Skip to content

v0.5.0
Compare
Choose a tag to compare
@HikaruEgashira HikaruEgashira released this 04 Jun 18:10
· 152 commits to main since this release
v0.5.0
246b03e

v0.5.0 Release

🚀 Major Features

Custom Pattern Generation

  • Added --generate-patterns flag for automatic security pattern detection
  • Implemented LLM-based classification of functions into sources/sinks/validate patterns
  • Automatic generation of vuln-patterns.yml files compatible with existing pattern system
  • Multi-language support for pattern generation (Python, Rust, JavaScript, TypeScript, Go, Java, Ruby)

Enhanced Code Analysis

  • Integrated tree-sitter for precise function definition extraction
  • Added context-aware security pattern detection
  • Automatic regex pattern generation for detected security functions

🔧 Improvements

Core Functionality

  • Added new pattern_generator module for custom pattern generation
  • Enhanced file discovery to analyze all source files
  • Improved pattern classification with detailed descriptions and reasoning

Architecture

  • Modular pattern generation system separated from main analysis logic
  • Comprehensive error handling for pattern generation workflow
  • Support for appending patterns to existing YAML files

Development Experience

  • Added 6 comprehensive test cases for pattern generation functionality
  • Improved gitignore configuration to exclude generated test patterns
  • Enhanced code organization with dedicated pattern generation module

📚 Testing & Quality Assurance

  • YAML format generation testing
  • File discovery and definition extraction testing
  • Pattern classification and filtering testing
  • Empty pattern handling and language filtering testing
  • Integration testing with real vulnerable applications

🛠️ Usage Examples

# Generate patterns for current directory
cargo run -- --generate-patterns -r .

# Generate patterns for specific project
cargo run -- --generate-patterns -r /path/to/project

# Use specific model for generation
cargo run -- --generate-patterns -r /path/to/project --model gpt-4.1-nano

📄 Generated Pattern Example

Python:
  sinks:
    - pattern: "\bsql_injection\s*\("
      description: "Vulnerable SQL query execution"
    - pattern: "\bcommand_injection\s*\("
      description: "Vulnerable command execution"

This release adds a powerful custom pattern generation capability that allows vulnhuntrs to automatically detect and classify project-specific security patterns, significantly enhancing its ability to analyze new codebases and custom functions.

Assets 2
Loading