Code Pathfinder attempts to be query language for structural search on source code. It's built for identifying vulnerabilities in source code. Currently, it only supports Java language.
Read the official documentation, or run pathfinder --help.
- Basic queries
- Source Sink Analysis
- Taint Analysis
- Data Flow Analysis with Control Flow Graph
$ cd sourcecode-parser
$ go build -o pathfinder (or) go run .
$ ./pathfinder /PATH/TO/SOURCE
2024/06/30 21:35:29 Graph built successfully
Path-Finder Query Console:
>FIND method_declaration WHERE throwstype = "ClassCastException"
Executing query: FIND method_declaration WHERE throwstype = "ClassCastException"
┌───┬──────────────────────────────────────────┬─────────────┬────────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│ # │ FILE │ LINE NUMBER │ TYPE │ NAME │ CODE SNIPPET │
├───┼──────────────────────────────────────────┼─────────────┼────────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ 1 │ /Users/shiva/src/code-pathfinder/test-sr │ 148 │ method_declaration │ getPaneChanges │ protected void getPaneChanges() throws ClassCastException { │
│ │ c/android/app/src/main/java/com/ivb/udac │ │ │ │ mTwoPane = findViewById(R.id.movie_detail_container) │
│ │ ity/movieListActivity.java │ │ │ │ != null; │
│ │ │ │ │ │ } │
└───┴──────────────────────────────────────────┴─────────────┴────────────────────┴────────────────┴──────────────────────────────────────────────────────────────┘
Path-Finder Query Console:
>:quit
Okay, Bye!Code Pathfinder uses tree-sitter for all language parsers.