@appland/scanner 1.56.0 → 1.57.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +15 -0
- package/built/algorithms/dataStructures/graph/Graph.js +53 -62
- package/built/algorithms/dataStructures/graph/GraphEdge.js +13 -16
- package/built/algorithms/dataStructures/graph/GraphVertex.js +37 -42
- package/built/algorithms/dataStructures/linked-list/LinkedList.js +33 -38
- package/built/algorithms/dataStructures/linked-list/LinkedListNode.js +6 -10
- package/built/algorithms/graph/depth-first-search/index.js +7 -8
- package/built/algorithms/graph/detect-cycle/index.js +15 -16
- package/built/algorithms/utils/Comparator.js +19 -21
- package/built/analyzer/recordSecrets.js +7 -30
- package/built/analyzer/secretsRegexes.js +8 -9
- package/built/appMapIndex.js +18 -20
- package/built/check.js +16 -18
- package/built/checkInstance.js +26 -48
- package/built/cli/ci/command.js +61 -156
- package/built/cli/ci/options.js +0 -1
- package/built/cli/codeVersionArgs.js +0 -1
- package/built/cli/exitCode.js +0 -1
- package/built/cli/fail.js +2 -3
- package/built/cli/merge/command.js +21 -63
- package/built/cli/merge/options.js +0 -1
- package/built/cli/reportUploadURL.js +2 -3
- package/built/cli/resolveAppId.js +34 -85
- package/built/cli/scan/command.js +52 -94
- package/built/cli/scan/formatReport.js +16 -89
- package/built/cli/scan/options.js +0 -1
- package/built/cli/scan/scanner.js +38 -117
- package/built/cli/scan/singleScan.js +61 -109
- package/built/cli/scan/watchScan.js +32 -82
- package/built/cli/scan.js +39 -132
- package/built/cli/scanArgs.js +0 -1
- package/built/cli/scanOptions.js +0 -1
- package/built/cli/updateCommitStatus.js +10 -47
- package/built/cli/upload/command.js +20 -64
- package/built/cli/upload/options.js +0 -1
- package/built/cli/upload/pruneAppMap.js +16 -0
- package/built/cli/upload.js +91 -172
- package/built/cli/validateFile.js +13 -52
- package/built/cli.js +34 -21
- package/built/configuration/configurationProvider.js +148 -233
- package/built/configuration/schema/options.json +76 -76
- package/built/configuration/types/checkConfig.js +0 -1
- package/built/configuration/types/configuration.js +0 -1
- package/built/configuration/types/matchEventConfig.js +0 -1
- package/built/configuration/types/matchPatternConfig.js +0 -1
- package/built/database/index.js +33 -127
- package/built/database/visit.js +16 -66
- package/built/errors.js +4 -30
- package/built/eventUtil.js +10 -35
- package/built/findings.js +3 -4
- package/built/integration/appland/app/exists.js +33 -76
- package/built/integration/appland/app/listFindingStatus.js +3 -36
- package/built/integration/appland/appMap/create.js +38 -89
- package/built/integration/appland/location.js +0 -1
- package/built/integration/appland/mapset/create.js +34 -85
- package/built/integration/appland/retry.js +10 -11
- package/built/integration/appland/retryOptions.js +0 -1
- package/built/integration/appland/scannerJob/create.js +34 -84
- package/built/integration/appland/scannerJob/merge.js +28 -74
- package/built/integration/appland/scannerJob.js +0 -1
- package/built/integration/github/commitStatus.js +3 -4
- package/built/integration/vars.js +1 -2
- package/built/openapi/index.js +39 -83
- package/built/report/appMapMetadata.js +0 -1
- package/built/report/findingSummary.js +0 -1
- package/built/report/findingsReport.js +14 -16
- package/built/report/scanResults.js +18 -45
- package/built/report/scanSummary.js +0 -1
- package/built/report/summaryReport.js +12 -13
- package/built/ruleChecker.js +146 -297
- package/built/rules/authzBeforeAuthn.js +25 -59
- package/built/rules/circularDependency.js +69 -101
- package/built/rules/deserializationOfUntrustedData.js +29 -63
- package/built/rules/execOfUntrustedCommand.js +28 -62
- package/built/rules/http-500/metadata.js +0 -1
- package/built/rules/http-500/rule.js +2 -3
- package/built/rules/illegalPackageDependency.js +16 -18
- package/built/rules/incompatibleHttpClientRequest.js +30 -69
- package/built/rules/insecureCompare.js +12 -13
- package/built/rules/jobNotCancelled.js +13 -45
- package/built/rules/lib/hasParameterOrReceiver.js +4 -7
- package/built/rules/lib/matchEvent.js +12 -13
- package/built/rules/lib/matchPattern.js +6 -7
- package/built/rules/lib/metadata.js +0 -1
- package/built/rules/lib/parseRuleDescription.js +5 -6
- package/built/rules/lib/precedingEvents.js +7 -75
- package/built/rules/lib/rpcWithoutProtection.js +5 -28
- package/built/rules/lib/sanitizesData.js +0 -1
- package/built/rules/lib/util.js +33 -73
- package/built/rules/logoutWithoutSessionReset.js +24 -58
- package/built/rules/missingAuthentication.js +28 -28
- package/built/rules/missingContentType.js +8 -9
- package/built/rules/nPlusOneQuery.js +35 -87
- package/built/rules/queryFromInvalidPackage.js +17 -19
- package/built/rules/queryFromView.js +13 -16
- package/built/rules/rpcWithoutCircuitBreaker.js +14 -84
- package/built/rules/saveWithoutValidation.js +8 -9
- package/built/rules/secretInLog.js +29 -92
- package/built/rules/slowFunctionCall.js +16 -20
- package/built/rules/slowHttpServerRequest.js +9 -11
- package/built/rules/slowQuery.js +9 -12
- package/built/rules/tooManyJoins.js +26 -51
- package/built/rules/tooManyUpdates.js +25 -105
- package/built/rules/unbatchedMaterializedQuery.js +26 -30
- package/built/rules/updateInGetRequest.js +30 -45
- package/built/scope/commandScope.js +24 -144
- package/built/scope/httpClientRequestScope.js +11 -98
- package/built/scope/httpServerRequestScope.js +11 -98
- package/built/scope/rootScope.js +11 -98
- package/built/scope/scopeImpl.js +10 -82
- package/built/scope/scopeIterator.js +6 -10
- package/built/scope/sqlTransactionScope.js +24 -122
- package/built/sqlWarning.js +9 -35
- package/built/telemetry.js +215 -0
- package/built/wellKnownLabels.js +0 -1
- package/package.json +7 -3
- package/built/algorithms/dataStructures/graph/Graph.js.map +0 -1
- package/built/algorithms/dataStructures/graph/GraphEdge.js.map +0 -1
- package/built/algorithms/dataStructures/graph/GraphVertex.js.map +0 -1
- package/built/algorithms/dataStructures/linked-list/LinkedList.js.map +0 -1
- package/built/algorithms/dataStructures/linked-list/LinkedListNode.js.map +0 -1
- package/built/algorithms/graph/depth-first-search/index.js.map +0 -1
- package/built/algorithms/graph/detect-cycle/index.js.map +0 -1
- package/built/algorithms/utils/Comparator.js.map +0 -1
- package/built/analyzer/recordSecrets.js.map +0 -1
- package/built/analyzer/secretsRegexes.js.map +0 -1
- package/built/appMapIndex.js.map +0 -1
- package/built/check.js.map +0 -1
- package/built/checkInstance.js.map +0 -1
- package/built/cli/ci/command.js.map +0 -1
- package/built/cli/ci/options.js.map +0 -1
- package/built/cli/codeVersionArgs.js.map +0 -1
- package/built/cli/exitCode.js.map +0 -1
- package/built/cli/fail.js.map +0 -1
- package/built/cli/merge/command.js.map +0 -1
- package/built/cli/merge/options.js.map +0 -1
- package/built/cli/reportUploadURL.js.map +0 -1
- package/built/cli/resolveAppId.js.map +0 -1
- package/built/cli/scan/command.js.map +0 -1
- package/built/cli/scan/formatReport.js.map +0 -1
- package/built/cli/scan/options.js.map +0 -1
- package/built/cli/scan/scanner.js.map +0 -1
- package/built/cli/scan/singleScan.js.map +0 -1
- package/built/cli/scan/watchScan.js.map +0 -1
- package/built/cli/scan.js.map +0 -1
- package/built/cli/scanArgs.js.map +0 -1
- package/built/cli/scanOptions.js.map +0 -1
- package/built/cli/updateCommitStatus.js.map +0 -1
- package/built/cli/upload/command.js.map +0 -1
- package/built/cli/upload/options.js.map +0 -1
- package/built/cli/upload.js.map +0 -1
- package/built/cli/validateFile.js.map +0 -1
- package/built/cli.js.map +0 -1
- package/built/configuration/configurationProvider.js.map +0 -1
- package/built/configuration/types/checkConfig.js.map +0 -1
- package/built/configuration/types/configuration.js.map +0 -1
- package/built/configuration/types/matchEventConfig.js.map +0 -1
- package/built/configuration/types/matchPatternConfig.js.map +0 -1
- package/built/database/index.js.map +0 -1
- package/built/database/visit.js.map +0 -1
- package/built/errors.js.map +0 -1
- package/built/eventUtil.js.map +0 -1
- package/built/findings.js.map +0 -1
- package/built/integration/appland/app/exists.js.map +0 -1
- package/built/integration/appland/app/listFindingStatus.js.map +0 -1
- package/built/integration/appland/appMap/create.js.map +0 -1
- package/built/integration/appland/location.js.map +0 -1
- package/built/integration/appland/mapset/create.js.map +0 -1
- package/built/integration/appland/retry.js.map +0 -1
- package/built/integration/appland/retryOptions.js.map +0 -1
- package/built/integration/appland/scannerJob/create.js.map +0 -1
- package/built/integration/appland/scannerJob/merge.js.map +0 -1
- package/built/integration/appland/scannerJob.js.map +0 -1
- package/built/integration/github/commitStatus.js.map +0 -1
- package/built/integration/vars.js.map +0 -1
- package/built/openapi/index.js.map +0 -1
- package/built/openapi/method.js +0 -120
- package/built/openapi/method.js.map +0 -1
- package/built/openapi/model.js +0 -49
- package/built/openapi/model.js.map +0 -1
- package/built/openapi/path.js +0 -36
- package/built/openapi/path.js.map +0 -1
- package/built/openapi/provider.js +0 -133
- package/built/openapi/provider.js.map +0 -1
- package/built/openapi/response.js +0 -59
- package/built/openapi/response.js.map +0 -1
- package/built/openapi/rpcRequest.js +0 -130
- package/built/openapi/rpcRequest.js.map +0 -1
- package/built/openapi/schema.js +0 -42
- package/built/openapi/schema.js.map +0 -1
- package/built/openapi/securitySchemes.js +0 -32
- package/built/openapi/securitySchemes.js.map +0 -1
- package/built/openapi/statusCodes.js +0 -68
- package/built/openapi/statusCodes.js.map +0 -1
- package/built/openapi/util.js +0 -91
- package/built/openapi/util.js.map +0 -1
- package/built/report/appMapMetadata.js.map +0 -1
- package/built/report/findingSummary.js.map +0 -1
- package/built/report/findingsReport.js.map +0 -1
- package/built/report/scanResults.js.map +0 -1
- package/built/report/scanSummary.js.map +0 -1
- package/built/report/summaryReport.js.map +0 -1
- package/built/ruleChecker.js.map +0 -1
- package/built/rules/authzBeforeAuthn.js.map +0 -1
- package/built/rules/circularDependency.js.map +0 -1
- package/built/rules/deserializationOfUntrustedData.js.map +0 -1
- package/built/rules/execOfUntrustedCommand.js.map +0 -1
- package/built/rules/http-500/metadata.js.map +0 -1
- package/built/rules/http-500/rule.js.map +0 -1
- package/built/rules/illegalPackageDependency.js.map +0 -1
- package/built/rules/incompatibleHttpClientRequest.js.map +0 -1
- package/built/rules/insecureCompare.js.map +0 -1
- package/built/rules/jobNotCancelled.js.map +0 -1
- package/built/rules/lib/hasParameterOrReceiver.js.map +0 -1
- package/built/rules/lib/matchEvent.js.map +0 -1
- package/built/rules/lib/matchPattern.js.map +0 -1
- package/built/rules/lib/metadata.js.map +0 -1
- package/built/rules/lib/parseRuleDescription.js.map +0 -1
- package/built/rules/lib/precedingEvents.js.map +0 -1
- package/built/rules/lib/rpcWithoutProtection.js.map +0 -1
- package/built/rules/lib/sanitizesData.js.map +0 -1
- package/built/rules/lib/util.js.map +0 -1
- package/built/rules/logoutWithoutSessionReset.js.map +0 -1
- package/built/rules/missingAuthentication.js.map +0 -1
- package/built/rules/missingContentType.js.map +0 -1
- package/built/rules/nPlusOneQuery.js.map +0 -1
- package/built/rules/queryFromInvalidPackage.js.map +0 -1
- package/built/rules/queryFromView.js.map +0 -1
- package/built/rules/rpcWithoutCircuitBreaker.js.map +0 -1
- package/built/rules/saveWithoutValidation.js.map +0 -1
- package/built/rules/secretInLog.js.map +0 -1
- package/built/rules/slowFunctionCall.js.map +0 -1
- package/built/rules/slowHttpServerRequest.js.map +0 -1
- package/built/rules/slowQuery.js.map +0 -1
- package/built/rules/tooManyJoins.js.map +0 -1
- package/built/rules/tooManyUpdates.js.map +0 -1
- package/built/rules/unbatchedMaterializedQuery.js.map +0 -1
- package/built/rules/updateInGetRequest.js.map +0 -1
- package/built/scope/commandScope.js.map +0 -1
- package/built/scope/httpClientRequestScope.js.map +0 -1
- package/built/scope/httpServerRequestScope.js.map +0 -1
- package/built/scope/rootScope.js.map +0 -1
- package/built/scope/scopeImpl.js.map +0 -1
- package/built/scope/scopeIterator.js.map +0 -1
- package/built/scope/sqlTransactionScope.js.map +0 -1
- package/built/sqlWarning.js.map +0 -1
- package/built/wellKnownLabels.js.map +0 -1
|
@@ -1,35 +1,33 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
|
|
4
|
-
|
|
3
|
+
class Comparator {
|
|
4
|
+
constructor(compareFunction) {
|
|
5
5
|
this.compare = compareFunction || Comparator.defaultCompareFunction;
|
|
6
6
|
}
|
|
7
|
-
|
|
7
|
+
static defaultCompareFunction(a, b) {
|
|
8
8
|
if (a === b) {
|
|
9
9
|
return 0;
|
|
10
10
|
}
|
|
11
11
|
return a < b ? -1 : 1;
|
|
12
|
-
}
|
|
13
|
-
|
|
12
|
+
}
|
|
13
|
+
equal(a, b) {
|
|
14
14
|
return this.compare(a, b) === 0;
|
|
15
|
-
}
|
|
16
|
-
|
|
15
|
+
}
|
|
16
|
+
lessThan(a, b) {
|
|
17
17
|
return this.compare(a, b) < 0;
|
|
18
|
-
}
|
|
19
|
-
|
|
18
|
+
}
|
|
19
|
+
greaterThan(a, b) {
|
|
20
20
|
return this.compare(a, b) > 0;
|
|
21
|
-
}
|
|
22
|
-
|
|
21
|
+
}
|
|
22
|
+
lessThanOrEqual(a, b) {
|
|
23
23
|
return this.lessThan(a, b) || this.equal(a, b);
|
|
24
|
-
}
|
|
25
|
-
|
|
24
|
+
}
|
|
25
|
+
greaterThanOrEqual(a, b) {
|
|
26
26
|
return this.greaterThan(a, b) || this.equal(a, b);
|
|
27
|
-
}
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
this.compare =
|
|
31
|
-
}
|
|
32
|
-
|
|
33
|
-
}());
|
|
27
|
+
}
|
|
28
|
+
reverse() {
|
|
29
|
+
const compareOriginal = this.compare;
|
|
30
|
+
this.compare = (a, b) => compareOriginal(b, a);
|
|
31
|
+
}
|
|
32
|
+
}
|
|
34
33
|
exports.default = Comparator;
|
|
35
|
-
//# sourceMappingURL=Comparator.js.map
|
|
@@ -1,43 +1,20 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __values = (this && this.__values) || function(o) {
|
|
3
|
-
var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
|
|
4
|
-
if (m) return m.call(o);
|
|
5
|
-
if (o && typeof o.length === "number") return {
|
|
6
|
-
next: function () {
|
|
7
|
-
if (o && i >= o.length) o = void 0;
|
|
8
|
-
return { value: o && o[i++], done: !o };
|
|
9
|
-
}
|
|
10
|
-
};
|
|
11
|
-
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
|
|
12
|
-
};
|
|
13
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
14
|
-
|
|
3
|
+
const util_1 = require("../rules/lib/util");
|
|
15
4
|
function default_1(secrets, e) {
|
|
16
|
-
var e_1, _a;
|
|
17
5
|
if (!e.returnValue) {
|
|
18
6
|
return;
|
|
19
7
|
}
|
|
20
8
|
if ((0, util_1.emptyValue)(e.returnValue.value)) {
|
|
21
9
|
return;
|
|
22
10
|
}
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
if ((0, util_1.verbose)()) {
|
|
29
|
-
console.warn("Secret generated: ".concat(secret));
|
|
30
|
-
}
|
|
31
|
-
secrets.add(secret);
|
|
32
|
-
}
|
|
33
|
-
}
|
|
34
|
-
catch (e_1_1) { e_1 = { error: e_1_1 }; }
|
|
35
|
-
finally {
|
|
36
|
-
try {
|
|
37
|
-
if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
|
|
11
|
+
// For example, from Devise:
|
|
12
|
+
// {"class":"Array","value":"[LoDbrVENxPDM3x9ySf1y, 706d0455f6ca78e6f61609e8146a76729ceca01b7e95ed0ac49d416e3e8be39a]"
|
|
13
|
+
for (const secret of (0, util_1.parseValue)(e.returnValue)) {
|
|
14
|
+
if ((0, util_1.verbose)()) {
|
|
15
|
+
console.warn(`Secret generated: ${secret}`);
|
|
38
16
|
}
|
|
39
|
-
|
|
17
|
+
secrets.add(secret);
|
|
40
18
|
}
|
|
41
19
|
}
|
|
42
20
|
exports.default = default_1;
|
|
43
|
-
//# sourceMappingURL=recordSecrets.js.map
|
|
@@ -1,17 +1,16 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.looksSecret = void 0;
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
memo[key] = regexes.map(
|
|
4
|
+
const fs_1 = require("fs");
|
|
5
|
+
const path_1 = require("path");
|
|
6
|
+
const regexData = JSON.parse((0, fs_1.readFileSync)((0, path_1.join)(__dirname, 'secretsRegexesData.json')).toString());
|
|
7
|
+
const REGEXES = Object.keys(regexData).reduce((memo, key) => {
|
|
8
|
+
const value = regexData[key];
|
|
9
|
+
const regexes = Array.isArray(value) ? value : [value];
|
|
10
|
+
memo[key] = regexes.map((regex) => new RegExp(regex));
|
|
11
11
|
return memo;
|
|
12
12
|
}, {});
|
|
13
|
-
|
|
13
|
+
const AnySecretRE = new RegExp('(?:' + Object.values(regexData).flat().join(')|(?:') + ')');
|
|
14
14
|
// Check if a string contains any defined secret regex
|
|
15
15
|
exports.looksSecret = AnySecretRE.test.bind(AnySecretRE);
|
|
16
16
|
exports.default = REGEXES;
|
|
17
|
-
//# sourceMappingURL=secretsRegexes.js.map
|
package/built/appMapIndex.js
CHANGED
|
@@ -3,38 +3,36 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
6
|
+
const models_1 = require("@appland/models");
|
|
7
|
+
const lru_cache_1 = __importDefault(require("lru-cache"));
|
|
8
|
+
const sqlWarning_1 = __importDefault(require("./sqlWarning"));
|
|
9
|
+
const NormalizedSQLBySQLString = new lru_cache_1.default({ max: 10000 });
|
|
10
|
+
const ASTBySQLString = new lru_cache_1.default({ max: 1000 });
|
|
11
|
+
class AppMapIndex {
|
|
12
|
+
constructor(appMap) {
|
|
13
13
|
this.appMap = appMap;
|
|
14
14
|
}
|
|
15
|
-
|
|
15
|
+
sqlAST(event) {
|
|
16
16
|
if (!event.sql)
|
|
17
|
-
throw new Error(
|
|
18
|
-
|
|
19
|
-
|
|
17
|
+
throw new Error(`${event.fqid} is not a SQL query`);
|
|
18
|
+
const sql = this.sqlNormalized(event);
|
|
19
|
+
let ast = ASTBySQLString.get(sql);
|
|
20
20
|
if (!ast) {
|
|
21
21
|
ast = (0, models_1.parseSQL)(sql, sqlWarning_1.default);
|
|
22
22
|
ast ? ASTBySQLString.set(sql, ast) : ASTBySQLString.set(sql, []);
|
|
23
23
|
}
|
|
24
24
|
return ast;
|
|
25
|
-
}
|
|
26
|
-
|
|
25
|
+
}
|
|
26
|
+
sqlNormalized(event) {
|
|
27
27
|
if (!event.sql)
|
|
28
|
-
throw new Error(
|
|
29
|
-
|
|
30
|
-
|
|
28
|
+
throw new Error(`${event.fqid} is not a SQL query`);
|
|
29
|
+
const cacheKey = [event.sql.database_type, event.sql.sql].join(':');
|
|
30
|
+
let sql = NormalizedSQLBySQLString.get(cacheKey);
|
|
31
31
|
if (!sql) {
|
|
32
32
|
sql = (0, models_1.normalizeSQL)(event.sql.sql, event.sql.database_type);
|
|
33
33
|
NormalizedSQLBySQLString.set(cacheKey, sql);
|
|
34
34
|
}
|
|
35
35
|
return sql;
|
|
36
|
-
}
|
|
37
|
-
|
|
38
|
-
}());
|
|
36
|
+
}
|
|
37
|
+
}
|
|
39
38
|
exports.default = AppMapIndex;
|
|
40
|
-
//# sourceMappingURL=appMapIndex.js.map
|
package/built/check.js
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
3
|
+
const util_1 = require("./rules/lib/util");
|
|
4
|
+
class Check {
|
|
5
|
+
constructor(rule, options) {
|
|
6
6
|
this.rule = rule;
|
|
7
7
|
function makeOptions() {
|
|
8
8
|
return rule.Options ? new rule.Options() : {};
|
|
@@ -15,33 +15,31 @@ var Check = /** @class */ (function () {
|
|
|
15
15
|
this.includeEvent = [];
|
|
16
16
|
this.excludeEvent = [];
|
|
17
17
|
}
|
|
18
|
-
|
|
19
|
-
if (this.includeScope.length > 0 && !this.includeScope.every(
|
|
18
|
+
filterScope(event, appMapIndex) {
|
|
19
|
+
if (this.includeScope.length > 0 && !this.includeScope.every((fn) => fn(event, appMapIndex))) {
|
|
20
20
|
if ((0, util_1.verbose)()) {
|
|
21
|
-
console.warn(
|
|
21
|
+
console.warn(`\t'includeScope' clause is not satisifed.`);
|
|
22
22
|
}
|
|
23
23
|
return false;
|
|
24
24
|
}
|
|
25
|
-
if (this.excludeScope.some(
|
|
25
|
+
if (this.excludeScope.some((fn) => fn(event, appMapIndex))) {
|
|
26
26
|
if ((0, util_1.verbose)()) {
|
|
27
|
-
console.warn(
|
|
27
|
+
console.warn(`\t'excludeScope' clause is not satisifed.`);
|
|
28
28
|
}
|
|
29
29
|
return false;
|
|
30
30
|
}
|
|
31
31
|
return true;
|
|
32
|
-
}
|
|
33
|
-
|
|
34
|
-
|
|
32
|
+
}
|
|
33
|
+
toString() {
|
|
34
|
+
const tokens = [`[${this.rule.id}]`];
|
|
35
35
|
// eslint-disable-next-line @typescript-eslint/no-this-alias
|
|
36
|
-
|
|
37
|
-
['includeScope', 'excludeScope', 'includeEvent', 'excludeEvent'].forEach(
|
|
36
|
+
const self = this;
|
|
37
|
+
['includeScope', 'excludeScope', 'includeEvent', 'excludeEvent'].forEach((key) => {
|
|
38
38
|
if (self[key].length > 0) {
|
|
39
|
-
tokens.push(
|
|
39
|
+
tokens.push(`(${key} ${self[key].join(' && ')})`);
|
|
40
40
|
}
|
|
41
41
|
});
|
|
42
42
|
return tokens.join(' ');
|
|
43
|
-
}
|
|
44
|
-
|
|
45
|
-
}());
|
|
43
|
+
}
|
|
44
|
+
}
|
|
46
45
|
exports.default = Check;
|
|
47
|
-
//# sourceMappingURL=check.js.map
|
package/built/checkInstance.js
CHANGED
|
@@ -1,69 +1,47 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
3
|
+
const util_1 = require("./rules/lib/util");
|
|
4
|
+
class CheckInstance {
|
|
5
|
+
constructor(check) {
|
|
6
6
|
this.check = check;
|
|
7
7
|
this.ruleLogic = check.rule.build(check.options || {});
|
|
8
8
|
}
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
return this.check.rule.title;
|
|
26
|
-
},
|
|
27
|
-
enumerable: false,
|
|
28
|
-
configurable: true
|
|
29
|
-
});
|
|
30
|
-
Object.defineProperty(CheckInstance.prototype, "scope", {
|
|
31
|
-
get: function () {
|
|
32
|
-
return this.check.scope;
|
|
33
|
-
},
|
|
34
|
-
enumerable: false,
|
|
35
|
-
configurable: true
|
|
36
|
-
});
|
|
37
|
-
Object.defineProperty(CheckInstance.prototype, "enumerateScope", {
|
|
38
|
-
get: function () {
|
|
39
|
-
return this.check.rule.enumerateScope;
|
|
40
|
-
},
|
|
41
|
-
enumerable: false,
|
|
42
|
-
configurable: true
|
|
43
|
-
});
|
|
44
|
-
CheckInstance.prototype.filterEvent = function (event, appMapIndex) {
|
|
9
|
+
get checkId() {
|
|
10
|
+
return this.check.id;
|
|
11
|
+
}
|
|
12
|
+
get ruleId() {
|
|
13
|
+
return this.check.rule.id;
|
|
14
|
+
}
|
|
15
|
+
get title() {
|
|
16
|
+
return this.check.rule.title;
|
|
17
|
+
}
|
|
18
|
+
get scope() {
|
|
19
|
+
return this.check.scope;
|
|
20
|
+
}
|
|
21
|
+
get enumerateScope() {
|
|
22
|
+
return this.check.rule.enumerateScope;
|
|
23
|
+
}
|
|
24
|
+
filterEvent(event, appMapIndex) {
|
|
45
25
|
if (this.ruleLogic.where && !this.ruleLogic.where(event, appMapIndex)) {
|
|
46
26
|
if ((0, util_1.verbose)()) {
|
|
47
|
-
console.warn(
|
|
27
|
+
console.warn(`\t'where' clause is not satisifed.`);
|
|
48
28
|
}
|
|
49
29
|
return false;
|
|
50
30
|
}
|
|
51
31
|
if (this.check.includeEvent.length > 0 &&
|
|
52
|
-
!this.check.includeEvent.every(
|
|
32
|
+
!this.check.includeEvent.every((fn) => fn(event, appMapIndex))) {
|
|
53
33
|
if ((0, util_1.verbose)()) {
|
|
54
|
-
console.warn(
|
|
34
|
+
console.warn(`\t'includeEvent' clause is not satisifed.`);
|
|
55
35
|
}
|
|
56
36
|
return false;
|
|
57
37
|
}
|
|
58
|
-
if (this.check.excludeEvent.some(
|
|
38
|
+
if (this.check.excludeEvent.some((fn) => fn(event, appMapIndex))) {
|
|
59
39
|
if ((0, util_1.verbose)()) {
|
|
60
|
-
console.warn(
|
|
40
|
+
console.warn(`\t'excludeEvent' clause is not satisifed.`);
|
|
61
41
|
}
|
|
62
42
|
return false;
|
|
63
43
|
}
|
|
64
44
|
return true;
|
|
65
|
-
}
|
|
66
|
-
|
|
67
|
-
}());
|
|
45
|
+
}
|
|
46
|
+
}
|
|
68
47
|
exports.default = CheckInstance;
|
|
69
|
-
//# sourceMappingURL=checkInstance.js.map
|
package/built/cli/ci/command.js
CHANGED
|
@@ -8,76 +8,32 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
8
8
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
|
-
var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
12
|
-
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
|
|
13
|
-
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
|
14
|
-
function verb(n) { return function (v) { return step([n, v]); }; }
|
|
15
|
-
function step(op) {
|
|
16
|
-
if (f) throw new TypeError("Generator is already executing.");
|
|
17
|
-
while (_) try {
|
|
18
|
-
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
19
|
-
if (y = 0, t) op = [op[0] & 2, t.value];
|
|
20
|
-
switch (op[0]) {
|
|
21
|
-
case 0: case 1: t = op; break;
|
|
22
|
-
case 4: _.label++; return { value: op[1], done: false };
|
|
23
|
-
case 5: _.label++; y = op[1]; op = [0]; continue;
|
|
24
|
-
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
|
25
|
-
default:
|
|
26
|
-
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
|
27
|
-
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
|
28
|
-
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
|
29
|
-
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
|
30
|
-
if (t[2]) _.ops.pop();
|
|
31
|
-
_.trys.pop(); continue;
|
|
32
|
-
}
|
|
33
|
-
op = body.call(thisArg, _);
|
|
34
|
-
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
|
35
|
-
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
36
|
-
}
|
|
37
|
-
};
|
|
38
|
-
var __read = (this && this.__read) || function (o, n) {
|
|
39
|
-
var m = typeof Symbol === "function" && o[Symbol.iterator];
|
|
40
|
-
if (!m) return o;
|
|
41
|
-
var i = m.call(o), r, ar = [], e;
|
|
42
|
-
try {
|
|
43
|
-
while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);
|
|
44
|
-
}
|
|
45
|
-
catch (error) { e = { error: error }; }
|
|
46
|
-
finally {
|
|
47
|
-
try {
|
|
48
|
-
if (r && !r.done && (m = i["return"])) m.call(i);
|
|
49
|
-
}
|
|
50
|
-
finally { if (e) throw e.error; }
|
|
51
|
-
}
|
|
52
|
-
return ar;
|
|
53
|
-
};
|
|
54
11
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
55
12
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
56
13
|
};
|
|
57
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
var codeVersionArgs_1 = __importDefault(require("../codeVersionArgs"));
|
|
15
|
+
const glob_1 = require("glob");
|
|
16
|
+
const promises_1 = require("fs/promises");
|
|
17
|
+
const util_1 = require("util");
|
|
18
|
+
const configurationProvider_1 = require("../../configuration/configurationProvider");
|
|
19
|
+
const errors_1 = require("../../errors");
|
|
20
|
+
const util_2 = require("../../rules/lib/util");
|
|
21
|
+
const findings_1 = require("../../findings");
|
|
22
|
+
const findingsReport_1 = __importDefault(require("../../report/findingsReport"));
|
|
23
|
+
const summaryReport_1 = __importDefault(require("../../report/summaryReport"));
|
|
24
|
+
const resolveAppId_1 = __importDefault(require("../resolveAppId"));
|
|
25
|
+
const validateFile_1 = __importDefault(require("../validateFile"));
|
|
26
|
+
const upload_1 = __importDefault(require("../upload"));
|
|
27
|
+
const scanner_1 = __importDefault(require("../scan/scanner"));
|
|
28
|
+
const scanArgs_1 = __importDefault(require("../scanArgs"));
|
|
29
|
+
const updateCommitStatus_1 = __importDefault(require("../updateCommitStatus"));
|
|
30
|
+
const reportUploadURL_1 = __importDefault(require("../reportUploadURL"));
|
|
31
|
+
const fail_1 = __importDefault(require("../fail"));
|
|
32
|
+
const codeVersionArgs_1 = __importDefault(require("../codeVersionArgs"));
|
|
77
33
|
exports.default = {
|
|
78
34
|
command: 'ci',
|
|
79
35
|
describe: 'Scan AppMaps, report findings to AppMap Server, and update SCM status',
|
|
80
|
-
builder
|
|
36
|
+
builder(args) {
|
|
81
37
|
(0, scanArgs_1.default)(args);
|
|
82
38
|
(0, codeVersionArgs_1.default)(args);
|
|
83
39
|
args.option('fail', {
|
|
@@ -100,99 +56,48 @@ exports.default = {
|
|
|
100
56
|
});
|
|
101
57
|
return args.strict();
|
|
102
58
|
},
|
|
103
|
-
handler
|
|
104
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
case 11:
|
|
146
|
-
_b = __read.apply(void 0, [_c.sent(), 2]), rawScanResults = _b[0], findingStatuses = _b[1];
|
|
147
|
-
// Always report the raw data
|
|
148
|
-
return [4 /*yield*/, (0, promises_1.writeFile)(reportFile, JSON.stringify(rawScanResults, null, 2))];
|
|
149
|
-
case 12:
|
|
150
|
-
// Always report the raw data
|
|
151
|
-
_c.sent();
|
|
152
|
-
scanResults = rawScanResults.withFindings((0, findings_1.newFindings)(rawScanResults.findings, findingStatuses));
|
|
153
|
-
(0, findingsReport_1.default)(scanResults.findings, scanResults.appMapMetadata);
|
|
154
|
-
(0, summaryReport_1.default)(scanResults, true);
|
|
155
|
-
if (!doUpload) return [3 /*break*/, 14];
|
|
156
|
-
return [4 /*yield*/, (0, upload_1.default)(rawScanResults, appId, appmapDir, mergeKey, {
|
|
157
|
-
branch: branch,
|
|
158
|
-
commit: commit,
|
|
159
|
-
environment: environment,
|
|
160
|
-
}, {
|
|
161
|
-
maxRetries: 3,
|
|
162
|
-
})];
|
|
163
|
-
case 13:
|
|
164
|
-
uploadResponse = _c.sent();
|
|
165
|
-
(0, reportUploadURL_1.default)(uploadResponse.summary.numFindings, uploadResponse.url);
|
|
166
|
-
_c.label = 14;
|
|
167
|
-
case 14:
|
|
168
|
-
if (!updateCommitStatusOption) return [3 /*break*/, 16];
|
|
169
|
-
return [4 /*yield*/, (0, updateCommitStatus_1.default)(scanResults.findings.length, scanResults.summary.numChecks)];
|
|
170
|
-
case 15:
|
|
171
|
-
_c.sent();
|
|
172
|
-
_c.label = 16;
|
|
173
|
-
case 16:
|
|
174
|
-
if (failOption) {
|
|
175
|
-
(0, fail_1.default)(scanResults.findings.length);
|
|
176
|
-
}
|
|
177
|
-
return [3 /*break*/, 18];
|
|
178
|
-
case 17:
|
|
179
|
-
err_1 = _c.sent();
|
|
180
|
-
if (err_1 instanceof errors_1.ValidationError) {
|
|
181
|
-
console.warn(err_1.message);
|
|
182
|
-
return [2 /*return*/, process.exit(exitCode_1.ExitCode.ValidationError)];
|
|
183
|
-
}
|
|
184
|
-
if (err_1 instanceof errors_1.AbortError) {
|
|
185
|
-
return [2 /*return*/, process.exit(exitCode_1.ExitCode.AbortError)];
|
|
186
|
-
}
|
|
187
|
-
if (!util_2.verbose && err_1 instanceof Error) {
|
|
188
|
-
console.error(err_1.message);
|
|
189
|
-
return [2 /*return*/, process.exit(exitCode_1.ExitCode.RuntimeError)];
|
|
190
|
-
}
|
|
191
|
-
throw err_1;
|
|
192
|
-
case 18: return [2 /*return*/];
|
|
193
|
-
}
|
|
194
|
-
});
|
|
59
|
+
handler(options) {
|
|
60
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
61
|
+
let { appmapDir } = options;
|
|
62
|
+
const { config, verbose: isVerbose, fail: failOption, app: appIdArg, reportFile, upload: doUpload, updateCommitStatus: updateCommitStatusOption, mergeKey, commit, branch, environment, } = options;
|
|
63
|
+
if (isVerbose) {
|
|
64
|
+
(0, util_2.verbose)(true);
|
|
65
|
+
}
|
|
66
|
+
if (!appmapDir) {
|
|
67
|
+
appmapDir = yield (0, util_2.appmapDirFromConfig)();
|
|
68
|
+
}
|
|
69
|
+
if (!appmapDir) {
|
|
70
|
+
appmapDir = yield (0, util_2.appmapDirFromConfig)();
|
|
71
|
+
throw new errors_1.ValidationError('--appmap-dir is required');
|
|
72
|
+
}
|
|
73
|
+
yield (0, validateFile_1.default)('directory', appmapDir);
|
|
74
|
+
const appId = yield (0, resolveAppId_1.default)(appIdArg, appmapDir);
|
|
75
|
+
const glob = (0, util_1.promisify)(glob_1.glob);
|
|
76
|
+
const files = yield glob(`${appmapDir}/**/*.appmap.json`);
|
|
77
|
+
const configData = yield (0, configurationProvider_1.parseConfigFile)(config);
|
|
78
|
+
const scanner = yield (0, scanner_1.default)(false, configData, files);
|
|
79
|
+
const [rawScanResults, findingStatuses] = yield Promise.all([scanner.scan(), scanner.fetchFindingStatus(appIdArg, appmapDir)]);
|
|
80
|
+
// Always report the raw data
|
|
81
|
+
yield (0, promises_1.writeFile)(reportFile, JSON.stringify(rawScanResults, null, 2));
|
|
82
|
+
const scanResults = rawScanResults.withFindings((0, findings_1.newFindings)(rawScanResults.findings, findingStatuses));
|
|
83
|
+
(0, findingsReport_1.default)(scanResults.findings, scanResults.appMapMetadata);
|
|
84
|
+
(0, summaryReport_1.default)(scanResults, true);
|
|
85
|
+
if (doUpload) {
|
|
86
|
+
const uploadResponse = yield (0, upload_1.default)(rawScanResults, appId, appmapDir, mergeKey, {
|
|
87
|
+
branch,
|
|
88
|
+
commit,
|
|
89
|
+
environment,
|
|
90
|
+
}, {
|
|
91
|
+
maxRetries: 3,
|
|
92
|
+
});
|
|
93
|
+
(0, reportUploadURL_1.default)(uploadResponse.summary.numFindings, uploadResponse.url);
|
|
94
|
+
}
|
|
95
|
+
if (updateCommitStatusOption) {
|
|
96
|
+
yield (0, updateCommitStatus_1.default)(scanResults.findings.length, scanResults.summary.numChecks);
|
|
97
|
+
}
|
|
98
|
+
if (failOption) {
|
|
99
|
+
(0, fail_1.default)(scanResults.findings.length);
|
|
100
|
+
}
|
|
195
101
|
});
|
|
196
102
|
},
|
|
197
103
|
};
|
|
198
|
-
//# sourceMappingURL=command.js.map
|
package/built/cli/ci/options.js
CHANGED
package/built/cli/exitCode.js
CHANGED
package/built/cli/fail.js
CHANGED
|
@@ -3,11 +3,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
|
|
6
|
+
const yargs_1 = __importDefault(require("yargs"));
|
|
7
7
|
function fail(numFindings) {
|
|
8
8
|
if (numFindings > 0) {
|
|
9
|
-
yargs_1.default.exit(1, new Error(
|
|
9
|
+
yargs_1.default.exit(1, new Error(`${numFindings} findings`));
|
|
10
10
|
}
|
|
11
11
|
}
|
|
12
12
|
exports.default = fail;
|
|
13
|
-
//# sourceMappingURL=fail.js.map
|