npm - @appland/scanner - Versions diffs - 1.46.2 → 1.48.0 - Mend

@appland/scanner 1.46.2 → 1.48.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

package/built/cli/ci/command.js +17 -15
package/built/cli/ci/command.js.map +1 -1
package/built/cli/scan/command.js +11 -7
package/built/cli/scan/command.js.map +1 -1
package/built/cli/scan/scanner.js +15 -25
package/built/cli/scan/scanner.js.map +1 -1
package/built/ruleChecker.js +13 -7
package/built/ruleChecker.js.map +1 -1
package/built/rules/authzBeforeAuthn.js +0 -1
package/built/rules/authzBeforeAuthn.js.map +1 -1
package/built/rules/deserializationOfUntrustedData.js +12 -81
package/built/rules/deserializationOfUntrustedData.js.map +1 -1
package/built/rules/execOfUntrustedCommand.js +96 -0
package/built/rules/execOfUntrustedCommand.js.map +1 -0
package/built/rules/illegalPackageDependency.js +7 -1
package/built/rules/illegalPackageDependency.js.map +1 -1
package/built/rules/incompatibleHttpClientRequest.js +1 -1
package/built/rules/incompatibleHttpClientRequest.js.map +1 -1
package/built/rules/jobNotCancelled.js +0 -1
package/built/rules/jobNotCancelled.js.map +1 -1
package/built/rules/lib/parseRuleDescription.js +4 -3
package/built/rules/lib/parseRuleDescription.js.map +1 -1
package/built/rules/lib/precedingEvents.js +80 -0
package/built/rules/lib/precedingEvents.js.map +1 -0
package/built/rules/lib/sanitizesData.js +10 -0
package/built/rules/lib/sanitizesData.js.map +1 -0
package/built/rules/logoutWithoutSessionReset.js +0 -1
package/built/rules/logoutWithoutSessionReset.js.map +1 -1
package/built/rules/missingAuthentication.js +3 -3
package/built/rules/missingAuthentication.js.map +1 -1
package/built/rules/queryFromInvalidPackage.js +7 -2
package/built/rules/queryFromInvalidPackage.js.map +1 -1
package/built/rules/queryFromView.js +12 -1
package/built/rules/queryFromView.js.map +1 -1
package/built/rules/secretInLog.js +11 -9
package/built/rules/secretInLog.js.map +1 -1
package/built/rules/tooManyJoins.js +0 -1
package/built/rules/tooManyJoins.js.map +1 -1
package/built/rules/tooManyUpdates.js +0 -1
package/built/rules/tooManyUpdates.js.map +1 -1
package/built/sampleConfig/default.yml +2 -1
package/built/scope/commandScope.js.map +1 -1
package/built/scope/rootScope.js.map +1 -1
package/built/scope/scopeIterator.js.map +1 -1
package/built/scope/sqlTransactionScope.js +2 -2
package/built/scope/sqlTransactionScope.js.map +1 -1
package/doc/labels/{public.md → access.public.md} +1 -1
package/doc/labels/deserialize.safe.md +2 -0
package/doc/labels/deserialize.sanitize.md +22 -0
package/doc/labels/deserialize.unsafe.md +2 -0
package/doc/labels/system.exec.md +7 -0
package/doc/labels/system.exec.safe.md +7 -0
package/doc/labels/system.exec.sanitize.md +22 -0
package/doc/rules/deserializationOfUntrustedData.md +1 -1
package/doc/rules/execOfUntrustedCommand.md +16 -0
package/doc/rules/missingAuthentication.md +1 -1
package/package.json +1 -1
package/doc/labels/sanitize.md +0 -29

package/doc/labels/sanitize.md DELETED Viewed

@@ -1,29 +0,0 @@
----
-name: sanitize
-rules:
-  - deserialization-of-untrusted-data
----
-Ensures that data is safe and trusted, transforming it if necessary, and returning `falsey` or
-raising an exception if it's impossible to make the data safe.
-A function with this label can be used to convert untrusted data such as direct user input or HTTP
-request parameters into trusted data.
-Note that this is not the same as ensuring that a parameter satisfies business logic constraints -
-such as presence or max length. It's a security check that ensures the data cannot cause downstream
-harm.
-To be considered successful, a `sanitize` function must return a `truthy` value.
-## Examples
-- Sanitizing HTML by removing all potentially harmful elements, such as script tags.
-- Ensuring that SQL queries are properly escaped.
-- Running user-provided YAML through a "safe loader" which discards unsafe syntax such as object
-  class names.
-- Ensuring that a user-provided file path is a subdirectory of a known allowed directory.
-- Ensuring that a system command string does not have any potential injection or side-effects.
-- Ruby -
-  [sanitize_filename](https://github.com/technoweenie/attachment_fu/blob/fa08cb03914b02b66853b4615cd3eca768291ca7/lib/technoweenie/attachment_fu.rb#L410)
-  in `attachment_fu`.