circle-ir 3.34.0 → 3.36.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/configs/sinks/code_injection.yaml +112 -0
- package/dist/analysis/config-loader.d.ts.map +1 -1
- package/dist/analysis/config-loader.js +26 -0
- package/dist/analysis/config-loader.js.map +1 -1
- package/dist/analysis/passes/taint-propagation-pass.d.ts.map +1 -1
- package/dist/analysis/passes/taint-propagation-pass.js +143 -0
- package/dist/analysis/passes/taint-propagation-pass.js.map +1 -1
- package/dist/browser/circle-ir.js +101 -0
- package/dist/core/circle-ir-core.cjs +26 -0
- package/dist/core/circle-ir-core.js +26 -0
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"taint-propagation-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/taint-propagation-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAM9E,MAAM,WAAW,0BAA0B;IACzC,KAAK,EAAE,aAAa,EAAE,CAAC;CACxB;AAED,qBAAa,oBAAqB,YAAW,YAAY,CAAC,0BAA0B,CAAC;IACnF,QAAQ,CAAC,IAAI,uBAAuB;IACpC,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IAExC,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,0BAA0B;
|
|
1
|
+
{"version":3,"file":"taint-propagation-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/taint-propagation-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAM9E,MAAM,WAAW,0BAA0B;IACzC,KAAK,EAAE,aAAa,EAAE,CAAC;CACxB;AAED,qBAAa,oBAAqB,YAAW,YAAY,CAAC,0BAA0B,CAAC;IACnF,QAAQ,CAAC,IAAI,uBAAuB;IACpC,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IAExC,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,0BAA0B;CA4HlD"}
|
|
@@ -90,6 +90,47 @@ export class TaintPropagationPass {
|
|
|
90
90
|
flows.push(f);
|
|
91
91
|
}
|
|
92
92
|
}
|
|
93
|
+
// Supplement: expression-scan flows for assignment-style sources (#18).
|
|
94
|
+
//
|
|
95
|
+
// The DFG-based propagator above misses two important cases:
|
|
96
|
+
// 1. Languages without a per-language DFG builder (Python falls through
|
|
97
|
+
// to buildJavaDFG which finds no `method_declaration` nodes and emits
|
|
98
|
+
// an empty DFG — defs=[], uses=[], chains=[]).
|
|
99
|
+
// 2. Sink calls whose argument is a compound expression (e.g.
|
|
100
|
+
// `cur.execute("SELECT ... " + uid)`) where `arg.variable` is null
|
|
101
|
+
// because the arg node isn't a bare `identifier`.
|
|
102
|
+
//
|
|
103
|
+
// Both cases break the `arg.variable === use.variable` matching in
|
|
104
|
+
// propagateTaint(). For sources that already carry an explicit `variable`
|
|
105
|
+
// field (assignment-style sources from LanguageSourcesPass, e.g.
|
|
106
|
+
// `findPythonAssignmentSources`), we can sidestep the DFG entirely:
|
|
107
|
+
// scan each sink's call-argument expressions for that variable name as
|
|
108
|
+
// an identifier-boundary match. This is language-agnostic but in practice
|
|
109
|
+
// benefits Python the most because Java sources rarely set `variable`.
|
|
110
|
+
const exprScanFlows = detectExpressionScanFlows(calls, sources, sinks, constProp.unreachableLines) ?? [];
|
|
111
|
+
for (const f of exprScanFlows) {
|
|
112
|
+
if (flows.some(x => x.source_line === f.source_line &&
|
|
113
|
+
x.sink_line === f.sink_line &&
|
|
114
|
+
x.sink_type === f.sink_type))
|
|
115
|
+
continue;
|
|
116
|
+
const flowForCheck = {
|
|
117
|
+
source: { line: f.source_line },
|
|
118
|
+
sink: { line: f.sink_line },
|
|
119
|
+
path: f.path.map(p => ({ variable: p.variable, line: p.line })),
|
|
120
|
+
};
|
|
121
|
+
if (isCorrelatedPredicateFP(constProp, flowForCheck))
|
|
122
|
+
continue;
|
|
123
|
+
let isFP = false;
|
|
124
|
+
for (const step of f.path) {
|
|
125
|
+
if (isFalsePositive(constProp, step.line, step.variable).isFalsePositive) {
|
|
126
|
+
isFP = true;
|
|
127
|
+
break;
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
if (isFP)
|
|
131
|
+
continue;
|
|
132
|
+
flows.push(f);
|
|
133
|
+
}
|
|
93
134
|
return { flows };
|
|
94
135
|
}
|
|
95
136
|
}
|
|
@@ -287,4 +328,106 @@ function detectParameterSinkFlows(types, calls, sources, sinks, unreachableLines
|
|
|
287
328
|
void types;
|
|
288
329
|
return flows;
|
|
289
330
|
}
|
|
331
|
+
/**
|
|
332
|
+
* Detect taint flows by scanning sink call argument expressions for any
|
|
333
|
+
* source-variable name (#18).
|
|
334
|
+
*
|
|
335
|
+
* Algorithm — for each source with an explicit `variable` field (set by
|
|
336
|
+
* assignment-style source detectors such as `findPythonAssignmentSources`,
|
|
337
|
+
* which records the LHS variable name when an HTTP/file/env call appears on
|
|
338
|
+
* the RHS):
|
|
339
|
+
*
|
|
340
|
+
* 1. For every sink at a later line, look at its call-site arguments.
|
|
341
|
+
* 2. Respect `sink.argPositions` — skip positions that aren't dangerous
|
|
342
|
+
* (e.g. `execSync(cmd, opts)` only flags arg 0).
|
|
343
|
+
* 3. If the source `variable` appears as a `\b<var>\b` identifier-boundary
|
|
344
|
+
* match inside any dangerous argument's expression text, emit a flow.
|
|
345
|
+
*
|
|
346
|
+
* The word-boundary regex prevents accidental substring matches
|
|
347
|
+
* (e.g. tainted `uid` does NOT match `uid_table`). Confidence is moderated
|
|
348
|
+
* by both source and sink confidence and a 0.7 multiplier to keep these
|
|
349
|
+
* expression-scan flows distinguishable from full DFG-tracked flows.
|
|
350
|
+
*
|
|
351
|
+
* This detector unblocks all non-XSS Python categories (sqli, pathtraver,
|
|
352
|
+
* cmdi, xpathi, xxe, deserialization, codeinj, ldapi, redirect, trustbound)
|
|
353
|
+
* which previously emitted `flows: []` because:
|
|
354
|
+
* - Python has no language-specific DFG builder (falls through to Java DFG
|
|
355
|
+
* which finds zero `method_declaration` nodes in Python ASTs), AND
|
|
356
|
+
* - Python call-arg extraction sets `arg.variable = null` for compound
|
|
357
|
+
* expressions like `"SELECT ... " + uid`.
|
|
358
|
+
*
|
|
359
|
+
* Java is unaffected because Java sources rarely set the `variable` field
|
|
360
|
+
* (they come from getter pattern detection, `@RequestParam` annotations,
|
|
361
|
+
* or YAML sink/source matches that operate at the receiver-type level).
|
|
362
|
+
*/
|
|
363
|
+
function detectExpressionScanFlows(calls, sources, sinks, unreachableLines) {
|
|
364
|
+
const flows = [];
|
|
365
|
+
// Only consider sources that carry an explicit variable name to scan for.
|
|
366
|
+
const sourcesWithVar = sources.filter((s) => typeof s.variable === 'string' && s.variable.length > 0);
|
|
367
|
+
if (sourcesWithVar.length === 0)
|
|
368
|
+
return flows;
|
|
369
|
+
// Pre-compile word-boundary regexes per unique source variable.
|
|
370
|
+
// Escape regex-special characters defensively (variable names should be
|
|
371
|
+
// plain identifiers but Python attribute paths like `obj.attr` could leak in).
|
|
372
|
+
const reCache = new Map();
|
|
373
|
+
for (const s of sourcesWithVar) {
|
|
374
|
+
if (reCache.has(s.variable))
|
|
375
|
+
continue;
|
|
376
|
+
const escaped = s.variable.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
|
|
377
|
+
reCache.set(s.variable, new RegExp(`\\b${escaped}\\b`));
|
|
378
|
+
}
|
|
379
|
+
// Group calls by line for O(1) sink-line lookup.
|
|
380
|
+
const callsByLine = new Map();
|
|
381
|
+
for (const call of calls) {
|
|
382
|
+
const existing = callsByLine.get(call.location.line) ?? [];
|
|
383
|
+
existing.push(call);
|
|
384
|
+
callsByLine.set(call.location.line, existing);
|
|
385
|
+
}
|
|
386
|
+
for (const sink of sinks) {
|
|
387
|
+
if (unreachableLines.has(sink.line))
|
|
388
|
+
continue;
|
|
389
|
+
const callsAtSink = callsByLine.get(sink.line) ?? [];
|
|
390
|
+
for (const call of callsAtSink) {
|
|
391
|
+
for (const arg of call.arguments) {
|
|
392
|
+
// Respect dangerous-position filtering (e.g. execSync arg 0 only).
|
|
393
|
+
if (sink.argPositions && sink.argPositions.length > 0 &&
|
|
394
|
+
!sink.argPositions.includes(arg.position)) {
|
|
395
|
+
continue;
|
|
396
|
+
}
|
|
397
|
+
const expr = arg.expression;
|
|
398
|
+
if (!expr)
|
|
399
|
+
continue;
|
|
400
|
+
for (const source of sourcesWithVar) {
|
|
401
|
+
// Source must appear before the sink (no backward flows).
|
|
402
|
+
if (source.line >= sink.line)
|
|
403
|
+
continue;
|
|
404
|
+
const re = reCache.get(source.variable);
|
|
405
|
+
if (!re || !re.test(expr))
|
|
406
|
+
continue;
|
|
407
|
+
// Dedupe by (source_line, sink_line, sink.type) — a single source
|
|
408
|
+
// can reach multiple distinct sinks at the same line (e.g. an
|
|
409
|
+
// execute() call modeled as both `xss` and `sql_injection`).
|
|
410
|
+
if (flows.some(f => f.source_line === source.line &&
|
|
411
|
+
f.sink_line === sink.line &&
|
|
412
|
+
f.sink_type === sink.type))
|
|
413
|
+
continue;
|
|
414
|
+
flows.push({
|
|
415
|
+
source_line: source.line,
|
|
416
|
+
sink_line: sink.line,
|
|
417
|
+
source_type: source.type,
|
|
418
|
+
sink_type: sink.type,
|
|
419
|
+
path: [
|
|
420
|
+
{ variable: source.variable, line: source.line, type: 'source' },
|
|
421
|
+
{ variable: source.variable, line: sink.line, type: 'sink' },
|
|
422
|
+
],
|
|
423
|
+
confidence: source.confidence * sink.confidence * 0.7,
|
|
424
|
+
sanitized: false,
|
|
425
|
+
});
|
|
426
|
+
break; // one source per arg is enough
|
|
427
|
+
}
|
|
428
|
+
}
|
|
429
|
+
}
|
|
430
|
+
}
|
|
431
|
+
return flows;
|
|
432
|
+
}
|
|
290
433
|
//# sourceMappingURL=taint-propagation-pass.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"taint-propagation-pass.js","sourceRoot":"","sources":["../../../src/analysis/passes/taint-propagation-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAOH,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AAMtF,MAAM,OAAO,oBAAoB;IACtB,IAAI,GAAG,mBAAmB,CAAC;IAC3B,QAAQ,GAAG,UAAmB,CAAC;IAExC,GAAG,CAAC,GAAgB;QAClB,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;QACtB,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC;QAElC,MAAM,SAAS,GAAK,GAAG,CAAC,SAAS,CAA2B,sBAAsB,CAAC,CAAC;QACpF,MAAM,UAAU,GAAI,GAAG,CAAC,SAAS,CAAmB,aAAa,CAAC,CAAC;QACnE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;QAElD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACvB,CAAC;QAED,8BAA8B;QAC9B,MAAM,iBAAiB,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;QAE5E,uEAAuE;QACvE,MAAM,aAAa,GAAG,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;YAC1D,IAAI,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO,KAAK,CAAC;YAEjE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC7B,MAAM,OAAO,GAAG,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACrE,IAAI,OAAO,CAAC,eAAe;oBAAE,OAAO,KAAK,CAAC;YAC5C,CAAC;YAED,IAAI,uBAAuB,CAAC,SAAS,EAAE,IAAI,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE3D,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,kCAAkC;QAClC,MAAM,KAAK,GAAoB,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxD,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC7B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;YACzB,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC7B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;YACzB,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAC;YACH,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC,CAAC,CAAC;QAEJ,kCAAkC;QAClC,MAAM,UAAU,GAAG,uBAAuB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,oBAAoB,EAAE,SAAS,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QACpI,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrF,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QAED,4DAA4D;QAC5D,MAAM,eAAe,GAAG,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QAC1H,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;YAChC,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAAC;gBAAE,SAAS;YAE9F,MAAM,YAAY,GAAG;gBACnB,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;gBAC/B,IAAI,EAAI,EAAE,IAAI,EAAE,CAAC,CAAC,SAAS,EAAI;gBAC/B,IAAI,EAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;aAClE,CAAC;YACF,IAAI,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC;gBAAE,SAAS;YAE/D,IAAI,IAAI,GAAG,KAAK,CAAC;YACjB,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC1B,IAAI,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,eAAe,EAAE,CAAC;oBAAC,IAAI,GAAG,IAAI,CAAC;oBAAC,MAAM;gBAAC,CAAC;YACnG,CAAC;YACD,IAAI,IAAI;gBAAE,SAAS;YAEnB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;QAED,6CAA6C;QAC7C,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QAC5G,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrF,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,CAAC;IACnB,CAAC;CACF;AAED,8EAA8E;AAC9E,4CAA4C;AAC5C,8EAA8E;AAE9E,SAAS,qBAAqB,CAC5B,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,WAAwB,EACxB,gBAA6B;IAE7B,MAAM,KAAK,GAA+B,EAAE,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,gEAAgE;gBAChE,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;oBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBACD,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC;oBAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;oBAC7E,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC5D,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;wBAC1B,IAAI,MAAM,EAAE,CAAC;4BACX,KAAK,CAAC,IAAI,CAAC;gCACT,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCAC9C,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCAC9C,IAAI,EAAE;oCACJ,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;oCACjE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;iCAClE;gCACD,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK;6BAClC,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;oBACnB,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC;oBAC5B,yDAAyD;oBACzD,MAAM,kBAAkB,GAAG;wBACzB,EAAE,MAAM,EAAE,SAAS,EAAG,EAAE,EAAE,kBAAkB,EAAE;wBAC9C,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,mBAAmB,EAAE;wBAC/C,EAAE,MAAM,EAAE,KAAK,EAAO,EAAE,EAAE,cAAc,EAAE;wBAC1C,EAAE,MAAM,EAAE,MAAM,EAAM,EAAE,EAAE,eAAe,EAAE;wBAC3C,EAAE,MAAM,EAAE,MAAM,EAAM,EAAE,EAAE,eAAe,EAAE;wBAC3C,EAAE,MAAM,EAAE,MAAM,EAAM,EAAE,EAAE,eAAe,EAAE;wBAC3C,EAAE,MAAM,EAAE,SAAS,EAAG,EAAE,EAAE,kBAAkB,EAAE;qBAC/C,CAAC;oBACF,KAAK,MAAM,EAAE,EAAE,EAAE,IAAI,kBAAkB,EAAE,CAAC;wBACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;wBAC7B,IAAI,KAAK,EAAE,CAAC;4BACV,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;4BAC/B,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,IAAI,aAAa,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC;4BAC/F,IAAI,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;gCACxE,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gCAC1B,IAAI,MAAM,EAAE,CAAC;oCACX,KAAK,CAAC,IAAI,CAAC;wCACT,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;wCAC9C,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;wCAC9C,IAAI,EAAE;4CACJ,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;4CACvE,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;yCACxE;wCACD,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK;qCACnC,CAAC,CAAC;gCACL,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,uBAAuB,CAC9B,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,oBAA8C,EAC9C,gBAA6B;IAE7B,MAAM,KAAK,GAA+B,EAAE,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,gEAAgE;gBAChE,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;oBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBACD,MAAM,gBAAgB,GAAG,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBAC3E,IAAI,gBAAgB,EAAE,CAAC;oBACrB,MAAM,SAAS,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;oBACtC,MAAM,QAAQ,GAAI,gBAAgB,CAAC,CAAC,CAAC,CAAC;oBACtC,MAAM,cAAc,GAAG,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;oBAC3D,IAAI,cAAc,EAAE,CAAC;wBACnB,MAAM,SAAS,GAAG,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;wBAC1E,IAAI,SAAS,EAAE,CAAC;4BACd,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;4BAC1B,IAAI,MAAM,EAAE,CAAC;gCACX,KAAK,CAAC,IAAI,CAAC;oCACT,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;oCAC9C,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;oCAC9C,IAAI,EAAE;wCACJ,EAAE,QAAQ,EAAE,SAAS,EAAqB,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;wCACtF,EAAE,QAAQ,EAAE,GAAG,SAAS,IAAI,QAAQ,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;qCACtF;oCACD,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK;iCACnC,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,wBAAwB,CAC/B,KAAwB,EACxB,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,gBAA6B;IAE7B,MAAM,KAAK,GAA+B,EAAE,CAAC;IAE7C,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAwD,CAAC;IAC7F,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAClE,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,SAAS,GAAI,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC5B,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC5B,IAAI,YAAY,GAAG,oBAAoB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACxD,IAAI,CAAC,YAAY,EAAE,CAAC;oBAAC,YAAY,GAAG,IAAI,GAAG,EAAE,CAAC;oBAAC,oBAAoB,CAAC,GAAG,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;gBAAC,CAAC;gBACpG,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,oBAAoB,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAElD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC;YAClC,IAAI,CAAC,UAAU;gBAAE,SAAS;YAC1B,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAChE,IAAI,CAAC,kBAAkB;gBAAE,SAAS;YAElC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,iEAAiE;oBACjE,+EAA+E;oBAC/E,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;wBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAC9C,SAAS;oBACX,CAAC;oBACD,MAAM,WAAW,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACzD,IAAI,WAAW,EAAE,CAAC;wBAChB,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,CAAC,IAAI,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC;wBAChG,IAAI,CAAC,MAAM,EAAE,CAAC;4BACZ,KAAK,CAAC,IAAI,CAAC;gCACT,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCACnD,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCACnD,IAAI,EAAE;oCACJ,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;oCAC3E,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAS,IAAI,EAAE,MAAiB,EAAE;iCAC5E;gCACD,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK;6BACnC,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,wFAAwF;IACxF,KAAK,KAAK,CAAC;IACX,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
1
|
+
{"version":3,"file":"taint-propagation-pass.js","sourceRoot":"","sources":["../../../src/analysis/passes/taint-propagation-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAOH,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AAMtF,MAAM,OAAO,oBAAoB;IACtB,IAAI,GAAG,mBAAmB,CAAC;IAC3B,QAAQ,GAAG,UAAmB,CAAC;IAExC,GAAG,CAAC,GAAgB;QAClB,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;QACtB,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC;QAElC,MAAM,SAAS,GAAK,GAAG,CAAC,SAAS,CAA2B,sBAAsB,CAAC,CAAC;QACpF,MAAM,UAAU,GAAI,GAAG,CAAC,SAAS,CAAmB,aAAa,CAAC,CAAC;QACnE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;QAElD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACvB,CAAC;QAED,8BAA8B;QAC9B,MAAM,iBAAiB,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;QAE5E,uEAAuE;QACvE,MAAM,aAAa,GAAG,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;YAC1D,IAAI,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO,KAAK,CAAC;YAEjE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC7B,MAAM,OAAO,GAAG,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACrE,IAAI,OAAO,CAAC,eAAe;oBAAE,OAAO,KAAK,CAAC;YAC5C,CAAC;YAED,IAAI,uBAAuB,CAAC,SAAS,EAAE,IAAI,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE3D,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,kCAAkC;QAClC,MAAM,KAAK,GAAoB,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxD,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC7B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;YACzB,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC7B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;YACzB,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAC;YACH,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC,CAAC,CAAC;QAEJ,kCAAkC;QAClC,MAAM,UAAU,GAAG,uBAAuB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,oBAAoB,EAAE,SAAS,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QACpI,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrF,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QAED,4DAA4D;QAC5D,MAAM,eAAe,GAAG,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QAC1H,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;YAChC,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAAC;gBAAE,SAAS;YAE9F,MAAM,YAAY,GAAG;gBACnB,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;gBAC/B,IAAI,EAAI,EAAE,IAAI,EAAE,CAAC,CAAC,SAAS,EAAI;gBAC/B,IAAI,EAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;aAClE,CAAC;YACF,IAAI,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC;gBAAE,SAAS;YAE/D,IAAI,IAAI,GAAG,KAAK,CAAC;YACjB,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC1B,IAAI,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,eAAe,EAAE,CAAC;oBAAC,IAAI,GAAG,IAAI,CAAC;oBAAC,MAAM;gBAAC,CAAC;YACnG,CAAC;YACD,IAAI,IAAI;gBAAE,SAAS;YAEnB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;QAED,6CAA6C;QAC7C,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QAC5G,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrF,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QAED,wEAAwE;QACxE,EAAE;QACF,6DAA6D;QAC7D,0EAA0E;QAC1E,2EAA2E;QAC3E,oDAAoD;QACpD,gEAAgE;QAChE,wEAAwE;QACxE,uDAAuD;QACvD,EAAE;QACF,mEAAmE;QACnE,0EAA0E;QAC1E,iEAAiE;QACjE,oEAAoE;QACpE,uEAAuE;QACvE,0EAA0E;QAC1E,uEAAuE;QACvE,MAAM,aAAa,GAAG,yBAAyB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QACzG,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;YAC9B,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACjB,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW;gBAC/B,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS;gBAC3B,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAC5B;gBAAE,SAAS;YAEZ,MAAM,YAAY,GAAG;gBACnB,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;gBAC/B,IAAI,EAAI,EAAE,IAAI,EAAE,CAAC,CAAC,SAAS,EAAI;gBAC/B,IAAI,EAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;aAClE,CAAC;YACF,IAAI,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC;gBAAE,SAAS;YAE/D,IAAI,IAAI,GAAG,KAAK,CAAC;YACjB,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC1B,IAAI,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,eAAe,EAAE,CAAC;oBAAC,IAAI,GAAG,IAAI,CAAC;oBAAC,MAAM;gBAAC,CAAC;YACnG,CAAC;YACD,IAAI,IAAI;gBAAE,SAAS;YAEnB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,CAAC;IACnB,CAAC;CACF;AAED,8EAA8E;AAC9E,4CAA4C;AAC5C,8EAA8E;AAE9E,SAAS,qBAAqB,CAC5B,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,WAAwB,EACxB,gBAA6B;IAE7B,MAAM,KAAK,GAA+B,EAAE,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,gEAAgE;gBAChE,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;oBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBACD,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC;oBAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;oBAC7E,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC5D,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;wBAC1B,IAAI,MAAM,EAAE,CAAC;4BACX,KAAK,CAAC,IAAI,CAAC;gCACT,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCAC9C,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCAC9C,IAAI,EAAE;oCACJ,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;oCACjE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;iCAClE;gCACD,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK;6BAClC,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;oBACnB,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC;oBAC5B,yDAAyD;oBACzD,MAAM,kBAAkB,GAAG;wBACzB,EAAE,MAAM,EAAE,SAAS,EAAG,EAAE,EAAE,kBAAkB,EAAE;wBAC9C,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,mBAAmB,EAAE;wBAC/C,EAAE,MAAM,EAAE,KAAK,EAAO,EAAE,EAAE,cAAc,EAAE;wBAC1C,EAAE,MAAM,EAAE,MAAM,EAAM,EAAE,EAAE,eAAe,EAAE;wBAC3C,EAAE,MAAM,EAAE,MAAM,EAAM,EAAE,EAAE,eAAe,EAAE;wBAC3C,EAAE,MAAM,EAAE,MAAM,EAAM,EAAE,EAAE,eAAe,EAAE;wBAC3C,EAAE,MAAM,EAAE,SAAS,EAAG,EAAE,EAAE,kBAAkB,EAAE;qBAC/C,CAAC;oBACF,KAAK,MAAM,EAAE,EAAE,EAAE,IAAI,kBAAkB,EAAE,CAAC;wBACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;wBAC7B,IAAI,KAAK,EAAE,CAAC;4BACV,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;4BAC/B,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,IAAI,aAAa,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC;4BAC/F,IAAI,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;gCACxE,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gCAC1B,IAAI,MAAM,EAAE,CAAC;oCACX,KAAK,CAAC,IAAI,CAAC;wCACT,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;wCAC9C,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;wCAC9C,IAAI,EAAE;4CACJ,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;4CACvE,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;yCACxE;wCACD,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK;qCACnC,CAAC,CAAC;gCACL,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,uBAAuB,CAC9B,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,oBAA8C,EAC9C,gBAA6B;IAE7B,MAAM,KAAK,GAA+B,EAAE,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,gEAAgE;gBAChE,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;oBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBACD,MAAM,gBAAgB,GAAG,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBAC3E,IAAI,gBAAgB,EAAE,CAAC;oBACrB,MAAM,SAAS,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;oBACtC,MAAM,QAAQ,GAAI,gBAAgB,CAAC,CAAC,CAAC,CAAC;oBACtC,MAAM,cAAc,GAAG,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;oBAC3D,IAAI,cAAc,EAAE,CAAC;wBACnB,MAAM,SAAS,GAAG,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;wBAC1E,IAAI,SAAS,EAAE,CAAC;4BACd,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;4BAC1B,IAAI,MAAM,EAAE,CAAC;gCACX,KAAK,CAAC,IAAI,CAAC;oCACT,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;oCAC9C,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;oCAC9C,IAAI,EAAE;wCACJ,EAAE,QAAQ,EAAE,SAAS,EAAqB,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;wCACtF,EAAE,QAAQ,EAAE,GAAG,SAAS,IAAI,QAAQ,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;qCACtF;oCACD,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK;iCACnC,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,wBAAwB,CAC/B,KAAwB,EACxB,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,gBAA6B;IAE7B,MAAM,KAAK,GAA+B,EAAE,CAAC;IAE7C,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAwD,CAAC;IAC7F,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAClE,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,SAAS,GAAI,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC5B,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC5B,IAAI,YAAY,GAAG,oBAAoB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACxD,IAAI,CAAC,YAAY,EAAE,CAAC;oBAAC,YAAY,GAAG,IAAI,GAAG,EAAE,CAAC;oBAAC,oBAAoB,CAAC,GAAG,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;gBAAC,CAAC;gBACpG,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,oBAAoB,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAElD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC;YAClC,IAAI,CAAC,UAAU;gBAAE,SAAS;YAC1B,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAChE,IAAI,CAAC,kBAAkB;gBAAE,SAAS;YAElC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,iEAAiE;oBACjE,+EAA+E;oBAC/E,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;wBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAC9C,SAAS;oBACX,CAAC;oBACD,MAAM,WAAW,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACzD,IAAI,WAAW,EAAE,CAAC;wBAChB,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,CAAC,IAAI,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC;wBAChG,IAAI,CAAC,MAAM,EAAE,CAAC;4BACZ,KAAK,CAAC,IAAI,CAAC;gCACT,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCACnD,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCACnD,IAAI,EAAE;oCACJ,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;oCAC3E,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAS,IAAI,EAAE,MAAiB,EAAE;iCAC5E;gCACD,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK;6BACnC,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,wFAAwF;IACxF,KAAK,KAAK,CAAC;IACX,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,SAAS,yBAAyB,CAChC,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,gBAA6B;IAE7B,MAAM,KAAK,GAA+B,EAAE,CAAC;IAE7C,0EAA0E;IAC1E,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAwC,EAAE,CAChF,OAAO,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CACxD,CAAC;IACF,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAE9C,gEAAgE;IAChE,wEAAwE;IACxE,+EAA+E;IAC/E,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;YAAE,SAAS;QACtC,MAAM,OAAO,GAAG,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAClE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,MAAM,CAAC,MAAM,OAAO,KAAK,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,iDAAiD;IACjD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,mEAAmE;gBACnE,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;oBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBACD,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC;gBAC5B,IAAI,CAAC,IAAI;oBAAE,SAAS;gBAEpB,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;oBACpC,0DAA0D;oBAC1D,IAAI,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI;wBAAE,SAAS;oBAEvC,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;oBACxC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;wBAAE,SAAS;oBAEpC,kEAAkE;oBAClE,8DAA8D;oBAC9D,6DAA6D;oBAC7D,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACjB,CAAC,CAAC,WAAW,KAAK,MAAM,CAAC,IAAI;wBAC7B,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,IAAI;wBACzB,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,IAAI,CAC1B;wBAAE,SAAS;oBAEZ,KAAK,CAAC,IAAI,CAAC;wBACT,WAAW,EAAE,MAAM,CAAC,IAAI;wBACxB,SAAS,EAAI,IAAI,CAAC,IAAI;wBACtB,WAAW,EAAE,MAAM,CAAC,IAAI;wBACxB,SAAS,EAAI,IAAI,CAAC,IAAI;wBACtB,IAAI,EAAE;4BACJ,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;4BACzE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;yBAC1E;wBACD,UAAU,EAAE,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,GAAG,GAAG;wBACrD,SAAS,EAAE,KAAK;qBACjB,CAAC,CAAC;oBACH,MAAM,CAAC,+BAA+B;gBACxC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -11121,6 +11121,32 @@ var DEFAULT_SINKS = [
|
|
|
11121
11121
|
{ method: "parse", class: "GroovyShell", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
11122
11122
|
{ method: "parseClass", class: "GroovyClassLoader", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
11123
11123
|
{ method: "run", class: "GroovyScriptEngine", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
11124
|
+
// Jenkins script-security plugin — Groovy sandbox attack surface (issue #17, CVE-2023-24422).
|
|
11125
|
+
// The sandbox is a documented-bypassable security control; the dispatch points that
|
|
11126
|
+
// route tainted Groovy through the sandbox runtime are code-injection sinks, not
|
|
11127
|
+
// sanitizers. SandboxInterceptor.onNewInstance already lives in command_injection above;
|
|
11128
|
+
// these add the missing dispatch surface plus the parent GroovyInterceptor class and
|
|
11129
|
+
// the AST transformer / outer GroovySandbox wrapper.
|
|
11130
|
+
{ method: "onMethodCall", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11131
|
+
{ method: "onStaticCall", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11132
|
+
{ method: "onGetProperty", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11133
|
+
{ method: "onSetProperty", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11134
|
+
{ method: "onGetAttribute", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11135
|
+
{ method: "onSetAttribute", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11136
|
+
{ method: "onMethodPointer", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11137
|
+
{ method: "onSuperCall", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11138
|
+
{ method: "onSuperConstructor", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11139
|
+
// Parent class — some plugins extend GroovyInterceptor directly.
|
|
11140
|
+
{ method: "onMethodCall", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11141
|
+
{ method: "onNewInstance", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11142
|
+
{ method: "onStaticCall", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11143
|
+
{ method: "onGetProperty", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11144
|
+
{ method: "onSetProperty", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11145
|
+
// AST transformer — converts unsafe Groovy AST into interceptor callbacks; bypasses target this.
|
|
11146
|
+
{ method: "call", class: "SandboxTransformer", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11147
|
+
// GroovySandbox.runInSandbox — Jenkins script-security outer wrapper (real API; the
|
|
11148
|
+
// "sandbox" entry in command.yaml is fictional).
|
|
11149
|
+
{ method: "runInSandbox", class: "GroovySandbox", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
11124
11150
|
// JavaScript engine (Nashorn/Rhino)
|
|
11125
11151
|
{ method: "eval", class: "Bindings", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
11126
11152
|
{ method: "eval", class: "ScriptContext", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
@@ -21993,6 +22019,27 @@ var TaintPropagationPass = class {
|
|
|
21993
22019
|
flows.push(f);
|
|
21994
22020
|
}
|
|
21995
22021
|
}
|
|
22022
|
+
const exprScanFlows = detectExpressionScanFlows(calls, sources, sinks, constProp.unreachableLines) ?? [];
|
|
22023
|
+
for (const f of exprScanFlows) {
|
|
22024
|
+
if (flows.some(
|
|
22025
|
+
(x) => x.source_line === f.source_line && x.sink_line === f.sink_line && x.sink_type === f.sink_type
|
|
22026
|
+
)) continue;
|
|
22027
|
+
const flowForCheck = {
|
|
22028
|
+
source: { line: f.source_line },
|
|
22029
|
+
sink: { line: f.sink_line },
|
|
22030
|
+
path: f.path.map((p) => ({ variable: p.variable, line: p.line }))
|
|
22031
|
+
};
|
|
22032
|
+
if (isCorrelatedPredicateFP(constProp, flowForCheck)) continue;
|
|
22033
|
+
let isFP = false;
|
|
22034
|
+
for (const step of f.path) {
|
|
22035
|
+
if (isFalsePositive(constProp, step.line, step.variable).isFalsePositive) {
|
|
22036
|
+
isFP = true;
|
|
22037
|
+
break;
|
|
22038
|
+
}
|
|
22039
|
+
}
|
|
22040
|
+
if (isFP) continue;
|
|
22041
|
+
flows.push(f);
|
|
22042
|
+
}
|
|
21996
22043
|
return { flows };
|
|
21997
22044
|
}
|
|
21998
22045
|
};
|
|
@@ -22184,6 +22231,60 @@ function detectParameterSinkFlows(types, calls, sources, sinks, unreachableLines
|
|
|
22184
22231
|
void types;
|
|
22185
22232
|
return flows;
|
|
22186
22233
|
}
|
|
22234
|
+
function detectExpressionScanFlows(calls, sources, sinks, unreachableLines) {
|
|
22235
|
+
const flows = [];
|
|
22236
|
+
const sourcesWithVar = sources.filter(
|
|
22237
|
+
(s) => typeof s.variable === "string" && s.variable.length > 0
|
|
22238
|
+
);
|
|
22239
|
+
if (sourcesWithVar.length === 0) return flows;
|
|
22240
|
+
const reCache = /* @__PURE__ */ new Map();
|
|
22241
|
+
for (const s of sourcesWithVar) {
|
|
22242
|
+
if (reCache.has(s.variable)) continue;
|
|
22243
|
+
const escaped = s.variable.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
|
|
22244
|
+
reCache.set(s.variable, new RegExp(`\\b${escaped}\\b`));
|
|
22245
|
+
}
|
|
22246
|
+
const callsByLine = /* @__PURE__ */ new Map();
|
|
22247
|
+
for (const call of calls) {
|
|
22248
|
+
const existing = callsByLine.get(call.location.line) ?? [];
|
|
22249
|
+
existing.push(call);
|
|
22250
|
+
callsByLine.set(call.location.line, existing);
|
|
22251
|
+
}
|
|
22252
|
+
for (const sink of sinks) {
|
|
22253
|
+
if (unreachableLines.has(sink.line)) continue;
|
|
22254
|
+
const callsAtSink = callsByLine.get(sink.line) ?? [];
|
|
22255
|
+
for (const call of callsAtSink) {
|
|
22256
|
+
for (const arg of call.arguments) {
|
|
22257
|
+
if (sink.argPositions && sink.argPositions.length > 0 && !sink.argPositions.includes(arg.position)) {
|
|
22258
|
+
continue;
|
|
22259
|
+
}
|
|
22260
|
+
const expr = arg.expression;
|
|
22261
|
+
if (!expr) continue;
|
|
22262
|
+
for (const source of sourcesWithVar) {
|
|
22263
|
+
if (source.line >= sink.line) continue;
|
|
22264
|
+
const re = reCache.get(source.variable);
|
|
22265
|
+
if (!re || !re.test(expr)) continue;
|
|
22266
|
+
if (flows.some(
|
|
22267
|
+
(f) => f.source_line === source.line && f.sink_line === sink.line && f.sink_type === sink.type
|
|
22268
|
+
)) continue;
|
|
22269
|
+
flows.push({
|
|
22270
|
+
source_line: source.line,
|
|
22271
|
+
sink_line: sink.line,
|
|
22272
|
+
source_type: source.type,
|
|
22273
|
+
sink_type: sink.type,
|
|
22274
|
+
path: [
|
|
22275
|
+
{ variable: source.variable, line: source.line, type: "source" },
|
|
22276
|
+
{ variable: source.variable, line: sink.line, type: "sink" }
|
|
22277
|
+
],
|
|
22278
|
+
confidence: source.confidence * sink.confidence * 0.7,
|
|
22279
|
+
sanitized: false
|
|
22280
|
+
});
|
|
22281
|
+
break;
|
|
22282
|
+
}
|
|
22283
|
+
}
|
|
22284
|
+
}
|
|
22285
|
+
}
|
|
22286
|
+
return flows;
|
|
22287
|
+
}
|
|
22187
22288
|
|
|
22188
22289
|
// src/analysis/passes/interprocedural-pass.ts
|
|
22189
22290
|
var InterproceduralPass = class {
|
|
@@ -10536,6 +10536,32 @@ var DEFAULT_SINKS = [
|
|
|
10536
10536
|
{ method: "parse", class: "GroovyShell", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
10537
10537
|
{ method: "parseClass", class: "GroovyClassLoader", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
10538
10538
|
{ method: "run", class: "GroovyScriptEngine", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
10539
|
+
// Jenkins script-security plugin — Groovy sandbox attack surface (issue #17, CVE-2023-24422).
|
|
10540
|
+
// The sandbox is a documented-bypassable security control; the dispatch points that
|
|
10541
|
+
// route tainted Groovy through the sandbox runtime are code-injection sinks, not
|
|
10542
|
+
// sanitizers. SandboxInterceptor.onNewInstance already lives in command_injection above;
|
|
10543
|
+
// these add the missing dispatch surface plus the parent GroovyInterceptor class and
|
|
10544
|
+
// the AST transformer / outer GroovySandbox wrapper.
|
|
10545
|
+
{ method: "onMethodCall", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10546
|
+
{ method: "onStaticCall", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10547
|
+
{ method: "onGetProperty", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10548
|
+
{ method: "onSetProperty", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10549
|
+
{ method: "onGetAttribute", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10550
|
+
{ method: "onSetAttribute", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10551
|
+
{ method: "onMethodPointer", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10552
|
+
{ method: "onSuperCall", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10553
|
+
{ method: "onSuperConstructor", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10554
|
+
// Parent class — some plugins extend GroovyInterceptor directly.
|
|
10555
|
+
{ method: "onMethodCall", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10556
|
+
{ method: "onNewInstance", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10557
|
+
{ method: "onStaticCall", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10558
|
+
{ method: "onGetProperty", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10559
|
+
{ method: "onSetProperty", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10560
|
+
// AST transformer — converts unsafe Groovy AST into interceptor callbacks; bypasses target this.
|
|
10561
|
+
{ method: "call", class: "SandboxTransformer", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10562
|
+
// GroovySandbox.runInSandbox — Jenkins script-security outer wrapper (real API; the
|
|
10563
|
+
// "sandbox" entry in command.yaml is fictional).
|
|
10564
|
+
{ method: "runInSandbox", class: "GroovySandbox", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10539
10565
|
// JavaScript engine (Nashorn/Rhino)
|
|
10540
10566
|
{ method: "eval", class: "Bindings", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
10541
10567
|
{ method: "eval", class: "ScriptContext", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
@@ -10471,6 +10471,32 @@ var DEFAULT_SINKS = [
|
|
|
10471
10471
|
{ method: "parse", class: "GroovyShell", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
10472
10472
|
{ method: "parseClass", class: "GroovyClassLoader", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
10473
10473
|
{ method: "run", class: "GroovyScriptEngine", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
10474
|
+
// Jenkins script-security plugin — Groovy sandbox attack surface (issue #17, CVE-2023-24422).
|
|
10475
|
+
// The sandbox is a documented-bypassable security control; the dispatch points that
|
|
10476
|
+
// route tainted Groovy through the sandbox runtime are code-injection sinks, not
|
|
10477
|
+
// sanitizers. SandboxInterceptor.onNewInstance already lives in command_injection above;
|
|
10478
|
+
// these add the missing dispatch surface plus the parent GroovyInterceptor class and
|
|
10479
|
+
// the AST transformer / outer GroovySandbox wrapper.
|
|
10480
|
+
{ method: "onMethodCall", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10481
|
+
{ method: "onStaticCall", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10482
|
+
{ method: "onGetProperty", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10483
|
+
{ method: "onSetProperty", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10484
|
+
{ method: "onGetAttribute", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10485
|
+
{ method: "onSetAttribute", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10486
|
+
{ method: "onMethodPointer", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10487
|
+
{ method: "onSuperCall", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10488
|
+
{ method: "onSuperConstructor", class: "SandboxInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10489
|
+
// Parent class — some plugins extend GroovyInterceptor directly.
|
|
10490
|
+
{ method: "onMethodCall", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10491
|
+
{ method: "onNewInstance", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10492
|
+
{ method: "onStaticCall", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10493
|
+
{ method: "onGetProperty", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10494
|
+
{ method: "onSetProperty", class: "GroovyInterceptor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10495
|
+
// AST transformer — converts unsafe Groovy AST into interceptor callbacks; bypasses target this.
|
|
10496
|
+
{ method: "call", class: "SandboxTransformer", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10497
|
+
// GroovySandbox.runInSandbox — Jenkins script-security outer wrapper (real API; the
|
|
10498
|
+
// "sandbox" entry in command.yaml is fictional).
|
|
10499
|
+
{ method: "runInSandbox", class: "GroovySandbox", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [] },
|
|
10474
10500
|
// JavaScript engine (Nashorn/Rhino)
|
|
10475
10501
|
{ method: "eval", class: "Bindings", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
10476
10502
|
{ method: "eval", class: "ScriptContext", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "circle-ir",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.36.0",
|
|
4
4
|
"description": "High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.js",
|