About Code Pathfinder, the open-source alternative to GitHub CodeQL. Built for advanced structural search, derive insights, find vulnerabilities in code.
docker run --rm -v "./src:/src" shivasurya/code-pathfinder:stable-latest ci --project /src/code-pathfinder/test-src --ruleset cpf/java
$ docker pull shivasurya/code-pathfinder:stable-latest
$ npm install -g codepathfinder
$ pathfinder --help
Download the latest release from GitHub releases and choose the binary that matches your operating system.
$ chmod u+x pathfinder
$ pathfinder --help
Read the official documentation, or run pathfinder --help
.
- Basic queries (Similar to CodeQL)
- Source Sink Analysis
- Data Flow Analysis with Control Flow Graph
$ cd sourcecode-parser
$ gradle buildGo (or) npm install -g codepathfinder
$ ./pathfinder query --project <path_to_project> --stdin
2024/06/30 21:35:29 Graph built successfully
Path-Finder Query Console:
>FROM method_declaration AS md
WHERE md.getName() == "getPaneChanges"
SELECT md, "query for pane changes layout methods"
Executing query: FROM method_declaration AS md WHERE md.getName() == "getPaneChanges"
┌───┬──────────────────────────────────────────┬─────────────┬────────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│ # │ FILE │ LINE NUMBER │ TYPE │ NAME │ CODE SNIPPET │
├───┼──────────────────────────────────────────┼─────────────┼────────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ 1 │ /Users/shiva/src/code-pathfinder/test-sr │ 148 │ method_declaration │ getPaneChanges │ protected void getPaneChanges() throws ClassCastException { │
│ │ c/android/app/src/main/java/com/ivb/udac │ │ │ │ mTwoPane = findViewById(R.id.movie_detail_container) │
│ │ ity/movieListActivity.java │ │ │ │ != null; │
│ │ │ │ │ │ } │
└───┴──────────────────────────────────────────┴─────────────┴────────────────────┴────────────────┴──────────────────────────────────────────────────────────────┘
Path-Finder Query Console:
>:quit
Okay, Bye!
Code Pathfinder uses tree-sitter for all language parsers.