fix: Fixes to scanners

getappmap · Oct 12, 2021 · b1a264a · b1a264a
1 parent fd3f80e
commit b1a264a
Show file tree

Hide file tree

Showing 8 changed files with 35 additions and 6 deletions.
diff --git a/src/analyzer/recordSecrets.ts b/src/analyzer/recordSecrets.ts
@@ -2,6 +2,9 @@ import { Event } from '@appland/models';
 import { emptyValue, verbose } from '../scanner/util';
 
 export default function (secrets: Set<string>, e: Event): void {
+  if (!e.returnValue) {
+    return;
+  }
   if (emptyValue(e.returnValue.value)) {
     return;
   }

diff --git a/src/sampleConfig/default.ts b/src/sampleConfig/default.ts
@@ -14,7 +14,7 @@ const assertions: Assertion[] = [
   slowQuery.scanner(new slowQuery.Options(0.05)),
   queryFromView.scanner(),
   missingContentType.scanner(),
-  missingAuthentication.scanner(),
+  missingAuthentication.scanner(new missingAuthentication.Options([/\/api\//])),
   validateBeforeSave.scanner(),
   leafExpected.scanner('http_client_request'),
   leafExpected.scanner('sql_query'),

diff --git a/src/sampleConfig/default.yml b/src/sampleConfig/default.yml
@@ -10,6 +10,6 @@ scanners:
   - id: missingContentType
   - id: missingAuthentication
     properties:
-      routes: [ /.*/ ]
+      routes: [ /\/api\// ]
   - id: validateBeforeSave
   - id: secretInLog
diff --git a/src/sampleConfig/railsSampleApp6thEd.yml b/src/sampleConfig/railsSampleApp6thEd.yml
@@ -7,5 +7,6 @@ scanners:
       timeAllowed: 0.05
   - id: missingContentType
   - id: missingAuthentication
+  - id: insecureCompare
   - id: secretInLog
   - id: updateInGetRequest
diff --git a/src/sampleConfig/solidus.yml b/src/sampleConfig/solidus.yml
@@ -0,0 +1,17 @@
+scanners:
+  - id: slowHttpServerRequest
+    properties:
+      timeAllowed: 1.0
+  - id: slowQuery
+    properties:
+      timeAllowed: 0.25
+  - id: missingContentType
+  - id: missingAuthentication
+    properties:
+      routes:
+        - /\/api/\/
+  - id: secretInLog
+  - id: updateInGetRequest
+    properties:
+      query_exclude:
+        - /^INSERT INTO "spree_order_mutexes"/
diff --git a/src/scanner/missingContentType.ts b/src/scanner/missingContentType.ts
@@ -3,7 +3,7 @@ import Assertion from '../assertion';
 import { contentType } from './util';
 
 const isRedirect = (status: number) => [301, 302, 303, 307, 308].includes(status);
-const isNoContent = (status: number) => status != 204;
+const hasContent = (status: number) => status !== 204;
 
 const scanner = (): Assertion => {
   return Assertion.assert(
@@ -15,7 +15,7 @@ const scanner = (): Assertion => {
       assertion.where = (e: Event) =>
         e.httpServerResponse !== undefined &&
         !isRedirect(e.httpServerResponse!.status) &&
-        !isNoContent(e.httpServerResponse!.status);
+        hasContent(e.httpServerResponse!.status);
       assertion.description = `HTTP server request must have a Content-Type header`;
     }
   );

diff --git a/src/scanner/updateInGetRequest.ts b/src/scanner/updateInGetRequest.ts
@@ -6,7 +6,10 @@ class Options {
   private _queryInclude: RegExp[];
   private _queryExclude: RegExp[];
 
-  constructor(queryInclude: RegExp[] = [/INSERT/i, /UPDATE/i], queryExclude: RegExp[] = []) {
+  constructor(
+    queryInclude: RegExp[] = [/\binsert\b/i, /\bupdate\b/i],
+    queryExclude: RegExp[] = []
+  ) {
     this._queryInclude = queryInclude;
     this._queryExclude = queryExclude;
   }

diff --git a/...ngframework_samples_petclinic_owner_OwnerControllerTests_testInitCreationForm.appmap.json b/...ngframework_samples_petclinic_owner_OwnerControllerTests_testInitCreationForm.appmap.json
@@ -95,7 +95,12 @@
     },
     {
       "event": "return",
-      "http_server_response": { "mime_type": "text/html;charset=UTF-8", "status": 200 },
+      "http_server_response": {
+        "status": 200,
+        "headers": {
+          "Content-Type": "text/html;charset=UTF-8"
+        }
+      },
       "id": 1049,
       "parent_id": 1037,
       "thread_id": 1