Skip to content
This repository has been archived by the owner on Apr 29, 2022. It is now read-only.

Latest commit

 

History

History
963 lines (467 loc) · 42.9 KB

CHANGELOG.md

File metadata and controls

963 lines (467 loc) · 42.9 KB

1.52.4 (2022-04-28)

Bug Fixes

  • Don't traverse null property (19cf111)

1.52.3 (2022-04-28)

Bug Fixes

  • Don't enable query-from-view by default (3c87485)

1.52.2 (2022-04-27)

Bug Fixes

  • Disable circular-dependency in default config (0fb1864)

1.52.1 (2022-04-27)

Bug Fixes

  • Don't traverse a null property value (eab7ca4)

1.52.0 (2022-04-07)

Features

  • Rule can be specified in a directory (e929407)

1.51.1 (2022-04-01)

Bug Fixes

  • Upgrade @appland/models to v1.14.5 (68f2382)

1.51.0 (2022-03-25)

Bug Fixes

  • Validate appId before running command (45af060)

Features

  • 'a' is an alias for 'app' (4b2d9c7)

1.50.0 (2022-03-25)

Bug Fixes

  • resolve AppMap path via appMapDir (ef398a4)

Features

  • Add branch, commit, environment CLI options (bffa805)
  • Resolve git branch and commit from the environment if available (105f055)

1.49.1 (2022-03-23)

Bug Fixes

  • Print count of total and unique findings (8252b19)
  • Provide more complete finding messages (484d7d2)

1.49.0 (2022-03-23)

Bug Fixes

  • Extract multiple secrets from a return value (3607a93)
  • Recognize Symbol :failure as return value (12849f9)
  • Switch from command scope to root scope (8372ef5)

Features

  • Command scope falls back on root scope (3940eff)
  • Rename job and command labels (112050e)

1.48.0 (2022-03-21)

Features

  • Add additional relatedEvents (91ad9c1)
  • relatedEvents contains the match event (a0885de)

1.47.0 (2022-03-17)

Bug Fixes

  • Don't fail doc parsing on new docs (58761f6)

Features

  • Enable deserializationOfUntrustedData by default (b99b729)
  • Enable execOfUntrustedCommand by default (998c2fe)
  • Rename 'sanitize' to 'deserialize.sanitize' (0403ebb)
  • Rename label 'public' to 'access.public' (098ae70)
  • Rule for exec-of-untrusted-command (bea4fb3)

1.46.3 (2022-03-17)

Bug Fixes

  • Better error message when server not configured (e9c7c35)
  • Correctly enumerate transaction events (ecc9bfc)

1.46.2 (2022-03-11)

Bug Fixes

  • Don't error out on extra BEGIN when detecting transactions (b3938f4)

1.46.1 (2022-02-17)

Bug Fixes

1.46.0 (2022-02-15)

Features

  • Retry AppMap upload on failure (136b59a)

1.45.0 (2022-02-14)

Bug Fixes

  • Pick up SQL parser fixes (01904db)
  • Specify Content-Length in bytes rather than chars (b24c6a4)

Features

  • Pare down the default scan config (7f48e77)

1.44.3 (2022-02-11)

Bug Fixes

  • Provide the metadata param during AppMap creation (fc1b39b)

1.44.2 (2022-02-10)

Bug Fixes

  • Add missing dependency 'glob' (92fe31c)

1.44.1 (2022-02-09)

Bug Fixes

1.44.0 (2022-02-09)

Features

1.43.0 (2022-02-08)

Features

  • Add CLI 'merge' command (5144b3d)
  • Implement 'merge' command options --fail and --update-commit-status (49706c2)

1.42.0 (2022-02-04)

Bug Fixes

  • Integrate the SQL cache and collect performance data (b0d393b)
  • Missing import (042a79c)

Features

  • Accelerate scanning by indexing the AppMap (5414da1)
  • Cache normalized SQL and query AST (ba3377f)
  • LRU cache for queries (14883dd)
  • Update @appland/models and implement sqlWarning (460e2a3)
  • Update SQL parser (691c051)

Reverts

  • Remove cache of events by type and label (28374c2)

1.41.1 (2022-02-04)

Bug Fixes

  • use relative path for doc files (2e0b5d6)

1.41.0 (2022-02-04)

Features

  • add description and doc url to rule definitions (0c237e4)

1.40.3 (2022-02-04)

Bug Fixes

  • Prevent accumulation of AppMap data while scanning (cd8ff93)

1.40.2 (2022-02-03)

Bug Fixes

  • Upload no longer appends AppMap directory to files (6e28b1c)

1.40.1 (2022-02-02)

Bug Fixes

  • Resolve a case of unhandled promises during upload (1bf5f90)

1.40.0 (2022-02-02)

Bug Fixes

  • Improve Mapset and Findings upload (055758b)
  • Remove redundant rule in default.yml sample config (72ad9f8)
  • Remove unused import (bfc3fe6)
  • Use FormData to efficiently upload AppMaps (b8b43ee)

Features

  • Upload AppMaps, then create a Mapset, then Findings (3403834)

1.39.1 (2022-02-01)

Bug Fixes

  • Finding hash now includes rule id (10db345)

1.39.0 (2022-01-28)

Bug Fixes

  • http-500 looks for 500 status specifically (02a406f)

Features

  • Print stack trace in CLI finding output (edfb41a)

1.38.0 (2022-01-26)

Features

  • Deduplicate findings in the report (49b2db9)

1.37.1 (2022-01-25)

Bug Fixes

1.37.0 (2022-01-25)

Features

  • Update rule deserializationOfUntrustedData and add a test (25fa0b5)

1.36.1 (2022-01-24)

Bug Fixes

  • Only process a couple appmaps at a time (0ec9a37)

1.36.0 (2022-01-21)

Bug Fixes

  • authz-before-authn finding event is the event that provides authorization (30c4b50)

Features

  • Add more rules to default config (06a2bf5)
  • Add rule deserialization-of-untrusted-data (cb80d48)
  • Add rule logout-without-session-reset (d7ae001)

1.35.1 (2022-01-19)

Bug Fixes

  • Upload the entire findings JSON (f502d0e)

1.35.0 (2022-01-18)

Features

1.34.1 (2022-01-14)

Bug Fixes

  • Upgrade @appland/client to v1.1.3 (223441a)

1.34.0 (2022-01-14)

Bug Fixes

  • Replace id with rule in rule doc front matter (reqd by Jekyll) (ac5391d)

Features

  • Add references to rule definitions (d9d29d7)
  • Add scope to rule doc front matter (660582d)
  • Add scope to rule doc front matter (9fa209b)
  • Generate front matter from Rule info (e1f64fd)
  • Include labels in rule doc front matter (e4d26ec)
  • Publish to NPM (8dc5c85)

1.33.2 (2022-01-12)

Bug Fixes

  • Flag insecure comparison correctly in more cases (abaf078)

1.33.1 (2022-01-10)

Bug Fixes

1.33.0 (2022-01-10)

Features

1.32.0 (2022-01-07)

Bug Fixes

  • Fix default config path (bb28a87)
  • Tweak the findings output (b16f552)
  • Update @appland/models for DFS dependency traversal fix (bacc707)

Features

  • Print the path to the scanner config file (531f531)

1.31.2 (2022-01-06)

Bug Fixes

  • Upload all findings from ci (ba0190d)

1.31.1 (2022-01-06)

Bug Fixes

  • ci command always merges server finding status (091b932)

1.31.0 (2022-01-05)

Bug Fixes

  • Remove postPullRequestComment because it doesn't work (54f4797)
  • Remove unused imports (f4e1eeb)
  • Update @appland/client (f48dbd0)

Features

  • Add @appland/models and @appland/client as dependencies (23559b8)
  • Add CI command to scan, upload, and update commit status (9c3908f)
  • Fetch finding status from the server and incorporate into the client output (981729f)
  • Refactor CLI into subcommands (d27e05f)
  • Remove @appland/models types, use types defined in the package dependency (f872b5c)
  • Tune the console report of findings (34aaf65)
  • Upload findings to AppMap server (9cf0148)

1.30.0 (2021-12-14)

Features

  • Add additional summary data to the findings report (5e38336)
  • Findings report includes the user-provided configuration (ac4fda7)

1.29.1 (2021-12-10)

Bug Fixes

  • Workaround for event.message being null (b9408c9)

1.29.0 (2021-12-09)

Bug Fixes

  • Let the console handle the line breaks, because they are happening in the wrong place anyway (51cabe7)

Features

  • Continue adding rules (2d90d2d)
  • Port tests to new architecture (07b074a)
  • Separate the rule name from check id (633ab1f)
  • Update @appland/models for upgraded SQL parsing (717b707)

1.28.0 (2021-12-06)

Bug Fixes

  • Perform unix- and mac-friendly JSON schema fixup (eedcdae)
  • Remove incorrect MatchPatternConfig from schema (2986007)

Features

  • Implement case-insensitive pattern test (ee0e825)
  • Unify filter patterns (ece354d)

1.27.0 (2021-12-04)

Features

  • implement count joins logic in the scanner (9461db7)

1.26.0 (2021-12-03)

Bug Fixes

  • unbatchedMaterializedQuery handles null ast (9433d10)

Features

  • Add graph data structures and algorithms ported to TS (3e56554)
  • circularDependency scanner (e24a5cc)
  • Detect all cycles in the graph (e55b7d4)
  • Display a group message and occurrance count (e64dbf1)
  • Find specific event sequences that lead to a cycle (b790053)

1.25.2 (2021-12-01)

Bug Fixes

  • Pack JSON files into native binaries (b39849a)

1.25.1 (2021-12-01)

Bug Fixes

1.25.0 (2021-12-01)

Bug Fixes

  • Correct schema of scanner 'exclude' (42f00be)
  • Don't flag authz-before-authn if permission is denied (03cf321)
  • Simplify assertion exclude filter check (14d4676)

Features

  • SQL strings can be filtered (be3ac6f)

1.24.1 (2021-11-29)

Bug Fixes

  • Export labels in assertion spec (aaf9fbb)

1.24.0 (2021-11-29)

Features

  • Scanner for job not cancelled (2ec0488)

1.23.0 (2021-11-22)

Bug Fixes

  • Ensure existance of constants for all labels (451eddb)
  • Update rails sample app config (551a67d)

Features

  • Reconcile and standardize scanner options (e5dcedb)
  • Support regexp or function as filter expression (88a5fab)
  • Validate configuration schema before scanning (53d4e9d)
  • Validate scanner properties against Options defined by JSON schema (cbd9167)

1.22.2 (2021-11-17)

Bug Fixes

1.22.1 (2021-11-16)

Bug Fixes

1.22.0 (2021-11-16)

Bug Fixes

  • Copy sampleConfig files to built directory (f89d7aa)
  • Ensure existance of built directory when copying sample config (0e047ed)
  • Fail the scan when no appmap dir or file is specified (501deae)

Features

  • Update default config with no-label scanners (c1c7a6f)

1.21.0 (2021-11-16)

Features

  • Find unbatched materialized query (2e3535b)
  • Specify types for scanner options and export as JSON schema (ed197ca)

1.20.1 (2021-11-12)

Bug Fixes

  • Remove broken scope 'appmap' (fad8ffa)
  • Update and correct use of scopes and enumerateScope by scanners (9395113)
  • Update Rails Sample App use of scanners (1e64211)

1.20.0 (2021-11-09)

Features

  • Scan for authorization before authentication (3d3b1eb)

1.19.0 (2021-11-09)

Bug Fixes

  • Upgrade semantic-release (45dad94)

Features

  • Scan for too many joins (1de7bfc)

1.18.0 (2021-11-04)

Bug Fixes

  • Disable IDE links when exporting findings to a file (9bbea63)

Features

  • Add AssertionSpec type for scanner definitions (74de27a)
  • Add CI integration docs (1dc0ad4)
  • Add OpenAPI generation for http_client_request (1fc93e1)
  • Add scanner for slow method calls (e5366fa)
  • Analyze and print OpenAPI breaking changes (858f833)
  • OpenAPI schema are cached by host (4b2ac60)
  • Report distinct finding messages in the final summary (3f946ba)

1.17.0 (2021-10-21)

Bug Fixes

  • Fix env var name for commit status (444491c)
  • Increase the threshold for "too-many-updates" (0b69a6e)
  • Remove unused import (44bb518)
  • Report the total match number for n+1 and too-many-updates (ae4c015)

Features

  • Assertion can choose whether to check all events in the scope, or just the root (5993f2c)
  • Check rpc-without-circuit-breaker (8eed0b0)
  • Optional pull request comments (dd953d2)
  • Report related events in a Finding (9c75bdd)

1.17.0 (2021-10-21)

Bug Fixes

  • Fix env var name for commit status (444491c)
  • Increase the threshold for "too-many-updates" (0b69a6e)
  • Remove unused import (44bb518)
  • Report the total match number for n+1 and too-many-updates (ae4c015)

Features

  • Assertion can choose whether to check all events in the scope, or just the root (5993f2c)
  • Check rpc-without-circuit-breaker (8eed0b0)
  • Optional pull request comments (dd953d2)
  • Report related events in a Finding (9c75bdd)

1.16.0 (2021-10-19)

Bug Fixes

Features

  • Add doc/architecture.md (06ca4c5)
  • Assertion is instantiated once for each scope occurrance, simplifying bookkeeping (b007bc9)
  • Describe scopes in architecture doc (27b1ebb)
  • Implement scopes (07cc23e)
  • Update architecture doc with Scope concept (043e4d9)

1.15.0 (2021-10-15)

Features

  • Illegal package dependency (1b31cea)

1.14.0 (2021-10-15)

Bug Fixes

  • Fix error/warning of n+1 query check (6065085)

Features

  • Better findings report generation (0065442)
  • Scan for http 500 error (dd2dfb6)

1.13.0 (2021-10-15)

Bug Fixes

  • Fix short name for validateBeforeSave (0cc4bcc)
  • Fixes to scanners (b1a264a)

Features

  • Add JSON reporting (fe70006)
  • Find insecure comparison of secrets (fd3f80e)

1.12.4 (2021-10-06)

Bug Fixes

1.12.3 (2021-10-06)

Bug Fixes

  • stringify response object (69225a9)

1.12.2 (2021-10-06)

Bug Fixes

  • use callback to print github responses (7645931)

1.12.1 (2021-10-06)

Bug Fixes

  • print github commit status responses (c798deb)

1.12.0 (2021-10-05)

Features

  • Configure scanner properties from YAML (690ed5f)
  • Enumerate labels which are used in the scanner (827d56f)

1.11.2 (2021-10-05)

Bug Fixes

  • include secretsRegexes.json into built directory (b733283)

1.11.1 (2021-10-05)

Bug Fixes

  • properly read owner/repo/sha (ca02937)

1.11.0 (2021-10-01)

Bug Fixes

  • Don't write results into appmap index dir (which may not exist) (ff402cb)
  • Fix declaration of Event#returnValue (97b4b36)
  • Implement proper usage of HTTP status and mime_type (bb56aef)
  • Leave absolute paths alone when generating links (ab9f358)

Features

  • Add a generic secret regexp (7fa5e22)
  • Deeper verbose logging (970171c)
  • Enable multiple matches, custom messages, and problem level (206c9b5)
  • Enable validation of a single AppMap file (a75e336)
  • Find actual allocated secrets in logs (29471a5)
  • Refactor command printed output and exit status codes (c6a134a)

1.10.0 (2021-10-01)

Features

  • Scanner are classes with named fields (2bce496)

1.9.0 (2021-10-01)

Features

  • post commit status to GitHub (5298ff2)

1.8.0 (2021-09-30)

Bug Fixes

  • Match slow query if any include pattern matches (1478b9a)

Features

  • Scan for SQL update in GET/HEAD request (e00a85e)

1.7.0 (2021-09-29)

Features

  • Update GitHub token format (e765624)

1.6.2 (2021-09-23)

Bug Fixes

1.6.1 (2021-09-23)

Bug Fixes

1.6.0 (2021-09-22)

Bug Fixes

  • Change default assertions config to be .js (58a9c4d)

Features

  • Pass state to VS Code links (94efff9)

1.5.6 (2021-09-21)

Bug Fixes

  • Fix path appmaps for IDE links (3344d40)

1.5.5 (2021-09-21)

Bug Fixes

  • Fix path to appmap's cli (1f38306)

1.5.4 (2021-09-21)

Bug Fixes

1.5.3 (2021-09-21)

Bug Fixes

1.5.2 (2021-09-21)

Bug Fixes

  • Add executable with hashbang (ab42f06)

1.5.1 (2021-09-21)

Bug Fixes

1.5.0 (2021-09-20)

Features

  • Add summary by scanners (a3e9465)

1.4.0 (2021-09-08)

Features

  • Rename 'failures' to 'matches' (a1675a6)
  • Write scanner results into AppMap index (ed029bf)

1.3.0 (2021-09-08)

Bug Fixes

  • Clarify the role of assertion config id (d72493a)

Features

  • Enable configuration of builtin scanners via YAML (3f3cd16)
  • Rename some scanners to better indicate the problem (6338ab2)
  • typedef EventFilter (3876792)

1.2.0 (2021-09-08)

Bug Fixes

  • Detect query from view as mvc.template label (24e164f)
  • Don't report repated matches of N+1 query (9105ac8)
  • Remove import of string from yargs (4124d95)

Features

  • Add new scanners (99430f2)
  • Copy query normalization code from @appland/models (5d49afb)
  • Ensure that certain events are leaf nodes (4e9d15b)
  • Ensure that validate is called before save (eb20b44)
  • N+1 query scanner (b767024)

1.1.0 (2021-09-07)

Features

  • Read configuration from yaml (bc166f4)

1.0.1 (2021-09-07)

Bug Fixes

  • Rename package to scanners (1bd10cd)

1.0.0 (2021-09-07)

Features