circle-ir 3.9.10 → 3.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/analysis/passes/cleanup-verify-pass.d.ts +28 -0
- package/dist/analysis/passes/cleanup-verify-pass.js +130 -0
- package/dist/analysis/passes/cleanup-verify-pass.js.map +1 -0
- package/dist/analysis/passes/missing-guard-dom-pass.d.ts +25 -0
- package/dist/analysis/passes/missing-guard-dom-pass.js +99 -0
- package/dist/analysis/passes/missing-guard-dom-pass.js.map +1 -0
- package/dist/analysis/passes/missing-override-pass.d.ts +27 -0
- package/dist/analysis/passes/missing-override-pass.js +110 -0
- package/dist/analysis/passes/missing-override-pass.js.map +1 -0
- package/dist/analysis/passes/sink-filter-pass.js +81 -8
- package/dist/analysis/passes/sink-filter-pass.js.map +1 -1
- package/dist/analysis/passes/taint-matcher-pass.js +6 -1
- package/dist/analysis/passes/taint-matcher-pass.js.map +1 -1
- package/dist/analysis/passes/taint-propagation-pass.js +2 -3
- package/dist/analysis/passes/taint-propagation-pass.js.map +1 -1
- package/dist/analysis/passes/unused-interface-method-pass.d.ts +27 -0
- package/dist/analysis/passes/unused-interface-method-pass.js +62 -0
- package/dist/analysis/passes/unused-interface-method-pass.js.map +1 -0
- package/dist/analysis/taint-matcher.d.ts +2 -1
- package/dist/analysis/taint-matcher.js +9 -5
- package/dist/analysis/taint-matcher.js.map +1 -1
- package/dist/analyzer.d.ts +5 -1
- package/dist/analyzer.js +13 -1
- package/dist/analyzer.js.map +1 -1
- package/dist/browser/circle-ir.js +1029 -16
- package/dist/core/circle-ir-core.cjs +8 -5
- package/dist/core/circle-ir-core.js +8 -5
- package/package.json +1 -1
|
@@ -10365,9 +10365,9 @@ var PYTHON_TAINTED_PATTERNS = [
|
|
|
10365
10365
|
{ pattern: /\brequest\.query_params\b/, sourceType: "http_param" },
|
|
10366
10366
|
{ pattern: /\brequest\.path_params\b/, sourceType: "http_param" }
|
|
10367
10367
|
];
|
|
10368
|
-
function analyzeTaint(calls, types, config = getDefaultConfig()) {
|
|
10368
|
+
function analyzeTaint(calls, types, config = getDefaultConfig(), typeHierarchy) {
|
|
10369
10369
|
const sources = findSources(calls, types, config.sources);
|
|
10370
|
-
const sinks = findSinks(calls, config.sinks);
|
|
10370
|
+
const sinks = findSinks(calls, config.sinks, typeHierarchy);
|
|
10371
10371
|
const sanitizers = findSanitizers(calls, types, config.sanitizers);
|
|
10372
10372
|
return { sources, sinks, sanitizers };
|
|
10373
10373
|
}
|
|
@@ -10573,11 +10573,11 @@ function isParameterizedQueryCall(call, pattern) {
|
|
|
10573
10573
|
}
|
|
10574
10574
|
return false;
|
|
10575
10575
|
}
|
|
10576
|
-
function findSinks(calls, patterns) {
|
|
10576
|
+
function findSinks(calls, patterns, typeHierarchy) {
|
|
10577
10577
|
const sinkMap = /* @__PURE__ */ new Map();
|
|
10578
10578
|
for (const call of calls) {
|
|
10579
10579
|
for (const pattern of patterns) {
|
|
10580
|
-
if (matchesSinkPattern(call, pattern)) {
|
|
10580
|
+
if (matchesSinkPattern(call, pattern, typeHierarchy)) {
|
|
10581
10581
|
if (isParameterizedQueryCall(call, pattern)) {
|
|
10582
10582
|
continue;
|
|
10583
10583
|
}
|
|
@@ -10669,7 +10669,7 @@ function isJavaScriptTaintedArgument(argExpression, sourcePatterns) {
|
|
|
10669
10669
|
}
|
|
10670
10670
|
return { isTainted: false, sourceType: null };
|
|
10671
10671
|
}
|
|
10672
|
-
function matchesSinkPattern(call, pattern) {
|
|
10672
|
+
function matchesSinkPattern(call, pattern, typeHierarchy) {
|
|
10673
10673
|
const callMethodName = call.method_name;
|
|
10674
10674
|
const patternMethod = pattern.method;
|
|
10675
10675
|
let methodMatches = callMethodName === patternMethod;
|
|
@@ -10685,6 +10685,9 @@ function matchesSinkPattern(call, pattern) {
|
|
|
10685
10685
|
return true;
|
|
10686
10686
|
}
|
|
10687
10687
|
if (call.receiver && !receiverMightBeClass(call.receiver, pattern.class)) {
|
|
10688
|
+
if (typeHierarchy && typeHierarchy.couldBeType(call.receiver, pattern.class)) {
|
|
10689
|
+
return true;
|
|
10690
|
+
}
|
|
10688
10691
|
return false;
|
|
10689
10692
|
}
|
|
10690
10693
|
if (!call.receiver) {
|
|
@@ -10300,9 +10300,9 @@ var PYTHON_TAINTED_PATTERNS = [
|
|
|
10300
10300
|
{ pattern: /\brequest\.query_params\b/, sourceType: "http_param" },
|
|
10301
10301
|
{ pattern: /\brequest\.path_params\b/, sourceType: "http_param" }
|
|
10302
10302
|
];
|
|
10303
|
-
function analyzeTaint(calls, types, config = getDefaultConfig()) {
|
|
10303
|
+
function analyzeTaint(calls, types, config = getDefaultConfig(), typeHierarchy) {
|
|
10304
10304
|
const sources = findSources(calls, types, config.sources);
|
|
10305
|
-
const sinks = findSinks(calls, config.sinks);
|
|
10305
|
+
const sinks = findSinks(calls, config.sinks, typeHierarchy);
|
|
10306
10306
|
const sanitizers = findSanitizers(calls, types, config.sanitizers);
|
|
10307
10307
|
return { sources, sinks, sanitizers };
|
|
10308
10308
|
}
|
|
@@ -10508,11 +10508,11 @@ function isParameterizedQueryCall(call, pattern) {
|
|
|
10508
10508
|
}
|
|
10509
10509
|
return false;
|
|
10510
10510
|
}
|
|
10511
|
-
function findSinks(calls, patterns) {
|
|
10511
|
+
function findSinks(calls, patterns, typeHierarchy) {
|
|
10512
10512
|
const sinkMap = /* @__PURE__ */ new Map();
|
|
10513
10513
|
for (const call of calls) {
|
|
10514
10514
|
for (const pattern of patterns) {
|
|
10515
|
-
if (matchesSinkPattern(call, pattern)) {
|
|
10515
|
+
if (matchesSinkPattern(call, pattern, typeHierarchy)) {
|
|
10516
10516
|
if (isParameterizedQueryCall(call, pattern)) {
|
|
10517
10517
|
continue;
|
|
10518
10518
|
}
|
|
@@ -10604,7 +10604,7 @@ function isJavaScriptTaintedArgument(argExpression, sourcePatterns) {
|
|
|
10604
10604
|
}
|
|
10605
10605
|
return { isTainted: false, sourceType: null };
|
|
10606
10606
|
}
|
|
10607
|
-
function matchesSinkPattern(call, pattern) {
|
|
10607
|
+
function matchesSinkPattern(call, pattern, typeHierarchy) {
|
|
10608
10608
|
const callMethodName = call.method_name;
|
|
10609
10609
|
const patternMethod = pattern.method;
|
|
10610
10610
|
let methodMatches = callMethodName === patternMethod;
|
|
@@ -10620,6 +10620,9 @@ function matchesSinkPattern(call, pattern) {
|
|
|
10620
10620
|
return true;
|
|
10621
10621
|
}
|
|
10622
10622
|
if (call.receiver && !receiverMightBeClass(call.receiver, pattern.class)) {
|
|
10623
|
+
if (typeHierarchy && typeHierarchy.couldBeType(call.receiver, pattern.class)) {
|
|
10624
|
+
return true;
|
|
10625
|
+
}
|
|
10623
10626
|
return false;
|
|
10624
10627
|
}
|
|
10625
10628
|
if (!call.receiver) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "circle-ir",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.11.0",
|
|
4
4
|
"description": "High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.js",
|