circle-ir-ai 2.8.10 → 2.8.14

package/CHANGELOG.md

@@ -5,6 +5,145 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.8.14] - 2026-06-12
+
+### Dependencies
+
+- **`circle-ir`** `3.38.0` → `3.39.0` **(exact pin)**. Headline:
+  **cross-instance field-binding taint propagation** — `FieldTaintInfo`
+  summaries now record constructor-bound fields, setter writers, and
+  `@Autowired` / `@Inject` annotated fields. `findFieldBindingTaintPaths()`
+  detects local variable assignments from field reads (e.g.
+  `local = receiver.field`) and marks the local as tainted when the
+  receiver's type owns a tainted field. Also: **caller-body sink
+  emission** — after marking caller-side locals as tainted via wrapper
+  returns, the engine checks whether any sink in the caller's own
+  method body consumes the tainted variable, surfacing cases where the
+  final sink (`Paths.get(p)`, `Runtime.exec(cmd)`) lives in the
+  caller's file rather than a cross-file callee. Test suite expanded
+  1935 → 1939 (4 new Jenkins/Spring DI fixtures).
+- All 643 circle-ir-ai tests (+ 3 skipped) pass against `3.39.0` —
+  no API surface changes, drop-in upgrade.
+
+## [Unreleased]
+
+### Fixed
+
+- **`benchmarks/runners/run-cwe-bench-java.ts`** — restore missing
+  `findFileRecursive` import from `../lib/find-file.js` (regression
+  introduced when `findFile`/`findFileRecursive` were extracted to
+  `benchmarks/lib/find-file.ts` per #66; only `findFile` was added to
+  the import, leaving the runner crashing at line 550 when it tried to
+  locate AntiSamy/ESAPI/Spring-Security config files for cross-file
+  context). Benchmark now runs end-to-end on CWE-Bench-Java with
+  `--llm-discovery`. Doc-only fix; no version bump (benchmarks/ is not
+  in the published `files` array).
+
+### Benchmarks
+
+- **CWE-Bench-Java refresh on circle-ir@3.38.0** with `gemma3:12b` via
+  OpenRouter (`google/gemma-3-12b-it`) — **100/120 strict (83.3%)**,
+  100/111 engine-evaluable (90.1%), 1/80 LLM failures (1.3%). **+6
+  CVEs over the 2026-06-09 Ollama 3.37.0 baseline** (94/120, 78.3%),
+  driven primarily by 3.38.0's frame-agnostic cross-file
+  inter-procedural taint walker (cognium-dev#19). gemma3:12b now ranks
+  #2 overall, within 4 CVEs of `claude-opus-latest` (104/120). Per-CWE:
+  CWE-022 85.5% (flat) · CWE-078 **92.3% (+23pp)** · CWE-079 **83.9%
+  (+6.5pp)** · CWE-094 **71.4% (+4.7pp)**. Wall-clock ~17 min (vs ~94
+  min local Ollama — ~5.5× speed-up from no GPU contention). Log:
+  `benchmarks/results/cwe-java-gemma3-12b-openrouter-2026-06-12.log`.
+  One transient HTTP error on OpenRouter (no retry-on-5xx in
+  `ax-client.ts` — filed as a follow-up).
+
+## [2.8.13] - 2026-06-12
+
+### Changed
+
+- **Bump `circle-ir` pin `3.37.0` → `3.38.0` (exact).** Ships the
+  frame-agnostic cross-file inter-procedural taint propagation landed
+  via `cogniumhq/cognium-dev#19`. Same fix simultaneously resolves
+  `cogniumhq/cognium-dev#1` (Jenkins `@DataBoundConstructor` field
+  binding).
+
+  Four `CrossFileResolver` changes per maintainer's close-comment:
+  - `isMethodTaintSource` / `getSourceType` skip `interprocedural_param`
+    so internal helpers with typed parameters no longer ghost-taint
+    callers.
+  - `findTaintedParams` adds a sink-arg-matching heuristic — for each
+    sink inside a method body, scan call args and whole-word-match
+    against the method's parameter names → matching indices added to
+    `taintedParams`. Restores propagation through sink-wrapper methods
+    that lack `@RequestParam`/`@RequestBody`/`@PathVariable` (e.g.
+    `RedirectStrategy.sendRedirect(req, res, String url)`).
+  - New `findInterproceduralTaintPaths()` — walks each caller method
+    in line order, taints DFG `local` defs on `returnsSource`-callee
+    returns, emits multi-hop `TaintPath` when a tainted arg reaches a
+    callee's `taintedParam`. Confidence decay 0.85/hop, floor 0.30.
+  - Variable-connectivity gate on `findCrossFileTaintFlows()` —
+    eliminates sanitized-wrapper FPs.
+
+  Probe-verified in our checkout: the CVE-2011-2732 shape
+  (`UrlHandler.determineTargetUrl` → `LoginController.login` →
+  `RedirectStrategy.sendRedirect`) emits a 4-hop `taint_path` with
+  CWE-601 / open_redirect sink at confidence 0.614. Closes
+  `circle-ir-ai#69` (the OAuth approval + security redirect CVE pair).
+
+## [2.8.12] - 2026-06-12
+
+### Changed
+
+- **Bump `circle-ir` pin from `3.36.0` → `3.37.0` (exact).** 3.37.0 ships
+  the multi-hop Python taint-propagation fix landed via
+  `cogniumhq/cognium-dev#20`. Two ~50-LOC surgical changes:
+  - `detectExpressionScanFlows` now expands `sourcesWithVar` with synthetic
+    source records for every derived variable in `buildPythonTaintedVars`
+    (Python-only — gated by `language === 'python'`, no Java regression).
+  - `buildPythonTaintedVars` adds a receiver-mutation rule for
+    `.append/.extend/.insert/.add/.push/.put/.appendleft(taintedExpr)`,
+    composing with existing dict-access propagation.
+
+  Verified end-to-end against the OWASP BenchmarkPython tail probes that
+  previously failed:
+
+  | Test | Pattern | 3.36.0 | 3.37.0 |
+  |------|---------|--------|--------|
+  | BenchmarkTest00099 | configparser round-trip → sqli | flows=0 | flows=2 |
+  | BenchmarkTest00165 | list append/pop → cmdi | flows=0 | flows=1 |
+
+  Effect on the regex-co-occurrence harness scoring is roughly neutral
+  (TPR +0.9 pp, FPR +0.9 pp, F1 unchanged) — the harness doesn't read
+  `taint.flows`, so the engine improvement is only visible via direct
+  flow-checking consumers (mastra workflow, downstream LLM verification,
+  the flow-first harness migration tracked separately in
+  `circle-ir-ai#75`).
+
+  Cross-module / cross-file helper indirection (shape D in #20) remains
+  deferred — requires inter-procedural taint summaries.
+
+## [2.8.11] - 2026-06-12
+
+### Changed
+
+- **Pin `circle-ir` to exact version `3.36.0` (was `^3.34.0`).** Drops the
+  semver caret to eliminate float-on-publish drift between local installs,
+  CI, and consumers. `3.36.0` includes the engine fixes shipped this week:
+  - **3.35.0** — `cogniumhq/cognium-dev#17`: 16 new Jenkins Groovy sandbox
+    sinks registered to both `DEFAULT_SINKS` array and the YAML config
+    loader (`SandboxInterceptor.onMethodCall` etc.) — closes
+    `circle-ir-ai#68` (Jenkins script-security CVE-2023-24422 detection).
+  - **3.36.0** — `cogniumhq/cognium-dev#18`: Python taint-propagation
+    `detectExpressionScanFlows` supplement (language-agnostic word-boundary
+    matching of source variables in sink call-argument text). Restores
+    `result.taint.flows` population for direct one-hop Python cases across
+    all categories (sqli, cmdi, pathtraver, codeinj, deserialization, etc.).
+    OWASP BenchmarkPython multi-hop indirection patterns
+    (configparser / list / helper-module) remain a separate follow-up —
+    `cogniumhq/cognium-dev#20`.
+
+  Bumps are coordinated: `cognium-ai` (CLI) follows with a matching
+  `2.8.11` patch that pins `circle-ir-ai@2.8.11` exact and refreshes
+  the transitive `circle-ir` pin.
+
 ## [2.8.10] - 2026-06-11
 
 ### Fixed

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "circle-ir-ai",
-  "version": "2.8.10",
+  "version": "2.8.14",
   "description": "LLM-enhanced SAST analysis built on circle-ir",
   "main": "dist/index.js",
   "module": "dist/index.js",
@@ -94,7 +94,7 @@
   "dependencies": {
     "@ax-llm/ax": "^20.0.0",
     "@mastra/core": "^1.18.0",
-    "circle-ir": "^3.34.0",
+    "circle-ir": "3.39.0",
     "minimatch": "^10.2.5",
     "p-queue": "^9.1.0"
   },