circle-ir 3.17.0 → 3.17.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -1
- package/dist/browser/circle-ir.js +8 -0
- package/dist/core/circle-ir-core.cjs +8 -0
- package/dist/core/circle-ir-core.js +8 -0
- package/dist/core/parser.js +14 -1
- package/dist/core/parser.js.map +1 -1
- package/dist/languages/index.d.ts +1 -1
- package/dist/languages/index.js +1 -1
- package/dist/languages/types.d.ts +1 -1
- package/dist/languages/types.js +1 -1
- package/docs/SPEC.md +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -8,7 +8,7 @@ A high-performance Static Application Security Testing (SAST) library for detect
|
|
|
8
8
|
## Features
|
|
9
9
|
|
|
10
10
|
- **Taint Analysis**: Track data flow from sources (user input) to sinks (dangerous operations)
|
|
11
|
-
- **Multi-language Support**: Java, JavaScript/TypeScript, Python, Rust, Bash/Shell
|
|
11
|
+
- **Multi-language Support**: Java, JavaScript/TypeScript, Python, Rust, Bash/Shell, HTML
|
|
12
12
|
- **High Accuracy**: 100% on OWASP Benchmark, 100% on Juliet Test Suite, 97.7% TPR on SecuriBench Micro
|
|
13
13
|
- **36-Pass Pipeline**: 19 security taint passes + 17 reliability/performance/maintainability/architecture quality passes
|
|
14
14
|
- **Metrics Engine**: 24 software quality metrics (cyclomatic complexity, Halstead, CBO, RFC, LCOM, DIT, and 4 composite scores)
|
|
@@ -207,6 +207,9 @@ const response = await analyzeForAPI(code, 'File.java', 'java');
|
|
|
207
207
|
| **Python** | tree-sitter-python | Flask, Django, FastAPI |
|
|
208
208
|
| **Rust** | tree-sitter-rust | Actix-web, Rocket, Axum |
|
|
209
209
|
| **Bash/Shell** | tree-sitter-bash | Shell scripts (.sh, .bash, .zsh, .ksh) |
|
|
210
|
+
| **HTML** | tree-sitter-html | Web extraction preprocessor (.html, .htm, .xhtml) |
|
|
211
|
+
|
|
212
|
+
HTML is handled as a preprocessor: `<script>` blocks are extracted and analyzed as JavaScript, inline event handlers are analyzed as JS snippets, and 8 attribute-level security checks (missing noopener, javascript: URIs, missing sandbox/SRI, mixed content, etc.) run directly on the HTML AST.
|
|
210
213
|
|
|
211
214
|
### Multi-Language Examples
|
|
212
215
|
|
|
@@ -219,6 +222,9 @@ const pyResult = await analyze(pyCode, 'app.py', 'python');
|
|
|
219
222
|
|
|
220
223
|
// Analyze Rust
|
|
221
224
|
const rsResult = await analyze(rsCode, 'main.rs', 'rust');
|
|
225
|
+
|
|
226
|
+
// Analyze HTML (extracts scripts, checks attributes)
|
|
227
|
+
const htmlResult = await analyze(htmlCode, 'index.html', 'html');
|
|
222
228
|
```
|
|
223
229
|
|
|
224
230
|
## Detected Security Vulnerabilities
|
|
@@ -4133,6 +4133,10 @@ async function getDefaultWasmPath() {
|
|
|
4133
4133
|
const mods = await getNodeModules();
|
|
4134
4134
|
if (mods && moduleDir) {
|
|
4135
4135
|
const packageRoot = mods.join(moduleDir, "..", "..");
|
|
4136
|
+
const distWasmPath = mods.join(packageRoot, "dist", "wasm", "web-tree-sitter.wasm");
|
|
4137
|
+
if (mods.existsSync(distWasmPath)) {
|
|
4138
|
+
return distWasmPath;
|
|
4139
|
+
}
|
|
4136
4140
|
const packageNodeModulesPath = mods.join(packageRoot, "node_modules", "web-tree-sitter", "web-tree-sitter.wasm");
|
|
4137
4141
|
if (mods.existsSync(packageNodeModulesPath)) {
|
|
4138
4142
|
return packageNodeModulesPath;
|
|
@@ -4145,6 +4149,10 @@ async function getDefaultLanguagePath(language) {
|
|
|
4145
4149
|
const mods = await getNodeModules();
|
|
4146
4150
|
if (mods && moduleDir) {
|
|
4147
4151
|
const packageRoot = mods.join(moduleDir, "..", "..");
|
|
4152
|
+
const distWasmPath = mods.join(packageRoot, "dist", "wasm", `tree-sitter-${grammarName}.wasm`);
|
|
4153
|
+
if (mods.existsSync(distWasmPath)) {
|
|
4154
|
+
return distWasmPath;
|
|
4155
|
+
}
|
|
4148
4156
|
const packageWasmPath = mods.join(packageRoot, "wasm", `tree-sitter-${grammarName}.wasm`);
|
|
4149
4157
|
if (mods.existsSync(packageWasmPath)) {
|
|
4150
4158
|
return packageWasmPath;
|
|
@@ -4198,6 +4198,10 @@ async function getDefaultWasmPath() {
|
|
|
4198
4198
|
const mods = await getNodeModules();
|
|
4199
4199
|
if (mods && moduleDir) {
|
|
4200
4200
|
const packageRoot = mods.join(moduleDir, "..", "..");
|
|
4201
|
+
const distWasmPath = mods.join(packageRoot, "dist", "wasm", "web-tree-sitter.wasm");
|
|
4202
|
+
if (mods.existsSync(distWasmPath)) {
|
|
4203
|
+
return distWasmPath;
|
|
4204
|
+
}
|
|
4201
4205
|
const packageNodeModulesPath = mods.join(packageRoot, "node_modules", "web-tree-sitter", "web-tree-sitter.wasm");
|
|
4202
4206
|
if (mods.existsSync(packageNodeModulesPath)) {
|
|
4203
4207
|
return packageNodeModulesPath;
|
|
@@ -4210,6 +4214,10 @@ async function getDefaultLanguagePath(language) {
|
|
|
4210
4214
|
const mods = await getNodeModules();
|
|
4211
4215
|
if (mods && moduleDir) {
|
|
4212
4216
|
const packageRoot = mods.join(moduleDir, "..", "..");
|
|
4217
|
+
const distWasmPath = mods.join(packageRoot, "dist", "wasm", `tree-sitter-${grammarName}.wasm`);
|
|
4218
|
+
if (mods.existsSync(distWasmPath)) {
|
|
4219
|
+
return distWasmPath;
|
|
4220
|
+
}
|
|
4213
4221
|
const packageWasmPath = mods.join(packageRoot, "wasm", `tree-sitter-${grammarName}.wasm`);
|
|
4214
4222
|
if (mods.existsSync(packageWasmPath)) {
|
|
4215
4223
|
return packageWasmPath;
|
|
@@ -4133,6 +4133,10 @@ async function getDefaultWasmPath() {
|
|
|
4133
4133
|
const mods = await getNodeModules();
|
|
4134
4134
|
if (mods && moduleDir) {
|
|
4135
4135
|
const packageRoot = mods.join(moduleDir, "..", "..");
|
|
4136
|
+
const distWasmPath = mods.join(packageRoot, "dist", "wasm", "web-tree-sitter.wasm");
|
|
4137
|
+
if (mods.existsSync(distWasmPath)) {
|
|
4138
|
+
return distWasmPath;
|
|
4139
|
+
}
|
|
4136
4140
|
const packageNodeModulesPath = mods.join(packageRoot, "node_modules", "web-tree-sitter", "web-tree-sitter.wasm");
|
|
4137
4141
|
if (mods.existsSync(packageNodeModulesPath)) {
|
|
4138
4142
|
return packageNodeModulesPath;
|
|
@@ -4145,6 +4149,10 @@ async function getDefaultLanguagePath(language) {
|
|
|
4145
4149
|
const mods = await getNodeModules();
|
|
4146
4150
|
if (mods && moduleDir) {
|
|
4147
4151
|
const packageRoot = mods.join(moduleDir, "..", "..");
|
|
4152
|
+
const distWasmPath = mods.join(packageRoot, "dist", "wasm", `tree-sitter-${grammarName}.wasm`);
|
|
4153
|
+
if (mods.existsSync(distWasmPath)) {
|
|
4154
|
+
return distWasmPath;
|
|
4155
|
+
}
|
|
4148
4156
|
const packageWasmPath = mods.join(packageRoot, "wasm", `tree-sitter-${grammarName}.wasm`);
|
|
4149
4157
|
if (mods.existsSync(packageWasmPath)) {
|
|
4150
4158
|
return packageWasmPath;
|
package/dist/core/parser.js
CHANGED
|
@@ -233,7 +233,14 @@ async function getDefaultWasmPath() {
|
|
|
233
233
|
// In Node.js, resolve relative to this module's location
|
|
234
234
|
// This works whether circle-ir is in node_modules or run from source
|
|
235
235
|
const packageRoot = mods.join(moduleDir, '..', '..');
|
|
236
|
-
// First, try the package's
|
|
236
|
+
// First, try the package's own dist/wasm/ directory (shipped with npm package).
|
|
237
|
+
// This is the most reliable location when circle-ir is installed as a dependency,
|
|
238
|
+
// since it doesn't depend on node_modules hoisting structure.
|
|
239
|
+
const distWasmPath = mods.join(packageRoot, 'dist', 'wasm', 'web-tree-sitter.wasm');
|
|
240
|
+
if (mods.existsSync(distWasmPath)) {
|
|
241
|
+
return distWasmPath;
|
|
242
|
+
}
|
|
243
|
+
// Then try the package's node_modules (installed package)
|
|
237
244
|
const packageNodeModulesPath = mods.join(packageRoot, 'node_modules', 'web-tree-sitter', 'web-tree-sitter.wasm');
|
|
238
245
|
if (mods.existsSync(packageNodeModulesPath)) {
|
|
239
246
|
return packageNodeModulesPath;
|
|
@@ -252,6 +259,12 @@ async function getDefaultLanguagePath(language) {
|
|
|
252
259
|
if (mods && moduleDir) {
|
|
253
260
|
// In Node.js, resolve relative to this module's location
|
|
254
261
|
const packageRoot = mods.join(moduleDir, '..', '..');
|
|
262
|
+
// First, try dist/wasm/ (shipped with npm package, works regardless of hoisting)
|
|
263
|
+
const distWasmPath = mods.join(packageRoot, 'dist', 'wasm', `tree-sitter-${grammarName}.wasm`);
|
|
264
|
+
if (mods.existsSync(distWasmPath)) {
|
|
265
|
+
return distWasmPath;
|
|
266
|
+
}
|
|
267
|
+
// Then try the source wasm/ directory (development)
|
|
255
268
|
const packageWasmPath = mods.join(packageRoot, 'wasm', `tree-sitter-${grammarName}.wasm`);
|
|
256
269
|
if (mods.existsSync(packageWasmPath)) {
|
|
257
270
|
return packageWasmPath;
|
package/dist/core/parser.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/core/parser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAQ,MAAM,iBAAiB,CAAC;AAE/D,uDAAuD;AACvD,+DAA+D;AAC/D,IAAI,WAAW,GAKJ,IAAI,CAAC;AAEhB,IAAI,SAAS,GAAkB,IAAI,CAAC;AAEpC;;GAEG;AACH,KAAK,UAAU,cAAc;IAC3B,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC;IAEpC,IAAI,CAAC;QACH,yDAAyD;QACzD,MAAM,aAAa,GAAG,IAAI,QAAQ,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;QAC5D,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACjD,aAAa,CAAC,KAAK,CAAC;YACpB,aAAa,CAAC,MAAM,CAAC;YACrB,aAAa,CAAC,IAAI,CAAC;SACpB,CAAC,CAAC;QACH,WAAW,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,UAAU,EAAE,KAAK,CAAC,UAAU;SAC7B,CAAC;QACF,6BAA6B;QAC7B,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5E,OAAO,WAAW,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,8CAA8C;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,0CAA0C;AAC1C,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AAoC1B,IAAI,iBAAiB,GAAG,KAAK,CAAC;AAC9B,IAAI,kBAAkB,GAAyB,IAAI,CAAC;AACpD,MAAM,eAAe,GAAG,IAAI,GAAG,EAA+B,CAAC;AAC/D,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAwC,CAAC;AACzE,IAAI,uBAAuB,GAA+C,EAAE,CAAC;AAC7E,IAAI,yBAAyB,GAA2D,EAAE,CAAC;AAE3F;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,UAAyB,EAAE;IAC1D,IAAI,iBAAiB,EAAE,CAAC;QACtB,OAAO;IACT,CAAC;IAED,qDAAqD;IACrD,IAAI,kBAAkB,EAAE,CAAC;QACvB,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IAED,6DAA6D;IAC7D,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;QAC1B,uBAAuB,GAAG,OAAO,CAAC,aAAa,CAAC;IAClD,CAAC;IACD,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QAC5B,yBAAyB,GAAG,OAAO,CAAC,eAAe,CAAC;IACtD,CAAC;IAED,6CAA6C;IAC7C,kBAAkB,GAAG,CAAC,KAAK,IAAI,EAAE;QAC/B,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,6FAA6F;YAC7F,oFAAoF;YACpF,MAAM,MAAM,CAAC,IAAI,CAAC;gBAChB,UAAU,EAAE,GAAG,EAAE,CAAC,sBAAsB;gBACxC,eAAe,CAAC,OAA4B,EAAE,QAA+E;oBAC3H,MAAM,QAAQ,GAAG,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAW,EAAE,OAAO,CAAC,CAAC;oBACxE,gFAAgF;oBAChF,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAW,CAAC,CAAC;oBACxC,OAAO,QAAQ,CAAC,OAAO,CAAC;gBAC1B,CAAC;aACF,CAAC,CAAC;QAEL,CAAC;aAAM,CAAC;YACN,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,MAAM,kBAAkB,EAAE,CAAC;YAChE,MAAM,MAAM,CAAC,IAAI,CAAC;gBAChB,UAAU,EAAE,GAAG,EAAE,CAAC,QAAQ;aAC3B,CAAC,CAAC;QACL,CAAC;QACD,iBAAiB,GAAG,IAAI,CAAC;QACzB,kBAAkB,GAAG,IAAI,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC;IAEL,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,QAA2B,EAC3B,QAAiB;IAEjB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,oBAAoB;IACpB,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC7C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,8DAA8D;IAC9D,MAAM,OAAO,GAAG,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC/C,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,2DAA2D;IAC3D,MAAM,WAAW,GAAG,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC;IACxE,MAAM,UAAU,GAAG,yBAAyB,CAAC,QAAQ,CAAC,IAAI,yBAAyB,CAAC,WAAgC,CAAC,CAAC;IACtH,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,WAAW,GAAG,CAAC,KAAK,IAAI,EAAE;YAC9B,qEAAqE;YACrE,gEAAgE;YAChE,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,UAAmC,CAAC,CAAC;YACtE,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,EAAE,CAAC;QACL,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAC5C,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,8DAA8D;IAC9D,MAAM,IAAI,GAAG,QAAQ,IAAI,uBAAuB,CAAC,QAAQ,CAAC,IAAI,MAAM,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IAErG,sCAAsC;IACtC,MAAM,WAAW,GAAG,CAAC,KAAK,IAAI,EAAE;QAC9B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvC,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QACpC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,EAAE,CAAC;IAEL,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IAE5C,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAA2B;IAC5D,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;IAC5B,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CACzB,IAAY,EACZ,QAA2B;IAE3B,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ,CACtB,IAAU,EACV,OAA6B;IAE7B,OAAO,CAAC,IAAI,CAAC,CAAC;IACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,KAAK,EAAE,CAAC;YACV,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,IAAU,EAAE,IAAY;IAChD,MAAM,OAAO,GAAW,EAAE,CAAC;IAC3B,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE;QACnB,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAQD;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,IAAU,EAAE,KAAkB;IAC5D,MAAM,KAAK,GAAc,IAAI,GAAG,EAAE,CAAC;IACnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACtB,CAAC;IAED,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE;QACnB,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACtB,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAU,EAAE,IAAY,EAAE,KAAiB;IAC3E,IAAI,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC;IAC1B,CAAC;IACD,OAAO,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,IAAU,EAAE,IAAY;IACnD,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;IAC1B,OAAO,OAAO,EAAE,CAAC;QACf,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YAC1B,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IAC3B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAU;IACpC,OAAO,IAAI,CAAC,IAAI,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,kBAAkB;IAC/B,MAAM,IAAI,GAAG,MAAM,cAAc,EAAE,CAAC;IAEpC,IAAI,IAAI,IAAI,SAAS,EAAE,CAAC;QACtB,yDAAyD;QACzD,qEAAqE;QACrE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAErD,
|
|
1
|
+
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/core/parser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAQ,MAAM,iBAAiB,CAAC;AAE/D,uDAAuD;AACvD,+DAA+D;AAC/D,IAAI,WAAW,GAKJ,IAAI,CAAC;AAEhB,IAAI,SAAS,GAAkB,IAAI,CAAC;AAEpC;;GAEG;AACH,KAAK,UAAU,cAAc;IAC3B,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC;IAEpC,IAAI,CAAC;QACH,yDAAyD;QACzD,MAAM,aAAa,GAAG,IAAI,QAAQ,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;QAC5D,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACjD,aAAa,CAAC,KAAK,CAAC;YACpB,aAAa,CAAC,MAAM,CAAC;YACrB,aAAa,CAAC,IAAI,CAAC;SACpB,CAAC,CAAC;QACH,WAAW,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,UAAU,EAAE,KAAK,CAAC,UAAU;SAC7B,CAAC;QACF,6BAA6B;QAC7B,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5E,OAAO,WAAW,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,8CAA8C;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,0CAA0C;AAC1C,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AAoC1B,IAAI,iBAAiB,GAAG,KAAK,CAAC;AAC9B,IAAI,kBAAkB,GAAyB,IAAI,CAAC;AACpD,MAAM,eAAe,GAAG,IAAI,GAAG,EAA+B,CAAC;AAC/D,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAwC,CAAC;AACzE,IAAI,uBAAuB,GAA+C,EAAE,CAAC;AAC7E,IAAI,yBAAyB,GAA2D,EAAE,CAAC;AAE3F;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,UAAyB,EAAE;IAC1D,IAAI,iBAAiB,EAAE,CAAC;QACtB,OAAO;IACT,CAAC;IAED,qDAAqD;IACrD,IAAI,kBAAkB,EAAE,CAAC;QACvB,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IAED,6DAA6D;IAC7D,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;QAC1B,uBAAuB,GAAG,OAAO,CAAC,aAAa,CAAC;IAClD,CAAC;IACD,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QAC5B,yBAAyB,GAAG,OAAO,CAAC,eAAe,CAAC;IACtD,CAAC;IAED,6CAA6C;IAC7C,kBAAkB,GAAG,CAAC,KAAK,IAAI,EAAE;QAC/B,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,6FAA6F;YAC7F,oFAAoF;YACpF,MAAM,MAAM,CAAC,IAAI,CAAC;gBAChB,UAAU,EAAE,GAAG,EAAE,CAAC,sBAAsB;gBACxC,eAAe,CAAC,OAA4B,EAAE,QAA+E;oBAC3H,MAAM,QAAQ,GAAG,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAW,EAAE,OAAO,CAAC,CAAC;oBACxE,gFAAgF;oBAChF,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAW,CAAC,CAAC;oBACxC,OAAO,QAAQ,CAAC,OAAO,CAAC;gBAC1B,CAAC;aACF,CAAC,CAAC;QAEL,CAAC;aAAM,CAAC;YACN,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,MAAM,kBAAkB,EAAE,CAAC;YAChE,MAAM,MAAM,CAAC,IAAI,CAAC;gBAChB,UAAU,EAAE,GAAG,EAAE,CAAC,QAAQ;aAC3B,CAAC,CAAC;QACL,CAAC;QACD,iBAAiB,GAAG,IAAI,CAAC;QACzB,kBAAkB,GAAG,IAAI,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC;IAEL,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,QAA2B,EAC3B,QAAiB;IAEjB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,oBAAoB;IACpB,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC7C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,8DAA8D;IAC9D,MAAM,OAAO,GAAG,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC/C,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,2DAA2D;IAC3D,MAAM,WAAW,GAAG,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC;IACxE,MAAM,UAAU,GAAG,yBAAyB,CAAC,QAAQ,CAAC,IAAI,yBAAyB,CAAC,WAAgC,CAAC,CAAC;IACtH,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,WAAW,GAAG,CAAC,KAAK,IAAI,EAAE;YAC9B,qEAAqE;YACrE,gEAAgE;YAChE,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,UAAmC,CAAC,CAAC;YACtE,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,EAAE,CAAC;QACL,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAC5C,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,8DAA8D;IAC9D,MAAM,IAAI,GAAG,QAAQ,IAAI,uBAAuB,CAAC,QAAQ,CAAC,IAAI,MAAM,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IAErG,sCAAsC;IACtC,MAAM,WAAW,GAAG,CAAC,KAAK,IAAI,EAAE;QAC9B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvC,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QACpC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,EAAE,CAAC;IAEL,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IAE5C,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAA2B;IAC5D,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;IAC5B,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CACzB,IAAY,EACZ,QAA2B;IAE3B,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ,CACtB,IAAU,EACV,OAA6B;IAE7B,OAAO,CAAC,IAAI,CAAC,CAAC;IACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,KAAK,EAAE,CAAC;YACV,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,IAAU,EAAE,IAAY;IAChD,MAAM,OAAO,GAAW,EAAE,CAAC;IAC3B,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE;QACnB,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAQD;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,IAAU,EAAE,KAAkB;IAC5D,MAAM,KAAK,GAAc,IAAI,GAAG,EAAE,CAAC;IACnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACtB,CAAC;IAED,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE;QACnB,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACtB,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAU,EAAE,IAAY,EAAE,KAAiB;IAC3E,IAAI,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC;IAC1B,CAAC;IACD,OAAO,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,IAAU,EAAE,IAAY;IACnD,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;IAC1B,OAAO,OAAO,EAAE,CAAC;QACf,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YAC1B,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IAC3B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAU;IACpC,OAAO,IAAI,CAAC,IAAI,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,kBAAkB;IAC/B,MAAM,IAAI,GAAG,MAAM,cAAc,EAAE,CAAC;IAEpC,IAAI,IAAI,IAAI,SAAS,EAAE,CAAC;QACtB,yDAAyD;QACzD,qEAAqE;QACrE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAErD,gFAAgF;QAChF,kFAAkF;QAClF,8DAA8D;QAC9D,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,sBAAsB,CAAC,CAAC;QACpF,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,OAAO,YAAY,CAAC;QACtB,CAAC;QAED,0DAA0D;QAC1D,MAAM,sBAAsB,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,cAAc,EAAE,iBAAiB,EAAE,sBAAsB,CAAC,CAAC;QACjH,IAAI,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAC5C,OAAO,sBAAsB,CAAC;QAChC,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,OAAO,mDAAmD,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,sBAAsB,CAAC,QAA2B;IAC/D,yCAAyC;IACzC,MAAM,WAAW,GAAG,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC;IAExE,MAAM,IAAI,GAAG,MAAM,cAAc,EAAE,CAAC;IAEpC,IAAI,IAAI,IAAI,SAAS,EAAE,CAAC;QACtB,yDAAyD;QACzD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAErD,iFAAiF;QACjF,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,WAAW,OAAO,CAAC,CAAC;QAC/F,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,OAAO,YAAY,CAAC;QACtB,CAAC;QAED,oDAAoD;QACpD,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,eAAe,WAAW,OAAO,CAAC,CAAC;QAC1F,IAAI,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;YACrC,OAAO,eAAe,CAAC;QACzB,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,OAAO,oBAAoB,WAAW,OAAO,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAA2B;IAC1D,OAAO,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IACzB,iBAAiB,GAAG,KAAK,CAAC;IAC1B,eAAe,CAAC,KAAK,EAAE,CAAC;IACxB,uBAAuB,GAAG,EAAE,CAAC;AAC/B,CAAC"}
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* Language Plugin System
|
|
3
3
|
*
|
|
4
4
|
* Provides multi-language support through a plugin architecture.
|
|
5
|
-
* Each language (Java, JavaScript, Python, Rust) has its own plugin
|
|
5
|
+
* Each language (Java, JavaScript, Python, Rust, Bash, HTML) has its own plugin
|
|
6
6
|
* that handles AST node types, taint patterns, and framework detection.
|
|
7
7
|
*/
|
|
8
8
|
export type { SupportedLanguage, LanguageNodeTypes, LanguagePlugin, LanguageRegistry, ExtractionContext, FrameworkInfo, TaintSourcePattern, TaintSinkPattern, } from './types.js';
|
package/dist/languages/index.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* Language Plugin System
|
|
3
3
|
*
|
|
4
4
|
* Provides multi-language support through a plugin architecture.
|
|
5
|
-
* Each language (Java, JavaScript, Python, Rust) has its own plugin
|
|
5
|
+
* Each language (Java, JavaScript, Python, Rust, Bash, HTML) has its own plugin
|
|
6
6
|
* that handles AST node types, taint patterns, and framework detection.
|
|
7
7
|
*/
|
|
8
8
|
// Registry functions
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* Language Plugin System
|
|
3
3
|
*
|
|
4
4
|
* Defines the interface for language-specific analysis plugins.
|
|
5
|
-
* Each language (Java, JavaScript, Python, Rust) implements this interface.
|
|
5
|
+
* Each language (Java, JavaScript, Python, Rust, Bash, HTML) implements this interface.
|
|
6
6
|
*/
|
|
7
7
|
import type { Parser, Node as SyntaxNode, Tree } from 'web-tree-sitter';
|
|
8
8
|
import type { TypeInfo, CallInfo, ImportInfo } from '../types/index.js';
|
package/dist/languages/types.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* Language Plugin System
|
|
3
3
|
*
|
|
4
4
|
* Defines the interface for language-specific analysis plugins.
|
|
5
|
-
* Each language (Java, JavaScript, Python, Rust) implements this interface.
|
|
5
|
+
* Each language (Java, JavaScript, Python, Rust, Bash, HTML) implements this interface.
|
|
6
6
|
*/
|
|
7
7
|
export {};
|
|
8
8
|
//# sourceMappingURL=types.js.map
|
package/docs/SPEC.md
CHANGED
|
@@ -73,7 +73,7 @@ File metadata and version information.
|
|
|
73
73
|
interface Meta {
|
|
74
74
|
circle_ir: "3.0";
|
|
75
75
|
file: string;
|
|
76
|
-
language: "java" | "javascript" | "typescript" | "python" | "rust" | "bash";
|
|
76
|
+
language: "java" | "javascript" | "typescript" | "python" | "rust" | "bash" | "html";
|
|
77
77
|
loc: number;
|
|
78
78
|
hash: string; // SHA256 prefix (16 chars)
|
|
79
79
|
package?: string; // PENDING: Add to implementation
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "circle-ir",
|
|
3
|
-
"version": "3.17.
|
|
3
|
+
"version": "3.17.2",
|
|
4
4
|
"description": "High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.js",
|