npm - circle-ir - Versions diffs - 3.1.0 - Mend

circle-ir 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (194) hide show

package/LICENSE +15 -0
package/README.md +200 -0
package/configs/sinks/code_injection.yaml +672 -0
package/configs/sinks/command.yaml +917 -0
package/configs/sinks/deserialization.yaml +105 -0
package/configs/sinks/ldap.yaml +136 -0
package/configs/sinks/nodejs.json +629 -0
package/configs/sinks/path.yaml +715 -0
package/configs/sinks/python.json +501 -0
package/configs/sinks/rust.json +339 -0
package/configs/sinks/sql.yaml +233 -0
package/configs/sinks/ssrf.yaml +160 -0
package/configs/sinks/xpath.yaml +121 -0
package/configs/sinks/xss.yaml +727 -0
package/configs/sources/db_sources.yaml +90 -0
package/configs/sources/env_sources.yaml +94 -0
package/configs/sources/express.json +197 -0
package/configs/sources/file_sources.yaml +164 -0
package/configs/sources/http_sources.yaml +379 -0
package/configs/sources/io_sources.yaml +519 -0
package/configs/sources/network_sources.yaml +99 -0
package/configs/sources/python.json +230 -0
package/configs/sources/rust.json +286 -0
package/configs/sources/spring.yaml +70 -0
package/dist/analysis/advisory-db.d.ts +86 -0
package/dist/analysis/advisory-db.js +104 -0
package/dist/analysis/advisory-db.js.map +1 -0
package/dist/analysis/cargo-parser.d.ts +42 -0
package/dist/analysis/cargo-parser.js +102 -0
package/dist/analysis/cargo-parser.js.map +1 -0
package/dist/analysis/config-loader.d.ts +37 -0
package/dist/analysis/config-loader.js +1561 -0
package/dist/analysis/config-loader.js.map +1 -0
package/dist/analysis/constant-propagation/ast-utils.d.ts +25 -0
package/dist/analysis/constant-propagation/ast-utils.js +34 -0
package/dist/analysis/constant-propagation/ast-utils.js.map +1 -0
package/dist/analysis/constant-propagation/evaluator.d.ts +32 -0
package/dist/analysis/constant-propagation/evaluator.js +296 -0
package/dist/analysis/constant-propagation/evaluator.js.map +1 -0
package/dist/analysis/constant-propagation/index.d.ts +62 -0
package/dist/analysis/constant-propagation/index.js +152 -0
package/dist/analysis/constant-propagation/index.js.map +1 -0
package/dist/analysis/constant-propagation/patterns.d.ts +8 -0
package/dist/analysis/constant-propagation/patterns.js +126 -0
package/dist/analysis/constant-propagation/patterns.js.map +1 -0
package/dist/analysis/constant-propagation/propagator.d.ts +180 -0
package/dist/analysis/constant-propagation/propagator.js +1985 -0
package/dist/analysis/constant-propagation/propagator.js.map +1 -0
package/dist/analysis/constant-propagation/types.d.ts +63 -0
package/dist/analysis/constant-propagation/types.js +5 -0
package/dist/analysis/constant-propagation/types.js.map +1 -0
package/dist/analysis/constant-propagation.d.ts +9 -0
package/dist/analysis/constant-propagation.js +18 -0
package/dist/analysis/constant-propagation.js.map +1 -0
package/dist/analysis/dependency-scanner.d.ts +79 -0
package/dist/analysis/dependency-scanner.js +122 -0
package/dist/analysis/dependency-scanner.js.map +1 -0
package/dist/analysis/dfg-verifier.d.ts +116 -0
package/dist/analysis/dfg-verifier.js +399 -0
package/dist/analysis/dfg-verifier.js.map +1 -0
package/dist/analysis/findings.d.ts +11 -0
package/dist/analysis/findings.js +228 -0
package/dist/analysis/findings.js.map +1 -0
package/dist/analysis/index.d.ts +16 -0
package/dist/analysis/index.js +18 -0
package/dist/analysis/index.js.map +1 -0
package/dist/analysis/interprocedural.d.ts +99 -0
package/dist/analysis/interprocedural.js +526 -0
package/dist/analysis/interprocedural.js.map +1 -0
package/dist/analysis/path-finder.d.ts +133 -0
package/dist/analysis/path-finder.js +354 -0
package/dist/analysis/path-finder.js.map +1 -0
package/dist/analysis/rules.d.ts +75 -0
package/dist/analysis/rules.js +332 -0
package/dist/analysis/rules.js.map +1 -0
package/dist/analysis/semver.d.ts +27 -0
package/dist/analysis/semver.js +127 -0
package/dist/analysis/semver.js.map +1 -0
package/dist/analysis/taint-matcher.d.ts +15 -0
package/dist/analysis/taint-matcher.js +634 -0
package/dist/analysis/taint-matcher.js.map +1 -0
package/dist/analysis/taint-propagation.d.ts +67 -0
package/dist/analysis/taint-propagation.js +298 -0
package/dist/analysis/taint-propagation.js.map +1 -0
package/dist/analysis/unresolved.d.ts +14 -0
package/dist/analysis/unresolved.js +202 -0
package/dist/analysis/unresolved.js.map +1 -0
package/dist/analyzer.d.ts +43 -0
package/dist/analyzer.js +1010 -0
package/dist/analyzer.js.map +1 -0
package/dist/browser/circle-ir.js +16576 -0
package/dist/browser.d.ts +38 -0
package/dist/browser.js +38 -0
package/dist/browser.js.map +1 -0
package/dist/core/circle-ir-core.cjs +13626 -0
package/dist/core/circle-ir-core.d.ts +59 -0
package/dist/core/circle-ir-core.js +13591 -0
package/dist/core/extractors/calls.d.ts +13 -0
package/dist/core/extractors/calls.js +1429 -0
package/dist/core/extractors/calls.js.map +1 -0
package/dist/core/extractors/cfg.d.ts +9 -0
package/dist/core/extractors/cfg.js +519 -0
package/dist/core/extractors/cfg.js.map +1 -0
package/dist/core/extractors/dfg.d.ts +12 -0
package/dist/core/extractors/dfg.js +1081 -0
package/dist/core/extractors/dfg.js.map +1 -0
package/dist/core/extractors/exports.d.ts +14 -0
package/dist/core/extractors/exports.js +80 -0
package/dist/core/extractors/exports.js.map +1 -0
package/dist/core/extractors/imports.d.ts +9 -0
package/dist/core/extractors/imports.js +739 -0
package/dist/core/extractors/imports.js.map +1 -0
package/dist/core/extractors/index.d.ts +10 -0
package/dist/core/extractors/index.js +11 -0
package/dist/core/extractors/index.js.map +1 -0
package/dist/core/extractors/meta.d.ts +10 -0
package/dist/core/extractors/meta.js +109 -0
package/dist/core/extractors/meta.js.map +1 -0
package/dist/core/extractors/types.d.ts +10 -0
package/dist/core/extractors/types.js +1479 -0
package/dist/core/extractors/types.js.map +1 -0
package/dist/core/index.d.ts +5 -0
package/dist/core/index.js +8 -0
package/dist/core/index.js.map +1 -0
package/dist/core/parser.d.ts +84 -0
package/dist/core/parser.js +250 -0
package/dist/core/parser.js.map +1 -0
package/dist/core-lib.d.ts +59 -0
package/dist/core-lib.js +62 -0
package/dist/core-lib.js.map +1 -0
package/dist/index.d.ts +15 -0
package/dist/index.js +20 -0
package/dist/index.js.map +1 -0
package/dist/languages/index.d.ts +11 -0
package/dist/languages/index.js +14 -0
package/dist/languages/index.js.map +1 -0
package/dist/languages/plugins/base.d.ts +44 -0
package/dist/languages/plugins/base.js +82 -0
package/dist/languages/plugins/base.js.map +1 -0
package/dist/languages/plugins/index.d.ts +14 -0
package/dist/languages/plugins/index.js +25 -0
package/dist/languages/plugins/index.js.map +1 -0
package/dist/languages/plugins/java.d.ts +49 -0
package/dist/languages/plugins/java.js +402 -0
package/dist/languages/plugins/java.js.map +1 -0
package/dist/languages/plugins/javascript.d.ts +48 -0
package/dist/languages/plugins/javascript.js +445 -0
package/dist/languages/plugins/javascript.js.map +1 -0
package/dist/languages/plugins/python.d.ts +47 -0
package/dist/languages/plugins/python.js +480 -0
package/dist/languages/plugins/python.js.map +1 -0
package/dist/languages/plugins/rust.d.ts +47 -0
package/dist/languages/plugins/rust.js +405 -0
package/dist/languages/plugins/rust.js.map +1 -0
package/dist/languages/registry.d.ts +30 -0
package/dist/languages/registry.js +80 -0
package/dist/languages/registry.js.map +1 -0
package/dist/languages/types.d.ts +184 -0
package/dist/languages/types.js +8 -0
package/dist/languages/types.js.map +1 -0
package/dist/resolution/cross-file.d.ts +146 -0
package/dist/resolution/cross-file.js +439 -0
package/dist/resolution/cross-file.js.map +1 -0
package/dist/resolution/index.d.ts +12 -0
package/dist/resolution/index.js +10 -0
package/dist/resolution/index.js.map +1 -0
package/dist/resolution/symbol-table.d.ts +136 -0
package/dist/resolution/symbol-table.js +336 -0
package/dist/resolution/symbol-table.js.map +1 -0
package/dist/resolution/type-hierarchy.d.ts +124 -0
package/dist/resolution/type-hierarchy.js +515 -0
package/dist/resolution/type-hierarchy.js.map +1 -0
package/dist/types/config.d.ts +45 -0
package/dist/types/config.js +5 -0
package/dist/types/config.js.map +1 -0
package/dist/types/index.d.ts +392 -0
package/dist/types/index.js +7 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/logger.d.ts +85 -0
package/dist/utils/logger.js +198 -0
package/dist/utils/logger.js.map +1 -0
package/dist/wasm/tree-sitter-java.wasm +0 -0
package/dist/wasm/tree-sitter-javascript.wasm +0 -0
package/dist/wasm/tree-sitter-python.wasm +0 -0
package/dist/wasm/tree-sitter-rust.wasm +0 -0
package/dist/wasm/web-tree-sitter.wasm +0 -0
package/docs/SPEC.md +1021 -0
package/examples/browser-example.html +610 -0
package/examples/node-example.ts +215 -0
package/package.json +107 -0
package/wasm/tree-sitter-java.wasm +0 -0
package/wasm/tree-sitter-javascript.wasm +0 -0
package/wasm/tree-sitter-python.wasm +0 -0
package/wasm/tree-sitter-rust.wasm +0 -0

package/dist/analysis/taint-propagation.d.ts ADDED Viewed

@@ -0,0 +1,67 @@
+/**
+ * Taint Propagation Engine
+ *
+ * Tracks taint through variable assignments, method returns, and field accesses
+ * using the DFG (Data Flow Graph) to find precise source-to-sink paths.
+ */
+import type { DFG, CallInfo, TaintSource, TaintSink, TaintSanitizer } from '../types/index.js';
+/**
+ * Represents a tainted variable at a specific point in the code.
+ */
+export interface TaintedVariable {
+    variable: string;
+    defId: number;
+    line: number;
+    sourceType: string;
+    sourceLine: number;
+    confidence: number;
+}
+/**
+ * Represents a taint flow from source to sink.
+ */
+export interface TaintFlow {
+    source: TaintSource;
+    sink: TaintSink;
+    path: TaintFlowStep[];
+    sanitized: boolean;
+    sanitizer?: TaintSanitizer;
+    confidence: number;
+}
+/**
+ * A step in the taint flow path.
+ */
+export interface TaintFlowStep {
+    variable: string;
+    line: number;
+    type: 'source' | 'assignment' | 'use' | 'return' | 'field' | 'sink';
+    description: string;
+}
+/**
+ * Result of taint propagation analysis.
+ */
+export interface TaintPropagationResult {
+    taintedVars: TaintedVariable[];
+    flows: TaintFlow[];
+    reachableSinks: Map<TaintSink, TaintSource[]>;
+}
+/**
+ * Propagate taint through the dataflow graph.
+ */
+export declare function propagateTaint(dfg: DFG, calls: CallInfo[], sources: TaintSource[], sinks: TaintSink[], sanitizers: TaintSanitizer[]): TaintPropagationResult;
+/**
+ * Analyze method returns to propagate taint through return values.
+ */
+export declare function analyzeMethodReturns(dfg: DFG, calls: CallInfo[], taintedVars: TaintedVariable[]): TaintedVariable[];
+/**
+ * Calculate confidence score for a taint flow.
+ */
+export declare function calculateFlowConfidence(flow: TaintFlow): number;
+/**
+ * Get summary statistics for taint propagation.
+ */
+export declare function getTaintStats(result: TaintPropagationResult): {
+    totalTaintedVars: number;
+    totalFlows: number;
+    flowsBySinkType: Map<string, number>;
+    avgConfidence: number;
+};

package/dist/analysis/taint-propagation.js ADDED Viewed

@@ -0,0 +1,298 @@
+/**
+ * Taint Propagation Engine
+ *
+ * Tracks taint through variable assignments, method returns, and field accesses
+ * using the DFG (Data Flow Graph) to find precise source-to-sink paths.
+ */
+/**
+ * Propagate taint through the dataflow graph.
+ */
+export function propagateTaint(dfg, calls, sources, sinks, sanitizers) {
+    const taintedVars = [];
+    const flows = [];
+    const reachableSinks = new Map();
+    // Build lookup maps
+    const defById = new Map();
+    const defsByLine = new Map();
+    const usesByLine = new Map();
+    const callsByLine = new Map();
+    const sanitizersByLine = new Map();
+    for (const def of dfg.defs) {
+        defById.set(def.id, def);
+        const existing = defsByLine.get(def.line) ?? [];
+        existing.push(def);
+        defsByLine.set(def.line, existing);
+    }
+    for (const use of dfg.uses) {
+        const existing = usesByLine.get(use.line) ?? [];
+        existing.push(use);
+        usesByLine.set(use.line, existing);
+    }
+    for (const call of calls) {
+        const existing = callsByLine.get(call.location.line) ?? [];
+        existing.push(call);
+        callsByLine.set(call.location.line, existing);
+    }
+    for (const san of sanitizers) {
+        const existing = sanitizersByLine.get(san.line) ?? [];
+        existing.push(san);
+        sanitizersByLine.set(san.line, existing);
+    }
+    // Step 1: Identify initial tainted definitions (from sources)
+    const initialTaint = findInitialTaint(sources, dfg, callsByLine, defsByLine);
+    taintedVars.push(...initialTaint);
+    // Step 2: Propagate taint through def-use chains
+    const propagatedTaint = propagateThroughChains(initialTaint, dfg.chains ?? [], defById, sanitizersByLine);
+    taintedVars.push(...propagatedTaint);
+    // Combine all tainted definitions
+    const allTaintedDefIds = new Set();
+    const taintByDefId = new Map();
+    for (const tv of taintedVars) {
+        allTaintedDefIds.add(tv.defId);
+        taintByDefId.set(tv.defId, tv);
+    }
+    // Step 3: Check which sinks are reachable from tainted variables
+    for (const sink of sinks) {
+        const usesAtSink = usesByLine.get(sink.line) ?? [];
+        const callsAtSink = callsByLine.get(sink.line) ?? [];
+        // Check if any argument to the sink call is tainted
+        for (const call of callsAtSink) {
+            for (const arg of call.arguments) {
+                if (arg.variable) {
+                    // Find if this variable use is tainted
+                    for (const use of usesAtSink) {
+                        if (use.variable === arg.variable && use.def_id !== null) {
+                            if (allTaintedDefIds.has(use.def_id)) {
+                                const taintInfo = taintByDefId.get(use.def_id);
+                                if (taintInfo) {
+                                    // Check if sanitized
+                                    const isSanitized = checkSanitized(taintInfo.line, sink.line, sink.type, sanitizersByLine);
+                                    if (!isSanitized.sanitized) {
+                                        // Find the source
+                                        const source = sources.find(s => s.line === taintInfo.sourceLine);
+                                        if (source) {
+                                            // Record the flow
+                                            const flow = buildTaintFlow(source, sink, taintInfo, dfg, defById);
+                                            flows.push(flow);
+                                            // Record reachable sink
+                                            const existingSources = reachableSinks.get(sink) ?? [];
+                                            if (!existingSources.some(s => s.line === source.line)) {
+                                                existingSources.push(source);
+                                            }
+                                            reachableSinks.set(sink, existingSources);
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+    return { taintedVars, flows, reachableSinks };
+}
+/**
+ * Find initial tainted definitions from sources.
+ */
+function findInitialTaint(sources, dfg, callsByLine, defsByLine) {
+    const tainted = [];
+    for (const source of sources) {
+        // Find definitions on the same line as the source
+        const defsOnLine = defsByLine.get(source.line) ?? [];
+        for (const def of defsOnLine) {
+            tainted.push({
+                variable: def.variable,
+                defId: def.id,
+                line: def.line,
+                sourceType: source.type,
+                sourceLine: source.line,
+                confidence: source.confidence,
+            });
+        }
+        // Also check the next line (for cases like: String x = request.getParameter("foo"))
+        const defsNextLine = defsByLine.get(source.line + 1) ?? [];
+        for (const def of defsNextLine) {
+            // Only include if there's a call on the source line
+            const callsOnSourceLine = callsByLine.get(source.line) ?? [];
+            if (callsOnSourceLine.length > 0) {
+                tainted.push({
+                    variable: def.variable,
+                    defId: def.id,
+                    line: def.line,
+                    sourceType: source.type,
+                    sourceLine: source.line,
+                    confidence: source.confidence * 0.9, // Slightly lower confidence
+                });
+            }
+        }
+    }
+    return tainted;
+}
+/**
+ * Propagate taint through def-use chains.
+ */
+function propagateThroughChains(initialTaint, chains, defById, sanitizersByLine) {
+    const propagated = [];
+    const taintedDefIds = new Set(initialTaint.map(t => t.defId));
+    const taintInfoByDefId = new Map();
+    for (const t of initialTaint) {
+        taintInfoByDefId.set(t.defId, t);
+    }
+    // Build adjacency list for chains
+    const chainsByFromDef = new Map();
+    for (const chain of chains) {
+        const existing = chainsByFromDef.get(chain.from_def) ?? [];
+        existing.push(chain);
+        chainsByFromDef.set(chain.from_def, existing);
+    }
+    // BFS to propagate taint
+    const queue = [...initialTaint.map(t => t.defId)];
+    const visited = new Set(queue);
+    while (queue.length > 0) {
+        const currentDefId = queue.shift();
+        const currentTaint = taintInfoByDefId.get(currentDefId);
+        if (!currentTaint)
+            continue;
+        const outgoingChains = chainsByFromDef.get(currentDefId) ?? [];
+        for (const chain of outgoingChains) {
+            if (visited.has(chain.to_def))
+                continue;
+            const targetDef = defById.get(chain.to_def);
+            if (!targetDef)
+                continue;
+            // Check if there's a sanitizer between source and this def
+            const sanitizeCheck = checkSanitized(currentTaint.sourceLine, targetDef.line, currentTaint.sourceType, sanitizersByLine);
+            if (!sanitizeCheck.sanitized) {
+                const newTaint = {
+                    variable: targetDef.variable,
+                    defId: targetDef.id,
+                    line: targetDef.line,
+                    sourceType: currentTaint.sourceType,
+                    sourceLine: currentTaint.sourceLine,
+                    confidence: currentTaint.confidence * 0.95, // Decay confidence slightly
+                };
+                propagated.push(newTaint);
+                taintedDefIds.add(targetDef.id);
+                taintInfoByDefId.set(targetDef.id, newTaint);
+                visited.add(targetDef.id);
+                queue.push(targetDef.id);
+            }
+        }
+    }
+    return propagated;
+}
+/**
+ * Check if a taint flow is sanitized between two points.
+ */
+function checkSanitized(_fromLine, _toLine, _sinkType, _sanitizersByLine) {
+    // NOTE: The previous line-based sanitizer check was too aggressive.
+    // It would mark a flow as sanitized if ANY sanitizer existed between
+    // source and sink lines, even if that sanitizer was applied to a
+    // different variable (e.g., clean = sanitize(name); println(name);)
+    //
+    // The correct approach is to rely on:
+    // 1. DFG-based tracking - the tainted variable must flow through a sanitizer
+    // 2. The analyzer's sanitizedVars from constant propagation - which correctly
+    //    tracks which specific variables were sanitized
+    //
+    // For now, return false and let the higher-level filtering handle sanitization.
+    // This prevents false negatives where unsanitized variables are incorrectly
+    // marked as safe just because a sanitizer exists somewhere on adjacent lines.
+    return { sanitized: false };
+}
+/**
+ * Build a taint flow path from source to sink.
+ */
+function buildTaintFlow(source, sink, taintInfo, dfg, defById) {
+    const path = [];
+    // Start with source
+    path.push({
+        variable: taintInfo.variable,
+        line: source.line,
+        type: 'source',
+        description: `Tainted data enters via ${source.type}`,
+    });
+    // Add intermediate assignments if we can trace them
+    // For now, just add the tainted variable assignment
+    if (taintInfo.line !== source.line) {
+        path.push({
+            variable: taintInfo.variable,
+            line: taintInfo.line,
+            type: 'assignment',
+            description: `Tainted value assigned to ${taintInfo.variable}`,
+        });
+    }
+    // End with sink
+    path.push({
+        variable: taintInfo.variable,
+        line: sink.line,
+        type: 'sink',
+        description: `Tainted value reaches ${sink.type} sink`,
+    });
+    return {
+        source,
+        sink,
+        path,
+        sanitized: false,
+        confidence: taintInfo.confidence * 0.9, // Factor in path length
+    };
+}
+/**
+ * Analyze method returns to propagate taint through return values.
+ */
+export function analyzeMethodReturns(dfg, calls, taintedVars) {
+    const additionalTaint = [];
+    const taintedDefIds = new Set(taintedVars.map(t => t.defId));
+    // Find return statements that return tainted values
+    const returnDefs = dfg.defs.filter(d => d.kind === 'return');
+    // For each return def, check if the returned value is tainted
+    for (const returnDef of returnDefs) {
+        // Find uses on the same line that might be the returned value
+        const usesOnLine = dfg.uses.filter(u => u.line === returnDef.line);
+        for (const use of usesOnLine) {
+            if (use.def_id !== null && taintedDefIds.has(use.def_id)) {
+                // This return statement returns a tainted value
+                // Now find calls to this method and taint their results
+                // (This would require method-level analysis which we'll add later)
+            }
+        }
+    }
+    return additionalTaint;
+}
+/**
+ * Calculate confidence score for a taint flow.
+ */
+export function calculateFlowConfidence(flow) {
+    let confidence = 1.0;
+    // Factor 1: Source confidence
+    confidence *= flow.source.confidence;
+    // Factor 2: Path length (longer paths = less confident)
+    const pathLength = flow.path.length;
+    confidence *= Math.pow(0.95, pathLength - 2); // -2 for source and sink
+    // Factor 3: Sanitization
+    if (flow.sanitized) {
+        confidence = 0;
+    }
+    return Math.max(0, Math.min(1, confidence));
+}
+/**
+ * Get summary statistics for taint propagation.
+ */
+export function getTaintStats(result) {
+    const flowsBySinkType = new Map();
+    for (const flow of result.flows) {
+        const count = flowsBySinkType.get(flow.sink.type) ?? 0;
+        flowsBySinkType.set(flow.sink.type, count + 1);
+    }
+    const avgConfidence = result.flows.length > 0
+        ? result.flows.reduce((sum, f) => sum + f.confidence, 0) / result.flows.length
+        : 0;
+    return {
+        totalTaintedVars: result.taintedVars.length,
+        totalFlows: result.flows.length,
+        flowsBySinkType,
+        avgConfidence,
+    };
+}
+//# sourceMappingURL=taint-propagation.js.map

package/dist/analysis/taint-propagation.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"taint-propagation.js","sourceRoot":"","sources":["../../src/analysis/taint-propagation.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAyDH;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,GAAQ,EACR,KAAiB,EACjB,OAAsB,EACtB,KAAkB,EAClB,UAA4B;IAE5B,MAAM,WAAW,GAAsB,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAgB,EAAE,CAAC;IAC9B,MAAM,cAAc,GAAG,IAAI,GAAG,EAA4B,CAAC;IAE3D,oBAAoB;IACpB,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,MAAM,UAAU,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC/C,MAAM,UAAU,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC/C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAsB,CAAC;IAClD,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAA4B,CAAC;IAE7D,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACzB,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAChD,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACnB,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAChD,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACnB,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACnB,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAED,8DAA8D;IAC9D,MAAM,YAAY,GAAG,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;IAC7E,WAAW,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;IAElC,iDAAiD;IACjD,MAAM,eAAe,GAAG,sBAAsB,CAC5C,YAAY,EACZ,GAAG,CAAC,MAAM,IAAI,EAAE,EAChB,OAAO,EACP,gBAAgB,CACjB,CAAC;IACF,WAAW,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC;IAErC,kCAAkC;IAClC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,MAAM,YAAY,GAAG,IAAI,GAAG,EAA2B,CAAC;IACxD,KAAK,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC;QAC7B,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;QAC/B,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACjC,CAAC;IAED,iEAAiE;IACjE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACnD,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,oDAAoD;QACpD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,uCAAuC;oBACvC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;wBAC7B,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;4BACzD,IAAI,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gCACrC,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gCAC/C,IAAI,SAAS,EAAE,CAAC;oCACd,qBAAqB;oCACrB,MAAM,WAAW,GAAG,cAAc,CAChC,SAAS,CAAC,IAAI,EACd,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,IAAI,EACT,gBAAgB,CACjB,CAAC;oCAEF,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,CAAC;wCAC3B,kBAAkB;wCAClB,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,UAAU,CAAC,CAAC;wCAClE,IAAI,MAAM,EAAE,CAAC;4CACX,kBAAkB;4CAClB,MAAM,IAAI,GAAG,cAAc,CACzB,MAAM,EACN,IAAI,EACJ,SAAS,EACT,GAAG,EACH,OAAO,CACR,CAAC;4CACF,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;4CAEjB,wBAAwB;4CACxB,MAAM,eAAe,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;4CACvD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gDACvD,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;4CAC/B,CAAC;4CACD,cAAc,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;wCAC5C,CAAC;oCACH,CAAC;gCACH,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CACvB,OAAsB,EACtB,GAAQ,EACR,WAAoC,EACpC,UAAiC;IAEjC,MAAM,OAAO,GAAsB,EAAE,CAAC;IAEtC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,kDAAkD;QAClD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC;gBACX,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,KAAK,EAAE,GAAG,CAAC,EAAE;gBACb,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,UAAU,EAAE,MAAM,CAAC,UAAU;aAC9B,CAAC,CAAC;QACL,CAAC;QAED,oFAAoF;QACpF,MAAM,YAAY,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3D,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,oDAAoD;YACpD,MAAM,iBAAiB,GAAG,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAC7D,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACjC,OAAO,CAAC,IAAI,CAAC;oBACX,QAAQ,EAAE,GAAG,CAAC,QAAQ;oBACtB,KAAK,EAAE,GAAG,CAAC,EAAE;oBACb,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,UAAU,EAAE,MAAM,CAAC,UAAU,GAAG,GAAG,EAAE,4BAA4B;iBAClE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAC7B,YAA+B,EAC/B,MAAkB,EAClB,OAA4B,EAC5B,gBAA+C;IAE/C,MAAM,UAAU,GAAsB,EAAE,CAAC;IACzC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAS,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IACtE,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAA2B,CAAC;IAE5D,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7B,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACnC,CAAC;IAED,kCAAkC;IAClC,MAAM,eAAe,GAAG,IAAI,GAAG,EAAsB,CAAC;IACtD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,yBAAyB;IACzB,MAAM,KAAK,GAAG,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAClD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAS,KAAK,CAAC,CAAC;IAEvC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,EAAG,CAAC;QACpC,MAAM,YAAY,GAAG,gBAAgB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,CAAC,YAAY;YAAE,SAAS;QAE5B,MAAM,cAAc,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;QAE/D,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC;gBAAE,SAAS;YAExC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,CAAC,SAAS;gBAAE,SAAS;YAEzB,2DAA2D;YAC3D,MAAM,aAAa,GAAG,cAAc,CAClC,YAAY,CAAC,UAAU,EACvB,SAAS,CAAC,IAAI,EACd,YAAY,CAAC,UAAU,EACvB,gBAAgB,CACjB,CAAC;YAEF,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC;gBAC7B,MAAM,QAAQ,GAAoB;oBAChC,QAAQ,EAAE,SAAS,CAAC,QAAQ;oBAC5B,KAAK,EAAE,SAAS,CAAC,EAAE;oBACnB,IAAI,EAAE,SAAS,CAAC,IAAI;oBACpB,UAAU,EAAE,YAAY,CAAC,UAAU;oBACnC,UAAU,EAAE,YAAY,CAAC,UAAU;oBACnC,UAAU,EAAE,YAAY,CAAC,UAAU,GAAG,IAAI,EAAE,4BAA4B;iBACzE,CAAC;gBAEF,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAC1B,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;gBAChC,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC7C,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;gBAC1B,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CACrB,SAAiB,EACjB,OAAe,EACf,SAAiB,EACjB,iBAAgD;IAEhD,oEAAoE;IACpE,qEAAqE;IACrE,iEAAiE;IACjE,oEAAoE;IACpE,EAAE;IACF,sCAAsC;IACtC,6EAA6E;IAC7E,8EAA8E;IAC9E,oDAAoD;IACpD,EAAE;IACF,gFAAgF;IAChF,4EAA4E;IAC5E,8EAA8E;IAC9E,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CACrB,MAAmB,EACnB,IAAe,EACf,SAA0B,EAC1B,GAAQ,EACR,OAA4B;IAE5B,MAAM,IAAI,GAAoB,EAAE,CAAC;IAEjC,oBAAoB;IACpB,IAAI,CAAC,IAAI,CAAC;QACR,QAAQ,EAAE,SAAS,CAAC,QAAQ;QAC5B,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,2BAA2B,MAAM,CAAC,IAAI,EAAE;KACtD,CAAC,CAAC;IAEH,oDAAoD;IACpD,oDAAoD;IACpD,IAAI,SAAS,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,CAAC,IAAI,CAAC;YACR,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,IAAI,EAAE,YAAY;YAClB,WAAW,EAAE,6BAA6B,SAAS,CAAC,QAAQ,EAAE;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB;IAChB,IAAI,CAAC,IAAI,CAAC;QACR,QAAQ,EAAE,SAAS,CAAC,QAAQ;QAC5B,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,yBAAyB,IAAI,CAAC,IAAI,OAAO;KACvD,CAAC,CAAC;IAEH,OAAO;QACL,MAAM;QACN,IAAI;QACJ,IAAI;QACJ,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,SAAS,CAAC,UAAU,GAAG,GAAG,EAAE,wBAAwB;KACjE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,GAAQ,EACR,KAAiB,EACjB,WAA8B;IAE9B,MAAM,eAAe,GAAsB,EAAE,CAAC;IAC9C,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAE7D,oDAAoD;IACpD,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IAE7D,8DAA8D;IAC9D,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,8DAA8D;QAC9D,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,CAAC;QAEnE,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,GAAG,CAAC,MAAM,KAAK,IAAI,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzD,gDAAgD;gBAChD,wDAAwD;gBACxD,mEAAmE;YACrE,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAe;IACrD,IAAI,UAAU,GAAG,GAAG,CAAC;IAErB,8BAA8B;IAC9B,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC;IAErC,wDAAwD;IACxD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;IACpC,UAAU,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,yBAAyB;IAEvE,yBAAyB;IACzB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,UAAU,GAAG,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,MAA8B;IAM1D,MAAM,eAAe,GAAG,IAAI,GAAG,EAAkB,CAAC;IAElD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;QAC3C,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM;QAC9E,CAAC,CAAC,CAAC,CAAC;IAEN,OAAO;QACL,gBAAgB,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM;QAC3C,UAAU,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;QAC/B,eAAe;QACf,aAAa;KACd,CAAC;AACJ,CAAC"}

package/dist/analysis/unresolved.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Unresolved item detector
+ *
+ * Identifies code patterns that require LLM assistance to resolve:
+ * - Virtual dispatch (interface methods)
+ * - Taint propagation through collections
+ * - Reflection calls
+ * - Dynamic method invocations
+ */
+import type { CallInfo, TypeInfo, DFG, UnresolvedItem } from '../types/index.js';
+/**
+ * Detect unresolved items that would benefit from LLM analysis.
+ */
+export declare function detectUnresolved(calls: CallInfo[], types: TypeInfo[], dfg: DFG): UnresolvedItem[];

package/dist/analysis/unresolved.js ADDED Viewed

@@ -0,0 +1,202 @@
+/**
+ * Unresolved item detector
+ *
+ * Identifies code patterns that require LLM assistance to resolve:
+ * - Virtual dispatch (interface methods)
+ * - Taint propagation through collections
+ * - Reflection calls
+ * - Dynamic method invocations
+ */
+/**
+ * Detect unresolved items that would benefit from LLM analysis.
+ */
+export function detectUnresolved(calls, types, dfg) {
+    const unresolved = [];
+    // Detect virtual dispatch (unresolved interface/abstract method calls)
+    unresolved.push(...detectVirtualDispatch(calls));
+    // Detect reflection patterns
+    unresolved.push(...detectReflection(calls));
+    // Detect taint propagation uncertainty (collections, etc.)
+    unresolved.push(...detectTaintPropagationUncertainty(calls, dfg));
+    // Detect dynamic calls
+    unresolved.push(...detectDynamicCalls(calls));
+    return unresolved;
+}
+/**
+ * Detect virtual dispatch - interface method calls that can't be statically resolved.
+ */
+function detectVirtualDispatch(calls) {
+    const items = [];
+    for (const call of calls) {
+        if (call.resolution?.status === 'interface_method') {
+            items.push({
+                type: 'virtual_dispatch',
+                call_id: calls.indexOf(call),
+                reason: 'interface_method_unknown_impl',
+                context: {
+                    code: formatCallCode(call),
+                    line: call.location.line,
+                    candidates: call.resolution.candidates,
+                },
+                llm_question: `Which implementation of ${call.method_name} is called when invoked on ${call.receiver}? Consider the context and common patterns.`,
+            });
+        }
+    }
+    return items;
+}
+/**
+ * Detect reflection patterns that need runtime analysis.
+ */
+function detectReflection(calls) {
+    const items = [];
+    const reflectionMethods = new Set([
+        'forName', // Class.forName
+        'newInstance', // Class.newInstance
+        'invoke', // Method.invoke
+        'get', // Field.get
+        'set', // Field.set
+        'getMethod', // Class.getMethod
+        'getDeclaredMethod',
+        'getField',
+        'getDeclaredField',
+        'getConstructor',
+    ]);
+    const reflectionReceivers = new Set([
+        'Class',
+        'Method',
+        'Field',
+        'Constructor',
+    ]);
+    for (const call of calls) {
+        const isReflectionMethod = reflectionMethods.has(call.method_name);
+        const isReflectionReceiver = call.receiver && reflectionReceivers.has(call.receiver);
+        if (isReflectionMethod || isReflectionReceiver) {
+            items.push({
+                type: 'reflection',
+                call_id: calls.indexOf(call),
+                reason: 'reflection_call',
+                context: {
+                    code: formatCallCode(call),
+                    line: call.location.line,
+                },
+                llm_question: `What class/method is being accessed via reflection at ${formatCallCode(call)}? What are the security implications?`,
+            });
+        }
+    }
+    return items;
+}
+/**
+ * Detect taint propagation uncertainty through collections and complex data flows.
+ */
+function detectTaintPropagationUncertainty(calls, dfg) {
+    const items = [];
+    // Collection methods that might propagate or lose taint
+    const collectionMethods = new Map([
+        ['add', 'collection_add'],
+        ['put', 'map_put'],
+        ['get', 'collection_get'],
+        ['remove', 'collection_remove'],
+        ['addAll', 'collection_addAll'],
+        ['putAll', 'map_putAll'],
+        ['toArray', 'collection_toArray'],
+        ['stream', 'collection_stream'],
+        ['iterator', 'collection_iterator'],
+    ]);
+    // Receivers that are likely collections
+    const collectionPatterns = [
+        /list/i,
+        /set/i,
+        /map/i,
+        /collection/i,
+        /array/i,
+        /queue/i,
+        /stack/i,
+        /vector/i,
+    ];
+    for (const call of calls) {
+        if (!collectionMethods.has(call.method_name))
+            continue;
+        // Check if receiver looks like a collection
+        const isCollection = call.receiver && collectionPatterns.some(p => p.test(call.receiver));
+        if (!isCollection && call.receiver)
+            continue;
+        const methodType = collectionMethods.get(call.method_name);
+        // For add/put, check if argument might be tainted
+        if (methodType === 'collection_add' || methodType === 'map_put') {
+            const hasVariableArg = call.arguments.some(arg => arg.variable !== null);
+            if (hasVariableArg) {
+                items.push({
+                    type: 'taint_propagation',
+                    call_id: calls.indexOf(call),
+                    reason: 'collection_taint_in',
+                    context: {
+                        code: formatCallCode(call),
+                        line: call.location.line,
+                    },
+                    llm_question: `Does taint propagate into ${call.receiver} when ${call.method_name} is called? Will subsequent retrievals from this collection be tainted?`,
+                });
+            }
+        }
+        // For get operations, question if result carries taint
+        if (methodType === 'collection_get' || methodType === 'collection_toArray') {
+            items.push({
+                type: 'taint_propagation',
+                call_id: calls.indexOf(call),
+                reason: 'collection_taint_out',
+                context: {
+                    code: formatCallCode(call),
+                    line: call.location.line,
+                },
+                llm_question: `Does the value retrieved from ${call.receiver}.${call.method_name}() carry taint from previously added elements?`,
+            });
+        }
+    }
+    return items;
+}
+/**
+ * Detect dynamic method calls that can't be statically analyzed.
+ */
+function detectDynamicCalls(calls) {
+    const items = [];
+    // Patterns that suggest dynamic dispatch
+    const dynamicPatterns = [
+        { method: 'execute', reason: 'command_pattern' },
+        { method: 'handle', reason: 'handler_pattern' },
+        { method: 'process', reason: 'processor_pattern' },
+        { method: 'dispatch', reason: 'dispatcher_pattern' },
+        { method: 'run', reason: 'runnable_pattern' },
+        { method: 'call', reason: 'callable_pattern' },
+        { method: 'apply', reason: 'function_pattern' },
+        { method: 'accept', reason: 'consumer_pattern' },
+    ];
+    for (const call of calls) {
+        // Skip if already resolved
+        if (call.resolved)
+            continue;
+        const pattern = dynamicPatterns.find(p => p.method === call.method_name);
+        if (pattern) {
+            items.push({
+                type: 'dynamic_call',
+                call_id: calls.indexOf(call),
+                reason: pattern.reason,
+                context: {
+                    code: formatCallCode(call),
+                    line: call.location.line,
+                },
+                llm_question: `What concrete implementation handles this ${call.method_name}() call? Analyze the code context to determine the actual target.`,
+            });
+        }
+    }
+    return items;
+}
+/**
+ * Format a call for display in context.
+ */
+function formatCallCode(call) {
+    const args = call.arguments.map(a => a.expression).join(', ');
+    if (call.receiver) {
+        return `${call.receiver}.${call.method_name}(${args})`;
+    }
+    return `${call.method_name}(${args})`;
+}
+//# sourceMappingURL=unresolved.js.map

package/dist/analysis/unresolved.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"unresolved.js","sourceRoot":"","sources":["../../src/analysis/unresolved.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,KAAiB,EACjB,KAAiB,EACjB,GAAQ;IAER,MAAM,UAAU,GAAqB,EAAE,CAAC;IAExC,uEAAuE;IACvE,UAAU,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC,CAAC;IAEjD,6BAA6B;IAC7B,UAAU,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC;IAE5C,2DAA2D;IAC3D,UAAU,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;IAElE,uBAAuB;IACvB,UAAU,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC;IAE9C,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,KAAiB;IAC9C,MAAM,KAAK,GAAqB,EAAE,CAAC;IAEnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,UAAU,EAAE,MAAM,KAAK,kBAAkB,EAAE,CAAC;YACnD,KAAK,CAAC,IAAI,CAAC;gBACT,IAAI,EAAE,kBAAkB;gBACxB,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;gBAC5B,MAAM,EAAE,+BAA+B;gBACvC,OAAO,EAAE;oBACP,IAAI,EAAE,cAAc,CAAC,IAAI,CAAC;oBAC1B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;oBACxB,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;iBACvC;gBACD,YAAY,EAAE,2BAA2B,IAAI,CAAC,WAAW,8BAA8B,IAAI,CAAC,QAAQ,6CAA6C;aAClJ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,KAAiB;IACzC,MAAM,KAAK,GAAqB,EAAE,CAAC;IAEnC,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;QAChC,SAAS,EAAO,gBAAgB;QAChC,aAAa,EAAG,oBAAoB;QACpC,QAAQ,EAAQ,gBAAgB;QAChC,KAAK,EAAW,YAAY;QAC5B,KAAK,EAAW,YAAY;QAC5B,WAAW,EAAK,kBAAkB;QAClC,mBAAmB;QACnB,UAAU;QACV,kBAAkB;QAClB,gBAAgB;KACjB,CAAC,CAAC;IAEH,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;QAClC,OAAO;QACP,QAAQ;QACR,OAAO;QACP,aAAa;KACd,CAAC,CAAC;IAEH,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACnE,MAAM,oBAAoB,GAAG,IAAI,CAAC,QAAQ,IAAI,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAErF,IAAI,kBAAkB,IAAI,oBAAoB,EAAE,CAAC;YAC/C,KAAK,CAAC,IAAI,CAAC;gBACT,IAAI,EAAE,YAAY;gBAClB,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;gBAC5B,MAAM,EAAE,iBAAiB;gBACzB,OAAO,EAAE;oBACP,IAAI,EAAE,cAAc,CAAC,IAAI,CAAC;oBAC1B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;iBACzB;gBACD,YAAY,EAAE,yDAAyD,cAAc,CAAC,IAAI,CAAC,uCAAuC;aACnI,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,iCAAiC,CAAC,KAAiB,EAAE,GAAQ;IACpE,MAAM,KAAK,GAAqB,EAAE,CAAC;IAEnC,wDAAwD;IACxD,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAiB;QAChD,CAAC,KAAK,EAAE,gBAAgB,CAAC;QACzB,CAAC,KAAK,EAAE,SAAS,CAAC;QAClB,CAAC,KAAK,EAAE,gBAAgB,CAAC;QACzB,CAAC,QAAQ,EAAE,mBAAmB,CAAC;QAC/B,CAAC,QAAQ,EAAE,mBAAmB,CAAC;QAC/B,CAAC,QAAQ,EAAE,YAAY,CAAC;QACxB,CAAC,SAAS,EAAE,oBAAoB,CAAC;QACjC,CAAC,QAAQ,EAAE,mBAAmB,CAAC;QAC/B,CAAC,UAAU,EAAE,qBAAqB,CAAC;KACpC,CAAC,CAAC;IAEH,wCAAwC;IACxC,MAAM,kBAAkB,GAAG;QACzB,OAAO;QACP,MAAM;QACN,MAAM;QACN,aAAa;QACb,QAAQ;QACR,QAAQ;QACR,QAAQ;QACR,SAAS;KACV,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC;YAAE,SAAS;QAEvD,4CAA4C;QAC5C,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAS,CAAC,CAAC,CAAC;QAC3F,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,QAAQ;YAAE,SAAS;QAE7C,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAE,CAAC;QAE5D,kDAAkD;QAClD,IAAI,UAAU,KAAK,gBAAgB,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAChE,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC;YACzE,IAAI,cAAc,EAAE,CAAC;gBACnB,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;oBAC5B,MAAM,EAAE,qBAAqB;oBAC7B,OAAO,EAAE;wBACP,IAAI,EAAE,cAAc,CAAC,IAAI,CAAC;wBAC1B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;qBACzB;oBACD,YAAY,EAAE,6BAA6B,IAAI,CAAC,QAAQ,SAAS,IAAI,CAAC,WAAW,yEAAyE;iBAC3J,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,uDAAuD;QACvD,IAAI,UAAU,KAAK,gBAAgB,IAAI,UAAU,KAAK,oBAAoB,EAAE,CAAC;YAC3E,KAAK,CAAC,IAAI,CAAC;gBACT,IAAI,EAAE,mBAAmB;gBACzB,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;gBAC5B,MAAM,EAAE,sBAAsB;gBAC9B,OAAO,EAAE;oBACP,IAAI,EAAE,cAAc,CAAC,IAAI,CAAC;oBAC1B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;iBACzB;gBACD,YAAY,EAAE,iCAAiC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,WAAW,gDAAgD;aACjI,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,KAAiB;IAC3C,MAAM,KAAK,GAAqB,EAAE,CAAC;IAEnC,yCAAyC;IACzC,MAAM,eAAe,GAAG;QACtB,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,iBAAiB,EAAE;QAChD,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE;QAC/C,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,mBAAmB,EAAE;QAClD,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,oBAAoB,EAAE;QACpD,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE;QAC7C,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB,EAAE;QAC9C,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE;QAC/C,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,kBAAkB,EAAE;KACjD,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,2BAA2B;QAC3B,IAAI,IAAI,CAAC,QAAQ;YAAE,SAAS;QAE5B,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,CAAC,WAAW,CAAC,CAAC;QACzE,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,CAAC,IAAI,CAAC;gBACT,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE;oBACP,IAAI,EAAE,cAAc,CAAC,IAAI,CAAC;oBAC1B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;iBACzB;gBACD,YAAY,EAAE,6CAA6C,IAAI,CAAC,WAAW,mEAAmE;aAC/I,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,IAAc;IACpC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9D,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,OAAO,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,GAAG,CAAC;IACzD,CAAC;IACD,OAAO,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,GAAG,CAAC;AACxC,CAAC"}

package/dist/analyzer.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * Circle-IR Analyzer
+ *
+ * Main entry point for analyzing source code and producing Circle-IR output.
+ * This is the core analyzer - for LLM-enhanced analysis, use circle-ir-ai.
+ */
+import type { CircleIR, AnalysisResponse } from './types/index.js';
+import type { TaintConfig } from './types/config.js';
+import { type SupportedLanguage } from './core/index.js';
+export interface AnalyzerOptions {
+    /**
+     * Path to tree-sitter.wasm for parser initialization.
+     */
+    wasmPath?: string;
+    /**
+     * Paths to language-specific WASM files.
+     */
+    languagePaths?: Partial<Record<SupportedLanguage, string>>;
+    /**
+     * Custom taint configuration.
+     */
+    taintConfig?: TaintConfig;
+}
+/**
+ * Initialize the analyzer. Must be called before analyze().
+ */
+export declare function initAnalyzer(options?: AnalyzerOptions): Promise<void>;
+/**
+ * Analyze source code and produce Circle-IR output.
+ */
+export declare function analyze(code: string, filePath: string, language: SupportedLanguage, options?: AnalyzerOptions): Promise<CircleIR>;
+/**
+ * Analyze code and return a simplified API response format.
+ */
+export declare function analyzeForAPI(code: string, filePath: string, language: SupportedLanguage, options?: AnalyzerOptions): Promise<AnalysisResponse>;
+/**
+ * Check if the analyzer is initialized.
+ */
+export declare function isAnalyzerInitialized(): boolean;
+/**
+ * Reset the analyzer (mainly for testing).
+ */
+export declare function resetAnalyzer(): void;