circle-ir 3.41.0 → 3.42.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/configs/sinks/sql.yaml +22 -22
- package/dist/analysis/config-loader.d.ts.map +1 -1
- package/dist/analysis/config-loader.js +17 -0
- package/dist/analysis/config-loader.js.map +1 -1
- package/dist/analysis/findings.js +7 -7
- package/dist/analysis/findings.js.map +1 -1
- package/dist/analysis/rules.d.ts.map +1 -1
- package/dist/analysis/rules.js +9 -0
- package/dist/analysis/rules.js.map +1 -1
- package/dist/analysis/taint-matcher.d.ts.map +1 -1
- package/dist/analysis/taint-matcher.js +15 -0
- package/dist/analysis/taint-matcher.js.map +1 -1
- package/dist/analysis/taint-propagation.js +1 -1
- package/dist/analysis/taint-propagation.js.map +1 -1
- package/dist/browser/circle-ir.js +27 -1
- package/dist/core/circle-ir-core.cjs +27 -1
- package/dist/core/circle-ir-core.js +27 -1
- package/dist/types/index.d.ts +1 -1
- package/dist/types/index.d.ts.map +1 -1
- package/package.json +1 -1
package/configs/sinks/sql.yaml
CHANGED
|
@@ -144,99 +144,99 @@
|
|
|
144
144
|
{
|
|
145
145
|
"method": "insert",
|
|
146
146
|
"class": "*Mapper",
|
|
147
|
-
"type": "
|
|
147
|
+
"type": "mybatis_mapper_call",
|
|
148
148
|
"cwe": "CWE-89",
|
|
149
|
-
"severity": "
|
|
149
|
+
"severity": "medium",
|
|
150
150
|
"arg_positions": [0],
|
|
151
151
|
"note": "MyBatis ORM - tainted fields in entity may be interpolated via ${} syntax"
|
|
152
152
|
},
|
|
153
153
|
{
|
|
154
154
|
"method": "insertSelective",
|
|
155
155
|
"class": "*Mapper",
|
|
156
|
-
"type": "
|
|
156
|
+
"type": "mybatis_mapper_call",
|
|
157
157
|
"cwe": "CWE-89",
|
|
158
|
-
"severity": "
|
|
158
|
+
"severity": "medium",
|
|
159
159
|
"arg_positions": [0],
|
|
160
160
|
"note": "MyBatis ORM - tainted fields in entity may be interpolated via ${} syntax"
|
|
161
161
|
},
|
|
162
162
|
{
|
|
163
163
|
"method": "update",
|
|
164
164
|
"class": "*Mapper",
|
|
165
|
-
"type": "
|
|
165
|
+
"type": "mybatis_mapper_call",
|
|
166
166
|
"cwe": "CWE-89",
|
|
167
|
-
"severity": "
|
|
167
|
+
"severity": "medium",
|
|
168
168
|
"arg_positions": [0],
|
|
169
169
|
"note": "MyBatis ORM - tainted fields in entity may be interpolated via ${} syntax"
|
|
170
170
|
},
|
|
171
171
|
{
|
|
172
172
|
"method": "updateByPrimaryKey",
|
|
173
173
|
"class": "*Mapper",
|
|
174
|
-
"type": "
|
|
174
|
+
"type": "mybatis_mapper_call",
|
|
175
175
|
"cwe": "CWE-89",
|
|
176
|
-
"severity": "
|
|
176
|
+
"severity": "medium",
|
|
177
177
|
"arg_positions": [0],
|
|
178
178
|
"note": "MyBatis ORM - tainted fields in entity may be interpolated via ${} syntax"
|
|
179
179
|
},
|
|
180
180
|
{
|
|
181
181
|
"method": "updateByPrimaryKeySelective",
|
|
182
182
|
"class": "*Mapper",
|
|
183
|
-
"type": "
|
|
183
|
+
"type": "mybatis_mapper_call",
|
|
184
184
|
"cwe": "CWE-89",
|
|
185
|
-
"severity": "
|
|
185
|
+
"severity": "medium",
|
|
186
186
|
"arg_positions": [0],
|
|
187
187
|
"note": "MyBatis ORM - tainted fields in entity may be interpolated via ${} syntax"
|
|
188
188
|
},
|
|
189
189
|
{
|
|
190
190
|
"method": "delete",
|
|
191
191
|
"class": "*Mapper",
|
|
192
|
-
"type": "
|
|
192
|
+
"type": "mybatis_mapper_call",
|
|
193
193
|
"cwe": "CWE-89",
|
|
194
|
-
"severity": "
|
|
194
|
+
"severity": "medium",
|
|
195
195
|
"arg_positions": [0],
|
|
196
196
|
"note": "MyBatis ORM - tainted parameter may be interpolated via ${} syntax"
|
|
197
197
|
},
|
|
198
198
|
{
|
|
199
199
|
"method": "deleteByPrimaryKey",
|
|
200
200
|
"class": "*Mapper",
|
|
201
|
-
"type": "
|
|
201
|
+
"type": "mybatis_mapper_call",
|
|
202
202
|
"cwe": "CWE-89",
|
|
203
|
-
"severity": "
|
|
203
|
+
"severity": "medium",
|
|
204
204
|
"arg_positions": [0],
|
|
205
205
|
"note": "MyBatis ORM - tainted parameter may be interpolated via ${} syntax"
|
|
206
206
|
},
|
|
207
207
|
{
|
|
208
208
|
"method": "selectOne",
|
|
209
209
|
"class": "*Mapper",
|
|
210
|
-
"type": "
|
|
210
|
+
"type": "mybatis_mapper_call",
|
|
211
211
|
"cwe": "CWE-89",
|
|
212
|
-
"severity": "
|
|
212
|
+
"severity": "medium",
|
|
213
213
|
"arg_positions": [0],
|
|
214
214
|
"note": "MyBatis ORM - tainted parameter may be interpolated via ${} syntax"
|
|
215
215
|
},
|
|
216
216
|
{
|
|
217
217
|
"method": "selectList",
|
|
218
218
|
"class": "*Mapper",
|
|
219
|
-
"type": "
|
|
219
|
+
"type": "mybatis_mapper_call",
|
|
220
220
|
"cwe": "CWE-89",
|
|
221
|
-
"severity": "
|
|
221
|
+
"severity": "medium",
|
|
222
222
|
"arg_positions": [0],
|
|
223
223
|
"note": "MyBatis ORM - tainted parameter may be interpolated via ${} syntax"
|
|
224
224
|
},
|
|
225
225
|
{
|
|
226
226
|
"method": "selectByPrimaryKey",
|
|
227
227
|
"class": "*Mapper",
|
|
228
|
-
"type": "
|
|
228
|
+
"type": "mybatis_mapper_call",
|
|
229
229
|
"cwe": "CWE-89",
|
|
230
|
-
"severity": "
|
|
230
|
+
"severity": "medium",
|
|
231
231
|
"arg_positions": [0],
|
|
232
232
|
"note": "MyBatis ORM - tainted parameter may be interpolated via ${} syntax"
|
|
233
233
|
},
|
|
234
234
|
{
|
|
235
235
|
"method": "selectByExample",
|
|
236
236
|
"class": "*Mapper",
|
|
237
|
-
"type": "
|
|
237
|
+
"type": "mybatis_mapper_call",
|
|
238
238
|
"cwe": "CWE-89",
|
|
239
|
-
"severity": "
|
|
239
|
+
"severity": "medium",
|
|
240
240
|
"arg_positions": [0],
|
|
241
241
|
"note": "MyBatis ORM - tainted fields in example criteria may be interpolated via ${} syntax"
|
|
242
242
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config-loader.d.ts","sourceRoot":"","sources":["../../src/analysis/config-loader.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,YAAY,EACZ,UAAU,EACV,WAAW,EACX,aAAa,EACb,WAAW,EACX,gBAAgB,EAChB,UAAU,EACX,MAAM,oBAAoB,CAAC;AAE5B;;;GAGG;AACH,wBAAgB,WAAW,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,GAAG,CAAC,CAEjD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,aAAa,EAAE,CAiB1E;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG;IACtD,KAAK,EAAE,WAAW,EAAE,CAAC;IACrB,UAAU,EAAE,gBAAgB,EAAE,CAAC;CAChC,CAcA;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,cAAc,EAAE,MAAM,EAAE,EACxB,YAAY,EAAE,MAAM,EAAE,GACrB,WAAW,CAQb;AAED;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,aAAa,EA4a1C,CAAC;AAEF,eAAO,MAAM,aAAa,EAAE,WAAW,
|
|
1
|
+
{"version":3,"file":"config-loader.d.ts","sourceRoot":"","sources":["../../src/analysis/config-loader.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,YAAY,EACZ,UAAU,EACV,WAAW,EACX,aAAa,EACb,WAAW,EACX,gBAAgB,EAChB,UAAU,EACX,MAAM,oBAAoB,CAAC;AAE5B;;;GAGG;AACH,wBAAgB,WAAW,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,GAAG,CAAC,CAEjD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,aAAa,EAAE,CAiB1E;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG;IACtD,KAAK,EAAE,WAAW,EAAE,CAAC;IACrB,UAAU,EAAE,gBAAgB,EAAE,CAAC;CAChC,CAcA;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,cAAc,EAAE,MAAM,EAAE,EACxB,YAAY,EAAE,MAAM,EAAE,GACrB,WAAW,CAQb;AAED;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,aAAa,EA4a1C,CAAC;AAEF,eAAO,MAAM,aAAa,EAAE,WAAW,EA4sCtC,CAAC;AAEF,eAAO,MAAM,kBAAkB,EAAE,gBAAgB,EA6LhD,CAAC;AAEF;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAM9C;AAMD;;;;;;;;GAQG;AACH,eAAO,MAAM,oBAAoB,EAAE,UAAU,EA8F5C,CAAC"}
|
|
@@ -459,6 +459,23 @@ export const DEFAULT_SINKS = [
|
|
|
459
459
|
{ method: 'queryForObject', type: 'sql_injection', cwe: 'CWE-89', severity: 'high', arg_positions: [0] },
|
|
460
460
|
{ method: 'queryForList', type: 'sql_injection', cwe: 'CWE-89', severity: 'high', arg_positions: [0] },
|
|
461
461
|
{ method: 'queryForLong', type: 'sql_injection', cwe: 'CWE-89', severity: 'high', arg_positions: [0] },
|
|
462
|
+
// MyBatis mapper-interface methods (CWE-89, classified as mybatis_mapper_call)
|
|
463
|
+
// The actual SQL lives in the mapper's XML or @Select/@Update annotation —
|
|
464
|
+
// exploitability depends on whether the binding uses ${...} interpolation
|
|
465
|
+
// vs #{...} parameter binding. Surface as a distinct sink type so consumers
|
|
466
|
+
// can resolve the binding before reporting. See cognium-dev#24.
|
|
467
|
+
// The `class: '*Mapper'` suffix wildcard matches userMapper, OrderMapper, …
|
|
468
|
+
{ method: 'insert', class: '*Mapper', type: 'mybatis_mapper_call', cwe: 'CWE-89', severity: 'medium', arg_positions: [0], languages: ['java'] },
|
|
469
|
+
{ method: 'insertSelective', class: '*Mapper', type: 'mybatis_mapper_call', cwe: 'CWE-89', severity: 'medium', arg_positions: [0], languages: ['java'] },
|
|
470
|
+
{ method: 'update', class: '*Mapper', type: 'mybatis_mapper_call', cwe: 'CWE-89', severity: 'medium', arg_positions: [0], languages: ['java'] },
|
|
471
|
+
{ method: 'updateByPrimaryKey', class: '*Mapper', type: 'mybatis_mapper_call', cwe: 'CWE-89', severity: 'medium', arg_positions: [0], languages: ['java'] },
|
|
472
|
+
{ method: 'updateByPrimaryKeySelective', class: '*Mapper', type: 'mybatis_mapper_call', cwe: 'CWE-89', severity: 'medium', arg_positions: [0], languages: ['java'] },
|
|
473
|
+
{ method: 'delete', class: '*Mapper', type: 'mybatis_mapper_call', cwe: 'CWE-89', severity: 'medium', arg_positions: [0], languages: ['java'] },
|
|
474
|
+
{ method: 'deleteByPrimaryKey', class: '*Mapper', type: 'mybatis_mapper_call', cwe: 'CWE-89', severity: 'medium', arg_positions: [0], languages: ['java'] },
|
|
475
|
+
{ method: 'selectOne', class: '*Mapper', type: 'mybatis_mapper_call', cwe: 'CWE-89', severity: 'medium', arg_positions: [0], languages: ['java'] },
|
|
476
|
+
{ method: 'selectList', class: '*Mapper', type: 'mybatis_mapper_call', cwe: 'CWE-89', severity: 'medium', arg_positions: [0], languages: ['java'] },
|
|
477
|
+
{ method: 'selectByPrimaryKey', class: '*Mapper', type: 'mybatis_mapper_call', cwe: 'CWE-89', severity: 'medium', arg_positions: [0], languages: ['java'] },
|
|
478
|
+
{ method: 'selectByExample', class: '*Mapper', type: 'mybatis_mapper_call', cwe: 'CWE-89', severity: 'medium', arg_positions: [0], languages: ['java'] },
|
|
462
479
|
// Command Injection (CWE-78)
|
|
463
480
|
{ method: 'exec', class: 'Runtime', type: 'command_injection', cwe: 'CWE-78', severity: 'critical', arg_positions: [0, 1] },
|
|
464
481
|
{ method: 'start', class: 'ProcessBuilder', type: 'command_injection', cwe: 'CWE-78', severity: 'critical', arg_positions: [] },
|