@appland/scanner 1.66.0 → 1.69.0

package/built/cli/scan/ui/state/hitBreakpoint.js

@@ -0,0 +1,68 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const userInteraction_1 = __importDefault(require("../userInteraction"));
+const initial_1 = __importDefault(require("./initial"));
+function hitBreakpoint(context) {
+    var _a, _b;
+    return __awaiter(this, void 0, void 0, function* () {
+        const choices = {
+            'show hints': 'hint',
+            'evaluate expression': 'eval',
+            'add breakpoint': 'addBreakpoint',
+            continue: 'scan',
+            quit: null,
+        };
+        userInteraction_1.default.progress(`In breakpoint: ${context.breakpoint}`);
+        if (context.progress.appMapFileName) {
+            const line = context.progress.appMapFileName;
+            const eventId = ((_a = context.progress.event) === null || _a === void 0 ? void 0 : _a.id) || ((_b = context.progress.scope) === null || _b === void 0 ? void 0 : _b.id);
+            userInteraction_1.default.progress([line, eventId].filter(Boolean).join(':'));
+        }
+        const { action: actionName } = yield userInteraction_1.default.prompt({
+            name: 'action',
+            type: 'list',
+            message: 'Choose action:',
+            choices: Object.keys(choices),
+        });
+        const action = choices[actionName];
+        if (!action)
+            return initial_1.default;
+        return (yield Promise.resolve().then(() => __importStar(require(`./${action}`)))).default;
+    });
+}
+exports.default = hitBreakpoint;

package/built/cli/scan/ui/state/initial.js

@@ -0,0 +1,58 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const userInteraction_1 = __importDefault(require("../userInteraction"));
+function initial(_context) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const choices = {
+            'add breakpoint': 'addBreakpoint',
+            'run scan': 'scan',
+            quit: null,
+        };
+        const { action: actionName } = yield userInteraction_1.default.prompt({
+            name: 'action',
+            type: 'list',
+            message: 'How would you like to proceed?:',
+            choices: Object.keys(choices),
+        });
+        const action = choices[actionName];
+        if (!action)
+            return;
+        return (yield Promise.resolve().then(() => __importStar(require(`./${action}`)))).default;
+    });
+}
+exports.default = initial;

package/built/cli/scan/ui/state/scan.js

@@ -0,0 +1,33 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const hitBreakpoint_1 = __importDefault(require("./hitBreakpoint"));
+const initial_1 = __importDefault(require("./initial"));
+function scan(context) {
+    return __awaiter(this, void 0, void 0, function* () {
+        return new Promise((resolve) => {
+            context.on('breakpoint', (breakpoint) => {
+                context.removeAllListeners();
+                context.breakpoint = breakpoint;
+                resolve(hitBreakpoint_1.default);
+            });
+            context.on('complete', () => {
+                context.removeAllListeners();
+                resolve(initial_1.default);
+            });
+            context.scan();
+        });
+    });
+}
+exports.default = scan;

package/built/cli/scan/ui/state.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/built/cli/scan/ui/userInteraction.js

@@ -0,0 +1,97 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserInteraction = void 0;
+const inquirer_1 = __importDefault(require("inquirer"));
+const ora_1 = __importDefault(require("ora"));
+const boxen_1 = __importDefault(require("boxen"));
+const util_1 = require("../../../rules/lib/util");
+// KEG: Sorry, copied from packages/cli/src/cmds/userInteraction.ts
+class UserInteraction {
+    constructor() {
+        this.spinner = (0, ora_1.default)();
+    }
+    prompt(questions, opts) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const wasSpinning = this.spinner.isSpinning;
+            if (wasSpinning) {
+                this.spinner.stop();
+                this.spinner.clear();
+            }
+            const result = yield inquirer_1.default.prompt(questions);
+            if (wasSpinning && !(opts === null || opts === void 0 ? void 0 : opts.supressSpinner)) {
+                this.spinner.start();
+            }
+            return result;
+        });
+    }
+    continue(msg) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield inquirer_1.default.prompt({ type: 'input', name: 'confirm', message: msg });
+        });
+    }
+    confirm(msg) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { confirm } = yield inquirer_1.default.prompt({
+                type: 'confirm',
+                name: 'confirm',
+                message: msg,
+            });
+            return confirm;
+        });
+    }
+    progress(msg) {
+        console.log(msg);
+    }
+    success(msg, align = 'center') {
+        if (this.spinner.isSpinning) {
+            this.spinner.succeed();
+        }
+        if (msg) {
+            console.log((0, boxen_1.default)(msg, {
+                padding: 1,
+                margin: 1,
+                borderStyle: 'round',
+                textAlignment: align,
+            }));
+        }
+    }
+    error(msg) {
+        if (this.spinner.isSpinning) {
+            this.spinner.fail();
+        }
+        if (msg) {
+            console.error('');
+            console.error(msg);
+        }
+    }
+    warn(msg) {
+        console.error(msg);
+    }
+    get status() {
+        return this.spinner.text;
+    }
+    set status(value) {
+        if (this.spinner.isSpinning) {
+            this.spinner.succeed();
+        }
+        this.spinner.text = value;
+        if (!this.spinner.isSpinning && !(0, util_1.verbose)()) {
+            this.spinner.start();
+        }
+    }
+}
+exports.UserInteraction = UserInteraction;
+const UI = new UserInteraction();
+exports.default = UI;

package/built/configuration/configurationProvider.js

@@ -83,7 +83,7 @@ function loadFromDir(ruleName) {
         if ((0, util_1.verbose)())
             console.log(`Loaded rule ${ruleName}: ${rule}`);
         try {
-            options = yield Promise.resolve().then(() => __importStar(require(`../rules/${ruleName}/options`)));
+            options = (yield Promise.resolve().then(() => __importStar(require(`../rules/${ruleName}/options`)))).default;
             if ((0, util_1.verbose)())
                 console.log(`Loaded rule ${ruleName} options: ${options}`);
         }

package/built/database/index.js

@@ -126,14 +126,27 @@ function* sqlStrings(event, appMapIndex, filter = () => true) {
     }
 }
 exports.sqlStrings = sqlStrings;
-function countJoins(ast) {
+function countJoins(ast, filterTable) {
     if (!ast)
         return 0;
     let joins = 0;
     (0, visit_1.visit)(ast, {
         'map.join': (node) => {
             var _a;
-            joins += ((_a = node.map) !== null && _a !== void 0 ? _a : []).length;
+            const map = (_a = node.map) !== null && _a !== void 0 ? _a : [];
+            const tableCount = filterTable
+                ? map.filter((entry) => {
+                    const source = entry === null || entry === void 0 ? void 0 : entry.source;
+                    if (!source)
+                        return true;
+                    if (source.type !== 'identifier')
+                        return true;
+                    if (source.variant !== 'table')
+                        return true;
+                    return filterTable(source);
+                }).length
+                : map.length;
+            joins += tableCount;
         },
     });
     return joins;

package/built/progressReporter.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/built/ruleChecker.js

@@ -24,7 +24,8 @@ const eventUtil_1 = require("./eventUtil");
 const hashV1_1 = __importDefault(require("./algorithms/hash/hashV1"));
 const hashV2_1 = __importDefault(require("./algorithms/hash/hashV2"));
 class RuleChecker {
-    constructor() {
+    constructor(progress) {
+        this.progress = progress;
         this.scopes = {
             root: new rootScope_1.default(),
             command: new commandScope_1.default(),
@@ -33,15 +34,14 @@ class RuleChecker {
             transaction: new sqlTransactionScope_1.default(),
         };
     }
-    check(appMapFile, appMapIndex, check, findings) {
+    check(appMapFileName, appMapIndex, check, findings) {
         return __awaiter(this, void 0, void 0, function* () {
-            const scope = check.scope;
             if ((0, util_1.verbose)()) {
-                console.warn(`Checking AppMap ${appMapIndex.appMap.name} with scope ${scope}`);
+                console.warn(`Checking AppMap ${appMapIndex.appMap.name} with scope ${check.scope}`);
             }
-            const scopeIterator = this.scopes[scope];
+            const scopeIterator = this.scopes[check.scope];
             if (!scopeIterator) {
-                throw new errors_1.AbortError(`Invalid scope name "${scope}"`);
+                throw new errors_1.AbortError(`Invalid scope name "${check.scope}"`);
             }
             const callEvents = function* () {
                 const events = appMapIndex.appMap.events;
@@ -53,22 +53,28 @@ class RuleChecker {
                 if ((0, util_1.verbose)()) {
                     console.warn(`Scope ${scope.scope}`);
                 }
+                if (this.progress)
+                    yield this.progress.filterScope(check.scope, scope.scope);
                 const checkInstance = new checkInstance_1.default(check);
                 if (!check.filterScope(scope.scope, appMapIndex)) {
                     continue;
                 }
+                if (this.progress)
+                    yield this.progress.enterScope(scope.scope);
                 if (checkInstance.enumerateScope) {
                     for (const event of scope.events()) {
-                        yield this.checkEvent(event, scope.scope, appMapFile, appMapIndex, checkInstance, findings);
+                        yield this.checkEvent(event, scope.scope, appMapFileName, appMapIndex, checkInstance, findings);
                     }
                 }
                 else {
-                    yield this.checkEvent(scope.scope, scope.scope, appMapFile, appMapIndex, checkInstance, findings);
+                    yield this.checkEvent(scope.scope, scope.scope, appMapFileName, appMapIndex, checkInstance, findings);
                 }
+                if (this.progress)
+                    yield this.progress.leaveScope();
             }
         });
     }
-    checkEvent(event, scope, appMapFile, appMapIndex, checkInstance, findings) {
+    checkEvent(event, scope, appMapFileName, appMapIndex, checkInstance, findings) {
         return __awaiter(this, void 0, void 0, function* () {
             if (!event.isCall()) {
                 return;
@@ -82,6 +88,8 @@ class RuleChecker {
                 }
                 return;
             }
+            if (this.progress)
+                yield this.progress.filterEvent(event);
             if (!checkInstance.filterEvent(event, appMapIndex)) {
                 return;
             }
@@ -117,7 +125,7 @@ class RuleChecker {
                     relatedEvents.push((0, eventUtil_1.cloneEvent)(event));
                 });
                 return {
-                    appMapFile,
+                    appMapFile: appMapFileName,
                     checkId: checkInstance.checkId,
                     ruleId: checkInstance.ruleId,
                     ruleTitle: checkInstance.title,
@@ -134,7 +142,11 @@ class RuleChecker {
                     participatingEvents: Object.fromEntries(Object.entries(participatingEvents).map(([k, v]) => [k, (0, eventUtil_1.cloneEvent)(v)])),
                 };
             };
+            if (this.progress)
+                yield this.progress.matchEvent(event, appMapIndex);
             const matchResult = yield checkInstance.ruleLogic.matcher(event, appMapIndex, checkInstance.filterEvent.bind(checkInstance));
+            if (this.progress)
+                yield this.progress.matchResult(event, matchResult);
             const numFindings = findings.length;
             if (matchResult === true) {
                 let finding;

package/built/rules/deserializationOfUntrustedData.js

@@ -3,46 +3,62 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const models_1 = require("@appland/models");
 const url_1 = require("url");
 const parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
-const precedingEvents_1 = __importDefault(require("./lib/precedingEvents"));
-const sanitizesData_1 = __importDefault(require("./lib/sanitizesData"));
-function allArgumentsSanitized(rootEvent, event) {
-    return (event.parameters || [])
-        .filter((parameter) => parameter.object_id)
-        .every((parameter) => {
-        for (const candidate of (0, precedingEvents_1.default)(rootEvent, event)) {
-            if ((0, sanitizesData_1.default)(candidate.event, parameter.object_id, DeserializeSanitize)) {
-                return true;
-            }
-        }
-        return false;
-    });
+const analyzeDataFlow_1 = __importDefault(require("./lib/analyzeDataFlow"));
+function valueHistory(value) {
+    const events = [];
+    const queue = [value];
+    for (;;) {
+        const current = queue.shift();
+        if (!current)
+            break;
+        const { origin, parents } = current;
+        if (!events.includes(origin))
+            events.push(origin);
+        queue.push(...parents);
+    }
+    return events;
+}
+function wasSanitized(value) {
+    return valueHistory(value).some(({ labels }) => labels.has(DeserializeSanitize));
 }
-function build() {
-    function matcher(rootEvent) {
-        for (const event of new models_1.EventNavigator(rootEvent).descendants()) {
-            // events: //*[@authorization && truthy?(returnValue) && not(preceding::*[@authentication]) && not(descendant::*[@authentication])]
-            if (event.event.labels.has(DeserializeUnsafe) &&
-                !event.event.ancestors().find((ancestor) => ancestor.labels.has(DeserializeSafe))) {
-                if (allArgumentsSanitized(rootEvent, event.event)) {
-                    return;
-                }
-                else {
-                    return [
-                        {
-                            event: event.event,
-                            message: `${event.event} deserializes untrusted data`,
-                        },
-                    ];
-                }
+function formatHistories(values) {
+    const histories = values.map(valueHistory);
+    return Object.fromEntries(histories.flatMap((history, input) => history.map((event, idx) => [`origin[${input}][${idx}]`, event])));
+}
+function label(name) {
+    return ({ labels }) => labels.has(name);
+}
+function matcher(startEvent) {
+    const flow = (0, analyzeDataFlow_1.default)([...(startEvent.message || [])], startEvent);
+    const results = [];
+    const sanitizedValues = new Set();
+    for (const [event, values] of flow) {
+        if (event.labels.has(DeserializeSanitize)) {
+            for (const v of values)
+                sanitizedValues.add(v);
+            continue;
+        }
+        if (!event.labels.has(DeserializeUnsafe))
+            continue;
+        const unsanitized = new Set(values.filter((v) => !(wasSanitized(v) || sanitizedValues.has(v))));
+        // remove any that have been passed into a safe deserialization function
+        for (const ancestor of event.ancestors().filter(label(DeserializeSafe))) {
+            for (const v of flow.get(ancestor) || []) {
+                unsanitized.delete(v);
             }
         }
+        const remaining = [...unsanitized];
+        if (remaining.length === 0)
+            continue;
+        results.push({
+            event: event,
+            message: `deserializes untrusted data: ${remaining.map(({ value: { value } }) => value)}`,
+            participatingEvents: formatHistories(remaining),
+        });
     }
-    return {
-        matcher,
-    };
+    return results;
 }
 const DeserializeUnsafe = 'deserialize.unsafe';
 const DeserializeSafe = 'deserialize.safe';
@@ -53,11 +69,12 @@ exports.default = {
     labels: [DeserializeUnsafe, DeserializeSafe, DeserializeSanitize],
     impactDomain: 'Security',
     enumerateScope: false,
+    scope: 'http_server_request',
     references: {
         'CWE-502': new url_1.URL('https://cwe.mitre.org/data/definitions/502.html'),
         'Ruby Security': new url_1.URL('https://docs.ruby-lang.org/en/3.0/doc/security_rdoc.html'),
     },
     description: (0, parseRuleDescription_1.default)('deserializationOfUntrustedData'),
     url: 'https://appland.com/docs/analysis/rules-reference.html#deserialization-of-untrusted-data',
-    build,
+    build: () => ({ matcher }),
 };

package/built/rules/lib/analyzeDataFlow.js

@@ -0,0 +1,80 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+function matches(template, value) {
+    if (template.object_id && template.object_id === value.object_id)
+        return true;
+    if (template.value && template.value === value.value)
+        return true;
+    return false;
+}
+class Matcher {
+    constructor(root, data) {
+        this.tracked = new Map();
+        for (const value of data)
+            this.add(value, root, []);
+    }
+    add(value, origin, parents) {
+        if (isPrimitive(value))
+            return;
+        this.tracked.set(value, { value, origin, parents });
+    }
+    match(value) {
+        if (isPrimitive(value))
+            return null;
+        for (const [probe, history] of this.tracked) {
+            if (matches(probe, value))
+                return history;
+        }
+        return null;
+    }
+    matches(values) {
+        return compact(values.map(this.match.bind(this)));
+    }
+}
+function isPrimitive(value) {
+    // we don't want to record any nulls,
+    // booleans or small strings and numbers
+    return !value.value || value.value.length < 6;
+}
+function isNotNullOrUndefined(x) {
+    return x !== undefined && x !== null;
+}
+function compact(x) {
+    return x.filter(isNotNullOrUndefined);
+}
+/**
+ * Tracks flow of data across the execution trace, identifying all function
+ * calls which have a tracked object as its receiver or one of the parameters.
+ * Any value such a function returns will also then become tracked.
+ * The origin chain of all values is recorded, so full provenience up to
+ * the starting set can be reconstructed.
+ * @param trackedData Initial data to track.
+ * @param startEvent The root event of the analysis.
+ * @returns Events which have a tracked piece of data as an input, each
+ * associated with the list of such inputs.
+ */
+function analyzeDataFlow(trackedData, startEvent) {
+    const matcher = new Matcher(startEvent, trackedData);
+    const events = new Map([
+        [startEvent, matcher.matches(trackedData)],
+    ]);
+    startEvent.traverse({
+        onEnter(event) {
+            const inputs = compact([...(event.parameters || []), event.receiver]);
+            const matches = matcher.matches(inputs);
+            if (matches.length === 0)
+                return;
+            events.set(event, matches);
+        },
+        onExit({ callEvent, returnValue }) {
+            if (!returnValue)
+                return;
+            const parents = events.get(callEvent);
+            if (!parents)
+                return;
+            matcher.add(returnValue, callEvent, parents);
+        },
+    });
+    return events;
+}
+exports.default = analyzeDataFlow;

package/built/rules/lib/parseRuleDescription.js

@@ -7,7 +7,10 @@ const fs_1 = __importDefault(require("fs"));
 const path_1 = require("path");
 const util_1 = require("./util");
 function parseRuleDescription(id) {
-    const content = fs_1.default.readFileSync((0, path_1.join)(__dirname, `../../../doc/rules/${(0, util_1.dasherize)(id)}.md`), 'utf-8');
+    const docPath = (0, path_1.join)(__dirname, `../../../doc/rules/${(0, util_1.dasherize)(id)}.md`);
+    if (!fs_1.default.existsSync(docPath))
+        return `No doc exists for rule ${id}`;
+    const content = fs_1.default.readFileSync(docPath, 'utf-8');
     const propertiesContent = content.match(/---\n((?:.*\n)+)---\n((?:.*\n)+?)##?#?/);
     if (!propertiesContent) {
         // This is probably a new doc that doesn't have front matter yet.

package/built/rules/lib/util.js

@@ -1,7 +1,37 @@
 "use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verbose = exports.toRegExpArray = exports.responseContentType = exports.toRegExp = exports.providesAuthentication = exports.pluralize = exports.dasherize = exports.camelize = exports.parseValue = exports.isRoot = exports.ideLink = exports.isTruthy = exports.isFalsey = exports.emptyValue = exports.capitalize = exports.appMapDir = void 0;
+exports.verbose = exports.toRegExpArray = exports.responseContentType = exports.toRegExp = exports.providesAuthentication = exports.pluralize = exports.dasherize = exports.camelize = exports.parseValue = exports.isRoot = exports.ideLink = exports.isTruthy = exports.isFalsey = exports.emptyValue = exports.capitalize = exports.appMapDir = exports.collectAppMapFiles = void 0;
 const path_1 = require("path");
+const util_1 = require("util");
+const glob_1 = require("glob");
+const assert_1 = __importDefault(require("assert"));
+function collectAppMapFiles(appmapFile, appmapDir) {
+    return __awaiter(this, void 0, void 0, function* () {
+        let files = [];
+        if (appmapDir) {
+            const glob = (0, util_1.promisify)(glob_1.glob);
+            files = yield glob(`${appmapDir}/**/*.appmap.json`);
+        }
+        else {
+            (0, assert_1.default)(appmapFile, 'Either appmapDir or appmapFile is required');
+            files = typeof appmapFile === 'string' ? [appmapFile] : appmapFile;
+        }
+        return files;
+    });
+}
+exports.collectAppMapFiles = collectAppMapFiles;
 let isVerbose = false;
 function verbose(v = null) {
     if (v === true || v === false) {
@@ -71,7 +101,7 @@ exports.parseValue = parseValue;
 const isTruthy = (valueObj) => !isFalsey(valueObj);
 exports.isTruthy = isTruthy;
 function providesAuthentication(event, label) {
-    return event.returnValue && event.labels.has(label) && isTruthy(event.returnValue);
+    return !!event.returnValue && event.labels.has(label) && isTruthy(event.returnValue);
 }
 exports.providesAuthentication = providesAuthentication;
 function ideLink(filePath, ide, eventId) {

package/built/rules/too-many-joins/metadata.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = {
+    title: 'Too many joins',
+    enumerateScope: false,
+    impactDomain: 'Performance',
+    references: {
+        'CWE-1049': 'https://cwe.mitre.org/data/definitions/1049.html',
+    },
+};