v0.3.7-beta

🚀 Codebadger Release — v0.3.7-beta

v0.3.7-beta
Released Mar 22, 2026

---

📦 What’s New

• Added Uninitialized Read Detection (CWE-457) with full test coverage.

• Introduced TOCTOU (Time-of-Check to Time-of-Use) Detection for race condition vulnerabilities (CWE-367).

• Added Stack Buffer Overflow Detection with supporting analysis tests.

• New detectors for:

  • Format String Vulnerabilities
  • Heap Buffer Overflows

---

🛡️ Detection Improvements

• Enhanced Use-After-Free analysis:

  • Added post-free aliasing detection to catch indirect misuse paths.
  • Improved output descriptions for clearer diagnostics.

• Strengthened integer/overflow analysis:

  • Replaced operand matching logic with regex-based condition checks for higher accuracy.

• Expanded branch analysis capabilities:

  • Mutually exclusive branch detection now supports switch statements.

---

⚙️ Analysis & Engine Enhancements

• Refactored query execution pipeline for improved performance and maintainability.

• Optimized variable flow logic:

  • Cleaner structure
  • Reduced ambiguity in flow tracing

• Improved CFG and variable flow return formats for better downstream usability.

---

🧹 Refactors & Cleanup

• Removed export tools to streamline the toolset and reduce maintenance overhead.
• General internal refactoring for clarity, consistency, and performance.

---

🧪 Testing

• Added comprehensive test coverage for:

  • Uninitialized reads (CWE-457)
  • TOCTOU / race conditions (CWE-367)
  • Stack buffer overflows
  • Format string and heap overflow vulnerabilities

---

⚠️ Notes

• This remains a beta release — newly introduced detectors (especially race-condition and aliasing analysis) may evolve based on real-world usage.
• Output formats for flow and CFG data have slightly changed — downstream tooling should be validated.

Full Changelog: v0.3.6-beta...v0.3.7-beta

v0.3.6-beta

🚀 Codebadger Release — v0.3.6-beta

v0.3.6-beta
Released Mar 10, 2026

---

📦 What’s New

• Improved program slice location mapping in get_program_slice() ([$line] -> [$file:$line] fix).
• Added flow deduplication to find_taint_flows() to remove duplicate paths and reduce noise.

---

🛡️ Detection Improvements

• Replaced contains / endsWith checks with pathBoundaryRegex in vulnerability detectors:

  • find_double_free
  • find_use_after_free
  • find_null_pointer_deref
  • find_integer_overflow

---

⚙️ Stability & Diagnostics

• Silent exceptions in:

  • use_after_free.scala
  • null_pointer_deref.scala
  • integer_overflow.scala
    now emit diagnostic notes instead of failing silently.

---

🧹 Refactors & Cleanup

• Removed %4d zero-padding on line numbers in variable_flow.scala.
• Removed unused shutdown_event (asyncio.Event).
• Removed _setup_signal_handlers and related signal-handling logic.
• Removed unused imports (asyncio, signal).

---

🔌 FastMCP v3 Lifecycle Integration

• Migrated from @asynccontextmanager to FastMCP @lifespan.
• Replaced lifespan(mcp) with app_lifespan(server) to avoid decorator shadowing.
• Lifespan now yields a services dictionary, enabling access via ctx.lifespan_context.
• _graceful_shutdown() moved to a finally block to ensure cleanup on both normal shutdown and exceptions.

---

🔭 Observability

• Added OpenTelemetry support for tracing and monitoring analysis operations.

---

🛠️ Maintenance & Dependencies

• Bumped fastmcp version.
• Bumped joern version.
• General internal cleanup and consistency improvements.

---

⏱️ Tool Timeout Configuration

• 600s: generate_cpg
• 300s: heavy analysis (find_taint_flows, get_program_slice, vulnerability detectors)
• 120s: medium queries (get_variable_flow, get_call_graph, get_cfg, run_cpgql_query)
• 60s: store_findings, export_sarif
• 30s: lightweight lookup tools

---

🔐 Networking

• Reserved ports 13371–13399 to avoid conflicts with commonly used ports (e.g., 2222 for SSH).

---

⚠️ Note: This is a beta release and may include unstable or evolving APIs. Downstream integrations should be validated before production use.

Full Changelog: v0.3.5-beta...v0.3.6-beta

v0.3.5-beta

🚀 Codebadger Release — v0.3.5-beta

---

📦 What’s New

🧠 Deeper & More Precise Program Analysis

• Pointer aliasing support added to get_variable_flow(), significantly improving accuracy for real-world C/C++ code.
• Inter-procedural taint analysis is now the default behavior in find_taint_flows(), enabling end-to-end vulnerability tracing across function boundaries.
• Forward slicing added to get_program_slice(), complementing backward slicing for more complete flow analysis.
• Slices now include filename:loc, making results easier to trace back to source code.

---

🔄 Refactors & Improvements

• Major refactors across core graph and flow builders:
  • get_cfg() refactored for clarity, correctness, and maintainability.
  • get_call_graph() refactored to improve structure and future extensibility.
  • get_variable_flow() refactored to support aliasing and cleaner logic.
• Improved bounds checking logic in find_bounds_check().
• Improved precision and robustness in find_taint_flows().
• Fixed multiple issues in get_program_slice() related to location-based queries.

---

📂 API & UX Enhancements

• list_files() now:
  • Outputs a tree-based structure for better navigation.
  • Supports pagination, improving scalability for large projects.
• Filenames are now explicitly required to be relative to the project root (documented and enforced).
• Query loading logic refactored for consistency and reliability.
• Error handling standardized with a uniform error format across all APIs.

---

🛠️ Maintenance & Dependencies

• Updated and bumped fastmcp and mcp versions.
• Updated tests to match the refactored, inter-procedural find_taint_flows() API.
• General internal cleanup to reduce technical debt and improve long-term maintainability.

---

⚠️ Notes

• This is a beta release with significant internal refactors. While APIs are more powerful and consistent, downstream integrations should be revalidated.
• Ensure all file paths passed to APIs are relative to the project root.

---

Full Changelog: v3.3.4-beta...v0.3.5-beta

v0.3.4-beta

🚀 Codebadger Release — v0.3.4-beta

Released: Dec 14, 2025

📦 What’s New

🧠 New Analysis Tools (get_cpg_*)

We introduced new CPG-based inspection tools to improve structural and semantic analysis:

Tool	Description
get_cfg	Retrieve the full Control Flow Graph (nodes and edges) for a method
get_type_definition	Extract struct / type definitions including their members
get_macro_expansion	Detect potential macro expansions using heuristic analysis

These tools provide more explicit program structure access for agents and downstream analysis.

---

🔄 Refactors & Improvements

• Major refactor of find_taint_flows for clearer logic and improved maintainability.
• Refactored get_data_dependencies to improve correctness and extensibility.
• Performed a large-scale refactor of tools to standardize behavior and interfaces.
• Updated all tool descriptions to follow a single, consistent definition format, making them easier for LLM agents to understand and use.

---

🧹 Removed / Deprecated Tools

The following tools were removed due to low utility or redundancy:

• find_argument_flow
• find_literals
• check_method_reachability

This cleanup reduces noise and keeps the toolset focused on high-impact analysis primitives.

---

🛠️ Maintenance

• Improved clarity and consistency of tool descriptions across the codebase.
• Version bumped to v3.3.4-beta.

---

Full Changelog: v3.3.2-beta...v3.3.4-beta

v0.3.2-beta

🚀 Codebadger Release — v0.3.2-beta

Released: Nov 23, 2025

📦 What’s New

🔄 Rebranding

• Rebranded entire codebase to Codebadger for clearer identity and consistency.

🛠️ New Features & Improvements

• Added cache warming for static tools to speed up initial usage.
• Added a comprehensive list of sources and sinks for enhanced security analysis.
• Introduced a syntax help utility: get_cpgql_syntax_help.
• Improved run_cpgql_query to now return both stdout and stderr.
• Migrated to SQLite for query caching (removed Redis dependency).
• Fixed list_files for more reliable project introspection.

🧹 Cleanup

• Removed Redis bloat after migrating to SQLite.
• Reduced the size of the Docker image.

🔧 Maintenance

• Version bumped to 0.3.2-beta.

Full Changelog: 0.3.0-beta...v0.3.2-beta

0.3.0-beta

🚀 Release Notes — v0.3.0-beta

✨ Improvements

🔌 Joern Query Execution via Server

• Queries are now executed directly on a Joern server instead of using pipes.
• This significantly improves stability and reduces overhead.

⚙️ Asynchronous CPG Generation

• CPGs are now generated asynchronously.
• All codebases now share a single Docker container, replacing the previous multi-container setup.

📈 Enhanced Logging

• Improved and more structured logging for easier debugging and observability.

⚡ Faster Query Execution

• Query runs are now faster thanks to avoiding reloading the CPG each time.

---

Full Changelog:
v0.2.0-beta...0.3.0-beta

v0.2.0-beta

Full Changelog: stable...v0.2.0-beta

v0.2.0-alpha

What's Changed

• Integrate FastMCP by @Lekssays in #1
• Adding More Languages, Limit to Queries, and Tests by @Lekssays in #2

Full Changelog: https://github.com/Lekssays/joern-mcp/commits/stable