Pathfinder · Open-source static code analysis

/pathfinder.

Query your code
like a database.

Static analysis built for engineers. Find what matters across thousands of files in seconds.

Code scanning, beyond grep. AST-aware queries across your repo.

Quality, not just security. Surface code smells alongside CVEs.

Eliminate tech debt. Custom rules that fit your team.

PYTHON-DJANGO-SEC-001/rule.py

from codepathfinder import calls, flows

@python_rule(
    id="DJANGO-SQLI", severity="CRITICAL", cwe="CWE-89",
)
def detect_sqli():
    return flows(
      from_sources=[calls("request.GET.get")],
      to_sinks=[calls("cursor.execute")],
      sanitized_by=[calls("escape")],
    )

3 matches in 1,287 files CWE-89 · A03:2021

codepathfinder.dev © 2026 Pathfinder

Sign in

Pick how you want to continue.

By continuing, you agree to the terms.