circle-ir 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +15 -0
- package/README.md +200 -0
- package/configs/sinks/code_injection.yaml +672 -0
- package/configs/sinks/command.yaml +917 -0
- package/configs/sinks/deserialization.yaml +105 -0
- package/configs/sinks/ldap.yaml +136 -0
- package/configs/sinks/nodejs.json +629 -0
- package/configs/sinks/path.yaml +715 -0
- package/configs/sinks/python.json +501 -0
- package/configs/sinks/rust.json +339 -0
- package/configs/sinks/sql.yaml +233 -0
- package/configs/sinks/ssrf.yaml +160 -0
- package/configs/sinks/xpath.yaml +121 -0
- package/configs/sinks/xss.yaml +727 -0
- package/configs/sources/db_sources.yaml +90 -0
- package/configs/sources/env_sources.yaml +94 -0
- package/configs/sources/express.json +197 -0
- package/configs/sources/file_sources.yaml +164 -0
- package/configs/sources/http_sources.yaml +379 -0
- package/configs/sources/io_sources.yaml +519 -0
- package/configs/sources/network_sources.yaml +99 -0
- package/configs/sources/python.json +230 -0
- package/configs/sources/rust.json +286 -0
- package/configs/sources/spring.yaml +70 -0
- package/dist/analysis/advisory-db.d.ts +86 -0
- package/dist/analysis/advisory-db.js +104 -0
- package/dist/analysis/advisory-db.js.map +1 -0
- package/dist/analysis/cargo-parser.d.ts +42 -0
- package/dist/analysis/cargo-parser.js +102 -0
- package/dist/analysis/cargo-parser.js.map +1 -0
- package/dist/analysis/config-loader.d.ts +37 -0
- package/dist/analysis/config-loader.js +1561 -0
- package/dist/analysis/config-loader.js.map +1 -0
- package/dist/analysis/constant-propagation/ast-utils.d.ts +25 -0
- package/dist/analysis/constant-propagation/ast-utils.js +34 -0
- package/dist/analysis/constant-propagation/ast-utils.js.map +1 -0
- package/dist/analysis/constant-propagation/evaluator.d.ts +32 -0
- package/dist/analysis/constant-propagation/evaluator.js +296 -0
- package/dist/analysis/constant-propagation/evaluator.js.map +1 -0
- package/dist/analysis/constant-propagation/index.d.ts +62 -0
- package/dist/analysis/constant-propagation/index.js +152 -0
- package/dist/analysis/constant-propagation/index.js.map +1 -0
- package/dist/analysis/constant-propagation/patterns.d.ts +8 -0
- package/dist/analysis/constant-propagation/patterns.js +126 -0
- package/dist/analysis/constant-propagation/patterns.js.map +1 -0
- package/dist/analysis/constant-propagation/propagator.d.ts +180 -0
- package/dist/analysis/constant-propagation/propagator.js +1985 -0
- package/dist/analysis/constant-propagation/propagator.js.map +1 -0
- package/dist/analysis/constant-propagation/types.d.ts +63 -0
- package/dist/analysis/constant-propagation/types.js +5 -0
- package/dist/analysis/constant-propagation/types.js.map +1 -0
- package/dist/analysis/constant-propagation.d.ts +9 -0
- package/dist/analysis/constant-propagation.js +18 -0
- package/dist/analysis/constant-propagation.js.map +1 -0
- package/dist/analysis/dependency-scanner.d.ts +79 -0
- package/dist/analysis/dependency-scanner.js +122 -0
- package/dist/analysis/dependency-scanner.js.map +1 -0
- package/dist/analysis/dfg-verifier.d.ts +116 -0
- package/dist/analysis/dfg-verifier.js +399 -0
- package/dist/analysis/dfg-verifier.js.map +1 -0
- package/dist/analysis/findings.d.ts +11 -0
- package/dist/analysis/findings.js +228 -0
- package/dist/analysis/findings.js.map +1 -0
- package/dist/analysis/index.d.ts +16 -0
- package/dist/analysis/index.js +18 -0
- package/dist/analysis/index.js.map +1 -0
- package/dist/analysis/interprocedural.d.ts +99 -0
- package/dist/analysis/interprocedural.js +526 -0
- package/dist/analysis/interprocedural.js.map +1 -0
- package/dist/analysis/path-finder.d.ts +133 -0
- package/dist/analysis/path-finder.js +354 -0
- package/dist/analysis/path-finder.js.map +1 -0
- package/dist/analysis/rules.d.ts +75 -0
- package/dist/analysis/rules.js +332 -0
- package/dist/analysis/rules.js.map +1 -0
- package/dist/analysis/semver.d.ts +27 -0
- package/dist/analysis/semver.js +127 -0
- package/dist/analysis/semver.js.map +1 -0
- package/dist/analysis/taint-matcher.d.ts +15 -0
- package/dist/analysis/taint-matcher.js +634 -0
- package/dist/analysis/taint-matcher.js.map +1 -0
- package/dist/analysis/taint-propagation.d.ts +67 -0
- package/dist/analysis/taint-propagation.js +298 -0
- package/dist/analysis/taint-propagation.js.map +1 -0
- package/dist/analysis/unresolved.d.ts +14 -0
- package/dist/analysis/unresolved.js +202 -0
- package/dist/analysis/unresolved.js.map +1 -0
- package/dist/analyzer.d.ts +43 -0
- package/dist/analyzer.js +1010 -0
- package/dist/analyzer.js.map +1 -0
- package/dist/browser/circle-ir.js +16576 -0
- package/dist/browser.d.ts +38 -0
- package/dist/browser.js +38 -0
- package/dist/browser.js.map +1 -0
- package/dist/core/circle-ir-core.cjs +13626 -0
- package/dist/core/circle-ir-core.d.ts +59 -0
- package/dist/core/circle-ir-core.js +13591 -0
- package/dist/core/extractors/calls.d.ts +13 -0
- package/dist/core/extractors/calls.js +1429 -0
- package/dist/core/extractors/calls.js.map +1 -0
- package/dist/core/extractors/cfg.d.ts +9 -0
- package/dist/core/extractors/cfg.js +519 -0
- package/dist/core/extractors/cfg.js.map +1 -0
- package/dist/core/extractors/dfg.d.ts +12 -0
- package/dist/core/extractors/dfg.js +1081 -0
- package/dist/core/extractors/dfg.js.map +1 -0
- package/dist/core/extractors/exports.d.ts +14 -0
- package/dist/core/extractors/exports.js +80 -0
- package/dist/core/extractors/exports.js.map +1 -0
- package/dist/core/extractors/imports.d.ts +9 -0
- package/dist/core/extractors/imports.js +739 -0
- package/dist/core/extractors/imports.js.map +1 -0
- package/dist/core/extractors/index.d.ts +10 -0
- package/dist/core/extractors/index.js +11 -0
- package/dist/core/extractors/index.js.map +1 -0
- package/dist/core/extractors/meta.d.ts +10 -0
- package/dist/core/extractors/meta.js +109 -0
- package/dist/core/extractors/meta.js.map +1 -0
- package/dist/core/extractors/types.d.ts +10 -0
- package/dist/core/extractors/types.js +1479 -0
- package/dist/core/extractors/types.js.map +1 -0
- package/dist/core/index.d.ts +5 -0
- package/dist/core/index.js +8 -0
- package/dist/core/index.js.map +1 -0
- package/dist/core/parser.d.ts +84 -0
- package/dist/core/parser.js +250 -0
- package/dist/core/parser.js.map +1 -0
- package/dist/core-lib.d.ts +59 -0
- package/dist/core-lib.js +62 -0
- package/dist/core-lib.js.map +1 -0
- package/dist/index.d.ts +15 -0
- package/dist/index.js +20 -0
- package/dist/index.js.map +1 -0
- package/dist/languages/index.d.ts +11 -0
- package/dist/languages/index.js +14 -0
- package/dist/languages/index.js.map +1 -0
- package/dist/languages/plugins/base.d.ts +44 -0
- package/dist/languages/plugins/base.js +82 -0
- package/dist/languages/plugins/base.js.map +1 -0
- package/dist/languages/plugins/index.d.ts +14 -0
- package/dist/languages/plugins/index.js +25 -0
- package/dist/languages/plugins/index.js.map +1 -0
- package/dist/languages/plugins/java.d.ts +49 -0
- package/dist/languages/plugins/java.js +402 -0
- package/dist/languages/plugins/java.js.map +1 -0
- package/dist/languages/plugins/javascript.d.ts +48 -0
- package/dist/languages/plugins/javascript.js +445 -0
- package/dist/languages/plugins/javascript.js.map +1 -0
- package/dist/languages/plugins/python.d.ts +47 -0
- package/dist/languages/plugins/python.js +480 -0
- package/dist/languages/plugins/python.js.map +1 -0
- package/dist/languages/plugins/rust.d.ts +47 -0
- package/dist/languages/plugins/rust.js +405 -0
- package/dist/languages/plugins/rust.js.map +1 -0
- package/dist/languages/registry.d.ts +30 -0
- package/dist/languages/registry.js +80 -0
- package/dist/languages/registry.js.map +1 -0
- package/dist/languages/types.d.ts +184 -0
- package/dist/languages/types.js +8 -0
- package/dist/languages/types.js.map +1 -0
- package/dist/resolution/cross-file.d.ts +146 -0
- package/dist/resolution/cross-file.js +439 -0
- package/dist/resolution/cross-file.js.map +1 -0
- package/dist/resolution/index.d.ts +12 -0
- package/dist/resolution/index.js +10 -0
- package/dist/resolution/index.js.map +1 -0
- package/dist/resolution/symbol-table.d.ts +136 -0
- package/dist/resolution/symbol-table.js +336 -0
- package/dist/resolution/symbol-table.js.map +1 -0
- package/dist/resolution/type-hierarchy.d.ts +124 -0
- package/dist/resolution/type-hierarchy.js +515 -0
- package/dist/resolution/type-hierarchy.js.map +1 -0
- package/dist/types/config.d.ts +45 -0
- package/dist/types/config.js +5 -0
- package/dist/types/config.js.map +1 -0
- package/dist/types/index.d.ts +392 -0
- package/dist/types/index.js +7 -0
- package/dist/types/index.js.map +1 -0
- package/dist/utils/logger.d.ts +85 -0
- package/dist/utils/logger.js +198 -0
- package/dist/utils/logger.js.map +1 -0
- package/dist/wasm/tree-sitter-java.wasm +0 -0
- package/dist/wasm/tree-sitter-javascript.wasm +0 -0
- package/dist/wasm/tree-sitter-python.wasm +0 -0
- package/dist/wasm/tree-sitter-rust.wasm +0 -0
- package/dist/wasm/web-tree-sitter.wasm +0 -0
- package/docs/SPEC.md +1021 -0
- package/examples/browser-example.html +610 -0
- package/examples/node-example.ts +215 -0
- package/package.json +107 -0
- package/wasm/tree-sitter-java.wasm +0 -0
- package/wasm/tree-sitter-javascript.wasm +0 -0
- package/wasm/tree-sitter-python.wasm +0 -0
- package/wasm/tree-sitter-rust.wasm +0 -0
|
@@ -0,0 +1,160 @@
|
|
|
1
|
+
{
|
|
2
|
+
"sinks": [
|
|
3
|
+
{
|
|
4
|
+
"method": "sendRedirect",
|
|
5
|
+
"class": "HttpServletResponse",
|
|
6
|
+
"type": "ssrf",
|
|
7
|
+
"cwe": "CWE-601",
|
|
8
|
+
"severity": "high",
|
|
9
|
+
"arg_positions": [0],
|
|
10
|
+
"note": "Open redirect - user-controlled URL can redirect to malicious site"
|
|
11
|
+
},
|
|
12
|
+
{
|
|
13
|
+
"method": "setHeader",
|
|
14
|
+
"class": "HttpServletResponse",
|
|
15
|
+
"type": "ssrf",
|
|
16
|
+
"cwe": "CWE-601",
|
|
17
|
+
"severity": "medium",
|
|
18
|
+
"arg_positions": [1],
|
|
19
|
+
"note": "Header injection - especially dangerous for Location header"
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
"method": "addHeader",
|
|
23
|
+
"class": "HttpServletResponse",
|
|
24
|
+
"type": "ssrf",
|
|
25
|
+
"cwe": "CWE-601",
|
|
26
|
+
"severity": "medium",
|
|
27
|
+
"arg_positions": [1],
|
|
28
|
+
"note": "Header injection"
|
|
29
|
+
},
|
|
30
|
+
{
|
|
31
|
+
"method": "openConnection",
|
|
32
|
+
"class": "URL",
|
|
33
|
+
"type": "ssrf",
|
|
34
|
+
"cwe": "CWE-918",
|
|
35
|
+
"severity": "critical",
|
|
36
|
+
"arg_positions": [],
|
|
37
|
+
"note": "SSRF - server-side request to user-controlled URL"
|
|
38
|
+
},
|
|
39
|
+
{
|
|
40
|
+
"method": "openStream",
|
|
41
|
+
"class": "URL",
|
|
42
|
+
"type": "ssrf",
|
|
43
|
+
"cwe": "CWE-918",
|
|
44
|
+
"severity": "critical",
|
|
45
|
+
"arg_positions": [],
|
|
46
|
+
"note": "SSRF - fetches content from user-controlled URL"
|
|
47
|
+
},
|
|
48
|
+
{
|
|
49
|
+
"method": "URL",
|
|
50
|
+
"class": "constructor",
|
|
51
|
+
"type": "ssrf",
|
|
52
|
+
"cwe": "CWE-918",
|
|
53
|
+
"severity": "high",
|
|
54
|
+
"arg_positions": [0],
|
|
55
|
+
"note": "URL construction with user input"
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
"method": "URI",
|
|
59
|
+
"class": "constructor",
|
|
60
|
+
"type": "ssrf",
|
|
61
|
+
"cwe": "CWE-918",
|
|
62
|
+
"severity": "high",
|
|
63
|
+
"arg_positions": [0],
|
|
64
|
+
"note": "URI construction with user input"
|
|
65
|
+
},
|
|
66
|
+
{
|
|
67
|
+
"method": "create",
|
|
68
|
+
"class": "URI",
|
|
69
|
+
"type": "ssrf",
|
|
70
|
+
"cwe": "CWE-918",
|
|
71
|
+
"severity": "high",
|
|
72
|
+
"arg_positions": [0],
|
|
73
|
+
"note": "URI.create with user input"
|
|
74
|
+
},
|
|
75
|
+
{
|
|
76
|
+
"method": "get",
|
|
77
|
+
"class": "HttpClient",
|
|
78
|
+
"type": "ssrf",
|
|
79
|
+
"cwe": "CWE-918",
|
|
80
|
+
"severity": "critical",
|
|
81
|
+
"arg_positions": [0],
|
|
82
|
+
"note": "HTTP client GET request to user-controlled URL"
|
|
83
|
+
},
|
|
84
|
+
{
|
|
85
|
+
"method": "post",
|
|
86
|
+
"class": "HttpClient",
|
|
87
|
+
"type": "ssrf",
|
|
88
|
+
"cwe": "CWE-918",
|
|
89
|
+
"severity": "critical",
|
|
90
|
+
"arg_positions": [0],
|
|
91
|
+
"note": "HTTP client POST request to user-controlled URL"
|
|
92
|
+
},
|
|
93
|
+
{
|
|
94
|
+
"method": "execute",
|
|
95
|
+
"class": "HttpClient",
|
|
96
|
+
"type": "ssrf",
|
|
97
|
+
"cwe": "CWE-918",
|
|
98
|
+
"severity": "critical",
|
|
99
|
+
"arg_positions": [0],
|
|
100
|
+
"note": "HTTP client execute with user-controlled request"
|
|
101
|
+
},
|
|
102
|
+
{
|
|
103
|
+
"method": "getForObject",
|
|
104
|
+
"class": "RestTemplate",
|
|
105
|
+
"type": "ssrf",
|
|
106
|
+
"cwe": "CWE-918",
|
|
107
|
+
"severity": "critical",
|
|
108
|
+
"arg_positions": [0],
|
|
109
|
+
"note": "Spring RestTemplate GET request"
|
|
110
|
+
},
|
|
111
|
+
{
|
|
112
|
+
"method": "getForEntity",
|
|
113
|
+
"class": "RestTemplate",
|
|
114
|
+
"type": "ssrf",
|
|
115
|
+
"cwe": "CWE-918",
|
|
116
|
+
"severity": "critical",
|
|
117
|
+
"arg_positions": [0],
|
|
118
|
+
"note": "Spring RestTemplate GET request"
|
|
119
|
+
},
|
|
120
|
+
{
|
|
121
|
+
"method": "postForObject",
|
|
122
|
+
"class": "RestTemplate",
|
|
123
|
+
"type": "ssrf",
|
|
124
|
+
"cwe": "CWE-918",
|
|
125
|
+
"severity": "critical",
|
|
126
|
+
"arg_positions": [0],
|
|
127
|
+
"note": "Spring RestTemplate POST request"
|
|
128
|
+
},
|
|
129
|
+
{
|
|
130
|
+
"method": "postForEntity",
|
|
131
|
+
"class": "RestTemplate",
|
|
132
|
+
"type": "ssrf",
|
|
133
|
+
"cwe": "CWE-918",
|
|
134
|
+
"severity": "critical",
|
|
135
|
+
"arg_positions": [0],
|
|
136
|
+
"note": "Spring RestTemplate POST request"
|
|
137
|
+
},
|
|
138
|
+
{
|
|
139
|
+
"method": "exchange",
|
|
140
|
+
"class": "RestTemplate",
|
|
141
|
+
"type": "ssrf",
|
|
142
|
+
"cwe": "CWE-918",
|
|
143
|
+
"severity": "critical",
|
|
144
|
+
"arg_positions": [0],
|
|
145
|
+
"note": "Spring RestTemplate exchange request"
|
|
146
|
+
}
|
|
147
|
+
],
|
|
148
|
+
"sanitizers": [
|
|
149
|
+
{
|
|
150
|
+
"method": "validateUrl",
|
|
151
|
+
"removes": ["ssrf"],
|
|
152
|
+
"note": "URL validation function"
|
|
153
|
+
},
|
|
154
|
+
{
|
|
155
|
+
"method": "isAllowedHost",
|
|
156
|
+
"removes": ["ssrf"],
|
|
157
|
+
"note": "Host allowlist check"
|
|
158
|
+
}
|
|
159
|
+
]
|
|
160
|
+
}
|
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
{
|
|
2
|
+
"sinks": [
|
|
3
|
+
{
|
|
4
|
+
"method": "evaluate",
|
|
5
|
+
"class": "XPath",
|
|
6
|
+
"type": "xpath_injection",
|
|
7
|
+
"cwe": "CWE-643",
|
|
8
|
+
"severity": "critical",
|
|
9
|
+
"arg_positions": [
|
|
10
|
+
0
|
|
11
|
+
],
|
|
12
|
+
"note": "XPath injection if user input in expression"
|
|
13
|
+
},
|
|
14
|
+
{
|
|
15
|
+
"method": "compile",
|
|
16
|
+
"class": "XPath",
|
|
17
|
+
"type": "xpath_injection",
|
|
18
|
+
"cwe": "CWE-643",
|
|
19
|
+
"severity": "critical",
|
|
20
|
+
"arg_positions": [
|
|
21
|
+
0
|
|
22
|
+
]
|
|
23
|
+
},
|
|
24
|
+
{
|
|
25
|
+
"method": "evaluate",
|
|
26
|
+
"class": "XPathExpression",
|
|
27
|
+
"type": "xpath_injection",
|
|
28
|
+
"cwe": "CWE-643",
|
|
29
|
+
"severity": "critical",
|
|
30
|
+
"arg_positions": [
|
|
31
|
+
0
|
|
32
|
+
]
|
|
33
|
+
},
|
|
34
|
+
{
|
|
35
|
+
"method": "evaluate",
|
|
36
|
+
"class": "XPathEvaluator",
|
|
37
|
+
"type": "xpath_injection",
|
|
38
|
+
"cwe": "CWE-643",
|
|
39
|
+
"severity": "critical",
|
|
40
|
+
"arg_positions": [
|
|
41
|
+
0
|
|
42
|
+
]
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
"method": "selectNodes",
|
|
46
|
+
"class": "XPath",
|
|
47
|
+
"type": "xpath_injection",
|
|
48
|
+
"cwe": "CWE-643",
|
|
49
|
+
"severity": "critical",
|
|
50
|
+
"arg_positions": [
|
|
51
|
+
0
|
|
52
|
+
]
|
|
53
|
+
},
|
|
54
|
+
{
|
|
55
|
+
"method": "selectSingleNode",
|
|
56
|
+
"class": "XPath",
|
|
57
|
+
"type": "xpath_injection",
|
|
58
|
+
"cwe": "CWE-643",
|
|
59
|
+
"severity": "critical",
|
|
60
|
+
"arg_positions": [
|
|
61
|
+
0
|
|
62
|
+
]
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
"method": "selectNodes",
|
|
66
|
+
"class": "Node",
|
|
67
|
+
"type": "xpath_injection",
|
|
68
|
+
"cwe": "CWE-643",
|
|
69
|
+
"severity": "critical",
|
|
70
|
+
"arg_positions": [
|
|
71
|
+
0
|
|
72
|
+
]
|
|
73
|
+
},
|
|
74
|
+
{
|
|
75
|
+
"method": "selectSingleNode",
|
|
76
|
+
"class": "Node",
|
|
77
|
+
"type": "xpath_injection",
|
|
78
|
+
"cwe": "CWE-643",
|
|
79
|
+
"severity": "critical",
|
|
80
|
+
"arg_positions": [
|
|
81
|
+
0
|
|
82
|
+
]
|
|
83
|
+
},
|
|
84
|
+
{
|
|
85
|
+
"method": "createXPath",
|
|
86
|
+
"class": "DocumentHelper",
|
|
87
|
+
"type": "xpath_injection",
|
|
88
|
+
"cwe": "CWE-643",
|
|
89
|
+
"severity": "critical",
|
|
90
|
+
"arg_positions": [
|
|
91
|
+
0
|
|
92
|
+
]
|
|
93
|
+
},
|
|
94
|
+
{
|
|
95
|
+
"method": "setQuery",
|
|
96
|
+
"class": "XQPreparedExpression",
|
|
97
|
+
"type": "xpath_injection",
|
|
98
|
+
"cwe": "CWE-643",
|
|
99
|
+
"severity": "critical",
|
|
100
|
+
"arg_positions": [
|
|
101
|
+
0
|
|
102
|
+
]
|
|
103
|
+
}
|
|
104
|
+
],
|
|
105
|
+
"sanitizers": [
|
|
106
|
+
{
|
|
107
|
+
"method": "setXPathVariableResolver",
|
|
108
|
+
"class": "XPath",
|
|
109
|
+
"removes": [
|
|
110
|
+
"xpath_injection"
|
|
111
|
+
],
|
|
112
|
+
"note": "Using variables is safe"
|
|
113
|
+
},
|
|
114
|
+
{
|
|
115
|
+
"method": "encodeForXPath",
|
|
116
|
+
"removes": [
|
|
117
|
+
"xpath_injection"
|
|
118
|
+
]
|
|
119
|
+
}
|
|
120
|
+
]
|
|
121
|
+
}
|