@appland/scanner 1.46.2 → 1.48.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/built/cli/ci/command.js +17 -15
- package/built/cli/ci/command.js.map +1 -1
- package/built/cli/scan/command.js +11 -7
- package/built/cli/scan/command.js.map +1 -1
- package/built/cli/scan/scanner.js +15 -25
- package/built/cli/scan/scanner.js.map +1 -1
- package/built/ruleChecker.js +13 -7
- package/built/ruleChecker.js.map +1 -1
- package/built/rules/authzBeforeAuthn.js +0 -1
- package/built/rules/authzBeforeAuthn.js.map +1 -1
- package/built/rules/deserializationOfUntrustedData.js +12 -81
- package/built/rules/deserializationOfUntrustedData.js.map +1 -1
- package/built/rules/execOfUntrustedCommand.js +96 -0
- package/built/rules/execOfUntrustedCommand.js.map +1 -0
- package/built/rules/illegalPackageDependency.js +7 -1
- package/built/rules/illegalPackageDependency.js.map +1 -1
- package/built/rules/incompatibleHttpClientRequest.js +1 -1
- package/built/rules/incompatibleHttpClientRequest.js.map +1 -1
- package/built/rules/jobNotCancelled.js +0 -1
- package/built/rules/jobNotCancelled.js.map +1 -1
- package/built/rules/lib/parseRuleDescription.js +4 -3
- package/built/rules/lib/parseRuleDescription.js.map +1 -1
- package/built/rules/lib/precedingEvents.js +80 -0
- package/built/rules/lib/precedingEvents.js.map +1 -0
- package/built/rules/lib/sanitizesData.js +10 -0
- package/built/rules/lib/sanitizesData.js.map +1 -0
- package/built/rules/logoutWithoutSessionReset.js +0 -1
- package/built/rules/logoutWithoutSessionReset.js.map +1 -1
- package/built/rules/missingAuthentication.js +3 -3
- package/built/rules/missingAuthentication.js.map +1 -1
- package/built/rules/queryFromInvalidPackage.js +7 -2
- package/built/rules/queryFromInvalidPackage.js.map +1 -1
- package/built/rules/queryFromView.js +12 -1
- package/built/rules/queryFromView.js.map +1 -1
- package/built/rules/secretInLog.js +11 -9
- package/built/rules/secretInLog.js.map +1 -1
- package/built/rules/tooManyJoins.js +0 -1
- package/built/rules/tooManyJoins.js.map +1 -1
- package/built/rules/tooManyUpdates.js +0 -1
- package/built/rules/tooManyUpdates.js.map +1 -1
- package/built/sampleConfig/default.yml +2 -1
- package/built/scope/commandScope.js.map +1 -1
- package/built/scope/rootScope.js.map +1 -1
- package/built/scope/scopeIterator.js.map +1 -1
- package/built/scope/sqlTransactionScope.js +2 -2
- package/built/scope/sqlTransactionScope.js.map +1 -1
- package/doc/labels/{public.md → access.public.md} +1 -1
- package/doc/labels/deserialize.safe.md +2 -0
- package/doc/labels/deserialize.sanitize.md +22 -0
- package/doc/labels/deserialize.unsafe.md +2 -0
- package/doc/labels/system.exec.md +7 -0
- package/doc/labels/system.exec.safe.md +7 -0
- package/doc/labels/system.exec.sanitize.md +22 -0
- package/doc/rules/deserializationOfUntrustedData.md +1 -1
- package/doc/rules/execOfUntrustedCommand.md +16 -0
- package/doc/rules/missingAuthentication.md +1 -1
- package/package.json +1 -1
- package/doc/labels/sanitize.md +0 -29
package/built/cli/ci/command.js
CHANGED
|
@@ -110,7 +110,7 @@ exports.default = {
|
|
|
110
110
|
}
|
|
111
111
|
_c.label = 1;
|
|
112
112
|
case 1:
|
|
113
|
-
_c.trys.push([1,
|
|
113
|
+
_c.trys.push([1, 13, , 14]);
|
|
114
114
|
if (!appmapDir) {
|
|
115
115
|
throw new errors_1.ValidationError('--appmap-dir is required');
|
|
116
116
|
}
|
|
@@ -127,38 +127,40 @@ exports.default = {
|
|
|
127
127
|
return [4 /*yield*/, (0, configurationProvider_1.parseConfigFile)(config)];
|
|
128
128
|
case 5:
|
|
129
129
|
configData = _c.sent();
|
|
130
|
-
|
|
131
|
-
return [4 /*yield*/, Promise.all([scanner.scan(), scanner.fetchFindingStatus(appIdArg, appmapDir)])];
|
|
130
|
+
return [4 /*yield*/, (0, scanner_1.default)(false, configData, files)];
|
|
132
131
|
case 6:
|
|
132
|
+
scanner = _c.sent();
|
|
133
|
+
return [4 /*yield*/, Promise.all([scanner.scan(), scanner.fetchFindingStatus(appIdArg, appmapDir)])];
|
|
134
|
+
case 7:
|
|
133
135
|
_b = __read.apply(void 0, [_c.sent(), 2]), rawScanResults = _b[0], findingStatuses = _b[1];
|
|
134
136
|
// Always report the raw data
|
|
135
137
|
return [4 /*yield*/, (0, promises_1.writeFile)(reportFile, JSON.stringify(rawScanResults, null, 2))];
|
|
136
|
-
case
|
|
138
|
+
case 8:
|
|
137
139
|
// Always report the raw data
|
|
138
140
|
_c.sent();
|
|
139
141
|
scanResults = rawScanResults.withFindings((0, findings_1.newFindings)(rawScanResults.findings, findingStatuses));
|
|
140
142
|
(0, findingsReport_1.default)(scanResults.findings, scanResults.appMapMetadata);
|
|
141
143
|
(0, summaryReport_1.default)(scanResults, true);
|
|
142
|
-
if (!doUpload) return [3 /*break*/,
|
|
144
|
+
if (!doUpload) return [3 /*break*/, 10];
|
|
143
145
|
return [4 /*yield*/, (0, upload_1.default)(rawScanResults, appId, mergeKey, {
|
|
144
146
|
maxRetries: 3,
|
|
145
147
|
})];
|
|
146
|
-
case
|
|
148
|
+
case 9:
|
|
147
149
|
uploadResponse = _c.sent();
|
|
148
150
|
(0, reportUploadURL_1.default)(uploadResponse.summary.numFindings, uploadResponse.url);
|
|
149
|
-
_c.label =
|
|
150
|
-
case 9:
|
|
151
|
-
if (!updateCommitStatusOption) return [3 /*break*/, 11];
|
|
152
|
-
return [4 /*yield*/, (0, updateCommitStatus_1.default)(scanResults.findings.length, scanResults.summary.numChecks)];
|
|
151
|
+
_c.label = 10;
|
|
153
152
|
case 10:
|
|
154
|
-
|
|
155
|
-
|
|
153
|
+
if (!updateCommitStatusOption) return [3 /*break*/, 12];
|
|
154
|
+
return [4 /*yield*/, (0, updateCommitStatus_1.default)(scanResults.findings.length, scanResults.summary.numChecks)];
|
|
156
155
|
case 11:
|
|
156
|
+
_c.sent();
|
|
157
|
+
_c.label = 12;
|
|
158
|
+
case 12:
|
|
157
159
|
if (failOption) {
|
|
158
160
|
(0, fail_1.default)(scanResults.findings.length);
|
|
159
161
|
}
|
|
160
|
-
return [3 /*break*/,
|
|
161
|
-
case
|
|
162
|
+
return [3 /*break*/, 14];
|
|
163
|
+
case 13:
|
|
162
164
|
err_1 = _c.sent();
|
|
163
165
|
if (err_1 instanceof errors_1.ValidationError) {
|
|
164
166
|
console.warn(err_1.message);
|
|
@@ -172,7 +174,7 @@ exports.default = {
|
|
|
172
174
|
return [2 /*return*/, process.exit(exitCode_1.ExitCode.RuntimeError)];
|
|
173
175
|
}
|
|
174
176
|
throw err_1;
|
|
175
|
-
case
|
|
177
|
+
case 14: return [2 /*return*/];
|
|
176
178
|
}
|
|
177
179
|
});
|
|
178
180
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"command.js","sourceRoot":"","sources":["../../../src/cli/ci/command.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6BAA4C;AAC5C,wCAAwC;AACxC,6BAAiC;AAKjC,mFAA4E;AAC5E,uCAA2D;AAE3D,6CAA+C;AAC/C,2CAA6C;AAC7C,+EAAyD;AACzD,6EAAuD;AAEvD,wCAAuC;AACvC,iEAA2C;AAC3C,iEAA2C;AAC3C,qDAA+B;AAC/B,4DAA0D;AAG1D,yDAAmC;AACnC,6EAAuD;AACvD,uEAAiD;AACjD,iDAA2B;AAE3B,kBAAe;IACb,OAAO,EAAE,IAAI;IACb,QAAQ,EAAE,uEAAuE;IACjF,OAAO,EAAP,UAAQ,IAAU;QAChB,IAAA,kBAAQ,EAAC,IAAI,CAAC,CAAC;QAEf,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;YAClB,QAAQ,EAAE,yDAAyD;YACnE,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE;YAClC,QAAQ,EAAE,oCAAoC;YAC9C,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACpB,QAAQ,EAAE,kCAAkC;YAC5C,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE;YACvB,QAAQ,EAAE,8EAA8E;SACzF,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IACK,OAAO,EAAb,UAAc,OAAkB;;;;;;wBACxB,KAUF,OAAoC,EATtC,SAAS,eAAA,EACT,MAAM,YAAA,EACG,SAAS,aAAA,EACZ,UAAU,UAAA,EACX,QAAQ,SAAA,EACb,UAAU,gBAAA,EACF,QAAQ,YAAA,EACI,wBAAwB,wBAAA,EAC5C,QAAQ,cAAA,CAC+B;wBAEzC,IAAI,SAAS,EAAE;4BACb,IAAA,cAAO,EAAC,IAAI,CAAC,CAAC;yBACf;;;;wBAGC,IAAI,CAAC,SAAS,EAAE;4BACd,MAAM,IAAI,wBAAe,CAAC,0BAA0B,CAAC,CAAC;yBACvD;wBAED,qBAAM,IAAA,sBAAY,EAAC,WAAW,EAAE,SAAU,CAAC,EAAA;;wBAA3C,SAA2C,CAAC;wBACtC,IAAI,GAAG,IAAA,gBAAS,EAAC,WAAY,CAAC,CAAC;wBACvB,qBAAM,IAAI,CAAI,SAAS,sBAAmB,CAAC,EAAA;;wBAAnD,KAAK,GAAG,SAA2C;wBAE3C,qBAAM,IAAA,sBAAY,EAAC,QAAQ,EAAE,SAAS,CAAC,EAAA;;wBAA/C,KAAK,GAAG,SAAuC;wBAElC,qBAAM,IAAA,uCAAe,EAAC,MAAM,CAAC,EAAA;;wBAA1C,UAAU,GAAG,SAA6B;
|
|
1
|
+
{"version":3,"file":"command.js","sourceRoot":"","sources":["../../../src/cli/ci/command.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6BAA4C;AAC5C,wCAAwC;AACxC,6BAAiC;AAKjC,mFAA4E;AAC5E,uCAA2D;AAE3D,6CAA+C;AAC/C,2CAA6C;AAC7C,+EAAyD;AACzD,6EAAuD;AAEvD,wCAAuC;AACvC,iEAA2C;AAC3C,iEAA2C;AAC3C,qDAA+B;AAC/B,4DAA0D;AAG1D,yDAAmC;AACnC,6EAAuD;AACvD,uEAAiD;AACjD,iDAA2B;AAE3B,kBAAe;IACb,OAAO,EAAE,IAAI;IACb,QAAQ,EAAE,uEAAuE;IACjF,OAAO,EAAP,UAAQ,IAAU;QAChB,IAAA,kBAAQ,EAAC,IAAI,CAAC,CAAC;QAEf,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;YAClB,QAAQ,EAAE,yDAAyD;YACnE,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE;YAClC,QAAQ,EAAE,oCAAoC;YAC9C,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACpB,QAAQ,EAAE,kCAAkC;YAC5C,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE;YACvB,QAAQ,EAAE,8EAA8E;SACzF,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IACK,OAAO,EAAb,UAAc,OAAkB;;;;;;wBACxB,KAUF,OAAoC,EATtC,SAAS,eAAA,EACT,MAAM,YAAA,EACG,SAAS,aAAA,EACZ,UAAU,UAAA,EACX,QAAQ,SAAA,EACb,UAAU,gBAAA,EACF,QAAQ,YAAA,EACI,wBAAwB,wBAAA,EAC5C,QAAQ,cAAA,CAC+B;wBAEzC,IAAI,SAAS,EAAE;4BACb,IAAA,cAAO,EAAC,IAAI,CAAC,CAAC;yBACf;;;;wBAGC,IAAI,CAAC,SAAS,EAAE;4BACd,MAAM,IAAI,wBAAe,CAAC,0BAA0B,CAAC,CAAC;yBACvD;wBAED,qBAAM,IAAA,sBAAY,EAAC,WAAW,EAAE,SAAU,CAAC,EAAA;;wBAA3C,SAA2C,CAAC;wBACtC,IAAI,GAAG,IAAA,gBAAS,EAAC,WAAY,CAAC,CAAC;wBACvB,qBAAM,IAAI,CAAI,SAAS,sBAAmB,CAAC,EAAA;;wBAAnD,KAAK,GAAG,SAA2C;wBAE3C,qBAAM,IAAA,sBAAY,EAAC,QAAQ,EAAE,SAAS,CAAC,EAAA;;wBAA/C,KAAK,GAAG,SAAuC;wBAElC,qBAAM,IAAA,uCAAe,EAAC,MAAM,CAAC,EAAA;;wBAA1C,UAAU,GAAG,SAA6B;wBAEhC,qBAAM,IAAA,iBAAY,EAAC,KAAK,EAAE,UAAU,EAAE,KAAK,CAAC,EAAA;;wBAAtD,OAAO,GAAG,SAA4C;wBAG1D,qBAAM,OAAO,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,OAAO,CAAC,kBAAkB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,EAAA;;wBADhF,KAAA,sBACJ,SAAoF,KAAA,EAD/E,cAAc,QAAA,EAAE,eAAe,QAAA;wBAGtC,6BAA6B;wBAC7B,qBAAM,IAAA,oBAAS,EAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAA;;wBADpE,6BAA6B;wBAC7B,SAAoE,CAAC;wBAE/D,WAAW,GAAG,cAAc,CAAC,YAAY,CAC7C,IAAA,sBAAW,EAAC,cAAc,CAAC,QAAQ,EAAE,eAAe,CAAC,CACtD,CAAC;wBAEF,IAAA,wBAAc,EAAC,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,cAAc,CAAC,CAAC;wBACjE,IAAA,uBAAa,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;6BAE7B,QAAQ,EAAR,yBAAQ;wBACa,qBAAM,IAAA,gBAAM,EAAC,cAAc,EAAE,KAAK,EAAE,QAAQ,EAAE;gCACnE,UAAU,EAAE,CAAC;6BACd,CAAC,EAAA;;wBAFI,cAAc,GAAG,SAErB;wBACF,IAAA,yBAAe,EAAC,cAAc,CAAC,OAAO,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;;;6BAGtE,wBAAwB,EAAxB,yBAAwB;wBAC1B,qBAAM,IAAA,4BAAkB,EAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,EAAA;;wBAApF,SAAoF,CAAC;;;wBAGvF,IAAI,UAAU,EAAE;4BACd,IAAA,cAAI,EAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;yBACnC;;;;wBAED,IAAI,KAAG,YAAY,wBAAe,EAAE;4BAClC,OAAO,CAAC,IAAI,CAAC,KAAG,CAAC,OAAO,CAAC,CAAC;4BAC1B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,eAAe,CAAC,EAAC;yBAC/C;wBACD,IAAI,KAAG,YAAY,mBAAU,EAAE;4BAC7B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,UAAU,CAAC,EAAC;yBAC1C;wBACD,IAAI,CAAC,cAAO,IAAI,KAAG,YAAY,KAAK,EAAE;4BACpC,OAAO,CAAC,KAAK,CAAC,KAAG,CAAC,OAAO,CAAC,CAAC;4BAC3B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,YAAY,CAAC,EAAC;yBAC5C;wBAED,MAAM,KAAG,CAAC;;;;;KAEb;CACF,CAAC"}
|
|
@@ -134,7 +134,7 @@ exports.default = {
|
|
|
134
134
|
}
|
|
135
135
|
_c.label = 1;
|
|
136
136
|
case 1:
|
|
137
|
-
_c.trys.push([1,
|
|
137
|
+
_c.trys.push([1, 11, , 12]);
|
|
138
138
|
if (appmapFile && appmapDir) {
|
|
139
139
|
throw new errors_1.ValidationError('Use --appmap-dir or --appmap-file, but not both');
|
|
140
140
|
}
|
|
@@ -161,14 +161,18 @@ exports.default = {
|
|
|
161
161
|
case 6: return [4 /*yield*/, (0, configurationProvider_1.parseConfigFile)(config)];
|
|
162
162
|
case 7:
|
|
163
163
|
configData = _c.sent();
|
|
164
|
-
|
|
164
|
+
return [4 /*yield*/, (0, scanner_1.default)(reportAllFindings, configData, files).catch(function (error) {
|
|
165
|
+
throw new errors_1.ValidationError(error.message + '\nUse --all to perform an offline scan.');
|
|
166
|
+
})];
|
|
167
|
+
case 8:
|
|
168
|
+
scanner = _c.sent();
|
|
165
169
|
startTime = Date.now();
|
|
166
170
|
return [4 /*yield*/, Promise.all([scanner.scan(), scanner.fetchFindingStatus(appIdArg, appmapDir)])];
|
|
167
|
-
case
|
|
171
|
+
case 9:
|
|
168
172
|
_b = __read.apply(void 0, [_c.sent(), 2]), rawScanResults = _b[0], findingStatuses = _b[1];
|
|
169
173
|
// Always report the raw data
|
|
170
174
|
return [4 /*yield*/, (0, promises_1.writeFile)(reportFile, formatReport(rawScanResults))];
|
|
171
|
-
case
|
|
175
|
+
case 10:
|
|
172
176
|
// Always report the raw data
|
|
173
177
|
_c.sent();
|
|
174
178
|
scanResults = void 0;
|
|
@@ -185,8 +189,8 @@ exports.default = {
|
|
|
185
189
|
elapsed = Date.now() - startTime;
|
|
186
190
|
numChecks = scanResults.checks.length * scanResults.summary.numAppMaps;
|
|
187
191
|
console.log("Performed " + numChecks + " checks in " + elapsed + "ms (" + Math.floor(numChecks / (elapsed / 1000.0)) + " checks/sec)");
|
|
188
|
-
return [3 /*break*/,
|
|
189
|
-
case
|
|
192
|
+
return [3 /*break*/, 12];
|
|
193
|
+
case 11:
|
|
190
194
|
err_1 = _c.sent();
|
|
191
195
|
if (err_1 instanceof errors_1.ValidationError) {
|
|
192
196
|
console.warn(err_1.message);
|
|
@@ -200,7 +204,7 @@ exports.default = {
|
|
|
200
204
|
return [2 /*return*/, process.exit(exitCode_1.ExitCode.RuntimeError)];
|
|
201
205
|
}
|
|
202
206
|
throw err_1;
|
|
203
|
-
case
|
|
207
|
+
case 12: return [2 /*return*/];
|
|
204
208
|
}
|
|
205
209
|
});
|
|
206
210
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"command.js","sourceRoot":"","sources":["../../../src/cli/scan/command.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6BAA4C;AAC5C,wCAAwC;AACxC,6BAAiC;AAKjC,mFAA4E;AAC5E,uCAA2D;AAE3D,6CAA+C;AAC/C,2CAA6C;AAC7C,+EAAyD;AACzD,6EAAuD;AAEvD,wCAAuC;AACvC,iEAA2C;AAG3C,sDAAoD;AACpD,yDAAmC;AAInC,kBAAe;IACb,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,yCAAyC;IACnD,OAAO,EAAP,UAAQ,IAAU;QAChB,IAAA,kBAAQ,EAAC,IAAI,CAAC,CAAC;QAEf,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE;YACzB,QAAQ,EAAE,qBAAqB;YAC/B,KAAK,EAAE,GAAG;SACX,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YACjB,QAAQ,EAAE,gEAAgE;YAC1E,OAAO,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC;SACjD,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YACjB,QAAQ,EAAE,6DAA6D;YACvE,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IACK,OAAO,EAAb,UAAc,OAAkB;;;;;;wBACxB,KAUF,OAAoC,EATtC,SAAS,eAAA,EACT,UAAU,gBAAA,EACV,MAAM,YAAA,EACG,SAAS,aAAA,EACb,iBAAiB,SAAA,EACjB,QAAQ,SAAA,EACb,MAAM,YAAA,EACN,GAAG,SAAA,EACH,UAAU,gBAAA,CAC6B;wBAEzC,IAAI,SAAS,EAAE;4BACb,IAAA,cAAO,EAAC,IAAI,CAAC,CAAC;yBACf;wBAED,IAAI,MAAM,EAAE;4BACV,OAAO,CAAC,GAAG,CAAC,eAAe,GAAG,MAAM,CAAC;yBACtC;;;;wBAGC,IAAI,UAAU,IAAI,SAAS,EAAE;4BAC3B,MAAM,IAAI,wBAAe,CAAC,iDAAiD,CAAC,CAAC;yBAC9E;wBACD,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE;4BAC7B,MAAM,IAAI,wBAAe,CAAC,kDAAkD,CAAC,CAAC;yBAC/E;wBAEG,KAAK,GAAa,EAAE,CAAC;6BACrB,SAAS,EAAT,wBAAS;wBACX,qBAAM,IAAA,sBAAY,EAAC,WAAW,EAAE,SAAU,CAAC,EAAA;;wBAA3C,SAA2C,CAAC;wBACtC,IAAI,GAAG,IAAA,gBAAS,EAAC,WAAY,CAAC,CAAC;wBAC7B,qBAAM,IAAI,CAAI,SAAS,sBAAmB,CAAC,EAAA;;wBAAnD,KAAK,GAAG,SAA2C,CAAC;;;6BAElD,UAAU,EAAV,wBAAU;wBACZ,qBAAM,IAAA,sBAAY,EAAC,MAAM,EAAE,UAAU,CAAC,EAAA;;wBAAtC,SAAsC,CAAC;wBACvC,KAAK,GAAG,CAAC,UAAU,CAAC,CAAC;;4BAGJ,qBAAM,IAAA,uCAAe,EAAC,MAAM,CAAC,EAAA;;wBAA1C,UAAU,GAAG,SAA6B;
|
|
1
|
+
{"version":3,"file":"command.js","sourceRoot":"","sources":["../../../src/cli/scan/command.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6BAA4C;AAC5C,wCAAwC;AACxC,6BAAiC;AAKjC,mFAA4E;AAC5E,uCAA2D;AAE3D,6CAA+C;AAC/C,2CAA6C;AAC7C,+EAAyD;AACzD,6EAAuD;AAEvD,wCAAuC;AACvC,iEAA2C;AAG3C,sDAAoD;AACpD,yDAAmC;AAInC,kBAAe;IACb,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,yCAAyC;IACnD,OAAO,EAAP,UAAQ,IAAU;QAChB,IAAA,kBAAQ,EAAC,IAAI,CAAC,CAAC;QAEf,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE;YACzB,QAAQ,EAAE,qBAAqB;YAC/B,KAAK,EAAE,GAAG;SACX,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YACjB,QAAQ,EAAE,gEAAgE;YAC1E,OAAO,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC;SACjD,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YACjB,QAAQ,EAAE,6DAA6D;YACvE,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IACK,OAAO,EAAb,UAAc,OAAkB;;;;;;wBACxB,KAUF,OAAoC,EATtC,SAAS,eAAA,EACT,UAAU,gBAAA,EACV,MAAM,YAAA,EACG,SAAS,aAAA,EACb,iBAAiB,SAAA,EACjB,QAAQ,SAAA,EACb,MAAM,YAAA,EACN,GAAG,SAAA,EACH,UAAU,gBAAA,CAC6B;wBAEzC,IAAI,SAAS,EAAE;4BACb,IAAA,cAAO,EAAC,IAAI,CAAC,CAAC;yBACf;wBAED,IAAI,MAAM,EAAE;4BACV,OAAO,CAAC,GAAG,CAAC,eAAe,GAAG,MAAM,CAAC;yBACtC;;;;wBAGC,IAAI,UAAU,IAAI,SAAS,EAAE;4BAC3B,MAAM,IAAI,wBAAe,CAAC,iDAAiD,CAAC,CAAC;yBAC9E;wBACD,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE;4BAC7B,MAAM,IAAI,wBAAe,CAAC,kDAAkD,CAAC,CAAC;yBAC/E;wBAEG,KAAK,GAAa,EAAE,CAAC;6BACrB,SAAS,EAAT,wBAAS;wBACX,qBAAM,IAAA,sBAAY,EAAC,WAAW,EAAE,SAAU,CAAC,EAAA;;wBAA3C,SAA2C,CAAC;wBACtC,IAAI,GAAG,IAAA,gBAAS,EAAC,WAAY,CAAC,CAAC;wBAC7B,qBAAM,IAAI,CAAI,SAAS,sBAAmB,CAAC,EAAA;;wBAAnD,KAAK,GAAG,SAA2C,CAAC;;;6BAElD,UAAU,EAAV,wBAAU;wBACZ,qBAAM,IAAA,sBAAY,EAAC,MAAM,EAAE,UAAU,CAAC,EAAA;;wBAAtC,SAAsC,CAAC;wBACvC,KAAK,GAAG,CAAC,UAAU,CAAC,CAAC;;4BAGJ,qBAAM,IAAA,uCAAe,EAAC,MAAM,CAAC,EAAA;;wBAA1C,UAAU,GAAG,SAA6B;wBAEhC,qBAAM,IAAA,iBAAY,EAAC,iBAAiB,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC,KAAK,CAC5E,UAAC,KAAY;gCACX,MAAM,IAAI,wBAAe,CAAC,KAAK,CAAC,OAAO,GAAG,yCAAyC,CAAC,CAAC;4BACvF,CAAC,CACF,EAAA;;wBAJK,OAAO,GAAG,SAIf;wBAEK,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;wBAEa,qBAAM,OAAO,CAAC,GAAG,CAGzD,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,OAAO,CAAC,kBAAkB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,EAAA;;wBAH9D,KAAA,sBAAoC,SAG0B,KAAA,EAH7D,cAAc,QAAA,EAAE,eAAe,QAAA;wBAKtC,6BAA6B;wBAC7B,qBAAM,IAAA,oBAAS,EAAC,UAAU,EAAE,YAAY,CAAC,cAAc,CAAC,CAAC,EAAA;;wBADzD,6BAA6B;wBAC7B,SAAyD,CAAC;wBAEtD,WAAW,SAAA,CAAC;wBAChB,IAAI,iBAAiB,EAAE;4BACrB,WAAW,GAAG,cAAc,CAAC;yBAC9B;6BAAM;4BACL,WAAW,GAAG,cAAc,CAAC,YAAY,CACvC,IAAA,sBAAW,EAAC,cAAc,CAAC,QAAQ,EAAE,eAAe,CAAC,CACtD,CAAC;yBACH;wBAED,IAAA,wBAAc,EAAC,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;wBACtE,OAAO,CAAC,GAAG,EAAE,CAAC;wBACd,IAAA,uBAAa,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;wBACjC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;wBACZ,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;wBAEjC,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC;wBAC7E,OAAO,CAAC,GAAG,CACT,eAAa,SAAS,mBAAc,OAAO,YAAO,IAAI,CAAC,KAAK,CAC1D,SAAS,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,CAC/B,iBAAc,CAChB,CAAC;;;;wBAEF,IAAI,KAAG,YAAY,wBAAe,EAAE;4BAClC,OAAO,CAAC,IAAI,CAAC,KAAG,CAAC,OAAO,CAAC,CAAC;4BAC1B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,eAAe,CAAC,EAAC;yBAC/C;wBACD,IAAI,KAAG,YAAY,mBAAU,EAAE;4BAC7B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,UAAU,CAAC,EAAC;yBAC1C;wBACD,IAAI,CAAC,cAAO,IAAI,KAAG,YAAY,KAAK,EAAE;4BACpC,OAAO,CAAC,KAAK,CAAC,KAAG,CAAC,OAAO,CAAC,CAAC;4BAC3B,sBAAO,OAAO,CAAC,IAAI,CAAC,mBAAQ,CAAC,YAAY,CAAC,EAAC;yBAC5C;wBAED,MAAM,KAAG,CAAC;;;;;KAEb;CACF,CAAC;AAEF,SAAS,cAAc,CAAC,EAOP;QANC,IAAI,iBAAA,EACD,OAAO,oBAAA,EACJ,UAAU,uBAAA,EACjB,GAAG,gBAAA,EACG,SAAS,sBAAA,EACT,SAAS,sBAAA;IAE9B,IAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,GAAG,EAAE,IAAI,GAAG,CAAC;QACb,MAAM,EAAE,OAAO,GAAG,CAAC;QACnB,GAAG,EAAE,GAAG,GAAG,CAAC;QACZ,QAAQ,EAAE,SAAS,GAAG,CAAC;QACvB,QAAQ,EAAE,SAAS,GAAG,CAAC;KACxB,CAAC;SACC,MAAM,CAAC,UAAC,EAAK;YAAL,KAAA,aAAK,EAAF,CAAC,QAAA;QAAM,OAAA,CAAC;IAAD,CAAC,CAAC;SACpB,GAAG,CAAC,UAAC,EAAG;YAAH,KAAA,aAAG,EAAF,CAAC,QAAA;QAAM,OAAA,CAAC;IAAD,CAAC,CAAC,CAAC;IAEnB,OAAO,UAAU,QAAkB;QACjC,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAC,EAAM;gBAAN,KAAA,aAAM,EAAL,CAAC,QAAA,EAAE,CAAC,QAAA;YACpC,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YACvC,IAAI,CAAC,KAAK,YAAY;gBAAE,OAAQ,CAAC,CAAC,IAAI,EAAE,CAAa,CAAC,MAAM,KAAK,UAAU,CAAC;YAC5E,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CACH,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,IAAI,CAAO,OAAoB,EAAE,GAAgB;;IACxD,IAAM,MAAM,GAAG,IAAI,GAAG,EAAQ,CAAC;;QAE/B,KAAoB,IAAA,YAAA,SAAA,OAAO,CAAA,gCAAA,qDAAE;YAAxB,IAAM,KAAK,oBAAA;YACd,IAAM,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC;YACrB,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBAAE,SAAS;YAC5B,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;SACtB;;;;;;;;;IAED,OAAO,MAAM,CAAC,MAAM,EAAE,CAAC;AACzB,CAAC;AAED,0DAA0D;AAC1D,SAAS,YAAY,CAAC,cAA2B;IACzC,IAAA,kBAA6C,cAAc,CAAE,EAA3D,OAAO,aAAA,EAAE,cAAc,oBAAA,EAAE,QAAQ,cAA0B,CAAC;IAEpE,gDAAgD;IAChD,IAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACtD,IAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CACjC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,UAAC,EAAc;YAAd,KAAA,aAAc,EAAb,EAAE,QAAA,EAAE,QAAQ,QAAA;QAAM,OAAA,CAAC,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAAtB,CAAsB,CAAC,CAC/E,CAAC;IAEF,yCAAyC;IACzC,IAAM,cAAc,4BAAO,IAAI,CAAC,QAAQ,EAAE,UAAC,EAAQ;YAAN,IAAI,UAAA;QAAO,OAAA,IAAI;IAAJ,CAAI,CAAC,SAAC,CAAC;IAE/D,OAAO,IAAI,CAAC,SAAS,uBAEd,cAAc,KACjB,OAAO,wBAAO,OAAO,KAAE,WAAW,EAAE,cAAc,CAAC,MAAM,KACzD,cAAc,EAAE,QAAQ,EACxB,QAAQ,EAAE,cAAc,KAE1B,IAAI,EACJ,CAAC,CACF,CAAC;AACJ,CAAC"}
|
|
@@ -61,9 +61,19 @@ var resolveAppId_1 = __importDefault(require("../resolveAppId"));
|
|
|
61
61
|
var scan_1 = __importDefault(require("../scan"));
|
|
62
62
|
var scanResults_1 = require("../../report/scanResults");
|
|
63
63
|
function scanner(reportAllFindings, configuration, files) {
|
|
64
|
-
return
|
|
65
|
-
|
|
66
|
-
|
|
64
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
65
|
+
return __generator(this, function (_a) {
|
|
66
|
+
switch (_a.label) {
|
|
67
|
+
case 0:
|
|
68
|
+
if (!reportAllFindings) return [3 /*break*/, 1];
|
|
69
|
+
return [2 /*return*/, new StandaloneScanner(configuration, files)];
|
|
70
|
+
case 1: return [4 /*yield*/, (0, src_1.loadConfiguration)()];
|
|
71
|
+
case 2:
|
|
72
|
+
_a.sent();
|
|
73
|
+
return [2 /*return*/, new ServerIntegratedScanner(configuration, files)];
|
|
74
|
+
}
|
|
75
|
+
});
|
|
76
|
+
});
|
|
67
77
|
}
|
|
68
78
|
exports.default = scanner;
|
|
69
79
|
var ScannerBase = /** @class */ (function () {
|
|
@@ -76,14 +86,11 @@ var ScannerBase = /** @class */ (function () {
|
|
|
76
86
|
var checks, _a, appMapMetadata, findings;
|
|
77
87
|
return __generator(this, function (_b) {
|
|
78
88
|
switch (_b.label) {
|
|
79
|
-
case 0: return [4 /*yield*/, this.
|
|
89
|
+
case 0: return [4 /*yield*/, (0, configurationProvider_1.loadConfig)(this.configuration)];
|
|
80
90
|
case 1:
|
|
81
|
-
_b.sent();
|
|
82
|
-
return [4 /*yield*/, (0, configurationProvider_1.loadConfig)(this.configuration)];
|
|
83
|
-
case 2:
|
|
84
91
|
checks = _b.sent();
|
|
85
92
|
return [4 /*yield*/, (0, scan_1.default)(this.files, checks)];
|
|
86
|
-
case
|
|
93
|
+
case 2:
|
|
87
94
|
_a = _b.sent(), appMapMetadata = _a.appMapMetadata, findings = _a.findings;
|
|
88
95
|
return [2 /*return*/, new scanResults_1.ScanResults(this.configuration, appMapMetadata, findings, checks)];
|
|
89
96
|
}
|
|
@@ -97,23 +104,6 @@ var ServerIntegratedScanner = /** @class */ (function (_super) {
|
|
|
97
104
|
function ServerIntegratedScanner() {
|
|
98
105
|
return _super !== null && _super.apply(this, arguments) || this;
|
|
99
106
|
}
|
|
100
|
-
ServerIntegratedScanner.prototype.verifyServerConfiguration = function () {
|
|
101
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
102
|
-
return __generator(this, function (_a) {
|
|
103
|
-
return [2 /*return*/, new Promise(function (resolve) {
|
|
104
|
-
(0, src_1.loadConfiguration)()
|
|
105
|
-
.then(function () { return resolve(true); })
|
|
106
|
-
.catch(function (err) {
|
|
107
|
-
console.warn("\u26A0\uFE0F Notice \u26A0\uFE0F");
|
|
108
|
-
console.warn("\u26A0\uFE0F AppMap Server configuration is not available.");
|
|
109
|
-
console.warn("\u26A0\uFE0F Detailed message: " + err.toString());
|
|
110
|
-
console.warn("\u26A0\uFE0F Scanning will continue without fetching existing findings from the server.");
|
|
111
|
-
resolve(false);
|
|
112
|
-
});
|
|
113
|
-
})];
|
|
114
|
-
});
|
|
115
|
-
});
|
|
116
|
-
};
|
|
117
107
|
ServerIntegratedScanner.prototype.fetchFindingStatus = function (appIdArg, appMapDir) {
|
|
118
108
|
return __awaiter(this, void 0, void 0, function () {
|
|
119
109
|
var appId;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../../src/cli/scan/scanner.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,gDAAoF;AAEpF,mFAAuE;AAEvE,sGAA0E;AAE1E,iEAA2C;AAC3C,iDAA2B;AAC3B,wDAAuD;AAQvD,
|
|
1
|
+
{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../../src/cli/scan/scanner.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,gDAAoF;AAEpF,mFAAuE;AAEvE,sGAA0E;AAE1E,iEAA2C;AAC3C,iDAA2B;AAC3B,wDAAuD;AAQvD,SAA8B,OAAO,CACnC,iBAA0B,EAC1B,aAA4B,EAC5B,KAAe;;;;;yBAEX,iBAAiB,EAAjB,wBAAiB;oBACnB,sBAAO,IAAI,iBAAiB,CAAC,aAAa,EAAE,KAAK,CAAC,EAAC;wBAEnD,qBAAM,IAAA,uBAAiB,GAAE,EAAA;;oBAAzB,SAAyB,CAAC;oBAC1B,sBAAO,IAAI,uBAAuB,CAAC,aAAa,EAAE,KAAK,CAAC,EAAC;;;;CAE5D;AAXD,0BAWC;AAED;IACE,qBAAmB,aAA4B,EAAS,KAAe;QAApD,kBAAa,GAAb,aAAa,CAAe;QAAS,UAAK,GAAL,KAAK,CAAU;IAAG,CAAC;IAErE,0BAAI,GAAV;;;;;4BACiB,qBAAM,IAAA,kCAAU,EAAC,IAAI,CAAC,aAAa,CAAC,EAAA;;wBAA7C,MAAM,GAAG,SAAoC;wBACd,qBAAM,IAAA,cAAI,EAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,EAAA;;wBAA7D,KAA+B,SAA8B,EAA3D,cAAc,oBAAA,EAAE,QAAQ,cAAA;wBAChC,sBAAO,IAAI,yBAAW,CAAC,IAAI,CAAC,aAAa,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAC;;;;KAC9E;IACH,kBAAC;AAAD,CAAC,AARD,IAQC;AAED;IAAsC,2CAAW;IAAjD;;IAQA,CAAC;IAPO,oDAAkB,GAAxB,UACE,QAAiB,EACjB,SAAkB;;;;;4BAEJ,qBAAM,IAAA,sBAAY,EAAC,QAAQ,EAAE,SAAS,CAAC,EAAA;;wBAA/C,KAAK,GAAG,SAAuC;wBAC9C,qBAAM,IAAA,2BAAW,EAAC,KAAK,CAAC,EAAA;4BAA/B,sBAAO,SAAwB,EAAC;;;;KACjC;IACH,8BAAC;AAAD,CAAC,AARD,CAAsC,WAAW,GAQhD;AAED;IAAgC,qCAAW;IAA3C;;IAQA,CAAC;IAPO,qDAAyB,GAA/B;;;gBACE,sBAAO,IAAI,EAAC;;;KACb;IAEK,8CAAkB,GAAxB;;;gBACE,sBAAO,EAAE,EAAC;;;KACX;IACH,wBAAC;AAAD,CAAC,AARD,CAAgC,WAAW,GAQ1C"}
|
package/built/ruleChecker.js
CHANGED
|
@@ -217,12 +217,9 @@ var RuleChecker = /** @class */ (function () {
|
|
|
217
217
|
if (!checkInstance.filterEvent(event, appMapIndex)) {
|
|
218
218
|
return [2 /*return*/];
|
|
219
219
|
}
|
|
220
|
-
buildFinding = function (matchEvent, message, groupMessage, occurranceCount,
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
if (groupMessage === void 0) { groupMessage = undefined; }
|
|
224
|
-
if (occurranceCount === void 0) { occurranceCount = undefined; }
|
|
225
|
-
if (relatedEvents === void 0) { relatedEvents = undefined; }
|
|
220
|
+
buildFinding = function (matchEvent, message, groupMessage, occurranceCount,
|
|
221
|
+
// matchEvent will be added to additionalEvents to create the relatedEvents array
|
|
222
|
+
additionalEvents) {
|
|
226
223
|
var findingEvent = matchEvent || event;
|
|
227
224
|
// Fixes:
|
|
228
225
|
// TypeError: Cannot read property 'forEach' of undefined
|
|
@@ -236,6 +233,15 @@ var RuleChecker = /** @class */ (function () {
|
|
|
236
233
|
var hash = (0, crypto_1.createHash)('sha256');
|
|
237
234
|
hash.update(findingEvent.hash);
|
|
238
235
|
hash.update(checkInstance.ruleId);
|
|
236
|
+
var uniqueEvents = new Set();
|
|
237
|
+
var relatedEvents = [];
|
|
238
|
+
[findingEvent].concat((additionalEvents || []).map(eventUtil_1.cloneEvent)).forEach(function (event) {
|
|
239
|
+
if (uniqueEvents.has(event.id)) {
|
|
240
|
+
return;
|
|
241
|
+
}
|
|
242
|
+
uniqueEvents.add(event.id);
|
|
243
|
+
relatedEvents.push(event);
|
|
244
|
+
});
|
|
239
245
|
return {
|
|
240
246
|
appMapFile: appMapFile,
|
|
241
247
|
checkId: checkInstance.checkId,
|
|
@@ -248,7 +254,7 @@ var RuleChecker = /** @class */ (function () {
|
|
|
248
254
|
message: message || checkInstance.title,
|
|
249
255
|
groupMessage: groupMessage,
|
|
250
256
|
occurranceCount: occurranceCount,
|
|
251
|
-
relatedEvents: relatedEvents
|
|
257
|
+
relatedEvents: relatedEvents.sort(function (event) { return event.id; }),
|
|
252
258
|
};
|
|
253
259
|
};
|
|
254
260
|
return [4 /*yield*/, checkInstance.ruleLogic.matcher(event, appMapIndex, checkInstance.filterEvent.bind(checkInstance))];
|
package/built/ruleChecker.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ruleChecker.js","sourceRoot":"","sources":["../src/ruleChecker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,mCAAsC;AAEtC,yCAA2C;AAE3C,gEAA0C;AAC1C,0FAAoE;AACpE,0FAAoE;AACpE,sEAAgD;AAChD,oFAA8D;AAC9D,kEAA4C;AAC5C,iCAAoC;AACpC,yCAAyC;AAEzC;IAAA;QACU,WAAM,GAAkC;YAC9C,IAAI,EAAE,IAAI,mBAAS,EAAE;YACrB,OAAO,EAAE,IAAI,sBAAY,EAAE;YAC3B,mBAAmB,EAAE,IAAI,gCAAsB,EAAE;YACjD,mBAAmB,EAAE,IAAI,gCAAsB,EAAE;YACjD,WAAW,EAAE,IAAI,6BAAmB,EAAE;SACvC,CAAC;
|
|
1
|
+
{"version":3,"file":"ruleChecker.js","sourceRoot":"","sources":["../src/ruleChecker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,mCAAsC;AAEtC,yCAA2C;AAE3C,gEAA0C;AAC1C,0FAAoE;AACpE,0FAAoE;AACpE,sEAAgD;AAChD,oFAA8D;AAC9D,kEAA4C;AAC5C,iCAAoC;AACpC,yCAAyC;AAEzC;IAAA;QACU,WAAM,GAAkC;YAC9C,IAAI,EAAE,IAAI,mBAAS,EAAE;YACrB,OAAO,EAAE,IAAI,sBAAY,EAAE;YAC3B,mBAAmB,EAAE,IAAI,gCAAsB,EAAE;YACjD,mBAAmB,EAAE,IAAI,gCAAsB,EAAE;YACjD,WAAW,EAAE,IAAI,6BAAmB,EAAE;SACvC,CAAC;IA4KJ,CAAC;IA1KO,2BAAK,GAAX,UACE,UAAkB,EAClB,WAAwB,EACxB,KAAY,EACZ,QAAmB;;;;;;;wBAEnB,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,OAAO,CAAC,IAAI,CAAC,qBAAmB,WAAW,CAAC,MAAM,CAAC,IAAI,oBAAe,KAAK,CAAC,KAAO,CAAC,CAAC;yBACtF;wBACK,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;wBAC/C,IAAI,CAAC,aAAa,EAAE;4BAClB,MAAM,IAAI,mBAAU,CAAC,0BAAuB,KAAK,CAAC,KAAK,OAAG,CAAC,CAAC;yBAC7D;wBAEK,UAAU,GAAG;;;;;wCACX,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC;wCAChC,CAAC,GAAG,CAAC;;;6CAAE,CAAA,CAAC,GAAG,MAAM,CAAC,MAAM,CAAA;wCAC/B,qBAAM,MAAM,CAAC,CAAC,CAAC,EAAA;;wCAAf,SAAe,CAAC;;;wCADiB,CAAC,EAAE,CAAA;;;;;yBAGvC,CAAC;;;;wBAEkB,KAAA,SAAA,aAAa,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAA;;;;wBAA3C,KAAK;wBACd,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,OAAO,CAAC,IAAI,CAAC,WAAS,KAAK,CAAC,KAAO,CAAC,CAAC;yBACtC;wBACK,aAAa,GAAG,IAAI,uBAAa,CAAC,KAAK,CAAC,CAAC;wBAC/C,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,EAAE,WAAW,CAAC,EAAE;4BAChD,yBAAS;yBACV;6BACG,aAAa,CAAC,cAAc,EAA5B,yBAA4B;;;;wBACV,oBAAA,SAAA,KAAK,CAAC,MAAM,EAAE,CAAA,CAAA;;;;wBAAvB,KAAK;wBACd,qBAAM,IAAI,CAAC,UAAU,CACnB,KAAK,EACL,KAAK,CAAC,KAAK,EACX,UAAU,EACV,WAAW,EACX,aAAa,EACb,QAAQ,CACT,EAAA;;wBAPD,SAOC,CAAC;;;;;;;;;;;;;;;;;6BAGJ,qBAAM,IAAI,CAAC,UAAU,CACnB,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,KAAK,EACX,UAAU,EACV,WAAW,EACX,aAAa,EACb,QAAQ,CACT,EAAA;;wBAPD,SAOC,CAAC;;;;;;;;;;;;;;;;;;;;KAGP;IAEK,gCAAU,GAAhB,UACE,KAAY,EACZ,KAAY,EACZ,UAAkB,EAClB,WAAwB,EACxB,aAA4B,EAC5B,QAAmB;;;;;;wBAEnB,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE;4BACnB,sBAAO;yBACR;wBACD,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,OAAO,CAAC,IAAI,CACV,eAAa,aAAa,CAAC,MAAM,YAAO,KAAK,CAAC,UAAU,CAAC,IAAI,eAAU,KAAK,CAAC,QAAQ,EAAI,CAC1F,CAAC;yBACH;wBAED,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;4BACtB,IAAI,IAAA,cAAO,GAAE,EAAE;gCACb,OAAO,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;6BACvD;4BACD,sBAAO;yBACR;wBAED,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,EAAE;4BAClD,sBAAO;yBACR;wBAEK,YAAY,GAAG,UACnB,UAAkB,EAClB,OAAgB,EAChB,YAAqB,EACrB,eAAwB;wBACxB,iFAAiF;wBACjF,gBAA0B;4BAE1B,IAAM,YAAY,GAAG,UAAU,IAAI,KAAK,CAAC;4BACzC,SAAS;4BACT,yDAAyD;4BACzD,4GAA4G;4BAC5G,6GAA6G;4BAC7G,4HAA4H;4BAC5H,YAAY,CAAC,OAAO,KAApB,YAAY,CAAC,OAAO,GAAK,EAAE,EAAC;4BAC5B,IAAM,KAAK,GAAa;gCACtB,YAAY,CAAC,UAAU,CAAC,QAAQ;sCAC7B,YAAY,CAAC,SAAS,EAAE,CAAC,GAAG,CAAC,UAAC,QAAQ,IAAK,OAAA,QAAQ,CAAC,UAAU,CAAC,QAAQ,EAA5B,CAA4B,CAAC,UAC3E,MAAM,CAAC,OAAO,CAAC,CAAC;4BAElB,IAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC;4BAClC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;4BAC/B,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;4BAElC,IAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;4BACvC,IAAM,aAAa,GAAiB,EAAE,CAAC;4BACvC,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,sBAAU,CAAC,CAAC,CAAC,OAAO,CAAC,UAAC,KAAK;gCAC5E,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE;oCAC9B,OAAO;iCACR;gCACD,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gCAC3B,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;4BAC5B,CAAC,CAAC,CAAC;4BAEH,OAAO;gCACL,UAAU,YAAA;gCACV,OAAO,EAAE,aAAa,CAAC,OAAO;gCAC9B,MAAM,EAAE,aAAa,CAAC,MAAM;gCAC5B,SAAS,EAAE,aAAa,CAAC,KAAK;gCAC9B,KAAK,EAAE,IAAA,sBAAU,EAAC,YAAY,CAAC;gCAC/B,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;gCACxB,KAAK,OAAA;gCACL,KAAK,EAAE,IAAA,sBAAU,EAAC,KAAK,CAAC;gCACxB,OAAO,EAAE,OAAO,IAAI,aAAa,CAAC,KAAK;gCACvC,YAAY,cAAA;gCACZ,eAAe,iBAAA;gCACf,aAAa,EAAE,aAAa,CAAC,IAAI,CAAC,UAAC,KAAK,IAAK,OAAA,KAAK,CAAC,EAAE,EAAR,CAAQ,CAAC;6BAC5C,CAAC;wBACf,CAAC,CAAC;wBAEkB,qBAAM,aAAa,CAAC,SAAS,CAAC,OAAO,CACvD,KAAK,EACL,WAAW,EACX,aAAa,CAAC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAC9C,EAAA;;wBAJK,WAAW,GAAG,SAInB;wBACK,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC;wBACpC,IAAI,WAAW,KAAK,IAAI,EAAE;4BACpB,OAAO,SAAA,CAAC;4BACZ,IAAI,aAAa,CAAC,SAAS,CAAC,OAAO,EAAE;gCAC7B,OAAO,GAAG,aAAa,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;gCAC9D,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;6BACxC;iCAAM;gCACL,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;6BAC/B;4BACD,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;yBACxB;6BAAM,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE;4BACpC,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,WAAqB,CAAC,CAAC;4BAC3D,OAAO,CAAC,OAAO,GAAG,WAAqB,CAAC;4BACxC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;yBACxB;6BAAM,IAAI,WAAW,EAAE;4BACtB,WAAW,CAAC,OAAO,CAAC,UAAC,EAAE;gCACrB,IAAM,OAAO,GAAG,YAAY,CAC1B,EAAE,CAAC,KAAK,EACR,EAAE,CAAC,OAAO,EACV,EAAE,CAAC,YAAY,EACf,EAAE,CAAC,eAAe,EAClB,EAAE,CAAC,aAAa,CACjB,CAAC;gCACF,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;4BACzB,CAAC,CAAC,CAAC;yBACJ;wBACD,IAAI,IAAA,cAAO,GAAE,EAAE;4BACb,IAAI,QAAQ,CAAC,MAAM,GAAG,WAAW,EAAE;gCACjC,QAAQ,CAAC,OAAO,CAAC,UAAC,OAAO;oCACvB,OAAA,OAAO,CAAC,GAAG,CAAC,gBAAc,OAAO,CAAC,MAAM,WAAM,OAAO,CAAC,OAAS,CAAC;gCAAhE,CAAgE,CACjE,CAAC;6BACH;yBACF;;;;;KACF;IACH,kBAAC;AAAD,CAAC,AAnLD,IAmLC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authzBeforeAuthn.js","sourceRoot":"","sources":["../../src/rules/authzBeforeAuthn.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwD;AACxD,mCAA8D;AAE9D,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,sBAAsB,CAAC,MAAiC;;;QAC/D,KAAmB,IAAA,WAAA,SAAA,MAAM,CAAA,8BAAA,kDAAE;YAAtB,IAAM,IAAI,mBAAA;YACb,IAAI,IAAA,6BAAsB,EAAC,IAAI,CAAC,KAAK,EAAE,sBAAsB,CAAC,EAAE;gBAC9D,OAAO,IAAI,CAAC;aACb;SACF;;;;;;;;;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,SAAgB;;;YAC/B,KAAoB,IAAA,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA,gBAAA,4BAAE;gBAA5D,IAAM,KAAK,WAAA;gBACd,IAAI,IAAA,6BAAsB,EAAC,KAAK,CAAC,KAAK,EAAE,sBAAsB,CAAC,EAAE;oBAC/D,OAAO;iBACR;gBACD,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,IAAA,eAAQ,EAAC,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE;oBACtF,6FAA6F;oBAC7F,IAAI,sBAAsB,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE;wBAC/C,OAAO;qBACR;yBAAM;wBACL,OAAO;4BACL;gCACE,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"authzBeforeAuthn.js","sourceRoot":"","sources":["../../src/rules/authzBeforeAuthn.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwD;AACxD,mCAA8D;AAE9D,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,sBAAsB,CAAC,MAAiC;;;QAC/D,KAAmB,IAAA,WAAA,SAAA,MAAM,CAAA,8BAAA,kDAAE;YAAtB,IAAM,IAAI,mBAAA;YACb,IAAI,IAAA,6BAAsB,EAAC,IAAI,CAAC,KAAK,EAAE,sBAAsB,CAAC,EAAE;gBAC9D,OAAO,IAAI,CAAC;aACb;SACF;;;;;;;;;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,SAAgB;;;YAC/B,KAAoB,IAAA,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA,gBAAA,4BAAE;gBAA5D,IAAM,KAAK,WAAA;gBACd,IAAI,IAAA,6BAAsB,EAAC,KAAK,CAAC,KAAK,EAAE,sBAAsB,CAAC,EAAE;oBAC/D,OAAO;iBACR;gBACD,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,IAAA,eAAQ,EAAC,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE;oBACtF,6FAA6F;oBAC7F,IAAI,sBAAsB,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE;wBAC/C,OAAO;qBACR;yBAAM;wBACL,OAAO;4BACL;gCACE,KAAK,EAAE,KAAK,CAAC,KAAK;gCAClB,OAAO,EAAK,KAAK,CAAC,KAAK,kEAA+D;6BACvF;yBACF,CAAC;qBACH;iBACF;aACF;;;;;;;;;IACH,CAAC;IAED,OAAO,EAAE,OAAO,SAAA,EAAE,CAAC;AACrB,CAAC;AAED,IAAM,sBAAsB,GAAG,yBAAyB,CAAC;AACzD,IAAM,qBAAqB,GAAG,wBAAwB,CAAC;AAEvD,kBAAe;IACb,EAAE,EAAE,oBAAoB;IACxB,KAAK,EAAE,+CAA+C;IACtD,MAAM,EAAE,CAAC,qBAAqB,EAAE,sBAAsB,CAAC;IACvD,KAAK,EAAE,qBAAkC;IACzC,YAAY,EAAE,UAAU;IACxB,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;KACtE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,kBAAkB,CAAC;IACrD,GAAG,EAAE,2EAA2E;IAChF,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,31 +1,4 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
3
|
-
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
|
|
4
|
-
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
|
5
|
-
function verb(n) { return function (v) { return step([n, v]); }; }
|
|
6
|
-
function step(op) {
|
|
7
|
-
if (f) throw new TypeError("Generator is already executing.");
|
|
8
|
-
while (_) try {
|
|
9
|
-
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
10
|
-
if (y = 0, t) op = [op[0] & 2, t.value];
|
|
11
|
-
switch (op[0]) {
|
|
12
|
-
case 0: case 1: t = op; break;
|
|
13
|
-
case 4: _.label++; return { value: op[1], done: false };
|
|
14
|
-
case 5: _.label++; y = op[1]; op = [0]; continue;
|
|
15
|
-
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
|
16
|
-
default:
|
|
17
|
-
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
|
18
|
-
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
|
19
|
-
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
|
20
|
-
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
|
21
|
-
if (t[2]) _.ops.pop();
|
|
22
|
-
_.trys.pop(); continue;
|
|
23
|
-
}
|
|
24
|
-
op = body.call(thisArg, _);
|
|
25
|
-
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
|
26
|
-
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
27
|
-
}
|
|
28
|
-
};
|
|
29
2
|
var __values = (this && this.__values) || function(o) {
|
|
30
3
|
var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
|
|
31
4
|
if (m) return m.call(o);
|
|
@@ -44,75 +17,34 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
44
17
|
var models_1 = require("@appland/models");
|
|
45
18
|
var url_1 = require("url");
|
|
46
19
|
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
!!event.returnValue &&
|
|
50
|
-
!!event.returnValue.object_id &&
|
|
51
|
-
event.returnValue.object_id === objectId);
|
|
52
|
-
}
|
|
53
|
-
function precedingEvents(rootEvent, target) {
|
|
54
|
-
var _a, _b, event, e_1_1;
|
|
55
|
-
var e_1, _c;
|
|
56
|
-
return __generator(this, function (_d) {
|
|
57
|
-
switch (_d.label) {
|
|
58
|
-
case 0:
|
|
59
|
-
_d.trys.push([0, 5, 6, 7]);
|
|
60
|
-
_a = __values(new models_1.EventNavigator(rootEvent).descendants()), _b = _a.next();
|
|
61
|
-
_d.label = 1;
|
|
62
|
-
case 1:
|
|
63
|
-
if (!!_b.done) return [3 /*break*/, 4];
|
|
64
|
-
event = _b.value;
|
|
65
|
-
if (event.event === target) {
|
|
66
|
-
return [3 /*break*/, 4];
|
|
67
|
-
}
|
|
68
|
-
return [4 /*yield*/, event];
|
|
69
|
-
case 2:
|
|
70
|
-
_d.sent();
|
|
71
|
-
_d.label = 3;
|
|
72
|
-
case 3:
|
|
73
|
-
_b = _a.next();
|
|
74
|
-
return [3 /*break*/, 1];
|
|
75
|
-
case 4: return [3 /*break*/, 7];
|
|
76
|
-
case 5:
|
|
77
|
-
e_1_1 = _d.sent();
|
|
78
|
-
e_1 = { error: e_1_1 };
|
|
79
|
-
return [3 /*break*/, 7];
|
|
80
|
-
case 6:
|
|
81
|
-
try {
|
|
82
|
-
if (_b && !_b.done && (_c = _a.return)) _c.call(_a);
|
|
83
|
-
}
|
|
84
|
-
finally { if (e_1) throw e_1.error; }
|
|
85
|
-
return [7 /*endfinally*/];
|
|
86
|
-
case 7: return [2 /*return*/];
|
|
87
|
-
}
|
|
88
|
-
});
|
|
89
|
-
}
|
|
20
|
+
var precedingEvents_1 = __importDefault(require("./lib/precedingEvents"));
|
|
21
|
+
var sanitizesData_1 = __importDefault(require("./lib/sanitizesData"));
|
|
90
22
|
function allArgumentsSanitized(rootEvent, event) {
|
|
91
23
|
return (event.parameters || [])
|
|
92
24
|
.filter(function (parameter) { return parameter.object_id; })
|
|
93
25
|
.every(function (parameter) {
|
|
94
|
-
var
|
|
26
|
+
var e_1, _a;
|
|
95
27
|
try {
|
|
96
|
-
for (var _b = __values(
|
|
28
|
+
for (var _b = __values((0, precedingEvents_1.default)(rootEvent, event)), _c = _b.next(); !_c.done; _c = _b.next()) {
|
|
97
29
|
var candidate = _c.value;
|
|
98
|
-
if (
|
|
30
|
+
if ((0, sanitizesData_1.default)(candidate.event, parameter.object_id, DeserializeSanitize)) {
|
|
99
31
|
return true;
|
|
100
32
|
}
|
|
101
33
|
}
|
|
102
34
|
}
|
|
103
|
-
catch (
|
|
35
|
+
catch (e_1_1) { e_1 = { error: e_1_1 }; }
|
|
104
36
|
finally {
|
|
105
37
|
try {
|
|
106
38
|
if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
|
|
107
39
|
}
|
|
108
|
-
finally { if (
|
|
40
|
+
finally { if (e_1) throw e_1.error; }
|
|
109
41
|
}
|
|
110
42
|
return false;
|
|
111
43
|
});
|
|
112
44
|
}
|
|
113
45
|
function build() {
|
|
114
46
|
function matcher(rootEvent) {
|
|
115
|
-
var
|
|
47
|
+
var e_2, _a;
|
|
116
48
|
try {
|
|
117
49
|
for (var _b = __values(new models_1.EventNavigator(rootEvent).descendants()), _c = _b.next(); !_c.done; _c = _b.next()) {
|
|
118
50
|
var event = _c.value;
|
|
@@ -125,7 +57,6 @@ function build() {
|
|
|
125
57
|
else {
|
|
126
58
|
return [
|
|
127
59
|
{
|
|
128
|
-
level: 'error',
|
|
129
60
|
event: event.event,
|
|
130
61
|
message: event.event + " deserializes untrusted data",
|
|
131
62
|
},
|
|
@@ -134,12 +65,12 @@ function build() {
|
|
|
134
65
|
}
|
|
135
66
|
}
|
|
136
67
|
}
|
|
137
|
-
catch (
|
|
68
|
+
catch (e_2_1) { e_2 = { error: e_2_1 }; }
|
|
138
69
|
finally {
|
|
139
70
|
try {
|
|
140
71
|
if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
|
|
141
72
|
}
|
|
142
|
-
finally { if (
|
|
73
|
+
finally { if (e_2) throw e_2.error; }
|
|
143
74
|
}
|
|
144
75
|
}
|
|
145
76
|
return {
|
|
@@ -148,11 +79,11 @@ function build() {
|
|
|
148
79
|
}
|
|
149
80
|
var DeserializeUnsafe = 'deserialize.unsafe';
|
|
150
81
|
var DeserializeSafe = 'deserialize.safe';
|
|
151
|
-
var
|
|
82
|
+
var DeserializeSanitize = 'deserialize.sanitize';
|
|
152
83
|
exports.default = {
|
|
153
84
|
id: 'deserialization-of-untrusted-data',
|
|
154
85
|
title: 'Deserialization of untrusted data',
|
|
155
|
-
labels: [DeserializeUnsafe, DeserializeSafe,
|
|
86
|
+
labels: [DeserializeUnsafe, DeserializeSafe, DeserializeSanitize],
|
|
156
87
|
impactDomain: 'Security',
|
|
157
88
|
enumerateScope: false,
|
|
158
89
|
// scope: //*[@command]
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deserializationOfUntrustedData.js","sourceRoot":"","sources":["../../src/rules/deserializationOfUntrustedData.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"deserializationOfUntrustedData.js","sourceRoot":"","sources":["../../src/rules/deserializationOfUntrustedData.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwD;AAExD,2BAA0B;AAC1B,oFAA8D;AAC9D,0EAAoD;AACpD,sEAAgD;AAEhD,SAAS,qBAAqB,CAAC,SAAgB,EAAE,KAAY;IAC3D,OAAO,CAAC,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,UAAC,SAAS,IAAK,OAAA,SAAS,CAAC,SAAS,EAAnB,CAAmB,CAAC;SAC1C,KAAK,CAAC,UAAC,SAAS;;;YACf,KAAwB,IAAA,KAAA,SAAA,IAAA,yBAAe,EAAC,SAAS,EAAE,KAAK,CAAC,CAAA,gBAAA,4BAAE;gBAAtD,IAAM,SAAS,WAAA;gBAClB,IAAI,IAAA,uBAAa,EAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,SAAU,EAAE,mBAAmB,CAAC,EAAE;oBAC7E,OAAO,IAAI,CAAC;iBACb;aACF;;;;;;;;;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,SAAgB;;;YAC/B,KAAoB,IAAA,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA,gBAAA,4BAAE;gBAA5D,IAAM,KAAK,WAAA;gBACd,mIAAmI;gBACnI,IACE,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC;oBACzC,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,UAAC,QAAQ,IAAK,OAAA,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,EAApC,CAAoC,CAAC,EACjF;oBACA,IAAI,qBAAqB,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE;wBACjD,OAAO;qBACR;yBAAM;wBACL,OAAO;4BACL;gCACE,KAAK,EAAE,KAAK,CAAC,KAAK;gCAClB,OAAO,EAAK,KAAK,CAAC,KAAK,iCAA8B;6BACtD;yBACF,CAAC;qBACH;iBACF;aACF;;;;;;;;;IACH,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,IAAM,iBAAiB,GAAG,oBAAoB,CAAC;AAC/C,IAAM,eAAe,GAAG,kBAAkB,CAAC;AAC3C,IAAM,mBAAmB,GAAG,sBAAsB,CAAC;AAEnD,kBAAe;IACb,EAAE,EAAE,mCAAmC;IACvC,KAAK,EAAE,mCAAmC;IAC1C,MAAM,EAAE,CAAC,iBAAiB,EAAE,eAAe,EAAE,mBAAmB,CAAC;IACjE,YAAY,EAAE,UAAU;IACxB,cAAc,EAAE,KAAK;IACrB,uBAAuB;IACvB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;QACrE,eAAe,EAAE,IAAI,SAAG,CAAC,0DAA0D,CAAC;KACrF;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,gCAAgC,CAAC;IACnE,GAAG,EAAE,0FAA0F;IAC/F,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __values = (this && this.__values) || function(o) {
|
|
3
|
+
var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
|
|
4
|
+
if (m) return m.call(o);
|
|
5
|
+
if (o && typeof o.length === "number") return {
|
|
6
|
+
next: function () {
|
|
7
|
+
if (o && i >= o.length) o = void 0;
|
|
8
|
+
return { value: o && o[i++], done: !o };
|
|
9
|
+
}
|
|
10
|
+
};
|
|
11
|
+
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
|
|
12
|
+
};
|
|
13
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
14
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
var models_1 = require("@appland/models");
|
|
18
|
+
var url_1 = require("url");
|
|
19
|
+
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
20
|
+
var precedingEvents_1 = __importDefault(require("./lib/precedingEvents"));
|
|
21
|
+
var sanitizesData_1 = __importDefault(require("./lib/sanitizesData"));
|
|
22
|
+
function allArgumentsSanitized(rootEvent, event) {
|
|
23
|
+
return (event.parameters || [])
|
|
24
|
+
.filter(function (parameter) { return parameter.object_id; })
|
|
25
|
+
.every(function (parameter) {
|
|
26
|
+
var e_1, _a;
|
|
27
|
+
try {
|
|
28
|
+
for (var _b = __values((0, precedingEvents_1.default)(rootEvent, event)), _c = _b.next(); !_c.done; _c = _b.next()) {
|
|
29
|
+
var candidate = _c.value;
|
|
30
|
+
if ((0, sanitizesData_1.default)(candidate.event, parameter.object_id, ExecSanitize)) {
|
|
31
|
+
return true;
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
catch (e_1_1) { e_1 = { error: e_1_1 }; }
|
|
36
|
+
finally {
|
|
37
|
+
try {
|
|
38
|
+
if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
|
|
39
|
+
}
|
|
40
|
+
finally { if (e_1) throw e_1.error; }
|
|
41
|
+
}
|
|
42
|
+
return false;
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
function build() {
|
|
46
|
+
function matcher(rootEvent) {
|
|
47
|
+
var e_2, _a;
|
|
48
|
+
try {
|
|
49
|
+
for (var _b = __values(new models_1.EventNavigator(rootEvent).descendants()), _c = _b.next(); !_c.done; _c = _b.next()) {
|
|
50
|
+
var event = _c.value;
|
|
51
|
+
if (event.event.labels.has(Exec) &&
|
|
52
|
+
!event.event.ancestors().find(function (ancestor) { return ancestor.labels.has(ExecSafe); })) {
|
|
53
|
+
if (allArgumentsSanitized(rootEvent, event.event)) {
|
|
54
|
+
return;
|
|
55
|
+
}
|
|
56
|
+
else {
|
|
57
|
+
return [
|
|
58
|
+
{
|
|
59
|
+
event: event.event,
|
|
60
|
+
message: event.event + " executes an untrusted command string",
|
|
61
|
+
},
|
|
62
|
+
];
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
catch (e_2_1) { e_2 = { error: e_2_1 }; }
|
|
68
|
+
finally {
|
|
69
|
+
try {
|
|
70
|
+
if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
|
|
71
|
+
}
|
|
72
|
+
finally { if (e_2) throw e_2.error; }
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
return {
|
|
76
|
+
matcher: matcher,
|
|
77
|
+
};
|
|
78
|
+
}
|
|
79
|
+
var Exec = 'system.exec';
|
|
80
|
+
var ExecSafe = 'system.exec.safe';
|
|
81
|
+
var ExecSanitize = 'system.exec.sanitize';
|
|
82
|
+
exports.default = {
|
|
83
|
+
id: 'exec-of-untrusted-command',
|
|
84
|
+
title: 'Execution of untrusted system command',
|
|
85
|
+
labels: [Exec, ExecSafe, ExecSanitize],
|
|
86
|
+
impactDomain: 'Security',
|
|
87
|
+
enumerateScope: false,
|
|
88
|
+
// scope: //*[@command]
|
|
89
|
+
references: {
|
|
90
|
+
'CWE-78': new url_1.URL('https://cwe.mitre.org/data/definitions/78.html'),
|
|
91
|
+
},
|
|
92
|
+
description: (0, parseRuleDescription_1.default)('execOfUntrustedCommand'),
|
|
93
|
+
url: 'https://appland.com/docs/analysis/rules-reference.html#exec-of-untrusted-command',
|
|
94
|
+
build: build,
|
|
95
|
+
};
|
|
96
|
+
//# sourceMappingURL=execOfUntrustedCommand.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"execOfUntrustedCommand.js","sourceRoot":"","sources":["../../src/rules/execOfUntrustedCommand.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwD;AACxD,2BAA0B;AAE1B,oFAA8D;AAC9D,0EAAoD;AACpD,sEAAgD;AAEhD,SAAS,qBAAqB,CAAC,SAAgB,EAAE,KAAY;IAC3D,OAAO,CAAC,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,UAAC,SAAS,IAAK,OAAA,SAAS,CAAC,SAAS,EAAnB,CAAmB,CAAC;SAC1C,KAAK,CAAC,UAAC,SAAS;;;YACf,KAAwB,IAAA,KAAA,SAAA,IAAA,yBAAe,EAAC,SAAS,EAAE,KAAK,CAAC,CAAA,gBAAA,4BAAE;gBAAtD,IAAM,SAAS,WAAA;gBAClB,IAAI,IAAA,uBAAa,EAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,SAAU,EAAE,YAAY,CAAC,EAAE;oBACtE,OAAO,IAAI,CAAC;iBACb;aACF;;;;;;;;;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,SAAgB;;;YAC/B,KAAoB,IAAA,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA,gBAAA,4BAAE;gBAA5D,IAAM,KAAK,WAAA;gBACd,IACE,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC;oBAC5B,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,UAAC,QAAQ,IAAK,OAAA,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,EAA7B,CAA6B,CAAC,EAC1E;oBACA,IAAI,qBAAqB,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE;wBACjD,OAAO;qBACR;yBAAM;wBACL,OAAO;4BACL;gCACE,KAAK,EAAE,KAAK,CAAC,KAAK;gCAClB,OAAO,EAAK,KAAK,CAAC,KAAK,0CAAuC;6BAC/D;yBACF,CAAC;qBACH;iBACF;aACF;;;;;;;;;IACH,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,IAAM,IAAI,GAAG,aAAa,CAAC;AAC3B,IAAM,QAAQ,GAAG,kBAAkB,CAAC;AACpC,IAAM,YAAY,GAAG,sBAAsB,CAAC;AAE5C,kBAAe;IACb,EAAE,EAAE,2BAA2B;IAC/B,KAAK,EAAE,uCAAuC;IAC9C,MAAM,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,YAAY,CAAC;IACtC,YAAY,EAAE,UAAU;IACxB,cAAc,EAAE,KAAK;IACrB,uBAAuB;IACvB,UAAU,EAAE;QACV,QAAQ,EAAE,IAAI,SAAG,CAAC,gDAAgD,CAAC;KACpE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,wBAAwB,CAAC;IAC3D,GAAG,EAAE,kFAAkF;IACvF,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -27,7 +27,13 @@ function build(options) {
|
|
|
27
27
|
var parentPackage = e.parent.codeObject.packageOf;
|
|
28
28
|
if (!(e.codeObject.packageOf === parentPackage ||
|
|
29
29
|
callerPatterns.some(function (pattern) { return pattern(parentPackage); }))) {
|
|
30
|
-
return
|
|
30
|
+
return [
|
|
31
|
+
{
|
|
32
|
+
event: e,
|
|
33
|
+
message: "Code object " + e.codeObject.id + " was invoked from " + parentPackage + ", not from " + packageNamesStr,
|
|
34
|
+
relatedEvents: [e.parent],
|
|
35
|
+
},
|
|
36
|
+
];
|
|
31
37
|
}
|
|
32
38
|
}
|
|
33
39
|
return { where: where, matcher: matcher };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"illegalPackageDependency.js","sourceRoot":"","sources":["../../src/rules/illegalPackageDependency.ts"],"names":[],"mappings":";;;;;AAIA,mDAA+D;AAC/D,2BAA0B;AAC1B,oFAA8D;AAE9D;IAAA;QACS,mBAAc,GAAyB,EAAE,CAAC;QAC1C,kBAAa,GAAuB,EAAwB,CAAC;IACtE,CAAC;IAAD,cAAC;AAAD,CAAC,AAHD,IAGC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,cAAc,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;IAClE,IAAM,aAAa,GAAG,IAAA,0BAAW,EAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAEzD,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SAAS,IAAI,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACjG,CAAC;IAED,SAAS,OAAO,CAAC,CAAQ;QACvB,IAAM,eAAe,GAAG,OAAO,CAAC,cAAc;aAC3C,GAAG,CAAC,UAAC,MAAM,IAAK,OAAA,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,EAA9C,CAA8C,CAAC;aAC/D,GAAG,CAAC,MAAM,CAAC;aACX,IAAI,CAAC,MAAM,CAAC,CAAC;QAEhB,IAAM,aAAa,GAAG,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SAAS,CAAC;QACrD,IACE,CAAC,CACC,CAAC,CAAC,UAAU,CAAC,SAAS,KAAK,aAAa;YACxC,cAAc,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,OAAO,CAAC,aAAa,CAAC,EAAtB,CAAsB,CAAC,CACzD,EACD;YACA,OAAO,iBAAe,CAAC,CAAC,UAAU,CAAC,EAAE,0BAAqB,aAAa,mBAAc,eAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"illegalPackageDependency.js","sourceRoot":"","sources":["../../src/rules/illegalPackageDependency.ts"],"names":[],"mappings":";;;;;AAIA,mDAA+D;AAC/D,2BAA0B;AAC1B,oFAA8D;AAE9D;IAAA;QACS,mBAAc,GAAyB,EAAE,CAAC;QAC1C,kBAAa,GAAuB,EAAwB,CAAC;IACtE,CAAC;IAAD,cAAC;AAAD,CAAC,AAHD,IAGC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,cAAc,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;IAClE,IAAM,aAAa,GAAG,IAAA,0BAAW,EAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAEzD,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SAAS,IAAI,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACjG,CAAC;IAED,SAAS,OAAO,CAAC,CAAQ;QACvB,IAAM,eAAe,GAAG,OAAO,CAAC,cAAc;aAC3C,GAAG,CAAC,UAAC,MAAM,IAAK,OAAA,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,EAA9C,CAA8C,CAAC;aAC/D,GAAG,CAAC,MAAM,CAAC;aACX,IAAI,CAAC,MAAM,CAAC,CAAC;QAEhB,IAAM,aAAa,GAAG,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SAAS,CAAC;QACrD,IACE,CAAC,CACC,CAAC,CAAC,UAAU,CAAC,SAAS,KAAK,aAAa;YACxC,cAAc,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,OAAO,CAAC,aAAa,CAAC,EAAtB,CAAsB,CAAC,CACzD,EACD;YACA,OAAO;gBACL;oBACE,KAAK,EAAE,CAAC;oBACR,OAAO,EAAE,iBAAe,CAAC,CAAC,UAAU,CAAC,EAAE,0BAAqB,aAAa,mBAAc,eAAiB;oBACxG,aAAa,EAAE,CAAC,CAAC,CAAC,MAAO,CAAC;iBAC3B;aACF,CAAC;SACH;IACH,CAAC;IAED,OAAO,EAAE,KAAK,OAAA,EAAE,OAAO,SAAA,EAAE,CAAC;AAC5B,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,4BAA4B;IAChC,KAAK,EAAE,kDAAkD;IACzD,uBAAuB;IACvB,KAAK,EAAE,SAAS;IAChB,cAAc,EAAE,IAAI;IACpB,YAAY,EAAE,iBAAiB;IAC/B,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;QACvE,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,0BAA0B,CAAC;IAC7D,GAAG,EAAE,mFAAmF;IACxF,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|