@appland/scanner 1.46.3 → 1.49.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/built/analyzer/recordSecrets.js +29 -3
- package/built/analyzer/recordSecrets.js.map +1 -1
- package/built/ruleChecker.js +44 -18
- package/built/ruleChecker.js.map +1 -1
- package/built/rules/authzBeforeAuthn.js +0 -1
- package/built/rules/authzBeforeAuthn.js.map +1 -1
- package/built/rules/circularDependency.js +0 -2
- package/built/rules/circularDependency.js.map +1 -1
- package/built/rules/deserializationOfUntrustedData.js +12 -82
- package/built/rules/deserializationOfUntrustedData.js.map +1 -1
- package/built/rules/execOfUntrustedCommand.js +95 -0
- package/built/rules/execOfUntrustedCommand.js.map +1 -0
- package/built/rules/http500.js +0 -1
- package/built/rules/http500.js.map +1 -1
- package/built/rules/illegalPackageDependency.js +7 -1
- package/built/rules/illegalPackageDependency.js.map +1 -1
- package/built/rules/incompatibleHttpClientRequest.js +1 -1
- package/built/rules/incompatibleHttpClientRequest.js.map +1 -1
- package/built/rules/insecureCompare.js +0 -1
- package/built/rules/insecureCompare.js.map +1 -1
- package/built/rules/jobNotCancelled.js +0 -1
- package/built/rules/jobNotCancelled.js.map +1 -1
- package/built/rules/lib/parseRuleDescription.js +4 -3
- package/built/rules/lib/parseRuleDescription.js.map +1 -1
- package/built/rules/lib/precedingEvents.js +80 -0
- package/built/rules/lib/precedingEvents.js.map +1 -0
- package/built/rules/lib/sanitizesData.js +10 -0
- package/built/rules/lib/sanitizesData.js.map +1 -0
- package/built/rules/lib/util.js +18 -2
- package/built/rules/lib/util.js.map +1 -1
- package/built/rules/logoutWithoutSessionReset.js +0 -1
- package/built/rules/logoutWithoutSessionReset.js.map +1 -1
- package/built/rules/missingAuthentication.js +3 -3
- package/built/rules/missingAuthentication.js.map +1 -1
- package/built/rules/queryFromInvalidPackage.js +7 -2
- package/built/rules/queryFromInvalidPackage.js.map +1 -1
- package/built/rules/queryFromView.js +12 -1
- package/built/rules/queryFromView.js.map +1 -1
- package/built/rules/secretInLog.js +11 -9
- package/built/rules/secretInLog.js.map +1 -1
- package/built/rules/tooManyJoins.js +0 -2
- package/built/rules/tooManyJoins.js.map +1 -1
- package/built/rules/tooManyUpdates.js +0 -1
- package/built/rules/tooManyUpdates.js.map +1 -1
- package/built/rules/unbatchedMaterializedQuery.js +0 -1
- package/built/rules/unbatchedMaterializedQuery.js.map +1 -1
- package/built/sampleConfig/default.yml +2 -1
- package/built/scope/commandScope.js +2 -3
- package/built/scope/commandScope.js.map +1 -1
- package/doc/labels/{public.md → access.public.md} +1 -1
- package/doc/labels/command.perform.md +7 -0
- package/doc/labels/deserialize.safe.md +2 -0
- package/doc/labels/deserialize.sanitize.md +22 -0
- package/doc/labels/deserialize.unsafe.md +2 -0
- package/doc/labels/job.perform.md +6 -0
- package/doc/labels/system.exec.md +7 -0
- package/doc/labels/system.exec.safe.md +7 -0
- package/doc/labels/system.exec.sanitize.md +22 -0
- package/doc/rules/circularDependency.md +0 -1
- package/doc/rules/deserializationOfUntrustedData.md +1 -1
- package/doc/rules/execOfUntrustedCommand.md +16 -0
- package/doc/rules/missingAuthentication.md +1 -1
- package/doc/rules/tooManyJoins.md +0 -1
- package/doc/rules/unbatchedMaterializedQuery.md +0 -1
- package/package.json +1 -1
- package/doc/labels/sanitize.md +0 -29
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"insecureCompare.js","sourceRoot":"","sources":["../../src/rules/insecureCompare.ts"],"names":[],"mappings":";;;;;AACA,2BAA0B;AAC1B,4EAAsD;AACtD,6DAAyD;AAEzD,oFAA8D;AAE9D,IAAM,aAAa,GAAG,gEAAgE,CAAC;AAEvF,IAAM,OAAO,GAAgB,IAAI,GAAG,EAAE,CAAC;AAEvC,SAAS,YAAY,CAAC,CAAQ;IAC5B,IAAI,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,UAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QAC9D,OAAO,KAAK,CAAC;KACd;IAED,IAAM,IAAI,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAEvD,SAAS,QAAQ,CAAC,GAAW;QAC3B,OAAO,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,SAAS,QAAQ,CAAC,GAAW;QAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAA,4BAAW,EAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;IAED,sDAAsD;IACtD,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,CAAQ;QACvB,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;YACnC,IAAA,uBAAa,EAAC,OAAO,EAAE,CAAC,CAAC,CAAC;SAC3B;QACD,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YACzC,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;SACxB;IACH,CAAC;IAED,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CACL,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAC3F,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO,SAAA;QACP,KAAK,OAAA;KACN,CAAC;AACJ,CAAC;AAED,IAAM,MAAM,GAAG,QAAQ,CAAC;AACxB,IAAM,YAAY,GAAG,eAAe,CAAC;AAErC,kBAAe;IACb,EAAE,EAAE,kBAAkB;IACtB,KAAK,EAAE,gCAAgC;IACvC,MAAM,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,
|
|
1
|
+
{"version":3,"file":"insecureCompare.js","sourceRoot":"","sources":["../../src/rules/insecureCompare.ts"],"names":[],"mappings":";;;;;AACA,2BAA0B;AAC1B,4EAAsD;AACtD,6DAAyD;AAEzD,oFAA8D;AAE9D,IAAM,aAAa,GAAG,gEAAgE,CAAC;AAEvF,IAAM,OAAO,GAAgB,IAAI,GAAG,EAAE,CAAC;AAEvC,SAAS,YAAY,CAAC,CAAQ;IAC5B,IAAI,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,UAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QAC9D,OAAO,KAAK,CAAC;KACd;IAED,IAAM,IAAI,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAEvD,SAAS,QAAQ,CAAC,GAAW;QAC3B,OAAO,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,SAAS,QAAQ,CAAC,GAAW;QAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAA,4BAAW,EAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;IAED,sDAAsD;IACtD,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,CAAQ;QACvB,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;YACnC,IAAA,uBAAa,EAAC,OAAO,EAAE,CAAC,CAAC,CAAC;SAC3B;QACD,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YACzC,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;SACxB;IACH,CAAC;IAED,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CACL,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAC3F,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO,SAAA;QACP,KAAK,OAAA;KACN,CAAC;AACJ,CAAC;AAED,IAAM,MAAM,GAAG,QAAQ,CAAC;AACxB,IAAM,YAAY,GAAG,eAAe,CAAC;AAErC,kBAAe;IACb,EAAE,EAAE,kBAAkB;IACtB,KAAK,EAAE,gCAAgC;IACvC,MAAM,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,cAAc,EAAE,IAAI;IACpB,YAAY,EAAE,UAAU;IACxB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;KACtE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,iBAAiB,CAAC;IACpD,GAAG,EAAE,yEAAyE;IAC9E,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -50,7 +50,6 @@ function build() {
|
|
|
50
50
|
if (missing === 0)
|
|
51
51
|
return;
|
|
52
52
|
var result = {
|
|
53
|
-
level: 'error',
|
|
54
53
|
event: event,
|
|
55
54
|
message: missing + " jobs created but not cancelled in this rolled back transaction",
|
|
56
55
|
// if there's a mismatch and there are cancellations we can't tell
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jobNotCancelled.js","sourceRoot":"","sources":["../../src/rules/jobNotCancelled.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,uEAAwC;AACxC,oEAAqE;AACrE,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,KAAY;QAC3B,IAAI,CAAC,IAAA,2CAAqB,EAAC,KAAK,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,oBAAkB,KAAK,CAAC,EAAE,yBAAsB,CAAC,CAAC;QACpE,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,KAAK,QAAQ;YAAE,OAAO;QAElD,IAAM,cAAc,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,UAAC,EAAU;gBAAR,MAAM,YAAA;YAC9D,OAAA,MAAM,CAAC,GAAG,CAAC,yBAAM,CAAC,SAAS,CAAC;QAA5B,CAA4B,CAC7B,CAAC;QACF,IAAM,kBAAkB,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,UAAC,EAAU;gBAAR,MAAM,YAAA;YAClE,OAAA,MAAM,CAAC,GAAG,CAAC,yBAAM,CAAC,SAAS,CAAC;QAA5B,CAA4B,CAC7B,CAAC;QACF,IAAM,OAAO,GAAG,cAAc,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC;QAClE,IAAI,OAAO,KAAK,CAAC;YAAE,OAAO;QAE1B,IAAM,MAAM,GAAgB;YAC1B,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"jobNotCancelled.js","sourceRoot":"","sources":["../../src/rules/jobNotCancelled.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,uEAAwC;AACxC,oEAAqE;AACrE,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,KAAY;QAC3B,IAAI,CAAC,IAAA,2CAAqB,EAAC,KAAK,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,oBAAkB,KAAK,CAAC,EAAE,yBAAsB,CAAC,CAAC;QACpE,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,KAAK,QAAQ;YAAE,OAAO;QAElD,IAAM,cAAc,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,UAAC,EAAU;gBAAR,MAAM,YAAA;YAC9D,OAAA,MAAM,CAAC,GAAG,CAAC,yBAAM,CAAC,SAAS,CAAC;QAA5B,CAA4B,CAC7B,CAAC;QACF,IAAM,kBAAkB,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,UAAC,EAAU;gBAAR,MAAM,YAAA;YAClE,OAAA,MAAM,CAAC,GAAG,CAAC,yBAAM,CAAC,SAAS,CAAC;QAA5B,CAA4B,CAC7B,CAAC;QACF,IAAM,OAAO,GAAG,cAAc,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC;QAClE,IAAI,OAAO,KAAK,CAAC;YAAE,OAAO;QAE1B,IAAM,MAAM,GAAgB;YAC1B,KAAK,EAAE,KAAK;YACZ,OAAO,EAAK,OAAO,oEAAiE;YACpF,kEAAkE;YAClE,4DAA4D;YAC5D,aAAa,yCAAM,cAAc,kBAAK,kBAAkB,SAAC;SAC1D,CAAC;QAEF,OAAO,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,mBAAmB;IACvB,KAAK,EAAE,4DAA4D;IACnE,KAAK,EAAE,aAAa;IACpB,cAAc,EAAE,KAAK;IACrB,MAAM,EAAE,CAAC,yBAAM,CAAC,SAAS,EAAE,yBAAM,CAAC,SAAS,CAAC;IAC5C,YAAY,EAAE,WAAW;IACzB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;KACtE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,iBAAiB,CAAC;IACpD,GAAG,EAAE,0EAA0E;IAC/E,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -4,13 +4,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
var fs_1 = __importDefault(require("fs"));
|
|
7
|
-
var errors_1 = require("../../errors");
|
|
8
7
|
var path_1 = require("path");
|
|
9
8
|
function parseRuleDescription(id) {
|
|
10
9
|
var content = fs_1.default.readFileSync((0, path_1.join)(__dirname, "../../../doc/rules/" + id + ".md"), 'utf-8');
|
|
11
|
-
var propertiesContent = content.match(/---\n((?:.*\n)+)---\n((?:.*\n)+?)
|
|
10
|
+
var propertiesContent = content.match(/---\n((?:.*\n)+)---\n((?:.*\n)+?)##?#?/);
|
|
12
11
|
if (!propertiesContent) {
|
|
13
|
-
|
|
12
|
+
// This is probably a new doc that doesn't have front matter yet.
|
|
13
|
+
// It's all description.
|
|
14
|
+
return content;
|
|
14
15
|
}
|
|
15
16
|
return propertiesContent[2].replace(/\n/g, ' ').trim();
|
|
16
17
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parseRuleDescription.js","sourceRoot":"","sources":["../../../src/rules/lib/parseRuleDescription.ts"],"names":[],"mappings":";;;;;AAAA,0CAAoB;AACpB,
|
|
1
|
+
{"version":3,"file":"parseRuleDescription.js","sourceRoot":"","sources":["../../../src/rules/lib/parseRuleDescription.ts"],"names":[],"mappings":";;;;;AAAA,0CAAoB;AACpB,6BAA4B;AAE5B,SAAwB,oBAAoB,CAAC,EAAU;IACrD,IAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,IAAA,WAAI,EAAC,SAAS,EAAE,wBAAsB,EAAE,QAAK,CAAC,EAAE,OAAO,CAAC,CAAC;IACzF,IAAM,iBAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAElF,IAAI,CAAC,iBAAiB,EAAE;QACtB,iEAAiE;QACjE,wBAAwB;QACxB,OAAO,OAAO,CAAC;KAChB;IAED,OAAO,iBAAiB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AACzD,CAAC;AAXD,uCAWC"}
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
3
|
+
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
|
|
4
|
+
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
|
5
|
+
function verb(n) { return function (v) { return step([n, v]); }; }
|
|
6
|
+
function step(op) {
|
|
7
|
+
if (f) throw new TypeError("Generator is already executing.");
|
|
8
|
+
while (_) try {
|
|
9
|
+
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
10
|
+
if (y = 0, t) op = [op[0] & 2, t.value];
|
|
11
|
+
switch (op[0]) {
|
|
12
|
+
case 0: case 1: t = op; break;
|
|
13
|
+
case 4: _.label++; return { value: op[1], done: false };
|
|
14
|
+
case 5: _.label++; y = op[1]; op = [0]; continue;
|
|
15
|
+
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
|
16
|
+
default:
|
|
17
|
+
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
|
18
|
+
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
|
19
|
+
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
|
20
|
+
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
|
21
|
+
if (t[2]) _.ops.pop();
|
|
22
|
+
_.trys.pop(); continue;
|
|
23
|
+
}
|
|
24
|
+
op = body.call(thisArg, _);
|
|
25
|
+
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
|
26
|
+
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
27
|
+
}
|
|
28
|
+
};
|
|
29
|
+
var __values = (this && this.__values) || function(o) {
|
|
30
|
+
var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
|
|
31
|
+
if (m) return m.call(o);
|
|
32
|
+
if (o && typeof o.length === "number") return {
|
|
33
|
+
next: function () {
|
|
34
|
+
if (o && i >= o.length) o = void 0;
|
|
35
|
+
return { value: o && o[i++], done: !o };
|
|
36
|
+
}
|
|
37
|
+
};
|
|
38
|
+
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
|
|
39
|
+
};
|
|
40
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
41
|
+
var models_1 = require("@appland/models");
|
|
42
|
+
function precedingEvents(rootEvent, target) {
|
|
43
|
+
var _a, _b, event, e_1_1;
|
|
44
|
+
var e_1, _c;
|
|
45
|
+
return __generator(this, function (_d) {
|
|
46
|
+
switch (_d.label) {
|
|
47
|
+
case 0:
|
|
48
|
+
_d.trys.push([0, 5, 6, 7]);
|
|
49
|
+
_a = __values(new models_1.EventNavigator(rootEvent).descendants()), _b = _a.next();
|
|
50
|
+
_d.label = 1;
|
|
51
|
+
case 1:
|
|
52
|
+
if (!!_b.done) return [3 /*break*/, 4];
|
|
53
|
+
event = _b.value;
|
|
54
|
+
if (event.event === target) {
|
|
55
|
+
return [3 /*break*/, 4];
|
|
56
|
+
}
|
|
57
|
+
return [4 /*yield*/, event];
|
|
58
|
+
case 2:
|
|
59
|
+
_d.sent();
|
|
60
|
+
_d.label = 3;
|
|
61
|
+
case 3:
|
|
62
|
+
_b = _a.next();
|
|
63
|
+
return [3 /*break*/, 1];
|
|
64
|
+
case 4: return [3 /*break*/, 7];
|
|
65
|
+
case 5:
|
|
66
|
+
e_1_1 = _d.sent();
|
|
67
|
+
e_1 = { error: e_1_1 };
|
|
68
|
+
return [3 /*break*/, 7];
|
|
69
|
+
case 6:
|
|
70
|
+
try {
|
|
71
|
+
if (_b && !_b.done && (_c = _a.return)) _c.call(_a);
|
|
72
|
+
}
|
|
73
|
+
finally { if (e_1) throw e_1.error; }
|
|
74
|
+
return [7 /*endfinally*/];
|
|
75
|
+
case 7: return [2 /*return*/];
|
|
76
|
+
}
|
|
77
|
+
});
|
|
78
|
+
}
|
|
79
|
+
exports.default = precedingEvents;
|
|
80
|
+
//# sourceMappingURL=precedingEvents.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"precedingEvents.js","sourceRoot":"","sources":["../../../src/rules/lib/precedingEvents.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAAwD;AAExD,SAAyB,eAAe,CACtC,SAAgB,EAChB,MAAa;;;;;;;gBAEO,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA;;;;gBAApD,KAAK;gBACd,IAAI,KAAK,CAAC,KAAK,KAAK,MAAM,EAAE;oBAC1B,wBAAM;iBACP;gBACD,qBAAM,KAAK,EAAA;;gBAAX,SAAW,CAAC;;;;;;;;;;;;;;;;;;;CAEf;AAVD,kCAUC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
function sanitizesData(event, objectId, label) {
|
|
4
|
+
return (event.labels.has(label) &&
|
|
5
|
+
!!event.returnValue &&
|
|
6
|
+
!!event.returnValue.object_id &&
|
|
7
|
+
event.returnValue.object_id === objectId);
|
|
8
|
+
}
|
|
9
|
+
exports.default = sanitizesData;
|
|
10
|
+
//# sourceMappingURL=sanitizesData.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sanitizesData.js","sourceRoot":"","sources":["../../../src/rules/lib/sanitizesData.ts"],"names":[],"mappings":";;AAEA,SAAwB,aAAa,CAAC,KAAY,EAAE,QAAgB,EAAE,KAAa;IACjF,OAAO,CACL,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC;QACvB,CAAC,CAAC,KAAK,CAAC,WAAW;QACnB,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS;QAC7B,KAAK,CAAC,WAAW,CAAC,SAAS,KAAK,QAAQ,CACzC,CAAC;AACJ,CAAC;AAPD,gCAOC"}
|
package/built/rules/lib/util.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.verbose = exports.toRegExpArray = exports.responseContentType = exports.toRegExp = exports.providesAuthentication = exports.isRoot = exports.ideLink = exports.isTruthy = exports.isFalsey = exports.emptyValue = exports.capitalize = exports.appMapDir = void 0;
|
|
3
|
+
exports.verbose = exports.toRegExpArray = exports.responseContentType = exports.toRegExp = exports.providesAuthentication = exports.parseValue = exports.isRoot = exports.ideLink = exports.isTruthy = exports.isFalsey = exports.emptyValue = exports.capitalize = exports.appMapDir = void 0;
|
|
4
4
|
var path_1 = require("path");
|
|
5
5
|
var isVerbose = false;
|
|
6
6
|
function verbose(v) {
|
|
@@ -47,16 +47,32 @@ function isFalsey(valueObj) {
|
|
|
47
47
|
if (valueObj.class === 'Array' && valueObj.value === '[]') {
|
|
48
48
|
return true;
|
|
49
49
|
}
|
|
50
|
+
if (valueObj.class === 'Symbol' && valueObj.value === ':failure') {
|
|
51
|
+
return true;
|
|
52
|
+
}
|
|
50
53
|
if (valueObj.value === '') {
|
|
51
54
|
return true;
|
|
52
55
|
}
|
|
53
56
|
return false;
|
|
54
57
|
}
|
|
55
58
|
exports.isFalsey = isFalsey;
|
|
59
|
+
function isArray(valueObj) {
|
|
60
|
+
return valueObj.class === 'Array';
|
|
61
|
+
}
|
|
62
|
+
function parseValue(valueObj) {
|
|
63
|
+
if (isArray(valueObj) && valueObj.value.length > 2) {
|
|
64
|
+
return valueObj.value
|
|
65
|
+
.slice(1, valueObj.value.length - 1)
|
|
66
|
+
.split(',')
|
|
67
|
+
.map(function (v) { return v.trim(); });
|
|
68
|
+
}
|
|
69
|
+
return [valueObj.value];
|
|
70
|
+
}
|
|
71
|
+
exports.parseValue = parseValue;
|
|
56
72
|
var isTruthy = function (valueObj) { return !isFalsey(valueObj); };
|
|
57
73
|
exports.isTruthy = isTruthy;
|
|
58
74
|
function providesAuthentication(event, label) {
|
|
59
|
-
return event.returnValue && event.labels.has(label) && isTruthy(event.returnValue
|
|
75
|
+
return event.returnValue && event.labels.has(label) && isTruthy(event.returnValue);
|
|
60
76
|
}
|
|
61
77
|
exports.providesAuthentication = providesAuthentication;
|
|
62
78
|
function ideLink(filePath, ide, eventId) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.js","sourceRoot":"","sources":["../../../src/rules/lib/util.ts"],"names":[],"mappings":";;;AACA,6BAAkC;AAElC,IAAI,SAAS,GAAG,KAAK,CAAC;AACtB,SAAS,OAAO,CAAC,CAAwB;IAAxB,kBAAA,EAAA,QAAwB;IACvC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,EAAE;QAC7B,SAAS,GAAG,CAAC,CAAC;KACf;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;
|
|
1
|
+
{"version":3,"file":"util.js","sourceRoot":"","sources":["../../../src/rules/lib/util.ts"],"names":[],"mappings":";;;AACA,6BAAkC;AAElC,IAAI,SAAS,GAAG,KAAK,CAAC;AACtB,SAAS,OAAO,CAAC,CAAwB;IAAxB,kBAAA,EAAA,QAAwB;IACvC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,EAAE;QAC7B,SAAS,GAAG,CAAC,CAAC;KACf;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AA+HC,0BAAO;AA7HT,SAAS,UAAU,CAAC,GAAW;IAC7B,IAAI,CAAC,GAAG,IAAI,GAAG,KAAK,EAAE,EAAE;QACtB,OAAO,GAAG,CAAC;KACZ;IACD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC9D,CAAC;AA6GC,gCAAU;AA3GZ,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC/C,CAAC;AA0GC,gCAAU;AAxGZ,SAAS,mBAAmB,CAAC,KAAY;;IACvC,IAAI,MAAA,KAAK,CAAC,kBAAkB,0CAAE,OAAO,EAAE;QACrC,OAAO,KAAK,CAAC,kBAAmB,CAAC,OAAQ,CAAC,cAAc,CAAC,CAAC;KAC3D;SAAM,IAAI,MAAA,KAAK,CAAC,kBAAkB,0CAAE,OAAO,EAAE;QAC5C,OAAO,KAAK,CAAC,kBAAmB,CAAC,OAAQ,CAAC,cAAc,CAAC,CAAC;KAC3D;AACH,CAAC;AA0GC,kDAAmB;AAxGrB,SAAS,SAAS,CAAC,cAAsB;IACvC,OAAO,cAAc,CAAC,SAAS,CAAC,CAAC,EAAE,cAAc,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;AACpF,CAAC;AA4FC,8BAAS;AA1FX,2BAA2B;AAC3B,SAAS,QAAQ,CAAC,QAA2B;IAC3C,IAAI,CAAC,QAAQ,EAAE;QACb,OAAO,IAAI,CAAC;KACb;IACD,IAAI,QAAQ,CAAC,KAAK,KAAK,YAAY,EAAE;QACnC,OAAO,IAAI,CAAC;KACb;IACD,IAAI,QAAQ,CAAC,KAAK,KAAK,OAAO,IAAI,QAAQ,CAAC,KAAK,KAAK,IAAI,EAAE;QACzD,OAAO,IAAI,CAAC;KACb;IACD,IAAI,QAAQ,CAAC,KAAK,KAAK,QAAQ,IAAI,QAAQ,CAAC,KAAK,KAAK,UAAU,EAAE;QAChE,OAAO,IAAI,CAAC;KACb;IACD,IAAI,QAAQ,CAAC,KAAK,KAAK,EAAE,EAAE;QACzB,OAAO,IAAI,CAAC;KACb;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AA0EC,4BAAQ;AAxEV,SAAS,OAAO,CAAC,QAA2B;IAC1C,OAAO,QAAQ,CAAC,KAAK,KAAK,OAAO,CAAC;AACpC,CAAC;AAED,SAAS,UAAU,CAAC,QAA2B;IAC7C,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QAClD,OAAO,QAAQ,CAAC,KAAK;aAClB,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;aACnC,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,IAAI,EAAE,EAAR,CAAQ,CAAC,CAAC;KACzB;IAED,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC1B,CAAC;AA+DC,gCAAU;AA7DZ,IAAM,QAAQ,GAAG,UAAC,QAA2B,IAAc,OAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAnB,CAAmB,CAAC;AA0D7E,4BAAQ;AAxDV,SAAS,sBAAsB,CAAC,KAAY,EAAE,KAAa;IACzD,OAAO,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;AACrF,CAAC;AA0DC,wDAAsB;AAxDxB,SAAS,OAAO,CAAC,QAAgB,EAAE,GAAW,EAAE,OAAe;IAC7D,IAAM,GAAG,GAAG,SAAS,CAAC;IACtB,IAAM,GAAG,GAAG,QAAQ,CAAC;IACrB,IAAM,GAAG,GAAG,GAAG,CAAC;IAEhB,8DAA8D;IAC9D,IAAM,kBAAkB,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAE1D,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE;QAC9B,OAAO,QAAQ,CAAC;KACjB;IAED,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC,IAAA,iBAAU,EAAC,QAAQ,CAAC,EAAE;QACzB,IAAI,GAAM,SAAS,wBAAmB,QAAU,CAAC;KAClD;SAAM;QACL,IAAI,GAAG,QAAQ,CAAC;KACjB;IACD,IAAM,KAAK,GAAG,EAAE,WAAW,EAAE,UAAU,EAAE,cAAc,EAAE,WAAS,OAAS,EAAE,CAAC;IAC9E,IAAM,YAAY,GAAG,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/D,IAAM,IAAI,GACR,GAAG,IAAI,QAAQ;QACb,CAAC,CAAC,sCAAoC,IAAI,eAAU,YAAc;QAClE,CAAC,CAAI,GAAG,qBAAgB,IAAM,CAAC;IAEnC,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACrF,CAAC;AA2BC,0BAAO;AAzBT,IAAM,QAAQ,GAAG,UAAC,KAAsB;IACtC,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,KAAe,CAAC,CAAC,CAAC,CAAE,KAAgB,CAAC;AACrF,CAAC,CAAC;AA2BA,4BAAQ;AAzBV,IAAM,aAAa,GAAG,UAAC,KAA0B;IAC/C,OAAO,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AAC7B,CAAC,CAAC;AAyBA,sCAAa;AAvBf,IAAM,UAAU,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;AAEtC,IAAM,MAAM,GAAG,UAAC,KAAwB;IACtC,IAAI,CAAC,KAAK,EAAE;QACV,OAAO,IAAI,CAAC;KACb;IACD,OAAO,CACL,CAAC,CAAC,KAAK,CAAC,iBAAiB,IAAI,UAAU,CAAC,IAAI,CAAC,UAAC,KAAK,IAAK,OAAA,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAlC,CAAkC,CAAC,CAC5F,CAAC;AACJ,CAAC,CAAC;AASA,wBAAM"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logoutWithoutSessionReset.js","sourceRoot":"","sources":["../../src/rules/logoutWithoutSessionReset.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwD;AAExD,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,oBAAoB,CAAC,MAAiC;;;QAC7D,KAAmB,IAAA,WAAA,SAAA,MAAM,CAAA,8BAAA,kDAAE;YAAtB,IAAM,IAAI,mBAAA;YACb,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE;gBAC3C,OAAO,IAAI,CAAC;aACb;SACF;;;;;;;;;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,SAAgB;;;YAC/B,KAAoB,IAAA,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA,gBAAA,4BAAE;gBAA5D,IAAM,KAAK,WAAA;gBACd,yBAAyB;gBACzB,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE;oBAC1C,4BAA4B;oBAC5B,IAAI,oBAAoB,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE;wBAC7C,OAAO;qBACR;yBAAM;wBACL,OAAO;4BACL;gCACE,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"logoutWithoutSessionReset.js","sourceRoot":"","sources":["../../src/rules/logoutWithoutSessionReset.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwD;AAExD,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,oBAAoB,CAAC,MAAiC;;;QAC7D,KAAmB,IAAA,WAAA,SAAA,MAAM,CAAA,8BAAA,kDAAE;YAAtB,IAAM,IAAI,mBAAA;YACb,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE;gBAC3C,OAAO,IAAI,CAAC;aACb;SACF;;;;;;;;;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,KAAK;IACZ,SAAS,OAAO,CAAC,SAAgB;;;YAC/B,KAAoB,IAAA,KAAA,SAAA,IAAI,uBAAc,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA,gBAAA,4BAAE;gBAA5D,IAAM,KAAK,WAAA;gBACd,yBAAyB;gBACzB,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE;oBAC1C,4BAA4B;oBAC5B,IAAI,oBAAoB,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE;wBAC7C,OAAO;qBACR;yBAAM;wBACL,OAAO;4BACL;gCACE,KAAK,EAAE,KAAK,CAAC,KAAK;gCAClB,OAAO,EAAK,KAAK,CAAC,KAAK,4DAAyD;6BACjF;yBACF,CAAC;qBACH;iBACF;aACF;;;;;;;;;IACH,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,IAAM,cAAc,GAAG,iBAAiB,CAAC;AACzC,IAAM,gBAAgB,GAAG,oBAAoB,CAAC;AAE9C,kBAAe;IACb,EAAE,EAAE,8BAA8B;IAClC,KAAK,EAAE,8BAA8B;IACrC,KAAK,EAAE,qBAAqB;IAC5B,MAAM,EAAE,CAAC,gBAAgB,EAAE,cAAc,CAAC;IAC1C,YAAY,EAAE,UAAU;IACxB,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;QACrE,0BAA0B,EAAE,IAAI,SAAG,CAAC,0DAA0D,CAAC;QAC/F,kDAAkD,EAAE,IAAI,SAAG,CACzD,+EAA+E,CAChF;KACF;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,2BAA2B,CAAC;IAC9D,GAAG,EAAE,qFAAqF;IAC1F,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -10,7 +10,7 @@ var matchPattern_1 = require("./lib/matchPattern");
|
|
|
10
10
|
var url_1 = require("url");
|
|
11
11
|
var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
|
|
12
12
|
function isPublic(event) {
|
|
13
|
-
return event.labels.has(
|
|
13
|
+
return event.labels.has(AccessPublic);
|
|
14
14
|
}
|
|
15
15
|
var authenticatedBy = function (iterator) {
|
|
16
16
|
var i = iterator.next();
|
|
@@ -56,13 +56,13 @@ function build(options) {
|
|
|
56
56
|
matcher: matcher,
|
|
57
57
|
};
|
|
58
58
|
}
|
|
59
|
-
var
|
|
59
|
+
var AccessPublic = 'access.public';
|
|
60
60
|
var SecurityAuthentication = 'security.authentication';
|
|
61
61
|
exports.default = {
|
|
62
62
|
id: 'missing-authentication',
|
|
63
63
|
title: 'Unauthenticated HTTP server request',
|
|
64
64
|
scope: 'http_server_request',
|
|
65
|
-
labels: [
|
|
65
|
+
labels: [AccessPublic, SecurityAuthentication],
|
|
66
66
|
impactDomain: 'Security',
|
|
67
67
|
enumerateScope: false,
|
|
68
68
|
references: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"missingAuthentication.js","sourceRoot":"","sources":["../../src/rules/missingAuthentication.ts"],"names":[],"mappings":";;;;;AAAA,0CAAwD;AACxD,oDAA2D;AAG3D,mCAAoD;AAEpD,mDAAkD;AAClD,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,QAAQ,CAAC,KAAY;IAC5B,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,
|
|
1
|
+
{"version":3,"file":"missingAuthentication.js","sourceRoot":"","sources":["../../src/rules/missingAuthentication.ts"],"names":[],"mappings":";;;;;AAAA,0CAAwD;AACxD,oDAA2D;AAG3D,mCAAoD;AAEpD,mDAAkD;AAClD,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,QAAQ,CAAC,KAAY;IAC5B,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;AACxC,CAAC;AAED,IAAM,eAAe,GAAG,UAAC,QAAkC;IACzD,IAAI,CAAC,GAAmC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACxD,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE;QACd,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,IAAA,6BAAsB,EAAC,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,sBAAsB,CAAC,EAAE;YAC5F,OAAO,IAAI,CAAC;SACb;QACD,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;KACrB;IAED,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF;IAAA;QACS,wBAAmB,GAAyB,EAAE,CAAC;QAC/C,wBAAmB,GAAyB,EAAE,CAAC;IACxD,CAAC;IAAD,cAAC;AAAD,CAAC,AAHD,IAGC;AAED,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,IAAM,mBAAmB,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACtE,IAAM,mBAAmB,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEtE,SAAS,eAAe,CAAC,WAAmB;QAC1C,SAAS,IAAI,CAAC,MAAoB;YAChC,OAAO,MAAM,CAAC,WAAW,CAAC,CAAC;QAC7B,CAAC;QAED,OAAO,CACL,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpE,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAChC,CAAC;IACJ,CAAC;IAED,SAAS,OAAO,CAAC,KAAY;QAC3B,OAAO,CAAC,eAAe,CAAC,IAAI,uBAAc,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CACL,CAAC,CAAC,KAAK,KAAK,SAAS;YACrB,CAAC,CAAC,kBAAkB,KAAK,SAAS;YAClC,CAAC,CAAC,kBAAkB,CAAC,MAAM,GAAG,GAAG;YACjC,CAAC,CAAC,IAAA,+BAAkB,EAAC,CAAC,CAAC;YACvB,CAAC,CAAC,IAAA,+BAAkB,EAAC,CAAC,CAAE,CAAC,WAAW;YACpC,eAAe,CAAC,IAAA,+BAAkB,EAAC,CAAC,CAAE,CAAC,WAAW,CAAC,CACpD,CAAC;IACJ,CAAC;IACD,OAAO;QACL,KAAK,OAAA;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AACD,IAAM,YAAY,GAAG,eAAe,CAAC;AACrC,IAAM,sBAAsB,GAAG,yBAAyB,CAAC;AAEzD,kBAAe;IACb,EAAE,EAAE,wBAAwB;IAC5B,KAAK,EAAE,qCAAqC;IAC5C,KAAK,EAAE,qBAAqB;IAC5B,MAAM,EAAE,CAAC,YAAY,EAAE,sBAAsB,CAAC;IAC9C,YAAY,EAAE,UAAU;IACxB,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;KACtE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,uBAAuB,CAAC;IAC1D,GAAG,EAAE,+EAA+E;IACpF,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -20,9 +20,14 @@ function build(options) {
|
|
|
20
20
|
var allowedQueries = (0, matchPattern_1.buildFilters)(options.allowedQueries);
|
|
21
21
|
function matcher(e) {
|
|
22
22
|
if (!allowedPackages.some(function (filter) { return filter(e.parent.codeObject.packageOf); })) {
|
|
23
|
-
return
|
|
23
|
+
return [
|
|
24
|
+
{
|
|
25
|
+
event: e,
|
|
26
|
+
message: e.codeObject.id + " is invoked from illegal package " + e.parent.codeObject.packageOf,
|
|
27
|
+
relatedEvents: [e.parent],
|
|
28
|
+
},
|
|
29
|
+
];
|
|
24
30
|
}
|
|
25
|
-
return false;
|
|
26
31
|
}
|
|
27
32
|
function where(e) {
|
|
28
33
|
return !!e.sqlQuery && !!e.parent && !allowedQueries.some(function (pattern) { return pattern(e.sqlQuery); });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"queryFromInvalidPackage.js","sourceRoot":"","sources":["../../src/rules/queryFromInvalidPackage.ts"],"names":[],"mappings":";;;;;AAIA,mDAAkD;AAClD,2BAA0B;AAC1B,oFAA8D;AAE9D,oCAAoC;AACpC,IAAM,SAAS,GAAG,CAAC,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAC;AAEnG;IAAA;QACS,oBAAe,GAAyB,EAAE,CAAC;QAC3C,mBAAc,GAAyB,SAAS,CAAC,GAAG,CACzD,UAAC,MAAM,IAAK,OAAA,CAAC,EAAE,KAAK,EAAE,MAAM,EAAyB,CAAA,EAAzC,CAAyC,CACtD,CAAC;IACJ,CAAC;IAAD,cAAC;AAAD,CAAC,AALD,IAKC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,eAAe,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAC9D,IAAM,cAAc,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAE5D,SAAS,OAAO,CAAC,CAAQ;QACvB,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,UAAC,MAAM,IAAK,OAAA,MAAM,CAAC,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAtC,CAAsC,CAAC,EAAE;YAC7E,
|
|
1
|
+
{"version":3,"file":"queryFromInvalidPackage.js","sourceRoot":"","sources":["../../src/rules/queryFromInvalidPackage.ts"],"names":[],"mappings":";;;;;AAIA,mDAAkD;AAClD,2BAA0B;AAC1B,oFAA8D;AAE9D,oCAAoC;AACpC,IAAM,SAAS,GAAG,CAAC,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAC;AAEnG;IAAA;QACS,oBAAe,GAAyB,EAAE,CAAC;QAC3C,mBAAc,GAAyB,SAAS,CAAC,GAAG,CACzD,UAAC,MAAM,IAAK,OAAA,CAAC,EAAE,KAAK,EAAE,MAAM,EAAyB,CAAA,EAAzC,CAAyC,CACtD,CAAC;IACJ,CAAC;IAAD,cAAC;AAAD,CAAC,AALD,IAKC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,eAAe,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAC9D,IAAM,cAAc,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAE5D,SAAS,OAAO,CAAC,CAAQ;QACvB,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,UAAC,MAAM,IAAK,OAAA,MAAM,CAAC,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAtC,CAAsC,CAAC,EAAE;YAC7E,OAAO;gBACL;oBACE,KAAK,EAAE,CAAC;oBACR,OAAO,EAAK,CAAC,CAAC,UAAU,CAAC,EAAE,yCACzB,CAAC,CAAC,MAAO,CAAC,UAAU,CAAC,SACrB;oBACF,aAAa,EAAE,CAAC,CAAC,CAAC,MAAO,CAAC;iBAC3B;aACF,CAAC;SACH;IACH,CAAC;IAED,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,OAAO,CAAC,CAAC,CAAC,QAAS,CAAC,EAApB,CAAoB,CAAC,CAAC;IAC/F,CAAC;IAED,OAAO;QACL,OAAO,SAAA;QACP,KAAK,OAAA;KACN,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,4BAA4B;IAChC,KAAK,EAAE,+BAA+B;IACtC,OAAO,SAAA;IACP,YAAY,EAAE,iBAAiB;IAC/B,cAAc,EAAE,IAAI;IACpB,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,yBAAyB,CAAC;IAC5D,GAAG,EAAE,mFAAmF;IACxF,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -14,7 +14,18 @@ var Options = /** @class */ (function () {
|
|
|
14
14
|
function build(options) {
|
|
15
15
|
if (options === void 0) { options = new Options(); }
|
|
16
16
|
function matcher(e) {
|
|
17
|
-
|
|
17
|
+
var forbiddenAncestor = e
|
|
18
|
+
.ancestors()
|
|
19
|
+
.find(function (e) { return e.codeObject.labels.has(options.forbiddenLabel); });
|
|
20
|
+
if (forbiddenAncestor) {
|
|
21
|
+
return [
|
|
22
|
+
{
|
|
23
|
+
event: e,
|
|
24
|
+
message: "SQL query is invoked from invalid event " + forbiddenAncestor + ", labeled " + options.forbiddenLabel,
|
|
25
|
+
relatedEvents: [forbiddenAncestor],
|
|
26
|
+
},
|
|
27
|
+
];
|
|
28
|
+
}
|
|
18
29
|
}
|
|
19
30
|
function where(e) {
|
|
20
31
|
return !!e.sqlQuery;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"queryFromView.js","sourceRoot":"","sources":["../../src/rules/queryFromView.ts"],"names":[],"mappings":";;;;;AAGA,2BAA0B;AAC1B,oFAA8D;AAE9D;IAAA;QACS,mBAAc,GAAU,cAAc,CAAC;IAChD,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,SAAS,OAAO,CAAC,CAAQ;QACvB,
|
|
1
|
+
{"version":3,"file":"queryFromView.js","sourceRoot":"","sources":["../../src/rules/queryFromView.ts"],"names":[],"mappings":";;;;;AAGA,2BAA0B;AAC1B,oFAA8D;AAE9D;IAAA;QACS,mBAAc,GAAU,cAAc,CAAC;IAChD,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,SAAS,OAAO,CAAC,CAAQ;QACvB,IAAM,iBAAiB,GAAG,CAAC;aACxB,SAAS,EAAE;aACX,IAAI,CAAC,UAAC,CAAQ,IAAK,OAAA,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,EAA/C,CAA+C,CAAC,CAAC;QACvE,IAAI,iBAAiB,EAAE;YACrB,OAAO;gBACL;oBACE,KAAK,EAAE,CAAC;oBACR,OAAO,EAAE,6CAA2C,iBAAiB,kBAAa,OAAO,CAAC,cAAgB;oBAC1G,aAAa,EAAE,CAAC,iBAAiB,CAAC;iBACnC;aACF,CAAC;SACH;IACH,CAAC;IACD,SAAS,KAAK,CAAC,CAAQ;QACrB,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;IACtB,CAAC;IAED,OAAO;QACL,OAAO,SAAA;QACP,KAAK,OAAA;KACN,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,iBAAiB;IACrB,KAAK,EAAE,mBAAmB;IAC1B,OAAO,SAAA;IACP,YAAY,EAAE,iBAAiB;IAC/B,cAAc,EAAE,IAAI;IACpB,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,eAAe,CAAC;IAClD,GAAG,EAAE,wEAAwE;IAC7E,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -71,11 +71,13 @@ var Match = /** @class */ (function () {
|
|
|
71
71
|
return Match;
|
|
72
72
|
}());
|
|
73
73
|
var secrets = new Set();
|
|
74
|
-
var findInLog = function (
|
|
74
|
+
var findInLog = function (event) {
|
|
75
75
|
var e_1, _a;
|
|
76
|
+
if (!event.parameters)
|
|
77
|
+
return;
|
|
76
78
|
var matches = [];
|
|
77
79
|
var _loop_1 = function (value) {
|
|
78
|
-
var e_2,
|
|
80
|
+
var e_2, _d;
|
|
79
81
|
if ((0, util_1.emptyValue)(value))
|
|
80
82
|
return "continue";
|
|
81
83
|
var patterns = [];
|
|
@@ -95,28 +97,28 @@ var findInLog = function (parameters) {
|
|
|
95
97
|
catch (e_2_1) { e_2 = { error: e_2_1 }; }
|
|
96
98
|
finally {
|
|
97
99
|
try {
|
|
98
|
-
if (secrets_1_1 && !secrets_1_1.done && (
|
|
100
|
+
if (secrets_1_1 && !secrets_1_1.done && (_d = secrets_1.return)) _d.call(secrets_1);
|
|
99
101
|
}
|
|
100
102
|
finally { if (e_2) throw e_2.error; }
|
|
101
103
|
}
|
|
102
104
|
matches.push.apply(matches, __spreadArray([], __read(patterns.map(function (pattern) { return new Match(pattern, value); })), false));
|
|
103
105
|
};
|
|
104
106
|
try {
|
|
105
|
-
for (var
|
|
106
|
-
var value =
|
|
107
|
+
for (var _b = __values(event.parameters), _c = _b.next(); !_c.done; _c = _b.next()) {
|
|
108
|
+
var value = _c.value.value;
|
|
107
109
|
_loop_1(value);
|
|
108
110
|
}
|
|
109
111
|
}
|
|
110
112
|
catch (e_1_1) { e_1 = { error: e_1_1 }; }
|
|
111
113
|
finally {
|
|
112
114
|
try {
|
|
113
|
-
if (
|
|
115
|
+
if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
|
|
114
116
|
}
|
|
115
117
|
finally { if (e_1) throw e_1.error; }
|
|
116
118
|
}
|
|
117
119
|
if (matches.length > 0) {
|
|
118
120
|
return matches.map(function (match) { return ({
|
|
119
|
-
|
|
121
|
+
event: event,
|
|
120
122
|
message: match.value + " contains secret " + match.regexp,
|
|
121
123
|
}); });
|
|
122
124
|
}
|
|
@@ -127,8 +129,8 @@ function build() {
|
|
|
127
129
|
if (e.codeObject.labels.has(Secret)) {
|
|
128
130
|
(0, recordSecrets_1.default)(secrets, e);
|
|
129
131
|
}
|
|
130
|
-
if (e.
|
|
131
|
-
return findInLog(e
|
|
132
|
+
if (e.codeObject.labels.has(Log)) {
|
|
133
|
+
return findInLog(e);
|
|
132
134
|
}
|
|
133
135
|
},
|
|
134
136
|
where: function (e) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secretInLog.js","sourceRoot":"","sources":["../../src/rules/secretInLog.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2EAAyE;AACzE,mCAAwC;AACxC,4EAAsD;AACtD,2BAA0B;AAC1B,oFAA8D;AAE9D;IACE,eAAmB,MAAuB,EAAS,KAAa;QAA7C,WAAM,GAAN,MAAM,CAAiB;QAAS,UAAK,GAAL,KAAK,CAAQ;IAAG,CAAC;IACtE,YAAC;AAAD,CAAC,AAFD,IAEC;AAED,IAAM,OAAO,GAAgB,IAAI,GAAG,EAAE,CAAC;AAEvC,IAAM,SAAS,GAAG,UAAC,
|
|
1
|
+
{"version":3,"file":"secretInLog.js","sourceRoot":"","sources":["../../src/rules/secretInLog.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2EAAyE;AACzE,mCAAwC;AACxC,4EAAsD;AACtD,2BAA0B;AAC1B,oFAA8D;AAE9D;IACE,eAAmB,MAAuB,EAAS,KAAa;QAA7C,WAAM,GAAN,MAAM,CAAiB;QAAS,UAAK,GAAL,KAAK,CAAQ;IAAG,CAAC;IACtE,YAAC;AAAD,CAAC,AAFD,IAEC;AAED,IAAM,OAAO,GAAgB,IAAI,GAAG,EAAE,CAAC;AAEvC,IAAM,SAAS,GAAG,UAAC,KAAY;;IAC7B,IAAI,CAAC,KAAK,CAAC,UAAU;QAAE,OAAO;IAE9B,IAAM,OAAO,GAAY,EAAE,CAAC;4BAEf,KAAK;;QAChB,IAAI,IAAA,iBAAU,EAAC,KAAK,CAAC;8BAAW;QAEhC,IAAM,QAAQ,GAAwB,EAAE,CAAC;QAEzC,IAAI,IAAA,4BAAW,EAAC,KAAK,CAAC,EAAE;YACtB,4EAA4E;YAC5E,QAAQ,CAAC,IAAI,OAAb,QAAQ,2BACH,MAAM,CAAC,MAAM,CAAC,wBAAc,CAAC;iBAC7B,IAAI,EAAE;iBACN,MAAM,CAAC,UAAC,EAAE,IAAK,OAAA,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAd,CAAc,CAAC,WACjC;SACH;;YAED,KAAqB,IAAA,2BAAA,SAAA,OAAO,CAAA,CAAA,gCAAA,qDAAE;gBAAzB,IAAM,MAAM,oBAAA;gBACf,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAAE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;aACnD;;;;;;;;;QAED,OAAO,CAAC,IAAI,OAAZ,OAAO,2BAAS,QAAQ,CAAC,GAAG,CAAC,UAAC,OAAO,IAAK,OAAA,IAAI,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,EAAzB,CAAyB,CAAC,WAAE;;;QAlBxE,KAAwB,IAAA,KAAA,SAAA,KAAK,CAAC,UAAU,CAAA,gBAAA;YAA3B,IAAA,KAAK,iBAAA;oBAAL,KAAK;SAmBjB;;;;;;;;;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE;QACtB,OAAO,OAAO,CAAC,GAAG,CAAC,UAAC,KAAK,IAAK,OAAA,CAAC;YAC7B,KAAK,OAAA;YACL,OAAO,EAAK,KAAK,CAAC,KAAK,yBAAoB,KAAK,CAAC,MAAQ;SAC1D,CAAC,EAH4B,CAG5B,CAAC,CAAC;KACL;AACH,CAAC,CAAC;AAEF,SAAS,KAAK;IACZ,OAAO;QACL,OAAO,EAAE,UAAC,CAAC;YACT,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;gBACnC,IAAA,uBAAa,EAAC,OAAO,EAAE,CAAC,CAAC,CAAC;aAC3B;YACD,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;gBAChC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;aACrB;QACH,CAAC;QACD,KAAK,EAAE,UAAC,CAAC;YACP,OAAO,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACzE,CAAC;KACF,CAAC;AACJ,CAAC;AAED,IAAM,MAAM,GAAG,QAAQ,CAAC;AACxB,IAAM,GAAG,GAAG,KAAK,CAAC;AAElB,kBAAe;IACb,EAAE,EAAE,eAAe;IACnB,KAAK,EAAE,eAAe;IACtB,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC;IACrB,YAAY,EAAE,UAAU;IACxB,cAAc,EAAE,IAAI;IACpB,UAAU,EAAE;QACV,SAAS,EAAE,IAAI,SAAG,CAAC,iDAAiD,CAAC;KACtE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,aAAa,CAAC;IAChD,GAAG,EAAE,sEAAsE;IAC3E,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -58,7 +58,6 @@ function build(options) {
|
|
|
58
58
|
var occurrence = joinCount[sql];
|
|
59
59
|
if (occurrence.joins >= options.warningLimit) {
|
|
60
60
|
matchResults.push({
|
|
61
|
-
level: 'warning',
|
|
62
61
|
event: occurrence.events[0],
|
|
63
62
|
message: occurrence.joins + " join" + (occurrence.joins > 1 ? 's' : '') + " in SQL \"" + sql + "\"",
|
|
64
63
|
relatedEvents: occurrence.events,
|
|
@@ -74,7 +73,6 @@ function build(options) {
|
|
|
74
73
|
exports.default = {
|
|
75
74
|
id: 'too-many-joins',
|
|
76
75
|
title: 'Too many joins',
|
|
77
|
-
scope: 'command',
|
|
78
76
|
impactDomain: 'Performance',
|
|
79
77
|
enumerateScope: false,
|
|
80
78
|
references: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tooManyJoins.js","sourceRoot":"","sources":["../../src/rules/tooManyJoins.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAGA,wCAA+D;AAC/D,2BAA0B;AAC1B,oFAA8D;AAM9D;IAAA;QACS,iBAAY,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,mEAAmE;AACnE,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,IAAM,SAAS,GAA8B,EAAE,CAAC;IAChD,SAAS,OAAO,CACd,OAAc,EACd,WAAwB,EACxB,WAAwB;;;YAExB,KAAuB,IAAA,KAAA,SAAA,IAAA,qBAAU,EAAC,OAAO,EAAE,WAAW,EAAE,WAAW,CAAC,CAAA,gBAAA,4BAAE;gBAAjE,IAAM,QAAQ,WAAA;gBACjB,IAAI,UAAU,GAAG,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAEzC,IAAI,CAAC,UAAU,EAAE;oBACf,UAAU,GAAG;wBACX,KAAK,EAAE,CAAC;wBACR,KAAK,EAAE,IAAA,qBAAU,EAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;wBACrD,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;qBACzB,CAAC;oBACF,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;iBACtC;qBAAM;oBACL,UAAU,CAAC,KAAK,IAAI,CAAC,CAAC;oBACtB,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;iBACxC;aACF;;;;;;;;;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,UAAC,YAAY,EAAE,GAAG;YACrD,IAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAElC,IAAI,UAAU,CAAC,KAAK,IAAI,OAAO,CAAC,YAAY,EAAE;gBAC5C,YAAY,CAAC,IAAI,CAAC;oBAChB,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"tooManyJoins.js","sourceRoot":"","sources":["../../src/rules/tooManyJoins.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAGA,wCAA+D;AAC/D,2BAA0B;AAC1B,oFAA8D;AAM9D;IAAA;QACS,iBAAY,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,mEAAmE;AACnE,SAAS,KAAK,CAAC,OAAgC;IAAhC,wBAAA,EAAA,cAAuB,OAAO,EAAE;IAC7C,IAAM,SAAS,GAA8B,EAAE,CAAC;IAChD,SAAS,OAAO,CACd,OAAc,EACd,WAAwB,EACxB,WAAwB;;;YAExB,KAAuB,IAAA,KAAA,SAAA,IAAA,qBAAU,EAAC,OAAO,EAAE,WAAW,EAAE,WAAW,CAAC,CAAA,gBAAA,4BAAE;gBAAjE,IAAM,QAAQ,WAAA;gBACjB,IAAI,UAAU,GAAG,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAEzC,IAAI,CAAC,UAAU,EAAE;oBACf,UAAU,GAAG;wBACX,KAAK,EAAE,CAAC;wBACR,KAAK,EAAE,IAAA,qBAAU,EAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;wBACrD,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;qBACzB,CAAC;oBACF,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;iBACtC;qBAAM;oBACL,UAAU,CAAC,KAAK,IAAI,CAAC,CAAC;oBACtB,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;iBACxC;aACF;;;;;;;;;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,UAAC,YAAY,EAAE,GAAG;YACrD,IAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAElC,IAAI,UAAU,CAAC,KAAK,IAAI,OAAO,CAAC,YAAY,EAAE;gBAC5C,YAAY,CAAC,IAAI,CAAC;oBAChB,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC3B,OAAO,EAAK,UAAU,CAAC,KAAK,cAAQ,UAAU,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,mBAAY,GAAG,OAAG;oBACrF,aAAa,EAAE,UAAU,CAAC,MAAM;iBACjC,CAAC,CAAC;aACJ;YACD,OAAO,YAAY,CAAC;QACtB,CAAC,EAAE,EAAmB,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,gBAAgB;IACpB,KAAK,EAAE,gBAAgB;IACvB,YAAY,EAAE,aAAa;IAC3B,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,cAAc,CAAC;IACjD,GAAG,EAAE,uEAAuE;IAC5E,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tooManyUpdates.js","sourceRoot":"","sources":["../../src/rules/tooManyUpdates.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAAwD;AAExD,2BAA0B;AAE1B,oFAA8D;AAE9D,oCAAoC;AACpC,IAAM,aAAa,GAAa,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;AAC/D,IAAM,aAAa,GAAa,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AAEzD;IAAA;QACS,iBAAY,GAAG,EAAE,CAAC;IAC3B,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,QAAQ,GAAG,UAAC,KAAY;QAC5B,IAAM,WAAW,GAAG;YAClB,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE;gBACnB,OAAO,KAAK,CAAC;aACd;YACD,OAAO,aAAa,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,QAAS,CAAC,EAA7B,CAA6B,CAAC,CAAC;QACxE,CAAC,CAAC;QAEF,IAAM,WAAW,GAAG;YAClB,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE;gBAC5B,OAAO,KAAK,CAAC;aACd;YACD,OAAO,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,iBAAkB,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC,CAAC;QACvF,CAAC,CAAC;QAEF,OAAO,WAAW,EAAE,IAAI,WAAW,EAAE,CAAC;IACxC,CAAC,CAAC;IAEF,IAAM,YAAY,GAAG,UAAW,KAAY;;;;;;;oBAC1B,KAAA,SAAA,IAAI,uBAAc,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAA;;;;oBAA5C,CAAC;oBACV,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE;wBACtB,wBAAS;qBACV;oBACD,qBAAM,CAAC,CAAC,KAAK,EAAA;;oBAAb,SAAa,CAAC;;;;;;;;;;;;;;;;;;;KAEjB,CAAC;IAEF,SAAS,OAAO,CAAC,OAAc;;QAC7B,IAAM,MAAM,GAAY,EAAE,CAAC;;YAC3B,KAA0B,IAAA,KAAA,SAAA,YAAY,CAAC,OAAO,CAAC,CAAA,gBAAA,4BAAE;gBAA5C,IAAM,WAAW,WAAA;gBACpB,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;aAC1B;;;;;;;;;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE;YACxC,OAAO;gBACL;oBACE,
|
|
1
|
+
{"version":3,"file":"tooManyUpdates.js","sourceRoot":"","sources":["../../src/rules/tooManyUpdates.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAAwD;AAExD,2BAA0B;AAE1B,oFAA8D;AAE9D,oCAAoC;AACpC,IAAM,aAAa,GAAa,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;AAC/D,IAAM,aAAa,GAAa,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AAEzD;IAAA;QACS,iBAAY,GAAG,EAAE,CAAC;IAC3B,CAAC;IAAD,cAAC;AAAD,CAAC,AAFD,IAEC;AAED,SAAS,KAAK,CAAC,OAAgB;IAC7B,IAAM,QAAQ,GAAG,UAAC,KAAY;QAC5B,IAAM,WAAW,GAAG;YAClB,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE;gBACnB,OAAO,KAAK,CAAC;aACd;YACD,OAAO,aAAa,CAAC,IAAI,CAAC,UAAC,OAAO,IAAK,OAAA,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,QAAS,CAAC,EAA7B,CAA6B,CAAC,CAAC;QACxE,CAAC,CAAC;QAEF,IAAM,WAAW,GAAG;YAClB,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE;gBAC5B,OAAO,KAAK,CAAC;aACd;YACD,OAAO,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,iBAAkB,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC,CAAC;QACvF,CAAC,CAAC;QAEF,OAAO,WAAW,EAAE,IAAI,WAAW,EAAE,CAAC;IACxC,CAAC,CAAC;IAEF,IAAM,YAAY,GAAG,UAAW,KAAY;;;;;;;oBAC1B,KAAA,SAAA,IAAI,uBAAc,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAA;;;;oBAA5C,CAAC;oBACV,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE;wBACtB,wBAAS;qBACV;oBACD,qBAAM,CAAC,CAAC,KAAK,EAAA;;oBAAb,SAAa,CAAC;;;;;;;;;;;;;;;;;;;KAEjB,CAAC;IAEF,SAAS,OAAO,CAAC,OAAc;;QAC7B,IAAM,MAAM,GAAY,EAAE,CAAC;;YAC3B,KAA0B,IAAA,KAAA,SAAA,YAAY,CAAC,OAAO,CAAC,CAAA,gBAAA,4BAAE;gBAA5C,IAAM,WAAW,WAAA;gBACpB,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;aAC1B;;;;;;;;;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE;YACxC,OAAO;gBACL;oBACE,OAAO,EAAE,sBAAoB,MAAM,CAAC,MAAM,yBAAsB;oBAChE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;oBAChB,aAAa,EAAE,MAAM;iBACtB;aACF,CAAC;SACH;IACH,CAAC;IAED,OAAO;QACL,OAAO,SAAA;KACR,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,EAAE,EAAE,kBAAkB;IACtB,KAAK,EAAE,uDAAuD;IAC9D,KAAK,EAAE,SAAS;IAChB,cAAc,EAAE,KAAK;IACrB,YAAY,EAAE,iBAAiB;IAC/B,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,gBAAgB,CAAC;IACnD,GAAG,EAAE,yEAAyE;IAC9E,OAAO,SAAA;IACP,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"unbatchedMaterializedQuery.js","sourceRoot":"","sources":["../../src/rules/unbatchedMaterializedQuery.ts"],"names":[],"mappings":";;;;;AAEA,2CAA0C;AAC1C,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,cAAc,CAAC,CAAQ;IAC9B,OAAO,CAAC,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,UAAC,EAAU;YAAR,MAAM,YAAA;QAAO,OAAA,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC;IAA1B,CAA0B,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,YAAY,CAAC,CAAQ,EAAE,WAAwB;IACtD,IAAI;QACF,IAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAClC,IAAI,UAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,SAAO,GAAG,KAAK,CAAC;QACpB,IAAI,gBAAc,GAAG,KAAK,CAAC;QAC3B,IAAI,iBAAe,GAAG,KAAK,CAAC;QAE5B,IAAI,GAAG,EAAE;YACP,IAAM,oBAAkB,GAAG,CAAC,eAAe,CAAC,CAAC;YAE7C,IAAA,aAAK,EAAC,GAAG,EAAE;gBACT,kBAAkB,EAAE,UAAC,SAAc;oBACjC,UAAQ,GAAG,IAAI,CAAC;oBAEhB,IACE,SAAS,CAAC,MAAM;wBAChB,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC;wBAC/B,SAAS,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;wBAC7B,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU;wBACvC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,EACzC;wBACA,SAAO,GAAG,IAAI,CAAC;qBAChB;gBACH,CAAC;gBACD,kBAAkB,EAAE;oBAClB,gBAAc,GAAG,IAAI,CAAC;gBACxB,CAAC;gBACD,kBAAkB,EAAE,UAAC,UAAe;oBAClC,IAAI,oBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;wBAChD,iBAAe,GAAG,IAAI,CAAC;qBACxB;gBACH,CAAC;aACF,CAAC,CAAC;SACJ;QAED,IAAM,SAAS,GAAG,gBAAc,IAAI,SAAO,IAAI,iBAAe,CAAC;QAE/D,OAAO,UAAQ,IAAI,CAAC,SAAS,IAAI,cAAc,CAAC,CAAC,CAAC,CAAC;KACpD;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,IAAI,CAAC,+BAA4B,CAAC,CAAC,QAAS,OAAG,CAAC,CAAC;QACzD,OAAO,KAAK,CAAC;KACd;AACH,CAAC;AAED,SAAS,KAAK;IACZ,OAAO;QACL,OAAO,EAAE,UAAC,CAAC,EAAE,WAAwB,IAAK,OAAA,YAAY,CAAC,CAAC,EAAE,WAAW,CAAC,EAA5B,CAA4B;QACtE,KAAK,EAAE,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAZ,CAAY;KAC3B,CAAC;AACJ,CAAC;AAED,0CAA0C;AAC1C,IAAM,cAAc,GAAG,iBAAiB,CAAC;AAEzC,kBAAe;IACb,EAAE,EAAE,8BAA8B;IAClC,KAAK,EAAE,kCAAkC;IACzC,MAAM,EAAE,CAAC,cAAc,CAAC;IACxB,
|
|
1
|
+
{"version":3,"file":"unbatchedMaterializedQuery.js","sourceRoot":"","sources":["../../src/rules/unbatchedMaterializedQuery.ts"],"names":[],"mappings":";;;;;AAEA,2CAA0C;AAC1C,2BAA0B;AAC1B,oFAA8D;AAE9D,SAAS,cAAc,CAAC,CAAQ;IAC9B,OAAO,CAAC,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,UAAC,EAAU;YAAR,MAAM,YAAA;QAAO,OAAA,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC;IAA1B,CAA0B,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,YAAY,CAAC,CAAQ,EAAE,WAAwB;IACtD,IAAI;QACF,IAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAClC,IAAI,UAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,SAAO,GAAG,KAAK,CAAC;QACpB,IAAI,gBAAc,GAAG,KAAK,CAAC;QAC3B,IAAI,iBAAe,GAAG,KAAK,CAAC;QAE5B,IAAI,GAAG,EAAE;YACP,IAAM,oBAAkB,GAAG,CAAC,eAAe,CAAC,CAAC;YAE7C,IAAA,aAAK,EAAC,GAAG,EAAE;gBACT,kBAAkB,EAAE,UAAC,SAAc;oBACjC,UAAQ,GAAG,IAAI,CAAC;oBAEhB,IACE,SAAS,CAAC,MAAM;wBAChB,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC;wBAC/B,SAAS,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;wBAC7B,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU;wBACvC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,EACzC;wBACA,SAAO,GAAG,IAAI,CAAC;qBAChB;gBACH,CAAC;gBACD,kBAAkB,EAAE;oBAClB,gBAAc,GAAG,IAAI,CAAC;gBACxB,CAAC;gBACD,kBAAkB,EAAE,UAAC,UAAe;oBAClC,IAAI,oBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;wBAChD,iBAAe,GAAG,IAAI,CAAC;qBACxB;gBACH,CAAC;aACF,CAAC,CAAC;SACJ;QAED,IAAM,SAAS,GAAG,gBAAc,IAAI,SAAO,IAAI,iBAAe,CAAC;QAE/D,OAAO,UAAQ,IAAI,CAAC,SAAS,IAAI,cAAc,CAAC,CAAC,CAAC,CAAC;KACpD;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,IAAI,CAAC,+BAA4B,CAAC,CAAC,QAAS,OAAG,CAAC,CAAC;QACzD,OAAO,KAAK,CAAC;KACd;AACH,CAAC;AAED,SAAS,KAAK;IACZ,OAAO;QACL,OAAO,EAAE,UAAC,CAAC,EAAE,WAAwB,IAAK,OAAA,YAAY,CAAC,CAAC,EAAE,WAAW,CAAC,EAA5B,CAA4B;QACtE,KAAK,EAAE,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAZ,CAAY;KAC3B,CAAC;AACJ,CAAC;AAED,0CAA0C;AAC1C,IAAM,cAAc,GAAG,iBAAiB,CAAC;AAEzC,kBAAe;IACb,EAAE,EAAE,8BAA8B;IAClC,KAAK,EAAE,kCAAkC;IACzC,MAAM,EAAE,CAAC,cAAc,CAAC;IACxB,cAAc,EAAE,IAAI;IACpB,YAAY,EAAE,aAAa;IAC3B,UAAU,EAAE;QACV,UAAU,EAAE,IAAI,SAAG,CAAC,kDAAkD,CAAC;KACxE;IACD,WAAW,EAAE,IAAA,8BAAoB,EAAC,4BAA4B,CAAC;IAC/D,GAAG,EAAE,qFAAqF;IAC1F,KAAK,OAAA;CACE,CAAC"}
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
checks:
|
|
2
2
|
- rule: authzBeforeAuthn
|
|
3
3
|
- rule: circularDependency
|
|
4
|
-
|
|
4
|
+
- rule: deserializationOfUntrustedData
|
|
5
|
+
- rule: execOfUntrustedCommand
|
|
5
6
|
- rule: http500
|
|
6
7
|
# - rule: illegalPackageDependency
|
|
7
8
|
# - rule: incompatibleHttpClientRequest
|
|
@@ -103,9 +103,8 @@ var ScopeImpl = /** @class */ (function () {
|
|
|
103
103
|
};
|
|
104
104
|
return ScopeImpl;
|
|
105
105
|
}());
|
|
106
|
-
|
|
107
|
-
var
|
|
108
|
-
var Job = 'job';
|
|
106
|
+
var Command = 'command.perform';
|
|
107
|
+
var Job = 'job.perform';
|
|
109
108
|
var CommandScope = /** @class */ (function (_super) {
|
|
110
109
|
__extends(CommandScope, _super);
|
|
111
110
|
function CommandScope() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"commandScope.js","sourceRoot":"","sources":["../../src/scope/commandScope.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAAwD;
|
|
1
|
+
{"version":3,"file":"commandScope.js","sourceRoot":"","sources":["../../src/scope/commandScope.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAAwD;AAGxD,kEAA4C;AAE5C;IAIE,mBAAY,KAAY;QACtB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,WAAW,GAAG,IAAI,uBAAc,CAAC,KAAK,CAAC,CAAC;IAC/C,CAAC;IAEA,0BAAM,GAAP;;;;;wBACE,qBAAM,IAAI,CAAC,KAAK,EAAA;;oBAAhB,SAAgB,CAAC;;;;oBAEG,KAAA,SAAA,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAA;;;;oBAAvC,KAAK;oBACd,qBAAM,KAAK,CAAC,KAAK,EAAA;;oBAAjB,SAAiB,CAAC;;;;;;;;;;;;;;;;;;;KAErB;IACH,gBAAC;AAAD,CAAC,AAhBD,IAgBC;AAED,IAAM,OAAO,GAAG,iBAAiB,CAAC;AAClC,IAAM,GAAG,GAAG,aAAa,CAAC;AAE1B;IAA0C,gCAAa;IAAvD;;IAeA,CAAC;IAdE,6BAAM,GAAP,UAAQ,MAA+B;;;;;;;oBACjB,WAAA,SAAA,MAAM,CAAA;;;;oBAAf,KAAK;yBAEZ,CAAA,KAAK,CAAC,MAAM,EAAE;wBACd,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC;4BACnC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;4BAChC,KAAK,CAAC,iBAAiB,CAAC,CAAA,EAH1B,wBAG0B;oBAE1B,qBAAM,IAAI,SAAS,CAAC,KAAK,CAAC,EAAA;;oBAA1B,SAA0B,CAAC;oBAE3B,IAAI,CAAC,oBAAoB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;;;;;;;;;;;;;;;;;;;KAG9C;IACH,mBAAC;AAAD,CAAC,AAfD,CAA0C,uBAAa,GAetD"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: deserialize.sanitize
|
|
3
|
+
rules:
|
|
4
|
+
- deserialization-of-untrusted-data
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
Ensures that data is safe and trusted for deserialization, transforming it if necessary, and
|
|
8
|
+
returning `falsey` or raising an exception if it's impossible to make the data safe.
|
|
9
|
+
|
|
10
|
+
A function with this label can be used to convert untrusted data such as direct user input or HTTP
|
|
11
|
+
request parameters into trusted data.
|
|
12
|
+
|
|
13
|
+
Note that this is not the same as ensuring that a parameter satisfies business logic constraints -
|
|
14
|
+
such as presence or max length. It's a security check that ensures the data cannot cause harm on
|
|
15
|
+
deserialization.
|
|
16
|
+
|
|
17
|
+
To be considered successful, a `deserialize.sanitize` function must return a `truthy` value.
|
|
18
|
+
|
|
19
|
+
## Examples
|
|
20
|
+
|
|
21
|
+
- Running user-provided YAML through a "safe loader" which discards unsafe syntax such as object
|
|
22
|
+
class names.
|