circle-ir 3.1.0 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/configs/sinks/code_injection.yaml +136 -0
- package/configs/sinks/command.yaml +109 -0
- package/configs/sinks/javascript_dom_xss.yaml +131 -0
- package/configs/sinks/path.yaml +113 -0
- package/configs/sources/http_sources.yaml +151 -0
- package/configs/sources/javascript_http.yaml +296 -0
- package/configs/sources/python.json +78 -0
- package/dist/analysis/taint-matcher.js +71 -13
- package/dist/analysis/taint-matcher.js.map +1 -1
- package/dist/analyzer.js +218 -1
- package/dist/analyzer.js.map +1 -1
- package/dist/browser/circle-ir.js +549 -16
- package/dist/core/circle-ir-core.cjs +45 -14
- package/dist/core/circle-ir-core.js +45 -14
- package/dist/languages/plugins/javascript.js +333 -1
- package/dist/languages/plugins/javascript.js.map +1 -1
- package/dist/types/index.d.ts +1 -1
- package/package.json +2 -1
|
@@ -10283,15 +10283,16 @@ function findSources(calls, types, patterns) {
|
|
|
10283
10283
|
const skipMethods = ["toString", "hashCode", "equals", "compareTo", "getDescription", "getVulnerabilityCount"];
|
|
10284
10284
|
if (skipMethods.includes(method.name)) continue;
|
|
10285
10285
|
for (const param of method.parameters) {
|
|
10286
|
-
|
|
10286
|
+
const isTaintable = param.type ? isInterproceduralTaintableType(param.type) : true;
|
|
10287
|
+
if (isTaintable) {
|
|
10287
10288
|
const paramLine = param.line ?? method.start_line;
|
|
10288
10289
|
sources.push({
|
|
10289
10290
|
type: "interprocedural_param",
|
|
10290
|
-
location: `${param.type} ${param.name} in ${method.name}`,
|
|
10291
|
+
location: `${param.type || "any"} ${param.name} in ${method.name}`,
|
|
10291
10292
|
severity: "medium",
|
|
10292
10293
|
line: paramLine,
|
|
10293
|
-
confidence: 0.7
|
|
10294
|
-
// Lower confidence
|
|
10294
|
+
confidence: param.type ? 0.7 : 0.5
|
|
10295
|
+
// Lower confidence for untyped params
|
|
10295
10296
|
});
|
|
10296
10297
|
}
|
|
10297
10298
|
}
|
|
@@ -10317,7 +10318,15 @@ function findSources(calls, types, patterns) {
|
|
|
10317
10318
|
}
|
|
10318
10319
|
}
|
|
10319
10320
|
}
|
|
10320
|
-
|
|
10321
|
+
const sourceMap = /* @__PURE__ */ new Map();
|
|
10322
|
+
for (const source of sources) {
|
|
10323
|
+
const key = `${source.line}:${source.type}`;
|
|
10324
|
+
const existing = sourceMap.get(key);
|
|
10325
|
+
if (!existing || source.confidence > existing.confidence) {
|
|
10326
|
+
sourceMap.set(key, source);
|
|
10327
|
+
}
|
|
10328
|
+
}
|
|
10329
|
+
return Array.from(sourceMap.values());
|
|
10321
10330
|
}
|
|
10322
10331
|
function isInterproceduralTaintableType(typeName) {
|
|
10323
10332
|
const baseType = typeName.split("<")[0].trim();
|
|
@@ -10400,22 +10409,44 @@ function isInterproceduralTaintableType(typeName) {
|
|
|
10400
10409
|
}
|
|
10401
10410
|
return false;
|
|
10402
10411
|
}
|
|
10412
|
+
function isParameterizedQueryCall(call, pattern) {
|
|
10413
|
+
if (pattern.type !== "sql_injection") return false;
|
|
10414
|
+
if (call.arguments.length < 2) return false;
|
|
10415
|
+
const secondArg = call.arguments.find((a) => a.position === 1);
|
|
10416
|
+
if (!secondArg) return false;
|
|
10417
|
+
if (secondArg.expression) {
|
|
10418
|
+
const expr = secondArg.expression.trim();
|
|
10419
|
+
if (expr.startsWith("[")) {
|
|
10420
|
+
return true;
|
|
10421
|
+
}
|
|
10422
|
+
}
|
|
10423
|
+
return false;
|
|
10424
|
+
}
|
|
10403
10425
|
function findSinks(calls, patterns) {
|
|
10404
|
-
const
|
|
10426
|
+
const sinkMap = /* @__PURE__ */ new Map();
|
|
10405
10427
|
for (const call of calls) {
|
|
10406
10428
|
for (const pattern of patterns) {
|
|
10407
10429
|
if (matchesSinkPattern(call, pattern)) {
|
|
10408
|
-
|
|
10409
|
-
|
|
10410
|
-
|
|
10411
|
-
|
|
10412
|
-
|
|
10413
|
-
|
|
10414
|
-
|
|
10430
|
+
if (isParameterizedQueryCall(call, pattern)) {
|
|
10431
|
+
continue;
|
|
10432
|
+
}
|
|
10433
|
+
const location = formatCallLocation(call);
|
|
10434
|
+
const key = `${location}:${call.location.line}:${pattern.cwe}`;
|
|
10435
|
+
const confidence = calculateSinkConfidence(call, pattern);
|
|
10436
|
+
const existing = sinkMap.get(key);
|
|
10437
|
+
if (!existing || confidence > existing.confidence) {
|
|
10438
|
+
sinkMap.set(key, {
|
|
10439
|
+
type: pattern.type,
|
|
10440
|
+
cwe: pattern.cwe,
|
|
10441
|
+
location,
|
|
10442
|
+
line: call.location.line,
|
|
10443
|
+
confidence
|
|
10444
|
+
});
|
|
10445
|
+
}
|
|
10415
10446
|
}
|
|
10416
10447
|
}
|
|
10417
10448
|
}
|
|
10418
|
-
return
|
|
10449
|
+
return Array.from(sinkMap.values());
|
|
10419
10450
|
}
|
|
10420
10451
|
function matchesSourcePattern(call, pattern) {
|
|
10421
10452
|
if (pattern.method) {
|
|
@@ -10218,15 +10218,16 @@ function findSources(calls, types, patterns) {
|
|
|
10218
10218
|
const skipMethods = ["toString", "hashCode", "equals", "compareTo", "getDescription", "getVulnerabilityCount"];
|
|
10219
10219
|
if (skipMethods.includes(method.name)) continue;
|
|
10220
10220
|
for (const param of method.parameters) {
|
|
10221
|
-
|
|
10221
|
+
const isTaintable = param.type ? isInterproceduralTaintableType(param.type) : true;
|
|
10222
|
+
if (isTaintable) {
|
|
10222
10223
|
const paramLine = param.line ?? method.start_line;
|
|
10223
10224
|
sources.push({
|
|
10224
10225
|
type: "interprocedural_param",
|
|
10225
|
-
location: `${param.type} ${param.name} in ${method.name}`,
|
|
10226
|
+
location: `${param.type || "any"} ${param.name} in ${method.name}`,
|
|
10226
10227
|
severity: "medium",
|
|
10227
10228
|
line: paramLine,
|
|
10228
|
-
confidence: 0.7
|
|
10229
|
-
// Lower confidence
|
|
10229
|
+
confidence: param.type ? 0.7 : 0.5
|
|
10230
|
+
// Lower confidence for untyped params
|
|
10230
10231
|
});
|
|
10231
10232
|
}
|
|
10232
10233
|
}
|
|
@@ -10252,7 +10253,15 @@ function findSources(calls, types, patterns) {
|
|
|
10252
10253
|
}
|
|
10253
10254
|
}
|
|
10254
10255
|
}
|
|
10255
|
-
|
|
10256
|
+
const sourceMap = /* @__PURE__ */ new Map();
|
|
10257
|
+
for (const source of sources) {
|
|
10258
|
+
const key = `${source.line}:${source.type}`;
|
|
10259
|
+
const existing = sourceMap.get(key);
|
|
10260
|
+
if (!existing || source.confidence > existing.confidence) {
|
|
10261
|
+
sourceMap.set(key, source);
|
|
10262
|
+
}
|
|
10263
|
+
}
|
|
10264
|
+
return Array.from(sourceMap.values());
|
|
10256
10265
|
}
|
|
10257
10266
|
function isInterproceduralTaintableType(typeName) {
|
|
10258
10267
|
const baseType = typeName.split("<")[0].trim();
|
|
@@ -10335,22 +10344,44 @@ function isInterproceduralTaintableType(typeName) {
|
|
|
10335
10344
|
}
|
|
10336
10345
|
return false;
|
|
10337
10346
|
}
|
|
10347
|
+
function isParameterizedQueryCall(call, pattern) {
|
|
10348
|
+
if (pattern.type !== "sql_injection") return false;
|
|
10349
|
+
if (call.arguments.length < 2) return false;
|
|
10350
|
+
const secondArg = call.arguments.find((a) => a.position === 1);
|
|
10351
|
+
if (!secondArg) return false;
|
|
10352
|
+
if (secondArg.expression) {
|
|
10353
|
+
const expr = secondArg.expression.trim();
|
|
10354
|
+
if (expr.startsWith("[")) {
|
|
10355
|
+
return true;
|
|
10356
|
+
}
|
|
10357
|
+
}
|
|
10358
|
+
return false;
|
|
10359
|
+
}
|
|
10338
10360
|
function findSinks(calls, patterns) {
|
|
10339
|
-
const
|
|
10361
|
+
const sinkMap = /* @__PURE__ */ new Map();
|
|
10340
10362
|
for (const call of calls) {
|
|
10341
10363
|
for (const pattern of patterns) {
|
|
10342
10364
|
if (matchesSinkPattern(call, pattern)) {
|
|
10343
|
-
|
|
10344
|
-
|
|
10345
|
-
|
|
10346
|
-
|
|
10347
|
-
|
|
10348
|
-
|
|
10349
|
-
|
|
10365
|
+
if (isParameterizedQueryCall(call, pattern)) {
|
|
10366
|
+
continue;
|
|
10367
|
+
}
|
|
10368
|
+
const location = formatCallLocation(call);
|
|
10369
|
+
const key = `${location}:${call.location.line}:${pattern.cwe}`;
|
|
10370
|
+
const confidence = calculateSinkConfidence(call, pattern);
|
|
10371
|
+
const existing = sinkMap.get(key);
|
|
10372
|
+
if (!existing || confidence > existing.confidence) {
|
|
10373
|
+
sinkMap.set(key, {
|
|
10374
|
+
type: pattern.type,
|
|
10375
|
+
cwe: pattern.cwe,
|
|
10376
|
+
location,
|
|
10377
|
+
line: call.location.line,
|
|
10378
|
+
confidence
|
|
10379
|
+
});
|
|
10380
|
+
}
|
|
10350
10381
|
}
|
|
10351
10382
|
}
|
|
10352
10383
|
}
|
|
10353
|
-
return
|
|
10384
|
+
return Array.from(sinkMap.values());
|
|
10354
10385
|
}
|
|
10355
10386
|
function matchesSourcePattern(call, pattern) {
|
|
10356
10387
|
if (pattern.method) {
|
|
@@ -80,17 +80,41 @@ export class JavaScriptPlugin extends BaseLanguagePlugin {
|
|
|
80
80
|
indicators.push(`import: ${path}`);
|
|
81
81
|
}
|
|
82
82
|
// React
|
|
83
|
-
if (path === 'react' || path.startsWith('react/')) {
|
|
83
|
+
if (path === 'react' || path.startsWith('react/') || path === 'react-dom') {
|
|
84
84
|
framework = framework || 'react';
|
|
85
85
|
confidence = Math.max(confidence, 0.8);
|
|
86
86
|
indicators.push(`import: ${path}`);
|
|
87
87
|
}
|
|
88
|
+
// React Native
|
|
89
|
+
if (path === 'react-native' || path.startsWith('react-native/') || path.startsWith('@react-native/')) {
|
|
90
|
+
framework = 'react-native';
|
|
91
|
+
confidence = Math.max(confidence, 0.95);
|
|
92
|
+
indicators.push(`import: ${path}`);
|
|
93
|
+
}
|
|
94
|
+
// React Navigation (React Native)
|
|
95
|
+
if (path.startsWith('@react-navigation/')) {
|
|
96
|
+
framework = framework || 'react-native';
|
|
97
|
+
confidence = Math.max(confidence, 0.9);
|
|
98
|
+
indicators.push(`import: ${path}`);
|
|
99
|
+
}
|
|
100
|
+
// React Router
|
|
101
|
+
if (path === 'react-router' || path === 'react-router-dom' || path.startsWith('react-router/')) {
|
|
102
|
+
framework = framework || 'react';
|
|
103
|
+
confidence = Math.max(confidence, 0.85);
|
|
104
|
+
indicators.push(`import: ${path}`);
|
|
105
|
+
}
|
|
88
106
|
// Next.js
|
|
89
107
|
if (path === 'next' || path.startsWith('next/')) {
|
|
90
108
|
framework = 'nextjs';
|
|
91
109
|
confidence = Math.max(confidence, 0.9);
|
|
92
110
|
indicators.push(`import: ${path}`);
|
|
93
111
|
}
|
|
112
|
+
// Expo (React Native)
|
|
113
|
+
if (path === 'expo' || path.startsWith('expo-')) {
|
|
114
|
+
framework = framework || 'react-native';
|
|
115
|
+
confidence = Math.max(confidence, 0.85);
|
|
116
|
+
indicators.push(`import: ${path}`);
|
|
117
|
+
}
|
|
94
118
|
}
|
|
95
119
|
if (framework) {
|
|
96
120
|
return { name: framework, confidence, indicators };
|
|
@@ -203,6 +227,165 @@ export class JavaScriptPlugin extends BaseLanguagePlugin {
|
|
|
203
227
|
confidence: 0.8,
|
|
204
228
|
returnTainted: true,
|
|
205
229
|
},
|
|
230
|
+
// =========================================================
|
|
231
|
+
// React Router Sources
|
|
232
|
+
// =========================================================
|
|
233
|
+
{
|
|
234
|
+
method: 'useParams',
|
|
235
|
+
type: 'http_path',
|
|
236
|
+
severity: 'high',
|
|
237
|
+
confidence: 0.95,
|
|
238
|
+
returnTainted: true,
|
|
239
|
+
},
|
|
240
|
+
{
|
|
241
|
+
method: 'useSearchParams',
|
|
242
|
+
type: 'http_param',
|
|
243
|
+
severity: 'high',
|
|
244
|
+
confidence: 0.95,
|
|
245
|
+
returnTainted: true,
|
|
246
|
+
},
|
|
247
|
+
{
|
|
248
|
+
method: 'useLocation',
|
|
249
|
+
type: 'url_param',
|
|
250
|
+
severity: 'high',
|
|
251
|
+
confidence: 0.9,
|
|
252
|
+
returnTainted: true,
|
|
253
|
+
},
|
|
254
|
+
// =========================================================
|
|
255
|
+
// Next.js Sources
|
|
256
|
+
// =========================================================
|
|
257
|
+
{
|
|
258
|
+
method: 'useRouter',
|
|
259
|
+
type: 'http_param',
|
|
260
|
+
severity: 'high',
|
|
261
|
+
confidence: 0.9,
|
|
262
|
+
returnTainted: true, // router.query, router.asPath
|
|
263
|
+
},
|
|
264
|
+
{
|
|
265
|
+
method: 'useSearchParams', // Next.js App Router
|
|
266
|
+
type: 'http_param',
|
|
267
|
+
severity: 'high',
|
|
268
|
+
confidence: 0.95,
|
|
269
|
+
returnTainted: true,
|
|
270
|
+
},
|
|
271
|
+
{
|
|
272
|
+
method: 'usePathname',
|
|
273
|
+
type: 'http_path',
|
|
274
|
+
severity: 'high',
|
|
275
|
+
confidence: 0.9,
|
|
276
|
+
returnTainted: true,
|
|
277
|
+
},
|
|
278
|
+
{
|
|
279
|
+
// getServerSideProps/getStaticProps context.params
|
|
280
|
+
method: 'params',
|
|
281
|
+
type: 'http_path',
|
|
282
|
+
severity: 'high',
|
|
283
|
+
confidence: 0.85,
|
|
284
|
+
returnTainted: true,
|
|
285
|
+
},
|
|
286
|
+
// =========================================================
|
|
287
|
+
// React Native Sources
|
|
288
|
+
// =========================================================
|
|
289
|
+
{
|
|
290
|
+
// React Navigation route params
|
|
291
|
+
method: 'useRoute',
|
|
292
|
+
type: 'navigation_param',
|
|
293
|
+
severity: 'high',
|
|
294
|
+
confidence: 0.9,
|
|
295
|
+
returnTainted: true,
|
|
296
|
+
},
|
|
297
|
+
{
|
|
298
|
+
// Deep linking
|
|
299
|
+
method: 'getInitialURL',
|
|
300
|
+
class: 'Linking',
|
|
301
|
+
type: 'url_param',
|
|
302
|
+
severity: 'high',
|
|
303
|
+
confidence: 0.95,
|
|
304
|
+
returnTainted: true,
|
|
305
|
+
},
|
|
306
|
+
{
|
|
307
|
+
method: 'addEventListener',
|
|
308
|
+
class: 'Linking',
|
|
309
|
+
type: 'url_param',
|
|
310
|
+
severity: 'high',
|
|
311
|
+
confidence: 0.9,
|
|
312
|
+
returnTainted: true,
|
|
313
|
+
},
|
|
314
|
+
{
|
|
315
|
+
method: 'parse',
|
|
316
|
+
class: 'Linking',
|
|
317
|
+
type: 'url_param',
|
|
318
|
+
severity: 'high',
|
|
319
|
+
confidence: 0.9,
|
|
320
|
+
returnTainted: true,
|
|
321
|
+
},
|
|
322
|
+
{
|
|
323
|
+
// Clipboard content
|
|
324
|
+
method: 'getString',
|
|
325
|
+
class: 'Clipboard',
|
|
326
|
+
type: 'user_input',
|
|
327
|
+
severity: 'medium',
|
|
328
|
+
confidence: 0.85,
|
|
329
|
+
returnTainted: true,
|
|
330
|
+
},
|
|
331
|
+
{
|
|
332
|
+
method: 'getStringAsync',
|
|
333
|
+
class: 'Clipboard',
|
|
334
|
+
type: 'user_input',
|
|
335
|
+
severity: 'medium',
|
|
336
|
+
confidence: 0.85,
|
|
337
|
+
returnTainted: true,
|
|
338
|
+
},
|
|
339
|
+
{
|
|
340
|
+
// AsyncStorage (may contain user data)
|
|
341
|
+
method: 'getItem',
|
|
342
|
+
class: 'AsyncStorage',
|
|
343
|
+
type: 'storage_input',
|
|
344
|
+
severity: 'medium',
|
|
345
|
+
confidence: 0.7,
|
|
346
|
+
returnTainted: true,
|
|
347
|
+
},
|
|
348
|
+
{
|
|
349
|
+
method: 'multiGet',
|
|
350
|
+
class: 'AsyncStorage',
|
|
351
|
+
type: 'storage_input',
|
|
352
|
+
severity: 'medium',
|
|
353
|
+
confidence: 0.7,
|
|
354
|
+
returnTainted: true,
|
|
355
|
+
},
|
|
356
|
+
{
|
|
357
|
+
// SecureStore (Expo)
|
|
358
|
+
method: 'getItemAsync',
|
|
359
|
+
class: 'SecureStore',
|
|
360
|
+
type: 'storage_input',
|
|
361
|
+
severity: 'medium',
|
|
362
|
+
confidence: 0.7,
|
|
363
|
+
returnTainted: true,
|
|
364
|
+
},
|
|
365
|
+
// =========================================================
|
|
366
|
+
// Browser/DOM Sources (React web apps)
|
|
367
|
+
// =========================================================
|
|
368
|
+
{
|
|
369
|
+
method: 'localStorage.getItem',
|
|
370
|
+
type: 'storage_input',
|
|
371
|
+
severity: 'medium',
|
|
372
|
+
confidence: 0.7,
|
|
373
|
+
returnTainted: true,
|
|
374
|
+
},
|
|
375
|
+
{
|
|
376
|
+
method: 'sessionStorage.getItem',
|
|
377
|
+
type: 'storage_input',
|
|
378
|
+
severity: 'medium',
|
|
379
|
+
confidence: 0.7,
|
|
380
|
+
returnTainted: true,
|
|
381
|
+
},
|
|
382
|
+
{
|
|
383
|
+
method: 'postMessage',
|
|
384
|
+
type: 'message_input',
|
|
385
|
+
severity: 'high',
|
|
386
|
+
confidence: 0.85,
|
|
387
|
+
returnTainted: true,
|
|
388
|
+
},
|
|
206
389
|
];
|
|
207
390
|
}
|
|
208
391
|
/**
|
|
@@ -380,6 +563,155 @@ export class JavaScriptPlugin extends BaseLanguagePlugin {
|
|
|
380
563
|
severity: 'high',
|
|
381
564
|
argPositions: [0, 1],
|
|
382
565
|
},
|
|
566
|
+
// =========================================================
|
|
567
|
+
// React XSS Sinks
|
|
568
|
+
// =========================================================
|
|
569
|
+
{
|
|
570
|
+
// Most common React XSS vector
|
|
571
|
+
method: 'dangerouslySetInnerHTML',
|
|
572
|
+
type: 'xss',
|
|
573
|
+
cwe: 'CWE-79',
|
|
574
|
+
severity: 'critical',
|
|
575
|
+
argPositions: [0], // The __html property value
|
|
576
|
+
},
|
|
577
|
+
{
|
|
578
|
+
// Rendering user-controlled href with javascript:
|
|
579
|
+
method: 'href',
|
|
580
|
+
type: 'xss',
|
|
581
|
+
cwe: 'CWE-79',
|
|
582
|
+
severity: 'high',
|
|
583
|
+
argPositions: [0],
|
|
584
|
+
},
|
|
585
|
+
{
|
|
586
|
+
// createRef().current.innerHTML
|
|
587
|
+
method: 'current.innerHTML',
|
|
588
|
+
type: 'xss',
|
|
589
|
+
cwe: 'CWE-79',
|
|
590
|
+
severity: 'high',
|
|
591
|
+
argPositions: [0],
|
|
592
|
+
},
|
|
593
|
+
// =========================================================
|
|
594
|
+
// React Native Sinks
|
|
595
|
+
// =========================================================
|
|
596
|
+
{
|
|
597
|
+
// WebView with user-controlled source
|
|
598
|
+
method: 'source',
|
|
599
|
+
class: 'WebView',
|
|
600
|
+
type: 'xss',
|
|
601
|
+
cwe: 'CWE-79',
|
|
602
|
+
severity: 'critical',
|
|
603
|
+
argPositions: [0], // { html: userInput } or { uri: userInput }
|
|
604
|
+
},
|
|
605
|
+
{
|
|
606
|
+
// Open arbitrary URLs
|
|
607
|
+
method: 'openURL',
|
|
608
|
+
class: 'Linking',
|
|
609
|
+
type: 'open_redirect',
|
|
610
|
+
cwe: 'CWE-601',
|
|
611
|
+
severity: 'high',
|
|
612
|
+
argPositions: [0],
|
|
613
|
+
},
|
|
614
|
+
{
|
|
615
|
+
method: 'canOpenURL',
|
|
616
|
+
class: 'Linking',
|
|
617
|
+
type: 'ssrf',
|
|
618
|
+
cwe: 'CWE-918',
|
|
619
|
+
severity: 'medium',
|
|
620
|
+
argPositions: [0],
|
|
621
|
+
},
|
|
622
|
+
{
|
|
623
|
+
// Expo WebBrowser
|
|
624
|
+
method: 'openBrowserAsync',
|
|
625
|
+
class: 'WebBrowser',
|
|
626
|
+
type: 'open_redirect',
|
|
627
|
+
cwe: 'CWE-601',
|
|
628
|
+
severity: 'high',
|
|
629
|
+
argPositions: [0],
|
|
630
|
+
},
|
|
631
|
+
{
|
|
632
|
+
method: 'openAuthSessionAsync',
|
|
633
|
+
class: 'WebBrowser',
|
|
634
|
+
type: 'open_redirect',
|
|
635
|
+
cwe: 'CWE-601',
|
|
636
|
+
severity: 'high',
|
|
637
|
+
argPositions: [0],
|
|
638
|
+
},
|
|
639
|
+
// =========================================================
|
|
640
|
+
// Next.js Sinks
|
|
641
|
+
// =========================================================
|
|
642
|
+
{
|
|
643
|
+
// Server-side redirect
|
|
644
|
+
method: 'redirect',
|
|
645
|
+
type: 'open_redirect',
|
|
646
|
+
cwe: 'CWE-601',
|
|
647
|
+
severity: 'high',
|
|
648
|
+
argPositions: [0],
|
|
649
|
+
},
|
|
650
|
+
{
|
|
651
|
+
// Router push with user-controlled URL
|
|
652
|
+
method: 'push',
|
|
653
|
+
class: 'router',
|
|
654
|
+
type: 'open_redirect',
|
|
655
|
+
cwe: 'CWE-601',
|
|
656
|
+
severity: 'medium',
|
|
657
|
+
argPositions: [0],
|
|
658
|
+
},
|
|
659
|
+
{
|
|
660
|
+
method: 'replace',
|
|
661
|
+
class: 'router',
|
|
662
|
+
type: 'open_redirect',
|
|
663
|
+
cwe: 'CWE-601',
|
|
664
|
+
severity: 'medium',
|
|
665
|
+
argPositions: [0],
|
|
666
|
+
},
|
|
667
|
+
// =========================================================
|
|
668
|
+
// React/General JS Security Sinks
|
|
669
|
+
// =========================================================
|
|
670
|
+
{
|
|
671
|
+
// Dynamic component loading
|
|
672
|
+
method: 'createElement',
|
|
673
|
+
class: 'React',
|
|
674
|
+
type: 'code_injection',
|
|
675
|
+
cwe: 'CWE-94',
|
|
676
|
+
severity: 'high',
|
|
677
|
+
argPositions: [0], // When first arg is user-controlled string
|
|
678
|
+
},
|
|
679
|
+
{
|
|
680
|
+
// Importing user-controlled modules
|
|
681
|
+
method: 'import',
|
|
682
|
+
type: 'code_injection',
|
|
683
|
+
cwe: 'CWE-94',
|
|
684
|
+
severity: 'critical',
|
|
685
|
+
argPositions: [0],
|
|
686
|
+
},
|
|
687
|
+
{
|
|
688
|
+
method: 'require',
|
|
689
|
+
type: 'code_injection',
|
|
690
|
+
cwe: 'CWE-94',
|
|
691
|
+
severity: 'critical',
|
|
692
|
+
argPositions: [0],
|
|
693
|
+
},
|
|
694
|
+
// =========================================================
|
|
695
|
+
// Data Exposure Sinks (React Native)
|
|
696
|
+
// =========================================================
|
|
697
|
+
{
|
|
698
|
+
// Logging sensitive data
|
|
699
|
+
method: 'log',
|
|
700
|
+
class: 'console',
|
|
701
|
+
type: 'information_exposure',
|
|
702
|
+
cwe: 'CWE-532',
|
|
703
|
+
severity: 'low',
|
|
704
|
+
argPositions: [0],
|
|
705
|
+
},
|
|
706
|
+
{
|
|
707
|
+
// Storing sensitive data insecurely
|
|
708
|
+
method: 'setItem',
|
|
709
|
+
class: 'AsyncStorage',
|
|
710
|
+
type: 'insecure_storage',
|
|
711
|
+
cwe: 'CWE-922',
|
|
712
|
+
severity: 'medium',
|
|
713
|
+
argPositions: [1],
|
|
714
|
+
},
|
|
383
715
|
];
|
|
384
716
|
}
|
|
385
717
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"javascript.js","sourceRoot":"","sources":["../../../src/languages/plugins/javascript.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAeH,OAAO,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAE/C;;;GAGG;AACH,MAAM,OAAO,gBAAiB,SAAQ,kBAAkB;IAC7C,EAAE,GAAG,YAAqB,CAAC;IAC3B,IAAI,GAAG,uBAAuB,CAAC;IAC/B,UAAU,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5D,QAAQ,GAAG,6BAA6B,CAAC;IAEzC,SAAS,GAAsB;QACtC,oBAAoB;QACpB,gBAAgB,EAAE,CAAC,mBAAmB,EAAE,OAAO,CAAC;QAChD,oBAAoB,EAAE,CAAC,uBAAuB,CAAC;QAC/C,eAAe,EAAE,CAAC,kBAAkB,CAAC;QACrC,mBAAmB,EAAE,CAAC,sBAAsB,EAAE,UAAU,EAAE,gBAAgB,CAAC;QAC3E,iBAAiB,EAAE,CAAC,mBAAmB,CAAC;QAExC,cAAc;QACd,UAAU,EAAE,CAAC,iBAAiB,CAAC;QAC/B,YAAY,EAAE,CAAC,iBAAiB,CAAC;QACjC,UAAU,EAAE,CAAC,uBAAuB,CAAC;QACrC,mBAAmB,EAAE,CAAC,qBAAqB,EAAE,sBAAsB,CAAC;QAEpE,2BAA2B;QAC3B,SAAS,EAAE,CAAC,mBAAmB,EAAE,oBAAoB,EAAE,oBAAoB,CAAC;QAC5E,QAAQ,EAAE,CAAC,WAAW,CAAC;QAEvB,yBAAyB;QACzB,UAAU,EAAE,EAAE;QACd,SAAS,EAAE,CAAC,WAAW,CAAC;QAExB,UAAU;QACV,eAAe,EAAE,CAAC,kBAAkB,CAAC;QAErC,eAAe;QACf,WAAW,EAAE,CAAC,cAAc,CAAC;QAC7B,YAAY,EAAE,CAAC,eAAe,EAAE,kBAAkB,EAAE,kBAAkB,CAAC;QACvE,cAAc,EAAE,CAAC,iBAAiB,CAAC;QACnC,YAAY,EAAE,CAAC,eAAe,CAAC;QAC/B,eAAe,EAAE,CAAC,kBAAkB,CAAC;KACtC,CAAC;IAEF;;OAEG;IACH,eAAe,CAAC,OAA0B;QACxC,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,IAAI,SAA6B,CAAC;QAClC,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnB,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,aAAa,CAAC;YAEnD,aAAa;YACb,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,SAAS,GAAG,SAAS,CAAC;gBACtB,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,UAAU;YACV,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,SAAS,GAAG,SAAS,CAAC;gBACtB,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,MAAM;YACN,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9C,SAAS,GAAG,KAAK,CAAC;gBAClB,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,OAAO;YACP,IAAI,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACvD,SAAS,GAAG,MAAM,CAAC;gBACnB,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,SAAS;YACT,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAChC,SAAS,GAAG,QAAQ,CAAC;gBACrB,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,QAAQ;YACR,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClD,SAAS,GAAG,SAAS,IAAI,OAAO,CAAC;gBACjC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;gBACvC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,UAAU;YACV,IAAI,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChD,SAAS,GAAG,QAAQ,CAAC;gBACrB,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;gBACvC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;QACrD,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO;YACL,4BAA4B;YAC5B;gBACE,MAAM,EAAE,OAAO;gBACf,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,QAAQ;gBAChB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,SAAS;gBACjB,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,SAAS;gBACjB,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YAED,sBAAsB;YACtB;gBACE,MAAM,EAAE,KAAK;gBACb,KAAK,EAAE,iBAAiB;gBACxB,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YAED,iCAAiC;YACjC;gBACE,MAAM,EAAE,UAAU;gBAClB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,cAAc;gBACtB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,mBAAmB;gBAC3B,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YAED,kBAAkB;YAClB;gBACE,MAAM,EAAE,MAAM;gBACd,KAAK,EAAE,SAAS;gBAChB,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,KAAK;gBACb,KAAK,EAAE,SAAS;gBAChB,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YAED,cAAc;YACd;gBACE,MAAM,EAAE,cAAc;gBACtB,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,UAAU;gBAClB,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO;YACL,oBAAoB;YACpB;gBACE,MAAM,EAAE,MAAM;gBACd,KAAK,EAAE,eAAe;gBACtB,IAAI,EAAE,mBAAmB;gBACzB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,UAAU;gBAClB,KAAK,EAAE,eAAe;gBACtB,IAAI,EAAE,mBAAmB;gBACzB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,OAAO;gBACf,KAAK,EAAE,eAAe;gBACtB,IAAI,EAAE,mBAAmB;gBACzB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;aACrB;YAED,iBAAiB;YACjB;gBACE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,UAAU;gBAClB,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,YAAY;gBACpB,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC,EAAG,2BAA2B;aAChD;YACD;gBACE,MAAM,EAAE,aAAa;gBACrB,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC,EAAG,2BAA2B;aAChD;YAED,iBAAiB;YACjB;gBACE,MAAM,EAAE,cAAc;gBACtB,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,eAAe;gBACvB,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,kBAAkB;gBAC1B,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,YAAY;YACZ;gBACE,MAAM,EAAE,WAAW;gBACnB,IAAI,EAAE,KAAK;gBACX,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,WAAW;gBACnB,IAAI,EAAE,KAAK;gBACX,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,gBAAgB;gBACxB,IAAI,EAAE,KAAK;gBACX,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,gBAAgB;YAChB;gBACE,MAAM,EAAE,OAAO;gBACf,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,OAAO;YACP;gBACE,MAAM,EAAE,OAAO;gBACf,IAAI,EAAE,MAAM;gBACZ,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,KAAK;gBACb,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,MAAM;gBACZ,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,MAAM;gBACZ,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,kBAAkB;YAClB;gBACE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,iBAAiB;gBACvB,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,SAAS;gBACjB,IAAI,EAAE,iBAAiB;gBACvB,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,oCAAoC;YACpC;gBACE,MAAM,EAAE,OAAO;gBACf,IAAI,EAAE,qBAAqB;gBAC3B,GAAG,EAAE,UAAU;gBACf,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;aACrB;YACD;gBACE,MAAM,EAAE,QAAQ;gBAChB,IAAI,EAAE,qBAAqB;gBAC3B,GAAG,EAAE,UAAU;gBACf,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;aACrB;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,IAAgB,EAAE,OAA0B;QAC1D,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB;YAAE,OAAO,SAAS,CAAC;QAEtD,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM;YAAE,OAAO,SAAS,CAAC;QAE9B,2CAA2C;QAC3C,IAAI,MAAM,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YAClD,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,MAAM,CAAC,IAAI,CAAC;YACrB,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,IAAgB;QAC9B,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ;YACtB,IAAI,CAAC,IAAI,KAAK,iBAAiB;YAC/B,IAAI,CAAC,IAAI,KAAK,iBAAiB,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,IAAgB;QAC7B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC;YAAE,OAAO,SAAS,CAAC;QAElD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QAEvB,0BAA0B;QAC1B,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QAED,yBAAyB;QACzB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC5C,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+DAA+D;IAE/D,YAAY,CAAC,OAA0B;QACrC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,YAAY,CAAC,OAA0B;QACrC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,cAAc,CAAC,OAA0B;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,cAAc,CAAC,OAA0B;QACvC,+CAA+C;QAC/C,oDAAoD;QACpD,OAAO,SAAS,CAAC;IACnB,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"javascript.js","sourceRoot":"","sources":["../../../src/languages/plugins/javascript.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAeH,OAAO,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAE/C;;;GAGG;AACH,MAAM,OAAO,gBAAiB,SAAQ,kBAAkB;IAC7C,EAAE,GAAG,YAAqB,CAAC;IAC3B,IAAI,GAAG,uBAAuB,CAAC;IAC/B,UAAU,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5D,QAAQ,GAAG,6BAA6B,CAAC;IAEzC,SAAS,GAAsB;QACtC,oBAAoB;QACpB,gBAAgB,EAAE,CAAC,mBAAmB,EAAE,OAAO,CAAC;QAChD,oBAAoB,EAAE,CAAC,uBAAuB,CAAC;QAC/C,eAAe,EAAE,CAAC,kBAAkB,CAAC;QACrC,mBAAmB,EAAE,CAAC,sBAAsB,EAAE,UAAU,EAAE,gBAAgB,CAAC;QAC3E,iBAAiB,EAAE,CAAC,mBAAmB,CAAC;QAExC,cAAc;QACd,UAAU,EAAE,CAAC,iBAAiB,CAAC;QAC/B,YAAY,EAAE,CAAC,iBAAiB,CAAC;QACjC,UAAU,EAAE,CAAC,uBAAuB,CAAC;QACrC,mBAAmB,EAAE,CAAC,qBAAqB,EAAE,sBAAsB,CAAC;QAEpE,2BAA2B;QAC3B,SAAS,EAAE,CAAC,mBAAmB,EAAE,oBAAoB,EAAE,oBAAoB,CAAC;QAC5E,QAAQ,EAAE,CAAC,WAAW,CAAC;QAEvB,yBAAyB;QACzB,UAAU,EAAE,EAAE;QACd,SAAS,EAAE,CAAC,WAAW,CAAC;QAExB,UAAU;QACV,eAAe,EAAE,CAAC,kBAAkB,CAAC;QAErC,eAAe;QACf,WAAW,EAAE,CAAC,cAAc,CAAC;QAC7B,YAAY,EAAE,CAAC,eAAe,EAAE,kBAAkB,EAAE,kBAAkB,CAAC;QACvE,cAAc,EAAE,CAAC,iBAAiB,CAAC;QACnC,YAAY,EAAE,CAAC,eAAe,CAAC;QAC/B,eAAe,EAAE,CAAC,kBAAkB,CAAC;KACtC,CAAC;IAEF;;OAEG;IACH,eAAe,CAAC,OAA0B;QACxC,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,IAAI,SAA6B,CAAC;QAClC,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnB,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,aAAa,CAAC;YAEnD,aAAa;YACb,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,SAAS,GAAG,SAAS,CAAC;gBACtB,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,UAAU;YACV,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,SAAS,GAAG,SAAS,CAAC;gBACtB,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,MAAM;YACN,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9C,SAAS,GAAG,KAAK,CAAC;gBAClB,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,OAAO;YACP,IAAI,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACvD,SAAS,GAAG,MAAM,CAAC;gBACnB,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,SAAS;YACT,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAChC,SAAS,GAAG,QAAQ,CAAC;gBACrB,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,QAAQ;YACR,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;gBAC1E,SAAS,GAAG,SAAS,IAAI,OAAO,CAAC;gBACjC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;gBACvC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,eAAe;YACf,IAAI,IAAI,KAAK,cAAc,IAAI,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBACrG,SAAS,GAAG,cAAc,CAAC;gBAC3B,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,kCAAkC;YAClC,IAAI,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC1C,SAAS,GAAG,SAAS,IAAI,cAAc,CAAC;gBACxC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;gBACvC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,eAAe;YACf,IAAI,IAAI,KAAK,cAAc,IAAI,IAAI,KAAK,kBAAkB,IAAI,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;gBAC/F,SAAS,GAAG,SAAS,IAAI,OAAO,CAAC;gBACjC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,UAAU;YACV,IAAI,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChD,SAAS,GAAG,QAAQ,CAAC;gBACrB,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;gBACvC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,sBAAsB;YACtB,IAAI,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChD,SAAS,GAAG,SAAS,IAAI,cAAc,CAAC;gBACxC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;QACrD,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO;YACL,4BAA4B;YAC5B;gBACE,MAAM,EAAE,OAAO;gBACf,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,QAAQ;gBAChB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,SAAS;gBACjB,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,SAAS;gBACjB,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YAED,sBAAsB;YACtB;gBACE,MAAM,EAAE,KAAK;gBACb,KAAK,EAAE,iBAAiB;gBACxB,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YAED,iCAAiC;YACjC;gBACE,MAAM,EAAE,UAAU;gBAClB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,cAAc;gBACtB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,mBAAmB;gBAC3B,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YAED,kBAAkB;YAClB;gBACE,MAAM,EAAE,MAAM;gBACd,KAAK,EAAE,SAAS;gBAChB,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,KAAK;gBACb,KAAK,EAAE,SAAS;gBAChB,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YAED,cAAc;YACd;gBACE,MAAM,EAAE,cAAc;gBACtB,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,UAAU;gBAClB,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YAED,4DAA4D;YAC5D,uBAAuB;YACvB,4DAA4D;YAC5D;gBACE,MAAM,EAAE,WAAW;gBACnB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,iBAAiB;gBACzB,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,aAAa;gBACrB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YAED,4DAA4D;YAC5D,kBAAkB;YAClB,4DAA4D;YAC5D;gBACE,MAAM,EAAE,WAAW;gBACnB,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI,EAAG,8BAA8B;aACrD;YACD;gBACE,MAAM,EAAE,iBAAiB,EAAG,qBAAqB;gBACjD,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,aAAa;gBACrB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,mDAAmD;gBACnD,MAAM,EAAE,QAAQ;gBAChB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YAED,4DAA4D;YAC5D,uBAAuB;YACvB,4DAA4D;YAC5D;gBACE,gCAAgC;gBAChC,MAAM,EAAE,UAAU;gBAClB,IAAI,EAAE,kBAAkB;gBACxB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,eAAe;gBACf,MAAM,EAAE,eAAe;gBACvB,KAAK,EAAE,SAAS;gBAChB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,kBAAkB;gBAC1B,KAAK,EAAE,SAAS;gBAChB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,OAAO;gBACf,KAAK,EAAE,SAAS;gBAChB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,oBAAoB;gBACpB,MAAM,EAAE,WAAW;gBACnB,KAAK,EAAE,WAAW;gBAClB,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,gBAAgB;gBACxB,KAAK,EAAE,WAAW;gBAClB,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,uCAAuC;gBACvC,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,cAAc;gBACrB,IAAI,EAAE,eAAe;gBACrB,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,UAAU;gBAClB,KAAK,EAAE,cAAc;gBACrB,IAAI,EAAE,eAAe;gBACrB,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,qBAAqB;gBACrB,MAAM,EAAE,cAAc;gBACtB,KAAK,EAAE,aAAa;gBACpB,IAAI,EAAE,eAAe;gBACrB,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YAED,4DAA4D;YAC5D,uCAAuC;YACvC,4DAA4D;YAC5D;gBACE,MAAM,EAAE,sBAAsB;gBAC9B,IAAI,EAAE,eAAe;gBACrB,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,wBAAwB;gBAChC,IAAI,EAAE,eAAe;gBACrB,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;YACD;gBACE,MAAM,EAAE,aAAa;gBACrB,IAAI,EAAE,eAAe;gBACrB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,IAAI;aACpB;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO;YACL,oBAAoB;YACpB;gBACE,MAAM,EAAE,MAAM;gBACd,KAAK,EAAE,eAAe;gBACtB,IAAI,EAAE,mBAAmB;gBACzB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,UAAU;gBAClB,KAAK,EAAE,eAAe;gBACtB,IAAI,EAAE,mBAAmB;gBACzB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,OAAO;gBACf,KAAK,EAAE,eAAe;gBACtB,IAAI,EAAE,mBAAmB;gBACzB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;aACrB;YAED,iBAAiB;YACjB;gBACE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,UAAU;gBAClB,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,YAAY;gBACpB,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC,EAAG,2BAA2B;aAChD;YACD;gBACE,MAAM,EAAE,aAAa;gBACrB,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC,EAAG,2BAA2B;aAChD;YAED,iBAAiB;YACjB;gBACE,MAAM,EAAE,cAAc;gBACtB,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,eAAe;gBACvB,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,kBAAkB;gBAC1B,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,YAAY;YACZ;gBACE,MAAM,EAAE,WAAW;gBACnB,IAAI,EAAE,KAAK;gBACX,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,WAAW;gBACnB,IAAI,EAAE,KAAK;gBACX,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,gBAAgB;gBACxB,IAAI,EAAE,KAAK;gBACX,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,gBAAgB;YAChB;gBACE,MAAM,EAAE,OAAO;gBACf,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,OAAO;YACP;gBACE,MAAM,EAAE,OAAO;gBACf,IAAI,EAAE,MAAM;gBACZ,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,KAAK;gBACb,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,MAAM;gBACZ,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,MAAM;gBACZ,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,kBAAkB;YAClB;gBACE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,iBAAiB;gBACvB,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,SAAS;gBACjB,IAAI,EAAE,iBAAiB;gBACvB,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,oCAAoC;YACpC;gBACE,MAAM,EAAE,OAAO;gBACf,IAAI,EAAE,qBAAqB;gBAC3B,GAAG,EAAE,UAAU;gBACf,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;aACrB;YACD;gBACE,MAAM,EAAE,QAAQ;gBAChB,IAAI,EAAE,qBAAqB;gBAC3B,GAAG,EAAE,UAAU;gBACf,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;aACrB;YAED,4DAA4D;YAC5D,kBAAkB;YAClB,4DAA4D;YAC5D;gBACE,+BAA+B;gBAC/B,MAAM,EAAE,yBAAyB;gBACjC,IAAI,EAAE,KAAK;gBACX,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC,EAAG,4BAA4B;aACjD;YACD;gBACE,kDAAkD;gBAClD,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,KAAK;gBACX,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,gCAAgC;gBAChC,MAAM,EAAE,mBAAmB;gBAC3B,IAAI,EAAE,KAAK;gBACX,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,4DAA4D;YAC5D,qBAAqB;YACrB,4DAA4D;YAC5D;gBACE,sCAAsC;gBACtC,MAAM,EAAE,QAAQ;gBAChB,KAAK,EAAE,SAAS;gBAChB,IAAI,EAAE,KAAK;gBACX,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC,EAAG,4CAA4C;aACjE;YACD;gBACE,sBAAsB;gBACtB,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,SAAS;gBAChB,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,YAAY;gBACpB,KAAK,EAAE,SAAS;gBAChB,IAAI,EAAE,MAAM;gBACZ,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,QAAQ;gBAClB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,kBAAkB;gBAClB,MAAM,EAAE,kBAAkB;gBAC1B,KAAK,EAAE,YAAY;gBACnB,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,sBAAsB;gBAC9B,KAAK,EAAE,YAAY;gBACnB,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,4DAA4D;YAC5D,gBAAgB;YAChB,4DAA4D;YAC5D;gBACE,uBAAuB;gBACvB,MAAM,EAAE,UAAU;gBAClB,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,uCAAuC;gBACvC,MAAM,EAAE,MAAM;gBACd,KAAK,EAAE,QAAQ;gBACf,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,QAAQ;gBAClB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,QAAQ;gBACf,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,QAAQ;gBAClB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,4DAA4D;YAC5D,kCAAkC;YAClC,4DAA4D;YAC5D;gBACE,4BAA4B;gBAC5B,MAAM,EAAE,eAAe;gBACvB,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC,EAAG,2CAA2C;aAChE;YACD;gBACE,oCAAoC;gBACpC,MAAM,EAAE,QAAQ;gBAChB,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,SAAS;gBACjB,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,4DAA4D;YAC5D,qCAAqC;YACrC,4DAA4D;YAC5D;gBACE,yBAAyB;gBACzB,MAAM,EAAE,KAAK;gBACb,KAAK,EAAE,SAAS;gBAChB,IAAI,EAAE,sBAAsB;gBAC5B,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,KAAK;gBACf,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,oCAAoC;gBACpC,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,cAAc;gBACrB,IAAI,EAAE,kBAAkB;gBACxB,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,QAAQ;gBAClB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,IAAgB,EAAE,OAA0B;QAC1D,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB;YAAE,OAAO,SAAS,CAAC;QAEtD,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM;YAAE,OAAO,SAAS,CAAC;QAE9B,2CAA2C;QAC3C,IAAI,MAAM,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YAClD,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,MAAM,CAAC,IAAI,CAAC;YACrB,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,IAAgB;QAC9B,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ;YACtB,IAAI,CAAC,IAAI,KAAK,iBAAiB;YAC/B,IAAI,CAAC,IAAI,KAAK,iBAAiB,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,IAAgB;QAC7B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC;YAAE,OAAO,SAAS,CAAC;QAElD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QAEvB,0BAA0B;QAC1B,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QAED,yBAAyB;QACzB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC5C,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+DAA+D;IAE/D,YAAY,CAAC,OAA0B;QACrC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,YAAY,CAAC,OAA0B;QACrC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,cAAc,CAAC,OAA0B;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,cAAc,CAAC,OAA0B;QACvC,+CAA+C;QAC/C,oDAAoD;QACpD,OAAO,SAAS,CAAC;IACnB,CAAC;CACF"}
|
package/dist/types/index.d.ts
CHANGED
|
@@ -144,7 +144,7 @@ export interface TaintFlowStep {
|
|
|
144
144
|
line: number;
|
|
145
145
|
type: 'source' | 'assignment' | 'use' | 'return' | 'field' | 'sink';
|
|
146
146
|
}
|
|
147
|
-
export type SourceType = "http_param" | "http_body" | "http_header" | "http_cookie" | "http_path" | "http_query" | "io_input" | "env_input" | "db_input" | "network_input" | "file_input" | "config_param" | "interprocedural_param" | "plugin_param" | "constructor_field";
|
|
147
|
+
export type SourceType = "http_param" | "http_body" | "http_header" | "http_cookie" | "http_path" | "http_query" | "io_input" | "env_input" | "db_input" | "network_input" | "file_input" | "dom_input" | "config_param" | "interprocedural_param" | "plugin_param" | "constructor_field";
|
|
148
148
|
export type SinkType = "sql_injection" | "nosql_injection" | "command_injection" | "path_traversal" | "xss" | "xxe" | "deserialization" | "ldap_injection" | "xpath_injection" | "ssrf" | "open_redirect" | "code_injection" | "log_injection" | "weak_random" | "weak_hash" | "weak_crypto" | "insecure_cookie" | "trust_boundary" | "external_taint_escape";
|
|
149
149
|
export type Severity = "critical" | "high" | "medium" | "low";
|
|
150
150
|
export interface TaintSource {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "circle-ir",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.2.0",
|
|
4
4
|
"description": "High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.js",
|
|
@@ -37,6 +37,7 @@
|
|
|
37
37
|
"build:browser": "esbuild src/browser.ts --bundle --format=esm --platform=browser --external:fs --external:fs/promises --external:path --external:module --external:crypto --external:pino --outfile=dist/browser/circle-ir.js && mkdir -p dist/wasm && cp node_modules/web-tree-sitter/web-tree-sitter.wasm dist/wasm/ && cp wasm/*.wasm dist/wasm/",
|
|
38
38
|
"build:core": "esbuild src/core-lib.ts --bundle --format=esm --platform=neutral --external:fs --external:fs/promises --external:path --external:module --external:pino --external:crypto --outfile=dist/core/circle-ir-core.js && esbuild src/core-lib.ts --bundle --format=cjs --platform=neutral --external:fs --external:fs/promises --external:path --external:module --external:pino --external:crypto --outfile=dist/core/circle-ir-core.cjs && cp dist/core-lib.d.ts dist/core/circle-ir-core.d.ts",
|
|
39
39
|
"build:all": "npm run build && npm run build:browser && npm run build:core",
|
|
40
|
+
"clean": "rm -rf dist coverage *.tsbuildinfo *.tgz",
|
|
40
41
|
"typecheck": "tsc --noEmit",
|
|
41
42
|
"prepublishOnly": "npm run build:all && npm test",
|
|
42
43
|
"prepack": "npm run build:all"
|