What's New?

• You can now query multiple entities in a single query and compare with them in conditions and filter them like CodeQL 🚀 Example:

  FIND method_declaration AS md, method_invocation AS mi
  WHERE md.getName() == mi.getName() &&
  md.getVisibility() != "private"
  

• The pathfinder cli now fresh look with code, line number, file name formatted
• If you make any mistakes in query, pathfinder cli advises you error message exactly line number and doesn't crash the program
• Posthog had issues in previous release due to breaking changes in golang sdk from posthog, which is now fixed.

<img width="1079" alt="Screenshot 2024-08-28 at 9 46 54 PM" src="https://github.com/user-attachments/assets/3b1910c1-d092-435b-8f0a-b07a892478b9">

Changelog

• moved to better output format :star: by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/120
• bug(posthog): upgrade posthog go version by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/121
• Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows in the github_actions group across 1 directory by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/124
• Bump the npm_and_yarn group across 1 directory with 2 updates by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/123
• Support multiple entity selection via cartesian product 📐 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/116
• added better error handling for query parsing :star: by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/126
• Bump/v0.0.26 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/127
• updated release upload action v4 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/128

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.25...v0.0.26

Code PathFinder 🥉 v0.0.25 (Quarter century 🏏 release)

This release has major improvements in cli capabilities, added extra core entities, able to execute queries as .cql file

1. Introduced BinaryExpr as core entity. You could now search for AddExpr, AndBitwiseExpr, ComparisonExpr, AndLogicalExpr, DivExpr, EqExpr, NEExpr , LeftShiftExpr, MulExpr, OrBitwiseExpr, OrLogicalExpr, RemExpr, RightShiftExpr, SubExpr, UnsignedRightShiftExpr, XorBitwiseExpr expressions in codebase. It has both LeftOperandString() and RightOperandString() as API

   Example:

     FIND add_expression AS ad WHERE ad.getBinaryExpr().GetLeftOperandString() != "int a"
   

2. Code Pathfinder queries now can be stored as .cql file and execute with pathfinder cli 💻

     $ pathfinder query --project ~/src/code-pathfinder/test-src/android --query-file ../pathfinder-rules/example.cql
   

3. Code Pathfinder command-line interface has been freshly revamped with spf13/cobra based library.

     Code Pathfinder is designed for identifying vulnerabilities in source code.
     Usage:
         pathfinder [command]
   
     Available Commands:
       ci          Scan a project for vulnerabilities with ruleset in ci mode
       completion  Generate the autocompletion script for the specified shell
       help        Help about any command
       query       Execute queries on the source code
       scan         Scan a project for vulnerabilities with ruleset
       version     Print the version and commit information
   
     Flags:
        --disable-metrics   Disable metrics collection
        -h, --help                 help for pathfinder
   
      Use "pathfinder [command] --help" for more information about a command.
   

4. Pathfinder queries (*.cql) will be available under pathfinder-rules directory in this repo.

What's New?

• Add posthog usage analytics log for cli tool by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/101
• feature(query): introduce to execute queries from CQL file 🚀 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/102
• Refactor pathfinder cli to support cobra :snake: cli format by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/104
• Bump micromatch from 4.0.7 to 4.0.8 in /docs in the npm_and_yarn group across 1 directory by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/106
• cql(queries): Added Pathfinder CQL queries for WebView APIs 🏅 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/112
• Added expr model and parsed basic binary expression by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/99

New Contributors

• @dependabot made their first contribution in https://github.com/shivasurya/code-pathfinder/pull/106

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.24...v0.0.25

Method chaining is powerful feature to write models and expose methods to support runtime filtering instead of compile time/construction time of source code graph

from now on 🚀 you'll be able to chain methods for JavaDoc object and methods. More support for entities and methods coming soon in future releases.

FIND method_declaration AS md WHERE md.getDoc().GetCommentAuthor() == "shivasurya"

What's Changed

• Bump npm package version by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/88
• Move javadoc entity into primary core entity by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/92
• Support Method Chaining for Attributes and Entities by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/93
• Add more testcase by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/94
• v0.0.24 release by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/95

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.23...v0.0.24

What's Changed 🚀

Introducing methods, alias and variety condition support (using expr-lang) in this release. From now on you could query the codebase, 🎉

FIND method_declaration AS md WHERE md.getName() == "main" && "@Override" in md.getAnnotation()

• Pathfinder now uses ANTLR for verifying queries, expr-lang to support variety of operators for condition based filtering support.
• Pathfinder now finds vulnerable configs in Android project codebase. Checkout pathfinder ruleset published in website
• Pathfinder is now available in npm. You could download using npm i codepathfinder

Detailed changes

• npm cleanup config and release by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/76
• Add version and git tag info into the release by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/77
• Fixed method invocation param by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/78
• Added query to find android webview setting by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/79
• Added posthog analytics to docs by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/80
• pathfinder queries: added few more webview api ruleset by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/81
• Add code coverage app by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/82
• Update issue and feature req templates by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/83
• Enhanced query parser: Added ANTLR parser for query lang by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/49
• Add codecov badge by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/84
• Fix in array query and documentation stuff by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/85
• Bump version to v0.0.23 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/86
• fix(build): Fix windows powershell variables by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/87

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.22...v0.0.23

What's Changed

• Fix binary name for release by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/75

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.21...v0.0.22