circle-ir 3.18.5 → 3.18.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/analysis/config-loader.js +16 -0
  2. package/dist/analysis/config-loader.js.map +1 -1
  3. package/dist/analysis/passes/language-sources-pass.js +7 -0
  4. package/dist/analysis/passes/language-sources-pass.js.map +1 -1
  5. package/dist/analysis/passes/sink-filter-pass.js +4 -0
  6. package/dist/analysis/passes/sink-filter-pass.js.map +1 -1
  7. package/dist/analysis/taint-matcher.js +8 -1
  8. package/dist/analysis/taint-matcher.js.map +1 -1
  9. package/dist/browser/circle-ir.js +32 -3
  10. package/dist/core/circle-ir-core.cjs +23 -2
  11. package/dist/core/circle-ir-core.js +23 -2
  12. package/package.json +1 -1
package/dist/analysis/config-loader.js CHANGED
@@ -406,6 +406,7 @@ export const DEFAULT_SOURCES = [
406
406
  { method: 'read_line', class: 'BufReader', type: 'file_input', severity: 'medium', return_tainted: true },
407
407
  { method: 'lines', class: 'BufReader', type: 'file_input', severity: 'medium', return_tainted: true },
408
408
  { method: 'read_to_string', class: 'stdin', type: 'io_input', severity: 'medium', return_tainted: true },
409
+ { method: 'read_line', class: 'stdin', type: 'io_input', severity: 'medium', return_tainted: true },
409
410
  { method: 'recv', class: 'TcpStream', type: 'network_input', severity: 'high', return_tainted: true },
410
411
  { method: 'read', class: 'TcpStream', type: 'network_input', severity: 'high', return_tainted: true },
411
412
  { method: 'read_to_end', class: 'TcpStream', type: 'network_input', severity: 'high', return_tainted: true },
@@ -1126,6 +1127,8 @@ export const DEFAULT_SINKS = [
1126
1127
  { method: 'query', class: 'Client', type: 'sql_injection', cwe: 'CWE-89', severity: 'critical', arg_positions: [0] },
1127
1128
  { method: 'query', type: 'sql_injection', cwe: 'CWE-89', severity: 'high', arg_positions: [0] },
1128
1129
  { method: 'raw', type: 'sql_injection', cwe: 'CWE-89', severity: 'high', arg_positions: [0] },
1130
+ // Browser DOM XSS sinks
1131
+ { method: 'setAttribute', type: 'xss', cwe: 'CWE-79', severity: 'high', arg_positions: [1] },
1129
1132
  // Express.js XSS (response methods)
1130
1133
  { method: 'send', class: 'Response', type: 'xss', cwe: 'CWE-79', severity: 'high', arg_positions: [0] },
1131
1134
  { method: 'write', class: 'Response', type: 'xss', cwe: 'CWE-79', severity: 'high', arg_positions: [0] },
@@ -1373,6 +1376,14 @@ export const DEFAULT_SINKS = [
1373
1376
  // Rust Open Redirect
1374
1377
  { method: 'redirect', class: 'HttpResponse', type: 'open_redirect', cwe: 'CWE-601', severity: 'medium', arg_positions: [0] },
1375
1378
  { method: 'Redirect', type: 'open_redirect', cwe: 'CWE-601', severity: 'medium', arg_positions: [0] },
1379
+ { method: 'see_other', class: 'Redirect', type: 'open_redirect', cwe: 'CWE-601', severity: 'high', arg_positions: [0] },
1380
+ { method: 'to', class: 'Redirect', type: 'open_redirect', cwe: 'CWE-601', severity: 'high', arg_positions: [0] },
1381
+ { method: 'temporary', class: 'Redirect', type: 'open_redirect', cwe: 'CWE-601', severity: 'high', arg_positions: [0] },
1382
+ { method: 'permanent', class: 'Redirect', type: 'open_redirect', cwe: 'CWE-601', severity: 'high', arg_positions: [0] },
1383
+ { method: 'header', class: 'Response', type: 'open_redirect', cwe: 'CWE-601', severity: 'high', arg_positions: [1] },
1384
+ { method: 'insert_header', class: 'HttpResponse', type: 'open_redirect', cwe: 'CWE-601', severity: 'high', arg_positions: [1] },
1385
+ { method: 'append_header', class: 'HttpResponse', type: 'open_redirect', cwe: 'CWE-601', severity: 'high', arg_positions: [1] },
1386
+ { method: 'from_str', class: 'HeaderValue', type: 'open_redirect', cwe: 'CWE-601', severity: 'high', arg_positions: [0] },
1376
1387
  // Rust Log Injection (log crate, tracing)
1377
1388
  { method: 'info!', type: 'log_injection', cwe: 'CWE-117', severity: 'low', arg_positions: [0, 1, 2] },
1378
1389
  { method: 'warn!', type: 'log_injection', cwe: 'CWE-117', severity: 'low', arg_positions: [0, 1, 2] },
@@ -1407,6 +1418,9 @@ export const DEFAULT_SINKS = [
1407
1418
  { method: 'body', class: 'HttpResponse', type: 'xss', cwe: 'CWE-79', severity: 'high', arg_positions: [0] },
1408
1419
  { method: 'body', class: 'HttpResponseBuilder', type: 'xss', cwe: 'CWE-79', severity: 'high', arg_positions: [0] },
1409
1420
  { method: 'body', type: 'xss', cwe: 'CWE-79', severity: 'high', arg_positions: [0] },
1421
+ // warp::reply::html
1422
+ { method: 'html', class: 'reply', type: 'xss', cwe: 'CWE-79', severity: 'high', arg_positions: [0] },
1423
+ { method: 'html', class: 'warp', type: 'xss', cwe: 'CWE-79', severity: 'high', arg_positions: [0] },
1410
1424
  // Rust serde deserialization
1411
1425
  { method: 'from_str', class: 'serde_yaml', type: 'deserialization', cwe: 'CWE-502', severity: 'high', arg_positions: [0] },
1412
1426
  { method: 'from_reader', class: 'serde_yaml', type: 'deserialization', cwe: 'CWE-502', severity: 'high', arg_positions: [0] },
@@ -1473,6 +1487,8 @@ export const DEFAULT_SANITIZERS = [
1473
1487
  // DOMPurify and similar
1474
1488
  { method: 'sanitize', class: 'DOMPurify', removes: ['xss'] },
1475
1489
  { method: 'escape', class: 'validator', removes: ['xss'] },
1490
+ // JSON.parse (data is validated against JSON grammar, prevents XSS/code injection)
1491
+ { method: 'parse', class: 'JSON', removes: ['xss', 'code_injection'] },
1476
1492
  // Type coercion (removes string-based injections)
1477
1493
  { method: 'parseInt', removes: ['sql_injection', 'nosql_injection', 'command_injection', 'xss'] },
1478
1494
  { method: 'parseFloat', removes: ['sql_injection', 'nosql_injection', 'command_injection'] },