@appland/scanner 1.40.1 → 1.41.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +63 -39
- package/built/cli/ci/command.js +1 -1
- package/built/cli/ci/command.js.map +1 -1
- package/built/cli/upload/command.js +1 -1
- package/built/cli/upload/command.js.map +1 -1
- package/built/eventUtil.js +61 -0
- package/built/eventUtil.js.map +1 -0
- package/built/integration/appland/upload.js +2 -3
- package/built/integration/appland/upload.js.map +1 -1
- package/built/ruleChecker.js +4 -3
- package/built/ruleChecker.js.map +1 -1
- package/built/rules/authzBeforeAuthn.js +6 -0
- package/built/rules/authzBeforeAuthn.js.map +1 -1
- package/built/rules/circularDependency.js +3 -0
- package/built/rules/circularDependency.js.map +1 -1
- package/built/rules/deserializationOfUntrustedData.js +6 -0
- package/built/rules/deserializationOfUntrustedData.js.map +1 -1
- package/built/rules/http500.js +6 -0
- package/built/rules/http500.js.map +1 -1
- package/built/rules/illegalPackageDependency.js +6 -0
- package/built/rules/illegalPackageDependency.js.map +1 -1
- package/built/rules/incompatibleHttpClientRequest.js +6 -0
- package/built/rules/incompatibleHttpClientRequest.js.map +1 -1
- package/built/rules/insecureCompare.js +3 -0
- package/built/rules/insecureCompare.js.map +1 -1
- package/built/rules/jobNotCancelled.js +3 -0
- package/built/rules/jobNotCancelled.js.map +1 -1
- package/built/rules/lib/parseRuleDescription.js +18 -0
- package/built/rules/lib/parseRuleDescription.js.map +1 -0
- package/built/rules/logoutWithoutSessionReset.js +6 -0
- package/built/rules/logoutWithoutSessionReset.js.map +1 -1
- package/built/rules/missingAuthentication.js +6 -0
- package/built/rules/missingAuthentication.js.map +1 -1
- package/built/rules/missingContentType.js +6 -0
- package/built/rules/missingContentType.js.map +1 -1
- package/built/rules/nPlusOneQuery.js +6 -0
- package/built/rules/nPlusOneQuery.js.map +1 -1
- package/built/rules/queryFromInvalidPackage.js +6 -0
- package/built/rules/queryFromInvalidPackage.js.map +1 -1
- package/built/rules/queryFromView.js +6 -0
- package/built/rules/queryFromView.js.map +1 -1
- package/built/rules/rpcWithoutCircuitBreaker.js +6 -0
- package/built/rules/rpcWithoutCircuitBreaker.js.map +1 -1
- package/built/rules/saveWithoutValidation.js +6 -0
- package/built/rules/saveWithoutValidation.js.map +1 -1
- package/built/rules/secretInLog.js +3 -0
- package/built/rules/secretInLog.js.map +1 -1
- package/built/rules/slowFunctionCall.js +6 -0
- package/built/rules/slowFunctionCall.js.map +1 -1
- package/built/rules/slowHttpServerRequest.js +6 -0
- package/built/rules/slowHttpServerRequest.js.map +1 -1
- package/built/rules/slowQuery.js +6 -0
- package/built/rules/slowQuery.js.map +1 -1
- package/built/rules/tooManyJoins.js +6 -0
- package/built/rules/tooManyJoins.js.map +1 -1
- package/built/rules/tooManyUpdates.js +6 -0
- package/built/rules/tooManyUpdates.js.map +1 -1
- package/built/rules/unbatchedMaterializedQuery.js +6 -0
- package/built/rules/unbatchedMaterializedQuery.js.map +1 -1
- package/built/rules/updateInGetRequest.js +6 -0
- package/built/rules/updateInGetRequest.js.map +1 -1
- package/doc/architecture.md +48 -0
- package/doc/labels/audit.md +7 -0
- package/doc/labels/dao.materialize.md +12 -0
- package/doc/labels/deserialize.safe.md +9 -0
- package/doc/labels/deserialize.unsafe.md +12 -0
- package/doc/labels/http.session.clear.md +7 -0
- package/doc/labels/job.cancel.md +11 -0
- package/doc/labels/job.create.md +13 -0
- package/doc/labels/log.md +12 -0
- package/doc/labels/public.md +8 -0
- package/doc/labels/rpc.circuit_breaker.md +16 -0
- package/doc/labels/sanitize.md +29 -0
- package/doc/labels/secret.md +11 -0
- package/doc/labels/security.authentication.md +10 -0
- package/doc/labels/security.authorization.md +9 -0
- package/doc/labels/security.logout.md +9 -0
- package/doc/labels/string.equals.md +18 -0
- package/doc/rules/authzBeforeAuthn.md +47 -0
- package/doc/rules/circularDependency.md +57 -0
- package/doc/rules/deserializationOfUntrustedData.md +55 -0
- package/doc/rules/http500.md +36 -0
- package/doc/rules/illegalPackageDependency.md +50 -0
- package/doc/rules/incompatibleHttpClientRequest.md +35 -0
- package/doc/rules/insecureCompare.md +59 -0
- package/doc/rules/jobNotCancelled.md +49 -0
- package/doc/rules/logoutWithoutSessionReset.md +40 -0
- package/doc/rules/missingAuthentication.md +59 -0
- package/doc/rules/missingContentType.md +33 -0
- package/doc/rules/nPlusOneQuery.md +52 -0
- package/doc/rules/queryFromInvalidPackage.md +45 -0
- package/doc/rules/queryFromView.md +42 -0
- package/doc/rules/rpcWithoutCircuitBreaker.md +44 -0
- package/doc/rules/saveWithoutValidation.md +33 -0
- package/doc/rules/secretInLog.md +49 -0
- package/doc/rules/slowFunctionCall.md +39 -0
- package/doc/rules/slowHttpServerRequest.md +34 -0
- package/doc/rules/slowQuery.md +33 -0
- package/doc/rules/tooManyJoins.md +40 -0
- package/doc/rules/tooManyUpdates.md +46 -0
- package/doc/rules/unbatchedMaterializedQuery.md +54 -0
- package/doc/rules/updateInGetRequest.md +44 -0
- package/package.json +3 -2
package/README.md
CHANGED
|
@@ -238,7 +238,9 @@ _Example_
|
|
|
238
238
|
"enumerateScope": false,
|
|
239
239
|
"references": {
|
|
240
240
|
"CWE-863": "https://cwe.mitre.org/data/definitions/863.html"
|
|
241
|
-
}
|
|
241
|
+
},
|
|
242
|
+
"description": "Determines when authorization logic is applied to a user identity that has not been properly verified. Because the the user's identity has not been verified yet, the outcome of the authorization check cannot be trusted. A malicious user might be able to get themselves authorized as a different user than they really are - or they may not be logged in at all.",
|
|
243
|
+
"url": "https://appland.com/docs/analysis/rules-reference.html#authz-before-authn"
|
|
242
244
|
},
|
|
243
245
|
"id": "authz-before-authn",
|
|
244
246
|
"options": {},
|
|
@@ -257,7 +259,9 @@ _Example_
|
|
|
257
259
|
"references": {
|
|
258
260
|
"CWE-1047": "https://cwe.mitre.org/data/definitions/1047.html"
|
|
259
261
|
},
|
|
260
|
-
"enumerateScope": false
|
|
262
|
+
"enumerateScope": false,
|
|
263
|
+
"description": "Finds cycles in the package dependency graph. Cyclic dependencies make code hard to maintain because all the code in the cycle is inter-dependent. While it might look like the code in the different packages has separate functions, in essence all the code in the cycle acts like one big package.",
|
|
264
|
+
"url": "https://appland.com/docs/analysis/rules-reference.html#circular-dependency"
|
|
261
265
|
}
|
|
262
266
|
}
|
|
263
267
|
]
|
|
@@ -276,44 +280,64 @@ _Example_
|
|
|
276
280
|
|
|
277
281
|
```json
|
|
278
282
|
"findings": [
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
}
|
|
298
|
-
},
|
|
299
|
-
"hash": "a2bfc16512fadf8536355610fcaa63b391596dc0f60d7ef7f885a4eb6ec8f7c1",
|
|
300
|
-
"scope": {
|
|
301
|
-
"id": 29,
|
|
302
|
-
"event": "call",
|
|
303
|
-
"thread_id": 76340,
|
|
304
|
-
"http_server_request": {
|
|
305
|
-
"request_method": "POST",
|
|
306
|
-
"path_info": "/api/scanner_jobs",
|
|
307
|
-
"normalized_path_info": "/api/scanner_jobs",
|
|
308
|
-
"headers": {
|
|
309
|
-
"Host": "www.example.com",
|
|
310
|
-
"Accept": "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5",
|
|
311
|
-
"Authorization": "Bearer YWRtaW46NzM4NzVmOWYtMmQ4Ni00YWIwLTk5OWEtMWUwNjc2NGE5NTUw"
|
|
283
|
+
{
|
|
284
|
+
"appMapFile": "./tmp/appmap/rspec/Extensions_Upload_processing_logged_in_appmap_with_org_name_with_org_membership_is_added_to_the_specified_org.appmap.json",
|
|
285
|
+
"checkId": "illegal-package-dependency",
|
|
286
|
+
"ruleId": "illegal-package-dependency",
|
|
287
|
+
"ruleTitle": "Illegal use of code by a non-whitelisted package",
|
|
288
|
+
"event": {
|
|
289
|
+
"id": 244,
|
|
290
|
+
"event": "call",
|
|
291
|
+
"thread_id": 461760,
|
|
292
|
+
"defined_class": "DAO::Scenario",
|
|
293
|
+
"method_id": "validate",
|
|
294
|
+
"path": "app/models/dao/scenario.rb",
|
|
295
|
+
"lineno": 149,
|
|
296
|
+
"static": false,
|
|
297
|
+
"receiver": {
|
|
298
|
+
"class": "DAO::Scenario",
|
|
299
|
+
"object_id": 501420,
|
|
300
|
+
"value": "#<DAO::Scenario:0x00007f7f50cd6a78>"
|
|
312
301
|
}
|
|
313
|
-
}
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
302
|
+
},
|
|
303
|
+
"hash": "a3a2be87f722fe53e9fbbb57dd1acd82d8cf76d3c346556e8e495cd0a91eba2e",
|
|
304
|
+
"stack": [
|
|
305
|
+
"app/models/dao/scenario.rb:149",
|
|
306
|
+
"app/controllers/concerns/mute_logging.rb:4",
|
|
307
|
+
"app/models/scenario/save_scenario.rb:11",
|
|
308
|
+
"app/models/scenario/build.rb:68",
|
|
309
|
+
"app/controllers/scenario_uploads_controller.rb:60",
|
|
310
|
+
"app/controllers/scenario_uploads_controller.rb:44",
|
|
311
|
+
"app/controllers/concerns/with_authentication.rb:6",
|
|
312
|
+
"app/controllers/concerns/in_transaction.rb:8"
|
|
313
|
+
],
|
|
314
|
+
"scope": {
|
|
315
|
+
"id": 11,
|
|
316
|
+
"event": "call",
|
|
317
|
+
"thread_id": 461760,
|
|
318
|
+
"http_server_request": {
|
|
319
|
+
"request_method": "GET",
|
|
320
|
+
"path_info": "/scenario_uploads/1",
|
|
321
|
+
"normalized_path_info": "/scenario_uploads/{id}",
|
|
322
|
+
"headers": {
|
|
323
|
+
"Host": "127.0.0.1:61019",
|
|
324
|
+
"Connection": "keep-alive",
|
|
325
|
+
"Upgrade-Insecure-Requests": "1",
|
|
326
|
+
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/97.0.4692.99 Safari/537.36",
|
|
327
|
+
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
|
|
328
|
+
"Sec-Fetch-Site": "none",
|
|
329
|
+
"Sec-Fetch-Mode": "navigate",
|
|
330
|
+
"Sec-Fetch-User": "?1",
|
|
331
|
+
"Sec-Fetch-Dest": "document",
|
|
332
|
+
"Accept-Encoding": "gzip, deflate, br",
|
|
333
|
+
"Accept-Language": "en-US",
|
|
334
|
+
"Cookie": "appland_session=YKhMDBpgpV0hwKaBkxlaq%2BVzBRK2u6r%2BU%2BnFmJ61y5Q6TxptqxED597yhcmKqSTLfs%2FExRKU8WJ8iN7pV5Si7i0iJfPMa32ubjqMx0wVtcZ%2Fxo%2BwIcDF%2FI6Qaf7cU6oj6DaErr8GElQTTlA0TdRBrCgo43no%2BD4pSwkXvweqR175ZrCN%2FrjBZElvLaxyoY8kKsABEEtmI2aRcCcDJylP1hVrAI6%2BcWgVhb42ITJ8%2BuN0KiZDZSJWOsQFW6l656tyDDjC3UQvf65u5zvDAbqhIJkSEBXfn8p7c7I%2Bo8Cc9UWjLCNTCV%2BTL5iJ5qKDLHb7sHQftnOymCkyc%2FM57Bute59Lmyk6ZsNj4Y3Zbv6upszqyfJMhPyvcESz6BZCrzEGJudCueDtwNAnBPu3zE%2B1xQcKMpmF1R8Jw7ds41i90fFE0tkUCaiDzHdZUveVQKm7N%2F9pgTKE7a%2FyrevoPBKjpsqOrG%2BLe1Xhc%2FyWZBzXKbaTkHIRhoLijV9vGRH%2F%2Fk%2B9uZW0uhyfnoLDJB7af2vArKwNhEwuCBsXybPmyDDq2oLq8fMyWeVOpY7H44pGHho1D1qQdVfBzrLVoUG%2FqAbBSh0roHl%2FFjfRKmSil6iTQWQSNkemb73NNAsg3U2lI2AcjoNCzZHJS8S7iIpbZonabSR7AKyssx%2BSRYjdTsy5FplO--DN1nLB2Gux0u9W7x--RCmfYC53sopFkHidZ1uSNA%3D%3D",
|
|
335
|
+
"Version": "HTTP/1.1"
|
|
336
|
+
}
|
|
337
|
+
}
|
|
338
|
+
},
|
|
339
|
+
"message": "Code object app/models/dao/DAO::Scenario#validate was invoked from app/controllers/concerns, not from ^app/models/?"
|
|
340
|
+
}
|
|
317
341
|
]
|
|
318
342
|
```
|
|
319
343
|
|
package/built/cli/ci/command.js
CHANGED
|
@@ -136,7 +136,7 @@ exports.default = {
|
|
|
136
136
|
(0, findingsReport_1.default)(scanResults.findings, scanResults.appMapMetadata);
|
|
137
137
|
(0, summaryReport_1.default)(scanResults, true);
|
|
138
138
|
if (!doUpload) return [3 /*break*/, 9];
|
|
139
|
-
return [4 /*yield*/, (0, upload_1.default)(rawScanResults, appId
|
|
139
|
+
return [4 /*yield*/, (0, upload_1.default)(rawScanResults, appId)];
|
|
140
140
|
case 8:
|
|
141
141
|
_c.sent();
|
|
142
142
|
_c.label = 9;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"command.js","sourceRoot":"","sources":["../../../src/cli/ci/command.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6BAA4C;AAC5C,wCAAwC;AACxC,6BAAiC;AACjC,gDAA+C;AAI/C,mFAA4E;AAC5E,uCAA2D;AAE3D,6CAA+C;AAC/C,4EAAsD;AACtD,uFAAqE;AACrE,2CAA6C;AAC7C,+EAAyD;AACzD,6EAAuD;AAEvD,wCAAuC;AACvC,iEAA2C;AAC3C,iEAA2C;AAC3C,4DAA0D;AAG1D,yDAAmC;AAEnC,kBAAe;IACb,OAAO,EAAE,IAAI;IACb,QAAQ,EAAE,uEAAuE;IACjF,OAAO,EAAP,UAAQ,IAAU;QAChB,IAAA,kBAAQ,EAAC,IAAI,CAAC,CAAC;QAEf,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;YAClB,QAAQ,EAAE,yDAAyD;YACnE,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE;YAClC,QAAQ,EAAE,oCAAoC;YAC9C,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACpB,QAAQ,EAAE,kCAAkC;YAC5C,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IACK,OAAO,EAAb,UAAc,OAAkB;;;;;;wBACxB,KASF,OAAoC,EARtC,SAAS,eAAA,EACT,MAAM,YAAA,EACG,SAAS,aAAA,EAClB,IAAI,UAAA,EACC,QAAQ,SAAA,EACb,UAAU,gBAAA,EACF,QAAQ,YAAA,EAChB,kBAAkB,wBAAA,CACqB;wBAEzC,IAAI,SAAS,EAAE;4BACb,IAAA,cAAO,EAAC,IAAI,CAAC,CAAC;yBACf;;;;wBAGC,IAAI,CAAC,SAAS,EAAE;4BACd,MAAM,IAAI,wBAAe,CAAC,0BAA0B,CAAC,CAAC;yBACvD;wBAED,qBAAM,IAAA,sBAAY,EAAC,WAAW,EAAE,SAAU,CAAC,EAAA;;wBAA3C,SAA2C,CAAC;wBACtC,IAAI,GAAG,IAAA,gBAAS,EAAC,WAAY,CAAC,CAAC;wBACvB,qBAAM,IAAI,CAAI,SAAS,sBAAmB,CAAC,EAAA;;wBAAnD,KAAK,GAAG,SAA2C;wBAE3C,qBAAM,IAAA,sBAAY,EAAC,QAAQ,EAAE,SAAS,CAAC,EAAA;;wBAA/C,KAAK,GAAG,SAAuC;wBAElC,qBAAM,IAAA,uCAAe,EAAC,MAAM,CAAC,EAAA;;wBAA1C,UAAU,GAAG,SAA6B;wBAE1C,OAAO,GAAG,IAAA,iBAAY,EAAC,KAAK,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"command.js","sourceRoot":"","sources":["../../../src/cli/ci/command.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6BAA4C;AAC5C,wCAAwC;AACxC,6BAAiC;AACjC,gDAA+C;AAI/C,mFAA4E;AAC5E,uCAA2D;AAE3D,6CAA+C;AAC/C,4EAAsD;AACtD,uFAAqE;AACrE,2CAA6C;AAC7C,+EAAyD;AACzD,6EAAuD;AAEvD,wCAAuC;AACvC,iEAA2C;AAC3C,iEAA2C;AAC3C,4DAA0D;AAG1D,yDAAmC;AAEnC,kBAAe;IACb,OAAO,EAAE,IAAI;IACb,QAAQ,EAAE,uEAAuE;IACjF,OAAO,EAAP,UAAQ,IAAU;QAChB,IAAA,kBAAQ,EAAC,IAAI,CAAC,CAAC;QAEf,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;YAClB,QAAQ,EAAE,yDAAyD;YACnE,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE;YAClC,QAAQ,EAAE,oCAAoC;YAC9C,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACpB,QAAQ,EAAE,kCAAkC;YAC5C,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IACK,OAAO,EAAb,UAAc,OAAkB;;;;;;wBACxB,KASF,OAAoC,EARtC,SAAS,eAAA,EACT,MAAM,YAAA,EACG,SAAS,aAAA,EAClB,IAAI,UAAA,EACC,QAAQ,SAAA,EACb,UAAU,gBAAA,EACF,QAAQ,YAAA,EAChB,kBAAkB,wBAAA,CACqB;wBAEzC,IAAI,SAAS,EAAE;4BACb,IAAA,cAAO,EAAC,IAAI,CAAC,CAAC;yBACf;;;;wBAGC,IAAI,CAAC,SAAS,EAAE;4BACd,MAAM,IAAI,wBAAe,CAAC,0BAA0B,CAAC,CAAC;yBACvD;wBAED,qBAAM,IAAA,sBAAY,EAAC,WAAW,EAAE,SAAU,CAAC,EAAA;;wBAA3C,SAA2C,CAAC;wBACtC,IAAI,GAAG,IAAA,gBAAS,EAAC,WAAY,CAAC,CAAC;wBACvB,qBAAM,IAAI,CAAI,SAAS,sBAAmB,CAAC,EAAA;;wBAAnD,KAAK,GAAG,SAA2C;wBAE3C,qBAAM,IAAA,sBAAY,EAAC,QAAQ,EAAE,SAAS,CAAC,EAAA;;wBAA/C,KAAK,GAAG,SAAuC;wBAElC,qBAAM,IAAA,uCAAe,EAAC,MAAM,CAAC,EAAA;;wBAA1C,UAAU,GAAG,SAA6B;wBAE1C,OAAO,GAAG,IAAA,iBAAY,EAAC,KAAK,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;wBAGrD,qBAAM,OAAO,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,OAAO,CAAC,kBAAkB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,EAAA;;wBADhF,KAAA,sBACJ,SAAoF,KAAA,EAD/E,cAAc,QAAA,EAAE,eAAe,QAAA;wBAGtC,6BAA6B;wBAC7B,qBAAM,IAAA,oBAAS,EAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAA;;wBADpE,6BAA6B;wBAC7B,SAAoE,CAAC;wBAE/D,WAAW,GAAG,cAAc,CAAC,YAAY,CAC7C,IAAA,sBAAW,EAAC,cAAc,CAAC,QAAQ,EAAE,eAAe,CAAC,CACtD,CAAC;wBAEF,IAAA,wBAAc,EAAC,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,cAAc,CAAC,CAAC;wBACjE,IAAA,uBAAa,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;6BAE7B,QAAQ,EAAR,wBAAQ;wBACV,qBAAM,IAAA,gBAAM,EAAC,cAAc,EAAE,KAAK,CAAC,EAAA;;wBAAnC,SAAmC,CAAC;;;6BAGlC,kBAAkB,EAAlB,yBAAkB;6BAChB,CAAA,WAAW,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAA,EAA/B,yBAA+B;wBACjC,qBAAM,IAAA,sBAAgB,EACpB,SAAS,EACN,WAAW,CAAC,OAAO,CAAC,SAAS,iBAAY,WAAW,CAAC,QAAQ,CAAC,MAAM,2CAAwC,CAChH,EAAA;;wBAHD,SAGC,CAAC;wBACF,OAAO,CAAC,GAAG,CACT,wCAAsC,WAAW,CAAC,QAAQ,CAAC,MAAM,eAAY,CAC9E,CAAC;;6BAEF,qBAAM,IAAA,sBAAgB,EAAC,SAAS,EAAK,WAAW,CAAC,OAAO,CAAC,SAAS,mBAAgB,CAAC,EAAA;;wBAAnF,SAAmF,CAAC;wBACpF,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;;;wBAItD,IAAI,IAAI,EAAE;4BACR,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;gCACnC,eAAK,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,KAAK,CAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,cAAW,CAAC,CAAC,CAAC;6BACrE;yBACF;;;;wBAED,IAAI,KAAG,YAAY,wBAAe,EAAE;4BAClC,OAAO,CAAC,IAAI,CAAC,KAAG,CAAC,OAAO,CAAC,CAAC;4BAC1B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,eAAe,CAAC,EAAC;yBAC/C;wBACD,IAAI,KAAG,YAAY,mBAAU,EAAE;4BAC7B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,UAAU,CAAC,EAAC;yBAC1C;wBACD,IAAI,CAAC,cAAO,IAAI,KAAG,YAAY,KAAK,EAAE;4BACpC,OAAO,CAAC,KAAK,CAAC,KAAG,CAAC,OAAO,CAAC,CAAC;4BAC3B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,YAAY,CAAC,EAAC;yBAC5C;wBAED,MAAM,KAAG,CAAC;;;;;KAEb;CACF,CAAC"}
|
|
@@ -83,7 +83,7 @@ exports.default = {
|
|
|
83
83
|
return [4 /*yield*/, (0, promises_1.readFile)(reportFile)];
|
|
84
84
|
case 4:
|
|
85
85
|
scanResults = _c.apply(_b, [(_d.sent()).toString()]);
|
|
86
|
-
return [4 /*yield*/, (0, upload_1.default)(scanResults, appId
|
|
86
|
+
return [4 /*yield*/, (0, upload_1.default)(scanResults, appId)];
|
|
87
87
|
case 5:
|
|
88
88
|
_d.sent();
|
|
89
89
|
return [2 /*return*/];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"command.js","sourceRoot":"","sources":["../../../src/cli/upload/command.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,wCAAuC;AAEvC,4EAAsD;AAEtD,6CAA+C;AAE/C,iEAA2C;AAG3C,iEAA2C;AAE3C,kBAAe;IACb,OAAO,EAAE,QAAQ;IACjB,QAAQ,EAAE,sCAAsC;IAChD,OAAO,EAAP,UAAQ,IAAU;QAChB,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE;YACxB,QAAQ,EAAE,2BAA2B;YACrC,KAAK,EAAE,GAAG;SACX,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE;YACzB,QAAQ,EAAE,qCAAqC;YAC/C,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YACjB,QAAQ,EACN,sGAAsG;SACzG,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IACK,OAAO,EAAb,UAAc,OAAkB;;;;;;wBACxB,KAKF,OAAoC,EAJ7B,SAAS,aAAA,EAClB,UAAU,gBAAA,EACV,SAAS,eAAA,EACJ,QAAQ,SAAA,CAC0B;wBAEzC,IAAI,SAAS,EAAE;4BACb,IAAA,cAAO,EAAC,IAAI,CAAC,CAAC;yBACf;6BAEG,SAAS,EAAT,wBAAS;wBAAE,qBAAM,IAAA,sBAAY,EAAC,WAAW,EAAE,SAAU,CAAC,EAAA;;wBAA3C,SAA2C,CAAC;;4BAC7C,qBAAM,IAAA,sBAAY,EAAC,QAAQ,EAAE,SAAS,CAAC,EAAA;;wBAA/C,KAAK,GAAG,SAAuC;wBAEjC,KAAA,CAAA,KAAA,IAAI,CAAA,CAAC,KAAK,CAAA;wBAAE,qBAAM,IAAA,mBAAQ,EAAC,UAAU,CAAC,EAAA;;wBAApD,WAAW,GAAG,cAAW,CAAC,SAA0B,CAAC,CAAC,QAAQ,EAAE,EAAgB;wBACtF,qBAAM,IAAA,gBAAM,EAAC,WAAW,EAAE,KAAK,
|
|
1
|
+
{"version":3,"file":"command.js","sourceRoot":"","sources":["../../../src/cli/upload/command.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,wCAAuC;AAEvC,4EAAsD;AAEtD,6CAA+C;AAE/C,iEAA2C;AAG3C,iEAA2C;AAE3C,kBAAe;IACb,OAAO,EAAE,QAAQ;IACjB,QAAQ,EAAE,sCAAsC;IAChD,OAAO,EAAP,UAAQ,IAAU;QAChB,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE;YACxB,QAAQ,EAAE,2BAA2B;YACrC,KAAK,EAAE,GAAG;SACX,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE;YACzB,QAAQ,EAAE,qCAAqC;YAC/C,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YACjB,QAAQ,EACN,sGAAsG;SACzG,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IACK,OAAO,EAAb,UAAc,OAAkB;;;;;;wBACxB,KAKF,OAAoC,EAJ7B,SAAS,aAAA,EAClB,UAAU,gBAAA,EACV,SAAS,eAAA,EACJ,QAAQ,SAAA,CAC0B;wBAEzC,IAAI,SAAS,EAAE;4BACb,IAAA,cAAO,EAAC,IAAI,CAAC,CAAC;yBACf;6BAEG,SAAS,EAAT,wBAAS;wBAAE,qBAAM,IAAA,sBAAY,EAAC,WAAW,EAAE,SAAU,CAAC,EAAA;;wBAA3C,SAA2C,CAAC;;4BAC7C,qBAAM,IAAA,sBAAY,EAAC,QAAQ,EAAE,SAAS,CAAC,EAAA;;wBAA/C,KAAK,GAAG,SAAuC;wBAEjC,KAAA,CAAA,KAAA,IAAI,CAAA,CAAC,KAAK,CAAA;wBAAE,qBAAM,IAAA,mBAAQ,EAAC,UAAU,CAAC,EAAA;;wBAApD,WAAW,GAAG,cAAW,CAAC,SAA0B,CAAC,CAAC,QAAQ,EAAE,EAAgB;wBACtF,qBAAM,IAAA,gBAAM,EAAC,WAAW,EAAE,KAAK,CAAC,EAAA;;wBAAhC,SAAgC,CAAC;;;;;KAClC;CACF,CAAC"}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __read = (this && this.__read) || function (o, n) {
|
|
3
|
+
var m = typeof Symbol === "function" && o[Symbol.iterator];
|
|
4
|
+
if (!m) return o;
|
|
5
|
+
var i = m.call(o), r, ar = [], e;
|
|
6
|
+
try {
|
|
7
|
+
while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);
|
|
8
|
+
}
|
|
9
|
+
catch (error) { e = { error: error }; }
|
|
10
|
+
finally {
|
|
11
|
+
try {
|
|
12
|
+
if (r && !r.done && (m = i["return"])) m.call(i);
|
|
13
|
+
}
|
|
14
|
+
finally { if (e) throw e.error; }
|
|
15
|
+
}
|
|
16
|
+
return ar;
|
|
17
|
+
};
|
|
18
|
+
var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
|
|
19
|
+
if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
|
|
20
|
+
if (ar || !(i in from)) {
|
|
21
|
+
if (!ar) ar = Array.prototype.slice.call(from, 0, i);
|
|
22
|
+
ar[i] = from[i];
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
return to.concat(ar || Array.prototype.slice.call(from));
|
|
26
|
+
};
|
|
27
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
28
|
+
exports.cloneEvent = exports.cloneCodeObject = void 0;
|
|
29
|
+
var models_1 = require("@appland/models");
|
|
30
|
+
function cloneCodeObject(sourceObject) {
|
|
31
|
+
var codeObjects = __spreadArray([
|
|
32
|
+
sourceObject
|
|
33
|
+
], __read(sourceObject.ancestors()), false);
|
|
34
|
+
var currentSourceObject = codeObjects.pop();
|
|
35
|
+
var lastClonedObject;
|
|
36
|
+
while (currentSourceObject) {
|
|
37
|
+
lastClonedObject = new models_1.CodeObject(currentSourceObject.data, lastClonedObject);
|
|
38
|
+
currentSourceObject = codeObjects.pop();
|
|
39
|
+
}
|
|
40
|
+
return lastClonedObject;
|
|
41
|
+
}
|
|
42
|
+
exports.cloneCodeObject = cloneCodeObject;
|
|
43
|
+
// FIXME: These methods should live in @appland/models. Perhaps via Event#clone.
|
|
44
|
+
function cloneEvent(sourceEvent) {
|
|
45
|
+
// We need to clone both the sourceEvent and the 'linkedEvent'. The linkedEvent will be a return
|
|
46
|
+
// if `sourceEvent` is a call and vice versa. Some accessors on the Event will use the linkedEvent
|
|
47
|
+
// as a convienence, so we may run into errors if we don't restore this relationship. For example,
|
|
48
|
+
// accessing `elapsedTime` on a call event will retrieve the value from the associated return
|
|
49
|
+
// event.
|
|
50
|
+
var linkedEvent = new models_1.Event(sourceEvent.linkedEvent);
|
|
51
|
+
var event = new models_1.Event(sourceEvent);
|
|
52
|
+
event.linkedEvent = linkedEvent;
|
|
53
|
+
// The codeObject is used as well so it'll need a clone.
|
|
54
|
+
var codeObject = cloneCodeObject(sourceEvent.codeObject);
|
|
55
|
+
if (codeObject) {
|
|
56
|
+
event.codeObject = codeObject;
|
|
57
|
+
}
|
|
58
|
+
return event;
|
|
59
|
+
}
|
|
60
|
+
exports.cloneEvent = cloneEvent;
|
|
61
|
+
//# sourceMappingURL=eventUtil.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"eventUtil.js","sourceRoot":"","sources":["../src/eventUtil.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAAoD;AAWpD,SAAgB,eAAe,CAAC,YAAwB;IACtD,IAAM,WAAW;QACf,YAAY;cACR,YAAY,CAAC,SAA2C,EAAE,SAC/D,CAAC;IACF,IAAI,mBAAmB,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAC5C,IAAI,gBAAgB,CAAC;IAErB,OAAO,mBAAmB,EAAE;QAC1B,gBAAgB,GAAG,IAAK,mBAAoC,CACzD,mBAAoD,CAAC,IAAI,EAC1D,gBAAgB,CACjB,CAAC;QACF,mBAAmB,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;KACzC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAjBD,0CAiBC;AAED,gFAAgF;AAEhF,SAAgB,UAAU,CAAC,WAAkB;IAC3C,gGAAgG;IAChG,kGAAkG;IAClG,kGAAkG;IAClG,6FAA6F;IAC7F,SAAS;IACT,IAAM,WAAW,GAAG,IAAK,cAA0B,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IAC7E,IAAM,KAAK,GAAG,IAAK,cAA0B,CAAC,WAAW,CAAC,CAAC;IAC3D,KAAK,CAAC,WAAW,GAAG,WAAW,CAAC;IAEhC,wDAAwD;IACxD,IAAM,UAAU,GAAG,eAAe,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAC3D,IAAI,UAAU,EAAE;QACd,KAAK,CAAC,UAAU,GAAG,UAAU,CAAC;KAC/B;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAjBD,gCAiBC"}
|
|
@@ -77,9 +77,8 @@ var async_1 = require("async");
|
|
|
77
77
|
var src_1 = require("@appland/client/dist/src");
|
|
78
78
|
var appMap_1 = require("./appMap");
|
|
79
79
|
var mapset_1 = require("./mapset");
|
|
80
|
-
var path_1 = require("path");
|
|
81
80
|
var promises_1 = require("fs/promises");
|
|
82
|
-
function default_1(scanResults, appId
|
|
81
|
+
function default_1(scanResults, appId) {
|
|
83
82
|
return __awaiter(this, void 0, void 0, function () {
|
|
84
83
|
var findings, relevantFilePaths, appMapUUIDByFileName, branchCount, commitCount, q, mostFrequent, branch, commit, mapset, uploadData, request;
|
|
85
84
|
return __generator(this, function (_a) {
|
|
@@ -93,7 +92,7 @@ function default_1(scanResults, appId, appmapDir) {
|
|
|
93
92
|
commitCount = {};
|
|
94
93
|
q = (0, async_1.queue)(function (filePath, callback) {
|
|
95
94
|
console.log("Uploading AppMap " + filePath);
|
|
96
|
-
(0, promises_1.readFile)(
|
|
95
|
+
(0, promises_1.readFile)(filePath)
|
|
97
96
|
.then(function (buffer) {
|
|
98
97
|
var _a, _b;
|
|
99
98
|
var appMapStruct = JSON.parse(buffer.toString());
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"upload.js","sourceRoot":"","sources":["../../../src/integration/appland/upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,2BAA0B;AAC1B,+BAA8B;AAG9B,gDAAqE;AAGrE,mCAAwE;AACxE,mCAAkD;AAClD,
|
|
1
|
+
{"version":3,"file":"upload.js","sourceRoot":"","sources":["../../../src/integration/appland/upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,2BAA0B;AAC1B,+BAA8B;AAG9B,gDAAqE;AAGrE,mCAAwE;AACxE,mCAAkD;AAClD,wCAAuC;AAEvC,mBAA+B,WAAwB,EAAE,KAAa;;;;;;oBACpE,OAAO,CAAC,IAAI,CAAC,oDAAkD,KAAK,MAAG,CAAC,CAAC;oBAEjE,QAAQ,GAAK,WAAW,SAAhB,CAAiB;oBAE3B,iBAAiB,GAAG,yBACrB,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,UAAU,EAAZ,CAAY,CAAC,CAAC,GAAG,CAAC,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,UAAU,EAAZ,CAAY,CAAC,CAAC,SAC9D,CAAC;oBAER,oBAAoB,GAA2B,EAAE,CAAC;oBAClD,WAAW,GAA2B,EAAE,CAAC;oBACzC,WAAW,GAA2B,EAAE,CAAC;oBAEzC,CAAC,GAAG,IAAA,aAAK,EAAC,UAAC,QAAgB,EAAE,QAAQ;wBACzC,OAAO,CAAC,GAAG,CAAC,sBAAoB,QAAU,CAAC,CAAC;wBAE5C,IAAA,mBAAQ,EAAC,QAAQ,CAAC;6BACf,IAAI,CAAC,UAAC,MAAc;;4BACnB,IAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAiB,CAAC;4BACnE,IAAM,MAAM,GAAG,MAAA,YAAY,CAAC,QAAQ,CAAC,GAAG,0CAAE,MAAM,CAAC;4BACjD,IAAM,MAAM,GAAG,MAAA,YAAY,CAAC,QAAQ,CAAC,GAAG,0CAAE,MAAM,CAAC;4BACjD,IAAI,MAAM,EAAE;gCACV,WAAW,CAAC,MAAM,MAAlB,WAAW,CAAC,MAAM,IAAM,CAAC,EAAC;gCAC1B,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;6BAC1B;4BACD,IAAI,MAAM,EAAE;gCACV,WAAW,CAAC,MAAM,MAAlB,WAAW,CAAC,MAAM,IAAM,CAAC,EAAC;gCAC1B,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;6BAC1B;4BAED,OAAO,eAAY,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;wBACrD,CAAC,CAAC;6BACD,IAAI,CAAC,UAAC,MAA4B;4BACjC,IAAI,MAAM,EAAE;gCACV,oBAAoB,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC;6BAC9C;wBACH,CAAC,CAAC;6BACD,IAAI,CAAC,cAAM,OAAA,QAAQ,EAAE,EAAV,CAAU,CAAC;6BACtB,KAAK,CAAC,QAAQ,CAAC,CAAC;oBACrB,CAAC,EAAE,CAAC,CAAC,CAAC;oBACN,CAAC,CAAC,KAAK,CAAC,UAAC,GAAG,EAAE,QAAgB;wBAC5B,OAAO,CAAC,KAAK,CAAC,iCAA+B,QAAQ,UAAK,GAAK,CAAC,CAAC;oBACnE,CAAC,CAAC,CAAC;oBACH,OAAO,CAAC,GAAG,CAAC,eAAa,iBAAiB,CAAC,MAAM,aAAU,CAAC,CAAC;oBAC7D,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;oBAC1B,qBAAM,CAAC,CAAC,KAAK,EAAE,EAAA;;oBAAf,SAAe,CAAC;oBAEV,YAAY,GAAG,UAAC,MAA8B;wBAClD,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC;4BAAE,OAAO;wBAE7C,IAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,UAAC,GAAG,EAAE,KAAK,IAAK,OAAA,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,EAApB,CAAoB,EAAE,CAAC,CAAC,CAAC;wBACvF,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAjB,CAAiB,CAAE,CAAC,CAAC,CAAC,CAAC;oBACnE,CAAC,CAAC;oBAEI,MAAM,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;oBACnC,MAAM,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;oBAC1B,qBAAM,eAAY,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,EAAE;4BACnF,MAAM,QAAA;4BACN,MAAM,QAAA;yBACP,CAAC,EAAA;;oBAHI,MAAM,GAAG,SAGb;oBAEF,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;oBAE7B,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC;wBAChC,YAAY,EAAE,WAAW;wBACzB,MAAM,EAAE,MAAM,CAAC,EAAE;wBACjB,wBAAwB,EAAE,oBAAoB;qBAC/C,CAAC,CAAC;oBAEa,qBAAM,IAAA,kBAAY,EAAC,kBAAkB,CAAC,EAAA;;oBAAhD,OAAO,GAAG,SAAsC;oBACtD,sBAAO,IAAI,OAAO,CAAkB,UAAC,OAAO,EAAE,MAAM;4BAClD,IAAM,GAAG,GAAG,OAAO,CAAC,eAAe,CACjC,OAAO,CAAC,GAAG,EACX;gCACE,MAAM,EAAE,MAAM;gCACd,OAAO,aACL,cAAc,EAAE,kBAAkB,EAClC,gBAAgB,EAAE,UAAU,CAAC,MAAM,IAChC,OAAO,CAAC,OAAO,CACnB;6BACF,EACD,OAAO,CACR,CAAC;4BACF,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;4BACxB,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;4BACtB,GAAG,CAAC,GAAG,EAAE,CAAC;wBACZ,CAAC,CAAC;6BACC,IAAI,CAAC,iBAAW,CAAC;6BACjB,IAAI,CAAC,UAAC,QAAyB;4BAC9B,IAAI,OAAO,GAAG,cAAY,WAAW,CAAC,QAAQ,CAAC,MAAM,cAAW,CAAC;4BACjE,IAAI,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE;gCAC7B,IAAM,SAAS,GAAG,IAAI,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gCACvE,OAAO,IAAI,SAAO,SAAW,CAAC;6BAC/B;4BACD,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;4BACrB,OAAO,OAAO,CAAC,GAAG,CAAC;wBACrB,CAAC,CAAC,EAAC;;;;CACN;AAjGD,4BAiGC"}
|
package/built/ruleChecker.js
CHANGED
|
@@ -84,6 +84,7 @@ var commandScope_1 = __importDefault(require("./scope/commandScope"));
|
|
|
84
84
|
var sqlTransactionScope_1 = __importDefault(require("./scope/sqlTransactionScope"));
|
|
85
85
|
var checkInstance_1 = __importDefault(require("./checkInstance"));
|
|
86
86
|
var crypto_1 = require("crypto");
|
|
87
|
+
var eventUtil_1 = require("./eventUtil");
|
|
87
88
|
var RuleChecker = /** @class */ (function () {
|
|
88
89
|
function RuleChecker() {
|
|
89
90
|
this.scopes = {
|
|
@@ -239,14 +240,14 @@ var RuleChecker = /** @class */ (function () {
|
|
|
239
240
|
checkId: checkInstance.checkId,
|
|
240
241
|
ruleId: checkInstance.ruleId,
|
|
241
242
|
ruleTitle: checkInstance.title,
|
|
242
|
-
event: findingEvent,
|
|
243
|
+
event: (0, eventUtil_1.cloneEvent)(findingEvent),
|
|
243
244
|
hash: hash.digest('hex'),
|
|
244
245
|
stack: stack,
|
|
245
|
-
scope: scope,
|
|
246
|
+
scope: (0, eventUtil_1.cloneEvent)(scope),
|
|
246
247
|
message: message || checkInstance.title,
|
|
247
248
|
groupMessage: groupMessage,
|
|
248
249
|
occurranceCount: occurranceCount,
|
|
249
|
-
relatedEvents: relatedEvents,
|
|
250
|
+
relatedEvents: relatedEvents === null || relatedEvents === void 0 ? void 0 : relatedEvents.map(function (event) { return (0, eventUtil_1.cloneEvent)(event); }),
|
|
250
251
|
};
|
|
251
252
|
};
|
|
252
253
|
return [4 /*yield*/, checkInstance.ruleLogic.matcher(event, appMap, checkInstance.filterEvent.bind(checkInstance))];
|
package/built/ruleChecker.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ruleChecker.js","sourceRoot":"","sources":["../src/ruleChecker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,mCAAsC;AAEtC,yCAA2C;AAE3C,gEAA0C;AAC1C,0FAAoE;AACpE,0FAAoE;AACpE,sEAAgD;AAChD,oFAA8D;AAC9D,kEAA4C;AAC5C,iCAAoC;
|
|
1
|
+
{"version":3,"file":"ruleChecker.js","sourceRoot":"","sources":["../src/ruleChecker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,mCAAsC;AAEtC,yCAA2C;AAE3C,gEAA0C;AAC1C,0FAAoE;AACpE,0FAAoE;AACpE,sEAAgD;AAChD,oFAA8D;AAC9D,kEAA4C;AAC5C,iCAAoC;AACpC,yCAAyC;AAEzC;IAAA;QACU,WAAM,GAAkC;YAC9C,IAAI,EAAE,IAAI,mBAAS,EAAE;YACrB,OAAO,EAAE,IAAI,sBAAY,EAAE;YAC3B,mBAAmB,EAAE,IAAI,gCAAsB,EAAE;YACjD,mBAAmB,EAAE,IAAI,gCAAsB,EAAE;YACjD,WAAW,EAAE,IAAI,6BAAmB,EAAE;SACvC,CAAC;IAyJJ,CAAC;IAvJO,2BAAK,GAAX,UACE,UAAkB,EAClB,MAAc,EACd,KAAY,EACZ,QAAmB;;;;;;;wBAEnB,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,OAAO,CAAC,IAAI,CAAC,qBAAmB,MAAM,CAAC,IAAI,oBAAe,KAAK,CAAC,KAAO,CAAC,CAAC;yBAC1E;wBACK,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;wBAC/C,IAAI,CAAC,aAAa,EAAE;4BAClB,MAAM,IAAI,mBAAU,CAAC,0BAAuB,KAAK,CAAC,KAAK,OAAG,CAAC,CAAC;yBAC7D;wBAEK,UAAU,GAAG;;;;;wCACR,CAAC,GAAG,CAAC;;;6CAAE,CAAA,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAA;wCACtC,qBAAM,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAA;;wCAAtB,SAAsB,CAAC;;;wCADiB,CAAC,EAAE,CAAA;;;;;yBAG9C,CAAC;;;;wBAEkB,KAAA,SAAA,aAAa,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAA;;;;wBAA3C,KAAK;wBACd,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,OAAO,CAAC,IAAI,CAAC,WAAS,KAAK,CAAC,KAAO,CAAC,CAAC;yBACtC;wBACK,aAAa,GAAG,IAAI,uBAAa,CAAC,KAAK,CAAC,CAAC;wBAC/C,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE;4BAC3C,yBAAS;yBACV;6BACG,aAAa,CAAC,cAAc,EAA5B,yBAA4B;;;;wBACV,oBAAA,SAAA,KAAK,CAAC,MAAM,EAAE,CAAA,CAAA;;;;wBAAvB,KAAK;wBACd,qBAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,CAAC,EAAA;;wBAAtF,SAAsF,CAAC;;;;;;;;;;;;;;;;;6BAGzF,qBAAM,IAAI,CAAC,UAAU,CACnB,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,KAAK,EACX,UAAU,EACV,MAAM,EACN,aAAa,EACb,QAAQ,CACT,EAAA;;wBAPD,SAOC,CAAC;;;;;;;;;;;;;;;;;;;;KAGP;IAEK,gCAAU,GAAhB,UACE,KAAY,EACZ,KAAY,EACZ,UAAkB,EAClB,MAAc,EACd,aAA4B,EAC5B,QAAmB;;;;;;wBAEnB,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE;4BACnB,sBAAO;yBACR;wBACD,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,OAAO,CAAC,IAAI,CACV,eAAa,aAAa,CAAC,MAAM,YAAO,KAAK,CAAC,UAAU,CAAC,IAAI,eAAU,KAAK,CAAC,QAAQ,EAAI,CAC1F,CAAC;yBACH;wBAED,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;4BACtB,IAAI,IAAA,cAAO,GAAE,EAAE;gCACb,OAAO,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;6BACvD;4BACD,sBAAO;yBACR;wBAED,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE;4BAC7C,sBAAO;yBACR;wBAEK,YAAY,GAAG,UACnB,UAAyC,EACzC,OAAuC,EACvC,YAA4C,EAC5C,eAA+C,EAC/C,aAA8C;4BAJ9C,2BAAA,EAAA,sBAAyC;4BACzC,wBAAA,EAAA,mBAAuC;4BACvC,6BAAA,EAAA,wBAA4C;4BAC5C,gCAAA,EAAA,2BAA+C;4BAC/C,8BAAA,EAAA,yBAA8C;4BAE9C,IAAM,YAAY,GAAG,UAAU,IAAI,KAAK,CAAC;4BACzC,SAAS;4BACT,yDAAyD;4BACzD,4GAA4G;4BAC5G,6GAA6G;4BAC7G,4HAA4H;4BAC5H,YAAY,CAAC,OAAO,KAApB,YAAY,CAAC,OAAO,GAAK,EAAE,EAAC;4BAC5B,IAAM,KAAK,GAAa;gCACtB,YAAY,CAAC,UAAU,CAAC,QAAQ;sCAC7B,YAAY,CAAC,SAAS,EAAE,CAAC,GAAG,CAAC,UAAC,QAAQ,IAAK,OAAA,QAAQ,CAAC,UAAU,CAAC,QAAQ,EAA5B,CAA4B,CAAC,UAC3E,MAAM,CAAC,OAAO,CAAC,CAAC;4BAElB,IAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC;4BAClC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;4BAC/B,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;4BAElC,OAAO;gCACL,UAAU,YAAA;gCACV,OAAO,EAAE,aAAa,CAAC,OAAO;gCAC9B,MAAM,EAAE,aAAa,CAAC,MAAM;gCAC5B,SAAS,EAAE,aAAa,CAAC,KAAK;gCAC9B,KAAK,EAAE,IAAA,sBAAU,EAAC,YAAY,CAAC;gCAC/B,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;gCACxB,KAAK,OAAA;gCACL,KAAK,EAAE,IAAA,sBAAU,EAAC,KAAK,CAAC;gCACxB,OAAO,EAAE,OAAO,IAAI,aAAa,CAAC,KAAK;gCACvC,YAAY,cAAA;gCACZ,eAAe,iBAAA;gCACf,aAAa,EAAE,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,GAAG,CAAC,UAAC,KAAK,IAAK,OAAA,IAAA,sBAAU,EAAC,KAAK,CAAC,EAAjB,CAAiB,CAAC;6BACrD,CAAC;wBACf,CAAC,CAAC;wBAEkB,qBAAM,aAAa,CAAC,SAAS,CAAC,OAAO,CACvD,KAAK,EACL,MAAM,EACN,aAAa,CAAC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAC9C,EAAA;;wBAJK,WAAW,GAAG,SAInB;wBACK,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC;wBACpC,IAAI,WAAW,KAAK,IAAI,EAAE;4BACpB,OAAO,SAAA,CAAC;4BACZ,IAAI,aAAa,CAAC,SAAS,CAAC,OAAO,EAAE;gCAC7B,OAAO,GAAG,aAAa,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;gCAC9D,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;6BACxC;iCAAM;gCACL,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;6BAC/B;4BACD,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;yBACxB;6BAAM,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE;4BACpC,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,WAAqB,CAAC,CAAC;4BAC3D,OAAO,CAAC,OAAO,GAAG,WAAqB,CAAC;4BACxC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;yBACxB;6BAAM,IAAI,WAAW,EAAE;4BACtB,WAAW,CAAC,OAAO,CAAC,UAAC,EAAE;gCACrB,IAAM,OAAO,GAAG,YAAY,CAC1B,EAAE,CAAC,KAAK,EACR,EAAE,CAAC,OAAO,EACV,EAAE,CAAC,YAAY,EACf,EAAE,CAAC,eAAe,EAClB,EAAE,CAAC,aAAa,CACjB,CAAC;gCACF,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;4BACzB,CAAC,CAAC,CAAC;yBACJ;wBACD,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,IAAI,QAAQ,CAAC,MAAM,GAAG,WAAW,EAAE;gCACjC,QAAQ,CAAC,OAAO,CAAC,UAAC,OAAO;oCACvB,OAAA,OAAO,CAAC,GAAG,CAAC,gBAAc,OAAO,CAAC,MAAM,WAAM,OAAO,CAAC,OAAS,CAAC;gCAAhE,CAAgE,CACjE,CAAC;6BACH;yBACF;;;;;KACF;IACH,kBAAC;AAAD,CAAC,AAhKD,IAgKC"}
|
|
@@ -10,10 +10,14 @@ var __values = (this && this.__values) || function(o) {
|
|
|
10
10
|
};
|
|
11
11
|
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
|
|
12
12
|
};
|
|
13
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
14
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
15
|
+
};
|
|
13
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
14
17
|
var models_1 = require("@appland/models");
|
|
15
18
|
var util_1 = require("./lib/util");
|
|
16
19
|
var url_1 = require("url");
|
|
20
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
17
21
|
function containsAuthentication(events) {
|
|
18
22
|
var e_1, _a;
|
|
19
23
|
try {
|
|
@@ -81,6 +85,8 @@ exports.default = {
|
|
|
81
85
|
references: {
|
|
82
86
|
'CWE-863': new url_1.URL('https://cwe.mitre.org/data/definitions/863.html'),
|
|
83
87
|
},
|
|
88
|
+
description: (0, parseRuleDescription_1.default)('authzBeforeAuthn'),
|
|
89
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#authz-before-authn',
|
|
84
90
|
build: build,
|
|
85
91
|
};
|
|
86
92
|
//# sourceMappingURL=authzBeforeAuthn.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authzBeforeAuthn.js","sourceRoot":"","sources":["../../src/rules/authzBeforeAuthn.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"authzBeforeAuthn.js","sourceRoot":"","sources":["../../src/rules/authzBeforeAuthn.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwD;AACxD,mCAA8D;AAE9D,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,sBAAsB,CAAC,MAAiC;;;QAC/D,KAAmB,IAAA,WAAA,SAAA,MAAM,CAAA,8BAAA,kDAAE;YAAtB,IAAM,IAAI,mBAAA;YACb,IAAI,IAAA,6BAAsB,EAAC,IAAI,CAAC,KAAK,EAAE,sBAAsB,CAAC,EAAE;gBAC9D,OAAO,IAAI,CAAC;aACb;SACF;;;;;;;;;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,SAAgB;;;YAC/B,KAAoB,IAAA,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA,gBAAA,4BAAE;gBAA5D,IAAM,KAAK,WAAA;gBACd,IAAI,IAAA,6BAAsB,EAAC,KAAK,CAAC,KAAK,EAAE,sBAAsB,CAAC,EAAE;oBAC/D,OAAO;iBACR;gBACD,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,IAAA,eAAQ,EAAC,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE;oBACtF,6FAA6F;oBAC7F,IAAI,sBAAsB,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE;wBAC/C,OAAO;qBACR;yBAAM;wBACL,OAAO;4BACL;gCACE,KAAK,EAAE,OAAO;gCACd,KAAK,EAAE,KAAK,CAAC,KAAK;gCAClB,OAAO,EAAK,KAAK,CAAC,KAAK,kEAA+D;6BACvF;yBACF,CAAC;qBACH;iBACF;aACF;;;;;;;;;IACH,CAAC;IAED,OAAO,EAAE,OAAO,SAAA,EAAE,CAAC;AACrB,CAAC;AAED,IAAM,sBAAsB,GAAG,yBAAyB,CAAC;AACzD,IAAM,qBAAqB,GAAG,wBAAwB,CAAC;AAEvD,kBAAe;IACb,EAAE,EAAE,oBAAoB;IACxB,KAAK,EAAE,+CAA+C;IACtD,MAAM,EAAE,CAAC,qBAAqB,EAAE,sBAAsB,CAAC;IACvD,KAAK,EAAE,qBAAkC;IACzC,YAAY,EAAE,UAAU;IACxB,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;KACtE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,kBAAkB,CAAC;IACrD,GAAG,EAAE,2EAA2E;IAChF,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -36,6 +36,7 @@ var path_1 = require("path");
|
|
|
36
36
|
var util_1 = require("./lib/util");
|
|
37
37
|
var matchPattern_1 = require("./lib/matchPattern");
|
|
38
38
|
var url_1 = require("url");
|
|
39
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
39
40
|
var Cycle = /** @class */ (function () {
|
|
40
41
|
function Cycle(packages, events) {
|
|
41
42
|
this.packages = packages;
|
|
@@ -227,6 +228,8 @@ exports.default = {
|
|
|
227
228
|
'CWE-1047': new url_1.URL('https://cwe.mitre.org/data/definitions/1047.html'),
|
|
228
229
|
},
|
|
229
230
|
enumerateScope: false,
|
|
231
|
+
description: (0, parseRuleDescription_1.default)('circularDependency'),
|
|
232
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#circular-dependency',
|
|
230
233
|
build: build,
|
|
231
234
|
};
|
|
232
235
|
//# sourceMappingURL=circularDependency.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"circularDependency.js","sourceRoot":"","sources":["../../src/rules/circularDependency.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2FAAqE;AACrE,+FAAyE;AACzE,mFAA6D;AAC7D,kFAAmE;AACnE,6BAAkC;AAElC,mCAAqC;AAErC,mDAAkD;AAClD,2BAA0B;
|
|
1
|
+
{"version":3,"file":"circularDependency.js","sourceRoot":"","sources":["../../src/rules/circularDependency.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2FAAqE;AACrE,+FAAyE;AACzE,mFAA6D;AAC7D,kFAAmE;AACnE,6BAAkC;AAElC,mCAAqC;AAErC,mDAAkD;AAClD,2BAA0B;AAC1B,oFAA8D;AAI9D;IACE,eAAmB,QAAuB,EAAS,MAAiC;QAAjE,aAAQ,GAAR,QAAQ,CAAe;QAAS,WAAM,GAAN,MAAM,CAA2B;IAAG,CAAC;IAC1F,YAAC;AAAD,CAAC,AAFD,IAEC;AAED,SAAS,aAAa,CAAC,KAAY,EAAE,eAA+B;IAClE,IAAM,SAAS,GAAkB,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;IAC5D,OAAO,CACL,SAAS,KAAK,EAAE;QAChB,eAAe,CAAC,IAAI,CAAC,UAAC,MAAM,IAAK,OAAA,MAAM,CAAC,SAAS,CAAC,EAAjB,CAAiB,CAAC;QACnD,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ;QAC1B,IAAA,iBAAU,EAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,CACtC,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,IAAW,EAAE,eAA+B;IAChE,IAAM,KAAK,GAAG,IAAI,eAAK,CAAC,IAAI,CAAC,CAAC;IAC9B,IAAM,QAAQ,GAAG,IAAI,GAAG,EAA4B,CAAC;IACrD,IAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,IAAM,YAAY,GAAG,IAAI,GAAG,EAAwB,CAAC;IAErD,IAAM,UAAU,GAAG,UAAC,GAAgB,EAAE,KAAY;QAChD,IAAI,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,GAAG,IAAI,qBAAW,CAAC,GAAG,CAAC,CAAC;YAC9B,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC1B,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;SAChC;aAAM;YACL,YAAY,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;SACpC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,IAAM,YAAY,GAAG,UACnB,KAAY,EACZ,WAAyB,EACzB,aAAiC;QAEjC,IAAI,SAAS,GAAuB,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;QAC/D,IAAI,aAAa,CAAC,KAAK,EAAE,eAAe,CAAC,EAAE;YACzC,SAAS,GAAG,IAAI,CAAC;SAClB;QAED,IAAI,SAAS,EAAE;YACb,IAAM,MAAM,GAAG,UAAU,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAC5C,IAAI,aAAa,IAAI,aAAa,KAAK,SAAS,EAAE;gBAChD,IAAM,IAAI,GAAG,IAAI,mBAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,aAAa,CAAE,EAAE,MAAM,CAAC,CAAC;gBACjE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE;oBAC7B,IAAI,IAAA,cAAO,GAAE,EAAE;wBACb,OAAO,CAAC,IAAI,CAAC,eAAa,aAAa,SAAI,WAAW,YAAO,SAAS,SAAI,KAAO,CAAC,CAAC;qBACpF;oBACD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;oBACzB,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;iBACrB;aACF;YACD,aAAa,GAAG,SAAS,CAAC;SAC3B;QACD,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAC,KAAK,IAAK,OAAA,YAAY,CAAC,KAAK,EAAE,KAAK,EAAE,aAAa,CAAC,EAAzC,CAAyC,CAAC,CAAC;IAC/E,CAAC,CAAC;IAEF,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,KAAK,EAAE,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;KAC7C;IACD,YAAY,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAE/B,OAAO,IAAA,sBAAmB,EAAC,KAAK,CAAC,CAAC,GAAG,CAAC,UAAC,KAAK;QAC1C,OAAO,IAAI,KAAK,CACd,KAAK,CAAC,GAAG,CAAC,UAAC,MAAM,IAAK,OAAA,MAAM,CAAC,MAAM,EAAE,EAAf,CAAe,CAAC,EACtC,YAAY,CACb,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,IAAM,cAAc,GAAG,UAAC,KAAY,EAAE,eAA+B;IACnE,IAAM,aAAa,GAAG,UACpB,KAAY,EACZ,WAAoB,EACpB,SAAwB,EACxB,cAAkB,EAClB,IAAkB;QADlB,+BAAA,EAAA,kBAAkB;QAClB,qBAAA,EAAA,SAAkB;QAElB,IAAI,WAAW,EAAE;YACf,IAAI,IAAA,cAAO,GAAE,EAAE;gBACb,OAAO,CAAC,IAAI,CAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,cAAS,KAAO,CAAC,CAAC;aACzE;YACD,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;SAClB;aAAM;YACL,IAAI,IAAA,cAAO,GAAE,EAAE;gBACb,OAAO,CAAC,IAAI,CAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAa,KAAO,CAAC,CAAC;aAC7E;SACF;QAED,IAAI,cAAc,KAAK,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE;YAC3C,IAAI,IAAA,cAAO,GAAE,EAAE;gBACb,OAAO,CAAC,IAAI,CAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAW,IAAM,CAAC,CAAC;aAC1E;YACD,gCAAW,IAAI,UAAE;SAClB;QAED,IAAM,SAAS,GAAG,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;QAE7C,IAAI,IAAA,cAAO,GAAE,EAAE;YACb,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAC,KAAK,IAAK,OAAA,KAAK,CAAC,UAAU,CAAC,IAAI,EAArB,CAAqB,CAAC,CAAC,CAAC;SACpE;QAED,+CAA+C;QAC/C,IAAI,MAAM,GAAG,KAAK,CAAC,QAAQ;aACxB,MAAM,CACL,UAAC,KAAK,IAAK,OAAA,KAAK,CAAC,UAAU,CAAC,SAAS,KAAK,SAAS,IAAI,aAAa,CAAC,KAAK,EAAE,eAAe,CAAC,EAAjF,CAAiF,CAC7F;aACA,GAAG,CAAC,UAAC,KAAK,IAAK,OAAA,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,cAAc,EAAE,IAAI,CAAC,EAA5D,CAA4D,CAAC;aAC5E,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnB,qDAAqD;QACrD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE;YACvB,MAAM,GAAG,KAAK,CAAC,QAAQ;iBACpB,MAAM,CACL,UAAC,KAAK;gBACJ,OAAA,KAAK,CAAC,UAAU,CAAC,SAAS,KAAK,SAAS;oBACxC,CAAC,aAAa,CAAC,KAAK,EAAE,eAAe,CAAC;oBACtC,SAAS,CAAC,cAAc,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,UAAU,CAAC,SAAS;YAF5D,CAE4D,CAC/D;iBACA,GAAG,CAAC,UAAC,KAAK,IAAK,OAAA,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,GAAG,CAAC,EAAE,IAAI,CAAC,EAA/D,CAA+D,CAAC;iBAC/E,MAAM,CAAC,UAAC,IAAI,IAAK,OAAA,IAAI,EAAJ,CAAI,CAAC,CAAC;SAC3B;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;YACrB,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;SAClB;aAAM;YACL,IAAI,WAAW,EAAE;gBACf,IAAI,IAAA,cAAO,GAAE,EAAE;oBACb,OAAO,CAAC,IAAI,CACP,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;yBACtB,IAAI,CAAC,EAAE,CAAC;yBACR,IAAI,CAAC,IAAI,CAAC,QAAK,CACnB,CAAC;iBACH;gBACD,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;iBAAM;gBACL,IAAI,IAAA,cAAO,GAAE,EAAE;oBACb,OAAO,CAAC,IAAI,CACP,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;yBACtB,IAAI,CAAC,EAAE,CAAC;yBACR,IAAI,CAAC,IAAI,CAAC,eAAY,CAC1B,CAAC;iBACH;aACF;YACD,OAAO,IAAI,CAAC;SACb;IACH,CAAC,CAAC;IAEF,sFAAsF;IACtF,iCAAiC;IACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QAC9C,IAAM,WAAW,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACtC,IAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAE,CAAC;QACnD,IAAM,SAAS,GAAG,EAAE,CAAC;QACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YAC9C,SAAS,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;SAChE;QACD,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC5B,IAAI,IAAA,cAAO,GAAE,EAAE;YACb,OAAO,CAAC,IAAI,CAAC,wCAAsC,SAAW,CAAC,CAAC;SACjE;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YAC3C,IAAM,UAAU,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;YAClC,IAAM,IAAI,GAAG,aAAa,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;YACxD,IAAI,IAAI,EAAE;gBACR,OAAO,IAAI,CAAC;aACb;SACF;KACF;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF;IAAA;QACS,oBAAe,GAAyB,EAAE,CAAC;QAC3C,UAAK,GAAG,CAAC,CAAC;IACnB,CAAC;IAAD,cAAC;AAAD,CAAC,AAHD,IAGC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,eAAe,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAE9D,SAAS,OAAO,CAAC,KAAY;QAC3B,OAAO,YAAY,CAAC,KAAK,EAAE,eAAe,CAAC;aACxC,MAAM,CAAC,UAAC,KAAK,IAAK,OAAA,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,KAAK,EAA1C,CAA0C,CAAC;aAC7D,GAAG,CAAC,UAAC,KAAK,IAAK,OAAA,cAAc,CAAC,KAAK,EAAE,eAAe,CAAC,EAAtC,CAAsC,CAAC;aACtD,MAAM,CAAC,UAAC,IAAI,IAAK,OAAA,IAAI,EAAJ,CAAI,CAAC;aACtB,GAAG,CAAC,UAAC,IAAI;YACR,OAAO;gBACL,KAAK,EAAE,IAAK,CAAC,CAAC,CAAC;gBACf,OAAO,EAAE;oBACP,mCAAmC;oBACnC,IAAK,CAAC,GAAG,CAAC,UAAC,KAAK,IAAK,OAAA,KAAK,CAAC,UAAU,CAAC,SAAS,EAA1B,CAA0B,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;iBAC9D,CAAC,IAAI,CAAC,IAAI,CAAC;gBACZ,aAAa,EAAE,IAAK;aACN,CAAC;QACnB,CAAC,CAAC,CAAC;IACP,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,qBAAqB;IACzB,KAAK,EAAE,6BAA6B;IACpC,KAAK,EAAE,SAAS;IAChB,OAAO,SAAA;IACP,YAAY,EAAE,iBAAiB;IAC/B,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,cAAc,EAAE,KAAK;IACrB,WAAW,EAAE,IAAA,8BAAoB,EAAC,oBAAoB,CAAC;IACvD,GAAG,EAAE,4EAA4E;IACjF,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -37,9 +37,13 @@ var __values = (this && this.__values) || function(o) {
|
|
|
37
37
|
};
|
|
38
38
|
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
|
|
39
39
|
};
|
|
40
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
41
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
42
|
+
};
|
|
40
43
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
41
44
|
var models_1 = require("@appland/models");
|
|
42
45
|
var url_1 = require("url");
|
|
46
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
43
47
|
function sanitizesData(event, objectId, label) {
|
|
44
48
|
return (event.labels.has(label) &&
|
|
45
49
|
!!event.returnValue &&
|
|
@@ -154,6 +158,8 @@ exports.default = {
|
|
|
154
158
|
'CWE-502': new url_1.URL('https://cwe.mitre.org/data/definitions/502.html'),
|
|
155
159
|
'Ruby Security': new url_1.URL('https://docs.ruby-lang.org/en/3.0/doc/security_rdoc.html'),
|
|
156
160
|
},
|
|
161
|
+
description: (0, parseRuleDescription_1.default)('deserializationOfUntrustedData'),
|
|
162
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#deserialization-of-untrusted-data',
|
|
157
163
|
build: build,
|
|
158
164
|
};
|
|
159
165
|
//# sourceMappingURL=deserializationOfUntrustedData.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deserializationOfUntrustedData.js","sourceRoot":"","sources":["../../src/rules/deserializationOfUntrustedData.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"deserializationOfUntrustedData.js","sourceRoot":"","sources":["../../src/rules/deserializationOfUntrustedData.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAAwD;AAExD,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,aAAa,CAAC,KAAY,EAAE,QAAgB,EAAE,KAAa;IAClE,OAAO,CACL,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC;QACvB,CAAC,CAAC,KAAK,CAAC,WAAW;QACnB,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS;QAC7B,KAAK,CAAC,WAAW,CAAC,SAAS,KAAK,QAAQ,CACzC,CAAC;AACJ,CAAC;AAED,SAAU,eAAe,CAAC,SAAgB,EAAE,MAAa;;;;;;;gBACnC,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA;;;;gBAApD,KAAK;gBACd,IAAI,KAAK,CAAC,KAAK,KAAK,MAAM,EAAE;oBAC1B,wBAAM;iBACP;gBACD,qBAAM,KAAK,EAAA;;gBAAX,SAAW,CAAC;;;;;;;;;;;;;;;;;;;CAEf;AAED,SAAS,qBAAqB,CAAC,SAAgB,EAAE,KAAY;IAC3D,OAAO,CAAC,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,UAAC,SAAS,IAAK,OAAA,SAAS,CAAC,SAAS,EAAnB,CAAmB,CAAC;SAC1C,KAAK,CAAC,UAAC,SAAS;;;YACf,KAAwB,IAAA,KAAA,SAAA,eAAe,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA,gBAAA,4BAAE;gBAAtD,IAAM,SAAS,WAAA;gBAClB,IAAI,aAAa,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,SAAU,EAAE,QAAQ,CAAC,EAAE;oBAClE,OAAO,IAAI,CAAC;iBACb;aACF;;;;;;;;;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,SAAgB;;;YAC/B,KAAoB,IAAA,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA,gBAAA,4BAAE;gBAA5D,IAAM,KAAK,WAAA;gBACd,IACE,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC;oBACzC,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,UAAC,QAAQ,IAAK,OAAA,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,EAApC,CAAoC,CAAC,EACjF;oBACA,IAAI,qBAAqB,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE;wBACjD,OAAO;qBACR;yBAAM;wBACL,OAAO;4BACL;gCACE,KAAK,EAAE,OAAO;gCACd,KAAK,EAAE,KAAK,CAAC,KAAK;gCAClB,OAAO,EAAK,KAAK,CAAC,KAAK,iCAA8B;6BACtD;yBACF,CAAC;qBACH;iBACF;aACF;;;;;;;;;IACH,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,IAAM,iBAAiB,GAAG,oBAAoB,CAAC;AAC/C,IAAM,eAAe,GAAG,kBAAkB,CAAC;AAC3C,IAAM,QAAQ,GAAG,UAAU,CAAC;AAE5B,kBAAe;IACb,EAAE,EAAE,mCAAmC;IACvC,KAAK,EAAE,mCAAmC;IAC1C,MAAM,EAAE,CAAC,iBAAiB,EAAE,eAAe,EAAE,QAAQ,CAAC;IACtD,YAAY,EAAE,UAAU;IACxB,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;QACrE,eAAe,EAAE,IAAI,SAAG,CAAC,0DAA0D,CAAC;KACrF;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,gCAAgC,CAAC;IACnE,GAAG,EAAE,0FAA0F;IAC/F,KAAK,OAAA;CACE,CAAC"}
|
package/built/rules/http500.js
CHANGED
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
6
|
var url_1 = require("url");
|
|
7
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
4
8
|
function build() {
|
|
5
9
|
return {
|
|
6
10
|
matcher: function (e) { return e.httpServerResponse.status === 500; },
|
|
@@ -16,6 +20,8 @@ exports.default = {
|
|
|
16
20
|
references: {
|
|
17
21
|
'CWE-392': new url_1.URL('https://cwe.mitre.org/data/definitions/392.html'),
|
|
18
22
|
},
|
|
23
|
+
description: (0, parseRuleDescription_1.default)('http500'),
|
|
24
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#http-500',
|
|
19
25
|
build: build,
|
|
20
26
|
};
|
|
21
27
|
//# sourceMappingURL=http500.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http500.js","sourceRoot":"","sources":["../../src/rules/http500.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"http500.js","sourceRoot":"","sources":["../../src/rules/http500.ts"],"names":[],"mappings":";;;;;AACA,2BAA0B;AAE1B,oFAA8D;AAE9D,SAAS,KAAK;IACZ,OAAO;QACL,OAAO,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,kBAAmB,CAAC,MAAM,KAAK,GAAG,EAApC,CAAoC;QAC3D,KAAK,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,kBAAkB,EAAtB,CAAsB;KAC5C,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,UAAU;IACd,KAAK,EAAE,sBAAsB;IAC7B,KAAK,EAAE,qBAAqB;IAC5B,cAAc,EAAE,KAAK;IACrB,YAAY,EAAE,WAAW;IACzB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;KACtE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,SAAS,CAAC;IAC5C,GAAG,EAAE,iEAAiE;IACtE,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
6
|
var matchPattern_1 = require("./lib/matchPattern");
|
|
4
7
|
var url_1 = require("url");
|
|
8
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
5
9
|
var Options = /** @class */ (function () {
|
|
6
10
|
function Options() {
|
|
7
11
|
this.callerPackages = [];
|
|
@@ -38,6 +42,8 @@ exports.default = {
|
|
|
38
42
|
'CWE-1120': new url_1.URL('https://cwe.mitre.org/data/definitions/1120.html'),
|
|
39
43
|
'CWE-1154': new url_1.URL('https://cwe.mitre.org/data/definitions/1154.html'),
|
|
40
44
|
},
|
|
45
|
+
description: (0, parseRuleDescription_1.default)('illegalPackageDependency'),
|
|
46
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#illegal-package-dependency',
|
|
41
47
|
Options: Options,
|
|
42
48
|
build: build,
|
|
43
49
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"illegalPackageDependency.js","sourceRoot":"","sources":["../../src/rules/illegalPackageDependency.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"illegalPackageDependency.js","sourceRoot":"","sources":["../../src/rules/illegalPackageDependency.ts"],"names":[],"mappings":";;;;;AAIA,mDAA+D;AAC/D,2BAA0B;AAC1B,oFAA8D;AAE9D;IAAA;QACS,mBAAc,GAAyB,EAAE,CAAC;QAC1C,kBAAa,GAAuB,EAAwB,CAAC;IACtE,CAAC;IAAD,cAAC;AAAD,CAAC,AAHD,IAGC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,cAAc,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;IAClE,IAAM,aAAa,GAAG,IAAA,0BAAW,EAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAEzD,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SAAS,IAAI,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACjG,CAAC;IAED,SAAS,OAAO,CAAC,CAAQ;QACvB,IAAM,eAAe,GAAG,OAAO,CAAC,cAAc;aAC3C,GAAG,CAAC,UAAC,MAAM,IAAK,OAAA,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,EAA9C,CAA8C,CAAC;aAC/D,GAAG,CAAC,MAAM,CAAC;aACX,IAAI,CAAC,MAAM,CAAC,CAAC;QAEhB,IAAM,aAAa,GAAG,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SAAS,CAAC;QACrD,IACE,CAAC,CACC,CAAC,CAAC,UAAU,CAAC,SAAS,KAAK,aAAa;YACxC,cAAc,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,OAAO,CAAC,aAAa,CAAC,EAAtB,CAAsB,CAAC,CACzD,EACD;YACA,OAAO,iBAAe,CAAC,CAAC,UAAU,CAAC,EAAE,0BAAqB,aAAa,mBAAc,eAAiB,CAAC;SACxG;IACH,CAAC;IAED,OAAO,EAAE,KAAK,OAAA,EAAE,OAAO,SAAA,EAAE,CAAC;AAC5B,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,4BAA4B;IAChC,KAAK,EAAE,kDAAkD;IACzD,KAAK,EAAE,SAAsB;IAC7B,cAAc,EAAE,IAAI;IACpB,YAAY,EAAE,iBAAiB;IAC/B,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;QACvE,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,0BAA0B,CAAC;IAC7D,GAAG,EAAE,mFAAmF;IACxF,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -35,8 +35,12 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
|
35
35
|
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
36
36
|
}
|
|
37
37
|
};
|
|
38
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
39
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
40
|
+
};
|
|
38
41
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
39
42
|
var openapi_1 = require("../openapi");
|
|
43
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
40
44
|
var Options = /** @class */ (function () {
|
|
41
45
|
function Options() {
|
|
42
46
|
this.schemata = {};
|
|
@@ -91,6 +95,8 @@ exports.default = {
|
|
|
91
95
|
scope: 'http_client_request',
|
|
92
96
|
enumerateScope: false,
|
|
93
97
|
impactDomain: 'Stability',
|
|
98
|
+
description: (0, parseRuleDescription_1.default)('incompatibleHttpClientRequest'),
|
|
99
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#incompatible-http-client-request',
|
|
94
100
|
Options: Options,
|
|
95
101
|
build: build,
|
|
96
102
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"incompatibleHttpClientRequest.js","sourceRoot":"","sources":["../../src/rules/incompatibleHttpClientRequest.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"incompatibleHttpClientRequest.js","sourceRoot":"","sources":["../../src/rules/incompatibleHttpClientRequest.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,sCAAuE;AAKvE,oFAA8D;AAE9D;IAAA;QACS,aAAQ,GAA2B,EAAE,CAAC;IAC/C,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,IAAM,aAAa,GAAG,UAAC,MAA0C;IAC/D,OAAO,8EACL,MAAM,CAAC,MAAM,SACX,MAAM,CAAC,uBAAuB;SAC/B,MAAM,CAAC,MAAM,CAAC,4BAA4B,CAAC;SAC3C,GAAG,CAAC,UAAC,MAAM,IAAK,OAAA,MAAM,CAAC,QAAQ,EAAf,CAAe,CAAC;SAChC,IAAI,CAAC,IAAI,CAAG,CAAC;AAClB,CAAC,CAAC;AAEF,SAAS,KAAK,CAAC,OAAgB;IAC7B,SAAe,OAAO,CAAC,KAAY;;;;;;wBAC3B,cAAc,GAAG,IAAA,0BAAgB,EAAC,KAAK,CAAC,CAAC;wBAC1B,qBAAM,IAAA,gBAAM,EAAC,KAAK,CAAC,iBAAkB,CAAC,GAAI,EAAE,OAAO,CAAC,QAAQ,CAAC,EAAA;;wBAA5E,YAAY,GAAG,SAA6D;wBAC5E,YAAY,GAAG;4BACnB,OAAO,EAAE,OAAO;4BAChB,IAAI,EAAE;gCACJ,KAAK,EAAE,oCAAoC;gCAC3C,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,2CAA2C;6BAChF;4BACD,KAAK,EAAE,cAAe,CAAC,KAAK;4BAC5B,UAAU,EAAE,EAAE,eAAe,EAAE,cAAe,CAAC,eAAe,EAAE;yBAC3C,CAAC;wBACR,qBAAM,IAAA,yBAAe,EAAC,YAAY,EAAE,YAAY,CAAC,EAAA;;wBAA3D,OAAO,GAAG,SAAiD;wBACjE,sBAAO,OAAO,CAAC,GAAG,CAAC,UAAC,MAA0C,IAAK,OAAA,CAAC;gCAClE,KAAK,EAAE,OAAO;gCACd,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC;6BAC/B,CAAC,EAHiE,CAGjE,CAAC,EAAC;;;;KACL;IAED,OAAO;QACL,OAAO,SAAA;QACP,KAAK,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,iBAAiB,IAAI,CAAC,CAAC,CAAC,CAAC,iBAAkB,CAAC,GAAG,EAAnD,CAAmD;KACzE,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,kCAAkC;IACtC,KAAK,EAAE,kCAAkC;IACzC,KAAK,EAAE,qBAAqB;IAC5B,cAAc,EAAE,KAAK;IACrB,YAAY,EAAE,WAAW;IACzB,WAAW,EAAE,IAAA,8BAAoB,EAAC,+BAA+B,CAAC;IAClE,GAAG,EAAE,yFAAyF;IAC9F,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -6,6 +6,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
var url_1 = require("url");
|
|
7
7
|
var recordSecrets_1 = __importDefault(require("../analyzer/recordSecrets"));
|
|
8
8
|
var secretsRegexes_1 = require("../analyzer/secretsRegexes");
|
|
9
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
9
10
|
var BCRYPT_REGEXP = /^[$]2[abxy]?[$](?:0[4-9]|[12][0-9]|3[01])[$][./0-9a-zA-Z]{53}$/;
|
|
10
11
|
var secrets = new Set();
|
|
11
12
|
function stringEquals(e) {
|
|
@@ -50,6 +51,8 @@ exports.default = {
|
|
|
50
51
|
references: {
|
|
51
52
|
'CWE-208': new url_1.URL('https://cwe.mitre.org/data/definitions/208.html'),
|
|
52
53
|
},
|
|
54
|
+
description: (0, parseRuleDescription_1.default)('insecureCompare'),
|
|
55
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#insecure-compare',
|
|
53
56
|
build: build,
|
|
54
57
|
};
|
|
55
58
|
//# sourceMappingURL=insecureCompare.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"insecureCompare.js","sourceRoot":"","sources":["../../src/rules/insecureCompare.ts"],"names":[],"mappings":";;;;;AACA,2BAA0B;AAC1B,4EAAsD;AACtD,6DAAyD;
|
|
1
|
+
{"version":3,"file":"insecureCompare.js","sourceRoot":"","sources":["../../src/rules/insecureCompare.ts"],"names":[],"mappings":";;;;;AACA,2BAA0B;AAC1B,4EAAsD;AACtD,6DAAyD;AAEzD,oFAA8D;AAE9D,IAAM,aAAa,GAAG,gEAAgE,CAAC;AAEvF,IAAM,OAAO,GAAgB,IAAI,GAAG,EAAE,CAAC;AAEvC,SAAS,YAAY,CAAC,CAAQ;IAC5B,IAAI,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,UAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QAC9D,OAAO,KAAK,CAAC;KACd;IAED,IAAM,IAAI,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAEvD,SAAS,QAAQ,CAAC,GAAW;QAC3B,OAAO,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,SAAS,QAAQ,CAAC,GAAW;QAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAA,4BAAW,EAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;IAED,sDAAsD;IACtD,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,CAAQ;QACvB,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;YACnC,IAAA,uBAAa,EAAC,OAAO,EAAE,CAAC,CAAC,CAAC;SAC3B;QACD,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YACzC,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;SACxB;IACH,CAAC;IAED,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CACL,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAC3F,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO,SAAA;QACP,KAAK,OAAA;KACN,CAAC;AACJ,CAAC;AAED,IAAM,MAAM,GAAG,QAAQ,CAAC;AACxB,IAAM,YAAY,GAAG,eAAe,CAAC;AAErC,kBAAe;IACb,EAAE,EAAE,kBAAkB;IACtB,KAAK,EAAE,gCAAgC;IACvC,MAAM,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,cAAc,EAAE,IAAI;IACpB,YAAY,EAAE,UAAU;IACxB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;KACtE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,iBAAiB,CAAC;IACpD,GAAG,EAAE,yEAAyE;IAC9E,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -31,6 +31,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
31
31
|
var wellKnownLabels_1 = __importDefault(require("../wellKnownLabels"));
|
|
32
32
|
var sqlTransactionScope_1 = require("../scope/sqlTransactionScope");
|
|
33
33
|
var url_1 = require("url");
|
|
34
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
34
35
|
function build() {
|
|
35
36
|
function matcher(event) {
|
|
36
37
|
if (!(0, sqlTransactionScope_1.hasTransactionDetails)(event))
|
|
@@ -72,6 +73,8 @@ exports.default = {
|
|
|
72
73
|
references: {
|
|
73
74
|
'CWE-672': new url_1.URL('https://cwe.mitre.org/data/definitions/672.html'),
|
|
74
75
|
},
|
|
76
|
+
description: (0, parseRuleDescription_1.default)('jobNotCancelled'),
|
|
77
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#job-not-cancelled',
|
|
75
78
|
build: build,
|
|
76
79
|
};
|
|
77
80
|
//# sourceMappingURL=jobNotCancelled.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jobNotCancelled.js","sourceRoot":"","sources":["../../src/rules/jobNotCancelled.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,uEAAwC;AACxC,oEAAqE;AACrE,2BAA0B;
|
|
1
|
+
{"version":3,"file":"jobNotCancelled.js","sourceRoot":"","sources":["../../src/rules/jobNotCancelled.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,uEAAwC;AACxC,oEAAqE;AACrE,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,KAAY;QAC3B,IAAI,CAAC,IAAA,2CAAqB,EAAC,KAAK,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,oBAAkB,KAAK,CAAC,EAAE,yBAAsB,CAAC,CAAC;QACpE,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,KAAK,QAAQ;YAAE,OAAO;QAElD,IAAM,cAAc,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,UAAC,EAAU;gBAAR,MAAM,YAAA;YAC9D,OAAA,MAAM,CAAC,GAAG,CAAC,yBAAM,CAAC,SAAS,CAAC;QAA5B,CAA4B,CAC7B,CAAC;QACF,IAAM,kBAAkB,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,UAAC,EAAU;gBAAR,MAAM,YAAA;YAClE,OAAA,MAAM,CAAC,GAAG,CAAC,yBAAM,CAAC,SAAS,CAAC;QAA5B,CAA4B,CAC7B,CAAC;QACF,IAAM,OAAO,GAAG,cAAc,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC;QAClE,IAAI,OAAO,KAAK,CAAC;YAAE,OAAO;QAE1B,IAAM,MAAM,GAAgB;YAC1B,KAAK,EAAE,OAAO;YACd,KAAK,EAAE,KAAK;YACZ,OAAO,EAAK,OAAO,oEAAiE;YACpF,kEAAkE;YAClE,4DAA4D;YAC5D,aAAa,yCAAM,cAAc,kBAAK,kBAAkB,SAAC;SAC1D,CAAC;QAEF,OAAO,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,mBAAmB;IACvB,KAAK,EAAE,4DAA4D;IACnE,KAAK,EAAE,aAAa;IACpB,cAAc,EAAE,KAAK;IACrB,MAAM,EAAE,CAAC,yBAAM,CAAC,SAAS,EAAE,yBAAM,CAAC,SAAS,CAAC;IAC5C,YAAY,EAAE,WAAW;IACzB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;KACtE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,iBAAiB,CAAC;IACpD,GAAG,EAAE,0EAA0E;IAC/E,KAAK,OAAA;CACE,CAAC"}
|