@appland/scanner 1.82.1 → 1.83.1

package/built/cli/scan.d.ts

@@ -0,0 +1,9 @@
+import { Metadata } from '@appland/models';
+import Check from '../check';
+import { Finding } from '../index';
+declare type Result = {
+    appMapMetadata: Record<string, Metadata>;
+    findings: Finding[];
+};
+export default function scan(files: string[], checks: Check[], skipErrors?: boolean): Promise<Result>;
+export {};

package/built/cli/scanArgs.d.ts

@@ -0,0 +1,2 @@
+import { Argv } from 'yargs';
+export default function (args: Argv): void;

package/built/cli/scanOptions.d.ts

@@ -0,0 +1,9 @@
+export default interface ScanOptions {
+    app?: string;
+    apiKey?: string;
+    directory?: string;
+    appmapDir?: string;
+    config: string;
+    reportFile: string;
+    verbose?: boolean;
+}

package/built/cli/updateCommitStatus.d.ts

@@ -0,0 +1 @@
+export default function updateCommitStatus(numFindings: number, numChecks: number): Promise<void>;

package/built/cli/upload/command.d.ts

@@ -0,0 +1,8 @@
+import { Arguments, Argv } from 'yargs';
+declare const _default: {
+    command: string;
+    describe: string;
+    builder(args: Argv): Argv;
+    handler(options: Arguments): Promise<void>;
+};
+export default _default;

package/built/cli/upload/options.d.ts

@@ -0,0 +1,11 @@
+export default interface CommandOptions {
+    verbose?: boolean;
+    reportFile: string;
+    directory?: string;
+    appmapDir?: string;
+    app?: string;
+    mergeKey?: string;
+    branch?: string;
+    commit?: string;
+    environment?: string;
+}

package/built/cli/upload/pruneAppMap.d.ts

@@ -0,0 +1,4 @@
+import { AppMapBuilder } from '@appland/models';
+export declare function maxAppMapSize(): number;
+export declare function pruneAppMap(builder: AppMapBuilder, maxSize: number): AppMapBuilder;
+export declare function buildAppMap(appMapJson: Record<string, unknown>): AppMapBuilder;

package/built/cli/upload.d.ts

@@ -0,0 +1,5 @@
+import { CreateMapsetOptions } from '@appland/client/dist/src';
+import { ScanResults } from '../report/scanResults';
+import { UploadResponse } from '../integration/appland/scannerJob/create';
+import { RetryOptions } from '../integration/appland/retryOptions';
+export default function create(scanResults: ScanResults, appId: string, appMapDir: string, mergeKey?: string, mapsetOptions?: CreateMapsetOptions, retryOptions?: RetryOptions): Promise<UploadResponse>;

package/built/cli/validateFile.d.ts

@@ -0,0 +1 @@
+export default function (kind: string, path: string): Promise<void>;

package/built/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/built/configuration/configurationProvider.d.ts

@@ -0,0 +1,9 @@
+import Check from '../check';
+import Configuration from './types/configuration';
+import RuleInstance from '../ruleInstance';
+export declare function loadRule(ruleName: string): Promise<RuleInstance>;
+export declare function loadConfig(config: Configuration): Promise<Check[]>;
+export declare type TimestampedConfiguration = Configuration & {
+    timestampMs: number;
+};
+export declare function parseConfigFile(configPath: string): Promise<TimestampedConfiguration>;

package/built/configuration/types/checkConfig.d.ts

@@ -0,0 +1,18 @@
+import MatchEventConfig from './matchEventConfig';
+interface MatchConfig {
+    scope?: MatchEventConfig;
+    event?: MatchEventConfig;
+}
+/**
+ * CheckConfig represents the user's configuration of an Check, which is an
+ * instantiation of a Rule. Each CheckConfing is read from the scanners configuration file.
+ */
+export default interface CheckConfig {
+    rule: string;
+    id?: string;
+    scope?: string;
+    include?: MatchConfig[];
+    exclude?: MatchConfig[];
+    properties?: Record<string, unknown>;
+}
+export {};

package/built/configuration/types/configuration.d.ts

@@ -0,0 +1,7 @@
+import CheckConfig from './checkConfig';
+/**
+ * Configuration is the code representation of the scanner configuration file.
+ */
+export default interface Configuration {
+    checks: CheckConfig[];
+}

package/built/configuration/types/matchEventConfig.d.ts

@@ -0,0 +1,7 @@
+import MatchPatternConfig from './matchPatternConfig';
+declare type PropertyName = 'id' | 'type' | 'fqid' | 'query' | 'route';
+export default interface MatchEventConfig {
+    property: PropertyName;
+    test: MatchPatternConfig;
+}
+export {};

package/built/configuration/types/matchPatternConfig.d.ts

@@ -0,0 +1,6 @@
+export default interface MatchPatternConfig {
+    ignoreCase: boolean;
+    match?: RegExp;
+    include?: string;
+    equal?: string;
+}

package/built/database/index.d.ts

@@ -0,0 +1,17 @@
+import { Event } from '@appland/models';
+import { AppMapIndex, EventFilter, QueryAST } from '../types';
+import { SqliteParser } from '@appland/models/types/sqlite-parser';
+export interface SQLEvent {
+    sql: string;
+    event: Event;
+}
+export interface SQLCount {
+    count: number;
+    events: Event[];
+}
+export declare function capitalizeString(str: string): string;
+export declare function getHttpLabel(event: Event): string | undefined;
+export declare function getSqlLabelFromString(sqlString: string): string;
+export declare function isSelect(sql: string): boolean;
+export declare function sqlStrings(event: Event, appMapIndex: AppMapIndex, filter?: EventFilter): Generator<SQLEvent>;
+export declare function countJoins(ast: QueryAST | undefined, filterTable?: (table: SqliteParser.Node) => boolean): number;

package/built/database/visit.d.ts

@@ -0,0 +1,6 @@
+import { SqliteParser } from '@appland/models/types/sqlite-parser';
+declare type Callbacks = {
+    [Node in SqliteParser.Node as `${Node['type']}.${Node['variant']}`]?: (node: Node) => void;
+};
+export declare function visit(node: SqliteParser.Node, callbacks: Callbacks): void;
+export {};

package/built/errors.d.ts

@@ -0,0 +1,4 @@
+export declare class ValidationError extends Error {
+}
+export declare class AbortError extends Error {
+}

package/built/eventUtil.d.ts

@@ -0,0 +1,3 @@
+import { CodeObject, Event } from '@appland/models';
+export declare function cloneCodeObject(sourceObject: CodeObject): CodeObject | undefined;
+export declare function cloneEvent(sourceEvent: Event): Event;

package/built/findings.d.ts

@@ -0,0 +1,3 @@
+import { FindingStatusListItem } from '@appland/client/dist/src';
+import { Finding } from './index';
+export declare function newFindings(findings: Finding[], findingStatuses: FindingStatusListItem[]): Finding[];

package/built/index.d.ts

@@ -0,0 +1,75 @@
+import { Event, Metadata } from '@appland/models';
+import Configuration from './configuration/types/configuration';
+/**
+ * Each Rule in the scanner library wants to consider some set of events as it decides whether the code should be flagged or not.
+ * A Scope is a way of declaring how these "sets" are defined. A common scope is `http_server_request`. The rule will look at each HTTP
+ * server request separately; what happens in one request is irrelevant to the next. For example, when looking for authz_before_authn, each HTTP
+ * server request is considered separately.
+ *
+ * `http_server_request` is one example of a "command". Other types of commands are: CLI commands and background jobs. Each of these has a
+ * defined beginning and end, and is logically completely separate from any other command.
+ *
+ * Some rules are relevant only to HTTP server requests - such as `http500`. Others are applicable to any kind of command - such as `nPlusOneQuery`.
+ *
+ * Finally, other rules simply want to look for a certain condition regardless of where it occurs. For example, Too many SQL joins will flag any
+ * query anywhere in the AppMap, even if it's not part of a command. This rule uses the root scope, which yields a new scope for every root-level Event
+ * (root-level = "has no parent").
+ *
+ * Ideally, AppMaps would not contain any events that are not part of a command - because without knowing the command, we don't really have any context
+ * of what the code is trying to do. But, anticipating that this may sometimes happen, "root" scope is a good choice for a rule that may flag code
+ * anywhere in the AppMap.
+ */
+export declare type ScopeName = 'root' | 'command' | 'http_client_request' | 'http_server_request' | 'transaction';
+/**
+ * Indicates the aspect of software quality that is most relevant to a rule.
+ */
+export declare type ImpactDomain = 'Security' | 'Performance' | 'Maintainability' | 'Stability';
+/**
+ * Finding is the full data structure that is created when a Rule matches an Event.
+ *
+ * The Rule only needs to return a boolean, string, or MatchResult. The scanner framework
+ * adds the rest of the information to build the complete finding.
+ */
+export interface Finding {
+    appMapFile: string;
+    checkId: string;
+    ruleId: string;
+    ruleTitle: string;
+    event: Event;
+    hash: string;
+    hash_v2: string;
+    scope: Event;
+    message: string;
+    stack: string[];
+    groupMessage?: string;
+    occurranceCount?: number;
+    relatedEvents?: Event[];
+    impactDomain?: ImpactDomain;
+    participatingEvents?: Record<string, Event>;
+    scopeModifiedDate?: Date;
+    eventsModifiedDate?: Date;
+}
+export interface Rule {
+    id: string;
+    title: string;
+    description: string;
+    url?: string;
+    labels?: string[];
+    scope?: ScopeName;
+    enumerateScope: boolean;
+    impactDomain?: ImpactDomain;
+    references?: Record<string, URL>;
+}
+export interface Check {
+    id: string;
+    scope: ScopeName;
+    impactDomain: ImpactDomain;
+    rule: Rule;
+}
+export interface ScanResults {
+    configuration: Configuration;
+    appMapMetadata: Record<string, Metadata>;
+    findings: Finding[];
+    checks: Check[];
+}
+export { default as scan } from './scan';

package/built/integration/appland/location.d.ts

@@ -0,0 +1,5 @@
+/// <reference types="node" />
+import { URL } from 'url';
+export default interface Location {
+    url: URL;
+}

package/built/integration/appland/retry.d.ts

@@ -0,0 +1,5 @@
+/// <reference types="node" />
+import { IncomingMessage } from 'http';
+import { RetryOptions } from './retryOptions';
+import { RetryHandler } from '@appland/client/dist/src/retryHandler';
+export default function retry(description: string, retryOptions: RetryOptions, retryFn: () => Promise<IncomingMessage>): RetryHandler;

package/built/integration/appland/retryOptions.d.ts

@@ -0,0 +1,4 @@
+export declare type RetryOptions = {
+    maxRetries?: number;
+    retryDelay?: number;
+};

package/built/integration/appland/scannerJob/create.d.ts

@@ -0,0 +1,11 @@
+import { ScanResults } from '../../../report/scanResults';
+import Location from '../location';
+import ScannerJob from '../scannerJob';
+import { RetryOptions } from '../retryOptions';
+declare type CreateOptions = {
+    mergeKey?: string;
+};
+export interface UploadResponse extends ScannerJob, Location {
+}
+export declare function create(scanResults: ScanResults, mapsetId: number, appMapUUIDByFileName: Record<string, string>, createOptions?: CreateOptions, retryOptions?: RetryOptions): Promise<UploadResponse>;
+export {};

package/built/integration/appland/scannerJob/merge.d.ts

@@ -0,0 +1,5 @@
+import Location from '../location';
+import ScannerJob from '../scannerJob';
+export interface MergeResponse extends ScannerJob, Location {
+}
+export declare function merge(appId: string, mergeKey: string): Promise<MergeResponse>;

package/built/integration/appland/scannerJob.d.ts

@@ -0,0 +1,11 @@
+import { Configuration } from '@appland/client';
+import { ScanSummary } from '../../report/scanSummary';
+export default interface ScannerJob {
+    id: number;
+    created_at: string;
+    updated_at: string;
+    mapset_id: number;
+    merge_key?: string;
+    summary: ScanSummary;
+    configuration: Configuration;
+}

package/built/integration/github/commitStatus.d.ts

@@ -0,0 +1,3 @@
+declare type CommitStatusState = 'pending' | 'success' | 'error' | 'failure';
+export default function postCommitStatus(state: CommitStatusState, description: string): Promise<unknown>;
+export {};

package/built/integration/vars.d.ts

@@ -0,0 +1,12 @@
+declare function token(): string | undefined;
+declare function sha(): string | undefined;
+declare function pullRequestNumber(): string | undefined;
+declare function owner(): string | undefined;
+declare function repo(): string | undefined;
+declare function branch(): string | undefined;
+declare function validateToken(): void;
+declare function validateSha(): void;
+declare function validatePullRequestNumber(): void;
+declare function validateOwner(): void;
+declare function validateRepo(): void;
+export { branch, token, owner, sha, repo, pullRequestNumber, validateToken, validateOwner, validateRepo, validateSha, validatePullRequestNumber, };

package/built/lastGitOrFSModifiedDate.d.ts

@@ -0,0 +1,6 @@
+export declare function resetCache(): void;
+export declare function isCached(file: string): boolean;
+export declare function gitExists(): Promise<boolean>;
+export declare function gitModifiedDate(file: string): Promise<Date | undefined>;
+export declare function fileModifiedDate(file: string): Promise<Date | undefined>;
+export default function lastGitOrFSModifiedDate(file: string): Promise<Date | undefined>;

package/built/openapi/index.d.ts

@@ -0,0 +1,4 @@
+import OpenApiDiff from 'openapi-diff';
+import { OpenAPIV3 } from 'openapi-types';
+export * from '@appland/openapi';
+export declare const breakingChanges: (schemaHead: OpenAPIV3.Document, schemaBase: OpenAPIV3.Document) => Promise<Array<OpenApiDiff.DiffResult<'breaking'>>>;

package/built/progressReporter.d.ts

@@ -0,0 +1,16 @@
+import { AppMap, Event } from '@appland/models';
+import Check from './check';
+import { AppMapIndex, MatchResult } from './types';
+import { ScopeName } from './index';
+export default interface ProgressReporter {
+    beginAppMap(appMapFileName: string, appMap: AppMap): Promise<void>;
+    beginCheck(check: Check): Promise<void>;
+    filterScope(scopeName: ScopeName, scope: Event): Promise<void>;
+    enterScope(scope: Event): Promise<void>;
+    filterEvent(event: Event): Promise<void>;
+    matchResult(event: Event, matchResult: string | boolean | MatchResult[] | undefined): Promise<void>;
+    matchEvent(event: Event, appMapIndex: AppMapIndex): Promise<void>;
+    leaveScope(): Promise<void>;
+    endCheck(): Promise<void>;
+    endAppMap(): Promise<void>;
+}

package/built/report/findingSummary.d.ts

@@ -0,0 +1,11 @@
+/**
+ * FindingSummary summarizes the results from a single scanner across the entire scan.
+ * It's used for printing a user-friendly summary report, it's not used for machine-readable program output.
+ */
+export interface FindingSummary {
+    ruleId: string;
+    ruleTitle: string;
+    findingTotal: number;
+    findingHashes: Set<string>;
+    messages: string[];
+}

package/built/report/findingsReport.d.ts

@@ -0,0 +1,3 @@
+import { Metadata } from '@appland/models';
+import { Finding } from '../index';
+export default function (findings: Finding[], appMapMetadata: Record<string, Metadata>, ide?: string): void;

package/built/report/scanResults.d.ts

@@ -0,0 +1,19 @@
+import { Metadata } from '@appland/models';
+import Check from '../check';
+import Configuration from '../configuration/types/configuration';
+import { Finding } from '../index';
+import { ScanSummary } from './scanSummary';
+/**
+ * ScannerSummary summarizes the results of the entire scan.
+ * It's used for printing a user-friendly summary report, it's not used for machine-readable program output.
+ */
+export declare class ScanResults {
+    configuration: Configuration;
+    appMapMetadata: Record<string, Metadata>;
+    findings: Finding[];
+    checks: Check[];
+    summary: ScanSummary;
+    constructor(configuration?: Configuration, appMapMetadata?: Record<string, Metadata>, findings?: Finding[], checks?: Check[]);
+    withFindings(findings: Finding[]): ScanResults;
+    aggregate(sourceScanResults: ScanResults): void;
+}

package/built/report/scanResults.js

@@ -1,39 +1,6 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.sendScanResultsTelemetry = exports.ScanResults = void 0;
-const telemetry_1 = __importStar(require("../telemetry"));
+exports.ScanResults = void 0;
 class DistinctItems {
     constructor() {
         this.members = {};
@@ -118,24 +85,3 @@ class ScanResults {
     }
 }
 exports.ScanResults = ScanResults;
-function sendScanResultsTelemetry(telemetry) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const gitState = telemetry_1.GitState[yield telemetry_1.Git.state(telemetry.appmapDir)];
-        const contributors = (yield telemetry_1.Git.contributors(60, telemetry.appmapDir)).length;
-        telemetry_1.default.sendEvent({
-            name: 'scan:completed',
-            properties: {
-                rules: telemetry.ruleIds.sort().join(', '),
-                git_state: gitState,
-            },
-            metrics: {
-                duration: telemetry.elapsedMs / 1000,
-                numRules: telemetry.ruleIds.length,
-                numAppMaps: telemetry.numAppMaps,
-                numFindings: telemetry.numFindings,
-                contributors: contributors,
-            },
-        }, { includeEnvironment: true });
-    });
-}
-exports.sendScanResultsTelemetry = sendScanResultsTelemetry;

package/built/report/scanSummary.d.ts

@@ -0,0 +1,20 @@
+import { Metadata } from '@appland/models';
+export interface AppMapMetadata {
+    labels: string[];
+    apps: string[];
+    clients: Metadata.Client[];
+    frameworks: Metadata.Framework[];
+    git: Metadata.Git[];
+    languages: Metadata.Language[];
+    recorders: Metadata.Recorder[];
+    testStatuses: ('succeeded' | 'failed')[];
+    exceptions: Metadata.Exception[];
+}
+export interface ScanSummary {
+    numAppMaps: number;
+    rules: string[];
+    ruleLabels: string[];
+    numChecks: number;
+    numFindings: number;
+    appMapMetadata: AppMapMetadata;
+}

package/built/report/summaryReport.d.ts

@@ -0,0 +1,2 @@
+import { ScanResults } from './scanResults';
+export default function (summary: ScanResults, colorize: boolean): void;

package/built/ruleChecker.d.ts

@@ -0,0 +1,13 @@
+import { Event } from '@appland/models';
+import Check from './check';
+import { AppMapIndex } from './types';
+import { Finding } from './index';
+import CheckInstance from './checkInstance';
+import ProgressReporter from './progressReporter';
+export default class RuleChecker {
+    private progress?;
+    private scopes;
+    constructor(progress?: ProgressReporter | undefined);
+    check(appMapFileName: string, appMapIndex: AppMapIndex, check: Check, findings: Finding[]): Promise<void>;
+    checkEvent(event: Event, scope: Event, appMapFileName: string, appMapIndex: AppMapIndex, checkInstance: CheckInstance, findings: Finding[]): Promise<void>;
+}

package/built/ruleInstance.d.ts

@@ -0,0 +1,6 @@
+import { Rule } from './index';
+import { RuleLogic } from './types';
+export default interface RuleInstance extends Rule {
+    Options?: any;
+    build: (options: this['Options']) => RuleLogic;
+}

package/built/rules/authzBeforeAuthn.d.ts

@@ -0,0 +1,3 @@
+import RuleInstance from '../ruleInstance';
+declare const RULE: RuleInstance;
+export default RULE;

package/built/rules/circularDependency.d.ts

@@ -0,0 +1,3 @@
+import RuleInstance from '../ruleInstance';
+declare const RULE: RuleInstance;
+export default RULE;

package/built/rules/deprecated-crypto-algorithm/metadata.d.ts

@@ -0,0 +1,4 @@
+import { Metadata } from '../lib/metadata';
+export declare const labels: string[];
+declare const _default: Metadata;
+export default _default;

package/built/rules/deprecated-crypto-algorithm/rule.d.ts

@@ -0,0 +1,3 @@
+import { RuleLogic } from '../../types';
+export declare const deprecatedAlgorithms: RegExp[];
+export default function rule(): RuleLogic;

package/built/rules/deserializationOfUntrustedData.d.ts

@@ -0,0 +1,3 @@
+import RuleInstance from '../ruleInstance';
+declare const RULE: RuleInstance;
+export default RULE;

package/built/rules/execOfUntrustedCommand.d.ts

@@ -0,0 +1,3 @@
+import RuleInstance from '../ruleInstance';
+declare const RULE: RuleInstance;
+export default RULE;

package/built/rules/http-500/metadata.d.ts

@@ -0,0 +1,3 @@
+import { Metadata } from '../lib/metadata';
+declare const _default: Metadata;
+export default _default;

package/built/rules/http-500/rule.d.ts

@@ -0,0 +1,2 @@
+import { RuleLogic } from '../../types';
+export default function rule(): RuleLogic;

package/built/rules/illegalPackageDependency.d.ts

@@ -0,0 +1,3 @@
+import RuleInstance from '../ruleInstance';
+declare const RULE: RuleInstance;
+export default RULE;

package/built/rules/incompatibleHttpClientRequest.d.ts

@@ -0,0 +1,3 @@
+import RuleInstance from '../ruleInstance';
+declare const RULE: RuleInstance;
+export default RULE;

package/built/rules/insecureCompare.d.ts

@@ -0,0 +1,3 @@
+import RuleInstance from '../ruleInstance';
+declare const RULE: RuleInstance;
+export default RULE;

package/built/rules/jobNotCancelled.d.ts

@@ -0,0 +1,3 @@
+import RuleInstance from '../ruleInstance';
+declare const RULE: RuleInstance;
+export default RULE;

package/built/rules/jwtAlgorithmNone.d.ts

@@ -0,0 +1,24 @@
+/// <reference types="node" />
+import { RuleLogic } from '../types';
+import { URL } from 'url';
+import RuleInstance from '../ruleInstance';
+export declare enum Labels {
+    JwtEncode = "jwt.encode"
+}
+declare class JwtAlgoritmNone implements RuleInstance {
+    readonly id = "jwt-algorithm-none";
+    readonly title = "JWT 'none' algorithm";
+    readonly impactDomain = "Security";
+    readonly enumerateScope = true;
+    readonly description: string;
+    readonly url = "https://appland.com/docs/analysis/rules-reference.html#jwt-algorithm-none";
+    readonly labels: Labels[];
+    readonly references: {
+        'CWE-345': URL;
+        'A02:2021': URL;
+        'RFC 7519': URL;
+    };
+    build(): RuleLogic;
+}
+declare const _default: JwtAlgoritmNone;
+export default _default;

package/built/rules/jwtUnverifiedSignature.d.ts

@@ -0,0 +1,23 @@
+import { RuleLogic } from '../types';
+import RuleInstance from '../ruleInstance';
+export declare enum Labels {
+    SignatureVerify = "jwt.signature.verify",
+    JwtDecode = "jwt.decode"
+}
+declare class JwtUnverifiedSignature implements RuleInstance {
+    readonly id = "jwt-unverified-signature";
+    readonly title = "Unverified signature";
+    readonly impactDomain = "Security";
+    readonly enumerateScope = true;
+    readonly description: string;
+    readonly url = "https://appland.com/docs/analysis/rules-reference.html#jwt-unverified-signature";
+    readonly labels: Labels[];
+    readonly references: {
+        'CWE-345': URL;
+        'A02:2021': URL;
+        'RFC 7519': URL;
+    };
+    build(): RuleLogic;
+}
+declare const _default: JwtUnverifiedSignature;
+export default _default;