cognium-dev 3.41.0 → 3.42.0

package/dist/cli.js

@@ -10059,6 +10059,17 @@ var DEFAULT_SINKS = [
   { method: "queryForObject", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0] },
   { method: "queryForList", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0] },
   { method: "queryForLong", type: "sql_injection", cwe: "CWE-89", severity: "high", arg_positions: [0] },
+  { method: "insert", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "insertSelective", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "update", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "updateByPrimaryKey", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "updateByPrimaryKeySelective", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "delete", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "deleteByPrimaryKey", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "selectOne", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "selectList", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "selectByPrimaryKey", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
+  { method: "selectByExample", class: "*Mapper", type: "mybatis_mapper_call", cwe: "CWE-89", severity: "medium", arg_positions: [0], languages: ["java"] },
   { method: "exec", class: "Runtime", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0, 1] },
   { method: "start", class: "ProcessBuilder", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [] },
   { method: "ProcessBuilder", class: "constructor", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
@@ -11681,6 +11692,14 @@ function matchesAnnotation(annotations, targetAnnotation) {
   return false;
 }
 function receiverMightBeClass(receiver, className) {
+  if (className.startsWith("*") && className.length > 1) {
+    const suffix = className.slice(1).toLowerCase();
+    let simpleReceiver = receiver;
+    if (simpleReceiver.includes(".") && !simpleReceiver.endsWith(")")) {
+      simpleReceiver = simpleReceiver.substring(simpleReceiver.lastIndexOf(".") + 1);
+    }
+    return simpleReceiver.toLowerCase().endsWith(suffix);
+  }
   if (receiver === className) {
     return true;
   }
@@ -21046,7 +21065,8 @@ var KNOWN_SINK_TYPES = new Set([
   "log_injection",
   "xxe",
   "deserialization",
-  "code_injection"
+  "code_injection",
+  "mybatis_mapper_call"
 ]);
 function checkSanitized(_fromLine, toLine, sinkType, sanitizersByLine) {
   const sanitizersAtTarget = sanitizersByLine.get(toLine);
@@ -27632,7 +27652,7 @@ var colors = {
 };
 
 // src/version.ts
-var version = "3.41.0";
+var version = "3.42.0";
 
 // src/formatters.ts
 var SINK_SEVERITY = {
@@ -27654,7 +27674,8 @@ var SINK_SEVERITY = {
   weak_crypto: "low",
   insecure_cookie: "low",
   trust_boundary: "medium",
-  external_taint_escape: "medium"
+  external_taint_escape: "medium",
+  mybatis_mapper_call: "medium"
 };
 var SINK_CWE = {
   sql_injection: "CWE-89",
@@ -27675,7 +27696,8 @@ var SINK_CWE = {
   weak_crypto: "CWE-327",
   insecure_cookie: "CWE-614",
   trust_boundary: "CWE-501",
-  external_taint_escape: "CWE-20"
+  external_taint_escape: "CWE-20",
+  mybatis_mapper_call: "CWE-89"
 };
 var VULNERABILITY_HELP = {
   sql_injection: {
@@ -27754,6 +27776,10 @@ var VULNERABILITY_HELP = {
     description: "External input reaches a sensitive sink without proper validation",
     fix: "Validate, sanitize, or escape external input before use in sensitive operations"
   },
+  mybatis_mapper_call: {
+    description: "Tainted argument passed to a MyBatis mapper interface method — actual SQL lives in the mapper XML/annotation binding, so exploitability depends on whether ${...} string interpolation is used",
+    fix: "Audit the mapper XML/annotations: use #{...} parameter binding (PreparedStatement-backed) for any user-controlled value. Reject from SQL-injection reports unless ${...} interpolation is confirmed"
+  },
   "dead-code": {
     description: "Unreachable code block has no execution path from any entry point",
     fix: "Remove the unreachable block or fix the control flow that precedes it"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cognium-dev",
-  "version": "3.41.0",
+  "version": "3.42.0",
   "description": "Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -65,7 +65,7 @@
     "registry": "https://registry.npmjs.org/"
   },
   "dependencies": {
-    "circle-ir": "^3.41.0"
+    "circle-ir": "^3.42.0"
   },
   "devDependencies": {
     "@types/node": "^25.5.0",