circle-ir 3.1.0

package/dist/languages/types.d.ts

@@ -0,0 +1,184 @@
+/**
+ * Language Plugin System
+ *
+ * Defines the interface for language-specific analysis plugins.
+ * Each language (Java, JavaScript, Python, Rust) implements this interface.
+ */
+import type { Parser, Node as SyntaxNode, Tree } from 'web-tree-sitter';
+import type { TypeInfo, CallInfo, ImportInfo } from '../types/index.js';
+/**
+ * Supported languages for analysis
+ */
+export type SupportedLanguage = 'java' | 'javascript' | 'typescript' | 'python' | 'rust';
+/**
+ * AST node type mappings for a language
+ */
+export interface LanguageNodeTypes {
+    classDeclaration: string[];
+    interfaceDeclaration: string[];
+    enumDeclaration: string[];
+    functionDeclaration: string[];
+    methodDeclaration: string[];
+    methodCall: string[];
+    functionCall: string[];
+    assignment: string[];
+    variableDeclaration: string[];
+    parameter: string[];
+    argument: string[];
+    annotation: string[];
+    decorator: string[];
+    importStatement: string[];
+    ifStatement: string[];
+    forStatement: string[];
+    whileStatement: string[];
+    tryStatement: string[];
+    returnStatement: string[];
+}
+/**
+ * Framework detection result
+ */
+export interface FrameworkInfo {
+    name: string;
+    version?: string;
+    confidence: number;
+    indicators: string[];
+}
+/**
+ * Language-specific extraction context
+ */
+export interface ExtractionContext {
+    filePath: string;
+    sourceCode: string;
+    tree: Tree;
+    package?: string;
+    imports: ImportInfo[];
+    framework?: FrameworkInfo;
+}
+/**
+ * Language Plugin Interface
+ *
+ * Each supported language must implement this interface.
+ */
+export interface LanguagePlugin {
+    /**
+     * Language identifier
+     */
+    readonly id: SupportedLanguage;
+    /**
+     * Human-readable name
+     */
+    readonly name: string;
+    /**
+     * File extensions handled by this plugin
+     */
+    readonly extensions: string[];
+    /**
+     * Path to tree-sitter WASM grammar
+     */
+    readonly wasmPath: string;
+    /**
+     * AST node type mappings for this language
+     */
+    readonly nodeTypes: LanguageNodeTypes;
+    /**
+     * Initialize the plugin (load WASM, etc.)
+     */
+    initialize(parser: Parser): Promise<void>;
+    /**
+     * Check if a file path is handled by this plugin
+     */
+    canHandle(filePath: string): boolean;
+    /**
+     * Detect framework from imports and code patterns
+     */
+    detectFramework(context: ExtractionContext): FrameworkInfo | undefined;
+    /**
+     * Extract type definitions (classes, interfaces, etc.)
+     */
+    extractTypes(context: ExtractionContext): TypeInfo[];
+    /**
+     * Extract method/function calls
+     */
+    extractCalls(context: ExtractionContext): CallInfo[];
+    /**
+     * Extract import statements
+     */
+    extractImports(context: ExtractionContext): ImportInfo[];
+    /**
+     * Get the package/module name from the file
+     */
+    extractPackage(context: ExtractionContext): string | undefined;
+    /**
+     * Language-specific taint source patterns
+     * Returns additional sources beyond YAML config
+     */
+    getBuiltinSources(): TaintSourcePattern[];
+    /**
+     * Language-specific taint sink patterns
+     * Returns additional sinks beyond YAML config
+     */
+    getBuiltinSinks(): TaintSinkPattern[];
+    /**
+     * Get receiver type from a method call node
+     */
+    getReceiverType(node: SyntaxNode, context: ExtractionContext): string | undefined;
+    /**
+     * Check if a node represents a string literal
+     */
+    isStringLiteral(node: SyntaxNode): boolean;
+    /**
+     * Get string value from a literal node
+     */
+    getStringValue(node: SyntaxNode): string | undefined;
+}
+/**
+ * Taint source pattern definition
+ */
+export interface TaintSourcePattern {
+    method?: string;
+    class?: string;
+    annotation?: string;
+    parameterPattern?: RegExp;
+    type: string;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    confidence: number;
+    returnTainted?: boolean;
+    paramPositions?: number[];
+}
+/**
+ * Taint sink pattern definition
+ */
+export interface TaintSinkPattern {
+    method: string;
+    class?: string;
+    type: string;
+    cwe: string;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    argPositions: number[];
+    sanitizes?: string[];
+}
+/**
+ * Language plugin registry
+ */
+export interface LanguageRegistry {
+    /**
+     * Register a language plugin
+     */
+    register(plugin: LanguagePlugin): void;
+    /**
+     * Get plugin for a language
+     */
+    get(language: SupportedLanguage): LanguagePlugin | undefined;
+    /**
+     * Get plugin for a file path
+     */
+    getForFile(filePath: string): LanguagePlugin | undefined;
+    /**
+     * Get all registered plugins
+     */
+    getAll(): LanguagePlugin[];
+    /**
+     * Get all supported languages
+     */
+    getSupportedLanguages(): SupportedLanguage[];
+}

package/dist/languages/types.js

@@ -0,0 +1,8 @@
+/**
+ * Language Plugin System
+ *
+ * Defines the interface for language-specific analysis plugins.
+ * Each language (Java, JavaScript, Python, Rust) implements this interface.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/languages/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/languages/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/dist/resolution/cross-file.d.ts

@@ -0,0 +1,146 @@
+/**
+ * Cross-File Call Resolution
+ *
+ * Resolves method calls to their definitions across file boundaries,
+ * enabling cross-file taint tracking.
+ */
+import type { CallInfo, CircleIR } from '../types/index.js';
+import { SymbolTable } from './symbol-table.js';
+import { TypeHierarchyResolver } from './type-hierarchy.js';
+/**
+ * Resolved call with target information
+ */
+export interface ResolvedCall {
+    call: CallInfo;
+    sourceFile: string;
+    targetFile: string;
+    targetMethod: string;
+    targetClass: string;
+    resolution: 'exact' | 'polymorphic' | 'inferred';
+    candidates?: string[];
+}
+/**
+ * Taint propagation information for a method
+ */
+export interface MethodTaintInfo {
+    methodFqn: string;
+    file: string;
+    taintedParams: number[];
+    returnsSource: boolean;
+    sourceType?: string;
+    sanitizes: boolean;
+    sanitizedTypes?: string[];
+}
+/**
+ * Cross-file taint flow
+ */
+export interface CrossFileTaintFlow {
+    sourceFile: string;
+    sourceLine: number;
+    sourceType: string;
+    targetFile: string;
+    targetLine: number;
+    targetMethod: string;
+    flowType: 'call_arg' | 'return_value' | 'field_access';
+    taintedArgPositions?: number[];
+}
+/**
+ * CrossFileResolver - Resolves calls and tracks taint across files
+ */
+export declare class CrossFileResolver {
+    private symbolTable;
+    private typeHierarchy;
+    private fileIRs;
+    private methodTaintInfo;
+    private resolvedCalls;
+    constructor(symbolTable: SymbolTable, typeHierarchy: TypeHierarchyResolver);
+    /**
+     * Add a file's IR for analysis
+     */
+    addFile(filePath: string, ir: CircleIR): void;
+    /**
+     * Resolve a call to its target method(s)
+     */
+    resolveCall(call: CallInfo, fromFile: string): ResolvedCall | undefined;
+    /**
+     * Resolve call with a receiver (instance method call)
+     */
+    private resolveWithReceiver;
+    /**
+     * Resolve static or local method call
+     */
+    private resolveStaticOrLocal;
+    /**
+     * Resolve by searching all known methods
+     */
+    private resolveByMethodName;
+    /**
+     * Infer the type of a receiver variable
+     */
+    private inferReceiverType;
+    /**
+     * Find polymorphic candidates (implementations/subclasses)
+     */
+    private findPolymorphicCandidates;
+    /**
+     * Analyze methods for taint propagation characteristics
+     */
+    private analyzeMethodTaint;
+    /**
+     * Check if method is a taint source
+     */
+    private isMethodTaintSource;
+    /**
+     * Get source type for a method
+     */
+    private getSourceType;
+    /**
+     * Find which parameters propagate taint to return value
+     */
+    private findTaintedParams;
+    /**
+     * Check if method name suggests sanitization
+     */
+    private isSanitizerMethod;
+    /**
+     * Get types sanitized by a method
+     */
+    private getSanitizedTypes;
+    /**
+     * Find all callers of a method across the project
+     */
+    findCallers(methodFqn: string): ResolvedCall[];
+    /**
+     * Find cross-file taint flows
+     */
+    findCrossFileTaintFlows(): CrossFileTaintFlow[];
+    /**
+     * Get taint info for a method
+     */
+    getMethodTaintInfo(methodFqn: string): MethodTaintInfo | undefined;
+    /**
+     * Get all resolved calls from a file
+     */
+    getResolvedCallsFromFile(filePath: string): ResolvedCall[];
+    /**
+     * Get statistics
+     */
+    getStats(): {
+        totalFiles: number;
+        totalCalls: number;
+        resolvedCalls: number;
+        crossFileCalls: number;
+        methodsWithTaintInfo: number;
+    };
+    /**
+     * Clear all caches
+     */
+    clear(): void;
+}
+/**
+ * Build a cross-file resolver from multiple IR results
+ */
+export declare function buildCrossFileResolver(files: Array<{
+    ir: CircleIR;
+    path: string;
+}>, symbolTable?: SymbolTable, typeHierarchy?: TypeHierarchyResolver): CrossFileResolver;