Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/shivasurya/code-pathfinder

Code Pathfinder, the open-source alternative to GitHub CodeQL built with GoLang. Built for advanced structural search, derive insights, find vulnerabilities in code.
https://github.com/shivasurya/code-pathfinder

application-security code-scanning codeql golang sast search security security-tools structural-search tree-sitter

Last synced: 6 days ago
JSON representation

Code Pathfinder, the open-source alternative to GitHub CodeQL built with GoLang. Built for advanced structural search, derive insights, find vulnerabilities in code.

Host: GitHub
URL: https://github.com/shivasurya/code-pathfinder
Owner: shivasurya
License: agpl-3.0
Created: 2023-11-19T23:24:49.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2025-02-12T03:17:31.000Z (9 days ago)
Last Synced: 2025-02-14T14:53:14.089Z (7 days ago)
Topics: application-security, code-scanning, codeql, golang, sast, search, security, security-tools, structural-search, tree-sitter
Language: Go
Homepage: https://codepathfinder.dev
Size: 9.83 MB
Stars: 48
Watchers: 1
Forks: 7
Open Issues: 2
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md

Awesome Lists containing this project

README

# Code Pathfinder
About
Code Pathfinder, the open-source alternative to GitHub CodeQL. Built for advanced structural search, derive insights, find vulnerabilities in code.

[![Build and Release](https://github.com/shivasurya/code-pathfinder/actions/workflows/build.yml/badge.svg)](https://github.com/shivasurya/code-pathfinder/actions/workflows/build.yml) [![Go Report Card](https://goreportcard.com/badge/github.com/shivasurya/code-pathfinder/sourcecode-parser)](https://goreportcard.com/report/github.com/shivasurya/code-pathfinder/sourcecode-parser)
[![MIT License](https://img.shields.io/github/license/shivasurya/code-pathfinder)](https://github.com/shivasurya/code-pathfinder/blob/main/LICENSE)
[![Discord](https://img.shields.io/discord/1259511338183557120?logo=discord&label=discord&utm_source=github)](https://discord.gg/xmPdJC6WPX)
[![codecov](https://codecov.io/gh/shivasurya/code-pathfinder/graph/badge.svg?token=VYQLI49TF4)](https://codecov.io/gh/shivasurya/code-pathfinder)

## :tv: Demo

```bash
docker run --rm -v "./src:/src" shivasurya/code-pathfinder:stable-latest ci --project /src/code-pathfinder/test-src --ruleset cpf/java
```

## :book: Documentation

- [Documentation](https://codepathfinder.dev/)
- [Pathfinder Queries](https://github.com/shivasurya/code-pathfinder/tree/main/pathfinder-rules)

## :floppy_disk: Installation

### :whale: Using Docker

```bash
$ docker pull shivasurya/code-pathfinder:stable-latest
```

### From npm

```bash
$ npm install -g codepathfinder
$ pathfinder --help
```

### Pre-Built Binaries

Download the latest release from [GitHub releases](https://github.com/shivasurya/code-pathfinder/releases) and choose
the binary that matches your operating system.

```shell
$ chmod u+x pathfinder
$ pathfinder --help
```

## Getting Started
Read the [official documentation](https://codepathfinder.dev/), or run `pathfinder --help`.

## Features

- [x] Basic queries (Similar to CodeQL)
- [x] Source Sink Analysis
- [ ] Data Flow Analysis with Control Flow Graph

## Usage

```bash
$ cd sourcecode-parser

$ gradle buildGo (or) npm install -g codepathfinder

$ ./pathfinder query --project --stdin
2024/06/30 21:35:29 Graph built successfully
Path-Finder Query Console:
>FROM method_declaration AS md
WHERE md.getName() == "getPaneChanges"
SELECT md, "query for pane changes layout methods"
Executing query: FROM method_declaration AS md WHERE md.getName() == "getPaneChanges"

┌───┬──────────────────────────────────────────┬─────────────┬────────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│ # │ FILE │ LINE NUMBER │ TYPE │ NAME │ CODE SNIPPET │
├───┼──────────────────────────────────────────┼─────────────┼────────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ 1 │ /Users/shiva/src/code-pathfinder/test-sr │ 148 │ method_declaration │ getPaneChanges │ protected void getPaneChanges() throws ClassCastException { │
│ │ c/android/app/src/main/java/com/ivb/udac │ │ │ │ mTwoPane = findViewById(R.id.movie_detail_container) │
│ │ ity/movieListActivity.java │ │ │ │ != null; │
│ │ │ │ │ │ } │
└───┴──────────────────────────────────────────┴─────────────┴────────────────────┴────────────────┴──────────────────────────────────────────────────────────────┘
Path-Finder Query Console:
>:quit
Okay, Bye!
```

## Acknowledgements
Code Pathfinder uses tree-sitter for all language parsers.