Changelog

What's Changed

• feature: 🍺 Support for AssertStmt Node statement by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/179
• feature: Support for ReturnStmt statement by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/180
• fix docker command by @opstoken in https://github.com/shivasurya/code-pathfinder/pull/182
• feature: 🍺 Support for BlockStmt statement by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/181
• doc: refresh documentation for latest statement support by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/183
• chore: update seo title by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/184
• doc: Update the documentation to include BreakStmt, LabeledStmt, YieldStmt and etc by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/185
• chore: fix title tag issue by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/186
• Bump nanoid from 3.3.7 to 3.3.8 in /docs in the npm_and_yarn group across 1 directory by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/188
• Bump astro from 4.16.3 to 4.16.18 in /docs in the npm_and_yarn group across 1 directory by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/189
• chore(upgrade): Bump golang dependencies and version by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/192
• Bump vite from 5.4.11 to 5.4.14 in /docs in the npm_and_yarn group across 1 directory by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/193
• feature: :beer: Class with inheritance support by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/187
• blog: add closure table blog post 📰 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/196
• chore: Update Website Navigation and Messaging by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/197
• build(deps): bump the npm_and_yarn group across 1 directory with 3 updates by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/198
• feat: New Pathfinder Rules page (atlas) for docs by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/200
• chore: updated package-lock.json by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/201
• chore: added rollup optional dep by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/202
• chore: fix link in footer by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/203
• build(deps): bump prismjs from 1.29.0 to 1.30.0 in /docs in the npm_and_yarn group across 1 directory by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/204
• feature: Code-Pathfinder online hosted sandbox playground by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/205
• build(deps): bump @babel/runtime from 7.26.9 to 7.26.10 in /docs in the npm_and_yarn group across 1 directory by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/206
• build(deps): bump the go_modules group across 2 directories with 1 update by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/208
• release: bump version to 0.0.32 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/209

New Contributors

• @opstoken made their first contribution in https://github.com/shivasurya/code-pathfinder/pull/182 🎉

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.31...v0.0.32

What's new?

This release has query support for BreakStmt, ContinueStmt, YieldStmt, IfStmt, DoStmt, WhileStmt, ForStmt statements in source code (java) ☕ 🎉

Read latest blog post about detecting Webview vulnerabilities using Code-Pathfinder

• feature: IfStmt, DoStmt, WhileStmt, ForStmt and Generic Statement support by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/173
• feature: 🍺 Support for BreakStmt by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/174
• feature: 🍺 Support for Continue statement by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/175
• feature: 🍺 Support for YieldStmt statement by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/176

What's Changed

• doc: added ci/cd integ pages and docker updates by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/167
• added blog post for targeting android framework by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/169
• fix query name issue in blog post :bug: by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/170
• chore: improve doc site by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/171
• chore: added pr template by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/172
• release: bump version to v0.0.31 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/177

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.30...v0.0.31

What's Changed

• chore(release): fix npm publish by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/162
• feature: Add SARIF file generation from result by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/163
• :bug: Fix command issue in GitHub action and support sarif file format by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/164
• release: bump to v0.0.30 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/165

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.29...v0.0.30

This release has exciting new features such as CI command to scan source code for vulnerabilities within CI/CD ♾️ pipeline, docker support, GitHub Action support. 🎉

What's New?

1. Code-Pathfinder is now available in docker hub. Give it a try by pulling shivasurya/code-pathfinder:stable-latest 🐳
2. GitHub Action is now supported and you can start scanning source code. 🎉

# add as step to github action yaml file
    - name: Code-Pathfinder SAST Scan
            uses: shivasurya/code-pathfinder@main
            with:
              command: 'ci'
              project: '.'
              output-file: 'output.json'
              output: 'json'
              ruleset: 'cpf/java'

3. Code-Pathfinder now supports CI command to scan for vulnerabilities in source code. ♾️

$ pathfinder ci --project /src/code-pathfinder/test-src --ruleset cpf/java --output json --output-file output.json
...
Executing in CI mode ♾️ 

Checkout Code-pathfinder rules registry here

What's Changed

• Bump the npm_and_yarn group across 1 directory with 2 updates by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/151
• feature: Implement CI based pathfinder scan - part 1 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/153
• feature: Implement CI scan using pathfinder rules by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/155
• Bump astro from 4.15.12 to 4.16.3 in /docs in the npm_and_yarn group across 1 directory by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/157
• ✨ Add GitHub Action template with action.yml by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/156
• fixed docker :whale: tag mistake by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/158
• release: Bump/v0.0.29 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/159

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.28...v0.0.29

This release adds exciting new features such as support for querying ClassInstanceExpr where you could search for objects created with class. We have featured new blog post about codepathfinder. I have published various code pathfinder rules targeting generic java application

Code-Pathfinder Rules

• Usage of RC2/RC4 cipher
• Usage of deprecated DefaultHTTPClient
• Usage of SHA1 hash functions
• Usage of insecure Random functions for cryptographic purposes
• Usage of Blowfish crypt methods
• <More to come in next releases covering OWASP Top 10>

What's New?

• feature: Support for ClassInstanceExpr by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/142
• pathfinder rules: added unencrypted socket connection detection rule by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/143
• Blog #1 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/144
• fixed unique id issue for generating unique id by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/146
• More pathfinder rules 🎸 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/145

Chore

• Bump rollup from 4.21.3 to 4.22.4 in /docs in the npm_and_yarn group across 1 directory by @dependabot in https://github.com/shivasurya/code-pathfinder/pull/140
• Improve blog post by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/147
• chore: improved blog post and seo by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/148
• chore: added blog listing by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/149
• release: Bump version to 0.0.28 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/150

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.27...v0.0.28