cognium-dev 3.71.0 → 3.72.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +95 -20
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -11116,6 +11116,29 @@ var DEFAULT_SINKS = [
|
|
|
11116
11116
|
{ method: "debug", class: "console", type: "log_injection", cwe: "CWE-117", severity: "low", arg_positions: [0, 1, 2, 3], languages: ["javascript", "typescript"] },
|
|
11117
11117
|
{ method: "trace", class: "console", type: "log_injection", cwe: "CWE-117", severity: "low", arg_positions: [0, 1, 2, 3], languages: ["javascript", "typescript"] },
|
|
11118
11118
|
{ method: "redirect", type: "open_redirect", cwe: "CWE-601", severity: "medium", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11119
|
+
{ method: "search", class: "ldap", type: "ldap_injection", cwe: "CWE-90", severity: "high", arg_positions: [1, 2], languages: ["javascript", "typescript"] },
|
|
11120
|
+
{ method: "searchSync", class: "ldap", type: "ldap_injection", cwe: "CWE-90", severity: "high", arg_positions: [1, 2], languages: ["javascript", "typescript"] },
|
|
11121
|
+
{ method: "search", class: "ldapjs", type: "ldap_injection", cwe: "CWE-90", severity: "high", arg_positions: [1, 2], languages: ["javascript", "typescript"] },
|
|
11122
|
+
{ method: "searchSync", class: "ldapjs", type: "ldap_injection", cwe: "CWE-90", severity: "high", arg_positions: [1, 2], languages: ["javascript", "typescript"] },
|
|
11123
|
+
{ method: "select", class: "xpath", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11124
|
+
{ method: "select1", class: "xpath", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11125
|
+
{ method: "evaluate", class: "xpath", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11126
|
+
{ method: "parse", class: "xpath", type: "xpath_injection", cwe: "CWE-643", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11127
|
+
{ method: "parseXml", class: "libxml", type: "xxe", cwe: "CWE-611", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11128
|
+
{ method: "parseXmlString", class: "libxml", type: "xxe", cwe: "CWE-611", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11129
|
+
{ method: "parseXml", class: "libxmljs", type: "xxe", cwe: "CWE-611", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11130
|
+
{ method: "parseXmlString", class: "libxmljs", type: "xxe", cwe: "CWE-611", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11131
|
+
{ method: "parseFromString", class: "DOMParser", type: "xxe", cwe: "CWE-611", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11132
|
+
{ method: "parseFromString", class: "xmldom", type: "xxe", cwe: "CWE-611", severity: "high", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11133
|
+
{ method: "render", class: "ejs", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11134
|
+
{ method: "compile", class: "ejs", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11135
|
+
{ method: "render", class: "handlebars", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11136
|
+
{ method: "compile", class: "handlebars", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11137
|
+
{ method: "render", class: "pug", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11138
|
+
{ method: "compile", class: "pug", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11139
|
+
{ method: "render", class: "mustache", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11140
|
+
{ method: "render", class: "nunjucks", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11141
|
+
{ method: "renderString", class: "nunjucks", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0], languages: ["javascript", "typescript"] },
|
|
11119
11142
|
{ method: "system", class: "os", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
|
|
11120
11143
|
{ method: "popen", class: "os", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
|
|
11121
11144
|
{ method: "run", class: "subprocess", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
|
|
@@ -11192,6 +11215,13 @@ var DEFAULT_SINKS = [
|
|
|
11192
11215
|
{ method: "delete_one", class: "Collection", type: "nosql_injection", cwe: "CWE-943", severity: "critical", arg_positions: [0] },
|
|
11193
11216
|
{ method: "delete_many", class: "Collection", type: "nosql_injection", cwe: "CWE-943", severity: "critical", arg_positions: [0] },
|
|
11194
11217
|
{ method: "aggregate", class: "Collection", type: "nosql_injection", cwe: "CWE-943", severity: "critical", arg_positions: [0] },
|
|
11218
|
+
{ method: "find_one", type: "nosql_injection", cwe: "CWE-943", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
11219
|
+
{ method: "update_one", type: "nosql_injection", cwe: "CWE-943", severity: "critical", arg_positions: [0, 1], languages: ["python"] },
|
|
11220
|
+
{ method: "update_many", type: "nosql_injection", cwe: "CWE-943", severity: "critical", arg_positions: [0, 1], languages: ["python"] },
|
|
11221
|
+
{ method: "delete_one", type: "nosql_injection", cwe: "CWE-943", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
11222
|
+
{ method: "delete_many", type: "nosql_injection", cwe: "CWE-943", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
11223
|
+
{ method: "replace_one", type: "nosql_injection", cwe: "CWE-943", severity: "critical", arg_positions: [0, 1], languages: ["python"] },
|
|
11224
|
+
{ method: "count_documents", type: "nosql_injection", cwe: "CWE-943", severity: "critical", arg_positions: [0], languages: ["python"] },
|
|
11195
11225
|
{ method: "from_string", class: "Template", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
11196
11226
|
{ method: "Template", class: "jinja2", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
11197
11227
|
{ method: "Template", class: "mako", type: "code_injection", cwe: "CWE-94", severity: "critical", arg_positions: [0] },
|
|
@@ -11200,6 +11230,13 @@ var DEFAULT_SINKS = [
|
|
|
11200
11230
|
{ method: "error", class: "logger", type: "log_injection", cwe: "CWE-117", severity: "low", arg_positions: [0] },
|
|
11201
11231
|
{ method: "debug", class: "logger", type: "log_injection", cwe: "CWE-117", severity: "low", arg_positions: [0] },
|
|
11202
11232
|
{ method: "critical", class: "logger", type: "log_injection", cwe: "CWE-117", severity: "low", arg_positions: [0] },
|
|
11233
|
+
{ method: "info", class: "logging", type: "log_injection", cwe: "CWE-117", severity: "low", arg_positions: [0] },
|
|
11234
|
+
{ method: "warning", class: "logging", type: "log_injection", cwe: "CWE-117", severity: "low", arg_positions: [0] },
|
|
11235
|
+
{ method: "error", class: "logging", type: "log_injection", cwe: "CWE-117", severity: "low", arg_positions: [0] },
|
|
11236
|
+
{ method: "debug", class: "logging", type: "log_injection", cwe: "CWE-117", severity: "low", arg_positions: [0] },
|
|
11237
|
+
{ method: "critical", class: "logging", type: "log_injection", cwe: "CWE-117", severity: "low", arg_positions: [0] },
|
|
11238
|
+
{ method: "log", class: "logging", type: "log_injection", cwe: "CWE-117", severity: "low", arg_positions: [1] },
|
|
11239
|
+
{ method: "exception", class: "logging", type: "log_injection", cwe: "CWE-117", severity: "low", arg_positions: [0] },
|
|
11203
11240
|
{ method: "command", class: "ProcessBuilder", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
|
|
11204
11241
|
{ method: "inheritIO", class: "ProcessBuilder", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [] },
|
|
11205
11242
|
{ method: "step", class: "StepExecution", type: "command_injection", cwe: "CWE-78", severity: "critical", arg_positions: [0] },
|
|
@@ -15192,6 +15229,9 @@ function isFalsePositive(result, sinkLine, taintedVar) {
|
|
|
15192
15229
|
if (varValue && varValue.type !== "unknown" && !result.tainted.has(taintedVar)) {
|
|
15193
15230
|
return { isFalsePositive: true, reason: `variable_is_constant: ${varValue.value}` };
|
|
15194
15231
|
}
|
|
15232
|
+
if (taintedVar.startsWith("self.") || taintedVar.startsWith("this.")) {
|
|
15233
|
+
return { isFalsePositive: false, reason: null };
|
|
15234
|
+
}
|
|
15195
15235
|
if (result.symbols.has(taintedVar) && !result.tainted.has(taintedVar)) {
|
|
15196
15236
|
return { isFalsePositive: true, reason: "variable_not_tainted" };
|
|
15197
15237
|
}
|
|
@@ -21139,15 +21179,18 @@ function findGetterSources(types, instanceFieldTaint, _sourceCode) {
|
|
|
21139
21179
|
return sources;
|
|
21140
21180
|
}
|
|
21141
21181
|
function findOopFieldReadSources(types, sourceCode, language) {
|
|
21142
|
-
if (language !== "java" && language !== "python")
|
|
21182
|
+
if (language !== "java" && language !== "python" && language !== "javascript" && language !== "typescript")
|
|
21143
21183
|
return [];
|
|
21144
21184
|
const sources = [];
|
|
21145
21185
|
const lines = sourceCode.split(`
|
|
21146
21186
|
`);
|
|
21147
21187
|
const isPython = language === "python";
|
|
21188
|
+
const isJs = language === "javascript" || language === "typescript";
|
|
21189
|
+
const isJava = language === "java";
|
|
21148
21190
|
const SELF = isPython ? "self" : "this";
|
|
21149
21191
|
const javaHttpPattern = /\b(?:req|request|httpRequest|servletRequest|httpServletRequest)\.(?:getParameter|getParameterValues|getParameterMap|getHeader|getHeaders|getCookies|getQueryString|getPathInfo|getRequestURI|getRequestURL|getInputStream|getReader)\b/;
|
|
21150
21192
|
const fieldAssignRe = new RegExp(`^\\s*${SELF}\\.([A-Za-z_]\\w*)\\s*=\\s*(.+?)(?:;\\s*)?$`);
|
|
21193
|
+
const fieldAssignReG = new RegExp(`${SELF}\\.([A-Za-z_]\\w*)\\s*=\\s*([^;}\\n]+)`, "g");
|
|
21151
21194
|
const commentPrefix = isPython ? "#" : "//";
|
|
21152
21195
|
for (const type of types) {
|
|
21153
21196
|
if (type.kind !== "class")
|
|
@@ -21161,7 +21204,12 @@ function findOopFieldReadSources(types, sourceCode, language) {
|
|
|
21161
21204
|
ctor = m;
|
|
21162
21205
|
break;
|
|
21163
21206
|
}
|
|
21164
|
-
} else {
|
|
21207
|
+
} else if (isJs) {
|
|
21208
|
+
if (m.name === "constructor") {
|
|
21209
|
+
ctor = m;
|
|
21210
|
+
break;
|
|
21211
|
+
}
|
|
21212
|
+
} else if (isJava) {
|
|
21165
21213
|
if (m.name === type.name) {
|
|
21166
21214
|
ctor = m;
|
|
21167
21215
|
break;
|
|
@@ -21183,26 +21231,44 @@ function findOopFieldReadSources(types, sourceCode, language) {
|
|
|
21183
21231
|
const line = lines[i2] ?? "";
|
|
21184
21232
|
if (line.trim().startsWith(commentPrefix))
|
|
21185
21233
|
continue;
|
|
21186
|
-
const
|
|
21187
|
-
|
|
21234
|
+
const pairs = [];
|
|
21235
|
+
const anchored = line.match(fieldAssignRe);
|
|
21236
|
+
if (anchored)
|
|
21237
|
+
pairs.push({ field: anchored[1], rhs: anchored[2].trim().replace(/;\s*$/, "") });
|
|
21238
|
+
if (isJs) {
|
|
21239
|
+
for (const m of line.matchAll(fieldAssignReG)) {
|
|
21240
|
+
const field = m[1];
|
|
21241
|
+
const rhs = m[2].trim().replace(/;\s*$/, "");
|
|
21242
|
+
if (!pairs.some((p) => p.field === field))
|
|
21243
|
+
pairs.push({ field, rhs });
|
|
21244
|
+
}
|
|
21245
|
+
}
|
|
21246
|
+
if (pairs.length === 0)
|
|
21188
21247
|
continue;
|
|
21189
|
-
const fieldName
|
|
21190
|
-
|
|
21191
|
-
|
|
21192
|
-
|
|
21193
|
-
|
|
21194
|
-
|
|
21195
|
-
|
|
21196
|
-
|
|
21197
|
-
|
|
21198
|
-
|
|
21199
|
-
|
|
21200
|
-
|
|
21248
|
+
for (const { field: fieldName, rhs } of pairs) {
|
|
21249
|
+
let sourceType = null;
|
|
21250
|
+
if (paramNames.has(rhs)) {
|
|
21251
|
+
sourceType = "interprocedural_param";
|
|
21252
|
+
} else if (isJava && javaHttpPattern.test(rhs)) {
|
|
21253
|
+
sourceType = "http_param";
|
|
21254
|
+
} else if (isPython) {
|
|
21255
|
+
for (const { pattern, type: type2 } of PYTHON_TAINTED_PATTERNS2) {
|
|
21256
|
+
if (pattern.test(rhs)) {
|
|
21257
|
+
sourceType = type2;
|
|
21258
|
+
break;
|
|
21259
|
+
}
|
|
21260
|
+
}
|
|
21261
|
+
} else if (isJs) {
|
|
21262
|
+
for (const { pattern, type: type2 } of JS_TAINTED_PATTERNS) {
|
|
21263
|
+
if (pattern.test(rhs)) {
|
|
21264
|
+
sourceType = type2;
|
|
21265
|
+
break;
|
|
21266
|
+
}
|
|
21201
21267
|
}
|
|
21202
21268
|
}
|
|
21203
|
-
|
|
21204
|
-
|
|
21205
|
-
|
|
21269
|
+
if (sourceType) {
|
|
21270
|
+
fieldTaint.set(fieldName, { line: i2 + 1, type: sourceType });
|
|
21271
|
+
}
|
|
21206
21272
|
}
|
|
21207
21273
|
}
|
|
21208
21274
|
if (fieldTaint.size === 0)
|
|
@@ -22075,11 +22141,20 @@ class SinkFilterPass {
|
|
|
22075
22141
|
const { pyTaintedVars, pySanitizedVars } = langSources;
|
|
22076
22142
|
const sourceLines = ctx.code.split(`
|
|
22077
22143
|
`);
|
|
22144
|
+
const oopFieldVars = new Set;
|
|
22145
|
+
for (const s of sources) {
|
|
22146
|
+
if (s.variable && s.variable.startsWith("self.")) {
|
|
22147
|
+
oopFieldVars.add(s.variable);
|
|
22148
|
+
}
|
|
22149
|
+
}
|
|
22078
22150
|
filtered = filtered.filter((sink) => {
|
|
22079
22151
|
if (sink.type !== "xpath_injection")
|
|
22080
22152
|
return true;
|
|
22081
22153
|
const sinkLineText = sourceLines[sink.line - 1] ?? "";
|
|
22082
22154
|
const taintedVarOnLine = [...pyTaintedVars.keys()].find((v) => new RegExp(`\\b${v}\\b`).test(sinkLineText));
|
|
22155
|
+
const oopVarOnLine = [...oopFieldVars].find((v) => sinkLineText.includes(v));
|
|
22156
|
+
if (oopVarOnLine)
|
|
22157
|
+
return true;
|
|
22083
22158
|
if (!taintedVarOnLine)
|
|
22084
22159
|
return false;
|
|
22085
22160
|
if (pySanitizedVars.has(taintedVarOnLine))
|
|
@@ -32001,7 +32076,7 @@ var colors = {
|
|
|
32001
32076
|
};
|
|
32002
32077
|
|
|
32003
32078
|
// src/version.ts
|
|
32004
|
-
var version = "3.
|
|
32079
|
+
var version = "3.72.0";
|
|
32005
32080
|
|
|
32006
32081
|
// src/formatters.ts
|
|
32007
32082
|
var SINK_SEVERITY = {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cognium-dev",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.72.0",
|
|
4
4
|
"description": "Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -65,7 +65,7 @@
|
|
|
65
65
|
"registry": "https://registry.npmjs.org/"
|
|
66
66
|
},
|
|
67
67
|
"dependencies": {
|
|
68
|
-
"circle-ir": "^3.
|
|
68
|
+
"circle-ir": "^3.72.0"
|
|
69
69
|
},
|
|
70
70
|
"devDependencies": {
|
|
71
71
|
"@types/node": "^25.5.0",
|