circle-ir 3.59.0 → 3.62.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/analysis/config-loader.d.ts.map +1 -1
- package/dist/analysis/config-loader.js +58 -17
- package/dist/analysis/config-loader.js.map +1 -1
- package/dist/analysis/html/html-merge.d.ts.map +1 -1
- package/dist/analysis/html/html-merge.js +10 -0
- package/dist/analysis/html/html-merge.js.map +1 -1
- package/dist/analysis/interprocedural.d.ts.map +1 -1
- package/dist/analysis/interprocedural.js +44 -11
- package/dist/analysis/interprocedural.js.map +1 -1
- package/dist/analysis/passes/language-sources-pass.d.ts +7 -1
- package/dist/analysis/passes/language-sources-pass.d.ts.map +1 -1
- package/dist/analysis/passes/language-sources-pass.js +112 -15
- package/dist/analysis/passes/language-sources-pass.js.map +1 -1
- package/dist/analysis/passes/missing-public-doc-pass.d.ts.map +1 -1
- package/dist/analysis/passes/missing-public-doc-pass.js +2 -1
- package/dist/analysis/passes/missing-public-doc-pass.js.map +1 -1
- package/dist/analysis/passes/sink-filter-pass.d.ts.map +1 -1
- package/dist/analysis/passes/sink-filter-pass.js +4 -1
- package/dist/analysis/passes/sink-filter-pass.js.map +1 -1
- package/dist/analysis/passes/taint-propagation-pass.js +2 -1
- package/dist/analysis/passes/taint-propagation-pass.js.map +1 -1
- package/dist/analysis/passes/weak-random-pass.d.ts.map +1 -1
- package/dist/analysis/passes/weak-random-pass.js +2 -1
- package/dist/analysis/passes/weak-random-pass.js.map +1 -1
- package/dist/analysis/taint-matcher.d.ts.map +1 -1
- package/dist/analysis/taint-matcher.js +29 -7
- package/dist/analysis/taint-matcher.js.map +1 -1
- package/dist/analysis/taint-propagation.d.ts.map +1 -1
- package/dist/analysis/taint-propagation.js +20 -0
- package/dist/analysis/taint-propagation.js.map +1 -1
- package/dist/analyzer.d.ts.map +1 -1
- package/dist/analyzer.js +19 -2
- package/dist/analyzer.js.map +1 -1
- package/dist/browser/circle-ir.js +402 -51
- package/dist/core/circle-ir-core.cjs +243 -26
- package/dist/core/circle-ir-core.js +243 -26
- package/dist/core/extractors/calls.js +181 -1
- package/dist/core/extractors/calls.js.map +1 -1
- package/dist/core/extractors/cfg.js +1 -1
- package/dist/core/extractors/cfg.js.map +1 -1
- package/dist/core/extractors/dfg.js +29 -3
- package/dist/core/extractors/dfg.js.map +1 -1
- package/dist/core/extractors/imports.js +1 -1
- package/dist/core/extractors/imports.js.map +1 -1
- package/dist/core/extractors/runtime-registrations.js +1 -1
- package/dist/core/extractors/runtime-registrations.js.map +1 -1
- package/dist/core/extractors/types.js +1 -1
- package/dist/core/extractors/types.js.map +1 -1
- package/dist/core/parser.d.ts +1 -1
- package/dist/core/parser.d.ts.map +1 -1
- package/dist/graph/scope-graph.d.ts.map +1 -1
- package/dist/graph/scope-graph.js +1 -0
- package/dist/graph/scope-graph.js.map +1 -1
- package/dist/languages/plugins/bash.d.ts.map +1 -1
- package/dist/languages/plugins/bash.js +17 -0
- package/dist/languages/plugins/bash.js.map +1 -1
- package/dist/languages/registry.d.ts.map +1 -1
- package/dist/languages/registry.js +6 -0
- package/dist/languages/registry.js.map +1 -1
- package/dist/languages/types.d.ts +1 -1
- package/dist/languages/types.d.ts.map +1 -1
- package/dist/types/index.d.ts +1 -1
- package/dist/types/index.d.ts.map +1 -1
- package/dist/wasm/tree-sitter-tsx.wasm +0 -0
- package/package.json +2 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"html-merge.d.ts","sourceRoot":"","sources":["../../../src/analysis/html/html-merge.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,QAAQ,EACR,IAAI,
|
|
1
|
+
{"version":3,"file":"html-merge.d.ts","sourceRoot":"","sources":["../../../src/analysis/html/html-merge.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,QAAQ,EACR,IAAI,EAgBJ,WAAW,EACZ,MAAM,sBAAsB,CAAC;AAE9B,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,QAAQ,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,IAAI,EACd,aAAa,EAAE,iBAAiB,EAAE,EAClC,iBAAiB,EAAE,WAAW,EAAE,GAC/B,QAAQ,CA2KV"}
|
|
@@ -24,6 +24,7 @@ export function mergeHtmlResults(htmlMeta, scriptResults, attributeFindings) {
|
|
|
24
24
|
const allSources = [];
|
|
25
25
|
const allSinks = [];
|
|
26
26
|
const allSanitizers = [];
|
|
27
|
+
const allFlows = [];
|
|
27
28
|
const allImports = [];
|
|
28
29
|
const allExports = [];
|
|
29
30
|
const allFindings = [];
|
|
@@ -114,6 +115,14 @@ export function mergeHtmlResults(htmlMeta, scriptResults, attributeFindings) {
|
|
|
114
115
|
line: sanitizer.line + lineShift,
|
|
115
116
|
});
|
|
116
117
|
}
|
|
118
|
+
for (const flow of ir.taint.flows ?? []) {
|
|
119
|
+
allFlows.push({
|
|
120
|
+
...flow,
|
|
121
|
+
source_line: flow.source_line + lineShift,
|
|
122
|
+
sink_line: flow.sink_line + lineShift,
|
|
123
|
+
path: flow.path.map(step => ({ ...step, line: step.line + lineShift })),
|
|
124
|
+
});
|
|
125
|
+
}
|
|
117
126
|
// Shift imports
|
|
118
127
|
for (const imp of ir.imports) {
|
|
119
128
|
allImports.push({
|
|
@@ -138,6 +147,7 @@ export function mergeHtmlResults(htmlMeta, scriptResults, attributeFindings) {
|
|
|
138
147
|
sources: allSources,
|
|
139
148
|
sinks: allSinks,
|
|
140
149
|
sanitizers: allSanitizers.length > 0 ? allSanitizers : undefined,
|
|
150
|
+
flows: allFlows.length > 0 ? allFlows : undefined,
|
|
141
151
|
};
|
|
142
152
|
const cfg = {
|
|
143
153
|
blocks: allCfgBlocks,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"html-merge.js","sourceRoot":"","sources":["../../../src/analysis/html/html-merge.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;
|
|
1
|
+
{"version":3,"file":"html-merge.js","sourceRoot":"","sources":["../../../src/analysis/html/html-merge.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA4BH;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAc,EACd,aAAkC,EAClC,iBAAgC;IAEhC,MAAM,QAAQ,GAAe,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAe,EAAE,CAAC;IAChC,MAAM,YAAY,GAAe,EAAE,CAAC;IACpC,MAAM,WAAW,GAAc,EAAE,CAAC;IAClC,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,UAAU,GAAkB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAgB,EAAE,CAAC;IACjC,MAAM,aAAa,GAAqB,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,UAAU,GAAiB,EAAE,CAAC;IACpC,MAAM,UAAU,GAAiB,EAAE,CAAC;IACpC,MAAM,WAAW,GAAkB,EAAE,CAAC;IAEtC,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,IAAI,cAAc,GAAG,CAAC,CAAC;IAEvB,KAAK,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,IAAI,aAAa,EAAE,CAAC;QAC/C,MAAM,SAAS,GAAG,UAAU,GAAG,CAAC,CAAC;QACjC,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC;QAE/B,cAAc;QACd,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,KAAK,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC;gBACZ,GAAG,IAAI;gBACP,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,SAAS;gBACvC,QAAQ,EAAE,IAAI,CAAC,QAAQ,GAAG,SAAS;gBACnC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBAC9B,GAAG,CAAC;oBACJ,UAAU,EAAE,CAAC,CAAC,UAAU,GAAG,SAAS;oBACpC,QAAQ,EAAE,CAAC,CAAC,QAAQ,GAAG,SAAS;iBACjC,CAAC,CAAC;gBACH,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;aACzB,CAAC,CAAC;QACL,CAAC;QAED,cAAc;QACd,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,KAAK,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC;gBACZ,GAAG,IAAI;gBACP,QAAQ,EAAE;oBACR,GAAG,IAAI,CAAC,QAAQ;oBAChB,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,GAAG,SAAS;iBACrC;aACF,CAAC,CAAC;QACL,CAAC;QAED,iDAAiD;QACjD,MAAM,UAAU,GAAG,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5E,KAAK,MAAM,KAAK,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;YAClC,YAAY,CAAC,IAAI,CAAC;gBAChB,GAAG,KAAK;gBACR,EAAE,EAAE,KAAK,CAAC,EAAE,GAAG,gBAAgB;gBAC/B,UAAU,EAAE,KAAK,CAAC,UAAU,GAAG,SAAS;gBACxC,QAAQ,EAAE,KAAK,CAAC,QAAQ,GAAG,SAAS;aACrC,CAAC,CAAC;QACL,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YAChC,WAAW,CAAC,IAAI,CAAC;gBACf,GAAG,IAAI;gBACP,IAAI,EAAE,IAAI,CAAC,IAAI,GAAG,gBAAgB;gBAClC,EAAE,EAAE,IAAI,CAAC,EAAE,GAAG,gBAAgB;aAC/B,CAAC,CAAC;QACL,CAAC;QACD,gBAAgB,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnC,8CAA8C;QAC9C,MAAM,QAAQ,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACxE,MAAM,QAAQ,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACxE,KAAK,MAAM,GAAG,IAAI,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,UAAU,CAAC,IAAI,CAAC;gBACd,GAAG,GAAG;gBACN,EAAE,EAAE,GAAG,CAAC,EAAE,GAAG,cAAc;gBAC3B,IAAI,EAAE,GAAG,CAAC,IAAI,GAAG,SAAS;aAC3B,CAAC,CAAC;QACL,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,UAAU,CAAC,IAAI,CAAC;gBACd,GAAG,GAAG;gBACN,EAAE,EAAE,GAAG,CAAC,EAAE,GAAG,cAAc;gBAC3B,MAAM,EAAE,GAAG,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,cAAc,CAAC,CAAC,CAAC,IAAI;gBAChE,IAAI,EAAE,GAAG,CAAC,IAAI,GAAG,SAAS;aAC3B,CAAC,CAAC;QACL,CAAC;QACD,cAAc,IAAI,QAAQ,GAAG,CAAC,CAAC;QAC/B,cAAc,IAAI,QAAQ,GAAG,CAAC,CAAC;QAE/B,uCAAuC;QACvC,KAAK,MAAM,MAAM,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACtC,UAAU,CAAC,IAAI,CAAC;gBACd,GAAG,MAAM;gBACT,IAAI,EAAE,MAAM,CAAC,IAAI,GAAG,SAAS;aAC9B,CAAC,CAAC;QACL,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YAClC,QAAQ,CAAC,IAAI,CAAC;gBACZ,GAAG,IAAI;gBACP,IAAI,EAAE,IAAI,CAAC,IAAI,GAAG,SAAS;aAC5B,CAAC,CAAC;QACL,CAAC;QACD,KAAK,MAAM,SAAS,IAAI,EAAE,CAAC,KAAK,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;YAClD,aAAa,CAAC,IAAI,CAAC;gBACjB,GAAG,SAAS;gBACZ,IAAI,EAAE,SAAS,CAAC,IAAI,GAAG,SAAS;aACjC,CAAC,CAAC;QACL,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC;YACxC,QAAQ,CAAC,IAAI,CAAC;gBACZ,GAAG,IAAI;gBACP,WAAW,EAAE,IAAI,CAAC,WAAW,GAAG,SAAS;gBACzC,SAAS,EAAE,IAAI,CAAC,SAAS,GAAG,SAAS;gBACrC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,GAAG,SAAS,EAAE,CAAC,CAAC;aACxE,CAAC,CAAC;QACL,CAAC;QAED,gBAAgB;QAChB,KAAK,MAAM,GAAG,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;YAC7B,UAAU,CAAC,IAAI,CAAC;gBACd,GAAG,GAAG;gBACN,WAAW,EAAE,GAAG,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI;aAC3E,CAAC,CAAC;QACL,CAAC;QAED,UAAU;QACV,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC;QAE/B,0CAA0C;QAC1C,KAAK,MAAM,OAAO,IAAI,EAAE,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;YACxC,WAAW,CAAC,IAAI,CAAC;gBACf,GAAG,OAAO;gBACV,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,OAAO,CAAC,IAAI,GAAG,SAAS;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,WAAW,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,CAAC;IAEvC,MAAM,KAAK,GAAU;QACnB,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,QAAQ;QACf,UAAU,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;QAChE,KAAK,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;KAClD,CAAC;IAEF,MAAM,GAAG,GAAQ;QACf,MAAM,EAAE,YAAY;QACpB,KAAK,EAAE,WAAW;KACnB,CAAC;IAEF,MAAM,GAAG,GAAQ;QACf,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,UAAU;KACjB,CAAC;IAEF,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,QAAQ;QACf,GAAG;QACH,GAAG;QACH,KAAK;QACL,OAAO,EAAE,UAAU;QACnB,OAAO,EAAE,UAAU;QACnB,UAAU,EAAE,EAAE;QACd,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;KAC3D,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interprocedural.d.ts","sourceRoot":"","sources":["../../src/analysis/interprocedural.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,QAAQ,EACR,QAAQ,EAER,GAAG,EAGH,WAAW,EACX,SAAS,EACT,cAAc,EAGf,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9C;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,yBAAyB;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,iDAAiD;IACjD,GAAG,EAAE,MAAM,CAAC;IACZ,wCAAwC;IACxC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,gCAAgC;IAChC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,cAAc,EAAE,CAAC;IAC7B,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,wFAAwF;IACxF,uBAAuB,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACzC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACrC,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,eAAe,EAAE,SAAS,EAAE,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,oGAAoG;IACpG,gBAAgB,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;CAChC;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CACpC,YAAY,EAAE,SAAS,GAAG,QAAQ,EAAE,EACpC,cAAc,EAAE,QAAQ,EAAE,GAAG,WAAW,EAAE,EAC1C,UAAU,EAAE,GAAG,GAAG,SAAS,EAAE,EAC7B,mBAAmB,EAAE,WAAW,EAAE,GAAG,cAAc,EAAE,EACrD,cAAc,CAAC,EAAE,SAAS,EAAE,GAAG,sBAAsB,EACrD,aAAa,CAAC,EAAE,cAAc,EAAE,EAChC,UAAU,GAAE,sBAA2B,GACtC,qBAAqB,
|
|
1
|
+
{"version":3,"file":"interprocedural.d.ts","sourceRoot":"","sources":["../../src/analysis/interprocedural.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,QAAQ,EACR,QAAQ,EAER,GAAG,EAGH,WAAW,EACX,SAAS,EACT,cAAc,EAGf,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9C;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,yBAAyB;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,iDAAiD;IACjD,GAAG,EAAE,MAAM,CAAC;IACZ,wCAAwC;IACxC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,gCAAgC;IAChC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,cAAc,EAAE,CAAC;IAC7B,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,wFAAwF;IACxF,uBAAuB,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACzC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACrC,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,eAAe,EAAE,SAAS,EAAE,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,oGAAoG;IACpG,gBAAgB,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;CAChC;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CACpC,YAAY,EAAE,SAAS,GAAG,QAAQ,EAAE,EACpC,cAAc,EAAE,QAAQ,EAAE,GAAG,WAAW,EAAE,EAC1C,UAAU,EAAE,GAAG,GAAG,SAAS,EAAE,EAC7B,mBAAmB,EAAE,WAAW,EAAE,GAAG,cAAc,EAAE,EACrD,cAAc,CAAC,EAAE,SAAS,EAAE,GAAG,sBAAsB,EACrD,aAAa,CAAC,EAAE,cAAc,EAAE,EAChC,UAAU,GAAE,sBAA2B,GACtC,qBAAqB,CAgQvB;AAqTD;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,qBAAqB,GAAG;IACxE,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB,EAAE,MAAM,CAAC;CAC/B,CAOA;AAED;;;GAGG;AACH,wBAAgB,SAAS,CAAC,MAAM,EAAE,qBAAqB,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAcnF;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,MAAM,EAAE,qBAAqB,EAAE,SAAS,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAclG;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,qBAAqB,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAezF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,qBAAqB,GAAG,MAAM,EAAE,CAaxE;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,qBAAqB,EAC7B,QAAQ,GAAE,MAAU,GACnB,MAAM,EAAE,EAAE,CAmDZ"}
|
|
@@ -66,6 +66,16 @@ export function analyzeInterprocedural(graphOrTypes, callsOrSources, dfgOrSinks,
|
|
|
66
66
|
for (const def of graph.defsAtLine(source.line)) {
|
|
67
67
|
seedIds.add(def.id);
|
|
68
68
|
}
|
|
69
|
+
// Bash positional params ($1..$9, $@, $*) live as synthetic param defs at
|
|
70
|
+
// line 0; the source emits at the use line. Seed by variable name against
|
|
71
|
+
// line-0 param defs so cross-procedure taint actually starts.
|
|
72
|
+
if (source.variable) {
|
|
73
|
+
for (const def of graph.defsAtLine(0)) {
|
|
74
|
+
if (def.kind === 'param' && def.variable === source.variable) {
|
|
75
|
+
seedIds.add(def.id);
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
}
|
|
69
79
|
}
|
|
70
80
|
const taintedDefIds = graph.propagateTaintedDefIds(seedIds);
|
|
71
81
|
// Get tainted variables from constant propagation (tracks collections with tainted elements)
|
|
@@ -151,17 +161,40 @@ export function analyzeInterprocedural(graphOrTypes, callsOrSources, dfgOrSinks,
|
|
|
151
161
|
!collectionMethods.has(call.method_name) &&
|
|
152
162
|
!sanitizerMethods.has(call.method_name) &&
|
|
153
163
|
!safeUtilityMethods.has(call.method_name)) {
|
|
154
|
-
//
|
|
155
|
-
//
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
164
|
+
// Bash specialization: every external utility (ping, whois, curl, nc,
|
|
165
|
+
// …) is an unknown call, but an unquoted tainted positional yields
|
|
166
|
+
// word-splitting/arg-injection that is concretely CWE-78 command
|
|
167
|
+
// injection — not a generic CWE-668 escape. Re-classify, except for a
|
|
168
|
+
// small allowlist of side-effect-free builtins.
|
|
169
|
+
const isBash = graph.ir.meta.language === 'bash';
|
|
170
|
+
const bashSafeBuiltins = new Set([
|
|
171
|
+
'echo', 'printf', 'test', '[', '[[', 'true', 'false', ':',
|
|
172
|
+
'declare', 'local', 'export', 'readonly', 'typeset',
|
|
173
|
+
]);
|
|
174
|
+
if (isBash && bashSafeBuiltins.has(call.method_name)) {
|
|
175
|
+
continue;
|
|
176
|
+
}
|
|
177
|
+
const sink = isBash
|
|
178
|
+
? {
|
|
179
|
+
type: 'command_injection',
|
|
180
|
+
cwe: 'CWE-78',
|
|
181
|
+
location: `Tainted data (${taintedArgVars.join(', ')}) passed unquoted to shell utility ${call.method_name}`,
|
|
182
|
+
line: call.location.line,
|
|
183
|
+
confidence: 0.6,
|
|
184
|
+
method: call.method_name,
|
|
185
|
+
argPositions: taintedArgPositions,
|
|
186
|
+
}
|
|
187
|
+
: {
|
|
188
|
+
// Create an "external_taint_escape" sink for this call
|
|
189
|
+
// This represents tainted data being passed to code we can't analyze
|
|
190
|
+
type: 'external_taint_escape',
|
|
191
|
+
cwe: 'CWE-668', // Exposure of Resource to Wrong Sphere
|
|
192
|
+
location: `Tainted data (${taintedArgVars.join(', ')}) passed to external method ${call.receiver ? call.receiver + '.' : ''}${call.method_name}()`,
|
|
193
|
+
line: call.location.line,
|
|
194
|
+
confidence: 0.7, // Lower confidence since we can't verify the external method is dangerous
|
|
195
|
+
method: call.method_name,
|
|
196
|
+
argPositions: taintedArgPositions,
|
|
197
|
+
};
|
|
165
198
|
// Only add if not already present
|
|
166
199
|
if (!propagatedSinks.some(s => s.line === sink.line && s.type === sink.type)) {
|
|
167
200
|
propagatedSinks.push(sink);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interprocedural.js","sourceRoot":"","sources":["../../src/analysis/interprocedural.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAeH,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AA+D9C;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CACpC,YAAoC,EACpC,cAA0C,EAC1C,UAA6B,EAC7B,mBAAqD,EACrD,cAAqD,EACrD,aAAgC,EAChC,aAAqC,EAAE;IAEvC,IAAI,KAAgB,CAAC;IACrB,IAAI,OAAsB,CAAC;IAC3B,IAAI,KAAkB,CAAC;IACvB,IAAI,UAA4B,CAAC;IACjC,IAAI,OAA+B,CAAC;IAEpC,IAAI,YAAY,YAAY,SAAS,EAAE,CAAC;QACtC,+DAA+D;QAC/D,KAAK,GAAG,YAAY,CAAC;QACrB,OAAO,GAAG,cAA+B,CAAC;QAC1C,KAAK,GAAG,UAAyB,CAAC;QAClC,UAAU,GAAG,mBAAuC,CAAC;QACrD,OAAO,GAAI,cAAqD,IAAI,EAAE,CAAC;IACzE,CAAC;SAAM,CAAC;QACN,oEAAoE;QACpE,MAAM,KAAK,GAAG,YAA0B,CAAC;QACzC,MAAM,KAAK,GAAG,cAA4B,CAAC;QAC3C,MAAM,GAAG,GAAG,UAAiB,CAAC;QAC9B,OAAO,GAAG,mBAAoC,CAAC;QAC/C,KAAK,GAAG,cAA6B,IAAI,EAAE,CAAC;QAC5C,UAAU,GAAG,aAAa,IAAI,EAAE,CAAC;QACjC,OAAO,GAAG,UAAU,CAAC;QACrB,KAAK,GAAG,IAAI,SAAS,CAAC;YACpB,IAAI,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE;YACxE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG;YACjD,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE;YAC7C,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE;SACvD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC;IAC7B,MAAM,KAAK,GAAG,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC;IAE7B,2CAA2C;IAC3C,MAAM,WAAW,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAE5C,uDAAuD;IACvD,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;IAE5D,uDAAuD;IACvD,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACzC,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEjD,yDAAyD;IACzD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QACxD,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,cAAc,CAAC,UAAU,CAAC,WAAW,EAAE,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC;YAChG,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IACD,MAAM,aAAa,GAAG,KAAK,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;IAE5D,6FAA6F;IAC7F,MAAM,iBAAiB,GAAG,OAAO,CAAC,gBAAgB,IAAI,IAAI,GAAG,EAAU,CAAC;IAExE,uCAAuC;IACvC,MAAM,eAAe,GAAgB,EAAE,CAAC;IAExC,4FAA4F;IAC5F,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;QAChC,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO;QAC/E,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAE,YAAY;QAC1F,UAAU,EAAE,cAAc,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa;QAC3F,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO;QAC7D,6FAA6F;QAC7F,yEAAyE;QACzE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,cAAc,EAAE,SAAS,EAAE,SAAS;QACvF,OAAO,EAAE,SAAS,EAAE,SAAS;KAC9B,CAAC,CAAC;IAEH,wEAAwE;IACxE,mFAAmF;IACnF,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;QACjC,oCAAoC;QACpC,eAAe,EAAE,sBAAsB,EAAE,cAAc,EAAE,gCAAgC;QACzF,eAAe,EAAE,cAAc,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM;QAC7E,mDAAmD;QACnD,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM;QAC7D,wCAAwC;QACxC,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU;QAClE,qBAAqB;QACrB,UAAU,EAAE,eAAe,EAAE,OAAO,EAAE,QAAQ;QAC9C,gEAAgE;QAChE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO;QAChE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS;QACvC,oEAAoE;QACpE,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,gBAAgB;QACpD,UAAU,EAAE,aAAa,EAAE,aAAa;QACxC,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS;QACvD,+EAA+E;QAC/E,iGAAiG;QACjG,mBAAmB,EAAE,oBAAoB;QACzC,qBAAqB,EAAE,sBAAsB;QAC7C,sBAAsB,EAAE,uBAAuB;QAC/C,iBAAiB,EAAE,kBAAkB;QACrC,qBAAqB,EAAE,qBAAqB;QAC5C,gBAAgB,EAAE,gBAAgB;QAClC,aAAa,EAAE,aAAa;QAC5B,oBAAoB,EAAG,6DAA6D;KACrF,CAAC,CAAC;IAEH,wEAAwE;IACxE,6EAA6E;IAC7E,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACjC,qEAAqE;QACrE,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QAC/C,IAAI,KAAK,EAAE,CAAC;YACV,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,qCAAqC;QACrC,MAAM,mBAAmB,GAAa,EAAE,CAAC;QACzC,MAAM,cAAc,GAAa,EAAE,CAAC;QACpC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjB,mEAAmE;gBACnE,MAAM,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;gBAChG,MAAM,cAAc,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,IAAI,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAEnF,uFAAuF;gBACvF,MAAM,aAAa,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBAE1D,IAAI,cAAc,IAAI,aAAa,EAAE,CAAC;oBACpC,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACvC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;QAED,8EAA8E;QAC9E,MAAM,YAAY,GAAG,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAElE,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,2DAA2D;YAC3D,kFAAkF;YAClF,uDAAuD;YACvD,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC;gBAC9B,CAAC,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC;gBACxC,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC;gBACvC,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC9C,uDAAuD;gBACvD,qEAAqE;gBACrE,MAAM,IAAI,GAAc;oBACtB,IAAI,EAAE,uBAAuB;oBAC7B,GAAG,EAAE,SAAS,EAAG,uCAAuC;oBACxD,QAAQ,EAAE,iBAAiB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,+BAA+B,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,WAAW,IAAI;oBAClJ,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;oBACxB,UAAU,EAAE,GAAG,EAAG,0EAA0E;oBAC5F,MAAM,EAAE,IAAI,CAAC,WAAW;oBACxB,YAAY,EAAE,mBAAmB;iBAClC,CAAC;gBAEF,kCAAkC;gBAClC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC7E,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC7B,CAAC;YACH,CAAC;YACD,SAAS;QACX,CAAC;QAED,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,2CAA2C;YAC3C,KAAK,MAAM,GAAG,IAAI,mBAAmB,EAAE,CAAC;gBACtC,IAAI,GAAG,GAAG,YAAY,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;oBACzC,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC;oBAC9C,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAC/D,CAAC;YACH,CAAC;YACD,cAAc,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;YAErC,mCAAmC;YACnC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAC9B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,YAAY,CAAC,SAAS,IAAI,CAAC,CAAC,IAAI,IAAI,YAAY,CAAC,OAAO,CACxE,CAAC;YAEF,0DAA0D;YAC1D,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC/B,mCAAmC;gBACnC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACrD,eAAe,CAAC,IAAI,CAAC;wBACnB,GAAG,IAAI;wBACP,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,IAAI,EAAE,2CAA2C;qBAChF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,oBAAoB,CAAC,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC;IAE/F,kDAAkD;IAClD,0BAA0B,CACxB,SAAS,EACT,WAAW,EACX,cAAc,EACd,cAAc,EACd,KAAK,EACL,aAAa,CACd,CAAC;IAEF,OAAO;QACL,WAAW,EAAE,WAAW,CAAC,KAAK;QAC9B,SAAS;QACT,cAAc;QACd,cAAc;QACd,eAAe;KAChB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,cAAc,CACrB,WAA0B,EAC1B,SAAiB,EACjB,UAAkB;IAElB,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,GAAG,WAAW,IAAI,SAAS,IAAI,UAAU,EAAE,CAAC;IACrD,CAAC;IACD,OAAO,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;AACtC,CAAC;AAYD;;;GAGG;AACH,SAAS,gBAAgB,CAAC,KAAiB;IACzC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC5C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAsB,CAAC;IAE7C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,GAAG,GAAG,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;YAEjE,MAAM,IAAI,GAAe;gBACvB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,GAAG;gBACH,SAAS,EAAE,IAAI,CAAC,IAAI;gBACpB,WAAW,EAAE,IAAI,CAAC,OAAO;gBACzB,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;oBAC3C,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,QAAQ,EAAE,CAAC;oBACX,SAAS,EAAE,KAAK;oBAChB,SAAS,EAAE,IAAI;oBACf,UAAU,EAAE,IAAI;iBACjB,CAAC,CAAC;gBACH,cAAc,EAAE,KAAK;gBACrB,eAAe,EAAE,IAAI;gBACrB,uBAAuB,EAAE,IAAI,EAAE,mCAAmC;gBAClE,SAAS,EAAE,MAAM,CAAC,UAAU;gBAC5B,OAAO,EAAE,MAAM,CAAC,QAAQ;aACzB,CAAC;YAEF,gCAAgC;YAChC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAErB,8DAA8D;YAC9D,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,IAAoB,EAAE,GAAW;IACtD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AACrD,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CACxB,IAAc,EACd,WAA2B,EAC3B,KAAiB;IAEjB,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC;IAEpC,sDAAsD;IACtD,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,sBAAsB;QACtB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,aAAa,IAAI,UAAU,EAAE,CAAC;QAClD,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,OAAO,GAAG,CAAC;QACb,CAAC;QAED,mCAAmC;QACnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACrD,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,IAAI,UAAU,EAAE,CAAC;gBAC7D,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBACnC,OAAO,OAAO,CAAC;gBACjB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,kEAAkE;QAClE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO;gBACtB,CAAC,CAAC,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,IAAI,UAAU,EAAE;gBAC9C,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,UAAU,EAAE,CAAC;YACjC,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC;gBACzC,iEAAiE;gBACjE,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC7B,OAAO,GAAG,CAAC;gBACb,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC;QACjD,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,cAAc,CACrB,KAAiB,EACjB,WAA2B,EAC3B,KAAiB;IAEjB,MAAM,KAAK,GAAe,EAAE,CAAC;IAE7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,8CAA8C;QAC9C,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QAChE,IAAI,CAAC,WAAW;YAAE,SAAS;QAE3B,yBAAyB;QACzB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC;QACpC,IAAI,CAAC,YAAY;YAAE,SAAS;QAE5B,KAAK,CAAC,IAAI,CAAC;YACT,YAAY;YACZ,YAAY,EAAE,WAAW;YACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;YAC5B,WAAW,EAAE,EAAE;SAChB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAYD;;;GAGG;AACH,SAAS,gBAAgB,CAAC,KAAiB,EAAE,IAAY;IACvD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,IAAI,IAAI,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACzD,OAAO;oBACL,MAAM;oBACN,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,SAAS,EAAE,IAAI,CAAC,IAAI;oBACpB,WAAW,EAAE,IAAI,CAAC,OAAO;iBAC1B,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAC3B,KAAiB,EACjB,KAAgB,EAChB,aAA0B,EAC1B,cAAmC,EACnC,cAA2B,EAC3B,WAA2B;IAE3B,oDAAoD;IACpD,MAAM,UAAU,GAAG,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IAEtE,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,oCAAoC;QACpC,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAC1D,IAAI,CAAC,SAAS;YAAE,SAAS;QAEzB,MAAM,GAAG,GAAG,cAAc,CAAC,SAAS,CAAC,WAAW,EAAE,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;QAE7F,mEAAmE;QACnE,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAEpD,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,GAAG,CAAC,MAAM,KAAK,IAAI,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzD,sCAAsC;gBACtC,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;gBACnC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAExB,oDAAoD;gBACpD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC9C,IAAI,UAAU,EAAE,CAAC;oBACf,0DAA0D;oBAC1D,MAAM,UAAU,GAAG,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACjF,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;wBACpB,8CAA8C;wBAC9C,IAAI,UAAU,CAAC,uBAAuB,KAAK,IAAI,EAAE,CAAC;4BAChD,UAAU,CAAC,uBAAuB,GAAG,CAAC,UAAU,CAAC,CAAC;wBACpD,CAAC;6BAAM,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;4BACpE,UAAU,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;wBACtD,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CACjC,SAAqB,EACrB,WAA2B,EAC3B,cAA2B,EAC3B,cAAmC,EACnC,KAAgB,EAChB,aAA0B;IAE1B,+CAA+C;IAC/C,MAAM,SAAS,GAAG,IAAI,GAAG,EAAsB,CAAC;IAChD,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;QACxD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,GAAG,IAAI,CAAC;IACnB,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,MAAM,aAAa,GAAG,EAAE,CAAC,CAAC,yBAAyB;IAEnD,OAAO,OAAO,IAAI,UAAU,GAAG,aAAa,EAAE,CAAC;QAC7C,OAAO,GAAG,KAAK,CAAC;QAChB,UAAU,EAAE,CAAC;QAEb,4CAA4C;QAC5C,KAAK,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,IAAI,cAAc,EAAE,CAAC;YACrD,kCAAkC;YAClC,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;YAEhD,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;gBAC3B,0CAA0C;gBAC1C,2DAA2D;gBAC3D,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAClD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;wBAC/B,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;wBAC1B,OAAO,GAAG,IAAI,CAAC;wBAEf,oCAAoC;wBACpC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;4BAC3C,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBACxC,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;YACtD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC;gBAAE,SAAS;YAC1C,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;oBACrC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;oBAChC,OAAO,GAAG,IAAI,CAAC;gBACjB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,MAA6B;IAMrE,OAAO;QACL,YAAY,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI;QACrC,cAAc,EAAE,MAAM,CAAC,cAAc,CAAC,IAAI;QAC1C,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM;QAClC,qBAAqB,EAAE,MAAM,CAAC,cAAc,CAAC,IAAI;KAClD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,SAAS,CAAC,MAA6B,EAAE,SAAiB;IACxE,8BAA8B;IAC9B,IAAI,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,8BAA8B;IAC9B,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QAC7C,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,MAA6B,EAAE,SAAiB;IACxE,8BAA8B;IAC9B,IAAI,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC3C,CAAC;IAED,8BAA8B;IAC9B,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QAC7C,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,MAA6B,EAAE,SAAiB;IAC9E,8BAA8B;IAC9B,IAAI,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0EAA0E;IAC1E,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAA6B;IAC5D,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QAC9C,MAAM,gBAAgB,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAChE,MAAM,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAEvD,IAAI,gBAAgB,IAAI,cAAc,EAAE,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAA6B,EAC7B,WAAmB,CAAC;IAEpB,MAAM,KAAK,GAAe,EAAE,CAAC;IAE7B,4EAA4E;IAC5E,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;SAC1D,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC;SACtF,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;IAEzB,6BAA6B;IAC7B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC5C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YAC1C,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACnC,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAED,oBAAoB;IACpB,SAAS,GAAG,CAAC,OAAe,EAAE,IAAc,EAAE,OAAoB;QAChE,IAAI,IAAI,CAAC,MAAM,GAAG,QAAQ;YAAE,OAAO;QACnC,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,OAAO;QAEjC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEnB,yDAAyD;QACzD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAE3C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAChE,cAAc;YACd,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,IAAI,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBACtC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;gBAC7B,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,GAAG,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;QACjC,GAAG,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
1
|
+
{"version":3,"file":"interprocedural.js","sourceRoot":"","sources":["../../src/analysis/interprocedural.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAeH,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AA+D9C;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CACpC,YAAoC,EACpC,cAA0C,EAC1C,UAA6B,EAC7B,mBAAqD,EACrD,cAAqD,EACrD,aAAgC,EAChC,aAAqC,EAAE;IAEvC,IAAI,KAAgB,CAAC;IACrB,IAAI,OAAsB,CAAC;IAC3B,IAAI,KAAkB,CAAC;IACvB,IAAI,UAA4B,CAAC;IACjC,IAAI,OAA+B,CAAC;IAEpC,IAAI,YAAY,YAAY,SAAS,EAAE,CAAC;QACtC,+DAA+D;QAC/D,KAAK,GAAG,YAAY,CAAC;QACrB,OAAO,GAAG,cAA+B,CAAC;QAC1C,KAAK,GAAG,UAAyB,CAAC;QAClC,UAAU,GAAG,mBAAuC,CAAC;QACrD,OAAO,GAAI,cAAqD,IAAI,EAAE,CAAC;IACzE,CAAC;SAAM,CAAC;QACN,oEAAoE;QACpE,MAAM,KAAK,GAAG,YAA0B,CAAC;QACzC,MAAM,KAAK,GAAG,cAA4B,CAAC;QAC3C,MAAM,GAAG,GAAG,UAAiB,CAAC;QAC9B,OAAO,GAAG,mBAAoC,CAAC;QAC/C,KAAK,GAAG,cAA6B,IAAI,EAAE,CAAC;QAC5C,UAAU,GAAG,aAAa,IAAI,EAAE,CAAC;QACjC,OAAO,GAAG,UAAU,CAAC;QACrB,KAAK,GAAG,IAAI,SAAS,CAAC;YACpB,IAAI,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE;YACxE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG;YACjD,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE;YAC7C,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE;SACvD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC;IAC7B,MAAM,KAAK,GAAG,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC;IAE7B,2CAA2C;IAC3C,MAAM,WAAW,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAE5C,uDAAuD;IACvD,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;IAE5D,uDAAuD;IACvD,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACzC,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEjD,yDAAyD;IACzD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QACxD,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,cAAc,CAAC,UAAU,CAAC,WAAW,EAAE,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC;YAChG,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACtB,CAAC;QACD,0EAA0E;QAC1E,0EAA0E;QAC1E,8DAA8D;QAC9D,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtC,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,EAAE,CAAC;oBAC7D,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACtB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,MAAM,aAAa,GAAG,KAAK,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;IAE5D,6FAA6F;IAC7F,MAAM,iBAAiB,GAAG,OAAO,CAAC,gBAAgB,IAAI,IAAI,GAAG,EAAU,CAAC;IAExE,uCAAuC;IACvC,MAAM,eAAe,GAAgB,EAAE,CAAC;IAExC,4FAA4F;IAC5F,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;QAChC,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO;QAC/E,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAE,YAAY;QAC1F,UAAU,EAAE,cAAc,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa;QAC3F,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO;QAC7D,6FAA6F;QAC7F,yEAAyE;QACzE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,cAAc,EAAE,SAAS,EAAE,SAAS;QACvF,OAAO,EAAE,SAAS,EAAE,SAAS;KAC9B,CAAC,CAAC;IAEH,wEAAwE;IACxE,mFAAmF;IACnF,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;QACjC,oCAAoC;QACpC,eAAe,EAAE,sBAAsB,EAAE,cAAc,EAAE,gCAAgC;QACzF,eAAe,EAAE,cAAc,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM;QAC7E,mDAAmD;QACnD,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM;QAC7D,wCAAwC;QACxC,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU;QAClE,qBAAqB;QACrB,UAAU,EAAE,eAAe,EAAE,OAAO,EAAE,QAAQ;QAC9C,gEAAgE;QAChE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO;QAChE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS;QACvC,oEAAoE;QACpE,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,gBAAgB;QACpD,UAAU,EAAE,aAAa,EAAE,aAAa;QACxC,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS;QACvD,+EAA+E;QAC/E,iGAAiG;QACjG,mBAAmB,EAAE,oBAAoB;QACzC,qBAAqB,EAAE,sBAAsB;QAC7C,sBAAsB,EAAE,uBAAuB;QAC/C,iBAAiB,EAAE,kBAAkB;QACrC,qBAAqB,EAAE,qBAAqB;QAC5C,gBAAgB,EAAE,gBAAgB;QAClC,aAAa,EAAE,aAAa;QAC5B,oBAAoB,EAAG,6DAA6D;KACrF,CAAC,CAAC;IAEH,wEAAwE;IACxE,6EAA6E;IAC7E,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACjC,qEAAqE;QACrE,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QAC/C,IAAI,KAAK,EAAE,CAAC;YACV,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,qCAAqC;QACrC,MAAM,mBAAmB,GAAa,EAAE,CAAC;QACzC,MAAM,cAAc,GAAa,EAAE,CAAC;QACpC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjB,mEAAmE;gBACnE,MAAM,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;gBAChG,MAAM,cAAc,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,IAAI,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAEnF,uFAAuF;gBACvF,MAAM,aAAa,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBAE1D,IAAI,cAAc,IAAI,aAAa,EAAE,CAAC;oBACpC,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACvC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;QAED,8EAA8E;QAC9E,MAAM,YAAY,GAAG,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAElE,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,2DAA2D;YAC3D,kFAAkF;YAClF,uDAAuD;YACvD,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC;gBAC9B,CAAC,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC;gBACxC,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC;gBACvC,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC9C,sEAAsE;gBACtE,mEAAmE;gBACnE,iEAAiE;gBACjE,sEAAsE;gBACtE,gDAAgD;gBAChD,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC;gBACjD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;oBAC/B,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG;oBACzD,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS;iBACpD,CAAC,CAAC;gBACH,IAAI,MAAM,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;oBACrD,SAAS;gBACX,CAAC;gBAED,MAAM,IAAI,GAAc,MAAM;oBAC5B,CAAC,CAAC;wBACE,IAAI,EAAE,mBAAmB;wBACzB,GAAG,EAAE,QAAQ;wBACb,QAAQ,EAAE,iBAAiB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,sCAAsC,IAAI,CAAC,WAAW,EAAE;wBAC5G,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;wBACxB,UAAU,EAAE,GAAG;wBACf,MAAM,EAAE,IAAI,CAAC,WAAW;wBACxB,YAAY,EAAE,mBAAmB;qBAClC;oBACH,CAAC,CAAC;wBACE,uDAAuD;wBACvD,qEAAqE;wBACrE,IAAI,EAAE,uBAAuB;wBAC7B,GAAG,EAAE,SAAS,EAAG,uCAAuC;wBACxD,QAAQ,EAAE,iBAAiB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,+BAA+B,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,WAAW,IAAI;wBAClJ,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;wBACxB,UAAU,EAAE,GAAG,EAAG,0EAA0E;wBAC5F,MAAM,EAAE,IAAI,CAAC,WAAW;wBACxB,YAAY,EAAE,mBAAmB;qBAClC,CAAC;gBAEN,kCAAkC;gBAClC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC7E,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC7B,CAAC;YACH,CAAC;YACD,SAAS;QACX,CAAC;QAED,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,2CAA2C;YAC3C,KAAK,MAAM,GAAG,IAAI,mBAAmB,EAAE,CAAC;gBACtC,IAAI,GAAG,GAAG,YAAY,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;oBACzC,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC;oBAC9C,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAC/D,CAAC;YACH,CAAC;YACD,cAAc,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;YAErC,mCAAmC;YACnC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAC9B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,YAAY,CAAC,SAAS,IAAI,CAAC,CAAC,IAAI,IAAI,YAAY,CAAC,OAAO,CACxE,CAAC;YAEF,0DAA0D;YAC1D,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC/B,mCAAmC;gBACnC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACrD,eAAe,CAAC,IAAI,CAAC;wBACnB,GAAG,IAAI;wBACP,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,IAAI,EAAE,2CAA2C;qBAChF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,oBAAoB,CAAC,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC;IAE/F,kDAAkD;IAClD,0BAA0B,CACxB,SAAS,EACT,WAAW,EACX,cAAc,EACd,cAAc,EACd,KAAK,EACL,aAAa,CACd,CAAC;IAEF,OAAO;QACL,WAAW,EAAE,WAAW,CAAC,KAAK;QAC9B,SAAS;QACT,cAAc;QACd,cAAc;QACd,eAAe;KAChB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,cAAc,CACrB,WAA0B,EAC1B,SAAiB,EACjB,UAAkB;IAElB,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,GAAG,WAAW,IAAI,SAAS,IAAI,UAAU,EAAE,CAAC;IACrD,CAAC;IACD,OAAO,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;AACtC,CAAC;AAYD;;;GAGG;AACH,SAAS,gBAAgB,CAAC,KAAiB;IACzC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC5C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAsB,CAAC;IAE7C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,GAAG,GAAG,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;YAEjE,MAAM,IAAI,GAAe;gBACvB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,GAAG;gBACH,SAAS,EAAE,IAAI,CAAC,IAAI;gBACpB,WAAW,EAAE,IAAI,CAAC,OAAO;gBACzB,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;oBAC3C,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,QAAQ,EAAE,CAAC;oBACX,SAAS,EAAE,KAAK;oBAChB,SAAS,EAAE,IAAI;oBACf,UAAU,EAAE,IAAI;iBACjB,CAAC,CAAC;gBACH,cAAc,EAAE,KAAK;gBACrB,eAAe,EAAE,IAAI;gBACrB,uBAAuB,EAAE,IAAI,EAAE,mCAAmC;gBAClE,SAAS,EAAE,MAAM,CAAC,UAAU;gBAC5B,OAAO,EAAE,MAAM,CAAC,QAAQ;aACzB,CAAC;YAEF,gCAAgC;YAChC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAErB,8DAA8D;YAC9D,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,IAAoB,EAAE,GAAW;IACtD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AACrD,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CACxB,IAAc,EACd,WAA2B,EAC3B,KAAiB;IAEjB,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC;IAEpC,sDAAsD;IACtD,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,sBAAsB;QACtB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,aAAa,IAAI,UAAU,EAAE,CAAC;QAClD,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,OAAO,GAAG,CAAC;QACb,CAAC;QAED,mCAAmC;QACnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACrD,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,IAAI,UAAU,EAAE,CAAC;gBAC7D,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBACnC,OAAO,OAAO,CAAC;gBACjB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,kEAAkE;QAClE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO;gBACtB,CAAC,CAAC,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,IAAI,UAAU,EAAE;gBAC9C,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,UAAU,EAAE,CAAC;YACjC,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC;gBACzC,iEAAiE;gBACjE,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC7B,OAAO,GAAG,CAAC;gBACb,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC;QACjD,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,cAAc,CACrB,KAAiB,EACjB,WAA2B,EAC3B,KAAiB;IAEjB,MAAM,KAAK,GAAe,EAAE,CAAC;IAE7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,8CAA8C;QAC9C,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QAChE,IAAI,CAAC,WAAW;YAAE,SAAS;QAE3B,yBAAyB;QACzB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC;QACpC,IAAI,CAAC,YAAY;YAAE,SAAS;QAE5B,KAAK,CAAC,IAAI,CAAC;YACT,YAAY;YACZ,YAAY,EAAE,WAAW;YACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;YAC5B,WAAW,EAAE,EAAE;SAChB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAYD;;;GAGG;AACH,SAAS,gBAAgB,CAAC,KAAiB,EAAE,IAAY;IACvD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,IAAI,IAAI,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACzD,OAAO;oBACL,MAAM;oBACN,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,SAAS,EAAE,IAAI,CAAC,IAAI;oBACpB,WAAW,EAAE,IAAI,CAAC,OAAO;iBAC1B,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAC3B,KAAiB,EACjB,KAAgB,EAChB,aAA0B,EAC1B,cAAmC,EACnC,cAA2B,EAC3B,WAA2B;IAE3B,oDAAoD;IACpD,MAAM,UAAU,GAAG,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IAEtE,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,oCAAoC;QACpC,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAC1D,IAAI,CAAC,SAAS;YAAE,SAAS;QAEzB,MAAM,GAAG,GAAG,cAAc,CAAC,SAAS,CAAC,WAAW,EAAE,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;QAE7F,mEAAmE;QACnE,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAEpD,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,GAAG,CAAC,MAAM,KAAK,IAAI,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzD,sCAAsC;gBACtC,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;gBACnC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAExB,oDAAoD;gBACpD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC9C,IAAI,UAAU,EAAE,CAAC;oBACf,0DAA0D;oBAC1D,MAAM,UAAU,GAAG,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACjF,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;wBACpB,8CAA8C;wBAC9C,IAAI,UAAU,CAAC,uBAAuB,KAAK,IAAI,EAAE,CAAC;4BAChD,UAAU,CAAC,uBAAuB,GAAG,CAAC,UAAU,CAAC,CAAC;wBACpD,CAAC;6BAAM,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;4BACpE,UAAU,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;wBACtD,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CACjC,SAAqB,EACrB,WAA2B,EAC3B,cAA2B,EAC3B,cAAmC,EACnC,KAAgB,EAChB,aAA0B;IAE1B,+CAA+C;IAC/C,MAAM,SAAS,GAAG,IAAI,GAAG,EAAsB,CAAC;IAChD,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;QACxD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,GAAG,IAAI,CAAC;IACnB,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,MAAM,aAAa,GAAG,EAAE,CAAC,CAAC,yBAAyB;IAEnD,OAAO,OAAO,IAAI,UAAU,GAAG,aAAa,EAAE,CAAC;QAC7C,OAAO,GAAG,KAAK,CAAC;QAChB,UAAU,EAAE,CAAC;QAEb,4CAA4C;QAC5C,KAAK,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,IAAI,cAAc,EAAE,CAAC;YACrD,kCAAkC;YAClC,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;YAEhD,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;gBAC3B,0CAA0C;gBAC1C,2DAA2D;gBAC3D,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAClD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;wBAC/B,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;wBAC1B,OAAO,GAAG,IAAI,CAAC;wBAEf,oCAAoC;wBACpC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;4BAC3C,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBACxC,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;YACtD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC;gBAAE,SAAS;YAC1C,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;oBACrC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;oBAChC,OAAO,GAAG,IAAI,CAAC;gBACjB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,MAA6B;IAMrE,OAAO;QACL,YAAY,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI;QACrC,cAAc,EAAE,MAAM,CAAC,cAAc,CAAC,IAAI;QAC1C,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM;QAClC,qBAAqB,EAAE,MAAM,CAAC,cAAc,CAAC,IAAI;KAClD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,SAAS,CAAC,MAA6B,EAAE,SAAiB;IACxE,8BAA8B;IAC9B,IAAI,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,8BAA8B;IAC9B,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QAC7C,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,MAA6B,EAAE,SAAiB;IACxE,8BAA8B;IAC9B,IAAI,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC3C,CAAC;IAED,8BAA8B;IAC9B,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QAC7C,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,MAA6B,EAAE,SAAiB;IAC9E,8BAA8B;IAC9B,IAAI,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0EAA0E;IAC1E,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAA6B;IAC5D,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QAC9C,MAAM,gBAAgB,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAChE,MAAM,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAEvD,IAAI,gBAAgB,IAAI,cAAc,EAAE,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAA6B,EAC7B,WAAmB,CAAC;IAEpB,MAAM,KAAK,GAAe,EAAE,CAAC;IAE7B,4EAA4E;IAC5E,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;SAC1D,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC;SACtF,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;IAEzB,6BAA6B;IAC7B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC5C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YAC1C,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACnC,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAED,oBAAoB;IACpB,SAAS,GAAG,CAAC,OAAe,EAAE,IAAc,EAAE,OAAoB;QAChE,IAAI,IAAI,CAAC,MAAM,GAAG,QAAQ;YAAE,OAAO;QACnC,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,OAAO;QAEjC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEnB,yDAAyD;QACzD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAE3C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAChE,cAAc;YACd,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,IAAI,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBACtC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;gBAC7B,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,GAAG,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;QACjC,GAAG,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
*
|
|
14
14
|
* Depends on: taint-matcher, constant-propagation
|
|
15
15
|
*/
|
|
16
|
-
import type { TaintSource, TaintSink, SastFinding } from '../../types/index.js';
|
|
16
|
+
import type { TaintSource, TaintSink, TaintSanitizer, SastFinding } from '../../types/index.js';
|
|
17
17
|
import type { AnalysisPass, PassContext } from '../../graph/analysis-pass.js';
|
|
18
18
|
export declare const JS_TAINTED_PATTERNS: ({
|
|
19
19
|
pattern: RegExp;
|
|
@@ -46,6 +46,12 @@ export declare const JS_TAINTED_PATTERNS: ({
|
|
|
46
46
|
export interface LanguageSourcesResult {
|
|
47
47
|
additionalSources: TaintSource[];
|
|
48
48
|
additionalSinks: TaintSink[];
|
|
49
|
+
/**
|
|
50
|
+
* Language-specific sanitizers (e.g. Bash regex-allowlist guards) emitted
|
|
51
|
+
* alongside sources/sinks. Merged into the sanitizer set in
|
|
52
|
+
* `SinkFilterPass`.
|
|
53
|
+
*/
|
|
54
|
+
additionalSanitizers: TaintSanitizer[];
|
|
49
55
|
/**
|
|
50
56
|
* Python forward-taint map: variable name → first tainted line.
|
|
51
57
|
* Used by SinkFilterPass to reduce XPath/XSS false positives.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"language-sources-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/language-sources-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAwB,WAAW,EAAO,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"language-sources-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/language-sources-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,cAAc,EAAwB,WAAW,EAAO,MAAM,sBAAsB,CAAC;AAC3H,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAqB9E,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;IA0C/B,CAAC;AA4BF,MAAM,WAAW,qBAAqB;IACpC,iBAAiB,EAAE,WAAW,EAAE,CAAC;IACjC,eAAe,EAAE,SAAS,EAAE,CAAC;IAC7B;;;;OAIG;IACH,oBAAoB,EAAE,cAAc,EAAE,CAAC;IACvC;;;OAGG;IACH,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC;;;OAGG;IACH,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC7B;;;OAGG;IACH,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACpC;AAMD,qBAAa,mBAAoB,YAAW,YAAY,CAAC,qBAAqB,CAAC;IAC7E,QAAQ,CAAC,IAAI,sBAAsB;IACnC,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IAExC,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,qBAAqB;CA8F7C;AAmSD,wBAAgB,sBAAsB,CAAC,UAAU,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAkG9E;AAED,wBAAgB,wBAAwB,CAAC,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAwC5G;AAED,wBAAgB,iCAAiC,CAC/C,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAC/B,KAAK,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAoBjD;AA6DD,wBAAgB,0BAA0B,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAmBpG;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,oBAAoB,CAClC,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,GACpB,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAmCrB;AAmKD,wBAAgB,uBAAuB,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,WAAW,EAAE,CA0GvF"}
|
|
@@ -104,6 +104,7 @@ export class LanguageSourcesPass {
|
|
|
104
104
|
const constProp = ctx.getResult('constant-propagation');
|
|
105
105
|
const additionalSources = [];
|
|
106
106
|
const additionalSinks = [];
|
|
107
|
+
const additionalSanitizers = [];
|
|
107
108
|
// -- Java: getter methods that return tainted constructor fields ----------
|
|
108
109
|
additionalSources.push(...findGetterSources(types, constProp.instanceFieldTaint, code));
|
|
109
110
|
// -- Cross-language: OOP constructor-injected field flow (issue #78) ------
|
|
@@ -170,12 +171,13 @@ export class LanguageSourcesPass {
|
|
|
170
171
|
for (const finding of bashFindings) {
|
|
171
172
|
ctx.addFinding(finding);
|
|
172
173
|
}
|
|
174
|
+
additionalSanitizers.push(...findBashRegexAllowlistSanitizers(code));
|
|
173
175
|
}
|
|
174
176
|
// Attach trimmed source-line text to each emitted source/sink so consumers
|
|
175
177
|
// (LLM enrichment, SARIF reporters) can render the offending line without
|
|
176
178
|
// re-reading the file.
|
|
177
179
|
attachSourceLineCode(additionalSources, additionalSinks, code);
|
|
178
|
-
return { additionalSources, additionalSinks, pyTaintedVars, pySanitizedVars, jsTaintedVars };
|
|
180
|
+
return { additionalSources, additionalSinks, additionalSanitizers, pyTaintedVars, pySanitizedVars, jsTaintedVars };
|
|
179
181
|
}
|
|
180
182
|
}
|
|
181
183
|
function findGetterSources(types, instanceFieldTaint, _sourceCode) {
|
|
@@ -465,18 +467,18 @@ export function buildPythonTaintedVars(sourceCode) {
|
|
|
465
467
|
const line = lines[i];
|
|
466
468
|
if (line.trimStart().startsWith('#'))
|
|
467
469
|
continue;
|
|
468
|
-
const subscriptAssign = line.match(/^\s*(\
|
|
470
|
+
const subscriptAssign = line.match(/^\s*([\p{L}\p{N}_]+)\[(['"])([^'"]+)\2\]\s*=\s*(.+)$/u);
|
|
469
471
|
if (subscriptAssign) {
|
|
470
472
|
const [, container, , key, rhs2] = subscriptAssign;
|
|
471
|
-
const isTaintedRhs = [...tainted.keys()].some(v => new RegExp(
|
|
473
|
+
const isTaintedRhs = [...tainted.keys()].some(v => new RegExp(`(?<![\\p{L}\\p{N}_])${v}(?![\\p{L}\\p{N}_])`, 'u').test(rhs2));
|
|
472
474
|
if (isTaintedRhs)
|
|
473
475
|
containerTainted.set(`${container}['${key}']`, i + 1);
|
|
474
476
|
continue;
|
|
475
477
|
}
|
|
476
|
-
const setCallMatch = line.match(/^\s*(\
|
|
478
|
+
const setCallMatch = line.match(/^\s*([\p{L}\p{N}_]+)\.set\s*\(\s*(['"])([^'"]+)\2\s*,\s*(['"])([^'"]+)\4\s*,\s*(.+?)\s*\)$/u);
|
|
477
479
|
if (setCallMatch) {
|
|
478
480
|
const [, obj, , section, , key, rhs2] = setCallMatch;
|
|
479
|
-
const isTaintedRhs = [...tainted.keys()].some(v => new RegExp(
|
|
481
|
+
const isTaintedRhs = [...tainted.keys()].some(v => new RegExp(`(?<![\\p{L}\\p{N}_])${v}(?![\\p{L}\\p{N}_])`, 'u').test(rhs2));
|
|
480
482
|
if (isTaintedRhs)
|
|
481
483
|
containerTainted.set(`${obj}['${section}']['${key}']`, i + 1);
|
|
482
484
|
continue;
|
|
@@ -487,46 +489,46 @@ export function buildPythonTaintedVars(sourceCode) {
|
|
|
487
489
|
// Mark the receiver as tainted so subsequent reads (`lst[0]`, `lst.pop()`,
|
|
488
490
|
// bare `lst` in a list literal, etc.) propagate taint via the standard
|
|
489
491
|
// word-boundary scan below.
|
|
490
|
-
const containerAppendMatch = line.match(/^\s*(\
|
|
492
|
+
const containerAppendMatch = line.match(/^\s*([\p{L}\p{N}_]+)\.(append|extend|insert|add|push|put|appendleft)\s*\(\s*(.+?)\s*\)\s*$/u);
|
|
491
493
|
if (containerAppendMatch) {
|
|
492
494
|
const [, receiver, , argExpr] = containerAppendMatch;
|
|
493
|
-
const argIsTainted = [...tainted.keys()].some(v => new RegExp(
|
|
495
|
+
const argIsTainted = [...tainted.keys()].some(v => new RegExp(`(?<![\\p{L}\\p{N}_])${v}(?![\\p{L}\\p{N}_])`, 'u').test(argExpr));
|
|
494
496
|
const argIsDirectSource = PYTHON_TAINTED_PATTERNS.some(p => p.pattern.test(argExpr));
|
|
495
497
|
if (argIsTainted || argIsDirectSource)
|
|
496
498
|
tainted.set(receiver, tainted.get(receiver) ?? (i + 1));
|
|
497
499
|
continue;
|
|
498
500
|
}
|
|
499
|
-
const augAssign = line.match(/^\s*(\
|
|
501
|
+
const augAssign = line.match(/^\s*([\p{L}\p{N}_]+)\s*\+=\s*(.+)$/u);
|
|
500
502
|
if (augAssign) {
|
|
501
503
|
const [, augLhs, augRhs] = augAssign;
|
|
502
|
-
const rhsTainted = [...tainted.keys()].some(v => new RegExp(
|
|
504
|
+
const rhsTainted = [...tainted.keys()].some(v => new RegExp(`(?<![\\p{L}\\p{N}_])${v}(?![\\p{L}\\p{N}_])`, 'u').test(augRhs));
|
|
503
505
|
if (rhsTainted || tainted.has(augLhs))
|
|
504
506
|
tainted.set(augLhs, tainted.get(augLhs) ?? (i + 1));
|
|
505
507
|
continue;
|
|
506
508
|
}
|
|
507
|
-
const forLoopMatch = line.match(/^\s*for\s+(\
|
|
509
|
+
const forLoopMatch = line.match(/^\s*for\s+([\p{L}\p{N}_]+)\s+in\s+(.+?)(?:\s*:\s*)?$/u);
|
|
508
510
|
if (forLoopMatch) {
|
|
509
511
|
const [, iterVar, iterExpr] = forLoopMatch;
|
|
510
512
|
const isDirectSource = PYTHON_TAINTED_PATTERNS.some(p => p.pattern.test(iterExpr));
|
|
511
|
-
const isPropagated = [...tainted.keys()].some(v => new RegExp(
|
|
513
|
+
const isPropagated = [...tainted.keys()].some(v => new RegExp(`(?<![\\p{L}\\p{N}_])${v}(?![\\p{L}\\p{N}_])`, 'u').test(iterExpr));
|
|
512
514
|
if (isDirectSource || isPropagated)
|
|
513
515
|
tainted.set(iterVar, i + 1);
|
|
514
516
|
continue;
|
|
515
517
|
}
|
|
516
|
-
const assignMatch = line.match(/^\s*(\
|
|
518
|
+
const assignMatch = line.match(/^\s*([\p{L}\p{N}_]+)\s*=\s*(.+)$/u);
|
|
517
519
|
if (!assignMatch)
|
|
518
520
|
continue;
|
|
519
521
|
const [, lhs, rhs] = assignMatch;
|
|
520
522
|
const isDirectSource = PYTHON_TAINTED_PATTERNS.some(p => p.pattern.test(rhs));
|
|
521
523
|
let propagatedFrom;
|
|
522
|
-
const dictAccessMatch = rhs.trim().match(/^(\
|
|
524
|
+
const dictAccessMatch = rhs.trim().match(/^([\p{L}\p{N}_]+)\[(['"])([^'"]+)\2\]$/u);
|
|
523
525
|
if (dictAccessMatch) {
|
|
524
526
|
const [, container, , key] = dictAccessMatch;
|
|
525
527
|
if (containerTainted.has(`${container}['${key}']`))
|
|
526
528
|
propagatedFrom = `${container}['${key}']`;
|
|
527
529
|
}
|
|
528
530
|
if (!propagatedFrom) {
|
|
529
|
-
const confGetMatch = rhs.trim().match(/^(\
|
|
531
|
+
const confGetMatch = rhs.trim().match(/^([\p{L}\p{N}_]+)\.get\s*\(\s*(['"])([^'"]+)\2\s*,\s*(['"])([^'"]+)\4\s*\)$/u);
|
|
530
532
|
if (confGetMatch) {
|
|
531
533
|
const [, obj, , section, , key] = confGetMatch;
|
|
532
534
|
if (containerTainted.has(`${obj}['${section}']['${key}']`))
|
|
@@ -536,7 +538,7 @@ export function buildPythonTaintedVars(sourceCode) {
|
|
|
536
538
|
if (!propagatedFrom) {
|
|
537
539
|
const isSafeEnvRead = /\bos\.environ\.get\s*\(/.test(rhs) || /\bos\.getenv\s*\(/.test(rhs);
|
|
538
540
|
if (!isSafeEnvRead)
|
|
539
|
-
propagatedFrom = [...tainted.keys()].find(v => new RegExp(
|
|
541
|
+
propagatedFrom = [...tainted.keys()].find(v => new RegExp(`(?<![\\p{L}\\p{N}_])${v}(?![\\p{L}\\p{N}_])`, 'u').test(rhs));
|
|
540
542
|
}
|
|
541
543
|
if (isDirectSource) {
|
|
542
544
|
tainted.set(lhs, i + 1);
|
|
@@ -1006,4 +1008,99 @@ export function findBashPatternFindings(sourceCode, file) {
|
|
|
1006
1008
|
}
|
|
1007
1009
|
return findings;
|
|
1008
1010
|
}
|
|
1011
|
+
// ---------------------------------------------------------------------------
|
|
1012
|
+
// Bash regex-allowlist sanitizers (Sprint 11 — #73.2)
|
|
1013
|
+
// ---------------------------------------------------------------------------
|
|
1014
|
+
/**
|
|
1015
|
+
* Detect the idiomatic bash regex-allowlist guard:
|
|
1016
|
+
*
|
|
1017
|
+
* if [[ ! "$var" =~ ^[a-zA-Z0-9_]+$ ]]; then exit 1; fi
|
|
1018
|
+
*
|
|
1019
|
+
* When the guard's `then` branch terminates execution (exit/return/die) and
|
|
1020
|
+
* the regex is a tight character-class allowlist, subsequent uses of `$var`
|
|
1021
|
+
* are constrained to the allowlisted alphabet — effectively a sanitizer.
|
|
1022
|
+
*
|
|
1023
|
+
* We emit `TaintSanitizer` entries at every line from the line AFTER the
|
|
1024
|
+
* `if` through end-of-file. This is intentionally coarse: the test
|
|
1025
|
+
* `checkSanitized` only consults the sink's line, so a per-line emission
|
|
1026
|
+
* gives a simple forward-scoped clear without DFG block tracking. The
|
|
1027
|
+
* sanitizer covers the injection sink-types most relevant to user input
|
|
1028
|
+
* fed to shell utilities.
|
|
1029
|
+
*
|
|
1030
|
+
* Safe-regex predicate rejects anything that isn't anchored, contains
|
|
1031
|
+
* `.*` / `.+`, contains alternation, or contains backrefs.
|
|
1032
|
+
*/
|
|
1033
|
+
function findBashRegexAllowlistSanitizers(code) {
|
|
1034
|
+
const sanitizers = [];
|
|
1035
|
+
const lines = code.split('\n');
|
|
1036
|
+
// Captures: 1=variable, 2=regex body, 3=terminator (exit|return|die)
|
|
1037
|
+
const guardRe = /^\s*if\s+\[\[\s*!\s*"?\$\{?(\w+)\}?"?\s*=~\s*(\S+)\s*\]\]\s*;\s*then\s+(exit|return|die)\b/;
|
|
1038
|
+
for (let i = 0; i < lines.length; i++) {
|
|
1039
|
+
const m = guardRe.exec(lines[i]);
|
|
1040
|
+
if (!m)
|
|
1041
|
+
continue;
|
|
1042
|
+
const regexLiteral = m[2];
|
|
1043
|
+
if (!isSafeBashAllowlistRegex(regexLiteral))
|
|
1044
|
+
continue;
|
|
1045
|
+
// Sanitizer applies from the next source line through end-of-file. We
|
|
1046
|
+
// emit per-line entries so the line-keyed `checkSanitized` lookup
|
|
1047
|
+
// finds them at any downstream sink line.
|
|
1048
|
+
const ifLine1Indexed = i + 1;
|
|
1049
|
+
for (let l = ifLine1Indexed + 1; l <= lines.length; l++) {
|
|
1050
|
+
sanitizers.push({
|
|
1051
|
+
type: 'regex_allowlist',
|
|
1052
|
+
method: '=~',
|
|
1053
|
+
line: l,
|
|
1054
|
+
sanitizes: [
|
|
1055
|
+
'command_injection',
|
|
1056
|
+
'path_traversal',
|
|
1057
|
+
'sql_injection',
|
|
1058
|
+
'code_injection',
|
|
1059
|
+
'ssrf',
|
|
1060
|
+
'xss',
|
|
1061
|
+
'open_redirect',
|
|
1062
|
+
'log_injection',
|
|
1063
|
+
],
|
|
1064
|
+
});
|
|
1065
|
+
}
|
|
1066
|
+
}
|
|
1067
|
+
return sanitizers;
|
|
1068
|
+
}
|
|
1069
|
+
/**
|
|
1070
|
+
* A regex literal is a "safe allowlist" if:
|
|
1071
|
+
* - It is anchored at both ends (`^…$`).
|
|
1072
|
+
* - It contains no wildcard quantifier (`.*` / `.+`).
|
|
1073
|
+
* - It contains no alternation (`|`).
|
|
1074
|
+
* - It contains no backreference (`\1`, `\2`, …).
|
|
1075
|
+
* - Every token is a bracketed character class, a plain alnum / safe punct,
|
|
1076
|
+
* an escape, or a `+`/`*`/`?` quantifier — no free-form `.`, no shell
|
|
1077
|
+
* expansion characters.
|
|
1078
|
+
*/
|
|
1079
|
+
function isSafeBashAllowlistRegex(literal) {
|
|
1080
|
+
if (!literal.startsWith('^') || !literal.endsWith('$'))
|
|
1081
|
+
return false;
|
|
1082
|
+
const body = literal.slice(1, -1);
|
|
1083
|
+
if (body.length === 0)
|
|
1084
|
+
return false;
|
|
1085
|
+
if (body.includes('.*') || body.includes('.+'))
|
|
1086
|
+
return false;
|
|
1087
|
+
if (body.includes('|'))
|
|
1088
|
+
return false;
|
|
1089
|
+
if (/\\\d/.test(body))
|
|
1090
|
+
return false;
|
|
1091
|
+
// Token whitelist:
|
|
1092
|
+
// - `\[[^\]]+\][+*?]?` — char class with optional quantifier
|
|
1093
|
+
// - `\\.` — escaped metacharacter
|
|
1094
|
+
// - `[A-Za-z0-9_\-./]` — literal safe chars
|
|
1095
|
+
// - `[+*?]` — quantifier on the preceding token
|
|
1096
|
+
const safeToken = /\[[^\]]+\][+*?]?|\\.|[A-Za-z0-9_\-./]|[+*?]/g;
|
|
1097
|
+
let consumed = 0;
|
|
1098
|
+
let match;
|
|
1099
|
+
while ((match = safeToken.exec(body)) !== null) {
|
|
1100
|
+
if (match.index !== consumed)
|
|
1101
|
+
return false;
|
|
1102
|
+
consumed += match[0].length;
|
|
1103
|
+
}
|
|
1104
|
+
return consumed === body.length;
|
|
1105
|
+
}
|
|
1009
1106
|
//# sourceMappingURL=language-sources-pass.js.map
|