npm - circle-ir - Versions diffs - 3.1.0 - Mend

circle-ir 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (194) hide show

package/LICENSE +15 -0
package/README.md +200 -0
package/configs/sinks/code_injection.yaml +672 -0
package/configs/sinks/command.yaml +917 -0
package/configs/sinks/deserialization.yaml +105 -0
package/configs/sinks/ldap.yaml +136 -0
package/configs/sinks/nodejs.json +629 -0
package/configs/sinks/path.yaml +715 -0
package/configs/sinks/python.json +501 -0
package/configs/sinks/rust.json +339 -0
package/configs/sinks/sql.yaml +233 -0
package/configs/sinks/ssrf.yaml +160 -0
package/configs/sinks/xpath.yaml +121 -0
package/configs/sinks/xss.yaml +727 -0
package/configs/sources/db_sources.yaml +90 -0
package/configs/sources/env_sources.yaml +94 -0
package/configs/sources/express.json +197 -0
package/configs/sources/file_sources.yaml +164 -0
package/configs/sources/http_sources.yaml +379 -0
package/configs/sources/io_sources.yaml +519 -0
package/configs/sources/network_sources.yaml +99 -0
package/configs/sources/python.json +230 -0
package/configs/sources/rust.json +286 -0
package/configs/sources/spring.yaml +70 -0
package/dist/analysis/advisory-db.d.ts +86 -0
package/dist/analysis/advisory-db.js +104 -0
package/dist/analysis/advisory-db.js.map +1 -0
package/dist/analysis/cargo-parser.d.ts +42 -0
package/dist/analysis/cargo-parser.js +102 -0
package/dist/analysis/cargo-parser.js.map +1 -0
package/dist/analysis/config-loader.d.ts +37 -0
package/dist/analysis/config-loader.js +1561 -0
package/dist/analysis/config-loader.js.map +1 -0
package/dist/analysis/constant-propagation/ast-utils.d.ts +25 -0
package/dist/analysis/constant-propagation/ast-utils.js +34 -0
package/dist/analysis/constant-propagation/ast-utils.js.map +1 -0
package/dist/analysis/constant-propagation/evaluator.d.ts +32 -0
package/dist/analysis/constant-propagation/evaluator.js +296 -0
package/dist/analysis/constant-propagation/evaluator.js.map +1 -0
package/dist/analysis/constant-propagation/index.d.ts +62 -0
package/dist/analysis/constant-propagation/index.js +152 -0
package/dist/analysis/constant-propagation/index.js.map +1 -0
package/dist/analysis/constant-propagation/patterns.d.ts +8 -0
package/dist/analysis/constant-propagation/patterns.js +126 -0
package/dist/analysis/constant-propagation/patterns.js.map +1 -0
package/dist/analysis/constant-propagation/propagator.d.ts +180 -0
package/dist/analysis/constant-propagation/propagator.js +1985 -0
package/dist/analysis/constant-propagation/propagator.js.map +1 -0
package/dist/analysis/constant-propagation/types.d.ts +63 -0
package/dist/analysis/constant-propagation/types.js +5 -0
package/dist/analysis/constant-propagation/types.js.map +1 -0
package/dist/analysis/constant-propagation.d.ts +9 -0
package/dist/analysis/constant-propagation.js +18 -0
package/dist/analysis/constant-propagation.js.map +1 -0
package/dist/analysis/dependency-scanner.d.ts +79 -0
package/dist/analysis/dependency-scanner.js +122 -0
package/dist/analysis/dependency-scanner.js.map +1 -0
package/dist/analysis/dfg-verifier.d.ts +116 -0
package/dist/analysis/dfg-verifier.js +399 -0
package/dist/analysis/dfg-verifier.js.map +1 -0
package/dist/analysis/findings.d.ts +11 -0
package/dist/analysis/findings.js +228 -0
package/dist/analysis/findings.js.map +1 -0
package/dist/analysis/index.d.ts +16 -0
package/dist/analysis/index.js +18 -0
package/dist/analysis/index.js.map +1 -0
package/dist/analysis/interprocedural.d.ts +99 -0
package/dist/analysis/interprocedural.js +526 -0
package/dist/analysis/interprocedural.js.map +1 -0
package/dist/analysis/path-finder.d.ts +133 -0
package/dist/analysis/path-finder.js +354 -0
package/dist/analysis/path-finder.js.map +1 -0
package/dist/analysis/rules.d.ts +75 -0
package/dist/analysis/rules.js +332 -0
package/dist/analysis/rules.js.map +1 -0
package/dist/analysis/semver.d.ts +27 -0
package/dist/analysis/semver.js +127 -0
package/dist/analysis/semver.js.map +1 -0
package/dist/analysis/taint-matcher.d.ts +15 -0
package/dist/analysis/taint-matcher.js +634 -0
package/dist/analysis/taint-matcher.js.map +1 -0
package/dist/analysis/taint-propagation.d.ts +67 -0
package/dist/analysis/taint-propagation.js +298 -0
package/dist/analysis/taint-propagation.js.map +1 -0
package/dist/analysis/unresolved.d.ts +14 -0
package/dist/analysis/unresolved.js +202 -0
package/dist/analysis/unresolved.js.map +1 -0
package/dist/analyzer.d.ts +43 -0
package/dist/analyzer.js +1010 -0
package/dist/analyzer.js.map +1 -0
package/dist/browser/circle-ir.js +16576 -0
package/dist/browser.d.ts +38 -0
package/dist/browser.js +38 -0
package/dist/browser.js.map +1 -0
package/dist/core/circle-ir-core.cjs +13626 -0
package/dist/core/circle-ir-core.d.ts +59 -0
package/dist/core/circle-ir-core.js +13591 -0
package/dist/core/extractors/calls.d.ts +13 -0
package/dist/core/extractors/calls.js +1429 -0
package/dist/core/extractors/calls.js.map +1 -0
package/dist/core/extractors/cfg.d.ts +9 -0
package/dist/core/extractors/cfg.js +519 -0
package/dist/core/extractors/cfg.js.map +1 -0
package/dist/core/extractors/dfg.d.ts +12 -0
package/dist/core/extractors/dfg.js +1081 -0
package/dist/core/extractors/dfg.js.map +1 -0
package/dist/core/extractors/exports.d.ts +14 -0
package/dist/core/extractors/exports.js +80 -0
package/dist/core/extractors/exports.js.map +1 -0
package/dist/core/extractors/imports.d.ts +9 -0
package/dist/core/extractors/imports.js +739 -0
package/dist/core/extractors/imports.js.map +1 -0
package/dist/core/extractors/index.d.ts +10 -0
package/dist/core/extractors/index.js +11 -0
package/dist/core/extractors/index.js.map +1 -0
package/dist/core/extractors/meta.d.ts +10 -0
package/dist/core/extractors/meta.js +109 -0
package/dist/core/extractors/meta.js.map +1 -0
package/dist/core/extractors/types.d.ts +10 -0
package/dist/core/extractors/types.js +1479 -0
package/dist/core/extractors/types.js.map +1 -0
package/dist/core/index.d.ts +5 -0
package/dist/core/index.js +8 -0
package/dist/core/index.js.map +1 -0
package/dist/core/parser.d.ts +84 -0
package/dist/core/parser.js +250 -0
package/dist/core/parser.js.map +1 -0
package/dist/core-lib.d.ts +59 -0
package/dist/core-lib.js +62 -0
package/dist/core-lib.js.map +1 -0
package/dist/index.d.ts +15 -0
package/dist/index.js +20 -0
package/dist/index.js.map +1 -0
package/dist/languages/index.d.ts +11 -0
package/dist/languages/index.js +14 -0
package/dist/languages/index.js.map +1 -0
package/dist/languages/plugins/base.d.ts +44 -0
package/dist/languages/plugins/base.js +82 -0
package/dist/languages/plugins/base.js.map +1 -0
package/dist/languages/plugins/index.d.ts +14 -0
package/dist/languages/plugins/index.js +25 -0
package/dist/languages/plugins/index.js.map +1 -0
package/dist/languages/plugins/java.d.ts +49 -0
package/dist/languages/plugins/java.js +402 -0
package/dist/languages/plugins/java.js.map +1 -0
package/dist/languages/plugins/javascript.d.ts +48 -0
package/dist/languages/plugins/javascript.js +445 -0
package/dist/languages/plugins/javascript.js.map +1 -0
package/dist/languages/plugins/python.d.ts +47 -0
package/dist/languages/plugins/python.js +480 -0
package/dist/languages/plugins/python.js.map +1 -0
package/dist/languages/plugins/rust.d.ts +47 -0
package/dist/languages/plugins/rust.js +405 -0
package/dist/languages/plugins/rust.js.map +1 -0
package/dist/languages/registry.d.ts +30 -0
package/dist/languages/registry.js +80 -0
package/dist/languages/registry.js.map +1 -0
package/dist/languages/types.d.ts +184 -0
package/dist/languages/types.js +8 -0
package/dist/languages/types.js.map +1 -0
package/dist/resolution/cross-file.d.ts +146 -0
package/dist/resolution/cross-file.js +439 -0
package/dist/resolution/cross-file.js.map +1 -0
package/dist/resolution/index.d.ts +12 -0
package/dist/resolution/index.js +10 -0
package/dist/resolution/index.js.map +1 -0
package/dist/resolution/symbol-table.d.ts +136 -0
package/dist/resolution/symbol-table.js +336 -0
package/dist/resolution/symbol-table.js.map +1 -0
package/dist/resolution/type-hierarchy.d.ts +124 -0
package/dist/resolution/type-hierarchy.js +515 -0
package/dist/resolution/type-hierarchy.js.map +1 -0
package/dist/types/config.d.ts +45 -0
package/dist/types/config.js +5 -0
package/dist/types/config.js.map +1 -0
package/dist/types/index.d.ts +392 -0
package/dist/types/index.js +7 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/logger.d.ts +85 -0
package/dist/utils/logger.js +198 -0
package/dist/utils/logger.js.map +1 -0
package/dist/wasm/tree-sitter-java.wasm +0 -0
package/dist/wasm/tree-sitter-javascript.wasm +0 -0
package/dist/wasm/tree-sitter-python.wasm +0 -0
package/dist/wasm/tree-sitter-rust.wasm +0 -0
package/dist/wasm/web-tree-sitter.wasm +0 -0
package/docs/SPEC.md +1021 -0
package/examples/browser-example.html +610 -0
package/examples/node-example.ts +215 -0
package/package.json +107 -0
package/wasm/tree-sitter-java.wasm +0 -0
package/wasm/tree-sitter-javascript.wasm +0 -0
package/wasm/tree-sitter-python.wasm +0 -0
package/wasm/tree-sitter-rust.wasm +0 -0

package/dist/analysis/constant-propagation/patterns.js ADDED Viewed

@@ -0,0 +1,126 @@
+/**
+ * Taint source patterns, sanitizer methods, and propagator methods.
+ */
+// =============================================================================
+// Taint Source Patterns
+// =============================================================================
+export const TAINT_PATTERNS = [
+    // HTTP Sources (Servlet API)
+    'request.getParameter',
+    'request.getHeader',
+    'request.getHeaders',
+    'request.getCookies',
+    'request.getInputStream',
+    'request.getQueryString',
+    'request.getPathInfo',
+    'request.getRequestURI',
+    'request.getParameterMap',
+    'request.getReader',
+    '.getParameter(',
+    '.getParameterValues(',
+    '.getParameterMap(',
+    '.getHeader(',
+    '.getHeaders(',
+    '.getValue(', // Cookie.getValue()
+    '.getCookies(',
+    '.getReader(',
+    // Enumeration iteration (from request.getHeaders(), etc.)
+    'headers.nextElement(',
+    'names.nextElement(',
+    '.nextElement(',
+    // I/O Sources
+    '.readLine(',
+    '.readUTF(',
+    '.nextLine(',
+    '.next(',
+    '.readPassword(',
+    'System.getenv(',
+    'System.getProperty(',
+    '.getProperty(',
+    // Network Sources
+    'socket.getInputStream(',
+    '.openStream(',
+    // Database Sources
+    '.getString(',
+    '.getObject(',
+    // File Sources
+    'Files.readAllLines(',
+    'Files.readString(',
+    'Files.readAllBytes(',
+];
+// Compile patterns into a single regex for faster matching
+export const TAINT_PATTERN_REGEX = new RegExp(TAINT_PATTERNS.map(p => p.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')).join('|'));
+// =============================================================================
+// Sanitizer Methods
+// =============================================================================
+export const SANITIZER_METHODS = new Set([
+    // ESAPI
+    'encodeForHTML', 'encodeForHTMLAttribute', 'encodeForJavaScript',
+    'encodeForCSS', 'encodeForURL', 'encodeForXML', 'encodeForXMLAttribute',
+    'encodeForLDAP', 'encodeForDN', 'encodeForXPath', 'encodeForSQL',
+    'encodeForOS', 'encodeForBase64', 'canonicalize',
+    // OWASP Java Encoder
+    'forHtml', 'forHtmlAttribute', 'forHtmlContent', 'forHtmlUnquotedAttribute',
+    'forJavaScript', 'forJavaScriptBlock', 'forJavaScriptAttribute',
+    'forJavaScriptSource', 'forCssString', 'forCssUrl', 'forUri', 'forUriComponent',
+    'forXml', 'forXmlAttribute', 'forXmlContent', 'forXmlComment', 'forCDATA',
+    // Apache Commons
+    'escapeHtml', 'escapeHtml4', 'escapeHtml3', 'escapeXml', 'escapeXml10', 'escapeXml11',
+    'escapeEcmaScript', 'escapeJson', 'escapeCsv', 'escapeJava', 'escapeSql',
+    // Spring HtmlUtils
+    'htmlEscape', 'htmlEscapeDecimal', 'htmlEscapeHex',
+    // PreparedStatement
+    'setString', 'setInt', 'setLong', 'setDouble', 'setFloat', 'setBoolean',
+    'setDate', 'setTimestamp', 'setObject', 'setBytes', 'setBigDecimal',
+    // Path Traversal Prevention
+    'getCanonicalPath', 'normalize', 'toRealPath',
+    // General
+    'sanitize', 'encode', 'escape', 'clean', 'filter', 'validate',
+]);
+// =============================================================================
+// Anti-Sanitizer Methods
+// These methods REVERSE sanitization - calling them on sanitized input produces tainted output
+// =============================================================================
+export const ANTI_SANITIZER_METHODS = new Set([
+    // URL decoding (reverses URL encoding)
+    'decode', // URLDecoder.decode()
+    'decodeURIComponent',
+    'decodeURI',
+    // Base64 decoding (reverses base64 encoding)
+    'decodeBase64',
+    'decode', // Base64.getDecoder().decode()
+    // HTML unescaping (reverses HTML escaping)
+    'unescapeHtml', 'unescapeHtml4', 'unescapeHtml3',
+    'unescapeXml',
+    'unescapeEcmaScript',
+    'unescapeJson',
+    'unescapeJava',
+    // General decoders
+    'unescape',
+    'decompress',
+]);
+// =============================================================================
+// Propagator Methods
+// These static factory methods propagate taint from any argument to return value
+// =============================================================================
+export const PROPAGATOR_METHODS = new Set([
+    // Path/File construction
+    'get', // Paths.get(string), Path.of(string)
+    'of', // Path.of(string), etc.
+    'resolve', // Path.resolve(other)
+    'resolveSibling', // Path.resolveSibling(other)
+    'relativize', // Path.relativize(other)
+    // URI/URL
+    'create', // URI.create(string)
+    'toUri', // File.toUri()
+    'toURL', // URI.toURL()
+    'toPath', // URI.toPath(), File.toPath()
+    // String utilities
+    'valueOf', // String.valueOf(x)
+    'format', // String.format(...)
+    'join', // String.join(...)
+    'concat', // String.concat(other)
+    // Object utilities
+    'requireNonNull', // Objects.requireNonNull(obj)
+]);
+//# sourceMappingURL=patterns.js.map

package/dist/analysis/constant-propagation/patterns.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../../src/analysis/constant-propagation/patterns.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,gFAAgF;AAChF,wBAAwB;AACxB,gFAAgF;AAEhF,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,6BAA6B;IAC7B,sBAAsB;IACtB,mBAAmB;IACnB,oBAAoB;IACpB,oBAAoB;IACpB,wBAAwB;IACxB,wBAAwB;IACxB,qBAAqB;IACrB,uBAAuB;IACvB,yBAAyB;IACzB,mBAAmB;IACnB,gBAAgB;IAChB,sBAAsB;IACtB,mBAAmB;IACnB,aAAa;IACb,cAAc;IACd,YAAY,EAAG,oBAAoB;IACnC,cAAc;IACd,aAAa;IAEb,0DAA0D;IAC1D,sBAAsB;IACtB,oBAAoB;IACpB,eAAe;IAEf,cAAc;IACd,YAAY;IACZ,WAAW;IACX,YAAY;IACZ,QAAQ;IACR,gBAAgB;IAChB,gBAAgB;IAChB,qBAAqB;IACrB,eAAe;IAEf,kBAAkB;IAClB,wBAAwB;IACxB,cAAc;IAEd,mBAAmB;IACnB,aAAa;IACb,aAAa;IAEb,eAAe;IACf,qBAAqB;IACrB,mBAAmB;IACnB,qBAAqB;CACtB,CAAC;AAEF,2DAA2D;AAC3D,MAAM,CAAC,MAAM,mBAAmB,GAAG,IAAI,MAAM,CAC3C,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAC5E,CAAC;AAEF,gFAAgF;AAChF,oBAAoB;AACpB,gFAAgF;AAEhF,MAAM,CAAC,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IACvC,QAAQ;IACR,eAAe,EAAE,wBAAwB,EAAE,qBAAqB;IAChE,cAAc,EAAE,cAAc,EAAE,cAAc,EAAE,uBAAuB;IACvE,eAAe,EAAE,aAAa,EAAE,gBAAgB,EAAE,cAAc;IAChE,aAAa,EAAE,iBAAiB,EAAE,cAAc;IAEhD,qBAAqB;IACrB,SAAS,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,0BAA0B;IAC3E,eAAe,EAAE,oBAAoB,EAAE,wBAAwB;IAC/D,qBAAqB,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,iBAAiB;IAC/E,QAAQ,EAAE,iBAAiB,EAAE,eAAe,EAAE,eAAe,EAAE,UAAU;IAEzE,iBAAiB;IACjB,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa;IACrF,kBAAkB,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW;IAExE,mBAAmB;IACnB,YAAY,EAAE,mBAAmB,EAAE,eAAe;IAElD,oBAAoB;IACpB,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY;IACvE,SAAS,EAAE,cAAc,EAAE,WAAW,EAAE,UAAU,EAAE,eAAe;IAEnE,4BAA4B;IAC5B,kBAAkB,EAAE,WAAW,EAAE,YAAY;IAE7C,UAAU;IACV,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU;CAC9D,CAAC,CAAC;AAEH,gFAAgF;AAChF,yBAAyB;AACzB,+FAA+F;AAC/F,gFAAgF;AAEhF,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC;IAC5C,uCAAuC;IACvC,QAAQ,EAAY,sBAAsB;IAC1C,oBAAoB;IACpB,WAAW;IAEX,6CAA6C;IAC7C,cAAc;IACd,QAAQ,EAAY,+BAA+B;IAEnD,2CAA2C;IAC3C,cAAc,EAAE,eAAe,EAAE,eAAe;IAChD,aAAa;IACb,oBAAoB;IACpB,cAAc;IACd,cAAc;IAEd,mBAAmB;IACnB,UAAU;IACV,YAAY;CACb,CAAC,CAAC;AAEH,gFAAgF;AAChF,qBAAqB;AACrB,iFAAiF;AACjF,gFAAgF;AAEhF,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACxC,yBAAyB;IACzB,KAAK,EAAa,qCAAqC;IACvD,IAAI,EAAc,wBAAwB;IAC1C,SAAS,EAAS,sBAAsB;IACxC,gBAAgB,EAAE,6BAA6B;IAC/C,YAAY,EAAM,yBAAyB;IAE3C,UAAU;IACV,QAAQ,EAAU,qBAAqB;IACvC,OAAO,EAAW,eAAe;IACjC,OAAO,EAAW,cAAc;IAChC,QAAQ,EAAU,8BAA8B;IAEhD,mBAAmB;IACnB,SAAS,EAAS,oBAAoB;IACtC,QAAQ,EAAU,qBAAqB;IACvC,MAAM,EAAY,mBAAmB;IACrC,QAAQ,EAAU,uBAAuB;IAEzC,mBAAmB;IACnB,gBAAgB,EAAE,8BAA8B;CACjD,CAAC,CAAC"}

package/dist/analysis/constant-propagation/propagator.d.ts ADDED Viewed

@@ -0,0 +1,180 @@
+/**
+ * Main Constant Propagator class.
+ *
+ * Tracks constant values through variable assignments and evaluates expressions
+ * to detect dead code and reduce false positives in taint analysis.
+ */
+import type { Node, Tree } from 'web-tree-sitter';
+import type { ConstantValue, ConstantPropagatorResult, TaintedParameter } from './types.js';
+/**
+ * Constant Propagator for taint analysis.
+ *
+ * Key features:
+ * - Tracks variable → constant value mappings
+ * - Evaluates arithmetic, comparison, and string expressions
+ * - Detects dead/unreachable code via if/switch/ternary evaluation
+ * - Integrates with taint analysis to skip false positives
+ */
+export declare class ConstantPropagator {
+    private symbols;
+    private tainted;
+    private unreachableLines;
+    private taintedCollections;
+    private sanitizedVars;
+    private source;
+    private evaluator;
+    private definitionNodes;
+    private inConditionalBranch;
+    private methodReturnsConstant;
+    private methodReturnsSanitized;
+    private methodReturnsParameter;
+    private methodReturnsSafeValue;
+    private additionalTaintPatterns;
+    private listElements;
+    private loopVariables;
+    private taintedArrayElements;
+    private currentMethod;
+    private conditionalTaints;
+    private conditionStack;
+    private lineConditions;
+    private synchronizedLines;
+    private inSynchronizedBlock;
+    private iteratorSources;
+    private classFields;
+    private taintedParametersList;
+    private instanceFieldTaint;
+    private currentClassName;
+    private inConstructor;
+    private constructorParamPositions;
+    /**
+     * Analyze source code and build constant propagation state.
+     */
+    analyze(tree: Tree, sourceCode: string, additionalTaintPatterns?: string[], sanitizerMethods?: string[], taintedParameters?: TaintedParameter[]): ConstantPropagatorResult;
+    /**
+     * Evaluate an expression to determine its constant value.
+     */
+    evaluateExpression(node: Node): ConstantValue;
+    /**
+     * Check if a variable has a known constant value.
+     */
+    getValue(varName: string): ConstantValue | undefined;
+    /**
+     * Check if a variable is tainted.
+     */
+    isTainted(varName: string): boolean;
+    /**
+     * Check if a line is reachable (not dead code).
+     */
+    isLineReachable(line: number): boolean;
+    /**
+     * Pre-pass: Analyze all methods to detect those that always return constants or sanitized values.
+     */
+    private analyzeMethodReturns;
+    private findParameterSource;
+    private extractSourceVariable;
+    private getMethodParameters;
+    private isSanitizerCall;
+    private variableIsAssignedFromSanitizer;
+    /**
+     * Collect all class field names (instance/static variables declared at class level).
+     * These are variables declared directly in the class body, not inside methods.
+     */
+    private collectClassFields;
+    private findAllMethods;
+    private getMethodName;
+    private refineTaintFromConstants;
+    private visit;
+    /**
+     * Handle method declarations - scope local variables to this method.
+     * This prevents local variables from one method bleeding into another.
+     */
+    private handleMethodDeclaration;
+    /**
+     * Get the scoped name for a variable (includes method name if in a method).
+     * This ensures local variables from different methods don't conflict.
+     */
+    private getScopedName;
+    /**
+     * Look up a variable value, checking both scoped and unscoped names.
+     * This handles cases where we need to find a variable that might be
+     * either local (scoped) or global (unscoped, like class fields).
+     */
+    private lookupSymbol;
+    private handleLoopStatement;
+    private collectLoopVariableNames;
+    /**
+     * Handle synchronized statements.
+     * Operations inside synchronized blocks are atomic, so field strong updates are safe.
+     */
+    private handleSynchronizedStatement;
+    /**
+     * Recursively collect line numbers that are inside a synchronized block.
+     */
+    private collectSynchronizedLines;
+    private markLoopVariables;
+    private handleVariableDeclaration;
+    private handleAssignment;
+    private handleArrayElementAssignment;
+    private handleUpdateExpression;
+    private handleIfStatement;
+    /**
+     * Normalize a condition expression for comparison.
+     * Strips parentheses and whitespace for consistent matching.
+     */
+    private normalizeCondition;
+    /**
+     * Get the negated form of a condition expression.
+     * "x" -> "!x"
+     * "!x" -> "x"
+     */
+    private getNegatedCondition;
+    /**
+     * Check if a variable's taint should be excluded in the current condition context.
+     * Returns true if the variable was tainted under a condition that is mutually
+     * exclusive with the current condition context.
+     */
+    isExcludedByCondition(varName: string): boolean;
+    private handleSwitch;
+    private handleTernary;
+    private handleExpressionStatement;
+    private markUnreachable;
+    private hasBreakStatement;
+    private extractCaseValue;
+    /**
+     * Check if an expression is a call to a sanitizer method.
+     * This includes both built-in sanitizers and @sanitizer annotated methods.
+     */
+    isSanitizerMethodCall(node: Node): boolean;
+    /**
+     * Check if an expression is a call to an anti-sanitizer method.
+     * Anti-sanitizers reverse the effect of sanitization (e.g., URLDecoder.decode reverses URLEncoder.encode).
+     * If an argument to the anti-sanitizer was previously sanitized, the result is tainted again.
+     */
+    isAntiSanitizerCall(node: Node): boolean;
+    /**
+     * Check if an anti-sanitizer call has a sanitized argument (which means the result should be tainted).
+     * For example: URLDecoder.decode(sanitizedVar) should produce tainted output.
+     */
+    antiSanitizerReintroducesTaint(node: Node): boolean;
+    /**
+     * Recursively track iterator assignments in a node (for handling for-loop init).
+     */
+    private trackIteratorsInNode;
+    /**
+     * Track iterator assignments: when iter = collection.iterator() is called,
+     * record that 'iter' was created from 'collection' so we can propagate taint
+     * through iter.next() calls.
+     */
+    private trackIteratorAssignment;
+    /**
+     * Check if a collection is tainted (has any tainted elements).
+     */
+    private isCollectionTainted;
+    /**
+     * Get the taint type for a variable based on how it was tainted.
+     * Returns the taint type (e.g., 'http_param', 'io_input') or null if not found.
+     */
+    private getTaintTypeForVariable;
+    isTaintedExpression(node: Node): boolean;
+    private checkCollectionTaint;
+}