mobbdev 0.0.180 → 0.0.182

package/dist/index.mjs

@@ -1980,6 +1980,15 @@ var pt = {
   }
 };
 
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/sqlInjection.ts
+var sqlInjection2 = {
+  databaseProvider: {
+    content: () => "Select the database provider",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
 // src/features/analysis/scm/shared/src/storedQuestionData/csharp/ssrf.ts
 var ssrf2 = {
   domainsAllowlist: {
@@ -2124,7 +2133,8 @@ var vulnerabilities7 = {
   ["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: insecureBinderConfiguration,
   ["VALUE_SHADOWING" /* ValueShadowing */]: valueShadowing,
   ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness,
-  ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: insufficientLogging
+  ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: insufficientLogging,
+  ["SQL_Injection" /* SqlInjection */]: sqlInjection2
 };
 var csharp_default2 = vulnerabilities7;
 
@@ -2380,7 +2390,7 @@ var typeToSetMethod = {
   date: "setDate",
   string: "setString"
 };
-var sqlInjection2 = {
+var sqlInjection3 = {
   parameterType: {
     content: ({ tainted_term }) => `What is the SQL Data Type of the \`${tainted_term}\` parameter?`,
     description: () => "In order to make sure the statement is built correctly, we must ensure we use the same type that is defined for this parameter in the SQL table. If you are unsure of this type, please consult with your team.",
@@ -2563,7 +2573,7 @@ var xxe2 = {
 
 // src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
 var vulnerabilities8 = {
-  ["SQL_Injection" /* SqlInjection */]: sqlInjection2,
+  ["SQL_Injection" /* SqlInjection */]: sqlInjection3,
   ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: relativePathCommand,
   ["CMDi" /* CmDi */]: commandInjection,
   ["CONFUSING_NAMING" /* ConfusingNaming */]: confusingNaming,
@@ -4954,9 +4964,6 @@ var AdoSCMLib = class extends SCMLib {
       repoUrl: this.url
     });
   }
-  async getUsername() {
-    throw new Error("getUsername() is not relevant for ADO");
-  }
   async getSubmitRequestStatus(scmSubmitRequestId) {
     this._validateAccessTokenAndUrl();
     const adoSdk = await this.getAdoSdk();
@@ -5603,6 +5610,9 @@ var AdoAuthResultZ = z16.object({
   token_type: z16.string().min(1),
   refresh_token: z16.string().min(1)
 });
+var AdoAuthResultWithOrgsZ = AdoAuthResultZ.extend({
+  scmOrgs: z16.array(z16.string())
+});
 var profileZ = z16.object({
   displayName: z16.string(),
   publicAlias: z16.string().min(1),
@@ -5667,6 +5677,17 @@ function parseAdoOwnerAndRepo(adoUrl) {
     origin: `${protocol}//${hostname}`
   };
 }
+function isValidAdoRepo(url) {
+  if (!url) {
+    return false;
+  }
+  try {
+    const parsed = parseAdoOwnerAndRepo(url);
+    return Boolean(parsed.repo && parsed.projectName);
+  } catch (e) {
+    return false;
+  }
+}
 async function getAdoConnectData({
   url,
   tokenOrg,
@@ -5688,7 +5709,7 @@ async function getAdoConnectData({
   }
   if (!tokenOrg) {
     if (adoTokenInfo.type === "OAUTH" /* OAUTH */) {
-      const [org] = await _getOrgsForOauthToken({
+      const [org] = await getOrgsForOauthToken({
         oauthToken: adoTokenInfo.accessToken
       });
       return {
@@ -5795,7 +5816,7 @@ async function adoValidateParams({
       await getAdoClientParams({ url, accessToken, tokenOrg })
     );
     await api2.connect();
-    if (url) {
+    if (isValidAdoRepo(url)) {
       const git = await api2.getGitApi();
       await validateAdoRepo({ git, repoUrl: url });
     }
@@ -5813,7 +5834,7 @@ async function adoValidateParams({
     throw e;
   }
 }
-async function _getOrgsForOauthToken({
+async function getOrgsForOauthToken({
   oauthToken
 }) {
   const profileRes = await fetch(
@@ -6087,7 +6108,7 @@ async function getAdoRepoList({
     return [];
   }
   if (adoTokenInfo.type === "OAUTH" /* OAUTH */) {
-    orgs = await _getOrgsForOauthToken({ oauthToken: accessToken });
+    orgs = await getOrgsForOauthToken({ oauthToken: accessToken });
   }
   if (orgs.length === 0 && !orgName) {
     throw new Error(`no orgs for ADO`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "0.0.180",
+  "version": "0.0.182",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",
@@ -61,11 +61,11 @@
     "parse-diff": "0.11.1",
     "semver": "7.6.3",
     "simple-git": "3.27.0",
-    "snyk": "1.1293.1",
+    "snyk": "1.1294.0",
     "supports-color": "9.4.0",
     "tar": "6.2.1",
     "tmp": "0.2.3",
-    "undici": "6.20.0",
+    "undici": "6.20.1",
     "uuid": "10.0.0",
     "ws": "8.18.0",
     "yargs": "17.7.2",
@@ -73,9 +73,9 @@
   },
   "devDependencies": {
     "@graphql-codegen/cli": "5.0.3",
-    "@graphql-codegen/typescript": "4.1.0",
+    "@graphql-codegen/typescript": "4.1.1",
     "@graphql-codegen/typescript-graphql-request": "6.2.0",
-    "@graphql-codegen/typescript-operations": "4.3.0",
+    "@graphql-codegen/typescript-operations": "4.3.1",
     "@octokit/request-error": "3.0.3",
     "@octokit/types": "13.6.1",
     "@types/adm-zip": "0.5.5",
@@ -87,11 +87,11 @@
     "@types/tar": "6.1.13",
     "@types/tmp": "0.2.6",
     "@types/uuid": "10.0.0",
-    "@types/ws": "8.5.12",
+    "@types/ws": "8.5.13",
     "@types/yargs": "17.0.33",
     "@typescript-eslint/eslint-plugin": "7.17.0",
     "@typescript-eslint/parser": "7.17.0",
-    "@vitest/coverage-istanbul": "2.1.2",
+    "@vitest/coverage-istanbul": "2.1.4",
     "@vitest/ui": "^2.1.2",
     "eslint": "8.57.0",
     "eslint-plugin-import": "2.31.0",
@@ -100,7 +100,7 @@
     "prettier": "3.3.3",
     "tsup": "7.2.0",
     "typescript": "4.9.5",
-    "vitest": "2.1.2"
+    "vitest": "2.1.4"
   },
   "engines": {
     "node": ">=18.18.0"