v0.2.0

[elicpeter]

Added

• Cross-file taint analysis -- two-pass architecture: Pass 1 extracts FuncSummary per function (source/sanitizer/sink capabilities, taint propagation, callees), Pass 2 runs BFS taint propagation with cross-file callee resolution.
• CFG analysis engine with five detectors: unguarded sinks (cfg-unguarded-sink), auth gaps in web handlers (cfg-auth-gap), unreachable security code (cfg-unreachable-*), error fallthrough (cfg-error-fallthrough), and resource leaks (cfg-resource-leak).
• Cross-language interop -- taint flows across language boundaries via explicit InteropEdge structs without false-positive name collisions.
• Function summaries persisted to SQLite (function_summaries table) with arity, parameter names, capability bitflags, and callee lists.
• Multi-language CFG + taint support -- all 10 languages (Rust, C, C++, Java, Go, PHP, Python, Ruby, TypeScript, JavaScript) now have KINDS maps, RULES, and PARAM_CONFIG for full CFG construction and taint analysis.
• Resource leak detection for C/C++ (malloc/free, fopen/fclose), Go (os.Open/Close, Lock/Unlock), Rust (alloc/dealloc), and Java (streams, connections).
• Finding scoring system -- numeric scores based on severity, proximity to entry point, path complexity, taint confirmation, and confidence multiplier.
• Analysis modes -- Full (default), Ast (--ast-only), and Taint (--cfg-only) selectable via CLI flags or scanner.mode config.
• GlobalSummaries with conservative merge: union caps, OR booleans, union param/callee lists on name collisions across files.
• Performance optimizations -- _from_bytes variants to read-once/hash-once, lock-free rayon parallelism, SQLite WAL + 8 MB cache + 256 MB mmap.
• Tracing instrumentation -- tracing spans on all pipeline phases (walk, pass1, merge, pass2, per-file ops, db_init).
• Benchmark suite -- criterion benchmarks in benches/scan_bench.rs with fixtures.
• 107 unit tests covering taint propagation, cross-file resolution, cross-language interop, CFG analysis, and summaries.

Changed

• Bumped all dependencies to latest compatible versions.
• Cap bitflags expanded: ENV_VAR, HTML_ESCAPE, SHELL_ESCAPE, URL_ENCODE, JSON_PARSE, FILE_IO.
• classify() in labels uses zero-allocation byte-level case-insensitive comparisons.
• Indexed scans now always re-analyze all files in Pass 2 when taint is enabled (conservative: global summaries may have changed even if a file didn't).

Fixed

• Clippy ptr_arg lint in perf tests (&PathBuf -> &Path).

---

This discussion was created from the release v0.2.0.

[elicpeter]

After ~8 months of deep architectural work, v0.2.0 is finally out.

Since the detailed change log already covers what shipped, I want to briefly highlight what this release represents architecturally.

This version marks the transition from primarily per-file analysis to a global, summary-driven analysis architecture capable of reasoning across large, polyglot codebases.

The core shift was moving to a two-pass model with persisted function summaries, enabling cross-file propagation, cross-language resolution, and CFG-driven reasoning to operate cohesively at project scale.

The time gap reflects a deliberate systems-level refactor rather than incremental feature additions. Much of the work was foundational: building infrastructure that future analysis capabilities can rely on without reworking the core engine again.

More advanced capabilities are already in progress, including deeper exploit modeling and hybrid reasoning approaches.

As always, feedback, scrutiny, and contributions are welcome.