@appland/scanner 1.33.1

package/built/rules/illegalPackageDependency.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"illegalPackageDependency.js","sourceRoot":"","sources":["../../src/rules/illegalPackageDependency.ts"],"names":[],"mappings":";;AAIA,mDAA+D;AAE/D;IAAA;QACS,mBAAc,GAAyB,EAAE,CAAC;QAC1C,kBAAa,GAAuB,EAAwB,CAAC;IACtE,CAAC;IAAD,cAAC;AAAD,CAAC,AAHD,IAGC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,cAAc,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;IAClE,IAAM,aAAa,GAAG,IAAA,0BAAW,EAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAEzD,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SAAS,IAAI,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACjG,CAAC;IAED,SAAS,OAAO,CAAC,CAAQ;QACvB,IAAM,eAAe,GAAG,OAAO,CAAC,cAAc;aAC3C,GAAG,CAAC,UAAC,MAAM,IAAK,OAAA,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,EAA9C,CAA8C,CAAC;aAC/D,GAAG,CAAC,MAAM,CAAC;aACX,IAAI,CAAC,MAAM,CAAC,CAAC;QAEhB,IAAM,aAAa,GAAG,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SAAS,CAAC;QACrD,IACE,CAAC,CACC,CAAC,CAAC,UAAU,CAAC,SAAS,KAAK,aAAa;YACxC,cAAc,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,OAAO,CAAC,aAAa,CAAC,EAAtB,CAAsB,CAAC,CACzD,EACD;YACA,OAAO,iBAAe,CAAC,CAAC,UAAU,CAAC,EAAE,0BAAqB,aAAa,mBAAc,eAAiB,CAAC;SACxG;IACH,CAAC;IAED,OAAO,EAAE,KAAK,OAAA,EAAE,OAAO,SAAA,EAAE,CAAC;AAC5B,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,4BAA4B;IAChC,KAAK,EAAE,kDAAkD;IACzD,KAAK,EAAE,SAAsB;IAC7B,cAAc,EAAE,IAAI;IACpB,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}

package/built/rules/incompatibleHttpClientRequest.js

@@ -0,0 +1,96 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var openapi_1 = require("../openapi");
+var Options = /** @class */ (function () {
+    function Options() {
+        this.schemata = {};
+    }
+    return Options;
+}());
+var changeMessage = function (change) {
+    return "HTTP client request is incompatible with OpenAPI schema. Change details: " + change.action + " " + change.sourceSpecEntityDetails
+        .concat(change.destinationSpecEntityDetails)
+        .map(function (detail) { return detail.location; })
+        .join(', ');
+};
+function build(options) {
+    function matcher(event) {
+        return __awaiter(this, void 0, void 0, function () {
+            var clientFragment, serverSchema, clientSchema, changes;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        clientFragment = (0, openapi_1.forClientRequest)(event);
+                        return [4 /*yield*/, (0, openapi_1.forURL)(event.httpClientRequest.url, options.schemata)];
+                    case 1:
+                        serverSchema = _a.sent();
+                        clientSchema = {
+                            openapi: '3.0.0',
+                            info: {
+                                title: 'Schema derived from client request',
+                                version: serverSchema.info.version, // Indicate that it *should* be compatible.
+                            },
+                            paths: clientFragment.paths,
+                            components: { securitySchemes: clientFragment.securitySchemes },
+                        };
+                        return [4 /*yield*/, (0, openapi_1.breakingChanges)(clientSchema, serverSchema)];
+                    case 2:
+                        changes = _a.sent();
+                        return [2 /*return*/, changes.map(function (change) { return ({
+                                level: 'error',
+                                message: changeMessage(change),
+                            }); })];
+                }
+            });
+        });
+    }
+    return {
+        matcher: matcher,
+        where: function (e) { return !!e.httpClientRequest && !!e.httpClientRequest.url; },
+    };
+}
+exports.default = {
+    id: 'incompatible-http-client-request',
+    title: 'Incompatible HTTP client request',
+    scope: 'http_client_request',
+    enumerateScope: false,
+    Options: Options,
+    build: build,
+};
+//# sourceMappingURL=incompatibleHttpClientRequest.js.map

package/built/rules/incompatibleHttpClientRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"incompatibleHttpClientRequest.js","sourceRoot":"","sources":["../../src/rules/incompatibleHttpClientRequest.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,sCAAuE;AAMvE;IAAA;QACS,aAAQ,GAA2B,EAAE,CAAC;IAC/C,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,IAAM,aAAa,GAAG,UAAC,MAA0C;IAC/D,OAAO,8EACL,MAAM,CAAC,MAAM,SACX,MAAM,CAAC,uBAAuB;SAC/B,MAAM,CAAC,MAAM,CAAC,4BAA4B,CAAC;SAC3C,GAAG,CAAC,UAAC,MAAM,IAAK,OAAA,MAAM,CAAC,QAAQ,EAAf,CAAe,CAAC;SAChC,IAAI,CAAC,IAAI,CAAG,CAAC;AAClB,CAAC,CAAC;AAEF,SAAS,KAAK,CAAC,OAAgB;IAC7B,SAAe,OAAO,CAAC,KAAY;;;;;;wBAC3B,cAAc,GAAG,IAAA,0BAAgB,EAAC,KAAK,CAAC,CAAC;wBAC1B,qBAAM,IAAA,gBAAM,EAAC,KAAK,CAAC,iBAAkB,CAAC,GAAI,EAAE,OAAO,CAAC,QAAQ,CAAC,EAAA;;wBAA5E,YAAY,GAAG,SAA6D;wBAC5E,YAAY,GAAG;4BACnB,OAAO,EAAE,OAAO;4BAChB,IAAI,EAAE;gCACJ,KAAK,EAAE,oCAAoC;gCAC3C,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,2CAA2C;6BAChF;4BACD,KAAK,EAAE,cAAe,CAAC,KAAK;4BAC5B,UAAU,EAAE,EAAE,eAAe,EAAE,cAAe,CAAC,eAAe,EAAE;yBAC3C,CAAC;wBACR,qBAAM,IAAA,yBAAe,EAAC,YAAY,EAAE,YAAY,CAAC,EAAA;;wBAA3D,OAAO,GAAG,SAAiD;wBACjE,sBAAO,OAAO,CAAC,GAAG,CAAC,UAAC,MAA0C,IAAK,OAAA,CAAC;gCAClE,KAAK,EAAE,OAAO;gCACd,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC;6BAC/B,CAAC,EAHiE,CAGjE,CAAC,EAAC;;;;KACL;IAED,OAAO;QACL,OAAO,SAAA;QACP,KAAK,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,iBAAiB,IAAI,CAAC,CAAC,CAAC,CAAC,iBAAkB,CAAC,GAAG,EAAnD,CAAmD;KACzE,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,kCAAkC;IACtC,KAAK,EAAE,kCAAkC;IACzC,KAAK,EAAE,qBAAqB;IAC5B,cAAc,EAAE,KAAK;IACrB,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}

package/built/rules/insecureCompare.js

@@ -0,0 +1,59 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var recordSecrets_1 = __importDefault(require("../analyzer/recordSecrets"));
+var secretsRegexes_1 = __importDefault(require("../analyzer/secretsRegexes"));
+var BCRYPT_REGEXP = /^[$]2[abxy]?[$](?:0[4-9]|[12][0-9]|3[01])[$][./0-9a-zA-Z]{53}$/;
+var secrets = new Set();
+function stringEquals(e) {
+    if (!e.parameters || !e.receiver || e.parameters.length !== 1) {
+        return;
+    }
+    var args = [e.receiver.value, e.parameters[0].value];
+    function isBcrypt(str) {
+        return BCRYPT_REGEXP.test(str);
+    }
+    function isSecret(str) {
+        if (secrets.has(str)) {
+            return true;
+        }
+        return !!Object.keys(secretsRegexes_1.default).find(function (key) { return !!secretsRegexes_1.default[key].find(function (re) { return re.test(str); }); });
+    }
+    // BCrypted strings are safe to compare using equals()
+    if (args.every(isBcrypt)) {
+        return;
+    }
+    if (!args.every(isSecret)) {
+        return;
+    }
+    return true;
+}
+function build() {
+    function matcher(e) {
+        if (e.codeObject.labels.has(Secret)) {
+            (0, recordSecrets_1.default)(secrets, e);
+        }
+        if (e.parameters && e.codeObject.labels.has(StringEquals)) {
+            return stringEquals(e);
+        }
+    }
+    function where(e) {
+        return (e.isFunction && (e.codeObject.labels.has(StringEquals) || e.codeObject.labels.has(Secret)));
+    }
+    return {
+        matcher: matcher,
+        where: where,
+    };
+}
+var Secret = 'secret';
+var StringEquals = 'string.equals';
+exports.default = {
+    id: 'insecure-compare',
+    title: 'Insecure comparison of secrets',
+    labels: [Secret, StringEquals],
+    enumerateScope: true,
+    build: build,
+};
+//# sourceMappingURL=insecureCompare.js.map

package/built/rules/insecureCompare.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"insecureCompare.js","sourceRoot":"","sources":["../../src/rules/insecureCompare.ts"],"names":[],"mappings":";;;;;AACA,4EAAsD;AACtD,8EAAwD;AAGxD,IAAM,aAAa,GAAG,gEAAgE,CAAC;AAEvF,IAAM,OAAO,GAAgB,IAAI,GAAG,EAAE,CAAC;AAEvC,SAAS,YAAY,CAAC,CAAQ;IAC5B,IAAI,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,UAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QAC9D,OAAO;KACR;IAED,IAAM,IAAI,GAAG,CAAC,CAAC,CAAC,QAAS,CAAC,KAAK,EAAE,CAAC,CAAC,UAAW,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAEzD,SAAS,QAAQ,CAAC,GAAW;QAC3B,OAAO,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,SAAS,QAAQ,CAAC,GAAW;QAC3B,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;YACpB,OAAO,IAAI,CAAC;SACb;QACD,OAAO,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,wBAAc,CAAC,CAAC,IAAI,CACvC,UAAC,GAAG,IAAc,OAAA,CAAC,CAAC,wBAAc,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,UAAC,EAAU,IAAc,OAAA,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAZ,CAAY,CAAC,EAAjE,CAAiE,CACpF,CAAC;IACJ,CAAC;IAED,sDAAsD;IACtD,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE;QACxB,OAAO;KACR;IACD,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE;QACzB,OAAO;KACR;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,CAAQ;QACvB,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;YACnC,IAAA,uBAAa,EAAC,OAAO,EAAE,CAAC,CAAC,CAAC;SAC3B;QACD,IAAI,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YACzD,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;SACxB;IACH,CAAC;IAED,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CACL,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAC3F,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO,SAAA;QACP,KAAK,OAAA;KACN,CAAC;AACJ,CAAC;AAED,IAAM,MAAM,GAAG,QAAQ,CAAC;AACxB,IAAM,YAAY,GAAG,eAAe,CAAC;AAErC,kBAAe;IACb,EAAE,EAAE,kBAAkB;IACtB,KAAK,EAAE,gCAAgC;IACvC,MAAM,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,cAAc,EAAE,IAAI;IACpB,KAAK,OAAA;CACE,CAAC"}

package/built/rules/jobNotCancelled.js

@@ -0,0 +1,72 @@
+"use strict";
+var __read = (this && this.__read) || function (o, n) {
+    var m = typeof Symbol === "function" && o[Symbol.iterator];
+    if (!m) return o;
+    var i = m.call(o), r, ar = [], e;
+    try {
+        while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);
+    }
+    catch (error) { e = { error: error }; }
+    finally {
+        try {
+            if (r && !r.done && (m = i["return"])) m.call(i);
+        }
+        finally { if (e) throw e.error; }
+    }
+    return ar;
+};
+var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
+    if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
+        if (ar || !(i in from)) {
+            if (!ar) ar = Array.prototype.slice.call(from, 0, i);
+            ar[i] = from[i];
+        }
+    }
+    return to.concat(ar || Array.prototype.slice.call(from));
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var wellKnownLabels_1 = __importDefault(require("../wellKnownLabels"));
+var sqlTransactionScope_1 = require("../scope/sqlTransactionScope");
+function build() {
+    function matcher(event) {
+        if (!(0, sqlTransactionScope_1.hasTransactionDetails)(event))
+            throw new Error("expected event " + event.id + " to be a transaction");
+        if (event.transaction.status === 'commit')
+            return;
+        var creationEvents = event.transaction.events.filter(function (_a) {
+            var labels = _a.labels;
+            return labels.has(wellKnownLabels_1.default.JobCreate);
+        });
+        var cancellationEvents = event.transaction.events.filter(function (_a) {
+            var labels = _a.labels;
+            return labels.has(wellKnownLabels_1.default.JobCancel);
+        });
+        var missing = creationEvents.length - cancellationEvents.length;
+        if (missing === 0)
+            return;
+        var result = {
+            level: 'error',
+            event: event,
+            message: missing + " jobs created but not cancelled in this rolled back transaction",
+            // if there's a mismatch and there are cancellations we can't tell
+            // for sure which creations they match, so return everything
+            relatedEvents: __spreadArray(__spreadArray([], __read(creationEvents), false), __read(cancellationEvents), false),
+        };
+        return [result];
+    }
+    return {
+        matcher: matcher,
+    };
+}
+exports.default = {
+    id: 'job-not-cancelled',
+    title: 'Job created in a rolled back transaction and not cancelled',
+    scope: 'transaction',
+    enumerateScope: false,
+    labels: [wellKnownLabels_1.default.JobCreate, wellKnownLabels_1.default.JobCancel],
+    build: build,
+};
+//# sourceMappingURL=jobNotCancelled.js.map

package/built/rules/jobNotCancelled.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jobNotCancelled.js","sourceRoot":"","sources":["../../src/rules/jobNotCancelled.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,uEAAwC;AACxC,oEAAqE;AAErE,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,KAAY;QAC3B,IAAI,CAAC,IAAA,2CAAqB,EAAC,KAAK,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,oBAAkB,KAAK,CAAC,EAAE,yBAAsB,CAAC,CAAC;QACpE,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,KAAK,QAAQ;YAAE,OAAO;QAElD,IAAM,cAAc,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,UAAC,EAAU;gBAAR,MAAM,YAAA;YAC9D,OAAA,MAAM,CAAC,GAAG,CAAC,yBAAM,CAAC,SAAS,CAAC;QAA5B,CAA4B,CAC7B,CAAC;QACF,IAAM,kBAAkB,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,UAAC,EAAU;gBAAR,MAAM,YAAA;YAClE,OAAA,MAAM,CAAC,GAAG,CAAC,yBAAM,CAAC,SAAS,CAAC;QAA5B,CAA4B,CAC7B,CAAC;QACF,IAAM,OAAO,GAAG,cAAc,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC;QAClE,IAAI,OAAO,KAAK,CAAC;YAAE,OAAO;QAE1B,IAAM,MAAM,GAAgB;YAC1B,KAAK,EAAE,OAAO;YACd,KAAK,EAAE,KAAK;YACZ,OAAO,EAAK,OAAO,oEAAiE;YACpF,kEAAkE;YAClE,4DAA4D;YAC5D,aAAa,yCAAM,cAAc,kBAAK,kBAAkB,SAAC;SAC1D,CAAC;QAEF,OAAO,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,mBAAmB;IACvB,KAAK,EAAE,4DAA4D;IACnE,KAAK,EAAE,aAAa;IACpB,cAAc,EAAE,KAAK;IACrB,MAAM,EAAE,CAAC,yBAAM,CAAC,SAAS,EAAE,yBAAM,CAAC,SAAS,CAAC;IAC5C,KAAK,OAAA;CACE,CAAC"}

package/built/rules/lib/hasParameterOrReceiver.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+// Builds a function that returns true if the provided event argument has the specified
+// objectId as the receiver or as a parameter value.
+exports.default = (function (objectId) {
+    return function (event) {
+        return (!!event.receiver && event.receiver.object_id === objectId) ||
+            (!!event.parameters && event.parameters.some(function (param) { return param.object_id === objectId; }));
+    };
+});
+//# sourceMappingURL=hasParameterOrReceiver.js.map

package/built/rules/lib/hasParameterOrReceiver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hasParameterOrReceiver.js","sourceRoot":"","sources":["../../../src/rules/lib/hasParameterOrReceiver.ts"],"names":[],"mappings":";;AAEA,uFAAuF;AACvF,oDAAoD;AACpD,mBAAe,UAAC,QAAgB;IAC9B,OAAO,UAAC,KAAY;QAClB,OAAA,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,QAAS,CAAC,SAAS,KAAK,QAAQ,CAAC;YAC5D,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,UAAW,CAAC,IAAI,CAAC,UAAC,KAAK,IAAK,OAAA,KAAK,CAAC,SAAS,KAAK,QAAQ,EAA5B,CAA4B,CAAC,CAAC;IADvF,CACuF,CAAC;AAC5F,CAAC,EAAC"}

package/built/rules/lib/matchEvent.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildFilters = exports.buildFilter = void 0;
+var database_1 = require("../../database");
+var matchPattern_1 = require("./matchPattern");
+function buildFilter(pattern) {
+    var testFn = (0, matchPattern_1.buildFilter)(pattern.test);
+    var propertyFn = {
+        id: function (e) { return e.codeObject.id; },
+        type: function (e) { return e.codeObject.type; },
+        fqid: function (e) { return e.codeObject.fqid; },
+        query: function (e) { return (e.sql ? (0, database_1.sqlNormalized)(e.sql) : null); },
+        route: function (e) { return e.route; },
+    };
+    return function (event) {
+        var fn = propertyFn[pattern.property];
+        if (!fn) {
+            throw new Error("Unrecognized Event filter property: " + pattern.property);
+        }
+        var value = fn(event);
+        if (!value) {
+            return false;
+        }
+        return testFn(value);
+    };
+}
+exports.buildFilter = buildFilter;
+function buildFilters(patterns) {
+    return patterns.map(buildFilter);
+}
+exports.buildFilters = buildFilters;
+//# sourceMappingURL=matchEvent.js.map

package/built/rules/lib/matchEvent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"matchEvent.js","sourceRoot":"","sources":["../../../src/rules/lib/matchEvent.ts"],"names":[],"mappings":";;;AACA,2CAA+C;AAG/C,+CAAkE;AAElE,SAAgB,WAAW,CAAC,OAAyB;IACnD,IAAM,MAAM,GAAG,IAAA,0BAAiB,EAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/C,IAAM,UAAU,GAAG;QACjB,EAAE,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,UAAU,CAAC,EAAE,EAAf,CAAe;QACjC,IAAI,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,UAAU,CAAC,IAAI,EAAjB,CAAiB;QACrC,IAAI,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,UAAU,CAAC,IAAI,EAAjB,CAAiB;QACrC,KAAK,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAA,wBAAa,EAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAArC,CAAqC;QAC1D,KAAK,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,KAAK,EAAP,CAAO;KAC7B,CAAC;IAEF,OAAO,UAAC,KAAY;QAClB,IAAM,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,CAAC,EAAE,EAAE;YACP,MAAM,IAAI,KAAK,CAAC,yCAAuC,OAAO,CAAC,QAAU,CAAC,CAAC;SAC5E;QACD,IAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;QACxB,IAAI,CAAC,KAAK,EAAE;YACV,OAAO,KAAK,CAAC;SACd;QAED,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC,CAAC;AACJ,CAAC;AAvBD,kCAuBC;AAED,SAAgB,YAAY,CAAC,QAA4B;IACvD,OAAO,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;AACnC,CAAC;AAFD,oCAEC"}

package/built/rules/lib/matchPattern.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildFilters = exports.buildFilter = void 0;
+function buildFilter(pattern) {
+    function respectIgnoreCaseFlag(value) {
+        return pattern.ignoreCase ? value.toLocaleLowerCase() : value;
+    }
+    if (pattern.equal) {
+        var testStr_1 = respectIgnoreCaseFlag(pattern.equal);
+        return function (value) { return respectIgnoreCaseFlag(value) === testStr_1; };
+    }
+    else if (pattern.include) {
+        var testStr_2 = respectIgnoreCaseFlag(pattern.include);
+        return function (value) { return respectIgnoreCaseFlag(value).includes(testStr_2); };
+    }
+    else {
+        var regexp_1 = pattern.match instanceof RegExp
+            ? pattern.match
+            : new RegExp(pattern.match, pattern.ignoreCase ? 'i' : undefined);
+        return function (value) { return regexp_1.test(value); };
+    }
+}
+exports.buildFilter = buildFilter;
+function buildFilters(patterns) {
+    return patterns.map(buildFilter);
+}
+exports.buildFilters = buildFilters;
+//# sourceMappingURL=matchPattern.js.map

package/built/rules/lib/matchPattern.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"matchPattern.js","sourceRoot":"","sources":["../../../src/rules/lib/matchPattern.ts"],"names":[],"mappings":";;;AAGA,SAAgB,WAAW,CAAC,OAA2B;IACrD,SAAS,qBAAqB,CAAC,KAAa;QAC1C,OAAO,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;IAChE,CAAC;IAED,IAAI,OAAO,CAAC,KAAK,EAAE;QACjB,IAAM,SAAO,GAAG,qBAAqB,CAAC,OAAO,CAAC,KAAM,CAAC,CAAC;QACtD,OAAO,UAAC,KAAa,IAAc,OAAA,qBAAqB,CAAC,KAAK,CAAC,KAAK,SAAO,EAAxC,CAAwC,CAAC;KAC7E;SAAM,IAAI,OAAO,CAAC,OAAO,EAAE;QAC1B,IAAM,SAAO,GAAG,qBAAqB,CAAC,OAAO,CAAC,OAAQ,CAAC,CAAC;QACxD,OAAO,UAAC,KAAa,IAAc,OAAA,qBAAqB,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAO,CAAC,EAA9C,CAA8C,CAAC;KACnF;SAAM;QACL,IAAM,QAAM,GACV,OAAO,CAAC,KAAK,YAAY,MAAM;YAC7B,CAAC,CAAC,OAAO,CAAC,KAAK;YACf,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAA0B,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC3F,OAAO,UAAC,KAAa,IAAc,OAAA,QAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAlB,CAAkB,CAAC;KACvD;AACH,CAAC;AAlBD,kCAkBC;AAED,SAAgB,YAAY,CAAC,QAA8B;IACzD,OAAO,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;AACnC,CAAC;AAFD,oCAEC"}

package/built/rules/lib/rpcWithoutProtection.js

@@ -0,0 +1,40 @@
+"use strict";
+var __values = (this && this.__values) || function(o) {
+    var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
+    if (m) return m.call(o);
+    if (o && typeof o.length === "number") return {
+        next: function () {
+            if (o && i >= o.length) o = void 0;
+            return { value: o && o[i++], done: !o };
+        }
+    };
+    throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rpcWithoutProtection = void 0;
+function rpcWithoutProtection(candidateGenerator, options) {
+    return {
+        matcher: function (httpClientRequest) {
+            var e_1, _a;
+            try {
+                for (var _b = __values(candidateGenerator(httpClientRequest)), _c = _b.next(); !_c.done; _c = _b.next()) {
+                    var candidate = _c.value;
+                    if (candidate.codeObject.labels.has(options.expectedLabel)) {
+                        return false;
+                    }
+                }
+            }
+            catch (e_1_1) { e_1 = { error: e_1_1 }; }
+            finally {
+                try {
+                    if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
+                }
+                finally { if (e_1) throw e_1.error; }
+            }
+            return true;
+        },
+        where: function (e) { return !!e.httpClientRequest; },
+    };
+}
+exports.rpcWithoutProtection = rpcWithoutProtection;
+//# sourceMappingURL=rpcWithoutProtection.js.map

package/built/rules/lib/rpcWithoutProtection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rpcWithoutProtection.js","sourceRoot":"","sources":["../../../src/rules/lib/rpcWithoutProtection.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAOA,SAAgB,oBAAoB,CAClC,kBAAkE,EAClE,OAAoC;IAEpC,OAAO;QACL,OAAO,EAAE,UAAC,iBAAwB;;;gBAChC,KAAwB,IAAA,KAAA,SAAA,kBAAkB,CAAC,iBAAiB,CAAC,CAAA,gBAAA,4BAAE;oBAA1D,IAAM,SAAS,WAAA;oBAClB,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;wBAC1D,OAAO,KAAK,CAAC;qBACd;iBACF;;;;;;;;;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,KAAK,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,iBAAiB,EAArB,CAAqB;KAC3C,CAAC;AACJ,CAAC;AAfD,oDAeC"}

package/built/rules/missingAuthentication.js

@@ -0,0 +1,65 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+var models_1 = require("@appland/models");
+var rpcRequest_1 = require("../openapi/rpcRequest");
+var util_1 = require("./util");
+var matchPattern_1 = require("./lib/matchPattern");
+function isPublic(event) {
+    return event.labels.has(Public);
+}
+var authenticatedBy = function (iterator) {
+    var i = iterator.next();
+    while (!i.done) {
+        if (isPublic(i.value.event) || (0, util_1.providesAuthentication)(i.value.event, SecurityAuthentication)) {
+            return true;
+        }
+        i = iterator.next();
+    }
+    return false;
+};
+var Options = /** @class */ (function () {
+    function Options() {
+        this.includeContentTypes = [];
+        this.excludeContentTypes = [];
+    }
+    return Options;
+}());
+function build(options) {
+    if (options === void 0) { options = new Options(); }
+    var includeContentTypes = (0, matchPattern_1.buildFilters)(options.includeContentTypes);
+    var excludeContentTypes = (0, matchPattern_1.buildFilters)(options.excludeContentTypes);
+    function testContentType(contentType) {
+        function test(filter) {
+            return filter(contentType);
+        }
+        return ((includeContentTypes.length === 0 || includeContentTypes.some(test)) &&
+            !excludeContentTypes.some(test));
+    }
+    function matcher(event) {
+        return !authenticatedBy(new models_1.EventNavigator(event).descendants());
+    }
+    function where(e) {
+        return (e.route !== undefined &&
+            e.httpServerResponse !== undefined &&
+            e.httpServerResponse.status < 300 &&
+            !!(0, rpcRequest_1.rpcRequestForEvent)(e) &&
+            !!(0, rpcRequest_1.rpcRequestForEvent)(e).contentType &&
+            testContentType((0, rpcRequest_1.rpcRequestForEvent)(e).contentType));
+    }
+    return {
+        where: where,
+        matcher: matcher,
+    };
+}
+var Public = 'public';
+var SecurityAuthentication = 'security.authentication';
+exports.default = {
+    id: 'missing-authentication',
+    title: 'Unauthenticated HTTP server request',
+    scope: 'http_server_request',
+    labels: [Public, SecurityAuthentication],
+    enumerateScope: false,
+    Options: Options,
+    build: build,
+};
+//# sourceMappingURL=missingAuthentication.js.map

package/built/rules/missingAuthentication.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"missingAuthentication.js","sourceRoot":"","sources":["../../src/rules/missingAuthentication.ts"],"names":[],"mappings":";;AAAA,0CAAwD;AACxD,oDAA2D;AAG3D,+BAAgD;AAEhD,mDAAkD;AAElD,SAAS,QAAQ,CAAC,KAAY;IAC5B,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AAClC,CAAC;AAED,IAAM,eAAe,GAAG,UAAC,QAAkC;IACzD,IAAI,CAAC,GAAmC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACxD,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE;QACd,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,IAAA,6BAAsB,EAAC,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,sBAAsB,CAAC,EAAE;YAC5F,OAAO,IAAI,CAAC;SACb;QACD,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;KACrB;IAED,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF;IAAA;QACS,wBAAmB,GAAyB,EAAE,CAAC;QAC/C,wBAAmB,GAAyB,EAAE,CAAC;IACxD,CAAC;IAAD,cAAC;AAAD,CAAC,AAHD,IAGC;AAED,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,IAAM,mBAAmB,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACtE,IAAM,mBAAmB,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEtE,SAAS,eAAe,CAAC,WAAmB;QAC1C,SAAS,IAAI,CAAC,MAAoB;YAChC,OAAO,MAAM,CAAC,WAAW,CAAC,CAAC;QAC7B,CAAC;QAED,OAAO,CACL,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpE,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAChC,CAAC;IACJ,CAAC;IAED,SAAS,OAAO,CAAC,KAAY;QAC3B,OAAO,CAAC,eAAe,CAAC,IAAI,uBAAc,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CACL,CAAC,CAAC,KAAK,KAAK,SAAS;YACrB,CAAC,CAAC,kBAAkB,KAAK,SAAS;YAClC,CAAC,CAAC,kBAAkB,CAAC,MAAM,GAAG,GAAG;YACjC,CAAC,CAAC,IAAA,+BAAkB,EAAC,CAAC,CAAC;YACvB,CAAC,CAAC,IAAA,+BAAkB,EAAC,CAAC,CAAE,CAAC,WAAW;YACpC,eAAe,CAAC,IAAA,+BAAkB,EAAC,CAAC,CAAE,CAAC,WAAW,CAAC,CACpD,CAAC;IACJ,CAAC;IACD,OAAO;QACL,KAAK,OAAA;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AACD,IAAM,MAAM,GAAG,QAAQ,CAAC;AACxB,IAAM,sBAAsB,GAAG,yBAAyB,CAAC;AAEzD,kBAAe;IACb,EAAE,EAAE,wBAAwB;IAC5B,KAAK,EAAE,qCAAqC;IAC5C,KAAK,EAAE,qBAAqB;IAC5B,MAAM,EAAE,CAAC,MAAM,EAAE,sBAAsB,CAAC;IACxC,cAAc,EAAE,KAAK;IACrB,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}

package/built/rules/missingContentType.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+var rpcRequest_1 = require("../openapi/rpcRequest");
+var isRedirect = function (status) { return [301, 302, 303, 307, 308].includes(status); };
+var hasContent = function (status) { return status !== 204; };
+function build() {
+    function matcher(e) {
+        return (0, rpcRequest_1.rpcRequestForEvent)(e).contentType === undefined;
+    }
+    function where(e) {
+        return (!!e.httpServerResponse &&
+            !isRedirect(e.httpServerResponse.status) &&
+            hasContent(e.httpServerResponse.status));
+    }
+    return {
+        matcher: matcher,
+        where: where,
+    };
+}
+exports.default = {
+    id: 'missing-content-type',
+    title: 'HTTP server request without a Content-Type header',
+    scope: 'http_server_request',
+    enumerateScope: false,
+    build: build,
+};
+//# sourceMappingURL=missingContentType.js.map

package/built/rules/missingContentType.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"missingContentType.js","sourceRoot":"","sources":["../../src/rules/missingContentType.ts"],"names":[],"mappings":";;AAEA,oDAA2D;AAE3D,IAAM,UAAU,GAAG,UAAC,MAAc,IAAK,OAAA,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAA1C,CAA0C,CAAC;AAClF,IAAM,UAAU,GAAG,UAAC,MAAc,IAAK,OAAA,MAAM,KAAK,GAAG,EAAd,CAAc,CAAC;AAEtD,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,CAAQ;QACvB,OAAO,IAAA,+BAAkB,EAAC,CAAC,CAAE,CAAC,WAAW,KAAK,SAAS,CAAC;IAC1D,CAAC;IACD,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CACL,CAAC,CAAC,CAAC,CAAC,kBAAkB;YACtB,CAAC,UAAU,CAAC,CAAC,CAAC,kBAAmB,CAAC,MAAM,CAAC;YACzC,UAAU,CAAC,CAAC,CAAC,kBAAmB,CAAC,MAAM,CAAC,CACzC,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,SAAA;QACP,KAAK,OAAA;KACN,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,sBAAsB;IAC1B,KAAK,EAAE,mDAAmD;IAC1D,KAAK,EAAE,qBAAqB;IAC5B,cAAc,EAAE,KAAK;IACrB,KAAK,OAAA;CACE,CAAC"}

package/built/rules/nPlusOneQuery.js

@@ -0,0 +1,84 @@
+"use strict";
+var __values = (this && this.__values) || function(o) {
+    var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
+    if (m) return m.call(o);
+    if (o && typeof o.length === "number") return {
+        next: function () {
+            if (o && i >= o.length) o = void 0;
+            return { value: o && o[i++], done: !o };
+        }
+    };
+    throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var database_1 = require("../database");
+var Options = /** @class */ (function () {
+    function Options() {
+        this.warningLimit = 5;
+        this.errorLimit = 10;
+    }
+    return Options;
+}());
+// TODO: clean up according to https://github.com/applandinc/scanner/issues/43
+function build(options) {
+    var sqlCount = {};
+    function matcher(command, _appMap, eventFilter) {
+        var e_1, _a;
+        try {
+            for (var _b = __values((0, database_1.sqlStrings)(command, eventFilter)), _c = _b.next(); !_c.done; _c = _b.next()) {
+                var sqlEvent = _c.value;
+                var occurrence = sqlCount[sqlEvent.sql];
+                if (!occurrence) {
+                    occurrence = {
+                        count: 1,
+                        events: [sqlEvent.event],
+                    };
+                    sqlCount[sqlEvent.sql] = occurrence;
+                }
+                else {
+                    occurrence.count += 1;
+                    occurrence.events.push(sqlEvent.event);
+                }
+            }
+        }
+        catch (e_1_1) { e_1 = { error: e_1_1 }; }
+        finally {
+            try {
+                if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
+            }
+            finally { if (e_1) throw e_1.error; }
+        }
+        return Object.keys(sqlCount).reduce(function (matchResults, sql) {
+            var occurrence = sqlCount[sql];
+            var buildMatchResult = function (level) {
+                return {
+                    level: level,
+                    event: occurrence.events[0],
+                    message: occurrence.count + " occurrences of SQL: " + sql,
+                    groupMessage: sql,
+                    occurranceCount: occurrence.count,
+                    relatedEvents: occurrence.events,
+                };
+            };
+            if (occurrence.count >= options.errorLimit) {
+                matchResults.push(buildMatchResult('error'));
+            }
+            else if (occurrence.count >= options.warningLimit) {
+                matchResults.push(buildMatchResult('warning'));
+            }
+            return matchResults;
+        }, []);
+    }
+    return {
+        matcher: matcher,
+    };
+}
+exports.default = {
+    id: 'n-plus-one-query',
+    title: 'N plus 1 SQL query',
+    scope: 'command',
+    enumerateScope: false,
+    Options: Options,
+    build: build,
+};
+//# sourceMappingURL=nPlusOneQuery.js.map

package/built/rules/nPlusOneQuery.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nPlusOneQuery.js","sourceRoot":"","sources":["../../src/rules/nPlusOneQuery.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAGA,wCAAmD;AAEnD;IAAA;QACS,iBAAY,GAAG,CAAC,CAAC;QACjB,eAAU,GAAG,EAAE,CAAC;IACzB,CAAC;IAAD,cAAC;AAAD,CAAC,AAHD,IAGC;AAED,8EAA8E;AAC9E,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,QAAQ,GAA6B,EAAE,CAAC;IAE9C,SAAS,OAAO,CACd,OAAc,EACd,OAAe,EACf,WAAwB;;;YAExB,KAAuB,IAAA,KAAA,SAAA,IAAA,qBAAU,EAAC,OAAO,EAAE,WAAW,CAAC,CAAA,gBAAA,4BAAE;gBAApD,IAAM,QAAQ,WAAA;gBACjB,IAAI,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBACxC,IAAI,CAAC,UAAU,EAAE;oBACf,UAAU,GAAG;wBACX,KAAK,EAAE,CAAC;wBACR,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;qBACzB,CAAC;oBACF,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;iBACrC;qBAAM;oBACL,UAAU,CAAC,KAAK,IAAI,CAAC,CAAC;oBACtB,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;iBACxC;aACF;;;;;;;;;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAC,YAAY,EAAE,GAAG;YACpD,IAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;YAEjC,IAAM,gBAAgB,GAAG,UAAC,KAAY;gBACpC,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC3B,OAAO,EAAK,UAAU,CAAC,KAAK,6BAAwB,GAAK;oBACzD,YAAY,EAAE,GAAG;oBACjB,eAAe,EAAE,UAAU,CAAC,KAAK;oBACjC,aAAa,EAAE,UAAU,CAAC,MAAM;iBACjC,CAAC;YACJ,CAAC,CAAC;YAEF,IAAI,UAAU,CAAC,KAAK,IAAI,OAAO,CAAC,UAAU,EAAE;gBAC1C,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC;aAC9C;iBAAM,IAAI,UAAU,CAAC,KAAK,IAAI,OAAO,CAAC,YAAY,EAAE;gBACnD,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC,CAAC;aAChD;YACD,OAAO,YAAY,CAAC;QACtB,CAAC,EAAE,EAAmB,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,kBAAkB;IACtB,KAAK,EAAE,oBAAoB;IAC3B,KAAK,EAAE,SAAS;IAChB,cAAc,EAAE,KAAK;IACrB,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}

package/built/rules/queryFromInvalidPackage.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+var matchPattern_1 = require("./lib/matchPattern");
+// TODO: Use the Query AST for this.
+var WHITELIST = [/\bBEGIN\b/i, /\bCOMMIT\b/i, /\bROLLBACK\b/i, /\bRELEASE\b/i, /\bSAVEPOINT\b/i];
+var Options = /** @class */ (function () {
+    function Options() {
+        this.allowedPackages = [];
+        this.allowedQueries = WHITELIST.map(function (regexp) { return ({ match: regexp }); });
+    }
+    return Options;
+}());
+function build(options) {
+    var allowedPackages = (0, matchPattern_1.buildFilters)(options.allowedPackages);
+    var allowedQueries = (0, matchPattern_1.buildFilters)(options.allowedQueries);
+    function matcher(e) {
+        if (!allowedPackages.some(function (filter) { return filter(e.parent.codeObject.packageOf); })) {
+            return e.codeObject.id + " is invoked from illegal package " + e.parent.codeObject.packageOf;
+        }
+        return false;
+    }
+    function where(e) {
+        return !!e.sqlQuery && !!e.parent && !allowedQueries.some(function (pattern) { return pattern(e.sqlQuery); });
+    }
+    return {
+        matcher: matcher,
+        where: where,
+    };
+}
+exports.default = {
+    id: 'query-from-invalid-package',
+    title: 'Queries from invalid packages',
+    Options: Options,
+    enumerateScope: true,
+    build: build,
+};
+//# sourceMappingURL=queryFromInvalidPackage.js.map

package/built/rules/queryFromInvalidPackage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"queryFromInvalidPackage.js","sourceRoot":"","sources":["../../src/rules/queryFromInvalidPackage.ts"],"names":[],"mappings":";;AAIA,mDAAkD;AAElD,oCAAoC;AACpC,IAAM,SAAS,GAAG,CAAC,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAC;AAEnG;IAAA;QACS,oBAAe,GAAyB,EAAE,CAAC;QAC3C,mBAAc,GAAyB,SAAS,CAAC,GAAG,CACzD,UAAC,MAAM,IAAK,OAAA,CAAC,EAAE,KAAK,EAAE,MAAM,EAAyB,CAAA,EAAzC,CAAyC,CACtD,CAAC;IACJ,CAAC;IAAD,cAAC;AAAD,CAAC,AALD,IAKC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,eAAe,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAC9D,IAAM,cAAc,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAE5D,SAAS,OAAO,CAAC,CAAQ;QACvB,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,UAAC,MAAM,IAAK,OAAA,MAAM,CAAC,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAtC,CAAsC,CAAC,EAAE;YAC7E,OAAU,CAAC,CAAC,UAAU,CAAC,EAAE,yCAAoC,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SAAW,CAAC;SAC/F;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,OAAO,CAAC,CAAC,CAAC,QAAS,CAAC,EAApB,CAAoB,CAAC,CAAC;IAC/F,CAAC;IAED,OAAO;QACL,OAAO,SAAA;QACP,KAAK,OAAA;KACN,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,4BAA4B;IAChC,KAAK,EAAE,+BAA+B;IACtC,OAAO,SAAA;IACP,cAAc,EAAE,IAAI;IACpB,KAAK,OAAA;CACE,CAAC"}

package/built/rules/queryFromView.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+var Options = /** @class */ (function () {
+    function Options() {
+        this.forbiddenLabel = 'mvc.template';
+    }
+    return Options;
+}());
+function build(options) {
+    if (options === void 0) { options = new Options(); }
+    function matcher(e) {
+        return e.ancestors().some(function (e) { return e.codeObject.labels.has(options.forbiddenLabel); });
+    }
+    function where(e) {
+        return !!e.sqlQuery;
+    }
+    return {
+        matcher: matcher,
+        where: where,
+    };
+}
+exports.default = {
+    id: 'query-from-view',
+    title: 'Queries from view',
+    Options: Options,
+    enumerateScope: true,
+    build: build,
+};
+//# sourceMappingURL=queryFromView.js.map