npm - mobbdev - Versions diffs - 1.0.11 → 1.0.13 - Mend

mobbdev 1.0.11 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +47 -15
package/package.json +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -51,6 +51,7 @@ var Language = /* @__PURE__ */ ((Language2) => {
   Language2["Csharp"] = "CSHARP";
   Language2["Java"] = "JAVA";
   Language2["Js"] = "JS";
+  Language2["Php"] = "PHP";
   Language2["Python"] = "PYTHON";
   Language2["Sql"] = "SQL";
   Language2["Xml"] = "XML";
@@ -100,6 +101,7 @@ var IssueLanguage_Enum = /* @__PURE__ */ ((IssueLanguage_Enum2) => {
   IssueLanguage_Enum2["Cpp"] = "Cpp";
   IssueLanguage_Enum2["Java"] = "Java";
   IssueLanguage_Enum2["JavaScript"] = "JavaScript";
+  IssueLanguage_Enum2["Php"] = "PHP";
   IssueLanguage_Enum2["Python"] = "Python";
   IssueLanguage_Enum2["Sql"] = "SQL";
   IssueLanguage_Enum2["Xml"] = "XML";
@@ -1909,6 +1911,10 @@ var vulnerabilities3 = {
 };
 var javascript_default = vulnerabilities3;
+// src/features/analysis/scm/shared/src/storedFixData/php/index.ts
+var vulnerabilities4 = {};
+var php_default = vulnerabilities4;
 // src/features/analysis/scm/shared/src/storedFixData/python/autoEscapeFalse.ts
 var autoEscapeFalse = {
   guidance: () => `This fix enables automatic escaping for HTML. When that's enabled, everything is escaped by default except for values explicitly marked as safe. Variables and expressions can be marked as safe either in:
@@ -1929,10 +1935,10 @@ See more information [here](https://jinja.palletsprojects.com/en/3.1.x/templates
 };
 // src/features/analysis/scm/shared/src/storedFixData/python/index.ts
-var vulnerabilities4 = {
+var vulnerabilities5 = {
   ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: autoEscapeFalse
 };
-var python_default = vulnerabilities4;
+var python_default = vulnerabilities5;
 // src/features/analysis/scm/shared/src/storedFixData/sql/defaultRightsInObjDefinition.ts
 var defaultRightsInObjDefinition = {
@@ -1940,16 +1946,16 @@ var defaultRightsInObjDefinition = {
 };
 // src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
-var vulnerabilities5 = {
+var vulnerabilities6 = {
   ["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: defaultRightsInObjDefinition
 };
-var sql_default = vulnerabilities5;
+var sql_default = vulnerabilities6;
 // src/features/analysis/scm/shared/src/storedFixData/xml/index.ts
-var vulnerabilities6 = {
+var vulnerabilities7 = {
   ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment
 };
-var xml_default = vulnerabilities6;
+var xml_default = vulnerabilities7;
 // src/features/analysis/scm/shared/src/storedFixData/index.ts
 var StoredFixDataItemZ = z6.object({
@@ -1961,7 +1967,8 @@ var languages = {
   ["CSharp" /* CSharp */]: csharp_default,
   ["SQL" /* Sql */]: sql_default,
   ["XML" /* Xml */]: xml_default,
-  ["Python" /* Python */]: python_default
+  ["Python" /* Python */]: python_default,
+  ["PHP" /* Php */]: php_default
 };
 // src/features/analysis/scm/shared/src/storedQuestionData/index.ts
@@ -2251,7 +2258,7 @@ var xxe = {
 };
 // src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
-var vulnerabilities7 = {
+var vulnerabilities8 = {
   ["LOG_FORGING" /* LogForging */]: logForging,
   ["SSRF" /* Ssrf */]: ssrf2,
   ["XXE" /* Xxe */]: xxe,
@@ -2271,7 +2278,7 @@ var vulnerabilities7 = {
   ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: insufficientLogging,
   ["SQL_Injection" /* SqlInjection */]: sqlInjection2
 };
-var csharp_default2 = vulnerabilities7;
+var csharp_default2 = vulnerabilities8;
 // src/features/analysis/scm/shared/src/storedQuestionData/java/commandInjection.ts
 var commandInjection = {
@@ -2707,7 +2714,7 @@ var xxe2 = {
 };
 // src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
-var vulnerabilities8 = {
+var vulnerabilities9 = {
   ["SQL_Injection" /* SqlInjection */]: sqlInjection3,
   ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: relativePathCommand,
   ["CMDi" /* CmDi */]: commandInjection,
@@ -2731,7 +2738,7 @@ var vulnerabilities8 = {
   ["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: leftoverDebugCode,
   ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: erroneousStringCompare
 };
-var java_default2 = vulnerabilities8;
+var java_default2 = vulnerabilities9;
 // src/features/analysis/scm/shared/src/storedQuestionData/js/commandInjection.ts
 var commandInjection2 = {
@@ -3011,11 +3018,16 @@ var xss3 = {
     content: () => "Is the parameter passed to the $() function a string",
     description: () => "",
     guidance: () => ""
+  },
+  isSanitized: {
+    content: ({ expression }) => `Is the expression \`${expression}\` supposed to be not sanitized in this context?`,
+    description: () => "You are using unsafe string substitution in the template. This means that if the expression can contain maliciously crafted data, it may lead to XSS injection. To apply the fix, you have to make sure the expression is not sanitized on the backend already, and it does not represent an HTML code block.",
+    guidance: () => ""
   }
 };
 // src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
-var vulnerabilities9 = {
+var vulnerabilities10 = {
   ["CMDi" /* CmDi */]: commandInjection2,
   ["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: graphqlDepthLimit,
   ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness2,
@@ -3036,7 +3048,7 @@ var vulnerabilities9 = {
   ["MISSING_CSP_HEADER" /* MissingCspHeader */]: cspHeaderValue,
   ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: hardcodedDomainInHtml
 };
-var js_default = vulnerabilities9;
+var js_default = vulnerabilities10;
 // src/features/analysis/scm/shared/src/storedQuestionData/xml/unboundedOccurrences.ts
 var unboundedOccurrences = {
@@ -3050,10 +3062,10 @@ A value too high will cause performance issues up to and including denial of ser
 };
 // src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
-var vulnerabilities10 = {
+var vulnerabilities11 = {
   ["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: unboundedOccurrences
 };
-var xml_default2 = vulnerabilities10;
+var xml_default2 = vulnerabilities11;
 // src/features/analysis/scm/shared/src/storedQuestionData/index.ts
 var StoredQuestionDataItemZ = z7.object({
@@ -4599,6 +4611,10 @@ var AdoSCMLib = class extends SCMLib {
       prNumber
     });
   }
+  async getPrId(prUrl) {
+    const match = prUrl.match(/\/pullrequest\/(\d+)/);
+    return match?.[1] || "";
+  }
   async getCommitUrl(commitId) {
     this._validateUrl();
     const adoSdk = await this.getAdoSdk();
@@ -5124,6 +5140,10 @@ var BitbucketSCMLib = class extends SCMLib {
       `https://bitbucket.org/${workspace}/${repoSlug}/pull-requests/${prNumber}`
     );
   }
+  async getPrId(prUrl) {
+    const match = prUrl.match(/\/pull-requests\/(\d+)/);
+    return match?.[1] || "";
+  }
   getCommitUrl(commitId) {
     this._validateUrl();
     const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
@@ -5326,6 +5346,10 @@ var GithubSCMLib = class extends SCMLib {
     });
     return getPrRes.data.html_url;
   }
+  async getPrId(prUrl) {
+    const match = prUrl.match(/\/pull\/(\d+)/);
+    return match?.[1] || "";
+  }
   async getCommitUrl(commitId) {
     this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
@@ -5888,6 +5912,10 @@ var GitlabSCMLib = class extends SCMLib {
     });
     return res.web_url;
   }
+  async getPrId(prUrl) {
+    const match = prUrl.match(/\/merge_requests\/(\d+)/);
+    return match?.[1] || "";
+  }
   async getCommitUrl(commitId) {
     this._validateAccessTokenAndUrl();
     const res = await getGitlabCommitUrl({
@@ -5971,6 +5999,10 @@ var StubSCMLib = class extends SCMLib {
     console.error("getPr() not implemented");
     throw new Error("getPr() not implemented");
   }
+  async getPrId(_prUrl) {
+    console.error("getPrId() not implemented");
+    throw new Error("getPrId() not implemented");
+  }
   async getCommitUrl(_commitId) {
     console.error("getCommitUrl() not implemented");
     throw new Error("getCommitUrl() not implemented");

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.11",
+  "version": "1.0.13",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",