mobbdev 0.0.185 → 0.0.187
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +62 -35
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -107,6 +107,7 @@ var IssueLanguage_Enum = /* @__PURE__ */ ((IssueLanguage_Enum2) => {
|
|
|
107
107
|
})(IssueLanguage_Enum || {});
|
|
108
108
|
var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
109
109
|
IssueType_Enum2["AutoEscapeFalse"] = "AUTO_ESCAPE_FALSE";
|
|
110
|
+
IssueType_Enum2["ClientDomStoredCodeInjection"] = "CLIENT_DOM_STORED_CODE_INJECTION";
|
|
110
111
|
IssueType_Enum2["CmDi"] = "CMDi";
|
|
111
112
|
IssueType_Enum2["CmDiRelativePathCommand"] = "CMDi_relative_path_command";
|
|
112
113
|
IssueType_Enum2["ConfusingNaming"] = "CONFUSING_NAMING";
|
|
@@ -732,7 +733,8 @@ var issueTypeMap = {
|
|
|
732
733
|
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False",
|
|
733
734
|
["MISSING_CSP_HEADER" /* MissingCspHeader */]: "Missing CSP Header",
|
|
734
735
|
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML",
|
|
735
|
-
["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection"
|
|
736
|
+
["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection",
|
|
737
|
+
["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: "Client Code Injection"
|
|
736
738
|
};
|
|
737
739
|
var issueTypeZ = z.nativeEnum(IssueType_Enum);
|
|
738
740
|
var getIssueTypeFriendlyString = (issueType) => {
|
|
@@ -1440,6 +1442,7 @@ var EnvVariablesZod = z5.object({
|
|
|
1440
1442
|
var { GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
|
|
1441
1443
|
|
|
1442
1444
|
// src/features/analysis/scm/scm.ts
|
|
1445
|
+
import { setTimeout as setTimeout3 } from "node:timers/promises";
|
|
1443
1446
|
import { z as z16 } from "zod";
|
|
1444
1447
|
|
|
1445
1448
|
// src/features/analysis/scm/bitbucket/bitbucket.ts
|
|
@@ -1678,6 +1681,10 @@ var fixDetailsData = {
|
|
|
1678
1681
|
["HEAP_INSPECTION" /* HeapInspection */]: {
|
|
1679
1682
|
issueDescription: "All variables stored by the application in unencrypted memory can be read by an attacker. This can lead to the exposure of sensitive information, such as passwords, credit card numbers, and personal data.",
|
|
1680
1683
|
fixInstructions: "Use secure storage methods to store secrets in memory."
|
|
1684
|
+
},
|
|
1685
|
+
["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: {
|
|
1686
|
+
issueDescription: "Client DOM Stored Code Injection is a client-side security vulnerability where malicious JavaScript code gets stored in the DOM and later executed when retrieved by legitimate scripts.",
|
|
1687
|
+
fixInstructions: "Update the code to avoid the possibility for malicious JavaScript code to get stored in the DOM."
|
|
1681
1688
|
}
|
|
1682
1689
|
};
|
|
1683
1690
|
|
|
@@ -3358,22 +3365,6 @@ var isUrlHasPath = (url) => {
|
|
|
3358
3365
|
function shouldValidateUrl(repoUrl) {
|
|
3359
3366
|
return repoUrl && isUrlHasPath(repoUrl);
|
|
3360
3367
|
}
|
|
3361
|
-
var sanityRepoURL = (scmURL) => {
|
|
3362
|
-
try {
|
|
3363
|
-
const url = new URL(scmURL);
|
|
3364
|
-
const projectPath = url.pathname.substring(1).replace(/.git$/i, "");
|
|
3365
|
-
const pathParts = projectPath.split("/");
|
|
3366
|
-
if (pathParts.length < 2)
|
|
3367
|
-
return false;
|
|
3368
|
-
if (pathParts.length > 4 && pathParts.at(0) !== ADO_PREFIX_PATH)
|
|
3369
|
-
return false;
|
|
3370
|
-
if (pathParts.some((part) => !part.match(NAME_REGEX)))
|
|
3371
|
-
return false;
|
|
3372
|
-
return true;
|
|
3373
|
-
} catch (e) {
|
|
3374
|
-
return null;
|
|
3375
|
-
}
|
|
3376
|
-
};
|
|
3377
3368
|
|
|
3378
3369
|
// src/features/analysis/scm/bitbucket/validation.ts
|
|
3379
3370
|
import { z as z11 } from "zod";
|
|
@@ -4343,7 +4334,13 @@ async function getGitlabBranchList({
|
|
|
4343
4334
|
const res = await api2.Branches.all(projectPath, {
|
|
4344
4335
|
perPage: MAX_BRANCHES_FETCH
|
|
4345
4336
|
});
|
|
4346
|
-
|
|
4337
|
+
res.sort((a, b) => {
|
|
4338
|
+
if (!a.commit?.committed_date || !b.commit?.committed_date) {
|
|
4339
|
+
return 0;
|
|
4340
|
+
}
|
|
4341
|
+
return new Date(b.commit?.committed_date).getTime() - new Date(a.commit?.committed_date).getTime();
|
|
4342
|
+
});
|
|
4343
|
+
return res.map((branch) => branch.name).slice(0, MAX_BRANCHES_FETCH);
|
|
4347
4344
|
} catch (e) {
|
|
4348
4345
|
return [];
|
|
4349
4346
|
}
|
|
@@ -4956,16 +4953,33 @@ var AdoSCMLib = class extends SCMLib {
|
|
|
4956
4953
|
}
|
|
4957
4954
|
async createSubmitRequest(params) {
|
|
4958
4955
|
this._validateAccessTokenAndUrl();
|
|
4959
|
-
|
|
4960
|
-
|
|
4961
|
-
|
|
4962
|
-
|
|
4963
|
-
|
|
4964
|
-
|
|
4965
|
-
|
|
4966
|
-
|
|
4967
|
-
|
|
4968
|
-
|
|
4956
|
+
for (let i = 0; i < 5; i++) {
|
|
4957
|
+
try {
|
|
4958
|
+
const { targetBranchName, sourceBranchName, title, body } = params;
|
|
4959
|
+
const adoSdk = await this.getAdoSdk();
|
|
4960
|
+
const pullRequestId = await adoSdk.createAdoPullRequest({
|
|
4961
|
+
title,
|
|
4962
|
+
body,
|
|
4963
|
+
targetBranchName,
|
|
4964
|
+
sourceBranchName,
|
|
4965
|
+
repoUrl: this.url
|
|
4966
|
+
});
|
|
4967
|
+
return String(pullRequestId);
|
|
4968
|
+
} catch (e) {
|
|
4969
|
+
console.warn(
|
|
4970
|
+
`error creating pull request for ADO. Try number ${i + 1}`,
|
|
4971
|
+
e
|
|
4972
|
+
);
|
|
4973
|
+
await setTimeout3(1e3);
|
|
4974
|
+
if (4 === i) {
|
|
4975
|
+
console.error("error creating pull request for ADO", e);
|
|
4976
|
+
throw e;
|
|
4977
|
+
}
|
|
4978
|
+
}
|
|
4979
|
+
}
|
|
4980
|
+
throw new Error(
|
|
4981
|
+
"error creating pull request for ADO, should not reach here"
|
|
4982
|
+
);
|
|
4969
4983
|
}
|
|
4970
4984
|
async validateParams() {
|
|
4971
4985
|
return adoValidateParams({
|
|
@@ -5585,11 +5599,26 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
5585
5599
|
}
|
|
5586
5600
|
async createSubmitRequest(params) {
|
|
5587
5601
|
this._validateAccessTokenAndUrl();
|
|
5588
|
-
|
|
5589
|
-
|
|
5590
|
-
|
|
5591
|
-
|
|
5592
|
-
|
|
5602
|
+
for (let i = 0; i < 5; i++) {
|
|
5603
|
+
try {
|
|
5604
|
+
const pullRequestRes = await this.bitbucketSdk.createPullRequest({
|
|
5605
|
+
...params,
|
|
5606
|
+
repoUrl: this.url
|
|
5607
|
+
});
|
|
5608
|
+
return String(z16.number().parse(pullRequestRes.id));
|
|
5609
|
+
} catch (e) {
|
|
5610
|
+
console.warn(
|
|
5611
|
+
`error creating pull request for BB. Try number ${i + 1}`,
|
|
5612
|
+
e
|
|
5613
|
+
);
|
|
5614
|
+
await setTimeout3(1e3);
|
|
5615
|
+
if (4 === i) {
|
|
5616
|
+
console.error("error creating pull request for BB", e);
|
|
5617
|
+
throw e;
|
|
5618
|
+
}
|
|
5619
|
+
}
|
|
5620
|
+
}
|
|
5621
|
+
throw new Error("error creating pull request for BB, should not reach here");
|
|
5593
5622
|
}
|
|
5594
5623
|
async validateParams() {
|
|
5595
5624
|
return validateBitbucketParams({
|
|
@@ -8464,8 +8493,6 @@ Example:
|
|
|
8464
8493
|
}
|
|
8465
8494
|
var UrlZ = z23.string({
|
|
8466
8495
|
invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
|
|
8467
|
-
}).refine((data) => !!sanityRepoURL(data), {
|
|
8468
|
-
message: `is not a valid ${Object.values(ScmType).join(" / ")} URL`
|
|
8469
8496
|
});
|
|
8470
8497
|
function validateOrganizationId(organizationId) {
|
|
8471
8498
|
const orgIdValidation = z23.string().uuid().nullish().safeParse(organizationId);
|