cognium-dev 3.23.4 → 3.25.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/cli.js +43 -12
  2. package/package.json +2 -2
package/dist/cli.js CHANGED
@@ -3325,8 +3325,7 @@ async function loadLanguage(language, wasmPath) {
3325
3325
  if (loading) {
3326
3326
  return loading;
3327
3327
  }
3328
- const grammarName = language === "typescript" ? "javascript" : language;
3329
- const wasmModule = configuredLanguageModules[language] ?? configuredLanguageModules[grammarName];
3328
+ const wasmModule = configuredLanguageModules[language];
3330
3329
  if (wasmModule) {
3331
3330
  const loadPromise2 = (async () => {
3332
3331
  const lang = await Language.load(wasmModule);
@@ -3425,20 +3424,19 @@ async function getDefaultWasmPath() {
3425
3424
  return "node_modules/web-tree-sitter/web-tree-sitter.wasm";
3426
3425
  }
3427
3426
  async function getDefaultLanguagePath(language) {
3428
- const grammarName = language === "typescript" ? "javascript" : language;
3429
3427
  const mods = await getNodeModules();
3430
3428
  if (mods && moduleDir) {
3431
3429
  const packageRoot = mods.join(moduleDir, "..", "..");
3432
- const distWasmPath = mods.join(packageRoot, "dist", "wasm", `tree-sitter-${grammarName}.wasm`);
3430
+ const distWasmPath = mods.join(packageRoot, "dist", "wasm", `tree-sitter-${language}.wasm`);
3433
3431
  if (mods.existsSync(distWasmPath)) {
3434
3432
  return distWasmPath;
3435
3433
  }
3436
- const packageWasmPath = mods.join(packageRoot, "wasm", `tree-sitter-${grammarName}.wasm`);
3434
+ const packageWasmPath = mods.join(packageRoot, "wasm", `tree-sitter-${language}.wasm`);
3437
3435
  if (mods.existsSync(packageWasmPath)) {
3438
3436
  return packageWasmPath;
3439
3437
  }
3440
3438
  }
3441
- return `wasm/tree-sitter-${grammarName}.wasm`;
3439
+ return `wasm/tree-sitter-${language}.wasm`;
3442
3440
  }
3443
3441
  // ../circle-ir/dist/core/extractors/meta.js
3444
3442
  function extractMeta(code, tree, filePath, language) {
@@ -4162,6 +4160,32 @@ function extractJSParameters(params) {
4162
4160
  annotations: [],
4163
4161
  line: child.startPosition.row + 1
4164
4162
  });
4163
+ } else if (child.type === "required_parameter" || child.type === "optional_parameter") {
4164
+ const patternNode = child.childForFieldName("pattern");
4165
+ if (!patternNode)
4166
+ continue;
4167
+ let paramName;
4168
+ if (patternNode.type === "identifier") {
4169
+ paramName = getNodeText(patternNode);
4170
+ } else if (patternNode.type === "rest_pattern" || patternNode.type === "rest_element") {
4171
+ const inner = patternNode.namedChildCount > 0 ? patternNode.namedChild(0) : null;
4172
+ if (!inner)
4173
+ continue;
4174
+ paramName = "..." + getNodeText(inner);
4175
+ } else {
4176
+ paramName = getNodeText(patternNode);
4177
+ }
4178
+ const typeNode = child.childForFieldName("type");
4179
+ let paramType = null;
4180
+ if (typeNode) {
4181
+ paramType = getNodeText(typeNode).replace(/^:\s*/, "");
4182
+ }
4183
+ parameters.push({
4184
+ name: paramName,
4185
+ type: paramType,
4186
+ annotations: [],
4187
+ line: child.startPosition.row + 1
4188
+ });
4165
4189
  }
4166
4190
  }
4167
4191
  return parameters;
@@ -17343,16 +17367,23 @@ class PythonPlugin extends BaseLanguagePlugin {
17343
17367
  argPositions: [0]
17344
17368
  },
17345
17369
  {
17346
- method: "safe_load",
17370
+ method: "load",
17347
17371
  class: "yaml",
17348
17372
  type: "deserialization",
17349
17373
  cwe: "CWE-502",
17350
- severity: "high",
17351
- argPositions: [0],
17352
- sanitizes: ["yaml_unsafe"]
17374
+ severity: "critical",
17375
+ argPositions: [0]
17353
17376
  },
17354
17377
  {
17355
- method: "load",
17378
+ method: "unsafe_load",
17379
+ class: "yaml",
17380
+ type: "deserialization",
17381
+ cwe: "CWE-502",
17382
+ severity: "critical",
17383
+ argPositions: [0]
17384
+ },
17385
+ {
17386
+ method: "full_load",
17356
17387
  class: "yaml",
17357
17388
  type: "deserialization",
17358
17389
  cwe: "CWE-502",
@@ -25735,7 +25766,7 @@ var colors = {
25735
25766
  };
25736
25767
 
25737
25768
  // src/version.ts
25738
- var version = "3.23.4";
25769
+ var version = "3.25.0";
25739
25770
 
25740
25771
  // src/formatters.ts
25741
25772
  var SINK_SEVERITY = {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cognium-dev",
3
- "version": "3.23.4",
3
+ "version": "3.25.0",
4
4
  "description": "Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -65,7 +65,7 @@
65
65
  "registry": "https://registry.npmjs.org/"
66
66
  },
67
67
  "dependencies": {
68
- "circle-ir": "^3.23.4"
68
+ "circle-ir": "^3.25.0"
69
69
  },
70
70
  "devDependencies": {
71
71
  "@types/node": "^25.5.0",