@appland/scanner - npm Package Compare versions

Comparing version 1.78.0 to 1.79.0

built/cli/upload.js

@@ -18,16 +18,4 @@ "use strict";
 const vars_1 = require("../integration/vars");
-const promises_2 = require("fs/promises");
 const path_1 = require("path");
 const pruneAppMap_1 = require("./upload/pruneAppMap");
-function fileExists(file) {
-    return __awaiter(this, void 0, void 0, function* () {
-        try {
-            yield (0, promises_2.stat)(file);
-            return true;
-        }
-        catch (e) {
-            return false;
-        }
-    });
-}
 function create(scanResults, appId, appMapDir, mergeKey, mapsetOptions = {}, retryOptions = {}) {
@@ -51,3 +39,3 @@ return __awaiter(this, void 0, void 0, function* () {
             const filePaths = [filePath, (0, path_1.join)(appMapDir, filePath)];
-            const filePathsExist = yield Promise.all(filePaths.map(fileExists));
+            const filePathsExist = yield Promise.all(filePaths.map(util_1.fileExists));
             const fullPath = filePaths.find((_, fileIndex) => filePathsExist[fileIndex]);
@@ -54,0 +42,0 @@ if (!fullPath)

built/integration/github/commitStatus.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+const octokit_1 = require("octokit");
 const vars_1 = require("../vars");
@@ -10,5 +11,7 @@ function postCommitStatus(state, description) {
     // eslint-disable-next-line @typescript-eslint/no-var-requires
-    const octokat = require('octokat');
-    const octo = new octokat({ token: (0, vars_1.token)() });
-    return octo.repos((0, vars_1.owner)(), (0, vars_1.repo)()).statuses((0, vars_1.sha)()).create({
+    const octo = new octokit_1.Octokit({ auth: (0, vars_1.token)() });
+    return octo.rest.repos.createCommitStatus({
+        owner: (0, vars_1.owner)(),
+        repo: (0, vars_1.repo)(),
+        sha: (0, vars_1.sha)(),
         state: state,
@@ -15,0 +18,0 @@ context: 'appland/scanner',

built/ruleChecker.js

@@ -15,2 +15,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+const models_1 = require("@appland/models");
 const errors_1 = require("./errors");
@@ -27,2 +28,14 @@ const util_1 = require("./rules/lib/util");
 const hashV2_1 = __importDefault(require("./algorithms/hash/hashV2"));
+const path_1 = require("path");
+const lastGitOrFSModifiedDate_1 = __importDefault(require("./lastGitOrFSModifiedDate"));
+const console_1 = require("console");
+const assert_1 = __importDefault(require("assert"));
+function locationToFilePath(location) {
+    const [file] = location.split(':');
+    let filePath = file;
+    if ((0, path_1.isAbsolute)(file) && file.startsWith(process.cwd())) {
+        filePath = file.slice(process.cwd().length + 1);
+    }
+    return filePath;
+}
 class RuleChecker {
@@ -98,6 +111,40 @@ constructor(progress) {
             }
+            let appmapConfigDir;
+            {
+                let searchDir = (0, path_1.dirname)((0, path_1.resolve)(appMapFileName));
+                while (!appmapConfigDir) {
+                    if (yield (0, util_1.fileExists)((0, path_1.join)(searchDir, 'appmap.yml'))) {
+                        appmapConfigDir = searchDir;
+                    }
+                    else {
+                        if ((0, path_1.dirname)(searchDir) === searchDir)
+                            break;
+                        searchDir = (0, path_1.dirname)(searchDir);
+                    }
+                }
+            }
+            const resolvePath = (path) => __awaiter(this, void 0, void 0, function* () {
+                const candidates = [path];
+                if (appmapConfigDir)
+                    candidates.push((0, path_1.join)(appmapConfigDir, path));
+                for (const candidate of candidates)
+                    if (yield (0, util_1.fileExists)(candidate))
+                        return candidate;
+            });
+            const mostRecentModifiedDate = (filePaths) => __awaiter(this, void 0, void 0, function* () {
+                const dates = new Array();
+                for (const filePath of filePaths) {
+                    const resolvedPath = yield resolvePath(filePath);
+                    if (!resolvedPath)
+                        continue;
+                    const date = yield (0, lastGitOrFSModifiedDate_1.default)(resolvedPath);
+                    if (date)
+                        dates.push(date);
+                }
+                return dates.sort((a, b) => (a && b ? b.getTime() - a.getTime() : 0))[0];
+            });
             const buildFinding = (matchEvent, participatingEvents, message, groupMessage, occurranceCount, 
             // matchEvent will be added to additionalEvents and participatingEvents.values
             // to create the relatedEvents array
-            additionalEvents) => {
+            additionalEvents) => __awaiter(this, void 0, void 0, function* () {
                 const findingEvent = matchEvent || event;
@@ -118,14 +165,52 @@ // Fixes:
                 additionalEvents || []);
+                let scopeModifiedDate;
+                {
+                    const scopeNavigator = new models_1.EventNavigator(scope);
+                    const scopeFiles = new Set();
+                    const collectScope = (event) => {
+                        if (!event.codeObject.location)
+                            return;
+                        const filePath = locationToFilePath(event.codeObject.location);
+                        if (!filePath)
+                            return;
+                        scopeFiles.add(filePath);
+                    };
+                    collectScope(scope);
+                    for (const descendant of scopeNavigator.descendants()) {
+                        const { event } = descendant;
+                        collectScope(event);
+                    }
+                    const localScopeFiles = [...scopeFiles].filter((filePath) => ((0, assert_1.default)(filePath), !(0, path_1.isAbsolute)(filePath)));
+                    scopeModifiedDate = yield mostRecentModifiedDate(localScopeFiles);
+                }
                 const hashV2 = new hashV2_1.default(checkInstance.ruleId, findingEvent, participatingEvents);
                 const uniqueEvents = new Set();
                 const relatedEvents = [];
-                [findingEvent, ...(additionalEvents || []), ...Object.values(participatingEvents)]
-                    .map(eventUtil_1.cloneEvent)
-                    .forEach((event) => {
+                const relatedEventFiles = new Set();
+                const collectEventFile = (event) => {
+                    if (!event.codeObject.location)
+                        return;
+                    const filePath = locationToFilePath(event.codeObject.location);
+                    if (!filePath)
+                        return;
+                    if ((0, path_1.isAbsolute)(filePath))
+                        return;
+                    relatedEventFiles.add(filePath);
+                };
+                [findingEvent, ...(additionalEvents || []), ...Object.values(participatingEvents)].forEach((event) => {
                     if (uniqueEvents.has(event.id)) {
                         return;
                     }
+                    collectEventFile(event);
+                    for (const ancestor of new models_1.EventNavigator(event).ancestors()) {
+                        collectEventFile(ancestor.event);
+                    }
                     uniqueEvents.add(event.id);
                     relatedEvents.push((0, eventUtil_1.cloneEvent)(event));
                 });
+                const eventsModifiedDate = yield mostRecentModifiedDate([...relatedEventFiles]);
+                if ((0, util_1.verbose)()) {
+                    (0, console_1.warn)(`Scope modified date: ${scopeModifiedDate}`);
+                    (0, console_1.warn)(`Events modified date: ${eventsModifiedDate}`);
+                }
                 return {
@@ -147,4 +232,6 @@ appMapFile: appMapFileName,
                     participatingEvents: Object.fromEntries(Object.entries(participatingEvents).map(([k, v]) => [k, (0, eventUtil_1.cloneEvent)(v)])),
+                    scopeModifiedDate,
+                    eventsModifiedDate,
                 };
-            };
+            });
             if (this.progress)
@@ -160,6 +247,6 @@ yield this.progress.matchEvent(event, appMapIndex);
                     const message = checkInstance.ruleLogic.message(scope, event);
-                    finding = buildFinding(event, {}, message);
+                    finding = yield buildFinding(event, {}, message);
                 }
                 else {
-                    finding = buildFinding(event, {});
+                    finding = yield buildFinding(event, {});
                 }
@@ -169,3 +256,3 @@ findings.push(finding);
             else if (typeof matchResult === 'string') {
-                const finding = buildFinding(event, {}, matchResult);
+                const finding = yield buildFinding(event, {}, matchResult);
                 finding.message = matchResult;
@@ -175,6 +262,6 @@ findings.push(finding);
             else if (matchResult) {
-                matchResult.forEach((mr) => {
-                    const finding = buildFinding(mr.event, mr.participatingEvents || {}, mr.message, mr.groupMessage, mr.occurranceCount, mr.relatedEvents);
+                for (const mr of matchResult) {
+                    const finding = yield buildFinding(mr.event, mr.participatingEvents || {}, mr.message, mr.groupMessage, mr.occurranceCount, mr.relatedEvents);
                     findings.push(finding);
-                });
+                }
             }
@@ -181,0 +268,0 @@ if ((0, util_1.verbose)()) {

built/rules/lib/util.js

@@ -15,3 +15,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verbose = exports.toRegExpArray = exports.responseContentType = exports.toRegExp = exports.providesAuthentication = exports.pluralize = exports.dasherize = exports.camelize = exports.parseValue = exports.isRoot = exports.ideLink = exports.isTruthy = exports.isFalsey = exports.emptyValue = exports.capitalize = exports.appMapDir = exports.collectAppMapFiles = void 0;
+exports.verbose = exports.toRegExpArray = exports.responseContentType = exports.toRegExp = exports.providesAuthentication = exports.pluralize = exports.dasherize = exports.camelize = exports.parseValue = exports.isRoot = exports.ideLink = exports.isTruthy = exports.isFalsey = exports.fileExists = exports.emptyValue = exports.capitalize = exports.appMapDir = exports.collectAppMapFiles = void 0;
 const path_1 = require("path");
@@ -21,2 +21,3 @@ const util_1 = require("util");
 const assert_1 = __importDefault(require("assert"));
+const promises_1 = require("fs/promises");
 function collectAppMapFiles(appmapFile, appmapDir) {
@@ -169,1 +170,13 @@ return __awaiter(this, void 0, void 0, function* () {
 exports.pluralize = pluralize;
+function fileExists(file) {
+    return __awaiter(this, void 0, void 0, function* () {
+        try {
+            yield (0, promises_1.stat)(file);
+            return true;
+        }
+        catch (e) {
+            return false;
+        }
+    });
+}
+exports.fileExists = fileExists;

package.json

 {
   "name": "@appland/scanner",
-  "version": "1.78.0",
+  "version": "1.79.0",
   "description": "Analyze AppMaps for code flaws",
@@ -22,3 +22,5 @@ "bin": "built/cli.js",
     "ci": "yarn lint && yarn build && yarn schema-up-to-date && yarn doc-up-to-date && yarn test",
-    "test": "jest --filter=./test/testFilter.js",
+    "test": "appmap-agent-js && jest -t @appmap-fixme --filter=./test/testFilter.js",
+    "test:no-appmap": "yarn jest",
+    "jest": "jest --filter=./test/testFilter.js",
     "semantic-release": "semantic-release",
@@ -30,2 +32,3 @@ "watch": "node bin/preBuild.js && tsc -p tsconfig.build.json --watch"
   "devDependencies": {
+    "@appland/appmap-agent-js": "^13.9.0",
     "@semantic-release/changelog": "^6.0.1",
@@ -77,3 +80,3 @@ "@semantic-release/git": "^10.0.1",
     "cli-progress": "^3.11.0",
-    "conf": "^10.0.2",
+    "conf": "10.2.0",
     "crypto-js": "^4.0.0",
@@ -85,3 +88,3 @@ "glob": "7.2.3",
     "minimatch": "^5.1.2",
-    "octokat": "^0.10.0",
+    "octokit": "^2.0.19",
     "openapi-diff": "^0.23.5",
@@ -88,0 +91,0 @@ "ora": "~5",

src/types.d.ts

@@ -119,2 +119,4 @@ import { AppMap, Event } from '@appland/models';
   participatingEvents?: Record<string, Event>;
+  scopeModifiedDate?: Date;
+  eventsModifiedDate?: Date;
 }
@@ -121,0 +123,0 @@

No alert changes

Improved metrics

Total package byte prevSize

448150

increased by1.89%

Number of package files

211

increased by0.48%

Lines of code

7684

increased by2.4%

Worsened metrics

Dev dependency count

33

increased by3.13%

Number of low supply chain risk alerts

59

increased by1.72%

Number of medium supply chain risk alerts

6

increased by20%

Dependency changes

• + Addedoctokit@^2.0.19

• + Added@octokit/app@13.1.8(transitive)

• + Added@octokit/auth-app@4.0.13(transitive)

• + Added@octokit/auth-oauth-app@5.0.6(transitive)

• + Added@octokit/auth-oauth-device@4.0.5(transitive)

• + Added@octokit/auth-oauth-user@2.1.2(transitive)

• + Added@octokit/auth-token@3.0.4(transitive)

• + Added@octokit/auth-unauthenticated@3.0.5(transitive)

• + Added@octokit/core@4.2.4(transitive)

• + Added@octokit/endpoint@7.0.6(transitive)

• + Added@octokit/graphql@5.0.6(transitive)

• + Added@octokit/oauth-app@4.2.4(transitive)

• + Added@octokit/oauth-authorization-url@5.0.0(transitive)

• + Added@octokit/oauth-methods@2.0.6(transitive)

• + Added@octokit/openapi-types@18.1.1(transitive)

• + Added@octokit/plugin-paginate-rest@6.1.2(transitive)

• + Added@octokit/plugin-rest-endpoint-methods@7.2.3(transitive)

• + Added@octokit/plugin-retry@4.1.6(transitive)

• + Added@octokit/plugin-throttling@5.2.3(transitive)

• + Added@octokit/request@6.2.8(transitive)

• + Added@octokit/request-error@3.0.3(transitive)

• + Added@octokit/tsconfig@1.0.2(transitive)

• + Added@octokit/types@10.0.09.3.2(transitive)

• + Added@octokit/webhooks@10.9.2(transitive)

• + Added@octokit/webhooks-methods@3.0.3(transitive)

• + Added@octokit/webhooks-types@6.11.0(transitive)

• + Added@types/aws-lambda@8.10.137(transitive)

• + Added@types/btoa-lite@1.0.2(transitive)

• + Added@types/jsonwebtoken@9.0.6(transitive)

• + Addedaggregate-error@3.1.0(transitive)

• + Addedbefore-after-hook@2.2.3(transitive)

• + Addedbottleneck@2.19.5(transitive)

• + Addedbtoa-lite@1.0.0(transitive)

• + Addedbuffer-equal-constant-time@1.0.1(transitive)

• + Addedclean-stack@2.2.0(transitive)

• + Addeddeprecation@2.3.1(transitive)

• + Addedecdsa-sig-formatter@1.0.11(transitive)

• + Addedfromentries@1.3.2(transitive)

• + Addedindent-string@4.0.0(transitive)

• + Addedis-plain-object@5.0.0(transitive)

• + Addedjsonwebtoken@9.0.2(transitive)

• + Addedjwa@1.4.1(transitive)

• + Addedjws@3.2.2(transitive)

• + Addedlodash.includes@4.3.0(transitive)

• + Addedlodash.isboolean@3.0.3(transitive)

• + Addedlodash.isinteger@4.0.4(transitive)

• + Addedlodash.isnumber@3.0.3(transitive)

• + Addedlodash.isplainobject@4.0.6(transitive)

• + Addedlodash.isstring@4.0.1(transitive)

• + Addedlodash.once@4.1.1(transitive)

• + Addedlru-cache@9.1.2(transitive)

• + Addedoctokit@2.1.0(transitive)

• + Addeduniversal-github-app-jwt@1.1.2(transitive)

• + Addeduniversal-user-agent@6.0.1(transitive)

• - Removedoctokat@^0.10.0

• - Removedencoding@0.1.13(transitive)

• - Removedfetch-vcr@1.1.2(transitive)

• - Removediconv-lite@0.6.3(transitive)

• - Removedis-stream@1.1.0(transitive)

• - Removednode-fetch@1.7.3(transitive)

• - Removedoctokat@0.10.0(transitive)

• - Removedwhatwg-fetch@2.0.4(transitive)

• Updatedconf@10.2.0