circle-ir 3.18.3 → 3.18.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/configs/sinks/javascript_dom_xss.yaml +17 -3
  2. package/configs/sinks/rust.json +45 -0
  3. package/package.json +1 -1
package/configs/sinks/javascript_dom_xss.yaml CHANGED
@@ -152,24 +152,32 @@
152
152
  },
153
153
  {
154
154
  "property": "cssText",
155
- "type": "css_injection",
155
+ "type": "xss",
156
156
  "cwe": "CWE-79",
157
157
  "severity": "medium",
158
158
  "note": "CSS injection via style.cssText"
159
159
  },
160
160
  {
161
161
  "property": "background",
162
- "type": "css_injection",
162
+ "type": "xss",
163
163
  "cwe": "CWE-79",
164
164
  "severity": "medium",
165
165
  "note": "CSS injection via style.background (url() injection)"
166
166
  },
167
167
  {
168
168
  "property": "backgroundImage",
169
- "type": "css_injection",
169
+ "type": "xss",
170
170
  "cwe": "CWE-79",
171
171
  "severity": "medium",
172
172
  "note": "CSS injection via style.backgroundImage (url() injection)"
173
+ },
174
+ {
175
+ "property": "textContent",
176
+ "element": "style",
177
+ "type": "xss",
178
+ "cwe": "CWE-79",
179
+ "severity": "high",
180
+ "note": "Dynamic stylesheet injection via style.textContent"
173
181
  }
174
182
  ],
175
183
  "sanitizers": [
@@ -199,6 +207,12 @@
199
207
  "method": "encodeURIComponent",
200
208
  "removes": ["xss"],
201
209
  "note": "URL encoding - safe for URL parameters"
210
+ },
211
+ {
212
+ "method": "parse",
213
+ "class": "JSON",
214
+ "removes": ["xss", "code_injection"],
215
+ "note": "JSON.parse() returns object - breaks string taint chain"
202
216
  }
203
217
  ]
204
218
  }
package/configs/sinks/rust.json CHANGED
@@ -353,6 +353,15 @@
353
353
  "tainted_args": [0],
354
354
  "note": "Warp Html response with user-controlled content"
355
355
  },
356
+ {
357
+ "method": "html",
358
+ "class": "warp",
359
+ "type": "xss",
360
+ "cwe": "CWE-79",
361
+ "severity": "high",
362
+ "tainted_args": [0],
363
+ "note": "warp::reply::html() with user-controlled content"
364
+ },
356
365
  {
357
366
  "method": "body",
358
367
  "class": "Response",
@@ -398,6 +407,42 @@
398
407
  "tainted_args": [0],
399
408
  "note": "Redirect to user-controlled URL"
400
409
  },
410
+ {
411
+ "method": "to",
412
+ "class": "Redirect",
413
+ "type": "open_redirect",
414
+ "cwe": "CWE-601",
415
+ "severity": "high",
416
+ "tainted_args": [0],
417
+ "note": "Redirect::to() with user-controlled URL"
418
+ },
419
+ {
420
+ "method": "see_other",
421
+ "class": "Redirect",
422
+ "type": "open_redirect",
423
+ "cwe": "CWE-601",
424
+ "severity": "high",
425
+ "tainted_args": [0],
426
+ "note": "Redirect::see_other() with user-controlled URL (303)"
427
+ },
428
+ {
429
+ "method": "temporary",
430
+ "class": "Redirect",
431
+ "type": "open_redirect",
432
+ "cwe": "CWE-601",
433
+ "severity": "high",
434
+ "tainted_args": [0],
435
+ "note": "Redirect::temporary() with user-controlled URL (307)"
436
+ },
437
+ {
438
+ "method": "permanent",
439
+ "class": "Redirect",
440
+ "type": "open_redirect",
441
+ "cwe": "CWE-601",
442
+ "severity": "high",
443
+ "tainted_args": [0],
444
+ "note": "Redirect::permanent() with user-controlled URL (301)"
445
+ },
401
446
  {
402
447
  "method": "Html",
403
448
  "type": "xss",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "circle-ir",
3
- "version": "3.18.3",
3
+ "version": "3.18.4",
4
4
  "description": "High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis",
5
5
  "main": "dist/index.js",
6
6
  "module": "dist/index.js",