@appland/scanner 1.36.1 → 1.39.0

package/README.md

@@ -4,8 +4,6 @@ Code scanning, linting, assertions and alerts.
 
 Provides consistent ways to filter (include and exclude) the AppMap events and property values.
 
-# Rule configuration
-
 ## Event filters
 
 Two standard event filters are provided that can be used with every rule: `include` and `exclude`.
@@ -63,6 +61,262 @@ The configuration YAML is validated against the rule schema before the scan is r
 the configuration are reported, and must be fixed before the scan can continue. Consult the
 documentation for each rule to see it's pattern filters and other configurable properties.
 
+## Finding hash
+
+To enable de-duplication of findings, a hash is calculated for each finding. The hash is the
+`sha256` digest of a canonical content string for the finding. The canonical content string combines
+stable data from the finding, such as the rule id, normalized event, etc. See 
+[appmap-js/packages/models/src/event/hash.js](https://github.com/applandinc/appmap-js/blob/959a8c93c9be37d40a8f4a0e7d44ee211730641e/packages/models/src/event/hash.js)
+for details.
+
+## Findings output file
+
+### `summary`
+
+Summarizes key information about the scan, including: number of AppMaps scanned, number of checks
+performed, list of rules utilized, list of labels utilized, number of findings, and an enumeration
+of all the distinct values in AppMap metadata.
+
+_Example_
+
+```json
+"summary": {
+  "numAppMaps": 507,
+  "numChecks": 8112,
+  "rules": [
+    "authz-before-authn",
+    ...
+    "update-in-get-request"
+  ],
+  "ruleLabels": [
+    "audit",
+    ...
+    "security.logout"
+  ],
+  "numFindings": 91,
+  "appMapMetadata": {
+    "labels": [],
+    "apps": [
+      "appland/appmap-server"
+    ],
+    "clients": [
+      {
+        "name": "appmap",
+        "url": "https://github.com/applandinc/appmap-ruby",
+        "version": "0.70.2"
+      }
+    ],
+    "frameworks": [
+      {
+        "name": "rails",
+        "version": "6.1.4.1"
+      },
+      {
+        "name": "rspec",
+        "version": "3.10.1"
+      }
+    ],
+    "git": [
+      {
+        "repository": "git@github.com:applandinc/appmap-server.git",
+        "branch": "master",
+        "commit": "3b028018ec1f84e2c351d01d1dac45aeeae887b6"
+      },
+      {
+        "repository": "git@github.com:applandinc/appmap-server.git",
+        "branch": "master",
+        "commit": "3b028018ec1f84e2c351d01d1dac45aeeae887b6",
+        "status": [
+          "D .npmrc",
+          "M appmap.yml",
+          "M package-lock.json",
+          "M package.json"
+        ]
+      }
+    ],
+    "languages": [
+      {
+        "name": "ruby",
+        "engine": "ruby",
+        "version": "3.0.1"
+      }
+    ],
+    "recorders": [
+      {
+        "name": "rspec"
+      }
+    ],
+    "testStatuses": [],
+    "exceptions": []
+  }
+}
+```
+
+### `configuration`
+
+Provides the configuration file, as JSON, that was used to configure the scanner.
+
+_Example_
+
+```json
+"configuration": {
+  "checks": [
+    {
+      "rule": "authzBeforeAuthn"
+    },
+    {
+      "rule": "circularDependency",
+      "properties": {
+        "ignoredPackages": [
+          {
+            "equal": "app/models/concerns"
+          },
+          {
+            "equal": "app/controllers/concerns"
+          }
+        ]
+      }
+    },
+    {
+      "rule": "http500"
+    }
+  ]
+}
+```
+
+### `appMapMetadata`
+
+Contains the metadata for each AppMap that was scanned. `appMapMetadata` is a JSON object, whose
+keys are AppMap file names, and values are AppMap metadata objects. Each metadata object contains
+all the metadata values, _except_ for those values which are the same across all AppMaps. Those
+values can be found in `summary.appMapMetadata`. For example, using the `summary` example given
+above, the `app`, `labels`, `languages`, `recorders`, `testStatuses` and `exceptions` will all be
+omitted from `appMapMetadata`.
+
+_Example_
+
+```json
+"appMapMetadata": {
+  "tmp/appmap/rspec/API_APIKeysController_create_a_new_api_key.appmap.json": {
+    "client": {
+      "name": "appmap",
+      "url": "https://github.com/applandinc/appmap-ruby",
+      "version": "0.70.1"
+    },
+    "git": {
+      "repository": "git@github.com:applandinc/appmap-server.git",
+      "branch": "master",
+      "commit": "3b028018ec1f84e2c351d01d1dac45aeeae887b6"
+    },
+    "name": "API::APIKeysController create a new api key",
+    "source_location": "spec/requests/api_api_keys_spec.rb",
+    "test_status": "succeeded",
+    ...
+  }
+}
+```
+
+### `checks`
+
+Lists the configured checks that were performed on each AppMap. Each entry is a Check object that
+includes the properties of the check as configured by the `configuration`.
+
+_Example_
+
+```json
+"checks": [
+  {
+    "rule": {
+      "id": "authz-before-authn",
+      "title": "Authorization performed before authentication",
+      "labels": [
+        "security.authorization",
+        "security.authentication"
+      ],
+      "scope": "http_server_request",
+      "impactDomain": "Security",
+      "enumerateScope": false,
+      "references": {
+        "CWE-863": "https://cwe.mitre.org/data/definitions/863.html"
+      }
+    },
+    "id": "authz-before-authn",
+    "options": {},
+    "scope": "http_server_request",
+    "includeScope": [],
+    "excludeScope": [],
+    "includeEvent": [],
+    "excludeEvent": []
+  },
+  {
+    "rule": {
+      "id": "circular-dependency",
+      "title": "Circular package dependency",
+      "scope": "command",
+      "impactDomain": "Maintainability",
+      "references": {
+        "CWE-1047": "https://cwe.mitre.org/data/definitions/1047.html"
+      },
+      "enumerateScope": false
+    }
+  }
+]
+```
+
+### `findings`
+
+Lists the findings that are reported by this scan. Findings are de-duplicated by comparing their
+`hash` values. Therefore, each unique finding hash is only reported once.
+
+Note that the `appMapFile` of each finding will be available in the `appMapMetadata` section of the
+findings JSON document. Similarly, details of the `checkId` can be obtained from the `checks`
+section.
+
+_Example_
+
+```json
+"findings": [
+  {
+    "appMapFile": "tmp/appmap/rspec/API_ScannerJobsController_create_logged_in_uploads_a_scanner_job_from_a_tarball.appmap.json",
+    "checkId": "slow-function-call",
+    "ruleId": "slow-function-call",
+    "ruleTitle": "Slow function call",
+    "event": {
+      "id": 125,
+      "event": "call",
+      "thread_id": 76340,
+      "defined_class": "Scanner",
+      "method_id": "publish_from_upload",
+      "path": "app/models/scanner.rb",
+      "lineno": 397,
+      "static": true,
+      "receiver": {
+        "class": "Module",
+        "object_id": 1380300,
+        "value": "Scanner"
+      }
+    },
+    "hash": "a2bfc16512fadf8536355610fcaa63b391596dc0f60d7ef7f885a4eb6ec8f7c1",
+    "scope": {
+      "id": 29,
+      "event": "call",
+      "thread_id": 76340,
+      "http_server_request": {
+        "request_method": "POST",
+        "path_info": "/api/scanner_jobs",
+        "normalized_path_info": "/api/scanner_jobs",
+        "headers": {
+          "Host": "www.example.com",
+          "Accept": "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5",
+          "Authorization": "Bearer YWRtaW46NzM4NzVmOWYtMmQ4Ni00YWIwLTk5OWEtMWUwNjc2NGE5NTUw"
+        }
+      }
+    },
+    "message": "Slow app/models/Scanner.publish_from_upload call (0.538877ms)"
+  }
+]
+```
+
 ## Development
 
 We use `yarn` for package management. Run `yarn` to install dependencies and `yarn build` to emit

package/built/cli/scan/command.js

@@ -1,4 +1,15 @@
 "use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
 var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -51,6 +62,26 @@ var __read = (this && this.__read) || function (o, n) {
     }
     return ar;
 };
+var __values = (this && this.__values) || function(o) {
+    var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
+    if (m) return m.call(o);
+    if (o && typeof o.length === "number") return {
+        next: function () {
+            if (o && i >= o.length) o = void 0;
+            return { value: o && o[i++], done: !o };
+        }
+    };
+    throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
+};
+var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
+    if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
+        if (ar || !(i in from)) {
+            if (!ar) ar = Array.prototype.slice.call(from, 0, i);
+            ar[i] = from[i];
+        }
+    }
+    return to.concat(ar || Array.prototype.slice.call(from));
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -135,7 +166,7 @@ exports.default = {
                     case 8:
                         _b = __read.apply(void 0, [_c.sent(), 2]), rawScanResults = _b[0], findingStatuses = _b[1];
                         // Always report the raw data
-                        return [4 /*yield*/, (0, promises_1.writeFile)(reportFile, JSON.stringify(rawScanResults, null, 2))];
+                        return [4 /*yield*/, (0, promises_1.writeFile)(reportFile, formatReport(rawScanResults))];
                     case 9:
                         // Always report the raw data
                         _c.sent();
@@ -171,4 +202,69 @@ exports.default = {
         });
     },
 };
+function metadataFilter(_a) {
+    var apps = _a.apps.length, clients = _a.clients.length, frameworks = _a.frameworks.length, git = _a.git.length, languages = _a.languages.length, recorders = _a.recorders.length;
+    var filtered = Object.entries({
+        app: apps < 2,
+        client: clients < 2,
+        git: git < 2,
+        language: languages < 2,
+        recorder: recorders < 2,
+    })
+        .filter(function (_a) {
+        var _b = __read(_a, 2), v = _b[1];
+        return v;
+    })
+        .map(function (_a) {
+        var _b = __read(_a, 1), k = _b[0];
+        return k;
+    });
+    return function (metadata) {
+        return Object.fromEntries(Object.entries(metadata).filter(function (_a) {
+            var _b = __read(_a, 2), k = _b[0], v = _b[1];
+            if (filtered.includes(k))
+                return false;
+            if (k === 'frameworks')
+                return (v || []).length !== frameworks;
+            return true;
+        }));
+    };
+}
+function uniq(entries, key) {
+    var e_1, _a;
+    var result = new Map();
+    try {
+        for (var entries_1 = __values(entries), entries_1_1 = entries_1.next(); !entries_1_1.done; entries_1_1 = entries_1.next()) {
+            var entry = entries_1_1.value;
+            var k = key(entry);
+            if (result.has(k))
+                continue;
+            result.set(k, entry);
+        }
+    }
+    catch (e_1_1) { e_1 = { error: e_1_1 }; }
+    finally {
+        try {
+            if (entries_1_1 && !entries_1_1.done && (_a = entries_1.return)) _a.call(entries_1);
+        }
+        finally { if (e_1) throw e_1.error; }
+    }
+    return result.values();
+}
+// Formats a report to JSON. Does some data deduplication.
+function formatReport(rawScanResults) {
+    var _a = __assign({}, rawScanResults), summary = _a.summary, appMapMetadata = _a.appMapMetadata, findings = _a.findings;
+    // remove metadata that's common between appmaps
+    var filter = metadataFilter(summary.appMapMetadata);
+    var metadata = Object.fromEntries(Object.entries(appMapMetadata).map(function (_a) {
+        var _b = __read(_a, 2), id = _b[0], metadata = _b[1];
+        return [id, filter(metadata)];
+    }));
+    // only keep one finding of the same hash
+    var uniqueFindings = __spreadArray([], __read(uniq(findings, function (_a) {
+        var hash = _a.hash;
+        return hash;
+    })), false);
+    return JSON.stringify(__assign(__assign({}, rawScanResults), { summary: __assign(__assign({}, summary), { numFindings: uniqueFindings.length }), appMapMetadata: metadata, findings: uniqueFindings }), null, 2);
+}
 //# sourceMappingURL=command.js.map

package/built/cli/scan/command.js.map

@@ -1 +1 @@
-{"version":3,"file":"command.js","sourceRoot":"","sources":["../../../src/cli/scan/command.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6BAA4C;AAC5C,wCAAwC;AACxC,6BAAiC;AAKjC,mFAA4E;AAC5E,uCAA2D;AAE3D,6CAA+C;AAC/C,2CAA6C;AAC7C,+EAAyD;AACzD,6EAAuD;AAEvD,wCAAuC;AACvC,iEAA2C;AAG3C,sDAAoD;AACpD,yDAAmC;AAEnC,kBAAe;IACb,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,yCAAyC;IACnD,OAAO,EAAP,UAAQ,IAAU;QAChB,IAAA,kBAAQ,EAAC,IAAI,CAAC,CAAC;QAEf,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE;YACzB,QAAQ,EAAE,qBAAqB;YAC/B,KAAK,EAAE,GAAG;SACX,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YACjB,QAAQ,EAAE,gEAAgE;YAC1E,OAAO,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC;SACjD,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YACjB,QAAQ,EAAE,6DAA6D;YACvE,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IACK,OAAO,EAAb,UAAc,OAAkB;;;;;;wBACxB,KAUF,OAAoC,EATtC,SAAS,eAAA,EACT,UAAU,gBAAA,EACV,MAAM,YAAA,EACG,SAAS,aAAA,EACb,iBAAiB,SAAA,EACjB,QAAQ,SAAA,EACb,MAAM,YAAA,EACN,GAAG,SAAA,EACH,UAAU,gBAAA,CAC6B;wBAEzC,IAAI,SAAS,EAAE;4BACb,IAAA,cAAO,EAAC,IAAI,CAAC,CAAC;yBACf;wBAED,IAAI,MAAM,EAAE;4BACV,OAAO,CAAC,GAAG,CAAC,eAAe,GAAG,MAAM,CAAC;yBACtC;;;;wBAGC,IAAI,UAAU,IAAI,SAAS,EAAE;4BAC3B,MAAM,IAAI,wBAAe,CAAC,iDAAiD,CAAC,CAAC;yBAC9E;wBACD,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE;4BAC7B,MAAM,IAAI,wBAAe,CAAC,kDAAkD,CAAC,CAAC;yBAC/E;wBAEG,KAAK,GAAa,EAAE,CAAC;6BACrB,SAAS,EAAT,wBAAS;wBACX,qBAAM,IAAA,sBAAY,EAAC,WAAW,EAAE,SAAU,CAAC,EAAA;;wBAA3C,SAA2C,CAAC;wBACtC,IAAI,GAAG,IAAA,gBAAS,EAAC,WAAY,CAAC,CAAC;wBAC7B,qBAAM,IAAI,CAAI,SAAS,sBAAmB,CAAC,EAAA;;wBAAnD,KAAK,GAAG,SAA2C,CAAC;;;6BAElD,UAAU,EAAV,wBAAU;wBACZ,qBAAM,IAAA,sBAAY,EAAC,MAAM,EAAE,UAAU,CAAC,EAAA;;wBAAtC,SAAsC,CAAC;wBACvC,KAAK,GAAG,CAAC,UAAU,CAAC,CAAC;;4BAGJ,qBAAM,IAAA,uCAAe,EAAC,MAAM,CAAC,EAAA;;wBAA1C,UAAU,GAAG,SAA6B;wBAE1C,OAAO,GAAG,IAAA,iBAAY,EAAC,iBAAiB,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;wBAEzB,qBAAM,OAAO,CAAC,GAAG,CAGzD,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,OAAO,CAAC,kBAAkB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,EAAA;;wBAH9D,KAAA,sBAAoC,SAG0B,KAAA,EAH7D,cAAc,QAAA,EAAE,eAAe,QAAA;wBAKtC,6BAA6B;wBAC7B,qBAAM,IAAA,oBAAS,EAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAA;;wBADpE,6BAA6B;wBAC7B,SAAoE,CAAC;wBAEjE,WAAW,SAAA,CAAC;wBAChB,IAAI,iBAAiB,EAAE;4BACrB,WAAW,GAAG,cAAc,CAAC;yBAC9B;6BAAM;4BACL,WAAW,GAAG,cAAc,CAAC,YAAY,CACvC,IAAA,sBAAW,EAAC,cAAc,CAAC,QAAQ,EAAE,eAAe,CAAC,CACtD,CAAC;yBACH;wBAED,IAAA,wBAAc,EAAC,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;wBACtE,OAAO,CAAC,GAAG,EAAE,CAAC;wBACd,IAAA,uBAAa,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;wBACjC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;;;;wBAElB,IAAI,KAAG,YAAY,wBAAe,EAAE;4BAClC,OAAO,CAAC,IAAI,CAAC,KAAG,CAAC,OAAO,CAAC,CAAC;4BAC1B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,eAAe,CAAC,EAAC;yBAC/C;wBACD,IAAI,KAAG,YAAY,mBAAU,EAAE;4BAC7B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,UAAU,CAAC,EAAC;yBAC1C;wBACD,IAAI,CAAC,cAAO,IAAI,KAAG,YAAY,KAAK,EAAE;4BACpC,OAAO,CAAC,KAAK,CAAC,KAAG,CAAC,OAAO,CAAC,CAAC;4BAC3B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,YAAY,CAAC,EAAC;yBAC5C;wBAED,MAAM,KAAG,CAAC;;;;;KAEb;CACF,CAAC"}
+{"version":3,"file":"command.js","sourceRoot":"","sources":["../../../src/cli/scan/command.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6BAA4C;AAC5C,wCAAwC;AACxC,6BAAiC;AAKjC,mFAA4E;AAC5E,uCAA2D;AAE3D,6CAA+C;AAC/C,2CAA6C;AAC7C,+EAAyD;AACzD,6EAAuD;AAEvD,wCAAuC;AACvC,iEAA2C;AAG3C,sDAAoD;AACpD,yDAAmC;AAInC,kBAAe;IACb,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,yCAAyC;IACnD,OAAO,EAAP,UAAQ,IAAU;QAChB,IAAA,kBAAQ,EAAC,IAAI,CAAC,CAAC;QAEf,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE;YACzB,QAAQ,EAAE,qBAAqB;YAC/B,KAAK,EAAE,GAAG;SACX,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YACjB,QAAQ,EAAE,gEAAgE;YAC1E,OAAO,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC;SACjD,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YACjB,QAAQ,EAAE,6DAA6D;YACvE,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IACK,OAAO,EAAb,UAAc,OAAkB;;;;;;wBACxB,KAUF,OAAoC,EATtC,SAAS,eAAA,EACT,UAAU,gBAAA,EACV,MAAM,YAAA,EACG,SAAS,aAAA,EACb,iBAAiB,SAAA,EACjB,QAAQ,SAAA,EACb,MAAM,YAAA,EACN,GAAG,SAAA,EACH,UAAU,gBAAA,CAC6B;wBAEzC,IAAI,SAAS,EAAE;4BACb,IAAA,cAAO,EAAC,IAAI,CAAC,CAAC;yBACf;wBAED,IAAI,MAAM,EAAE;4BACV,OAAO,CAAC,GAAG,CAAC,eAAe,GAAG,MAAM,CAAC;yBACtC;;;;wBAGC,IAAI,UAAU,IAAI,SAAS,EAAE;4BAC3B,MAAM,IAAI,wBAAe,CAAC,iDAAiD,CAAC,CAAC;yBAC9E;wBACD,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE;4BAC7B,MAAM,IAAI,wBAAe,CAAC,kDAAkD,CAAC,CAAC;yBAC/E;wBAEG,KAAK,GAAa,EAAE,CAAC;6BACrB,SAAS,EAAT,wBAAS;wBACX,qBAAM,IAAA,sBAAY,EAAC,WAAW,EAAE,SAAU,CAAC,EAAA;;wBAA3C,SAA2C,CAAC;wBACtC,IAAI,GAAG,IAAA,gBAAS,EAAC,WAAY,CAAC,CAAC;wBAC7B,qBAAM,IAAI,CAAI,SAAS,sBAAmB,CAAC,EAAA;;wBAAnD,KAAK,GAAG,SAA2C,CAAC;;;6BAElD,UAAU,EAAV,wBAAU;wBACZ,qBAAM,IAAA,sBAAY,EAAC,MAAM,EAAE,UAAU,CAAC,EAAA;;wBAAtC,SAAsC,CAAC;wBACvC,KAAK,GAAG,CAAC,UAAU,CAAC,CAAC;;4BAGJ,qBAAM,IAAA,uCAAe,EAAC,MAAM,CAAC,EAAA;;wBAA1C,UAAU,GAAG,SAA6B;wBAE1C,OAAO,GAAG,IAAA,iBAAY,EAAC,iBAAiB,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;wBAEzB,qBAAM,OAAO,CAAC,GAAG,CAGzD,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,OAAO,CAAC,kBAAkB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,EAAA;;wBAH9D,KAAA,sBAAoC,SAG0B,KAAA,EAH7D,cAAc,QAAA,EAAE,eAAe,QAAA;wBAKtC,6BAA6B;wBAC7B,qBAAM,IAAA,oBAAS,EAAC,UAAU,EAAE,YAAY,CAAC,cAAc,CAAC,CAAC,EAAA;;wBADzD,6BAA6B;wBAC7B,SAAyD,CAAC;wBAEtD,WAAW,SAAA,CAAC;wBAChB,IAAI,iBAAiB,EAAE;4BACrB,WAAW,GAAG,cAAc,CAAC;yBAC9B;6BAAM;4BACL,WAAW,GAAG,cAAc,CAAC,YAAY,CACvC,IAAA,sBAAW,EAAC,cAAc,CAAC,QAAQ,EAAE,eAAe,CAAC,CACtD,CAAC;yBACH;wBAED,IAAA,wBAAc,EAAC,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;wBACtE,OAAO,CAAC,GAAG,EAAE,CAAC;wBACd,IAAA,uBAAa,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;wBACjC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;;;;wBAElB,IAAI,KAAG,YAAY,wBAAe,EAAE;4BAClC,OAAO,CAAC,IAAI,CAAC,KAAG,CAAC,OAAO,CAAC,CAAC;4BAC1B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,eAAe,CAAC,EAAC;yBAC/C;wBACD,IAAI,KAAG,YAAY,mBAAU,EAAE;4BAC7B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,UAAU,CAAC,EAAC;yBAC1C;wBACD,IAAI,CAAC,cAAO,IAAI,KAAG,YAAY,KAAK,EAAE;4BACpC,OAAO,CAAC,KAAK,CAAC,KAAG,CAAC,OAAO,CAAC,CAAC;4BAC3B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,YAAY,CAAC,EAAC;yBAC5C;wBAED,MAAM,KAAG,CAAC;;;;;KAEb;CACF,CAAC;AAEF,SAAS,cAAc,CAAC,EAOP;QANC,IAAI,iBAAA,EACD,OAAO,oBAAA,EACJ,UAAU,uBAAA,EACjB,GAAG,gBAAA,EACG,SAAS,sBAAA,EACT,SAAS,sBAAA;IAE9B,IAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,GAAG,EAAE,IAAI,GAAG,CAAC;QACb,MAAM,EAAE,OAAO,GAAG,CAAC;QACnB,GAAG,EAAE,GAAG,GAAG,CAAC;QACZ,QAAQ,EAAE,SAAS,GAAG,CAAC;QACvB,QAAQ,EAAE,SAAS,GAAG,CAAC;KACxB,CAAC;SACC,MAAM,CAAC,UAAC,EAAK;YAAL,KAAA,aAAK,EAAF,CAAC,QAAA;QAAM,OAAA,CAAC;IAAD,CAAC,CAAC;SACpB,GAAG,CAAC,UAAC,EAAG;YAAH,KAAA,aAAG,EAAF,CAAC,QAAA;QAAM,OAAA,CAAC;IAAD,CAAC,CAAC,CAAC;IAEnB,OAAO,UAAU,QAAkB;QACjC,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAC,EAAM;gBAAN,KAAA,aAAM,EAAL,CAAC,QAAA,EAAE,CAAC,QAAA;YACpC,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YACvC,IAAI,CAAC,KAAK,YAAY;gBAAE,OAAQ,CAAC,CAAC,IAAI,EAAE,CAAa,CAAC,MAAM,KAAK,UAAU,CAAC;YAC5E,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CACH,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,IAAI,CAAO,OAAoB,EAAE,GAAgB;;IACxD,IAAM,MAAM,GAAG,IAAI,GAAG,EAAQ,CAAC;;QAE/B,KAAoB,IAAA,YAAA,SAAA,OAAO,CAAA,gCAAA,qDAAE;YAAxB,IAAM,KAAK,oBAAA;YACd,IAAM,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC;YACrB,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBAAE,SAAS;YAC5B,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;SACtB;;;;;;;;;IAED,OAAO,MAAM,CAAC,MAAM,EAAE,CAAC;AACzB,CAAC;AAED,0DAA0D;AAC1D,SAAS,YAAY,CAAC,cAA2B;IACzC,IAAA,kBAA6C,cAAc,CAAE,EAA3D,OAAO,aAAA,EAAE,cAAc,oBAAA,EAAE,QAAQ,cAA0B,CAAC;IAEpE,gDAAgD;IAChD,IAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACtD,IAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CACjC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,UAAC,EAAc;YAAd,KAAA,aAAc,EAAb,EAAE,QAAA,EAAE,QAAQ,QAAA;QAAM,OAAA,CAAC,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAAtB,CAAsB,CAAC,CAC/E,CAAC;IAEF,yCAAyC;IACzC,IAAM,cAAc,4BAAO,IAAI,CAAC,QAAQ,EAAE,UAAC,EAAQ;YAAN,IAAI,UAAA;QAAO,OAAA,IAAI;IAAJ,CAAI,CAAC,SAAC,CAAC;IAE/D,OAAO,IAAI,CAAC,SAAS,uBAEd,cAAc,KACjB,OAAO,wBAAO,OAAO,KAAE,WAAW,EAAE,cAAc,CAAC,MAAM,KACzD,cAAc,EAAE,QAAQ,EACxB,QAAQ,EAAE,cAAc,KAE1B,IAAI,EACJ,CAAC,CACF,CAAC;AACJ,CAAC"}

package/built/report/findingsReport.js

@@ -30,6 +30,10 @@ function default_1(findings, appMapMetadata, ide) {
         writeln("\tAppMap name:\t" + appMapMetadata[finding.appMapFile].name);
         writeln(eventMsg);
         writeln("\tScope:\t" + finding.scope.id + " - " + finding.scope.toString());
+        if (finding.stack.length > 0) {
+            writeln("\tStack trace:");
+            finding.stack.forEach(function (frame) { return console.log("\t\t" + frame); });
+        }
         writeln();
     });
 }

package/built/report/findingsReport.js.map

@@ -1 +1 @@
-{"version":3,"file":"findingsReport.js","sourceRoot":"","sources":["../../src/report/findingsReport.ts"],"names":[],"mappings":";;;;;AACA,gDAA0B;AAC1B,0CAA4C;AAG5C,SAAS,OAAO,CAAC,IAAS;IAAT,qBAAA,EAAA,SAAS;IACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED,mBACE,QAAmB,EACnB,cAAwC,EACxC,GAAY;IAEZ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO;KACR;IACD,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,QAAQ,CAAC,OAAO,CAAC,UAAC,OAAO;QACvB,IAAM,QAAQ,GACZ,GAAG,IAAI,OAAO,CAAC,UAAU;YACvB,CAAC,CAAC,IAAA,cAAO,EAAC,OAAO,CAAC,UAAU,EAAE,GAAG,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACpD,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;QACzB,IAAI,QAAQ,GAAG,eAAa,OAAO,CAAC,KAAK,CAAC,EAAE,WAAM,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAI,CAAC;QAC7E,IAAI,OAAO,CAAC,KAAK,CAAC,WAAW,KAAK,SAAS,EAAE;YAC3C,QAAQ,IAAI,OAAK,OAAO,CAAC,KAAK,CAAC,WAAW,OAAI,CAAC;SAChD;QAED,IAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAChC,OAAO,CAAC,eAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;QAChC,OAAO,CAAC,cAAY,eAAK,CAAC,IAAI,CAAC,QAAQ,CAAG,CAAC,CAAC;QAC5C,OAAO,CAAC,cAAY,OAAO,CAAC,MAAQ,CAAC,CAAC;QACtC,OAAO,CAAC,qBAAmB,cAAc,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAM,CAAC,CAAC;QACtE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAClB,OAAO,CAAC,eAAa,OAAO,CAAC,KAAK,CAAC,EAAE,WAAM,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAI,CAAC,CAAC;QACvE,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AA5BD,4BA4BC"}
+{"version":3,"file":"findingsReport.js","sourceRoot":"","sources":["../../src/report/findingsReport.ts"],"names":[],"mappings":";;;;;AACA,gDAA0B;AAC1B,0CAA4C;AAG5C,SAAS,OAAO,CAAC,IAAS;IAAT,qBAAA,EAAA,SAAS;IACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED,mBACE,QAAmB,EACnB,cAAwC,EACxC,GAAY;IAEZ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO;KACR;IACD,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,QAAQ,CAAC,OAAO,CAAC,UAAC,OAAO;QACvB,IAAM,QAAQ,GACZ,GAAG,IAAI,OAAO,CAAC,UAAU;YACvB,CAAC,CAAC,IAAA,cAAO,EAAC,OAAO,CAAC,UAAU,EAAE,GAAG,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACpD,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;QACzB,IAAI,QAAQ,GAAG,eAAa,OAAO,CAAC,KAAK,CAAC,EAAE,WAAM,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAI,CAAC;QAC7E,IAAI,OAAO,CAAC,KAAK,CAAC,WAAW,KAAK,SAAS,EAAE;YAC3C,QAAQ,IAAI,OAAK,OAAO,CAAC,KAAK,CAAC,WAAW,OAAI,CAAC;SAChD;QAED,IAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAChC,OAAO,CAAC,eAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;QAChC,OAAO,CAAC,cAAY,eAAK,CAAC,IAAI,CAAC,QAAQ,CAAG,CAAC,CAAC;QAC5C,OAAO,CAAC,cAAY,OAAO,CAAC,MAAQ,CAAC,CAAC;QACtC,OAAO,CAAC,qBAAmB,cAAc,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAM,CAAC,CAAC;QACtE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAClB,OAAO,CAAC,eAAa,OAAO,CAAC,KAAK,CAAC,EAAE,WAAM,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAI,CAAC,CAAC;QACvE,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;YAC5B,OAAO,CAAC,gBAAgB,CAAC,CAAC;YAC1B,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,UAAC,KAAK,IAAK,OAAA,OAAO,CAAC,GAAG,CAAC,SAAO,KAAO,CAAC,EAA3B,CAA2B,CAAC,CAAC;SAC/D;QACD,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AAhCD,4BAgCC"}

package/built/report/scanResults.js

@@ -76,6 +76,10 @@ function collectMetadata(metadata) {
  */
 var ScanResults = /** @class */ (function () {
     function ScanResults(configuration, appMapMetadata, findings, checks) {
+        this.configuration = configuration;
+        this.appMapMetadata = appMapMetadata;
+        this.findings = findings;
+        this.checks = checks;
         this.summary = {
             numAppMaps: Object.keys(appMapMetadata).length,
             numChecks: checks.length * Object.keys(appMapMetadata).length,
@@ -84,15 +88,6 @@ var ScanResults = /** @class */ (function () {
             numFindings: findings.length,
             appMapMetadata: collectMetadata(Object.values(appMapMetadata)),
         };
-        this.configuration = configuration;
-        var appMapFiles = new Set(findings.map(function (finding) { return finding.appMapFile; }));
-        this.appMaps = __spreadArray([], __read(appMapFiles), false).reduce(function (memo, appMapFile) {
-            memo[appMapFile] = appMapMetadata[appMapFile];
-            return memo;
-        }, {});
-        this.findings = findings;
-        this.appMapMetadata = appMapMetadata;
-        this.checks = checks;
     }
     ScanResults.prototype.withFindings = function (findings) {
         return new ScanResults(this.configuration, this.appMapMetadata, findings, this.checks);

package/built/report/scanResults.js.map

@@ -1 +1 @@
-{"version":3,"file":"scanResults.js","sourceRoot":"","sources":["../../src/report/scanResults.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,SAAS,eAAe,CAAC,QAAoB;IAC3C,IAAM,UAAU,GAAG,IAAI,GAAG,EAAE,CAAC;IAC7B,IAAM,YAAY,GAAG,IAAI,GAAG,EAAE,CAAC;IAC/B,IAAM,aAAa,GAAG,IAAI,GAAG,EAAE,CAAC;IAChC,IAAM,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;IACnC,IAAM,SAAS,GAAG,IAAI,GAAG,EAAE,CAAC;IAC5B,IAAM,eAAe,GAAG,IAAI,GAAG,EAAE,CAAC;IAClC,IAAM,eAAe,GAAG,IAAI,GAAG,EAAE,CAAC;IAClC,IAAM,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;IAEnC,SAAS,gBAAgB,CAAC,MAAgB,EAAE,OAAmB,EAAE,IAAqB;QACpF,IAAI,IAAI,KAAK,SAAS,EAAE;YACtB,OAAO;SACR;QAED,IAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;YACpB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAChB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;SACpB;IACH,CAAC;IAED,SAAS,iBAAiB,CACxB,MAAgB,EAChB,OAAmB,EACnB,KAAwB;QAExB,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,UAAC,IAAI,IAAK,OAAA,gBAAgB,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAvC,CAAuC,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,QAAQ,CAAC,MAAM,CACpB,UAAC,IAAI,EAAE,cAAc;QACnB,gBAAgB,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;QAC5D,iBAAiB,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;QACpE,gBAAgB,CAAC,aAAa,EAAE,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;QACrE,iBAAiB,CAAC,gBAAgB,EAAE,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;QAChF,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;QAC1D,gBAAgB,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC3E,gBAAgB,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC3E,gBAAgB,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,SAAS,CAAC,CAAC;QAC7E,OAAO,IAAI,CAAC;IACd,CAAC,EACD;QACE,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,EAAE;QACR,OAAO,EAAE,EAAE;QACX,UAAU,EAAE,EAAE;QACd,GAAG,EAAE,EAAE;QACP,SAAS,EAAE,EAAE;QACb,SAAS,EAAE,EAAE;QACb,YAAY,EAAE,EAAE;QAChB,UAAU,EAAE,EAAE;KACG,CACpB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH;IASE,qBACE,aAA4B,EAC5B,cAAwC,EACxC,QAAmB,EACnB,MAAe;QAEf,IAAI,CAAC,OAAO,GAAG;YACb,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM;YAC9C,SAAS,EAAE,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM;YAC7D,KAAK,EAAE,yBAAI,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAC,KAAK,IAAK,OAAA,KAAK,CAAC,IAAI,CAAC,EAAE,EAAb,CAAa,CAAC,CAAC,UAAE,IAAI,EAAE;YAChE,UAAU,EAAE,yBAAI,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAC,KAAK,IAAK,OAAA,KAAK,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,EAAvB,CAAuB,CAAC,CAAC,IAAI,EAAE,CAAC,UAAE,IAAI,EAAE;YACtF,WAAW,EAAE,QAAQ,CAAC,MAAM;YAC5B,cAAc,EAAE,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;SAC/D,CAAC;QACF,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAC,OAAO,IAAK,OAAA,OAAO,CAAC,UAAU,EAAlB,CAAkB,CAAC,CAAC,CAAC;QAC3E,IAAI,CAAC,OAAO,GAAG,yBAAI,WAAW,UAAE,MAAM,CAAC,UAAC,IAAI,EAAE,UAAU;YACtD,IAAI,CAAC,UAAU,CAAC,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;YAC9C,OAAO,IAAI,CAAC;QACd,CAAC,EAAE,EAA8B,CAAC,CAAC;QACnC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,kCAAY,GAAZ,UAAa,QAAmB;QAC9B,OAAO,IAAI,WAAW,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,cAAc,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IACzF,CAAC;IACH,kBAAC;AAAD,CAAC,AAtCD,IAsCC;AAtCY,kCAAW"}
+{"version":3,"file":"scanResults.js","sourceRoot":"","sources":["../../src/report/scanResults.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,SAAS,eAAe,CAAC,QAAoB;IAC3C,IAAM,UAAU,GAAG,IAAI,GAAG,EAAE,CAAC;IAC7B,IAAM,YAAY,GAAG,IAAI,GAAG,EAAE,CAAC;IAC/B,IAAM,aAAa,GAAG,IAAI,GAAG,EAAE,CAAC;IAChC,IAAM,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;IACnC,IAAM,SAAS,GAAG,IAAI,GAAG,EAAE,CAAC;IAC5B,IAAM,eAAe,GAAG,IAAI,GAAG,EAAE,CAAC;IAClC,IAAM,eAAe,GAAG,IAAI,GAAG,EAAE,CAAC;IAClC,IAAM,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;IAEnC,SAAS,gBAAgB,CAAC,MAAgB,EAAE,OAAmB,EAAE,IAAqB;QACpF,IAAI,IAAI,KAAK,SAAS,EAAE;YACtB,OAAO;SACR;QAED,IAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;YACpB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAChB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;SACpB;IACH,CAAC;IAED,SAAS,iBAAiB,CACxB,MAAgB,EAChB,OAAmB,EACnB,KAAwB;QAExB,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,UAAC,IAAI,IAAK,OAAA,gBAAgB,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAvC,CAAuC,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,QAAQ,CAAC,MAAM,CACpB,UAAC,IAAI,EAAE,cAAc;QACnB,gBAAgB,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;QAC5D,iBAAiB,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;QACpE,gBAAgB,CAAC,aAAa,EAAE,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;QACrE,iBAAiB,CAAC,gBAAgB,EAAE,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;QAChF,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;QAC1D,gBAAgB,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC3E,gBAAgB,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC3E,gBAAgB,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,SAAS,CAAC,CAAC;QAC7E,OAAO,IAAI,CAAC;IACd,CAAC,EACD;QACE,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,EAAE;QACR,OAAO,EAAE,EAAE;QACX,UAAU,EAAE,EAAE;QACd,GAAG,EAAE,EAAE;QACP,SAAS,EAAE,EAAE;QACb,SAAS,EAAE,EAAE;QACb,YAAY,EAAE,EAAE;QAChB,UAAU,EAAE,EAAE;KACG,CACpB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH;IAGE,qBACS,aAA4B,EAC5B,cAAwC,EACxC,QAAmB,EACnB,MAAe;QAHf,kBAAa,GAAb,aAAa,CAAe;QAC5B,mBAAc,GAAd,cAAc,CAA0B;QACxC,aAAQ,GAAR,QAAQ,CAAW;QACnB,WAAM,GAAN,MAAM,CAAS;QAEtB,IAAI,CAAC,OAAO,GAAG;YACb,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM;YAC9C,SAAS,EAAE,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM;YAC7D,KAAK,EAAE,yBAAI,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAC,KAAK,IAAK,OAAA,KAAK,CAAC,IAAI,CAAC,EAAE,EAAb,CAAa,CAAC,CAAC,UAAE,IAAI,EAAE;YAChE,UAAU,EAAE,yBAAI,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAC,KAAK,IAAK,OAAA,KAAK,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,EAAvB,CAAuB,CAAC,CAAC,IAAI,EAAE,CAAC,UAAE,IAAI,EAAE;YACtF,WAAW,EAAE,QAAQ,CAAC,MAAM;YAC5B,cAAc,EAAE,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;SAC/D,CAAC;IACJ,CAAC;IAED,kCAAY,GAAZ,UAAa,QAAmB;QAC9B,OAAO,IAAI,WAAW,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,cAAc,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IACzF,CAAC;IACH,kBAAC;AAAD,CAAC,AAtBD,IAsBC;AAtBY,kCAAW"}

package/built/ruleChecker.js

@@ -46,6 +46,31 @@ var __values = (this && this.__values) || function(o) {
     };
     throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
 };
+var __read = (this && this.__read) || function (o, n) {
+    var m = typeof Symbol === "function" && o[Symbol.iterator];
+    if (!m) return o;
+    var i = m.call(o), r, ar = [], e;
+    try {
+        while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);
+    }
+    catch (error) { e = { error: error }; }
+    finally {
+        try {
+            if (r && !r.done && (m = i["return"])) m.call(i);
+        }
+        finally { if (e) throw e.error; }
+    }
+    return ar;
+};
+var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
+    if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
+        if (ar || !(i in from)) {
+            if (!ar) ar = Array.prototype.slice.call(from, 0, i);
+            ar[i] = from[i];
+        }
+    }
+    return to.concat(ar || Array.prototype.slice.call(from));
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -202,6 +227,9 @@ var RuleChecker = /** @class */ (function () {
                             //   at hashEvent (/Users/kgilpin/source/appland/scanner/node_modules/@appland/models/dist/index.cjs:1714:14)
                             //   at Event.get hash [as hash] (/Users/kgilpin/source/appland/scanner/node_modules/@appland/models/dist/index.cjs:3325:27)
                             findingEvent.message || (findingEvent.message = []);
+                            var stack = __spreadArray([
+                                findingEvent.codeObject.location
+                            ], __read(findingEvent.ancestors().map(function (ancestor) { return ancestor.codeObject.location; })), false).filter(Boolean);
                             return {
                                 appMapFile: appMapFile,
                                 checkId: checkInstance.checkId,
@@ -209,6 +237,7 @@ var RuleChecker = /** @class */ (function () {
                                 ruleTitle: checkInstance.title,
                                 event: findingEvent,
                                 hash: findingEvent.hash,
+                                stack: stack,
                                 scope: scope,
                                 message: message || checkInstance.title,
                                 groupMessage: groupMessage,

package/built/ruleChecker.js.map

@@ -1 +1 @@
-{"version":3,"file":"ruleChecker.js","sourceRoot":"","sources":["../src/ruleChecker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,mCAAsC;AAEtC,yCAA2C;AAE3C,gEAA0C;AAC1C,0FAAoE;AACpE,0FAAoE;AACpE,sEAAgD;AAChD,oFAA8D;AAC9D,kEAA4C;AAE5C;IAAA;QACU,WAAM,GAAkC;YAC9C,IAAI,EAAE,IAAI,mBAAS,EAAE;YACrB,OAAO,EAAE,IAAI,sBAAY,EAAE;YAC3B,mBAAmB,EAAE,IAAI,gCAAsB,EAAE;YACjD,mBAAmB,EAAE,IAAI,gCAAsB,EAAE;YACjD,WAAW,EAAE,IAAI,6BAAmB,EAAE;SACvC,CAAC;IA+IJ,CAAC;IA7IO,2BAAK,GAAX,UACE,UAAkB,EAClB,MAAc,EACd,KAAY,EACZ,QAAmB;;;;;;;wBAEnB,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,OAAO,CAAC,IAAI,CAAC,qBAAmB,MAAM,CAAC,IAAI,oBAAe,KAAK,CAAC,KAAO,CAAC,CAAC;yBAC1E;wBACK,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;wBAC/C,IAAI,CAAC,aAAa,EAAE;4BAClB,MAAM,IAAI,mBAAU,CAAC,0BAAuB,KAAK,CAAC,KAAK,OAAG,CAAC,CAAC;yBAC7D;wBAEK,UAAU,GAAG;;;;;wCACR,CAAC,GAAG,CAAC;;;6CAAE,CAAA,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAA;wCACtC,qBAAM,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAA;;wCAAtB,SAAsB,CAAC;;;wCADiB,CAAC,EAAE,CAAA;;;;;yBAG9C,CAAC;;;;wBAEkB,KAAA,SAAA,aAAa,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAA;;;;wBAA3C,KAAK;wBACd,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,OAAO,CAAC,IAAI,CAAC,WAAS,KAAK,CAAC,KAAO,CAAC,CAAC;yBACtC;wBACK,aAAa,GAAG,IAAI,uBAAa,CAAC,KAAK,CAAC,CAAC;wBAC/C,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE;4BAC3C,yBAAS;yBACV;6BACG,aAAa,CAAC,cAAc,EAA5B,yBAA4B;;;;wBACV,oBAAA,SAAA,KAAK,CAAC,MAAM,EAAE,CAAA,CAAA;;;;wBAAvB,KAAK;wBACd,qBAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,CAAC,EAAA;;wBAAtF,SAAsF,CAAC;;;;;;;;;;;;;;;;;6BAGzF,qBAAM,IAAI,CAAC,UAAU,CACnB,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,KAAK,EACX,UAAU,EACV,MAAM,EACN,aAAa,EACb,QAAQ,CACT,EAAA;;wBAPD,SAOC,CAAC;;;;;;;;;;;;;;;;;;;;KAGP;IAEK,gCAAU,GAAhB,UACE,KAAY,EACZ,KAAY,EACZ,UAAkB,EAClB,MAAc,EACd,aAA4B,EAC5B,QAAmB;;;;;;wBAEnB,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE;4BACnB,sBAAO;yBACR;wBACD,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,OAAO,CAAC,IAAI,CACV,eAAa,aAAa,CAAC,MAAM,YAAO,KAAK,CAAC,UAAU,CAAC,IAAI,eAAU,KAAK,CAAC,QAAQ,EAAI,CAC1F,CAAC;yBACH;wBAED,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;4BACtB,IAAI,IAAA,cAAO,GAAE,EAAE;gCACb,OAAO,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;6BACvD;4BACD,sBAAO;yBACR;wBAED,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE;4BAC7C,sBAAO;yBACR;wBAEK,YAAY,GAAG,UACnB,UAAyC,EACzC,OAAuC,EACvC,YAA4C,EAC5C,eAA+C,EAC/C,aAA8C;4BAJ9C,2BAAA,EAAA,sBAAyC;4BACzC,wBAAA,EAAA,mBAAuC;4BACvC,6BAAA,EAAA,wBAA4C;4BAC5C,gCAAA,EAAA,2BAA+C;4BAC/C,8BAAA,EAAA,yBAA8C;4BAE9C,IAAM,YAAY,GAAG,UAAU,IAAI,KAAK,CAAC;4BACzC,SAAS;4BACT,yDAAyD;4BACzD,4GAA4G;4BAC5G,6GAA6G;4BAC7G,4HAA4H;4BAC5H,YAAY,CAAC,OAAO,KAApB,YAAY,CAAC,OAAO,GAAK,EAAE,EAAC;4BAC5B,OAAO;gCACL,UAAU,YAAA;gCACV,OAAO,EAAE,aAAa,CAAC,OAAO;gCAC9B,MAAM,EAAE,aAAa,CAAC,MAAM;gCAC5B,SAAS,EAAE,aAAa,CAAC,KAAK;gCAC9B,KAAK,EAAE,YAAY;gCACnB,IAAI,EAAE,YAAY,CAAC,IAAI;gCACvB,KAAK,OAAA;gCACL,OAAO,EAAE,OAAO,IAAI,aAAa,CAAC,KAAK;gCACvC,YAAY,cAAA;gCACZ,eAAe,iBAAA;gCACf,aAAa,eAAA;6BACd,CAAC;wBACJ,CAAC,CAAC;wBAEkB,qBAAM,aAAa,CAAC,SAAS,CAAC,OAAO,CACvD,KAAK,EACL,MAAM,EACN,aAAa,CAAC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAC9C,EAAA;;wBAJK,WAAW,GAAG,SAInB;wBACK,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC;wBACpC,IAAI,WAAW,KAAK,IAAI,EAAE;4BACpB,OAAO,SAAA,CAAC;4BACZ,IAAI,aAAa,CAAC,SAAS,CAAC,OAAO,EAAE;gCAC7B,OAAO,GAAG,aAAa,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;gCAC9D,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;6BACxC;iCAAM;gCACL,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;6BAC/B;4BACD,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;yBACxB;6BAAM,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE;4BACpC,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,WAAqB,CAAC,CAAC;4BAC3D,OAAO,CAAC,OAAO,GAAG,WAAqB,CAAC;4BACxC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;yBACxB;6BAAM,IAAI,WAAW,EAAE;4BACtB,WAAW,CAAC,OAAO,CAAC,UAAC,EAAE;gCACrB,IAAM,OAAO,GAAG,YAAY,CAC1B,EAAE,CAAC,KAAK,EACR,EAAE,CAAC,OAAO,EACV,EAAE,CAAC,YAAY,EACf,EAAE,CAAC,eAAe,EAClB,EAAE,CAAC,aAAa,CACjB,CAAC;gCACF,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;4BACzB,CAAC,CAAC,CAAC;yBACJ;wBACD,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,IAAI,QAAQ,CAAC,MAAM,GAAG,WAAW,EAAE;gCACjC,QAAQ,CAAC,OAAO,CAAC,UAAC,OAAO;oCACvB,OAAA,OAAO,CAAC,GAAG,CAAC,gBAAc,OAAO,CAAC,MAAM,WAAM,OAAO,CAAC,OAAS,CAAC;gCAAhE,CAAgE,CACjE,CAAC;6BACH;yBACF;;;;;KACF;IACH,kBAAC;AAAD,CAAC,AAtJD,IAsJC"}
+{"version":3,"file":"ruleChecker.js","sourceRoot":"","sources":["../src/ruleChecker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,mCAAsC;AAEtC,yCAA2C;AAE3C,gEAA0C;AAC1C,0FAAoE;AACpE,0FAAoE;AACpE,sEAAgD;AAChD,oFAA8D;AAC9D,kEAA4C;AAE5C;IAAA;QACU,WAAM,GAAkC;YAC9C,IAAI,EAAE,IAAI,mBAAS,EAAE;YACrB,OAAO,EAAE,IAAI,sBAAY,EAAE;YAC3B,mBAAmB,EAAE,IAAI,gCAAsB,EAAE;YACjD,mBAAmB,EAAE,IAAI,gCAAsB,EAAE;YACjD,WAAW,EAAE,IAAI,6BAAmB,EAAE;SACvC,CAAC;IAoJJ,CAAC;IAlJO,2BAAK,GAAX,UACE,UAAkB,EAClB,MAAc,EACd,KAAY,EACZ,QAAmB;;;;;;;wBAEnB,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,OAAO,CAAC,IAAI,CAAC,qBAAmB,MAAM,CAAC,IAAI,oBAAe,KAAK,CAAC,KAAO,CAAC,CAAC;yBAC1E;wBACK,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;wBAC/C,IAAI,CAAC,aAAa,EAAE;4BAClB,MAAM,IAAI,mBAAU,CAAC,0BAAuB,KAAK,CAAC,KAAK,OAAG,CAAC,CAAC;yBAC7D;wBAEK,UAAU,GAAG;;;;;wCACR,CAAC,GAAG,CAAC;;;6CAAE,CAAA,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAA;wCACtC,qBAAM,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAA;;wCAAtB,SAAsB,CAAC;;;wCADiB,CAAC,EAAE,CAAA;;;;;yBAG9C,CAAC;;;;wBAEkB,KAAA,SAAA,aAAa,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAA;;;;wBAA3C,KAAK;wBACd,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,OAAO,CAAC,IAAI,CAAC,WAAS,KAAK,CAAC,KAAO,CAAC,CAAC;yBACtC;wBACK,aAAa,GAAG,IAAI,uBAAa,CAAC,KAAK,CAAC,CAAC;wBAC/C,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE;4BAC3C,yBAAS;yBACV;6BACG,aAAa,CAAC,cAAc,EAA5B,yBAA4B;;;;wBACV,oBAAA,SAAA,KAAK,CAAC,MAAM,EAAE,CAAA,CAAA;;;;wBAAvB,KAAK;wBACd,qBAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,CAAC,EAAA;;wBAAtF,SAAsF,CAAC;;;;;;;;;;;;;;;;;6BAGzF,qBAAM,IAAI,CAAC,UAAU,CACnB,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,KAAK,EACX,UAAU,EACV,MAAM,EACN,aAAa,EACb,QAAQ,CACT,EAAA;;wBAPD,SAOC,CAAC;;;;;;;;;;;;;;;;;;;;KAGP;IAEK,gCAAU,GAAhB,UACE,KAAY,EACZ,KAAY,EACZ,UAAkB,EAClB,MAAc,EACd,aAA4B,EAC5B,QAAmB;;;;;;wBAEnB,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE;4BACnB,sBAAO;yBACR;wBACD,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,OAAO,CAAC,IAAI,CACV,eAAa,aAAa,CAAC,MAAM,YAAO,KAAK,CAAC,UAAU,CAAC,IAAI,eAAU,KAAK,CAAC,QAAQ,EAAI,CAC1F,CAAC;yBACH;wBAED,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;4BACtB,IAAI,IAAA,cAAO,GAAE,EAAE;gCACb,OAAO,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;6BACvD;4BACD,sBAAO;yBACR;wBAED,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE;4BAC7C,sBAAO;yBACR;wBAEK,YAAY,GAAG,UACnB,UAAyC,EACzC,OAAuC,EACvC,YAA4C,EAC5C,eAA+C,EAC/C,aAA8C;4BAJ9C,2BAAA,EAAA,sBAAyC;4BACzC,wBAAA,EAAA,mBAAuC;4BACvC,6BAAA,EAAA,wBAA4C;4BAC5C,gCAAA,EAAA,2BAA+C;4BAC/C,8BAAA,EAAA,yBAA8C;4BAE9C,IAAM,YAAY,GAAG,UAAU,IAAI,KAAK,CAAC;4BACzC,SAAS;4BACT,yDAAyD;4BACzD,4GAA4G;4BAC5G,6GAA6G;4BAC7G,4HAA4H;4BAC5H,YAAY,CAAC,OAAO,KAApB,YAAY,CAAC,OAAO,GAAK,EAAE,EAAC;4BAC5B,IAAM,KAAK,GAAa;gCACtB,YAAY,CAAC,UAAU,CAAC,QAAQ;sCAC7B,YAAY,CAAC,SAAS,EAAE,CAAC,GAAG,CAAC,UAAC,QAAQ,IAAK,OAAA,QAAQ,CAAC,UAAU,CAAC,QAAQ,EAA5B,CAA4B,CAAC,UAC3E,MAAM,CAAC,OAAO,CAAC,CAAC;4BAClB,OAAO;gCACL,UAAU,YAAA;gCACV,OAAO,EAAE,aAAa,CAAC,OAAO;gCAC9B,MAAM,EAAE,aAAa,CAAC,MAAM;gCAC5B,SAAS,EAAE,aAAa,CAAC,KAAK;gCAC9B,KAAK,EAAE,YAAY;gCACnB,IAAI,EAAE,YAAY,CAAC,IAAI;gCACvB,KAAK,OAAA;gCACL,KAAK,OAAA;gCACL,OAAO,EAAE,OAAO,IAAI,aAAa,CAAC,KAAK;gCACvC,YAAY,cAAA;gCACZ,eAAe,iBAAA;gCACf,aAAa,eAAA;6BACH,CAAC;wBACf,CAAC,CAAC;wBAEkB,qBAAM,aAAa,CAAC,SAAS,CAAC,OAAO,CACvD,KAAK,EACL,MAAM,EACN,aAAa,CAAC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAC9C,EAAA;;wBAJK,WAAW,GAAG,SAInB;wBACK,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC;wBACpC,IAAI,WAAW,KAAK,IAAI,EAAE;4BACpB,OAAO,SAAA,CAAC;4BACZ,IAAI,aAAa,CAAC,SAAS,CAAC,OAAO,EAAE;gCAC7B,OAAO,GAAG,aAAa,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;gCAC9D,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;6BACxC;iCAAM;gCACL,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;6BAC/B;4BACD,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;yBACxB;6BAAM,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE;4BACpC,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,WAAqB,CAAC,CAAC;4BAC3D,OAAO,CAAC,OAAO,GAAG,WAAqB,CAAC;4BACxC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;yBACxB;6BAAM,IAAI,WAAW,EAAE;4BACtB,WAAW,CAAC,OAAO,CAAC,UAAC,EAAE;gCACrB,IAAM,OAAO,GAAG,YAAY,CAC1B,EAAE,CAAC,KAAK,EACR,EAAE,CAAC,OAAO,EACV,EAAE,CAAC,YAAY,EACf,EAAE,CAAC,eAAe,EAClB,EAAE,CAAC,aAAa,CACjB,CAAC;gCACF,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;4BACzB,CAAC,CAAC,CAAC;yBACJ;wBACD,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,IAAI,QAAQ,CAAC,MAAM,GAAG,WAAW,EAAE;gCACjC,QAAQ,CAAC,OAAO,CAAC,UAAC,OAAO;oCACvB,OAAA,OAAO,CAAC,GAAG,CAAC,gBAAc,OAAO,CAAC,MAAM,WAAM,OAAO,CAAC,OAAS,CAAC;gCAAhE,CAAgE,CACjE,CAAC;6BACH;yBACF;;;;;KACF;IACH,kBAAC;AAAD,CAAC,AA3JD,IA2JC"}

package/built/rules/deserializationOfUntrustedData.js

@@ -112,7 +112,8 @@ function build() {
         try {
             for (var _b = __values(new models_1.EventNavigator(rootEvent).descendants()), _c = _b.next(); !_c.done; _c = _b.next()) {
                 var event = _c.value;
-                if (event.event.labels.has(DeserializeUnsafe)) {
+                if (event.event.labels.has(DeserializeUnsafe) &&
+                    !event.event.ancestors().find(function (ancestor) { return ancestor.labels.has(DeserializeSafe); })) {
                     if (allArgumentsSanitized(rootEvent, event.event)) {
                         return;
                     }
@@ -141,11 +142,12 @@ function build() {
     };
 }
 var DeserializeUnsafe = 'deserialize.unsafe';
+var DeserializeSafe = 'deserialize.safe';
 var Sanitize = 'sanitize';
 exports.default = {
     id: 'deserialization-of-untrusted-data',
     title: 'Deserialization of untrusted data',
-    labels: [DeserializeUnsafe, Sanitize],
+    labels: [DeserializeUnsafe, DeserializeSafe, Sanitize],
     impactDomain: 'Security',
     enumerateScope: false,
     references: {

package/built/rules/deserializationOfUntrustedData.js.map

@@ -1 +1 @@
-{"version":3,"file":"deserializationOfUntrustedData.js","sourceRoot":"","sources":["../../src/rules/deserializationOfUntrustedData.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAAwD;AAExD,2BAA0B;AAE1B,SAAS,aAAa,CAAC,KAAY,EAAE,QAAgB,EAAE,KAAa;IAClE,OAAO,CACL,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC;QACvB,CAAC,CAAC,KAAK,CAAC,WAAW;QACnB,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS;QAC7B,KAAK,CAAC,WAAW,CAAC,SAAS,KAAK,QAAQ,CACzC,CAAC;AACJ,CAAC;AAED,SAAU,eAAe,CAAC,SAAgB,EAAE,MAAa;;;;;;;gBACnC,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA;;;;gBAApD,KAAK;gBACd,IAAI,KAAK,CAAC,KAAK,KAAK,MAAM,EAAE;oBAC1B,wBAAM;iBACP;gBACD,qBAAM,KAAK,EAAA;;gBAAX,SAAW,CAAC;;;;;;;;;;;;;;;;;;;CAEf;AAED,SAAS,qBAAqB,CAAC,SAAgB,EAAE,KAAY;IAC3D,OAAO,CAAC,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,UAAC,SAAS,IAAK,OAAA,SAAS,CAAC,SAAS,EAAnB,CAAmB,CAAC;SAC1C,KAAK,CAAC,UAAC,SAAS;;;YACf,KAAwB,IAAA,KAAA,SAAA,eAAe,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA,gBAAA,4BAAE;gBAAtD,IAAM,SAAS,WAAA;gBAClB,IAAI,aAAa,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,SAAU,EAAE,QAAQ,CAAC,EAAE;oBAClE,OAAO,IAAI,CAAC;iBACb;aACF;;;;;;;;;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,SAAgB;;;YAC/B,KAAoB,IAAA,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA,gBAAA,4BAAE;gBAA5D,IAAM,KAAK,WAAA;gBACd,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE;oBAC7C,IAAI,qBAAqB,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE;wBACjD,OAAO;qBACR;yBAAM;wBACL,OAAO;4BACL;gCACE,KAAK,EAAE,OAAO;gCACd,KAAK,EAAE,KAAK,CAAC,KAAK;gCAClB,OAAO,EAAK,KAAK,CAAC,KAAK,iCAA8B;6BACtD;yBACF,CAAC;qBACH;iBACF;aACF;;;;;;;;;IACH,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,IAAM,iBAAiB,GAAG,oBAAoB,CAAC;AAC/C,IAAM,QAAQ,GAAG,UAAU,CAAC;AAE5B,kBAAe;IACb,EAAE,EAAE,mCAAmC;IACvC,KAAK,EAAE,mCAAmC;IAC1C,MAAM,EAAE,CAAC,iBAAiB,EAAE,QAAQ,CAAC;IACrC,YAAY,EAAE,UAAU;IACxB,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;QACrE,eAAe,EAAE,IAAI,SAAG,CAAC,0DAA0D,CAAC;KACrF;IACD,KAAK,OAAA;CACE,CAAC"}
+{"version":3,"file":"deserializationOfUntrustedData.js","sourceRoot":"","sources":["../../src/rules/deserializationOfUntrustedData.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAAwD;AAExD,2BAA0B;AAE1B,SAAS,aAAa,CAAC,KAAY,EAAE,QAAgB,EAAE,KAAa;IAClE,OAAO,CACL,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC;QACvB,CAAC,CAAC,KAAK,CAAC,WAAW;QACnB,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS;QAC7B,KAAK,CAAC,WAAW,CAAC,SAAS,KAAK,QAAQ,CACzC,CAAC;AACJ,CAAC;AAED,SAAU,eAAe,CAAC,SAAgB,EAAE,MAAa;;;;;;;gBACnC,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA;;;;gBAApD,KAAK;gBACd,IAAI,KAAK,CAAC,KAAK,KAAK,MAAM,EAAE;oBAC1B,wBAAM;iBACP;gBACD,qBAAM,KAAK,EAAA;;gBAAX,SAAW,CAAC;;;;;;;;;;;;;;;;;;;CAEf;AAED,SAAS,qBAAqB,CAAC,SAAgB,EAAE,KAAY;IAC3D,OAAO,CAAC,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,UAAC,SAAS,IAAK,OAAA,SAAS,CAAC,SAAS,EAAnB,CAAmB,CAAC;SAC1C,KAAK,CAAC,UAAC,SAAS;;;YACf,KAAwB,IAAA,KAAA,SAAA,eAAe,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA,gBAAA,4BAAE;gBAAtD,IAAM,SAAS,WAAA;gBAClB,IAAI,aAAa,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,SAAU,EAAE,QAAQ,CAAC,EAAE;oBAClE,OAAO,IAAI,CAAC;iBACb;aACF;;;;;;;;;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,SAAgB;;;YAC/B,KAAoB,IAAA,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA,gBAAA,4BAAE;gBAA5D,IAAM,KAAK,WAAA;gBACd,IACE,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC;oBACzC,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,UAAC,QAAQ,IAAK,OAAA,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,EAApC,CAAoC,CAAC,EACjF;oBACA,IAAI,qBAAqB,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE;wBACjD,OAAO;qBACR;yBAAM;wBACL,OAAO;4BACL;gCACE,KAAK,EAAE,OAAO;gCACd,KAAK,EAAE,KAAK,CAAC,KAAK;gCAClB,OAAO,EAAK,KAAK,CAAC,KAAK,iCAA8B;6BACtD;yBACF,CAAC;qBACH;iBACF;aACF;;;;;;;;;IACH,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,IAAM,iBAAiB,GAAG,oBAAoB,CAAC;AAC/C,IAAM,eAAe,GAAG,kBAAkB,CAAC;AAC3C,IAAM,QAAQ,GAAG,UAAU,CAAC;AAE5B,kBAAe;IACb,EAAE,EAAE,mCAAmC;IACvC,KAAK,EAAE,mCAAmC;IAC1C,MAAM,EAAE,CAAC,iBAAiB,EAAE,eAAe,EAAE,QAAQ,CAAC;IACtD,YAAY,EAAE,UAAU;IACxB,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;QACrE,eAAe,EAAE,IAAI,SAAG,CAAC,0DAA0D,CAAC;KACrF;IACD,KAAK,OAAA;CACE,CAAC"}

package/built/rules/http500.js

@@ -3,9 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 var url_1 = require("url");
 function build() {
     return {
-        matcher: function (e) {
-            return e.httpServerResponse.status >= 500 && e.httpServerResponse.status < 600;
-        },
+        matcher: function (e) { return e.httpServerResponse.status === 500; },
         where: function (e) { return !!e.httpServerResponse; },
     };
 }

package/built/rules/http500.js.map

@@ -1 +1 @@
-{"version":3,"file":"http500.js","sourceRoot":"","sources":["../../src/rules/http500.ts"],"names":[],"mappings":";;AACA,2BAA0B;AAG1B,SAAS,KAAK;IACZ,OAAO;QACL,OAAO,EAAE,UAAC,CAAQ;YAChB,OAAA,CAAC,CAAC,kBAAmB,CAAC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,kBAAmB,CAAC,MAAM,GAAG,GAAG;QAAzE,CAAyE;QAC3E,KAAK,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,kBAAkB,EAAtB,CAAsB;KAC5C,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,UAAU;IACd,KAAK,EAAE,sBAAsB;IAC7B,KAAK,EAAE,qBAAqB;IAC5B,cAAc,EAAE,KAAK;IACrB,YAAY,EAAE,WAAW;IACzB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;KACtE;IACD,KAAK,OAAA;CACE,CAAC"}
+{"version":3,"file":"http500.js","sourceRoot":"","sources":["../../src/rules/http500.ts"],"names":[],"mappings":";;AACA,2BAA0B;AAG1B,SAAS,KAAK;IACZ,OAAO;QACL,OAAO,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,kBAAmB,CAAC,MAAM,KAAK,GAAG,EAApC,CAAoC;QAC3D,KAAK,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,kBAAkB,EAAtB,CAAsB;KAC5C,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,UAAU;IACd,KAAK,EAAE,sBAAsB;IAC7B,KAAK,EAAE,qBAAqB;IAC5B,cAAc,EAAE,KAAK;IACrB,YAAY,EAAE,WAAW;IACzB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;KACtE;IACD,KAAK,OAAA;CACE,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@appland/scanner",
-  "version": "1.36.1",
+  "version": "1.39.0",
   "description": "",
   "bin": "built/cli.js",
   "files": [