circle-ir 3.4.0 → 3.8.0

package/dist/languages/plugins/bash.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Bash/Shell Language Plugin
+ *
+ * Provides Bash-specific AST handling and taint patterns for Shell scripts.
+ */
+import type { Node as SyntaxNode } from 'web-tree-sitter';
+import type { TypeInfo, CallInfo, ImportInfo } from '../../types/index.js';
+import type { LanguageNodeTypes, ExtractionContext, FrameworkInfo, TaintSourcePattern, TaintSinkPattern } from '../types.js';
+import { BaseLanguagePlugin } from './base.js';
+/**
+ * Bash/Shell language plugin implementation.
+ */
+export declare class BashPlugin extends BaseLanguagePlugin {
+    readonly id: "bash";
+    readonly name = "Bash/Shell";
+    readonly extensions: string[];
+    readonly wasmPath = "tree-sitter-bash.wasm";
+    readonly nodeTypes: LanguageNodeTypes;
+    /**
+     * Shell scripts don't have a formal framework concept.
+     */
+    detectFramework(_context: ExtractionContext): FrameworkInfo | undefined;
+    /**
+     * Bash taint source patterns.
+     * In shell, tainted data enters via `read` (stdin).
+     * curl/wget are excluded as sources (see comment in implementation).
+     */
+    getBuiltinSources(): TaintSourcePattern[];
+    /**
+     * Bash taint sink patterns.
+     * Key sinks: eval (CWE-94), bash/sh -c (CWE-78), DB clients (CWE-89),
+     * file operations (CWE-22), SSRF via curl/wget (CWE-918).
+     */
+    getBuiltinSinks(): TaintSinkPattern[];
+    /**
+     * Shell has no OOP receiver types.
+     */
+    getReceiverType(_node: SyntaxNode, _context: ExtractionContext): string | undefined;
+    /**
+     * Bash string literals: quoted strings and raw ($'...') strings.
+     */
+    isStringLiteral(node: SyntaxNode): boolean;
+    /**
+     * Extract string value from bash string literal, stripping quotes.
+     */
+    getStringValue(node: SyntaxNode): string | undefined;
+    extractTypes(_context: ExtractionContext): TypeInfo[];
+    extractCalls(_context: ExtractionContext): CallInfo[];
+    extractImports(_context: ExtractionContext): ImportInfo[];
+    extractPackage(_context: ExtractionContext): string | undefined;
+}

package/dist/languages/plugins/bash.js

@@ -0,0 +1,243 @@
+/**
+ * Bash/Shell Language Plugin
+ *
+ * Provides Bash-specific AST handling and taint patterns for Shell scripts.
+ */
+import { BaseLanguagePlugin } from './base.js';
+/**
+ * Bash/Shell language plugin implementation.
+ */
+export class BashPlugin extends BaseLanguagePlugin {
+    id = 'bash';
+    name = 'Bash/Shell';
+    extensions = ['.sh', '.bash', '.zsh', '.ksh'];
+    wasmPath = 'tree-sitter-bash.wasm';
+    nodeTypes = {
+        // Type declarations — shell has no OOP types
+        classDeclaration: [],
+        interfaceDeclaration: [],
+        enumDeclaration: [],
+        functionDeclaration: ['function_definition'],
+        methodDeclaration: ['function_definition'],
+        // Expressions — commands are treated as calls
+        methodCall: ['command'],
+        functionCall: ['command'],
+        assignment: ['variable_assignment'],
+        variableDeclaration: ['variable_assignment', 'declaration_command'],
+        // Parameters and arguments — positional args are child words
+        parameter: [],
+        argument: [],
+        // Annotations/decorators — none in shell
+        annotation: [],
+        decorator: [],
+        // Imports — shell uses `source` / `.` but no formal import system
+        importStatement: [],
+        // Control flow
+        ifStatement: ['if_statement'],
+        forStatement: ['for_statement', 'c_style_for_statement'],
+        whileStatement: ['while_statement'],
+        tryStatement: [],
+        returnStatement: [],
+    };
+    /**
+     * Shell scripts don't have a formal framework concept.
+     */
+    detectFramework(_context) {
+        return undefined;
+    }
+    /**
+     * Bash taint source patterns.
+     * In shell, tainted data enters via `read` (stdin).
+     * curl/wget are excluded as sources (see comment in implementation).
+     */
+    getBuiltinSources() {
+        return [
+            // read built-in reads user input from stdin.
+            // curl/wget are intentionally excluded: they're also registered as sinks (SSRF),
+            // and without DFG tracking of $() command substitution, including them as sources
+            // would generate false positives for safe curl calls.
+            {
+                method: 'read',
+                type: 'io_input',
+                severity: 'high',
+                confidence: 0.9,
+                returnTainted: true,
+            },
+        ];
+    }
+    /**
+     * Bash taint sink patterns.
+     * Key sinks: eval (CWE-94), bash/sh -c (CWE-78), DB clients (CWE-89),
+     * file operations (CWE-22), SSRF via curl/wget (CWE-918).
+     */
+    getBuiltinSinks() {
+        return [
+            // Code / command injection via eval
+            {
+                method: 'eval',
+                type: 'code_injection',
+                cwe: 'CWE-94',
+                severity: 'critical',
+                argPositions: [0],
+            },
+            // Command injection: spawning a sub-shell with -c flag
+            {
+                method: 'bash',
+                type: 'command_injection',
+                cwe: 'CWE-78',
+                severity: 'critical',
+                argPositions: [1],
+            },
+            {
+                method: 'sh',
+                type: 'command_injection',
+                cwe: 'CWE-78',
+                severity: 'critical',
+                argPositions: [1],
+            },
+            {
+                method: 'zsh',
+                type: 'command_injection',
+                cwe: 'CWE-78',
+                severity: 'critical',
+                argPositions: [1],
+            },
+            {
+                method: 'ksh',
+                type: 'command_injection',
+                cwe: 'CWE-78',
+                severity: 'critical',
+                argPositions: [1],
+            },
+            // SQL injection via DB CLI clients (first arg is query/expression)
+            {
+                method: 'mysql',
+                type: 'sql_injection',
+                cwe: 'CWE-89',
+                severity: 'critical',
+                argPositions: [1],
+            },
+            {
+                method: 'psql',
+                type: 'sql_injection',
+                cwe: 'CWE-89',
+                severity: 'critical',
+                argPositions: [1],
+            },
+            {
+                method: 'sqlite3',
+                type: 'sql_injection',
+                cwe: 'CWE-89',
+                severity: 'critical',
+                argPositions: [1],
+            },
+            // Path traversal via file operations (first arg is path)
+            {
+                method: 'cat',
+                type: 'path_traversal',
+                cwe: 'CWE-22',
+                severity: 'high',
+                argPositions: [0],
+            },
+            {
+                method: 'rm',
+                type: 'path_traversal',
+                cwe: 'CWE-22',
+                severity: 'high',
+                argPositions: [0],
+            },
+            {
+                method: 'cp',
+                type: 'path_traversal',
+                cwe: 'CWE-22',
+                severity: 'high',
+                argPositions: [0],
+            },
+            {
+                method: 'mv',
+                type: 'path_traversal',
+                cwe: 'CWE-22',
+                severity: 'high',
+                argPositions: [0],
+            },
+            {
+                method: 'chmod',
+                type: 'path_traversal',
+                cwe: 'CWE-22',
+                severity: 'medium',
+                argPositions: [1],
+            },
+            {
+                method: 'chown',
+                type: 'path_traversal',
+                cwe: 'CWE-22',
+                severity: 'medium',
+                argPositions: [1],
+            },
+            // SSRF — curl/wget with externally-controlled URL
+            {
+                method: 'curl',
+                type: 'ssrf',
+                cwe: 'CWE-918',
+                severity: 'high',
+                argPositions: [0],
+            },
+            {
+                method: 'wget',
+                type: 'ssrf',
+                cwe: 'CWE-918',
+                severity: 'high',
+                argPositions: [0],
+            },
+        ];
+    }
+    /**
+     * Shell has no OOP receiver types.
+     */
+    getReceiverType(_node, _context) {
+        return undefined;
+    }
+    /**
+     * Bash string literals: quoted strings and raw ($'...') strings.
+     */
+    isStringLiteral(node) {
+        return (node.type === 'string' ||
+            node.type === 'raw_string' ||
+            node.type === 'ansi_c_string');
+    }
+    /**
+     * Extract string value from bash string literal, stripping quotes.
+     */
+    getStringValue(node) {
+        if (!this.isStringLiteral(node))
+            return undefined;
+        const text = node.text;
+        // raw_string: 'content' → strip single quotes
+        if (node.type === 'raw_string') {
+            return text.slice(1, -1);
+        }
+        // ansi_c_string: $'content' → strip $' and '
+        if (node.type === 'ansi_c_string') {
+            return text.slice(2, -1);
+        }
+        // string: "content" → strip double quotes
+        const match = text.match(/^"(.*)"$/s);
+        if (match)
+            return match[1];
+        return text;
+    }
+    // Extraction methods — delegate to base extractors via generic walker
+    extractTypes(_context) {
+        return [];
+    }
+    extractCalls(_context) {
+        return [];
+    }
+    extractImports(_context) {
+        return [];
+    }
+    extractPackage(_context) {
+        return undefined;
+    }
+}
+//# sourceMappingURL=bash.js.map

package/dist/languages/plugins/bash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bash.js","sourceRoot":"","sources":["../../../src/languages/plugins/bash.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAeH,OAAO,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAE/C;;GAEG;AACH,MAAM,OAAO,UAAW,SAAQ,kBAAkB;IACvC,EAAE,GAAG,MAAe,CAAC;IACrB,IAAI,GAAG,YAAY,CAAC;IACpB,UAAU,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9C,QAAQ,GAAG,uBAAuB,CAAC;IAEnC,SAAS,GAAsB;QACtC,6CAA6C;QAC7C,gBAAgB,EAAE,EAAE;QACpB,oBAAoB,EAAE,EAAE;QACxB,eAAe,EAAE,EAAE;QACnB,mBAAmB,EAAE,CAAC,qBAAqB,CAAC;QAC5C,iBAAiB,EAAE,CAAC,qBAAqB,CAAC;QAE1C,8CAA8C;QAC9C,UAAU,EAAE,CAAC,SAAS,CAAC;QACvB,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,UAAU,EAAE,CAAC,qBAAqB,CAAC;QACnC,mBAAmB,EAAE,CAAC,qBAAqB,EAAE,qBAAqB,CAAC;QAEnE,6DAA6D;QAC7D,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE,EAAE;QAEZ,yCAAyC;QACzC,UAAU,EAAE,EAAE;QACd,SAAS,EAAE,EAAE;QAEb,kEAAkE;QAClE,eAAe,EAAE,EAAE;QAEnB,eAAe;QACf,WAAW,EAAE,CAAC,cAAc,CAAC;QAC7B,YAAY,EAAE,CAAC,eAAe,EAAE,uBAAuB,CAAC;QACxD,cAAc,EAAE,CAAC,iBAAiB,CAAC;QACnC,YAAY,EAAE,EAAE;QAChB,eAAe,EAAE,EAAE;KACpB,CAAC;IAEF;;OAEG;IACH,eAAe,CAAC,QAA2B;QACzC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;OAIG;IACH,iBAAiB;QACf,OAAO;YACL,6CAA6C;YAC7C,iFAAiF;YACjF,kFAAkF;YAClF,sDAAsD;YACtD;gBACE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,aAAa,EAAE,IAAI;aACpB;SACF,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,eAAe;QACb,OAAO;YACL,oCAAoC;YACpC;gBACE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,uDAAuD;YACvD;gBACE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,mBAAmB;gBACzB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,IAAI;gBACZ,IAAI,EAAE,mBAAmB;gBACzB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,mBAAmB;gBACzB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,mBAAmB;gBACzB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,mEAAmE;YACnE;gBACE,MAAM,EAAE,OAAO;gBACf,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,SAAS;gBACjB,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,yDAAyD;YACzD;gBACE,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,IAAI;gBACZ,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,IAAI;gBACZ,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,IAAI;gBACZ,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,OAAO;gBACf,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,QAAQ;gBAClB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,OAAO;gBACf,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,QAAQ;gBAClB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YAED,kDAAkD;YAClD;gBACE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,MAAM;gBACZ,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;YACD;gBACE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,MAAM;gBACZ,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,YAAY,EAAE,CAAC,CAAC,CAAC;aAClB;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,KAAiB,EAAE,QAA2B;QAC5D,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,IAAgB;QAC9B,OAAO,CACL,IAAI,CAAC,IAAI,KAAK,QAAQ;YACtB,IAAI,CAAC,IAAI,KAAK,YAAY;YAC1B,IAAI,CAAC,IAAI,KAAK,eAAe,CAC9B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,IAAgB;QAC7B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC;YAAE,OAAO,SAAS,CAAC;QAElD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACvB,8CAA8C;QAC9C,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QACD,6CAA6C;QAC7C,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QACD,0CAA0C;QAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;QAE3B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sEAAsE;IAEtE,YAAY,CAAC,QAA2B;QACtC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,YAAY,CAAC,QAA2B;QACtC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,cAAc,CAAC,QAA2B;QACxC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,cAAc,CAAC,QAA2B;QACxC,OAAO,SAAS,CAAC;IACnB,CAAC;CACF"}

package/dist/languages/plugins/index.d.ts

@@ -7,6 +7,7 @@ export { JavaPlugin } from './java.js';
 export { JavaScriptPlugin } from './javascript.js';
 export { PythonPlugin } from './python.js';
 export { RustPlugin } from './rust.js';
+export { BashPlugin } from './bash.js';
 /**
  * Register all built-in language plugins with the global registry.
  * Call this during analyzer initialization.

package/dist/languages/plugins/index.js

@@ -7,11 +7,13 @@ export { JavaPlugin } from './java.js';
 export { JavaScriptPlugin } from './javascript.js';
 export { PythonPlugin } from './python.js';
 export { RustPlugin } from './rust.js';
+export { BashPlugin } from './bash.js';
 import { registerLanguage } from '../registry.js';
 import { JavaPlugin } from './java.js';
 import { JavaScriptPlugin } from './javascript.js';
 import { PythonPlugin } from './python.js';
 import { RustPlugin } from './rust.js';
+import { BashPlugin } from './bash.js';
 /**
  * Register all built-in language plugins with the global registry.
  * Call this during analyzer initialization.
@@ -21,5 +23,6 @@ export function registerBuiltinPlugins() {
     registerLanguage(new JavaScriptPlugin());
     registerLanguage(new PythonPlugin());
     registerLanguage(new RustPlugin());
+    registerLanguage(new BashPlugin());
 }
 //# sourceMappingURL=index.js.map

package/dist/languages/plugins/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/languages/plugins/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC;;;GAGG;AACH,MAAM,UAAU,sBAAsB;IACpC,gBAAgB,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC;IACnC,gBAAgB,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACzC,gBAAgB,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC;IACrC,gBAAgB,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC;AACrC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/languages/plugins/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC;;;GAGG;AACH,MAAM,UAAU,sBAAsB;IACpC,gBAAgB,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC;IACnC,gBAAgB,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACzC,gBAAgB,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC;IACrC,gBAAgB,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC;IACnC,gBAAgB,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC;AACrC,CAAC"}

package/dist/languages/types.d.ts

@@ -9,7 +9,7 @@ import type { TypeInfo, CallInfo, ImportInfo } from '../types/index.js';
 /**
  * Supported languages for analysis
  */
-export type SupportedLanguage = 'java' | 'javascript' | 'typescript' | 'python' | 'rust';
+export type SupportedLanguage = 'java' | 'c' | 'cpp' | 'javascript' | 'typescript' | 'python' | 'rust' | 'bash';
 /**
  * AST node type mappings for a language
  */

package/dist/types/index.d.ts

@@ -3,7 +3,7 @@
  *
  * These types conform to docs/SPEC.md
  */
-export type SupportedLanguage = "java" | "c" | "cpp" | "javascript" | "typescript" | "python" | "rust";
+export type SupportedLanguage = "java" | "c" | "cpp" | "javascript" | "typescript" | "python" | "rust" | "bash";
 export interface Meta {
     circle_ir: "3.0";
     file: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "circle-ir",
-  "version": "3.4.0",
+  "version": "3.8.0",
   "description": "High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis",
   "main": "dist/index.js",
   "module": "dist/index.js",
@@ -95,6 +95,7 @@
     "@types/unzipper": "^0.10.11",
     "@vitest/coverage-v8": "^3.0.0",
     "esbuild": "^0.27.2",
+    "tree-sitter-bash": "^0.25.1",
     "tree-sitter-java": "^0.23.5",
     "tree-sitter-python": "^0.25.0",
     "tree-sitter-rust": "^0.24.0",