CAST AIP Technologies
Page tree

Versions Compared

Old Version 3

changes.mady.by.user N Padmavathi

Saved on

compared with

New Version Current

changes.mady.by.user Shared Doc User

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Info

This extension was previously (in version 1.0, 1.1, and 1.2) known as TypeScript and Angular.


Panel

Table of Contents
maxLevel3


Info

This extension was previously (in version 1.0, 1.1, and 1.2) known as TypeScript and Angular.


Info

Summary: This document provides information about the extension providing TypeScript, Angular, React and Node support for Web applications.

...

VersionSupported
2

(tick)

4

(tick)

5

(tick)

6

(tick)

7

(tick)

8(tick)
9(tick)
10(tick)
11(tick)
12(tick)
13(tick)

React

VersionSupported
15.x

(tick)

16.x

(tick)

...

Library

Comment

Data Access

Web Service

or communication

Supported versions

ExpressNode.js application framework
(tick)4.x
MongooseMongoDB access(tick)
5.x
SequelizeNode.js application framework(tick)
5.x; 6.x
TypeORMORM(tick)
0.2.x
FastifyNode.js server
(tick)3.x
AxiosPromise based HTTP client
(tick)0.x
Node-mongodb-nativeMongoDB access(tick)
3.x
nestjsNode.js application framework
(tick)6.x; 7.x
httpsNode.js web service
(tick)
fetchJavaScript builtin web service
(tick)
requestHTTP request client 'request'
(tick)2.x

request-promise

HTTP request client 'request'
(tick)4.x
request-promise-nativeHTTP request client 'request'
(tick)1.x
request-promise-anyHTTP request client 'request'
(tick)1.x
Mongo-clientMongoDB access(error)

CouchdbCouchdb access(error)

Node-couchdbCouchdb access(error)

Couchdb-nanoCouchdb access(error)

MarklogicMarklogic access(error)

my_connectionMySQL access(tick)
0.x
pgPostgreSQL access(tick)
7.x; 8.x
oracledbOracle Database access(tick)
4.x; 5.x

node-sqlserver

MsnodeSQL access(tick)
0.x

mssql

MsSQL access(tick) 
5.x; 6.x
HapiNode.js application framework(error)

SailsNode.js application framework(error)(error)
LoopbackNode.js application framework

(error)

(error)
KoaNode.js application framework(error)

KnexNode.js SQL query builder (error)

MemcachedStorage framework(error)

AWS.DynamoDBAmazon database access(tick)
SDK 2.x; SDK 3.x
AWS.S3Amazon storage service(tick)
SDK 2.x; SDK 3.x
AWS.LambdaAmazon routing solution
(tick)

Cloudformation, Serverless framework, SAM

(requires com.castsoftware.cloudconfig)

AWS.SNSAmazon Simple Notification Service
(tick)SDK 2.x; SDK 3.x
AWS.SQSAmazon Simple Queue Service
(tick)SDK 2.x; SDK 3.x

...

Expand

Support of arrow functions and methods

Arrow functions which have been introduced in typescript following ES6 standard (also known as ES2015) are supported. Since arrow functions are equivalent to standard functions, the same function objects are created by the analyzer for both standard functions and arrow functions. Arrow functions can also define methods in which case method objects are created by the analyzer. Examples of arrow functions and methods are provided in the Objects section of this documentation.

Support of anonymous functions

For anonymous functions, the analyzer creates function objects named <Anonymous$i> where $i is incremented such that each anonymous function object has a unique fullname.

Web Services

XMLHttpRequest

The analysis of the following code will create a TypeScript GET http service named "foo/url" and a callLink between my_func function and that service :

function my_func(){

  var xhttp = new XMLHttpRequest();
  xhttp.open("GET", "foo/url", false);
  xhttp.send();

}

 

fetch

The analysis of the following code will create a TypeScript POST http service named "foo/url" and a callLink between my_func function and that service :

Code Block
function my_func(){
  const response = await fetch('foo/path', {
    method: 'POST'
  })
}

Window variable

The JavaScript window variable can be used to pass values such as urls. The windows variable is accessible from all modules. So when analyzing the following modules:

Code Block
languagejs
titlemodule1.pyts
window.myurl = "foo/url/"


Code Block
languagejs
titlemodule2.pyjs
function my_func(){

  var xhttp = new XMLHttpRequest();
  xhttp.open("GET", window['myurl'], false);
  xhttp.send();

}

a webservice object is created with the url set through the window variable: 

...

Expand

Sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. In sequelize, the user defines Models for data storage. The models are modelized as tables. The following links are added for these API calls:

Link typeAPI
useInsertLinkcreate, bulkCreate
useSelectLinkfindAll, findByPk, findOne, findOrCreate,
findAndCountAll, count, max, min, sum
useUpdateLinkupdate, restore, increment, decrement
useDeleteLinkdestroy

The query API is also supported . A and a Query object is created as a result.

Example

In the following code: 

Code Block
import * as Sequelize from 'sequelize';

const Model = Sequelize.Model;
class User extends Model {}
User.init({
  // attributes
  firstName: {
    type: Sequelize.STRING,
    allowNull: false
  },
  lastName: {
    type: Sequelize.STRING
    // allowNull defaults to true
  }
}, {
  sequelize,
  modelName: 'user'
  tableName: 'users'
  // options
});
function myfind(){
	User.findAll().then(users => {
  	console.log("All users:", JSON.stringify(users, null, 4));
	});
}

...the User class defines a model which is linked with the table named 'users' (through the User.init() call). The name of the table is defined by the tableName value which if not defined is set to the pluralized (if freezeTableName is not set to true) value of modelName which is itself set to the class name when it is not explicitly defined. The User.findAll() call then selects elements from that table 'users'.

In this example, this extension creates a useSelect link to the table 'users':

Note that a model can also be defined using method sequelize.define().

Info

The Sequilize framework query method is not supported: if there any calls to database procedures using the Sequilize API query method, then missing links are expected.


Anchor
TypeORM
TypeORM
More about TypeORM framework analysis

...

Expand

Lambda services allow executing some source code on the cloud. The execution can be set to be triggered by some AWS events. 

Lambda functions can be deployed using several deployment frameworks. The supported deployment frameworks are listed on this page.

When a lambda function is created and its runtime is nodejs, the current extension is responsible for linking the lambda objects and their triggers with the TypeScript handler functions.

Example

Let us consider a source code defining a lambda function that has two triggers: an SQS queue and an API Gateway. The lambda function has a nodejs runtime and the handler function is given by the handler function fullname. 

If the lambda function is deployed using a supported deployment framework (such as CloudFormation) and the extension responsible for analyzing this deployment framework is used (com.castsoftware.cloudconfig for CloudFormation), the analysis will create a lambda function, an SQS receiver, and an API Gateway objects. Each of these objects has a runtime property (nodejs) and a handler property with the function fullname. 

If the current extension finds a TypeScript function matching the handler fullname a link to that function will be added from the lambda function, the SQS queue, and the API Gateway objects.

Click to enlarge

Lambda invocation using SDK

The SDK provides APIs to execute (i.e. invoke) lambda function.

The following APIs are supported:

  • invoke method of the Lambda "aws-sdk" client of the SDK V2
  • InvokeCommand of the SDK V3
 Example
Example

When analyzing the following source code:

Code Block
languagejs
import * as AWS from 'aws-sdk'
// Set region

function my_invoke(){
  AWS.config.update({region: 'REGION'});
  var lambda = new AWS.Lambda();
  var params = {
    FunctionName: 'mylambda', /* required */
    //...
  };

  lambda.invoke(params, function(err, data) {
    //...
  });
}

call to AWS lambda function object named mylambda is created. com.castsoftware.wbslinker links that call to lambda object to AWS Lambda Function objects having the same name: 




...

Anchor
AWSS3
AWSS3
AWS S3 analysis

AWS S3 is currently supported only for SDK V2.
Expand
Warning


Links

useInsertLinkputObjectuseDeleteLink

  • deleteObject

  • deleteObjects

    • Link TypeFunction

    Methods from SDK V2 s3client

    Code Block
    languagejs
    import {AWS} from 'aws-sdk'
const s3client = new AWS.S3()


    Methods from SDK V3 s3client

    Code Block
    languagejs
    import {S3} from '@aws-sdk/client-s3'
const s3client = new S3()


    Commands from SDK V3

    imported from '@aws-sdk/client-s3'

    No Link
    • createBucket

    • CreateBucketCommand
    callLink

    • createMultipartUpload

    • createPresignedPost

    • abortMultipartUpload

    • completeMultipartUpload

    • deleteBucketAnalyticsConfiguration

    • deleteBucketCors

    • deleteBucketEncryption

    • deleteBucketInventoryConfiguration

    • deleteBucketLifecycle

    • deleteBucketMetricsConfiguration

    • deleteBucketPolicy

    • deleteBucketReplication

    • deleteBucketTagging

    • deleteBucketWebsite

    • deleteObjectTagging

    • deletePublicAccessBlock

    • getBucketAccelerateConfiguration

    • getBucketAcl

    • getBucketAnalyticsConfiguration

    • getBucketCors

    • getBucketEncryption

    • getBucketInventoryConfiguration

    • getBucketLifecycle

    • getBucketLifecycleConfiguration

    • getBucketLocation

    • getBucketLogging

    • getBucketMetricsConfiguration

    • getBucketNotification

    • getBucketNotificationConfiguration

    • getBucketPolicy

    • getBucketPolicyStatus

    • getBucketReplication

    • getBucketTagging

    • getBucketVersioning

    • getBucketWebsite

    • getObjectAcl

    • getObjectLegalHold

    • getObjectLockConfiguration

    • getObjectRetention

    • getObjectTagging

    • getPublicAccessBlock

    • getSignedUrl

    • listBuckets

    • listBucketAnalyticsConfigurations

    • listBucketInventoryConfigurations

    • listBucketMetricsConfigurations

    • listMultipartUploads

    • listObjectVersions

    • listParts

    • putBucketLogging
    • putBucketAnalyticsConfiguration

    • putBucketLifecycleConfiguration

    • putBucketMetricsConfiguration

    • putBucketNotification

    • putBucketNotificationConfiguration

    • putBucketPolicy

    • putBucketReplication

    • putBucketRequestPayment

    • putBucketTagging

    • putBucketVersioning

    • putObjectAcl

    • putObjectLegalHold

    • putObjectLockConfiguration

    • putObjectRetention

    • putObjectTagging

    • putPublicAccessBlock

    • putBucketAccelerateConfiguration

    • putBucketAcl

    • putBucketCors

    • putBucketEncryption

    • putBucketInventoryConfiguration

    • putBucketLifecycle

    • putBucketLogging

    • upload

    • uploadPart

    • uploadPartCopy

    • abortMultipartUpload
    • completeMultipartUpload
    • copyObject
    • createBucket
    • createMultipartUpload
    • deleteBucket
    useSelectLink
    • getObject
    • getObjectTorrent

    • listObjects

    • listObjectsV2

    useUpdateLink
    • putBucketLogging
    • putBucketAnalyticsConfiguration
    • deleteBucketAnalyticsConfiguration
    • deleteBucketCors
    • deleteBucketEncryption
    • deleteBucketIntelligentTieringConfiguration
    • deleteBucketInventoryConfiguration
    • deleteBucketLifecycle
    • deleteBucketMetricsConfiguration
    • deleteBucketOwnershipControls
    • deleteBucketPolicy
    • deleteBucketReplication
    • deleteBucketTagging
    • deleteBucketWebsite
    • deleteObjectTagging
    • deletePublicAccessBlock
    • destroy
    • getBucketAccelerateConfiguration
    • getBucketAcl
    • getBucketAnalyticsConfiguration
    • getBucketCors
    • getBucketEncryption
    • getBucketIntelligentTieringConfiguration
    • getBucketInventoryConfiguration
    • getBucketLifecycleConfiguration
    • getBucketLocation
    • getBucketLogging
    • getBucketMetricsConfiguration
    • getBucketNotificationConfiguration
    • getBucketOwnershipControls
    • getBucketPolicy
    • getBucketPolicyStatus
    • getBucketReplication
    • getBucketRequestPayment
    • getBucketTagging
    • getBucketVersioning
    • getBucketWebsite
    • getObjectAcl
    • getObjectLegalHold
    • getObjectLockConfiguration
    • getObjectRetention
    • getObjectTagging
    • getPublicAccessBlock
    • headBucket
    • headObject
    • listBucketAnalyticsConfigurations
    • listBucketIntelligentTieringConfigurations
    • listBucketInventoryConfigurations
    • listBucketMetricsConfigurations
    • listBuckets
    • listMultipartUploads
    • listObjectVersions
    • listParts
    • putBucketAccelerateConfiguration
    • putBucketAcl
    • putBucketCors
    • putBucketEncryption
    • putBucketIntelligentTieringConfiguration
    • putBucketInventoryConfiguration
    • putBucketLifecycleConfiguration
    • putBucketLogging
    • putBucketMetricsConfiguration
    • putBucketNotificationConfiguration
    • putBucketOwnershipControls
    • putBucketPolicy
    • putBucketReplication
    • putBucketRequestPayment
    • putBucketTagging
    • putBucketVersioning
    • putBucketWebsite
    • putObjectAcl
    • putObjectLegalHold
    • putObjectLockConfiguration
    • putObjectRetention
    • putObjectTagging
    • putPublicAccessBlock
    • restoreObject
    • send
    • uploadPart
    • uploadPartCopy
    • writeGetObjectResponse
    • AbortMultipartUploadCommand
    • CompleteMultipartUploadCommand
    • CreateMultipartUploadCommand
    • DeleteBucketAnalyticsConfigurationCommand
    • DeleteBucketCorsCommand
    • DeleteBucketEncryptionCommand
    • DeleteBucketIntelligentTieringConfigurationCommand
    • DeleteBucketInventoryConfigurationCommand
    • DeleteBucketLifecycleCommand
    • DeleteBucketMetricsConfigurationCommand
    • DeleteBucketOwnershipControlsCommand
    • DeleteBucketPolicyCommand
    • DeleteBucketReplicationCommand
    • DeleteBucketTaggingCommand
    • GetBucketAccelerateConfigurationCommand
    • GetBucketAclCommand
    • DeleteBucketWebsiteCommand
    • DeleteObjectTaggingCommand
    • DeletePublicAccessBlockCommand
    • GetBucketAnalyticsConfigurationCommand
    • GetBucketCorsCommand
    • GetBucketEncryptionCommand
    • GetBucketIntelligentTieringConfigurationCommand
    • GetBucketInventoryConfigurationCommand
    • GetBucketLifecycleConfigurationCommand
    • GetBucketLocationCommand
    • GetBucketLoggingCommand
    • GetBucketMetricsConfigurationCommand
    • GetBucketNotificationConfigurationCommand
    • GetBucketOwnershipControlsCommand
    • GetBucketPolicyCommand
    • GetBucketPolicyStatusCommand
    • GetBucketReplicationCommand
    • GetBucketRequestPaymentCommand
    • GetBucketTaggingCommand
    • GetBucketVersioningCommand
    • GetBucketWebsiteCommand
    • GetObjectAclCommand
    • GetObjectLegalHoldCommand
    • GetObjectLockConfigurationCommand
    • GetObjectRetentionCommand
    • GetObjectTaggingCommand
    • GetPublicAccessBlockCommand
    • HeadBucketCommand
    • HeadObjectCommand
    • ListBucketAnalyticsConfigurationsCommand
    • ListBucketIntelligentTieringConfigurationsCommand
    • ListBucketInventoryConfigurationsCommand
    • ListBucketMetricsConfigurationsCommand
    • ListMultipartUploadsCommand
    • ListObjectVersionsCommand
    • ListPartsCommand
    • PutBucketAccelerateConfigurationCommand
    • PutBucketAclCommand
    • PutBucketAnalyticsConfigurationCommand
    • PutBucketCorsCommand
    • PutBucketEncryptionCommand
    • PutBucketIntelligentTieringConfigurationCommand
    • PutBucketInventoryConfigurationCommand
    • PutBucketLifecycleConfigurationCommand
    • PutBucketLoggingCommand
    • PutBucketMetricsConfigurationCommand
    • PutBucketNotificationConfigurationCommand
    • PutBucketOwnershipControlsCommand
    • PutBucketPolicyCommand
    • PutBucketReplicationCommand
    • PutBucketRequestPaymentCommand
    • PutBucketTaggingCommand
    • PutBucketVersioningCommand
    • PutBucketWebsiteCommand
    • PutObjectAclCommand
    • PutObjectLegalHoldCommand
    • PutObjectLockConfigurationCommand
    • PutObjectRetentionCommand
    • PutObjectTaggingCommand
    • PutPublicAccessBlockCommand
    • UploadPartCommand
    • UploadPartCopyCommand
    • WriteGetObjectResponseCommand
    useInsertLink
    • putObject
    • copyObject
    • putObject
    • copyObject
    • RestoreObjectCommand
    • PutObjectCommand
    • CopyObjectCommand
    useDeleteLink
    • deleteBucket

    • deleteObject

    • deleteObjects

    • deleteBucket

    • deleteObject

    • deleteObjects

    • DeleteBucketCommand
    • DeleteObjectCommand
    • DeleteObjectsCommand
    useSelectLink
    • getObject
    • getObjectTorrent

    • listObjects

    • listObjectsV2

    • copyObject
    • getObject
    • getObjectTorrent
    • listObjects
    • listObjectsV2
    • copyObject
    • GetObjectCommand
    • ListObjectsCommand
    • ListObjectsV2Command
    • SelectObjectContentCommand
    • GetObjectTorrentCommand
    • CopyObjectCommand
    useUpdateLink
    • putBucketAnalyticsConfiguration
    • putBucketAnalyticsConfiguration
    • RestoreObjectCommand
    • PutObjectCommand
    • CopyObjectCommand

    Code samples

    This code will create an S3 Bucket named "MyBucket" on an AWS server in region "REGION" and puts an object in it  and a useInsert link to that bucket

    Code Block
    languagejs
    titlefoo.ts
    linenumberstrue
    // Load the AWS SDK for Node.js
import * varas AWS =from require('aws-sdk');
// Set the region 
AWS.config.update({region: 'REGION'});

// Create S3 service object
s3 = new AWS.S3({apiVersion: '2006-03-01'});

// Create the parameters for calling createBucket
var bucketParams = {
  Bucket : "MyBucket",
  ACL : 'public-read'
};

// call S3 to create the bucket
s3.createBucket(bucketParams, function(err, data) {
  if (err) {
    console.log("Error", err);
  } else {
    console.log("Success", data.Location);
  }
});

params = {
	// ...
    Bucket: "MyBucket"
};
s3.putObject(params, function(err, data) {
    if (err) console.log(err, err.stack); // an error occurred
    else     console.log(data);           // successful response
});

    What results can you expect?

    Once the analysis/snapshot generation has completed, you can view the results in the normal manner (for example via CAST Enlighten):

    Image RemovedImage Added

    Analysis of the code sample


    Anchor
    SQSTypeScript
    SQSTypeScript
    AWS SQS analysis

    callLink
    Supported apis
    Expand
    Warning

    AWS SQS is currently supported only for SDK V2.x.

    Links
    Link TypeFunction

    Methods from SDK V2 sqs client

    Commands from SDK V3

    imported from '@aws-sdk/client-sqs'

    Publish

    • sendMessage

    • sendMessageBatch
    • SendMessageCommand
    Receive
    • receiveMessage
    • ReceiveMessageCommand
    Support for SDK

    This code will publish a message into the "SQS_QUEUE_URL" queue:

    Code Block
    languagejs
    linenumberstrue
    import * as AWS from "aws-sdk";
AWS.config.update({ region: 'REGION' });

const sqs = new AWS.SQS({apiVersion: '2012-11-05'});

const queueUrl = "SQS_QUEUE_URL"

const params = {
	MessageBody: "This is a message",
    QueueUrl: queueUrl,
    MaxNumberOfMessages: 1,
    VisibilityTimeout: 0,
};
class Foo {
  sendMessage(){
	sqs.sendMessage(params, function (err, data) {
    	if (err) {
        	console.log("Error", err);
    	} else {
       	 console.log("Success", data.MessageId);
    	}
	});
 }
}

    This code will receive a message from the queue "SQS_QUEUE_URL"

    Code Block
    languagejs
    linenumberstrue
    import * as AWS from "aws-sdk";
AWS.config.update({ region: 'REGION' });

const sqs = new AWS.SQS({apiVersion: '2012-11-05'});

const queueUrl = "SQS_QUEUE_URL"

const params = {
    QueueUrl: queueUrl,
    MaxNumberOfMessages: 1,
    VisibilityTimeout: 0,
};

export class SqsReciver {
    constructor() {
        this.reciver();
    }
    private reciver(): void {
        sqs.receiveMessage(params, (err, data) => {
	// do something
        });
    }
}
    What results can you expect?

    Once the analysis/snapshot generation has been completed, you can view the results in the standard manner (for example via CAST Enlighten):

    Click to enlarge

    When the evaluation of the queue name fails, a Node.js AWS SQS Unknown Publisher (or Receiver) will be created.

    ...

    • The use of AWS.SQS with promises is not supported. For instance, no link would be created between the receiver and the handler function defined in .then() call in the following source code: 

      Code Block
      languagexml
      this.sqs.receiveMessage(params).promise().then( () => {})


    • If the queueName is set using the createQueue API, the evaluation of the queue name will fail.will fail.
    • Use of access points is not supported

    SQL Database Access

    This extension supports some libraries offering access to SQL databases. The SQL frameworks analysis is based on the evaluation of the first argument of the "query()" and "execute()" method calls. The first argument is evaluated and if it corresponds to an SQL query, a CAST_TS_Query object is created. In the case where the first argument does not correspond to a SQL query, we evaluate the second argument if is exists. Text only and parameterized SQL queries are supported. This heuristic allows us to support a large number of SQL database frameworks.

    ...

    Expand

    In the following code: 

    Code Block
    var oracledb = require('oracledb');
 
oracledb.getConnection(
  {
    user          : "hr",
    password      : "welcome",
    connectString : "localhost/XE"
  },
  function doSelect(err, connection)
  {
    if (err) { console.error(err); return; }
    connection.execute(
      "SELECT department_id, department_name "
    + "FROM titles "
    + "WHERE department_id < 70 "
    + "ORDER BY department_id",
      function(err, result)
      {
        if (err) { console.error(err); return; }
        console.log(result.rows);
      });
  });
};

    In this example, a TypeScript query object is created and a callLink between the anonymous function and that query is added. The sql analyzer can then link that query with the corresponding table if the table exists. In the present case, this extension creates a useSelect link to the table 'titles':

    Links

    Analysis of the TypeScript application will result in the following links:

    ...

    The following rules are shipped with this extension:

    1.9.1-funcrelhttps://technologies.castsoftware.com/rules?sec=srs_typescript&ref=||1.9.1-funcrel
    1.9.0-funcrelhttps://technologies.castsoftware.com/rules?sec=srs_typescript&ref=||1.9.0-funcrel
    1.9.0-beta1https://technologies.castsoftware.com/rules?sec=srs_typescript&ref=||1.9.0-beta1
    1.9.0-alpha1https://technologies.castsoftware.com/rules?sec=srs_typescript&ref=||1.9.0-alpha1

    ...

    Info

    The rule "Avoid too many copy-pasted artifacts" depends on com.castsoftware.html5 extension. It will be activated automatically for TypeScript source code when using a version of com.castsoftware.html5 >= 2.0.15-funcrel.

    Limitations

    • Limitations for support of the following frameworks are given in their own section:
    • Calls between JavaScript and TypeScript source codes are not supported.
    • The use of setters and getters is not supported.
    • Passing the URL strings directly (or string variables referring to URLs) as arguments to web-service calls is supported for many use cases. However, passing them through http.RequestOptions (containing metadata) is work in progress.
    • String concatenations using the operator '+' inside loops do not raise violations currently.
    • The cyclomatic complexity number might appear underestimated in callables containing loops with complex conditional expressions.
    • A single production environment file is supported (see corresponding section above).
    • The use of bind method is not supported and would lead to missing callLinks.
    • The use of Object.freeze method is not supported.
    • React Without JSX is not supported.
    • The spread operator "..." is not supported.