@coana-tech/cli 14.12.174 → 14.12.175

package/cli.mjs

@@ -251421,7 +251421,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version3 = "14.12.174";
+var version3 = "14.12.175";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.174",
+  "version": "14.12.175",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -111209,7 +111209,7 @@ var JSCodeAwareVulnerabilityScanner = class _JSCodeAwareVulnerabilityScanner {
       analysisOptionsFromHeuristic.approx = process.env.JELLY_APPROX === "true" || experiment === "JELLY_APPROX";
       const analysisRes = await runJellyAnalysis(this.mainProjectDir, this.projectDir, analysisOptionsFromHeuristic, this.options, timeoutInSeconds, vulnerabilities, experiment, telemetryHandler, analyzerTelemetryHandler);
       const { analysisDiagnostics: diagnostics, matches } = analysisRes;
-      const terminatedEarly = diagnostics.aborted || diagnostics.timeout || diagnostics.lowmemory;
+      const terminatedEarly = diagnostics.aborted || diagnostics.timeout || diagnostics.lowmemory || diagnostics.rangeError;
       return {
         type: "success",
         diagnostics,

package/repos/coana-tech/jelly-private/dist/bundle/approx.js

@@ -7,11 +7,11 @@ import "./iterator-helpers-polyfill.js";
 import {
   require_hints,
   require_parser
-} from "./chunk-2EM22I7M.js";
+} from "./chunk-B4YMLUZ5.js";
 import {
   require_proxy,
   require_sandbox
-} from "./chunk-USUJB4DB.js";
+} from "./chunk-6YZBCEC5.js";
 import {
   __commonJS,
   __name,
@@ -21,7 +21,7 @@ import {
   require_options,
   require_transform,
   require_util
-} from "./chunk-NHEUSYVH.js";
+} from "./chunk-LFEVD6IY.js";
 
 // lib/approx/approx.js
 var require_approx = __commonJS({

package/repos/coana-tech/jelly-private/dist/bundle/{chunk-USUJB4DB.js → chunk-6YZBCEC5.js}

@@ -9,7 +9,7 @@ import {
   __name,
   __require,
   require_transform
-} from "./chunk-NHEUSYVH.js";
+} from "./chunk-LFEVD6IY.js";
 
 // lib/approx/proxy.js
 var require_proxy = __commonJS({
@@ -268,4 +268,4 @@ export {
   require_proxy,
   require_sandbox
 };
-//# sourceMappingURL=chunk-USUJB4DB.js.map
+//# sourceMappingURL=chunk-6YZBCEC5.js.map

package/repos/coana-tech/jelly-private/dist/bundle/{chunk-2EM22I7M.js → chunk-B4YMLUZ5.js}

@@ -14,7 +14,7 @@ import {
   require_options,
   require_tokens,
   require_util
-} from "./chunk-NHEUSYVH.js";
+} from "./chunk-LFEVD6IY.js";
 
 // lib/parsing/parser.js
 var require_parser = __commonJS({
@@ -516,4 +516,4 @@ export {
   require_patching,
   require_hints
 };
-//# sourceMappingURL=chunk-2EM22I7M.js.map
+//# sourceMappingURL=chunk-B4YMLUZ5.js.map

package/repos/coana-tech/jelly-private/dist/bundle/{chunk-ZYU33ERK.js → chunk-B76EIOV4.js}

@@ -8,7 +8,7 @@ import {
   __commonJS,
   __name,
   __require
-} from "./chunk-NHEUSYVH.js";
+} from "./chunk-LFEVD6IY.js";
 
 // node_modules/source-map/lib/base64.js
 var require_base64 = __commonJS({
@@ -224380,4 +224380,4 @@ typescript/lib/typescript.js:
   and limitations under the License.
   ***************************************************************************** *)
 */
-//# sourceMappingURL=chunk-ZYU33ERK.js.map
+//# sourceMappingURL=chunk-B76EIOV4.js.map

package/repos/coana-tech/jelly-private/dist/bundle/{chunk-NHEUSYVH.js → chunk-LFEVD6IY.js}

@@ -14470,7 +14470,7 @@ var require_constraintvars = __commonJS({
       return mod && mod.__esModule ? mod : { "default": mod };
     };
     Object.defineProperty(exports, "__esModule", { value: true });
-    exports.CallbackReceiverVar = exports.ReadResultVar = exports.AncestorsVar = exports.IntermediateVar = exports.ArgumentsVar = exports.ThisVar = exports.FunctionReturnVar = exports.ObjectPropertyVar = exports.NodeVar = exports.ConstraintVar = void 0;
+    exports.ReadResultVar = exports.AncestorsVar = exports.IntermediateVar = exports.ArgumentsVar = exports.ThisVar = exports.FunctionReturnVar = exports.ObjectPropertyVar = exports.NodeVar = exports.ConstraintVar = void 0;
     exports.isObjectPropertyVarObj = isObjectPropertyVarObj;
     var types_1 = __require("@babel/types");
     var util_1 = require_util();
@@ -14659,23 +14659,6 @@ var require_constraintvars = __commonJS({
       }
     };
     exports.ReadResultVar = ReadResultVar;
-    var CallbackReceiverVar = class extends ConstraintVar {
-      static {
-        __name(this, "CallbackReceiverVar");
-      }
-      fun;
-      constructor(fun) {
-        super();
-        this.fun = fun;
-      }
-      toString() {
-        return `CallbackReceiver[${(0, util_1.locationToStringWithFileAndEnd)(this.fun.loc, true)}]`;
-      }
-      getParent() {
-        return this.fun;
-      }
-    };
-    exports.CallbackReceiverVar = CallbackReceiverVar;
   }
 });
 
@@ -19940,4 +19923,4 @@ fill-range/index.js:
    * Licensed under the MIT License.
    *)
 */
-//# sourceMappingURL=chunk-NHEUSYVH.js.map
+//# sourceMappingURL=chunk-LFEVD6IY.js.map

package/repos/coana-tech/jelly-private/dist/bundle/hooks.js

@@ -6,10 +6,10 @@ import "./iterator-helpers-polyfill.js";
 
 import {
   require_moduleresolver
-} from "./chunk-ZYU33ERK.js";
+} from "./chunk-B76EIOV4.js";
 import {
   require_sandbox
-} from "./chunk-USUJB4DB.js";
+} from "./chunk-6YZBCEC5.js";
 import {
   __commonJS,
   __name,
@@ -17,7 +17,7 @@ import {
   require_files,
   require_options,
   require_transform
-} from "./chunk-NHEUSYVH.js";
+} from "./chunk-LFEVD6IY.js";
 
 // lib/approx/hooks.js
 var require_hooks = __commonJS({

package/repos/coana-tech/jelly-private/dist/bundle/jelly.js

@@ -9,11 +9,11 @@ import {
   require_hints,
   require_parser,
   require_patching
-} from "./chunk-2EM22I7M.js";
+} from "./chunk-B4YMLUZ5.js";
 import {
   require_moduleresolver,
   require_typescript
-} from "./chunk-ZYU33ERK.js";
+} from "./chunk-B76EIOV4.js";
 import {
   __commonJS,
   __name,
@@ -37,7 +37,7 @@ import {
   require_tokens,
   require_transform,
   require_util
-} from "./chunk-NHEUSYVH.js";
+} from "./chunk-LFEVD6IY.js";
 
 // lib/misc/timer.js
 var require_timer = __commonJS({
@@ -1515,9 +1515,6 @@ var require_constraintvarproducer = __commonJS({
       readResultVar(t, prop) {
         return this.a.canonicalizeVar(new constraintvars_1.ReadResultVar(t, prop));
       }
-      callbackReceiverVar(fun) {
-        return this.a.vulnerabilities?.hasCallbackArgumentPattern ? this.a.canonicalizeVar(new constraintvars_1.CallbackReceiverVar(fun)) : void 0;
-      }
     };
     exports.ConstraintVarProducer = ConstraintVarProducer;
   }
@@ -1528,36 +1525,45 @@ var require_large_array = __commonJS({
   "lib/misc/large-array.js"(exports) {
     "use strict";
     Object.defineProperty(exports, "__esModule", { value: true });
-    exports.LargeArray = void 0;
+    exports.LargeTupleArray = void 0;
     var MAX_CHUNK_SIZE = 1 << 25;
-    var LargeArray = class {
+    var LargeTupleArray = class _LargeTupleArray {
       static {
-        __name(this, "LargeArray");
+        __name(this, "LargeTupleArray");
       }
-      chunks = [[]];
+      chunks = [[[], []]];
       _size = 0;
       get length() {
         return this._size;
       }
       set length(_value) {
         this.chunks.length = 0;
-        this.chunks.push([]);
+        this.chunks.push([[], []]);
         this._size = 0;
       }
-      push(value) {
-        const chunk = this.chunks[this.chunks.length - 1];
-        if (chunk.length >= MAX_CHUNK_SIZE)
-          this.chunks.push([value]);
+      push(fst, snd) {
+        const [fsts, snds] = this.chunks[this.chunks.length - 1];
+        if (fsts.length >= MAX_CHUNK_SIZE)
+          this.chunks.push([[fst], [snd]]);
         else
-          chunk.push(value);
+          fsts.push(fst), snds.push(snd);
         this._size++;
       }
-      *[Symbol.iterator]() {
-        for (const chunk of this.chunks)
-          yield* chunk;
+      static forEach(chunks, callback) {
+        for (const [fsts, snds] of chunks)
+          for (let i = 0; i < fsts.length; i++)
+            callback(fsts[i], snds[i]);
+      }
+      forEach(callback) {
+        _LargeTupleArray.forEach(this.chunks, callback);
+      }
+      forEachAndClear(callback) {
+        const snapshot = this.chunks.slice();
+        this.length = 0;
+        _LargeTupleArray.forEach(snapshot, callback);
       }
     };
-    exports.LargeArray = LargeArray;
+    exports.LargeTupleArray = LargeTupleArray;
   }
 });
 
@@ -1694,8 +1700,8 @@ var require_fragmentstate = __commonJS({
       externalCallbacksProcessed = /* @__PURE__ */ new Set();
       arrayEntriesListeners;
       objectPropertiesListeners;
-      postponedListenerCalls = new large_array_1.LargeArray();
-      postponedListenerCalls2 = new large_array_1.LargeArray();
+      postponedListenerCalls = new large_array_1.LargeTupleArray();
+      postponedListenerCalls2 = new large_array_1.LargeTupleArray();
       nodesWithNewEdges = /* @__PURE__ */ new Set();
       prevNumEdges = 0;
       requireGraph = /* @__PURE__ */ new Map();
@@ -2301,6 +2307,7 @@ var require_diagnostics = __commonJS({
       uniqueTokens = 0;
       aborted = false;
       timeout = false;
+      rangeError = false;
       lowmemory = false;
       analysisTime = 0n;
       codeSize = 0;
@@ -2694,11 +2701,11 @@ var require_solver = __commonJS({
           logger_1.default.debug(`Adding constraint ${t} \u2208 ${to}`);
         this.addToken(t, this.fragmentState.getRepresentative(to));
       }
-      enqueueListenerCall(la) {
-        this.fragmentState.postponedListenerCalls.push(la);
+      enqueueListenerCall(fn, arg) {
+        this.fragmentState.postponedListenerCalls.push(fn, arg);
       }
-      enqueueListenerCall2(la) {
-        this.fragmentState.postponedListenerCalls2.push(la);
+      enqueueListenerCall2(fn, arg) {
+        this.fragmentState.postponedListenerCalls2.push(fn, arg);
       }
       addToken(t, toRep) {
         const f = this.fragmentState;
@@ -2959,7 +2966,7 @@ var require_solver = __commonJS({
           if (now)
             listener(t);
           else {
-            this.enqueueListenerCall([listener, t]);
+            this.enqueueListenerCall(listener, t);
             this.diagnostics.tokenListenerNotifications++;
           }
         }
@@ -2968,7 +2975,7 @@ var require_solver = __commonJS({
         const s = (0, util_2.mapGetSet)(this.fragmentState.listenersProcessed, id);
         if (!s.has(t)) {
           s.add(t);
-          this.enqueueListenerCall2([listener, t]);
+          this.enqueueListenerCall2(listener, t);
           this.diagnostics.tokenListener2Notifications++;
         }
       }
@@ -3043,7 +3050,7 @@ var require_solver = __commonJS({
           const ps = f.arrayEntries.get(t);
           if (ps)
             for (const p of ps) {
-              this.enqueueListenerCall([listener, p]);
+              this.enqueueListenerCall(listener, p);
               this.diagnostics.arrayEntriesListenerNotifications++;
             }
           return m;
@@ -3062,7 +3069,7 @@ var require_solver = __commonJS({
           const ts = f.arrayEntriesListeners.get(a);
           if (ts)
             for (const listener of ts.values()) {
-              this.enqueueListenerCall([listener, prop]);
+              this.enqueueListenerCall(listener, prop);
               this.diagnostics.arrayEntriesListenerNotifications++;
             }
           this.addSubsetEdge(f.getRepresentative(f.varProducer.objPropVar(a, prop)), f.getRepresentative(f.varProducer.arrayAllVar(a)));
@@ -3085,7 +3092,7 @@ var require_solver = __commonJS({
           if (ps) {
             for (const p of ps)
               if (!(0, ecmascript_1.isInternalProperty)(p)) {
-                this.enqueueListenerCall([listener, p]);
+                this.enqueueListenerCall(listener, p);
                 this.diagnostics.objectPropertiesListenerNotifications++;
               }
           }
@@ -3104,7 +3111,7 @@ var require_solver = __commonJS({
             const ts = f.objectPropertiesListeners.get(a);
             if (ts)
               for (const listener of ts.values()) {
-                this.enqueueListenerCall([listener, prop]);
+                this.enqueueListenerCall(listener, prop);
                 this.diagnostics.objectPropertiesListenerNotifications++;
               }
           }
@@ -3328,14 +3335,14 @@ var require_solver = __commonJS({
               logger_1.default.verbose(`Processing non-bounded listener calls: ${f.postponedListenerCalls.length}`);
             const timer = new timer_1.default();
             d.listenerNotificationRounds++;
-            for (const [fun, arg] of f.postponedListenerCalls) {
+            f.postponedListenerCalls.forEach((fun, arg) => {
               fun(arg);
               if (++this.postponedListenersProcessed % 100 === 0) {
                 f.a.timeoutTimer.checkTimeout();
                 (0, memory_1.checkMemoryLow)();
                 this.printDiagnostics();
               }
-            }
+            });
             f.postponedListenerCalls.length = this.postponedListenersProcessed = 0;
             d.totalListenerCallTime += timer.elapsed();
           } else if (f.postponedListenerCalls2.length > 0) {
@@ -3351,16 +3358,15 @@ var require_solver = __commonJS({
                 logger_1.default.verbose(`Processing bounded listener calls: ${f.postponedListenerCalls2.length}`);
               const timer = new timer_1.default();
               d.listenerNotificationRounds++;
-              const calls = Array.from(f.postponedListenerCalls2);
-              f.postponedListenerCalls2.length = this.postponedListenersProcessed = 0;
-              for (const [fun, args] of calls) {
-                fun.apply(void 0, Array.isArray(args) ? args : [args]);
+              this.postponedListenersProcessed = 0;
+              f.postponedListenerCalls2.forEachAndClear((fun, arg) => {
+                fun(arg);
                 if (++this.postponedListenersProcessed % 100 === 0) {
                   f.a.timeoutTimer.checkTimeout();
                   (0, memory_1.checkMemoryLow)();
                   this.printDiagnostics();
                 }
-              }
+              });
               d.totalListenerCallTime += timer.elapsed();
               if (logger_1.default.isVerboseEnabled() || options_1.options.diagnostics && options_1.options.printProgress)
                 logger_1.default.info(`${logger_1.isTTY ? logger_1.GREY : ""}Round ${round} completed after ${(0, timer_1.nanoToMs)(this.timer.elapsed())} (call edges: ${f.numberOfCallToFunctionEdges}, vars: ${f.getNumberOfVarsWithTokens()}, tokens: ${f.numberOfTokens}, subsets: ${f.numberOfSubsetEdges})${logger_1.isTTY ? logger_1.RESET : ""}`);
@@ -4443,6 +4449,16 @@ var require_operations = __commonJS({
             if (argVar) {
               this.solver.addForAllTokensConstraint(argVar, listeners_1.TokenListener.CALL_EXTERNAL, pars.node, (at) => this.invokeExternalCallback(at, pars.node, caller, calleeVar));
               f.registerEscapingToExternal(argVar, args[i], caller);
+              if (this.a.vulnerabilities?.hasCallbackArgumentPattern)
+                this.solver.addForAllTokensConstraint(argVar, listeners_1.TokenListener.CALLBACK_ARGUMENT, { t }, (ft) => {
+                  if (ft instanceof tokens_1.FunctionToken) {
+                    for (const param of ft.fun.params)
+                      if ((0, types_1.isIdentifier)(param)) {
+                        const paramVar = f.varProducer.nodeVar(param);
+                        this.solver.addAccessPath(new accesspaths_1.CallbackArgumentAccessPath(ft.fun), paramVar, pars.node, caller, t.ap);
+                      }
+                  }
+                });
             } else if ((0, types_1.isSpreadElement)(args[i]))
               f.warnUnsupported(args[i], "SpreadElement in arguments to external function");
           }
@@ -4519,18 +4535,7 @@ var require_operations = __commonJS({
               if ((0, types_1.isIdentifier)(param))
                 this.solver.addAccessPath(accesspaths_1.UnknownAccessPath.instance, f.varProducer.nodeVar(param));
             this.solver.addAccessPath(accesspaths_1.UnknownAccessPath.instance, f.varProducer.thisVar(at.fun));
-            const cbargVar = f.varProducer.callbackReceiverVar(at.fun);
-            this.solver.addForAllTokensConstraint(cbargVar, listeners_1.TokenListener.CALLBACK_ARGUMENT, at.fun, (apt) => {
-              if (apt instanceof tokens_1.AccessPathToken) {
-                for (const param of at.fun.params)
-                  if ((0, types_1.isIdentifier)(param)) {
-                    const paramVar = f.varProducer.nodeVar(param);
-                    this.solver.addAccessPath(new accesspaths_1.CallbackArgumentAccessPath(at.fun), paramVar, node, caller, apt.ap);
-                  }
-              }
-            });
           }
-          this.solver.addSubsetConstraint(calleeVar, f.varProducer.callbackReceiverVar(at.fun));
         }
       }
       readProperty(base, prop, dst, node, enclosing, extrakey = "") {
@@ -4695,6 +4700,8 @@ var require_operations = __commonJS({
                 if (logger_1.default.isVerboseEnabled())
                   logger_1.default.verbose(`Lazy: Injecting ${ap} at ${resultVar}`);
                 this.solver.addAccessPath(ap, resultVar);
+                if ((0, types_1.isExportAllDeclaration)(path.node))
+                  this.solver.addAccessPath(ap, this.solver.varProducer.objPropVar(this.a.canonicalizeToken(new tokens_1.NativeObjectToken("module", this.moduleInfo)), "exports"));
               }
             }
             const encl = this.a.getEnclosingFunctionOrModule(path);
@@ -5112,7 +5119,7 @@ var require_finalization = __commonJS({
       const f = solver.fragmentState;
       const a = solver.globalState;
       const d = solver.diagnostics;
-      if (d.aborted || d.timeout || d.lowmemory || d.waveLimitReached > 0 || d.indirectionsLimitReached > 0) {
+      if (d.aborted || d.timeout || d.rangeError || d.lowmemory || d.waveLimitReached > 0 || d.indirectionsLimitReached > 0) {
         for (const n of f.callLocations) {
           const caller = f.callToContainingFunction.get(n);
           (0, assert_1.default)(caller);
@@ -5798,7 +5805,10 @@ var require_analyzer = __commonJS({
           d.lowmemory = true;
         else if (ex instanceof solver_1.AbortedException)
           d.aborted = true;
-        else
+        else if (isDataStructureTooLargeError(ex)) {
+          d.rangeError = true;
+          logger_1.default.warn(`Error: Caught '${ex}', analysis aborted`);
+        } else
           throw ex;
       } finally {
         if (a.approx) {
@@ -5827,7 +5837,8 @@ var require_analyzer = __commonJS({
         packages: d.packages,
         modules: d.modules,
         timeout: d.timeout,
-        aborted: d.aborted
+        aborted: d.aborted,
+        rangeError: d.rangeError
       });
       d.errors = (0, util_1.getMapHybridSetSize)(solver.fragmentState.errors) + a.filesWithParseErrors.length;
       d.warnings = (0, util_1.getMapHybridSetSize)(solver.fragmentState.warnings) + (0, util_1.getMapHybridSetSize)(solver.fragmentState.warningsUnsupported);
@@ -5874,6 +5885,10 @@ var require_analyzer = __commonJS({
       }
     }
     __name(analyzeFiles, "analyzeFiles");
+    function isDataStructureTooLargeError(e) {
+      return e instanceof RangeError && ["Invalid array length", "Set maximum size exceeded", "Map maximum size exceeded"].includes(e.message);
+    }
+    __name(isDataStructureTooLargeError, "isDataStructureTooLargeError");
   }
 });