npm - cognium-dev - Versions diffs - 3.41.0 → 3.42.0 - Mend

cognium-dev 3.41.0 → 3.42.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/cli.js +30 -4
package/package.json +2 -2

package/dist/cli.js CHANGED Viewed

@@ -10059,6 +10059,17 @@ var DEFAULT_SINKS = [
   { method: "queryForObject", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0] },
   { method: "queryForList", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0] },
   { method: "queryForLong", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0] },
+  { method: "insert", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "insertSelective", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "update", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "updateByPrimaryKey", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "updateByPrimaryKeySelective", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "delete", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "deleteByPrimaryKey", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "selectOne", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "selectList", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "selectByPrimaryKey", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "selectByExample", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
   { method: "exec", class: "Runtime", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0, 1] },
   { method: "start", class: "ProcessBuilder", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [] },
   { method: "ProcessBuilder", class: "constructor", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
@@ -11681,6 +11692,14 @@ function matchesAnnotation(annotations, targetAnnotation) {
   return false;
 }
 function receiverMightBeClass(receiver, className) {
+  if (className.startsWith("*") && className.length > 1) {
+    const suffix = className.slice(1).toLowerCase();
+    let simpleReceiver = receiver;
+    if (simpleReceiver.includes(".") && !simpleReceiver.endsWith(")")) {
+      simpleReceiver = simpleReceiver.substring(simpleReceiver.lastIndexOf(".") + 1);
+    }
+    return simpleReceiver.toLowerCase().endsWith(suffix);
+  }
   if (receiver === className) {
     return true;
   }
@@ -21046,7 +21065,8 @@ var KNOWN_SINK_TYPES = new Set([
   "log_injection",
   "xxe",
   "deserialization",
-  "code_injection"
+  "code_injection",
+  "mybatis_mapper_call"
 ]);
 function checkSanitized(_fromLine, toLine, sinkType, sanitizersByLine) {
   const sanitizersAtTarget = sanitizersByLine.get(toLine);
@@ -27632,7 +27652,7 @@ var colors = {
 };
 // src/version.ts
-var version = "3.41.0";
+var version = "3.42.0";
 // src/formatters.ts
 var SINK_SEVERITY = {
@@ -27654,7 +27674,8 @@ var SINK_SEVERITY = {
   weak_crypto: "low",
   insecure_cookie: "low",
   trust_boundary: "medium",
-  external_taint_escape: "medium"
+  external_taint_escape: "medium",
+  mybatis_mapper_call: "medium"
 };
 var SINK_CWE = {
   sql_injection: "CWE-89",
@@ -27675,7 +27696,8 @@ var SINK_CWE = {
   weak_crypto: "CWE-327",
   insecure_cookie: "CWE-614",
   trust_boundary: "CWE-501",
-  external_taint_escape: "CWE-20"
+  external_taint_escape: "CWE-20",
+  mybatis_mapper_call: "CWE-89"
 };
 var VULNERABILITY_HELP = {
   sql_injection: {
@@ -27754,6 +27776,10 @@ var VULNERABILITY_HELP = {
     description: "External input reaches a sensitive sink without proper validation",
     fix: "Validate, sanitize, or escape external input before use in sensitive operations"
   },
+  mybatis_mapper_call: {
+    description: "Tainted argument passed to a MyBatis mapper interface method — actual SQL lives in the mapper XML/annotation binding, so exploitability depends on whether ${...} string interpolation is used",
+    fix: "Audit the mapper XML/annotations: use #{...} parameter binding (PreparedStatement-backed) for any user-controlled value. Reject from SQL-injection reports unless ${...} interpolation is confirmed"
+  },
   "dead-code": {
     description: "Unreachable code block has no execution path from any entry point",
     fix: "Remove the unreachable block or fix the control flow that precedes it"

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "cognium-dev",
-  "version": "3.41.0",
+  "version": "3.42.0",
   "description": "Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -65,7 +65,7 @@
     "registry": "https://registry.npmjs.org/"
   },
   "dependencies": {
-    "circle-ir": "^3.41.0"
+    "circle-ir": "^3.42.0"
   },
   "devDependencies": {
     "@types/node": "^25.5.0",