npm - circle-ir - Versions diffs - 3.1.0 - Mend

circle-ir 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (194) hide show

package/LICENSE +15 -0
package/README.md +200 -0
package/configs/sinks/code_injection.yaml +672 -0
package/configs/sinks/command.yaml +917 -0
package/configs/sinks/deserialization.yaml +105 -0
package/configs/sinks/ldap.yaml +136 -0
package/configs/sinks/nodejs.json +629 -0
package/configs/sinks/path.yaml +715 -0
package/configs/sinks/python.json +501 -0
package/configs/sinks/rust.json +339 -0
package/configs/sinks/sql.yaml +233 -0
package/configs/sinks/ssrf.yaml +160 -0
package/configs/sinks/xpath.yaml +121 -0
package/configs/sinks/xss.yaml +727 -0
package/configs/sources/db_sources.yaml +90 -0
package/configs/sources/env_sources.yaml +94 -0
package/configs/sources/express.json +197 -0
package/configs/sources/file_sources.yaml +164 -0
package/configs/sources/http_sources.yaml +379 -0
package/configs/sources/io_sources.yaml +519 -0
package/configs/sources/network_sources.yaml +99 -0
package/configs/sources/python.json +230 -0
package/configs/sources/rust.json +286 -0
package/configs/sources/spring.yaml +70 -0
package/dist/analysis/advisory-db.d.ts +86 -0
package/dist/analysis/advisory-db.js +104 -0
package/dist/analysis/advisory-db.js.map +1 -0
package/dist/analysis/cargo-parser.d.ts +42 -0
package/dist/analysis/cargo-parser.js +102 -0
package/dist/analysis/cargo-parser.js.map +1 -0
package/dist/analysis/config-loader.d.ts +37 -0
package/dist/analysis/config-loader.js +1561 -0
package/dist/analysis/config-loader.js.map +1 -0
package/dist/analysis/constant-propagation/ast-utils.d.ts +25 -0
package/dist/analysis/constant-propagation/ast-utils.js +34 -0
package/dist/analysis/constant-propagation/ast-utils.js.map +1 -0
package/dist/analysis/constant-propagation/evaluator.d.ts +32 -0
package/dist/analysis/constant-propagation/evaluator.js +296 -0
package/dist/analysis/constant-propagation/evaluator.js.map +1 -0
package/dist/analysis/constant-propagation/index.d.ts +62 -0
package/dist/analysis/constant-propagation/index.js +152 -0
package/dist/analysis/constant-propagation/index.js.map +1 -0
package/dist/analysis/constant-propagation/patterns.d.ts +8 -0
package/dist/analysis/constant-propagation/patterns.js +126 -0
package/dist/analysis/constant-propagation/patterns.js.map +1 -0
package/dist/analysis/constant-propagation/propagator.d.ts +180 -0
package/dist/analysis/constant-propagation/propagator.js +1985 -0
package/dist/analysis/constant-propagation/propagator.js.map +1 -0
package/dist/analysis/constant-propagation/types.d.ts +63 -0
package/dist/analysis/constant-propagation/types.js +5 -0
package/dist/analysis/constant-propagation/types.js.map +1 -0
package/dist/analysis/constant-propagation.d.ts +9 -0
package/dist/analysis/constant-propagation.js +18 -0
package/dist/analysis/constant-propagation.js.map +1 -0
package/dist/analysis/dependency-scanner.d.ts +79 -0
package/dist/analysis/dependency-scanner.js +122 -0
package/dist/analysis/dependency-scanner.js.map +1 -0
package/dist/analysis/dfg-verifier.d.ts +116 -0
package/dist/analysis/dfg-verifier.js +399 -0
package/dist/analysis/dfg-verifier.js.map +1 -0
package/dist/analysis/findings.d.ts +11 -0
package/dist/analysis/findings.js +228 -0
package/dist/analysis/findings.js.map +1 -0
package/dist/analysis/index.d.ts +16 -0
package/dist/analysis/index.js +18 -0
package/dist/analysis/index.js.map +1 -0
package/dist/analysis/interprocedural.d.ts +99 -0
package/dist/analysis/interprocedural.js +526 -0
package/dist/analysis/interprocedural.js.map +1 -0
package/dist/analysis/path-finder.d.ts +133 -0
package/dist/analysis/path-finder.js +354 -0
package/dist/analysis/path-finder.js.map +1 -0
package/dist/analysis/rules.d.ts +75 -0
package/dist/analysis/rules.js +332 -0
package/dist/analysis/rules.js.map +1 -0
package/dist/analysis/semver.d.ts +27 -0
package/dist/analysis/semver.js +127 -0
package/dist/analysis/semver.js.map +1 -0
package/dist/analysis/taint-matcher.d.ts +15 -0
package/dist/analysis/taint-matcher.js +634 -0
package/dist/analysis/taint-matcher.js.map +1 -0
package/dist/analysis/taint-propagation.d.ts +67 -0
package/dist/analysis/taint-propagation.js +298 -0
package/dist/analysis/taint-propagation.js.map +1 -0
package/dist/analysis/unresolved.d.ts +14 -0
package/dist/analysis/unresolved.js +202 -0
package/dist/analysis/unresolved.js.map +1 -0
package/dist/analyzer.d.ts +43 -0
package/dist/analyzer.js +1010 -0
package/dist/analyzer.js.map +1 -0
package/dist/browser/circle-ir.js +16576 -0
package/dist/browser.d.ts +38 -0
package/dist/browser.js +38 -0
package/dist/browser.js.map +1 -0
package/dist/core/circle-ir-core.cjs +13626 -0
package/dist/core/circle-ir-core.d.ts +59 -0
package/dist/core/circle-ir-core.js +13591 -0
package/dist/core/extractors/calls.d.ts +13 -0
package/dist/core/extractors/calls.js +1429 -0
package/dist/core/extractors/calls.js.map +1 -0
package/dist/core/extractors/cfg.d.ts +9 -0
package/dist/core/extractors/cfg.js +519 -0
package/dist/core/extractors/cfg.js.map +1 -0
package/dist/core/extractors/dfg.d.ts +12 -0
package/dist/core/extractors/dfg.js +1081 -0
package/dist/core/extractors/dfg.js.map +1 -0
package/dist/core/extractors/exports.d.ts +14 -0
package/dist/core/extractors/exports.js +80 -0
package/dist/core/extractors/exports.js.map +1 -0
package/dist/core/extractors/imports.d.ts +9 -0
package/dist/core/extractors/imports.js +739 -0
package/dist/core/extractors/imports.js.map +1 -0
package/dist/core/extractors/index.d.ts +10 -0
package/dist/core/extractors/index.js +11 -0
package/dist/core/extractors/index.js.map +1 -0
package/dist/core/extractors/meta.d.ts +10 -0
package/dist/core/extractors/meta.js +109 -0
package/dist/core/extractors/meta.js.map +1 -0
package/dist/core/extractors/types.d.ts +10 -0
package/dist/core/extractors/types.js +1479 -0
package/dist/core/extractors/types.js.map +1 -0
package/dist/core/index.d.ts +5 -0
package/dist/core/index.js +8 -0
package/dist/core/index.js.map +1 -0
package/dist/core/parser.d.ts +84 -0
package/dist/core/parser.js +250 -0
package/dist/core/parser.js.map +1 -0
package/dist/core-lib.d.ts +59 -0
package/dist/core-lib.js +62 -0
package/dist/core-lib.js.map +1 -0
package/dist/index.d.ts +15 -0
package/dist/index.js +20 -0
package/dist/index.js.map +1 -0
package/dist/languages/index.d.ts +11 -0
package/dist/languages/index.js +14 -0
package/dist/languages/index.js.map +1 -0
package/dist/languages/plugins/base.d.ts +44 -0
package/dist/languages/plugins/base.js +82 -0
package/dist/languages/plugins/base.js.map +1 -0
package/dist/languages/plugins/index.d.ts +14 -0
package/dist/languages/plugins/index.js +25 -0
package/dist/languages/plugins/index.js.map +1 -0
package/dist/languages/plugins/java.d.ts +49 -0
package/dist/languages/plugins/java.js +402 -0
package/dist/languages/plugins/java.js.map +1 -0
package/dist/languages/plugins/javascript.d.ts +48 -0
package/dist/languages/plugins/javascript.js +445 -0
package/dist/languages/plugins/javascript.js.map +1 -0
package/dist/languages/plugins/python.d.ts +47 -0
package/dist/languages/plugins/python.js +480 -0
package/dist/languages/plugins/python.js.map +1 -0
package/dist/languages/plugins/rust.d.ts +47 -0
package/dist/languages/plugins/rust.js +405 -0
package/dist/languages/plugins/rust.js.map +1 -0
package/dist/languages/registry.d.ts +30 -0
package/dist/languages/registry.js +80 -0
package/dist/languages/registry.js.map +1 -0
package/dist/languages/types.d.ts +184 -0
package/dist/languages/types.js +8 -0
package/dist/languages/types.js.map +1 -0
package/dist/resolution/cross-file.d.ts +146 -0
package/dist/resolution/cross-file.js +439 -0
package/dist/resolution/cross-file.js.map +1 -0
package/dist/resolution/index.d.ts +12 -0
package/dist/resolution/index.js +10 -0
package/dist/resolution/index.js.map +1 -0
package/dist/resolution/symbol-table.d.ts +136 -0
package/dist/resolution/symbol-table.js +336 -0
package/dist/resolution/symbol-table.js.map +1 -0
package/dist/resolution/type-hierarchy.d.ts +124 -0
package/dist/resolution/type-hierarchy.js +515 -0
package/dist/resolution/type-hierarchy.js.map +1 -0
package/dist/types/config.d.ts +45 -0
package/dist/types/config.js +5 -0
package/dist/types/config.js.map +1 -0
package/dist/types/index.d.ts +392 -0
package/dist/types/index.js +7 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/logger.d.ts +85 -0
package/dist/utils/logger.js +198 -0
package/dist/utils/logger.js.map +1 -0
package/dist/wasm/tree-sitter-java.wasm +0 -0
package/dist/wasm/tree-sitter-javascript.wasm +0 -0
package/dist/wasm/tree-sitter-python.wasm +0 -0
package/dist/wasm/tree-sitter-rust.wasm +0 -0
package/dist/wasm/web-tree-sitter.wasm +0 -0
package/docs/SPEC.md +1021 -0
package/examples/browser-example.html +610 -0
package/examples/node-example.ts +215 -0
package/package.json +107 -0
package/wasm/tree-sitter-java.wasm +0 -0
package/wasm/tree-sitter-javascript.wasm +0 -0
package/wasm/tree-sitter-python.wasm +0 -0
package/wasm/tree-sitter-rust.wasm +0 -0

package/configs/sources/db_sources.yaml ADDED Viewed

@@ -0,0 +1,90 @@
+{
+  "sources": [
+    {
+      "method": "getString",
+      "class": "ResultSet",
+      "type": "database",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "String column value - could be attacker-controlled if stored from user input"
+    },
+    {
+      "method": "getObject",
+      "class": "ResultSet",
+      "type": "database",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Object column value"
+    },
+    {
+      "method": "getBytes",
+      "class": "ResultSet",
+      "type": "database",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Byte array column value"
+    },
+    {
+      "method": "getClob",
+      "class": "ResultSet",
+      "type": "database",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "CLOB column value"
+    },
+    {
+      "method": "getBlob",
+      "class": "ResultSet",
+      "type": "database",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "BLOB column value"
+    },
+    {
+      "annotation": "@Column",
+      "type": "database",
+      "severity": "medium",
+      "field_tainted": true,
+      "note": "JPA entity field - may contain attacker data"
+    },
+    {
+      "annotation": "@Entity",
+      "type": "database",
+      "severity": "low",
+      "class_fields_tainted": true,
+      "note": "JPA entity - all fields are potentially tainted"
+    },
+    {
+      "method": "findBy.*",
+      "class": ".*Repository",
+      "type": "database",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Spring Data finder method - returns entities from DB"
+    },
+    {
+      "method": "findAll",
+      "class": ".*Repository",
+      "type": "database",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Returns all entities - could contain attacker data"
+    },
+    {
+      "method": "getString",
+      "class": "Document",
+      "type": "database",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "MongoDB document field"
+    },
+    {
+      "method": "get",
+      "class": "Document",
+      "type": "database",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "MongoDB document field (generic)"
+    }
+  ]
+}

package/configs/sources/env_sources.yaml ADDED Viewed

@@ -0,0 +1,94 @@
+{
+  "sources": [
+    {
+      "method": "getProperty",
+      "class": "System",
+      "type": "system_property",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "System property - could be set by attacker in some contexts"
+    },
+    {
+      "method": "getProperties",
+      "class": "System",
+      "type": "system_property",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "All system properties"
+    },
+    {
+      "method": "getenv",
+      "class": "System",
+      "type": "env_variable",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Environment variable - could be attacker-controlled"
+    },
+    {
+      "method": "lookup",
+      "class": "InitialContext",
+      "type": "jndi",
+      "severity": "critical",
+      "arg_positions": [
+        0
+      ],
+      "note": "JNDI lookup - argument is taint source if from user input"
+    },
+    {
+      "method": "lookup",
+      "class": "Context",
+      "type": "jndi",
+      "severity": "critical",
+      "arg_positions": [
+        0
+      ],
+      "note": "JNDI context lookup"
+    },
+    {
+      "method": "getProperty",
+      "class": "Environment",
+      "type": "spring_property",
+      "severity": "low",
+      "return_tainted": true,
+      "note": "Spring environment property - usually safe but can be external"
+    },
+    {
+      "method": "getRequiredProperty",
+      "class": "Environment",
+      "type": "spring_property",
+      "severity": "low",
+      "return_tainted": true,
+      "note": "Spring required property"
+    },
+    {
+      "annotation": "@Value",
+      "type": "spring_property",
+      "severity": "low",
+      "param_tainted": true,
+      "note": "Spring @Value injection - from properties file"
+    },
+    {
+      "annotation": "@ConfigurationProperties",
+      "type": "spring_property",
+      "severity": "low",
+      "class_fields_tainted": true,
+      "note": "Spring configuration properties binding"
+    },
+    {
+      "method": "getProperty",
+      "class": "PropertyDescriptor",
+      "type": "reflection",
+      "severity": "low",
+      "return_tainted": true,
+      "note": "Bean property value via reflection"
+    },
+    {
+      "method": "invoke",
+      "class": "Method",
+      "type": "reflection",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Method invocation result via reflection"
+    }
+  ]
+}

package/configs/sources/express.json ADDED Viewed

@@ -0,0 +1,197 @@
+{
+  "sources": [
+    {
+      "method": "params",
+      "class": "Request",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Express route parameters (req.params)"
+    },
+    {
+      "method": "query",
+      "class": "Request",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Express query string parameters (req.query)"
+    },
+    {
+      "method": "body",
+      "class": "Request",
+      "type": "http_body",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Express request body (req.body)"
+    },
+    {
+      "method": "headers",
+      "class": "Request",
+      "type": "http_header",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Express request headers (req.headers)"
+    },
+    {
+      "method": "cookies",
+      "class": "Request",
+      "type": "http_cookie",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Express cookies (req.cookies)"
+    },
+    {
+      "method": "url",
+      "class": "Request",
+      "type": "http_path",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Express request URL (req.url)"
+    },
+    {
+      "method": "path",
+      "class": "Request",
+      "type": "http_path",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Express request path (req.path)"
+    },
+    {
+      "method": "originalUrl",
+      "class": "Request",
+      "type": "http_path",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Express original URL (req.originalUrl)"
+    },
+    {
+      "method": "get",
+      "class": "Request",
+      "type": "http_header",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Express header getter (req.get('header'))"
+    },
+    {
+      "method": "header",
+      "class": "Request",
+      "type": "http_header",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Express header getter (req.header('name'))"
+    },
+    {
+      "method": "param",
+      "class": "Request",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Express param getter (req.param('name'))"
+    },
+    {
+      "method": "file",
+      "class": "Request",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Express file upload (req.file with multer)"
+    },
+    {
+      "method": "files",
+      "class": "Request",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Express multiple file uploads (req.files)"
+    },
+    {
+      "method": "ip",
+      "class": "Request",
+      "type": "http_header",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Express client IP (can be spoofed via X-Forwarded-For)"
+    },
+    {
+      "method": "hostname",
+      "class": "Request",
+      "type": "http_header",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Express hostname from Host header"
+    },
+    {
+      "method": "subdomains",
+      "class": "Request",
+      "type": "http_header",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Express subdomains from Host header"
+    },
+    {
+      "method": "protocol",
+      "class": "Request",
+      "type": "http_header",
+      "severity": "low",
+      "return_tainted": true,
+      "note": "Express protocol (can be influenced by X-Forwarded-Proto)"
+    },
+    {
+      "method": "env",
+      "class": "process",
+      "type": "env_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Environment variables (process.env) - may contain sensitive data"
+    },
+    {
+      "method": "argv",
+      "class": "process",
+      "type": "io_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Command line arguments (process.argv)"
+    },
+    {
+      "method": "stdin",
+      "class": "process",
+      "type": "io_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Standard input stream"
+    },
+    {
+      "method": "on",
+      "class": "WebSocket",
+      "type": "network_input",
+      "severity": "high",
+      "return_tainted": true,
+      "arg_positions": [1],
+      "note": "WebSocket message handler - data from client"
+    },
+    {
+      "method": "message",
+      "class": "WebSocket",
+      "type": "network_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "WebSocket message event"
+    },
+    {
+      "method": "data",
+      "class": "Socket",
+      "type": "network_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Socket data event"
+    },
+    {
+      "method": "signedCookies",
+      "class": "Request",
+      "type": "http_cookie",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Express signed cookies (req.signedCookies)"
+    }
+  ]
+}

package/configs/sources/file_sources.yaml ADDED Viewed

@@ -0,0 +1,164 @@
+{
+  "sources": [
+    {
+      "method": "readLine",
+      "class": "BufferedReader",
+      "type": "file_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Single line from file - could be attacker-controlled"
+    },
+    {
+      "method": "readAllLines",
+      "class": "Files",
+      "type": "file_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "All lines from file as List<String>"
+    },
+    {
+      "method": "readAllBytes",
+      "class": "Files",
+      "type": "file_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "All bytes from file"
+    },
+    {
+      "method": "readString",
+      "class": "Files",
+      "type": "file_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "File content as String (Java 11+)"
+    },
+    {
+      "method": "lines",
+      "class": "Files",
+      "type": "file_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Stream of lines from file"
+    },
+    {
+      "method": "getOriginalFilename",
+      "class": "MultipartFile",
+      "type": "file_upload",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "User-provided filename - path traversal risk"
+    },
+    {
+      "method": "getName",
+      "class": "MultipartFile",
+      "type": "file_upload",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Form field name for uploaded file"
+    },
+    {
+      "method": "getBytes",
+      "class": "MultipartFile",
+      "type": "file_upload",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "File content as byte array"
+    },
+    {
+      "method": "getInputStream",
+      "class": "MultipartFile",
+      "type": "file_upload",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "File content as InputStream"
+    },
+    {
+      "method": "getSubmittedFileName",
+      "class": "Part",
+      "type": "file_upload",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "User-provided filename from multipart upload (Servlet API)"
+    },
+    {
+      "method": "getFileName",
+      "class": "Part",
+      "type": "file_upload",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "User-provided filename from MIME part (JavaMail API)"
+    },
+    {
+      "method": "getFileName",
+      "class": "MimePart",
+      "type": "file_upload",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "User-provided filename from MIME part (JavaMail API)"
+    },
+    {
+      "method": "getFileName",
+      "class": "BodyPart",
+      "type": "file_upload",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "User-provided filename from email attachment (JavaMail API)"
+    },
+    {
+      "method": "getFileName",
+      "class": "MimeBodyPart",
+      "type": "file_upload",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "User-provided filename from email attachment (JavaMail API)"
+    },
+    {
+      "method": "getInputStream",
+      "class": "Part",
+      "type": "file_upload",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Uploaded file content"
+    },
+    {
+      "method": "getName",
+      "class": "FileItem",
+      "type": "file_upload",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "User-provided filename"
+    },
+    {
+      "method": "getString",
+      "class": "FileItem",
+      "type": "file_upload",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "File content as String"
+    },
+    {
+      "method": "getInputStream",
+      "class": "FileItem",
+      "type": "file_upload",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "File content as InputStream"
+    },
+    {
+      "method": "getProperty",
+      "class": "Properties",
+      "type": "config_file",
+      "severity": "low",
+      "return_tainted": true,
+      "note": "Property value - if loaded from external file, could be tainted"
+    },
+    {
+      "method": "load",
+      "class": "Properties",
+      "type": "config_file",
+      "severity": "low",
+      "return_tainted": true,
+      "note": "Loads properties from InputStream"
+    }
+  ]
+}