circle-ir 3.23.0 → 3.23.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/configs/sinks/code_injection.yaml +0 -43
- package/configs/sinks/path.yaml +0 -109
- package/configs/sinks/sql.yaml +0 -65
- package/package.json +1 -1
|
@@ -490,49 +490,6 @@
|
|
|
490
490
|
],
|
|
491
491
|
"note": "Can define arbitrary classes from bytecode"
|
|
492
492
|
},
|
|
493
|
-
{
|
|
494
|
-
"method": "newInstance",
|
|
495
|
-
"type": "code_injection",
|
|
496
|
-
"cwe": "CWE-94",
|
|
497
|
-
"severity": "critical",
|
|
498
|
-
"arg_positions": [
|
|
499
|
-
0
|
|
500
|
-
],
|
|
501
|
-
"note": "Auto-mined from CVE analysis"
|
|
502
|
-
},
|
|
503
|
-
{
|
|
504
|
-
"method": "readObject",
|
|
505
|
-
"class": "ObjectInputStream",
|
|
506
|
-
"type": "code_injection",
|
|
507
|
-
"cwe": "CWE-94",
|
|
508
|
-
"severity": "critical",
|
|
509
|
-
"arg_positions": [
|
|
510
|
-
0
|
|
511
|
-
],
|
|
512
|
-
"note": "Auto-mined from CVE analysis"
|
|
513
|
-
},
|
|
514
|
-
{
|
|
515
|
-
"method": "compile",
|
|
516
|
-
"class": "XPath",
|
|
517
|
-
"type": "code_injection",
|
|
518
|
-
"cwe": "CWE-94",
|
|
519
|
-
"severity": "critical",
|
|
520
|
-
"arg_positions": [
|
|
521
|
-
0
|
|
522
|
-
],
|
|
523
|
-
"note": "Auto-mined from CVE analysis"
|
|
524
|
-
},
|
|
525
|
-
{
|
|
526
|
-
"method": "println",
|
|
527
|
-
"class": "PrintWriter",
|
|
528
|
-
"type": "code_injection",
|
|
529
|
-
"cwe": "CWE-94",
|
|
530
|
-
"severity": "critical",
|
|
531
|
-
"arg_positions": [
|
|
532
|
-
0
|
|
533
|
-
],
|
|
534
|
-
"note": "Auto-mined from CVE analysis"
|
|
535
|
-
},
|
|
536
493
|
{
|
|
537
494
|
"method": "onNewInstance",
|
|
538
495
|
"class": "SandboxInterceptor",
|
package/configs/sinks/path.yaml
CHANGED
|
@@ -460,17 +460,6 @@
|
|
|
460
460
|
],
|
|
461
461
|
"note": "Auto-mined from CVE analysis"
|
|
462
462
|
},
|
|
463
|
-
{
|
|
464
|
-
"method": "compile",
|
|
465
|
-
"class": "XPath",
|
|
466
|
-
"type": "path_traversal",
|
|
467
|
-
"cwe": "CWE-22",
|
|
468
|
-
"severity": "high",
|
|
469
|
-
"arg_positions": [
|
|
470
|
-
0
|
|
471
|
-
],
|
|
472
|
-
"note": "Auto-mined from CVE analysis"
|
|
473
|
-
},
|
|
474
463
|
{
|
|
475
464
|
"method": "FileOutputStream",
|
|
476
465
|
"class": "constructor",
|
|
@@ -514,17 +503,6 @@
|
|
|
514
503
|
],
|
|
515
504
|
"note": "Auto-mined from CVE analysis"
|
|
516
505
|
},
|
|
517
|
-
{
|
|
518
|
-
"method": "println",
|
|
519
|
-
"class": "PrintWriter",
|
|
520
|
-
"type": "path_traversal",
|
|
521
|
-
"cwe": "CWE-22",
|
|
522
|
-
"severity": "high",
|
|
523
|
-
"arg_positions": [
|
|
524
|
-
0
|
|
525
|
-
],
|
|
526
|
-
"note": "Auto-mined from CVE analysis"
|
|
527
|
-
},
|
|
528
506
|
{
|
|
529
507
|
"method": "write",
|
|
530
508
|
"type": "path_traversal",
|
|
@@ -546,93 +524,6 @@
|
|
|
546
524
|
],
|
|
547
525
|
"note": "Auto-mined from CVE analysis"
|
|
548
526
|
},
|
|
549
|
-
{
|
|
550
|
-
"method": "forName",
|
|
551
|
-
"class": "Class",
|
|
552
|
-
"type": "path_traversal",
|
|
553
|
-
"cwe": "CWE-22",
|
|
554
|
-
"severity": "high",
|
|
555
|
-
"arg_positions": [
|
|
556
|
-
0
|
|
557
|
-
],
|
|
558
|
-
"note": "Auto-mined from CVE analysis"
|
|
559
|
-
},
|
|
560
|
-
{
|
|
561
|
-
"method": "newInstance",
|
|
562
|
-
"type": "path_traversal",
|
|
563
|
-
"cwe": "CWE-22",
|
|
564
|
-
"severity": "high",
|
|
565
|
-
"arg_positions": [
|
|
566
|
-
0
|
|
567
|
-
],
|
|
568
|
-
"note": "Auto-mined from CVE analysis"
|
|
569
|
-
},
|
|
570
|
-
{
|
|
571
|
-
"method": "readObject",
|
|
572
|
-
"class": "ObjectInputStream",
|
|
573
|
-
"type": "path_traversal",
|
|
574
|
-
"cwe": "CWE-22",
|
|
575
|
-
"severity": "high",
|
|
576
|
-
"arg_positions": [
|
|
577
|
-
0
|
|
578
|
-
],
|
|
579
|
-
"note": "Auto-mined from CVE analysis"
|
|
580
|
-
},
|
|
581
|
-
{
|
|
582
|
-
"method": "execute",
|
|
583
|
-
"class": "Statement",
|
|
584
|
-
"type": "path_traversal",
|
|
585
|
-
"cwe": "CWE-22",
|
|
586
|
-
"severity": "high",
|
|
587
|
-
"arg_positions": [
|
|
588
|
-
0
|
|
589
|
-
],
|
|
590
|
-
"note": "Auto-mined from CVE analysis"
|
|
591
|
-
},
|
|
592
|
-
{
|
|
593
|
-
"method": "start",
|
|
594
|
-
"class": "ProcessBuilder",
|
|
595
|
-
"type": "path_traversal",
|
|
596
|
-
"cwe": "CWE-22",
|
|
597
|
-
"severity": "high",
|
|
598
|
-
"arg_positions": [
|
|
599
|
-
0
|
|
600
|
-
],
|
|
601
|
-
"note": "Auto-mined from CVE analysis"
|
|
602
|
-
},
|
|
603
|
-
{
|
|
604
|
-
"method": "print",
|
|
605
|
-
"class": "PrintWriter",
|
|
606
|
-
"type": "path_traversal",
|
|
607
|
-
"cwe": "CWE-22",
|
|
608
|
-
"severity": "high",
|
|
609
|
-
"arg_positions": [
|
|
610
|
-
0
|
|
611
|
-
],
|
|
612
|
-
"note": "Auto-mined from CVE analysis"
|
|
613
|
-
},
|
|
614
|
-
{
|
|
615
|
-
"method": "executeQuery",
|
|
616
|
-
"class": "Statement",
|
|
617
|
-
"type": "path_traversal",
|
|
618
|
-
"cwe": "CWE-22",
|
|
619
|
-
"severity": "high",
|
|
620
|
-
"arg_positions": [
|
|
621
|
-
0
|
|
622
|
-
],
|
|
623
|
-
"note": "Auto-mined from CVE analysis"
|
|
624
|
-
},
|
|
625
|
-
{
|
|
626
|
-
"method": "executeUpdate",
|
|
627
|
-
"class": "Statement",
|
|
628
|
-
"type": "path_traversal",
|
|
629
|
-
"cwe": "CWE-22",
|
|
630
|
-
"severity": "high",
|
|
631
|
-
"arg_positions": [
|
|
632
|
-
0
|
|
633
|
-
],
|
|
634
|
-
"note": "Auto-mined from CVE analysis"
|
|
635
|
-
},
|
|
636
527
|
{
|
|
637
528
|
"method": "child",
|
|
638
529
|
"class": "FilePath",
|
package/configs/sinks/sql.yaml
CHANGED
|
@@ -239,71 +239,6 @@
|
|
|
239
239
|
"severity": "critical",
|
|
240
240
|
"arg_positions": [0],
|
|
241
241
|
"note": "MyBatis ORM - tainted fields in example criteria may be interpolated via ${} syntax"
|
|
242
|
-
},
|
|
243
|
-
{
|
|
244
|
-
"method": "File",
|
|
245
|
-
"class": "constructor",
|
|
246
|
-
"type": "sql_injection",
|
|
247
|
-
"cwe": "CWE-89",
|
|
248
|
-
"severity": "critical",
|
|
249
|
-
"arg_positions": [
|
|
250
|
-
0
|
|
251
|
-
],
|
|
252
|
-
"note": "Auto-mined from CVE analysis"
|
|
253
|
-
},
|
|
254
|
-
{
|
|
255
|
-
"method": "FileInputStream",
|
|
256
|
-
"class": "constructor",
|
|
257
|
-
"type": "sql_injection",
|
|
258
|
-
"cwe": "CWE-89",
|
|
259
|
-
"severity": "critical",
|
|
260
|
-
"arg_positions": [
|
|
261
|
-
0
|
|
262
|
-
],
|
|
263
|
-
"note": "Auto-mined from CVE analysis"
|
|
264
|
-
},
|
|
265
|
-
{
|
|
266
|
-
"method": "getResource",
|
|
267
|
-
"type": "sql_injection",
|
|
268
|
-
"cwe": "CWE-89",
|
|
269
|
-
"severity": "critical",
|
|
270
|
-
"arg_positions": [
|
|
271
|
-
0
|
|
272
|
-
],
|
|
273
|
-
"note": "Auto-mined from CVE analysis"
|
|
274
|
-
},
|
|
275
|
-
{
|
|
276
|
-
"method": "openConnection",
|
|
277
|
-
"class": "URL",
|
|
278
|
-
"type": "sql_injection",
|
|
279
|
-
"cwe": "CWE-89",
|
|
280
|
-
"severity": "critical",
|
|
281
|
-
"arg_positions": [
|
|
282
|
-
0
|
|
283
|
-
],
|
|
284
|
-
"note": "Auto-mined from CVE analysis"
|
|
285
|
-
},
|
|
286
|
-
{
|
|
287
|
-
"method": "openStream",
|
|
288
|
-
"class": "URL",
|
|
289
|
-
"type": "sql_injection",
|
|
290
|
-
"cwe": "CWE-89",
|
|
291
|
-
"severity": "critical",
|
|
292
|
-
"arg_positions": [
|
|
293
|
-
0
|
|
294
|
-
],
|
|
295
|
-
"note": "Auto-mined from CVE analysis"
|
|
296
|
-
},
|
|
297
|
-
{
|
|
298
|
-
"method": "forName",
|
|
299
|
-
"class": "Class",
|
|
300
|
-
"type": "sql_injection",
|
|
301
|
-
"cwe": "CWE-89",
|
|
302
|
-
"severity": "critical",
|
|
303
|
-
"arg_positions": [
|
|
304
|
-
0
|
|
305
|
-
],
|
|
306
|
-
"note": "Auto-mined from CVE analysis"
|
|
307
242
|
}
|
|
308
243
|
],
|
|
309
244
|
"sanitizers": [
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "circle-ir",
|
|
3
|
-
"version": "3.23.
|
|
3
|
+
"version": "3.23.1",
|
|
4
4
|
"description": "High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.js",
|