v0.3.7-beta

🚀 Codebadger Release — v0.3.7-beta

v0.3.7-beta
Released Mar 22, 2026

---

📦 What’s New

• Added Uninitialized Read Detection (CWE-457) with full test coverage.

• Introduced TOCTOU (Time-of-Check to Time-of-Use) Detection for race condition vulnerabilities (CWE-367).

• Added Stack Buffer Overflow Detection with supporting analysis tests.

• New detectors for:

  • Format String Vulnerabilities
  • Heap Buffer Overflows

---

🛡️ Detection Improvements

• Enhanced Use-After-Free analysis:

  • Added post-free aliasing detection to catch indirect misuse paths.
  • Improved output descriptions for clearer diagnostics.

• Strengthened integer/overflow analysis:

  • Replaced operand matching logic with regex-based condition checks for higher accuracy.

• Expanded branch analysis capabilities:

  • Mutually exclusive branch detection now supports switch statements.

---

⚙️ Analysis & Engine Enhancements

• Refactored query execution pipeline for improved performance and maintainability.

• Optimized variable flow logic:

  • Cleaner structure
  • Reduced ambiguity in flow tracing

• Improved CFG and variable flow return formats for better downstream usability.

---

🧹 Refactors & Cleanup

• Removed export tools to streamline the toolset and reduce maintenance overhead.
• General internal refactoring for clarity, consistency, and performance.

---

🧪 Testing

• Added comprehensive test coverage for:

  • Uninitialized reads (CWE-457)
  • TOCTOU / race conditions (CWE-367)
  • Stack buffer overflows
  • Format string and heap overflow vulnerabilities

---

⚠️ Notes

• This remains a beta release — newly introduced detectors (especially race-condition and aliasing analysis) may evolve based on real-world usage.
• Output formats for flow and CFG data have slightly changed — downstream tooling should be validated.

Full Changelog: v0.3.6-beta...v0.3.7-beta