circle-ir 3.121.0 → 3.124.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/analysis/interprocedural.d.ts.map +1 -1
- package/dist/analysis/interprocedural.js +61 -16
- package/dist/analysis/interprocedural.js.map +1 -1
- package/dist/analysis/passes/language-sources-pass.d.ts +30 -0
- package/dist/analysis/passes/language-sources-pass.d.ts.map +1 -1
- package/dist/analysis/passes/language-sources-pass.js +940 -0
- package/dist/analysis/passes/language-sources-pass.js.map +1 -1
- package/dist/analysis/taint-matcher.d.ts.map +1 -1
- package/dist/analysis/taint-matcher.js +4 -0
- package/dist/analysis/taint-matcher.js.map +1 -1
- package/dist/browser/circle-ir.js +672 -3
- package/dist/core/circle-ir-core.cjs +5 -1
- package/dist/core/circle-ir-core.js +5 -1
- package/package.json +1 -1
|
@@ -12219,7 +12219,11 @@ var PYTHON_TAINTED_PATTERNS = [
|
|
|
12219
12219
|
{ pattern: /\brequest\.META\b/, sourceType: "http_header" },
|
|
12220
12220
|
{ pattern: /\brequest\.FILES\b/, sourceType: "file_input" },
|
|
12221
12221
|
{ pattern: /\brequest\.query_params\b/, sourceType: "http_param" },
|
|
12222
|
-
{ pattern: /\brequest\.path_params\b/, sourceType: "http_param" }
|
|
12222
|
+
{ pattern: /\brequest\.path_params\b/, sourceType: "http_param" },
|
|
12223
|
+
// Sprint 72 (#183 residual): builtin `input()` is a stdin user-input
|
|
12224
|
+
// source. Already registered in configs/sources/python.json; add to the
|
|
12225
|
+
// regex registry so it's recognized in subscript/var contexts.
|
|
12226
|
+
{ pattern: /\binput\s*\(/, sourceType: "io_input" }
|
|
12223
12227
|
];
|
|
12224
12228
|
function analyzeTaint(calls, types, config = getDefaultConfig(), typeHierarchy, language, code) {
|
|
12225
12229
|
const sourceLines = code !== void 0 ? code.split("\n") : void 0;
|
|
@@ -12153,7 +12153,11 @@ var PYTHON_TAINTED_PATTERNS = [
|
|
|
12153
12153
|
{ pattern: /\brequest\.META\b/, sourceType: "http_header" },
|
|
12154
12154
|
{ pattern: /\brequest\.FILES\b/, sourceType: "file_input" },
|
|
12155
12155
|
{ pattern: /\brequest\.query_params\b/, sourceType: "http_param" },
|
|
12156
|
-
{ pattern: /\brequest\.path_params\b/, sourceType: "http_param" }
|
|
12156
|
+
{ pattern: /\brequest\.path_params\b/, sourceType: "http_param" },
|
|
12157
|
+
// Sprint 72 (#183 residual): builtin `input()` is a stdin user-input
|
|
12158
|
+
// source. Already registered in configs/sources/python.json; add to the
|
|
12159
|
+
// regex registry so it's recognized in subscript/var contexts.
|
|
12160
|
+
{ pattern: /\binput\s*\(/, sourceType: "io_input" }
|
|
12157
12161
|
];
|
|
12158
12162
|
function analyzeTaint(calls, types, config = getDefaultConfig(), typeHierarchy, language, code) {
|
|
12159
12163
|
const sourceLines = code !== void 0 ? code.split("\n") : void 0;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "circle-ir",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.124.0",
|
|
4
4
|
"description": "High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.js",
|