cognium-dev 3.45.0 → 3.46.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +56 -2
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -3349,6 +3349,40 @@ async function parse(code, language) {
|
|
|
3349
3349
|
}
|
|
3350
3350
|
return tree;
|
|
3351
3351
|
}
|
|
3352
|
+
function extractParseStatus(tree) {
|
|
3353
|
+
const root = tree.rootNode;
|
|
3354
|
+
if (!root.hasError) {
|
|
3355
|
+
return { success: true, has_errors: false, error_count: 0, error_locations: [] };
|
|
3356
|
+
}
|
|
3357
|
+
const MAX_LOCATIONS = 50;
|
|
3358
|
+
const locations = [];
|
|
3359
|
+
let errorCount = 0;
|
|
3360
|
+
const stack = [root];
|
|
3361
|
+
while (stack.length > 0) {
|
|
3362
|
+
const node = stack.pop();
|
|
3363
|
+
if (node.type === "ERROR" || node.isMissing) {
|
|
3364
|
+
errorCount++;
|
|
3365
|
+
if (locations.length < MAX_LOCATIONS) {
|
|
3366
|
+
locations.push({
|
|
3367
|
+
line: node.startPosition.row + 1,
|
|
3368
|
+
column: node.startPosition.column
|
|
3369
|
+
});
|
|
3370
|
+
}
|
|
3371
|
+
}
|
|
3372
|
+
for (let i2 = 0;i2 < node.childCount; i2++) {
|
|
3373
|
+
const child = node.child(i2);
|
|
3374
|
+
if (child && (child.hasError || child.isMissing)) {
|
|
3375
|
+
stack.push(child);
|
|
3376
|
+
}
|
|
3377
|
+
}
|
|
3378
|
+
}
|
|
3379
|
+
return {
|
|
3380
|
+
success: false,
|
|
3381
|
+
has_errors: true,
|
|
3382
|
+
error_count: errorCount,
|
|
3383
|
+
error_locations: locations
|
|
3384
|
+
};
|
|
3385
|
+
}
|
|
3352
3386
|
function disposeTree(tree) {
|
|
3353
3387
|
if (!tree)
|
|
3354
3388
|
return;
|
|
@@ -27509,6 +27543,15 @@ async function analyze(code, filePath, language, options = {}) {
|
|
|
27509
27543
|
const tree = await parse(code, language);
|
|
27510
27544
|
try {
|
|
27511
27545
|
logger.trace("Parsed AST", { rootNodeType: tree.rootNode.type });
|
|
27546
|
+
const parseStatus = extractParseStatus(tree);
|
|
27547
|
+
if (parseStatus.has_errors) {
|
|
27548
|
+
logger.warn("Partial parse — IR may be incomplete", {
|
|
27549
|
+
filePath,
|
|
27550
|
+
language,
|
|
27551
|
+
errorCount: parseStatus.error_count,
|
|
27552
|
+
firstErrorLine: parseStatus.error_locations[0]?.line
|
|
27553
|
+
});
|
|
27554
|
+
}
|
|
27512
27555
|
const nodeCache = collectAllNodes(tree.rootNode, getNodeTypesForLanguage(language));
|
|
27513
27556
|
const meta = extractMeta(code, tree, filePath, language);
|
|
27514
27557
|
const types = extractTypes(tree, nodeCache, language);
|
|
@@ -27645,7 +27688,8 @@ async function analyze(code, filePath, language, options = {}) {
|
|
|
27645
27688
|
enriched,
|
|
27646
27689
|
findings: findings.length > 0 ? findings : undefined,
|
|
27647
27690
|
metrics: { file: filePath, metrics: metricValues },
|
|
27648
|
-
runtime_registrations: runtimeRegistrations.length > 0 ? runtimeRegistrations : undefined
|
|
27691
|
+
runtime_registrations: runtimeRegistrations.length > 0 ? runtimeRegistrations : undefined,
|
|
27692
|
+
parse_status: parseStatus
|
|
27649
27693
|
};
|
|
27650
27694
|
} finally {
|
|
27651
27695
|
disposeTree(tree);
|
|
@@ -27656,6 +27700,15 @@ async function analyzeHtmlFile(code, filePath, options) {
|
|
|
27656
27700
|
const tree = await parse(code, "html");
|
|
27657
27701
|
try {
|
|
27658
27702
|
const meta = extractMeta(code, tree, filePath, "html");
|
|
27703
|
+
const htmlParseStatus = extractParseStatus(tree);
|
|
27704
|
+
if (htmlParseStatus.has_errors) {
|
|
27705
|
+
logger.warn("Partial parse — IR may be incomplete", {
|
|
27706
|
+
filePath,
|
|
27707
|
+
language: "html",
|
|
27708
|
+
errorCount: htmlParseStatus.error_count,
|
|
27709
|
+
firstErrorLine: htmlParseStatus.error_locations[0]?.line
|
|
27710
|
+
});
|
|
27711
|
+
}
|
|
27659
27712
|
const { scriptBlocks, eventHandlers } = extractHtmlContent(tree.rootNode);
|
|
27660
27713
|
logger.debug("HTML extraction", {
|
|
27661
27714
|
filePath,
|
|
@@ -27695,6 +27748,7 @@ async function analyzeHtmlFile(code, filePath, options) {
|
|
|
27695
27748
|
}
|
|
27696
27749
|
const attributeFindings = runHtmlAttributeSecurityChecks(tree.rootNode, filePath);
|
|
27697
27750
|
const result = mergeHtmlResults(meta, scriptResults, attributeFindings);
|
|
27751
|
+
result.parse_status = htmlParseStatus;
|
|
27698
27752
|
logger.debug("HTML analysis complete", {
|
|
27699
27753
|
filePath,
|
|
27700
27754
|
scriptBlocks: scriptResults.length,
|
|
@@ -27794,7 +27848,7 @@ var colors = {
|
|
|
27794
27848
|
};
|
|
27795
27849
|
|
|
27796
27850
|
// src/version.ts
|
|
27797
|
-
var version = "3.
|
|
27851
|
+
var version = "3.46.0";
|
|
27798
27852
|
|
|
27799
27853
|
// src/formatters.ts
|
|
27800
27854
|
var SINK_SEVERITY = {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cognium-dev",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.46.0",
|
|
4
4
|
"description": "Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -65,7 +65,7 @@
|
|
|
65
65
|
"registry": "https://registry.npmjs.org/"
|
|
66
66
|
},
|
|
67
67
|
"dependencies": {
|
|
68
|
-
"circle-ir": "^3.
|
|
68
|
+
"circle-ir": "^3.46.0"
|
|
69
69
|
},
|
|
70
70
|
"devDependencies": {
|
|
71
71
|
"@types/node": "^25.5.0",
|