cognium-dev 3.47.0 → 3.48.0

package/dist/cli.js

@@ -3391,11 +3391,14 @@ function disposeTree(tree) {
   } catch {}
 }
 function walkTree(node, visitor) {
-  visitor(node);
-  for (let i2 = 0;i2 < node.childCount; i2++) {
-    const child = node.child(i2);
-    if (child) {
-      walkTree(child, visitor);
+  const stack = [node];
+  while (stack.length > 0) {
+    const current = stack.pop();
+    visitor(current);
+    for (let i2 = current.childCount - 1;i2 >= 0; i2--) {
+      const child = current.child(i2);
+      if (child)
+        stack.push(child);
     }
   }
 }
@@ -13202,9 +13205,11 @@ class ConstantPropagator {
     return findAssignments(methodBody);
   }
   collectClassFields(root) {
-    const traverse = (n, inClass, inMethod) => {
+    const stack = [root];
+    while (stack.length > 0) {
+      const n = stack.pop();
       if (!n)
-        return;
+        continue;
       if (n.type === "class_body") {
         for (const child of n.children) {
           if (child.type === "field_declaration") {
@@ -13218,34 +13223,30 @@ class ConstantPropagator {
               }
             }
           }
-          if (child.type === "method_declaration" || child.type === "constructor_declaration") {
-            traverse(child, true, true);
-          } else {
-            traverse(child, true, false);
-          }
+          stack.push(child);
         }
-        return;
+        continue;
       }
       for (const child of n.children) {
-        traverse(child, inClass, inMethod);
+        stack.push(child);
       }
-    };
-    traverse(root, false, false);
+    }
   }
   findAllMethods(node) {
     const methods = [];
-    const traverse = (n) => {
+    const stack = [node];
+    while (stack.length > 0) {
+      const n = stack.pop();
       if (!n)
-        return;
+        continue;
       if (n.type === "method_declaration" || n.type === "function_declaration") {
         methods.push(n);
       }
       for (const child of n.children) {
         if (child)
-          traverse(child);
+          stack.push(child);
       }
-    };
-    traverse(node);
+    }
     return methods;
   }
   getMethodName(method) {
@@ -13290,9 +13291,20 @@ class ConstantPropagator {
     }
   }
   visit(node) {
+    const stack = [node];
+    while (stack.length > 0) {
+      const current = stack.pop();
+      if (this.visitOne(current))
+        continue;
+      for (let i2 = current.children.length - 1;i2 >= 0; i2--) {
+        stack.push(current.children[i2]);
+      }
+    }
+  }
+  visitOne(node) {
     const line = getNodeLine(node);
     if (this.unreachableLines.has(line)) {
-      return;
+      return true;
     }
     if (this.conditionStack.length > 0 && !this.lineConditions.has(line)) {
       this.lineConditions.set(line, this.conditionStack[this.conditionStack.length - 1]);
@@ -13301,42 +13313,40 @@ class ConstantPropagator {
       case "method_declaration":
       case "constructor_declaration":
         this.handleMethodDeclaration(node);
-        return;
+        return true;
       case "local_variable_declaration":
         this.handleVariableDeclaration(node);
-        break;
+        return false;
       case "assignment_expression":
         this.handleAssignment(node);
-        break;
+        return false;
       case "update_expression":
         this.handleUpdateExpression(node);
-        break;
+        return false;
       case "if_statement":
         this.handleIfStatement(node);
-        return;
+        return true;
       case "switch_expression":
       case "switch_statement":
         this.handleSwitch(node);
-        return;
+        return true;
       case "ternary_expression":
         this.handleTernary(node);
-        break;
+        return false;
       case "expression_statement":
         this.handleExpressionStatement(node);
-        break;
+        return false;
       case "for_statement":
       case "enhanced_for_statement":
       case "while_statement":
       case "do_statement":
         this.handleLoopStatement(node);
-        return;
+        return true;
       case "synchronized_statement":
         this.handleSynchronizedStatement(node);
-        return;
+        return true;
       default:
-        for (const child of node.children) {
-          this.visit(child);
-        }
+        return false;
     }
   }
   handleMethodDeclaration(node) {
@@ -14038,6 +14048,21 @@ class ConstantPropagator {
     return null;
   }
   isTaintedExpression(node) {
+    const stack = [node];
+    while (stack.length > 0) {
+      const current = stack.pop();
+      const result = this.isTaintedExpressionStep(current);
+      if (result === true)
+        return true;
+      if (result === false)
+        continue;
+      for (let i2 = current.children.length - 1;i2 >= 0; i2--) {
+        stack.push(current.children[i2]);
+      }
+    }
+    return false;
+  }
+  isTaintedExpressionStep(node) {
     const text = getNodeText2(node, this.source);
     if (node.type === "method_invocation") {
       const nameNode = node.childForFieldName("name");
@@ -14290,12 +14315,7 @@ class ConstantPropagator {
       }
       return isTainted;
     }
-    for (const child of node.children) {
-      if (this.isTaintedExpression(child)) {
-        return true;
-      }
-    }
-    return false;
+    return;
   }
   checkCollectionTaint(node) {
     const objectNode = node.childForFieldName("object");
@@ -14597,19 +14617,18 @@ class BaseLanguagePlugin {
   }
   findNodes(root, type) {
     const nodes = [];
-    const cursor = root.walk();
-    const visit = () => {
-      if (cursor.nodeType === type) {
-        nodes.push(cursor.currentNode);
+    const stack = [root];
+    while (stack.length > 0) {
+      const node = stack.pop();
+      if (node.type === type) {
+        nodes.push(node);
       }
-      if (cursor.gotoFirstChild()) {
-        do {
-          visit();
-        } while (cursor.gotoNextSibling());
-        cursor.gotoParent();
+      for (let i2 = node.childCount - 1;i2 >= 0; i2--) {
+        const child = node.child(i2);
+        if (child)
+          stack.push(child);
       }
-    };
-    visit();
+    }
     return nodes;
   }
   findChildByType(node, type) {
@@ -14930,17 +14949,18 @@ class JavaPlugin extends BaseLanguagePlugin {
         }
       }
     };
-    const walk = (node) => {
+    const stack = [tree.rootNode];
+    while (stack.length > 0) {
+      const node = stack.pop();
       if (node.type === "field_declaration" || node.type === "local_variable_declaration") {
         collectDecl(node);
       }
       for (let i2 = 0;i2 < node.childCount; i2++) {
         const child = node.child(i2);
         if (child)
-          walk(child);
+          stack.push(child);
       }
-    };
-    walk(tree.rootNode);
+    }
     this._typeMapCache.set(tree, map);
     return map;
   }
@@ -19455,16 +19475,19 @@ function extractHtmlContent(rootNode) {
   return { scriptBlocks, eventHandlers };
 }
 function walkNode(node, scriptBlocks, eventHandlers) {
-  if (node.type === "script_element") {
-    extractScriptBlock(node, scriptBlocks);
-  }
-  if (node.type === "element" || node.type === "self_closing_tag") {
-    extractEventHandlers(node, eventHandlers);
-  }
-  for (let i2 = 0;i2 < node.childCount; i2++) {
-    const child = node.child(i2);
-    if (child) {
-      walkNode(child, scriptBlocks, eventHandlers);
+  const stack = [node];
+  while (stack.length > 0) {
+    const current = stack.pop();
+    if (current.type === "script_element") {
+      extractScriptBlock(current, scriptBlocks);
+    }
+    if (current.type === "element" || current.type === "self_closing_tag") {
+      extractEventHandlers(current, eventHandlers);
+    }
+    for (let i2 = current.childCount - 1;i2 >= 0; i2--) {
+      const child = current.child(i2);
+      if (child)
+        stack.push(child);
     }
   }
 }
@@ -19569,13 +19592,16 @@ function runHtmlAttributeSecurityChecks(rootNode, filePath) {
   return findings;
 }
 function walkForSecurityChecks(node, filePath, findings) {
-  if (node.type === "element" || node.type === "self_closing_tag" || node.type === "script_element" || node.type === "style_element") {
-    checkElement(node, filePath, findings);
-  }
-  for (let i2 = 0;i2 < node.childCount; i2++) {
-    const child = node.child(i2);
-    if (child) {
-      walkForSecurityChecks(child, filePath, findings);
+  const stack = [node];
+  while (stack.length > 0) {
+    const current = stack.pop();
+    if (current.type === "element" || current.type === "self_closing_tag" || current.type === "script_element" || current.type === "style_element") {
+      checkElement(current, filePath, findings);
+    }
+    for (let i2 = current.childCount - 1;i2 >= 0; i2--) {
+      const child = current.child(i2);
+      if (child)
+        stack.push(child);
     }
   }
 }
@@ -28058,7 +28084,7 @@ var colors = {
 };
 
 // src/version.ts
-var version = "3.47.0";
+var version = "3.48.0";
 
 // src/formatters.ts
 var SINK_SEVERITY = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cognium-dev",
-  "version": "3.47.0",
+  "version": "3.48.0",
   "description": "Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -65,7 +65,7 @@
     "registry": "https://registry.npmjs.org/"
   },
   "dependencies": {
-    "circle-ir": "^3.47.0"
+    "circle-ir": "^3.48.0"
   },
   "devDependencies": {
     "@types/node": "^25.5.0",