Lines 949-989javascript
950// src/output/terminal.ts
951import chalk from "chalk";
953// src/output/format.ts
954var COUNT_FORMATTER = new Intl.NumberFormat("en-US");
955function formatCount(n) {
956 return COUNT_FORMATTER.format(n);
959// src/codedna/taint-analysis.ts
962 { regex: /db\.Query\s*\(/, label: "SQL query", severity: "error", category: "sql_injection" },
963 { regex: /db\.Exec\s*\(/, label: "SQL exec", severity: "error", category: "sql_injection" },
964 { regex: /\.query\s*\(\s*[`'"]/, label: "SQL query string", severity: "error", category: "sql_injection" },
965 { regex: /cursor\.execute\s*\(/, label: "SQL execute", severity: "error", category: "sql_injection" },
966 { regex: /\.raw\s*\(/, label: "raw SQL query", severity: "error", category: "sql_injection" },
968 { regex: /exec\s*\(/, label: "command execution", severity: "error", category: "command_injection" },
969 { regex: /execSync\s*\(/, label: "sync command execution", severity: "error", category: "command_injection" },
970 { regex: /child_process/, label: "child process", severity: "error", category: "command_injection" },
971 { regex: /os\.system\s*\(/, label: "OS system call", severity: "error", category: "command_injection" },
972 { regex: /subprocess\.(?:call|run|Popen)\s*\(/, label: "subprocess call", severity: "error", category: "command_injection" },
974 { regex: /fs\.readFile\s*\(/, label: "file read", severity: "warning", category: "path_traversal" },
975 { regex: /fs\.writeFile\s*\(/, label: "file write", severity: "warning", category: "path_traversal" },
976 { regex: /os\.Open\s*\(/, label: "file open", severity: "warning", category: "path_traversal" },
977 { regex: /open\s*\(/, label: "file open", severity: "warning", category: "path_traversal" },
979 { regex: /innerHTML\s*=/, label: "HTML injection", severity: "error", category: "xss" },
980 { regex: /dangerouslySetInnerHTML/, label: "React HTML injection", severity: "error", category: "xss" },
981 { regex: /eval\s*\(/, label: "code evaluation", severity: "error", category: "code_injection" },
982 { regex: /Function\s*\(/, label: "dynamic function", severity: "error", category: "code_injection" },
983 // Outbound (lower severity)
984 { regex: /fetch\s*\(/, label: "outbound HTTP fetch", severity: "warning", category: "ssrf" },
985 { regex: /http\.Get\s*\(/, label: "outbound HTTP GET", severity: "warning", category: "ssrf" },
986 { regex: /axios\.\w+\s*\(/, label: "outbound HTTP request", severity: "warning", category: "ssrf" }
988var INJECTION_SINK_LABELS = new Set(
989 TAINT_SINKS.filter((s) => s.category === "code_injection" || s.category === "command_injection").map(