Python DSL for code-pathfinder security patterns
Project description
Code-Pathfinder Python DSL
Python DSL for defining security patterns in Code Pathfinder - an open-source security suite combining structural code analysis with AI-powered vulnerability detection.
Project Goals:
- Real-time IDE integration bringing security insights directly into your editor
- AI-assisted analysis leveraging LLMs to understand context and identify vulnerabilities
- Unified workflow coverage from local development to CI/CD pipelines
- Flexible reporting supporting DefectDojo, GitHub Advanced Security, SARIF, and other platforms
Documentation: https://codepathfinder.dev/
Installation
pip install codepathfinder
This installs both the Python DSL and the pathfinder CLI binary for your platform.
Verify Installation
# Test CLI binary
pathfinder --version
# Test Python DSL
python -c "from codepathfinder import rule, calls; print('DSL OK')"
Supported Platforms
- Linux (glibc): x86_64, aarch64
- macOS: arm64 (Apple Silicon), x86_64 (Intel)
- Windows: x86_64
Source distributions are available for other platforms - the binary will be downloaded automatically on first use.
Quick Example
from codepathfinder import rule, flows, calls
from codepathfinder.presets import PropagationPresets
@rule(id="sql-injection", severity="critical", cwe="CWE-89")
def detect_sql_injection():
"""Detects SQL injection vulnerabilities"""
return flows(
from_sources=calls("request.GET", "request.POST"),
to_sinks=calls("execute", "executemany"),
sanitized_by=calls("quote_sql"),
propagates_through=PropagationPresets.standard(),
scope="global"
)
Features
- Matchers:
calls(),variable()for pattern matching - Dataflow Analysis:
flows()for source-to-sink taint tracking - Propagation: Explicit propagation primitives (assignment, function args, returns)
- Logic Operators:
And(),Or(),Not()for complex rules - JSON IR: Serializes to JSON for Go executor integration
Documentation
For detailed documentation, visit https://codepathfinder.dev/
Requirements
- Python 3.8+
- No external dependencies (stdlib only!)
License
AGPL-3.0 - GNU Affero General Public License v3
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file codepathfinder-1.1.3.tar.gz.
File metadata
- Download URL: codepathfinder-1.1.3.tar.gz
- Upload date:
- Size: 34.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0c3389419f6e68e3593f22ce885e2fb249e1ff1342bf512b650dc4774d639318
|
|
| MD5 |
f1c6cb3644da58c2492831c4ed2c6e50
|
|
| BLAKE2b-256 |
38d6f4989697c4027b0837efec555986c9d0034c1c9286d9770fe0f5a493b425
|
File details
Details for the file codepathfinder-1.1.3-py3-none-win_amd64.whl.
File metadata
- Download URL: codepathfinder-1.1.3-py3-none-win_amd64.whl
- Upload date:
- Size: 3.7 MB
- Tags: Python 3, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4ac2ec539dc7959869981e56b7241abb44aac6469abb4ac7b357d67c91da9fb5
|
|
| MD5 |
d6c845822459c8d0894aefc82e9af9f4
|
|
| BLAKE2b-256 |
5f25303dc0cf8843993af400b024c132f6ca728384a253466904d8b86498e3fa
|
File details
Details for the file codepathfinder-1.1.3-py3-none-manylinux_2_17_x86_64.whl.
File metadata
- Download URL: codepathfinder-1.1.3-py3-none-manylinux_2_17_x86_64.whl
- Upload date:
- Size: 3.6 MB
- Tags: Python 3, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9b247b228bf4f02a884a74d6b30bce94ae8c03f62ec419cda0c9cebce5791d9b
|
|
| MD5 |
b13b46dca76803c058b753a6e3dde8d7
|
|
| BLAKE2b-256 |
5c6e63e2e33b22f5da95fb6e98314a46c07a21187edc8b964abf6c46f018baac
|
File details
Details for the file codepathfinder-1.1.3-py3-none-manylinux_2_17_aarch64.whl.
File metadata
- Download URL: codepathfinder-1.1.3-py3-none-manylinux_2_17_aarch64.whl
- Upload date:
- Size: 3.3 MB
- Tags: Python 3, manylinux: glibc 2.17+ ARM64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c1331e8f3966cc6e8d429a136e1cd2864c5accbfa489b7d0eca79cc207afff23
|
|
| MD5 |
67ffd4fde61ecb80020089db4f5b7fe8
|
|
| BLAKE2b-256 |
4990935f3395d4875b5ba0a4d074212e1dd78bd84879311918de0c70fe6e106a
|
File details
Details for the file codepathfinder-1.1.3-py3-none-macosx_11_0_arm64.whl.
File metadata
- Download URL: codepathfinder-1.1.3-py3-none-macosx_11_0_arm64.whl
- Upload date:
- Size: 3.3 MB
- Tags: Python 3, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
28181a93e69a193775cdb417cc141a919812a04a017303077566e4bae5e4e27a
|
|
| MD5 |
0b36a8e8b660bbacf5addd35c10040d0
|
|
| BLAKE2b-256 |
312d3e84a0e12f04dc11ebaae73963eae559fb928340b1b970760defc25e40bd
|
File details
Details for the file codepathfinder-1.1.3-py3-none-macosx_10_9_x86_64.whl.
File metadata
- Download URL: codepathfinder-1.1.3-py3-none-macosx_10_9_x86_64.whl
- Upload date:
- Size: 3.6 MB
- Tags: Python 3, macOS 10.9+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
27f147a7fa371e4d99ea62422cb614edc2b11833e18c298a5e925a01f31fec63
|
|
| MD5 |
285789d6e651b90172c9b78d5f41488d
|
|
| BLAKE2b-256 |
d97405279fa16b1be02a056e06588d3bd63a9b91b8009fb195783eb6bb4f90cc
|
