Skip to content

cognium-dev v3.36.0

Choose a tag to compare

View all tags
@openmason openmason released this 12 Jun 01:25
· 31 commits to main since this release
cognium-dev-v3.36.0
3b6a8f9

Changed

circle-ir upgraded 3.35.0 → 3.36.0 — fixes a long-standing structural defect that left result.taint.flows empty for every Python sink category (#18).

cognium-dev scan against Python projects now emits cross-source/sink flows for:

  • sql_injection
  • command_injection (os.system, subprocess.call(..., shell=True))
  • path_traversal
  • code_injection (eval, exec)
  • deserialization (pickle.loads)
  • xxe (ET.fromstring)
  • ldap_injection
  • open_redirect

Output formats (text, JSON, SARIF) are unchanged; previously-hidden flows now surface in all three. Java/JS/Bash flows are unaffected (verified by 156-case Juliet suite + targeted non-regression test).

See circle-ir v3.36.0 release notes for full technical detail.

Assets 2
Loading