circle-ir 3.9.8 → 3.11.0

package/dist/core/circle-ir-core.cjs

@@ -10365,9 +10365,9 @@ var PYTHON_TAINTED_PATTERNS = [
   { pattern: /\brequest\.query_params\b/, sourceType: "http_param" },
   { pattern: /\brequest\.path_params\b/, sourceType: "http_param" }
 ];
-function analyzeTaint(calls, types, config = getDefaultConfig()) {
+function analyzeTaint(calls, types, config = getDefaultConfig(), typeHierarchy) {
   const sources = findSources(calls, types, config.sources);
-  const sinks = findSinks(calls, config.sinks);
+  const sinks = findSinks(calls, config.sinks, typeHierarchy);
   const sanitizers = findSanitizers(calls, types, config.sanitizers);
   return { sources, sinks, sanitizers };
 }
@@ -10573,11 +10573,11 @@ function isParameterizedQueryCall(call, pattern) {
   }
   return false;
 }
-function findSinks(calls, patterns) {
+function findSinks(calls, patterns, typeHierarchy) {
   const sinkMap = /* @__PURE__ */ new Map();
   for (const call of calls) {
     for (const pattern of patterns) {
-      if (matchesSinkPattern(call, pattern)) {
+      if (matchesSinkPattern(call, pattern, typeHierarchy)) {
         if (isParameterizedQueryCall(call, pattern)) {
           continue;
         }
@@ -10591,7 +10591,8 @@ function findSinks(calls, patterns) {
             cwe: pattern.cwe,
             location,
             line: call.location.line,
-            confidence
+            confidence,
+            method: call.method_name
           });
         }
       }
@@ -10668,7 +10669,7 @@ function isJavaScriptTaintedArgument(argExpression, sourcePatterns) {
   }
   return { isTainted: false, sourceType: null };
 }
-function matchesSinkPattern(call, pattern) {
+function matchesSinkPattern(call, pattern, typeHierarchy) {
   const callMethodName = call.method_name;
   const patternMethod = pattern.method;
   let methodMatches = callMethodName === patternMethod;
@@ -10684,6 +10685,9 @@ function matchesSinkPattern(call, pattern) {
       return true;
     }
     if (call.receiver && !receiverMightBeClass(call.receiver, pattern.class)) {
+      if (typeHierarchy && typeHierarchy.couldBeType(call.receiver, pattern.class)) {
+        return true;
+      }
       return false;
     }
     if (!call.receiver) {

package/dist/core/circle-ir-core.js

@@ -10300,9 +10300,9 @@ var PYTHON_TAINTED_PATTERNS = [
   { pattern: /\brequest\.query_params\b/, sourceType: "http_param" },
   { pattern: /\brequest\.path_params\b/, sourceType: "http_param" }
 ];
-function analyzeTaint(calls, types, config = getDefaultConfig()) {
+function analyzeTaint(calls, types, config = getDefaultConfig(), typeHierarchy) {
   const sources = findSources(calls, types, config.sources);
-  const sinks = findSinks(calls, config.sinks);
+  const sinks = findSinks(calls, config.sinks, typeHierarchy);
   const sanitizers = findSanitizers(calls, types, config.sanitizers);
   return { sources, sinks, sanitizers };
 }
@@ -10508,11 +10508,11 @@ function isParameterizedQueryCall(call, pattern) {
   }
   return false;
 }
-function findSinks(calls, patterns) {
+function findSinks(calls, patterns, typeHierarchy) {
   const sinkMap = /* @__PURE__ */ new Map();
   for (const call of calls) {
     for (const pattern of patterns) {
-      if (matchesSinkPattern(call, pattern)) {
+      if (matchesSinkPattern(call, pattern, typeHierarchy)) {
         if (isParameterizedQueryCall(call, pattern)) {
           continue;
         }
@@ -10526,7 +10526,8 @@ function findSinks(calls, patterns) {
             cwe: pattern.cwe,
             location,
             line: call.location.line,
-            confidence
+            confidence,
+            method: call.method_name
           });
         }
       }
@@ -10603,7 +10604,7 @@ function isJavaScriptTaintedArgument(argExpression, sourcePatterns) {
   }
   return { isTainted: false, sourceType: null };
 }
-function matchesSinkPattern(call, pattern) {
+function matchesSinkPattern(call, pattern, typeHierarchy) {
   const callMethodName = call.method_name;
   const patternMethod = pattern.method;
   let methodMatches = callMethodName === patternMethod;
@@ -10619,6 +10620,9 @@ function matchesSinkPattern(call, pattern) {
       return true;
     }
     if (call.receiver && !receiverMightBeClass(call.receiver, pattern.class)) {
+      if (typeHierarchy && typeHierarchy.couldBeType(call.receiver, pattern.class)) {
+        return true;
+      }
       return false;
     }
     if (!call.receiver) {

package/dist/graph/exception-flow-graph.d.ts

@@ -0,0 +1,44 @@
+/**
+ * ExceptionFlowGraph — lightweight wrapper over CFG exception edges.
+ *
+ * The CFG builder emits edges with `type === 'exception'` connecting the
+ * first block of a try body (`from`) to the first block of the corresponding
+ * catch handler (`to`).  This class indexes those edges so exception-aware
+ * passes can query try/catch structure without re-scanning the edge list.
+ */
+import type { CFG, CFGBlock } from '../types/index.js';
+export interface TryCatchInfo {
+    tryEntryId: number;
+    catchEntryId: number;
+    /** First block of the try body. */
+    tryBlock: CFGBlock;
+    /** First block of the catch handler. */
+    catchBlock: CFGBlock;
+}
+export declare class ExceptionFlowGraph {
+    /** All try/catch pairs found in the CFG. */
+    readonly pairs: TryCatchInfo[];
+    /** Block IDs that are catch-handler entry blocks. */
+    readonly catchEntryIds: Set<number>;
+    /** Block IDs that are try-body entry blocks. */
+    readonly tryEntryIds: Set<number>;
+    private readonly tryCatchMap;
+    private readonly catchTryMap;
+    constructor(cfg: CFG, blockById: Map<number, CFGBlock>);
+    /** True if at least one try/catch pair was found. */
+    get hasTryCatch(): boolean;
+    /** True if the given block ID is a catch-handler entry block. */
+    isCatchEntry(blockId: number): boolean;
+    /** True if the given block ID is a try-body entry block. */
+    isTryEntry(blockId: number): boolean;
+    /**
+     * Returns the catch-entry block IDs for the given try-entry block.
+     * Multiple values mean multiple catch clauses for the same try.
+     */
+    catchBlocksFor(tryEntryId: number): number[];
+    /**
+     * Returns the try-entry block ID corresponding to a catch-entry block,
+     * or `undefined` if the block is not a catch entry.
+     */
+    tryBlockFor(catchEntryId: number): number | undefined;
+}

package/dist/graph/exception-flow-graph.js

@@ -0,0 +1,75 @@
+/**
+ * ExceptionFlowGraph — lightweight wrapper over CFG exception edges.
+ *
+ * The CFG builder emits edges with `type === 'exception'` connecting the
+ * first block of a try body (`from`) to the first block of the corresponding
+ * catch handler (`to`).  This class indexes those edges so exception-aware
+ * passes can query try/catch structure without re-scanning the edge list.
+ */
+// ---------------------------------------------------------------------------
+// ExceptionFlowGraph
+// ---------------------------------------------------------------------------
+export class ExceptionFlowGraph {
+    /** All try/catch pairs found in the CFG. */
+    pairs;
+    /** Block IDs that are catch-handler entry blocks. */
+    catchEntryIds;
+    /** Block IDs that are try-body entry blocks. */
+    tryEntryIds;
+    tryCatchMap; // tryEntryId → [catchEntryId, …]
+    catchTryMap; // catchEntryId → tryEntryId
+    constructor(cfg, blockById) {
+        this.pairs = [];
+        this.catchEntryIds = new Set();
+        this.tryEntryIds = new Set();
+        this.tryCatchMap = new Map();
+        this.catchTryMap = new Map();
+        for (const edge of cfg.edges) {
+            if (edge.type !== 'exception')
+                continue;
+            const tryBlock = blockById.get(edge.from);
+            const catchBlock = blockById.get(edge.to);
+            if (!tryBlock || !catchBlock)
+                continue;
+            this.tryEntryIds.add(edge.from);
+            this.catchEntryIds.add(edge.to);
+            const catches = this.tryCatchMap.get(edge.from) ?? [];
+            catches.push(edge.to);
+            this.tryCatchMap.set(edge.from, catches);
+            this.catchTryMap.set(edge.to, edge.from);
+            this.pairs.push({
+                tryEntryId: edge.from,
+                catchEntryId: edge.to,
+                tryBlock,
+                catchBlock,
+            });
+        }
+    }
+    /** True if at least one try/catch pair was found. */
+    get hasTryCatch() {
+        return this.pairs.length > 0;
+    }
+    /** True if the given block ID is a catch-handler entry block. */
+    isCatchEntry(blockId) {
+        return this.catchEntryIds.has(blockId);
+    }
+    /** True if the given block ID is a try-body entry block. */
+    isTryEntry(blockId) {
+        return this.tryEntryIds.has(blockId);
+    }
+    /**
+     * Returns the catch-entry block IDs for the given try-entry block.
+     * Multiple values mean multiple catch clauses for the same try.
+     */
+    catchBlocksFor(tryEntryId) {
+        return this.tryCatchMap.get(tryEntryId) ?? [];
+    }
+    /**
+     * Returns the try-entry block ID corresponding to a catch-entry block,
+     * or `undefined` if the block is not a catch entry.
+     */
+    tryBlockFor(catchEntryId) {
+        return this.catchTryMap.get(catchEntryId);
+    }
+}
+//# sourceMappingURL=exception-flow-graph.js.map

package/dist/graph/exception-flow-graph.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exception-flow-graph.js","sourceRoot":"","sources":["../../src/graph/exception-flow-graph.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAiBH,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,MAAM,OAAO,kBAAkB;IAC7B,4CAA4C;IACnC,KAAK,CAAiB;IAE/B,qDAAqD;IAC5C,aAAa,CAAc;IAEpC,gDAAgD;IACvC,WAAW,CAAc;IAEjB,WAAW,CAAwB,CAAC,iCAAiC;IACrE,WAAW,CAAsB,CAAG,4BAA4B;IAEjF,YAAY,GAAQ,EAAE,SAAgC;QACpD,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;QAChB,IAAI,CAAC,aAAa,GAAG,IAAI,GAAG,EAAE,CAAC;QAC/B,IAAI,CAAC,WAAW,GAAG,IAAI,GAAG,EAAE,CAAC;QAC7B,IAAI,CAAC,WAAW,GAAG,IAAI,GAAG,EAAE,CAAC;QAC7B,IAAI,CAAC,WAAW,GAAG,IAAI,GAAG,EAAE,CAAC;QAE7B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YAC7B,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW;gBAAE,SAAS;YAExC,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1C,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC1C,IAAI,CAAC,QAAQ,IAAI,CAAC,UAAU;gBAAE,SAAS;YAEvC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAEhC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACtD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACtB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAEzC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;gBACd,UAAU,EAAE,IAAI,CAAC,IAAI;gBACrB,YAAY,EAAE,IAAI,CAAC,EAAE;gBACrB,QAAQ;gBACR,UAAU;aACX,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;IAC/B,CAAC;IAED,iEAAiE;IACjE,YAAY,CAAC,OAAe;QAC1B,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAED,4DAA4D;IAC5D,UAAU,CAAC,OAAe;QACxB,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,UAAkB;QAC/B,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAChD,CAAC;IAED;;;OAGG;IACH,WAAW,CAAC,YAAoB;QAC9B,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC5C,CAAC;CACF"}

package/dist/graph/index.d.ts

@@ -2,4 +2,5 @@ export { CodeGraph } from './code-graph.js';
 export { ProjectGraph } from './project-graph.js';
 export { ImportGraph } from './import-graph.js';
 export { DominatorGraph } from './dominator-graph.js';
+export { ExceptionFlowGraph, type TryCatchInfo } from './exception-flow-graph.js';
 export { AnalysisPipeline, type AnalysisPass, type PassContext, type PipelineRunResult, } from './analysis-pass.js';

package/dist/graph/index.js

@@ -2,5 +2,6 @@ export { CodeGraph } from './code-graph.js';
 export { ProjectGraph } from './project-graph.js';
 export { ImportGraph } from './import-graph.js';
 export { DominatorGraph } from './dominator-graph.js';
+export { ExceptionFlowGraph } from './exception-flow-graph.js';
 export { AnalysisPipeline, } from './analysis-pass.js';
 //# sourceMappingURL=index.js.map

package/dist/graph/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/graph/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EACL,gBAAgB,GAIjB,MAAM,oBAAoB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/graph/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAqB,MAAM,2BAA2B,CAAC;AAClF,OAAO,EACL,gBAAgB,GAIjB,MAAM,oBAAoB,CAAC"}

package/dist/index.d.ts

@@ -11,6 +11,7 @@ export { extractMeta, extractTypes, extractCalls, extractImports, extractExports
 export { getDefaultConfig, createTaintConfig, analyzeTaint, detectUnresolved, propagateTaint, generateFindings, analyzeConstantPropagation, ConstantPropagator, isKnown, createUnknown, getNodeLine, DEFAULT_SOURCES, DEFAULT_SINKS, DEFAULT_SANITIZERS, type ConstantValue, type ConstantPropagatorResult, type TaintPropagationResult, type TaintedVariable, type TaintFlow, } from './analysis/index.js';
 export { getRuleInfo, RULE_DEFINITIONS, type RuleInfo, } from './analysis/rules.js';
 export { DominatorGraph } from './graph/dominator-graph.js';
+export { ExceptionFlowGraph, type TryCatchInfo } from './graph/exception-flow-graph.js';
 export { TypeHierarchyResolver, createWithJdkTypes, SymbolTable, buildSymbolTable, CrossFileResolver, buildCrossFileResolver, } from './resolution/index.js';
 export { getLanguageRegistry, registerLanguage, getLanguagePlugin, getLanguageForFile, detectLanguage, isLanguageSupported, registerBuiltinPlugins, JavaPlugin, JavaScriptPlugin, PythonPlugin, RustPlugin, BaseLanguagePlugin, } from './languages/index.js';
 export type { LanguagePlugin, LanguageRegistry, LanguageNodeTypes, ExtractionContext, FrameworkInfo, TaintSourcePattern, TaintSinkPattern, } from './languages/index.js';

package/dist/index.js

@@ -15,6 +15,7 @@ export { getDefaultConfig, createTaintConfig, analyzeTaint, detectUnresolved, pr
 export { getRuleInfo, RULE_DEFINITIONS, } from './analysis/rules.js';
 // Graph utilities
 export { DominatorGraph } from './graph/dominator-graph.js';
+export { ExceptionFlowGraph } from './graph/exception-flow-graph.js';
 // Resolution utilities
 export { TypeHierarchyResolver, createWithJdkTypes, SymbolTable, buildSymbolTable, CrossFileResolver, buildCrossFileResolver, } from './resolution/index.js';
 // Language plugins

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,gBAAgB;AAChB,OAAO,EACL,YAAY,EACZ,OAAO,EACP,aAAa,EACb,cAAc,EACd,qBAAqB,EACrB,aAAa,GAEd,MAAM,eAAe,CAAC;AAuEvB,sCAAsC;AACtC,OAAO,EACL,UAAU,EACV,KAAK,EACL,QAAQ,EACR,SAAS,EACT,YAAY,EACZ,WAAW,EACX,eAAe,GAMhB,MAAM,iBAAiB,CAAC;AAEzB,kBAAkB;AAClB,OAAO,EACL,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,cAAc,EACd,QAAQ,EACR,QAAQ,GACT,MAAM,iBAAiB,CAAC;AAEzB,qBAAqB;AACrB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,0BAA0B,EAC1B,kBAAkB,EAClB,OAAO,EACP,aAAa,EACb,WAAW,EACX,eAAe,EACf,aAAa,EACb,kBAAkB,GAMnB,MAAM,qBAAqB,CAAC;AAE7B,mBAAmB;AACnB,OAAO,EACL,WAAW,EACX,gBAAgB,GAEjB,MAAM,qBAAqB,CAAC;AAE7B,kBAAkB;AAClB,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAE5D,uBAAuB;AACvB,OAAO,EACL,qBAAqB,EACrB,kBAAkB,EAClB,WAAW,EACX,gBAAgB,EAChB,iBAAiB,EACjB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAE/B,mBAAmB;AACnB,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACd,mBAAmB,EACnB,sBAAsB,EACtB,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAY9B,gCAAgC;AAChC,OAAO,EACL,MAAM,EACN,SAAS,EACT,eAAe,EACf,WAAW,EACX,WAAW,GAIZ,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,gBAAgB;AAChB,OAAO,EACL,YAAY,EACZ,OAAO,EACP,aAAa,EACb,cAAc,EACd,qBAAqB,EACrB,aAAa,GAEd,MAAM,eAAe,CAAC;AAuEvB,sCAAsC;AACtC,OAAO,EACL,UAAU,EACV,KAAK,EACL,QAAQ,EACR,SAAS,EACT,YAAY,EACZ,WAAW,EACX,eAAe,GAMhB,MAAM,iBAAiB,CAAC;AAEzB,kBAAkB;AAClB,OAAO,EACL,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,cAAc,EACd,QAAQ,EACR,QAAQ,GACT,MAAM,iBAAiB,CAAC;AAEzB,qBAAqB;AACrB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,0BAA0B,EAC1B,kBAAkB,EAClB,OAAO,EACP,aAAa,EACb,WAAW,EACX,eAAe,EACf,aAAa,EACb,kBAAkB,GAMnB,MAAM,qBAAqB,CAAC;AAE7B,mBAAmB;AACnB,OAAO,EACL,WAAW,EACX,gBAAgB,GAEjB,MAAM,qBAAqB,CAAC;AAE7B,kBAAkB;AAClB,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAqB,MAAM,iCAAiC,CAAC;AAExF,uBAAuB;AACvB,OAAO,EACL,qBAAqB,EACrB,kBAAkB,EAClB,WAAW,EACX,gBAAgB,EAChB,iBAAiB,EACjB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAE/B,mBAAmB;AACnB,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACd,mBAAmB,EACnB,sBAAsB,EACtB,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAY9B,gCAAgC;AAChC,OAAO,EACL,MAAM,EACN,SAAS,EACT,eAAe,EACf,WAAW,EACX,WAAW,GAIZ,MAAM,mBAAmB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "circle-ir",
-  "version": "3.9.8",
+  "version": "3.11.0",
   "description": "High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis",
   "main": "dist/index.js",
   "module": "dist/index.js",