@appland/scanner 1.59.1 → 1.61.0

package/CHANGELOG.md

@@ -1,3 +1,24 @@
+# [@appland/scanner-v1.61.0](https://github.com/applandinc/appmap-js/compare/@appland/scanner-v1.60.0...@appland/scanner-v1.61.0) (2022-07-11)
+
+
+### Features
+
+* Add participating events to each finding ([f3e8033](https://github.com/applandinc/appmap-js/commit/f3e80332833ec3305ef530d89b12763781a8c85b))
+
+# [@appland/scanner-v1.60.0](https://github.com/applandinc/appmap-js/compare/@appland/scanner-v1.59.2...@appland/scanner-v1.60.0) (2022-06-30)
+
+
+### Features
+
+* pass down impactDomain from Rule to Finding ([8755041](https://github.com/applandinc/appmap-js/commit/875504183a8517fec316b5f188d269de053ceef8))
+
+# [@appland/scanner-v1.59.2](https://github.com/applandinc/appmap-js/compare/@appland/scanner-v1.59.1...@appland/scanner-v1.59.2) (2022-06-29)
+
+
+### Bug Fixes
+
+* Use absolute paths when creating watchers ([afc81e0](https://github.com/applandinc/appmap-js/commit/afc81e03f1e5004288acda75c89bb61a1857c462))
+
 # [@appland/scanner-v1.59.1](https://github.com/applandinc/appmap-js/compare/@appland/scanner-v1.59.0...@appland/scanner-v1.59.1) (2022-06-15)
 
 

package/built/analyzer/recordSecrets.js

@@ -14,7 +14,7 @@ function default_1(secrets, e) {
         if ((0, util_1.verbose)()) {
             console.warn(`Secret generated: ${secret}`);
         }
-        secrets.add(secret);
+        secrets.push({ generatorEvent: e, value: secret });
     }
 }
 exports.default = default_1;

package/built/check.js

@@ -14,6 +14,8 @@ class Check {
         this.excludeScope = [];
         this.includeEvent = [];
         this.excludeEvent = [];
+        //TODO: Create Default value for impact domain
+        this.impactDomain = rule.impactDomain;
     }
     filterScope(event, appMapIndex) {
         if (this.includeScope.length > 0 && !this.includeScope.every((fn) => fn(event, appMapIndex))) {

package/built/checkInstance.js

@@ -6,6 +6,9 @@ class CheckInstance {
         this.check = check;
         this.ruleLogic = check.rule.build(check.options || {});
     }
+    get checkImpactDomain() {
+        return this.check.impactDomain;
+    }
     get checkId() {
         return this.check.id;
     }

package/built/cli/scan/watchScan.js

@@ -44,6 +44,7 @@ const fs_1 = require("fs");
 const util_1 = require("util");
 const configurationProvider_1 = require("../../configuration/configurationProvider");
 const assert_1 = __importDefault(require("assert"));
+const path_1 = __importDefault(require("path"));
 class Watcher {
     constructor(options) {
         this.options = options;
@@ -57,10 +58,14 @@ class Watcher {
             this.configWatcher
                 .on('add', this.reloadConfig.bind(this))
                 .on('change', this.reloadConfig.bind(this));
-            this.appmapWatcher = chokidar.watch(`${this.options.appmapDir}/**/mtime`, {
+            // Chokidar struggles with relative paths. Make sure the watch pattern is absolute.
+            const watchPattern = path_1.default.resolve(this.options.appmapDir, '**', 'mtime');
+            this.appmapWatcher = chokidar.watch(watchPattern, {
                 ignoreInitial: true,
             });
-            this.appmapWatcher.on('add', this.scan.bind(this)).on('change', this.scan.bind(this));
+            this.appmapWatcher
+                .on('add', (filePath) => this.scan(filePath))
+                .on('change', (filePath) => this.scan(filePath));
         });
     }
     close() {

package/built/ruleChecker.js

@@ -94,8 +94,9 @@ class RuleChecker {
             if (!checkInstance.filterEvent(event, appMapIndex)) {
                 return;
             }
-            const buildFinding = (matchEvent, message, groupMessage, occurranceCount, 
-            // matchEvent will be added to additionalEvents to create the relatedEvents array
+            const buildFinding = (matchEvent, participatingEvents, message, groupMessage, occurranceCount, 
+            // matchEvent will be added to additionalEvents and participatingEvents.values
+            // to create the relatedEvents array
             additionalEvents) => {
                 const findingEvent = matchEvent || event;
                 // Fixes:
@@ -118,12 +119,19 @@ class RuleChecker {
                         return;
                     }
                     uniqueEvents.add(event.id);
-                    relatedEvents.push(event);
+                    relatedEvents.push((0, eventUtil_1.cloneEvent)(event));
                 });
                 // Update event hash with unique hashes of related events
                 new Set(relatedEvents.map((e) => e.hash)).forEach((eventHash) => {
                     hash.update(eventHash);
                 });
+                Object.values(participatingEvents).forEach((event) => {
+                    if (uniqueEvents.has(event.id)) {
+                        return;
+                    }
+                    uniqueEvents.add(event.id);
+                    relatedEvents.push((0, eventUtil_1.cloneEvent)(event));
+                });
                 return {
                     appMapFile,
                     checkId: checkInstance.checkId,
@@ -137,6 +145,8 @@ class RuleChecker {
                     groupMessage,
                     occurranceCount,
                     relatedEvents: relatedEvents.sort((event) => event.id),
+                    impactDomain: checkInstance.checkImpactDomain,
+                    participatingEvents: Object.fromEntries(Object.entries(participatingEvents).map(([k, v]) => [k, (0, eventUtil_1.cloneEvent)(v)])),
                 };
             };
             const matchResult = yield checkInstance.ruleLogic.matcher(event, appMapIndex, checkInstance.filterEvent.bind(checkInstance));
@@ -145,21 +155,21 @@ class RuleChecker {
                 let finding;
                 if (checkInstance.ruleLogic.message) {
                     const message = checkInstance.ruleLogic.message(scope, event);
-                    finding = buildFinding(event, message);
+                    finding = buildFinding(event, {}, message);
                 }
                 else {
-                    finding = buildFinding(event);
+                    finding = buildFinding(event, {});
                 }
                 findings.push(finding);
             }
             else if (typeof matchResult === 'string') {
-                const finding = buildFinding(event, matchResult);
+                const finding = buildFinding(event, {}, matchResult);
                 finding.message = matchResult;
                 findings.push(finding);
             }
             else if (matchResult) {
                 matchResult.forEach((mr) => {
-                    const finding = buildFinding(mr.event, mr.message, mr.groupMessage, mr.occurranceCount, mr.relatedEvents);
+                    const finding = buildFinding(mr.event, mr.participatingEvents || {}, mr.message, mr.groupMessage, mr.occurranceCount, mr.relatedEvents);
                     findings.push(finding);
                 });
             }

package/built/rules/circularDependency.js

@@ -173,13 +173,14 @@ function build(options) {
             .map((cycle) => searchForCycle(cycle, ignoredPackages))
             .filter((path) => path)
             .map((path) => {
+            path = path;
             return {
                 event: path[0],
                 message: [
                     'Cycle in package dependency graph',
                     path.map((event) => event.codeObject.packageOf).join(' -> '),
                 ].join(': '),
-                relatedEvents: path,
+                participatingEvents: Object.fromEntries(path.map((event, index) => [`path[${index}]`, event])),
             };
         });
     }

package/built/rules/illegalPackageDependency.js

@@ -19,18 +19,21 @@ function build(options) {
         return !!e.parent && !!e.parent.codeObject.packageOf && calleePattern(e.codeObject.packageOf);
     }
     function matcher(e) {
+        const parent = e.parent;
+        if (!parent)
+            return;
         const packageNamesStr = options.callerPackages
             .map((config) => config.equal || config.include || config.match)
             .map(String)
             .join(' or ');
-        const parentPackage = e.parent.codeObject.packageOf;
+        const parentPackage = parent.codeObject.packageOf;
         if (!(e.codeObject.packageOf === parentPackage ||
             callerPatterns.some((pattern) => pattern(parentPackage)))) {
             return [
                 {
                     event: e,
                     message: `Code object ${e.codeObject.id} was invoked from ${parentPackage}, not from ${packageNamesStr}`,
-                    relatedEvents: [e.parent],
+                    participatingEvents: { parent },
                 },
             ];
         }

package/built/rules/insecureCompare.js

@@ -8,7 +8,8 @@ const recordSecrets_1 = __importDefault(require("../analyzer/recordSecrets"));
 const secretsRegexes_1 = require("../analyzer/secretsRegexes");
 const parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
 const BCRYPT_REGEXP = /^[$]2[abxy]?[$](?:0[4-9]|[12][0-9]|3[01])[$][./0-9a-zA-Z]{53}$/;
-const secrets = new Set();
+const secrets = [];
+const secretStrings = new Set();
 function stringEquals(e) {
     if (!e.parameters || !e.receiver || e.parameters.length !== 1) {
         return false;
@@ -18,7 +19,7 @@ function stringEquals(e) {
         return BCRYPT_REGEXP.test(str);
     }
     function isSecret(str) {
-        return secrets.has(str) || (0, secretsRegexes_1.looksSecret)(str);
+        return secretStrings.has(str) || (0, secretsRegexes_1.looksSecret)(str);
     }
     // BCrypted strings are safe to compare using equals()
     return args.some(isSecret) && !args.some(isBcrypt);
@@ -26,7 +27,12 @@ function stringEquals(e) {
 function build() {
     function matcher(e) {
         if (e.codeObject.labels.has(Secret)) {
+            const numSecrets = secrets.length;
             (0, recordSecrets_1.default)(secrets, e);
+            for (let index = numSecrets; index < secrets.length; index++) {
+                const secret = secrets[index];
+                secretStrings.add(secret.value);
+            }
         }
         if (e.codeObject.labels.has(StringEquals)) {
             return stringEquals(e);

package/built/rules/jobNotCancelled.js

@@ -18,14 +18,11 @@ function build() {
         const missing = creationEvents.length - cancellationEvents.length;
         if (missing === 0)
             return;
-        const result = {
-            event: event,
-            message: `${missing} jobs created but not cancelled in this rolled back transaction`,
-            // if there's a mismatch and there are cancellations we can't tell
-            // for sure which creations they match, so return everything
-            relatedEvents: [...creationEvents, ...cancellationEvents],
-        };
-        return [result];
+        return creationEvents.map((jobCreationEvent) => ({
+            event: jobCreationEvent,
+            message: `Job created by ${jobCreationEvent.codeObject.prettyName} was not cancelled when the enclosing transaction rolled back`,
+            participatingEvents: { beginTransaction: event },
+        }));
     }
     return {
         matcher,

package/built/rules/nPlusOneQuery.js

@@ -43,6 +43,7 @@ function build(options) {
                             groupMessage: sql,
                             occurranceCount: occurranceCount,
                             relatedEvents: events.map((e) => e.event),
+                            participatingEvents: { commonAncestor: ancestor },
                         };
                     };
                     if (occurranceCount >= options.errorLimit) {

package/built/rules/queryFromInvalidPackage.js

@@ -18,12 +18,15 @@ function build(options) {
     const allowedPackages = (0, matchPattern_1.buildFilters)(options.allowedPackages);
     const allowedQueries = (0, matchPattern_1.buildFilters)(options.allowedQueries);
     function matcher(e) {
-        if (!allowedPackages.some((filter) => filter(e.parent.codeObject.packageOf))) {
+        if (!e.parent)
+            return;
+        const parent = e.parent;
+        if (!allowedPackages.some((filter) => filter(parent.codeObject.packageOf))) {
             return [
                 {
                     event: e,
-                    message: `${e.codeObject.id} is invoked from illegal package ${e.parent.codeObject.packageOf}`,
-                    relatedEvents: [e.parent],
+                    message: `${e.codeObject.id} is invoked from illegal package ${parent.codeObject.packageOf}`,
+                    participatingEvents: { parent: parent },
                 },
             ];
         }

package/built/rules/secretInLog.js

@@ -32,12 +32,19 @@ const recordSecrets_1 = __importDefault(require("../analyzer/recordSecrets"));
 const url_1 = require("url");
 const parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
 class Match {
-    constructor(pattern, value) {
+    constructor(pattern, value, generatorEvent) {
         this.pattern = pattern;
         this.value = value;
+        this.generatorEvent = generatorEvent;
+    }
+    static fromPattern(pattern, value) {
+        return new Match(pattern, value);
+    }
+    static fromSecret(secret, value) {
+        return new Match(secret.value, value, secret.generatorEvent);
     }
 }
-const secrets = new Set();
+const secrets = [];
 const findInLog = (event) => {
     if (!event.parameters)
         return;
@@ -45,24 +52,32 @@ const findInLog = (event) => {
     for (const { value } of event.parameters) {
         if ((0, util_1.emptyValue)(value))
             continue;
-        const patterns = [];
         if ((0, secretsRegexes_1.looksSecret)(value)) {
             // Only look for the exact matching regexes if it matches the catchall regex
-            patterns.push(...Object.values(secretsRegexes_1.default)
+            matches.push(...Object.values(secretsRegexes_1.default)
                 .flat()
-                .filter((re) => re.test(value)));
+                .filter((re) => re.test(value))
+                .map((re) => Match.fromPattern(re, value)));
         }
         for (const secret of secrets) {
-            if (value.includes(secret))
-                patterns.push(secret);
+            if (value.includes(secret.value)) {
+                matches.push(Match.fromSecret(secret, value));
+            }
         }
-        matches.push(...patterns.map((pattern) => new Match(pattern, value)));
     }
     if (matches.length > 0) {
-        return matches.map((match) => ({
-            event,
-            message: `Log event contains secret data: ${match.value}`,
-        }));
+        return matches.map((match) => {
+            const { pattern, value } = match;
+            const participatingEvents = { logEvent: event };
+            if (match.generatorEvent) {
+                participatingEvents.generatorEvent = match.generatorEvent;
+            }
+            return {
+                event,
+                message: `Log message contains secret ${match.generatorEvent ? match.generatorEvent.codeObject.prettyName || 'data' : 'data'} "${pattern}": ${value}`,
+                participatingEvents,
+            };
+        });
     }
 };
 function build() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@appland/scanner",
-  "version": "1.59.1",
+  "version": "1.61.0",
   "description": "",
   "bin": "built/cli.js",
   "files": [