mobbdev 0.0.186 → 0.0.188
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +44 -33
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -107,6 +107,7 @@ var IssueLanguage_Enum = /* @__PURE__ */ ((IssueLanguage_Enum2) => {
|
|
|
107
107
|
})(IssueLanguage_Enum || {});
|
|
108
108
|
var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
109
109
|
IssueType_Enum2["AutoEscapeFalse"] = "AUTO_ESCAPE_FALSE";
|
|
110
|
+
IssueType_Enum2["ClientDomStoredCodeInjection"] = "CLIENT_DOM_STORED_CODE_INJECTION";
|
|
110
111
|
IssueType_Enum2["CmDi"] = "CMDi";
|
|
111
112
|
IssueType_Enum2["CmDiRelativePathCommand"] = "CMDi_relative_path_command";
|
|
112
113
|
IssueType_Enum2["ConfusingNaming"] = "CONFUSING_NAMING";
|
|
@@ -316,6 +317,7 @@ var GetFixesDocument = `
|
|
|
316
317
|
__typename
|
|
317
318
|
... on FixData {
|
|
318
319
|
patch
|
|
320
|
+
patchOriginalEncodingBase64
|
|
319
321
|
questions {
|
|
320
322
|
defaultValue
|
|
321
323
|
extraContext {
|
|
@@ -732,7 +734,8 @@ var issueTypeMap = {
|
|
|
732
734
|
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False",
|
|
733
735
|
["MISSING_CSP_HEADER" /* MissingCspHeader */]: "Missing CSP Header",
|
|
734
736
|
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML",
|
|
735
|
-
["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection"
|
|
737
|
+
["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection",
|
|
738
|
+
["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: "Client Code Injection"
|
|
736
739
|
};
|
|
737
740
|
var issueTypeZ = z.nativeEnum(IssueType_Enum);
|
|
738
741
|
var getIssueTypeFriendlyString = (issueType) => {
|
|
@@ -1002,6 +1005,7 @@ var FixExtraContextZ = z3.object({
|
|
|
1002
1005
|
var PatchAndQuestionsZ = z3.object({
|
|
1003
1006
|
__typename: z3.literal("FixData"),
|
|
1004
1007
|
patch: z3.string(),
|
|
1008
|
+
patchOriginalEncodingBase64: z3.string(),
|
|
1005
1009
|
questions: z3.array(
|
|
1006
1010
|
z3.object({
|
|
1007
1011
|
name: z3.string(),
|
|
@@ -1679,6 +1683,10 @@ var fixDetailsData = {
|
|
|
1679
1683
|
["HEAP_INSPECTION" /* HeapInspection */]: {
|
|
1680
1684
|
issueDescription: "All variables stored by the application in unencrypted memory can be read by an attacker. This can lead to the exposure of sensitive information, such as passwords, credit card numbers, and personal data.",
|
|
1681
1685
|
fixInstructions: "Use secure storage methods to store secrets in memory."
|
|
1686
|
+
},
|
|
1687
|
+
["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: {
|
|
1688
|
+
issueDescription: "Client DOM Stored Code Injection is a client-side security vulnerability where malicious JavaScript code gets stored in the DOM and later executed when retrieved by legitimate scripts.",
|
|
1689
|
+
fixInstructions: "Update the code to avoid the possibility for malicious JavaScript code to get stored in the DOM."
|
|
1682
1690
|
}
|
|
1683
1691
|
};
|
|
1684
1692
|
|
|
@@ -3359,22 +3367,6 @@ var isUrlHasPath = (url) => {
|
|
|
3359
3367
|
function shouldValidateUrl(repoUrl) {
|
|
3360
3368
|
return repoUrl && isUrlHasPath(repoUrl);
|
|
3361
3369
|
}
|
|
3362
|
-
var sanityRepoURL = (scmURL) => {
|
|
3363
|
-
try {
|
|
3364
|
-
const url = new URL(scmURL);
|
|
3365
|
-
const projectPath = url.pathname.substring(1).replace(/.git$/i, "");
|
|
3366
|
-
const pathParts = projectPath.split("/");
|
|
3367
|
-
if (pathParts.length < 2)
|
|
3368
|
-
return false;
|
|
3369
|
-
if (pathParts.length > 4 && pathParts.at(0) !== ADO_PREFIX_PATH)
|
|
3370
|
-
return false;
|
|
3371
|
-
if (pathParts.some((part) => !part.match(NAME_REGEX)))
|
|
3372
|
-
return false;
|
|
3373
|
-
return true;
|
|
3374
|
-
} catch (e) {
|
|
3375
|
-
return null;
|
|
3376
|
-
}
|
|
3377
|
-
};
|
|
3378
3370
|
|
|
3379
3371
|
// src/features/analysis/scm/bitbucket/validation.ts
|
|
3380
3372
|
import { z as z11 } from "zod";
|
|
@@ -4550,6 +4542,7 @@ var BaseSubmitToScmMessageZ = z14.object({
|
|
|
4550
4542
|
fixes: z14.array(
|
|
4551
4543
|
z14.object({
|
|
4552
4544
|
fixId: z14.string().uuid(),
|
|
4545
|
+
patchesOriginalEncodingBase64: z14.array(z14.string()),
|
|
4553
4546
|
patches: z14.array(z14.string())
|
|
4554
4547
|
})
|
|
4555
4548
|
),
|
|
@@ -4652,7 +4645,7 @@ var isValidBranchName = async (branchName) => {
|
|
|
4652
4645
|
var FixesZ = z15.array(
|
|
4653
4646
|
z15.object({
|
|
4654
4647
|
fixId: z15.string(),
|
|
4655
|
-
|
|
4648
|
+
patchesOriginalEncodingBase64: z15.array(z15.string())
|
|
4656
4649
|
})
|
|
4657
4650
|
).nonempty();
|
|
4658
4651
|
|
|
@@ -4963,16 +4956,33 @@ var AdoSCMLib = class extends SCMLib {
|
|
|
4963
4956
|
}
|
|
4964
4957
|
async createSubmitRequest(params) {
|
|
4965
4958
|
this._validateAccessTokenAndUrl();
|
|
4966
|
-
|
|
4967
|
-
|
|
4968
|
-
|
|
4969
|
-
|
|
4970
|
-
|
|
4971
|
-
|
|
4972
|
-
|
|
4973
|
-
|
|
4974
|
-
|
|
4975
|
-
|
|
4959
|
+
for (let i = 0; i < 5; i++) {
|
|
4960
|
+
try {
|
|
4961
|
+
const { targetBranchName, sourceBranchName, title, body } = params;
|
|
4962
|
+
const adoSdk = await this.getAdoSdk();
|
|
4963
|
+
const pullRequestId = await adoSdk.createAdoPullRequest({
|
|
4964
|
+
title,
|
|
4965
|
+
body,
|
|
4966
|
+
targetBranchName,
|
|
4967
|
+
sourceBranchName,
|
|
4968
|
+
repoUrl: this.url
|
|
4969
|
+
});
|
|
4970
|
+
return String(pullRequestId);
|
|
4971
|
+
} catch (e) {
|
|
4972
|
+
console.warn(
|
|
4973
|
+
`error creating pull request for ADO. Try number ${i + 1}`,
|
|
4974
|
+
e
|
|
4975
|
+
);
|
|
4976
|
+
await setTimeout3(1e3);
|
|
4977
|
+
if (4 === i) {
|
|
4978
|
+
console.error("error creating pull request for ADO", e);
|
|
4979
|
+
throw e;
|
|
4980
|
+
}
|
|
4981
|
+
}
|
|
4982
|
+
}
|
|
4983
|
+
throw new Error(
|
|
4984
|
+
"error creating pull request for ADO, should not reach here"
|
|
4985
|
+
);
|
|
4976
4986
|
}
|
|
4977
4987
|
async validateParams() {
|
|
4978
4988
|
return adoValidateParams({
|
|
@@ -5600,15 +5610,18 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
5600
5610
|
});
|
|
5601
5611
|
return String(z16.number().parse(pullRequestRes.id));
|
|
5602
5612
|
} catch (e) {
|
|
5603
|
-
console.warn(
|
|
5613
|
+
console.warn(
|
|
5614
|
+
`error creating pull request for BB. Try number ${i + 1}`,
|
|
5615
|
+
e
|
|
5616
|
+
);
|
|
5604
5617
|
await setTimeout3(1e3);
|
|
5605
5618
|
if (4 === i) {
|
|
5606
|
-
console.error("error creating pull request", e);
|
|
5619
|
+
console.error("error creating pull request for BB", e);
|
|
5607
5620
|
throw e;
|
|
5608
5621
|
}
|
|
5609
5622
|
}
|
|
5610
5623
|
}
|
|
5611
|
-
throw new Error("error creating pull request, should not reach here");
|
|
5624
|
+
throw new Error("error creating pull request for BB, should not reach here");
|
|
5612
5625
|
}
|
|
5613
5626
|
async validateParams() {
|
|
5614
5627
|
return validateBitbucketParams({
|
|
@@ -8483,8 +8496,6 @@ Example:
|
|
|
8483
8496
|
}
|
|
8484
8497
|
var UrlZ = z23.string({
|
|
8485
8498
|
invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
|
|
8486
|
-
}).refine((data) => !!sanityRepoURL(data), {
|
|
8487
|
-
message: `is not a valid ${Object.values(ScmType).join(" / ")} URL`
|
|
8488
8499
|
});
|
|
8489
8500
|
function validateOrganizationId(organizationId) {
|
|
8490
8501
|
const orgIdValidation = z23.string().uuid().nullish().safeParse(organizationId);
|