circle-ir 3.18.5 → 3.18.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/analysis/config-loader.js +16 -0
- package/dist/analysis/config-loader.js.map +1 -1
- package/dist/analysis/passes/language-sources-pass.js +7 -0
- package/dist/analysis/passes/language-sources-pass.js.map +1 -1
- package/dist/analysis/passes/sink-filter-pass.js +4 -0
- package/dist/analysis/passes/sink-filter-pass.js.map +1 -1
- package/dist/analysis/taint-matcher.js +8 -1
- package/dist/analysis/taint-matcher.js.map +1 -1
- package/dist/browser/circle-ir.js +32 -3
- package/dist/core/circle-ir-core.cjs +23 -2
- package/dist/core/circle-ir-core.js +23 -2
- package/package.json +1 -1
|
@@ -9154,6 +9154,7 @@ var DEFAULT_SOURCES = [
|
|
|
9154
9154
|
{ method: "read_line", class: "BufReader", type: "file_input", severity: "medium", return_tainted: true },
|
|
9155
9155
|
{ method: "lines", class: "BufReader", type: "file_input", severity: "medium", return_tainted: true },
|
|
9156
9156
|
{ method: "read_to_string", class: "stdin", type: "io_input", severity: "medium", return_tainted: true },
|
|
9157
|
+
{ method: "read_line", class: "stdin", type: "io_input", severity: "medium", return_tainted: true },
|
|
9157
9158
|
{ method: "recv", class: "TcpStream", type: "network_input", severity: "high", return_tainted: true },
|
|
9158
9159
|
{ method: "read", class: "TcpStream", type: "network_input", severity: "high", return_tainted: true },
|
|
9159
9160
|
{ method: "read_to_end", class: "TcpStream", type: "network_input", severity: "high", return_tainted: true },
|
|
@@ -9874,6 +9875,8 @@ var DEFAULT_SINKS = [
|
|
|
9874
9875
|
{ method: "query", class: "Client", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
|
|
9875
9876
|
{ method: "query", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0] },
|
|
9876
9877
|
{ method: "raw", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0] },
|
|
9878
|
+
// Browser DOM XSS sinks
|
|
9879
|
+
{ method: "setAttribute", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [1] },
|
|
9877
9880
|
// Express.js XSS (response methods)
|
|
9878
9881
|
{ method: "send", class: "Response", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
|
|
9879
9882
|
{ method: "write", class: "Response", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
|
|
@@ -10121,6 +10124,14 @@ var DEFAULT_SINKS = [
|
|
|
10121
10124
|
// Rust Open Redirect
|
|
10122
10125
|
{ method: "redirect", class: "HttpResponse", type: "open_redirect", cwe: "CWE-601", severity: "medium", arg_positions: [0] },
|
|
10123
10126
|
{ method: "Redirect", type: "open_redirect", cwe: "CWE-601", severity: "medium", arg_positions: [0] },
|
|
10127
|
+
{ method: "see_other", class: "Redirect", type: "open_redirect", cwe: "CWE-601", severity: "high", arg_positions: [0] },
|
|
10128
|
+
{ method: "to", class: "Redirect", type: "open_redirect", cwe: "CWE-601", severity: "high", arg_positions: [0] },
|
|
10129
|
+
{ method: "temporary", class: "Redirect", type: "open_redirect", cwe: "CWE-601", severity: "high", arg_positions: [0] },
|
|
10130
|
+
{ method: "permanent", class: "Redirect", type: "open_redirect", cwe: "CWE-601", severity: "high", arg_positions: [0] },
|
|
10131
|
+
{ method: "header", class: "Response", type: "open_redirect", cwe: "CWE-601", severity: "high", arg_positions: [1] },
|
|
10132
|
+
{ method: "insert_header", class: "HttpResponse", type: "open_redirect", cwe: "CWE-601", severity: "high", arg_positions: [1] },
|
|
10133
|
+
{ method: "append_header", class: "HttpResponse", type: "open_redirect", cwe: "CWE-601", severity: "high", arg_positions: [1] },
|
|
10134
|
+
{ method: "from_str", class: "HeaderValue", type: "open_redirect", cwe: "CWE-601", severity: "high", arg_positions: [0] },
|
|
10124
10135
|
// Rust Log Injection (log crate, tracing)
|
|
10125
10136
|
{ method: "info!", type: "log_injection", cwe: "CWE-117", severity: "low", arg_positions: [0, 1, 2] },
|
|
10126
10137
|
{ method: "warn!", type: "log_injection", cwe: "CWE-117", severity: "low", arg_positions: [0, 1, 2] },
|
|
@@ -10155,6 +10166,9 @@ var DEFAULT_SINKS = [
|
|
|
10155
10166
|
{ method: "body", class: "HttpResponse", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
|
|
10156
10167
|
{ method: "body", class: "HttpResponseBuilder", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
|
|
10157
10168
|
{ method: "body", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
|
|
10169
|
+
// warp::reply::html
|
|
10170
|
+
{ method: "html", class: "reply", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
|
|
10171
|
+
{ method: "html", class: "warp", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
|
|
10158
10172
|
// Rust serde deserialization
|
|
10159
10173
|
{ method: "from_str", class: "serde_yaml", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0] },
|
|
10160
10174
|
{ method: "from_reader", class: "serde_yaml", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0] },
|
|
@@ -10227,6 +10241,8 @@ var DEFAULT_SANITIZERS = [
|
|
|
10227
10241
|
// DOMPurify and similar
|
|
10228
10242
|
{ method: "sanitize", class: "DOMPurify", removes: ["xss"] },
|
|
10229
10243
|
{ method: "escape", class: "validator", removes: ["xss"] },
|
|
10244
|
+
// JSON.parse (data is validated against JSON grammar, prevents XSS/code injection)
|
|
10245
|
+
{ method: "parse", class: "JSON", removes: ["xss", "code_injection"] },
|
|
10230
10246
|
// Type coercion (removes string-based injections)
|
|
10231
10247
|
{ method: "parseInt", removes: ["sql_injection", "nosql_injection", "command_injection", "xss"] },
|
|
10232
10248
|
{ method: "parseFloat", removes: ["sql_injection", "nosql_injection", "command_injection"] },
|
|
@@ -10753,7 +10769,8 @@ function receiverMightBeClass(receiver, className) {
|
|
|
10753
10769
|
"createStatement": ["Statement"],
|
|
10754
10770
|
"prepareStatement": ["PreparedStatement"],
|
|
10755
10771
|
"getRuntime": ["Runtime"],
|
|
10756
|
-
"builder": ["Response", "ResponseBuilder", "HttpResponseBuilder"]
|
|
10772
|
+
"builder": ["Response", "ResponseBuilder", "HttpResponseBuilder"],
|
|
10773
|
+
"stdin": ["stdin", "Stdin", "BufReader"]
|
|
10757
10774
|
};
|
|
10758
10775
|
const expectedTypes = returnTypeMappings[methodName];
|
|
10759
10776
|
if (Array.isArray(expectedTypes) && expectedTypes.includes(className)) {
|
|
@@ -10762,12 +10779,16 @@ function receiverMightBeClass(receiver, className) {
|
|
|
10762
10779
|
}
|
|
10763
10780
|
}
|
|
10764
10781
|
if (receiver.includes("::") && receiver.endsWith(")")) {
|
|
10765
|
-
const scopedMatch = receiver.match(/^(\w+)
|
|
10782
|
+
const scopedMatch = receiver.match(/^(\w+)::(\w+)\(.*\)$/);
|
|
10766
10783
|
if (scopedMatch) {
|
|
10767
10784
|
const typeName = scopedMatch[1];
|
|
10785
|
+
const funcName = scopedMatch[2];
|
|
10768
10786
|
if (typeName === className || typeName.toLowerCase() === lowerClass) {
|
|
10769
10787
|
return true;
|
|
10770
10788
|
}
|
|
10789
|
+
if (funcName === className || funcName.toLowerCase() === lowerClass) {
|
|
10790
|
+
return true;
|
|
10791
|
+
}
|
|
10771
10792
|
}
|
|
10772
10793
|
}
|
|
10773
10794
|
if (lowerClass.includes(lowerReceiver)) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "circle-ir",
|
|
3
|
-
"version": "3.18.
|
|
3
|
+
"version": "3.18.6",
|
|
4
4
|
"description": "High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.js",
|