pathfinder/sdk

SDK Reference

QueryType classes, matchers, and dataflow primitives for writing Code Pathfinder security rules. Every class maps to a fully-qualified import path — the engine resolves types, not method names.

rule.py
from codepathfinder.go_rule import GoGinContext, GoGormDB, GoStrconv
from codepathfinder import flows
from codepathfinder.presets import PropagationPresets
from codepathfinder.go_decorators import go_rule

@go_rule(id="GO-GORM-SQLI-001", severity="CRITICAL", cwe="CWE-89")
def detect_gorm_sqli():
    return flows(
        from_sources=[GoGinContext.method("Query", "Param")],
        to_sinks=[GoGormDB.method("Raw", "Exec")],
        sanitized_by=[GoStrconv.method("Atoi")],
        propagates_through=PropagationPresets.standard(), scope="global",
    )

Languages

Go1.21+

Type-aware security analysis for Go applications. QueryType classes resolve to fully-qualified Go module paths.

204
classes
1132
methods
5
categories
Web FrameworksDatabasesStandard LibraryHTTP ClientsAuth & Config
Python3.9+

Taint analysis for Python applications. Supports Flask, Django, FastAPI, and standard library sources/sinks.

429
classes
2781
methods
19
categories
Web FrameworksCommand ExecutionDatabasesDeserializationHTTP ClientsFile SystemArchivesCryptographyTemplatingLanguage FeaturesConcurrencyDate & TimeI/O & EncodingCLI & TerminalGUITestingDeveloper ToolsData ScienceUtilities

FQN Browser

Search all fully-qualified names across Go and Python. Find the exact class and FQN for your rule.

Browse FQNs →

API Reference

Complete docs for flows(), .method(), .tracks(), .where(), and PropagationPresets.

View API docs →
flows()

Taint analysis — wire sources to sinks with sanitizers and scope

.method()

Select specific methods on a QueryType class for matching

PropagationPresets

Control how taint flows through assignments, returns, and strings