cognium-dev 3.40.0 → 3.42.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +54 -15
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -10059,6 +10059,17 @@ var DEFAULT_SINKS = [
|
|
|
10059
10059
|
{ method: "queryForObject", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0] },
|
|
10060
10060
|
{ method: "queryForList", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0] },
|
|
10061
10061
|
{ method: "queryForLong", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0] },
|
|
10062
|
+
{ method: "insert", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
|
|
10063
|
+
{ method: "insertSelective", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
|
|
10064
|
+
{ method: "update", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
|
|
10065
|
+
{ method: "updateByPrimaryKey", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
|
|
10066
|
+
{ method: "updateByPrimaryKeySelective", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
|
|
10067
|
+
{ method: "delete", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
|
|
10068
|
+
{ method: "deleteByPrimaryKey", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
|
|
10069
|
+
{ method: "selectOne", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
|
|
10070
|
+
{ method: "selectList", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
|
|
10071
|
+
{ method: "selectByPrimaryKey", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
|
|
10072
|
+
{ method: "selectByExample", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
|
|
10062
10073
|
{ method: "exec", class: "Runtime", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0, 1] },
|
|
10063
10074
|
{ method: "start", class: "ProcessBuilder", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [] },
|
|
10064
10075
|
{ method: "ProcessBuilder", class: "constructor", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
|
|
@@ -10475,13 +10486,13 @@ var DEFAULT_SINKS = [
|
|
|
10475
10486
|
{ method: "readObject", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [] },
|
|
10476
10487
|
{ method: "readUnshared", class: "ObjectInputStream", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [] },
|
|
10477
10488
|
{ method: "fromXML", class: "XStream", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10478
|
-
{ method: "readValue", class: "ObjectMapper", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0] },
|
|
10479
|
-
{ method: "load", class: "Yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10489
|
+
{ method: "readValue", class: "ObjectMapper", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0], safe_if_class_literal_at: 1 },
|
|
10490
|
+
{ method: "load", class: "Yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0], safe_if_class_literal_at: 1 },
|
|
10480
10491
|
{ method: "loadAll", class: "Yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10481
|
-
{ method: "loadAs", class: "Yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10482
|
-
{ method: "parseObject", class: "JSON", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0] },
|
|
10483
|
-
{ method: "parseObject", class: "JSONObject", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0] },
|
|
10484
|
-
{ method: "fromJson", class: "Gson", type: "deserialization", cwe: "CWE-502", severity: "medium", arg_positions: [0] },
|
|
10492
|
+
{ method: "loadAs", class: "Yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0], safe_if_class_literal_at: 1 },
|
|
10493
|
+
{ method: "parseObject", class: "JSON", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0], safe_if_class_literal_at: 1 },
|
|
10494
|
+
{ method: "parseObject", class: "JSONObject", type: "deserialization", cwe: "CWE-502", severity: "high", arg_positions: [0], safe_if_class_literal_at: 1 },
|
|
10495
|
+
{ method: "fromJson", class: "Gson", type: "deserialization", cwe: "CWE-502", severity: "medium", arg_positions: [0], safe_if_class_literal_at: 1 },
|
|
10485
10496
|
{ method: "readObject", class: "XMLDecoder", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [] },
|
|
10486
10497
|
{ method: "ObjectInputStream", class: "constructor", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10487
10498
|
{ method: "search", class: "DirContext", type: "ldap_injection", cwe: "CWE-90", severity: "high", arg_positions: [0, 1] },
|
|
@@ -10690,11 +10701,11 @@ var DEFAULT_SINKS = [
|
|
|
10690
10701
|
{ method: "exec", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10691
10702
|
{ method: "compile", type: "code_injection", cwe: "CWE-94", severity: "high", arg_positions: [0], languages: ["python"] },
|
|
10692
10703
|
{ method: "__import__", type: "code_injection", cwe: "CWE-94", severity: "high", arg_positions: [0], languages: ["python"] },
|
|
10693
|
-
{ method: "loads", class: "pickle", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10694
|
-
{ method: "load", class: "pickle", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10695
|
-
{ method: "loads", class: "marshal", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10696
|
-
{ method: "load", class: "yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10697
|
-
{ method: "loads", class: "yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0] },
|
|
10704
|
+
{ method: "loads", class: "pickle", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10705
|
+
{ method: "load", class: "pickle", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10706
|
+
{ method: "loads", class: "marshal", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10707
|
+
{ method: "load", class: "yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10708
|
+
{ method: "loads", class: "yaml", type: "deserialization", cwe: "CWE-502", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10698
10709
|
{ method: "execute", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10699
10710
|
{ method: "executemany", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
10700
10711
|
{ method: "raw", type: "sql_injection", cwe: "CWE-89", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
@@ -11363,6 +11374,16 @@ function isParameterizedQueryCall(call, pattern) {
|
|
|
11363
11374
|
}
|
|
11364
11375
|
return false;
|
|
11365
11376
|
}
|
|
11377
|
+
var CLASS_LITERAL_RE = /^(?:[A-Za-z_][\w]*\.)*[A-Z][\w]*(?:\[\])*\.class$/;
|
|
11378
|
+
function argIsClassLiteral(call, position) {
|
|
11379
|
+
const arg = call.arguments.find((a) => a.position === position);
|
|
11380
|
+
if (!arg)
|
|
11381
|
+
return false;
|
|
11382
|
+
const expr = (arg.literal ?? arg.expression ?? "").trim();
|
|
11383
|
+
if (!expr)
|
|
11384
|
+
return false;
|
|
11385
|
+
return CLASS_LITERAL_RE.test(expr);
|
|
11386
|
+
}
|
|
11366
11387
|
function findSinks(calls, patterns, typeHierarchy, language, sourceLines) {
|
|
11367
11388
|
const sinkMap = new Map;
|
|
11368
11389
|
for (const call of calls) {
|
|
@@ -11371,6 +11392,9 @@ function findSinks(calls, patterns, typeHierarchy, language, sourceLines) {
|
|
|
11371
11392
|
if (isParameterizedQueryCall(call, pattern)) {
|
|
11372
11393
|
continue;
|
|
11373
11394
|
}
|
|
11395
|
+
if (pattern.safe_if_class_literal_at !== undefined && argIsClassLiteral(call, pattern.safe_if_class_literal_at)) {
|
|
11396
|
+
continue;
|
|
11397
|
+
}
|
|
11374
11398
|
const location = formatCallLocation(call);
|
|
11375
11399
|
const key = `${location}:${call.location.line}:${pattern.cwe}`;
|
|
11376
11400
|
const confidence = calculateSinkConfidence(call, pattern);
|
|
@@ -11668,6 +11692,14 @@ function matchesAnnotation(annotations, targetAnnotation) {
|
|
|
11668
11692
|
return false;
|
|
11669
11693
|
}
|
|
11670
11694
|
function receiverMightBeClass(receiver, className) {
|
|
11695
|
+
if (className.startsWith("*") && className.length > 1) {
|
|
11696
|
+
const suffix = className.slice(1).toLowerCase();
|
|
11697
|
+
let simpleReceiver = receiver;
|
|
11698
|
+
if (simpleReceiver.includes(".") && !simpleReceiver.endsWith(")")) {
|
|
11699
|
+
simpleReceiver = simpleReceiver.substring(simpleReceiver.lastIndexOf(".") + 1);
|
|
11700
|
+
}
|
|
11701
|
+
return simpleReceiver.toLowerCase().endsWith(suffix);
|
|
11702
|
+
}
|
|
11671
11703
|
if (receiver === className) {
|
|
11672
11704
|
return true;
|
|
11673
11705
|
}
|
|
@@ -21033,7 +21065,8 @@ var KNOWN_SINK_TYPES = new Set([
|
|
|
21033
21065
|
"log_injection",
|
|
21034
21066
|
"xxe",
|
|
21035
21067
|
"deserialization",
|
|
21036
|
-
"code_injection"
|
|
21068
|
+
"code_injection",
|
|
21069
|
+
"mybatis_mapper_call"
|
|
21037
21070
|
]);
|
|
21038
21071
|
function checkSanitized(_fromLine, toLine, sinkType, sanitizersByLine) {
|
|
21039
21072
|
const sanitizersAtTarget = sanitizersByLine.get(toLine);
|
|
@@ -27619,7 +27652,7 @@ var colors = {
|
|
|
27619
27652
|
};
|
|
27620
27653
|
|
|
27621
27654
|
// src/version.ts
|
|
27622
|
-
var version = "3.
|
|
27655
|
+
var version = "3.42.0";
|
|
27623
27656
|
|
|
27624
27657
|
// src/formatters.ts
|
|
27625
27658
|
var SINK_SEVERITY = {
|
|
@@ -27641,7 +27674,8 @@ var SINK_SEVERITY = {
|
|
|
27641
27674
|
weak_crypto: "low",
|
|
27642
27675
|
insecure_cookie: "low",
|
|
27643
27676
|
trust_boundary: "medium",
|
|
27644
|
-
external_taint_escape: "medium"
|
|
27677
|
+
external_taint_escape: "medium",
|
|
27678
|
+
mybatis_mapper_call: "medium"
|
|
27645
27679
|
};
|
|
27646
27680
|
var SINK_CWE = {
|
|
27647
27681
|
sql_injection: "CWE-89",
|
|
@@ -27662,7 +27696,8 @@ var SINK_CWE = {
|
|
|
27662
27696
|
weak_crypto: "CWE-327",
|
|
27663
27697
|
insecure_cookie: "CWE-614",
|
|
27664
27698
|
trust_boundary: "CWE-501",
|
|
27665
|
-
external_taint_escape: "CWE-20"
|
|
27699
|
+
external_taint_escape: "CWE-20",
|
|
27700
|
+
mybatis_mapper_call: "CWE-89"
|
|
27666
27701
|
};
|
|
27667
27702
|
var VULNERABILITY_HELP = {
|
|
27668
27703
|
sql_injection: {
|
|
@@ -27741,6 +27776,10 @@ var VULNERABILITY_HELP = {
|
|
|
27741
27776
|
description: "External input reaches a sensitive sink without proper validation",
|
|
27742
27777
|
fix: "Validate, sanitize, or escape external input before use in sensitive operations"
|
|
27743
27778
|
},
|
|
27779
|
+
mybatis_mapper_call: {
|
|
27780
|
+
description: "Tainted argument passed to a MyBatis mapper interface method — actual SQL lives in the mapper XML/annotation binding, so exploitability depends on whether ${...} string interpolation is used",
|
|
27781
|
+
fix: "Audit the mapper XML/annotations: use #{...} parameter binding (PreparedStatement-backed) for any user-controlled value. Reject from SQL-injection reports unless ${...} interpolation is confirmed"
|
|
27782
|
+
},
|
|
27744
27783
|
"dead-code": {
|
|
27745
27784
|
description: "Unreachable code block has no execution path from any entry point",
|
|
27746
27785
|
fix: "Remove the unreachable block or fix the control flow that precedes it"
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cognium-dev",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.42.0",
|
|
4
4
|
"description": "Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -65,7 +65,7 @@
|
|
|
65
65
|
"registry": "https://registry.npmjs.org/"
|
|
66
66
|
},
|
|
67
67
|
"dependencies": {
|
|
68
|
-
"circle-ir": "^3.
|
|
68
|
+
"circle-ir": "^3.42.0"
|
|
69
69
|
},
|
|
70
70
|
"devDependencies": {
|
|
71
71
|
"@types/node": "^25.5.0",
|