circle-ir 3.6.0 → 3.8.2

package/dist/browser/circle-ir.js

@@ -9211,9 +9211,7 @@ var DEFAULT_SINKS = [
   { method: "resolveURI", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "resolve", class: "SourceResolver", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "getSource", class: "SourceResolver", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
-  // URL-based resource loading
-  { method: "URL", class: "constructor", type: "path_traversal", cwe: "CWE-22", severity: "medium", arg_positions: [0] },
-  { method: "openStream", class: "URL", type: "path_traversal", cwe: "CWE-22", severity: "medium", arg_positions: [] },
+  // NOTE: new URL(userInput) is SSRF (CWE-918), not path traversal — see ssrf section below
   // Servlet context resource loading
   { method: "getResource", class: "ServletContext", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "getResourceAsStream", class: "ServletContext", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
@@ -9250,8 +9248,7 @@ var DEFAULT_SINKS = [
   { method: "extract", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0, 1] },
   { method: "extractAll", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0, 1] },
   { method: "unjar", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0, 1] },
-  // Additional file constructors
-  { method: "BufferedReader", class: "constructor", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
+  // Additional file constructors — BufferedReader(Reader) is NOT a path traversal sink; it wraps a Reader, not a file path
   { method: "PrintWriter", class: "constructor", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "Scanner", class: "constructor", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   // Topic/queue names (for message queue systems - can be exploited for path traversal)
@@ -9774,9 +9771,12 @@ var DEFAULT_SINKS = [
   { method: "execSync", class: "child_process", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "spawn", class: "child_process", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "spawnSync", class: "child_process", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
-  // Also match without receiver (destructured imports)
+  // Also match without receiver (destructured imports: const { exec } = require('child_process'))
   { method: "exec", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
   { method: "execSync", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
+  { method: "spawn", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
+  { method: "spawnSync", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
+  { method: "execFile", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
   // Node.js File System (path traversal)
   { method: "readFile", class: "fs", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0] },
   { method: "readFileSync", class: "fs", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0] },
@@ -9819,7 +9819,9 @@ var DEFAULT_SINKS = [
   { method: "request", class: "axios", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   { method: "fetch", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   { method: "request", class: "http", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
+  { method: "get", class: "http", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   { method: "request", class: "https", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
+  { method: "get", class: "https", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   // needle library (used in NodeGoat)
   { method: "get", class: "needle", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   { method: "post", class: "needle", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
@@ -10239,6 +10241,21 @@ function getDefaultConfig() {
 }
 
 // src/analysis/taint-matcher.ts
+var PYTHON_TAINTED_PATTERNS = [
+  { pattern: /\brequest\.args\b/, sourceType: "http_param" },
+  { pattern: /\brequest\.form\b/, sourceType: "http_body" },
+  { pattern: /\brequest\.json\b/, sourceType: "http_body" },
+  { pattern: /\brequest\.data\b/, sourceType: "http_body" },
+  { pattern: /\brequest\.files?\b/, sourceType: "file_input" },
+  { pattern: /\brequest\.headers?\b/, sourceType: "http_header" },
+  { pattern: /\brequest\.cookies\b/, sourceType: "http_cookie" },
+  { pattern: /\brequest\.GET\b/, sourceType: "http_param" },
+  { pattern: /\brequest\.POST\b/, sourceType: "http_body" },
+  { pattern: /\brequest\.META\b/, sourceType: "http_header" },
+  { pattern: /\brequest\.FILES\b/, sourceType: "file_input" },
+  { pattern: /\brequest\.query_params\b/, sourceType: "http_param" },
+  { pattern: /\brequest\.path_params\b/, sourceType: "http_param" }
+];
 function analyzeTaint(calls, types, config = getDefaultConfig()) {
   const sources = findSources(calls, types, config.sources);
   const sinks = findSinks(calls, config.sinks);
@@ -10321,6 +10338,28 @@ function findSources(calls, types, patterns) {
       }
     }
   }
+  for (const call of calls) {
+    for (const arg of call.arguments) {
+      if (!arg.expression) continue;
+      for (const { pattern, sourceType } of PYTHON_TAINTED_PATTERNS) {
+        if (pattern.test(arg.expression)) {
+          const alreadyExists = sources.some(
+            (s) => s.line === call.location.line && s.type === sourceType
+          );
+          if (!alreadyExists) {
+            sources.push({
+              type: sourceType,
+              location: `${arg.expression} in ${call.in_method || "anonymous"}`,
+              severity: "high",
+              line: call.location.line,
+              confidence: 1
+            });
+          }
+          break;
+        }
+      }
+    }
+  }
   const sourceMap = /* @__PURE__ */ new Map();
   for (const source of sources) {
     const key = `${source.line}:${source.type}`;
@@ -11274,7 +11313,20 @@ function analyzeInterprocedural(types, calls, dfg, sources, sinks, sanitizers, o
     "hashCode",
     "equals",
     "clone",
-    "clear"
+    "clear",
+    // StringBuilder / StringBuffer / Writer accumulator methods — taint propagates through these
+    // but the CWE-668 sink check should not fire on pure string accumulation
+    "append",
+    "insert",
+    "prepend",
+    "concat",
+    "delete",
+    "deleteCharAt",
+    "replace",
+    "reverse",
+    "write",
+    "writeln",
+    "println"
   ]);
   const safeUtilityMethods = /* @__PURE__ */ new Set([
     // Path validation and normalization
@@ -11305,7 +11357,25 @@ function analyzeInterprocedural(types, calls, dfg, sources, sinks, sanitizers, o
     "validate",
     "validateInput",
     "check",
-    "verify"
+    "verify",
+    // I/O stream wrappers — pure decorators that wrap a stream, not security sinks
+    // e.g. new InputStreamReader(proc.getInputStream()) is safe; the underlying stream is the source
+    "InputStreamReader",
+    "OutputStreamWriter",
+    "BufferedInputStream",
+    "BufferedOutputStream",
+    "ByteArrayInputStream",
+    "ByteArrayOutputStream",
+    "DataInputStream",
+    "DataOutputStream",
+    "PushbackInputStream",
+    "SequenceInputStream",
+    "BufferedReader",
+    "BufferedWriter",
+    "PrintStream",
+    "PrintWriter",
+    "ObjectOutputStream"
+    // ObjectInputStream IS a sink (deserialization), keep it out
   ]);
   const sanitizerMethods = /* @__PURE__ */ new Set();
   for (const san of sanitizers) {
@@ -16509,6 +16579,29 @@ var JS_TAINTED_PATTERNS = [
   { pattern: /\bdocument\.querySelector\b/, type: "dom_input" },
   { pattern: /\.value\b/, type: "dom_input" }
 ];
+var PYTHON_TAINTED_PATTERNS2 = [
+  { pattern: /\brequest\.args\b/, type: "http_param" },
+  { pattern: /\brequest\.form\b/, type: "http_body" },
+  { pattern: /\brequest\.json\b/, type: "http_body" },
+  { pattern: /\brequest\.data\b/, type: "http_body" },
+  { pattern: /\brequest\.files?\b/, type: "file_input" },
+  { pattern: /\brequest\.headers?\b/, type: "http_header" },
+  { pattern: /\brequest\.cookies\b/, type: "http_cookie" },
+  { pattern: /\brequest\.GET\b/, type: "http_param" },
+  { pattern: /\brequest\.POST\b/, type: "http_body" },
+  { pattern: /\brequest\.META\b/, type: "http_header" },
+  { pattern: /\brequest\.FILES\b/, type: "file_input" },
+  { pattern: /\brequest\.query_params\b/, type: "http_param" },
+  { pattern: /\brequest\.path_params\b/, type: "http_param" },
+  // Flask raw query/body strings
+  { pattern: /\brequest\.query_string\b/, type: "http_param" },
+  { pattern: /\brequest\.get_data\s*\(/, type: "http_body" },
+  // Request wrapper helper methods (common in OWASP-style benchmarks and real wrappers)
+  { pattern: /\bget_form_parameter\s*\(/, type: "http_body" },
+  { pattern: /\bget_query_parameter\s*\(/, type: "http_param" },
+  { pattern: /\bget_header_value\s*\(/, type: "http_header" },
+  { pattern: /\bget_cookie_value\s*\(/, type: "http_cookie" }
+];
 function findJavaScriptAssignmentSources(sourceCode, language) {
   const sources = [];
   if (!["javascript", "typescript"].includes(language)) {
@@ -16544,6 +16637,212 @@ function findJavaScriptAssignmentSources(sourceCode, language) {
   }
   return sources;
 }
+function findPythonAssignmentSources(sourceCode, language) {
+  const sources = [];
+  if (language !== "python") {
+    return sources;
+  }
+  const lines = sourceCode.split("\n");
+  for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+    const line = lines[lineNum];
+    const lineNumber = lineNum + 1;
+    if (line.trimStart().startsWith("#")) continue;
+    const assignmentMatch = line.match(/^(\s*\w[\w.]*)\s*(?::\s*\w[\w\[\], .]*)?\s*=\s*(.+)/);
+    if (assignmentMatch) {
+      const rhs = assignmentMatch[2];
+      for (const { pattern, type } of PYTHON_TAINTED_PATTERNS2) {
+        if (pattern.test(rhs)) {
+          const varMatch = line.match(/^\s*(\w+)\s*/);
+          const varName = varMatch ? varMatch[1] : "unknown";
+          const alreadyExists = sources.some(
+            (s) => s.line === lineNumber && s.type === type
+          );
+          if (!alreadyExists) {
+            sources.push({
+              type,
+              location: `${varName} = ${rhs.trim().substring(0, 50)}${rhs.length > 50 ? "..." : ""}`,
+              severity: "high",
+              line: lineNumber,
+              confidence: 0.95,
+              variable: varName
+            });
+          }
+          break;
+        }
+      }
+    }
+  }
+  return sources;
+}
+function buildPythonTaintedVars(sourceCode) {
+  const tainted = /* @__PURE__ */ new Map();
+  const containerTainted = /* @__PURE__ */ new Map();
+  const lines = sourceCode.split("\n");
+  for (let i2 = 0; i2 < lines.length; i2++) {
+    const line = lines[i2];
+    if (line.trimStart().startsWith("#")) continue;
+    const subscriptAssign = line.match(/^\s*(\w+)\[(['"])([^'"]+)\2\]\s*=\s*(.+)$/);
+    if (subscriptAssign) {
+      const [, container, , key, rhs2] = subscriptAssign;
+      const isTaintedRhs = [...tainted.keys()].some((v) => new RegExp(`\\b${v}\\b`).test(rhs2));
+      if (isTaintedRhs) {
+        containerTainted.set(`${container}['${key}']`, i2 + 1);
+      }
+      continue;
+    }
+    const setCallMatch = line.match(/^\s*(\w+)\.set\s*\(\s*(['"])([^'"]+)\2\s*,\s*(['"])([^'"]+)\4\s*,\s*(.+?)\s*\)$/);
+    if (setCallMatch) {
+      const [, obj, , section, , key, rhs2] = setCallMatch;
+      const isTaintedRhs = [...tainted.keys()].some((v) => new RegExp(`\\b${v}\\b`).test(rhs2));
+      if (isTaintedRhs) {
+        containerTainted.set(`${obj}['${section}']['${key}']`, i2 + 1);
+      }
+      continue;
+    }
+    const augAssign = line.match(/^\s*(\w+)\s*\+=\s*(.+)$/);
+    if (augAssign) {
+      const [, augLhs, augRhs] = augAssign;
+      const rhsTainted = [...tainted.keys()].some((v) => new RegExp(`\\b${v}\\b`).test(augRhs));
+      if (rhsTainted || tainted.has(augLhs)) {
+        tainted.set(augLhs, tainted.get(augLhs) ?? i2 + 1);
+      }
+      continue;
+    }
+    const forLoopMatch = line.match(/^\s*for\s+(\w+)\s+in\s+(.+?)(?:\s*:\s*)?$/);
+    if (forLoopMatch) {
+      const [, iterVar, iterExpr] = forLoopMatch;
+      const isDirectSource2 = PYTHON_TAINTED_PATTERNS2.some((p) => p.pattern.test(iterExpr));
+      const isPropagated = [...tainted.keys()].some((v) => new RegExp(`\\b${v}\\b`).test(iterExpr));
+      if (isDirectSource2 || isPropagated) {
+        tainted.set(iterVar, i2 + 1);
+      }
+      continue;
+    }
+    const assignMatch = line.match(/^\s*(\w+)\s*=\s*(.+)$/);
+    if (!assignMatch) continue;
+    const [, lhs, rhs] = assignMatch;
+    const isDirectSource = PYTHON_TAINTED_PATTERNS2.some((p) => p.pattern.test(rhs));
+    let propagatedFrom;
+    const dictAccessMatch = rhs.trim().match(/^(\w+)\[(['"])([^'"]+)\2\]$/);
+    if (dictAccessMatch) {
+      const [, container, , key] = dictAccessMatch;
+      if (containerTainted.has(`${container}['${key}']`)) {
+        propagatedFrom = `${container}['${key}']`;
+      }
+    }
+    if (!propagatedFrom) {
+      const confGetMatch = rhs.trim().match(/^(\w+)\.get\s*\(\s*(['"])([^'"]+)\2\s*,\s*(['"])([^'"]+)\4\s*\)$/);
+      if (confGetMatch) {
+        const [, obj, , section, , key] = confGetMatch;
+        if (containerTainted.has(`${obj}['${section}']['${key}']`)) {
+          propagatedFrom = `${obj}['${section}']['${key}']`;
+        }
+      }
+    }
+    if (!propagatedFrom) {
+      const isSafeEnvRead = /\bos\.environ\.get\s*\(/.test(rhs) || /\bos\.getenv\s*\(/.test(rhs);
+      if (!isSafeEnvRead) {
+        propagatedFrom = [...tainted.keys()].find((v) => new RegExp(`\\b${v}\\b`).test(rhs));
+      }
+    }
+    if (isDirectSource) {
+      tainted.set(lhs, i2 + 1);
+    } else if (propagatedFrom !== void 0) {
+      tainted.set(lhs, i2 + 1);
+    } else if (tainted.has(lhs)) {
+      const prevNonBlank = lines.slice(0, i2).reverse().find((l) => l.trim() && !l.trimStart().startsWith("#"));
+      const isNullGuard = prevNonBlank !== void 0 && (new RegExp(`^\\s*if\\s+not\\s+${lhs}\\s*:`).test(prevNonBlank) || new RegExp(`^\\s*if\\s+${lhs}\\s+is\\s+None\\s*:`).test(prevNonBlank));
+      if (!isNullGuard) {
+        tainted.delete(lhs);
+      }
+    }
+  }
+  return tainted;
+}
+function buildJavaScriptTaintedVars(sourceCode, language) {
+  if (!["javascript", "typescript"].includes(language)) return /* @__PURE__ */ new Map();
+  const tainted = /* @__PURE__ */ new Map();
+  const lines = sourceCode.split("\n");
+  for (let i2 = 0; i2 < lines.length; i2++) {
+    const line = lines[i2];
+    const trimmed = line.trimStart();
+    if (trimmed.startsWith("//") || trimmed.startsWith("*")) continue;
+    const assignMatch = line.match(/(?:(?:var|let|const)\s+)?(\w+)\s*=\s*(.+)/);
+    if (!assignMatch) continue;
+    const [, lhs, rhs] = assignMatch;
+    if (["if", "while", "for", "return", "true", "false", "null", "undefined", "case"].includes(lhs)) continue;
+    const isDirectSource = JS_TAINTED_PATTERNS.some((p) => p.pattern.test(rhs));
+    const isTaintedPropagation = tainted.size > 0 && [...tainted.keys()].some((v) => new RegExp(`\\b${v}\\b`).test(rhs));
+    if (isDirectSource || isTaintedPropagation) {
+      tainted.set(lhs, i2 + 1);
+    }
+  }
+  return tainted;
+}
+function findPythonQuoteSanitizedVars(sourceCode) {
+  const sanitized = /* @__PURE__ */ new Set();
+  const lines = sourceCode.split("\n");
+  for (let i2 = 0; i2 < lines.length - 1; i2++) {
+    const m = lines[i2].match(/^\s*if\s+(?:'(?:[^'\\]|\\.)*'|"(?:[^"\\]|\\.)*")\s+in\s+(\w+)\s*:/);
+    if (!m) continue;
+    const ifIndent = (lines[i2].match(/^(\s*)/) ?? ["", ""])[1].length;
+    let foundExit = false;
+    for (let j = i2 + 1; j <= Math.min(i2 + 5, lines.length - 1); j++) {
+      const jLine = lines[j] ?? "";
+      if (!jLine.trim()) continue;
+      const jIndent = (jLine.match(/^(\s*)/) ?? ["", ""])[1].length;
+      if (jIndent <= ifIndent) break;
+      if (/^(return|raise|abort|continue|break)\b/.test(jLine.trim())) {
+        foundExit = true;
+        break;
+      }
+    }
+    if (foundExit) {
+      sanitized.add(m[1]);
+    }
+  }
+  return sanitized;
+}
+function findPythonTrustBoundaryViolations(sourceCode, language, taintedVars) {
+  if (language !== "python" || taintedVars.size === 0) return [];
+  const violations = [];
+  const lines = sourceCode.split("\n");
+  const SESSION_WRITE = /(?:flask\.)?session\[([^\]]+)\]\s*=\s*(.+)$/;
+  const taintedKeys = [...taintedVars.keys()];
+  const earliestSourceLine = Math.min(...[...taintedVars.values()]);
+  for (let i2 = 0; i2 < lines.length; i2++) {
+    const line = lines[i2];
+    if (line.trimStart().startsWith("#")) continue;
+    const m = line.match(SESSION_WRITE);
+    if (!m) continue;
+    const [, keyExpr, valueExpr] = m;
+    const keyTainted = taintedKeys.some((v) => new RegExp(`\\b${v}\\b`).test(keyExpr));
+    const valueTainted = taintedKeys.some((v) => new RegExp(`\\b${v}\\b`).test(valueExpr));
+    if (keyTainted || valueTainted) {
+      violations.push({ sourceLine: earliestSourceLine, sinkLine: i2 + 1 });
+    }
+  }
+  return violations;
+}
+function findPythonReturnXSSSinks(sourceCode, language, taintedVars) {
+  if (language !== "python" || taintedVars.size === 0) return [];
+  const sinks = [];
+  const lines = sourceCode.split("\n");
+  const taintedKeys = [...taintedVars.keys()];
+  for (let i2 = 0; i2 < lines.length; i2++) {
+    const line = lines[i2];
+    if (line.trimStart().startsWith("#")) continue;
+    const returnMatch = line.match(/^\s*(?:return|yield)\s+(.+)$/);
+    if (!returnMatch) continue;
+    const expr = returnMatch[1];
+    const hasTaintedVar = taintedKeys.some((v) => new RegExp(`\\b${v}\\b`).test(expr));
+    if (!hasTaintedVar) continue;
+    const looksLikeHTML = expr.includes("<") || /['"]\s*\+/.test(expr) || /\+\s*['"]/.test(expr) || /f['"][^'"]*\{/.test(expr);
+    if (!looksLikeHTML) continue;
+    sinks.push({ sinkLine: i2 + 1 });
+  }
+  return sinks;
+}
 function findJavaScriptDOMSinks(sourceCode, language) {
   const sinks = [];
   if (!["javascript", "typescript"].includes(language)) {
@@ -16783,6 +17082,8 @@ async function analyze(code, filePath, language, options = {}) {
   taint.sources.push(...getterSources);
   const jsAssignmentSources = findJavaScriptAssignmentSources(code, language);
   taint.sources.push(...jsAssignmentSources);
+  const pythonAssignmentSources = findPythonAssignmentSources(code, language);
+  taint.sources.push(...pythonAssignmentSources);
   const jsDOMSinks = findJavaScriptDOMSinks(code, language);
   for (const domSink of jsDOMSinks) {
     const alreadyExists = taint.sinks.some(
@@ -16823,6 +17124,82 @@ async function analyze(code, filePath, language, options = {}) {
     constPropResult.synchronizedLines
   );
   taint.sinks = filterSanitizedSinks(taint.sinks, taint.sanitizers ?? [], calls);
+  if (language === "python") {
+    const pyTaintedVars = buildPythonTaintedVars(code);
+    const pySanitizedVars = findPythonQuoteSanitizedVars(code);
+    for (const line of code.split("\n")) {
+      const am = line.match(/^\s*(\w+)\s*=\s*(.+)$/);
+      if (!am) continue;
+      const [, lhs, rhs] = am;
+      if ([...pySanitizedVars].some((v) => new RegExp(`\\b${v}\\b`).test(rhs))) {
+        pySanitizedVars.add(lhs);
+      }
+    }
+    for (const line of code.split("\n")) {
+      const am = line.match(/^\s*(\w+)\s*=\s*(.+)$/);
+      if (!am) continue;
+      const [, lhs, rhs] = am;
+      const hasReplaceOnTainted = [...pyTaintedVars.keys()].some(
+        (v) => new RegExp(`\\b${v}\\.replace\\s*\\(`).test(rhs)
+      );
+      if (hasReplaceOnTainted) pySanitizedVars.add(lhs);
+    }
+    const pySourceLines = code.split("\n");
+    taint.sinks = taint.sinks.filter((sink) => {
+      if (sink.type !== "xpath_injection") return true;
+      const sinkLineText = pySourceLines[sink.line - 1] ?? "";
+      const taintedVarOnLine = [...pyTaintedVars.keys()].find(
+        (v) => new RegExp(`\\b${v}\\b`).test(sinkLineText)
+      );
+      if (!taintedVarOnLine) return false;
+      if (pySanitizedVars.has(taintedVarOnLine)) return false;
+      if (new RegExp(`\\.xpath\\s*\\([^)]*\\b\\w+\\s*=\\s*\\b${taintedVarOnLine}\\b`).test(sinkLineText)) return false;
+      return true;
+    });
+    const trustViolations = findPythonTrustBoundaryViolations(code, language, pyTaintedVars);
+    for (const v of trustViolations) {
+      const alreadyExists = taint.sinks.some(
+        (s) => s.line === v.sinkLine && s.type === "trust_boundary"
+      );
+      if (!alreadyExists) {
+        taint.sinks.push({
+          type: "trust_boundary",
+          cwe: "CWE-501",
+          line: v.sinkLine,
+          location: `session write at line ${v.sinkLine}`,
+          confidence: 0.85
+        });
+      }
+    }
+    const pyReturnXSS = findPythonReturnXSSSinks(code, language, pyTaintedVars);
+    for (const r of pyReturnXSS) {
+      const alreadyExists = taint.sinks.some(
+        (s) => s.line === r.sinkLine && s.type === "xss"
+      );
+      if (!alreadyExists) {
+        taint.sinks.push({
+          type: "xss",
+          cwe: "CWE-79",
+          line: r.sinkLine,
+          location: `return HTML with user input at line ${r.sinkLine}`,
+          confidence: 0.9
+        });
+      }
+    }
+  }
+  if (["javascript", "typescript"].includes(language)) {
+    const jsTaintedVars = buildJavaScriptTaintedVars(code, language);
+    if (jsTaintedVars.size > 0) {
+      const jsSourceLines = code.split("\n");
+      taint.sinks = taint.sinks.filter((sink) => {
+        if (sink.type !== "xss") return true;
+        const sinkLineText = jsSourceLines[sink.line - 1] ?? "";
+        if ([...jsTaintedVars.keys()].some((v) => new RegExp(`\\b${v}\\b`).test(sinkLineText))) return true;
+        if (JS_TAINTED_PATTERNS.some((p) => p.pattern.test(sinkLineText))) return true;
+        return false;
+      });
+    }
+  }
   if (taint.sources.length > 0 && taint.sinks.length > 0) {
     const propagationResult = propagateTaint(
       dfg,
@@ -16942,6 +17319,7 @@ async function analyze(code, filePath, language, options = {}) {
       }
     );
     for (const sink of interProc.propagatedSinks) {
+      if (sink.type === "external_taint_escape") continue;
       if (!taint.sinks.some((s) => s.line === sink.line)) {
         taint.sinks.push(sink);
       }
@@ -17152,7 +17530,59 @@ async function analyzeForAPI(code, filePath, language, options = {}) {
     constPropResult.synchronizedLines
   );
   filteredSinks = filterSanitizedSinks(filteredSinks, taint.sanitizers ?? [], calls);
+  let pythonTaintedVars = /* @__PURE__ */ new Map();
+  if (language === "python") {
+    pythonTaintedVars = buildPythonTaintedVars(code);
+    const pythonSanitizedVars = findPythonQuoteSanitizedVars(code);
+    for (const line of code.split("\n")) {
+      const am = line.match(/^\s*(\w+)\s*=\s*(.+)$/);
+      if (!am) continue;
+      const [, lhs, rhs] = am;
+      if ([...pythonSanitizedVars].some((v) => new RegExp(`\\b${v}\\b`).test(rhs))) {
+        pythonSanitizedVars.add(lhs);
+      }
+    }
+    for (const line of code.split("\n")) {
+      const am = line.match(/^\s*(\w+)\s*=\s*(.+)$/);
+      if (!am) continue;
+      const [, lhs, rhs] = am;
+      const hasReplaceOnTainted = [...pythonTaintedVars.keys()].some(
+        (v) => new RegExp(`\\b${v}\\.replace\\s*\\(`).test(rhs)
+      );
+      if (hasReplaceOnTainted) pythonSanitizedVars.add(lhs);
+    }
+    const sourceLines = code.split("\n");
+    filteredSinks = filteredSinks.filter((sink) => {
+      if (sink.type !== "xpath_injection") return true;
+      const sinkLineText = sourceLines[sink.line - 1] ?? "";
+      const taintedVarOnLine = [...pythonTaintedVars.keys()].find(
+        (v) => new RegExp(`\\b${v}\\b`).test(sinkLineText)
+      );
+      if (!taintedVarOnLine) return false;
+      if (pythonSanitizedVars.has(taintedVarOnLine)) return false;
+      if (new RegExp(`\\.xpath\\s*\\([^)]*\\b\\w+\\s*=\\s*\\b${taintedVarOnLine}\\b`).test(sinkLineText)) return false;
+      return true;
+    });
+  }
   const vulnerabilities = findVulnerabilities(taint.sources, filteredSinks, calls, constPropResult);
+  if (language === "python") {
+    const trustViolations = findPythonTrustBoundaryViolations(code, language, pythonTaintedVars);
+    for (const v of trustViolations) {
+      const alreadyReported = vulnerabilities.some(
+        (existing) => existing.sink.line === v.sinkLine && existing.type === "trust_boundary"
+      );
+      if (!alreadyReported) {
+        vulnerabilities.push({
+          type: "trust_boundary",
+          cwe: "CWE-501",
+          severity: "medium",
+          source: { line: v.sourceLine, type: "http_param" },
+          sink: { line: v.sinkLine, type: "trust_boundary" },
+          confidence: 0.85
+        });
+      }
+    }
+  }
   const analysisTime = performance.now() - analysisStart;
   const totalTime = performance.now() - startTime;
   return {

package/dist/core/circle-ir-core.cjs

@@ -9319,9 +9319,7 @@ var DEFAULT_SINKS = [
   { method: "resolveURI", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "resolve", class: "SourceResolver", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "getSource", class: "SourceResolver", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
-  // URL-based resource loading
-  { method: "URL", class: "constructor", type: "path_traversal", cwe: "CWE-22", severity: "medium", arg_positions: [0] },
-  { method: "openStream", class: "URL", type: "path_traversal", cwe: "CWE-22", severity: "medium", arg_positions: [] },
+  // NOTE: new URL(userInput) is SSRF (CWE-918), not path traversal — see ssrf section below
   // Servlet context resource loading
   { method: "getResource", class: "ServletContext", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "getResourceAsStream", class: "ServletContext", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
@@ -9358,8 +9356,7 @@ var DEFAULT_SINKS = [
   { method: "extract", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0, 1] },
   { method: "extractAll", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0, 1] },
   { method: "unjar", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0, 1] },
-  // Additional file constructors
-  { method: "BufferedReader", class: "constructor", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
+  // Additional file constructors — BufferedReader(Reader) is NOT a path traversal sink; it wraps a Reader, not a file path
   { method: "PrintWriter", class: "constructor", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "Scanner", class: "constructor", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   // Topic/queue names (for message queue systems - can be exploited for path traversal)
@@ -9882,9 +9879,12 @@ var DEFAULT_SINKS = [
   { method: "execSync", class: "child_process", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "spawn", class: "child_process", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "spawnSync", class: "child_process", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
-  // Also match without receiver (destructured imports)
+  // Also match without receiver (destructured imports: const { exec } = require('child_process'))
   { method: "exec", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
   { method: "execSync", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
+  { method: "spawn", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
+  { method: "spawnSync", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
+  { method: "execFile", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
   // Node.js File System (path traversal)
   { method: "readFile", class: "fs", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0] },
   { method: "readFileSync", class: "fs", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0] },
@@ -9927,7 +9927,9 @@ var DEFAULT_SINKS = [
   { method: "request", class: "axios", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   { method: "fetch", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   { method: "request", class: "http", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
+  { method: "get", class: "http", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   { method: "request", class: "https", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
+  { method: "get", class: "https", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   // needle library (used in NodeGoat)
   { method: "get", class: "needle", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   { method: "post", class: "needle", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
@@ -10347,6 +10349,21 @@ function getDefaultConfig() {
 }
 
 // src/analysis/taint-matcher.ts
+var PYTHON_TAINTED_PATTERNS = [
+  { pattern: /\brequest\.args\b/, sourceType: "http_param" },
+  { pattern: /\brequest\.form\b/, sourceType: "http_body" },
+  { pattern: /\brequest\.json\b/, sourceType: "http_body" },
+  { pattern: /\brequest\.data\b/, sourceType: "http_body" },
+  { pattern: /\brequest\.files?\b/, sourceType: "file_input" },
+  { pattern: /\brequest\.headers?\b/, sourceType: "http_header" },
+  { pattern: /\brequest\.cookies\b/, sourceType: "http_cookie" },
+  { pattern: /\brequest\.GET\b/, sourceType: "http_param" },
+  { pattern: /\brequest\.POST\b/, sourceType: "http_body" },
+  { pattern: /\brequest\.META\b/, sourceType: "http_header" },
+  { pattern: /\brequest\.FILES\b/, sourceType: "file_input" },
+  { pattern: /\brequest\.query_params\b/, sourceType: "http_param" },
+  { pattern: /\brequest\.path_params\b/, sourceType: "http_param" }
+];
 function analyzeTaint(calls, types, config = getDefaultConfig()) {
   const sources = findSources(calls, types, config.sources);
   const sinks = findSinks(calls, config.sinks);
@@ -10429,6 +10446,28 @@ function findSources(calls, types, patterns) {
       }
     }
   }
+  for (const call of calls) {
+    for (const arg of call.arguments) {
+      if (!arg.expression) continue;
+      for (const { pattern, sourceType } of PYTHON_TAINTED_PATTERNS) {
+        if (pattern.test(arg.expression)) {
+          const alreadyExists = sources.some(
+            (s) => s.line === call.location.line && s.type === sourceType
+          );
+          if (!alreadyExists) {
+            sources.push({
+              type: sourceType,
+              location: `${arg.expression} in ${call.in_method || "anonymous"}`,
+              severity: "high",
+              line: call.location.line,
+              confidence: 1
+            });
+          }
+          break;
+        }
+      }
+    }
+  }
   const sourceMap = /* @__PURE__ */ new Map();
   for (const source of sources) {
     const key = `${source.line}:${source.type}`;