@appland/scanner 1.40.3 → 1.44.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +63 -39
- package/built/appMapIndex.js +40 -0
- package/built/appMapIndex.js.map +1 -0
- package/built/check.js +3 -3
- package/built/check.js.map +1 -1
- package/built/checkInstance.js +4 -4
- package/built/checkInstance.js.map +1 -1
- package/built/cli/ci/command.js +21 -26
- package/built/cli/ci/command.js.map +1 -1
- package/built/cli/fail.js +13 -0
- package/built/cli/fail.js.map +1 -0
- package/built/cli/merge/command.js +101 -0
- package/built/cli/merge/command.js.map +1 -0
- package/built/cli/merge/options.js +3 -0
- package/built/cli/merge/options.js.map +1 -0
- package/built/cli/reportUploadURL.js +11 -0
- package/built/cli/reportUploadURL.js.map +1 -0
- package/built/cli/scan/command.js +5 -1
- package/built/cli/scan/command.js.map +1 -1
- package/built/cli/scan/scanner.js +2 -2
- package/built/cli/scan/scanner.js.map +1 -1
- package/built/cli/scan.js +4 -2
- package/built/cli/scan.js.map +1 -1
- package/built/cli/updateCommitStatus.js +65 -0
- package/built/cli/updateCommitStatus.js.map +1 -0
- package/built/cli/upload/command.js +10 -5
- package/built/cli/upload/command.js.map +1 -1
- package/built/cli.js +2 -0
- package/built/cli.js.map +1 -1
- package/built/database/index.js +136 -161
- package/built/database/index.js.map +1 -1
- package/built/integration/appland/{fetchStatus.js → app/listFindingStatus.js} +1 -1
- package/built/integration/appland/app/listFindingStatus.js.map +1 -0
- package/built/integration/appland/{appMap.js → appMap/create.js} +43 -48
- package/built/integration/appland/appMap/create.js.map +1 -0
- package/built/integration/appland/location.js +3 -0
- package/built/integration/appland/location.js.map +1 -0
- package/built/integration/appland/{mapset.js → mapset/create.js} +41 -46
- package/built/integration/appland/mapset/create.js.map +1 -0
- package/built/integration/appland/{upload.js → scannerJob/create.js} +27 -19
- package/built/integration/appland/scannerJob/create.js.map +1 -0
- package/built/integration/appland/scannerJob/merge.js +92 -0
- package/built/integration/appland/scannerJob/merge.js.map +1 -0
- package/built/integration/appland/scannerJob.js +3 -0
- package/built/integration/appland/scannerJob.js.map +1 -0
- package/built/report/summaryReport.js +1 -1
- package/built/report/summaryReport.js.map +1 -1
- package/built/ruleChecker.js +12 -11
- package/built/ruleChecker.js.map +1 -1
- package/built/rules/authzBeforeAuthn.js +6 -0
- package/built/rules/authzBeforeAuthn.js.map +1 -1
- package/built/rules/circularDependency.js +4 -0
- package/built/rules/circularDependency.js.map +1 -1
- package/built/rules/deserializationOfUntrustedData.js +8 -0
- package/built/rules/deserializationOfUntrustedData.js.map +1 -1
- package/built/rules/http500.js +7 -0
- package/built/rules/http500.js.map +1 -1
- package/built/rules/illegalPackageDependency.js +7 -0
- package/built/rules/illegalPackageDependency.js.map +1 -1
- package/built/rules/incompatibleHttpClientRequest.js +7 -0
- package/built/rules/incompatibleHttpClientRequest.js.map +1 -1
- package/built/rules/insecureCompare.js +4 -0
- package/built/rules/insecureCompare.js.map +1 -1
- package/built/rules/jobNotCancelled.js +3 -0
- package/built/rules/jobNotCancelled.js.map +1 -1
- package/built/rules/lib/matchEvent.js +3 -4
- package/built/rules/lib/matchEvent.js.map +1 -1
- package/built/rules/lib/parseRuleDescription.js +18 -0
- package/built/rules/lib/parseRuleDescription.js.map +1 -0
- package/built/rules/logoutWithoutSessionReset.js +8 -0
- package/built/rules/logoutWithoutSessionReset.js.map +1 -1
- package/built/rules/missingAuthentication.js +6 -0
- package/built/rules/missingAuthentication.js.map +1 -1
- package/built/rules/missingContentType.js +6 -0
- package/built/rules/missingContentType.js.map +1 -1
- package/built/rules/nPlusOneQuery.js +8 -2
- package/built/rules/nPlusOneQuery.js.map +1 -1
- package/built/rules/queryFromInvalidPackage.js +6 -0
- package/built/rules/queryFromInvalidPackage.js.map +1 -1
- package/built/rules/queryFromView.js +6 -0
- package/built/rules/queryFromView.js.map +1 -1
- package/built/rules/rpcWithoutCircuitBreaker.js +6 -0
- package/built/rules/rpcWithoutCircuitBreaker.js.map +1 -1
- package/built/rules/saveWithoutValidation.js +6 -0
- package/built/rules/saveWithoutValidation.js.map +1 -1
- package/built/rules/secretInLog.js +3 -0
- package/built/rules/secretInLog.js.map +1 -1
- package/built/rules/slowFunctionCall.js +6 -0
- package/built/rules/slowFunctionCall.js.map +1 -1
- package/built/rules/slowHttpServerRequest.js +6 -0
- package/built/rules/slowHttpServerRequest.js.map +1 -1
- package/built/rules/slowQuery.js +6 -0
- package/built/rules/slowQuery.js.map +1 -1
- package/built/rules/tooManyJoins.js +9 -3
- package/built/rules/tooManyJoins.js.map +1 -1
- package/built/rules/tooManyUpdates.js +6 -0
- package/built/rules/tooManyUpdates.js.map +1 -1
- package/built/rules/unbatchedMaterializedQuery.js +9 -4
- package/built/rules/unbatchedMaterializedQuery.js.map +1 -1
- package/built/rules/updateInGetRequest.js +6 -0
- package/built/rules/updateInGetRequest.js.map +1 -1
- package/built/scope/sqlTransactionScope.js +3 -2
- package/built/scope/sqlTransactionScope.js.map +1 -1
- package/built/sqlWarning.js +56 -0
- package/built/sqlWarning.js.map +1 -0
- package/doc/architecture.md +48 -0
- package/doc/labels/audit.md +7 -0
- package/doc/labels/dao.materialize.md +12 -0
- package/doc/labels/deserialize.safe.md +9 -0
- package/doc/labels/deserialize.unsafe.md +12 -0
- package/doc/labels/http.session.clear.md +7 -0
- package/doc/labels/job.cancel.md +11 -0
- package/doc/labels/job.create.md +13 -0
- package/doc/labels/log.md +12 -0
- package/doc/labels/public.md +8 -0
- package/doc/labels/rpc.circuit_breaker.md +16 -0
- package/doc/labels/sanitize.md +29 -0
- package/doc/labels/secret.md +11 -0
- package/doc/labels/security.authentication.md +10 -0
- package/doc/labels/security.authorization.md +9 -0
- package/doc/labels/security.logout.md +9 -0
- package/doc/labels/string.equals.md +18 -0
- package/doc/rules/authzBeforeAuthn.md +47 -0
- package/doc/rules/circularDependency.md +57 -0
- package/doc/rules/deserializationOfUntrustedData.md +55 -0
- package/doc/rules/http500.md +36 -0
- package/doc/rules/illegalPackageDependency.md +50 -0
- package/doc/rules/incompatibleHttpClientRequest.md +35 -0
- package/doc/rules/insecureCompare.md +59 -0
- package/doc/rules/jobNotCancelled.md +49 -0
- package/doc/rules/logoutWithoutSessionReset.md +40 -0
- package/doc/rules/missingAuthentication.md +59 -0
- package/doc/rules/missingContentType.md +33 -0
- package/doc/rules/nPlusOneQuery.md +52 -0
- package/doc/rules/queryFromInvalidPackage.md +45 -0
- package/doc/rules/queryFromView.md +42 -0
- package/doc/rules/rpcWithoutCircuitBreaker.md +44 -0
- package/doc/rules/saveWithoutValidation.md +33 -0
- package/doc/rules/secretInLog.md +49 -0
- package/doc/rules/slowFunctionCall.md +39 -0
- package/doc/rules/slowHttpServerRequest.md +34 -0
- package/doc/rules/slowQuery.md +33 -0
- package/doc/rules/tooManyJoins.md +40 -0
- package/doc/rules/tooManyUpdates.md +46 -0
- package/doc/rules/unbatchedMaterializedQuery.md +54 -0
- package/doc/rules/updateInGetRequest.md +44 -0
- package/package.json +10 -6
- package/built/integration/appland/appMap.js.map +0 -1
- package/built/integration/appland/fetchStatus.js.map +0 -1
- package/built/integration/appland/mapset.js.map +0 -1
- package/built/integration/appland/upload.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"saveWithoutValidation.js","sourceRoot":"","sources":["../../src/rules/saveWithoutValidation.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"saveWithoutValidation.js","sourceRoot":"","sources":["../../src/rules/saveWithoutValidation.ts"],"names":[],"mappings":";;;;;AAAA,0CAAwD;AACxD,2BAA0B;AAE1B,oFAA8D;AAE9D,IAAM,WAAW,GAAG,UAAC,QAAkC;IACrD,IAAI,CAAC,GAAmC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACxD,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE;QACd,IACE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,KAAK,SAAS;YACpC,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,QAAS,CAAC,CAAC,kCAAkC;UAC3F;YACA,OAAO,IAAI,CAAC;SACb;QACD,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;KACrB;IAED,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,SAAS,KAAK;IACZ,OAAO;QACL,OAAO,EAAE,UAAC,KAAY,IAAK,OAAA,CAAC,WAAW,CAAC,IAAI,uBAAc,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,EAArD,CAAqD;QAChF,KAAK,EAAE,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,UAAU,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAS,CAAC,EAAvD,CAAuD;KAC7E,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,yBAAyB;IAC7B,KAAK,EAAE,yBAAyB;IAChC,cAAc,EAAE,IAAI;IACpB,YAAY,EAAE,WAAW;IACzB,UAAU,EAAE;QACV,QAAQ,EAAE,IAAI,SAAG,CAAC,gDAAgD,CAAC;KACpE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,uBAAuB,CAAC;IAC1D,GAAG,EAAE,gFAAgF;IACrF,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -62,6 +62,7 @@ var secretsRegexes_1 = __importStar(require("../analyzer/secretsRegexes"));
|
|
|
62
62
|
var util_1 = require("./lib/util");
|
|
63
63
|
var recordSecrets_1 = __importDefault(require("../analyzer/recordSecrets"));
|
|
64
64
|
var url_1 = require("url");
|
|
65
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
65
66
|
var Match = /** @class */ (function () {
|
|
66
67
|
function Match(regexp, value) {
|
|
67
68
|
this.regexp = regexp;
|
|
@@ -146,6 +147,8 @@ exports.default = {
|
|
|
146
147
|
references: {
|
|
147
148
|
'CWE-532': new url_1.URL('https://cwe.mitre.org/data/definitions/532.html'),
|
|
148
149
|
},
|
|
150
|
+
description: (0, parseRuleDescription_1.default)('secretInLog'),
|
|
151
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#secret-in-log',
|
|
149
152
|
build: build,
|
|
150
153
|
};
|
|
151
154
|
//# sourceMappingURL=secretInLog.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secretInLog.js","sourceRoot":"","sources":["../../src/rules/secretInLog.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2EAAyE;AACzE,mCAAwC;AACxC,4EAAsD;AACtD,2BAA0B;
|
|
1
|
+
{"version":3,"file":"secretInLog.js","sourceRoot":"","sources":["../../src/rules/secretInLog.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2EAAyE;AACzE,mCAAwC;AACxC,4EAAsD;AACtD,2BAA0B;AAC1B,oFAA8D;AAE9D;IACE,eAAmB,MAAuB,EAAS,KAAa;QAA7C,WAAM,GAAN,MAAM,CAAiB;QAAS,UAAK,GAAL,KAAK,CAAQ;IAAG,CAAC;IACtE,YAAC;AAAD,CAAC,AAFD,IAEC;AAED,IAAM,OAAO,GAAgB,IAAI,GAAG,EAAE,CAAC;AAEvC,IAAM,SAAS,GAAG,UAAC,UAAsC;;IACvD,IAAM,OAAO,GAAY,EAAE,CAAC;4BAEf,KAAK;;QAChB,IAAI,IAAA,iBAAU,EAAC,KAAK,CAAC;8BAAW;QAEhC,IAAM,QAAQ,GAAwB,EAAE,CAAC;QAEzC,IAAI,IAAA,4BAAW,EAAC,KAAK,CAAC,EAAE;YACtB,4EAA4E;YAC5E,QAAQ,CAAC,IAAI,OAAb,QAAQ,2BACH,MAAM,CAAC,MAAM,CAAC,wBAAc,CAAC;iBAC7B,IAAI,EAAE;iBACN,MAAM,CAAC,UAAC,EAAE,IAAK,OAAA,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAd,CAAc,CAAC,WACjC;SACH;;YAED,KAAqB,IAAA,2BAAA,SAAA,OAAO,CAAA,CAAA,gCAAA,qDAAE;gBAAzB,IAAM,MAAM,oBAAA;gBACf,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAAE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;aACnD;;;;;;;;;QAED,OAAO,CAAC,IAAI,OAAZ,OAAO,2BAAS,QAAQ,CAAC,GAAG,CAAC,UAAC,OAAO,IAAK,OAAA,IAAI,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,EAAzB,CAAyB,CAAC,WAAE;;;QAlBxE,KAAwB,IAAA,eAAA,SAAA,UAAU,CAAA,sCAAA;YAArB,IAAA,KAAK,6BAAA;oBAAL,KAAK;SAmBjB;;;;;;;;;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE;QACtB,OAAO,OAAO,CAAC,GAAG,CAAC,UAAC,KAAK,IAAK,OAAA,CAAC;YAC7B,KAAK,EAAE,OAAO;YACd,OAAO,EAAK,KAAK,CAAC,KAAK,yBAAoB,KAAK,CAAC,MAAQ;SAC1D,CAAC,EAH4B,CAG5B,CAAC,CAAC;KACL;AACH,CAAC,CAAC;AAEF,SAAS,KAAK;IACZ,OAAO;QACL,OAAO,EAAE,UAAC,CAAC;YACT,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;gBACnC,IAAA,uBAAa,EAAC,OAAO,EAAE,CAAC,CAAC,CAAC;aAC3B;YACD,IAAI,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;gBAChD,OAAO,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;aAChC;QACH,CAAC;QACD,KAAK,EAAE,UAAC,CAAC;YACP,OAAO,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACzE,CAAC;KACF,CAAC;AACJ,CAAC;AAED,IAAM,MAAM,GAAG,QAAQ,CAAC;AACxB,IAAM,GAAG,GAAG,KAAK,CAAC;AAElB,kBAAe;IACb,EAAE,EAAE,eAAe;IACnB,KAAK,EAAE,eAAe;IACtB,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC;IACrB,YAAY,EAAE,UAAU;IACxB,cAAc,EAAE,IAAI;IACpB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;KACtE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,aAAa,CAAC;IAChD,GAAG,EAAE,sEAAsE;IAC3E,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
6
|
var matchPattern_1 = require("./lib/matchPattern");
|
|
7
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
4
8
|
var Options = /** @class */ (function () {
|
|
5
9
|
function Options() {
|
|
6
10
|
this.functions = [];
|
|
@@ -32,6 +36,8 @@ exports.default = {
|
|
|
32
36
|
scope: 'root',
|
|
33
37
|
impactDomain: 'Performance',
|
|
34
38
|
enumerateScope: true,
|
|
39
|
+
description: (0, parseRuleDescription_1.default)('slowFunctionCall'),
|
|
40
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#slow-function-call',
|
|
35
41
|
Options: Options,
|
|
36
42
|
build: build,
|
|
37
43
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"slowFunctionCall.js","sourceRoot":"","sources":["../../src/rules/slowFunctionCall.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"slowFunctionCall.js","sourceRoot":"","sources":["../../src/rules/slowFunctionCall.ts"],"names":[],"mappings":";;;;;AAGA,mDAAkD;AAClD,oFAA8D;AAE9D;IAAA;QACS,cAAS,GAAyB,EAAE,CAAC;QACrC,gBAAW,GAAG,GAAG,CAAC;IAC3B,CAAC;IAAD,cAAC;AAAD,CAAC,AAHD,IAGC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,gBAAgB,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IAE/D,OAAO;QACL,OAAO,EAAE,UAAC,CAAC;YACT,IAAI,CAAC,CAAC,WAAW,CAAC,WAAY,GAAG,OAAO,CAAC,WAAW,EAAE;gBACpD,OAAO,UAAQ,CAAC,CAAC,UAAU,CAAC,EAAE,eAAU,CAAC,CAAC,WAAW,CAAC,WAAW,QAAK,CAAC;aACxE;QACH,CAAC;QACD,KAAK,EAAE,UAAC,CAAC;YACP,OAAA,CAAC,CAAC,UAAU;gBACZ,CAAC,CAAC,CAAC,CAAC,WAAW;gBACf,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,WAAW;gBAC3B,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE;gBACjB,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC;oBAC5B,gBAAgB,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC,EAAxB,CAAwB,CAAC,CAAC;QAL/D,CAK+D;KAClE,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,oBAAoB;IACxB,KAAK,EAAE,oBAAoB;IAC3B,KAAK,EAAE,MAAM;IACb,YAAY,EAAE,aAAa;IAC3B,cAAc,EAAE,IAAI;IACpB,WAAW,EAAE,IAAA,8BAAoB,EAAC,kBAAkB,CAAC;IACrD,GAAG,EAAE,2EAA2E;IAChF,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
3
7
|
var Options = /** @class */ (function () {
|
|
4
8
|
function Options() {
|
|
5
9
|
this.timeAllowed = 1;
|
|
@@ -19,6 +23,8 @@ exports.default = {
|
|
|
19
23
|
scope: 'http_server_request',
|
|
20
24
|
enumerateScope: false,
|
|
21
25
|
impactDomain: 'Performance',
|
|
26
|
+
description: (0, parseRuleDescription_1.default)('slowHttpServerRequest'),
|
|
27
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#slow-http-server-request',
|
|
22
28
|
Options: Options,
|
|
23
29
|
build: build,
|
|
24
30
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"slowHttpServerRequest.js","sourceRoot":"","sources":["../../src/rules/slowHttpServerRequest.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"slowHttpServerRequest.js","sourceRoot":"","sources":["../../src/rules/slowHttpServerRequest.ts"],"names":[],"mappings":";;;;;AAEA,oFAA8D;AAE9D;IAAA;QACS,gBAAW,GAAG,CAAC,CAAC;IACzB,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,OAAO;QACL,OAAO,EAAE,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,WAAY,GAAG,OAAO,CAAC,WAAW,EAApC,CAAoC;QACpD,OAAO,EAAE,cAAM,OAAA,iCAA+B,OAAO,CAAC,WAAW,GAAG,IAAI,QAAK,EAA9D,CAA8D;QAC7E,KAAK,EAAE,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,iBAAiB,IAAI,CAAC,CAAC,WAAW,KAAK,SAAS,EAApD,CAAoD;KACnE,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,0BAA0B;IAC9B,KAAK,EAAE,0BAA0B;IACjC,KAAK,EAAE,qBAAqB;IAC5B,cAAc,EAAE,KAAK;IACrB,YAAY,EAAE,aAAa;IAC3B,WAAW,EAAE,IAAA,8BAAoB,EAAC,uBAAuB,CAAC;IAC1D,GAAG,EAAE,iFAAiF;IACtF,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
package/built/rules/slowQuery.js
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
3
7
|
var Options = /** @class */ (function () {
|
|
4
8
|
function Options() {
|
|
5
9
|
this.timeAllowed = 1;
|
|
@@ -19,6 +23,8 @@ exports.default = {
|
|
|
19
23
|
Options: Options,
|
|
20
24
|
impactDomain: 'Performance',
|
|
21
25
|
enumerateScope: true,
|
|
26
|
+
description: (0, parseRuleDescription_1.default)('slowQuery'),
|
|
27
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#slow-query',
|
|
22
28
|
build: build,
|
|
23
29
|
};
|
|
24
30
|
//# sourceMappingURL=slowQuery.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"slowQuery.js","sourceRoot":"","sources":["../../src/rules/slowQuery.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"slowQuery.js","sourceRoot":"","sources":["../../src/rules/slowQuery.ts"],"names":[],"mappings":";;;;;AAEA,oFAA8D;AAE9D;IAAA;QACS,gBAAW,GAAG,CAAC,CAAC;IACzB,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,OAAO;QACL,OAAO,EAAE,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,WAAY,GAAG,OAAO,CAAC,WAAW,EAApC,CAAoC;QACpD,KAAK,EAAE,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAA/B,CAA+B;KAC9C,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,YAAY;IAChB,KAAK,EAAE,gBAAgB;IACvB,OAAO,SAAA;IACP,YAAY,EAAE,aAAa;IAC3B,cAAc,EAAE,IAAI;IACpB,WAAW,EAAE,IAAA,8BAAoB,EAAC,WAAW,CAAC;IAC9C,GAAG,EAAE,mEAAmE;IACxE,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -10,9 +10,13 @@ var __values = (this && this.__values) || function(o) {
|
|
|
10
10
|
};
|
|
11
11
|
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
|
|
12
12
|
};
|
|
13
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
14
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
15
|
+
};
|
|
13
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
14
17
|
var database_1 = require("../database");
|
|
15
18
|
var url_1 = require("url");
|
|
19
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
16
20
|
var Options = /** @class */ (function () {
|
|
17
21
|
function Options() {
|
|
18
22
|
this.warningLimit = 5;
|
|
@@ -23,16 +27,16 @@ var Options = /** @class */ (function () {
|
|
|
23
27
|
function build(options) {
|
|
24
28
|
if (options === void 0) { options = new Options(); }
|
|
25
29
|
var joinCount = {};
|
|
26
|
-
function matcher(command,
|
|
30
|
+
function matcher(command, appMapIndex, eventFilter) {
|
|
27
31
|
var e_1, _a;
|
|
28
32
|
try {
|
|
29
|
-
for (var _b = __values((0, database_1.sqlStrings)(command, eventFilter)), _c = _b.next(); !_c.done; _c = _b.next()) {
|
|
33
|
+
for (var _b = __values((0, database_1.sqlStrings)(command, appMapIndex, eventFilter)), _c = _b.next(); !_c.done; _c = _b.next()) {
|
|
30
34
|
var sqlEvent = _c.value;
|
|
31
35
|
var occurrence = joinCount[sqlEvent.sql];
|
|
32
36
|
if (!occurrence) {
|
|
33
37
|
occurrence = {
|
|
34
38
|
count: 1,
|
|
35
|
-
joins: (0, database_1.countJoins)(sqlEvent.
|
|
39
|
+
joins: (0, database_1.countJoins)(appMapIndex.sqlAST(sqlEvent.event)),
|
|
36
40
|
events: [sqlEvent.event],
|
|
37
41
|
};
|
|
38
42
|
joinCount[sqlEvent.sql] = occurrence;
|
|
@@ -76,6 +80,8 @@ exports.default = {
|
|
|
76
80
|
references: {
|
|
77
81
|
'CWE-1049': new url_1.URL('https://cwe.mitre.org/data/definitions/1049.html'),
|
|
78
82
|
},
|
|
83
|
+
description: (0, parseRuleDescription_1.default)('tooManyJoins'),
|
|
84
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#too-many-joins',
|
|
79
85
|
Options: Options,
|
|
80
86
|
build: build,
|
|
81
87
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tooManyJoins.js","sourceRoot":"","sources":["../../src/rules/tooManyJoins.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"tooManyJoins.js","sourceRoot":"","sources":["../../src/rules/tooManyJoins.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAGA,wCAA+D;AAC/D,2BAA0B;AAC1B,oFAA8D;AAM9D;IAAA;QACS,iBAAY,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,mEAAmE;AACnE,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,IAAM,SAAS,GAA8B,EAAE,CAAC;IAChD,SAAS,OAAO,CACd,OAAc,EACd,WAAwB,EACxB,WAAwB;;;YAExB,KAAuB,IAAA,KAAA,SAAA,IAAA,qBAAU,EAAC,OAAO,EAAE,WAAW,EAAE,WAAW,CAAC,CAAA,gBAAA,4BAAE;gBAAjE,IAAM,QAAQ,WAAA;gBACjB,IAAI,UAAU,GAAG,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAEzC,IAAI,CAAC,UAAU,EAAE;oBACf,UAAU,GAAG;wBACX,KAAK,EAAE,CAAC;wBACR,KAAK,EAAE,IAAA,qBAAU,EAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;wBACrD,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;qBACzB,CAAC;oBACF,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;iBACtC;qBAAM;oBACL,UAAU,CAAC,KAAK,IAAI,CAAC,CAAC;oBACtB,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;iBACxC;aACF;;;;;;;;;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,UAAC,YAAY,EAAE,GAAG;YACrD,IAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAElC,IAAI,UAAU,CAAC,KAAK,IAAI,OAAO,CAAC,YAAY,EAAE;gBAC5C,YAAY,CAAC,IAAI,CAAC;oBAChB,KAAK,EAAE,SAAS;oBAChB,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC3B,OAAO,EAAK,UAAU,CAAC,KAAK,cAAQ,UAAU,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,mBAAY,GAAG,OAAG;oBACrF,aAAa,EAAE,UAAU,CAAC,MAAM;iBACjC,CAAC,CAAC;aACJ;YACD,OAAO,YAAY,CAAC;QACtB,CAAC,EAAE,EAAmB,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,gBAAgB;IACpB,KAAK,EAAE,gBAAgB;IACvB,KAAK,EAAE,SAAS;IAChB,YAAY,EAAE,aAAa;IAC3B,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,cAAc,CAAC;IACjD,GAAG,EAAE,uEAAuE;IAC5E,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -37,9 +37,13 @@ var __values = (this && this.__values) || function(o) {
|
|
|
37
37
|
};
|
|
38
38
|
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
|
|
39
39
|
};
|
|
40
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
41
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
42
|
+
};
|
|
40
43
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
41
44
|
var models_1 = require("@appland/models");
|
|
42
45
|
var url_1 = require("url");
|
|
46
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
43
47
|
// TODO: Use the Query AST for this.
|
|
44
48
|
var QueryIncludes = [/\bINSERT\b/i, /\bUPDATE\b/i];
|
|
45
49
|
var UpdateMethods = ['put', 'post', 'patch'];
|
|
@@ -142,6 +146,8 @@ exports.default = {
|
|
|
142
146
|
references: {
|
|
143
147
|
'CWE-1048': new url_1.URL('https://cwe.mitre.org/data/definitions/1048.html'),
|
|
144
148
|
},
|
|
149
|
+
description: (0, parseRuleDescription_1.default)('tooManyUpdates'),
|
|
150
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#too-many-updates',
|
|
145
151
|
Options: Options,
|
|
146
152
|
build: build,
|
|
147
153
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tooManyUpdates.js","sourceRoot":"","sources":["../../src/rules/tooManyUpdates.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"tooManyUpdates.js","sourceRoot":"","sources":["../../src/rules/tooManyUpdates.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAAwD;AAExD,2BAA0B;AAE1B,oFAA8D;AAE9D,oCAAoC;AACpC,IAAM,aAAa,GAAa,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;AAC/D,IAAM,aAAa,GAAa,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AAEzD;IAAA;QACS,iBAAY,GAAG,EAAE,CAAC;IAC3B,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,QAAQ,GAAG,UAAC,KAAY;QAC5B,IAAM,WAAW,GAAG;YAClB,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE;gBACnB,OAAO,KAAK,CAAC;aACd;YACD,OAAO,aAAa,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,QAAS,CAAC,EAA7B,CAA6B,CAAC,CAAC;QACxE,CAAC,CAAC;QAEF,IAAM,WAAW,GAAG;YAClB,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE;gBAC5B,OAAO,KAAK,CAAC;aACd;YACD,OAAO,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,iBAAkB,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC,CAAC;QACvF,CAAC,CAAC;QAEF,OAAO,WAAW,EAAE,IAAI,WAAW,EAAE,CAAC;IACxC,CAAC,CAAC;IAEF,IAAM,YAAY,GAAG,UAAW,KAAY;;;;;;;oBAC1B,KAAA,SAAA,IAAI,uBAAc,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAA;;;;oBAA5C,CAAC;oBACV,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE;wBACtB,wBAAS;qBACV;oBACD,qBAAM,CAAC,CAAC,KAAK,EAAA;;oBAAb,SAAa,CAAC;;;;;;;;;;;;;;;;;;;KAEjB,CAAC;IAEF,SAAS,OAAO,CAAC,OAAc;;QAC7B,IAAM,MAAM,GAAY,EAAE,CAAC;;YAC3B,KAA0B,IAAA,KAAA,SAAA,YAAY,CAAC,OAAO,CAAC,CAAA,gBAAA,4BAAE;gBAA5C,IAAM,WAAW,WAAA;gBACpB,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;aAC1B;;;;;;;;;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE;YACxC,OAAO;gBACL;oBACE,KAAK,EAAE,OAAO;oBACd,OAAO,EAAE,sBAAoB,MAAM,CAAC,MAAM,yBAAsB;oBAChE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;oBAChB,aAAa,EAAE,MAAM;iBACtB;aACF,CAAC;SACH;IACH,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,kBAAkB;IACtB,KAAK,EAAE,uDAAuD;IAC9D,KAAK,EAAE,SAAS;IAChB,cAAc,EAAE,KAAK;IACrB,YAAY,EAAE,iBAAiB;IAC/B,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,gBAAgB,CAAC;IACnD,GAAG,EAAE,yEAAyE;IAC9E,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,17 +1,20 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
var models_1 = require("@appland/models");
|
|
4
6
|
var visit_1 = require("../database/visit");
|
|
5
7
|
var url_1 = require("url");
|
|
8
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
6
9
|
function isMaterialized(e) {
|
|
7
10
|
return e.ancestors().some(function (_a) {
|
|
8
11
|
var labels = _a.labels;
|
|
9
12
|
return labels.has(DAOMaterialize);
|
|
10
13
|
});
|
|
11
14
|
}
|
|
12
|
-
function isApplicable(e) {
|
|
15
|
+
function isApplicable(e, appMapIndex) {
|
|
13
16
|
try {
|
|
14
|
-
var ast =
|
|
17
|
+
var ast = appMapIndex.sqlAST(e);
|
|
15
18
|
var isSelect_1 = false;
|
|
16
19
|
var isCount_1 = false;
|
|
17
20
|
var hasLimitClause_1 = false;
|
|
@@ -49,7 +52,7 @@ function isApplicable(e) {
|
|
|
49
52
|
}
|
|
50
53
|
function build() {
|
|
51
54
|
return {
|
|
52
|
-
matcher: function (e) { return isApplicable(e); },
|
|
55
|
+
matcher: function (e, appMapIndex) { return isApplicable(e, appMapIndex); },
|
|
53
56
|
where: function (e) { return !!e.sqlQuery; },
|
|
54
57
|
};
|
|
55
58
|
}
|
|
@@ -65,6 +68,8 @@ exports.default = {
|
|
|
65
68
|
references: {
|
|
66
69
|
'CWE-1049': new url_1.URL('https://cwe.mitre.org/data/definitions/1049.html'),
|
|
67
70
|
},
|
|
71
|
+
description: (0, parseRuleDescription_1.default)('unbatchedMaterializedQuery'),
|
|
72
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#unbatched-materialized-query',
|
|
68
73
|
build: build,
|
|
69
74
|
};
|
|
70
75
|
//# sourceMappingURL=unbatchedMaterializedQuery.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"unbatchedMaterializedQuery.js","sourceRoot":"","sources":["../../src/rules/unbatchedMaterializedQuery.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"unbatchedMaterializedQuery.js","sourceRoot":"","sources":["../../src/rules/unbatchedMaterializedQuery.ts"],"names":[],"mappings":";;;;;AAEA,2CAA0C;AAC1C,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,cAAc,CAAC,CAAQ;IAC9B,OAAO,CAAC,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,UAAC,EAAU;YAAR,MAAM,YAAA;QAAO,OAAA,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC;IAA1B,CAA0B,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,YAAY,CAAC,CAAQ,EAAE,WAAwB;IACtD,IAAI;QACF,IAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAClC,IAAI,UAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,SAAO,GAAG,KAAK,CAAC;QACpB,IAAI,gBAAc,GAAG,KAAK,CAAC;QAC3B,IAAI,iBAAe,GAAG,KAAK,CAAC;QAE5B,IAAI,GAAG,EAAE;YACP,IAAM,oBAAkB,GAAG,CAAC,eAAe,CAAC,CAAC;YAE7C,IAAA,aAAK,EAAC,GAAG,EAAE;gBACT,kBAAkB,EAAE,UAAC,SAAc;oBACjC,UAAQ,GAAG,IAAI,CAAC;oBAEhB,IACE,SAAS,CAAC,MAAM;wBAChB,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC;wBAC/B,SAAS,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;wBAC7B,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU;wBACvC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,EACzC;wBACA,SAAO,GAAG,IAAI,CAAC;qBAChB;gBACH,CAAC;gBACD,kBAAkB,EAAE;oBAClB,gBAAc,GAAG,IAAI,CAAC;gBACxB,CAAC;gBACD,kBAAkB,EAAE,UAAC,UAAe;oBAClC,IAAI,oBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;wBAChD,iBAAe,GAAG,IAAI,CAAC;qBACxB;gBACH,CAAC;aACF,CAAC,CAAC;SACJ;QAED,IAAM,SAAS,GAAG,gBAAc,IAAI,SAAO,IAAI,iBAAe,CAAC;QAE/D,OAAO,UAAQ,IAAI,CAAC,SAAS,IAAI,cAAc,CAAC,CAAC,CAAC,CAAC;KACpD;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,IAAI,CAAC,+BAA4B,CAAC,CAAC,QAAS,OAAG,CAAC,CAAC;QACzD,OAAO,KAAK,CAAC;KACd;AACH,CAAC;AAED,SAAS,KAAK;IACZ,OAAO;QACL,OAAO,EAAE,UAAC,CAAC,EAAE,WAAwB,IAAK,OAAA,YAAY,CAAC,CAAC,EAAE,WAAW,CAAC,EAA5B,CAA4B;QACtE,KAAK,EAAE,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAZ,CAAY;KAC3B,CAAC;AACJ,CAAC;AAED,0CAA0C;AAC1C,IAAM,cAAc,GAAG,iBAAiB,CAAC;AAEzC,kBAAe;IACb,EAAE,EAAE,8BAA8B;IAClC,KAAK,EAAE,kCAAkC;IACzC,MAAM,EAAE,CAAC,cAAc,CAAC;IACxB,KAAK,EAAE,SAAS;IAChB,cAAc,EAAE,IAAI;IACpB,YAAY,EAAE,aAAa;IAC3B,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,4BAA4B,CAAC;IAC/D,GAAG,EAAE,qFAAqF;IAC1F,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
6
|
var util_1 = require("./lib/util");
|
|
7
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
4
8
|
var Options = /** @class */ (function () {
|
|
5
9
|
function Options(queryInclude, queryExclude) {
|
|
6
10
|
if (queryInclude === void 0) { queryInclude = [/\binsert\b/i, /\bupdate\b/i]; }
|
|
@@ -61,6 +65,8 @@ exports.default = {
|
|
|
61
65
|
scope: 'http_server_request',
|
|
62
66
|
labels: [Audit],
|
|
63
67
|
impactDomain: 'Maintainability',
|
|
68
|
+
description: (0, parseRuleDescription_1.default)('updateInGetRequest'),
|
|
69
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#update-in-get-request',
|
|
64
70
|
Options: Options,
|
|
65
71
|
build: build,
|
|
66
72
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"updateInGetRequest.js","sourceRoot":"","sources":["../../src/rules/updateInGetRequest.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"updateInGetRequest.js","sourceRoot":"","sources":["../../src/rules/updateInGetRequest.ts"],"names":[],"mappings":";;;;;AAEA,mCAA2C;AAC3C,oFAA8D;AAE9D;IAIE,iBACE,YAAuD,EACvD,YAA2B;QAD3B,6BAAA,EAAA,gBAA0B,aAAa,EAAE,aAAa,CAAC;QACvD,6BAAA,EAAA,iBAA2B;QAE3B,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;QAClC,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;IACpC,CAAC;IAED,sBAAI,iCAAY;aAAhB;YACE,OAAO,IAAI,CAAC,aAAa,CAAC;QAC5B,CAAC;aAED,UAAiB,KAA0B;YACzC,IAAI,CAAC,aAAa,GAAG,IAAA,oBAAa,EAAC,KAAK,CAAC,CAAC;QAC5C,CAAC;;;OAJA;IAMD,sBAAI,iCAAY;aAAhB;YACE,OAAO,IAAI,CAAC,aAAa,CAAC;QAC5B,CAAC;aAED,UAAiB,KAA0B;YACzC,IAAI,CAAC,aAAa,GAAG,IAAA,oBAAa,EAAC,KAAK,CAAC,CAAC;QAC5C,CAAC;;;OAJA;IAKH,cAAC;AAAD,CAAC,AA3BD,IA2BC;AAED,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,OAAO;QACL,OAAO,EAAE,UAAC,CAAC;YACT,IAAI,iBAAoC,CAAC;YACzC,SAAS,oBAAoB;gBAC3B,iBAAiB,GAAG,CAAC;qBAClB,SAAS,EAAE;qBACX,IAAI,CACH,UAAC,QAAQ;oBACP,OAAA,QAAQ,CAAC,iBAAiB;wBAC1B,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC;gBADjF,CACiF,CACpF,CAAC;gBACJ,OAAO,iBAAiB,KAAK,SAAS,CAAC;YACzC,CAAC;YAED,IACE,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,CAAC,CAAC,QAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAA1B,CAA0B,CAAC;gBAClE,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,CAAC,CAAC,QAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAA1B,CAA0B,CAAC;gBACnE,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,UAAC,QAAQ,IAAK,OAAA,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAArC,CAAqC,CAAC;gBACxE,oBAAoB,EAAE,EACtB;gBACA,OAAO,8BAA4B,iBAAkB,CAAC,KAAK,UAAK,CAAC,CAAC,QAAU,CAAC;aAC9E;QACH,CAAC;QACD,KAAK,EAAE,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAZ,CAAY;KAC3B,CAAC;AACJ,CAAC;AAED,IAAM,KAAK,GAAG,OAAO,CAAC;AAEtB,kBAAe;IACb,EAAE,EAAE,uBAAuB;IAC3B,KAAK,EAAE,8CAA8C;IACrD,KAAK,EAAE,qBAAqB;IAC5B,MAAM,EAAE,CAAC,KAAK,CAAC;IACf,YAAY,EAAE,iBAAiB;IAC/B,WAAW,EAAE,IAAA,8BAAoB,EAAC,oBAAoB,CAAC;IACvD,GAAG,EAAE,8EAA8E;IACnF,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -110,7 +110,8 @@ function iterateTransaction(begin, tail) {
|
|
|
110
110
|
transaction.push(event);
|
|
111
111
|
if (!event.sql)
|
|
112
112
|
continue;
|
|
113
|
-
|
|
113
|
+
// TODO: This should be routing through the AppMapIndex AST cache.
|
|
114
|
+
var sql = (0, models_1.parseSQL)(event.sql.sql);
|
|
114
115
|
if (!sql)
|
|
115
116
|
continue;
|
|
116
117
|
if (isBegin(sql))
|
|
@@ -145,7 +146,7 @@ var SQLTransactionScope = /** @class */ (function (_super) {
|
|
|
145
146
|
event = events_1_1.value;
|
|
146
147
|
if (!event.isCall() || !event.sql)
|
|
147
148
|
return [3 /*break*/, 3];
|
|
148
|
-
sql = (0, models_1.
|
|
149
|
+
sql = (0, models_1.parseSQL)(event.sql.sql);
|
|
149
150
|
if (!(sql && isBegin(sql) && !isEnd(sql))) return [3 /*break*/, 3];
|
|
150
151
|
return [4 /*yield*/, iterateTransaction(event, events)];
|
|
151
152
|
case 2:
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sqlTransactionScope.js","sourceRoot":"","sources":["../../src/scope/sqlTransactionScope.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"sqlTransactionScope.js","sourceRoot":"","sources":["../../src/scope/sqlTransactionScope.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAA2C;AAI3C,kEAA4C;AAG5C,SAAS,OAAO,CAAC,GAA2B;IAC1C,QAAQ,GAAG,CAAC,OAAO,EAAE;QACnB,KAAK,MAAM;YACT,OAAO,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,UAAC,CAAC,IAAK,OAAA,OAAO,CAAC,CAAC,CAAC,EAAV,CAAU,CAAC,CAAC;QAC/C,KAAK,aAAa;YAChB,OAAO,GAAG,CAAC,MAAM,KAAK,OAAO,CAAC;QAChC;YACE,OAAO,KAAK,CAAC;KAChB;AACH,CAAC;AAMD,SAAS,KAAK,CAAC,GAA2B;;IACxC,QAAQ,GAAG,CAAC,OAAO,EAAE;QACnB,KAAK,MAAM;;gBACT,KAAwB,IAAA,KAAA,SAAA,GAAG,CAAC,SAAS,CAAA,gBAAA,4BAAE;oBAAlC,IAAM,SAAS,WAAA;oBAClB,IAAM,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC;oBAChC,IAAI,MAAM;wBAAE,OAAO,MAAM,CAAC;iBAC3B;;;;;;;;;YACD,OAAO,SAAS,CAAC;QACnB,KAAK,aAAa;YAChB,OAAO,GAAG,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAE,GAA+B,CAAC;QAC/E;YACE,OAAO,SAAS,CAAC;KACpB;AACH,CAAC;AASD,SAAgB,qBAAqB,CACnC,KAA0C;IAE1C,OAAO,KAAK,CAAC,WAAW,KAAK,SAAS,CAAC;AACzC,CAAC;AAJD,sDAIC;AAED,SAAS,kBAAkB,CACzB,KAA0C,EAC1C,IAAqB;IAErB,8CAA8C;IAC9C,wDAAwD;IACxD,IAAM,WAAW,GAAY,EAAE,CAAC;IAChC,KAAK,IAAI,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,EAAE;QAC3D,IAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE;YAAE,SAAS;QAC9B,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxB,IAAI,CAAC,KAAK,CAAC,GAAG;YAAE,SAAS;QACzB,kEAAkE;QAClE,IAAM,GAAG,GAAG,IAAA,iBAAQ,EAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,IAAI,OAAO,CAAC,GAAG,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/E,IAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;QACvB,IAAI,GAAG,EAAE;YACP,KAAK,CAAC,WAAW,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;YAChE,MAAM;SACP;KACF;IACD,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,QAAQ,CAA2B;KAC/D,CAAC;AACJ,CAAC;AAED;IAAiD,uCAAa;IAA9D;;IAUA,CAAC;IATE,oCAAM,GAAP,UAAQ,MAA+B;;;;;;;oBACjB,WAAA,SAAA,MAAM,CAAA;;;;oBAAf,KAAK;oBACd,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG;wBAAE,wBAAS;oBACtC,GAAG,GAAG,IAAA,iBAAQ,EAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;yBAChC,CAAA,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA,EAAlC,wBAAkC;oBACpC,qBAAM,kBAAkB,CAAC,KAAK,EAAE,MAAM,CAAC,EAAA;;oBAAvC,SAAuC,CAAC;;;;;;;;;;;;;;;;;;;KAG7C;IACH,0BAAC;AAAD,CAAC,AAVD,CAAiD,uBAAa,GAU7D"}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __read = (this && this.__read) || function (o, n) {
|
|
3
|
+
var m = typeof Symbol === "function" && o[Symbol.iterator];
|
|
4
|
+
if (!m) return o;
|
|
5
|
+
var i = m.call(o), r, ar = [], e;
|
|
6
|
+
try {
|
|
7
|
+
while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);
|
|
8
|
+
}
|
|
9
|
+
catch (error) { e = { error: error }; }
|
|
10
|
+
finally {
|
|
11
|
+
try {
|
|
12
|
+
if (r && !r.done && (m = i["return"])) m.call(i);
|
|
13
|
+
}
|
|
14
|
+
finally { if (e) throw e.error; }
|
|
15
|
+
}
|
|
16
|
+
return ar;
|
|
17
|
+
};
|
|
18
|
+
var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
|
|
19
|
+
if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
|
|
20
|
+
if (ar || !(i in from)) {
|
|
21
|
+
if (!ar) ar = Array.prototype.slice.call(from, 0, i);
|
|
22
|
+
ar[i] = from[i];
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
return to.concat(ar || Array.prototype.slice.call(from));
|
|
26
|
+
};
|
|
27
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
28
|
+
var fs_1 = require("fs");
|
|
29
|
+
var SqlWarningFileName = 'sql_warning.txt';
|
|
30
|
+
var messages = [];
|
|
31
|
+
var writeMessage = function (msg) { return (messages ? messages.push(msg) : null); };
|
|
32
|
+
process.on('exit', function () {
|
|
33
|
+
if (!messages)
|
|
34
|
+
return;
|
|
35
|
+
__spreadArray([], __read(new Set(messages)), false).forEach(function (msg) { return console.warn(msg); });
|
|
36
|
+
});
|
|
37
|
+
function sqlWarning(error) {
|
|
38
|
+
if (SqlWarningFileName) {
|
|
39
|
+
(0, fs_1.open)(SqlWarningFileName, 'w', function (err, fd) {
|
|
40
|
+
if (err || !fd)
|
|
41
|
+
return;
|
|
42
|
+
writeMessage = function (msg) {
|
|
43
|
+
// eslint-disable-next-line @typescript-eslint/no-empty-function
|
|
44
|
+
(0, fs_1.write)(fd, [msg, '\n'].join(''), function () { });
|
|
45
|
+
};
|
|
46
|
+
if (messages)
|
|
47
|
+
messages.forEach(writeMessage);
|
|
48
|
+
messages = null;
|
|
49
|
+
});
|
|
50
|
+
// Try only once
|
|
51
|
+
SqlWarningFileName = null;
|
|
52
|
+
}
|
|
53
|
+
writeMessage(error.toString());
|
|
54
|
+
}
|
|
55
|
+
exports.default = sqlWarning;
|
|
56
|
+
//# sourceMappingURL=sqlWarning.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sqlWarning.js","sourceRoot":"","sources":["../src/sqlWarning.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yBAAiC;AAGjC,IAAI,kBAAkB,GAAkB,iBAAiB,CAAC;AAC1D,IAAI,QAAQ,GAAoB,EAAE,CAAC;AACnC,IAAI,YAAY,GAA0B,UAAC,GAAW,IAAK,OAAA,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAtC,CAAsC,CAAC;AAElG,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE;IACjB,IAAI,CAAC,QAAQ;QAAE,OAAO;IAEtB,yBAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAE,OAAO,CAAC,UAAC,GAAG,IAAK,OAAA,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAjB,CAAiB,CAAC,CAAC;AAC7D,CAAC,CAAC,CAAC;AAEH,SAAwB,UAAU,CAAC,KAAiB;IAClD,IAAI,kBAAkB,EAAE;QACtB,IAAA,SAAI,EAAC,kBAAkB,EAAE,GAAG,EAAE,UAAC,GAAG,EAAE,EAAE;YACpC,IAAI,GAAG,IAAI,CAAC,EAAE;gBAAE,OAAO;YAEvB,YAAY,GAAG,UAAC,GAAG;gBACjB,gEAAgE;gBAChE,IAAA,UAAK,EAAC,EAAE,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,cAAO,CAAC,CAAC,CAAC;YAC5C,CAAC,CAAC;YAEF,IAAI,QAAQ;gBAAE,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC7C,QAAQ,GAAG,IAAI,CAAC;QAClB,CAAC,CAAC,CAAC;QACH,gBAAgB;QAChB,kBAAkB,GAAG,IAAI,CAAC;KAC3B;IAED,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;AACjC,CAAC;AAlBD,6BAkBC"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
## Scanner architecture
|
|
2
|
+
|
|
3
|
+
See [@appland/models source code](https://github.com/applandinc/appmap-js/tree/main/packages/models) for the JS API to AppMap data.
|
|
4
|
+
|
|
5
|
+
## Assertions
|
|
6
|
+
|
|
7
|
+
An Assertion tests each configured AppMap event to see if it matches some condition. The test is applied by a `matcher` fnuction.
|
|
8
|
+
|
|
9
|
+
If there is a match, the assertion returns a Finding. A Finding contains the type of check, the event, and a descriptive message. Supporting (related) events may also be reported.
|
|
10
|
+
|
|
11
|
+
## Scopes
|
|
12
|
+
|
|
13
|
+
Each Assertion declares a Scope. The Scope is the set of events that will be checked by an instance of the Assertion object. An Assertion can use a narrower scope to help avoid giving false positives. For example, consider an Assertion that looks for "too many SQL queries". The Assertion only wants to count SQL queries within the Scope of a single command - not the entire AppMap.
|
|
14
|
+
|
|
15
|
+
|
|
16
|
+
Scope examples (roughly ordered from broadest to narrowest):
|
|
17
|
+
|
|
18
|
+
* `all` All events in the AppMap will be processed by the same Assertion instance.
|
|
19
|
+
* `root` A new Assertion instance is created for each root event.
|
|
20
|
+
* `command` A new Assertion instance is created for each HTTP server request, and for each event that is not a descendant of an HTTP server request AND has the label `command` or `job`.
|
|
21
|
+
* `http_server_request` A new Assertion instance is created for each HTTP server request.
|
|
22
|
+
* `transaction` A new Assertion instance is created for each database transaction in the AppMap.
|
|
23
|
+
|
|
24
|
+
## Event filters
|
|
25
|
+
|
|
26
|
+
Assertions use Event filters to choose which events are processed by the `matcher` function.
|
|
27
|
+
|
|
28
|
+
Event filters include the `where`, `include` and `exclude` conditions. Events must match the `where` and `include` conditions, and must not match the `exclude` condition. The `where` condition is built into the Assertion. The `include` and `exclude` conditions are blank, and exist to be customized by the user.
|
|
29
|
+
|
|
30
|
+
## Examples
|
|
31
|
+
|
|
32
|
+
### HTTP 500
|
|
33
|
+
|
|
34
|
+
`http-500` assertion is a simple example. It specifies the `http_server_request` scope - so that each HTTP server request is processed by a separate Assertion.
|
|
35
|
+
|
|
36
|
+
The `where` condition filter out events that don't have an `http_server_response` - for example, if the server process was hard-killed in the middle of processing.
|
|
37
|
+
|
|
38
|
+
The `matcher` function returns true if the HTTP status code is between 500 and 599.
|
|
39
|
+
|
|
40
|
+
### Insecure compare
|
|
41
|
+
|
|
42
|
+
`insecure-compare` operates on the `all` scope - it looks for insecure compare across the entire AppMap.
|
|
43
|
+
|
|
44
|
+
The `where` clause selects events that are labeled `string.equals` or `secret`. The `secret` label is used to build a Set of all the secrets that are generated/returned by function events in the AppMap. When a `string.equals` function is encountered, the assertion returns true if:
|
|
45
|
+
|
|
46
|
+
1. The function has a receiver value and one parameter.
|
|
47
|
+
2. Both the receiver value and the parameter value are not BCrypted-strings.
|
|
48
|
+
3. Both the receiver value and the parameter value are either (a) a known secret or (b) match a secret regexp
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: dao.materialize
|
|
3
|
+
rules:
|
|
4
|
+
- unbatched-materialized-query
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
Loads data access objects from the database into memory.
|
|
8
|
+
|
|
9
|
+
## Examples
|
|
10
|
+
|
|
11
|
+
- Ruby
|
|
12
|
+
[ActiveRecord::Relation#records](https://github.com/rails/rails/blob/fa779b380e61381a393afbc7bbc0a9ce07e0ce74/activerecord/lib/active_record/relation.rb#L254)
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: deserialize.unsafe
|
|
3
|
+
rules:
|
|
4
|
+
- deserialization-of-untrusted-data
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## Examples
|
|
8
|
+
|
|
9
|
+
- Ruby [YAML.unsafe_load](https://docs.ruby-lang.org/en/3.0/Psych.html#method-c-unsafe_load)
|
|
10
|
+
- Ruby [Marshal.load](https://docs.ruby-lang.org/en/3.0/Marshal.html#method-c-load)
|
|
11
|
+
- Java
|
|
12
|
+
[javax.jms.ObjectMessage#getObject](https://docs.oracle.com/javaee/6/api/javax/jms/ObjectMessage.html#getObject())
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: job.create
|
|
3
|
+
rules:
|
|
4
|
+
- job-not-cancelled
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
Schedules a background job for execution. Background jobs run in a separate thread or process from
|
|
8
|
+
the web application request - therefore they do not block the response.
|
|
9
|
+
|
|
10
|
+
## Examples
|
|
11
|
+
|
|
12
|
+
- Ruby
|
|
13
|
+
[ActiveJob::Enqueuing#enqueue](https://api.rubyonrails.org/classes/ActiveJob/Enqueuing.html#method-i-enqueue)
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: rpc.circuit_breaker
|
|
3
|
+
rules:
|
|
4
|
+
- rpc-without-circuit-breaker
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
Indicates that a function provides
|
|
8
|
+
[circuit breaker](https://martinfowler.com/bliki/CircuitBreaker.html) functionality.
|
|
9
|
+
|
|
10
|
+
When present, a circuit breaker function is expected to be invoked as a descendant of an RPC client
|
|
11
|
+
request.
|
|
12
|
+
|
|
13
|
+
## Examples
|
|
14
|
+
|
|
15
|
+
- Ruby
|
|
16
|
+
[Semian::CircuitBreaker#acquire](https://github.com/Shopify/semian/blob/master/lib/semian/circuit_breaker.rb#L26)
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: sanitize
|
|
3
|
+
rules:
|
|
4
|
+
- deserialization-of-untrusted-data
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
Ensures that data is safe and trusted, transforming it if necessary, and returning `falsey` or
|
|
8
|
+
raising an exception if it's impossible to make the data safe.
|
|
9
|
+
|
|
10
|
+
A function with this label can be used to convert untrusted data such as direct user input or HTTP
|
|
11
|
+
request parameters into trusted data.
|
|
12
|
+
|
|
13
|
+
Note that this is not the same as ensuring that a parameter satisfies business logic constraints -
|
|
14
|
+
such as presence or max length. It's a security check that ensures the data cannot cause downstream
|
|
15
|
+
harm.
|
|
16
|
+
|
|
17
|
+
To be considered successful, a `sanitize` function must return a `truthy` value.
|
|
18
|
+
|
|
19
|
+
## Examples
|
|
20
|
+
|
|
21
|
+
- Sanitizing HTML by removing all potentially harmful elements, such as script tags.
|
|
22
|
+
- Ensuring that SQL queries are properly escaped.
|
|
23
|
+
- Running user-provided YAML through a "safe loader" which discards unsafe syntax such as object
|
|
24
|
+
class names.
|
|
25
|
+
- Ensuring that a user-provided file path is a subdirectory of a known allowed directory.
|
|
26
|
+
- Ensuring that a system command string does not have any potential injection or side-effects.
|
|
27
|
+
- Ruby -
|
|
28
|
+
[sanitize_filename](https://github.com/technoweenie/attachment_fu/blob/fa08cb03914b02b66853b4615cd3eca768291ca7/lib/technoweenie/attachment_fu.rb#L410)
|
|
29
|
+
in `attachment_fu`.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: secret
|
|
3
|
+
rules:
|
|
4
|
+
- insecure-compare
|
|
5
|
+
- secret-in-log
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
Indicates that a function returns a secret value. A secret is a user password, cryptographic key,
|
|
9
|
+
authentication token, etc that is used for authentication or other verification.
|
|
10
|
+
|
|
11
|
+
Personally-identifiable information (PII) does not fall under the scope of the `secret` label.
|