cognium-dev 3.50.0 → 3.51.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/cli.js +27 -2
  2. package/package.json +2 -2
package/dist/cli.js CHANGED
@@ -12063,6 +12063,12 @@ function receiverMightBeClass(receiver, className) {
12063
12063
  return true;
12064
12064
  }
12065
12065
  }
12066
+ const goTemplateFactoryMatch = receiver.match(/\.(Must|New|Parse|ParseFiles|ParseGlob|ParseFS|Clone|Funcs|Option|Lookup|Delims)\(.+\)$/);
12067
+ if (goTemplateFactoryMatch && className === "Template") {
12068
+ if (/(?:^|\b)template\./.test(receiver) || /(?:^|\b)tmpl\./.test(receiver)) {
12069
+ return true;
12070
+ }
12071
+ }
12066
12072
  }
12067
12073
  if (receiver.includes("::") && receiver.endsWith(")")) {
12068
12074
  const scopedMatch = receiver.match(/^(\w+)::(\w+)\(.*\)$/);
@@ -12119,7 +12125,8 @@ function receiverMightBeClass(receiver, className) {
12119
12125
  em: ["EntityManager"],
12120
12126
  ps: ["PreparedStatement"],
12121
12127
  rs: ["ResultSet"],
12122
- template: ["JdbcTemplate"],
12128
+ template: ["JdbcTemplate", "Template"],
12129
+ tmpl: ["Template"],
12123
12130
  cur: ["Cursor"],
12124
12131
  cursor: ["Cursor"],
12125
12132
  writer: ["PrintWriter"],
@@ -17254,6 +17261,22 @@ class GoPlugin extends BaseLanguagePlugin {
17254
17261
  severity: "high",
17255
17262
  argPositions: [0]
17256
17263
  },
17264
+ {
17265
+ method: "Execute",
17266
+ class: "Template",
17267
+ type: "xss",
17268
+ cwe: "CWE-79",
17269
+ severity: "high",
17270
+ argPositions: [1]
17271
+ },
17272
+ {
17273
+ method: "ExecuteTemplate",
17274
+ class: "Template",
17275
+ type: "xss",
17276
+ cwe: "CWE-79",
17277
+ severity: "high",
17278
+ argPositions: [2]
17279
+ },
17257
17280
  {
17258
17281
  method: "Get",
17259
17282
  class: "http",
@@ -28482,7 +28505,7 @@ var colors = {
28482
28505
  };
28483
28506
 
28484
28507
  // src/version.ts
28485
- var version = "3.50.0";
28508
+ var version = "3.51.0";
28486
28509
 
28487
28510
  // src/formatters.ts
28488
28511
  var SINK_SEVERITY = {
@@ -29264,7 +29287,9 @@ function isTestFile2(filePath) {
29264
29287
  var LANG_MAP = {
29265
29288
  ".java": "java",
29266
29289
  ".js": "javascript",
29290
+ ".jsx": "javascript",
29267
29291
  ".mjs": "javascript",
29292
+ ".cjs": "javascript",
29268
29293
  ".ts": "typescript",
29269
29294
  ".tsx": "typescript",
29270
29295
  ".py": "python",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cognium-dev",
3
- "version": "3.50.0",
3
+ "version": "3.51.0",
4
4
  "description": "Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -65,7 +65,7 @@
65
65
  "registry": "https://registry.npmjs.org/"
66
66
  },
67
67
  "dependencies": {
68
- "circle-ir": "^3.50.0"
68
+ "circle-ir": "^3.51.0"
69
69
  },
70
70
  "devDependencies": {
71
71
  "@types/node": "^25.5.0",