cognium-dev 3.78.0 → 3.79.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +12 -3
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -29772,8 +29772,9 @@ class WeakCryptoPass {
|
|
|
29772
29772
|
const receiver = call.receiver ?? "";
|
|
29773
29773
|
const out2 = [];
|
|
29774
29774
|
if (language === "java") {
|
|
29775
|
-
const
|
|
29776
|
-
|
|
29775
|
+
const isCipherInstance = method === "getInstance" && (receiver === "Cipher" || receiver.endsWith(".Cipher"));
|
|
29776
|
+
const isKeyGenInstance = method === "getInstance" && (receiver === "KeyGenerator" || receiver.endsWith(".KeyGenerator"));
|
|
29777
|
+
if (isCipherInstance) {
|
|
29777
29778
|
const spec = literalAlgo2(call, 0);
|
|
29778
29779
|
if (spec) {
|
|
29779
29780
|
const { weakBase, ecb } = classifyJavaCipherSpec(spec);
|
|
@@ -29783,6 +29784,14 @@ class WeakCryptoPass {
|
|
|
29783
29784
|
if (ecb)
|
|
29784
29785
|
out2.push({ issue: "ecb-mode", detail: spec, api });
|
|
29785
29786
|
}
|
|
29787
|
+
} else if (isKeyGenInstance) {
|
|
29788
|
+
const spec = literalAlgo2(call, 0);
|
|
29789
|
+
if (spec) {
|
|
29790
|
+
const { weakBase } = classifyJavaCipherSpec(spec);
|
|
29791
|
+
const api = `${receiver}.getInstance`;
|
|
29792
|
+
if (weakBase)
|
|
29793
|
+
out2.push({ issue: "weak-cipher", detail: weakBase, api });
|
|
29794
|
+
}
|
|
29786
29795
|
}
|
|
29787
29796
|
if (method === "IvParameterSpec" && isJavaCtor(call, "IvParameterSpec")) {
|
|
29788
29797
|
const ivDetail = detectStaticIvJava(call);
|
|
@@ -32606,7 +32615,7 @@ var colors = {
|
|
|
32606
32615
|
};
|
|
32607
32616
|
|
|
32608
32617
|
// src/version.ts
|
|
32609
|
-
var version = "3.
|
|
32618
|
+
var version = "3.79.0";
|
|
32610
32619
|
|
|
32611
32620
|
// src/formatters.ts
|
|
32612
32621
|
var SINK_SEVERITY = {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cognium-dev",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.79.0",
|
|
4
4
|
"description": "Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -65,7 +65,7 @@
|
|
|
65
65
|
"registry": "https://registry.npmjs.org/"
|
|
66
66
|
},
|
|
67
67
|
"dependencies": {
|
|
68
|
-
"circle-ir": "^3.
|
|
68
|
+
"circle-ir": "^3.79.0"
|
|
69
69
|
},
|
|
70
70
|
"devDependencies": {
|
|
71
71
|
"@types/node": "^25.5.0",
|