code-pathfinder

概述

Code Pathfinder 是一个开源的静态分析引擎，能够追踪跨文件和函数的数据流。MCP 服务器提供工具来查询代码图，查找调用者/被调用者，追踪数据流，以及运行安全规则——使这些强大的分析功能在代码审查或开发过程中可供 AI 助手使用。它支持 Python、Docker 和 Docker Compose 分析，拥有 190 多个安全规则，可以自动下载。

试试问 AI

装完之后，这里有 3 个你可以让 AI 做的事：

• find_callers

  Find callers of a specific function in the codebase

  试试:Show me all functions that call authenticate_user试试:Find callers of the process_data function
• find_callees

  Find functions called by a specific function

  试试:What functions does authenticate_user call?试试:Show me all callees of the main function
• trace_dataflow

  Trace data flow between source and sink points

  试试:Trace how user input flows from request to database query试试:Show the data flow between login input and password check
• search_patterns

  Search for specific code patterns across the codebase

  试试:Find all SQL queries constructed with string concatenation试试:Show me all instances of eval() usage
• run_security_rule

  Run a specific security rule on the codebase

  试试:Run the SQL injection detection rule试试:Check for XSS vulnerabilities in the code
• analyze_project

  Perform complete security analysis of the project

  试试:Analyze the codebase for security vulnerabilities试试:Run a full security scan on this project
• get_code_graph

  Retrieve the call graph representation of the code

  试试:Show me the call graph for the authentication module试试:Get the function dependency graph for the main module
• query_taint_flows

  Query for tainted data flows across the codebase

  试试:Find all tainted flows from user inputs to file operations试试:Show me paths where unsanitized user input reaches SQL queries
• list_rules

  List available security rules for the codebase

  试试:Show all available security rules试试:List Python security rules
• get_function_info

  Get detailed information about a specific function

  试试:Get details about the process_user_data function试试:Show information for the authenticate function
• find_vulnerabilities

  Find vulnerabilities based on predefined security rules

  试试:Find all critical vulnerabilities in the code试试:Show me high severity security issues
• get_project_summary

  Get a summary of the project structure and analysis

  试试:Provide a summary of this codebase试试:Show project structure and metrics

说明：Tool names inferred from the MCP server description which mentions tools for 'querying the code graph: find callers/callees, trace data flows, search for patterns, and run security rules'. The specific tool names were constructed based on t

可对比工具

安装

brew install shivasurya/tap/pathfinder

pathfinder serve --project .

{
  "mcpServers": {
    "code-pathfinder": {
      "command": "pathfinder",
      "args": ["serve", "--project", "."]
    }
  }
}

Hacker News 讨论

开发者社区最近的相关讨论。

• Show HN: Open-Source CodeQL Alternative▲ 3
  帖子 by shivasurya · 2024-11-23

code-pathfinder 对比