Skip to content

refactor: Create patterns package for pattern detection (PR #6) #377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 16, 2025
Merged

refactor: Create patterns package for pattern detection (PR #6) #377

merged 2 commits into from
Nov 16, 2025

Conversation

@shivasurya
Copy link
Owner

@shivasurya shivasurya commented Nov 15, 2025

Summary

Creates dedicated patterns package for security pattern detection and framework identification. This PR isolates pattern matching logic into a clean, testable package structure.

Changes

New Package Structure

graph/callgraph/patterns/
├── detector.go        # Pattern matching & vulnerability detection (475 LOC)
├── frameworks.go      # Framework detection helpers (52 LOC)
├── helpers.go         # AST traversal helpers (34 LOC)
├── doc.go            # Package documentation (32 LOC)
└── detector_test.go   # Comprehensive tests (15 tests)

Files Modified

  • patterns.go - Backward compatibility wrappers with type aliases

Key Features

  • PatternRegistry for managing security patterns
  • 3 Pattern Types: SourceSink, MissingSanitizer, DangerousFunction
  • Framework Detection: Django, Flask, FastAPI, Tornado, etc.
  • Taint Analysis Integration: Intra-procedural vulnerability detection
  • Full Backward Compatibility: All existing code continues to work

Pattern Matching

registry := patterns.NewPatternRegistry()
registry.AddPattern(&patterns.Pattern{
    ID: "SQL-INJECTION-001",
    Type: patterns.PatternTypeMissingSanitizer,
    Sources: []string{"request.GET", "request.POST"},
    Sinks: []string{"execute", "executemany"},
    Sanitizers: []string{"escape_sql"},
})

match := registry.MatchPattern(pattern, callGraph)
if match.Matched {
    fmt.Printf("Vulnerability: %s -> %s\n", match.SourceFQN, match.SinkFQN)
}

Framework Detection

framework := patterns.DetectFramework(importMap)
if framework != nil {
    fmt.Printf("Using %s (%s)\n", framework.Name, framework.Category)
}

Test Coverage

  • Coverage: 77.8% of statements
  • Tests: 15 tests, all passing
  • Test file: Moved from patterns_test.go to patterns/detector_test.go

Build Verification

✅ gradle buildGo - SUCCESS
✅ go test ./graph/callgraph/... - ALL PASS
✅ All existing tests pass - NO BREAKING CHANGES

Dependencies

  • Imports from core/, extraction/, analysis/taint/
  • Uses core.CallGraph for pattern matching
  • Integrates with taint analysis for vulnerability detection

Graphite Stack

main
 └─ refactor/05-advanced-resolution (#376)
     └─ refactor/06-patterns (#XXX) ← THIS PR

Related PRs

🤖 Generated with Claude Code

@safedep
Copy link

safedep bot commented Nov 15, 2025
edited
Loading

SafeDep Report Summary

Green Malicious Packages Badge Green Vulnerable Packages Badge Green Risky License Badge

No dependency changes detected. Nothing to scan.

This report is generated by SafeDep Github App

@codecov
Copy link

codecov bot commented Nov 15, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 82.44898% with 43 lines in your changes missing coverage. Please review.
✅ Project coverage is 79.71%. Comparing base (d33c02b) to head (6f06e94).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...cecode-parser/graph/callgraph/patterns/detector.go 81.22% 26 Missing and 14 partials ⚠️
sourcecode-parser/graph/callgraph/patterns.go 25.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #377      +/-   ##
==========================================
- Coverage   79.74%   79.71%   -0.04%     
==========================================
  Files          86       89       +3     
  Lines        6938     6971      +33     
==========================================
+ Hits         5533     5557      +24     
- Misses       1175     1183       +8     
- Partials      230      231       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

shivasurya added a commit that referenced this pull request Nov 15, 2025
@shivasurya @claude
test: Add comprehensive tests for patterns package (85% coverage)
06d6aa9 
Addresses coverage gaps in PR #377 by adding extensive test suites:

New Test Files:
- patterns/frameworks_test.go (12 test functions, 40+ test cases)
  - DetectFramework tests for Django, Flask, FastAPI, etc.
  - IsKnownFramework tests for 13 different frameworks
  - GetFrameworkCategory and GetFrameworkName tests
  - Edge cases: nil ImportMap, empty map, multiple frameworks

- patterns/helpers_test.go (6 test functions)
  - readFileBytes tests with temp files
  - findFunctionAtLine tests with tree-sitter AST
  - Nested function detection
  - Error handling tests

Bug Fixes:
- Fixed DetectFramework to iterate over FQNs (values) not aliases (keys)
- Removed unused core import from patterns.go
- Fixed unconvert lint error in MatchPattern function

Coverage Improvements:
- patterns/frameworks.go: 0% → 100%
- patterns/helpers.go: 75% → 100%
- patterns/detector.go: 81.22% (no change, already tested)
- **Overall package coverage: 85.0%** (up from 77.8%)

All Tests Pass:
✅ 41 tests in patterns package
✅ All callgraph tests pass
✅ gradle lintGo - 0 issues

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This was referenced Nov 15, 2025
Merged
Merged
Merged
Merged
@shivasurya Graphite App
Copy link
Owner Author

shivasurya commented Nov 15, 2025
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

This was referenced Nov 15, 2025
Merged
Merged
@shivasurya Graphite App
Copy link
Owner Author

shivasurya commented Nov 16, 2025
edited
Loading

Merge activity

  • Nov 16, 12:00 AM UTC: A user started a stack merge that includes this pull request via Graphite.
  • Nov 16, 12:10 AM UTC: Graphite rebased this pull request as part of a merge.
  • Nov 16, 12:10 AM UTC: @shivasurya merged this pull request with Graphite.

@shivasurya shivasurya changed the base branch from refactor/05-advanced-resolution to graphite-base/377 November 16, 2025 00:07
@shivasurya shivasurya changed the base branch from graphite-base/377 to main November 16, 2025 00:08
shivasurya and others added 2 commits November 16, 2025 00:09
@shivasurya @claude
refactor: Create patterns package for pattern detection (PR #6)
ed15280 
Moved pattern detection logic to dedicated patterns package:

Files Created:
- patterns/detector.go (475 LOC) - Pattern matching & vulnerability detection
- patterns/frameworks.go (52 LOC) - Framework detection helpers
- patterns/helpers.go (34 LOC) - Helper functions for AST traversal
- patterns/doc.go (32 LOC) - Package documentation
- patterns/detector_test.go (moved from patterns_test.go)

Files Modified:
- patterns.go - Backward compatibility wrappers with type aliases

Key Features:
- PatternRegistry for managing security patterns
- Support for 3 pattern types: SourceSink, MissingSanitizer, DangerousFunction
- Framework detection (Django, Flask, FastAPI, etc.)
- Intra-procedural taint analysis integration
- Full backward compatibility maintained

Test Coverage: 77.8%
All 15 tests pass successfully

Dependencies:
- Imports from core/, extraction/, analysis/taint/
- Uses core.CallGraph for pattern matching
- Integrates with taint analysis for vulnerability detection

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@shivasurya @claude
test: Add comprehensive tests for patterns package (85% coverage)
6f06e94 
Addresses coverage gaps in PR #377 by adding extensive test suites:

New Test Files:
- patterns/frameworks_test.go (12 test functions, 40+ test cases)
  - DetectFramework tests for Django, Flask, FastAPI, etc.
  - IsKnownFramework tests for 13 different frameworks
  - GetFrameworkCategory and GetFrameworkName tests
  - Edge cases: nil ImportMap, empty map, multiple frameworks

- patterns/helpers_test.go (6 test functions)
  - readFileBytes tests with temp files
  - findFunctionAtLine tests with tree-sitter AST
  - Nested function detection
  - Error handling tests

Bug Fixes:
- Fixed DetectFramework to iterate over FQNs (values) not aliases (keys)
- Removed unused core import from patterns.go
- Fixed unconvert lint error in MatchPattern function

Coverage Improvements:
- patterns/frameworks.go: 0% → 100%
- patterns/helpers.go: 75% → 100%
- patterns/detector.go: 81.22% (no change, already tested)
- **Overall package coverage: 85.0%** (up from 77.8%)

All Tests Pass:
✅ 41 tests in patterns package
✅ All callgraph tests pass
✅ gradle lintGo - 0 issues

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@shivasurya shivasurya merged commit d0c9e09 into main Nov 16, 2025
3 checks passed
@shivasurya shivasurya deleted the refactor/06-patterns branch November 16, 2025 00:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shivasurya