cognium-dev 3.27.1 → 3.30.0

package/dist/cli.js

@@ -3261,6 +3261,7 @@ var parserInitialized = false;
 var parserInitializing = null;
 var loadedLanguages = new Map;
 var loadingLanguages = new Map;
+var cachedParsers = new Map;
 var configuredLanguagePaths = {};
 var configuredLanguageModules = {};
 async function initParser(options = {}) {
@@ -3330,9 +3331,14 @@ async function loadLanguage(language, wasmPath) {
   return loadPromise;
 }
 async function createParser(language) {
+  const cached = cachedParsers.get(language);
+  if (cached) {
+    return cached;
+  }
   const lang = await loadLanguage(language);
   const parser = new Parser;
   parser.setLanguage(lang);
+  cachedParsers.set(language, parser);
   return parser;
 }
 async function parse(code, language) {
@@ -3343,6 +3349,13 @@ async function parse(code, language) {
   }
   return tree;
 }
+function disposeTree(tree) {
+  if (!tree)
+    return;
+  try {
+    tree.delete();
+  } catch {}
+}
 function walkTree(node, visitor) {
   visitor(node);
   for (let i2 = 0;i2 < node.childCount; i2++) {
@@ -8997,6 +9010,9 @@ var DEFAULT_SOURCES = [
   { method: "getContextPath", class: "HttpServletRequest", type: "http_path", severity: "medium", return_tainted: true },
   { method: "getRemoteHost", class: "HttpServletRequest", type: "http_header", severity: "medium", return_tainted: true },
   { method: "getRemoteAddr", class: "HttpServletRequest", type: "http_header", severity: "medium", return_tainted: true },
+  { method: "getPathWithinApplication", class: "WebUtils", type: "http_path", severity: "high", return_tainted: true },
+  { method: "getRequestUri", class: "WebUtils", type: "http_path", severity: "high", return_tainted: true },
+  { method: "decodeRequestString", class: "WebUtils", type: "http_path", severity: "high", return_tainted: true },
   { method: "getProtocol", class: "HttpServletRequest", type: "http_header", severity: "medium", return_tainted: true },
   { method: "getScheme", class: "HttpServletRequest", type: "http_header", severity: "medium", return_tainted: true },
   { method: "getAuthType", class: "HttpServletRequest", type: "http_header", severity: "medium", return_tainted: true },
@@ -9294,7 +9310,6 @@ var DEFAULT_SINKS = [
   { method: "start", class: "ProcessBuilder", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [] },
   { method: "ProcessBuilder", class: "constructor", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "command", class: "ProcessBuilder", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
-  { method: "execute", class: "Executor", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "execute", class: "DefaultExecutor", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "CommandLine", class: "constructor", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "parse", class: "CommandLine", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
@@ -9347,15 +9362,14 @@ var DEFAULT_SINKS = [
   { method: "fork", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "popen", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "system", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
-  { method: "execute", class: "Executor", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
-  { method: "setCommandline", class: "Executor", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
+  { method: "setCommandline", class: "DefaultExecutor", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "parse", class: "CommandLine", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "addArgument", class: "CommandLine", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "waitFor", class: "Process", type: "command_injection", cwe: "CWE-78", severity: "medium", arg_positions: [] },
   { method: "inheritIO", class: "ProcessBuilder", type: "command_injection", cwe: "CWE-78", severity: "medium", arg_positions: [] },
   { method: "redirectOutput", class: "ProcessBuilder", type: "command_injection", cwe: "CWE-78", severity: "medium", arg_positions: [0] },
   { method: "redirectInput", class: "ProcessBuilder", type: "command_injection", cwe: "CWE-78", severity: "medium", arg_positions: [0] },
-  { method: "File", class: "constructor", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
+  { method: "File", class: "constructor", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0, 1] },
   { method: "FileInputStream", class: "constructor", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "FileOutputStream", class: "constructor", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "FileReader", class: "constructor", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
@@ -9828,10 +9842,10 @@ var DEFAULT_SINKS = [
   { method: "spawn", class: "child_process", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "spawnSync", class: "child_process", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "exec", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
-  { method: "execSync", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
-  { method: "spawn", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
-  { method: "spawnSync", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
-  { method: "execFile", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0] },
+  { method: "execSync", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
+  { method: "spawn", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
+  { method: "spawnSync", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
+  { method: "execFile", type: "command_injection", cwe: "CWE-78", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
   { method: "readFile", class: "fs", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0] },
   { method: "readFileSync", class: "fs", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0] },
   { method: "writeFile", class: "fs", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0] },
@@ -9842,17 +9856,17 @@ var DEFAULT_SINKS = [
   { method: "rmdir", class: "fs", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0] },
   { method: "createReadStream", class: "fs", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0] },
   { method: "createWriteStream", class: "fs", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0] },
-  { method: "query", class: "Connection", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "query", class: "Pool", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "query", class: "Client", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "raw", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0] },
+  { method: "query", class: "Connection", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["javascript", "typescript"] },
+  { method: "query", class: "Pool", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["javascript", "typescript"] },
+  { method: "query", class: "Client", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["javascript", "typescript"] },
+  { method: "raw", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
   { method: "setAttribute", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [1] },
   { method: "send", class: "Response", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
   { method: "write", class: "Response", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
   { method: "end", class: "Response", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
   { method: "html", class: "Response", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
   { method: "render", class: "Response", type: "xss", cwe: "CWE-79", severity: "medium", arg_positions: [1] },
-  { method: "eval", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
+  { method: "eval", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0], languages: ["javascript", "typescript"] },
   { method: "Function", class: "constructor", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
   { method: "runInContext", class: "vm", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
   { method: "runInNewContext", class: "vm", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
@@ -9866,7 +9880,7 @@ var DEFAULT_SINKS = [
   { method: "get", class: "axios", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   { method: "post", class: "axios", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   { method: "request", class: "axios", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
-  { method: "fetch", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
+  { method: "fetch", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
   { method: "request", class: "http", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   { method: "get", class: "http", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   { method: "request", class: "https", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
@@ -9886,39 +9900,39 @@ var DEFAULT_SINKS = [
   { method: "check_output", class: "subprocess", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "check_call", class: "subprocess", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "Popen", class: "subprocess", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
-  { method: "eval", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
-  { method: "exec", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
-  { method: "compile", type: "code_injection", cwe: "CWE-94", severity: "high", arg_positions: [0] },
-  { method: "__import__", type: "code_injection", cwe: "CWE-94", severity: "high", arg_positions: [0] },
+  { method: "eval", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0], languages: ["python"] },
+  { method: "exec", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0], languages: ["python"] },
+  { method: "compile", type: "code_injection", cwe: "CWE-94", severity: "high", arg_positions: [0], languages: ["python"] },
+  { method: "__import__", type: "code_injection", cwe: "CWE-94", severity: "high", arg_positions: [0], languages: ["python"] },
   { method: "loads", class: "pickle", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
   { method: "load", class: "pickle", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
   { method: "loads", class: "marshal", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
   { method: "load", class: "yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
   { method: "loads", class: "yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
-  { method: "execute", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "executemany", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "raw", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "extra", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0] },
-  { method: "open", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
+  { method: "execute", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["python"] },
+  { method: "executemany", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["python"] },
+  { method: "raw", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["python"] },
+  { method: "extra", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0], languages: ["python"] },
+  { method: "open", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0], languages: ["python"] },
   { method: "remove", class: "os", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "unlink", class: "os", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "rmdir", class: "os", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "rmtree", class: "shutil", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0] },
-  { method: "send_file", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
-  { method: "render_template_string", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
-  { method: "Markup", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
-  { method: "mark_safe", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0] },
+  { method: "send_file", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0], languages: ["python"] },
+  { method: "render_template_string", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0], languages: ["python"] },
+  { method: "Markup", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0], languages: ["python"] },
+  { method: "mark_safe", type: "xss", cwe: "CWE-79", severity: "high", arg_positions: [0], languages: ["python"] },
   { method: "get", class: "requests", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   { method: "post", class: "requests", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
   { method: "urlopen", class: "urllib.request", type: "ssrf", cwe: "CWE-918", severity: "high", arg_positions: [0] },
-  { method: "redirect", type: "open_redirect", cwe: "CWE-601", severity: "medium", arg_positions: [0] },
-  { method: "xpath", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [0] },
+  { method: "redirect", type: "open_redirect", cwe: "CWE-601", severity: "medium", arg_positions: [0], languages: ["python"] },
+  { method: "xpath", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [0], languages: ["python"] },
   { method: "find", class: "etree", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [0] },
   { method: "findall", class: "etree", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [0] },
   { method: "iterfind", class: "etree", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [0] },
   { method: "XPath", class: "lxml", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [0] },
   { method: "select", class: "elementpath", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [1] },
-  { method: "select", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [0] },
+  { method: "select", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [0], languages: ["python"] },
   { method: "iter_select", class: "elementpath", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [1] },
   { method: "Selector", class: "elementpath", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [0] },
   { method: "parse", class: "etree", type: "xxe", cwe: "CWE-611", severity: "high", arg_positions: [0] },
@@ -9984,33 +9998,33 @@ var DEFAULT_SINKS = [
   { method: "new", class: "Command", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "arg", class: "Command", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
   { method: "args", class: "Command", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
-  { method: "query", class: "Client", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "execute", class: "Client", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "query", class: "Pool", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "execute", class: "Pool", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "sql_query", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "raw_sql", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "execute", class: "Connection", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "query_row", class: "Connection", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "prepare", class: "Connection", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
+  { method: "query", class: "Client", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["rust"] },
+  { method: "execute", class: "Client", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["rust"] },
+  { method: "query", class: "Pool", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["rust"] },
+  { method: "execute", class: "Pool", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["rust"] },
+  { method: "sql_query", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["rust"] },
+  { method: "raw_sql", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["rust"] },
+  { method: "execute", class: "Connection", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["rust"] },
+  { method: "query_row", class: "Connection", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["rust"] },
+  { method: "prepare", class: "Connection", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["rust"] },
   { method: "query", class: "sqlx", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "prepare", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "execute", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
-  { method: "query_map", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0] },
+  { method: "prepare", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["rust"] },
+  { method: "execute", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["rust"] },
+  { method: "query_map", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["rust"] },
   { method: "open", class: "File", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "create", class: "File", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
-  { method: "read_dir", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
-  { method: "remove_file", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
-  { method: "remove_dir", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
-  { method: "remove_dir_all", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0] },
-  { method: "copy", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0, 1] },
-  { method: "rename", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0, 1] },
-  { method: "write", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
-  { method: "read_to_string", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
-  { method: "create_dir", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
-  { method: "create_dir_all", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
-  { method: "metadata", type: "path_traversal", cwe: "CWE-22", severity: "medium", arg_positions: [0] },
-  { method: "symlink_metadata", type: "path_traversal", cwe: "CWE-22", severity: "medium", arg_positions: [0] },
+  { method: "read_dir", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0], languages: ["rust"] },
+  { method: "remove_file", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0], languages: ["rust"] },
+  { method: "remove_dir", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0], languages: ["rust"] },
+  { method: "remove_dir_all", type: "path_traversal", cwe: "CWE-22", severity: "critical", arg_positions: [0], languages: ["rust"] },
+  { method: "copy", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0, 1], languages: ["rust"] },
+  { method: "rename", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0, 1], languages: ["rust"] },
+  { method: "write", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0], languages: ["rust"] },
+  { method: "read_to_string", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0], languages: ["rust"] },
+  { method: "create_dir", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0], languages: ["rust"] },
+  { method: "create_dir_all", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0], languages: ["rust"] },
+  { method: "metadata", type: "path_traversal", cwe: "CWE-22", severity: "medium", arg_positions: [0], languages: ["rust"] },
+  { method: "symlink_metadata", type: "path_traversal", cwe: "CWE-22", severity: "medium", arg_positions: [0], languages: ["rust"] },
   { method: "read_to_string", class: "fs", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "write", class: "fs", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
   { method: "create_dir_all", class: "fs", type: "path_traversal", cwe: "CWE-22", severity: "high", arg_positions: [0] },
@@ -10292,9 +10306,9 @@ var PYTHON_TAINTED_PATTERNS = [
   { pattern: /\brequest\.query_params\b/, sourceType: "http_param" },
   { pattern: /\brequest\.path_params\b/, sourceType: "http_param" }
 ];
-function analyzeTaint(calls, types, config = getDefaultConfig(), typeHierarchy) {
+function analyzeTaint(calls, types, config = getDefaultConfig(), typeHierarchy, language) {
   const sources = findSources(calls, types, config.sources);
-  const sinks = findSinks(calls, config.sinks, typeHierarchy);
+  const sinks = findSinks(calls, config.sinks, typeHierarchy, language);
   const sanitizers = findSanitizers(calls, types, config.sanitizers);
   return { sources, sinks, sanitizers };
 }
@@ -10541,11 +10555,11 @@ function isParameterizedQueryCall(call, pattern) {
   }
   return false;
 }
-function findSinks(calls, patterns, typeHierarchy) {
+function findSinks(calls, patterns, typeHierarchy, language) {
   const sinkMap = new Map;
   for (const call of calls) {
     for (const pattern of patterns) {
-      if (matchesSinkPattern(call, pattern, typeHierarchy)) {
+      if (matchesSinkPattern(call, pattern, typeHierarchy, language)) {
         if (isParameterizedQueryCall(call, pattern)) {
           continue;
         }
@@ -10793,7 +10807,12 @@ function isKnownSafeReceiverForMethod(receiver, method, sinkType) {
   }
   return false;
 }
-function matchesSinkPattern(call, pattern, typeHierarchy) {
+function matchesSinkPattern(call, pattern, typeHierarchy, language) {
+  if (pattern.languages && pattern.languages.length > 0 && language !== undefined) {
+    if (!pattern.languages.includes(language)) {
+      return false;
+    }
+  }
   const callMethodName = call.method_name;
   const patternMethod = pattern.method;
   let methodMatches = callMethodName === patternMethod;
@@ -10897,17 +10916,29 @@ function receiverMightBeClass(receiver, className) {
       }
     }
   }
-  if (lowerReceiver.length >= 3 && lowerClass.includes(lowerReceiver)) {
+  const ambiguousIdentifiers = new Set([
+    "executor",
+    "pool",
+    "connection",
+    "manager",
+    "handler",
+    "controller",
+    "task",
+    "thread",
+    "job"
+  ]);
+  const isAmbiguous = ambiguousIdentifiers.has(lowerReceiver);
+  if (!isAmbiguous && lowerReceiver.length >= 3 && lowerClass.includes(lowerReceiver)) {
     if (lowerReceiver.length >= 5 || lowerReceiver.length / lowerClass.length >= 0.4) {
       return true;
     }
   }
-  if (lowerReceiver.length >= 2) {
+  if (!isAmbiguous && lowerReceiver.length >= 2) {
     if (lowerClass.startsWith(lowerReceiver) || lowerClass.endsWith(lowerReceiver)) {
       return true;
     }
   }
-  if (lowerReceiver.length >= 3) {
+  if (!isAmbiguous && lowerReceiver.length >= 3) {
     const words = className.replace(/([a-z])([A-Z])/g, "$1\x00$2").toLowerCase().split("\x00");
     for (const word of words) {
       if (word.startsWith(lowerReceiver) && lowerReceiver.length / word.length >= 0.4) {
@@ -11738,6 +11769,9 @@ var ANTI_SANITIZER_METHODS = new Set([
   "unescapeEcmaScript",
   "unescapeJson",
   "unescapeJava",
+  "getPathWithinApplication",
+  "getRequestUri",
+  "decodeRequestString",
   "unescape",
   "decompress"
 ]);
@@ -11755,7 +11789,10 @@ var PROPAGATOR_METHODS = new Set([
   "format",
   "join",
   "concat",
-  "requireNonNull"
+  "requireNonNull",
+  "getPathWithinApplication",
+  "getRequestUri",
+  "decodeRequestString"
 ]);
 
 // ../circle-ir/dist/analysis/constant-propagation/propagator.js
@@ -18301,7 +18338,7 @@ class TaintMatcherPass {
     }
     const hierarchy = createWithJdkTypes();
     hierarchy.addFromIR(graph.ir, graph.ir.meta.file);
-    const taint = analyzeTaint(calls, types, mergedConfig, hierarchy);
+    const taint = analyzeTaint(calls, types, mergedConfig, hierarchy, language);
     const sanitizerMethods = [];
     for (const type of types) {
       for (const method of type.methods) {
@@ -25761,194 +25798,202 @@ async function analyze(code, filePath, language, options = {}) {
   }
   logger.debug("Analyzing file", { filePath, language, codeLength: code.length });
   const tree = await parse(code, language);
-  logger.trace("Parsed AST", { rootNodeType: tree.rootNode.type });
-  const nodeCache = collectAllNodes(tree.rootNode, getNodeTypesForLanguage(language));
-  const meta = extractMeta(code, tree, filePath, language);
-  const types = extractTypes(tree, nodeCache, language);
-  const calls = extractCalls(tree, nodeCache, language);
-  const imports = extractImports(tree, language);
-  const exports = extractExports(types);
-  const cfg = buildCFG(tree, language);
-  const dfg = buildDFG(tree, nodeCache, language);
-  const graph = new CodeGraph({
-    meta,
-    types,
-    calls,
-    cfg,
-    dfg,
-    taint: { sources: [], sinks: [], sanitizers: [] },
-    imports,
-    exports,
-    unresolved: [],
-    enriched: {}
-  });
-  const config = options.taintConfig ?? getDefaultConfig();
-  const disabledPasses = new Set(options.disabledPasses ?? []);
-  const passOpts = options.passOptions ?? {};
-  const pipeline = new AnalysisPipeline;
-  pipeline.add(new TaintMatcherPass);
-  pipeline.add(new ConstantPropagationPass(tree));
-  pipeline.add(new LanguageSourcesPass);
-  pipeline.add(new SinkFilterPass);
-  pipeline.add(new TaintPropagationPass);
-  pipeline.add(new InterproceduralPass);
-  if (!disabledPasses.has("scan-secrets"))
-    pipeline.add(new ScanSecretsPass);
-  if (!disabledPasses.has("dead-code"))
-    pipeline.add(new DeadCodePass);
-  if (!disabledPasses.has("missing-await"))
-    pipeline.add(new MissingAwaitPass);
-  if (!disabledPasses.has("n-plus-one"))
-    pipeline.add(new NPlusOnePass);
-  if (!disabledPasses.has("missing-public-doc"))
-    pipeline.add(new MissingPublicDocPass);
-  if (!disabledPasses.has("todo-in-prod"))
-    pipeline.add(new TodoInProdPass);
-  if (!disabledPasses.has("string-concat-loop"))
-    pipeline.add(new StringConcatLoopPass);
-  if (!disabledPasses.has("sync-io-async"))
-    pipeline.add(new SyncIoAsyncPass);
-  if (!disabledPasses.has("unchecked-return"))
-    pipeline.add(new UncheckedReturnPass);
-  if (!disabledPasses.has("null-deref"))
-    pipeline.add(new NullDerefPass);
-  if (!disabledPasses.has("resource-leak"))
-    pipeline.add(new ResourceLeakPass);
-  if (!disabledPasses.has("variable-shadowing"))
-    pipeline.add(new VariableShadowingPass);
-  if (!disabledPasses.has("leaked-global"))
-    pipeline.add(new LeakedGlobalPass);
-  if (!disabledPasses.has("unused-variable"))
-    pipeline.add(new UnusedVariablePass);
-  if (!disabledPasses.has("dependency-fan-out"))
-    pipeline.add(new DependencyFanOutPass(passOpts.dependencyFanOut));
-  if (!disabledPasses.has("stale-doc-ref"))
-    pipeline.add(new StaleDocRefPass);
-  if (!disabledPasses.has("infinite-loop"))
-    pipeline.add(new InfiniteLoopPass);
-  if (!disabledPasses.has("deep-inheritance"))
-    pipeline.add(new DeepInheritancePass);
-  if (!disabledPasses.has("redundant-loop-computation"))
-    pipeline.add(new RedundantLoopPass);
-  if (!disabledPasses.has("unbounded-collection"))
-    pipeline.add(new UnboundedCollectionPass(passOpts.unboundedCollection));
-  if (!disabledPasses.has("serial-await"))
-    pipeline.add(new SerialAwaitPass);
-  if (!disabledPasses.has("react-inline-jsx"))
-    pipeline.add(new ReactInlineJsxPass);
-  if (!disabledPasses.has("swallowed-exception"))
-    pipeline.add(new SwallowedExceptionPass);
-  if (!disabledPasses.has("broad-catch"))
-    pipeline.add(new BroadCatchPass);
-  if (!disabledPasses.has("unhandled-exception"))
-    pipeline.add(new UnhandledExceptionPass);
-  if (!disabledPasses.has("double-close"))
-    pipeline.add(new DoubleClosePass);
-  if (!disabledPasses.has("use-after-close"))
-    pipeline.add(new UseAfterClosePass);
-  if (!disabledPasses.has("cleanup-verify"))
-    pipeline.add(new CleanupVerifyPass);
-  if (!disabledPasses.has("missing-override"))
-    pipeline.add(new MissingOverridePass);
-  if (!disabledPasses.has("unused-interface-method"))
-    pipeline.add(new UnusedInterfaceMethodPass);
-  if (!disabledPasses.has("blocking-main-thread"))
-    pipeline.add(new BlockingMainThreadPass);
-  if (!disabledPasses.has("excessive-allocation"))
-    pipeline.add(new ExcessiveAllocationPass);
-  if (!disabledPasses.has("missing-stream"))
-    pipeline.add(new MissingStreamPass);
-  if (!disabledPasses.has("god-class"))
-    pipeline.add(new GodClassPass);
-  if (!disabledPasses.has("naming-convention"))
-    pipeline.add(new NamingConventionPass(passOpts.namingConvention));
-  if (!disabledPasses.has("security-headers"))
-    pipeline.add(new SecurityHeadersPass(passOpts.securityHeaders));
-  const { results, findings } = pipeline.run(graph, code, language, config);
-  const sinkFilter = results.get("sink-filter");
-  const interProc = results.get("interprocedural");
-  const taint = {
-    sources: sinkFilter.sources,
-    sinks: [...sinkFilter.sinks, ...interProc.additionalSinks],
-    sanitizers: sinkFilter.sanitizers,
-    flows: interProc.additionalFlows,
-    interprocedural: interProc.interprocedural
-  };
-  const unresolved = detectUnresolved(calls, types, dfg);
-  const enriched = buildEnriched(types, calls, taint.sources, taint.sinks);
-  const metricValues = new MetricRunner().run({ meta, types, calls, cfg, dfg, taint, imports, exports, unresolved, enriched }, code, language);
-  logger.debug("Analysis complete", {
-    filePath,
-    finalSources: taint.sources.length,
-    finalSinks: taint.sinks.length,
-    flows: taint.flows?.length ?? 0,
-    unresolvedItems: unresolved.length
-  });
-  return {
-    meta,
-    types,
-    calls,
-    cfg,
-    dfg,
-    taint,
-    imports,
-    exports,
-    unresolved,
-    enriched,
-    findings: findings.length > 0 ? findings : undefined,
-    metrics: { file: filePath, metrics: metricValues }
-  };
+  try {
+    logger.trace("Parsed AST", { rootNodeType: tree.rootNode.type });
+    const nodeCache = collectAllNodes(tree.rootNode, getNodeTypesForLanguage(language));
+    const meta = extractMeta(code, tree, filePath, language);
+    const types = extractTypes(tree, nodeCache, language);
+    const calls = extractCalls(tree, nodeCache, language);
+    const imports = extractImports(tree, language);
+    const exports = extractExports(types);
+    const cfg = buildCFG(tree, language);
+    const dfg = buildDFG(tree, nodeCache, language);
+    const graph = new CodeGraph({
+      meta,
+      types,
+      calls,
+      cfg,
+      dfg,
+      taint: { sources: [], sinks: [], sanitizers: [] },
+      imports,
+      exports,
+      unresolved: [],
+      enriched: {}
+    });
+    const config = options.taintConfig ?? getDefaultConfig();
+    const disabledPasses = new Set(options.disabledPasses ?? []);
+    const passOpts = options.passOptions ?? {};
+    const pipeline = new AnalysisPipeline;
+    pipeline.add(new TaintMatcherPass);
+    pipeline.add(new ConstantPropagationPass(tree));
+    pipeline.add(new LanguageSourcesPass);
+    pipeline.add(new SinkFilterPass);
+    pipeline.add(new TaintPropagationPass);
+    pipeline.add(new InterproceduralPass);
+    if (!disabledPasses.has("scan-secrets"))
+      pipeline.add(new ScanSecretsPass);
+    if (!disabledPasses.has("dead-code"))
+      pipeline.add(new DeadCodePass);
+    if (!disabledPasses.has("missing-await"))
+      pipeline.add(new MissingAwaitPass);
+    if (!disabledPasses.has("n-plus-one"))
+      pipeline.add(new NPlusOnePass);
+    if (!disabledPasses.has("missing-public-doc"))
+      pipeline.add(new MissingPublicDocPass);
+    if (!disabledPasses.has("todo-in-prod"))
+      pipeline.add(new TodoInProdPass);
+    if (!disabledPasses.has("string-concat-loop"))
+      pipeline.add(new StringConcatLoopPass);
+    if (!disabledPasses.has("sync-io-async"))
+      pipeline.add(new SyncIoAsyncPass);
+    if (!disabledPasses.has("unchecked-return"))
+      pipeline.add(new UncheckedReturnPass);
+    if (!disabledPasses.has("null-deref"))
+      pipeline.add(new NullDerefPass);
+    if (!disabledPasses.has("resource-leak"))
+      pipeline.add(new ResourceLeakPass);
+    if (!disabledPasses.has("variable-shadowing"))
+      pipeline.add(new VariableShadowingPass);
+    if (!disabledPasses.has("leaked-global"))
+      pipeline.add(new LeakedGlobalPass);
+    if (!disabledPasses.has("unused-variable"))
+      pipeline.add(new UnusedVariablePass);
+    if (!disabledPasses.has("dependency-fan-out"))
+      pipeline.add(new DependencyFanOutPass(passOpts.dependencyFanOut));
+    if (!disabledPasses.has("stale-doc-ref"))
+      pipeline.add(new StaleDocRefPass);
+    if (!disabledPasses.has("infinite-loop"))
+      pipeline.add(new InfiniteLoopPass);
+    if (!disabledPasses.has("deep-inheritance"))
+      pipeline.add(new DeepInheritancePass);
+    if (!disabledPasses.has("redundant-loop-computation"))
+      pipeline.add(new RedundantLoopPass);
+    if (!disabledPasses.has("unbounded-collection"))
+      pipeline.add(new UnboundedCollectionPass(passOpts.unboundedCollection));
+    if (!disabledPasses.has("serial-await"))
+      pipeline.add(new SerialAwaitPass);
+    if (!disabledPasses.has("react-inline-jsx"))
+      pipeline.add(new ReactInlineJsxPass);
+    if (!disabledPasses.has("swallowed-exception"))
+      pipeline.add(new SwallowedExceptionPass);
+    if (!disabledPasses.has("broad-catch"))
+      pipeline.add(new BroadCatchPass);
+    if (!disabledPasses.has("unhandled-exception"))
+      pipeline.add(new UnhandledExceptionPass);
+    if (!disabledPasses.has("double-close"))
+      pipeline.add(new DoubleClosePass);
+    if (!disabledPasses.has("use-after-close"))
+      pipeline.add(new UseAfterClosePass);
+    if (!disabledPasses.has("cleanup-verify"))
+      pipeline.add(new CleanupVerifyPass);
+    if (!disabledPasses.has("missing-override"))
+      pipeline.add(new MissingOverridePass);
+    if (!disabledPasses.has("unused-interface-method"))
+      pipeline.add(new UnusedInterfaceMethodPass);
+    if (!disabledPasses.has("blocking-main-thread"))
+      pipeline.add(new BlockingMainThreadPass);
+    if (!disabledPasses.has("excessive-allocation"))
+      pipeline.add(new ExcessiveAllocationPass);
+    if (!disabledPasses.has("missing-stream"))
+      pipeline.add(new MissingStreamPass);
+    if (!disabledPasses.has("god-class"))
+      pipeline.add(new GodClassPass);
+    if (!disabledPasses.has("naming-convention"))
+      pipeline.add(new NamingConventionPass(passOpts.namingConvention));
+    if (!disabledPasses.has("security-headers"))
+      pipeline.add(new SecurityHeadersPass(passOpts.securityHeaders));
+    const { results, findings } = pipeline.run(graph, code, language, config);
+    const sinkFilter = results.get("sink-filter");
+    const interProc = results.get("interprocedural");
+    const taint = {
+      sources: sinkFilter.sources,
+      sinks: [...sinkFilter.sinks, ...interProc.additionalSinks],
+      sanitizers: sinkFilter.sanitizers,
+      flows: interProc.additionalFlows,
+      interprocedural: interProc.interprocedural
+    };
+    const unresolved = detectUnresolved(calls, types, dfg);
+    const enriched = buildEnriched(types, calls, taint.sources, taint.sinks);
+    const metricValues = new MetricRunner().run({ meta, types, calls, cfg, dfg, taint, imports, exports, unresolved, enriched }, code, language);
+    logger.debug("Analysis complete", {
+      filePath,
+      finalSources: taint.sources.length,
+      finalSinks: taint.sinks.length,
+      flows: taint.flows?.length ?? 0,
+      unresolvedItems: unresolved.length
+    });
+    return {
+      meta,
+      types,
+      calls,
+      cfg,
+      dfg,
+      taint,
+      imports,
+      exports,
+      unresolved,
+      enriched,
+      findings: findings.length > 0 ? findings : undefined,
+      metrics: { file: filePath, metrics: metricValues }
+    };
+  } finally {
+    disposeTree(tree);
+  }
 }
 async function analyzeHtmlFile(code, filePath, options) {
   logger.debug("Analyzing HTML file", { filePath, codeLength: code.length });
   const tree = await parse(code, "html");
-  const meta = extractMeta(code, tree, filePath, "html");
-  const { scriptBlocks, eventHandlers } = extractHtmlContent(tree.rootNode);
-  logger.debug("HTML extraction", {
-    filePath,
-    inlineScripts: scriptBlocks.filter((b) => b.kind === "inline").length,
-    externalScripts: scriptBlocks.filter((b) => b.kind === "external-src").length,
-    eventHandlers: eventHandlers.length
-  });
-  const scriptResults = [];
-  for (const block of scriptBlocks) {
-    if (block.kind !== "inline" || !block.code.trim())
-      continue;
-    const scriptLang = block.scriptType === "ts" || block.scriptType === "typescript" || block.scriptType === "text/typescript" ? "typescript" : "javascript";
-    try {
-      const ir = await analyze(block.code, filePath, scriptLang, options);
-      scriptResults.push({ ir, lineOffset: block.lineOffset });
-    } catch (e) {
-      logger.warn("Failed to analyze script block", {
-        filePath,
-        lineOffset: block.lineOffset,
-        error: e instanceof Error ? e.message : String(e)
-      });
+  try {
+    const meta = extractMeta(code, tree, filePath, "html");
+    const { scriptBlocks, eventHandlers } = extractHtmlContent(tree.rootNode);
+    logger.debug("HTML extraction", {
+      filePath,
+      inlineScripts: scriptBlocks.filter((b) => b.kind === "inline").length,
+      externalScripts: scriptBlocks.filter((b) => b.kind === "external-src").length,
+      eventHandlers: eventHandlers.length
+    });
+    const scriptResults = [];
+    for (const block of scriptBlocks) {
+      if (block.kind !== "inline" || !block.code.trim())
+        continue;
+      const scriptLang = block.scriptType === "ts" || block.scriptType === "typescript" || block.scriptType === "text/typescript" ? "typescript" : "javascript";
+      try {
+        const ir = await analyze(block.code, filePath, scriptLang, options);
+        scriptResults.push({ ir, lineOffset: block.lineOffset });
+      } catch (e) {
+        logger.warn("Failed to analyze script block", {
+          filePath,
+          lineOffset: block.lineOffset,
+          error: e instanceof Error ? e.message : String(e)
+        });
+      }
     }
-  }
-  for (const handler of eventHandlers) {
-    const wrappedCode = `function __${handler.eventName}_handler() { ${handler.code} }`;
-    try {
-      const ir = await analyze(wrappedCode, filePath, "javascript", options);
-      scriptResults.push({ ir, lineOffset: handler.line });
-    } catch (e) {
-      logger.warn("Failed to analyze event handler", {
-        filePath,
-        eventName: handler.eventName,
-        line: handler.line,
-        error: e instanceof Error ? e.message : String(e)
-      });
+    for (const handler of eventHandlers) {
+      const wrappedCode = `function __${handler.eventName}_handler() { ${handler.code} }`;
+      try {
+        const ir = await analyze(wrappedCode, filePath, "javascript", options);
+        scriptResults.push({ ir, lineOffset: handler.line });
+      } catch (e) {
+        logger.warn("Failed to analyze event handler", {
+          filePath,
+          eventName: handler.eventName,
+          line: handler.line,
+          error: e instanceof Error ? e.message : String(e)
+        });
+      }
     }
+    const attributeFindings = runHtmlAttributeSecurityChecks(tree.rootNode, filePath);
+    const result = mergeHtmlResults(meta, scriptResults, attributeFindings);
+    logger.debug("HTML analysis complete", {
+      filePath,
+      scriptBlocks: scriptResults.length,
+      attributeFindings: attributeFindings.length,
+      totalFindings: result.findings?.length ?? 0
+    });
+    return result;
+  } finally {
+    disposeTree(tree);
   }
-  const attributeFindings = runHtmlAttributeSecurityChecks(tree.rootNode, filePath);
-  const result = mergeHtmlResults(meta, scriptResults, attributeFindings);
-  logger.debug("HTML analysis complete", {
-    filePath,
-    scriptBlocks: scriptResults.length,
-    attributeFindings: attributeFindings.length,
-    totalFindings: result.findings?.length ?? 0
-  });
-  return result;
 }
 async function analyzeProject(files, options = {}) {
   const fileAnalyses = [];
@@ -26038,7 +26083,7 @@ var colors = {
 };
 
 // src/version.ts
-var version = "3.27.1";
+var version = "3.30.0";
 
 // src/formatters.ts
 var SINK_SEVERITY = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cognium-dev",
-  "version": "3.27.1",
+  "version": "3.30.0",
   "description": "Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -65,7 +65,7 @@
     "registry": "https://registry.npmjs.org/"
   },
   "dependencies": {
-    "circle-ir": "^3.27.1"
+    "circle-ir": "^3.30.0"
   },
   "devDependencies": {
     "@types/node": "^25.5.0",