npm - mobbdev - Versions diffs - 1.0.116 → 1.0.117 - Mend

mobbdev 1.0.116 → 1.0.117

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +176 -43
package/package.json +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -392,6 +392,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["HeapInspection"] = "HEAP_INSPECTION";
   IssueType_Enum2["HtmlCommentInJsp"] = "HTML_COMMENT_IN_JSP";
   IssueType_Enum2["HttpOnlyCookie"] = "HTTP_ONLY_COOKIE";
+  IssueType_Enum2["HttpParameterPollution"] = "HTTP_PARAMETER_POLLUTION";
   IssueType_Enum2["HttpResponseSplitting"] = "HTTP_RESPONSE_SPLITTING";
   IssueType_Enum2["IframeWithoutSandbox"] = "IFRAME_WITHOUT_SANDBOX";
   IssueType_Enum2["ImproperExceptionHandling"] = "IMPROPER_EXCEPTION_HANDLING";
@@ -1464,6 +1465,10 @@ var fixDetailsData = {
   ["STRING_TERMINATION_ERROR" /* StringTerminationError */]: {
     issueDescription: "String Termination Error occurs when a string is not properly terminated, leading to unexpected behavior or security vulnerabilities.",
     fixInstructions: "Implement proper input validation and bounds checking to prevent string termination errors. Use safe string manipulation functions and ensure that the buffer size is properly managed."
+  },
+  ["HTTP_PARAMETER_POLLUTION" /* HttpParameterPollution */]: {
+    issueDescription: "HTTP Parameter Pollution occurs when an attacker can manipulate the parameters of an HTTP request to change the behavior of the server.",
+    fixInstructions: "Implement proper input validation and bounds checking to prevent HTTP parameter pollution. Use safe string manipulation functions and ensure that the buffer size is properly managed."
   }
 };
@@ -1580,7 +1585,8 @@ var issueTypeMap = {
   ["REDOS" /* Redos */]: "Regular Expression Denial of Service",
   ["DO_NOT_THROW_GENERIC_EXCEPTION" /* DoNotThrowGenericException */]: "Do Not Throw Generic Exception",
   ["BUFFER_OVERFLOW" /* BufferOverflow */]: "Buffer Overflow",
-  ["STRING_TERMINATION_ERROR" /* StringTerminationError */]: "String Termination Error"
+  ["STRING_TERMINATION_ERROR" /* StringTerminationError */]: "String Termination Error",
+  ["HTTP_PARAMETER_POLLUTION" /* HttpParameterPollution */]: "HTTP Parameter Pollution"
 };
 var issueTypeZ = z.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -5171,9 +5177,7 @@ var MCP_PERIODIC_CHECK_INTERVAL = 15 * 60 * 1e3;
 var MCP_DEFAULT_MAX_FILES_TO_SCAN = 10;
 var MCP_REPORT_ID_EXPIRATION_MS = 2 * 60 * 60 * 1e3;
 var MCP_TOOLS_BROWSER_COOLDOWN_MS = 24 * 60 * 60 * 1e3;
-var MCP_TOOL_CHECK_FOR_NEW_AVAILABLE_FIXES = "check_for_new_available_fixes";
-var MCP_TOOL_FETCH_AVAILABLE_FIXES = "fetch_available_fixes";
-var MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES = "scan_and_fix_vulnerabilities";
+var MCP_DEFAULT_LIMIT = 3;
 // src/features/analysis/scm/FileUtils.ts
 import fs2 from "fs";
@@ -5572,6 +5576,27 @@ var GitService = class {
       throw new Error(errorMessage);
     }
   }
+  /**
+   * Gets both the current commit hash and current branch name
+   */
+  async getCurrentCommitAndBranch() {
+    this.log("Getting current commit hash and branch", "debug");
+    try {
+      const [hash, branch] = await Promise.all([
+        this.git.revparse(["HEAD"]),
+        this.git.revparse(["--abbrev-ref", "HEAD"])
+      ]);
+      this.log("Current commit hash and branch retrieved", "debug", {
+        hash,
+        branch
+      });
+      return { hash, branch };
+    } catch (error) {
+      const errorMessage = `Failed to get current commit hash and branch: ${error.message}`;
+      this.log(errorMessage, "error", { error });
+      return { hash: "", branch: "" };
+    }
+  }
   /**
    * Gets the remote repository URL
    */
@@ -5601,24 +5626,37 @@ var GitService = class {
     }
   }
   /**
-   * Gets the maxFiles most recently changed files based on commit history
+   * Gets the maxFiles most recently changed files, starting with current changes and then from commit history
    */
   async getRecentlyChangedFiles({
     maxFiles = MCP_DEFAULT_MAX_FILES_TO_SCAN
   }) {
     this.log(
-      `Getting the ${maxFiles} most recently changed files from commit history`,
+      `Getting the ${maxFiles} most recently changed files, starting with current changes`,
       "debug"
     );
     try {
+      const currentChanges = await this.getChangedFiles();
       const gitRoot = await this.git.revparse(["--show-toplevel"]);
       const relativePathFromGitRoot = path2.relative(
         gitRoot,
         this.repositoryPath
       );
       const fileSet = /* @__PURE__ */ new Set();
-      const files = [];
       let commitsProcessed = 0;
+      for (const file of currentChanges.files) {
+        if (fileSet.size >= maxFiles) {
+          break;
+        }
+        const fullPath = path2.join(this.repositoryPath, file);
+        if (FileUtils.shouldPackFile(fullPath) && !file.startsWith("..")) {
+          fileSet.add(file);
+        }
+      }
+      this.log(`Added ${fileSet.size} files from current changes`, "debug", {
+        filesFromCurrentChanges: fileSet.size,
+        currentChangesTotal: currentChanges.files.length
+      });
       const logResult = await this.git.log({
         maxCount: maxFiles * 5,
         // 5 times the max files to scan to ensure we find enough files
@@ -5631,7 +5669,7 @@ var GitService = class {
         }
       });
       for (const commit of logResult.all) {
-        if (files.length >= maxFiles) {
+        if (fileSet.size >= maxFiles) {
           break;
         }
         commitsProcessed++;
@@ -5643,7 +5681,7 @@ var GitService = class {
           ]);
           const commitFiles = filesOutput.split("\n").filter((file) => file.trim() !== "");
           for (const file of commitFiles) {
-            if (files.length >= maxFiles) {
+            if (fileSet.size >= maxFiles) {
               break;
             }
             const gitRelativePath = file.trim();
@@ -5663,7 +5701,6 @@ var GitService = class {
             this.log(`Considering file: ${adjustedPath}`, "debug");
             if (!fileSet.has(adjustedPath) && FileUtils.shouldPackFile(path2.join(gitRoot, gitRelativePath)) && !adjustedPath.startsWith("..")) {
               fileSet.add(adjustedPath);
-              files.push(adjustedPath);
             }
           }
         } catch (showError) {
@@ -5672,6 +5709,7 @@ var GitService = class {
           });
         }
       }
+      const files = Array.from(fileSet);
       this.log("Recently changed files retrieved", "info", {
         fileCount: files.length,
         commitsProcessed,
@@ -11871,7 +11909,7 @@ var McpGQLClient = class {
   }
   async getLatestReportByRepoUrl({
     repoUrl,
-    limit = 3,
+    limit = MCP_DEFAULT_LIMIT,
     offset = 0
   }) {
     try {
@@ -11922,7 +11960,7 @@ var McpGQLClient = class {
   }
   async getReportFixesPaginated({
     reportId,
-    limit = 3,
+    limit = MCP_DEFAULT_LIMIT,
     offset = 0,
     issueType,
     severity
@@ -12012,6 +12050,11 @@ async function createAuthenticatedMcpGQLClient({
   return new McpGQLClient({ apiKey: newApiToken, type: "apiKey" });
 }
+// src/mcp/tools/toolNames.ts
+var MCP_TOOL_CHECK_FOR_NEW_AVAILABLE_FIXES = "check_for_new_available_fixes";
+var MCP_TOOL_FETCH_AVAILABLE_FIXES = "fetch_available_fixes";
+var MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES = "scan_and_fix_vulnerabilities";
 // src/mcp/core/ToolRegistry.ts
 var ToolRegistry = class {
   constructor() {
@@ -12383,6 +12426,47 @@ function friendlyType(s) {
 }
 var noFixesReturnedForParameters = `No fixes returned for the given offset and limit parameters.
 `;
+var noFixesReturnedForParametersWithGuidance = ({
+  offset,
+  limit,
+  totalCount,
+  currentTool
+}) => `## No Fixes Returned for Current Parameters
+**\u{1F4C4} Current Request:**
+- **Page:** ${Math.floor(offset / limit) + 1}
+- **Offset:** ${offset}
+- **Limit:** ${limit}
+**\u274C Result:** No fixes returned for the given offset and limit parameters.
+**\u2139\uFE0F Available Fixes:** ${totalCount} total fixes are available, but your current offset (${offset}) is beyond the available range.
+**\u2705 How to Get the Fixes:**
+To retrieve the available fixes, use one of these approaches:
+1. **Start from the beginning:**
+   \`\`\`
+   offset: 0
+   \`\`\`
+2. **Go to the first page:**
+   \`\`\`
+   offset: 0
+   limit: ${limit}
+   \`\`\`
+3. **Get all fixes at once:**
+   \`\`\`
+   offset: 0
+   limit: ${totalCount}
+   \`\`\`
+**\u{1F4CB} Valid offset range:** 0 to ${Math.max(0, totalCount - 1)}
+To fetch the fixes, run the \`${currentTool}\` tool again with the corrected parameters.
+`;
 var applyFixesPrompt = ({
   fixes,
   hasMore,
@@ -12390,11 +12474,22 @@ var applyFixesPrompt = ({
   nextOffset,
   shownCount,
   currentTool,
-  offset = 0
+  offset,
+  limit
 }) => {
   if (fixes.length === 0) {
+    if (totalCount > 0) {
+      return noFixesReturnedForParametersWithGuidance({
+        offset,
+        limit,
+        totalCount,
+        currentTool
+      });
+    }
     return noFixesReturnedForParameters;
   }
+  const currentPage = Math.floor(offset / limit) + 1;
+  const totalPages = Math.ceil(totalCount / limit);
   const fixList = fixes.map((fix) => {
     const vulnerabilityType = friendlyType(fix.safeIssueType);
     const vulnerabilityDescription = fix.patchAndQuestions?.__typename === "FixData" ? fix.patchAndQuestions.extraContext?.fixDescription : void 0;
@@ -12448,6 +12543,12 @@ If you cannot apply a patch:
 # SECURITY FIXES TO APPLY
+## \u{1F4C4} Pagination Info
+- **Page:** ${currentPage} of ${totalPages}
+- **Offset:** ${offset}
+- **Limit:** ${limit}
+- **Showing:** ${shownCount} of ${totalCount} total fixes
 ${fixList.map(
     (fix, index) => `
 ## Fix ${offset + index + 1}: ${fix.vulnerabilityType}
@@ -12485,9 +12586,9 @@ You have viewed ${shownCount} out of ${totalCount} available fixes.
 To fetch additional fixes, run the \`${currentTool}\` tool again with the following parameters:
 - **offset**: ${nextOffset}  _(start index for the next batch)_
-- **limit**:  <number_of_fixes_to_return>  _(optional \u2013 default is 3)_
+- **limit**:  <number_of_fixes_to_return>  _(optional \u2013 default is ${MCP_DEFAULT_LIMIT})_
-If you omit both **offset** and **limit**, the command will automatically return the next 3 fixes.
+If you omit both **offset** and **limit**, the command will automatically return the next ${MCP_DEFAULT_LIMIT} fixes.
 ` : ""}
 `;
 };
@@ -12544,7 +12645,8 @@ var noFixesAvailablePrompt = `There are no fixes available for this repository a
 `;
 var fixesFoundPrompt = ({
   fixReport,
-  offset
+  offset,
+  limit
 }) => {
   const totalFixes = fixReport.filteredFixesCount.aggregate?.count || 0;
   if (totalFixes === 0) {
@@ -12585,10 +12687,11 @@ ${applyFixesPrompt({
     fixes: fixReport.fixes,
     totalCount: totalFixes,
     hasMore,
-    nextOffset: 0,
+    nextOffset,
     shownCount: fixReport.fixes.length,
     currentTool: MCP_TOOL_FETCH_AVAILABLE_FIXES,
-    offset
+    offset,
+    limit
   })}`;
 };
 var nextStepsPrompt = ({ scannedFiles }) => `
@@ -12625,7 +12728,8 @@ var fixesPrompt = ({
   fixes,
   totalCount,
   offset,
-  scannedFiles
+  scannedFiles,
+  limit
 }) => {
   if (totalCount === 0) {
     return noFixesFoundPrompt({ scannedFiles });
@@ -12642,7 +12746,8 @@ ${applyFixesPrompt({
     nextOffset,
     shownCount,
     currentTool: MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES,
-    offset
+    offset,
+    limit
   })}
 ${nextStepsPrompt({ scannedFiles })}
@@ -12650,7 +12755,10 @@ ${nextStepsPrompt({ scannedFiles })}
 };
 var noFreshFixesPrompt = `No fresh fixes available for this repository at this time. No user message needed. Do not show any comments to the user.`;
 var initialScanInProgressPrompt = `Initial scan is still in progress. No user message needed. Do not show any comments to the user.`;
-var freshFixesPrompt = ({ fixes }) => {
+var freshFixesPrompt = ({
+  fixes,
+  limit
+}) => {
   return `Here are the fresh fixes to the vulnerabilities discovered by Mobb MCP
 ${applyFixesPrompt({
@@ -12660,7 +12768,8 @@ ${applyFixesPrompt({
     nextOffset: 0,
     shownCount: fixes.length,
     currentTool: MCP_TOOL_FETCH_AVAILABLE_FIXES,
-    offset: 0
+    offset: 0,
+    limit
   })}
 `;
 };
@@ -12859,7 +12968,11 @@ var FileOperations = class {
 };
 // src/mcp/services/ScanFiles.ts
-var scanFiles = async (fileList, repositoryPath, gqlClient) => {
+var scanFiles = async ({
+  fileList,
+  repositoryPath,
+  gqlClient
+}) => {
   const repoUploadInfo = await initializeSecurityReport(gqlClient);
   const fixReportId = repoUploadInfo.fixReportId;
   const fileOperations = new FileOperations();
@@ -12870,7 +12983,17 @@ var scanFiles = async (fileList, repositoryPath, gqlClient) => {
   );
   await uploadSourceCodeArchive(packingResult.archive, repoUploadInfo);
   const projectId = await getProjectId(gqlClient);
-  await executeSecurityScan({ fixReportId, projectId, gqlClient });
+  const gitService = new GitService(repositoryPath);
+  const { branch } = await gitService.getCurrentCommitAndBranch();
+  const repoUrl = await gitService.getRemoteUrl();
+  await executeSecurityScan({
+    fixReportId,
+    projectId,
+    gqlClient,
+    repoUrl: repoUrl || "",
+    branchName: branch || "no-branch",
+    sha: "0123456789abcdef"
+  });
   return {
     fixReportId,
     projectId
@@ -12925,7 +13048,10 @@ var getProjectId = async (gqlClient) => {
 var executeSecurityScan = async ({
   fixReportId,
   projectId,
-  gqlClient
+  gqlClient,
+  repoUrl,
+  branchName,
+  sha
 }) => {
   if (!gqlClient) {
     throw new GqlClientError();
@@ -12934,11 +13060,15 @@ var executeSecurityScan = async ({
   const submitVulnerabilityReportVariables = {
     fixReportId,
     projectId,
-    repoUrl: "",
-    reference: "no-branch",
-    scanSource: "MCP" /* Mcp */
+    repoUrl,
+    reference: branchName,
+    scanSource: "MCP" /* Mcp */,
+    sha
   };
   logInfo("Submitting vulnerability report");
+  logDebug("Submit vulnerability report variables", {
+    submitVulnerabilityReportVariables
+  });
   const submitRes = await gqlClient.submitVulnerabilityReport(
     submitVulnerabilityReportVariables
   );
@@ -13041,11 +13171,11 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       return;
     }
     logDebug("Files requiring security scan", { filesToScan });
-    const { fixReportId, projectId } = await scanFiles(
-      filesToScan.map((file) => file.relativePath),
-      path13,
-      this.gqlClient
-    );
+    const { fixReportId, projectId } = await scanFiles({
+      fileList: filesToScan.map((file) => file.relativePath),
+      repositoryPath: path13,
+      gqlClient: this.gqlClient
+    });
     logInfo(
       `Security scan completed for ${path13} reportId: ${fixReportId} projectId: ${projectId}`
     );
@@ -13136,10 +13266,10 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     });
   }
   generateFreshFixesResponse() {
-    const freshFixes = this.freshFixes.splice(0, 3);
+    const freshFixes = this.freshFixes.splice(0, MCP_DEFAULT_LIMIT);
     if (freshFixes.length > 0) {
       this.reportedFixes.push(...freshFixes);
-      return freshFixesPrompt({ fixes: freshFixes });
+      return freshFixesPrompt({ fixes: freshFixes, limit: MCP_DEFAULT_LIMIT });
     }
     return noFreshFixesPrompt;
   }
@@ -13238,7 +13368,7 @@ var _FetchAvailableFixesService = class _FetchAvailableFixesService {
   }
   async checkForAvailableFixes({
     repoUrl,
-    limit = 3,
+    limit = MCP_DEFAULT_LIMIT,
     offset
   }) {
     try {
@@ -13270,7 +13400,8 @@ var _FetchAvailableFixesService = class _FetchAvailableFixesService {
       logInfo(`Successfully retrieved available fixes for ${repoUrl}`);
       const prompt = fixesFoundPrompt({
         fixReport,
-        offset: effectiveOffset
+        offset: effectiveOffset,
+        limit
       });
       this.currentOffset = effectiveOffset + (fixReport.fixes?.length || 0);
       return prompt;
@@ -13435,21 +13566,22 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
         logInfo("Scanning files");
         this.reset();
         this.validateFiles(fileList);
-        const scanResult = await scanFiles(
+        const scanResult = await scanFiles({
           fileList,
           repositoryPath,
-          this.gqlClient
-        );
+          gqlClient: this.gqlClient
+        });
         fixReportId = scanResult.fixReportId;
       } else {
         logInfo("Using stored fixReportId");
       }
       const effectiveOffset = offset ?? (this.currentOffset || 0);
+      const effectiveLimit = limit ?? MCP_DEFAULT_LIMIT;
       logDebug("effectiveOffset", { effectiveOffset });
       const fixes = await this.getReportFixes(
         fixReportId,
         effectiveOffset,
-        limit
+        effectiveLimit
       );
       logInfo(`Found ${fixes.totalCount} fixes`);
       if (fixes.totalCount > 0) {
@@ -13462,7 +13594,8 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
         fixes: fixes.fixes,
         totalCount: fixes.totalCount,
         offset: effectiveOffset,
-        scannedFiles: [...fileList]
+        scannedFiles: [...fileList],
+        limit: effectiveLimit
       });
       this.currentOffset = effectiveOffset + (fixes.fixes?.length || 0);
       return prompt;
@@ -13625,7 +13758,7 @@ Example payload:
     try {
       const fixResult = await this.vulnerabilityFixService.processVulnerabilities({
         fileList: files.map((file) => file.relativePath),
-        repositoryPath: args.path,
+        repositoryPath: path13,
         offset: args.offset,
         limit: args.limit,
         isRescan: args.rescan || !!args.maxFiles

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.116",
+  "version": "1.0.117",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",