npm - circle-ir - Versions diffs - 3.1.0 - Mend

circle-ir 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (194) hide show

package/LICENSE +15 -0
package/README.md +200 -0
package/configs/sinks/code_injection.yaml +672 -0
package/configs/sinks/command.yaml +917 -0
package/configs/sinks/deserialization.yaml +105 -0
package/configs/sinks/ldap.yaml +136 -0
package/configs/sinks/nodejs.json +629 -0
package/configs/sinks/path.yaml +715 -0
package/configs/sinks/python.json +501 -0
package/configs/sinks/rust.json +339 -0
package/configs/sinks/sql.yaml +233 -0
package/configs/sinks/ssrf.yaml +160 -0
package/configs/sinks/xpath.yaml +121 -0
package/configs/sinks/xss.yaml +727 -0
package/configs/sources/db_sources.yaml +90 -0
package/configs/sources/env_sources.yaml +94 -0
package/configs/sources/express.json +197 -0
package/configs/sources/file_sources.yaml +164 -0
package/configs/sources/http_sources.yaml +379 -0
package/configs/sources/io_sources.yaml +519 -0
package/configs/sources/network_sources.yaml +99 -0
package/configs/sources/python.json +230 -0
package/configs/sources/rust.json +286 -0
package/configs/sources/spring.yaml +70 -0
package/dist/analysis/advisory-db.d.ts +86 -0
package/dist/analysis/advisory-db.js +104 -0
package/dist/analysis/advisory-db.js.map +1 -0
package/dist/analysis/cargo-parser.d.ts +42 -0
package/dist/analysis/cargo-parser.js +102 -0
package/dist/analysis/cargo-parser.js.map +1 -0
package/dist/analysis/config-loader.d.ts +37 -0
package/dist/analysis/config-loader.js +1561 -0
package/dist/analysis/config-loader.js.map +1 -0
package/dist/analysis/constant-propagation/ast-utils.d.ts +25 -0
package/dist/analysis/constant-propagation/ast-utils.js +34 -0
package/dist/analysis/constant-propagation/ast-utils.js.map +1 -0
package/dist/analysis/constant-propagation/evaluator.d.ts +32 -0
package/dist/analysis/constant-propagation/evaluator.js +296 -0
package/dist/analysis/constant-propagation/evaluator.js.map +1 -0
package/dist/analysis/constant-propagation/index.d.ts +62 -0
package/dist/analysis/constant-propagation/index.js +152 -0
package/dist/analysis/constant-propagation/index.js.map +1 -0
package/dist/analysis/constant-propagation/patterns.d.ts +8 -0
package/dist/analysis/constant-propagation/patterns.js +126 -0
package/dist/analysis/constant-propagation/patterns.js.map +1 -0
package/dist/analysis/constant-propagation/propagator.d.ts +180 -0
package/dist/analysis/constant-propagation/propagator.js +1985 -0
package/dist/analysis/constant-propagation/propagator.js.map +1 -0
package/dist/analysis/constant-propagation/types.d.ts +63 -0
package/dist/analysis/constant-propagation/types.js +5 -0
package/dist/analysis/constant-propagation/types.js.map +1 -0
package/dist/analysis/constant-propagation.d.ts +9 -0
package/dist/analysis/constant-propagation.js +18 -0
package/dist/analysis/constant-propagation.js.map +1 -0
package/dist/analysis/dependency-scanner.d.ts +79 -0
package/dist/analysis/dependency-scanner.js +122 -0
package/dist/analysis/dependency-scanner.js.map +1 -0
package/dist/analysis/dfg-verifier.d.ts +116 -0
package/dist/analysis/dfg-verifier.js +399 -0
package/dist/analysis/dfg-verifier.js.map +1 -0
package/dist/analysis/findings.d.ts +11 -0
package/dist/analysis/findings.js +228 -0
package/dist/analysis/findings.js.map +1 -0
package/dist/analysis/index.d.ts +16 -0
package/dist/analysis/index.js +18 -0
package/dist/analysis/index.js.map +1 -0
package/dist/analysis/interprocedural.d.ts +99 -0
package/dist/analysis/interprocedural.js +526 -0
package/dist/analysis/interprocedural.js.map +1 -0
package/dist/analysis/path-finder.d.ts +133 -0
package/dist/analysis/path-finder.js +354 -0
package/dist/analysis/path-finder.js.map +1 -0
package/dist/analysis/rules.d.ts +75 -0
package/dist/analysis/rules.js +332 -0
package/dist/analysis/rules.js.map +1 -0
package/dist/analysis/semver.d.ts +27 -0
package/dist/analysis/semver.js +127 -0
package/dist/analysis/semver.js.map +1 -0
package/dist/analysis/taint-matcher.d.ts +15 -0
package/dist/analysis/taint-matcher.js +634 -0
package/dist/analysis/taint-matcher.js.map +1 -0
package/dist/analysis/taint-propagation.d.ts +67 -0
package/dist/analysis/taint-propagation.js +298 -0
package/dist/analysis/taint-propagation.js.map +1 -0
package/dist/analysis/unresolved.d.ts +14 -0
package/dist/analysis/unresolved.js +202 -0
package/dist/analysis/unresolved.js.map +1 -0
package/dist/analyzer.d.ts +43 -0
package/dist/analyzer.js +1010 -0
package/dist/analyzer.js.map +1 -0
package/dist/browser/circle-ir.js +16576 -0
package/dist/browser.d.ts +38 -0
package/dist/browser.js +38 -0
package/dist/browser.js.map +1 -0
package/dist/core/circle-ir-core.cjs +13626 -0
package/dist/core/circle-ir-core.d.ts +59 -0
package/dist/core/circle-ir-core.js +13591 -0
package/dist/core/extractors/calls.d.ts +13 -0
package/dist/core/extractors/calls.js +1429 -0
package/dist/core/extractors/calls.js.map +1 -0
package/dist/core/extractors/cfg.d.ts +9 -0
package/dist/core/extractors/cfg.js +519 -0
package/dist/core/extractors/cfg.js.map +1 -0
package/dist/core/extractors/dfg.d.ts +12 -0
package/dist/core/extractors/dfg.js +1081 -0
package/dist/core/extractors/dfg.js.map +1 -0
package/dist/core/extractors/exports.d.ts +14 -0
package/dist/core/extractors/exports.js +80 -0
package/dist/core/extractors/exports.js.map +1 -0
package/dist/core/extractors/imports.d.ts +9 -0
package/dist/core/extractors/imports.js +739 -0
package/dist/core/extractors/imports.js.map +1 -0
package/dist/core/extractors/index.d.ts +10 -0
package/dist/core/extractors/index.js +11 -0
package/dist/core/extractors/index.js.map +1 -0
package/dist/core/extractors/meta.d.ts +10 -0
package/dist/core/extractors/meta.js +109 -0
package/dist/core/extractors/meta.js.map +1 -0
package/dist/core/extractors/types.d.ts +10 -0
package/dist/core/extractors/types.js +1479 -0
package/dist/core/extractors/types.js.map +1 -0
package/dist/core/index.d.ts +5 -0
package/dist/core/index.js +8 -0
package/dist/core/index.js.map +1 -0
package/dist/core/parser.d.ts +84 -0
package/dist/core/parser.js +250 -0
package/dist/core/parser.js.map +1 -0
package/dist/core-lib.d.ts +59 -0
package/dist/core-lib.js +62 -0
package/dist/core-lib.js.map +1 -0
package/dist/index.d.ts +15 -0
package/dist/index.js +20 -0
package/dist/index.js.map +1 -0
package/dist/languages/index.d.ts +11 -0
package/dist/languages/index.js +14 -0
package/dist/languages/index.js.map +1 -0
package/dist/languages/plugins/base.d.ts +44 -0
package/dist/languages/plugins/base.js +82 -0
package/dist/languages/plugins/base.js.map +1 -0
package/dist/languages/plugins/index.d.ts +14 -0
package/dist/languages/plugins/index.js +25 -0
package/dist/languages/plugins/index.js.map +1 -0
package/dist/languages/plugins/java.d.ts +49 -0
package/dist/languages/plugins/java.js +402 -0
package/dist/languages/plugins/java.js.map +1 -0
package/dist/languages/plugins/javascript.d.ts +48 -0
package/dist/languages/plugins/javascript.js +445 -0
package/dist/languages/plugins/javascript.js.map +1 -0
package/dist/languages/plugins/python.d.ts +47 -0
package/dist/languages/plugins/python.js +480 -0
package/dist/languages/plugins/python.js.map +1 -0
package/dist/languages/plugins/rust.d.ts +47 -0
package/dist/languages/plugins/rust.js +405 -0
package/dist/languages/plugins/rust.js.map +1 -0
package/dist/languages/registry.d.ts +30 -0
package/dist/languages/registry.js +80 -0
package/dist/languages/registry.js.map +1 -0
package/dist/languages/types.d.ts +184 -0
package/dist/languages/types.js +8 -0
package/dist/languages/types.js.map +1 -0
package/dist/resolution/cross-file.d.ts +146 -0
package/dist/resolution/cross-file.js +439 -0
package/dist/resolution/cross-file.js.map +1 -0
package/dist/resolution/index.d.ts +12 -0
package/dist/resolution/index.js +10 -0
package/dist/resolution/index.js.map +1 -0
package/dist/resolution/symbol-table.d.ts +136 -0
package/dist/resolution/symbol-table.js +336 -0
package/dist/resolution/symbol-table.js.map +1 -0
package/dist/resolution/type-hierarchy.d.ts +124 -0
package/dist/resolution/type-hierarchy.js +515 -0
package/dist/resolution/type-hierarchy.js.map +1 -0
package/dist/types/config.d.ts +45 -0
package/dist/types/config.js +5 -0
package/dist/types/config.js.map +1 -0
package/dist/types/index.d.ts +392 -0
package/dist/types/index.js +7 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/logger.d.ts +85 -0
package/dist/utils/logger.js +198 -0
package/dist/utils/logger.js.map +1 -0
package/dist/wasm/tree-sitter-java.wasm +0 -0
package/dist/wasm/tree-sitter-javascript.wasm +0 -0
package/dist/wasm/tree-sitter-python.wasm +0 -0
package/dist/wasm/tree-sitter-rust.wasm +0 -0
package/dist/wasm/web-tree-sitter.wasm +0 -0
package/docs/SPEC.md +1021 -0
package/examples/browser-example.html +610 -0
package/examples/node-example.ts +215 -0
package/package.json +107 -0
package/wasm/tree-sitter-java.wasm +0 -0
package/wasm/tree-sitter-javascript.wasm +0 -0
package/wasm/tree-sitter-python.wasm +0 -0
package/wasm/tree-sitter-rust.wasm +0 -0

package/configs/sources/io_sources.yaml ADDED Viewed

@@ -0,0 +1,519 @@
+{
+  "sources": [
+    {
+      "method": "readLine",
+      "class": "BufferedReader",
+      "type": "io_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Line read from file, network, or console"
+    },
+    {
+      "method": "read",
+      "class": "BufferedReader",
+      "type": "io_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Characters read from input"
+    },
+    {
+      "method": "read",
+      "class": "InputStreamReader",
+      "type": "io_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Characters from input stream"
+    },
+    {
+      "method": "readLine",
+      "class": "DataInputStream",
+      "type": "io_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Line from data input stream"
+    },
+    {
+      "method": "readUTF",
+      "class": "DataInputStream",
+      "type": "io_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "UTF string from data input stream"
+    },
+    {
+      "method": "nextLine",
+      "class": "Scanner",
+      "type": "io_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Line from scanner input"
+    },
+    {
+      "method": "next",
+      "class": "Scanner",
+      "type": "io_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Token from scanner input"
+    },
+    {
+      "method": "readLine",
+      "class": "Console",
+      "type": "console_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Line from console input"
+    },
+    {
+      "method": "readPassword",
+      "class": "Console",
+      "type": "console_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Password from console input"
+    },
+    {
+      "method": "getenv",
+      "class": "System",
+      "type": "env_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Environment variable - can be attacker-controlled"
+    },
+    {
+      "method": "getProperty",
+      "class": "System",
+      "type": "env_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "System property"
+    },
+    {
+      "method": "getProperty",
+      "class": "Properties",
+      "type": "env_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Property value from properties file"
+    },
+    {
+      "method": "getInputStream",
+      "class": "Socket",
+      "type": "network_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Input stream from network socket"
+    },
+    {
+      "method": "openStream",
+      "class": "URL",
+      "type": "network_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Stream from URL connection"
+    },
+    {
+      "method": "getString",
+      "class": "ResultSet",
+      "type": "database_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "String from database result"
+    },
+    {
+      "method": "getObject",
+      "class": "ResultSet",
+      "type": "database_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Object from database result"
+    },
+    {
+      "method": "readAllLines",
+      "class": "Files",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Lines from file"
+    },
+    {
+      "method": "readString",
+      "class": "Files",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Content from file"
+    },
+    {
+      "method": "readAllBytes",
+      "class": "Files",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Bytes from file"
+    },
+    {
+      "method": "getArgs",
+      "type": "cli_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Command line arguments"
+    },
+    {
+      "method": "get",
+      "class": "Map",
+      "type": "plugin_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Map.get() - often used for plugin/config parameters from user input"
+    },
+    {
+      "method": "get",
+      "class": "HashMap",
+      "type": "plugin_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "HashMap.get() - often used for plugin parameters"
+    },
+    {
+      "method": "get",
+      "class": "LinkedHashMap",
+      "type": "plugin_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "LinkedHashMap.get() for config parameters"
+    },
+    {
+      "method": "get",
+      "class": "TreeMap",
+      "type": "plugin_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "TreeMap.get() for config parameters"
+    },
+    {
+      "method": "get",
+      "class": "ConcurrentHashMap",
+      "type": "plugin_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "ConcurrentHashMap.get() for config parameters"
+    },
+    {
+      "method": "get",
+      "class": "Hashtable",
+      "type": "plugin_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Hashtable.get() for config parameters"
+    },
+    {
+      "method": "getAttribute",
+      "class": "HttpSession",
+      "type": "session_data",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Session attribute - may contain user-controlled data"
+    },
+    {
+      "method": "getAttribute",
+      "class": "HttpServletRequest",
+      "type": "request_data",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Request attribute - may contain user-controlled data"
+    },
+    {
+      "method": "getAttribute",
+      "class": "ServletContext",
+      "type": "context_data",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Context attribute"
+    },
+    {
+      "method": "contentAsString",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "File content as string - may contain untrusted data"
+    },
+    {
+      "method": "readAsString",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "File content as string"
+    },
+    {
+      "method": "readToString",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "File content as string"
+    },
+    {
+      "method": "getText",
+      "class": "File",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "File content as text (Groovy)"
+    },
+    {
+      "method": "text",
+      "class": "File",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "File content as text (Groovy property)"
+    },
+    {
+      "method": "getContent",
+      "class": "WikiDocument",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "XWiki document content - user-controlled wiki text"
+    },
+    {
+      "method": "getRenderedContent",
+      "class": "WikiDocument",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "XWiki rendered content"
+    },
+    {
+      "method": "getStringValue",
+      "class": "BaseObject",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "XWiki object property value"
+    },
+    {
+      "method": "getFilename",
+      "class": "Part",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Multipart file upload filename"
+    },
+    {
+      "method": "getSubmittedFileName",
+      "class": "Part",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Multipart file upload filename"
+    },
+    {
+      "method": "getOriginalFilename",
+      "class": "MultipartFile",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Spring multipart file original filename"
+    },
+    {
+      "method": "getFileName",
+      "class": "MimePart",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Email attachment filename - CVE-2018-8041 pattern"
+    },
+    {
+      "method": "getFileName",
+      "class": "BodyPart",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Email attachment filename"
+    },
+    {
+      "method": "getFileName",
+      "class": "MimeBodyPart",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "MIME attachment filename"
+    },
+    {
+      "method": "getName",
+      "class": "FileItem",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Apache Commons FileUpload filename"
+    },
+    {
+      "method": "param",
+      "class": "RoutingContext",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Vert.x routing context parameter"
+    },
+    {
+      "method": "pathParam",
+      "class": "RoutingContext",
+      "type": "http_path",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Vert.x path parameter"
+    },
+    {
+      "method": "queryParam",
+      "class": "RoutingContext",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Vert.x query parameter"
+    },
+    {
+      "method": "getBodyAsString",
+      "class": "RoutingContext",
+      "type": "http_body",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Vert.x request body"
+    },
+    {
+      "method": "getBodyAsJson",
+      "class": "RoutingContext",
+      "type": "http_body",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Vert.x JSON request body"
+    },
+    {
+      "method": "path",
+      "class": "HttpServerRequest",
+      "type": "http_path",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Vert.x request path"
+    },
+    {
+      "method": "uri",
+      "class": "HttpServerRequest",
+      "type": "http_path",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Vert.x request URI"
+    },
+    {
+      "method": "getParam",
+      "class": "HttpServerRequest",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Vert.x HTTP request parameter"
+    },
+    {
+      "method": "getHeader",
+      "class": "HttpServerRequest",
+      "type": "http_header",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Vert.x HTTP request header"
+    },
+    {
+      "method": "getJsonObject",
+      "class": "Message",
+      "type": "network_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Vert.x event bus message body"
+    },
+    {
+      "method": "body",
+      "class": "Message",
+      "type": "network_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Vert.x event bus message body"
+    },
+    {
+      "method": "normalizedPath",
+      "type": "http_path",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Normalized path still contains user input - CVE-2018-12542 pattern"
+    },
+    {
+      "method": "toAbsolutePath",
+      "class": "Path",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Path resolution with user input"
+    },
+    {
+      "method": "resolve",
+      "class": "Path",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Path resolution with user input"
+    },
+    {
+      "method": "resolveSibling",
+      "class": "Path",
+      "type": "file_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Path resolution with user input"
+    },
+    {
+      "method": "fromXML",
+      "class": "XStream",
+      "type": "deserialization_input",
+      "severity": "critical",
+      "return_tainted": true,
+      "note": "XStream deserialization - untrusted XML input"
+    },
+    {
+      "method": "unmarshal",
+      "class": "XStream",
+      "type": "deserialization_input",
+      "severity": "critical",
+      "return_tainted": true,
+      "note": "XStream unmarshalling - untrusted input"
+    },
+    {
+      "method": "startElement",
+      "class": "ContentHandler",
+      "type": "html_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "SAX element start - receives untrusted HTML/XML element"
+    },
+    {
+      "method": "scan",
+      "class": "AntiSamy",
+      "type": "html_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "AntiSamy HTML scanning"
+    },
+    {
+      "method": "getCleanHTML",
+      "class": "CleanResults",
+      "type": "html_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "AntiSamy cleaned HTML output - may still have bypass"
+    },
+    {
+      "method": "realClass",
+      "class": "Mapper",
+      "type": "deserialization_input",
+      "severity": "critical",
+      "return_tainted": true,
+      "note": "XStream class mapping from untrusted element name"
+    }
+  ]
+}

package/configs/sources/network_sources.yaml ADDED Viewed

@@ -0,0 +1,99 @@
+{
+  "sources": [
+    {
+      "method": "getInputStream",
+      "class": "Socket",
+      "type": "network_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Raw socket input stream - untrusted network data"
+    },
+    {
+      "method": "getInputStream",
+      "class": "ServerSocket",
+      "type": "network_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Socket input from accepted connection"
+    },
+    {
+      "method": "getEntity",
+      "class": "HttpResponse",
+      "type": "http_response",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "HTTP response entity - could be attacker-controlled (SSRF)"
+    },
+    {
+      "method": "bodyToMono",
+      "class": "ClientResponse",
+      "type": "http_response",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "WebClient response body"
+    },
+    {
+      "method": "bodyToFlux",
+      "class": "ClientResponse",
+      "type": "http_response",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "WebClient response body (streaming)"
+    },
+    {
+      "method": "getResponseBodyAsString",
+      "class": "RestTemplate",
+      "type": "http_response",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "RestTemplate response body"
+    },
+    {
+      "method": "getText",
+      "class": "TextMessage",
+      "type": "jms_message",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "JMS text message body - could be attacker-controlled"
+    },
+    {
+      "method": "getBody",
+      "class": "Message",
+      "type": "jms_message",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "JMS message body"
+    },
+    {
+      "method": "getStringProperty",
+      "class": "Message",
+      "type": "jms_message",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "JMS message property"
+    },
+    {
+      "annotation": "@Remote",
+      "type": "rmi",
+      "severity": "high",
+      "param_tainted": true,
+      "note": "RMI remote method parameters - from untrusted client"
+    },
+    {
+      "method": "getText",
+      "class": "Session",
+      "type": "websocket",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "WebSocket message text"
+    },
+    {
+      "method": "getBasicRemote",
+      "class": "Session",
+      "type": "websocket",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "WebSocket remote endpoint"
+    }
+  ]
+}