@appland/scanner 1.40.1 → 1.41.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +63 -39
- package/built/cli/ci/command.js +1 -1
- package/built/cli/ci/command.js.map +1 -1
- package/built/cli/upload/command.js +1 -1
- package/built/cli/upload/command.js.map +1 -1
- package/built/eventUtil.js +61 -0
- package/built/eventUtil.js.map +1 -0
- package/built/integration/appland/upload.js +2 -3
- package/built/integration/appland/upload.js.map +1 -1
- package/built/ruleChecker.js +4 -3
- package/built/ruleChecker.js.map +1 -1
- package/built/rules/authzBeforeAuthn.js +6 -0
- package/built/rules/authzBeforeAuthn.js.map +1 -1
- package/built/rules/circularDependency.js +3 -0
- package/built/rules/circularDependency.js.map +1 -1
- package/built/rules/deserializationOfUntrustedData.js +6 -0
- package/built/rules/deserializationOfUntrustedData.js.map +1 -1
- package/built/rules/http500.js +6 -0
- package/built/rules/http500.js.map +1 -1
- package/built/rules/illegalPackageDependency.js +6 -0
- package/built/rules/illegalPackageDependency.js.map +1 -1
- package/built/rules/incompatibleHttpClientRequest.js +6 -0
- package/built/rules/incompatibleHttpClientRequest.js.map +1 -1
- package/built/rules/insecureCompare.js +3 -0
- package/built/rules/insecureCompare.js.map +1 -1
- package/built/rules/jobNotCancelled.js +3 -0
- package/built/rules/jobNotCancelled.js.map +1 -1
- package/built/rules/lib/parseRuleDescription.js +18 -0
- package/built/rules/lib/parseRuleDescription.js.map +1 -0
- package/built/rules/logoutWithoutSessionReset.js +6 -0
- package/built/rules/logoutWithoutSessionReset.js.map +1 -1
- package/built/rules/missingAuthentication.js +6 -0
- package/built/rules/missingAuthentication.js.map +1 -1
- package/built/rules/missingContentType.js +6 -0
- package/built/rules/missingContentType.js.map +1 -1
- package/built/rules/nPlusOneQuery.js +6 -0
- package/built/rules/nPlusOneQuery.js.map +1 -1
- package/built/rules/queryFromInvalidPackage.js +6 -0
- package/built/rules/queryFromInvalidPackage.js.map +1 -1
- package/built/rules/queryFromView.js +6 -0
- package/built/rules/queryFromView.js.map +1 -1
- package/built/rules/rpcWithoutCircuitBreaker.js +6 -0
- package/built/rules/rpcWithoutCircuitBreaker.js.map +1 -1
- package/built/rules/saveWithoutValidation.js +6 -0
- package/built/rules/saveWithoutValidation.js.map +1 -1
- package/built/rules/secretInLog.js +3 -0
- package/built/rules/secretInLog.js.map +1 -1
- package/built/rules/slowFunctionCall.js +6 -0
- package/built/rules/slowFunctionCall.js.map +1 -1
- package/built/rules/slowHttpServerRequest.js +6 -0
- package/built/rules/slowHttpServerRequest.js.map +1 -1
- package/built/rules/slowQuery.js +6 -0
- package/built/rules/slowQuery.js.map +1 -1
- package/built/rules/tooManyJoins.js +6 -0
- package/built/rules/tooManyJoins.js.map +1 -1
- package/built/rules/tooManyUpdates.js +6 -0
- package/built/rules/tooManyUpdates.js.map +1 -1
- package/built/rules/unbatchedMaterializedQuery.js +6 -0
- package/built/rules/unbatchedMaterializedQuery.js.map +1 -1
- package/built/rules/updateInGetRequest.js +6 -0
- package/built/rules/updateInGetRequest.js.map +1 -1
- package/doc/architecture.md +48 -0
- package/doc/labels/audit.md +7 -0
- package/doc/labels/dao.materialize.md +12 -0
- package/doc/labels/deserialize.safe.md +9 -0
- package/doc/labels/deserialize.unsafe.md +12 -0
- package/doc/labels/http.session.clear.md +7 -0
- package/doc/labels/job.cancel.md +11 -0
- package/doc/labels/job.create.md +13 -0
- package/doc/labels/log.md +12 -0
- package/doc/labels/public.md +8 -0
- package/doc/labels/rpc.circuit_breaker.md +16 -0
- package/doc/labels/sanitize.md +29 -0
- package/doc/labels/secret.md +11 -0
- package/doc/labels/security.authentication.md +10 -0
- package/doc/labels/security.authorization.md +9 -0
- package/doc/labels/security.logout.md +9 -0
- package/doc/labels/string.equals.md +18 -0
- package/doc/rules/authzBeforeAuthn.md +47 -0
- package/doc/rules/circularDependency.md +57 -0
- package/doc/rules/deserializationOfUntrustedData.md +55 -0
- package/doc/rules/http500.md +36 -0
- package/doc/rules/illegalPackageDependency.md +50 -0
- package/doc/rules/incompatibleHttpClientRequest.md +35 -0
- package/doc/rules/insecureCompare.md +59 -0
- package/doc/rules/jobNotCancelled.md +49 -0
- package/doc/rules/logoutWithoutSessionReset.md +40 -0
- package/doc/rules/missingAuthentication.md +59 -0
- package/doc/rules/missingContentType.md +33 -0
- package/doc/rules/nPlusOneQuery.md +52 -0
- package/doc/rules/queryFromInvalidPackage.md +45 -0
- package/doc/rules/queryFromView.md +42 -0
- package/doc/rules/rpcWithoutCircuitBreaker.md +44 -0
- package/doc/rules/saveWithoutValidation.md +33 -0
- package/doc/rules/secretInLog.md +49 -0
- package/doc/rules/slowFunctionCall.md +39 -0
- package/doc/rules/slowHttpServerRequest.md +34 -0
- package/doc/rules/slowQuery.md +33 -0
- package/doc/rules/tooManyJoins.md +40 -0
- package/doc/rules/tooManyUpdates.md +46 -0
- package/doc/rules/unbatchedMaterializedQuery.md +54 -0
- package/doc/rules/updateInGetRequest.md +44 -0
- package/package.json +3 -2
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
var fs_1 = __importDefault(require("fs"));
|
|
7
|
+
var errors_1 = require("../../errors");
|
|
8
|
+
var path_1 = require("path");
|
|
9
|
+
function parseRuleDescription(id) {
|
|
10
|
+
var content = fs_1.default.readFileSync((0, path_1.join)(__dirname, "../../../doc/rules/" + id + ".md"), 'utf-8');
|
|
11
|
+
var propertiesContent = content.match(/---\n((?:.*\n)+)---\n((?:.*\n)+?)###/);
|
|
12
|
+
if (!propertiesContent) {
|
|
13
|
+
throw new errors_1.ValidationError("Unable to read description for rule \"" + id + "\".");
|
|
14
|
+
}
|
|
15
|
+
return propertiesContent[2].replace(/\n/g, ' ').trim();
|
|
16
|
+
}
|
|
17
|
+
exports.default = parseRuleDescription;
|
|
18
|
+
//# sourceMappingURL=parseRuleDescription.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"parseRuleDescription.js","sourceRoot":"","sources":["../../../src/rules/lib/parseRuleDescription.ts"],"names":[],"mappings":";;;;;AAAA,0CAAoB;AACpB,uCAA+C;AAC/C,6BAA4B;AAE5B,SAAwB,oBAAoB,CAAC,EAAU;IACrD,IAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,IAAA,WAAI,EAAC,SAAS,EAAE,wBAAsB,EAAE,QAAK,CAAC,EAAE,OAAO,CAAC,CAAC;IACzF,IAAM,iBAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAEhF,IAAI,CAAC,iBAAiB,EAAE;QACtB,MAAM,IAAI,wBAAe,CAAC,2CAAwC,EAAE,QAAI,CAAC,CAAC;KAC3E;IAED,OAAO,iBAAiB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AACzD,CAAC;AATD,uCASC"}
|
|
@@ -10,9 +10,13 @@ var __values = (this && this.__values) || function(o) {
|
|
|
10
10
|
};
|
|
11
11
|
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
|
|
12
12
|
};
|
|
13
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
14
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
15
|
+
};
|
|
13
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
14
17
|
var models_1 = require("@appland/models");
|
|
15
18
|
var url_1 = require("url");
|
|
19
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
16
20
|
function containsSessionClear(events) {
|
|
17
21
|
var e_1, _a;
|
|
18
22
|
try {
|
|
@@ -80,6 +84,8 @@ exports.default = {
|
|
|
80
84
|
'OWASP - Session fixation': new url_1.URL('https://owasp.org/www-community/attacks/Session_fixation'),
|
|
81
85
|
'Ruby on Rails - Session fixation countermeasures': new url_1.URL('https://guides.rubyonrails.org/security.html#session-fixation-countermeasures'),
|
|
82
86
|
},
|
|
87
|
+
description: (0, parseRuleDescription_1.default)('logoutWithoutSessionReset'),
|
|
88
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#logout-without-session-reset',
|
|
83
89
|
build: build,
|
|
84
90
|
};
|
|
85
91
|
//# sourceMappingURL=logoutWithoutSessionReset.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logoutWithoutSessionReset.js","sourceRoot":"","sources":["../../src/rules/logoutWithoutSessionReset.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"logoutWithoutSessionReset.js","sourceRoot":"","sources":["../../src/rules/logoutWithoutSessionReset.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwD;AAExD,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,oBAAoB,CAAC,MAAiC;;;QAC7D,KAAmB,IAAA,WAAA,SAAA,MAAM,CAAA,8BAAA,kDAAE;YAAtB,IAAM,IAAI,mBAAA;YACb,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE;gBAC3C,OAAO,IAAI,CAAC;aACb;SACF;;;;;;;;;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,SAAgB;;;YAC/B,KAAoB,IAAA,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA,gBAAA,4BAAE;gBAA5D,IAAM,KAAK,WAAA;gBACd,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE;oBAC1C,IAAI,oBAAoB,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE;wBAC7C,OAAO;qBACR;yBAAM;wBACL,OAAO;4BACL;gCACE,KAAK,EAAE,OAAO;gCACd,KAAK,EAAE,KAAK,CAAC,KAAK;gCAClB,OAAO,EAAK,KAAK,CAAC,KAAK,4DAAyD;6BACjF;yBACF,CAAC;qBACH;iBACF;aACF;;;;;;;;;IACH,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,IAAM,cAAc,GAAG,iBAAiB,CAAC;AACzC,IAAM,gBAAgB,GAAG,oBAAoB,CAAC;AAE9C,kBAAe;IACb,EAAE,EAAE,8BAA8B;IAClC,KAAK,EAAE,8BAA8B;IACrC,KAAK,EAAE,qBAAqB;IAC5B,MAAM,EAAE,CAAC,gBAAgB,EAAE,cAAc,CAAC;IAC1C,YAAY,EAAE,UAAU;IACxB,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;QACrE,0BAA0B,EAAE,IAAI,SAAG,CAAC,0DAA0D,CAAC;QAC/F,kDAAkD,EAAE,IAAI,SAAG,CACzD,+EAA+E,CAChF;KACF;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,2BAA2B,CAAC;IAC9D,GAAG,EAAE,qFAAqF;IAC1F,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,10 +1,14 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
6
|
var models_1 = require("@appland/models");
|
|
4
7
|
var rpcRequest_1 = require("../openapi/rpcRequest");
|
|
5
8
|
var util_1 = require("./lib/util");
|
|
6
9
|
var matchPattern_1 = require("./lib/matchPattern");
|
|
7
10
|
var url_1 = require("url");
|
|
11
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
8
12
|
function isPublic(event) {
|
|
9
13
|
return event.labels.has(Public);
|
|
10
14
|
}
|
|
@@ -64,6 +68,8 @@ exports.default = {
|
|
|
64
68
|
references: {
|
|
65
69
|
'CWE-306': new url_1.URL('https://cwe.mitre.org/data/definitions/306.html'),
|
|
66
70
|
},
|
|
71
|
+
description: (0, parseRuleDescription_1.default)('missingAuthentication'),
|
|
72
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#missing-authentication',
|
|
67
73
|
Options: Options,
|
|
68
74
|
build: build,
|
|
69
75
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"missingAuthentication.js","sourceRoot":"","sources":["../../src/rules/missingAuthentication.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"missingAuthentication.js","sourceRoot":"","sources":["../../src/rules/missingAuthentication.ts"],"names":[],"mappings":";;;;;AAAA,0CAAwD;AACxD,oDAA2D;AAG3D,mCAAoD;AAEpD,mDAAkD;AAClD,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,QAAQ,CAAC,KAAY;IAC5B,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AAClC,CAAC;AAED,IAAM,eAAe,GAAG,UAAC,QAAkC;IACzD,IAAI,CAAC,GAAmC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACxD,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE;QACd,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,IAAA,6BAAsB,EAAC,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,sBAAsB,CAAC,EAAE;YAC5F,OAAO,IAAI,CAAC;SACb;QACD,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;KACrB;IAED,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF;IAAA;QACS,wBAAmB,GAAyB,EAAE,CAAC;QAC/C,wBAAmB,GAAyB,EAAE,CAAC;IACxD,CAAC;IAAD,cAAC;AAAD,CAAC,AAHD,IAGC;AAED,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,IAAM,mBAAmB,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACtE,IAAM,mBAAmB,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEtE,SAAS,eAAe,CAAC,WAAmB;QAC1C,SAAS,IAAI,CAAC,MAAoB;YAChC,OAAO,MAAM,CAAC,WAAW,CAAC,CAAC;QAC7B,CAAC;QAED,OAAO,CACL,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpE,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAChC,CAAC;IACJ,CAAC;IAED,SAAS,OAAO,CAAC,KAAY;QAC3B,OAAO,CAAC,eAAe,CAAC,IAAI,uBAAc,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CACL,CAAC,CAAC,KAAK,KAAK,SAAS;YACrB,CAAC,CAAC,kBAAkB,KAAK,SAAS;YAClC,CAAC,CAAC,kBAAkB,CAAC,MAAM,GAAG,GAAG;YACjC,CAAC,CAAC,IAAA,+BAAkB,EAAC,CAAC,CAAC;YACvB,CAAC,CAAC,IAAA,+BAAkB,EAAC,CAAC,CAAE,CAAC,WAAW;YACpC,eAAe,CAAC,IAAA,+BAAkB,EAAC,CAAC,CAAE,CAAC,WAAW,CAAC,CACpD,CAAC;IACJ,CAAC;IACD,OAAO;QACL,KAAK,OAAA;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AACD,IAAM,MAAM,GAAG,QAAQ,CAAC;AACxB,IAAM,sBAAsB,GAAG,yBAAyB,CAAC;AAEzD,kBAAe;IACb,EAAE,EAAE,wBAAwB;IAC5B,KAAK,EAAE,qCAAqC;IAC5C,KAAK,EAAE,qBAAqB;IAC5B,MAAM,EAAE,CAAC,MAAM,EAAE,sBAAsB,CAAC;IACxC,YAAY,EAAE,UAAU;IACxB,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;KACtE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,uBAAuB,CAAC;IAC1D,GAAG,EAAE,+EAA+E;IACpF,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
6
|
var rpcRequest_1 = require("../openapi/rpcRequest");
|
|
7
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
4
8
|
var isRedirect = function (status) { return [301, 302, 303, 307, 308].includes(status); };
|
|
5
9
|
var hasContent = function (status) { return status !== 204; };
|
|
6
10
|
function build() {
|
|
@@ -23,6 +27,8 @@ exports.default = {
|
|
|
23
27
|
scope: 'http_server_request',
|
|
24
28
|
impactDomain: 'Stability',
|
|
25
29
|
enumerateScope: false,
|
|
30
|
+
description: (0, parseRuleDescription_1.default)('missingContentType'),
|
|
31
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#missing-content-type',
|
|
26
32
|
build: build,
|
|
27
33
|
};
|
|
28
34
|
//# sourceMappingURL=missingContentType.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"missingContentType.js","sourceRoot":"","sources":["../../src/rules/missingContentType.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"missingContentType.js","sourceRoot":"","sources":["../../src/rules/missingContentType.ts"],"names":[],"mappings":";;;;;AAEA,oDAA2D;AAC3D,oFAA8D;AAE9D,IAAM,UAAU,GAAG,UAAC,MAAc,IAAK,OAAA,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAA1C,CAA0C,CAAC;AAClF,IAAM,UAAU,GAAG,UAAC,MAAc,IAAK,OAAA,MAAM,KAAK,GAAG,EAAd,CAAc,CAAC;AAEtD,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,CAAQ;QACvB,OAAO,IAAA,+BAAkB,EAAC,CAAC,CAAE,CAAC,WAAW,KAAK,SAAS,CAAC;IAC1D,CAAC;IACD,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CACL,CAAC,CAAC,CAAC,CAAC,kBAAkB;YACtB,CAAC,UAAU,CAAC,CAAC,CAAC,kBAAmB,CAAC,MAAM,CAAC;YACzC,UAAU,CAAC,CAAC,CAAC,kBAAmB,CAAC,MAAM,CAAC,CACzC,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,SAAA;QACP,KAAK,OAAA;KACN,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,sBAAsB;IAC1B,KAAK,EAAE,mDAAmD;IAC1D,KAAK,EAAE,qBAAqB;IAC5B,YAAY,EAAE,WAAW;IACzB,cAAc,EAAE,KAAK;IACrB,WAAW,EAAE,IAAA,8BAAoB,EAAC,oBAAoB,CAAC;IACvD,GAAG,EAAE,6EAA6E;IAClF,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -10,9 +10,13 @@ var __values = (this && this.__values) || function(o) {
|
|
|
10
10
|
};
|
|
11
11
|
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
|
|
12
12
|
};
|
|
13
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
14
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
15
|
+
};
|
|
13
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
14
17
|
var database_1 = require("../database");
|
|
15
18
|
var url_1 = require("url");
|
|
19
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
16
20
|
var Options = /** @class */ (function () {
|
|
17
21
|
function Options() {
|
|
18
22
|
this.warningLimit = 5;
|
|
@@ -84,6 +88,8 @@ exports.default = {
|
|
|
84
88
|
references: {
|
|
85
89
|
'CWE-1073': new url_1.URL('https://cwe.mitre.org/data/definitions/1073.html'),
|
|
86
90
|
},
|
|
91
|
+
description: (0, parseRuleDescription_1.default)('nPlusOneQuery'),
|
|
92
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#n-plus-one-query',
|
|
87
93
|
build: build,
|
|
88
94
|
};
|
|
89
95
|
//# sourceMappingURL=nPlusOneQuery.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nPlusOneQuery.js","sourceRoot":"","sources":["../../src/rules/nPlusOneQuery.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"nPlusOneQuery.js","sourceRoot":"","sources":["../../src/rules/nPlusOneQuery.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAGA,wCAAmD;AACnD,2BAA0B;AAC1B,oFAA8D;AAE9D;IAAA;QACS,iBAAY,GAAG,CAAC,CAAC;QACjB,eAAU,GAAG,EAAE,CAAC;IACzB,CAAC;IAAD,cAAC;AAAD,CAAC,AAHD,IAGC;AAED,8EAA8E;AAC9E,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,QAAQ,GAA6B,EAAE,CAAC;IAE9C,SAAS,OAAO,CACd,OAAc,EACd,OAAe,EACf,WAAwB;;;YAExB,KAAuB,IAAA,KAAA,SAAA,IAAA,qBAAU,EAAC,OAAO,EAAE,WAAW,CAAC,CAAA,gBAAA,4BAAE;gBAApD,IAAM,QAAQ,WAAA;gBACjB,IAAI,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBACxC,IAAI,CAAC,UAAU,EAAE;oBACf,UAAU,GAAG;wBACX,KAAK,EAAE,CAAC;wBACR,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;qBACzB,CAAC;oBACF,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;iBACrC;qBAAM;oBACL,UAAU,CAAC,KAAK,IAAI,CAAC,CAAC;oBACtB,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;iBACxC;aACF;;;;;;;;;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAC,YAAY,EAAE,GAAG;YACpD,IAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;YAEjC,IAAM,gBAAgB,GAAG,UAAC,KAAY;gBACpC,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC3B,OAAO,EAAK,UAAU,CAAC,KAAK,6BAAwB,GAAK;oBACzD,YAAY,EAAE,GAAG;oBACjB,eAAe,EAAE,UAAU,CAAC,KAAK;oBACjC,aAAa,EAAE,UAAU,CAAC,MAAM;iBACjC,CAAC;YACJ,CAAC,CAAC;YAEF,IAAI,UAAU,CAAC,KAAK,IAAI,OAAO,CAAC,UAAU,EAAE;gBAC1C,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC;aAC9C;iBAAM,IAAI,UAAU,CAAC,KAAK,IAAI,OAAO,CAAC,YAAY,EAAE;gBACnD,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC,CAAC;aAChD;YACD,OAAO,YAAY,CAAC;QACtB,CAAC,EAAE,EAAmB,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,kBAAkB;IACtB,KAAK,EAAE,oBAAoB;IAC3B,KAAK,EAAE,SAAS;IAChB,YAAY,EAAE,aAAa;IAC3B,cAAc,EAAE,KAAK;IACrB,OAAO,SAAA;IACP,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,eAAe,CAAC;IAClD,GAAG,EAAE,yEAAyE;IAC9E,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
6
|
var matchPattern_1 = require("./lib/matchPattern");
|
|
4
7
|
var url_1 = require("url");
|
|
8
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
5
9
|
// TODO: Use the Query AST for this.
|
|
6
10
|
var WHITELIST = [/\bBEGIN\b/i, /\bCOMMIT\b/i, /\bROLLBACK\b/i, /\bRELEASE\b/i, /\bSAVEPOINT\b/i];
|
|
7
11
|
var Options = /** @class */ (function () {
|
|
@@ -37,6 +41,8 @@ exports.default = {
|
|
|
37
41
|
references: {
|
|
38
42
|
'CWE-1057': new url_1.URL('https://cwe.mitre.org/data/definitions/1057.html'),
|
|
39
43
|
},
|
|
44
|
+
description: (0, parseRuleDescription_1.default)('queryFromInvalidPackage'),
|
|
45
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#query-from-invalid-package',
|
|
40
46
|
build: build,
|
|
41
47
|
};
|
|
42
48
|
//# sourceMappingURL=queryFromInvalidPackage.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"queryFromInvalidPackage.js","sourceRoot":"","sources":["../../src/rules/queryFromInvalidPackage.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"queryFromInvalidPackage.js","sourceRoot":"","sources":["../../src/rules/queryFromInvalidPackage.ts"],"names":[],"mappings":";;;;;AAIA,mDAAkD;AAClD,2BAA0B;AAC1B,oFAA8D;AAE9D,oCAAoC;AACpC,IAAM,SAAS,GAAG,CAAC,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAC;AAEnG;IAAA;QACS,oBAAe,GAAyB,EAAE,CAAC;QAC3C,mBAAc,GAAyB,SAAS,CAAC,GAAG,CACzD,UAAC,MAAM,IAAK,OAAA,CAAC,EAAE,KAAK,EAAE,MAAM,EAAyB,CAAA,EAAzC,CAAyC,CACtD,CAAC;IACJ,CAAC;IAAD,cAAC;AAAD,CAAC,AALD,IAKC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,eAAe,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAC9D,IAAM,cAAc,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAE5D,SAAS,OAAO,CAAC,CAAQ;QACvB,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,UAAC,MAAM,IAAK,OAAA,MAAM,CAAC,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAtC,CAAsC,CAAC,EAAE;YAC7E,OAAU,CAAC,CAAC,UAAU,CAAC,EAAE,yCAAoC,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SAAW,CAAC;SAC/F;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,OAAO,CAAC,CAAC,CAAC,QAAS,CAAC,EAApB,CAAoB,CAAC,CAAC;IAC/F,CAAC;IAED,OAAO;QACL,OAAO,SAAA;QACP,KAAK,OAAA;KACN,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,4BAA4B;IAChC,KAAK,EAAE,+BAA+B;IACtC,OAAO,SAAA;IACP,YAAY,EAAE,iBAAiB;IAC/B,cAAc,EAAE,IAAI;IACpB,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,yBAAyB,CAAC;IAC5D,GAAG,EAAE,mFAAmF;IACxF,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
6
|
var url_1 = require("url");
|
|
7
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
4
8
|
var Options = /** @class */ (function () {
|
|
5
9
|
function Options() {
|
|
6
10
|
this.forbiddenLabel = 'mvc.template';
|
|
@@ -29,6 +33,8 @@ exports.default = {
|
|
|
29
33
|
references: {
|
|
30
34
|
'CWE-1057': new url_1.URL('https://cwe.mitre.org/data/definitions/1057.html'),
|
|
31
35
|
},
|
|
36
|
+
description: (0, parseRuleDescription_1.default)('queryFromView'),
|
|
37
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#query-from-view',
|
|
32
38
|
build: build,
|
|
33
39
|
};
|
|
34
40
|
//# sourceMappingURL=queryFromView.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"queryFromView.js","sourceRoot":"","sources":["../../src/rules/queryFromView.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"queryFromView.js","sourceRoot":"","sources":["../../src/rules/queryFromView.ts"],"names":[],"mappings":";;;;;AAGA,2BAA0B;AAC1B,oFAA8D;AAE9D;IAAA;QACS,mBAAc,GAAU,cAAc,CAAC;IAChD,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,SAAS,OAAO,CAAC,CAAQ;QACvB,OAAO,CAAC,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,EAA/C,CAA+C,CAAC,CAAC;IAC3F,CAAC;IACD,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;IACtB,CAAC;IAED,OAAO;QACL,OAAO,SAAA;QACP,KAAK,OAAA;KACN,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,iBAAiB;IACrB,KAAK,EAAE,mBAAmB;IAC1B,OAAO,SAAA;IACP,YAAY,EAAE,iBAAiB;IAC/B,cAAc,EAAE,IAAI;IACpB,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,eAAe,CAAC;IAClD,GAAG,EAAE,wEAAwE;IAC7E,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -37,9 +37,13 @@ var __values = (this && this.__values) || function(o) {
|
|
|
37
37
|
};
|
|
38
38
|
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
|
|
39
39
|
};
|
|
40
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
41
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
42
|
+
};
|
|
40
43
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
41
44
|
var models_1 = require("@appland/models");
|
|
42
45
|
var rpcWithoutProtection_1 = require("./lib/rpcWithoutProtection");
|
|
46
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
43
47
|
var Options = /** @class */ (function () {
|
|
44
48
|
function Options() {
|
|
45
49
|
this.expectedLabel = RPCCircuitBreaker;
|
|
@@ -93,6 +97,8 @@ exports.default = {
|
|
|
93
97
|
labels: [RPCCircuitBreaker],
|
|
94
98
|
impactDomain: 'Stability',
|
|
95
99
|
enumerateScope: true,
|
|
100
|
+
description: (0, parseRuleDescription_1.default)('rpcWithoutCircuitBreaker'),
|
|
101
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#rpc-without-circuit-breaker',
|
|
96
102
|
build: build,
|
|
97
103
|
};
|
|
98
104
|
//# sourceMappingURL=rpcWithoutCircuitBreaker.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rpcWithoutCircuitBreaker.js","sourceRoot":"","sources":["../../src/rules/rpcWithoutCircuitBreaker.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"rpcWithoutCircuitBreaker.js","sourceRoot":"","sources":["../../src/rules/rpcWithoutCircuitBreaker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAAwD;AAExD,mEAA+F;AAE/F,oFAA8D;AAE9D;IAAA;QACS,kBAAa,GAAW,iBAAiB,CAAC;IACnD,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,8EAA8E;AAC9E,SAAU,WAAW,CAAC,iBAAwB;;;;;;;gBACpB,KAAA,SAAA,IAAI,uBAAc,CAAC,iBAAiB,CAAC,CAAC,WAAW,EAAE,CAAA;;;;gBAAhE,SAAS;gBAClB,qBAAM,SAAS,CAAC,KAAK,EAAA;;gBAArB,SAAqB,CAAC;;;;;;;;;;;;;;;;;;;CAEzB;AAED,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,OAAO,IAAA,2CAAoB,EAAC,WAAW,EAAE,OAAO,CAAC,CAAC;AACpD,CAAC;AAED,IAAM,iBAAiB,GAAG,qBAAqB,CAAC;AAEhD,kBAAe;IACb,EAAE,EAAE,6BAA6B;IACjC,KAAK,EAAE,6BAA6B;IACpC,OAAO,SAAA;IACP,MAAM,EAAE,CAAC,iBAAiB,CAAC;IAC3B,YAAY,EAAE,WAAW;IACzB,cAAc,EAAE,IAAI;IACpB,WAAW,EAAE,IAAA,8BAAoB,EAAC,0BAA0B,CAAC;IAC7D,GAAG,EAAE,oFAAoF;IACzF,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
6
|
var models_1 = require("@appland/models");
|
|
4
7
|
var url_1 = require("url");
|
|
8
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
5
9
|
var validatedBy = function (iterator) {
|
|
6
10
|
var i = iterator.next();
|
|
7
11
|
while (!i.done) {
|
|
@@ -28,6 +32,8 @@ exports.default = {
|
|
|
28
32
|
references: {
|
|
29
33
|
'CWE-20': new url_1.URL('https://cwe.mitre.org/data/definitions/20.html'),
|
|
30
34
|
},
|
|
35
|
+
description: (0, parseRuleDescription_1.default)('saveWithoutValidation'),
|
|
36
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#save-without-validation',
|
|
31
37
|
build: build,
|
|
32
38
|
};
|
|
33
39
|
//# sourceMappingURL=saveWithoutValidation.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"saveWithoutValidation.js","sourceRoot":"","sources":["../../src/rules/saveWithoutValidation.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"saveWithoutValidation.js","sourceRoot":"","sources":["../../src/rules/saveWithoutValidation.ts"],"names":[],"mappings":";;;;;AAAA,0CAAwD;AACxD,2BAA0B;AAE1B,oFAA8D;AAE9D,IAAM,WAAW,GAAG,UAAC,QAAkC;IACrD,IAAI,CAAC,GAAmC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACxD,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE;QACd,IACE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,KAAK,SAAS;YACpC,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,QAAS,CAAC,CAAC,kCAAkC;UAC3F;YACA,OAAO,IAAI,CAAC;SACb;QACD,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;KACrB;IAED,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,SAAS,KAAK;IACZ,OAAO;QACL,OAAO,EAAE,UAAC,KAAY,IAAK,OAAA,CAAC,WAAW,CAAC,IAAI,uBAAc,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,EAArD,CAAqD;QAChF,KAAK,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,UAAU,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAS,CAAC,EAAvD,CAAuD;KAC7E,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,yBAAyB;IAC7B,KAAK,EAAE,yBAAyB;IAChC,cAAc,EAAE,IAAI;IACpB,YAAY,EAAE,WAAW;IACzB,UAAU,EAAE;QACV,QAAQ,EAAE,IAAI,SAAG,CAAC,gDAAgD,CAAC;KACpE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,uBAAuB,CAAC;IAC1D,GAAG,EAAE,gFAAgF;IACrF,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -62,6 +62,7 @@ var secretsRegexes_1 = __importStar(require("../analyzer/secretsRegexes"));
|
|
|
62
62
|
var util_1 = require("./lib/util");
|
|
63
63
|
var recordSecrets_1 = __importDefault(require("../analyzer/recordSecrets"));
|
|
64
64
|
var url_1 = require("url");
|
|
65
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
65
66
|
var Match = /** @class */ (function () {
|
|
66
67
|
function Match(regexp, value) {
|
|
67
68
|
this.regexp = regexp;
|
|
@@ -146,6 +147,8 @@ exports.default = {
|
|
|
146
147
|
references: {
|
|
147
148
|
'CWE-532': new url_1.URL('https://cwe.mitre.org/data/definitions/532.html'),
|
|
148
149
|
},
|
|
150
|
+
description: (0, parseRuleDescription_1.default)('secretInLog'),
|
|
151
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#secret-in-log',
|
|
149
152
|
build: build,
|
|
150
153
|
};
|
|
151
154
|
//# sourceMappingURL=secretInLog.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secretInLog.js","sourceRoot":"","sources":["../../src/rules/secretInLog.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2EAAyE;AACzE,mCAAwC;AACxC,4EAAsD;AACtD,2BAA0B;
|
|
1
|
+
{"version":3,"file":"secretInLog.js","sourceRoot":"","sources":["../../src/rules/secretInLog.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2EAAyE;AACzE,mCAAwC;AACxC,4EAAsD;AACtD,2BAA0B;AAC1B,oFAA8D;AAE9D;IACE,eAAmB,MAAuB,EAAS,KAAa;QAA7C,WAAM,GAAN,MAAM,CAAiB;QAAS,UAAK,GAAL,KAAK,CAAQ;IAAG,CAAC;IACtE,YAAC;AAAD,CAAC,AAFD,IAEC;AAED,IAAM,OAAO,GAAgB,IAAI,GAAG,EAAE,CAAC;AAEvC,IAAM,SAAS,GAAG,UAAC,UAAsC;;IACvD,IAAM,OAAO,GAAY,EAAE,CAAC;4BAEf,KAAK;;QAChB,IAAI,IAAA,iBAAU,EAAC,KAAK,CAAC;8BAAW;QAEhC,IAAM,QAAQ,GAAwB,EAAE,CAAC;QAEzC,IAAI,IAAA,4BAAW,EAAC,KAAK,CAAC,EAAE;YACtB,4EAA4E;YAC5E,QAAQ,CAAC,IAAI,OAAb,QAAQ,2BACH,MAAM,CAAC,MAAM,CAAC,wBAAc,CAAC;iBAC7B,IAAI,EAAE;iBACN,MAAM,CAAC,UAAC,EAAE,IAAK,OAAA,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAd,CAAc,CAAC,WACjC;SACH;;YAED,KAAqB,IAAA,2BAAA,SAAA,OAAO,CAAA,CAAA,gCAAA,qDAAE;gBAAzB,IAAM,MAAM,oBAAA;gBACf,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAAE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;aACnD;;;;;;;;;QAED,OAAO,CAAC,IAAI,OAAZ,OAAO,2BAAS,QAAQ,CAAC,GAAG,CAAC,UAAC,OAAO,IAAK,OAAA,IAAI,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,EAAzB,CAAyB,CAAC,WAAE;;;QAlBxE,KAAwB,IAAA,eAAA,SAAA,UAAU,CAAA,sCAAA;YAArB,IAAA,KAAK,6BAAA;oBAAL,KAAK;SAmBjB;;;;;;;;;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE;QACtB,OAAO,OAAO,CAAC,GAAG,CAAC,UAAC,KAAK,IAAK,OAAA,CAAC;YAC7B,KAAK,EAAE,OAAO;YACd,OAAO,EAAK,KAAK,CAAC,KAAK,yBAAoB,KAAK,CAAC,MAAQ;SAC1D,CAAC,EAH4B,CAG5B,CAAC,CAAC;KACL;AACH,CAAC,CAAC;AAEF,SAAS,KAAK;IACZ,OAAO;QACL,OAAO,EAAE,UAAC,CAAC;YACT,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;gBACnC,IAAA,uBAAa,EAAC,OAAO,EAAE,CAAC,CAAC,CAAC;aAC3B;YACD,IAAI,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;gBAChD,OAAO,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;aAChC;QACH,CAAC;QACD,KAAK,EAAE,UAAC,CAAC;YACP,OAAO,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACzE,CAAC;KACF,CAAC;AACJ,CAAC;AAED,IAAM,MAAM,GAAG,QAAQ,CAAC;AACxB,IAAM,GAAG,GAAG,KAAK,CAAC;AAElB,kBAAe;IACb,EAAE,EAAE,eAAe;IACnB,KAAK,EAAE,eAAe;IACtB,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC;IACrB,YAAY,EAAE,UAAU;IACxB,cAAc,EAAE,IAAI;IACpB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;KACtE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,aAAa,CAAC;IAChD,GAAG,EAAE,sEAAsE;IAC3E,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
6
|
var matchPattern_1 = require("./lib/matchPattern");
|
|
7
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
4
8
|
var Options = /** @class */ (function () {
|
|
5
9
|
function Options() {
|
|
6
10
|
this.functions = [];
|
|
@@ -32,6 +36,8 @@ exports.default = {
|
|
|
32
36
|
scope: 'root',
|
|
33
37
|
impactDomain: 'Performance',
|
|
34
38
|
enumerateScope: true,
|
|
39
|
+
description: (0, parseRuleDescription_1.default)('slowFunctionCall'),
|
|
40
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#slow-function-call',
|
|
35
41
|
Options: Options,
|
|
36
42
|
build: build,
|
|
37
43
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"slowFunctionCall.js","sourceRoot":"","sources":["../../src/rules/slowFunctionCall.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"slowFunctionCall.js","sourceRoot":"","sources":["../../src/rules/slowFunctionCall.ts"],"names":[],"mappings":";;;;;AAGA,mDAAkD;AAClD,oFAA8D;AAE9D;IAAA;QACS,cAAS,GAAyB,EAAE,CAAC;QACrC,gBAAW,GAAG,GAAG,CAAC;IAC3B,CAAC;IAAD,cAAC;AAAD,CAAC,AAHD,IAGC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,gBAAgB,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IAE/D,OAAO;QACL,OAAO,EAAE,UAAC,CAAC;YACT,IAAI,CAAC,CAAC,WAAW,CAAC,WAAY,GAAG,OAAO,CAAC,WAAW,EAAE;gBACpD,OAAO,UAAQ,CAAC,CAAC,UAAU,CAAC,EAAE,eAAU,CAAC,CAAC,WAAW,CAAC,WAAW,QAAK,CAAC;aACxE;QACH,CAAC;QACD,KAAK,EAAE,UAAC,CAAC;YACP,OAAA,CAAC,CAAC,UAAU;gBACZ,CAAC,CAAC,CAAC,CAAC,WAAW;gBACf,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,WAAW;gBAC3B,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE;gBACjB,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC;oBAC5B,gBAAgB,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC,EAAxB,CAAwB,CAAC,CAAC;QAL/D,CAK+D;KAClE,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,oBAAoB;IACxB,KAAK,EAAE,oBAAoB;IAC3B,KAAK,EAAE,MAAM;IACb,YAAY,EAAE,aAAa;IAC3B,cAAc,EAAE,IAAI;IACpB,WAAW,EAAE,IAAA,8BAAoB,EAAC,kBAAkB,CAAC;IACrD,GAAG,EAAE,2EAA2E;IAChF,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
3
7
|
var Options = /** @class */ (function () {
|
|
4
8
|
function Options() {
|
|
5
9
|
this.timeAllowed = 1;
|
|
@@ -19,6 +23,8 @@ exports.default = {
|
|
|
19
23
|
scope: 'http_server_request',
|
|
20
24
|
enumerateScope: false,
|
|
21
25
|
impactDomain: 'Performance',
|
|
26
|
+
description: (0, parseRuleDescription_1.default)('slowHttpServerRequest'),
|
|
27
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#slow-http-server-request',
|
|
22
28
|
Options: Options,
|
|
23
29
|
build: build,
|
|
24
30
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"slowHttpServerRequest.js","sourceRoot":"","sources":["../../src/rules/slowHttpServerRequest.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"slowHttpServerRequest.js","sourceRoot":"","sources":["../../src/rules/slowHttpServerRequest.ts"],"names":[],"mappings":";;;;;AAEA,oFAA8D;AAE9D;IAAA;QACS,gBAAW,GAAG,CAAC,CAAC;IACzB,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,OAAO;QACL,OAAO,EAAE,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,WAAY,GAAG,OAAO,CAAC,WAAW,EAApC,CAAoC;QACpD,OAAO,EAAE,cAAM,OAAA,iCAA+B,OAAO,CAAC,WAAW,GAAG,IAAI,QAAK,EAA9D,CAA8D;QAC7E,KAAK,EAAE,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,iBAAiB,IAAI,CAAC,CAAC,WAAW,KAAK,SAAS,EAApD,CAAoD;KACnE,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,0BAA0B;IAC9B,KAAK,EAAE,0BAA0B;IACjC,KAAK,EAAE,qBAAqB;IAC5B,cAAc,EAAE,KAAK;IACrB,YAAY,EAAE,aAAa;IAC3B,WAAW,EAAE,IAAA,8BAAoB,EAAC,uBAAuB,CAAC;IAC1D,GAAG,EAAE,iFAAiF;IACtF,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
package/built/rules/slowQuery.js
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
3
7
|
var Options = /** @class */ (function () {
|
|
4
8
|
function Options() {
|
|
5
9
|
this.timeAllowed = 1;
|
|
@@ -19,6 +23,8 @@ exports.default = {
|
|
|
19
23
|
Options: Options,
|
|
20
24
|
impactDomain: 'Performance',
|
|
21
25
|
enumerateScope: true,
|
|
26
|
+
description: (0, parseRuleDescription_1.default)('slowQuery'),
|
|
27
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#slow-query',
|
|
22
28
|
build: build,
|
|
23
29
|
};
|
|
24
30
|
//# sourceMappingURL=slowQuery.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"slowQuery.js","sourceRoot":"","sources":["../../src/rules/slowQuery.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"slowQuery.js","sourceRoot":"","sources":["../../src/rules/slowQuery.ts"],"names":[],"mappings":";;;;;AAEA,oFAA8D;AAE9D;IAAA;QACS,gBAAW,GAAG,CAAC,CAAC;IACzB,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,OAAO;QACL,OAAO,EAAE,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,WAAY,GAAG,OAAO,CAAC,WAAW,EAApC,CAAoC;QACpD,KAAK,EAAE,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAA/B,CAA+B;KAC9C,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,YAAY;IAChB,KAAK,EAAE,gBAAgB;IACvB,OAAO,SAAA;IACP,YAAY,EAAE,aAAa;IAC3B,cAAc,EAAE,IAAI;IACpB,WAAW,EAAE,IAAA,8BAAoB,EAAC,WAAW,CAAC;IAC9C,GAAG,EAAE,mEAAmE;IACxE,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -10,9 +10,13 @@ var __values = (this && this.__values) || function(o) {
|
|
|
10
10
|
};
|
|
11
11
|
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
|
|
12
12
|
};
|
|
13
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
14
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
15
|
+
};
|
|
13
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
14
17
|
var database_1 = require("../database");
|
|
15
18
|
var url_1 = require("url");
|
|
19
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
16
20
|
var Options = /** @class */ (function () {
|
|
17
21
|
function Options() {
|
|
18
22
|
this.warningLimit = 5;
|
|
@@ -76,6 +80,8 @@ exports.default = {
|
|
|
76
80
|
references: {
|
|
77
81
|
'CWE-1049': new url_1.URL('https://cwe.mitre.org/data/definitions/1049.html'),
|
|
78
82
|
},
|
|
83
|
+
description: (0, parseRuleDescription_1.default)('tooManyJoins'),
|
|
84
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#too-many-joins',
|
|
79
85
|
Options: Options,
|
|
80
86
|
build: build,
|
|
81
87
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tooManyJoins.js","sourceRoot":"","sources":["../../src/rules/tooManyJoins.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"tooManyJoins.js","sourceRoot":"","sources":["../../src/rules/tooManyJoins.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAGA,wCAA+D;AAC/D,2BAA0B;AAC1B,oFAA8D;AAM9D;IAAA;QACS,iBAAY,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,mEAAmE;AACnE,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,IAAM,SAAS,GAA8B,EAAE,CAAC;IAChD,SAAS,OAAO,CACd,OAAc,EACd,OAAe,EACf,WAAwB;;;YAExB,KAAuB,IAAA,KAAA,SAAA,IAAA,qBAAU,EAAC,OAAO,EAAE,WAAW,CAAC,CAAA,gBAAA,4BAAE;gBAApD,IAAM,QAAQ,WAAA;gBACjB,IAAI,UAAU,GAAG,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAEzC,IAAI,CAAC,UAAU,EAAE;oBACf,UAAU,GAAG;wBACX,KAAK,EAAE,CAAC;wBACR,KAAK,EAAE,IAAA,qBAAU,EAAC,QAAQ,CAAC,GAAG,CAAC;wBAC/B,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;qBACzB,CAAC;oBACF,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;iBACtC;qBAAM;oBACL,UAAU,CAAC,KAAK,IAAI,CAAC,CAAC;oBACtB,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;iBACxC;aACF;;;;;;;;;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,UAAC,YAAY,EAAE,GAAG;YACrD,IAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAElC,IAAI,UAAU,CAAC,KAAK,IAAI,OAAO,CAAC,YAAY,EAAE;gBAC5C,YAAY,CAAC,IAAI,CAAC;oBAChB,KAAK,EAAE,SAAS;oBAChB,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC3B,OAAO,EAAK,UAAU,CAAC,KAAK,cAAQ,UAAU,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,mBAAY,GAAG,OAAG;oBACrF,aAAa,EAAE,UAAU,CAAC,MAAM;iBACjC,CAAC,CAAC;aACJ;YACD,OAAO,YAAY,CAAC;QACtB,CAAC,EAAE,EAAmB,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,gBAAgB;IACpB,KAAK,EAAE,gBAAgB;IACvB,KAAK,EAAE,SAAS;IAChB,YAAY,EAAE,aAAa;IAC3B,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,cAAc,CAAC;IACjD,GAAG,EAAE,uEAAuE;IAC5E,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -37,9 +37,13 @@ var __values = (this && this.__values) || function(o) {
|
|
|
37
37
|
};
|
|
38
38
|
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
|
|
39
39
|
};
|
|
40
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
41
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
42
|
+
};
|
|
40
43
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
41
44
|
var models_1 = require("@appland/models");
|
|
42
45
|
var url_1 = require("url");
|
|
46
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
43
47
|
// TODO: Use the Query AST for this.
|
|
44
48
|
var QueryIncludes = [/\bINSERT\b/i, /\bUPDATE\b/i];
|
|
45
49
|
var UpdateMethods = ['put', 'post', 'patch'];
|
|
@@ -142,6 +146,8 @@ exports.default = {
|
|
|
142
146
|
references: {
|
|
143
147
|
'CWE-1048': new url_1.URL('https://cwe.mitre.org/data/definitions/1048.html'),
|
|
144
148
|
},
|
|
149
|
+
description: (0, parseRuleDescription_1.default)('tooManyUpdates'),
|
|
150
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#too-many-updates',
|
|
145
151
|
Options: Options,
|
|
146
152
|
build: build,
|
|
147
153
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tooManyUpdates.js","sourceRoot":"","sources":["../../src/rules/tooManyUpdates.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"tooManyUpdates.js","sourceRoot":"","sources":["../../src/rules/tooManyUpdates.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAAwD;AAExD,2BAA0B;AAE1B,oFAA8D;AAE9D,oCAAoC;AACpC,IAAM,aAAa,GAAa,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;AAC/D,IAAM,aAAa,GAAa,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AAEzD;IAAA;QACS,iBAAY,GAAG,EAAE,CAAC;IAC3B,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,QAAQ,GAAG,UAAC,KAAY;QAC5B,IAAM,WAAW,GAAG;YAClB,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE;gBACnB,OAAO,KAAK,CAAC;aACd;YACD,OAAO,aAAa,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,QAAS,CAAC,EAA7B,CAA6B,CAAC,CAAC;QACxE,CAAC,CAAC;QAEF,IAAM,WAAW,GAAG;YAClB,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE;gBAC5B,OAAO,KAAK,CAAC;aACd;YACD,OAAO,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,iBAAkB,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC,CAAC;QACvF,CAAC,CAAC;QAEF,OAAO,WAAW,EAAE,IAAI,WAAW,EAAE,CAAC;IACxC,CAAC,CAAC;IAEF,IAAM,YAAY,GAAG,UAAW,KAAY;;;;;;;oBAC1B,KAAA,SAAA,IAAI,uBAAc,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAA;;;;oBAA5C,CAAC;oBACV,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE;wBACtB,wBAAS;qBACV;oBACD,qBAAM,CAAC,CAAC,KAAK,EAAA;;oBAAb,SAAa,CAAC;;;;;;;;;;;;;;;;;;;KAEjB,CAAC;IAEF,SAAS,OAAO,CAAC,OAAc;;QAC7B,IAAM,MAAM,GAAY,EAAE,CAAC;;YAC3B,KAA0B,IAAA,KAAA,SAAA,YAAY,CAAC,OAAO,CAAC,CAAA,gBAAA,4BAAE;gBAA5C,IAAM,WAAW,WAAA;gBACpB,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;aAC1B;;;;;;;;;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE;YACxC,OAAO;gBACL;oBACE,KAAK,EAAE,OAAO;oBACd,OAAO,EAAE,sBAAoB,MAAM,CAAC,MAAM,yBAAsB;oBAChE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;oBAChB,aAAa,EAAE,MAAM;iBACtB;aACF,CAAC;SACH;IACH,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,kBAAkB;IACtB,KAAK,EAAE,uDAAuD;IAC9D,KAAK,EAAE,SAAS;IAChB,cAAc,EAAE,KAAK;IACrB,YAAY,EAAE,iBAAiB;IAC/B,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,gBAAgB,CAAC;IACnD,GAAG,EAAE,yEAAyE;IAC9E,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,8 +1,12 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
6
|
var models_1 = require("@appland/models");
|
|
4
7
|
var visit_1 = require("../database/visit");
|
|
5
8
|
var url_1 = require("url");
|
|
9
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
6
10
|
function isMaterialized(e) {
|
|
7
11
|
return e.ancestors().some(function (_a) {
|
|
8
12
|
var labels = _a.labels;
|
|
@@ -65,6 +69,8 @@ exports.default = {
|
|
|
65
69
|
references: {
|
|
66
70
|
'CWE-1049': new url_1.URL('https://cwe.mitre.org/data/definitions/1049.html'),
|
|
67
71
|
},
|
|
72
|
+
description: (0, parseRuleDescription_1.default)('unbatchedMaterializedQuery'),
|
|
73
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#unbatched-materialized-query',
|
|
68
74
|
build: build,
|
|
69
75
|
};
|
|
70
76
|
//# sourceMappingURL=unbatchedMaterializedQuery.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"unbatchedMaterializedQuery.js","sourceRoot":"","sources":["../../src/rules/unbatchedMaterializedQuery.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"unbatchedMaterializedQuery.js","sourceRoot":"","sources":["../../src/rules/unbatchedMaterializedQuery.ts"],"names":[],"mappings":";;;;;AAAA,0CAAuD;AAEvD,2CAA0C;AAC1C,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,cAAc,CAAC,CAAQ;IAC9B,OAAO,CAAC,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,UAAC,EAAU;YAAR,MAAM,YAAA;QAAO,OAAA,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC;IAA1B,CAA0B,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,YAAY,CAAC,CAAQ;IAC5B,IAAI;QACF,IAAM,GAAG,GAAG,IAAA,sBAAa,EAAC,CAAC,CAAC,QAAS,CAAC,CAAC;QACvC,IAAI,UAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,SAAO,GAAG,KAAK,CAAC;QACpB,IAAI,gBAAc,GAAG,KAAK,CAAC;QAC3B,IAAI,iBAAe,GAAG,KAAK,CAAC;QAE5B,IAAI,GAAG,EAAE;YACP,IAAM,oBAAkB,GAAG,CAAC,eAAe,CAAC,CAAC;YAE7C,IAAA,aAAK,EAAC,GAAG,EAAE;gBACT,kBAAkB,EAAE,UAAC,SAAc;oBACjC,UAAQ,GAAG,IAAI,CAAC;oBAEhB,IACE,SAAS,CAAC,MAAM;wBAChB,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC;wBAC/B,SAAS,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;wBAC7B,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU;wBACvC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,EACzC;wBACA,SAAO,GAAG,IAAI,CAAC;qBAChB;gBACH,CAAC;gBACD,kBAAkB,EAAE;oBAClB,gBAAc,GAAG,IAAI,CAAC;gBACxB,CAAC;gBACD,kBAAkB,EAAE,UAAC,UAAe;oBAClC,IAAI,oBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;wBAChD,iBAAe,GAAG,IAAI,CAAC;qBACxB;gBACH,CAAC;aACF,CAAC,CAAC;SACJ;QAED,IAAM,SAAS,GAAG,gBAAc,IAAI,SAAO,IAAI,iBAAe,CAAC;QAE/D,OAAO,UAAQ,IAAI,CAAC,SAAS,IAAI,cAAc,CAAC,CAAC,CAAC,CAAC;KACpD;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,IAAI,CAAC,+BAA4B,CAAC,CAAC,QAAS,OAAG,CAAC,CAAC;QACzD,OAAO,KAAK,CAAC;KACd;AACH,CAAC;AAED,SAAS,KAAK;IACZ,OAAO;QACL,OAAO,EAAE,UAAC,CAAC,IAAK,OAAA,YAAY,CAAC,CAAC,CAAC,EAAf,CAAe;QAC/B,KAAK,EAAE,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAZ,CAAY;KAC3B,CAAC;AACJ,CAAC;AAED,0CAA0C;AAC1C,IAAM,cAAc,GAAG,iBAAiB,CAAC;AAEzC,kBAAe;IACb,EAAE,EAAE,8BAA8B;IAClC,KAAK,EAAE,kCAAkC;IACzC,MAAM,EAAE,CAAC,cAAc,CAAC;IACxB,KAAK,EAAE,SAAS;IAChB,cAAc,EAAE,IAAI;IACpB,YAAY,EAAE,aAAa;IAC3B,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,4BAA4B,CAAC;IAC/D,GAAG,EAAE,qFAAqF;IAC1F,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
6
|
var util_1 = require("./lib/util");
|
|
7
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
4
8
|
var Options = /** @class */ (function () {
|
|
5
9
|
function Options(queryInclude, queryExclude) {
|
|
6
10
|
if (queryInclude === void 0) { queryInclude = [/\binsert\b/i, /\bupdate\b/i]; }
|
|
@@ -61,6 +65,8 @@ exports.default = {
|
|
|
61
65
|
scope: 'http_server_request',
|
|
62
66
|
labels: [Audit],
|
|
63
67
|
impactDomain: 'Maintainability',
|
|
68
|
+
description: (0, parseRuleDescription_1.default)('updateInGetRequest'),
|
|
69
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#update-in-get-request',
|
|
64
70
|
Options: Options,
|
|
65
71
|
build: build,
|
|
66
72
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"updateInGetRequest.js","sourceRoot":"","sources":["../../src/rules/updateInGetRequest.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"updateInGetRequest.js","sourceRoot":"","sources":["../../src/rules/updateInGetRequest.ts"],"names":[],"mappings":";;;;;AAEA,mCAA2C;AAC3C,oFAA8D;AAE9D;IAIE,iBACE,YAAuD,EACvD,YAA2B;QAD3B,6BAAA,EAAA,gBAA0B,aAAa,EAAE,aAAa,CAAC;QACvD,6BAAA,EAAA,iBAA2B;QAE3B,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;QAClC,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;IACpC,CAAC;IAED,sBAAI,iCAAY;aAAhB;YACE,OAAO,IAAI,CAAC,aAAa,CAAC;QAC5B,CAAC;aAED,UAAiB,KAA0B;YACzC,IAAI,CAAC,aAAa,GAAG,IAAA,oBAAa,EAAC,KAAK,CAAC,CAAC;QAC5C,CAAC;;;OAJA;IAMD,sBAAI,iCAAY;aAAhB;YACE,OAAO,IAAI,CAAC,aAAa,CAAC;QAC5B,CAAC;aAED,UAAiB,KAA0B;YACzC,IAAI,CAAC,aAAa,GAAG,IAAA,oBAAa,EAAC,KAAK,CAAC,CAAC;QAC5C,CAAC;;;OAJA;IAKH,cAAC;AAAD,CAAC,AA3BD,IA2BC;AAED,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,OAAO;QACL,OAAO,EAAE,UAAC,CAAC;YACT,IAAI,iBAAoC,CAAC;YACzC,SAAS,oBAAoB;gBAC3B,iBAAiB,GAAG,CAAC;qBAClB,SAAS,EAAE;qBACX,IAAI,CACH,UAAC,QAAQ;oBACP,OAAA,QAAQ,CAAC,iBAAiB;wBAC1B,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC;gBADjF,CACiF,CACpF,CAAC;gBACJ,OAAO,iBAAiB,KAAK,SAAS,CAAC;YACzC,CAAC;YAED,IACE,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,CAAC,CAAC,QAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAA1B,CAA0B,CAAC;gBAClE,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,CAAC,CAAC,QAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAA1B,CAA0B,CAAC;gBACnE,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,UAAC,QAAQ,IAAK,OAAA,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAArC,CAAqC,CAAC;gBACxE,oBAAoB,EAAE,EACtB;gBACA,OAAO,8BAA4B,iBAAkB,CAAC,KAAK,UAAK,CAAC,CAAC,QAAU,CAAC;aAC9E;QACH,CAAC;QACD,KAAK,EAAE,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAZ,CAAY;KAC3B,CAAC;AACJ,CAAC;AAED,IAAM,KAAK,GAAG,OAAO,CAAC;AAEtB,kBAAe;IACb,EAAE,EAAE,uBAAuB;IAC3B,KAAK,EAAE,8CAA8C;IACrD,KAAK,EAAE,qBAAqB;IAC5B,MAAM,EAAE,CAAC,KAAK,CAAC;IACf,YAAY,EAAE,iBAAiB;IAC/B,WAAW,EAAE,IAAA,8BAAoB,EAAC,oBAAoB,CAAC;IACvD,GAAG,EAAE,8EAA8E;IACnF,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
## Scanner architecture
|
|
2
|
+
|
|
3
|
+
See [@appland/models source code](https://github.com/applandinc/appmap-js/tree/main/packages/models) for the JS API to AppMap data.
|
|
4
|
+
|
|
5
|
+
## Assertions
|
|
6
|
+
|
|
7
|
+
An Assertion tests each configured AppMap event to see if it matches some condition. The test is applied by a `matcher` fnuction.
|
|
8
|
+
|
|
9
|
+
If there is a match, the assertion returns a Finding. A Finding contains the type of check, the event, and a descriptive message. Supporting (related) events may also be reported.
|
|
10
|
+
|
|
11
|
+
## Scopes
|
|
12
|
+
|
|
13
|
+
Each Assertion declares a Scope. The Scope is the set of events that will be checked by an instance of the Assertion object. An Assertion can use a narrower scope to help avoid giving false positives. For example, consider an Assertion that looks for "too many SQL queries". The Assertion only wants to count SQL queries within the Scope of a single command - not the entire AppMap.
|
|
14
|
+
|
|
15
|
+
|
|
16
|
+
Scope examples (roughly ordered from broadest to narrowest):
|
|
17
|
+
|
|
18
|
+
* `all` All events in the AppMap will be processed by the same Assertion instance.
|
|
19
|
+
* `root` A new Assertion instance is created for each root event.
|
|
20
|
+
* `command` A new Assertion instance is created for each HTTP server request, and for each event that is not a descendant of an HTTP server request AND has the label `command` or `job`.
|
|
21
|
+
* `http_server_request` A new Assertion instance is created for each HTTP server request.
|
|
22
|
+
* `transaction` A new Assertion instance is created for each database transaction in the AppMap.
|
|
23
|
+
|
|
24
|
+
## Event filters
|
|
25
|
+
|
|
26
|
+
Assertions use Event filters to choose which events are processed by the `matcher` function.
|
|
27
|
+
|
|
28
|
+
Event filters include the `where`, `include` and `exclude` conditions. Events must match the `where` and `include` conditions, and must not match the `exclude` condition. The `where` condition is built into the Assertion. The `include` and `exclude` conditions are blank, and exist to be customized by the user.
|
|
29
|
+
|
|
30
|
+
## Examples
|
|
31
|
+
|
|
32
|
+
### HTTP 500
|
|
33
|
+
|
|
34
|
+
`http-500` assertion is a simple example. It specifies the `http_server_request` scope - so that each HTTP server request is processed by a separate Assertion.
|
|
35
|
+
|
|
36
|
+
The `where` condition filter out events that don't have an `http_server_response` - for example, if the server process was hard-killed in the middle of processing.
|
|
37
|
+
|
|
38
|
+
The `matcher` function returns true if the HTTP status code is between 500 and 599.
|
|
39
|
+
|
|
40
|
+
### Insecure compare
|
|
41
|
+
|
|
42
|
+
`insecure-compare` operates on the `all` scope - it looks for insecure compare across the entire AppMap.
|
|
43
|
+
|
|
44
|
+
The `where` clause selects events that are labeled `string.equals` or `secret`. The `secret` label is used to build a Set of all the secrets that are generated/returned by function events in the AppMap. When a `string.equals` function is encountered, the assertion returns true if:
|
|
45
|
+
|
|
46
|
+
1. The function has a receiver value and one parameter.
|
|
47
|
+
2. Both the receiver value and the parameter value are not BCrypted-strings.
|
|
48
|
+
3. Both the receiver value and the parameter value are either (a) a known secret or (b) match a secret regexp
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: dao.materialize
|
|
3
|
+
rules:
|
|
4
|
+
- unbatched-materialized-query
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
Loads data access objects from the database into memory.
|
|
8
|
+
|
|
9
|
+
## Examples
|
|
10
|
+
|
|
11
|
+
- Ruby
|
|
12
|
+
[ActiveRecord::Relation#records](https://github.com/rails/rails/blob/fa779b380e61381a393afbc7bbc0a9ce07e0ce74/activerecord/lib/active_record/relation.rb#L254)
|