mobbdev 1.0.12 → 1.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +27 -15
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -51,6 +51,7 @@ var Language = /* @__PURE__ */ ((Language2) => {
|
|
|
51
51
|
Language2["Csharp"] = "CSHARP";
|
|
52
52
|
Language2["Java"] = "JAVA";
|
|
53
53
|
Language2["Js"] = "JS";
|
|
54
|
+
Language2["Php"] = "PHP";
|
|
54
55
|
Language2["Python"] = "PYTHON";
|
|
55
56
|
Language2["Sql"] = "SQL";
|
|
56
57
|
Language2["Xml"] = "XML";
|
|
@@ -100,6 +101,7 @@ var IssueLanguage_Enum = /* @__PURE__ */ ((IssueLanguage_Enum2) => {
|
|
|
100
101
|
IssueLanguage_Enum2["Cpp"] = "Cpp";
|
|
101
102
|
IssueLanguage_Enum2["Java"] = "Java";
|
|
102
103
|
IssueLanguage_Enum2["JavaScript"] = "JavaScript";
|
|
104
|
+
IssueLanguage_Enum2["Php"] = "PHP";
|
|
103
105
|
IssueLanguage_Enum2["Python"] = "Python";
|
|
104
106
|
IssueLanguage_Enum2["Sql"] = "SQL";
|
|
105
107
|
IssueLanguage_Enum2["Xml"] = "XML";
|
|
@@ -1909,6 +1911,10 @@ var vulnerabilities3 = {
|
|
|
1909
1911
|
};
|
|
1910
1912
|
var javascript_default = vulnerabilities3;
|
|
1911
1913
|
|
|
1914
|
+
// src/features/analysis/scm/shared/src/storedFixData/php/index.ts
|
|
1915
|
+
var vulnerabilities4 = {};
|
|
1916
|
+
var php_default = vulnerabilities4;
|
|
1917
|
+
|
|
1912
1918
|
// src/features/analysis/scm/shared/src/storedFixData/python/autoEscapeFalse.ts
|
|
1913
1919
|
var autoEscapeFalse = {
|
|
1914
1920
|
guidance: () => `This fix enables automatic escaping for HTML. When that's enabled, everything is escaped by default except for values explicitly marked as safe. Variables and expressions can be marked as safe either in:
|
|
@@ -1929,10 +1935,10 @@ See more information [here](https://jinja.palletsprojects.com/en/3.1.x/templates
|
|
|
1929
1935
|
};
|
|
1930
1936
|
|
|
1931
1937
|
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
1932
|
-
var
|
|
1938
|
+
var vulnerabilities5 = {
|
|
1933
1939
|
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: autoEscapeFalse
|
|
1934
1940
|
};
|
|
1935
|
-
var python_default =
|
|
1941
|
+
var python_default = vulnerabilities5;
|
|
1936
1942
|
|
|
1937
1943
|
// src/features/analysis/scm/shared/src/storedFixData/sql/defaultRightsInObjDefinition.ts
|
|
1938
1944
|
var defaultRightsInObjDefinition = {
|
|
@@ -1940,16 +1946,16 @@ var defaultRightsInObjDefinition = {
|
|
|
1940
1946
|
};
|
|
1941
1947
|
|
|
1942
1948
|
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
1943
|
-
var
|
|
1949
|
+
var vulnerabilities6 = {
|
|
1944
1950
|
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: defaultRightsInObjDefinition
|
|
1945
1951
|
};
|
|
1946
|
-
var sql_default =
|
|
1952
|
+
var sql_default = vulnerabilities6;
|
|
1947
1953
|
|
|
1948
1954
|
// src/features/analysis/scm/shared/src/storedFixData/xml/index.ts
|
|
1949
|
-
var
|
|
1955
|
+
var vulnerabilities7 = {
|
|
1950
1956
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment
|
|
1951
1957
|
};
|
|
1952
|
-
var xml_default =
|
|
1958
|
+
var xml_default = vulnerabilities7;
|
|
1953
1959
|
|
|
1954
1960
|
// src/features/analysis/scm/shared/src/storedFixData/index.ts
|
|
1955
1961
|
var StoredFixDataItemZ = z6.object({
|
|
@@ -1961,7 +1967,8 @@ var languages = {
|
|
|
1961
1967
|
["CSharp" /* CSharp */]: csharp_default,
|
|
1962
1968
|
["SQL" /* Sql */]: sql_default,
|
|
1963
1969
|
["XML" /* Xml */]: xml_default,
|
|
1964
|
-
["Python" /* Python */]: python_default
|
|
1970
|
+
["Python" /* Python */]: python_default,
|
|
1971
|
+
["PHP" /* Php */]: php_default
|
|
1965
1972
|
};
|
|
1966
1973
|
|
|
1967
1974
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
@@ -2251,7 +2258,7 @@ var xxe = {
|
|
|
2251
2258
|
};
|
|
2252
2259
|
|
|
2253
2260
|
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
|
|
2254
|
-
var
|
|
2261
|
+
var vulnerabilities8 = {
|
|
2255
2262
|
["LOG_FORGING" /* LogForging */]: logForging,
|
|
2256
2263
|
["SSRF" /* Ssrf */]: ssrf2,
|
|
2257
2264
|
["XXE" /* Xxe */]: xxe,
|
|
@@ -2271,7 +2278,7 @@ var vulnerabilities7 = {
|
|
|
2271
2278
|
["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: insufficientLogging,
|
|
2272
2279
|
["SQL_Injection" /* SqlInjection */]: sqlInjection2
|
|
2273
2280
|
};
|
|
2274
|
-
var csharp_default2 =
|
|
2281
|
+
var csharp_default2 = vulnerabilities8;
|
|
2275
2282
|
|
|
2276
2283
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/commandInjection.ts
|
|
2277
2284
|
var commandInjection = {
|
|
@@ -2707,7 +2714,7 @@ var xxe2 = {
|
|
|
2707
2714
|
};
|
|
2708
2715
|
|
|
2709
2716
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
2710
|
-
var
|
|
2717
|
+
var vulnerabilities9 = {
|
|
2711
2718
|
["SQL_Injection" /* SqlInjection */]: sqlInjection3,
|
|
2712
2719
|
["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: relativePathCommand,
|
|
2713
2720
|
["CMDi" /* CmDi */]: commandInjection,
|
|
@@ -2731,7 +2738,7 @@ var vulnerabilities8 = {
|
|
|
2731
2738
|
["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: leftoverDebugCode,
|
|
2732
2739
|
["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: erroneousStringCompare
|
|
2733
2740
|
};
|
|
2734
|
-
var java_default2 =
|
|
2741
|
+
var java_default2 = vulnerabilities9;
|
|
2735
2742
|
|
|
2736
2743
|
// src/features/analysis/scm/shared/src/storedQuestionData/js/commandInjection.ts
|
|
2737
2744
|
var commandInjection2 = {
|
|
@@ -3011,11 +3018,16 @@ var xss3 = {
|
|
|
3011
3018
|
content: () => "Is the parameter passed to the $() function a string",
|
|
3012
3019
|
description: () => "",
|
|
3013
3020
|
guidance: () => ""
|
|
3021
|
+
},
|
|
3022
|
+
isSanitized: {
|
|
3023
|
+
content: ({ expression }) => `Is the expression \`${expression}\` supposed to be not sanitized in this context?`,
|
|
3024
|
+
description: () => "You are using unsafe string substitution in the template. This means that if the expression can contain maliciously crafted data, it may lead to XSS injection. To apply the fix, you have to make sure the expression is not sanitized on the backend already, and it does not represent an HTML code block.",
|
|
3025
|
+
guidance: () => ""
|
|
3014
3026
|
}
|
|
3015
3027
|
};
|
|
3016
3028
|
|
|
3017
3029
|
// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
|
|
3018
|
-
var
|
|
3030
|
+
var vulnerabilities10 = {
|
|
3019
3031
|
["CMDi" /* CmDi */]: commandInjection2,
|
|
3020
3032
|
["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: graphqlDepthLimit,
|
|
3021
3033
|
["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness2,
|
|
@@ -3036,7 +3048,7 @@ var vulnerabilities9 = {
|
|
|
3036
3048
|
["MISSING_CSP_HEADER" /* MissingCspHeader */]: cspHeaderValue,
|
|
3037
3049
|
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: hardcodedDomainInHtml
|
|
3038
3050
|
};
|
|
3039
|
-
var js_default =
|
|
3051
|
+
var js_default = vulnerabilities10;
|
|
3040
3052
|
|
|
3041
3053
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/unboundedOccurrences.ts
|
|
3042
3054
|
var unboundedOccurrences = {
|
|
@@ -3050,10 +3062,10 @@ A value too high will cause performance issues up to and including denial of ser
|
|
|
3050
3062
|
};
|
|
3051
3063
|
|
|
3052
3064
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
3053
|
-
var
|
|
3065
|
+
var vulnerabilities11 = {
|
|
3054
3066
|
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: unboundedOccurrences
|
|
3055
3067
|
};
|
|
3056
|
-
var xml_default2 =
|
|
3068
|
+
var xml_default2 = vulnerabilities11;
|
|
3057
3069
|
|
|
3058
3070
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
3059
3071
|
var StoredQuestionDataItemZ = z7.object({
|