Python SDK for code-pathfinder static analysis for modern security teams
Project description
Code Pathfinder Python SDK
Write security rules in Python for Code Pathfinder, an open-source security scanner that combines structural code analysis with AI-powered vulnerability detection.
What you can do:
- Write custom security rules using Python instead of regex or YAML
- Trace data flows from sources (user input) to sinks (SQL, eval, file operations)
- Run rules in VS Code, CLI, or CI/CD pipelines
- Export findings to DefectDojo, GitHub Advanced Security, SARIF, JSON, or CSV
Documentation: https://codepathfinder.dev/
Installation
pip install codepathfinder
This installs both the Python SDK and the pathfinder CLI binary for your platform.
Verify Installation
# Test CLI binary
pathfinder --version
# Test Python SDK
python -c "from codepathfinder import rule, calls; print('SDK OK')"
Supported Platforms
- Linux (glibc): x86_64, aarch64
- macOS: arm64 (Apple Silicon), x86_64 (Intel)
- Windows: x86_64
Source distributions are available for other platforms - the binary will be downloaded automatically on first use.
Quick Example
from codepathfinder import rule, flows, calls
from codepathfinder.presets import PropagationPresets
@rule(id="sql-injection", severity="critical", cwe="CWE-89")
def detect_sql_injection():
"""Detects SQL injection vulnerabilities"""
return flows(
from_sources=calls("request.GET", "request.POST"),
to_sinks=calls("execute", "executemany"),
sanitized_by=calls("quote_sql"),
propagates_through=PropagationPresets.standard(),
scope="global"
)
Features
- Matchers:
calls(),variable()for pattern matching - Dataflow Analysis:
flows()for source-to-sink taint tracking - Propagation: Explicit propagation primitives (assignment, function args, returns)
- Logic Operators:
And(),Or(),Not()for complex rules - JSON IR: Serializes to JSON for Go executor integration
Documentation
For detailed documentation, visit https://codepathfinder.dev/
Requirements
- Python 3.8+
- No external dependencies (stdlib only!)
License
AGPL-3.0 - GNU Affero General Public License v3
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file codepathfinder-1.3.1.tar.gz.
File metadata
- Download URL: codepathfinder-1.3.1.tar.gz
- Upload date:
- Size: 47.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1820e44a9cba4b0b049b78dff0f78ae2bf01b1b0876634414370d7dc1de05cbb
|
|
| MD5 |
f32f93a4f5f7635d855cb6367933657a
|
|
| BLAKE2b-256 |
59619951b296059a53b87136b1a829954361e0977ea450754be141fa2681a15c
|
File details
Details for the file codepathfinder-1.3.1-py3-none-win_amd64.whl.
File metadata
- Download URL: codepathfinder-1.3.1-py3-none-win_amd64.whl
- Upload date:
- Size: 4.7 MB
- Tags: Python 3, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bb19482e817797c308bc9931b9f0f2e6b845ae2544f87577da3f0960b05ca912
|
|
| MD5 |
57b3eb64a9623a8d57ec46de2e6fda65
|
|
| BLAKE2b-256 |
bffb871b95925dc32101b92b26f4df6175067702c988f50d012b35117a2e1541
|
File details
Details for the file codepathfinder-1.3.1-py3-none-manylinux_2_17_x86_64.whl.
File metadata
- Download URL: codepathfinder-1.3.1-py3-none-manylinux_2_17_x86_64.whl
- Upload date:
- Size: 4.6 MB
- Tags: Python 3, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2d0244d9da1f4aa109948caef3a374a0c04e485f62710067fc24134ef4769d24
|
|
| MD5 |
a5af5e9f19da110a068254cc8a8ea9d4
|
|
| BLAKE2b-256 |
06011fc3f0948d5c7d8860b09178693a3064fb4f1aa8e30c636dd4879bd87327
|
File details
Details for the file codepathfinder-1.3.1-py3-none-manylinux_2_17_aarch64.whl.
File metadata
- Download URL: codepathfinder-1.3.1-py3-none-manylinux_2_17_aarch64.whl
- Upload date:
- Size: 4.2 MB
- Tags: Python 3, manylinux: glibc 2.17+ ARM64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cef5f1cf04161e0ba46e0143cf66daa6e3b71310ebffcd0182af5be471f2045c
|
|
| MD5 |
e73d8de75170aafd5692a4dadca8260d
|
|
| BLAKE2b-256 |
a7ba0efd7a9ee3314034623b16f95a08f871fbf2fd75d7f55fbbb18e0f5318f3
|
File details
Details for the file codepathfinder-1.3.1-py3-none-macosx_11_0_arm64.whl.
File metadata
- Download URL: codepathfinder-1.3.1-py3-none-macosx_11_0_arm64.whl
- Upload date:
- Size: 4.3 MB
- Tags: Python 3, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fc9c39370799fa20489da669194f12d2bc4c183c9add870ea9cc3af8515313da
|
|
| MD5 |
98d9b443c3ed1ef9bba3ffe787f88cd9
|
|
| BLAKE2b-256 |
e7b50e85e943e8a3d38ee59f01af212543f9ce6ffd613bf69f83e97e7dca9b6f
|
File details
Details for the file codepathfinder-1.3.1-py3-none-macosx_10_9_x86_64.whl.
File metadata
- Download URL: codepathfinder-1.3.1-py3-none-macosx_10_9_x86_64.whl
- Upload date:
- Size: 4.6 MB
- Tags: Python 3, macOS 10.9+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9a486c97f403512133fdb3cf916130bdc43c756de34257264348065a00436486
|
|
| MD5 |
22cef7d2577a9d7d2a9d671b38a68e0e
|
|
| BLAKE2b-256 |
af7fe7bb6ec738ded2e8060dec83837af270de565108a1d2866ffd977af02283
|
