Changelog

What's new?

This release has query support for BreakStmt, ContinueStmt, YieldStmt, IfStmt, DoStmt, WhileStmt, ForStmt statements in source code (java) ☕ 🎉

Read latest blog post about detecting Webview vulnerabilities using Code-Pathfinder

• feature: IfStmt, DoStmt, WhileStmt, ForStmt and Generic Statement support by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/173
• feature: 🍺 Support for BreakStmt by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/174
• feature: 🍺 Support for Continue statement by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/175
• feature: 🍺 Support for YieldStmt statement by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/176

What's Changed

• doc: added ci/cd integ pages and docker updates by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/167
• added blog post for targeting android framework by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/169
• fix query name issue in blog post :bug: by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/170
• chore: improve doc site by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/171
• chore: added pr template by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/172
• release: bump version to v0.0.31 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/177

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.30...v0.0.31

What's Changed

• chore(release): fix npm publish by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/162
• feature: Add SARIF file generation from result by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/163
• :bug: Fix command issue in GitHub action and support sarif file format by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/164
• release: bump to v0.0.30 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/165

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.29...v0.0.30

This release has exciting new features such as CI command to scan source code for vulnerabilities within CI/CD ♾️ pipeline, docker support, GitHub Action support. 🎉

What's New?

1. Code-Pathfinder is now available in docker hub. Give it a try by pulling shivasurya/code-pathfinder:stable-latest 🐳
2. GitHub Action is now supported and you can start scanning source code. 🎉

# add as step to github action yaml file
    - name: Code-Pathfinder SAST Scan
            uses: shivasurya/code-pathfinder@main
            with:
              command: 'ci'
              project: '.'
              output-file: 'output.json'
              output: 'json'
              ruleset: 'cpf/java'

3. Code-Pathfinder now supports CI command to scan for vulnerabilities in source code. ♾️

$ pathfinder ci --project /src/code-pathfinder/test-src --ruleset cpf/java --output json --output-file output.json
...
Executing in CI mode ♾️ 

Checkout Code-pathfinder rules registry here

What's Changed

• Bump the npm_and_yarn group across 1 directory with 2 updates by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/151
• feature: Implement CI based pathfinder scan - part 1 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/153
• feature: Implement CI scan using pathfinder rules by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/155
• Bump astro from 4.15.12 to 4.16.3 in /docs in the npm_and_yarn group across 1 directory by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/157
• ✨ Add GitHub Action template with action.yml by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/156
• fixed docker :whale: tag mistake by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/158
• release: Bump/v0.0.29 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/159

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.28...v0.0.29

This release adds exciting new features such as support for querying ClassInstanceExpr where you could search for objects created with class. We have featured new blog post about codepathfinder. I have published various code pathfinder rules targeting generic java application

Code-Pathfinder Rules

• Usage of RC2/RC4 cipher
• Usage of deprecated DefaultHTTPClient
• Usage of SHA1 hash functions
• Usage of insecure Random functions for cryptographic purposes
• Usage of Blowfish crypt methods
• <More to come in next releases covering OWASP Top 10>

What's New?

• feature: Support for ClassInstanceExpr by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/142
• pathfinder rules: added unencrypted socket connection detection rule by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/143
• Blog #1 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/144
• fixed unique id issue for generating unique id by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/146
• More pathfinder rules 🎸 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/145

Chore

• Bump rollup from 4.21.3 to 4.22.4 in /docs in the npm_and_yarn group across 1 directory by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/140
• Improve blog post by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/147
• chore: improved blog post and seo by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/148
• chore: added blog listing by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/149
• release: Bump version to 0.0.28 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/150

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.27...v0.0.28

This release gives a huge boost to query structure and support by adding predicate support and SELECT entity keyword in code-pathfinder queries parity to CodeQL. 🚀

1. You can now declare predicates within the CQL query and invoke them within the query. It improves re-usability and puts us in better place to implement class and predicates in future release 🏅

   predicate isPublicOrProtected(method_declaration md) {
       md.getVisibility() == "public" || md.getVisibility() == "protected"
   }
   
   FROM method_declaration AS md
   WHERE isPublicOrProtected(md)
   SELECT md, "Listing all public or protected methods"
   

2. You can now use SELECT keyword to pick specific one from the bunch of result. ⛏️

   FROM method_invocation AS mi
   WHERE mi.getName() == "setJavaScriptEnabled" && "true" in mi.getArgumentName()
   SELECT mi, "Enabling JavaScript execution in a WebView can result in cross-site scripting attacks."
   

What's New?

• feature: add user defined predicate declaration and invocation support with CQL query by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/134
• feature: Add SELECT clause support for CQL query by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/137
• chore(docs): update documentation to include SELECT keyword by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/138

Chore

• chore(ci): added npm publish github action by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/130
• Bump dset from 3.1.3 to 3.1.4 in /docs in the npm_and_yarn group across 1 directory by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/131
• Bump path-to-regexp from 6.2.2 to 6.3.0 in /docs in the npm_and_yarn group across 1 directory by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/132
• Bump vite from 5.3.3 to 5.4.6 in /docs in the npm_and_yarn group across 1 directory by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/133
• release: Bump/v0.0.27 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/139

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.26...v0.0.27