mobbdev 0.0.186 → 0.0.187

package/dist/index.mjs

@@ -107,6 +107,7 @@ var IssueLanguage_Enum = /* @__PURE__ */ ((IssueLanguage_Enum2) => {
 })(IssueLanguage_Enum || {});
 var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["AutoEscapeFalse"] = "AUTO_ESCAPE_FALSE";
+  IssueType_Enum2["ClientDomStoredCodeInjection"] = "CLIENT_DOM_STORED_CODE_INJECTION";
   IssueType_Enum2["CmDi"] = "CMDi";
   IssueType_Enum2["CmDiRelativePathCommand"] = "CMDi_relative_path_command";
   IssueType_Enum2["ConfusingNaming"] = "CONFUSING_NAMING";
@@ -732,7 +733,8 @@ var issueTypeMap = {
   ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False",
   ["MISSING_CSP_HEADER" /* MissingCspHeader */]: "Missing CSP Header",
   ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML",
-  ["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection"
+  ["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection",
+  ["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: "Client Code Injection"
 };
 var issueTypeZ = z.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -1679,6 +1681,10 @@ var fixDetailsData = {
   ["HEAP_INSPECTION" /* HeapInspection */]: {
     issueDescription: "All variables stored by the application in unencrypted memory can be read by an attacker. This can lead to the exposure of sensitive information, such as passwords, credit card numbers, and personal data.",
     fixInstructions: "Use secure storage methods to store secrets in memory."
+  },
+  ["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: {
+    issueDescription: "Client DOM Stored Code Injection is a client-side security vulnerability where malicious JavaScript code gets stored in the DOM and later executed when retrieved by legitimate scripts.",
+    fixInstructions: "Update the code to avoid the possibility for malicious JavaScript code to get stored in the DOM."
   }
 };
 
@@ -3359,22 +3365,6 @@ var isUrlHasPath = (url) => {
 function shouldValidateUrl(repoUrl) {
   return repoUrl && isUrlHasPath(repoUrl);
 }
-var sanityRepoURL = (scmURL) => {
-  try {
-    const url = new URL(scmURL);
-    const projectPath = url.pathname.substring(1).replace(/.git$/i, "");
-    const pathParts = projectPath.split("/");
-    if (pathParts.length < 2)
-      return false;
-    if (pathParts.length > 4 && pathParts.at(0) !== ADO_PREFIX_PATH)
-      return false;
-    if (pathParts.some((part) => !part.match(NAME_REGEX)))
-      return false;
-    return true;
-  } catch (e) {
-    return null;
-  }
-};
 
 // src/features/analysis/scm/bitbucket/validation.ts
 import { z as z11 } from "zod";
@@ -4963,16 +4953,33 @@ var AdoSCMLib = class extends SCMLib {
   }
   async createSubmitRequest(params) {
     this._validateAccessTokenAndUrl();
-    const { targetBranchName, sourceBranchName, title, body } = params;
-    const adoSdk = await this.getAdoSdk();
-    const pullRequestId = await adoSdk.createAdoPullRequest({
-      title,
-      body,
-      targetBranchName,
-      sourceBranchName,
-      repoUrl: this.url
-    });
-    return String(pullRequestId);
+    for (let i = 0; i < 5; i++) {
+      try {
+        const { targetBranchName, sourceBranchName, title, body } = params;
+        const adoSdk = await this.getAdoSdk();
+        const pullRequestId = await adoSdk.createAdoPullRequest({
+          title,
+          body,
+          targetBranchName,
+          sourceBranchName,
+          repoUrl: this.url
+        });
+        return String(pullRequestId);
+      } catch (e) {
+        console.warn(
+          `error creating pull request for ADO. Try number ${i + 1}`,
+          e
+        );
+        await setTimeout3(1e3);
+        if (4 === i) {
+          console.error("error creating pull request for ADO", e);
+          throw e;
+        }
+      }
+    }
+    throw new Error(
+      "error creating pull request for ADO, should not reach here"
+    );
   }
   async validateParams() {
     return adoValidateParams({
@@ -5600,15 +5607,18 @@ var BitbucketSCMLib = class extends SCMLib {
         });
         return String(z16.number().parse(pullRequestRes.id));
       } catch (e) {
-        console.warn(`error creating pull request. Try number ${i + 1}`, e);
+        console.warn(
+          `error creating pull request for BB. Try number ${i + 1}`,
+          e
+        );
         await setTimeout3(1e3);
         if (4 === i) {
-          console.error("error creating pull request", e);
+          console.error("error creating pull request for BB", e);
           throw e;
         }
       }
     }
-    throw new Error("error creating pull request, should not reach here");
+    throw new Error("error creating pull request for BB, should not reach here");
   }
   async validateParams() {
     return validateBitbucketParams({
@@ -8483,8 +8493,6 @@ Example:
 }
 var UrlZ = z23.string({
   invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
-}).refine((data) => !!sanityRepoURL(data), {
-  message: `is not a valid ${Object.values(ScmType).join(" / ")} URL`
 });
 function validateOrganizationId(organizationId) {
   const orgIdValidation = z23.string().uuid().nullish().safeParse(organizationId);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "0.0.186",
+  "version": "0.0.187",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",