cognium-dev 3.43.0 → 3.44.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/cli.js +16 -1
  2. package/package.json +2 -2
package/dist/cli.js CHANGED
@@ -11772,6 +11772,11 @@ function isKnownSafeReceiverForMethod(receiver, method, sinkType) {
11772
11772
  }
11773
11773
  return false;
11774
11774
  }
11775
+ var SINK_FQN_EXCLUSIONS = {
11776
+ sql_injection: [
11777
+ "net.sf.jsqlparser."
11778
+ ]
11779
+ };
11775
11780
  function matchesSinkPattern(call, pattern, typeHierarchy, language) {
11776
11781
  if (pattern.languages && pattern.languages.length > 0 && language !== undefined) {
11777
11782
  if (!pattern.languages.includes(language)) {
@@ -11788,6 +11793,16 @@ function matchesSinkPattern(call, pattern, typeHierarchy, language) {
11788
11793
  if (!methodMatches) {
11789
11794
  return false;
11790
11795
  }
11796
+ if (call.receiver_type_fqn) {
11797
+ const exclusions = SINK_FQN_EXCLUSIONS[pattern.type];
11798
+ if (exclusions) {
11799
+ for (const prefix of exclusions) {
11800
+ if (call.receiver_type_fqn.startsWith(prefix)) {
11801
+ return false;
11802
+ }
11803
+ }
11804
+ }
11805
+ }
11791
11806
  if (pattern.class) {
11792
11807
  if (pattern.class === "constructor") {
11793
11808
  return true;
@@ -27779,7 +27794,7 @@ var colors = {
27779
27794
  };
27780
27795
 
27781
27796
  // src/version.ts
27782
- var version = "3.43.0";
27797
+ var version = "3.44.0";
27783
27798
 
27784
27799
  // src/formatters.ts
27785
27800
  var SINK_SEVERITY = {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cognium-dev",
3
- "version": "3.43.0",
3
+ "version": "3.44.0",
4
4
  "description": "Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -65,7 +65,7 @@
65
65
  "registry": "https://registry.npmjs.org/"
66
66
  },
67
67
  "dependencies": {
68
- "circle-ir": "^3.43.0"
68
+ "circle-ir": "^3.44.0"
69
69
  },
70
70
  "devDependencies": {
71
71
  "@types/node": "^25.5.0",