mobbdev 0.0.163 → 0.0.165

package/dist/index.mjs

@@ -32,58 +32,82 @@ import fs4 from "node:fs";
 import path7 from "node:path";
 
 // src/constants.ts
-import path2 from "node:path";
+import path from "node:path";
 import { fileURLToPath } from "node:url";
 import chalk from "chalk";
 import Debug from "debug";
 import * as dotenv from "dotenv";
-import { z as z11 } from "zod";
+import { z as z2 } from "zod";
 
 // src/features/analysis/scm/shared/src/types.ts
-var scmCloudUrl = {
-  GitLab: "https://gitlab.com",
-  GitHub: "https://github.com",
-  Ado: "https://dev.azure.com",
-  Bitbucket: "https://bitbucket.org"
-};
-var ScmType = /* @__PURE__ */ ((ScmType2) => {
-  ScmType2["GitHub"] = "GitHub";
-  ScmType2["GitLab"] = "GitLab";
-  ScmType2["Ado"] = "Ado";
-  ScmType2["Bitbucket"] = "Bitbucket";
-  return ScmType2;
-})(ScmType || {});
-
-// src/features/analysis/scm/ado/constants.ts
-var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
-
-// src/features/analysis/scm/ado/utils.ts
-import querystring3 from "node:querystring";
-import * as api from "azure-devops-node-api";
-import { z as z10 } from "zod";
-
-// src/features/analysis/scm/env.ts
 import { z } from "zod";
-var EnvVariablesZod = z.object({
-  GITLAB_API_TOKEN: z.string().optional(),
-  GITHUB_API_TOKEN: z.string().optional(),
-  GIT_PROXY_HOST: z.string()
-});
-var { GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
-
-// src/features/analysis/scm/scm.ts
-import { z as z8 } from "zod";
-
-// src/features/analysis/scm/bitbucket/bitbucket.ts
-import querystring from "node:querystring";
-import bitbucketPkg from "bitbucket";
-import * as bitbucketPkgNode from "bitbucket";
-import { z as z4 } from "zod";
-
-// src/features/analysis/scm/shared/src/get_issue_type.ts
-import { z as z2 } from "zod";
 
 // src/features/analysis/scm/generates/client_generates.ts
+var FixQuestionInputType = /* @__PURE__ */ ((FixQuestionInputType2) => {
+  FixQuestionInputType2["Number"] = "NUMBER";
+  FixQuestionInputType2["Select"] = "SELECT";
+  FixQuestionInputType2["Text"] = "TEXT";
+  return FixQuestionInputType2;
+})(FixQuestionInputType || {});
+var Language = /* @__PURE__ */ ((Language2) => {
+  Language2["Cpp"] = "CPP";
+  Language2["Csharp"] = "CSHARP";
+  Language2["Java"] = "JAVA";
+  Language2["Js"] = "JS";
+  Language2["Python"] = "PYTHON";
+  Language2["Sql"] = "SQL";
+  Language2["Xml"] = "XML";
+  return Language2;
+})(Language || {});
+var ManifestAction = /* @__PURE__ */ ((ManifestAction2) => {
+  ManifestAction2["Add"] = "add";
+  ManifestAction2["Relock"] = "relock";
+  ManifestAction2["Upgrade"] = "upgrade";
+  return ManifestAction2;
+})(ManifestAction || {});
+var Effort_To_Apply_Fix_Enum = /* @__PURE__ */ ((Effort_To_Apply_Fix_Enum2) => {
+  Effort_To_Apply_Fix_Enum2["Easy"] = "EASY";
+  Effort_To_Apply_Fix_Enum2["Hard"] = "HARD";
+  Effort_To_Apply_Fix_Enum2["Moderate"] = "MODERATE";
+  return Effort_To_Apply_Fix_Enum2;
+})(Effort_To_Apply_Fix_Enum || {});
+var Fix_Rating_Tag_Enum = /* @__PURE__ */ ((Fix_Rating_Tag_Enum2) => {
+  Fix_Rating_Tag_Enum2["BadPattern"] = "BAD_PATTERN";
+  Fix_Rating_Tag_Enum2["BreakingFix"] = "BREAKING_FIX";
+  Fix_Rating_Tag_Enum2["FalsePositive"] = "FALSE_POSITIVE";
+  Fix_Rating_Tag_Enum2["Other"] = "OTHER";
+  Fix_Rating_Tag_Enum2["UnresolvedFix"] = "UNRESOLVED_FIX";
+  return Fix_Rating_Tag_Enum2;
+})(Fix_Rating_Tag_Enum || {});
+var Fix_Report_State_Enum = /* @__PURE__ */ ((Fix_Report_State_Enum2) => {
+  Fix_Report_State_Enum2["Created"] = "Created";
+  Fix_Report_State_Enum2["Deleted"] = "Deleted";
+  Fix_Report_State_Enum2["Digested"] = "Digested";
+  Fix_Report_State_Enum2["Expired"] = "Expired";
+  Fix_Report_State_Enum2["Failed"] = "Failed";
+  Fix_Report_State_Enum2["Finished"] = "Finished";
+  Fix_Report_State_Enum2["Initialized"] = "Initialized";
+  Fix_Report_State_Enum2["Requested"] = "Requested";
+  return Fix_Report_State_Enum2;
+})(Fix_Report_State_Enum || {});
+var Fix_State_Enum = /* @__PURE__ */ ((Fix_State_Enum2) => {
+  Fix_State_Enum2["Committed"] = "Committed";
+  Fix_State_Enum2["Done"] = "Done";
+  Fix_State_Enum2["Downloaded"] = "Downloaded";
+  Fix_State_Enum2["Merged"] = "Merged";
+  Fix_State_Enum2["Ready"] = "Ready";
+  return Fix_State_Enum2;
+})(Fix_State_Enum || {});
+var IssueLanguage_Enum = /* @__PURE__ */ ((IssueLanguage_Enum3) => {
+  IssueLanguage_Enum3["CSharp"] = "CSharp";
+  IssueLanguage_Enum3["Cpp"] = "Cpp";
+  IssueLanguage_Enum3["Java"] = "Java";
+  IssueLanguage_Enum3["JavaScript"] = "JavaScript";
+  IssueLanguage_Enum3["Python"] = "Python";
+  IssueLanguage_Enum3["Sql"] = "SQL";
+  IssueLanguage_Enum3["Xml"] = "XML";
+  return IssueLanguage_Enum3;
+})(IssueLanguage_Enum || {});
 var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["AutoEscapeFalse"] = "AUTO_ESCAPE_FALSE";
   IssueType_Enum2["CmDi"] = "CMDi";
@@ -158,6 +182,28 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["ZipSlip"] = "ZIP_SLIP";
   return IssueType_Enum2;
 })(IssueType_Enum || {});
+var Project_Role_Type_Enum = /* @__PURE__ */ ((Project_Role_Type_Enum2) => {
+  Project_Role_Type_Enum2["Admin"] = "admin";
+  Project_Role_Type_Enum2["Read"] = "read";
+  Project_Role_Type_Enum2["Writer"] = "writer";
+  return Project_Role_Type_Enum2;
+})(Project_Role_Type_Enum || {});
+var Vulnerability_Report_Vendor_Enum = /* @__PURE__ */ ((Vulnerability_Report_Vendor_Enum3) => {
+  Vulnerability_Report_Vendor_Enum3["Checkmarx"] = "checkmarx";
+  Vulnerability_Report_Vendor_Enum3["CheckmarxXml"] = "checkmarxXml";
+  Vulnerability_Report_Vendor_Enum3["Codeql"] = "codeql";
+  Vulnerability_Report_Vendor_Enum3["Fortify"] = "fortify";
+  Vulnerability_Report_Vendor_Enum3["Snyk"] = "snyk";
+  Vulnerability_Report_Vendor_Enum3["Sonarqube"] = "sonarqube";
+  return Vulnerability_Report_Vendor_Enum3;
+})(Vulnerability_Report_Vendor_Enum || {});
+var Vulnerability_Severity_Enum = /* @__PURE__ */ ((Vulnerability_Severity_Enum2) => {
+  Vulnerability_Severity_Enum2["Critical"] = "critical";
+  Vulnerability_Severity_Enum2["High"] = "high";
+  Vulnerability_Severity_Enum2["Low"] = "low";
+  Vulnerability_Severity_Enum2["Medium"] = "medium";
+  return Vulnerability_Severity_Enum2;
+})(Vulnerability_Severity_Enum || {});
 var MeDocument = `
     query Me {
   me {
@@ -264,10 +310,49 @@ var GetFixesDocument = `
   fixes: fix(where: $filters) {
     issueType
     id
+    vulnerabilitySeverity
+    issueLanguage
     patchAndQuestions {
       __typename
       ... on FixData {
         patch
+        questions {
+          defaultValue
+          extraContext {
+            key
+            value
+          }
+          index
+          inputType
+          key
+          name
+          options
+          value
+          __typename
+        }
+        extraContext {
+          extraContext {
+            key
+            value
+            __typename
+          }
+          fixDescription
+          manifestActionsRequired {
+            action
+            lib {
+              name
+              version
+            }
+            language
+            typesLib {
+              envName
+              name
+              version
+            }
+            __typename
+          }
+          __typename
+        }
       }
     }
   }
@@ -416,6 +501,10 @@ var CreateCommunityUserDocument = `
       error
       status
     }
+    ... on UserHasNoPermissionInProjectError {
+      error
+      status
+    }
   }
 }
     `;
@@ -561,91 +650,2328 @@ function getSdk(client, withWrapper = defaultWrapper) {
   };
 }
 
-// src/features/analysis/scm/shared/src/get_issue_type.ts
-var issueTypeMap = {
-  ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: "Missing Rate Limiting",
-  ["SQL_Injection" /* SqlInjection */]: "SQL Injection",
-  ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: "Relative Path Command Injection",
-  ["CMDi" /* CmDi */]: "Command Injection",
-  ["CONFUSING_NAMING" /* ConfusingNaming */]: "Confusing Naming",
-  ["XXE" /* Xxe */]: "XXE",
-  ["XSS" /* Xss */]: "XSS",
-  ["PT" /* Pt */]: "Path Traversal",
-  ["ZIP_SLIP" /* ZipSlip */]: "Zip Slip",
-  ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: "Insecure Randomness",
-  ["SSRF" /* Ssrf */]: "Server Side Request Forgery",
-  ["TYPE_CONFUSION" /* TypeConfusion */]: "Type Confusion",
-  ["REGEX_INJECTION" /* RegexInjection */]: "Regular Expression Injection",
-  ["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: "Incomplete URL Sanitization",
-  ["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: "Locale Dependent Comparison",
-  ["LOG_FORGING" /* LogForging */]: "Log Forging",
-  ["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: "Missing Check against Null",
-  ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: "Password in Comment",
-  ["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: "Poor Error Handling: Overly Broad Catch",
-  ["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: "Use of System.out/System.err",
-  ["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: "Use of dangerous function",
-  ["DOS_STRING_BUILDER" /* DosStringBuilder */]: "Denial of Service: StringBuilder",
-  ["OPEN_REDIRECT" /* OpenRedirect */]: "Open Redirect",
-  ["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: "Weak XML Schema: Unbounded Occurrences",
-  ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: "System Information Leak",
-  ["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: "External System Information Leak",
-  ["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: "HTTP response splitting",
-  ["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: "Cookie is not HttpOnly",
-  ["INSECURE_COOKIE" /* InsecureCookie */]: "Insecure Cookie",
-  ["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: "Trust Boundary Violation",
-  ["NULL_DEREFERENCE" /* NullDereference */]: "Null Dereference",
-  ["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: "Unsafe deserialization",
-  ["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: "Insecure Binder Configuration",
-  ["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: "Unsafe use of target blank",
-  ["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: "Client use of iframe without sandbox",
-  ["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: "jQuery deprecated symbols",
-  ["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: "Missing Anti-Forgery Validation",
-  ["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: "GraphQL Depth Limit",
-  ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: "Unchecked Loop Condition",
-  ["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: "Improper Resource Shutdown or Release",
-  ["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: "Improper Exception Handling",
-  ["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: "Default Definer Rights in Package or Object Definition",
-  ["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: "HTML Comment in JSP",
-  ["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: "Error Condition Without Action",
-  ["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: "Deprecated Function",
-  ["HARDCODED_SECRETS" /* HardcodedSecrets */]: "Hardcoded Secrets",
-  ["PROTOTYPE_POLLUTION" /* PrototypePollution */]: "Prototype Pollution",
-  ["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: "Race Condition Format Flaw",
-  ["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: "Non-final Public Static Field",
-  ["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: "Missing HSTS Header",
-  ["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: "Dead Code: Unused Field",
-  ["HEADER_MANIPULATION" /* HeaderManipulation */]: "Header Manipulation",
-  ["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: "Missing equals or hashcode method",
-  ["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: "WCF Misconfiguration: Insufficient Logging",
-  ["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: "WCF Misconfiguration: Throttling Not Enabled",
-  ["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: "Useless regular-expression character escape",
-  ["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: "Incomplete Hostname Regex",
-  ["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: "Regex: Overly Large Range",
-  ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: "Insufficient Logging of Sensitive Operations",
-  ["PRIVACY_VIOLATION" /* PrivacyViolation */]: "Privacy Violation",
-  ["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: "Incomplete URL Scheme Check",
-  ["VALUE_NEVER_READ" /* ValueNeverRead */]: "Value Never Read",
-  ["VALUE_SHADOWING" /* ValueShadowing */]: "Value Shadowing",
-  ["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: "Class Does Not Implement Equivalence Method",
-  ["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: "Information Exposure via Headers",
-  ["DEBUG_ENABLED" /* DebugEnabled */]: "Debug Enabled",
-  ["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: "Leftover Debug Code",
-  ["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: "Poor Error Handling: Empty Catch Block",
-  ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: "Erroneous String Compare",
-  ["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: "Unvalidated Public Method Argument",
-  ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False"
+// src/features/analysis/scm/shared/src/types.ts
+var OrganizationScreenQueryParamsZ = z.object({
+  organizationId: z.string().uuid()
+});
+var ProjectPageQueryParamsZ = z.object({
+  organizationId: z.string().uuid(),
+  projectId: z.string().uuid()
+});
+var AnalysisPageQueryParamsZ = ProjectPageQueryParamsZ.extend({
+  reportId: z.string().uuid()
+});
+var FixPageQueryParamsZ = AnalysisPageQueryParamsZ.extend({
+  fixId: z.string().uuid()
+});
+var CliLoginPageQueryParamsZ = z.object({
+  loginId: z.string().uuid()
+});
+var ScmSubmitFixRequestsZ = z.array(
+  z.object({
+    scmSubmitFixRequest: z.object({
+      submitFixRequest: z.object({
+        createdByUser: z.object({
+          email: z.string()
+        })
+      }),
+      prUrl: z.string().nullable(),
+      scmId: z.string()
+    })
+  })
+);
+var AnalysisReportDigestedZ = z.object({
+  id: z.string().uuid(),
+  state: z.nativeEnum(Fix_Report_State_Enum),
+  vulnerabilityReport: z.object({
+    reportSummaryUrl: z.string().url().nullish(),
+    scanDate: z.string().nullable(),
+    supported: z.object({
+      aggregate: z.object({
+        count: z.number()
+      })
+    }),
+    all: z.object({
+      aggregate: z.object({
+        count: z.number()
+      })
+    }),
+    vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum),
+    project: z.object({
+      organizationId: z.string().uuid()
+    })
+  })
+});
+var FixRatingZ = z.object({
+  voteScore: z.number(),
+  fixRatingTag: z.nativeEnum(Fix_Rating_Tag_Enum).nullable().default(null),
+  comment: z.string().nullable().default(null),
+  updatedDate: z.string().nullable(),
+  user: z.object({
+    email: z.string(),
+    name: z.string()
+  })
+});
+var ReportQueryResultZ = z.object({
+  fixReport_by_pk: z.object({
+    id: z.string().uuid(),
+    fixesCommitted: z.object({
+      aggregate: z.object({ count: z.number() })
+    }),
+    fixesDownloaded: z.object({
+      aggregate: z.object({ count: z.number() })
+    }),
+    fixesReadyCount: z.number(),
+    issueTypes: z.record(z.string(), z.number()).nullable(),
+    issueLanguages: z.record(z.string(), z.number()).nullable(),
+    fixesCountByEffort: z.record(z.string(), z.number()).nullable(),
+    vulnerabilitySeverities: z.record(z.string(), z.number()).nullable(),
+    createdOn: z.string(),
+    expirationOn: z.string().nullable(),
+    state: z.nativeEnum(Fix_Report_State_Enum),
+    fixes_aggregate: z.object({
+      aggregate: z.object({
+        count: z.number()
+      })
+    }),
+    fixes: z.array(
+      z.object({
+        id: z.string().uuid(),
+        issueLanguage: z.nativeEnum(IssueLanguage_Enum).nullable(),
+        issueType: z.nativeEnum(IssueType_Enum).nullable(),
+        confidence: z.number(),
+        effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
+        modifiedBy: z.string().nullable(),
+        gitBlameLogin: z.string().nullable(),
+        fixReportId: z.string().uuid(),
+        vulnerabilitySeverity: z.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
+        filePaths: z.array(
+          z.object({
+            fileRepoRelativePath: z.string()
+          })
+        ),
+        state: z.nativeEnum(Fix_State_Enum),
+        numberOfVulnerabilityIssues: z.number(),
+        vulnerabilityReportIssues: z.array(
+          z.object({
+            issueType: z.string(),
+            issueLanguage: z.string()
+          })
+        ),
+        scmSubmitFixRequests: ScmSubmitFixRequestsZ,
+        isArchived: z.boolean().nullable(),
+        fixRatings: z.array(FixRatingZ).default([])
+      })
+    ),
+    repo: z.object({
+      name: z.string().nullable(),
+      originalUrl: z.string(),
+      reference: z.string(),
+      commitSha: z.string(),
+      isKnownBranch: z.boolean().nullish().default(true)
+    }),
+    vulnerabilityReport: z.object({
+      reportSummaryUrl: z.string().url().nullish(),
+      vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
+      issuesWithKnownLanguage: z.number().nullable(),
+      scanDate: z.string().nullable(),
+      vendorReportId: z.string().uuid().nullable(),
+      projectId: z.string().uuid(),
+      project: z.object({
+        organizationId: z.string().uuid()
+      }),
+      file: z.object({
+        id: z.string().uuid(),
+        path: z.string()
+      }),
+      pending: z.object({
+        aggregate: z.object({
+          count: z.number()
+        })
+      }),
+      supported: z.object({
+        aggregate: z.object({
+          count: z.number()
+        })
+      }),
+      digested: z.object({
+        aggregate: z.object({
+          count: z.number()
+        })
+      }),
+      all: z.object({
+        aggregate: z.object({
+          count: z.number()
+        })
+      }),
+      fixable: z.object({
+        aggregate: z.object({
+          count: z.number()
+        })
+      }),
+      errors: z.object({
+        aggregate: z.object({
+          count: z.number()
+        })
+      }),
+      vulnerabilityReportIssues: z.object({
+        extraData: z.object({
+          missing_files: z.string().array().nullish(),
+          large_files: z.string().array().nullish(),
+          error_files: z.string().array().nullish()
+        })
+      }).array()
+    })
+  })
+});
+var ReportFixesQueryZ = z.array(
+  z.object({
+    id: z.string().uuid(),
+    state: z.nativeEnum(Fix_State_Enum),
+    isArchived: z.boolean().nullable(),
+    confidence: z.number(),
+    gitBlameLogin: z.string().nullable(),
+    effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
+    issueLanguage: z.nativeEnum(IssueLanguage_Enum).nullable(),
+    issueType: z.nativeEnum(IssueType_Enum).nullable(),
+    vulnerabilitySeverity: z.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
+    fixReportId: z.string().uuid(),
+    filePaths: z.array(
+      z.object({
+        fileRepoRelativePath: z.string()
+      })
+    ),
+    numberOfVulnerabilityIssues: z.number(),
+    vulnerabilityReportIssues: z.array(
+      z.object({
+        issueType: z.string(),
+        issueLanguage: z.string()
+      })
+    ),
+    scmSubmitFixRequests: ScmSubmitFixRequestsZ,
+    fixRatings: z.array(FixRatingZ).default([])
+  })
+);
+var ExtraContextInternalZ = z.object({
+  key: z.string(),
+  value: z.string().or(z.boolean()).or(
+    z.object({
+      int: z.boolean(),
+      integer: z.boolean(),
+      string: z.boolean(),
+      date: z.boolean()
+    })
+  )
+});
+var PackageInfoZ = z.object({
+  name: z.string(),
+  version: z.string(),
+  envName: z.string().nullable()
+});
+var ManifestActionRequiredZ = z.object({
+  action: z.nativeEnum(ManifestAction),
+  language: z.nativeEnum(Language),
+  lib: PackageInfoZ,
+  typesLib: PackageInfoZ.nullable()
+});
+var FixExtraContextZ = z.object({
+  fixDescription: z.string(),
+  manifestActionsRequired: z.array(ManifestActionRequiredZ),
+  extraContext: z.array(ExtraContextInternalZ)
+});
+var PatchAndQuestionsZ = z.object({
+  __typename: z.literal("FixData"),
+  patch: z.string(),
+  questions: z.array(
+    z.object({
+      name: z.string(),
+      key: z.string(),
+      index: z.number(),
+      defaultValue: z.string(),
+      value: z.string().nullable(),
+      extraContext: z.array(ExtraContextInternalZ),
+      inputType: z.nativeEnum(FixQuestionInputType),
+      options: z.array(z.string())
+    })
+  ),
+  extraContext: FixExtraContextZ
+});
+var FixQueryZ = z.object({
+  __typename: z.literal("fix").optional(),
+  id: z.string().uuid(),
+  state: z.nativeEnum(Fix_State_Enum),
+  modifiedBy: z.string().nullable(),
+  gitBlameLogin: z.string().nullable(),
+  issueLanguage: z.nativeEnum(IssueLanguage_Enum).nullable(),
+  issueType: z.nativeEnum(IssueType_Enum).nullable(),
+  confidence: z.number(),
+  fixReportId: z.string().uuid(),
+  isExpired: z.boolean().default(false),
+  isArchived: z.boolean().nullable(),
+  // TODO: remove nullish once the data on the backend is ready
+  vulnerabilitySeverity: z.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
+  fixFiles: z.array(
+    z.object({
+      fileRepoRelativePath: z.string()
+    })
+  ),
+  numberOfVulnerabilityIssues: z.number(),
+  vulnerabilityReportIssues: z.array(
+    z.object({
+      vendorIssueId: z.string(),
+      issueType: z.string(),
+      issueLanguage: z.string()
+    })
+  ),
+  patchAndQuestions: PatchAndQuestionsZ,
+  scmSubmitFixRequests: ScmSubmitFixRequestsZ,
+  effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
+  fixRatings: z.array(FixRatingZ).default([])
+});
+var FixScreenQueryResultZ = z.object({
+  fixReport_by_pk: z.object({
+    id: z.string().uuid(),
+    expirationOn: z.string(),
+    createdOn: z.string(),
+    state: z.nativeEnum(Fix_Report_State_Enum),
+    fixes_aggregate: z.object({
+      aggregate: z.object({
+        count: z.number()
+      })
+    }),
+    repo: z.object({
+      name: z.string().nullable(),
+      originalUrl: z.string(),
+      reference: z.string(),
+      commitSha: z.string()
+    }),
+    vulnerabilityReport: z.object({
+      vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum),
+      vendorReportId: z.string().uuid().nullable(),
+      projectId: z.string().uuid(),
+      project: z.object({
+        organizationId: z.string().uuid()
+      }),
+      file: z.object({
+        id: z.string().uuid(),
+        path: z.string()
+      }),
+      pending: z.object({
+        aggregate: z.object({
+          count: z.number()
+        })
+      }),
+      supported: z.object({
+        aggregate: z.object({
+          count: z.number()
+        })
+      }),
+      all: z.object({
+        aggregate: z.object({
+          count: z.number()
+        })
+      }),
+      fixable: z.object({
+        aggregate: z.object({
+          count: z.number()
+        })
+      }),
+      errors: z.object({
+        aggregate: z.object({
+          count: z.number()
+        })
+      }),
+      vulnerabilityReportIssues: z.object({
+        extraData: z.object({
+          missing_files: z.string().array().nullish(),
+          large_files: z.string().array().nullish(),
+          error_files: z.string().array().nullish()
+        })
+      }).array()
+    })
+  }),
+  fix_by_pk: FixQueryZ,
+  fixesWithSameIssueType: z.object({
+    fix: z.array(z.object({ id: z.string().uuid() }))
+  })
+});
+var FixReportByProjectZ = z.object({
+  project_by_pk: z.object({
+    vulnerabilityReports: z.array(
+      z.object({
+        fixReport: z.object({ id: z.string().uuid() }).nullable()
+      })
+    )
+  })
+});
+var FixPageQueryZ = z.object({
+  data: FixScreenQueryResultZ
+});
+var GetReportFixesQueryZ = z.object({
+  fixReport: z.object({
+    fixes: ReportFixesQueryZ,
+    vulnerabilityReport: z.object({
+      vulnerabilityReportIssues_aggregate: z.object({
+        aggregate: z.object({ count: z.number() })
+      })
+    })
+  }).array()
+}).nullish();
+var ProjectVulnerabilityReport = z.object({
+  id: z.string().uuid(),
+  name: z.string().nullable(),
+  vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
+  fixReport: z.object({
+    id: z.string().uuid(),
+    createdOn: z.string(),
+    fixes_aggregate: z.object({
+      aggregate: z.object({
+        count: z.number()
+      })
+    }),
+    issueTypes: z.record(z.string(), z.number()).nullable(),
+    issueLanguages: z.record(z.nativeEnum(IssueLanguage_Enum), z.number()).nullable(),
+    fixesCountByEffort: z.record(z.nativeEnum(Effort_To_Apply_Fix_Enum), z.number()).nullable(),
+    vulnerabilitySeverities: z.record(z.nativeEnum(Vulnerability_Severity_Enum), z.number()).nullable(),
+    fixesDoneCount: z.number(),
+    fixesInprogressCount: z.number(),
+    fixesReadyCount: z.number(),
+    repo: z.object({
+      originalUrl: z.string(),
+      reference: z.string(),
+      name: z.string()
+    }),
+    createdByUser: z.object({
+      email: z.string()
+    }).nullable(),
+    state: z.nativeEnum(Fix_Report_State_Enum),
+    expirationOn: z.string()
+  })
+});
+var ProjectGetProjectZ = z.object({
+  id: z.string().uuid(),
+  name: z.string(),
+  vulnerabilityReports: z.object({
+    vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
+    fixReport: z.object({
+      issueLanguages: z.record(z.nativeEnum(IssueLanguage_Enum), z.number()).nullable(),
+      state: z.nativeEnum(Fix_Report_State_Enum),
+      fixes_aggregate: z.object({
+        aggregate: z.object({
+          count: z.number()
+        })
+      }),
+      repo: z.object({
+        originalUrl: z.string(),
+        reference: z.string()
+      }),
+      expirationOn: z.string()
+    })
+  }).array()
+});
+var GetProjectsQueryZ = z.array(ProjectGetProjectZ);
+var ProjectPageQueryResultZ = z.object({
+  name: z.string(),
+  id: z.string().uuid(),
+  isDefault: z.boolean().default(false),
+  organizationId: z.string().uuid(),
+  vulnerabilityReports: z.array(ProjectVulnerabilityReport)
+});
+var GetProjectMembersDataZ = z.object({
+  project_by_pk: z.object({
+    name: z.string(),
+    id: z.string(),
+    projectUsers: z.array(
+      z.object({
+        projectToRole: z.object({
+          projectRole: z.object({
+            type: z.nativeEnum(Project_Role_Type_Enum)
+          })
+        }),
+        user: z.object({
+          id: z.string().uuid(),
+          picture: z.string().optional(),
+          name: z.string().nullish(),
+          email: z.string().email()
+        })
+      })
+    )
+  })
+});
+var RepoArgs = z.object({
+  originalUrl: z.string().url(),
+  branch: z.string(),
+  commitSha: z.string()
+});
+var scmCloudUrl = {
+  GitLab: "https://gitlab.com",
+  GitHub: "https://github.com",
+  Ado: "https://dev.azure.com",
+  Bitbucket: "https://bitbucket.org"
+};
+var ScmType = /* @__PURE__ */ ((ScmType2) => {
+  ScmType2["GitHub"] = "GitHub";
+  ScmType2["GitLab"] = "GitLab";
+  ScmType2["Ado"] = "Ado";
+  ScmType2["Bitbucket"] = "Bitbucket";
+  return ScmType2;
+})(ScmType || {});
+
+// src/constants.ts
+var debug = Debug("mobbdev:constants");
+var __dirname = path.dirname(fileURLToPath(import.meta.url));
+dotenv.config({ path: path.join(__dirname, "../.env") });
+var scmFriendlyText = {
+  ["Ado" /* Ado */]: "Azure DevOps",
+  ["Bitbucket" /* Bitbucket */]: "Bitbucket",
+  ["GitHub" /* GitHub */]: "GitGub",
+  ["GitLab" /* GitLab */]: "GitLab"
+};
+var SCANNERS = {
+  Checkmarx: "checkmarx",
+  Codeql: "codeql",
+  Fortify: "fortify",
+  Snyk: "snyk",
+  Sonarqube: "sonarqube"
+};
+var SupportedScannersZ = z2.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
+var envVariablesSchema = z2.object({
+  WEB_APP_URL: z2.string(),
+  API_URL: z2.string(),
+  HASURA_ACCESS_KEY: z2.string(),
+  LOCAL_GRAPHQL_ENDPOINT: z2.string()
+}).required();
+var envVariables = envVariablesSchema.parse(process.env);
+debug("config %o", envVariables);
+var mobbAscii = `
+                                   ..                       
+                             ..........                     
+                        .................                   
+               ...........................                  
+              ..............................                
+             ................................               
+             ..................................             
+            ....................................            
+            .....................................           
+            .............................................   
+          ................................................. 
+     ...............................       .................
+  ..................................           ............ 
+..................    .............            ..........   
+......... ........      .........             ......        
+  ...............                          ....             
+         .... ..                                            
+                                                            
+                                      . ...                 
+                              ..............                
+                       ......................               
+                   ...........................              
+               ................................             
+           ......................................           
+                ...............................             
+                       .................                    
+`;
+var PROJECT_DEFAULT_NAME = "My first project";
+var WEB_APP_URL = envVariables.WEB_APP_URL;
+var API_URL = envVariables.API_URL;
+var HASURA_ACCESS_KEY = envVariables.HASURA_ACCESS_KEY;
+var LOCAL_GRAPHQL_ENDPOINT = envVariables.LOCAL_GRAPHQL_ENDPOINT;
+var errorMessages = {
+  missingCxProjectName: `project name ${chalk.bold(
+    "(--cx-project-name)"
+  )} is needed if you're using checkmarx`,
+  missingUrl: `url ${chalk.bold(
+    "(--url)"
+  )} is needed if you're adding an SCM token`,
+  invalidScmType: `SCM type ${chalk.bold(
+    "(--scm-type)"
+  )} is invalid, please use one of: ${Object.values(ScmType).join(", ")}`,
+  missingToken: `SCM token ${chalk.bold(
+    "(--token)"
+  )} is needed if you're adding an SCM token`
+};
+var progressMassages = {
+  processingVulnerabilityReportSuccess: "\u2699\uFE0F  Vulnerability report proccessed successfully",
+  processingVulnerabilityReport: "\u2699\uFE0F  Proccessing vulnerability report",
+  processingVulnerabilityReportFailed: "\u2699\uFE0F  Error Proccessing vulnerability report"
+};
+var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 20;
+
+// src/features/analysis/index.ts
+import crypto from "node:crypto";
+import fs3 from "node:fs";
+import os from "node:os";
+import path6 from "node:path";
+import { pipeline } from "node:stream/promises";
+
+// src/utils/index.ts
+var utils_exports = {};
+__export(utils_exports, {
+  CliError: () => CliError,
+  Spinner: () => Spinner,
+  getDirName: () => getDirName,
+  getTopLevelDirName: () => getTopLevelDirName,
+  keypress: () => keypress,
+  sleep: () => sleep
+});
+
+// src/utils/dirname.ts
+import path2 from "node:path";
+import { fileURLToPath as fileURLToPath2 } from "node:url";
+function getDirName() {
+  return path2.dirname(fileURLToPath2(import.meta.url));
+}
+function getTopLevelDirName(fullPath) {
+  return path2.parse(fullPath).name;
+}
+
+// src/utils/keypress.ts
+import readline from "node:readline";
+async function keypress() {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve) => {
+    rl.question("", (answer) => {
+      rl.close();
+      process.stderr.moveCursor(0, -1);
+      process.stderr.clearLine(1);
+      resolve(answer);
+    });
+  });
+}
+
+// src/utils/spinner.ts
+import {
+  createSpinner as _createSpinner
+} from "nanospinner";
+var mockSpinner = {
+  success: () => mockSpinner,
+  error: () => mockSpinner,
+  warn: () => mockSpinner,
+  stop: () => mockSpinner,
+  start: () => mockSpinner,
+  update: () => mockSpinner,
+  reset: () => mockSpinner,
+  clear: () => mockSpinner,
+  spin: () => mockSpinner
+};
+function Spinner({ ci = false } = {}) {
+  return {
+    createSpinner: (text, options) => ci ? mockSpinner : _createSpinner(text, options)
+  };
+}
+
+// src/utils/index.ts
+var sleep = (ms = 2e3) => new Promise((r) => setTimeout(r, ms));
+var CliError = class extends Error {
+};
+
+// src/features/analysis/index.ts
+import chalk4 from "chalk";
+import Configstore from "configstore";
+import Debug13 from "debug";
+import extract from "extract-zip";
+import fetch4 from "node-fetch";
+import open2 from "open";
+import semver from "semver";
+import tmp2 from "tmp";
+import { z as z19 } from "zod";
+
+// src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
+import Debug4 from "debug";
+
+// src/features/analysis/scm/ado/constants.ts
+var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
+
+// src/features/analysis/scm/ado/utils.ts
+import querystring3 from "node:querystring";
+import * as api from "azure-devops-node-api";
+import { z as z16 } from "zod";
+
+// src/features/analysis/scm/env.ts
+import { z as z3 } from "zod";
+var EnvVariablesZod = z3.object({
+  GITLAB_API_TOKEN: z3.string().optional(),
+  GITHUB_API_TOKEN: z3.string().optional(),
+  GIT_PROXY_HOST: z3.string()
+});
+var { GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
+
+// src/features/analysis/scm/scm.ts
+import { z as z14 } from "zod";
+
+// src/features/analysis/scm/bitbucket/bitbucket.ts
+import querystring from "node:querystring";
+import bitbucketPkg from "bitbucket";
+import * as bitbucketPkgNode from "bitbucket";
+import { z as z10 } from "zod";
+
+// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
+import { z as z5 } from "zod";
+
+// src/features/analysis/scm/shared/src/fixDetailsData.ts
+var fixDetailsData = {
+  ["PT" /* Pt */]: {
+    issueDescription: "Path Traversal AKA Directory Traversal occurs when a path coming from user input is not properly sanitized, allowing an attacker to navigate through directories beyond the intended scope. Attackers can exploit this to access sensitive files or execute arbitrary code.",
+    fixInstructions: "Sanitize user-supplied paths, ensuring that they are restricted to a predefined directory structure."
+  },
+  ["ZIP_SLIP" /* ZipSlip */]: {
+    issueDescription: "Zip Slip is a form of directory traversal that can be exploited by extracting files from an archive. Attackers can manipulate archive files to overwrite sensitive files or execute arbitrary code.",
+    fixInstructions: "Ensure that extracted files are relative and within the intended directory structure."
+  },
+  ["XSS" /* Xss */]: {
+    issueDescription: "Cross-Site Scripting (XSS) allows attackers to inject malicious scripts into web pages viewed by other users. This can lead to theft of session cookies, redirection to malicious websites, or defacement of the webpage.",
+    fixInstructions: "Implement input validation and output encoding. This includes sanitizing user input and escaping special characters to prevent execution of injected scripts."
+  },
+  ["XXE" /* Xxe */]: {
+    issueDescription: "XML External Entity (XXE) allows attackers to exploit vulnerable XML processors by including external entities, leading to disclosure of confidential data, denial of service, or server-side request forgery.",
+    fixInstructions: "Disable external entity processing in XML parsers or update to versions that mitigate XXE vulnerabilities. Input validation should be implemented to ensure that XML input does not contain external entity references."
+  },
+  ["CMDi" /* CmDi */]: {
+    issueDescription: "Command Injection (CMDI) allows attackers inject malicious commands into vulnerable applications, that can result in execution of arbitrary commands on the underlying operating system.",
+    fixInstructions: "Validate or sanitize user input to prevent executing arbitrary commands."
+  },
+  ["SQL_Injection" /* SqlInjection */]: {
+    issueDescription: "SQL Injection allows attackers to execute malicious SQL queries by manipulating input data. This can result in unauthorized access to sensitive data, data manipulation, or even complete database compromise.",
+    fixInstructions: "Use parameterized queries or prepared statements to sanitize user input and prevent manipulation of the SQL query."
+  },
+  ["SSRF" /* Ssrf */]: {
+    issueDescription: "Server-Side Request Forgery (SSRF) allows attackers to make unauthorized requests from a vulnerable server, potentially accessing internal systems, services, or data.",
+    fixInstructions: "Validate or sanitize user-supplied URLs, ensuring that they are restricted to trusted domains. Implementing proper input validation and using whitelists for acceptable URLs can prevent SSRF attacks."
+  },
+  ["LOG_FORGING" /* LogForging */]: {
+    issueDescription: "Log Forging allows attackers to manipulate log files by injecting malicious content. This can be used to obfuscate attack traces or forge log entries to conceal unauthorized activities.",
+    fixInstructions: "Implement proper input sanitization to remove new lines for values going to the log."
+  },
+  ["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: {
+    issueDescription: "Cookie without the 'HttpOnly' attribute can be accessed by client-side scripts, exposing them to potential XSS attacks.",
+    fixInstructions: "Ensure that sensitive cookies are marked with the 'HttpOnly' attribute to prevent client-side scripts from accessing them."
+  },
+  ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: {
+    issueDescription: "System Information Leak occurs when sensitive system information is inadvertently disclosed to external entities, potentially aiding attackers in identifying vulnerabilities or targets.",
+    fixInstructions: "Review and restrict the amount of system information exposed through error messages, debug logs, or response headers."
+  },
+  ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: {
+    issueDescription: "Unchecked Loop Condition can lead to infinite loops or unexpected behavior in software applications. Attackers can exploit this vulnerability to cause denial of service or consume excessive system resources.",
+    fixInstructions: "Carefully review loop conditions to ensure that they are properly validated and bounded."
+  },
+  ["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: {
+    issueDescription: "Trust Boundary Violation occurs when untrusted data is added to a trusted context, potentially leading to security vulnerabilities. Attackers can exploit this to bypass security controls or execute unauthorized actions.",
+    fixInstructions: "Clearly define and enforce trust boundaries within applications, ensuring that untrusted data is properly validated and sanitized before being used in a trusted context."
+  },
+  ["REGEX_INJECTION" /* RegexInjection */]: {
+    issueDescription: "Regex Injection occurs when attackers manipulate regular expressions to perform unintended actions or bypass security controls. This can lead to security vulnerabilities such as denial of service or injection attacks.",
+    fixInstructions: "Avoid constructing regular expressions from user-supplied input whenever possible. If dynamic regular expressions are necessary, input should be properly validated and sanitized to prevent injection attacks."
+  },
+  ["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: {
+    issueDescription: "Error Condition Without Action refers to situations where error conditions are identified but not appropriately handled or mitigated. This can lead to unexpected behavior, system crashes, or security vulnerabilities.",
+    fixInstructions: "Implement error handling mechanisms to gracefully handle unexpected conditions and prevent system crashes."
+  },
+  ["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: {
+    issueDescription: "HTTP Response Splitting occurs when attackers manipulate HTTP responses to inject additional headers or content. This can lead to security vulnerabilities such as cache poisoning, session fixation, or XSS attacks.",
+    fixInstructions: "Properly sanitize user input before including it in HTTP response headers or content."
+  },
+  ["INSECURE_COOKIE" /* InsecureCookie */]: {
+    issueDescription: "Cookies lacking the 'Secure' attribute may be transmitted over unencrypted channels. This makes them vulnerable to interception or manipulation by attackers.",
+    fixInstructions: "Ensure that sensitive cookies are transmitted over secure channels (e.g., HTTPS) and are marked with the 'Secure' attributes."
+  },
+  ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: {
+    issueDescription: "Command Injection via Relative Path may allow attackers to manipulate file paths to execute arbitrary commands on the underlying system.",
+    fixInstructions: "Paths coming from the input should be properly sanitized to ensure that only expected characters and paths are allowed."
+  },
+  ["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: {
+    issueDescription: "Missing Check Against Null occurs when null or uninitialized variables are not properly handled, leading to unexpected behavior or security vulnerabilities.",
+    fixInstructions: "Implement proper null checks and error handling mechanisms to prevent null dereference vulnerabilities. Null values should be handled gracefully to avoid unexpected behavior or security issues."
+  },
+  ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: {
+    issueDescription: "Password in Comment refers to situations where sensitive information such as passwords or API keys are hardcoded or embedded in code comments. This can lead to inadvertent exposure of credentials and potential security breaches if the code is shared or leaked.",
+    fixInstructions: "Remove hardcoded sensitive information from code comments."
+  },
+  ["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: {
+    issueDescription: "Overly Broad Catch occurs when exceptions are caught indiscriminately without proper handling or logging. This can lead to silent failures, masking potential security issues or allowing attackers to conduct reconnaissance.",
+    fixInstructions: "Implement specific exception handling for different error scenarios to ensure proper diagnosis and mitigation of issues. Catch blocks should log relevant information and handle exceptions gracefully to prevent silent failures."
+  },
+  ["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: {
+    issueDescription: "Use of System Output Stream refers to situations where sensitive information is written to standard output streams such as System.out. This can lead to inadvertent exposure of sensitive data, especially in production environments.",
+    fixInstructions: "Avoid writing sensitive information to standard output streams and instead use secure logging mechanisms or dedicated logging frameworks. Output streams should be properly configured to prevent leakage of sensitive data."
+  },
+  ["DOS_STRING_BUILDER" /* DosStringBuilder */]: {
+    issueDescription: "Denial of Service (DoS) via String Builder may allow attackers to manipulate string concatenation operations to consume excessive memory or CPU resources. This can lead to degradation of system performance or unresponsiveness.",
+    fixInstructions: "Use StringBuilder or similar efficient data structures for string concatenation operations to minimize memory overhead. Input validation should be performed to limit the size and complexity of input strings, preventing abuse by attackers."
+  },
+  ["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: {
+    issueDescription: "HTML Comment in JSP occurs when developers inadvertently expose sensitive information or internal implementation details in HTML comments within JavaServer Pages (JSP) files. This can lead to inadvertent disclosure of credentials, configuration details, or security vulnerabilities.",
+    fixInstructions: "Review JSP files to ensure that sensitive information or internal details are not exposed in HTML comments. Comments containing sensitive information should be removed or replaced with generic placeholders."
+  },
+  ["OPEN_REDIRECT" /* OpenRedirect */]: {
+    issueDescription: "Open Redirect vulnerabilities may allow attackers to manipulate URL parameters to redirect users to malicious websites or phishing pages. This can lead to theft of sensitive information or unauthorized access to user accounts.",
+    fixInstructions: "Redirect URLs validation should be performed to ensure that redirect URLs point to trusted domains."
+  },
+  ["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: {
+    issueDescription: "Unsafe Target Blank occurs when developers use the target='_blank' attribute without the rel='noopener' attribute in anchor tags. This can lead to security vulnerabilities such as tabnabbing or reverse tabnabbing, allowing attackers to hijack user sessions or perform phishing attacks.",
+    fixInstructions: "Ensure that anchor tags with target='_blank' attribute include the rel='noopener' attribute to prevent potential security vulnerabilities. This prevents the newly opened page from accessing the window.opener property, mitigating the risk of tabnabbing or reverse tabnabbing attacks."
+  },
+  ["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: {
+    issueDescription: "IFrame Without Sandbox occurs when <iframe> elements are used without the 'sandbox' attribute, allowing potentially malicious content to execute in the context of the parent page.",
+    fixInstructions: "Use the 'sandbox' attribute to restrict the capabilities of <iframe> elements, isolating potentially untrusted content from the parent page. This helps mitigate the risk of malicious code execution and prevents attacks such as clickjacking."
+  },
+  ["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: {
+    issueDescription: "JQuery Deprecated Symbols refers to the use of deprecated or removed functions, methods, or symbols in jQuery libraries. This can lead to compatibility issues, security vulnerabilities, or performance degradation in applications.",
+    fixInstructions: "Replace deprecated symbols with recommended alternatives."
+  },
+  ["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: {
+    issueDescription: "Deprecated Function refers to the use of functions, methods, or features that have been deprecated in programming languages or frameworks. This can lead to compatibility issues, security vulnerabilities, or performance degradation in applications.",
+    fixInstructions: "Update code to replace deprecated functions with recommended alternatives provided by the language or framework."
+  },
+  ["HARDCODED_SECRETS" /* HardcodedSecrets */]: {
+    issueDescription: "Hardcoded Secrets refers to the practice of embedding sensitive information such as passwords, API keys, or cryptographic keys directly into source code or configuration files. This can lead to inadvertent exposure of credentials and potential security breaches if the code is shared or leaked.",
+    fixInstructions: "Remove hardcoded sensitive information in source code or configuration files. Instead, sensitive data should be stored securely using encryption or secure credential management solutions."
+  },
+  ["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: {
+    issueDescription: "GraphQL Depth Limit refers to the lack of restrictions on query depth in GraphQL implementations, allowing attackers to execute complex and resource-intensive queries. This can lead to denial of service or excessive resource consumption.",
+    fixInstructions: "Implement depth limits and query complexity thresholds in GraphQL schemas to restrict the complexity of incoming queries."
+  },
+  ["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: {
+    issueDescription: "System Information Leak occurs when sensitive system information is inadvertently disclosed to external entities, potentially aiding attackers in identifying vulnerabilities or targets.",
+    fixInstructions: "Review and restrict the amount of system information exposed to external entities such as third-party APIs or integrations."
+  },
+  ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: {
+    issueDescription: "Insecure Randomness refers to the use of insecure or predictable random number generation algorithms, leading to weak cryptographic keys, session tokens, or initialization vectors. This can facilitate brute-force attacks or cryptographic exploits.",
+    fixInstructions: "Use secure random number generation algorithms provided by cryptographic libraries or frameworks."
+  },
+  ["TYPE_CONFUSION" /* TypeConfusion */]: {
+    issueDescription: "Type Confusion occurs in programming languages with weak typing systems when an attacker manipulates object types to bypass type checks or exploit memory corruption vulnerabilities. This can lead to arbitrary code execution or unauthorized access to sensitive data.",
+    fixInstructions: "Implement strict type checking and validation to prevent type confusion vulnerabilities."
+  },
+  ["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: {
+    issueDescription: "Incomplete URL Sanitization occurs when user-supplied URLs are not properly sanitized, allowing attackers to inject malicious content or bypass security controls. This can lead to security vulnerabilities such as XSS attacks, open redirect, or SSRF.",
+    fixInstructions: "Implement thorough URL validation and/or sanitization to ensure that user-supplied URLs conform to expected formats and do not contain malicious content."
+  },
+  ["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: {
+    issueDescription: "Unsafe Deserialization occurs when attackers manipulate serialized objects to execute arbitrary code or bypass security controls. This can lead to remote code execution, privilege escalation, or data tampering.",
+    fixInstructions: "Implement strict validation and integrity checks on serialized objects."
+  },
+  ["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: {
+    issueDescription: "Improper Resource Shutdown or Release refers to situations where system resources such as file handles, database connections, or network sockets are not properly closed or released after use. This can lead to resource exhaustion, denial of service, or memory leaks.",
+    fixInstructions: "Ensure that system resources are consistently closed or released after use. Using try-with resources blocks, finalizers, or dedicated resource management libraries can help mitigate the risk of improper resource shutdown or release vulnerabilities."
+  },
+  ["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: {
+    issueDescription: "Improper Exception Handling occurs when exceptions are not handled or propagated correctly, leading to unexpected behavior, security vulnerabilities, or application crashes.",
+    fixInstructions: "Implement exception handling to gracefully handle unexpected errors."
+  },
+  ["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: {
+    issueDescription: "Missing Anti-Forgery Validation occurs when web applications do not properly validate or enforce anti-forgery tokens, allowing attackers to forge or replay requests from authenticated users.",
+    fixInstructions: "Implement anti-forgery measures to validate the authenticity of user-submitted requests."
+  },
+  ["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: {
+    issueDescription: "Insecure Binder Configuration refers to misconfigurations in application frameworks or dependency injection containers, leading to security vulnerabilities such as injection attacks or privilege escalation.",
+    fixInstructions: "Secure binder configurations to prevent injection attacks and enforce least privilege principles. Configurations should be restricted to trusted sources and sanitized to prevent unauthorized access or manipulation."
+  },
+  ["NULL_DEREFERENCE" /* NullDereference */]: {
+    issueDescription: "Null Dereference occurs when null or uninitialized pointers are dereferenced, leading to application crashes or security vulnerabilities. Attackers can exploit this to cause denial of service or execute arbitrary code.",
+    fixInstructions: "Implement proper null checks and error handling mechanisms. Null values should be handled gracefully to avoid unexpected behavior or security issues."
+  },
+  ["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: {
+    issueDescription: "Dangerous Function Overflow occurs when functions or methods are called with parameters that exceed predefined limits, leading to buffer overflows or memory corruption vulnerabilities.",
+    fixInstructions: "Implement proper input validation and bounds checking to prevent dangerous function overflows. Functions should be designed to handle input within safe limits and gracefully reject or truncate input that exceeds these limits."
+  },
+  ["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: {
+    issueDescription: "Default Rights in Object Definition refers to situations where SQL objects are created with default or excessive permissions, leading to security vulnerabilities such as privilege escalation or unauthorized access.",
+    fixInstructions: "Restrict default permissions in object definitions to enforce least privilege principles. Objects should be created with the minimum necessary permissions required for their intended functionality."
+  },
+  ["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: {
+    issueDescription: "Weak XML Schema Unbounded Occurrences refers to the lack of restrictions on the maximum number of occurrences for elements or attributes in XML schemas. This can lead to denial of service or resource exhaustion attacks by causing excessive memory consumption or processing overhead.",
+    fixInstructions: "Impose limits on the maximum number of occurrences for elements or attributes in XML schemas to prevent resource exhaustion attacks."
+  },
+  ["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: void 0,
+  ["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: void 0,
+  ["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: void 0,
+  ["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: void 0,
+  ["PROTOTYPE_POLLUTION" /* PrototypePollution */]: void 0,
+  ["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: void 0,
+  ["HEADER_MANIPULATION" /* HeaderManipulation */]: void 0,
+  ["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: {
+    issueDescription: "Missing equals or hashcode method can lead to unexpected behavior in collections. If two objects are equal, they should have the same hashcode.",
+    fixInstructions: "Add the missing methods to ensure proper behavior in collections."
+  },
+  ["VALUE_NEVER_READ" /* ValueNeverRead */]: {
+    issueDescription: "The variable's value is not used. After the assignment, the variable is either assigned another value or goes out of scope.",
+    fixInstructions: "Remove the assignment to the variable."
+  },
+  ["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: void 0,
+  ["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: void 0,
+  ["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: void 0,
+  ["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: void 0,
+  ["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: void 0,
+  ["PRIVACY_VIOLATION" /* PrivacyViolation */]: void 0,
+  ["VALUE_SHADOWING" /* ValueShadowing */]: void 0,
+  ["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: void 0,
+  ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: void 0,
+  ["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: void 0,
+  ["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: void 0,
+  ["DEBUG_ENABLED" /* DebugEnabled */]: void 0,
+  ["CONFUSING_NAMING" /* ConfusingNaming */]: {
+    issueDescription: "A data member and a function have the same name which can be confusing to the developer.",
+    fixInstructions: "Rename the data member to avoid confusion."
+  },
+  ["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: void 0,
+  ["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: void 0,
+  ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: void 0,
+  ["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: void 0,
+  ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: {
+    issueDescription: "Auto Escape False occurs when automatic escaping is disabled in template engines, allowing untrusted data to be rendered without proper encoding. This can lead to Cross-Site Scripting (XSS) vulnerabilities.",
+    fixInstructions: "Set auto escape to true."
+  },
+  ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: {
+    issueDescription: "The lack of a rate limit can allow denial-of-service attacks, in which an attacker can cause the application to crash or become unresponsive by issuing a large number of requests simultaneously.",
+    fixInstructions: "Use express-rate-limit npm package to set a rate limit."
+  }
+};
+
+// src/features/analysis/scm/shared/src/getIssueType.ts
+import { z as z4 } from "zod";
+var issueTypeMap = {
+  ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: "Missing Rate Limiting",
+  ["SQL_Injection" /* SqlInjection */]: "SQL Injection",
+  ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: "Relative Path Command Injection",
+  ["CMDi" /* CmDi */]: "Command Injection",
+  ["CONFUSING_NAMING" /* ConfusingNaming */]: "Confusing Naming",
+  ["XXE" /* Xxe */]: "XXE",
+  ["XSS" /* Xss */]: "XSS",
+  ["PT" /* Pt */]: "Path Traversal",
+  ["ZIP_SLIP" /* ZipSlip */]: "Zip Slip",
+  ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: "Insecure Randomness",
+  ["SSRF" /* Ssrf */]: "Server Side Request Forgery",
+  ["TYPE_CONFUSION" /* TypeConfusion */]: "Type Confusion",
+  ["REGEX_INJECTION" /* RegexInjection */]: "Regular Expression Injection",
+  ["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: "Incomplete URL Sanitization",
+  ["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: "Locale Dependent Comparison",
+  ["LOG_FORGING" /* LogForging */]: "Log Forging",
+  ["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: "Missing Check against Null",
+  ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: "Password in Comment",
+  ["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: "Poor Error Handling: Overly Broad Catch",
+  ["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: "Use of System.out/System.err",
+  ["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: "Use of dangerous function",
+  ["DOS_STRING_BUILDER" /* DosStringBuilder */]: "Denial of Service: StringBuilder",
+  ["OPEN_REDIRECT" /* OpenRedirect */]: "Open Redirect",
+  ["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: "Weak XML Schema: Unbounded Occurrences",
+  ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: "System Information Leak",
+  ["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: "External System Information Leak",
+  ["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: "HTTP response splitting",
+  ["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: "Cookie is not HttpOnly",
+  ["INSECURE_COOKIE" /* InsecureCookie */]: "Insecure Cookie",
+  ["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: "Trust Boundary Violation",
+  ["NULL_DEREFERENCE" /* NullDereference */]: "Null Dereference",
+  ["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: "Unsafe deserialization",
+  ["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: "Insecure Binder Configuration",
+  ["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: "Unsafe use of target blank",
+  ["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: "Client use of iframe without sandbox",
+  ["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: "jQuery deprecated symbols",
+  ["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: "Missing Anti-Forgery Validation",
+  ["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: "GraphQL Depth Limit",
+  ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: "Unchecked Loop Condition",
+  ["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: "Improper Resource Shutdown or Release",
+  ["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: "Improper Exception Handling",
+  ["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: "Default Definer Rights in Package or Object Definition",
+  ["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: "HTML Comment in JSP",
+  ["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: "Error Condition Without Action",
+  ["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: "Deprecated Function",
+  ["HARDCODED_SECRETS" /* HardcodedSecrets */]: "Hardcoded Secrets",
+  ["PROTOTYPE_POLLUTION" /* PrototypePollution */]: "Prototype Pollution",
+  ["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: "Race Condition Format Flaw",
+  ["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: "Non-final Public Static Field",
+  ["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: "Missing HSTS Header",
+  ["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: "Dead Code: Unused Field",
+  ["HEADER_MANIPULATION" /* HeaderManipulation */]: "Header Manipulation",
+  ["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: "Missing equals or hashcode method",
+  ["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: "WCF Misconfiguration: Insufficient Logging",
+  ["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: "WCF Misconfiguration: Throttling Not Enabled",
+  ["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: "Useless regular-expression character escape",
+  ["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: "Incomplete Hostname Regex",
+  ["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: "Regex: Overly Large Range",
+  ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: "Insufficient Logging of Sensitive Operations",
+  ["PRIVACY_VIOLATION" /* PrivacyViolation */]: "Privacy Violation",
+  ["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: "Incomplete URL Scheme Check",
+  ["VALUE_NEVER_READ" /* ValueNeverRead */]: "Value Never Read",
+  ["VALUE_SHADOWING" /* ValueShadowing */]: "Value Shadowing",
+  ["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: "Class Does Not Implement Equivalence Method",
+  ["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: "Information Exposure via Headers",
+  ["DEBUG_ENABLED" /* DebugEnabled */]: "Debug Enabled",
+  ["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: "Leftover Debug Code",
+  ["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: "Poor Error Handling: Empty Catch Block",
+  ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: "Erroneous String Compare",
+  ["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: "Unvalidated Public Method Argument",
+  ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False"
+};
+var issueTypeZ = z4.nativeEnum(IssueType_Enum);
+var getIssueType = (issueType) => {
+  const issueTypeZParseRes = issueTypeZ.safeParse(issueType);
+  if (!issueTypeZParseRes.success) {
+    return issueType ? issueType.replaceAll("_", " ") : "Other";
+  }
+  return issueTypeMap[issueTypeZParseRes.data];
+};
+
+// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
+function capitalizeFirstLetter(str) {
+  return str?.length ? str[0].toUpperCase() + str.slice(1) : "";
+}
+var severityToEmoji = {
+  ["critical" /* Critical */]: "\u{1F6A8}",
+  ["high" /* High */]: "\u{1F6A9}",
+  ["medium" /* Medium */]: "\u{1F7E1}",
+  ["low" /* Low */]: "\u{1F7E2}"
+};
+var getCommitDescription = ({
+  vendor,
+  issueType,
+  severity,
+  guidances,
+  fixUrl
+}) => {
+  const parseIssueTypeRes = z5.nativeEnum(IssueType_Enum).safeParse(issueType);
+  if (!parseIssueTypeRes.success) {
+    return "";
+  }
+  if (!issueType)
+    return "";
+  const staticData = fixDetailsData[parseIssueTypeRes.data];
+  if (!staticData) {
+    return "";
+  }
+  const issueTypeString = getIssueType(issueType);
+  let description = `This change fixes a **${severity} severity** (${severityToEmoji[severity]}) **${issueTypeString}** issue reported by **${capitalizeFirstLetter(
+    vendor
+  )}**.
+
+## Issue description
+${staticData.issueDescription}
+ 
+## Fix instructions
+${staticData.fixInstructions}
+
+${guidances.map(({ guidance }) => `## Additional actions required
+ ${guidance}
+`).join("")}
+`;
+  if (fixUrl) {
+    description += `
+[More info and fix customization are available in the Mobb platform](${fixUrl})`;
+  }
+  return description;
+};
+
+// src/features/analysis/scm/shared/src/guidances.ts
+import { z as z8 } from "zod";
+
+// src/features/analysis/scm/shared/src/storedFixData/index.ts
+import { z as z6 } from "zod";
+
+// src/features/analysis/scm/shared/src/storedFixData/passwordInComment.ts
+var passwordInComment = {
+  guidance: () => "Removing sensitive information from the comments is not enough. To ensure the security of your data, you have to rotate passwords and tokens and update all places where they were used."
+};
+
+// src/features/analysis/scm/shared/src/storedFixData/csharp/missingAntiForgeryValidation.ts
+var missingAntiForgeryValidation = {
+  guidance: () => `The \`ValidateAntiForgeryToken\` attribute helps prevent cross-site request forgery (CSRF) attacks.    The token is automatically injected into the view by the [FormTagHelper](https://learn.microsoft.com/en-us/aspnet/core/mvc/views/working-with-forms?view=aspnetcore-8.0#the-form-tag-helper)
+    and is included when the form is submitted by the user.    The token is validated by the \`ValidateAntiForgeryToken\` attribute.    The token could be also generated using the [Html.AntiForgeryToken](https://learn.microsoft.com/en-us/dotnet/api/system.web.mvc.htmlhelper.antiforgerytoken?view=aspnet-mvc-5.2) helper.    
+    
+&nbsp;
+    
+    
+***Make sure this controller's client provides the validation token before approving this change.***  
+    
+&nbsp;
+    
+    
+This is an illustration of how the form will look like:
+    
+&nbsp;
+
+    <form method="post" action="/Action">
+        <!-- Input and Submit elements -->
+        <input name="__RequestVerificationToken" 
+        type="hidden" value="<removed for brevity>">
+    </form>
+    
+    
+***Notice the \`__RequestVerificationToken\` parameters.***
+    `
+};
+
+// src/features/analysis/scm/shared/src/storedFixData/csharp/index.ts
+var vulnerabilities = {
+  ["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: missingAntiForgeryValidation,
+  ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment
+};
+var csharp_default = vulnerabilities;
+
+// src/features/analysis/scm/shared/src/storedFixData/java/sqlInjection.ts
+var sqlInjection = {
+  guidance: ({
+    hasQuestionMarksAfterTaintVar
+  }) => {
+    if (hasQuestionMarksAfterTaintVar) {
+      return "Please make sure to correct the following indices of the setInt()/setString() calls after the new parameter is added.";
+    }
+    return "";
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedFixData/java/systemInformationLeak.ts
+var systemInformationLeak = {
+  guidance: ({
+    clientMightBeAffected
+  }) => {
+    if (clientMightBeAffected) {
+      return "You should never expose error details to the client. We removed the error details from the response. Ensure the client application code does not rely on the removed information.";
+    }
+    return "";
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedFixData/java/index.ts
+var vulnerabilities2 = {
+  ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment,
+  ["SQL_Injection" /* SqlInjection */]: sqlInjection,
+  ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: systemInformationLeak
+};
+var java_default = vulnerabilities2;
+
+// src/features/analysis/scm/shared/src/storedFixData/javascript/hardcodedSecrets.ts
+var hardcodedSecrets = {
+  guidance: ({ questions }) => {
+    const envVarName = questions.find((q) => q.key === "env_var_name")?.value || "the";
+    const keepAsDefault = questions.find(
+      (q) => q.key === "keep_as_default"
+    )?.value;
+    let additionalText = "";
+    if (keepAsDefault === "yes") {
+      additionalText = "\n1. Remove the hardcoded secret from the code.\n";
+    }
+    return `Please follow the steps in this specific order:
+
+1. Change the secret that was hardcoded. It is essential because even when you commit the changes, the secret will remain in the git history.${additionalText}
+1. Update the configuration of all your application environments and CI/CD pipelines to set \`${envVarName}\` environment variable.
+1. Commit the changes.`;
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedFixData/javascript/noLimitsOrThrottling.ts
+var noLimitsOrThrottling = {
+  guidance: () => "We set the default limit to 60 requests per minute. To customize the rate limit settings, please read the documentation of the [express-rate-limit](https://www.npmjs.com/package/express-rate-limit) package."
+};
+
+// src/features/analysis/scm/shared/src/storedFixData/javascript/ssrf.ts
+var ssrf = {
+  guidance: () => "The server-side validates the domains it has access to, otherwise it throws an error if validation failed. Please make sure you handled the error correctly."
+};
+
+// src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
+var vulnerabilities3 = {
+  ["SSRF" /* Ssrf */]: ssrf,
+  ["HARDCODED_SECRETS" /* HardcodedSecrets */]: hardcodedSecrets,
+  ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment,
+  ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: noLimitsOrThrottling
+};
+var javascript_default = vulnerabilities3;
+
+// src/features/analysis/scm/shared/src/storedFixData/python/autoEscapeFalse.ts
+var autoEscapeFalse = {
+  guidance: () => `This fix enables automatic escaping for HTML. When that's enabled, everything is escaped by default except for values explicitly marked as safe. Variables and expressions can be marked as safe either in:
+
+a. The context dictionary by the application with \`markupsafe.Markup\`
+
+b. The template, with the \`|safe\` filter.
+
+&nbsp;
+
+
+See more information [here](https://jinja.palletsprojects.com/en/3.1.x/templates/#working-with-automatic-escaping) and [here](https://pypi.org/project/MarkupSafe/).
+
+&nbsp;
+
+
+***Note: make sure that none of the data you're marking as safe is coming from user input, as this can lead to XSS vulnerabilities!***`
+};
+
+// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
+var vulnerabilities4 = {
+  ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: autoEscapeFalse
+};
+var python_default = vulnerabilities4;
+
+// src/features/analysis/scm/shared/src/storedFixData/sql/defaultRightsInObjDefinition.ts
+var defaultRightsInObjDefinition = {
+  guidance: () => "***Make sure the user who is supposed to run the procedure has sufficient permissions.***\n\nRead more details about the `EXECUTE AS` statement in [the official Microsoft documentation](https://learn.microsoft.com/en-us/sql/t-sql/statements/execute-as-clause-transact-sql?view=sql-server-ver16&tabs=sqlserver).\n\n`EXECUTE AS CALLER` is the default behavior for SQL Server 2005 and later."
+};
+
+// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
+var vulnerabilities5 = {
+  ["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: defaultRightsInObjDefinition
+};
+var sql_default = vulnerabilities5;
+
+// src/features/analysis/scm/shared/src/storedFixData/xml/index.ts
+var vulnerabilities6 = {
+  ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment
+};
+var xml_default = vulnerabilities6;
+
+// src/features/analysis/scm/shared/src/storedFixData/index.ts
+var StoredFixDataItemZ = z6.object({
+  guidance: z6.function().returns(z6.string())
+});
+var languages = {
+  ["Java" /* Java */]: java_default,
+  ["JavaScript" /* JavaScript */]: javascript_default,
+  ["CSharp" /* CSharp */]: csharp_default,
+  ["SQL" /* Sql */]: sql_default,
+  ["XML" /* Xml */]: xml_default,
+  ["Python" /* Python */]: python_default
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
+import { z as z7 } from "zod";
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/httpOnlyCookie.ts
+var httpOnlyCookie = {
+  httpOnlyCookie: {
+    content: () => "Is the cookie value supposed to be exposed to client-side scripting code?",
+    description: () => httpOnlyMessage,
+    guidance: () => ""
+  },
+  cookieVarName: {
+    content: () => "Please define a variable name",
+    description: () => `We need a variable for the new cookie instance`,
+    guidance: () => ""
+  }
+};
+var httpOnlyMessage = `\`HttpOnly\` is a security feature for cookies that can be set by a web server 
+      when sending a Set-Cookie header in an HTTP response. When the HTTP Only flag is set for a cookie, it means that the cookie can only 
+      be accessed and modified by the server, and client-side scripts (like JavaScript) running in the browser are not allowed to access the cookie.      
+      
+&nbsp;
+    
+      
+***If your client-site application needs to access the value of this cookie, making this change might break the application logic.***  
+      
+&nbsp;
+
+`;
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/insecureBinderConfiguration.ts
+var insecureBinderConfiguration = {
+  bindAttributeParam: {
+    content: ({ func_param_name }) => `Which properties of the model should be included in model binding for \`${func_param_name}\`?`,
+    description: () => "Provide a comma-separated list of valid property names to be included in model binding. See [the official documentation](https://learn.microsoft.com/en-us/aspnet/core/mvc/models/model-binding?view=aspnetcore-8.0#bind-attribute) for more details.",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/insecureCookie.ts
+var insecureCookie = {
+  insecureCookie: {
+    content: () => "Will this cookie be used only in encrypted channels (https)?",
+    description: () => `When a cookie is marked as "secure" in a web environment, it means that the cookie should only be sent over secure, encrypted connections, like HTTPS.
+    In environments like local development or test, setting cookies as secure might have some consequences:    
+    
+&nbsp;    
+    - Development Convenience: When developing locally, you might not always have HTTPS set up, as it often involves 
+    additional configuration and certificates. If cookies are marked as secure, 
+    they won't be sent over HTTP, and this could potentially interfere with the normal 
+    functioning of your application during development.    
+    
+&nbsp;    
+    - Testing for Secure Environments: If your application relies on secure cookies, you should ensure that your 
+    testing environment accurately simulates the production environment's security features. 
+    This may involve setting up HTTPS in your local development environment.    
+    
+&nbsp;    
+    - Debugging Challenges: Debugging may be more challenging when using secure cookies in a 
+    development environment, especially if you need to inspect or manipulate the cookies during 
+    development.`,
+    guidance: () => ""
+  },
+  cookieVarName: {
+    content: () => "Please define a variable name",
+    description: () => `We need a variable for the new cookie instance`,
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/insecureRandomness.ts
+var insecureRandomness = {
+  isRandomNumberGeneratorAvailable: {
+    content: () => "We use the `RandomNumberGenerator` class from the `System.Security.Cryptography` package. Does this class exist for the .NET version you use?",
+    description: () => "See [the official documentation](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.randomnumbergenerator?view=net-8.0#applies-to) for more details.",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/insufficientLogging.ts
+var insufficientLogging = {
+  logMessage: {
+    content: () => "Enter the message that you want to appear in the log",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/logForging.ts
+var logForging = {
+  isHtmlDisplay: {
+    content: () => "Is the text written to the log going to be displayed as HTML?",
+    description: () => "",
+    guidance: ({ userInputValue }) => {
+      switch (userInputValue) {
+        case "yes":
+          return "We use the `System.Web` `HttpUtility` to decode the HTML";
+        default:
+          return "";
+      }
+    }
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/overlyBroadCatch.ts
+var overlyBroadCatch = {
+  defaultExceptionsInWhenFilter: {
+    content: () => "Exceptions to filter",
+    description: () => "Coma separated list of the Fully Qualified Exceptions names",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/pt.ts
+var pt = {
+  taintedTermType: {
+    content: ({ expression }) => `Does \`${expression}\` represent a file name or a file path?`,
+    description: ({ expression }) => `We replace all illegal file name characters for Unix, Windows, and macOS operation systems, including slashes. Ensure that \`${expression}\` isn't supposed to contain slashes or other illegal file name characters.`,
+    guidance: () => ""
+  },
+  pathTargetDir: {
+    content: () => "Allowed file path",
+    description: () => "Provide the intended file path destination eg: /tmp/testfiles/users/",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/ssrf.ts
+var ssrf2 = {
+  domainsAllowlist: {
+    content: () => "Allowed domains",
+    description: () => "Coma separated list of allowed domains.",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/sysLeak.ts
+var sysLeak = {
+  errorMessage: {
+    content: () => "Enter the error message that you want to appear in the log",
+    description: () => "",
+    guidance: () => ""
+  },
+  noLoggerAction: {
+    content: () => "Which of the following you want to use instead of the vulnerable code?",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/trustBoundaryViolation.ts
+var trustBoundaryViolation = {
+  validationPattern: {
+    content: ({ expression }) => `What is the expected type of \`${expression}\`?`,
+    description: () => "We use regex to validate the input to avoid runtime surprises",
+    guidance: () => ""
+  },
+  otherPatternValue: {
+    content: () => `Enter the regex pattern you would like to use to validate the input`,
+    description: () => "See patterns at [the regex docs](https://learn.microsoft.com/en-us/dotnet/standard/base-types/regular-expression-language-quick-reference)",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/useOfSystemOutputStream.ts
+var useOfSystemOutputStream = {
+  noLoggerAction: {
+    content: () => "Which of the following you want to use instead of the vulnerable code?",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/valueShadowing.ts
+var valueShadowing = {
+  collectionName: {
+    content: () => "Please select the collection to search/index from",
+    description: () => `Accessing the root object eg Request["item"] searches across all available collections and returns the first item that matches. Potentially leading to the correct value being shadowed. Available collections include:
+    - QueryString: The values of variables in the HTTP query string.
+    - Form: The values of form elements in the HTTP request body.
+    - Cookies: The values of cookies sent in the HTTP request.
+    - ClientCertificate: The values of fields stored in the client certificate that is sent in the HTTP request.
+    - ServerVariables: The values of predetermined environment variables.`,
+    guidance: () => `See 
+    - https://learn.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524948(v=vs.90),
+    - https://learn.microsoft.com/en-us/dotnet/api/system.web.httprequest?view=netframework-4.8.1`
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/wcfMisconfigurationThrottlingNotEnabled.ts
+var wcfMisconfigurationThrottlingNotEnabled = {
+  maxConcurrentCalls: {
+    content: () => "Please define the maximum concurrent calls",
+    description: () => `A positive integer that limits the number of messages that currently process across a ServiceHost. Calls in excess of the limit are queued. Setting this value to 0 is equivalent to setting it to Int32.MaxValue.`,
+    guidance: () => {
+      return "";
+    }
+  },
+  maxConcurrentInstances: {
+    content: () => "Please define the maximum concurrent instances",
+    description: () => `A positive integer that limits the number of InstanceContext objects that execute at one time across a ServiceHost. Requests to create additional instances are queued and complete when a slot below the limit becomes available.`,
+    guidance: () => {
+      return "";
+    }
+  },
+  maxConcurrentSessions: {
+    content: () => "Please define the maximum concurrent sessions",
+    description: () => `A positive integer that limits the number of sessions a ServiceHost object can accept.`,
+    guidance: () => {
+      return "";
+    }
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/xss.ts
+var xss = {
+  allowSpecialCharacters: {
+    content: ({ source_value }) => `Does your code allow encodable HTML characters like '&', '<', '"' etc. in: \`${source_value}\`?`,
+    description: () => "",
+    guidance: () => ""
+  },
+  containsHtml: {
+    content: ({ prop_value }) => `Does your code allow having HTML tags in: \`${prop_value}\`?`,
+    description: () => "",
+    guidance: () => ""
+  },
+  netVersionGreaterOrEqual45: {
+    content: () => "Is your target framework .NET 4.5 or greater?",
+    description: () => "",
+    guidance: () => ""
+  },
+  useHTML4NamedEntities: {
+    content: () => "Would you like to use HTML 4.0 Named entities?",
+    description: () => "See [examples](https://www.w3schools.com/charsets/ref_html_entities_4.asp) and [full description](https://www.w3.org/TR/WD-html40-970708/sgml/entities.html)",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/xxe.ts
+var xxe = {
+  netVersionGreaterOrEqual4: {
+    content: () => "Is your target framework .NET 4.0.0 or greater?",
+    description: () => "",
+    guidance: ({ userInputValue }) => {
+      switch (userInputValue) {
+        case "yes":
+          return "We set `DtdProcessing` to `DtdProcessing.Prohibit` in order to prevent DTD parsing.";
+        default:
+          return "We set `ProhibitDtd` to `true` in order to prevent DTD parsing.";
+      }
+    }
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
+var vulnerabilities7 = {
+  ["LOG_FORGING" /* LogForging */]: logForging,
+  ["SSRF" /* Ssrf */]: ssrf2,
+  ["XXE" /* Xxe */]: xxe,
+  ["XSS" /* Xss */]: xss,
+  ["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: useOfSystemOutputStream,
+  ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: sysLeak,
+  ["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: overlyBroadCatch,
+  ["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: trustBoundaryViolation,
+  ["PT" /* Pt */]: pt,
+  ["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: httpOnlyCookie,
+  ["INSECURE_COOKIE" /* InsecureCookie */]: insecureCookie,
+  ["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: wcfMisconfigurationThrottlingNotEnabled,
+  ["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: insecureBinderConfiguration,
+  ["VALUE_SHADOWING" /* ValueShadowing */]: valueShadowing,
+  ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness,
+  ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: insufficientLogging
+};
+var csharp_default2 = vulnerabilities7;
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/commandInjection.ts
+var commandInjection = {
+  isUnixShellCommandPart: {
+    content: () => "Is the input part of Unix shell command?",
+    description: () => `For example:
+
+- \`Runtime.getRuntime().exec(new String[] {"/bin/sh", "-c", "ping -t 5 -c 5 " + input});\`
+- \`Runtime.getRuntime().exec(new String[] {"/bin/bash", "-c", "curl " + input + " > file.txt"});\`
+
+Make sure the input is not:
+
+1. An executable name:
+  - \`Runtime.getRuntime().exec(input);\`
+  - \`Runtime.getRuntime().exec(new String[] {"/bin/bash", input});\`
+  - \`Runtime.getRuntime().exec(new String[] {"/bin/sh", "-c", input + " param"});\`
+  - \`Runtime.getRuntime().exec(new String[] {"/bin/bash", "-c", "cat file.txt | " + input});\`
+  - \`Runtime.getRuntime().exec(new String[] {"/usr/bin/git", "--upload-pack", input});\`
+2. A part of non-unix or cross platform shell command:
+  - \`Runtime.getRuntime().exec(new String[] {"cmd.exe", "/c", "ping " + input});\`
+3. A part of programming language code:
+  - \`Runtime.getRuntime().exec(new String[] {"php", "-r", "echo '" + input + "';"});\`
+  - \`Runtime.getRuntime().exec(new String[] {"perl", "-e", "print '" + input + "'"});\``,
+    guidance: () => ""
+  },
+  isPlainCommandArgument: {
+    content: () => "Is the input an argument of a plain command?",
+    description: () => `Examples for "yes" answer:
+
+  - \`Runtime.getRuntime().exec("git clone " + input);\`
+  - \`Runtime.getRuntime().exec("curl " + input);\`
+  - \`Runtime.getRuntime().exec("cat " + input);\`
+  
+Examples for "no" answer:
+
+  - \`Runtime.getRuntime().exec("cmd /c " + input);\`
+  - \`Runtime.getRuntime().exec("sh -c " + input);\`
+  - \`Runtime.getRuntime().exec("perl -e " + input);\``,
+    guidance: () => ""
+  },
+  installApacheCommonsText: {
+    content: () => "Is the Apache Commons library (org.apache.commons) included in your project, if not, can you add it?",
+    description: () => "Apache Commons Text is a library focused on algorithms working on strings.",
+    guidance: ({ userInputValue }) => userInputValue === "yes" ? "To add the library, modify your pom.xml or build.gradle to include the library. You can find the latest version here https://mvnrepository.com/artifact/org.apache.commons/commons-text" : ""
+  },
+  cmdAllowlist: {
+    content: () => "Allowed Commands",
+    description: () => "Make sure that the list of commands is separated by commas.",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/confusingNaming.ts
+var confusingNaming = {
+  newFieldName: {
+    content: () => "Rename the existing field",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/erroneousStringCompare.ts
+var erroneousStringCompare = {
+  javaVersionGreaterOrEqual17: {
+    content: () => "Is `java.util.Objects` package available in your runtime?",
+    description: () => "`java.util.Objects` is supported in Java 1.7 or greater.",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/errorConditionWithoutAction.ts
+var errorConditionWithoutAction = {
+  errorMessage: {
+    content: () => "Enter the error message that you want to appear in the log",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/httpOnlyCookie.ts
+var httpOnlyCookie2 = {
+  httpOnlyCookie: {
+    content: () => "Is the cookie value supposed to be exposed to client-side scripting code?",
+    description: ({ class_name }) => class_name == "Cookie" ? `${httpOnlyMessage2} ${setHttpOnlyMethodMessage}` : httpOnlyMessage2,
+    guidance: () => ""
+  },
+  cookieVarName: {
+    content: () => "Please define a variable name",
+    description: () => `We need a variable for the new cookie instance`,
+    guidance: () => ""
+  }
+};
+var httpOnlyMessage2 = `\`HttpOnly\` is a security feature for cookies that can be set by a web server 
+      when sending a Set-Cookie header in an HTTP response. When the HTTP Only flag is set for a cookie, it means that the cookie can only 
+      be accessed and modified by the server, and client-side scripts (like JavaScript) running in the browser are not allowed to access the cookie.      
+      
+&nbsp;
+    
+      
+***If your client-site application needs to access the value of this cookie, making this change might break the application logic.***  
+      
+&nbsp;
+
+`;
+var setHttpOnlyMethodMessage = `Beware that if your application is using a version of the javax.servlet-api package < 3.0
+      this change will not work since the method "setHttpOnly" is not present in previous of the package.`;
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/insecureCookie.ts
+var insecureCookie2 = {
+  insecureCookie: {
+    content: () => "Will this cookie be used only in encrypted channels (https)?",
+    description: () => `When a cookie is marked as "secure" in a web environment, it means that the cookie should only be sent over secure, encrypted connections, like HTTPS.
+    In environments like local development or test, setting cookies as secure might have some consequences:    
+    
+&nbsp;    
+    - Development Convenience: When developing locally, you might not always have HTTPS set up, as it often involves 
+    additional configuration and certificates. If cookies are marked as secure, 
+    they won't be sent over HTTP, and this could potentially interfere with the normal 
+    functioning of your application during development.    
+    
+&nbsp;    
+    - Testing for Secure Environments: If your application relies on secure cookies, you should ensure that your 
+    testing environment accurately simulates the production environment's security features. 
+    This may involve setting up HTTPS in your local development environment.    
+    
+&nbsp;    
+    - Debugging Challenges: Debugging may be more challenging when using secure cookies in a 
+    development environment, especially if you need to inspect or manipulate the cookies during 
+    development.`,
+    guidance: () => ""
+  },
+  cookieVarName: {
+    content: () => "Please define a variable name",
+    description: () => `We need a variable for the new cookie instance`,
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/leftoverDebugCode.ts
+var leftoverDebugCode = {
+  isCodeUsed: {
+    content: () => "The function seems to be a remnant of debug code. Is it still being used?",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/localeDependentComparison.ts
+var localeDependentComparison = {
+  localeType: {
+    content: ({ variable }) => `Is ${variable} locale dependent?`,
+    description: () => `Select "locale insensitive" for string comparisons that are not dependent on the locale.
+
+    Select "default locale" for string comparisons that uses the default locale.
+
+    Select "custom locale" for string comparisons that are dependent on a specific locale language.`,
+    guidance: () => ""
+  },
+  customLocaleLanguage: {
+    content: () => "What is your locale language?",
+    description: () => "A list of locales can be found [here](https://www.oracle.com/java/technologies/javase/jdk8-jre8-suported-locales.html)",
+    guidance: () => ""
+  },
+  customLocaleCountry: {
+    content: () => "What is your locale country?",
+    description: () => "A list of locales can be found [here](https://www.oracle.com/java/technologies/javase/jdk8-jre8-suported-locales.html)",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/logForging.ts
+var logForging2 = {
+  isHtmlDisplay: {
+    content: () => "Is the text written to the log going to be displayed as HTML?",
+    description: () => "",
+    guidance: () => ""
+  },
+  htmlEscapingLib: {
+    content: () => "Which HTML escaping library would you like to use?",
+    description: () => `
+  - If you use the Spring framework, you likely already have \`org.springframework.web.util.HtmlUtils\`
+  - Another \`option is org.apache.commons.text.StringEscapeUtils\``,
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/missingCheckAgainstNull.ts
+var missingCheckAgainstNull = {
+  preferredAction: {
+    content: ({ tainted_expression }) => `What is expected behavior if \`${tainted_expression}\` returns null?`,
+    description: () => "",
+    guidance: () => ""
+  },
+  javaVersionGreaterOrEqual17: {
+    content: () => "Is `java.util.Objects` package available in your runtime?",
+    description: () => "`java.util.Objects` is supported in Java 1.7 or greater.",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/overlyBroadCatch.ts
+var overlyBroadCatch2 = {
+  handleRuntimeExceptions: {
+    content: () => "Does the code intentionally catch `RuntimeException` instances like `ArithmeticException` or `NullPointerException` in the `catch` block?",
+    description: () => "Usually, when catching the general `Exception` class catching of `RuntimeException` is implied and not necessarily the wanted/safe behavior. The application needs to deal with it explicitly in a different way, as the Mobb fix suggests.",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/privacyViolation.ts
+var privacyViolation = {
+  remediation_option: {
+    content: () => "Preferred fix solution",
+    description: () => `
+      - Completely Remove the log message
+      - Replace the sensitive data with the string [Redacted]
+      - SHA 256 Hash the sensitive information in the log message`,
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/pt.ts
+var pt2 = {
+  isPathRelativeOnly: {
+    content: ({ expression }) => `Do you expect \`${expression}\` to be a relative path?`,
+    description: () => "You most likely want to serve files relative to the web server's static files folder in web applications. If so, your answer should be `yes`. In CLI applications, you probably would like to give the user more flexibility and allow them to specify absolute paths to any location on the disk \u2013 your answer should be `no` in such cases.",
+    guidance: () => ""
+  },
+  isFileName: {
+    content: ({ expression }) => `Does \`${expression}\` represent a file name or a file name part?`,
+    description: ({ expression }) => `We replace all illegal file name characters for Unix, Windows, and macOS operation systems, including slashes. Ensure that \`${expression}\` isn't supposed to contain slashes or other illegal file name characters. If  \`${expression}\` is supposed to legitimately include such characters, the answer should be "no".`,
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/relativePathCommand.ts
+var relativePathCommand = {
+  executableLocationPath: {
+    content: () => "What is the absolute path of the directory containing the executable?",
+    description: () => "We need the absolute path to the executable to protect your application from command injection and ensure malicious actors cannot execute arbitrary commands on your system.",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/sqlInjection.ts
+function capitalizeFirstLetter2(item) {
+  return item.charAt(0).toUpperCase() + item.slice(1);
+}
+var typeToSetMethod = {
+  integer: "setInt",
+  date: "setDate",
+  string: "setString"
+};
+var sqlInjection2 = {
+  parameterType: {
+    content: ({ tainted_term }) => `What is the SQL Data Type of the \`${tainted_term}\` parameter?`,
+    description: () => "In order to make sure the statement is built correctly, we must ensure we use the same type that is defined for this parameter in the SQL table. If you are unsure of this type, please consult with your team.",
+    guidance: ({
+      tainted_term,
+      taint_var_type_guidance_required,
+      userInputValue
+    }) => {
+      if (!taint_var_type_guidance_required || !userInputValue) {
+        return "";
+      }
+      if (!taint_var_type_guidance_required[userInputValue]) {
+        return "";
+      }
+      return `Make sure to convert \`${tainted_term}\` to \`${capitalizeFirstLetter2(
+        userInputValue
+      )}\` which is the type expected by the new setter method: \`${typeToSetMethod[userInputValue]}\``;
+    }
+  },
+  varName: {
+    content: () => "Name the new PreparedStatement variable",
+    description: () => "We needed to create a new variable for this fix. We actually like the name we picked, but maybe you follow different naming conventions, so you can change it here.",
+    guidance: () => ""
+  },
+  taintIndex: {
+    content: ({ tainted_term }) => `What is the index of \`\`\`${tainted_term}\`\`\` in the query?`,
+    description: () => "When constructing a query, we need to know exactly where to insert this parameter. If the query has more than one parameter, the index gives us this information. Leave the value as 1 if there is only one parameter.",
+    guidance: () => ""
+  },
+  statementAfterQuery: {
+    content: ({ var_name }) => `Is the \`Statement\` variable \`${var_name}\` declared after constructing the query string?`,
+    description: () => "When creating the `PreparedStatement` parameter, we need to give it the constructed query. Currently, Mobb doesn't support the case where the query string is defined after the statement in your code.",
+    guidance: ({ userInputValue }) => userInputValue === "no" ? "You should move the code creating the query so it is executed before being used by the prepared statement" : ""
+  },
+  statementBeforeQuery: {
+    content: ({ var_name }) => `Is the query string variable declared after the \`Statement\` variable \`${var_name}\`?`,
+    description: ({ enquote_func_name }) => `We need to have the \`Statement\` object defined before using the \`${enquote_func_name}()\` method. Currently, Mobb doesn't support the case where the query string is defined before the statement in your code.`,
+    guidance: ({
+      userInputValue,
+      enquote_func_name
+    }) => userInputValue === "no" ? `You should move the code creating the query so it is executed after creating the \`Statement\` object as we need to have the \`Statement\` object defined before using the \`${enquote_func_name}()\` method.` : ""
+  },
+  containsControlCharacters: {
+    content: ({ tainted_term }) => `Does \`\`\`${tainted_term}\`\`\` represent a single SQL parameter value?`,
+    description: () => `This should be 'no' only in the rare cases where the input variable itself does not represent a single SQL parameter value but rather other parts of a SQL query such as a table name, a column name, a list of values, a complete or partial inner SQL statement, etc.
+      
+It may be confusing a bit, so here are some examples:
+      
+* A SQL identifier \`\`\`(SELECT * FROM \${tableName})\`\`\`
+      
+* A SQL statement \`\`\`(SELECT * FROM users ORDER BY id \${order})\`\`\``,
+    guidance: () => ""
+  },
+  javaVersionGreaterOrEqual19: {
+    content: ({ enquote_func_name }) => `Is \`java.sql.Statement.${enquote_func_name}\` method available in your runtime?`,
+    description: ({ enquote_func_name }) => `\`java.sql.Statement.${enquote_func_name}\` is supported in Java 1.9 or greater.`,
+    guidance: () => ""
+  },
+  queryParameterName: {
+    content: () => "What should be the name of the query parameter?",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/ssrf.ts
+var ssrf3 = {
+  domainsAllowlist: {
+    content: () => "Allowed URL prefixes",
+    description: () => `The security risk of this issue is the ability of an attacker to provide input that shoots HTTP requests from your server to arbitrary URLs, including internal ones, like \`https://admin.mycompany.com\`    
+&nbsp;    
+&nbsp;    To eliminate the risk and fix the issue, check out your app logic and make a whitelist of URLs this API should be allowed to call.`,
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/sysLeak.ts
+var sysLeak2 = {
+  errorMessage: {
+    content: () => "Enter the error message that you want to appear in the log",
+    description: () => "",
+    guidance: () => ""
+  },
+  noLoggerAction: {
+    content: () => "Which of the following you want to use instead of the vulnerable code?",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/trustBoundaryViolation.ts
+var trustBoundaryViolation2 = {
+  validationPattern: {
+    content: ({ expression }) => `What is the expected type of \`${expression}\`?`,
+    description: () => "We use regex to validate the input to avoid runtime surprises",
+    guidance: () => ""
+  },
+  otherPatternValue: {
+    content: () => `Enter the regex pattern you would like to use to validate the input`,
+    description: () => "See patterns at [the regex javadoc](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/util/regex/Pattern.html)",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/uncheckedLoopCondition.ts
+var uncheckedLoopCondition = {
+  loopLimit: {
+    content: () => "Please define a maximum loop limit",
+    description: () => `Setting this number to a reasonable value will prevent the vulnerability`,
+    guidance: () => ""
+  },
+  varName: {
+    content: () => "Please define a variable name",
+    description: () => `We need to define a variable to be used as a counter to limit the loop`,
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/useOfSystemOutputStream.ts
+var useOfSystemOutputStream2 = {
+  noLoggerAction: {
+    content: () => "Which of the following you want to use instead of the vulnerable code?",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/xss.ts
+var xss2 = {
+  isHtmlOrSafeAttribute: {
+    content: ({ tainted_variable }) => `Where is \`${tainted_variable}\` written to?`,
+    description: () => `Answer examples:
+
+- a text in an HTML tag or a value of a safe HTML attribute:
+    - \`<li><%= name %></li>\`
+    - \`<div>Name: <%= name %></div>\`
+    - \`<input value="<%= name %>" name="name"/>\`
+    - \`<div data-name="<%= name %>"></div>\`
+- a JavaScript code block:
+    - \`<script>const name = "<%= name %>";</script>\`
+- an event attribute of an HTML tag:
+    - \`<a onclick="alert('<%= name %>')">click me</a>\`
+    - \`<img onmouseover="alert('<%= name %>')"/>\`
+- a src-like attribute of an HTML tag:
+    - \`<a href="/user/<%= name %>">me</a>\`
+    - \`<img src="/img/<%= name %>"/>\`
+    - \`<form action="<%= name %>"></form>\`
+    - \`<iframe srcdoc="<%= name %>"/>\`
+- a part of an HTML tag attributes list:
+    - \`<a <%= name %>>text</a>\`
+
+See more details about safe and unsafe HTML attributes:
+- [PortSwigger cheat-sheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
+- [DOMPurify attributes filter implementation](https://github.com/cure53/DOMPurify/blob/c29aa900a1c286b82ee4f48a7ffab96cab3e84fa/src/attrs.js)
+`,
+    guidance: () => ""
+  },
+  isHtmlEncoded: {
+    content: () => "Is the user input already encoded as HTML text?",
+    description: () => "If you are unsure, we will decode the user input and encode it again to ensure it is safe and the data is kept the same.",
+    guidance: () => ""
+  },
+  htmlEscapingLib: {
+    content: () => "Which HTML escaping library would you like to use?",
+    description: () => `
+  - If you use the Spring framework, you likely already have \`org.springframework.web.util.HtmlUtils\`
+  - Another \`option is org.apache.commons.text.StringEscapeUtils\``,
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/xxe.ts
+var xxe2 = {
+  factoryVarName: {
+    content: () => "Name the new Factory variable",
+    description: () => "We needed to create a new variable for this fix. We actually like the name we picked, but maybe you follow different naming conventions, so you can change it here.",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
+var vulnerabilities8 = {
+  ["SQL_Injection" /* SqlInjection */]: sqlInjection2,
+  ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: relativePathCommand,
+  ["CMDi" /* CmDi */]: commandInjection,
+  ["CONFUSING_NAMING" /* ConfusingNaming */]: confusingNaming,
+  ["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: errorConditionWithoutAction,
+  ["XXE" /* Xxe */]: xxe2,
+  ["XSS" /* Xss */]: xss2,
+  ["PRIVACY_VIOLATION" /* PrivacyViolation */]: privacyViolation,
+  ["PT" /* Pt */]: pt2,
+  ["SSRF" /* Ssrf */]: ssrf3,
+  ["LOG_FORGING" /* LogForging */]: logForging2,
+  ["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: localeDependentComparison,
+  ["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: missingCheckAgainstNull,
+  ["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: overlyBroadCatch2,
+  ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: sysLeak2,
+  ["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: useOfSystemOutputStream2,
+  ["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: httpOnlyCookie2,
+  ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition,
+  ["INSECURE_COOKIE" /* InsecureCookie */]: insecureCookie2,
+  ["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: trustBoundaryViolation2,
+  ["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: leftoverDebugCode,
+  ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: erroneousStringCompare
+};
+var java_default2 = vulnerabilities8;
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/commandInjection.ts
+var commandInjection2 = {
+  isCommandExecutable: {
+    content: () => "Commands can be intrinsically unsafe if they call out to other executables or run arbitary code",
+    description: () => `Does the command fall into one of the following categories:
+
+1. An executable name:
+  - \`exec(input);\`
+  - \`exec("/bin/bash " + input);\`
+  - \`exec("/bin/sh -c" + input + " param");\`
+  - \`exec("/bin/bash -c cat file.txt | " + input);\`
+  - \`exec("/usr/bin/git --upload-pack " + input);\`
+2. A part of non-unix or cross platform shell command:
+  - \`exec("cmd.exe /c ping " + input);\`
+3. A part of programming language code:
+  - \`exec("php -r echo '" + input + "';");\`
+  - \`exec("perl -e print '" + input + "'");\``,
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/graphqlDepthLimit.ts
+var graphqlDepthLimit = {
+  depthLimit: {
+    content: () => "Please define a maximum query depth",
+    description: () => `Setting this number to a reasonable value will prevent the attack.
+Make sure to pick a value large enough to allowed the nessecary amount of nested queries.`,
+    guidance: () => {
+      return "We use `graphql-depth-limit` npm package to limit the depth of nested queries. Please make sure you install the package using `npm install graphql-depth-limit`.";
+    }
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/hardcodedSecrets.ts
+var hardcodedSecrets2 = {
+  envVarName: {
+    content: () => "Please define an environment variable name",
+    description: () => `We will use this environment variable instead of the hardcoded secret`,
+    guidance: () => ""
+  },
+  keepAsDefault: {
+    content: () => "Do you want to keep the hardcoded secret in the code for now?",
+    description: () => 'Answer "yes" if you cannot set the environment variable in all environments right away.',
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/iframeWithoutSandbox.ts
+var iframeWithoutSandbox = {
+  iframeRestrictions: {
+    content: () => "Please define a comma-separated list of iframe sandbox restrictions (optional)",
+    description: () => `Possible values:
+- allow-downloads
+- allow-forms
+- allow-modals
+- allow-orientation-lock
+- allow-pointer-lock
+- allow-popups
+- allow-popups-to-escape-sandbox
+- allow-presentation
+- allow-same-origin
+- allow-scripts
+- allow-storage-access-by-user-activation
+- allow-top-navigation
+- allow-top-navigation-by-user-activation
+- allow-top-navigation-to-custom-protocols
+
+See more info [here](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox).`,
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/incompleteUrlSanitization.ts
+var incompleteUrlSanitization = {
+  allowedRootDomain: {
+    content: () => "The root domain of your application",
+    description: () => "We needed to strengthen the security check by ensuring that the url is under the root domain of your application.",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/insecureRandomness.ts
+var insecureRandomness2 = {
+  isGetRandomValuesSupported: {
+    content: () => "Is getRandomValues() function supported by your JavaScript engine?",
+    description: () => "[getRandomValues()](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues) is supported by [more than 97% of browsers](https://caniuse.com/?search=getRandomValues) and [Node.js >= 15.0.0](https://nodejs.org/api/webcrypto.html#cryptogetrandomvaluestypedarray).",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/logForging.ts
+var logForging3 = {
+  isHtmlDisplay: {
+    content: () => "Is the text written to the log going to be displayed as HTML?",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/missingHSTSHeader.ts
+var headerMaxAge = {
+  headerMaxAge: {
+    content: () => "Please provide the maximum age of the header",
+    description: () => `This is the time, in seconds, that the browser should remember that the site is only to be accessed using \`HTTPS\`.    
+&nbsp;    
+&nbsp; 
+    Setting the \`max-age\` to \`0\` (over an https connection) will immediately expire the Strict-Transport-Security header, allowing access via \`HTTP\`.
+
+    
+&nbsp;    
+&nbsp;
+    The HTTP Strict-Transport-Security response header (\`HSTS\`) informs browsers that the site 
+    should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically 
+    be converted to HTTPS.
+
+    
+&nbsp;    
+&nbsp;
+    If a website accepts a connection through \`HTTP\` and redirects to \`HTTPS\`, visitors may initially communicate with 
+    the non-encrypted version of the site before being redirected, if, for example, the visitor 
+    types \`http://www.example.com\` or even just \`example.com\`. This creates an opportunity for a man-in-the-middle attack. 
+    The redirect could be exploited to direct visitors to a malicious site instead of the secure version of the original site.
+    
+&nbsp;    
+&nbsp;
+    The \`HTTP\` Strict Transport Security header informs the browser that it should never load a site using \`HTTP\` 
+    and should automatically convert all attempts to access the site using \`HTTP\` to \`HTTPS\` requests instead.`,
+    guidance: () => ``
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/noLimitsOrThrottling.ts
+var noLimitsOrThrottling2 = {
+  setGlobalLimiter: {
+    content: () => "Would you like to use a global rate limit for all your endpoints within the same file?",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/openRedirect.ts
+var openRedirect = {
+  isExternal: {
+    content: () => "Does the redirect go to an external site",
+    description: () => "",
+    guidance: () => ""
+  },
+  allowlist: {
+    content: () => "Allowed domains/paths",
+    description: () => "If external, provide a coma separated list of allowed domains. If internal, provide a coma seperated list of allowed paths",
+    guidance: () => ""
+  }
 };
-var issueTypeZ = z2.nativeEnum(IssueType_Enum);
-var getIssueType = (issueType) => {
-  const issueTypeZParseRes = issueTypeZ.safeParse(issueType);
-  if (!issueTypeZParseRes.success) {
-    return issueType ? issueType.replaceAll("_", " ") : "Other";
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/pt.ts
+var pt3 = {
+  taintedTermType: {
+    content: ({ expression }) => `Does \`${expression}\` represent a file name, a relative path or an absolute path?`,
+    description: ({ expression }) => `We replace all illegal file name characters for Unix, Windows, and macOS operation systems, including slashes. Ensure that \`${expression}\` isn't supposed to contain slashes or other illegal file name characters.`,
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/ssrf.ts
+var ssrf4 = {
+  domainsAllowlist: {
+    content: () => "List of allowed domain names",
+    description: () => `The security risk of this issue is the ability of an attacker to provide input that shoots HTTP requests from your server to arbitrary domains.
+    
+&nbsp;    
+&nbsp;    To eliminate the risk and fix the issue, check out your app logic and make a whitelist of domains the server should be allowed to call.`,
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/sysLeak.ts
+var sysLeak3 = {
+  errorMessage: {
+    content: () => "Enter the error message that you want to appear in the log",
+    description: () => "",
+    guidance: () => ""
+  },
+  noLoggerAction: {
+    content: () => "Which of the following you want to use instead of the vulnerable code?",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/sysLeakExternal.ts
+var sysLeakExternal = {
+  errorMessage: {
+    content: () => "Enter the error message that you want to appear to the user",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/typeConfusion.ts
+var typeConfusion = {
+  argumentType: {
+    content: () => "What is the type of the HTTP argument?",
+    description: () => "What is the type of the HTTP argument?",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/uncheckedLoopCondition.ts
+var uncheckedLoopCondition2 = {
+  loopLimit: {
+    content: () => "Please define a maximum loop limit",
+    description: () => `Setting this number to a reasonable value will prevent the vulnerability`,
+    guidance: () => ""
+  },
+  varName: {
+    content: () => "Please define a variable name",
+    description: () => `We need to define a variable to be used as a counter to limit the loop`,
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/xss.ts
+var xss3 = {
+  containsHtml: {
+    content: () => "Does the element or variable contain HTML formatting",
+    description: () => "",
+    guidance: () => ""
+  },
+  isParamTypeString: {
+    content: () => "Is the parameter passed to the $() function a string",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
+var vulnerabilities9 = {
+  ["CMDi" /* CmDi */]: commandInjection2,
+  ["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: graphqlDepthLimit,
+  ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness2,
+  ["SSRF" /* Ssrf */]: ssrf4,
+  ["TYPE_CONFUSION" /* TypeConfusion */]: typeConfusion,
+  ["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: incompleteUrlSanitization,
+  ["LOG_FORGING" /* LogForging */]: logForging3,
+  ["XSS" /* Xss */]: xss3,
+  ["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect,
+  ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: sysLeak3,
+  ["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: sysLeakExternal,
+  ["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: iframeWithoutSandbox,
+  ["PT" /* Pt */]: pt3,
+  ["HARDCODED_SECRETS" /* HardcodedSecrets */]: hardcodedSecrets2,
+  ["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: headerMaxAge,
+  ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition2,
+  ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: noLimitsOrThrottling2
+};
+var js_default = vulnerabilities9;
+
+// src/features/analysis/scm/shared/src/storedQuestionData/xml/unboundedOccurrences.ts
+var unboundedOccurrences = {
+  maxOccursLimit: {
+    content: () => "The number of allowed repetitions of the element.",
+    description: () => "",
+    guidance: () => `Setting this number to a reasonable value will prevent the attack. 
+A value too low will prevent valid XMLs from being processed. 
+A value too high will cause performance issues up to and including denial of service.`
   }
-  return issueTypeMap[issueTypeZParseRes.data];
 };
 
+// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
+var vulnerabilities10 = {
+  ["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: unboundedOccurrences
+};
+var xml_default2 = vulnerabilities10;
+
+// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
+var StoredQuestionDataItemZ = z7.object({
+  content: z7.function().args(z7.any()).returns(z7.string()),
+  description: z7.function().args(z7.any()).returns(z7.string()),
+  guidance: z7.function().args(z7.any()).returns(z7.string())
+});
+var languages2 = {
+  ["Java" /* Java */]: java_default2,
+  ["JavaScript" /* JavaScript */]: js_default,
+  ["XML" /* Xml */]: xml_default2,
+  ["CSharp" /* CSharp */]: csharp_default2
+};
+var storedQuestionData_default = languages2;
+
+// src/features/analysis/scm/shared/src/guidances.ts
+function toQuestion(userInput) {
+  const { key, defaultValue } = userInput;
+  const value = userInput.value || defaultValue;
+  return { ...userInput, defaultValue, value, key, error: false };
+}
+function getQuestionInformation({
+  fixQuestionData,
+  issueType,
+  language
+}) {
+  const { name } = fixQuestionData;
+  const storedQuestionDataItem = storedQuestionData_default[language]?.[issueType]?.[name] ?? {
+    content: () => "",
+    description: () => "",
+    guidance: () => ""
+  };
+  return StoredQuestionDataItemZ.parse(storedQuestionDataItem);
+}
+function curriedQuestionInformationByQuestion({
+  issueType,
+  language
+}) {
+  return (fixQuestionData) => getQuestionInformation({
+    issueType,
+    language,
+    fixQuestionData
+  });
+}
+function getPackageFixGuidance(actionsRequired) {
+  const actionRequiredStrings = actionsRequired.map((action) => {
+    if (action.language === "JS" /* Js */) {
+      if (action.action === "add" /* Add */) {
+        let actionRequired = `We use \`${action.lib.name}\` package to sanitize user input. Please make sure you add the latest [\`${action.lib.name}\`](https://www.npmjs.com/package/${action.lib.name}) to your \`package.json\` file.`;
+        if (action.typesLib) {
+          actionRequired += ` For TypeScript users, consider adding [\`${action.typesLib.name}\`](https://www.npmjs.com/package/${action.typesLib.name}) to your \`package.json\` as well`;
+        }
+        return actionRequired;
+      }
+      if (action.action === "relock" /* Relock */) {
+        const actionRequired = `A lock file was detected, please make sure to relock the lock file using your package manager.`;
+        return actionRequired;
+      }
+      if (action.action === "upgrade" /* Upgrade */) {
+        return `We use \`${action.lib.name}\` package to sanitize user input. Please make sure you upgrade the package [\`${action.lib.name}\`](https://www.npmjs.com/package/${action.lib.name}) to the latest version in your \`package.json\` file.`;
+      }
+    }
+    if (action.language === "JAVA" /* Java */) {
+      const names = action.lib.name.split(":");
+      const groupId = names[0];
+      const artifactId = names[1];
+      if (action.action === "add" /* Add */) {
+        return `We use \`${artifactId}\` package in the fix. Please make sure you add the latest [\`${artifactId}\`](https://mvnrepository.com/artifact/${groupId}/${artifactId}) to your pom file.`;
+      }
+      if (action.action === "upgrade" /* Upgrade */) {
+        return `We use \`${artifactId}\` package in the fix. Please make sure you upgrade the package [\`${artifactId}\`](https://mvnrepository.com/artifact/${groupId}/${artifactId}) to the latest version in your pom file.`;
+      }
+    }
+    return void 0;
+  });
+  return actionRequiredStrings.filter((action) => !!action);
+}
+function getFixGuidances({
+  issueType,
+  issueLanguage,
+  fixExtraContext,
+  questions
+}) {
+  const storedFixGuidanceDataItem = languages[issueLanguage || ""]?.[issueType || ""] ?? {};
+  const storeFixResult = StoredFixDataItemZ.safeParse(storedFixGuidanceDataItem);
+  const libGuidances = getPackageFixGuidance(
+    fixExtraContext.manifestActionsRequired
+  );
+  const extraContext = fixExtraContext.extraContext.reduce(
+    (acc, obj) => {
+      acc[obj.key] = obj.value;
+      return acc;
+    },
+    {}
+  );
+  const fixGuidance = storeFixResult.success ? [storeFixResult.data.guidance({ questions, ...extraContext })] : [];
+  return libGuidances.concat(fixGuidance).filter((guidance) => !!guidance);
+}
+function getGuidances({
+  questions,
+  issueType,
+  issueLanguage,
+  fixExtraContext
+}) {
+  const fixGuidances = getFixGuidances({
+    issueType,
+    issueLanguage,
+    fixExtraContext,
+    questions
+  }).map((guidance, index) => ({ guidance, key: `fixGuidance_index_${index}` }));
+  return questions.map((question) => {
+    let questionGuidance = question.guidance;
+    if (!questionGuidance && issueType && issueLanguage) {
+      const getFixInformation = curriedQuestionInformationByQuestion({
+        issueType: z8.nativeEnum(IssueType_Enum).parse(issueType),
+        language: z8.nativeEnum(IssueLanguage_Enum).parse(issueLanguage)
+      });
+      const { guidance } = getFixInformation(question);
+      questionGuidance = guidance({
+        userInputValue: question.value
+      });
+    }
+    return {
+      ...question,
+      guidance: questionGuidance
+    };
+  }).filter(({ guidance }) => !!guidance).map(({ guidance, key }) => ({ guidance, key })).concat(fixGuidances);
+}
+
 // src/features/analysis/scm/shared/src/urlParser/urlParser.ts
-import { z as z3 } from "zod";
+import { z as z9 } from "zod";
 function detectAdoUrl(args) {
   const { pathname, hostname, scmType } = args;
   const hostnameParts = hostname.split(".");
@@ -660,7 +2986,7 @@ function detectAdoUrl(args) {
         scmType: "Ado" /* Ado */,
         organization,
         // project has single repo - repoName === projectName
-        projectName: z3.string().parse(projectName),
+        projectName: z9.string().parse(projectName),
         repoName: projectName,
         prefixPath
       };
@@ -671,7 +2997,7 @@ function detectAdoUrl(args) {
       return {
         scmType: "Ado" /* Ado */,
         organization,
-        projectName: z3.string().parse(projectName),
+        projectName: z9.string().parse(projectName),
         repoName,
         prefixPath
       };
@@ -685,7 +3011,7 @@ function detectAdoUrl(args) {
           scmType: "Ado" /* Ado */,
           organization,
           // project has only one repo - repoName === projectName
-          projectName: z3.string().parse(repoName),
+          projectName: z9.string().parse(repoName),
           repoName,
           prefixPath
         };
@@ -695,7 +3021,7 @@ function detectAdoUrl(args) {
         return {
           scmType: "Ado" /* Ado */,
           organization,
-          projectName: z3.string().parse(projectName),
+          projectName: z9.string().parse(projectName),
           repoName,
           prefixPath
         };
@@ -803,6 +3129,17 @@ var parseScmURL = (scmURL, scmType) => {
   }
 };
 
+// src/features/analysis/scm/shared/src/utils.ts
+function getFixUrl({
+  appBaseUrl,
+  fixId,
+  projectId,
+  organizationId,
+  analysisId
+}) {
+  return `${appBaseUrl}/organization/${organizationId}/project/${projectId}/report/${analysisId}/fix/${fixId}`;
+}
+
 // src/features/analysis/scm/shared/src/index.ts
 var NAME_REGEX = /[a-z0-9\-_.+]+/i;
 var ADO_PREFIX_PATH = "tfs";
@@ -844,15 +3181,6 @@ function getFixUrlWithRedirect(params) {
     analysisId
   })}?${searchParams.toString()}`;
 }
-function getFixUrl({
-  appBaseUrl,
-  fixId,
-  projectId,
-  organizationId,
-  analysisId
-}) {
-  return `${appBaseUrl}/organization/${organizationId}/project/${projectId}/report/${analysisId}/fix/${fixId}`;
-}
 function getCommitUrl(params) {
   const {
     fixId,
@@ -918,25 +3246,25 @@ var sanityRepoURL = (scmURL) => {
 
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 var BITBUCKET_HOSTNAME = "bitbucket.org";
-var TokenExpiredErrorZ = z4.object({
-  status: z4.number(),
-  error: z4.object({
-    type: z4.string(),
-    error: z4.object({
-      message: z4.string()
+var TokenExpiredErrorZ = z10.object({
+  status: z10.number(),
+  error: z10.object({
+    type: z10.string(),
+    error: z10.object({
+      message: z10.string()
     })
   })
 });
 var BITBUCKET_ACCESS_TOKEN_URL = `https://${BITBUCKET_HOSTNAME}/site/oauth2/access_token`;
-var BitbucketAuthResultZ = z4.object({
-  access_token: z4.string(),
-  token_type: z4.string(),
-  refresh_token: z4.string()
+var BitbucketAuthResultZ = z10.object({
+  access_token: z10.string(),
+  token_type: z10.string(),
+  refresh_token: z10.string()
 });
-var BitbucketParseResultZ = z4.object({
-  organization: z4.string(),
-  repoName: z4.string(),
-  hostname: z4.literal(BITBUCKET_HOSTNAME)
+var BitbucketParseResultZ = z10.object({
+  organization: z10.string(),
+  repoName: z10.string(),
+  hostname: z10.literal(BITBUCKET_HOSTNAME)
 });
 function parseBitbucketOrganizationAndRepo(bitbucketUrl) {
   const parsedGitHubUrl = normalizeUrl(bitbucketUrl);
@@ -1015,7 +3343,7 @@ function getBitbucketSdk(params) {
       if (!res.data.values) {
         return [];
       }
-      return res.data.values.filter((branch) => !!branch.name).map((branch) => z4.string().parse(branch.name));
+      return res.data.values.filter((branch) => !!branch.name).map((branch) => z10.string().parse(branch.name));
     },
     async getIsUserCollaborator(params2) {
       const { repoUrl } = params2;
@@ -1130,7 +3458,7 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: tagRes.data.target?.hash,
         type: "TAG" /* TAG */,
-        date: new Date(z4.string().parse(tagRes.data.target?.date))
+        date: new Date(z10.string().parse(tagRes.data.target?.date))
       });
     },
     async getBranchRef(params2) {
@@ -1138,7 +3466,7 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: getBranchRes.target?.hash,
         type: "BRANCH" /* BRANCH */,
-        date: new Date(z4.string().parse(getBranchRes.target?.date))
+        date: new Date(z10.string().parse(getBranchRes.target?.date))
       });
     },
     async getCommitRef(params2) {
@@ -1146,13 +3474,13 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: getCommitRes.hash,
         type: "COMMIT" /* COMMIT */,
-        date: new Date(z4.string().parse(getCommitRes.date))
+        date: new Date(z10.string().parse(getCommitRes.date))
       });
     },
     async getDownloadUrl({ url, sha }) {
       this.getReferenceData({ ref: sha, url });
       const repoRes = await this.getRepo({ repoUrl: url });
-      const parsedRepoUrl = z4.string().url().parse(repoRes.links?.html?.href);
+      const parsedRepoUrl = z10.string().url().parse(repoRes.links?.html?.href);
       return `${parsedRepoUrl}/get/${sha}.zip`;
     },
     async getPullRequest(params2) {
@@ -1195,7 +3523,7 @@ async function validateBitbucketParams(params) {
 }
 async function getUsersworkspacesSlugs(bitbucketClient) {
   const res = await bitbucketClient.workspaces.getWorkspaces({});
-  return res.data.values?.map((v) => z4.string().parse(v.slug));
+  return res.data.values?.map((v) => z10.string().parse(v.slug));
 }
 async function getllUsersrepositories(bitbucketClient) {
   const userWorspacesSlugs = await getUsersworkspacesSlugs(bitbucketClient);
@@ -1735,11 +4063,11 @@ import {
 import { ProxyAgent as ProxyAgent2 } from "undici";
 
 // src/features/analysis/scm/gitlab/types.ts
-import { z as z5 } from "zod";
-var GitlabAuthResultZ = z5.object({
-  access_token: z5.string(),
-  token_type: z5.string(),
-  refresh_token: z5.string()
+import { z as z11 } from "zod";
+var GitlabAuthResultZ = z11.object({
+  access_token: z11.string(),
+  token_type: z11.string(),
+  refresh_token: z11.string()
 });
 
 // src/features/analysis/scm/gitlab/gitlab.ts
@@ -2032,83 +4360,83 @@ initGitlabFetchMock();
 // src/features/analysis/scm/scmSubmit/index.ts
 import fs from "node:fs/promises";
 import parseDiff from "parse-diff";
-import path from "path";
+import path3 from "path";
 import { simpleGit } from "simple-git";
 import tmp from "tmp";
-import { z as z7 } from "zod";
+import { z as z13 } from "zod";
 
 // src/features/analysis/scm/scmSubmit/types.ts
-import { z as z6 } from "zod";
-var BaseSubmitToScmMessageZ = z6.object({
-  submitFixRequestId: z6.string().uuid(),
-  fixes: z6.array(
-    z6.object({
-      fixId: z6.string().uuid(),
-      patches: z6.array(z6.string())
+import { z as z12 } from "zod";
+var BaseSubmitToScmMessageZ = z12.object({
+  submitFixRequestId: z12.string().uuid(),
+  fixes: z12.array(
+    z12.object({
+      fixId: z12.string().uuid(),
+      patches: z12.array(z12.string())
     })
   ),
-  commitHash: z6.string(),
-  repoUrl: z6.string(),
-  mobbUserEmail: z6.string(),
-  extraHeaders: z6.record(z6.string(), z6.string()).default({})
+  commitHash: z12.string(),
+  repoUrl: z12.string(),
+  mobbUserEmail: z12.string(),
+  extraHeaders: z12.record(z12.string(), z12.string()).default({})
 });
 var submitToScmMessageType = {
   commitToSameBranch: "commitToSameBranch",
   submitFixesForDifferentBranch: "submitFixesForDifferentBranch"
 };
 var CommitToSameBranchParamsZ = BaseSubmitToScmMessageZ.merge(
-  z6.object({
-    type: z6.literal(submitToScmMessageType.commitToSameBranch),
-    branch: z6.string(),
-    commitMessage: z6.string(),
-    commitDescription: z6.string().nullish(),
-    githubCommentId: z6.number().nullish()
+  z12.object({
+    type: z12.literal(submitToScmMessageType.commitToSameBranch),
+    branch: z12.string(),
+    commitMessage: z12.string(),
+    commitDescription: z12.string().nullish(),
+    githubCommentId: z12.number().nullish()
   })
 );
-var SubmitFixesToDifferentBranchParamsZ = z6.object({
-  type: z6.literal(submitToScmMessageType.submitFixesForDifferentBranch),
-  submitBranch: z6.string(),
-  baseBranch: z6.string()
+var SubmitFixesToDifferentBranchParamsZ = z12.object({
+  type: z12.literal(submitToScmMessageType.submitFixesForDifferentBranch),
+  submitBranch: z12.string(),
+  baseBranch: z12.string()
 }).merge(BaseSubmitToScmMessageZ);
-var SubmitFixesMessageZ = z6.union([
+var SubmitFixesMessageZ = z12.union([
   CommitToSameBranchParamsZ,
   SubmitFixesToDifferentBranchParamsZ
 ]);
-var FixResponseArrayZ = z6.array(
-  z6.object({
-    fixId: z6.string().uuid()
+var FixResponseArrayZ = z12.array(
+  z12.object({
+    fixId: z12.string().uuid()
   })
 );
-var SubmitFixesBaseResponseMessageZ = z6.object({
-  mobbUserEmail: z6.string(),
-  submitFixRequestId: z6.string().uuid(),
-  submitBranches: z6.array(
-    z6.object({
-      branchName: z6.string(),
+var SubmitFixesBaseResponseMessageZ = z12.object({
+  mobbUserEmail: z12.string(),
+  submitFixRequestId: z12.string().uuid(),
+  submitBranches: z12.array(
+    z12.object({
+      branchName: z12.string(),
       fixes: FixResponseArrayZ
     })
   ),
-  error: z6.object({
-    type: z6.enum([
+  error: z12.object({
+    type: z12.enum([
       "InitialRepoAccessError",
       "PushBranchError",
       "UnknownError"
     ]),
-    info: z6.object({
-      message: z6.string(),
-      pushBranchName: z6.string().optional()
+    info: z12.object({
+      message: z12.string(),
+      pushBranchName: z12.string().optional()
     })
   }).optional()
 });
-var SubmitFixesToSameBranchResponseMessageZ = z6.object({
-  type: z6.literal(submitToScmMessageType.commitToSameBranch),
-  githubCommentId: z6.number().nullish()
+var SubmitFixesToSameBranchResponseMessageZ = z12.object({
+  type: z12.literal(submitToScmMessageType.commitToSameBranch),
+  githubCommentId: z12.number().nullish()
 }).merge(SubmitFixesBaseResponseMessageZ);
-var SubmitFixesToDifferentBranchResponseMessageZ = z6.object({
-  type: z6.literal(submitToScmMessageType.submitFixesForDifferentBranch),
-  githubCommentId: z6.number().optional()
+var SubmitFixesToDifferentBranchResponseMessageZ = z12.object({
+  type: z12.literal(submitToScmMessageType.submitFixesForDifferentBranch),
+  githubCommentId: z12.number().optional()
 }).merge(SubmitFixesBaseResponseMessageZ);
-var SubmitFixesResponseMessageZ = z6.discriminatedUnion("type", [
+var SubmitFixesResponseMessageZ = z12.discriminatedUnion("type", [
   SubmitFixesToSameBranchResponseMessageZ,
   SubmitFixesToDifferentBranchResponseMessageZ
 ]);
@@ -2126,21 +4454,21 @@ var isValidBranchName = async (branchName) => {
     return false;
   }
 };
-var FixesZ = z7.array(
-  z7.object({
-    fixId: z7.string(),
-    patches: z7.array(z7.string())
+var FixesZ = z13.array(
+  z13.object({
+    fixId: z13.string(),
+    patches: z13.array(z13.string())
   })
 ).nonempty();
 
 // src/features/analysis/scm/scm.ts
 function isBrokerUrl(url) {
-  return z8.string().uuid().safeParse(new URL(url).host).success;
+  return z14.string().uuid().safeParse(new URL(url).host).success;
 }
-var GetRefererenceResultZ = z8.object({
-  date: z8.date().optional(),
-  sha: z8.string(),
-  type: z8.nativeEnum(ReferenceType)
+var GetRefererenceResultZ = z14.object({
+  date: z14.date().optional(),
+  sha: z14.string(),
+  type: z14.nativeEnum(ReferenceType)
 });
 function getCloudScmLibTypeFromUrl(url) {
   if (!url) {
@@ -2181,7 +4509,7 @@ var scmTypeToScmLibScmType = {
   ["Bitbucket" /* Bitbucket */]: "BITBUCKET" /* BITBUCKET */
 };
 function getScmLibTypeFromScmType(scmType) {
-  const parsedScmType = z8.nativeEnum(ScmType).parse(scmType);
+  const parsedScmType = z14.nativeEnum(ScmType).parse(scmType);
   return scmTypeToScmLibScmType[parsedScmType];
 }
 function getScmConfig({
@@ -2395,7 +4723,7 @@ var SCMLib = class {
       if (e instanceof InvalidRepoUrlError && url) {
         throw new RepoNoTokenAccessError(
           "no access to repo",
-          scmLibScmTypeToScmType[z8.nativeEnum(ScmLibScmType).parse(scmType)]
+          scmLibScmTypeToScmType[z14.nativeEnum(ScmLibScmType).parse(scmType)]
         );
       }
       console.error(`error validating scm: ${scmType} `, e);
@@ -2806,7 +5134,7 @@ var GithubSCMLib = class extends SCMLib {
       owner,
       repo
     });
-    return z8.string().parse(prRes.data);
+    return z14.string().parse(prRes.data);
   }
   async getRepoList(_scmOrg) {
     this._validateAccessToken();
@@ -2997,7 +5325,7 @@ var StubSCMLib = class extends SCMLib {
 };
 function getUserAndPassword(token) {
   const [username, password] = token.split(":");
-  const safePasswordAndUsername = z8.object({ username: z8.string(), password: z8.string() }).parse({ username, password });
+  const safePasswordAndUsername = z14.object({ username: z14.string(), password: z14.string() }).parse({ username, password });
   return {
     username: safePasswordAndUsername.username,
     password: safePasswordAndUsername.password
@@ -3033,7 +5361,7 @@ var BitbucketSCMLib = class extends SCMLib {
         return { username, password, authType };
       }
       case "token": {
-        return { authType, token: z8.string().parse(this.accessToken) };
+        return { authType, token: z14.string().parse(this.accessToken) };
       }
       case "public":
         return { authType };
@@ -3045,7 +5373,7 @@ var BitbucketSCMLib = class extends SCMLib {
       ...params,
       repoUrl: this.url
     });
-    return String(z8.number().parse(pullRequestRes.id));
+    return String(z14.number().parse(pullRequestRes.id));
   }
   async validateParams() {
     return validateBitbucketParams({
@@ -3117,7 +5445,7 @@ var BitbucketSCMLib = class extends SCMLib {
   async getUsername() {
     this._validateAccessToken();
     const res = await this.bitbucketSdk.getUser();
-    return z8.string().parse(res.username);
+    return z14.string().parse(res.username);
   }
   async getSubmitRequestStatus(_scmSubmitRequestId) {
     this._validateAccessTokenAndUrl();
@@ -3146,7 +5474,7 @@ var BitbucketSCMLib = class extends SCMLib {
   async getRepoDefaultBranch() {
     this._validateUrl();
     const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
-    return z8.string().parse(repoRes.mainbranch?.name);
+    return z14.string().parse(repoRes.mainbranch?.name);
   }
   getPrUrl(prNumber) {
     this._validateUrl();
@@ -3168,33 +5496,33 @@ var BitbucketSCMLib = class extends SCMLib {
 };
 
 // src/features/analysis/scm/ado/validation.ts
-import { z as z9 } from "zod";
-var ValidPullRequestStatusZ = z9.union([
-  z9.literal(1 /* Active */),
-  z9.literal(2 /* Abandoned */),
-  z9.literal(3 /* Completed */)
+import { z as z15 } from "zod";
+var ValidPullRequestStatusZ = z15.union([
+  z15.literal(1 /* Active */),
+  z15.literal(2 /* Abandoned */),
+  z15.literal(3 /* Completed */)
 ]);
-var AdoAuthResultZ = z9.object({
-  access_token: z9.string().min(1),
-  token_type: z9.string().min(1),
-  refresh_token: z9.string().min(1)
+var AdoAuthResultZ = z15.object({
+  access_token: z15.string().min(1),
+  token_type: z15.string().min(1),
+  refresh_token: z15.string().min(1)
 });
-var profileZ = z9.object({
-  displayName: z9.string(),
-  publicAlias: z9.string().min(1),
-  emailAddress: z9.string(),
-  coreRevision: z9.number(),
-  timeStamp: z9.string(),
-  id: z9.string(),
-  revision: z9.number()
+var profileZ = z15.object({
+  displayName: z15.string(),
+  publicAlias: z15.string().min(1),
+  emailAddress: z15.string(),
+  coreRevision: z15.number(),
+  timeStamp: z15.string(),
+  id: z15.string(),
+  revision: z15.number()
 });
-var accountsZ = z9.object({
-  count: z9.number(),
-  value: z9.array(
-    z9.object({
-      accountId: z9.string(),
-      accountUri: z9.string(),
-      accountName: z9.string()
+var accountsZ = z15.object({
+  count: z15.number(),
+  value: z15.array(
+    z15.object({
+      accountId: z15.string(),
+      accountUri: z15.string(),
+      accountName: z15.string()
     })
   )
 });
@@ -3267,7 +5595,7 @@ async function getAdoConnectData({
         oauthToken: adoTokenInfo.accessToken
       });
       return {
-        org: z10.string().parse(org),
+        org: z16.string().parse(org),
         origin: DEFUALT_ADO_ORIGIN
       };
     }
@@ -3353,7 +5681,7 @@ async function getAdoClientParams(params) {
       return {
         tokenType: "PAT" /* PAT */,
         accessToken: adoTokenInfo.accessToken,
-        patTokenOrg: z10.string().parse(tokenOrg).toLowerCase(),
+        patTokenOrg: z16.string().parse(tokenOrg).toLowerCase(),
         origin: origin2,
         orgName: org.toLowerCase()
       };
@@ -3707,175 +6035,10 @@ async function getAdoRepoList({
 // src/features/analysis/scm/constants.ts
 var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
 
-// src/constants.ts
-var debug = Debug("mobbdev:constants");
-var __dirname = path2.dirname(fileURLToPath(import.meta.url));
-dotenv.config({ path: path2.join(__dirname, "../.env") });
-var scmFriendlyText = {
-  ["Ado" /* Ado */]: "Azure DevOps",
-  ["Bitbucket" /* Bitbucket */]: "Bitbucket",
-  ["GitHub" /* GitHub */]: "GitGub",
-  ["GitLab" /* GitLab */]: "GitLab"
-};
-var SCANNERS = {
-  Checkmarx: "checkmarx",
-  Codeql: "codeql",
-  Fortify: "fortify",
-  Snyk: "snyk",
-  Sonarqube: "sonarqube"
-};
-var SupportedScannersZ = z11.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
-var envVariablesSchema = z11.object({
-  WEB_APP_URL: z11.string(),
-  API_URL: z11.string(),
-  HASURA_ACCESS_KEY: z11.string(),
-  LOCAL_GRAPHQL_ENDPOINT: z11.string()
-}).required();
-var envVariables = envVariablesSchema.parse(process.env);
-debug("config %o", envVariables);
-var mobbAscii = `
-                                   ..                       
-                             ..........                     
-                        .................                   
-               ...........................                  
-              ..............................                
-             ................................               
-             ..................................             
-            ....................................            
-            .....................................           
-            .............................................   
-          ................................................. 
-     ...............................       .................
-  ..................................           ............ 
-..................    .............            ..........   
-......... ........      .........             ......        
-  ...............                          ....             
-         .... ..                                            
-                                                            
-                                      . ...                 
-                              ..............                
-                       ......................               
-                   ...........................              
-               ................................             
-           ......................................           
-                ...............................             
-                       .................                    
-`;
-var PROJECT_DEFAULT_NAME = "My first project";
-var WEB_APP_URL = envVariables.WEB_APP_URL;
-var API_URL = envVariables.API_URL;
-var HASURA_ACCESS_KEY = envVariables.HASURA_ACCESS_KEY;
-var LOCAL_GRAPHQL_ENDPOINT = envVariables.LOCAL_GRAPHQL_ENDPOINT;
-var errorMessages = {
-  missingCxProjectName: `project name ${chalk.bold(
-    "(--cx-project-name)"
-  )} is needed if you're using checkmarx`,
-  missingUrl: `url ${chalk.bold(
-    "(--url)"
-  )} is needed if you're adding an SCM token`,
-  invalidScmType: `SCM type ${chalk.bold(
-    "(--scm-type)"
-  )} is invalid, please use one of: ${Object.values(ScmType).join(", ")}`,
-  missingToken: `SCM token ${chalk.bold(
-    "(--token)"
-  )} is needed if you're adding an SCM token`
-};
-var progressMassages = {
-  processingVulnerabilityReportSuccess: "\u2699\uFE0F  Vulnerability report proccessed successfully",
-  processingVulnerabilityReport: "\u2699\uFE0F  Proccessing vulnerability report",
-  processingVulnerabilityReportFailed: "\u2699\uFE0F  Error Proccessing vulnerability report"
-};
-var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 20;
-
-// src/features/analysis/index.ts
-import crypto from "node:crypto";
-import fs3 from "node:fs";
-import os from "node:os";
-import path6 from "node:path";
-import { pipeline } from "node:stream/promises";
-
-// src/utils/index.ts
-var utils_exports = {};
-__export(utils_exports, {
-  CliError: () => CliError,
-  Spinner: () => Spinner,
-  getDirName: () => getDirName,
-  getTopLevelDirName: () => getTopLevelDirName,
-  keypress: () => keypress,
-  sleep: () => sleep
-});
-
-// src/utils/dirname.ts
-import path3 from "node:path";
-import { fileURLToPath as fileURLToPath2 } from "node:url";
-function getDirName() {
-  return path3.dirname(fileURLToPath2(import.meta.url));
-}
-function getTopLevelDirName(fullPath) {
-  return path3.parse(fullPath).name;
-}
-
-// src/utils/keypress.ts
-import readline from "node:readline";
-async function keypress() {
-  const rl = readline.createInterface({
-    input: process.stdin,
-    output: process.stdout
-  });
-  return new Promise((resolve) => {
-    rl.question("", (answer) => {
-      rl.close();
-      process.stderr.moveCursor(0, -1);
-      process.stderr.clearLine(1);
-      resolve(answer);
-    });
-  });
-}
-
-// src/utils/spinner.ts
-import {
-  createSpinner as _createSpinner
-} from "nanospinner";
-var mockSpinner = {
-  success: () => mockSpinner,
-  error: () => mockSpinner,
-  warn: () => mockSpinner,
-  stop: () => mockSpinner,
-  start: () => mockSpinner,
-  update: () => mockSpinner,
-  reset: () => mockSpinner,
-  clear: () => mockSpinner,
-  spin: () => mockSpinner
-};
-function Spinner({ ci = false } = {}) {
-  return {
-    createSpinner: (text, options) => ci ? mockSpinner : _createSpinner(text, options)
-  };
-}
-
-// src/utils/index.ts
-var sleep = (ms = 2e3) => new Promise((r) => setTimeout(r, ms));
-var CliError = class extends Error {
-};
-
-// src/features/analysis/index.ts
-import chalk4 from "chalk";
-import Configstore from "configstore";
-import Debug13 from "debug";
-import extract from "extract-zip";
-import fetch4 from "node-fetch";
-import open2 from "open";
-import semver from "semver";
-import tmp2 from "tmp";
-import { z as z14 } from "zod";
-
-// src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
-import Debug4 from "debug";
-
 // src/features/analysis/add_fix_comments_for_pr/utils.ts
 import Debug3 from "debug";
 import parseDiff2 from "parse-diff";
-import { z as z12 } from "zod";
+import { z as z17 } from "zod";
 
 // src/features/analysis/utils/by_key.ts
 function keyBy(array, keyBy2) {
@@ -4052,10 +6215,23 @@ Refresh the page in order to see the changes.`,
     redirectUrl: commentRes.data.html_url,
     commentId
   });
-  const scanerString = scannerToFriendlyString[scanner];
   const issueType = getIssueType(fix.issueType ?? null);
   const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
-  const subTitle = `### Apply the following code change to fix ${issueType} issue detected by **${scanerString}**:`;
+  const patchAndQuestions = await PatchAndQuestionsZ.parseAsync(
+    fix.patchAndQuestions
+  );
+  const subTitle = getCommitDescription({
+    issueType: fix.issueType,
+    vendor: scanner,
+    severity: fix.vulnerabilitySeverity,
+    issueLanguage: fix.issueLanguage,
+    guidances: getGuidances({
+      questions: patchAndQuestions.questions.map(toQuestion),
+      issueType: fix.issueType,
+      issueLanguage: fix.issueLanguage,
+      fixExtraContext: patchAndQuestions.extraContext
+    })
+  });
   const diff = `\`\`\`diff
 ${patch} 
 \`\`\``;
@@ -4107,7 +6283,7 @@ async function getRelevantVulenrabilitiesFromDiff(params) {
     });
     const lineAddedRanges = calculateRanges(fileNumbers);
     const fileFilter = {
-      path: z12.string().parse(file.to),
+      path: z17.string().parse(file.to),
       ranges: lineAddedRanges.map(([startLine, endLine]) => ({
         endLine,
         startLine
@@ -4452,30 +6628,30 @@ function subscribe(query, variables, callback, wsClientOptions) {
 }
 
 // src/features/analysis/graphql/types.ts
-import { z as z13 } from "zod";
-var VulnerabilityReportIssueCodeNodeZ = z13.object({
-  vulnerabilityReportIssueId: z13.string(),
-  path: z13.string(),
-  startLine: z13.number(),
-  vulnerabilityReportIssue: z13.object({
-    fixId: z13.string()
+import { z as z18 } from "zod";
+var VulnerabilityReportIssueCodeNodeZ = z18.object({
+  vulnerabilityReportIssueId: z18.string(),
+  path: z18.string(),
+  startLine: z18.number(),
+  vulnerabilityReportIssue: z18.object({
+    fixId: z18.string()
   })
 });
-var GetVulByNodesMetadataZ = z13.object({
-  vulnerabilityReportIssueCodeNodes: z13.array(VulnerabilityReportIssueCodeNodeZ),
-  nonFixablePrVuls: z13.object({
-    aggregate: z13.object({
-      count: z13.number()
+var GetVulByNodesMetadataZ = z18.object({
+  vulnerabilityReportIssueCodeNodes: z18.array(VulnerabilityReportIssueCodeNodeZ),
+  nonFixablePrVuls: z18.object({
+    aggregate: z18.object({
+      count: z18.number()
     })
   }),
-  fixablePrVuls: z13.object({
-    aggregate: z13.object({
-      count: z13.number()
+  fixablePrVuls: z18.object({
+    aggregate: z18.object({
+      count: z18.number()
     })
   }),
-  totalScanVulnerabilities: z13.object({
-    aggregate: z13.object({
-      count: z13.number()
+  totalScanVulnerabilities: z18.object({
+    aggregate: z18.object({
+      count: z18.number()
     })
   })
 });
@@ -5465,7 +7641,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     spinner: mobbSpinner,
     submitVulnerabilityReportVariables: {
       fixReportId: reportUploadInfo.fixReportId,
-      repoUrl: z14.string().parse(repo),
+      repoUrl: z19.string().parse(repo),
       reference,
       projectId,
       vulnerabilityReportFileName: "report.json",
@@ -5704,9 +7880,9 @@ async function _scan(params, { skipPrompts = false } = {}) {
         }
       });
       if (command === "review") {
-        const params2 = z14.object({
-          repo: z14.string().url(),
-          githubActionToken: z14.string()
+        const params2 = z19.object({
+          repo: z19.string().url(),
+          githubActionToken: z19.string()
         }).parse({ repo, githubActionToken });
         const scm = await SCMLib.init(
           {
@@ -5728,7 +7904,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
               analysisId,
               gqlClient,
               scm,
-              scanner: z14.nativeEnum(SCANNERS).parse(scanner)
+              scanner: z19.nativeEnum(SCANNERS).parse(scanner)
             });
           },
           callbackStates: ["Finished" /* Finished */]
@@ -5955,7 +8131,7 @@ var scmTokenOption = {
 // src/args/validation.ts
 import chalk6 from "chalk";
 import path8 from "path";
-import { z as z15 } from "zod";
+import { z as z20 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
   repoUrl,
@@ -5972,13 +8148,13 @@ Example:
   )}`;
   throw new CliError(formattedErrorMessage);
 }
-var UrlZ = z15.string({
+var UrlZ = z20.string({
   invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
 }).refine((data) => !!sanityRepoURL(data), {
   message: `is not a valid ${Object.values(ScmType).join(" / ")} URL`
 });
 function validateOrganizationId(organizationId) {
-  const orgIdValidation = z15.string().uuid().nullish().safeParse(organizationId);
+  const orgIdValidation = z20.string().uuid().nullish().safeParse(organizationId);
   if (!orgIdValidation.success) {
     throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
   }