circle-ir 3.48.0 → 3.50.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/analysis/config-loader.d.ts.map +1 -1
- package/dist/analysis/config-loader.js +86 -2
- package/dist/analysis/config-loader.js.map +1 -1
- package/dist/analysis/constant-propagation/index.d.ts.map +1 -1
- package/dist/analysis/constant-propagation/index.js +16 -6
- package/dist/analysis/constant-propagation/index.js.map +1 -1
- package/dist/analysis/findings.d.ts +9 -1
- package/dist/analysis/findings.d.ts.map +1 -1
- package/dist/analysis/findings.js +12 -5
- package/dist/analysis/findings.js.map +1 -1
- package/dist/analysis/passes/insecure-cookie-pass.d.ts +53 -0
- package/dist/analysis/passes/insecure-cookie-pass.d.ts.map +1 -0
- package/dist/analysis/passes/insecure-cookie-pass.js +109 -0
- package/dist/analysis/passes/insecure-cookie-pass.js.map +1 -0
- package/dist/analysis/passes/interprocedural-pass.d.ts.map +1 -1
- package/dist/analysis/passes/interprocedural-pass.js +11 -1
- package/dist/analysis/passes/interprocedural-pass.js.map +1 -1
- package/dist/analysis/passes/language-sources-pass.d.ts +14 -0
- package/dist/analysis/passes/language-sources-pass.d.ts.map +1 -1
- package/dist/analysis/passes/language-sources-pass.js +50 -0
- package/dist/analysis/passes/language-sources-pass.js.map +1 -1
- package/dist/analysis/passes/sink-filter-pass.d.ts.map +1 -1
- package/dist/analysis/passes/sink-filter-pass.js +21 -2
- package/dist/analysis/passes/sink-filter-pass.js.map +1 -1
- package/dist/analysis/passes/taint-propagation-pass.d.ts.map +1 -1
- package/dist/analysis/passes/taint-propagation-pass.js +193 -9
- package/dist/analysis/passes/taint-propagation-pass.js.map +1 -1
- package/dist/analysis/taint-matcher.d.ts.map +1 -1
- package/dist/analysis/taint-matcher.js +117 -20
- package/dist/analysis/taint-matcher.js.map +1 -1
- package/dist/analyzer.d.ts.map +1 -1
- package/dist/analyzer.js +3 -0
- package/dist/analyzer.js.map +1 -1
- package/dist/browser/circle-ir.js +435 -29
- package/dist/core/circle-ir-core.cjs +189 -23
- package/dist/core/circle-ir-core.js +189 -23
- package/dist/core/extractors/types.js +85 -2
- package/dist/core/extractors/types.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analysis/constant-propagation/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,KAAK,EAAE,wBAAwB,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AAIvF,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,wBAAwB,EAAE,0BAA0B,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAGtI,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAGlG,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAG3G,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAErD;;;;;;;GAOG;AACH,wBAAgB,0BAA0B,CACxC,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,0BAA+B,GACvC,wBAAwB,CAS1B;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,wBAAwB,EAChC,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,GACjB;IAAE,eAAe,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analysis/constant-propagation/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,KAAK,EAAE,wBAAwB,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AAIvF,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,wBAAwB,EAAE,0BAA0B,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAGtI,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAGlG,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAG3G,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAErD;;;;;;;GAOG;AACH,wBAAgB,0BAA0B,CACxC,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,0BAA+B,GACvC,wBAAwB,CAS1B;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,wBAAwB,EAChC,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,GACjB;IAAE,eAAe,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,CAgCrD;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,wBAAwB,EAChC,IAAI,EAAE;IAAE,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,IAAI,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE,GAC1G,OAAO,CA2CT"}
|
|
@@ -44,12 +44,22 @@ export function isFalsePositive(result, sinkLine, taintedVar) {
|
|
|
44
44
|
if (varValue && varValue.type !== 'unknown' && !result.tainted.has(taintedVar)) {
|
|
45
45
|
return { isFalsePositive: true, reason: `variable_is_constant: ${varValue.value}` };
|
|
46
46
|
}
|
|
47
|
-
// Reason 3: Variable not tainted
|
|
48
|
-
//
|
|
49
|
-
//
|
|
50
|
-
//
|
|
51
|
-
//
|
|
52
|
-
|
|
47
|
+
// Reason 3: Variable not tainted.
|
|
48
|
+
//
|
|
49
|
+
// Only fire when const-prop *specifically* tracked this variable (it's in
|
|
50
|
+
// the symbols map) AND didn't mark it tainted. Using `symbols.size > 0` as
|
|
51
|
+
// a proxy for "const-prop ran" is brittle: in JavaScript, the engine
|
|
52
|
+
// doesn't process arrow-function-scoped `const c = ...` declarations, so
|
|
53
|
+
// request-handler locals never appear in symbols — but a single unrelated
|
|
54
|
+
// top-level assignment like `module.exports = app` adds `module.exports`
|
|
55
|
+
// to symbols, flips size from 0 to 1, and then incorrectly flags every
|
|
56
|
+
// flow path variable as `variable_not_tainted`. This silently zeroed JS
|
|
57
|
+
// taint analysis on any realistic multi-handler Express file
|
|
58
|
+
// (cognium-dev#77).
|
|
59
|
+
//
|
|
60
|
+
// Switching to `symbols.has(taintedVar)` is strictly tighter: we only
|
|
61
|
+
// suppress when we actually tracked the var and concluded it's clean.
|
|
62
|
+
if (result.symbols.has(taintedVar) && !result.tainted.has(taintedVar)) {
|
|
53
63
|
return { isFalsePositive: true, reason: 'variable_not_tainted' };
|
|
54
64
|
}
|
|
55
65
|
return { isFalsePositive: false, reason: null };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analysis/constant-propagation/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAKrD,sBAAsB;AACtB,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAElG,qBAAqB;AACrB,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAE3G,oBAAoB;AACpB,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAErD;;;;;;;GAOG;AACH,MAAM,UAAU,0BAA0B,CACxC,IAAU,EACV,UAAkB,EAClB,UAAsC,EAAE;IAExC,MAAM,UAAU,GAAG,IAAI,kBAAkB,EAAE,CAAC;IAC5C,OAAO,UAAU,CAAC,OAAO,CACvB,IAAI,EACJ,UAAU,EACV,OAAO,CAAC,uBAAuB,IAAI,EAAE,EACrC,OAAO,CAAC,gBAAgB,IAAI,EAAE,EAC9B,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAChC,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAgC,EAChC,QAAgB,EAChB,UAAkB;IAElB,iCAAiC;IACjC,IAAI,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1C,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IAChE,CAAC;IAED,sDAAsD;IACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAChD,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/E,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,yBAAyB,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC;IACtF,CAAC;IAED,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analysis/constant-propagation/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAKrD,sBAAsB;AACtB,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAElG,qBAAqB;AACrB,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAE3G,oBAAoB;AACpB,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAErD;;;;;;;GAOG;AACH,MAAM,UAAU,0BAA0B,CACxC,IAAU,EACV,UAAkB,EAClB,UAAsC,EAAE;IAExC,MAAM,UAAU,GAAG,IAAI,kBAAkB,EAAE,CAAC;IAC5C,OAAO,UAAU,CAAC,OAAO,CACvB,IAAI,EACJ,UAAU,EACV,OAAO,CAAC,uBAAuB,IAAI,EAAE,EACrC,OAAO,CAAC,gBAAgB,IAAI,EAAE,EAC9B,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAChC,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAgC,EAChC,QAAgB,EAChB,UAAkB;IAElB,iCAAiC;IACjC,IAAI,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1C,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IAChE,CAAC;IAED,sDAAsD;IACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAChD,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/E,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,yBAAyB,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC;IACtF,CAAC;IAED,kCAAkC;IAClC,EAAE;IACF,0EAA0E;IAC1E,2EAA2E;IAC3E,qEAAqE;IACrE,yEAAyE;IACzE,0EAA0E;IAC1E,yEAAyE;IACzE,uEAAuE;IACvE,wEAAwE;IACxE,6DAA6D;IAC7D,oBAAoB;IACpB,EAAE;IACF,sEAAsE;IACtE,sEAAsE;IACtE,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QACtE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IACnE,CAAC;IAED,OAAO,EAAE,eAAe,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAClD,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,uBAAuB,CACrC,MAAgC,EAChC,IAA2G;IAE3G,8CAA8C;IAC9C,MAAM,aAAa,GAAG,MAAM,CAAC,cAAc,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,KAAK,CAAC,CAAC,sCAAsC;IACtD,CAAC;IAED,wCAAwC;IACxC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC;QAE9B,gDAAgD;QAChD,MAAM,UAAU,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,OAAO,CAAC,CAAC;QAElE,uDAAuD;QACvD,KAAK,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,iBAAiB,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC;YACjF,8EAA8E;YAC9E,IAAI,OAAO,GAAG,KAAK,CAAC;YACpB,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,IAAI,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC/B,OAAO,GAAG,IAAI,CAAC;oBACf,MAAM;gBACR,CAAC;gBACD,oEAAoE;gBACpE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;oBACrC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,CAAC;wBACzC,OAAO,GAAG,IAAI,CAAC;wBACf,MAAM;oBACR,CAAC;gBACH,CAAC;gBACD,IAAI,OAAO;oBAAE,MAAM;YACrB,CAAC;YAED,IAAI,OAAO,EAAE,CAAC;gBACZ,yEAAyE;gBACzE,IAAI,oBAAoB,CAAC,SAAS,EAAE,aAAa,CAAC,EAAE,CAAC;oBACnD,OAAO,IAAI,CAAC,CAAC,0BAA0B;gBACzC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,KAAa,EAAE,KAAa;IACxD,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAExC,4CAA4C;IAC5C,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,kBAAkB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;QAC1E,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,kBAAkB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;QAC1E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,IAAY;IACtC,IAAI,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC7B,2BAA2B;IAC3B,OAAO,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9D,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,QAAQ,GAAG,IAAI,CAAC;QACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,KAAK,EAAE,CAAC;iBAC9B,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,KAAK,EAAE,CAAC;YACxC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzB,QAAQ,GAAG,KAAK,CAAC;gBACjB,MAAM;YACR,CAAC;QACH,CAAC;QACD,IAAI,QAAQ,EAAE,CAAC;YACb,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,MAAM;QACR,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC"}
|
|
@@ -4,9 +4,17 @@
|
|
|
4
4
|
* Combines taint sources, sinks, and data flow analysis to generate
|
|
5
5
|
* vulnerability findings with paths and remediation suggestions.
|
|
6
6
|
*/
|
|
7
|
-
import type { TaintSource, TaintSink, DFG, Finding } from '../types/index.js';
|
|
7
|
+
import type { TaintSource, TaintSink, DFG, Finding, SinkType } from '../types/index.js';
|
|
8
8
|
/**
|
|
9
9
|
* Generate vulnerability findings from taint analysis results.
|
|
10
10
|
*/
|
|
11
11
|
export declare function generateFindings(sources: TaintSource[], sinks: TaintSink[], dfg: DFG, fileName: string): Finding[];
|
|
12
|
+
/**
|
|
13
|
+
* Check if a source type can potentially reach a sink type.
|
|
14
|
+
*
|
|
15
|
+
* Exported so detection passes (e.g. `detectExpressionScanFlows` in
|
|
16
|
+
* `taint-propagation-pass.ts`) can gate emit-time flows on the same
|
|
17
|
+
* source-to-sink coverage matrix that `generateFindings` uses below.
|
|
18
|
+
*/
|
|
19
|
+
export declare function canSourceReachSink(sourceType: string, sinkType: SinkType): boolean;
|
|
12
20
|
//# sourceMappingURL=findings.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"findings.d.ts","sourceRoot":"","sources":["../../src/analysis/findings.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EACT,GAAG,EAEH,OAAO,
|
|
1
|
+
{"version":3,"file":"findings.d.ts","sourceRoot":"","sources":["../../src/analysis/findings.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EACT,GAAG,EAEH,OAAO,EAEP,QAAQ,EACT,MAAM,mBAAmB,CAAC;AAQ3B;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,WAAW,EAAE,EACtB,KAAK,EAAE,SAAS,EAAE,EAClB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,MAAM,GACf,OAAO,EAAE,CAkGX;AAiCD;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAuBlF"}
|
|
@@ -125,15 +125,22 @@ function mergeDiscoveryMethod(a, b) {
|
|
|
125
125
|
}
|
|
126
126
|
/**
|
|
127
127
|
* Check if a source type can potentially reach a sink type.
|
|
128
|
+
*
|
|
129
|
+
* Exported so detection passes (e.g. `detectExpressionScanFlows` in
|
|
130
|
+
* `taint-propagation-pass.ts`) can gate emit-time flows on the same
|
|
131
|
+
* source-to-sink coverage matrix that `generateFindings` uses below.
|
|
128
132
|
*/
|
|
129
|
-
function canSourceReachSink(sourceType, sinkType) {
|
|
133
|
+
export function canSourceReachSink(sourceType, sinkType) {
|
|
130
134
|
const sourceToSinkMapping = {
|
|
131
|
-
|
|
135
|
+
// code_injection added to http_param/http_query/http_header/http_cookie:
|
|
136
|
+
// `eval(req.query.x)`, `Function(req.header('x'))`, `vm.runInThisContext(req.cookies.c)`
|
|
137
|
+
// are all real RCE patterns in JS web apps (cognium-dev #83).
|
|
138
|
+
http_param: ['sql_injection', 'command_injection', 'path_traversal', 'xss', 'xpath_injection', 'ldap_injection', 'ssrf', 'mybatis_mapper_call', 'code_injection'],
|
|
132
139
|
http_body: ['sql_injection', 'command_injection', 'deserialization', 'xxe', 'xss', 'code_injection', 'mybatis_mapper_call'],
|
|
133
|
-
http_header: ['sql_injection', 'xss', 'ssrf', 'mybatis_mapper_call'],
|
|
134
|
-
http_cookie: ['sql_injection', 'xss', 'mybatis_mapper_call'],
|
|
140
|
+
http_header: ['sql_injection', 'xss', 'ssrf', 'mybatis_mapper_call', 'code_injection'],
|
|
141
|
+
http_cookie: ['sql_injection', 'xss', 'mybatis_mapper_call', 'code_injection'],
|
|
135
142
|
http_path: ['path_traversal', 'sql_injection', 'ssrf', 'mybatis_mapper_call'],
|
|
136
|
-
http_query: ['sql_injection', 'command_injection', 'xss', 'ssrf', 'mybatis_mapper_call'],
|
|
143
|
+
http_query: ['sql_injection', 'command_injection', 'xss', 'ssrf', 'mybatis_mapper_call', 'code_injection'],
|
|
137
144
|
io_input: ['command_injection', 'path_traversal', 'deserialization', 'xxe', 'code_injection', 'xss'],
|
|
138
145
|
env_input: ['command_injection', 'path_traversal'],
|
|
139
146
|
db_input: ['xss', 'sql_injection'], // Second-order injection
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"findings.js","sourceRoot":"","sources":["../../src/analysis/findings.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH,OAAO,EACL,iBAAiB,IAAI,YAAY,EACjC,cAAc,EACd,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,OAAsB,EACtB,KAAkB,EAClB,GAAQ,EACR,QAAgB;IAEhB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,iDAAiD;IACjD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,qDAAqD;YACrD,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChD,SAAS;YACX,CAAC;YAED,qCAAqC;YACrC,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAEpD,IAAI,UAAU,CAAC,UAAU,IAAI,wBAAwB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;gBACpE,MAAM,QAAQ,GAAG,YAAY,CAAC;oBAC5B,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,QAAQ,EAAE,IAAI,CAAC,IAAI;oBACnB,UAAU,EAAE,UAAU,CAAC,UAAU;iBAClC,CAAC,CAAC;gBACH,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;gBAEjE,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,OAAO,SAAS,EAAE,EAAE;oBACxB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,QAAQ;oBACR,UAAU;oBACV,MAAM,EAAE;wBACN,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,MAAM,CAAC,IAAI;wBACjB,IAAI,EAAE,MAAM,CAAC,QAAQ;qBACtB;oBACD,IAAI,EAAE;wBACJ,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,IAAI,EAAE,IAAI,CAAC,QAAQ;qBACpB;oBACD,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;oBAC9D,WAAW,EAAE,UAAU,CAAC,UAAU,IAAI,UAAU,GAAG,GAAG;oBACtD,WAAW,EAAE,mBAAmB,CAAC,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC;oBAC1D,WAAW,EAAE,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;oBACtC,YAAY,EAAE;wBACZ,iBAAiB,EAAE,UAAU,CAAC,UAAU;wBACxC,YAAY,EAAE,KAAK;wBACnB,cAAc,EAAE,CAAC;wBACjB,eAAe,EAAE,sBAAsB,CAAC,MAAM,EAAE,IAAI,CAAC;qBACtD;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,mDAAmD;IACnD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAmB,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,CAAC,CAAC,QAAQ,GAAG;gBACX,GAAG,CAAC,CAAC,QAAQ;gBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;aACxD,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,MAAM,OAAO,GAAG,CAAE,QAAQ,CAAC,QAAQ,EAAE,OAAiD,IAAI,EAAE,CAAC,CAAC;YAC9F,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YAC3D,QAAQ,CAAC,QAAQ,GAAG,EAAE,GAAG,QAAQ,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;YACtD,MAAM,eAAe,GAAG,oBAAoB,CAC1C,QAAQ,CAAC,YAAY,CAAC,eAAe,EACrC,CAAC,CAAC,YAAY,CAAC,eAAe,CAC/B,CAAC;YACF,IAAI,CAAC,CAAC,UAAU,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC;gBACvC,QAAQ,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC;gBACnC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;gBAC3B,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;gBACvB,QAAQ,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;gBACrC,QAAQ,CAAC,YAAY,GAAG,CAAC,CAAC,YAAY,CAAC;gBACvC,QAAQ,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;gBACrC,QAAQ,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;YACjC,CAAC;YACD,QAAQ,CAAC,YAAY,CAAC,eAAe,GAAG,eAAe,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAE7C,kCAAkC;IAClC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACpB,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAClE,MAAM,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC3E,IAAI,YAAY,KAAK,CAAC;YAAE,OAAO,YAAY,CAAC;QAC5C,OAAO,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,SAAS,sBAAsB,CAC7B,MAAmB,EACnB,IAAe;IAEf,MAAM,GAAG,GAAG,MAAM,CAAC,eAAe,IAAI,QAAQ,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,IAAI,QAAQ,CAAC;IAC7C,IAAI,GAAG,KAAK,GAAG;QAAE,OAAO,GAAG,CAAC;IAC5B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAC3B,CAAyC,EACzC,CAAyC;IAEzC,MAAM,IAAI,GAAG,CAAC,IAAI,QAAQ,CAAC;IAC3B,MAAM,KAAK,GAAG,CAAC,IAAI,QAAQ,CAAC;IAC5B,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,UAAkB,EAAE,QAAkB;IAChE,MAAM,mBAAmB,GAA+B;QACtD,UAAU,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,EAAE,qBAAqB,CAAC;QAC/I,SAAS,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,qBAAqB,CAAC;QAC3H,WAAW,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,CAAC;QACpE,WAAW,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,qBAAqB,CAAC;QAC5D,SAAS,EAAE,CAAC,gBAAgB,EAAE,eAAe,EAAE,MAAM,EAAE,qBAAqB,CAAC;QAC7E,UAAU,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,CAAC;QACxF,QAAQ,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,CAAC;QACpG,SAAS,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;QAClD,QAAQ,EAAE,CAAC,KAAK,EAAE,eAAe,CAAC,EAAE,yBAAyB;QAC7D,UAAU,EAAE,CAAC,iBAAiB,EAAE,KAAK,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,gBAAgB,CAAC;QAC/F,aAAa,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,CAAC;QACpE,YAAY,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,sBAAsB;QAC7G,qBAAqB,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,EAAE,gBAAgB,EAAE,qBAAqB,CAAC,EAAE,qBAAqB;QACnM,YAAY,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,CAAC,EAAE,2BAA2B;KAC7H,CAAC;IAEF,MAAM,UAAU,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IACnD,OAAO,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AAC5D,CAAC;AAQD;;GAEG;AACH,SAAS,aAAa,CAAC,MAAmB,EAAE,IAAe,EAAE,GAAQ;IACnE,MAAM,IAAI,GAAe,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,wCAAwC;IACxC,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACrC,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,CACvD,CAAC;IAEF,+BAA+B;IAC/B,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACnC,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,GAAG,CAAC,CACnD,CAAC;IAEF,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;IACxD,CAAC;IAED,8BAA8B;IAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;IAEhC,yDAAyD;IACzD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,qBAAqB,CAAC,SAAS,CAAC,EAAE,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;YAC9E,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,uBAAuB;gBACvB,KAAK,MAAM,KAAK,IAAI,IAAI,EAAE,CAAC;oBACzB,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,CAAC;oBAC/C,IAAI,GAAG,EAAE,CAAC;wBACR,IAAI,CAAC,IAAI,CAAC;4BACR,IAAI,EAAE,EAAE,EAAE,2BAA2B;4BACrC,MAAM,EAAE,EAAE;4BACV,IAAI,EAAE,GAAG,CAAC,IAAI;4BACd,IAAI,EAAE,GAAG,GAAG,CAAC,QAAQ,QAAQ;4BAC7B,QAAQ,EAAE,GAAG,CAAC,QAAQ;yBACvB,CAAC,CAAC;wBACH,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBAC/B,CAAC;gBACH,CAAC;gBAED,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,6DAA6D;IAC7D,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QAC5C,4BAA4B;QAC5B,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAExD,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpB,IAAI,CAAC,IAAI,CAAC;oBACR,IAAI,EAAE,EAAE;oBACR,MAAM,EAAE,EAAE;oBACV,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,IAAI,EAAE,GAAG,CAAC,aAAa;oBACvB,QAAQ,EAAE,CAAC;iBACZ,CAAC,CAAC;gBACH,IAAI,CAAC,IAAI,CAAC;oBACR,IAAI,EAAE,EAAE;oBACR,MAAM,EAAE,EAAE;oBACV,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,IAAI,EAAE,QAAQ,CAAC,GAAG;oBAClB,QAAQ,EAAE,CAAC;iBACZ,CAAC,CAAC;gBACH,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,SAAiB,EACjB,OAAsB,EACtB,MAAkB,EAClB,GAAQ,EACR,UAAuB,IAAI,GAAG,EAAE,EAChC,OAAiB,EAAE;IAEnB,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IAChC,IAAI,SAAS,KAAK,OAAO;QAAE,OAAO,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC,CAAC;IACvD,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC;QAAE,OAAO,EAAE,CAAC;IAEtC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACvB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAErB,uCAAuC;IACvC,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;IAEpE,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,qBAAqB,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;QAC7F,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,MAAmB,EAAE,IAAe;IACpE,8DAA8D;IAC9D,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;AACjD,CAAC;AAGD;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAAmB,EAAE,IAAe,EAAE,UAAsB;IACvF,IAAI,UAAU,GAAG,GAAG,CAAC,CAAC,kBAAkB;IAExC,+BAA+B;IAC/B,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;QAC1B,UAAU,IAAI,GAAG,CAAC;IACpB,CAAC;IAED,0CAA0C;IAC1C,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,UAAU,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC;IAC7D,CAAC;IAED,6BAA6B;IAC7B,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IAE9D,kBAAkB;IAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QAClB,UAAU,IAAI,GAAG,CAAC;IACpB,CAAC;SAAM,IAAI,QAAQ,IAAI,EAAE,EAAE,CAAC;QAC1B,UAAU,IAAI,IAAI,CAAC;IACrB,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAAmB,EAAE,IAAe,EAAE,UAAsB;IACvF,MAAM,UAAU,GAAG,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE/C,IAAI,UAAU,CAAC,UAAU,IAAI,UAAU,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7D,MAAM,IAAI,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,GAAG,UAAU,6BAA6B,IAAI,QAAQ,QAAQ,+BAA+B,CAAC;IACvG,CAAC;IAED,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;QAC1B,OAAO,GAAG,UAAU,aAAa,QAAQ,+BAA+B,CAAC;IAC3E,CAAC;IAED,OAAO,GAAG,UAAU,cAAc,QAAQ,oCAAoC,CAAC;AACjF,CAAC"}
|
|
1
|
+
{"version":3,"file":"findings.js","sourceRoot":"","sources":["../../src/analysis/findings.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH,OAAO,EACL,iBAAiB,IAAI,YAAY,EACjC,cAAc,EACd,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,OAAsB,EACtB,KAAkB,EAClB,GAAQ,EACR,QAAgB;IAEhB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,iDAAiD;IACjD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,qDAAqD;YACrD,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChD,SAAS;YACX,CAAC;YAED,qCAAqC;YACrC,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAEpD,IAAI,UAAU,CAAC,UAAU,IAAI,wBAAwB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;gBACpE,MAAM,QAAQ,GAAG,YAAY,CAAC;oBAC5B,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,QAAQ,EAAE,IAAI,CAAC,IAAI;oBACnB,UAAU,EAAE,UAAU,CAAC,UAAU;iBAClC,CAAC,CAAC;gBACH,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;gBAEjE,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,OAAO,SAAS,EAAE,EAAE;oBACxB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,QAAQ;oBACR,UAAU;oBACV,MAAM,EAAE;wBACN,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,MAAM,CAAC,IAAI;wBACjB,IAAI,EAAE,MAAM,CAAC,QAAQ;qBACtB;oBACD,IAAI,EAAE;wBACJ,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,IAAI,EAAE,IAAI,CAAC,QAAQ;qBACpB;oBACD,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;oBAC9D,WAAW,EAAE,UAAU,CAAC,UAAU,IAAI,UAAU,GAAG,GAAG;oBACtD,WAAW,EAAE,mBAAmB,CAAC,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC;oBAC1D,WAAW,EAAE,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;oBACtC,YAAY,EAAE;wBACZ,iBAAiB,EAAE,UAAU,CAAC,UAAU;wBACxC,YAAY,EAAE,KAAK;wBACnB,cAAc,EAAE,CAAC;wBACjB,eAAe,EAAE,sBAAsB,CAAC,MAAM,EAAE,IAAI,CAAC;qBACtD;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,mDAAmD;IACnD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAmB,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,CAAC,CAAC,QAAQ,GAAG;gBACX,GAAG,CAAC,CAAC,QAAQ;gBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;aACxD,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,MAAM,OAAO,GAAG,CAAE,QAAQ,CAAC,QAAQ,EAAE,OAAiD,IAAI,EAAE,CAAC,CAAC;YAC9F,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YAC3D,QAAQ,CAAC,QAAQ,GAAG,EAAE,GAAG,QAAQ,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;YACtD,MAAM,eAAe,GAAG,oBAAoB,CAC1C,QAAQ,CAAC,YAAY,CAAC,eAAe,EACrC,CAAC,CAAC,YAAY,CAAC,eAAe,CAC/B,CAAC;YACF,IAAI,CAAC,CAAC,UAAU,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC;gBACvC,QAAQ,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC;gBACnC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;gBAC3B,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;gBACvB,QAAQ,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;gBACrC,QAAQ,CAAC,YAAY,GAAG,CAAC,CAAC,YAAY,CAAC;gBACvC,QAAQ,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;gBACrC,QAAQ,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;YACjC,CAAC;YACD,QAAQ,CAAC,YAAY,CAAC,eAAe,GAAG,eAAe,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAE7C,kCAAkC;IAClC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACpB,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAClE,MAAM,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC3E,IAAI,YAAY,KAAK,CAAC;YAAE,OAAO,YAAY,CAAC;QAC5C,OAAO,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,SAAS,sBAAsB,CAC7B,MAAmB,EACnB,IAAe;IAEf,MAAM,GAAG,GAAG,MAAM,CAAC,eAAe,IAAI,QAAQ,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,IAAI,QAAQ,CAAC;IAC7C,IAAI,GAAG,KAAK,GAAG;QAAE,OAAO,GAAG,CAAC;IAC5B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAC3B,CAAyC,EACzC,CAAyC;IAEzC,MAAM,IAAI,GAAG,CAAC,IAAI,QAAQ,CAAC;IAC3B,MAAM,KAAK,GAAG,CAAC,IAAI,QAAQ,CAAC;IAC5B,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAAkB,EAAE,QAAkB;IACvE,MAAM,mBAAmB,GAA+B;QACtD,yEAAyE;QACzE,yFAAyF;QACzF,8DAA8D;QAC9D,UAAU,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,EAAE,qBAAqB,EAAE,gBAAgB,CAAC;QACjK,SAAS,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,qBAAqB,CAAC;QAC3H,WAAW,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,gBAAgB,CAAC;QACtF,WAAW,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,qBAAqB,EAAE,gBAAgB,CAAC;QAC9E,SAAS,EAAE,CAAC,gBAAgB,EAAE,eAAe,EAAE,MAAM,EAAE,qBAAqB,CAAC;QAC7E,UAAU,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,gBAAgB,CAAC;QAC1G,QAAQ,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,CAAC;QACpG,SAAS,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;QAClD,QAAQ,EAAE,CAAC,KAAK,EAAE,eAAe,CAAC,EAAE,yBAAyB;QAC7D,UAAU,EAAE,CAAC,iBAAiB,EAAE,KAAK,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,gBAAgB,CAAC;QAC/F,aAAa,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,CAAC;QACpE,YAAY,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,sBAAsB;QAC7G,qBAAqB,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,EAAE,gBAAgB,EAAE,qBAAqB,CAAC,EAAE,qBAAqB;QACnM,YAAY,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,CAAC,EAAE,2BAA2B;KAC7H,CAAC;IAEF,MAAM,UAAU,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IACnD,OAAO,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AAC5D,CAAC;AAQD;;GAEG;AACH,SAAS,aAAa,CAAC,MAAmB,EAAE,IAAe,EAAE,GAAQ;IACnE,MAAM,IAAI,GAAe,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,wCAAwC;IACxC,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACrC,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,CACvD,CAAC;IAEF,+BAA+B;IAC/B,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACnC,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,GAAG,CAAC,CACnD,CAAC;IAEF,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;IACxD,CAAC;IAED,8BAA8B;IAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;IAEhC,yDAAyD;IACzD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,qBAAqB,CAAC,SAAS,CAAC,EAAE,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;YAC9E,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,uBAAuB;gBACvB,KAAK,MAAM,KAAK,IAAI,IAAI,EAAE,CAAC;oBACzB,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,CAAC;oBAC/C,IAAI,GAAG,EAAE,CAAC;wBACR,IAAI,CAAC,IAAI,CAAC;4BACR,IAAI,EAAE,EAAE,EAAE,2BAA2B;4BACrC,MAAM,EAAE,EAAE;4BACV,IAAI,EAAE,GAAG,CAAC,IAAI;4BACd,IAAI,EAAE,GAAG,GAAG,CAAC,QAAQ,QAAQ;4BAC7B,QAAQ,EAAE,GAAG,CAAC,QAAQ;yBACvB,CAAC,CAAC;wBACH,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBAC/B,CAAC;gBACH,CAAC;gBAED,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,6DAA6D;IAC7D,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QAC5C,4BAA4B;QAC5B,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAExD,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpB,IAAI,CAAC,IAAI,CAAC;oBACR,IAAI,EAAE,EAAE;oBACR,MAAM,EAAE,EAAE;oBACV,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,IAAI,EAAE,GAAG,CAAC,aAAa;oBACvB,QAAQ,EAAE,CAAC;iBACZ,CAAC,CAAC;gBACH,IAAI,CAAC,IAAI,CAAC;oBACR,IAAI,EAAE,EAAE;oBACR,MAAM,EAAE,EAAE;oBACV,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,IAAI,EAAE,QAAQ,CAAC,GAAG;oBAClB,QAAQ,EAAE,CAAC;iBACZ,CAAC,CAAC;gBACH,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,SAAiB,EACjB,OAAsB,EACtB,MAAkB,EAClB,GAAQ,EACR,UAAuB,IAAI,GAAG,EAAE,EAChC,OAAiB,EAAE;IAEnB,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IAChC,IAAI,SAAS,KAAK,OAAO;QAAE,OAAO,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC,CAAC;IACvD,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC;QAAE,OAAO,EAAE,CAAC;IAEtC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACvB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAErB,uCAAuC;IACvC,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;IAEpE,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,qBAAqB,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;QAC7F,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,MAAmB,EAAE,IAAe;IACpE,8DAA8D;IAC9D,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;AACjD,CAAC;AAGD;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAAmB,EAAE,IAAe,EAAE,UAAsB;IACvF,IAAI,UAAU,GAAG,GAAG,CAAC,CAAC,kBAAkB;IAExC,+BAA+B;IAC/B,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;QAC1B,UAAU,IAAI,GAAG,CAAC;IACpB,CAAC;IAED,0CAA0C;IAC1C,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,UAAU,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC;IAC7D,CAAC;IAED,6BAA6B;IAC7B,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IAE9D,kBAAkB;IAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QAClB,UAAU,IAAI,GAAG,CAAC;IACpB,CAAC;SAAM,IAAI,QAAQ,IAAI,EAAE,EAAE,CAAC;QAC1B,UAAU,IAAI,IAAI,CAAC;IACrB,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAAmB,EAAE,IAAe,EAAE,UAAsB;IACvF,MAAM,UAAU,GAAG,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE/C,IAAI,UAAU,CAAC,UAAU,IAAI,UAAU,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7D,MAAM,IAAI,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,GAAG,UAAU,6BAA6B,IAAI,QAAQ,QAAQ,+BAA+B,CAAC;IACvG,CAAC;IAED,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;QAC1B,OAAO,GAAG,UAAU,aAAa,QAAQ,+BAA+B,CAAC;IAC3E,CAAC;IAED,OAAO,GAAG,UAAU,cAAc,QAAQ,oCAAoC,CAAC;AACjF,CAAC"}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pass: insecure-cookie (CWE-614, category: security)
|
|
3
|
+
*
|
|
4
|
+
* JavaScript / TypeScript pattern pass that flags Express `res.cookie(name,
|
|
5
|
+
* value, options)` calls where the options object is missing or does not
|
|
6
|
+
* set both `secure: true` and `httpOnly: true`.
|
|
7
|
+
*
|
|
8
|
+
* Rationale: the absence of `Secure` / `HttpOnly` flags is a vulnerability
|
|
9
|
+
* of *shape*, not of taint. `insecure_cookie` is already modeled as a
|
|
10
|
+
* Java sink (`new Cookie(...)`) via the YAML config, but the equivalent
|
|
11
|
+
* Express pattern uses a literal options object whose presence/absence
|
|
12
|
+
* of flags must be inspected at the call site. The receiver type does
|
|
13
|
+
* not propagate cleanly through middleware, so we do a syntactic check
|
|
14
|
+
* on the literal source-text of arg 2.
|
|
15
|
+
*
|
|
16
|
+
* Detection:
|
|
17
|
+
* 1. Filter language to javascript/typescript.
|
|
18
|
+
* 2. Iterate `graph.ir.calls` for `method_name === 'cookie'` with a
|
|
19
|
+
* receiver that looks like an Express response (`res`, `response`,
|
|
20
|
+
* `reply`, `ctx.cookies` is intentionally excluded — Koa's API has
|
|
21
|
+
* different semantics).
|
|
22
|
+
* 3. Read the raw expression text of arg 2 (the options object).
|
|
23
|
+
* 4. Flag if:
|
|
24
|
+
* - arg 2 is absent, OR
|
|
25
|
+
* - arg 2 does not contain `secure: true` (regex), OR
|
|
26
|
+
* - arg 2 does not contain `httpOnly: true` (regex).
|
|
27
|
+
* 5. Emit a single finding per call site listing the missing flags.
|
|
28
|
+
*
|
|
29
|
+
* Excluded (intentionally not flagged):
|
|
30
|
+
* - `res.clearCookie(...)` — clears, not sets.
|
|
31
|
+
* - Cookie session middleware initialisation (`app.use(cookieSession(...))`).
|
|
32
|
+
*
|
|
33
|
+
* Out of scope (call site does not have enough information):
|
|
34
|
+
* - Spread-based options: `res.cookie('a', v, { ...secureDefaults, ... })`.
|
|
35
|
+
* We flag the call (RHS is opaque) unless `secure: true` and
|
|
36
|
+
* `httpOnly: true` appear literally. Users can suppress via config.
|
|
37
|
+
*/
|
|
38
|
+
import type { AnalysisPass, PassContext } from '../../graph/analysis-pass.js';
|
|
39
|
+
export interface InsecureCookieResult {
|
|
40
|
+
insecureCookies: Array<{
|
|
41
|
+
line: number;
|
|
42
|
+
receiver: string;
|
|
43
|
+
missingSecure: boolean;
|
|
44
|
+
missingHttpOnly: boolean;
|
|
45
|
+
optionsPresent: boolean;
|
|
46
|
+
}>;
|
|
47
|
+
}
|
|
48
|
+
export declare class InsecureCookiePass implements AnalysisPass<InsecureCookieResult> {
|
|
49
|
+
readonly name = "insecure-cookie";
|
|
50
|
+
readonly category: "security";
|
|
51
|
+
run(ctx: PassContext): InsecureCookieResult;
|
|
52
|
+
}
|
|
53
|
+
//# sourceMappingURL=insecure-cookie-pass.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"insecure-cookie-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/insecure-cookie-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAS9E,MAAM,WAAW,oBAAoB;IACnC,eAAe,EAAE,KAAK,CAAC;QACrB,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,aAAa,EAAE,OAAO,CAAC;QACvB,eAAe,EAAE,OAAO,CAAC;QACzB,cAAc,EAAE,OAAO,CAAC;KACzB,CAAC,CAAC;CACJ;AAED,qBAAa,kBAAmB,YAAW,YAAY,CAAC,oBAAoB,CAAC;IAC3E,QAAQ,CAAC,IAAI,qBAAqB;IAClC,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IAExC,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,oBAAoB;CAoE5C"}
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pass: insecure-cookie (CWE-614, category: security)
|
|
3
|
+
*
|
|
4
|
+
* JavaScript / TypeScript pattern pass that flags Express `res.cookie(name,
|
|
5
|
+
* value, options)` calls where the options object is missing or does not
|
|
6
|
+
* set both `secure: true` and `httpOnly: true`.
|
|
7
|
+
*
|
|
8
|
+
* Rationale: the absence of `Secure` / `HttpOnly` flags is a vulnerability
|
|
9
|
+
* of *shape*, not of taint. `insecure_cookie` is already modeled as a
|
|
10
|
+
* Java sink (`new Cookie(...)`) via the YAML config, but the equivalent
|
|
11
|
+
* Express pattern uses a literal options object whose presence/absence
|
|
12
|
+
* of flags must be inspected at the call site. The receiver type does
|
|
13
|
+
* not propagate cleanly through middleware, so we do a syntactic check
|
|
14
|
+
* on the literal source-text of arg 2.
|
|
15
|
+
*
|
|
16
|
+
* Detection:
|
|
17
|
+
* 1. Filter language to javascript/typescript.
|
|
18
|
+
* 2. Iterate `graph.ir.calls` for `method_name === 'cookie'` with a
|
|
19
|
+
* receiver that looks like an Express response (`res`, `response`,
|
|
20
|
+
* `reply`, `ctx.cookies` is intentionally excluded — Koa's API has
|
|
21
|
+
* different semantics).
|
|
22
|
+
* 3. Read the raw expression text of arg 2 (the options object).
|
|
23
|
+
* 4. Flag if:
|
|
24
|
+
* - arg 2 is absent, OR
|
|
25
|
+
* - arg 2 does not contain `secure: true` (regex), OR
|
|
26
|
+
* - arg 2 does not contain `httpOnly: true` (regex).
|
|
27
|
+
* 5. Emit a single finding per call site listing the missing flags.
|
|
28
|
+
*
|
|
29
|
+
* Excluded (intentionally not flagged):
|
|
30
|
+
* - `res.clearCookie(...)` — clears, not sets.
|
|
31
|
+
* - Cookie session middleware initialisation (`app.use(cookieSession(...))`).
|
|
32
|
+
*
|
|
33
|
+
* Out of scope (call site does not have enough information):
|
|
34
|
+
* - Spread-based options: `res.cookie('a', v, { ...secureDefaults, ... })`.
|
|
35
|
+
* We flag the call (RHS is opaque) unless `secure: true` and
|
|
36
|
+
* `httpOnly: true` appear literally. Users can suppress via config.
|
|
37
|
+
*/
|
|
38
|
+
const COOKIE_RESPONSE_RECEIVERS = new Set([
|
|
39
|
+
'res', 'response', 'reply',
|
|
40
|
+
]);
|
|
41
|
+
const SECURE_TRUE_RE = /\bsecure\s*:\s*true\b/;
|
|
42
|
+
const HTTPONLY_TRUE_RE = /\bhttpOnly\s*:\s*true\b/i;
|
|
43
|
+
export class InsecureCookiePass {
|
|
44
|
+
name = 'insecure-cookie';
|
|
45
|
+
category = 'security';
|
|
46
|
+
run(ctx) {
|
|
47
|
+
const { graph, language } = ctx;
|
|
48
|
+
if (language !== 'javascript' && language !== 'typescript') {
|
|
49
|
+
return { insecureCookies: [] };
|
|
50
|
+
}
|
|
51
|
+
const file = graph.ir.meta.file;
|
|
52
|
+
const insecureCookies = [];
|
|
53
|
+
for (const call of graph.ir.calls) {
|
|
54
|
+
if (call.method_name !== 'cookie')
|
|
55
|
+
continue;
|
|
56
|
+
const receiver = call.receiver ?? '';
|
|
57
|
+
if (!COOKIE_RESPONSE_RECEIVERS.has(receiver))
|
|
58
|
+
continue;
|
|
59
|
+
// Must look like a setter call: at least (name, value) args.
|
|
60
|
+
// `res.cookie('name')` (Express getter form) takes one arg — skip.
|
|
61
|
+
if (call.arguments.length < 2)
|
|
62
|
+
continue;
|
|
63
|
+
const opts = call.arguments.find(a => a.position === 2);
|
|
64
|
+
const optsExpr = (opts?.expression ?? '').trim();
|
|
65
|
+
const optionsPresent = optsExpr.length > 0;
|
|
66
|
+
const missingSecure = !SECURE_TRUE_RE.test(optsExpr);
|
|
67
|
+
const missingHttpOnly = !HTTPONLY_TRUE_RE.test(optsExpr);
|
|
68
|
+
if (!missingSecure && !missingHttpOnly)
|
|
69
|
+
continue;
|
|
70
|
+
const line = call.location.line;
|
|
71
|
+
insecureCookies.push({
|
|
72
|
+
line,
|
|
73
|
+
receiver,
|
|
74
|
+
missingSecure,
|
|
75
|
+
missingHttpOnly,
|
|
76
|
+
optionsPresent,
|
|
77
|
+
});
|
|
78
|
+
const missing = [];
|
|
79
|
+
if (missingSecure)
|
|
80
|
+
missing.push('`secure: true`');
|
|
81
|
+
if (missingHttpOnly)
|
|
82
|
+
missing.push('`httpOnly: true`');
|
|
83
|
+
ctx.addFinding({
|
|
84
|
+
id: `${this.name}-${file}-${line}`,
|
|
85
|
+
pass: this.name,
|
|
86
|
+
category: this.category,
|
|
87
|
+
rule_id: this.name,
|
|
88
|
+
cwe: 'CWE-614',
|
|
89
|
+
severity: 'medium',
|
|
90
|
+
level: 'warning',
|
|
91
|
+
message: `Cookie set without ${missing.join(' and ')} — vulnerable to ` +
|
|
92
|
+
`cleartext transmission (CWE-614) and client-side JS access ` +
|
|
93
|
+
`(CWE-1004).`,
|
|
94
|
+
file,
|
|
95
|
+
line,
|
|
96
|
+
fix: 'Pass `{ secure: true, httpOnly: true, sameSite: "lax" }` as the ' +
|
|
97
|
+
'third argument to `res.cookie()`.',
|
|
98
|
+
evidence: {
|
|
99
|
+
receiver,
|
|
100
|
+
options_present: optionsPresent,
|
|
101
|
+
missing_secure: missingSecure,
|
|
102
|
+
missing_http_only: missingHttpOnly,
|
|
103
|
+
},
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
return { insecureCookies };
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
//# sourceMappingURL=insecure-cookie-pass.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"insecure-cookie-pass.js","sourceRoot":"","sources":["../../../src/analysis/passes/insecure-cookie-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAIH,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC;IACxC,KAAK,EAAE,UAAU,EAAE,OAAO;CAC3B,CAAC,CAAC;AAEH,MAAM,cAAc,GAAI,uBAAuB,CAAC;AAChD,MAAM,gBAAgB,GAAG,0BAA0B,CAAC;AAYpD,MAAM,OAAO,kBAAkB;IACpB,IAAI,GAAG,iBAAiB,CAAC;IACzB,QAAQ,GAAG,UAAmB,CAAC;IAExC,GAAG,CAAC,GAAgB;QAClB,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC;QAEhC,IAAI,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;YAC3D,OAAO,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QACjC,CAAC;QAED,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;QAChC,MAAM,eAAe,GAA4C,EAAE,CAAC;QAEpE,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;YAClC,IAAI,IAAI,CAAC,WAAW,KAAK,QAAQ;gBAAE,SAAS;YAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC;YACrC,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAEvD,6DAA6D;YAC7D,mEAAmE;YACnE,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC;gBAAE,SAAS;YAExC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC;YACxD,MAAM,QAAQ,GAAG,CAAC,IAAI,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;YAE3C,MAAM,aAAa,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACrD,MAAM,eAAe,GAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzD,IAAI,CAAC,aAAa,IAAI,CAAC,eAAe;gBAAE,SAAS;YAEjD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;YAChC,eAAe,CAAC,IAAI,CAAC;gBACnB,IAAI;gBACJ,QAAQ;gBACR,aAAa;gBACb,eAAe;gBACf,cAAc;aACf,CAAC,CAAC;YAEH,MAAM,OAAO,GAAa,EAAE,CAAC;YAC7B,IAAI,aAAa;gBAAI,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACpD,IAAI,eAAe;gBAAE,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAEtD,GAAG,CAAC,UAAU,CAAC;gBACb,EAAE,EAAE,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,IAAI,IAAI,EAAE;gBAClC,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,OAAO,EAAE,IAAI,CAAC,IAAI;gBAClB,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,SAAS;gBAChB,OAAO,EACL,sBAAsB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,mBAAmB;oBAC9D,6DAA6D;oBAC7D,aAAa;gBACf,IAAI;gBACJ,IAAI;gBACJ,GAAG,EACD,kEAAkE;oBAClE,mCAAmC;gBACrC,QAAQ,EAAE;oBACR,QAAQ;oBACR,eAAe,EAAE,cAAc;oBAC/B,cAAc,EAAE,aAAa;oBAC7B,iBAAiB,EAAE,eAAe;iBACnC;aACF,CAAC,CAAC;QACL,CAAC;QAED,OAAO,EAAE,eAAe,EAAE,CAAC;IAC7B,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interprocedural-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/interprocedural-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC1F,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;
|
|
1
|
+
{"version":3,"file":"interprocedural-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/interprocedural-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC1F,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAO9E,MAAM,WAAW,yBAAyB;IACxC,8DAA8D;IAC9D,eAAe,EAAE,SAAS,EAAE,CAAC;IAC7B,8DAA8D;IAC9D,eAAe,EAAE,aAAa,EAAE,CAAC;IACjC,6DAA6D;IAC7D,eAAe,CAAC,EAAE,mBAAmB,CAAC;CACvC;AAED,qBAAa,mBAAoB,YAAW,YAAY,CAAC,yBAAyB,CAAC;IACjF,QAAQ,CAAC,IAAI,qBAAqB;IAClC,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IAExC,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,yBAAyB;CA0KjD"}
|
|
@@ -13,6 +13,7 @@
|
|
|
13
13
|
* Depends on: sink-filter, constant-propagation, taint-propagation
|
|
14
14
|
*/
|
|
15
15
|
import { analyzeInterprocedural, findTaintBridges } from '../interprocedural.js';
|
|
16
|
+
import { attachSourceLineCode } from '../taint-matcher.js';
|
|
16
17
|
export class InterproceduralPass {
|
|
17
18
|
name = 'interprocedural';
|
|
18
19
|
category = 'security';
|
|
@@ -23,7 +24,10 @@ export class InterproceduralPass {
|
|
|
23
24
|
const taintProp = ctx.getResult('taint-propagation');
|
|
24
25
|
const { sources, sinks, sanitizers } = sinkFilter;
|
|
25
26
|
if (sources.length === 0) {
|
|
26
|
-
|
|
27
|
+
// Preserve flows synthesized by TaintPropagationPass (e.g. Python alias
|
|
28
|
+
// expansion for-loop / inline-source cases from cognium-dev #76/#83 where
|
|
29
|
+
// no real source was registered but a derived var reaches a sink).
|
|
30
|
+
return { additionalSinks: [], additionalFlows: [...taintProp.flows] };
|
|
27
31
|
}
|
|
28
32
|
const additionalSinks = [];
|
|
29
33
|
const additionalFlows = [...taintProp.flows];
|
|
@@ -163,6 +167,12 @@ export class InterproceduralPass {
|
|
|
163
167
|
}
|
|
164
168
|
}
|
|
165
169
|
}
|
|
170
|
+
// Attach trimmed source-line text to each emitted sink so consumers
|
|
171
|
+
// (LLM enrichment, SARIF reporters) can render the offending line without
|
|
172
|
+
// re-reading the file. Idempotent — only fills `code` when missing.
|
|
173
|
+
if (additionalSinks.length > 0) {
|
|
174
|
+
attachSourceLineCode([], additionalSinks, ctx.code);
|
|
175
|
+
}
|
|
166
176
|
return { additionalSinks, additionalFlows, interprocedural };
|
|
167
177
|
}
|
|
168
178
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interprocedural-pass.js","sourceRoot":"","sources":["../../../src/analysis/passes/interprocedural-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAOH,OAAO,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"interprocedural-pass.js","sourceRoot":"","sources":["../../../src/analysis/passes/interprocedural-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAOH,OAAO,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAW3D,MAAM,OAAO,mBAAmB;IACrB,IAAI,GAAG,iBAAiB,CAAC;IACzB,QAAQ,GAAG,UAAmB,CAAC;IAExC,GAAG,CAAC,GAAgB;QAClB,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;QAEtB,MAAM,SAAS,GAAK,GAAG,CAAC,SAAS,CAA2B,sBAAsB,CAAC,CAAC;QACpF,MAAM,UAAU,GAAI,GAAG,CAAC,SAAS,CAAmB,aAAa,CAAC,CAAC;QACnE,MAAM,SAAS,GAAK,GAAG,CAAC,SAAS,CAA6B,mBAAmB,CAAC,CAAC;QAEnF,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;QAElD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,wEAAwE;YACxE,0EAA0E;YAC1E,mEAAmE;YACnE,OAAO,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;QACxE,CAAC;QAED,MAAM,eAAe,GAAgB,EAAE,CAAC;QACxC,MAAM,eAAe,GAAoB,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAC9D,IAAI,eAAgD,CAAC;QAErD,6EAA6E;QAC7E,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,SAAS,GAAG,sBAAsB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE;gBAC1E,gBAAgB,EAAE,SAAS,CAAC,OAAO;aACpC,CAAC,CAAC;YAEH,gFAAgF;YAChF,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,eAAe,EAAE,CAAC;gBAC7C,IAAI,IAAI,CAAC,IAAI,KAAK,uBAAuB;oBAAE,SAAS;gBACpD,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3C,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC7B,CAAC;YACH,CAAC;YAED,wDAAwD;YACxD,IAAI,SAAS,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzC,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAU,CAAC;gBAC/C,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;oBAC7B,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;wBACrC,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;wBAC9C,oBAAoB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1D,CAAC;gBACH,CAAC;gBAED,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,eAAe,EAAE,CAAC;oBAC7C,IAAI,IAAI,CAAC,IAAI,KAAK,uBAAuB;wBAAE,SAAS;oBAEpD,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;wBACvC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC;4BAAE,SAAS;wBAE/D,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBAC5D,IAAI,CAAC,MAAM;4BAAE,SAAS;wBACtB,IAAI,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,OAAO;4BAAE,SAAS;wBACzE,IAAI,oBAAoB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;4BAAE,SAAS;wBAEpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;4BAC7B,IAAI,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,QAAQ;gCAAE,SAAS;4BAC1C,IAAI,MAAM,CAAC,IAAI,KAAK,uBAAuB,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG;gCAAE,SAAS;4BACjF,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,IAAI,CAAC;gCAAE,SAAS;4BAEpG,eAAe,CAAC,IAAI,CAAC;gCACnB,WAAW,EAAE,MAAM,CAAC,IAAI;gCACxB,SAAS,EAAI,IAAI,CAAC,IAAI;gCACtB,WAAW,EAAE,MAAM,CAAC,IAAI;gCACxB,SAAS,EAAI,IAAI,CAAC,IAAI;gCACtB,IAAI,EAAE;oCACJ,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAa,IAAI,EAAE,MAAM,CAAC,IAAI,EAAK,IAAI,EAAE,QAAiB,EAAE;oCACvF,EAAE,QAAQ,EAAE,WAAW,MAAM,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAG,IAAI,EAAE,KAAiB,EAAE;oCACvF,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAe,IAAI,EAAE,IAAI,CAAC,IAAI,EAAO,IAAI,EAAE,MAAiB,EAAE;iCACxF;gCACD,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;gCACtD,SAAS,EAAE,KAAK;6BACjB,CAAC,CAAC;4BACH,MAAM,CAAC,gCAAgC;wBACzC,CAAC;wBACD,MAAM,CAAC,mCAAmC;oBAC5C,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;YACjD,eAAe,GAAG;gBAChB,eAAe,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;gBACrD,aAAa,EAAE,YAAY;gBAC3B,YAAY,EAAE,SAAS,CAAC,SAAS;qBAC9B,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;qBAC/D,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBACZ,MAAM,EAAS,IAAI,CAAC,YAAY;oBAChC,MAAM,EAAS,IAAI,CAAC,YAAY;oBAChC,SAAS,EAAM,IAAI,CAAC,QAAQ;oBAC5B,YAAY,EAAG,IAAI,CAAC,WAAW;oBAC/B,aAAa,EAAE,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC;iBAC/D,CAAC,CAAC;aACN,CAAC;QACJ,CAAC;QAED,6EAA6E;QAC7E,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,uEAAuE;YACvE,wEAAwE;YACxE,8EAA8E;YAC9E,6EAA6E;YAC7E,gFAAgF;YAChF,4EAA4E;YAC5E,yEAAyE;YACzE,6EAA6E;YAC7E,4EAA4E;YAC5E,sEAAsE;YACtE,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CACpC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,mBAAmB;gBACjC,CAAC,CAAC,IAAI,KAAK,uBAAuB,CACrC,CAAC;YACF,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjC,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,CAAC;YAC/D,CAAC;YACD,MAAM,SAAS,GAAG,sBAAsB,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,EAAE,UAAU,EAAE;gBAC/E,gBAAgB,EAAE,SAAS,CAAC,OAAO;aACpC,CAAC,CAAC;YAEH,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,eAAe,EAAE,CAAC;gBAC7C,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC/C,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC7B,CAAC;YACH,CAAC;YAED,IAAI,SAAS,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,IAAI,SAAS,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9E,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;gBACjD,eAAe,GAAG;oBAChB,eAAe,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;oBACrD,aAAa,EAAE,YAAY;oBAC3B,YAAY,EAAE,SAAS,CAAC,SAAS;yBAC9B,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;yBAC/D,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACZ,MAAM,EAAS,IAAI,CAAC,YAAY;wBAChC,MAAM,EAAS,IAAI,CAAC,YAAY;wBAChC,SAAS,EAAM,IAAI,CAAC,QAAQ;wBAC5B,YAAY,EAAG,IAAI,CAAC,WAAW;wBAC/B,aAAa,EAAE,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC;qBAC/D,CAAC,CAAC;iBACN,CAAC;YACJ,CAAC;YAED,8DAA8D;YAC9D,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrD,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;oBACnC,eAAe,CAAC,IAAI,CAAC;wBACnB,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;wBAC5B,SAAS,EAAI,IAAI,CAAC,IAAI;wBACtB,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;wBAC5B,SAAS,EAAI,IAAI,CAAC,IAAI;wBACtB,IAAI,EAAE;4BACJ,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;4BACrE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAQ,IAAI,EAAE,MAAiB,EAAE;yBACtE;wBACD,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU;wBACnD,SAAS,EAAE,KAAK;qBACjB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,oEAAoE;QACpE,0EAA0E;QAC1E,oEAAoE;QACpE,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,oBAAoB,CAAC,EAAE,EAAE,eAAe,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QACtD,CAAC;QAED,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,CAAC;IAC/D,CAAC;CACF"}
|
|
@@ -74,5 +74,19 @@ export declare function findPythonTrustBoundaryViolations(sourceCode: string, ta
|
|
|
74
74
|
sinkLine: number;
|
|
75
75
|
}>;
|
|
76
76
|
export declare function buildJavaScriptTaintedVars(sourceCode: string, language: string): Map<string, number>;
|
|
77
|
+
/**
|
|
78
|
+
* Rust let-binding alias expansion (cognium-dev #71).
|
|
79
|
+
*
|
|
80
|
+
* Given a seed set of already-tainted variable names (typed-extractor
|
|
81
|
+
* parameters like `name: web::Path<String>`, plus method-call sources whose
|
|
82
|
+
* `let <var> = req.match_info()...` binding was reverse-engineered in
|
|
83
|
+
* `taint-matcher.ts`), iteratively propagate taint through `let X = ...`
|
|
84
|
+
* and `X = ...` lines whose RHS references any already-tainted name.
|
|
85
|
+
*
|
|
86
|
+
* The fixpoint loop is bounded by the number of distinct let-bindings, so
|
|
87
|
+
* it terminates in O(lines × tainted) worst case — fine for any realistic
|
|
88
|
+
* Rust source file.
|
|
89
|
+
*/
|
|
90
|
+
export declare function buildRustTaintedVars(sourceCode: string, seedVars: Set<string>): Map<string, number>;
|
|
77
91
|
export declare function findBashPatternFindings(sourceCode: string, file: string): SastFinding[];
|
|
78
92
|
//# sourceMappingURL=language-sources-pass.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"language-sources-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/language-sources-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAwB,WAAW,EAAO,MAAM,sBAAsB,CAAC;AAC3G,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAqB9E,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;IA0C/B,CAAC;AA4BF,MAAM,WAAW,qBAAqB;IACpC,iBAAiB,EAAE,WAAW,EAAE,CAAC;IACjC,eAAe,EAAE,SAAS,EAAE,CAAC;IAC7B;;;OAGG;IACH,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC;;;OAGG;IACH,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC7B;;;OAGG;IACH,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACpC;AAMD,qBAAa,mBAAoB,YAAW,YAAY,CAAC,qBAAqB,CAAC;IAC7E,QAAQ,CAAC,IAAI,sBAAsB;IACnC,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IAExC,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,qBAAqB;CAiF7C;AA0ID,wBAAgB,sBAAsB,CAAC,UAAU,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAkG9E;AAED,wBAAgB,wBAAwB,CAAC,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAwC5G;AAED,wBAAgB,iCAAiC,CAC/C,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAC/B,KAAK,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAoBjD;AA6DD,wBAAgB,0BAA0B,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAmBpG;AAyHD,wBAAgB,uBAAuB,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,WAAW,EAAE,CA0GvF"}
|
|
1
|
+
{"version":3,"file":"language-sources-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/language-sources-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAwB,WAAW,EAAO,MAAM,sBAAsB,CAAC;AAC3G,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAqB9E,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;IA0C/B,CAAC;AA4BF,MAAM,WAAW,qBAAqB;IACpC,iBAAiB,EAAE,WAAW,EAAE,CAAC;IACjC,eAAe,EAAE,SAAS,EAAE,CAAC;IAC7B;;;OAGG;IACH,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC;;;OAGG;IACH,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC7B;;;OAGG;IACH,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACpC;AAMD,qBAAa,mBAAoB,YAAW,YAAY,CAAC,qBAAqB,CAAC;IAC7E,QAAQ,CAAC,IAAI,sBAAsB;IACnC,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IAExC,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,qBAAqB;CAiF7C;AA0ID,wBAAgB,sBAAsB,CAAC,UAAU,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAkG9E;AAED,wBAAgB,wBAAwB,CAAC,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAwC5G;AAED,wBAAgB,iCAAiC,CAC/C,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAC/B,KAAK,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAoBjD;AA6DD,wBAAgB,0BAA0B,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAmBpG;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,oBAAoB,CAClC,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,GACpB,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAmCrB;AAyHD,wBAAgB,uBAAuB,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,WAAW,EAAE,CA0GvF"}
|
|
@@ -536,6 +536,56 @@ export function buildJavaScriptTaintedVars(sourceCode, language) {
|
|
|
536
536
|
}
|
|
537
537
|
return tainted;
|
|
538
538
|
}
|
|
539
|
+
/**
|
|
540
|
+
* Rust let-binding alias expansion (cognium-dev #71).
|
|
541
|
+
*
|
|
542
|
+
* Given a seed set of already-tainted variable names (typed-extractor
|
|
543
|
+
* parameters like `name: web::Path<String>`, plus method-call sources whose
|
|
544
|
+
* `let <var> = req.match_info()...` binding was reverse-engineered in
|
|
545
|
+
* `taint-matcher.ts`), iteratively propagate taint through `let X = ...`
|
|
546
|
+
* and `X = ...` lines whose RHS references any already-tainted name.
|
|
547
|
+
*
|
|
548
|
+
* The fixpoint loop is bounded by the number of distinct let-bindings, so
|
|
549
|
+
* it terminates in O(lines × tainted) worst case — fine for any realistic
|
|
550
|
+
* Rust source file.
|
|
551
|
+
*/
|
|
552
|
+
export function buildRustTaintedVars(sourceCode, seedVars) {
|
|
553
|
+
const derived = new Map();
|
|
554
|
+
const knownTainted = new Set(seedVars);
|
|
555
|
+
const lines = sourceCode.split('\n');
|
|
556
|
+
let changed = true;
|
|
557
|
+
while (changed) {
|
|
558
|
+
changed = false;
|
|
559
|
+
for (let i = 0; i < lines.length; i++) {
|
|
560
|
+
const line = lines[i];
|
|
561
|
+
const trimmed = line.trimStart();
|
|
562
|
+
if (trimmed.startsWith('//'))
|
|
563
|
+
continue;
|
|
564
|
+
// Prefer let-binding match. Falls back to bare assignment.
|
|
565
|
+
const letMatch = line.match(/^\s*let\s+(?:mut\s+)?([A-Za-z_]\w*)\s*(?::\s*[^=]+)?=\s*(.+?)(?:;|$)/);
|
|
566
|
+
const assignMatch = !letMatch
|
|
567
|
+
? line.match(/^\s*([A-Za-z_]\w*)\s*=\s*(.+?)(?:;|$)/)
|
|
568
|
+
: null;
|
|
569
|
+
const m = letMatch ?? assignMatch;
|
|
570
|
+
if (!m)
|
|
571
|
+
continue;
|
|
572
|
+
const lhs = m[1];
|
|
573
|
+
const rhs = m[2];
|
|
574
|
+
// Skip Rust keywords that can appear in LHS-like positions of the regex.
|
|
575
|
+
if (lhs === 'if' || lhs === 'while' || lhs === 'for' || lhs === 'match' || lhs === 'return')
|
|
576
|
+
continue;
|
|
577
|
+
if (knownTainted.has(lhs))
|
|
578
|
+
continue;
|
|
579
|
+
const ref = [...knownTainted].some(v => new RegExp(`\\b${v}\\b`).test(rhs));
|
|
580
|
+
if (ref) {
|
|
581
|
+
derived.set(lhs, i + 1);
|
|
582
|
+
knownTainted.add(lhs);
|
|
583
|
+
changed = true;
|
|
584
|
+
}
|
|
585
|
+
}
|
|
586
|
+
}
|
|
587
|
+
return derived;
|
|
588
|
+
}
|
|
539
589
|
// ---------------------------------------------------------------------------
|
|
540
590
|
// Bash/Shell taint sources
|
|
541
591
|
// ---------------------------------------------------------------------------
|