cognium-dev 3.40.0 → 3.41.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +25 -12
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -10475,13 +10475,13 @@ var DEFAULT_SINKS = [
|
|
|
10475
10475
|
{ method: "readObject", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [] },
|
|
10476
10476
|
{ method: "readUnshared", class: "ObjectInputStream", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [] },
|
|
10477
10477
|
{ method: "fromXML", class: "XStream", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10478
|
-
{ method: "readValue", class: "ObjectMapper", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0] },
|
|
10479
|
-
{ method: "load", class: "Yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10478
|
+
{ method: "readValue", class: "ObjectMapper", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0], safe_if_class_literal_at: 1 },
|
|
10479
|
+
{ method: "load", class: "Yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0], safe_if_class_literal_at: 1 },
|
|
10480
10480
|
{ method: "loadAll", class: "Yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10481
|
-
{ method: "loadAs", class: "Yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10482
|
-
{ method: "parseObject", class: "JSON", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0] },
|
|
10483
|
-
{ method: "parseObject", class: "JSONObject", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0] },
|
|
10484
|
-
{ method: "fromJson", class: "Gson", type: "deserialization", cwe: "CWE-502", severity: "medium", arg_positions: [0] },
|
|
10481
|
+
{ method: "loadAs", class: "Yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0], safe_if_class_literal_at: 1 },
|
|
10482
|
+
{ method: "parseObject", class: "JSON", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0], safe_if_class_literal_at: 1 },
|
|
10483
|
+
{ method: "parseObject", class: "JSONObject", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0], safe_if_class_literal_at: 1 },
|
|
10484
|
+
{ method: "fromJson", class: "Gson", type: "deserialization", cwe: "CWE-502", severity: "medium", arg_positions: [0], safe_if_class_literal_at: 1 },
|
|
10485
10485
|
{ method: "readObject", class: "XMLDecoder", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [] },
|
|
10486
10486
|
{ method: "ObjectInputStream", class: "constructor", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10487
10487
|
{ method: "search", class: "DirContext", type: "ldap_injection", cwe: "CWE-90", severity: "high", arg_positions: [0, 1] },
|
|
@@ -10690,11 +10690,11 @@ var DEFAULT_SINKS = [
|
|
|
10690
10690
|
{ method: "exec", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10691
10691
|
{ method: "compile", type: "code_injection", cwe: "CWE-94", severity: "high", arg_positions: [0], languages: ["python"] },
|
|
10692
10692
|
{ method: "__import__", type: "code_injection", cwe: "CWE-94", severity: "high", arg_positions: [0], languages: ["python"] },
|
|
10693
|
-
{ method: "loads", class: "pickle", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10694
|
-
{ method: "load", class: "pickle", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10695
|
-
{ method: "loads", class: "marshal", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10696
|
-
{ method: "load", class: "yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10697
|
-
{ method: "loads", class: "yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10693
|
+
{ method: "loads", class: "pickle", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10694
|
+
{ method: "load", class: "pickle", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10695
|
+
{ method: "loads", class: "marshal", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10696
|
+
{ method: "load", class: "yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10697
|
+
{ method: "loads", class: "yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10698
10698
|
{ method: "execute", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10699
10699
|
{ method: "executemany", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10700
10700
|
{ method: "raw", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
@@ -11363,6 +11363,16 @@ function isParameterizedQueryCall(call, pattern) {
|
|
|
11363
11363
|
}
|
|
11364
11364
|
return false;
|
|
11365
11365
|
}
|
|
11366
|
+
var CLASS_LITERAL_RE = /^(?:[A-Za-z_][\w]*\.)*[A-Z][\w]*(?:\[\])*\.class$/;
|
|
11367
|
+
function argIsClassLiteral(call, position) {
|
|
11368
|
+
const arg = call.arguments.find((a) => a.position === position);
|
|
11369
|
+
if (!arg)
|
|
11370
|
+
return false;
|
|
11371
|
+
const expr = (arg.literal ?? arg.expression ?? "").trim();
|
|
11372
|
+
if (!expr)
|
|
11373
|
+
return false;
|
|
11374
|
+
return CLASS_LITERAL_RE.test(expr);
|
|
11375
|
+
}
|
|
11366
11376
|
function findSinks(calls, patterns, typeHierarchy, language, sourceLines) {
|
|
11367
11377
|
const sinkMap = new Map;
|
|
11368
11378
|
for (const call of calls) {
|
|
@@ -11371,6 +11381,9 @@ function findSinks(calls, patterns, typeHierarchy, language, sourceLines) {
|
|
|
11371
11381
|
if (isParameterizedQueryCall(call, pattern)) {
|
|
11372
11382
|
continue;
|
|
11373
11383
|
}
|
|
11384
|
+
if (pattern.safe_if_class_literal_at !== undefined && argIsClassLiteral(call, pattern.safe_if_class_literal_at)) {
|
|
11385
|
+
continue;
|
|
11386
|
+
}
|
|
11374
11387
|
const location = formatCallLocation(call);
|
|
11375
11388
|
const key = `${location}:${call.location.line}:${pattern.cwe}`;
|
|
11376
11389
|
const confidence = calculateSinkConfidence(call, pattern);
|
|
@@ -27619,7 +27632,7 @@ var colors = {
|
|
|
27619
27632
|
};
|
|
27620
27633
|
|
|
27621
27634
|
// src/version.ts
|
|
27622
|
-
var version = "3.
|
|
27635
|
+
var version = "3.41.0";
|
|
27623
27636
|
|
|
27624
27637
|
// src/formatters.ts
|
|
27625
27638
|
var SINK_SEVERITY = {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cognium-dev",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.41.0",
|
|
4
4
|
"description": "Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -65,7 +65,7 @@
|
|
|
65
65
|
"registry": "https://registry.npmjs.org/"
|
|
66
66
|
},
|
|
67
67
|
"dependencies": {
|
|
68
|
-
"circle-ir": "^3.
|
|
68
|
+
"circle-ir": "^3.41.0"
|
|
69
69
|
},
|
|
70
70
|
"devDependencies": {
|
|
71
71
|
"@types/node": "^25.5.0",
|