npm - circle-ir - Versions diffs - 3.1.0 - Mend

circle-ir 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (194) hide show

package/LICENSE +15 -0
package/README.md +200 -0
package/configs/sinks/code_injection.yaml +672 -0
package/configs/sinks/command.yaml +917 -0
package/configs/sinks/deserialization.yaml +105 -0
package/configs/sinks/ldap.yaml +136 -0
package/configs/sinks/nodejs.json +629 -0
package/configs/sinks/path.yaml +715 -0
package/configs/sinks/python.json +501 -0
package/configs/sinks/rust.json +339 -0
package/configs/sinks/sql.yaml +233 -0
package/configs/sinks/ssrf.yaml +160 -0
package/configs/sinks/xpath.yaml +121 -0
package/configs/sinks/xss.yaml +727 -0
package/configs/sources/db_sources.yaml +90 -0
package/configs/sources/env_sources.yaml +94 -0
package/configs/sources/express.json +197 -0
package/configs/sources/file_sources.yaml +164 -0
package/configs/sources/http_sources.yaml +379 -0
package/configs/sources/io_sources.yaml +519 -0
package/configs/sources/network_sources.yaml +99 -0
package/configs/sources/python.json +230 -0
package/configs/sources/rust.json +286 -0
package/configs/sources/spring.yaml +70 -0
package/dist/analysis/advisory-db.d.ts +86 -0
package/dist/analysis/advisory-db.js +104 -0
package/dist/analysis/advisory-db.js.map +1 -0
package/dist/analysis/cargo-parser.d.ts +42 -0
package/dist/analysis/cargo-parser.js +102 -0
package/dist/analysis/cargo-parser.js.map +1 -0
package/dist/analysis/config-loader.d.ts +37 -0
package/dist/analysis/config-loader.js +1561 -0
package/dist/analysis/config-loader.js.map +1 -0
package/dist/analysis/constant-propagation/ast-utils.d.ts +25 -0
package/dist/analysis/constant-propagation/ast-utils.js +34 -0
package/dist/analysis/constant-propagation/ast-utils.js.map +1 -0
package/dist/analysis/constant-propagation/evaluator.d.ts +32 -0
package/dist/analysis/constant-propagation/evaluator.js +296 -0
package/dist/analysis/constant-propagation/evaluator.js.map +1 -0
package/dist/analysis/constant-propagation/index.d.ts +62 -0
package/dist/analysis/constant-propagation/index.js +152 -0
package/dist/analysis/constant-propagation/index.js.map +1 -0
package/dist/analysis/constant-propagation/patterns.d.ts +8 -0
package/dist/analysis/constant-propagation/patterns.js +126 -0
package/dist/analysis/constant-propagation/patterns.js.map +1 -0
package/dist/analysis/constant-propagation/propagator.d.ts +180 -0
package/dist/analysis/constant-propagation/propagator.js +1985 -0
package/dist/analysis/constant-propagation/propagator.js.map +1 -0
package/dist/analysis/constant-propagation/types.d.ts +63 -0
package/dist/analysis/constant-propagation/types.js +5 -0
package/dist/analysis/constant-propagation/types.js.map +1 -0
package/dist/analysis/constant-propagation.d.ts +9 -0
package/dist/analysis/constant-propagation.js +18 -0
package/dist/analysis/constant-propagation.js.map +1 -0
package/dist/analysis/dependency-scanner.d.ts +79 -0
package/dist/analysis/dependency-scanner.js +122 -0
package/dist/analysis/dependency-scanner.js.map +1 -0
package/dist/analysis/dfg-verifier.d.ts +116 -0
package/dist/analysis/dfg-verifier.js +399 -0
package/dist/analysis/dfg-verifier.js.map +1 -0
package/dist/analysis/findings.d.ts +11 -0
package/dist/analysis/findings.js +228 -0
package/dist/analysis/findings.js.map +1 -0
package/dist/analysis/index.d.ts +16 -0
package/dist/analysis/index.js +18 -0
package/dist/analysis/index.js.map +1 -0
package/dist/analysis/interprocedural.d.ts +99 -0
package/dist/analysis/interprocedural.js +526 -0
package/dist/analysis/interprocedural.js.map +1 -0
package/dist/analysis/path-finder.d.ts +133 -0
package/dist/analysis/path-finder.js +354 -0
package/dist/analysis/path-finder.js.map +1 -0
package/dist/analysis/rules.d.ts +75 -0
package/dist/analysis/rules.js +332 -0
package/dist/analysis/rules.js.map +1 -0
package/dist/analysis/semver.d.ts +27 -0
package/dist/analysis/semver.js +127 -0
package/dist/analysis/semver.js.map +1 -0
package/dist/analysis/taint-matcher.d.ts +15 -0
package/dist/analysis/taint-matcher.js +634 -0
package/dist/analysis/taint-matcher.js.map +1 -0
package/dist/analysis/taint-propagation.d.ts +67 -0
package/dist/analysis/taint-propagation.js +298 -0
package/dist/analysis/taint-propagation.js.map +1 -0
package/dist/analysis/unresolved.d.ts +14 -0
package/dist/analysis/unresolved.js +202 -0
package/dist/analysis/unresolved.js.map +1 -0
package/dist/analyzer.d.ts +43 -0
package/dist/analyzer.js +1010 -0
package/dist/analyzer.js.map +1 -0
package/dist/browser/circle-ir.js +16576 -0
package/dist/browser.d.ts +38 -0
package/dist/browser.js +38 -0
package/dist/browser.js.map +1 -0
package/dist/core/circle-ir-core.cjs +13626 -0
package/dist/core/circle-ir-core.d.ts +59 -0
package/dist/core/circle-ir-core.js +13591 -0
package/dist/core/extractors/calls.d.ts +13 -0
package/dist/core/extractors/calls.js +1429 -0
package/dist/core/extractors/calls.js.map +1 -0
package/dist/core/extractors/cfg.d.ts +9 -0
package/dist/core/extractors/cfg.js +519 -0
package/dist/core/extractors/cfg.js.map +1 -0
package/dist/core/extractors/dfg.d.ts +12 -0
package/dist/core/extractors/dfg.js +1081 -0
package/dist/core/extractors/dfg.js.map +1 -0
package/dist/core/extractors/exports.d.ts +14 -0
package/dist/core/extractors/exports.js +80 -0
package/dist/core/extractors/exports.js.map +1 -0
package/dist/core/extractors/imports.d.ts +9 -0
package/dist/core/extractors/imports.js +739 -0
package/dist/core/extractors/imports.js.map +1 -0
package/dist/core/extractors/index.d.ts +10 -0
package/dist/core/extractors/index.js +11 -0
package/dist/core/extractors/index.js.map +1 -0
package/dist/core/extractors/meta.d.ts +10 -0
package/dist/core/extractors/meta.js +109 -0
package/dist/core/extractors/meta.js.map +1 -0
package/dist/core/extractors/types.d.ts +10 -0
package/dist/core/extractors/types.js +1479 -0
package/dist/core/extractors/types.js.map +1 -0
package/dist/core/index.d.ts +5 -0
package/dist/core/index.js +8 -0
package/dist/core/index.js.map +1 -0
package/dist/core/parser.d.ts +84 -0
package/dist/core/parser.js +250 -0
package/dist/core/parser.js.map +1 -0
package/dist/core-lib.d.ts +59 -0
package/dist/core-lib.js +62 -0
package/dist/core-lib.js.map +1 -0
package/dist/index.d.ts +15 -0
package/dist/index.js +20 -0
package/dist/index.js.map +1 -0
package/dist/languages/index.d.ts +11 -0
package/dist/languages/index.js +14 -0
package/dist/languages/index.js.map +1 -0
package/dist/languages/plugins/base.d.ts +44 -0
package/dist/languages/plugins/base.js +82 -0
package/dist/languages/plugins/base.js.map +1 -0
package/dist/languages/plugins/index.d.ts +14 -0
package/dist/languages/plugins/index.js +25 -0
package/dist/languages/plugins/index.js.map +1 -0
package/dist/languages/plugins/java.d.ts +49 -0
package/dist/languages/plugins/java.js +402 -0
package/dist/languages/plugins/java.js.map +1 -0
package/dist/languages/plugins/javascript.d.ts +48 -0
package/dist/languages/plugins/javascript.js +445 -0
package/dist/languages/plugins/javascript.js.map +1 -0
package/dist/languages/plugins/python.d.ts +47 -0
package/dist/languages/plugins/python.js +480 -0
package/dist/languages/plugins/python.js.map +1 -0
package/dist/languages/plugins/rust.d.ts +47 -0
package/dist/languages/plugins/rust.js +405 -0
package/dist/languages/plugins/rust.js.map +1 -0
package/dist/languages/registry.d.ts +30 -0
package/dist/languages/registry.js +80 -0
package/dist/languages/registry.js.map +1 -0
package/dist/languages/types.d.ts +184 -0
package/dist/languages/types.js +8 -0
package/dist/languages/types.js.map +1 -0
package/dist/resolution/cross-file.d.ts +146 -0
package/dist/resolution/cross-file.js +439 -0
package/dist/resolution/cross-file.js.map +1 -0
package/dist/resolution/index.d.ts +12 -0
package/dist/resolution/index.js +10 -0
package/dist/resolution/index.js.map +1 -0
package/dist/resolution/symbol-table.d.ts +136 -0
package/dist/resolution/symbol-table.js +336 -0
package/dist/resolution/symbol-table.js.map +1 -0
package/dist/resolution/type-hierarchy.d.ts +124 -0
package/dist/resolution/type-hierarchy.js +515 -0
package/dist/resolution/type-hierarchy.js.map +1 -0
package/dist/types/config.d.ts +45 -0
package/dist/types/config.js +5 -0
package/dist/types/config.js.map +1 -0
package/dist/types/index.d.ts +392 -0
package/dist/types/index.js +7 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/logger.d.ts +85 -0
package/dist/utils/logger.js +198 -0
package/dist/utils/logger.js.map +1 -0
package/dist/wasm/tree-sitter-java.wasm +0 -0
package/dist/wasm/tree-sitter-javascript.wasm +0 -0
package/dist/wasm/tree-sitter-python.wasm +0 -0
package/dist/wasm/tree-sitter-rust.wasm +0 -0
package/dist/wasm/web-tree-sitter.wasm +0 -0
package/docs/SPEC.md +1021 -0
package/examples/browser-example.html +610 -0
package/examples/node-example.ts +215 -0
package/package.json +107 -0
package/wasm/tree-sitter-java.wasm +0 -0
package/wasm/tree-sitter-javascript.wasm +0 -0
package/wasm/tree-sitter-python.wasm +0 -0
package/wasm/tree-sitter-rust.wasm +0 -0

package/configs/sinks/nodejs.json ADDED Viewed

@@ -0,0 +1,629 @@
+{
+  "sinks": [
+    {
+      "method": "exec",
+      "class": "child_process",
+      "type": "command_injection",
+      "cwe": "CWE-78",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Command execution - extremely dangerous with user input"
+    },
+    {
+      "method": "execSync",
+      "class": "child_process",
+      "type": "command_injection",
+      "cwe": "CWE-78",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Synchronous command execution"
+    },
+    {
+      "method": "spawn",
+      "class": "child_process",
+      "type": "command_injection",
+      "cwe": "CWE-78",
+      "severity": "critical",
+      "arg_positions": [0, 1],
+      "note": "Process spawn - arg[0] is command, arg[1] is args array"
+    },
+    {
+      "method": "spawnSync",
+      "class": "child_process",
+      "type": "command_injection",
+      "cwe": "CWE-78",
+      "severity": "critical",
+      "arg_positions": [0, 1],
+      "note": "Synchronous process spawn"
+    },
+    {
+      "method": "execFile",
+      "class": "child_process",
+      "type": "command_injection",
+      "cwe": "CWE-78",
+      "severity": "critical",
+      "arg_positions": [0, 1],
+      "note": "Execute file with arguments"
+    },
+    {
+      "method": "fork",
+      "class": "child_process",
+      "type": "command_injection",
+      "cwe": "CWE-78",
+      "severity": "high",
+      "arg_positions": [0],
+      "note": "Fork new Node.js process"
+    },
+    {
+      "method": "query",
+      "class": "mysql",
+      "type": "sql_injection",
+      "cwe": "CWE-89",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "MySQL query - use parameterized queries"
+    },
+    {
+      "method": "query",
+      "class": "Connection",
+      "type": "sql_injection",
+      "cwe": "CWE-89",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Database query method"
+    },
+    {
+      "method": "query",
+      "class": "Pool",
+      "type": "sql_injection",
+      "cwe": "CWE-89",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Database pool query"
+    },
+    {
+      "method": "raw",
+      "class": "knex",
+      "type": "sql_injection",
+      "cwe": "CWE-89",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Knex raw SQL query"
+    },
+    {
+      "method": "$queryRaw",
+      "class": "prisma",
+      "type": "sql_injection",
+      "cwe": "CWE-89",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Prisma raw query"
+    },
+    {
+      "method": "readFile",
+      "class": "fs",
+      "type": "path_traversal",
+      "cwe": "CWE-22",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "File read - validate path before use"
+    },
+    {
+      "method": "readFileSync",
+      "class": "fs",
+      "type": "path_traversal",
+      "cwe": "CWE-22",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Synchronous file read"
+    },
+    {
+      "method": "writeFile",
+      "class": "fs",
+      "type": "path_traversal",
+      "cwe": "CWE-22",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "File write - validate path before use"
+    },
+    {
+      "method": "writeFileSync",
+      "class": "fs",
+      "type": "path_traversal",
+      "cwe": "CWE-22",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Synchronous file write"
+    },
+    {
+      "method": "appendFile",
+      "class": "fs",
+      "type": "path_traversal",
+      "cwe": "CWE-22",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "File append operation"
+    },
+    {
+      "method": "unlink",
+      "class": "fs",
+      "type": "path_traversal",
+      "cwe": "CWE-22",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "File deletion"
+    },
+    {
+      "method": "createReadStream",
+      "class": "fs",
+      "type": "path_traversal",
+      "cwe": "CWE-22",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Create read stream from file"
+    },
+    {
+      "method": "createWriteStream",
+      "class": "fs",
+      "type": "path_traversal",
+      "cwe": "CWE-22",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Create write stream to file"
+    },
+    {
+      "method": "send",
+      "class": "Response",
+      "type": "xss",
+      "cwe": "CWE-79",
+      "severity": "high",
+      "arg_positions": [0],
+      "note": "Express response - HTML content may be vulnerable to XSS"
+    },
+    {
+      "method": "html",
+      "class": "Response",
+      "type": "xss",
+      "cwe": "CWE-79",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Express HTML response - directly renders HTML"
+    },
+    {
+      "method": "write",
+      "class": "Response",
+      "type": "xss",
+      "cwe": "CWE-79",
+      "severity": "high",
+      "arg_positions": [0],
+      "note": "Response write - may render HTML"
+    },
+    {
+      "method": "end",
+      "class": "Response",
+      "type": "xss",
+      "cwe": "CWE-79",
+      "severity": "high",
+      "arg_positions": [0],
+      "note": "Response end with data"
+    },
+    {
+      "method": "render",
+      "class": "Response",
+      "type": "xss",
+      "cwe": "CWE-79",
+      "severity": "high",
+      "arg_positions": [1],
+      "note": "Template render - second arg is data object"
+    },
+    {
+      "method": "eval",
+      "type": "code_injection",
+      "cwe": "CWE-94",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Never use eval with user input"
+    },
+    {
+      "method": "Function",
+      "class": "constructor",
+      "type": "code_injection",
+      "cwe": "CWE-94",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Function constructor is like eval"
+    },
+    {
+      "method": "setTimeout",
+      "type": "code_injection",
+      "cwe": "CWE-94",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "setTimeout with string argument evaluates code"
+    },
+    {
+      "method": "setInterval",
+      "type": "code_injection",
+      "cwe": "CWE-94",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "setInterval with string argument evaluates code"
+    },
+    {
+      "method": "fetch",
+      "type": "ssrf",
+      "cwe": "CWE-918",
+      "severity": "high",
+      "arg_positions": [0],
+      "note": "HTTP fetch - validate URL to prevent SSRF"
+    },
+    {
+      "method": "get",
+      "class": "axios",
+      "type": "ssrf",
+      "cwe": "CWE-918",
+      "severity": "high",
+      "arg_positions": [0],
+      "note": "Axios GET request"
+    },
+    {
+      "method": "post",
+      "class": "axios",
+      "type": "ssrf",
+      "cwe": "CWE-918",
+      "severity": "high",
+      "arg_positions": [0],
+      "note": "Axios POST request"
+    },
+    {
+      "method": "request",
+      "class": "axios",
+      "type": "ssrf",
+      "cwe": "CWE-918",
+      "severity": "high",
+      "arg_positions": [0],
+      "note": "Axios request"
+    },
+    {
+      "method": "request",
+      "class": "http",
+      "type": "ssrf",
+      "cwe": "CWE-918",
+      "severity": "high",
+      "arg_positions": [0],
+      "note": "Node.js HTTP request"
+    },
+    {
+      "method": "request",
+      "class": "https",
+      "type": "ssrf",
+      "cwe": "CWE-918",
+      "severity": "high",
+      "arg_positions": [0],
+      "note": "Node.js HTTPS request"
+    },
+    {
+      "method": "redirect",
+      "class": "Response",
+      "type": "open_redirect",
+      "cwe": "CWE-601",
+      "severity": "medium",
+      "arg_positions": [0],
+      "note": "Express redirect - validate URL to prevent open redirect"
+    },
+    {
+      "method": "join",
+      "class": "path",
+      "type": "path_traversal",
+      "cwe": "CWE-22",
+      "severity": "high",
+      "arg_positions": [0, 1],
+      "note": "Path join - may allow path traversal if not validated"
+    },
+    {
+      "method": "resolve",
+      "class": "path",
+      "type": "path_traversal",
+      "cwe": "CWE-22",
+      "severity": "high",
+      "arg_positions": [0, 1],
+      "note": "Path resolve - may allow path traversal if not validated"
+    },
+    {
+      "method": "lookup",
+      "class": "dns",
+      "type": "ssrf",
+      "cwe": "CWE-918",
+      "severity": "high",
+      "arg_positions": [0],
+      "note": "DNS lookup - can be used for DNS rebinding attacks"
+    },
+    {
+      "method": "resolve",
+      "class": "dns",
+      "type": "ssrf",
+      "cwe": "CWE-918",
+      "severity": "high",
+      "arg_positions": [0],
+      "note": "DNS resolve"
+    },
+    {
+      "method": "connect",
+      "class": "net",
+      "type": "ssrf",
+      "cwe": "CWE-918",
+      "severity": "high",
+      "arg_positions": [0],
+      "note": "TCP connection - validate host/port"
+    },
+    {
+      "method": "createConnection",
+      "class": "net",
+      "type": "ssrf",
+      "cwe": "CWE-918",
+      "severity": "high",
+      "arg_positions": [0],
+      "note": "Create TCP connection"
+    },
+    {
+      "method": "runInContext",
+      "class": "vm",
+      "type": "code_injection",
+      "cwe": "CWE-94",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "VM code execution - dangerous with user input"
+    },
+    {
+      "method": "runInNewContext",
+      "class": "vm",
+      "type": "code_injection",
+      "cwe": "CWE-94",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "VM code execution in new context"
+    },
+    {
+      "method": "runInThisContext",
+      "class": "vm",
+      "type": "code_injection",
+      "cwe": "CWE-94",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "VM code execution in current context"
+    },
+    {
+      "method": "compileFunction",
+      "class": "vm",
+      "type": "code_injection",
+      "cwe": "CWE-94",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Compile function from code string"
+    },
+    {
+      "method": "find",
+      "class": "MongoDB",
+      "type": "nosql_injection",
+      "cwe": "CWE-943",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "MongoDB find - beware of NoSQL injection via object operators"
+    },
+    {
+      "method": "findOne",
+      "class": "MongoDB",
+      "type": "nosql_injection",
+      "cwe": "CWE-943",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "MongoDB findOne"
+    },
+    {
+      "method": "findOneAndUpdate",
+      "class": "MongoDB",
+      "type": "nosql_injection",
+      "cwe": "CWE-943",
+      "severity": "critical",
+      "arg_positions": [0, 1],
+      "note": "MongoDB findOneAndUpdate"
+    },
+    {
+      "method": "updateOne",
+      "class": "MongoDB",
+      "type": "nosql_injection",
+      "cwe": "CWE-943",
+      "severity": "critical",
+      "arg_positions": [0, 1],
+      "note": "MongoDB updateOne"
+    },
+    {
+      "method": "deleteOne",
+      "class": "MongoDB",
+      "type": "nosql_injection",
+      "cwe": "CWE-943",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "MongoDB deleteOne"
+    },
+    {
+      "method": "aggregate",
+      "class": "MongoDB",
+      "type": "nosql_injection",
+      "cwe": "CWE-943",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "MongoDB aggregation pipeline"
+    },
+    {
+      "method": "$where",
+      "class": "MongoDB",
+      "type": "code_injection",
+      "cwe": "CWE-94",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "MongoDB $where operator - executes JavaScript"
+    },
+    {
+      "method": "deserialize",
+      "type": "deserialization",
+      "cwe": "CWE-502",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Object deserialization - dangerous with untrusted data"
+    },
+    {
+      "method": "parse",
+      "class": "JSON",
+      "type": "deserialization",
+      "cwe": "CWE-502",
+      "severity": "medium",
+      "arg_positions": [0],
+      "note": "JSON parse with reviver can be dangerous"
+    },
+    {
+      "method": "compile",
+      "class": "Handlebars",
+      "type": "template_injection",
+      "cwe": "CWE-94",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Handlebars template compilation - SSTI risk"
+    },
+    {
+      "method": "compile",
+      "class": "pug",
+      "type": "template_injection",
+      "cwe": "CWE-94",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "Pug/Jade template compilation - SSTI risk"
+    },
+    {
+      "method": "compile",
+      "class": "ejs",
+      "type": "template_injection",
+      "cwe": "CWE-94",
+      "severity": "critical",
+      "arg_positions": [0],
+      "note": "EJS template compilation - SSTI risk"
+    },
+    {
+      "method": "setHeader",
+      "class": "Response",
+      "type": "header_injection",
+      "cwe": "CWE-113",
+      "severity": "medium",
+      "arg_positions": [1],
+      "note": "HTTP header injection if value contains CRLF"
+    },
+    {
+      "method": "cookie",
+      "class": "Response",
+      "type": "header_injection",
+      "cwe": "CWE-113",
+      "severity": "medium",
+      "arg_positions": [1],
+      "note": "Cookie value injection"
+    }
+  ],
+  "sanitizers": [
+    {
+      "method": "escape",
+      "class": "validator",
+      "removes": ["xss"],
+      "note": "Validator.js escape function"
+    },
+    {
+      "method": "escapeHtml",
+      "removes": ["xss"],
+      "note": "HTML escape function"
+    },
+    {
+      "method": "sanitize",
+      "removes": ["xss", "sql_injection"],
+      "note": "Generic sanitization"
+    },
+    {
+      "method": "normalize",
+      "class": "path",
+      "removes": ["path_traversal"],
+      "note": "Path normalization (still needs validation)"
+    },
+    {
+      "method": "basename",
+      "class": "path",
+      "removes": ["path_traversal"],
+      "note": "Returns filename only"
+    },
+    {
+      "method": "escape",
+      "class": "mysql",
+      "removes": ["sql_injection"],
+      "note": "MySQL escape function"
+    },
+    {
+      "method": "escapeId",
+      "class": "mysql",
+      "removes": ["sql_injection"],
+      "note": "MySQL identifier escape"
+    },
+    {
+      "method": "createHash",
+      "class": "crypto",
+      "removes": ["plain_text"],
+      "note": "Hashing function (use for integrity, not encryption)"
+    },
+    {
+      "method": "parseInt",
+      "removes": ["sql_injection", "command_injection"],
+      "note": "Converts to integer - safe for numeric values"
+    },
+    {
+      "method": "parseFloat",
+      "removes": ["sql_injection", "command_injection"],
+      "note": "Converts to float - safe for numeric values"
+    },
+    {
+      "method": "Number",
+      "removes": ["sql_injection", "command_injection"],
+      "note": "Number constructor - safe for numeric values"
+    },
+    {
+      "method": "encodeURIComponent",
+      "removes": ["xss", "open_redirect"],
+      "note": "URL encoding - safe for URL parameters"
+    },
+    {
+      "method": "encodeURI",
+      "removes": ["open_redirect"],
+      "note": "URL encoding"
+    },
+    {
+      "method": "createCipheriv",
+      "class": "crypto",
+      "removes": ["plain_text"],
+      "note": "Encryption function"
+    },
+    {
+      "method": "DOMPurify.sanitize",
+      "removes": ["xss"],
+      "note": "DOMPurify HTML sanitization"
+    },
+    {
+      "method": "xss",
+      "removes": ["xss"],
+      "note": "xss npm package sanitization"
+    },
+    {
+      "method": "stripTags",
+      "removes": ["xss"],
+      "note": "HTML tag stripping"
+    },
+    {
+      "method": "toString",
+      "removes": ["nosql_injection"],
+      "note": "Convert to string - prevents NoSQL operator injection"
+    }
+  ]
+}