From eef832efb15b30a3dd02337df85909bd7410a6f0 Mon Sep 17 00:00:00 2001
From: CyanM0un <1544130024@qq.com>
Date: Fri, 24 Apr 2026 10:54:25 +0000
Subject: [PATCH] add support for ESM; add check for newExpr; add taint
 matching by directly compare fsig

---
 src/checker/taint/common-kit/source-util.ts   |  6 +++
 src/checker/taint/js/js-taint-checker.ts      | 16 ++++++++
 .../analyzer/javascript/common/js-analyzer.ts | 39 ++++++++++++-------
 3 files changed, 47 insertions(+), 14 deletions(-)

diff --git a/src/checker/taint/common-kit/source-util.ts b/src/checker/taint/common-kit/source-util.ts
index 653abba1..5a4ad28f 100644
--- a/src/checker/taint/common-kit/source-util.ts
+++ b/src/checker/taint/common-kit/source-util.ts
@@ -157,6 +157,12 @@ function introduceFuncArgTaintByRuleConfig(scope: any, node: any, callInfo: Call
             }
             break
           }
+        } else if (call.name === tspec.fsig) {
+          const args = prepareArgs(callInfo, undefined, tspec)
+          for (let i = 0; i < args.length; i++) {
+            markTaintSource(args[i], { path: node, kind: tspec.kind })
+          }
+          break
         }
       }
     }
diff --git a/src/checker/taint/js/js-taint-checker.ts b/src/checker/taint/js/js-taint-checker.ts
index face6f97..343f2ebb 100644
--- a/src/checker/taint/js/js-taint-checker.ts
+++ b/src/checker/taint/js/js-taint-checker.ts
@@ -278,6 +278,22 @@ class JsTaintChecker extends TaintChecker {
       }
     }
   }
+  
+  /**
+   *
+   * @param analyzer
+   * @param scope
+   * @param node
+   * @param state
+   * @param info
+   */
+  triggerAtNewExprAfter(analyzer: any, scope: any, node: any, state: any, info: any) {
+    if (config.analyzer !== 'JavaScriptAnalyzer') {
+      return
+    }
+    const { fclos, callInfo } = info
+    this.checkSinkAtFunctionCall(node, fclos, callInfo, state)
+  }
 
   /**
    *
diff --git a/src/engine/analyzer/javascript/common/js-analyzer.ts b/src/engine/analyzer/javascript/common/js-analyzer.ts
index 870a74ac..1aad45bb 100644
--- a/src/engine/analyzer/javascript/common/js-analyzer.ts
+++ b/src/engine/analyzer/javascript/common/js-analyzer.ts
@@ -835,24 +835,35 @@ class JsAnalyzer extends Analyzer {
     // handle ext
     if (!fs.existsSync(pathname) || !fs.statSync(pathname).isFile()) {
       let isExist = false
-      let cwd
-      let filename
-
-      cwd = path.join(pathname, '../')
-      filename = pathname.split('/').pop()
-      const files = [`${filename}.(js|ts|mjs|cjs)`]
-      const filepaths = globby.sync(files, { cwd, caseSensitiveMatch: false })
-      if (filepaths && filepaths.length !== 0) {
-        pathname = path.join(cwd, filepaths[0])
-        isExist = true
-      } else if (fs.existsSync(pathname)) {
-        cwd = pathname
-        filename = '(i|I)ndex'
+
+      if (pathname.endsWith('.js')) { // handle ts
+        const tsPathname = pathname.replace(/\.js$/, '.ts')
+        if (fs.existsSync(tsPathname) && fs.statSync(tsPathname).isFile()) {
+          pathname = tsPathname
+          isExist = true
+        }
+      }
+
+      if (!isExist) {
+        let cwd
+        let filename
+
+        cwd = path.join(pathname, '../')
+        filename = pathname.split('/').pop()
         const files = [`${filename}.(js|ts|mjs|cjs)`]
         const filepaths = globby.sync(files, { cwd, caseSensitiveMatch: false })
         if (filepaths && filepaths.length !== 0) {
-          pathname = path.join(pathname, filepaths[0])
+          pathname = path.join(cwd, filepaths[0])
           isExist = true
+        } else if (fs.existsSync(pathname)) {
+          cwd = pathname
+          filename = '(i|I)ndex'
+          const files = [`${filename}.(js|ts|mjs|cjs)`]
+          const filepaths = globby.sync(files, { cwd, caseSensitiveMatch: false })
+          if (filepaths && filepaths.length !== 0) {
+            pathname = path.join(pathname, filepaths[0])
+            isExist = true
+          }
         }
       }