npm - mobbdev - Versions diffs - 0.0.181 → 0.0.183 - Mend

mobbdev 0.0.181 → 0.0.183

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +21 -5
package/package.json +8 -8

package/dist/index.mjs CHANGED Viewed

@@ -122,6 +122,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["HardcodedDomainInHtml"] = "HARDCODED_DOMAIN_IN_HTML";
   IssueType_Enum2["HardcodedSecrets"] = "HARDCODED_SECRETS";
   IssueType_Enum2["HeaderManipulation"] = "HEADER_MANIPULATION";
+  IssueType_Enum2["HeapInspection"] = "HEAP_INSPECTION";
   IssueType_Enum2["HtmlCommentInJsp"] = "HTML_COMMENT_IN_JSP";
   IssueType_Enum2["HttpOnlyCookie"] = "HTTP_ONLY_COOKIE";
   IssueType_Enum2["HttpResponseSplitting"] = "HTTP_RESPONSE_SPLITTING";
@@ -1547,7 +1548,11 @@ var fixDetailsData = {
     fixInstructions: "Use express-rate-limit npm package to set a rate limit."
   },
   ["MISSING_CSP_HEADER" /* MissingCspHeader */]: void 0,
-  ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: void 0
+  ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: void 0,
+  ["HEAP_INSPECTION" /* HeapInspection */]: {
+    issueDescription: "All variables stored by the application in unencrypted memory can be read by an attacker. This can lead to the exposure of sensitive information, such as passwords, credit card numbers, and personal data.",
+    fixInstructions: "Use secure storage methods to store secrets in memory."
+  }
 };
 // src/features/analysis/scm/shared/src/getIssueType.ts
@@ -1625,7 +1630,8 @@ var issueTypeMap = {
   ["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: "Unvalidated Public Method Argument",
   ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False",
   ["MISSING_CSP_HEADER" /* MissingCspHeader */]: "Missing CSP Header",
-  ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML"
+  ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML",
+  ["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection"
 };
 var issueTypeZ = z4.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -1980,6 +1986,15 @@ var pt = {
   }
 };
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/sqlInjection.ts
+var sqlInjection2 = {
+  databaseProvider: {
+    content: () => "Select the database provider",
+    description: () => "",
+    guidance: () => ""
+  }
+};
 // src/features/analysis/scm/shared/src/storedQuestionData/csharp/ssrf.ts
 var ssrf2 = {
   domainsAllowlist: {
@@ -2124,7 +2139,8 @@ var vulnerabilities7 = {
   ["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: insecureBinderConfiguration,
   ["VALUE_SHADOWING" /* ValueShadowing */]: valueShadowing,
   ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness,
-  ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: insufficientLogging
+  ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: insufficientLogging,
+  ["SQL_Injection" /* SqlInjection */]: sqlInjection2
 };
 var csharp_default2 = vulnerabilities7;
@@ -2380,7 +2396,7 @@ var typeToSetMethod = {
   date: "setDate",
   string: "setString"
 };
-var sqlInjection2 = {
+var sqlInjection3 = {
   parameterType: {
     content: ({ tainted_term }) => `What is the SQL Data Type of the \`${tainted_term}\` parameter?`,
     description: () => "In order to make sure the statement is built correctly, we must ensure we use the same type that is defined for this parameter in the SQL table. If you are unsure of this type, please consult with your team.",
@@ -2563,7 +2579,7 @@ var xxe2 = {
 // src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
 var vulnerabilities8 = {
-  ["SQL_Injection" /* SqlInjection */]: sqlInjection2,
+  ["SQL_Injection" /* SqlInjection */]: sqlInjection3,
   ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: relativePathCommand,
   ["CMDi" /* CmDi */]: commandInjection,
   ["CONFUSING_NAMING" /* ConfusingNaming */]: confusingNaming,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "0.0.181",
+  "version": "0.0.183",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",
@@ -61,11 +61,11 @@
     "parse-diff": "0.11.1",
     "semver": "7.6.3",
     "simple-git": "3.27.0",
-    "snyk": "1.1293.1",
+    "snyk": "1.1294.0",
     "supports-color": "9.4.0",
     "tar": "6.2.1",
     "tmp": "0.2.3",
-    "undici": "6.20.0",
+    "undici": "6.20.1",
     "uuid": "10.0.0",
     "ws": "8.18.0",
     "yargs": "17.7.2",
@@ -73,9 +73,9 @@
   },
   "devDependencies": {
     "@graphql-codegen/cli": "5.0.3",
-    "@graphql-codegen/typescript": "4.1.0",
+    "@graphql-codegen/typescript": "4.1.1",
     "@graphql-codegen/typescript-graphql-request": "6.2.0",
-    "@graphql-codegen/typescript-operations": "4.3.0",
+    "@graphql-codegen/typescript-operations": "4.3.1",
     "@octokit/request-error": "3.0.3",
     "@octokit/types": "13.6.1",
     "@types/adm-zip": "0.5.5",
@@ -87,11 +87,11 @@
     "@types/tar": "6.1.13",
     "@types/tmp": "0.2.6",
     "@types/uuid": "10.0.0",
-    "@types/ws": "8.5.12",
+    "@types/ws": "8.5.13",
     "@types/yargs": "17.0.33",
     "@typescript-eslint/eslint-plugin": "7.17.0",
     "@typescript-eslint/parser": "7.17.0",
-    "@vitest/coverage-istanbul": "2.1.2",
+    "@vitest/coverage-istanbul": "2.1.4",
     "@vitest/ui": "^2.1.2",
     "eslint": "8.57.0",
     "eslint-plugin-import": "2.31.0",
@@ -100,7 +100,7 @@
     "prettier": "3.3.3",
     "tsup": "7.2.0",
     "typescript": "4.9.5",
-    "vitest": "2.1.2"
+    "vitest": "2.1.4"
   },
   "engines": {
     "node": ">=18.18.0"