support -- all 10 languages (Rust, C, C++, Java, Go, PHP, Python, Ruby, TypeScript, JavaScript) now have KINDS maps, RULES, and PARAM_CONFIG for full CFG construction and taint analysis.
  • Resource leak detection for C/C++ (malloc/free, fopen/fclose), Go (os.Open/Close, Lock/Unlock), Rust (alloc/dealloc), and Java (streams, connections).
  • Finding scoring system -- numeric scores based on severity, proximity to entry point, path complexity, taint confirmation, and confidence multiplier.
  • Analysis modes -- Full (default), Ast (--ast-only), and Taint (--cfg-only) selectable via CLI flags or scanner.mode config.
  • GlobalSummaries with conservative merge: union caps, OR booleans, union param/callee lists on name collisions across files.
  • Performance optimizations -- _from_bytes variants to read-once/hash-once, lock-free rayon parallelism, SQLite WAL + 8 MB cache + 256 MB mmap.
  • Tracing instrumentation -- tracing spans on all pipeline phases (walk, pass1, merge, pass2, per-file ops, db_init).
  • Benchmark suite -- criterion benchmarks in benches/scan_bench.rs with fixtures.
  • 107 unit tests covering taint propagation, cross-file resolution, cross-language interop, CFG analysis, and summaries.

Changed

  • Bumped all dependencies to latest compatible versions.
  • Cap bitflags expanded: ENV_VAR, HTML_ESCAPE, SHELL_ESCAPE, URL_ENCODE, JSON_PARSE, FILE_IO.
  • classify() in labels uses zero-allocation byte-level case-insensitive comparisons.
  • Indexed scans now always re-analyze all files in Pass 2 when taint is enabled (conservative: global summaries may have changed even if a file didn't).

Fixed

  • Clippy ptr_arg lint in perf tests (&PathBuf -> &Path).

[0.2.0-alpha] - 2025-06-28

Added

  • Experimental intraprocedural CFG + taint analysis for Rust. Nyx now builds a controlflow graph, applies dataflow rules, and flags unsanitised Source → Sink paths (e.g. env::var → Command::new).
  • O(1) nodekind lookup via perlanguage PHF tables for zerocost dispatch.
  • Six unit tests covering conditionals, loops, sanitizers, and multiple sources.
  • Debug channel target=cfg (use RUST_LOG=nyx::cfg=debug) to inspect generated graphs.

Fixed

  • Fixed a bug in the release pipeline where Windows was trying to call the zip, PowerShell doesn't have a zip command

[0.1.1-alpha] - 2025-06-25

Fixed

  • Fixed a bug where the scan --no-index command would not respect the max_results config setting (#1)

Added

  • Integration tests covering indexing and scanning pipelines (#3, #4, #5, #8)

[0.1.0-alpha] - 2025-06-25

Added

  • Initial alpha release of Nyx CLI tool
  • Multi-language AST pattern scanning via tree-sitter for Rust, C/C++, Java, Go, PHP, Python, Ruby, TypeScript, JavaScript
  • scan command: filesystem walker, pattern execution, console output
  • index command: build, rebuild, and status reporting of SQLite-backed index
  • list command: list indexed projects with optional verbosity
  • clean command: remove one or all project indexes
  • Configuration system with nyx.conf (generated) and nyx.local (user overrides)
  • Default severity levels: High, Medium, Low
  • Unit tests for core modules (config, ext, project utils)