mobbdev 1.0.109 → 1.0.110

package/dist/index.mjs

@@ -1609,9 +1609,9 @@ function getParsedFalsePositiveMessage(data) {
   const containsTemplate = extraContext.some(
     (context) => fixDescription.includes(`\${${context.key}}`)
   );
-  const description2 = containsTemplate ? replaceKeysWithValues(fixDescription, extraContext) : fixDescription;
+  const description = containsTemplate ? replaceKeysWithValues(fixDescription, extraContext) : fixDescription;
   const contextString = containsTemplate ? null : `\`\`\`${extraContext.map(({ value }) => value).join(" ")} \`\`\``;
-  return { description: description2, contextString };
+  return { description, contextString };
 }
 
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -1637,7 +1637,7 @@ var getCommitDescription = ({
   irrelevantIssueWithTags
 }) => {
   const issueTypeString = getIssueTypeFriendlyString(issueType);
-  let description2 = `This change fixes a **${severity} severity** (${severityToEmoji[severity]}) **${issueTypeString}** issue reported by **${capitalizeFirstLetter(
+  let description = `This change fixes a **${severity} severity** (${severityToEmoji[severity]}) **${issueTypeString}** issue reported by **${capitalizeFirstLetter(
     vendor
   )}**.
 
@@ -1645,7 +1645,7 @@ var getCommitDescription = ({
   const parseIssueTypeRes = z2.nativeEnum(IssueType_Enum).safeParse(issueType);
   if (issueType && parseIssueTypeRes.success) {
     if (irrelevantIssueWithTags?.[0]?.tag) {
-      description2 += `
+      description += `
 > [!tip]
 > This issue was found to be irrelevant to your project - ${lowercaseFirstLetter(getTagTooltip(irrelevantIssueWithTags[0].tag))}.
 > Mobb recommends to ignore this issue, however fix is available if you think differently. 
@@ -1657,7 +1657,7 @@ ${issueDescription[irrelevantIssueWithTags[0].tag]}
     }
     const staticData = fixDetailsData[parseIssueTypeRes.data];
     if (staticData) {
-      description2 += `## Issue description
+      description += `## Issue description
 ${staticData.issueDescription}
  
 ## Fix instructions
@@ -1665,16 +1665,16 @@ ${staticData.fixInstructions}
 `;
     }
   }
-  description2 += `
+  description += `
 ${guidances.map(({ guidance }) => `## Additional actions required
  ${guidance}
 `).join("")}
 `;
   if (fixUrl) {
-    description2 += `
+    description += `
 [More info and fix customization are available in the Mobb platform](${fixUrl})`;
   }
-  return description2;
+  return description;
 };
 var getCommitIssueDescription = ({
   vendor,
@@ -1683,12 +1683,12 @@ var getCommitIssueDescription = ({
   fpDescription
 }) => {
   const issueTypeString = getIssueTypeFriendlyString(issueType);
-  let description2 = `The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
+  let description = `The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
 `;
   const parseIssueTypeRes = z2.nativeEnum(IssueType_Enum).safeParse(issueType);
   if (issueType && parseIssueTypeRes.success) {
     if (irrelevantIssueWithTags?.[0]?.tag) {
-      description2 = `
+      description = `
 > [!tip]
 > The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
 > ${issueTypeString} - ${lowercaseFirstLetter(getTagTooltip(irrelevantIssueWithTags[0].tag))}.
@@ -1701,12 +1701,12 @@ ${fpDescription ?? issueDescription[irrelevantIssueWithTags[0].tag]}
     }
     const staticData = fixDetailsData[parseIssueTypeRes.data];
     if (staticData) {
-      description2 += `## Issue description
+      description += `## Issue description
 ${staticData.issueDescription}
 `;
     }
   }
-  return description2;
+  return description;
 };
 
 // src/features/analysis/scm/shared/src/guidances.ts
@@ -2929,15 +2929,22 @@ var openRedirect2 = {
     description: () => "",
     guidance: () => ""
   },
-  allowlist: {
-    content: () => "Allowed domains/paths",
-    description: () => description,
+  domainAllowlist: {
+    content: () => "Allowed domains names",
+    description: () => "please provide a coma separated list of allowed domains names (example.com, example.org, etc.)",
+    guidance: () => ""
+  },
+  pathAllowlist: {
+    content: () => "Allowed paths (URIs)",
+    description: () => "please provide a coma separated list of allowed path (/health, /api/v1/health, etc.)",
+    guidance: () => ""
+  },
+  includeProtocolValidation: {
+    content: () => "Should HTTP or HTTPS protocol be enforced?",
+    description: () => "please indicate if the protocol should be enforced",
     guidance: () => ""
   }
 };
-var description = `- *If external*, provide a coma separated list of allowed domains. 
- 
-- *If internal*, provide a coma seperated list of allowed paths`;
 
 // src/features/analysis/scm/shared/src/storedQuestionData/js/pt.ts
 var pt3 = {
@@ -4696,11 +4703,11 @@ async function adoValidateParams({
     console.log("adoValidateParams error", e);
     const error = e;
     const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
-    const description2 = error.description || `${e}`;
-    if (code === 401 || code === 403 || description2.includes("401") || description2.includes("403")) {
+    const description = error.description || `${e}`;
+    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
       throw new InvalidAccessTokenError(`invalid ADO access token`);
     }
-    if (code === 404 || description2.includes("404") || description2.includes("Not Found")) {
+    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
       throw new InvalidRepoUrlError(`invalid ADO repo URL ${url}`);
     }
     console.log("adoValidateParams error", e);
@@ -7424,11 +7431,11 @@ async function gitlabValidateParams({
   } catch (e) {
     const error = e;
     const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
-    const description2 = error.description || `${e}`;
-    if (code === 401 || code === 403 || description2.includes("401") || description2.includes("403")) {
+    const description = error.description || `${e}`;
+    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
       throw new InvalidAccessTokenError(`invalid gitlab access token`);
     }
-    if (code === 404 || description2.includes("404") || description2.includes("Not Found")) {
+    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
       throw new InvalidRepoUrlError(`invalid gitlab repo URL: ${url}`);
     }
     console.log("gitlabValidateParams error", e);
@@ -9183,10 +9190,10 @@ async function addFixCommentsForPr({
           const parsedFpRes = await FalsePositivePartsZ.parseAsync(
             fpRes?.getFalsePositive
           );
-          const { description: description2, contextString } = getParsedFalsePositiveMessage(parsedFpRes);
-          fpDescription = contextString ? `${description2}
+          const { description, contextString } = getParsedFalsePositiveMessage(parsedFpRes);
+          fpDescription = contextString ? `${description}
 
-${contextString}` : description2;
+${contextString}` : description;
         }
         return await Promise.all(
           vulnerabilityReportIssue.codeNodes.map(

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.109",
+  "version": "1.0.110",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",