cognium-dev 3.67.0 → 3.68.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +23 -1
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -6279,6 +6279,12 @@ function extractPythonLiteral(node) {
|
|
|
6279
6279
|
if (literalTypes.includes(node.type)) {
|
|
6280
6280
|
const text = getNodeText(node);
|
|
6281
6281
|
if (node.type === "string") {
|
|
6282
|
+
for (let i2 = 0;i2 < node.childCount; i2++) {
|
|
6283
|
+
const child = node.child(i2);
|
|
6284
|
+
if (child && child.type === "interpolation") {
|
|
6285
|
+
return null;
|
|
6286
|
+
}
|
|
6287
|
+
}
|
|
6282
6288
|
return text.replace(/^['"]|['"]$/g, "").replace(/^f['"]|['"]$/g, "");
|
|
6283
6289
|
}
|
|
6284
6290
|
return text;
|
|
@@ -16864,6 +16870,22 @@ class PythonPlugin extends BaseLanguagePlugin {
|
|
|
16864
16870
|
severity: "high",
|
|
16865
16871
|
argPositions: [0]
|
|
16866
16872
|
},
|
|
16873
|
+
{
|
|
16874
|
+
method: "urlretrieve",
|
|
16875
|
+
class: "urllib.request",
|
|
16876
|
+
type: "ssrf",
|
|
16877
|
+
cwe: "CWE-918",
|
|
16878
|
+
severity: "high",
|
|
16879
|
+
argPositions: [0]
|
|
16880
|
+
},
|
|
16881
|
+
{
|
|
16882
|
+
method: "urlretrieve",
|
|
16883
|
+
class: "urllib.request",
|
|
16884
|
+
type: "path_traversal",
|
|
16885
|
+
cwe: "CWE-22",
|
|
16886
|
+
severity: "high",
|
|
16887
|
+
argPositions: [1]
|
|
16888
|
+
},
|
|
16867
16889
|
{
|
|
16868
16890
|
method: "loads",
|
|
16869
16891
|
class: "pickle",
|
|
@@ -31354,7 +31376,7 @@ var colors = {
|
|
|
31354
31376
|
};
|
|
31355
31377
|
|
|
31356
31378
|
// src/version.ts
|
|
31357
|
-
var version = "3.
|
|
31379
|
+
var version = "3.68.0";
|
|
31358
31380
|
|
|
31359
31381
|
// src/formatters.ts
|
|
31360
31382
|
var SINK_SEVERITY = {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cognium-dev",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.68.0",
|
|
4
4
|
"description": "Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -65,7 +65,7 @@
|
|
|
65
65
|
"registry": "https://registry.npmjs.org/"
|
|
66
66
|
},
|
|
67
67
|
"dependencies": {
|
|
68
|
-
"circle-ir": "^3.
|
|
68
|
+
"circle-ir": "^3.68.0"
|
|
69
69
|
},
|
|
70
70
|
"devDependencies": {
|
|
71
71
|
"@types/node": "^25.5.0",
|