@appland/scanner - npm Package Compare versions

Comparing version 1.62.2 to 1.63.0

built/report/summaryReport.js

@@ -13,4 +13,4 @@ "use strict";
             findingSummary.findingTotal += 1;
-            if (!findingSummary.findingHashes.has(finding.hash)) {
-                findingSummary.findingHashes.add(finding.hash);
+            if (!findingSummary.findingHashes.has(finding.hash_v2)) {
+                findingSummary.findingHashes.add(finding.hash_v2);
                 findingSummary.messages.push(finding.message);
@@ -24,3 +24,3 @@ }
                 findingTotal: 1,
-                findingHashes: new Set([finding.hash]),
+                findingHashes: new Set([finding.hash_v2]),
                 messages: [finding.message],
@@ -36,3 +36,3 @@ };
 function default_1(summary, colorize) {
-    const matchedStr = `${summary.summary.numFindings} ${(0, util_1.pluralize)('finding', summary.summary.numFindings)} (${new Set(summary.findings.map((finding) => finding.hash)).size} unique)`;
+    const matchedStr = `${summary.summary.numFindings} ${(0, util_1.pluralize)('finding', summary.summary.numFindings)} (${new Set(summary.findings.map((finding) => finding.hash_v2)).size} unique)`;
     const colouredMatchedStr = colorize ? chalk_1.default.stderr.magenta(matchedStr) : matchedStr;
@@ -39,0 +39,0 @@ console.log();

built/ruleChecker.js

@@ -23,4 +23,5 @@ "use strict";
 const checkInstance_1 = __importDefault(require("./checkInstance"));
-const crypto_1 = require("crypto");
 const eventUtil_1 = require("./eventUtil");
+const hashV1_1 = __importDefault(require("./algorithms/hash/hashV1"));
+const hashV2_1 = __importDefault(require("./algorithms/hash/hashV2"));
 class RuleChecker {
@@ -113,8 +114,12 @@ constructor() {
                 ].filter(Boolean);
-                const hash = (0, crypto_1.createHash)('sha256');
-                hash.update(findingEvent.hash);
-                hash.update(checkInstance.ruleId);
+                const hashV1 = new hashV1_1.default(checkInstance.ruleId, findingEvent, 
+                // findingEvent gets passed here as a relatedEvent, and if you look at HashV1 it
+                // gets added to the hash again. That's how it worked in V1 so it's here for compatibility.
+                additionalEvents || []);
+                const hashV2 = new hashV2_1.default(checkInstance.ruleId, findingEvent, participatingEvents);
                 const uniqueEvents = new Set();
                 const relatedEvents = [];
-                [findingEvent].concat((additionalEvents || []).map(eventUtil_1.cloneEvent)).forEach((event) => {
+                [findingEvent, ...(additionalEvents || []), ...Object.values(participatingEvents)]
+                    .map(eventUtil_1.cloneEvent)
+                    .forEach((event) => {
                     if (uniqueEvents.has(event.id)) {
@@ -126,13 +131,2 @@ return;
                 });
-                // Update event hash with unique hashes of related events
-                new Set(relatedEvents.map((e) => e.hash)).forEach((eventHash) => {
-                    hash.update(eventHash);
-                });
-                Object.values(participatingEvents).forEach((event) => {
-                    if (uniqueEvents.has(event.id)) {
-                        return;
-                    }
-                    uniqueEvents.add(event.id);
-                    relatedEvents.push((0, eventUtil_1.cloneEvent)(event));
-                });
                 return {
@@ -144,3 +138,4 @@ appMapFile,
                     event: (0, eventUtil_1.cloneEvent)(findingEvent),
-                    hash: hash.digest('hex'),
+                    hash: hashV1.digest(),
+                    hash_v2: hashV2.digest(),
                     stack,
@@ -147,0 +142,0 @@ scope: (0, eventUtil_1.cloneEvent)(scope),

built/rules/authzBeforeAuthn.js

@@ -34,2 +34,3 @@ "use strict";
                             message: `${event.event} provides authorization, but the request is not authenticated`,
+                            participatingEvents: { request: rootEvent },
                         },
@@ -36,0 +37,0 @@ ];

built/rules/logoutWithoutSessionReset.js

@@ -31,2 +31,3 @@ "use strict";
                             message: `${event.event} logs out the user, but the HTTP session is not cleared`,
+                            participatingEvents: { request: rootEvent },
                         },
@@ -33,0 +34,0 @@ ];

built/rules/missingContentType.js

@@ -11,4 +11,6 @@ "use strict";
 function build() {
-    function matcher(e) {
-        return (0, openapi_1.rpcRequestForEvent)(e).responseContentType === undefined;
+    function matcher(event) {
+        if ((0, openapi_1.rpcRequestForEvent)(event).responseContentType === undefined) {
+            return `Missing HTTP content type in response to request: ${event.route}`;
+        }
     }
@@ -15,0 +17,0 @@ function where(e) {

built/rules/nPlusOneQuery.js

@@ -38,2 +38,3 @@ "use strict";
                 if (occurranceCount > options.warningLimit) {
+                    const participatingEvents = { commonAncestor: ancestor };
                     const buildMatchResult = (level) => {
@@ -47,3 +48,3 @@ return {
                             relatedEvents: events.map((e) => e.event),
-                            participatingEvents: { commonAncestor: ancestor },
+                            participatingEvents,
                         };
@@ -50,0 +51,0 @@ };

built/rules/secretInLog.js

@@ -71,3 +71,3 @@ "use strict";
             const { pattern, value } = match;
-            const participatingEvents = { logEvent: event };
+            const participatingEvents = {};
             if (match.generatorEvent) {
@@ -74,0 +74,0 @@ participatingEvents.generatorEvent = match.generatorEvent;

built/rules/updateInGetRequest.js

@@ -8,2 +8,3 @@ "use strict";
 const parseRuleDescription_1 = __importDefault(require("./lib/parseRuleDescription"));
+const assert_1 = __importDefault(require("assert"));
 class Options {
@@ -42,3 +43,10 @@ constructor(queryInclude = [/\binsert\b/i, /\bupdate\b/i], queryExclude = []) {
                 hasHttpServerRequest()) {
-                return `Data update performed in ${httpServerRequest.route}: ${e.sqlQuery}`;
+                (0, assert_1.default)(httpServerRequest, 'HTTP server request is undefined');
+                return [
+                    {
+                        event: e,
+                        message: `Data update performed in HTTP request ${httpServerRequest.route}: ${e.sqlQuery}`,
+                        participatingEvents: { request: httpServerRequest },
+                    },
+                ];
             }
@@ -45,0 +53,0 @@ },

CHANGELOG.md

@@ -0,1 +1,10 @@
+# [@appland/scanner-v1.63.0](https://github.com/applandinc/appmap-js/compare/@appland/scanner-v1.62.2...@appland/scanner-v1.63.0) (2022-07-28)
+
+
+### Features
+
+* Include a partial stack in the finding hash ([7e82f8a](https://github.com/applandinc/appmap-js/commit/7e82f8a0b13a1d0927aad73be4ee126d2d4695dc))
+* Populate hash_v2 on each finding ([04470b7](https://github.com/applandinc/appmap-js/commit/04470b7f11e764d79a22eb297d0e6882f6f89a3f))
+* Summarize local report using hash_v2 ([ffbde39](https://github.com/applandinc/appmap-js/commit/ffbde393c17f1f1572eb7653bad796d90662b943))
+
 # [@appland/scanner-v1.62.2](https://github.com/applandinc/appmap-js/compare/@appland/scanner-v1.62.1...@appland/scanner-v1.62.2) (2022-07-25)
@@ -2,0 +11,0 @@

package.json

 {
   "name": "@appland/scanner",
-  "version": "1.62.2",
+  "version": "1.63.0",
   "description": "",
@@ -5,0 +5,0 @@ "bin": "built/cli.js",

No alert changes

Improved metrics

Total package byte prevSize

348798

increased by1.85%

Number of package files

176

increased by1.73%

Lines of code

5838

increased by2.76%

No dependency changes