mobbdev 0.0.121 → 0.0.124
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +72 -3
- package/package.json +3 -3
package/dist/index.mjs
CHANGED
|
@@ -1691,10 +1691,10 @@ var getIssueType = (issueType) => {
|
|
|
1691
1691
|
return "Regular Expression Injection";
|
|
1692
1692
|
case "INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */:
|
|
1693
1693
|
return "Incomplete URL Sanitization";
|
|
1694
|
-
case "LOG_FORGING" /* LogForging */:
|
|
1695
|
-
return "Log Forging";
|
|
1696
1694
|
case "LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */:
|
|
1697
1695
|
return "Locale Dependent Comparison";
|
|
1696
|
+
case "LOG_FORGING" /* LogForging */:
|
|
1697
|
+
return "Log Forging";
|
|
1698
1698
|
case "MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */:
|
|
1699
1699
|
return "Missing Check against Null";
|
|
1700
1700
|
case "PASSWORD_IN_COMMENT" /* PasswordInComment */:
|
|
@@ -1713,6 +1713,8 @@ var getIssueType = (issueType) => {
|
|
|
1713
1713
|
return "Weak XML Schema: Unbounded Occurrences";
|
|
1714
1714
|
case "SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */:
|
|
1715
1715
|
return "System Information Leak";
|
|
1716
|
+
case "SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */:
|
|
1717
|
+
return "External System Information Leak";
|
|
1716
1718
|
case "HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */:
|
|
1717
1719
|
return "HTTP response splitting";
|
|
1718
1720
|
case "HTTP_ONLY_COOKIE" /* HttpOnlyCookie */:
|
|
@@ -1721,8 +1723,70 @@ var getIssueType = (issueType) => {
|
|
|
1721
1723
|
return "Insecure Cookie";
|
|
1722
1724
|
case "TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */:
|
|
1723
1725
|
return "Trust Boundary Violation";
|
|
1726
|
+
case "NULL_DEREFERENCE" /* NullDereference */:
|
|
1727
|
+
return "Null Dereference";
|
|
1728
|
+
case "UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */:
|
|
1729
|
+
return "Unsafe deserialization";
|
|
1730
|
+
case "INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */:
|
|
1731
|
+
return "Insecure Binder Configuration";
|
|
1732
|
+
case "UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */:
|
|
1733
|
+
return "Unsafe use of target blank";
|
|
1734
|
+
case "IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */:
|
|
1735
|
+
return "Client use of iframe without sandbox";
|
|
1736
|
+
case "JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */:
|
|
1737
|
+
return "jQuery deprecated symbols";
|
|
1738
|
+
case "MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */:
|
|
1739
|
+
return "Missing Anti-Forgery Validation";
|
|
1740
|
+
case "GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */:
|
|
1741
|
+
return "GraphQL Depth Limit";
|
|
1742
|
+
case "UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */:
|
|
1743
|
+
return "Unchecked Loop Condition";
|
|
1744
|
+
case "IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */:
|
|
1745
|
+
return "Improper Resource Shutdown or Release";
|
|
1746
|
+
case "IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */:
|
|
1747
|
+
return "Improper Exception Handling";
|
|
1748
|
+
case "DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */:
|
|
1749
|
+
return "Default Definer Rights in Package or Object Definition";
|
|
1750
|
+
case "HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */:
|
|
1751
|
+
return "HTML Comment in JSP";
|
|
1752
|
+
case "ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */:
|
|
1753
|
+
return "Error Condition Without Action";
|
|
1754
|
+
case "DEPRECATED_FUNCTION" /* DeprecatedFunction */:
|
|
1755
|
+
return "Deprecated Function";
|
|
1756
|
+
case "HARDCODED_SECRETS" /* HardcodedSecrets */:
|
|
1757
|
+
return "Hardcoded Secrets";
|
|
1758
|
+
case "PROTOTYPE_POLLUTION" /* PrototypePollution */:
|
|
1759
|
+
return "Prototype Pollution";
|
|
1760
|
+
case "RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */:
|
|
1761
|
+
return "Race Condition Format Flaw";
|
|
1762
|
+
case "NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */:
|
|
1763
|
+
return "Non-final Public Static Field";
|
|
1764
|
+
case "MISSING_HSTS_HEADER" /* MissingHstsHeader */:
|
|
1765
|
+
return "Missing HSTS Header";
|
|
1766
|
+
case "DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */:
|
|
1767
|
+
return "Dead Code: Unused Field";
|
|
1768
|
+
case "HEADER_MANIPULATION" /* HeaderManipulation */:
|
|
1769
|
+
return "Header Manipulation";
|
|
1724
1770
|
case "MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */:
|
|
1725
1771
|
return "Missing equals or hashcode method";
|
|
1772
|
+
case "WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */:
|
|
1773
|
+
return "WCF Misconfiguration: Insufficient Logging";
|
|
1774
|
+
case "WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */:
|
|
1775
|
+
return "WCF Misconfiguration: Throttling Not Enabled";
|
|
1776
|
+
case "USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */:
|
|
1777
|
+
return "Useless regular-expression character escape";
|
|
1778
|
+
case "INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */:
|
|
1779
|
+
return "Incomplete Hostname Regex";
|
|
1780
|
+
case "OVERLY_LARGE_RANGE" /* OverlyLargeRange */:
|
|
1781
|
+
return "Regex: Overly Large Range";
|
|
1782
|
+
case "INSUFFICIENT_LOGGING" /* InsufficientLogging */:
|
|
1783
|
+
return "Insufficient Logging of Sensitive Operations";
|
|
1784
|
+
case "PRIVACY_VIOLATION" /* PrivacyViolation */:
|
|
1785
|
+
return "Privacy Violation";
|
|
1786
|
+
case "INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */:
|
|
1787
|
+
return "Incomplete URL Scheme Check";
|
|
1788
|
+
case "VALUE_SHADOWING" /* ValueShadowing */:
|
|
1789
|
+
return "Value Shadowing";
|
|
1726
1790
|
default: {
|
|
1727
1791
|
return issueType ? issueType.replaceAll("_", " ") : "Other";
|
|
1728
1792
|
}
|
|
@@ -4996,7 +5060,12 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
4996
5060
|
throw new Error("userInfo is null");
|
|
4997
5061
|
}
|
|
4998
5062
|
const scmConfigs = getFromArraySafe(userInfo.scmConfigs);
|
|
4999
|
-
const tokenInfo =
|
|
5063
|
+
const tokenInfo = githubActionToken ? {
|
|
5064
|
+
accessToken: githubActionToken,
|
|
5065
|
+
scmLibType: "GITHUB" /* GITHUB */,
|
|
5066
|
+
scmOrg: void 0,
|
|
5067
|
+
id: ""
|
|
5068
|
+
} : getScmConfig({
|
|
5000
5069
|
url: repo,
|
|
5001
5070
|
scmConfigs,
|
|
5002
5071
|
includeOrgTokens: false
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mobbdev",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.124",
|
|
4
4
|
"description": "Automated secure code remediation tool",
|
|
5
5
|
"repository": "https://github.com/mobb-dev/bugsy",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -43,7 +43,7 @@
|
|
|
43
43
|
"dotenv": "16.4.5",
|
|
44
44
|
"extract-zip": "2.0.1",
|
|
45
45
|
"globby": "13.2.2",
|
|
46
|
-
"graphql": "16.
|
|
46
|
+
"graphql": "16.9.0",
|
|
47
47
|
"graphql-request": "5.0.0",
|
|
48
48
|
"graphql-tag": "2.12.6",
|
|
49
49
|
"graphql-ws": "5.16.0",
|
|
@@ -83,7 +83,7 @@
|
|
|
83
83
|
"@types/semver": "7.5.8",
|
|
84
84
|
"@types/tar": "6.1.13",
|
|
85
85
|
"@types/tmp": "0.2.6",
|
|
86
|
-
"@types/uuid": "
|
|
86
|
+
"@types/uuid": "10.0.0",
|
|
87
87
|
"@types/ws": "8.5.3",
|
|
88
88
|
"@types/yargs": "17.0.32",
|
|
89
89
|
"@typescript-eslint/eslint-plugin": "5.44.0",
|