cognium-dev 3.39.0 → 3.40.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +39 -10
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -11092,13 +11092,29 @@ var PYTHON_TAINTED_PATTERNS = [
|
|
|
11092
11092
|
{ pattern: /\brequest\.query_params\b/, sourceType: "http_param" },
|
|
11093
11093
|
{ pattern: /\brequest\.path_params\b/, sourceType: "http_param" }
|
|
11094
11094
|
];
|
|
11095
|
-
function analyzeTaint(calls, types, config = getDefaultConfig(), typeHierarchy, language) {
|
|
11096
|
-
const
|
|
11097
|
-
|
|
11095
|
+
function analyzeTaint(calls, types, config = getDefaultConfig(), typeHierarchy, language, code) {
|
|
11096
|
+
const sourceLines = code !== undefined ? code.split(`
|
|
11097
|
+
`) : undefined;
|
|
11098
|
+
const sources = findSources(calls, types, config.sources, sourceLines);
|
|
11099
|
+
const sinks = findSinks(calls, config.sinks, typeHierarchy, language, sourceLines);
|
|
11098
11100
|
const sanitizers = findSanitizers(calls, types, config.sanitizers);
|
|
11099
11101
|
return { sources, sinks, sanitizers };
|
|
11100
11102
|
}
|
|
11101
|
-
function
|
|
11103
|
+
function attachSourceLineCode(sources, sinks, code) {
|
|
11104
|
+
const lines = code.split(`
|
|
11105
|
+
`);
|
|
11106
|
+
for (const s of sources) {
|
|
11107
|
+
if (s.code === undefined) {
|
|
11108
|
+
s.code = lines[s.line - 1]?.trim();
|
|
11109
|
+
}
|
|
11110
|
+
}
|
|
11111
|
+
for (const s of sinks) {
|
|
11112
|
+
if (s.code === undefined) {
|
|
11113
|
+
s.code = lines[s.line - 1]?.trim();
|
|
11114
|
+
}
|
|
11115
|
+
}
|
|
11116
|
+
}
|
|
11117
|
+
function findSources(calls, types, patterns, sourceLines) {
|
|
11102
11118
|
const sources = [];
|
|
11103
11119
|
for (const call of calls) {
|
|
11104
11120
|
for (const pattern of patterns) {
|
|
@@ -11245,7 +11261,13 @@ function findSources(calls, types, patterns) {
|
|
|
11245
11261
|
sourceMap.set(key, source);
|
|
11246
11262
|
}
|
|
11247
11263
|
}
|
|
11248
|
-
|
|
11264
|
+
const result = Array.from(sourceMap.values());
|
|
11265
|
+
if (sourceLines) {
|
|
11266
|
+
for (const s of result) {
|
|
11267
|
+
s.code = sourceLines[s.line - 1]?.trim();
|
|
11268
|
+
}
|
|
11269
|
+
}
|
|
11270
|
+
return result;
|
|
11249
11271
|
}
|
|
11250
11272
|
function isInterproceduralTaintableType(typeName) {
|
|
11251
11273
|
const baseType = typeName.split("<")[0].trim();
|
|
@@ -11341,7 +11363,7 @@ function isParameterizedQueryCall(call, pattern) {
|
|
|
11341
11363
|
}
|
|
11342
11364
|
return false;
|
|
11343
11365
|
}
|
|
11344
|
-
function findSinks(calls, patterns, typeHierarchy, language) {
|
|
11366
|
+
function findSinks(calls, patterns, typeHierarchy, language, sourceLines) {
|
|
11345
11367
|
const sinkMap = new Map;
|
|
11346
11368
|
for (const call of calls) {
|
|
11347
11369
|
for (const pattern of patterns) {
|
|
@@ -11367,7 +11389,13 @@ function findSinks(calls, patterns, typeHierarchy, language) {
|
|
|
11367
11389
|
}
|
|
11368
11390
|
}
|
|
11369
11391
|
}
|
|
11370
|
-
|
|
11392
|
+
const result = Array.from(sinkMap.values());
|
|
11393
|
+
if (sourceLines) {
|
|
11394
|
+
for (const s of result) {
|
|
11395
|
+
s.code = sourceLines[s.line - 1]?.trim();
|
|
11396
|
+
}
|
|
11397
|
+
}
|
|
11398
|
+
return result;
|
|
11371
11399
|
}
|
|
11372
11400
|
function matchesSourcePattern(call, pattern) {
|
|
11373
11401
|
if (pattern.method) {
|
|
@@ -19694,7 +19722,7 @@ class TaintMatcherPass {
|
|
|
19694
19722
|
name = "taint-matcher";
|
|
19695
19723
|
category = "security";
|
|
19696
19724
|
run(ctx) {
|
|
19697
|
-
const { graph, language, config } = ctx;
|
|
19725
|
+
const { graph, language, config, code } = ctx;
|
|
19698
19726
|
const { calls, types } = graph.ir;
|
|
19699
19727
|
let mergedConfig = config;
|
|
19700
19728
|
const plugin = getLanguagePlugin(language);
|
|
@@ -19731,7 +19759,7 @@ class TaintMatcherPass {
|
|
|
19731
19759
|
}
|
|
19732
19760
|
const hierarchy = createWithJdkTypes();
|
|
19733
19761
|
hierarchy.addFromIR(graph.ir, graph.ir.meta.file);
|
|
19734
|
-
const taint = analyzeTaint(calls, types, mergedConfig, hierarchy, language);
|
|
19762
|
+
const taint = analyzeTaint(calls, types, mergedConfig, hierarchy, language, code);
|
|
19735
19763
|
const sanitizerMethods = [];
|
|
19736
19764
|
for (const type of types) {
|
|
19737
19765
|
for (const method of type.methods) {
|
|
@@ -19913,6 +19941,7 @@ class LanguageSourcesPass {
|
|
|
19913
19941
|
ctx.addFinding(finding);
|
|
19914
19942
|
}
|
|
19915
19943
|
}
|
|
19944
|
+
attachSourceLineCode(additionalSources, additionalSinks, code);
|
|
19916
19945
|
return { additionalSources, additionalSinks, pyTaintedVars, pySanitizedVars, jsTaintedVars };
|
|
19917
19946
|
}
|
|
19918
19947
|
}
|
|
@@ -27590,7 +27619,7 @@ var colors = {
|
|
|
27590
27619
|
};
|
|
27591
27620
|
|
|
27592
27621
|
// src/version.ts
|
|
27593
|
-
var version = "3.
|
|
27622
|
+
var version = "3.40.0";
|
|
27594
27623
|
|
|
27595
27624
|
// src/formatters.ts
|
|
27596
27625
|
var SINK_SEVERITY = {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cognium-dev",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.40.0",
|
|
4
4
|
"description": "Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -65,7 +65,7 @@
|
|
|
65
65
|
"registry": "https://registry.npmjs.org/"
|
|
66
66
|
},
|
|
67
67
|
"dependencies": {
|
|
68
|
-
"circle-ir": "^3.
|
|
68
|
+
"circle-ir": "^3.40.0"
|
|
69
69
|
},
|
|
70
70
|
"devDependencies": {
|
|
71
71
|
"@types/node": "^25.5.0",
|