Code Pathfinder
Code Pathfinder attempts to be query language for structural search on source code. It's built for identifying vulnerabilities in source code. Currently, it only supports Java language.
Installation
From npm
$ npm install -g codepathfinder
$ pathfinder --helpPre-Built Binaries
Download the latest release from GitHub releases and choose the binary that matches your operating system.
$ chmod u+x pathfinder
$ pathfinder --helpGetting Started
Read the official documentation, or run pathfinder --help.
Features
- [x] Basic queries
- [x] Source Sink Analysis
- [ ] Taint Analysis
- [ ] Data Flow Analysis with Control Flow Graph
Usage
$ cd sourcecode-parser
$ go build -o pathfinder (or) go run .
$ ./pathfinder /PATH/TO/SOURCE
2024/06/30 21:35:29 Graph built successfully
Path-Finder Query Console:
>FIND method_declaration WHERE throwstype = "ClassCastException"
Executing query: FIND method_declaration WHERE throwstype = "ClassCastException"
┌───┬──────────────────────────────────────────┬─────────────┬────────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│ # │ FILE │ LINE NUMBER │ TYPE │ NAME │ CODE SNIPPET │
├───┼──────────────────────────────────────────┼─────────────┼────────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ 1 │ /Users/shiva/src/code-pathfinder/test-sr │ 148 │ method_declaration │ getPaneChanges │ protected void getPaneChanges() throws ClassCastException { │
│ │ c/android/app/src/main/java/com/ivb/udac │ │ │ │ mTwoPane = findViewById(R.id.movie_detail_container) │
│ │ ity/movieListActivity.java │ │ │ │ != null; │
│ │ │ │ │ │ } │
└───┴──────────────────────────────────────────┴─────────────┴────────────────────┴────────────────┴──────────────────────────────────────────────────────────────┘
Path-Finder Query Console:
>:quit
Okay, Bye!Acknowledgements
Code Pathfinder uses tree-sitter for all language parsers.