circle-ir 3.53.0 → 3.55.0

package/dist/browser/circle-ir.js

@@ -11177,9 +11177,16 @@ var DEFAULT_SINKS = [
   { method: "println", class: "ServletOutputStream", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
   // XSS in error messages (CWE-81)
   { method: "sendError", class: "HttpServletResponse", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [1] },
-  // Response header injection (can lead to header XSS)
-  { method: "setHeader", class: "HttpServletResponse", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [1] },
-  { method: "addHeader", class: "HttpServletResponse", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [1] },
+  // Response header injection — re-categorised from `xss` to `crlf`
+  // (CWE-113) in Sprint 6 of #86. Header injection is HTTP response
+  // splitting / cache-poisoning / cookie forging; reflected XSS via header
+  // reflection remains a downstream concern of body-writing sinks.
+  { method: "setHeader", class: "HttpServletResponse", type: "crlf", cwe: "CWE-113", severity: "medium", arg_positions: [1] },
+  { method: "addHeader", class: "HttpServletResponse", type: "crlf", cwe: "CWE-113", severity: "medium", arg_positions: [1] },
+  // Note: `sendRedirect` is primarily classified as `ssrf` / open-redirect
+  // (CWE-601) further down — see entry near line 1195. CRLF via Location
+  // header is a secondary concern; keeping the canonical SSRF entry avoids
+  // double-emission that would mask the open-redirect chain.
   { method: "setContentType", class: "HttpServletResponse", type: "xss", cwe: "CWE-79", severity: "medium", arg_positions: [0] },
   // JSP output
   { method: "setAttribute", class: "PageContext", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [1] },
@@ -12097,7 +12104,84 @@ var DEFAULT_SINKS = [
   { method: "from_str", class: "serde_yaml", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0] },
   { method: "from_reader", class: "serde_yaml", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0] },
   { method: "from_str", class: "serde_json", type: "deserialization", cwe: "CWE-502", severity: "medium", arg_positions: [0] },
-  { method: "from_slice", class: "serde_json", type: "deserialization", cwe: "CWE-502", severity: "medium", arg_positions: [0] }
+  { method: "from_slice", class: "serde_json", type: "deserialization", cwe: "CWE-502", severity: "medium", arg_positions: [0] },
+  // =========================================================================
+  // ReDoS sinks (CWE-1333) — issue #86 / Sprint 5
+  // =========================================================================
+  // First argument of regex compile/match functions is the pattern. Tainted
+  // patterns enable catastrophic-backtracking DoS.
+  // Python: re.{match,search,compile,findall,fullmatch,sub,subn,split}
+  { method: "match", class: "re", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["python"] },
+  { method: "search", class: "re", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["python"] },
+  { method: "fullmatch", class: "re", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["python"] },
+  { method: "compile", class: "re", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["python"] },
+  { method: "findall", class: "re", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["python"] },
+  { method: "finditer", class: "re", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["python"] },
+  { method: "sub", class: "re", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["python"] },
+  { method: "subn", class: "re", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["python"] },
+  { method: "split", class: "re", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["python"] },
+  // Java: Pattern.compile / Pattern.matches; String.matches/replaceAll/replaceFirst/split
+  { method: "compile", class: "Pattern", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["java"] },
+  { method: "matches", class: "Pattern", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["java"] },
+  { method: "matches", class: "String", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["java"] },
+  { method: "replaceAll", class: "String", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["java"] },
+  { method: "replaceFirst", class: "String", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["java"] },
+  { method: "split", class: "String", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["java"] },
+  // JS/TS: new RegExp(pat) ctor; receiver_type === 'RegExp'. Also string.match
+  // and string.matchAll, replace, search take a regex/string pattern.
+  { method: "RegExp", class: "constructor", type: "redos", cwe: "CWE-1333", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
+  // Go: regexp.Compile / MustCompile / Match / MatchString
+  { method: "Compile", class: "regexp", type: "redos", cwe: "CWE-1333", severity: "medium", arg_positions: [0], languages: ["go"] },
+  { method: "MustCompile", class: "regexp", type: "redos", cwe: "CWE-1333", severity: "medium", arg_positions: [0], languages: ["go"] },
+  { method: "Match", class: "regexp", type: "redos", cwe: "CWE-1333", severity: "medium", arg_positions: [0], languages: ["go"] },
+  { method: "MatchString", class: "regexp", type: "redos", cwe: "CWE-1333", severity: "medium", arg_positions: [0], languages: ["go"] },
+  // =========================================================================
+  // Format-string sinks (CWE-134) — issue #86 / Sprint 5
+  // =========================================================================
+  // First argument is the format string. Tainted format strings enable
+  // information disclosure and (for C-style runtimes) memory writes.
+  // Java: String.format / Formatter.format / printf / format on PrintStream
+  // (note: printf/format on PrintWriter/PrintStream are already XSS sinks above)
+  { method: "format", class: "String", type: "format_string", cwe: "CWE-134", severity: "high", arg_positions: [0], languages: ["java"] },
+  { method: "format", class: "Formatter", type: "format_string", cwe: "CWE-134", severity: "high", arg_positions: [0], languages: ["java"] },
+  { method: "printf", class: "System.out", type: "format_string", cwe: "CWE-134", severity: "high", arg_positions: [0], languages: ["java"] },
+  // NOTE: Python `userFmt.format(...)` and `userFmt % args` require
+  // receiver-taint or operator-LHS-taint tracking — the format string is the
+  // receiver, not an argument. Deferred to Sprint 6 (#86 follow-up).
+  // C-style: printf / fprintf / sprintf / snprintf via ctypes/cffi.
+  { method: "printf", type: "format_string", cwe: "CWE-134", severity: "high", arg_positions: [0], languages: ["python"] },
+  { method: "fprintf", type: "format_string", cwe: "CWE-134", severity: "high", arg_positions: [1], languages: ["python"] },
+  // Go: fmt.Sprintf/Printf/Fprintf/Errorf — format string is first/second arg
+  { method: "Sprintf", class: "fmt", type: "format_string", cwe: "CWE-134", severity: "medium", arg_positions: [0], languages: ["go"] },
+  { method: "Printf", class: "fmt", type: "format_string", cwe: "CWE-134", severity: "medium", arg_positions: [0], languages: ["go"] },
+  { method: "Errorf", class: "fmt", type: "format_string", cwe: "CWE-134", severity: "medium", arg_positions: [0], languages: ["go"] },
+  { method: "Fprintf", class: "fmt", type: "format_string", cwe: "CWE-134", severity: "medium", arg_positions: [1], languages: ["go"] },
+  // CRLF / HTTP response splitting (CWE-113) — Sprint 6, #86.
+  // Node.js / Express response header / cookie sinks. The header *name* (arg 0)
+  // is also CRLF-sensitive but is almost always a string literal; we model
+  // arg 1 (the value) as the primary sink.
+  { method: "setHeader", type: "crlf", cwe: "CWE-113", severity: "medium", arg_positions: [1], languages: ["javascript", "typescript"] },
+  { method: "writeHead", type: "crlf", cwe: "CWE-113", severity: "medium", arg_positions: [2], languages: ["javascript", "typescript"] },
+  // Express: res.cookie(name, value, options) — value is CRLF-sensitive.
+  { method: "cookie", type: "crlf", cwe: "CWE-113", severity: "medium", arg_positions: [1], languages: ["javascript", "typescript"] },
+  // Express: res.location(url) and res.redirect(url) — Location header.
+  { method: "location", type: "crlf", cwe: "CWE-113", severity: "medium", arg_positions: [0], languages: ["javascript", "typescript"] },
+  { method: "redirect", type: "crlf", cwe: "CWE-113", severity: "medium", arg_positions: [0], languages: ["javascript", "typescript"] },
+  // Go net/http: w.Header().Set(k, v) / Add(k, v) — first arg is the value
+  // (Header is a map; the actual `value` is arg 1 of the call). We flag the
+  // value position so a tainted variable is detected.
+  { method: "Set", class: "Header", type: "crlf", cwe: "CWE-113", severity: "medium", arg_positions: [1], languages: ["go"] },
+  { method: "Add", class: "Header", type: "crlf", cwe: "CWE-113", severity: "medium", arg_positions: [1], languages: ["go"] },
+  // Mass-assignment (CWE-915) — Sprint 6, #86.
+  // JS Object.assign(target, ...sources) — sources are arg 1..N, and if any
+  // source is request-tainted, every key gets written onto the target. We
+  // flag the source positions; the analyzer only needs one tainted to fire.
+  { method: "assign", class: "Object", type: "mass_assignment", cwe: "CWE-915", severity: "high", arg_positions: [1, 2, 3], languages: ["javascript", "typescript"] },
+  // Lodash bulk-merge helpers behave identically.
+  { method: "merge", class: "_", type: "mass_assignment", cwe: "CWE-915", severity: "high", arg_positions: [1, 2, 3], languages: ["javascript", "typescript"] },
+  { method: "extend", class: "_", type: "mass_assignment", cwe: "CWE-915", severity: "high", arg_positions: [1, 2, 3], languages: ["javascript", "typescript"] },
+  // jQuery $.extend(target, source) (legacy).
+  { method: "extend", class: "$", type: "mass_assignment", cwe: "CWE-915", severity: "high", arg_positions: [1, 2, 3], languages: ["javascript", "typescript"] }
 ];
 var DEFAULT_SANITIZERS = [
   // SQL Injection - proper parameter binding sanitizes input
@@ -13567,12 +13651,17 @@ function canSourceReachSink(sourceType, sinkType) {
     // code_injection added to http_param/http_query/http_header/http_cookie:
     // `eval(req.query.x)`, `Function(req.header('x'))`, `vm.runInThisContext(req.cookies.c)`
     // are all real RCE patterns in JS web apps (cognium-dev #83).
-    http_param: ["sql_injection", "command_injection", "path_traversal", "xss", "xpath_injection", "ldap_injection", "ssrf", "mybatis_mapper_call", "code_injection"],
-    http_body: ["sql_injection", "command_injection", "deserialization", "xxe", "xss", "code_injection", "mybatis_mapper_call"],
-    http_header: ["sql_injection", "xss", "ssrf", "mybatis_mapper_call", "code_injection"],
-    http_cookie: ["sql_injection", "xss", "mybatis_mapper_call", "code_injection"],
+    // crlf added to http_param/http_query/http_header/http_cookie/http_body:
+    // setHeader/setCookie/redirect of any user-controlled string is CRLF / response
+    // splitting (CWE-113) — Sprint 6, issue #86.
+    // mass_assignment added to http_body / http_param: Object.assign(user, req.body),
+    // User(**request.form) — CWE-915.
+    http_param: ["sql_injection", "command_injection", "path_traversal", "xss", "xpath_injection", "ldap_injection", "ssrf", "mybatis_mapper_call", "code_injection", "crlf", "mass_assignment"],
+    http_body: ["sql_injection", "command_injection", "deserialization", "xxe", "xss", "code_injection", "mybatis_mapper_call", "crlf", "mass_assignment"],
+    http_header: ["sql_injection", "xss", "ssrf", "mybatis_mapper_call", "code_injection", "crlf"],
+    http_cookie: ["sql_injection", "xss", "mybatis_mapper_call", "code_injection", "crlf"],
     http_path: ["path_traversal", "sql_injection", "ssrf", "mybatis_mapper_call"],
-    http_query: ["sql_injection", "command_injection", "xss", "ssrf", "mybatis_mapper_call", "code_injection"],
+    http_query: ["sql_injection", "command_injection", "xss", "ssrf", "mybatis_mapper_call", "code_injection", "crlf", "mass_assignment"],
     io_input: ["command_injection", "path_traversal", "deserialization", "xxe", "code_injection", "xss"],
     env_input: ["command_injection", "path_traversal"],
     db_input: ["xss", "sql_injection"],
@@ -13581,7 +13670,7 @@ function canSourceReachSink(sourceType, sinkType) {
     network_input: ["sql_injection", "command_injection", "xss", "ssrf"],
     config_param: ["sql_injection", "command_injection", "path_traversal", "xss", "ssrf"],
     // Servlet init params
-    interprocedural_param: ["sql_injection", "command_injection", "path_traversal", "xss", "xpath_injection", "ldap_injection", "ssrf", "code_injection", "mybatis_mapper_call"],
+    interprocedural_param: ["sql_injection", "command_injection", "path_traversal", "xss", "xpath_injection", "ldap_injection", "ssrf", "code_injection", "mybatis_mapper_call", "crlf", "mass_assignment"],
     // Cross-method taint
     plugin_param: ["sql_injection", "command_injection", "path_traversal", "xss", "code_injection"]
     // Plugin/config parameters
@@ -14780,7 +14869,11 @@ var KNOWN_SINK_TYPES = /* @__PURE__ */ new Set([
   "xxe",
   "deserialization",
   "code_injection",
-  "mybatis_mapper_call"
+  "mybatis_mapper_call",
+  "redos",
+  "format_string",
+  "crlf",
+  "mass_assignment"
 ]);
 function checkSanitized(_fromLine, toLine, sinkType, sanitizersByLine) {
   const sanitizersAtTarget = sanitizersByLine.get(toLine);
@@ -27928,6 +28021,447 @@ var TlsVerifyDisabledPass = class {
   }
 };
 
+// src/analysis/passes/jwt-verify-disabled-pass.ts
+var PY_VERIFY_SIGNATURE_FALSE_RE = /["']verify_signature["']\s*:\s*False\b/;
+var PY_VERIFY_KW_FALSE_RE = /\bverify\s*=\s*False\b/;
+var PY_ALG_NONE_RE = /\balgorithms\s*=\s*[\[\(]\s*["']none["']/i;
+var JS_ALG_NONE_RE = /\balgorithms\s*:\s*\[\s*["']none["']/i;
+var JwtVerifyDisabledPass = class {
+  name = "jwt-verify-disabled";
+  category = "security";
+  run(ctx) {
+    const { graph, language } = ctx;
+    const file = graph.ir.meta.file;
+    const findings = [];
+    for (const call of graph.ir.calls) {
+      const detections = this.detect(call, language);
+      for (const det of detections) {
+        const line = call.location.line;
+        findings.push({ line, language, ...det });
+        ctx.addFinding({
+          id: `${this.name}-${file}-${line}-${det.pattern}`,
+          pass: this.name,
+          category: this.category,
+          rule_id: this.name,
+          cwe: "CWE-347",
+          severity: "critical",
+          level: "error",
+          message: `JWT signature verification disabled via \`${det.pattern}\` in \`${det.api}\`. Any attacker can forge a token with arbitrary claims (user id, roles, expiry) since the signature is not checked.`,
+          file,
+          line,
+          fix: this.fixFor(language),
+          evidence: { ...det, language }
+        });
+      }
+    }
+    return { findings };
+  }
+  detect(call, language) {
+    const method = call.method_name;
+    const receiver = call.receiver ?? "";
+    const out2 = [];
+    if (language === "python") {
+      if (receiver === "jwt" && method === "decode") {
+        for (const arg of call.arguments) {
+          const expr = (arg.expression ?? "").trim();
+          if (!expr) continue;
+          if (PY_VERIFY_SIGNATURE_FALSE_RE.test(expr)) {
+            out2.push({ pattern: "verify_signature: False", api: "jwt.decode" });
+          }
+          if (PY_VERIFY_KW_FALSE_RE.test(expr)) {
+            out2.push({ pattern: "verify=False", api: "jwt.decode" });
+          }
+          if (PY_ALG_NONE_RE.test(expr)) {
+            out2.push({ pattern: "algorithms=['none']", api: "jwt.decode" });
+          }
+        }
+      }
+      return out2;
+    }
+    if (language === "javascript" || language === "typescript") {
+      if (receiver === "jwt" && method === "verify") {
+        for (const arg of call.arguments) {
+          const expr = (arg.expression ?? "").trim();
+          if (!expr) continue;
+          if (JS_ALG_NONE_RE.test(expr)) {
+            out2.push({ pattern: "algorithms: ['none']", api: "jwt.verify" });
+          }
+          if (/\bverify\s*:\s*false\b/i.test(expr)) {
+            out2.push({ pattern: "verify: false", api: "jwt.verify" });
+          }
+        }
+        const keyArg = call.arguments.find((a) => a.position === 1);
+        const keyExpr = (keyArg?.expression ?? keyArg?.literal ?? "").trim();
+        if (keyExpr === "null" || keyExpr === "undefined" || keyExpr === '""' || keyExpr === "''" || keyExpr === "``") {
+          out2.push({ pattern: `empty key (${keyExpr || "missing"})`, api: "jwt.verify" });
+        }
+      }
+      return out2;
+    }
+    if (language === "java") {
+      if (method === "require" && (receiver === "JWT" || receiver.endsWith(".JWT"))) {
+        const arg = call.arguments.find((a) => a.position === 0);
+        const expr = (arg?.expression ?? "").trim();
+        if (/\bAlgorithm\s*\.\s*none\s*\(/.test(expr)) {
+          out2.push({ pattern: "Algorithm.none()", api: "JWT.require" });
+        }
+      }
+      if (method === "parse" && receiver.includes("parser")) {
+        out2.push({ pattern: "parse() instead of parseClaimsJws()", api: "Jwts.parser().parse" });
+      }
+      return out2;
+    }
+    return out2;
+  }
+  fixFor(language) {
+    if (language === "python") {
+      return 'Always pass `options={"verify_signature": True}` (the default in PyJWT 2.0+) and a concrete `algorithms=["HS256"|"RS256"]` list. Never accept `none`.';
+    }
+    if (language === "javascript" || language === "typescript") {
+      return 'Call `jwt.verify(token, secret, { algorithms: ["HS256" | "RS256"] })` with a non-empty key. Never use `algorithms: ["none"]` or pass null/empty as the secret.';
+    }
+    if (language === "java") {
+      return "For auth0/java-jwt: use `JWT.require(Algorithm.HMAC256(secret))` or an RSA algorithm. For jjwt: call `parseClaimsJws(token)` (signature enforced) rather than `parse(token)` (signature ignored).";
+    }
+    return "Enforce JWT signature verification with a concrete algorithm (HS256/RS256/ES256). Never accept `alg: none`.";
+  }
+};
+
+// src/analysis/passes/csrf-protection-disabled-pass.ts
+var JAVA_CSRF_DISABLE_RE = /\.csrf\s*\([^)]*\)\s*\.\s*disable\b/;
+var JAVA_CSRF_LAMBDA_DISABLE_RE = /\bcsrf\s*\(\s*\w+\s*->\s*\w+\s*\.\s*disable\s*\(/;
+var JAVA_CSRF_METHODREF_RE = /\bcsrf\s*\(\s*[\w.]+::disable\s*\)/;
+var JAVA_CSRF_NULL_REPO_RE = /\.csrfTokenRepository\s*\(\s*null\s*\)/;
+var CsrfProtectionDisabledPass = class {
+  name = "csrf-protection-disabled";
+  category = "security";
+  run(ctx) {
+    const { graph, language } = ctx;
+    const file = graph.ir.meta.file;
+    const findings = [];
+    for (const call of graph.ir.calls) {
+      const detections = this.detectCall(call, language);
+      for (const det of detections) {
+        const line = call.location.line;
+        findings.push({ line, language, ...det });
+        ctx.addFinding({
+          id: `${this.name}-${file}-${line}-${det.pattern}`,
+          pass: this.name,
+          category: this.category,
+          rule_id: this.name,
+          cwe: "CWE-352",
+          severity: "critical",
+          level: "error",
+          message: `CSRF protection explicitly disabled via \`${det.pattern}\` (${det.api}). Any browser session can be silently used to perform state-changing requests from a malicious origin.`,
+          file,
+          line,
+          fix: this.fixFor(language),
+          evidence: { ...det, language }
+        });
+      }
+    }
+    if (language === "java") {
+      const src = ctx.code ?? "";
+      if (src) {
+        const lines = src.split("\n");
+        for (let i2 = 0; i2 < lines.length; i2++) {
+          const line = i2 + 1;
+          const text = lines[i2] ?? "";
+          let det = null;
+          if (JAVA_CSRF_LAMBDA_DISABLE_RE.test(text)) {
+            det = { pattern: "csrf(c -> c.disable())", api: "HttpSecurity.csrf" };
+          } else if (JAVA_CSRF_METHODREF_RE.test(text)) {
+            det = { pattern: "csrf(::disable)", api: "HttpSecurity.csrf" };
+          } else if (JAVA_CSRF_NULL_REPO_RE.test(text)) {
+            det = { pattern: "csrfTokenRepository(null)", api: "HttpSecurity.csrfTokenRepository" };
+          } else if (JAVA_CSRF_DISABLE_RE.test(text)) {
+            det = { pattern: "csrf().disable()", api: "HttpSecurity.csrf" };
+          }
+          if (det && !findings.some((f) => f.line === line && f.pattern === det.pattern)) {
+            findings.push({ line, language, ...det });
+            ctx.addFinding({
+              id: `${this.name}-${file}-${line}-${det.pattern}`,
+              pass: this.name,
+              category: this.category,
+              rule_id: this.name,
+              cwe: "CWE-352",
+              severity: "critical",
+              level: "error",
+              message: `CSRF protection explicitly disabled via \`${det.pattern}\` (${det.api}). Any browser session can be silently used to perform state-changing requests from a malicious origin.`,
+              file,
+              line,
+              fix: this.fixFor(language),
+              evidence: { ...det, language }
+            });
+          }
+        }
+      }
+    }
+    if (language === "python") {
+      const src = ctx.code ?? "";
+      if (src) {
+        const lines = src.split("\n");
+        for (let i2 = 0; i2 < lines.length; i2++) {
+          const text = lines[i2] ?? "";
+          if (/^\s*@csrf_exempt\b/.test(text)) {
+            const line = i2 + 1;
+            const det = { pattern: "@csrf_exempt", api: "django.views.decorators.csrf" };
+            findings.push({ line, language, ...det });
+            ctx.addFinding({
+              id: `${this.name}-${file}-${line}-${det.pattern}`,
+              pass: this.name,
+              category: this.category,
+              rule_id: this.name,
+              cwe: "CWE-352",
+              severity: "critical",
+              level: "error",
+              message: "Django view is decorated with `@csrf_exempt`, bypassing the framework CSRF middleware for this endpoint. Any browser session can be silently used to invoke this handler from a malicious origin.",
+              file,
+              line,
+              fix: this.fixFor(language),
+              evidence: { ...det, language }
+            });
+          }
+        }
+      }
+    }
+    return { findings };
+  }
+  detectCall(call, language) {
+    const out2 = [];
+    if (language !== "java") return out2;
+    if (call.method_name === "disable") {
+      const recv = call.receiver ?? "";
+      if (/\bcsrf\s*\(\s*\)\s*$/.test(recv) || recv.endsWith(".csrf()")) {
+        out2.push({ pattern: "csrf().disable()", api: "HttpSecurity.csrf" });
+      }
+    }
+    if (call.method_name === "csrfTokenRepository") {
+      const arg = call.arguments.find((a) => a.position === 0);
+      const expr = (arg?.expression ?? arg?.literal ?? "").trim();
+      if (expr === "null") {
+        out2.push({
+          pattern: "csrfTokenRepository(null)",
+          api: "HttpSecurity.csrfTokenRepository"
+        });
+      }
+    }
+    return out2;
+  }
+  fixFor(language) {
+    if (language === "java") {
+      return 'Leave Spring Security CSRF protection enabled. If you need to exempt a specific endpoint (e.g. webhook), use `.csrf(c -> c.ignoringRequestMatchers("/webhook"))` rather than `.disable()`. For stateless APIs, prefer a per-request token over disabling CSRF entirely.';
+    }
+    if (language === "python") {
+      return "Remove `@csrf_exempt`. For stateless API endpoints, use Django REST Framework with a token / session auth backend that does not rely on cookies. For webhook receivers, verify a shared-secret signature instead of disabling CSRF.";
+    }
+    return "Re-enable framework CSRF protection or replace with origin / token validation.";
+  }
+};
+
+// src/analysis/passes/xml-entity-expansion-pass.ts
+var JAVA_FACTORIES = /* @__PURE__ */ new Set([
+  "SAXParserFactory",
+  "DocumentBuilderFactory",
+  "XMLInputFactory",
+  "SchemaFactory",
+  "TransformerFactory"
+]);
+var JAVA_SAFE_EVIDENCE_RE = /(disallow-doctype-decl|external-general-entities|external-parameter-entities|SUPPORT_DTD|ACCESS_EXTERNAL_DTD|ACCESS_EXTERNAL_SCHEMA|setXIncludeAware\s*\(\s*false\s*\)|setExpandEntityReferences\s*\(\s*false\s*\))/;
+var PY_LXML_PARSER_INSECURE_DEFAULT_RE = /\bresolve_entities\s*=\s*False\b/;
+var XmlEntityExpansionPass = class {
+  name = "xml-entity-expansion";
+  category = "security";
+  run(ctx) {
+    const { graph, language } = ctx;
+    const file = graph.ir.meta.file;
+    const findings = [];
+    const code = ctx.code ?? "";
+    if (language === "java") {
+      const safeInFile = JAVA_SAFE_EVIDENCE_RE.test(code);
+      if (safeInFile) return { findings };
+      for (const call of graph.ir.calls) {
+        const det = this.detectJavaCall(call);
+        if (!det) continue;
+        const line = call.location.line;
+        findings.push({ line, language, ...det });
+        ctx.addFinding({
+          id: `${this.name}-${file}-${line}-${det.api}`,
+          pass: this.name,
+          category: this.category,
+          rule_id: this.name,
+          cwe: det.cwe,
+          severity: "high",
+          level: "error",
+          message: `${det.api} created without disabling DTD / external-entity processing. Vulnerable to billion-laughs / quadratic blow-up DoS (CWE-776) and external-entity disclosure (CWE-611). Add \`setFeature("http://apache.org/xml/features/disallow-doctype-decl", true)\` (or the equivalent) before parsing.`,
+          file,
+          line,
+          fix: this.fixForJava(det.api),
+          evidence: { ...det, language, safeFeatureInFile: false }
+        });
+      }
+      return { findings };
+    }
+    if (language === "python") {
+      const safeInFile = PY_LXML_PARSER_INSECURE_DEFAULT_RE.test(code) || /\bdefusedxml\b/.test(code);
+      if (safeInFile) return { findings };
+      for (const call of graph.ir.calls) {
+        const det = this.detectPythonCall(call);
+        if (!det) continue;
+        const line = call.location.line;
+        findings.push({ line, language, ...det });
+        ctx.addFinding({
+          id: `${this.name}-${file}-${line}-${det.api}`,
+          pass: this.name,
+          category: this.category,
+          rule_id: this.name,
+          cwe: det.cwe,
+          severity: "high",
+          level: "error",
+          message: `${det.api} called without an entity-safe parser. Vulnerable to billion-laughs / quadratic blow-up DoS (CWE-776) and external-entity disclosure (CWE-611). Use \`defusedxml\` or pass an \`XMLParser(resolve_entities=False)\` to lxml.`,
+          file,
+          line,
+          fix: this.fixForPython(det.api),
+          evidence: { ...det, language, safeFeatureInFile: false }
+        });
+      }
+      return { findings };
+    }
+    return { findings };
+  }
+  detectJavaCall(call) {
+    if (call.method_name !== "newInstance") return null;
+    const recv = call.receiver ?? "";
+    const recvType = call.receiver_type ?? "";
+    for (const factory of JAVA_FACTORIES) {
+      if (recv === factory || recvType === factory || recv.endsWith("." + factory) || recvType.endsWith("." + factory)) {
+        return {
+          pattern: `${factory}.newInstance()`,
+          api: factory,
+          cwe: "CWE-776"
+        };
+      }
+    }
+    return null;
+  }
+  detectPythonCall(call) {
+    const recv = call.receiver ?? "";
+    const method = call.method_name;
+    if ((method === "parse" || method === "fromstring" || method === "XML") && (recv === "etree" || recv.endsWith(".etree"))) {
+      return {
+        pattern: `etree.${method}`,
+        api: `lxml.etree.${method}`,
+        cwe: "CWE-776"
+      };
+    }
+    if ((method === "parse" || method === "fromstring") && (recv === "ET" || recv === "ElementTree" || recv.endsWith(".ElementTree"))) {
+      return {
+        pattern: `ElementTree.${method}`,
+        api: `xml.etree.ElementTree.${method}`,
+        cwe: "CWE-776"
+      };
+    }
+    return null;
+  }
+  fixForJava(api) {
+    if (api === "SAXParserFactory") {
+      return 'Call `factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true)` and `factory.setXIncludeAware(false)` before `newSAXParser()`.';
+    }
+    if (api === "DocumentBuilderFactory") {
+      return 'Call `factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true)` and `factory.setExpandEntityReferences(false)` before `newDocumentBuilder()`.';
+    }
+    if (api === "XMLInputFactory") {
+      return "Call `factory.setProperty(XMLInputFactory.SUPPORT_DTD, false)` and `factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false)` before `createXMLStreamReader`.";
+    }
+    return "Use `XMLConstants.FEATURE_SECURE_PROCESSING` and explicitly disable DTD / external-entity loading on the factory before parsing.";
+  }
+  fixForPython(api) {
+    if (api.startsWith("lxml.etree")) {
+      return "Pass an explicit parser: `etree.parse(src, parser=etree.XMLParser(resolve_entities=False, no_network=True))`. Even better, use the `defusedxml.lxml` wrapper.";
+    }
+    return "Replace `xml.etree.ElementTree` with `defusedxml.ElementTree`, which disables DTD / entity processing by default.";
+  }
+};
+
+// src/analysis/passes/mass-assignment-pass.ts
+var PY_KWARGS_SPLAT_RE = /\*\*\s*(?:request|self\.request|flask\.request|ctx|self)\s*\.\s*(?:form|args|values|json|get_json\s*\(\s*\)|files|data)/;
+var JS_OBJECT_SPREAD_RE = /\{\s*\.\.\.\s*(?:req|request|ctx|context)(?:\.request)?\s*\.\s*(?:body|query|params|form)\b/;
+var MassAssignmentPass = class {
+  name = "mass-assignment";
+  category = "security";
+  run(ctx) {
+    const { graph, language } = ctx;
+    const file = graph.ir.meta.file;
+    const findings = [];
+    const code = ctx.code ?? "";
+    if (!code) return { findings };
+    const lines = code.split("\n");
+    if (language === "python") {
+      for (let i2 = 0; i2 < lines.length; i2++) {
+        const text = lines[i2] ?? "";
+        const m = PY_KWARGS_SPLAT_RE.exec(text);
+        if (!m) continue;
+        const line = i2 + 1;
+        const det = {
+          pattern: "**request.<bag>",
+          match: m[0]
+        };
+        findings.push({
+          line,
+          language,
+          pattern: det.pattern,
+          snippet: text.trim().slice(0, 200)
+        });
+        ctx.addFinding({
+          id: `${this.name}-${file}-${line}`,
+          pass: this.name,
+          category: this.category,
+          rule_id: this.name,
+          cwe: "CWE-915",
+          severity: "high",
+          level: "error",
+          message: `HTTP request bag splatted into constructor / ORM helper via \`${det.match}\`. Every form field becomes a settable attribute on the domain object, including ones the endpoint did not intend to expose (e.g. \`is_admin\`, \`role\`, \`owner_id\`).`,
+          file,
+          line,
+          fix: "Replace the `**` splat with an explicit allow-list: `Model(name=request.form['name'], email=request.form['email'])`. For Django, use a `ModelForm` / serializer with `fields = [...]`.",
+          evidence: { pattern: det.pattern, match: det.match, language }
+        });
+      }
+      return { findings };
+    }
+    if (language === "javascript" || language === "typescript") {
+      for (let i2 = 0; i2 < lines.length; i2++) {
+        const text = lines[i2] ?? "";
+        const m = JS_OBJECT_SPREAD_RE.exec(text);
+        if (!m) continue;
+        const line = i2 + 1;
+        findings.push({
+          line,
+          language,
+          pattern: "{...req.<bag>}",
+          snippet: text.trim().slice(0, 200)
+        });
+        ctx.addFinding({
+          id: `${this.name}-${file}-${line}`,
+          pass: this.name,
+          category: this.category,
+          rule_id: this.name,
+          cwe: "CWE-915",
+          severity: "high",
+          level: "error",
+          message: `HTTP request bag spread into object literal via \`${m[0]}\`. Every body field becomes a settable property on the resulting object, including ones the endpoint did not intend to expose (e.g. \`isAdmin\`, \`role\`, \`ownerId\`).`,
+          file,
+          line,
+          fix: "Replace the spread with an explicit pick: `const { name, email } = req.body; const user = { name, email };`. For ORMs, use a DTO / Zod schema with `.pick(...)` or allow-list serializers.",
+          evidence: { pattern: "{...req.<bag>}", match: m[0], language }
+        });
+      }
+      return { findings };
+    }
+    return { findings };
+  }
+};
+
 // src/analysis/metrics/passes/size-metrics-pass.ts
 var SizeMetricsPass = class {
   name = "size-metrics";
@@ -28829,6 +29363,10 @@ async function analyze(code, filePath, language, options = {}) {
     if (!disabledPasses.has("weak-crypto")) pipeline.add(new WeakCryptoPass());
     if (!disabledPasses.has("weak-random")) pipeline.add(new WeakRandomPass());
     if (!disabledPasses.has("tls-verify-disabled")) pipeline.add(new TlsVerifyDisabledPass());
+    if (!disabledPasses.has("jwt-verify-disabled")) pipeline.add(new JwtVerifyDisabledPass());
+    if (!disabledPasses.has("csrf-protection-disabled")) pipeline.add(new CsrfProtectionDisabledPass());
+    if (!disabledPasses.has("xml-entity-expansion")) pipeline.add(new XmlEntityExpansionPass());
+    if (!disabledPasses.has("mass-assignment")) pipeline.add(new MassAssignmentPass());
     const { results, findings } = pipeline.run(graph, code, language, config);
     const sinkFilter = results.get("sink-filter");
     const interProc = results.get("interprocedural");