@appland/scanner 1.54.1 → 1.57.0

package/built/rules/logoutWithoutSessionReset.js

@@ -1,78 +1,45 @@
 "use strict";
-var __values = (this && this.__values) || function(o) {
-    var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
-    if (m) return m.call(o);
-    if (o && typeof o.length === "number") return {
-        next: function () {
-            if (o && i >= o.length) o = void 0;
-            return { value: o && o[i++], done: !o };
-        }
-    };
-    throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-var models_1 = require("@appland/models");
-var url_1 = require("url");
-var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
+const models_1 = require("@appland/models");
+const url_1 = require("url");
+const parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
 function containsSessionClear(events) {
-    var e_1, _a;
-    try {
-        for (var events_1 = __values(events), events_1_1 = events_1.next(); !events_1_1.done; events_1_1 = events_1.next()) {
-            var iter = events_1_1.value;
-            if (iter.event.labels.has(HTTPSessionClear)) {
-                return true;
-            }
+    for (const iter of events) {
+        if (iter.event.labels.has(HTTPSessionClear)) {
+            return true;
         }
     }
-    catch (e_1_1) { e_1 = { error: e_1_1 }; }
-    finally {
-        try {
-            if (events_1_1 && !events_1_1.done && (_a = events_1.return)) _a.call(events_1);
-        }
-        finally { if (e_1) throw e_1.error; }
-    }
     return false;
 }
 function build() {
     function matcher(rootEvent) {
-        var e_2, _a;
-        try {
-            for (var _b = __values(new models_1.EventNavigator(rootEvent).descendants()), _c = _b.next(); !_c.done; _c = _b.next()) {
-                var event = _c.value;
-                // .//*[@security.logout]
-                if (event.event.labels.has(SecurityLogout)) {
-                    // .//*[@http.session.clear]
-                    if (containsSessionClear(event.descendants())) {
-                        return;
-                    }
-                    else {
-                        return [
-                            {
-                                event: event.event,
-                                message: "".concat(event.event, " logs out the user, but the HTTP session is not cleared"),
-                            },
-                        ];
-                    }
+        for (const event of new models_1.EventNavigator(rootEvent).descendants()) {
+            // .//*[@security.logout]
+            if (event.event.labels.has(SecurityLogout)) {
+                // .//*[@http.session.clear]
+                if (containsSessionClear(event.descendants())) {
+                    return;
+                }
+                else {
+                    return [
+                        {
+                            event: event.event,
+                            message: `${event.event} logs out the user, but the HTTP session is not cleared`,
+                        },
+                    ];
                 }
             }
         }
-        catch (e_2_1) { e_2 = { error: e_2_1 }; }
-        finally {
-            try {
-                if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
-            }
-            finally { if (e_2) throw e_2.error; }
-        }
     }
     return {
-        matcher: matcher,
+        matcher,
     };
 }
-var SecurityLogout = 'security.logout';
-var HTTPSessionClear = 'http.session.clear';
+const SecurityLogout = 'security.logout';
+const HTTPSessionClear = 'http.session.clear';
 exports.default = {
     id: 'logout-without-session-reset',
     title: 'Logout without session reset',
@@ -87,6 +54,5 @@ exports.default = {
     },
     description: (0, parseRuleDescription_1.default)('logoutWithoutSessionReset'),
     url: 'https://appland.com/docs/analysis/rules-reference.html#logout-without-session-reset',
-    build: build,
+    build,
 };
-//# sourceMappingURL=logoutWithoutSessionReset.js.map

package/built/rules/missingAuthentication.js

@@ -3,17 +3,17 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-var models_1 = require("@appland/models");
-var rpcRequest_1 = require("../openapi/rpcRequest");
-var util_1 = require("./lib/util");
-var matchPattern_1 = require("./lib/matchPattern");
-var url_1 = require("url");
-var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
+const models_1 = require("@appland/models");
+const openapi_1 = require("@appland/openapi");
+const util_1 = require("./lib/util");
+const matchPattern_1 = require("./lib/matchPattern");
+const url_1 = require("url");
+const parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
 function isPublic(event) {
     return event.labels.has(AccessPublic);
 }
-var authenticatedBy = function (iterator) {
-    var i = iterator.next();
+const authenticatedBy = (iterator) => {
+    let i = iterator.next();
     while (!i.done) {
         if (isPublic(i.value.event) || (0, util_1.providesAuthentication)(i.value.event, SecurityAuthentication)) {
             return true;
@@ -22,20 +22,21 @@ var authenticatedBy = function (iterator) {
     }
     return false;
 };
-var Options = /** @class */ (function () {
-    function Options() {
+class Options {
+    constructor() {
         this.includeContentTypes = [];
         this.excludeContentTypes = [];
     }
-    return Options;
-}());
-function build(options) {
-    if (options === void 0) { options = new Options(); }
-    var includeContentTypes = (0, matchPattern_1.buildFilters)(options.includeContentTypes);
-    var excludeContentTypes = (0, matchPattern_1.buildFilters)(options.excludeContentTypes);
+}
+function build(options = new Options()) {
+    const includeContentTypes = (0, matchPattern_1.buildFilters)(options.includeContentTypes);
+    const excludeContentTypes = (0, matchPattern_1.buildFilters)(options.excludeContentTypes);
     function testContentType(contentType) {
+        if (!contentType)
+            return false;
+        const content = contentType;
         function test(filter) {
-            return filter(contentType);
+            return filter(content);
         }
         return ((includeContentTypes.length === 0 || includeContentTypes.some(test)) &&
             !excludeContentTypes.some(test));
@@ -45,7 +46,7 @@ function build(options) {
             return [
                 {
                     event: event,
-                    message: "Unauthenticated HTTP server request: ".concat(event.route),
+                    message: `Unauthenticated HTTP server request: ${event.route}`,
                 },
             ];
         }
@@ -54,17 +55,17 @@ function build(options) {
         return (e.route !== undefined &&
             e.httpServerResponse !== undefined &&
             e.httpServerResponse.status < 300 &&
-            !!(0, rpcRequest_1.rpcRequestForEvent)(e) &&
-            !!(0, rpcRequest_1.rpcRequestForEvent)(e).contentType &&
-            testContentType((0, rpcRequest_1.rpcRequestForEvent)(e).contentType));
+            !!(0, openapi_1.rpcRequestForEvent)(e) &&
+            !!(0, openapi_1.rpcRequestForEvent)(e).responseContentType &&
+            testContentType((0, openapi_1.rpcRequestForEvent)(e).responseContentType));
     }
     return {
-        where: where,
-        matcher: matcher,
+        where,
+        matcher,
     };
 }
-var AccessPublic = 'access.public';
-var SecurityAuthentication = 'security.authentication';
+const AccessPublic = 'access.public';
+const SecurityAuthentication = 'security.authentication';
 exports.default = {
     id: 'missing-authentication',
     title: 'Unauthenticated HTTP server request',
@@ -77,7 +78,6 @@ exports.default = {
     },
     description: (0, parseRuleDescription_1.default)('missingAuthentication'),
     url: 'https://appland.com/docs/analysis/rules-reference.html#missing-authentication',
-    Options: Options,
-    build: build,
+    Options,
+    build,
 };
-//# sourceMappingURL=missingAuthentication.js.map

package/built/rules/missingContentType.js

@@ -3,13 +3,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-var rpcRequest_1 = require("../openapi/rpcRequest");
-var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
-var isRedirect = function (status) { return [301, 302, 303, 307, 308].includes(status); };
-var hasContent = function (status) { return status !== 204; };
+const openapi_1 = require("@appland/openapi");
+const parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
+const isRedirect = (status) => [301, 302, 303, 307, 308].includes(status);
+const hasContent = (status) => status !== 204;
 function build() {
     function matcher(e) {
-        return (0, rpcRequest_1.rpcRequestForEvent)(e).contentType === undefined;
+        return (0, openapi_1.rpcRequestForEvent)(e).responseContentType === undefined;
     }
     function where(e) {
         return (!!e.httpServerResponse &&
@@ -17,8 +17,8 @@ function build() {
             hasContent(e.httpServerResponse.status));
     }
     return {
-        matcher: matcher,
-        where: where,
+        matcher,
+        where,
     };
 }
 exports.default = {
@@ -29,6 +29,5 @@ exports.default = {
     enumerateScope: false,
     description: (0, parseRuleDescription_1.default)('missingContentType'),
     url: 'https://appland.com/docs/analysis/rules-reference.html#missing-content-type',
-    build: build,
+    build,
 };
-//# sourceMappingURL=missingContentType.js.map

package/built/rules/nPlusOneQuery.js

@@ -1,96 +1,48 @@
 "use strict";
-var __values = (this && this.__values) || function(o) {
-    var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
-    if (m) return m.call(o);
-    if (o && typeof o.length === "number") return {
-        next: function () {
-            if (o && i >= o.length) o = void 0;
-            return { value: o && o[i++], done: !o };
-        }
-    };
-    throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
-};
-var __read = (this && this.__read) || function (o, n) {
-    var m = typeof Symbol === "function" && o[Symbol.iterator];
-    if (!m) return o;
-    var i = m.call(o), r, ar = [], e;
-    try {
-        while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);
-    }
-    catch (error) { e = { error: error }; }
-    finally {
-        try {
-            if (r && !r.done && (m = i["return"])) m.call(i);
-        }
-        finally { if (e) throw e.error; }
-    }
-    return ar;
-};
-var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
-    if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
-        if (ar || !(i in from)) {
-            if (!ar) ar = Array.prototype.slice.call(from, 0, i);
-            ar[i] = from[i];
-        }
-    }
-    return to.concat(ar || Array.prototype.slice.call(from));
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-var database_1 = require("../database");
-var url_1 = require("url");
-var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
-var Options = /** @class */ (function () {
-    function Options() {
+const database_1 = require("../database");
+const url_1 = require("url");
+const parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
+class Options {
+    constructor() {
         this.warningLimit = 5;
         this.errorLimit = 10;
     }
-    return Options;
-}());
+}
 function build(options) {
     function matcher(command, appMapIndex, eventFilter) {
-        var e_1, _a;
-        var sqlEvents = (0, database_1.sqlStrings)(command, appMapIndex, eventFilter);
-        var sqlRollup = {};
-        var eventsById = {};
-        appMapIndex.appMap.events.forEach(function (event) {
+        const sqlEvents = (0, database_1.sqlStrings)(command, appMapIndex, eventFilter);
+        let sqlRollup = {};
+        const eventsById = {};
+        appMapIndex.appMap.events.forEach((event) => {
             eventsById[event.id] = event;
         });
-        try {
-            for (var sqlEvents_1 = __values(sqlEvents), sqlEvents_1_1 = sqlEvents_1.next(); !sqlEvents_1_1.done; sqlEvents_1_1 = sqlEvents_1.next()) {
-                var sqlEvent = sqlEvents_1_1.value;
-                if (!sqlEvent.event.parent)
-                    continue;
-                var key = [sqlEvent.event.parent.id, sqlEvent.sql].join('\n');
-                sqlRollup[key] || (sqlRollup[key] = []);
-                sqlRollup[key].push(sqlEvent);
-            }
+        for (const sqlEvent of sqlEvents) {
+            if (!sqlEvent.event.parent)
+                continue;
+            const key = [sqlEvent.event.parent.id, sqlEvent.sql].join('\n');
+            sqlRollup[key] || (sqlRollup[key] = []);
+            sqlRollup[key].push(sqlEvent);
         }
-        catch (e_1_1) { e_1 = { error: e_1_1 }; }
-        finally {
-            try {
-                if (sqlEvents_1_1 && !sqlEvents_1_1.done && (_a = sqlEvents_1.return)) _a.call(sqlEvents_1);
-            }
-            finally { if (e_1) throw e_1.error; }
-        }
-        var matchResults = [];
-        var _loop_1 = function () {
-            __spreadArray([], __read(Object.keys(sqlRollup)), false).forEach(function (key) {
-                var events = sqlRollup[key];
-                var _a = __read(key.split('\n'), 2), ancestorId = _a[0], sql = _a[1];
-                var ancestor = eventsById[parseInt(ancestorId)];
-                var occurranceCount = events.length;
+        const matchResults = [];
+        do {
+            [...Object.keys(sqlRollup)].forEach((key) => {
+                const events = sqlRollup[key];
+                const [ancestorId, sql] = key.split('\n');
+                const ancestor = eventsById[parseInt(ancestorId)];
+                const occurranceCount = events.length;
                 if (occurranceCount > options.warningLimit) {
-                    var buildMatchResult = function (level) {
+                    const buildMatchResult = (level) => {
                         return {
                             level: level,
                             event: events[0].event,
-                            message: "".concat(ancestor.toString(), "[").concat(ancestor.id, "] contains ").concat(occurranceCount, " occurrences of SQL: ").concat(sql),
+                            message: `${ancestor.toString()}[${ancestor.id}] contains ${occurranceCount} occurrences of SQL: ${sql}`,
                             groupMessage: sql,
                             occurranceCount: occurranceCount,
-                            relatedEvents: events.map(function (e) { return e.event; }),
+                            relatedEvents: events.map((e) => e.event),
                         };
                     };
                     if (occurranceCount >= options.errorLimit) {
@@ -101,27 +53,24 @@ function build(options) {
                     }
                 }
             });
-            var newRollup = {};
-            Object.keys(sqlRollup).forEach(function (key) {
-                var events = sqlRollup[key];
+            const newRollup = {};
+            Object.keys(sqlRollup).forEach((key) => {
+                const events = sqlRollup[key];
                 if (events.length >= options.warningLimit)
                     return;
-                var _a = __read(key.split('\n'), 2), ancestorId = _a[0], sql = _a[1];
-                var ancestor = eventsById[parseInt(ancestorId)];
+                const [ancestorId, sql] = key.split('\n');
+                const ancestor = eventsById[parseInt(ancestorId)];
                 if (ancestor.parent) {
-                    var parentKey = [ancestor.parent.id, sql].join('\n');
+                    const parentKey = [ancestor.parent.id, sql].join('\n');
                     newRollup[parentKey] = (newRollup[parentKey] || []).concat(events);
                 }
             }, {});
             sqlRollup = newRollup;
-        };
-        do {
-            _loop_1();
         } while (Object.keys(sqlRollup).length > 0);
         return matchResults;
     }
     return {
-        matcher: matcher,
+        matcher,
     };
 }
 exports.default = {
@@ -130,12 +79,11 @@ exports.default = {
     scope: 'command',
     impactDomain: 'Performance',
     enumerateScope: false,
-    Options: Options,
+    Options,
     references: {
         'CWE-1073': new url_1.URL('https://cwe.mitre.org/data/definitions/1073.html'),
     },
     description: (0, parseRuleDescription_1.default)('nPlusOneQuery'),
     url: 'https://appland.com/docs/analysis/rules-reference.html#n-plus-one-query',
-    build: build,
+    build,
 };
-//# sourceMappingURL=nPlusOneQuery.js.map

package/built/rules/queryFromInvalidPackage.js

@@ -3,44 +3,43 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-var matchPattern_1 = require("./lib/matchPattern");
-var url_1 = require("url");
-var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
+const matchPattern_1 = require("./lib/matchPattern");
+const url_1 = require("url");
+const parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
 // TODO: Use the Query AST for this.
-var WHITELIST = [/\bBEGIN\b/i, /\bCOMMIT\b/i, /\bROLLBACK\b/i, /\bRELEASE\b/i, /\bSAVEPOINT\b/i];
-var Options = /** @class */ (function () {
-    function Options() {
+const WHITELIST = [/\bBEGIN\b/i, /\bCOMMIT\b/i, /\bROLLBACK\b/i, /\bRELEASE\b/i, /\bSAVEPOINT\b/i];
+class Options {
+    constructor() {
         this.allowedPackages = [];
-        this.allowedQueries = WHITELIST.map(function (regexp) { return ({ match: regexp }); });
+        this.allowedQueries = WHITELIST.map((regexp) => ({ match: regexp }));
     }
-    return Options;
-}());
+}
 function build(options) {
-    var allowedPackages = (0, matchPattern_1.buildFilters)(options.allowedPackages);
-    var allowedQueries = (0, matchPattern_1.buildFilters)(options.allowedQueries);
+    const allowedPackages = (0, matchPattern_1.buildFilters)(options.allowedPackages);
+    const allowedQueries = (0, matchPattern_1.buildFilters)(options.allowedQueries);
     function matcher(e) {
-        if (!allowedPackages.some(function (filter) { return filter(e.parent.codeObject.packageOf); })) {
+        if (!allowedPackages.some((filter) => filter(e.parent.codeObject.packageOf))) {
             return [
                 {
                     event: e,
-                    message: "".concat(e.codeObject.id, " is invoked from illegal package ").concat(e.parent.codeObject.packageOf),
+                    message: `${e.codeObject.id} is invoked from illegal package ${e.parent.codeObject.packageOf}`,
                     relatedEvents: [e.parent],
                 },
             ];
         }
     }
     function where(e) {
-        return !!e.sqlQuery && !!e.parent && !allowedQueries.some(function (pattern) { return pattern(e.sqlQuery); });
+        return !!e.sqlQuery && !!e.parent && !allowedQueries.some((pattern) => pattern(e.sqlQuery));
     }
     return {
-        matcher: matcher,
-        where: where,
+        matcher,
+        where,
     };
 }
 exports.default = {
     id: 'query-from-invalid-package',
     title: 'Queries from invalid packages',
-    Options: Options,
+    Options,
     impactDomain: 'Maintainability',
     enumerateScope: true,
     references: {
@@ -48,6 +47,5 @@ exports.default = {
     },
     description: (0, parseRuleDescription_1.default)('queryFromInvalidPackage'),
     url: 'https://appland.com/docs/analysis/rules-reference.html#query-from-invalid-package',
-    build: build,
+    build,
 };
-//# sourceMappingURL=queryFromInvalidPackage.js.map

package/built/rules/queryFromView.js

@@ -3,25 +3,23 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-var url_1 = require("url");
-var parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
-var Options = /** @class */ (function () {
-    function Options() {
+const url_1 = require("url");
+const parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
+class Options {
+    constructor() {
         this.forbiddenLabel = 'mvc.template';
     }
-    return Options;
-}());
-function build(options) {
-    if (options === void 0) { options = new Options(); }
+}
+function build(options = new Options()) {
     function matcher(e) {
-        var forbiddenAncestor = e
+        const forbiddenAncestor = e
             .ancestors()
-            .find(function (e) { return e.codeObject.labels.has(options.forbiddenLabel); });
+            .find((e) => e.codeObject.labels.has(options.forbiddenLabel));
         if (forbiddenAncestor) {
             return [
                 {
                     event: e,
-                    message: "SQL query is invoked from invalid event ".concat(forbiddenAncestor, ", labeled ").concat(options.forbiddenLabel),
+                    message: `SQL query is invoked from invalid event ${forbiddenAncestor}, labeled ${options.forbiddenLabel}`,
                     relatedEvents: [forbiddenAncestor],
                 },
             ];
@@ -31,14 +29,14 @@ function build(options) {
         return !!e.sqlQuery;
     }
     return {
-        matcher: matcher,
-        where: where,
+        matcher,
+        where,
     };
 }
 exports.default = {
     id: 'query-from-view',
     title: 'Queries from view',
-    Options: Options,
+    Options,
     impactDomain: 'Maintainability',
     enumerateScope: true,
     references: {
@@ -46,6 +44,5 @@ exports.default = {
     },
     description: (0, parseRuleDescription_1.default)('queryFromView'),
     url: 'https://appland.com/docs/analysis/rules-reference.html#query-from-view',
-    build: build,
+    build,
 };
-//# sourceMappingURL=queryFromView.js.map