v0.5.0
Highlights
--explain flag: source-to-sink dataflow traces
Taint findings now show exactly how data flows from source to sink. Pass --explain to see source and sink trace lines with file, line number, and description.
src/routes.py:42 CRITICAL py/taint-sql-injection (CWE-89)
source → line 38: flask.request.args (user-controlled input)
sink → line 42: cursor.execute (SQL execution)
Fix: use parameterized queries: cur.execute("SELECT * FROM users WHERE name = ?", (name,))
Fix suggestions for all taint findings
Every taint rule now includes a concrete fix suggestion — parameterized queries for SQL injection, shlex.quote for command injection, html.escape for XSS, URL allowlisting for SSRF, and more. Suggestions appear in terminal (--explain), JSON, and SARIF output.
New taint rules
- js/taint-sql-injection — SQL injection via string-built queries in Express/Knex/Sequelize
- js/taint-eval — eval/Function constructor with user input
- js/taint-command-injection — child_process.exec with user input
- js/taint-ssrf — fetch/axios/http.get with user-controlled URLs
- go/taint-*: closure analysis for Gin handler patterns (
r.GET("/path", func(c *gin.Context) { ... }))
MCP server (foxguard-mcp)
AI coding agents can now invoke foxguard via Model Context Protocol. Ships as a separate binary.
Claude Code hook integration
Run foxguard automatically on every file edit in Claude Code. See docs/claude-code-integration.md.
Semgrep taint YAML bridge — JS & Go support
The --semgrep-rules flag now supports taint rules targeting JavaScript and Go, in addition to Python.
Internal improvements
- Shared
AliasTableeliminates duplicate import alias logic across Python/JS/Go engines AnalysisContextstruct replaces ad-hoc parameter passing in taint engine signatures- Dead code cleanup across taint engines and scanner
Upgrading
npx foxguard@0.5.0 .
# or
cargo install foxguardUpdate GitHub Actions:
- uses: PwnKit-Labs/foxguard/action@v0.5.0Update pre-commit:
rev: v0.5.0What's Changed
- ci: deploy foxguard.dev from GitHub Actions by @peaktwilight in #49
- refactor: extract duplicated rule helpers into common module by @Darkroom4364 in #45
- tests: multi-file Django fixture pinning cross-file taint limit (refs #48) by @peaktwilight in #50
- tests: multi-file Express, Next.js, and Gin realistic fixtures (refs #48) by @peaktwilight in #51
- feat(js): js/taint-sql-injection server-side taint rule by @peaktwilight in #53
- docs: adopt PwnKit Labs umbrella tagline by @peaktwilight in #56
- docs: reduce PwnKit Labs mentions and fix stale umbrella tagline by @peaktwilight in #57
- docs: add Claude Code hook integration guide by @peaktwilight in #62
- feat: add MCP server for AI coding agent integration by @peaktwilight in #63
- feat(go): analyze closures in Go taint engine (refs #55) by @peaktwilight in #65
- feat(js): add remaining JS server-side taint rules by @peaktwilight in #64
- refactor: delete dead debug code, stale annotations, extract constants by @peaktwilight in #66
- feat: extend Semgrep taint YAML bridge to JavaScript and Go by @peaktwilight in #70
- refactor: introduce AnalysisContext struct for taint engine signatures by @peaktwilight in #71
- refactor: deduplicate import alias tables into shared AliasTable by @peaktwilight in #72
- feat: add --explain flag for source-to-sink dataflow traces by @peaktwilight in #73
- feat: add fix suggestions for taint findings (refs #61) by @peaktwilight in #74
New Contributors
- @Darkroom4364 made their first contribution in #45
Full Changelog: v0.4.0...v0.5.0
What's Changed
- ci: deploy foxguard.dev from GitHub Actions by @peaktwilight in #49
- refactor: extract duplicated rule helpers into common module by @Darkroom4364 in #45
- tests: multi-file Django fixture pinning cross-file taint limit (refs #48) by @peaktwilight in #50
- tests: multi-file Express, Next.js, and Gin realistic fixtures (refs #48) by @peaktwilight in #51
- feat(js): js/taint-sql-injection server-side taint rule by @peaktwilight in #53
- docs: adopt PwnKit Labs umbrella tagline by @peaktwilight in #56
- docs: reduce PwnKit Labs mentions and fix stale umbrella tagline by @peaktwilight in #57
- docs: add Claude Code hook integration guide by @peaktwilight in #62
- feat: add MCP server for AI coding agent integration by @peaktwilight in #63
- feat(go): analyze closures in Go taint engine (refs #55) by @peaktwilight in #65
- feat(js): add remaining JS server-side taint rules by @peaktwilight in #64
- refactor: delete dead debug code, stale annotations, extract constants by @peaktwilight in #66
- feat: extend Semgrep taint YAML bridge to JavaScript and Go by @peaktwilight in #70
- refactor: introduce AnalysisContext struct for taint engine signatures by @peaktwilight in #71
- refactor: deduplicate import alias tables into shared AliasTable by @peaktwilight in #72
- feat: add --explain flag for source-to-sink dataflow traces by @peaktwilight in #73
- feat: add fix suggestions for taint findings (refs #61) by @peaktwilight in #74
New Contributors
- @Darkroom4364 made their first contribution in #45
Full Changelog: v0.4.0...v0.5.0
Contributors
peaktwilight and Darkroom4364