mobbdev 1.0.12 → 1.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +125 -34
- package/package.json +8 -8
package/dist/index.mjs
CHANGED
|
@@ -51,6 +51,7 @@ var Language = /* @__PURE__ */ ((Language2) => {
|
|
|
51
51
|
Language2["Csharp"] = "CSHARP";
|
|
52
52
|
Language2["Java"] = "JAVA";
|
|
53
53
|
Language2["Js"] = "JS";
|
|
54
|
+
Language2["Php"] = "PHP";
|
|
54
55
|
Language2["Python"] = "PYTHON";
|
|
55
56
|
Language2["Sql"] = "SQL";
|
|
56
57
|
Language2["Xml"] = "XML";
|
|
@@ -100,6 +101,7 @@ var IssueLanguage_Enum = /* @__PURE__ */ ((IssueLanguage_Enum2) => {
|
|
|
100
101
|
IssueLanguage_Enum2["Cpp"] = "Cpp";
|
|
101
102
|
IssueLanguage_Enum2["Java"] = "Java";
|
|
102
103
|
IssueLanguage_Enum2["JavaScript"] = "JavaScript";
|
|
104
|
+
IssueLanguage_Enum2["Php"] = "PHP";
|
|
103
105
|
IssueLanguage_Enum2["Python"] = "Python";
|
|
104
106
|
IssueLanguage_Enum2["Sql"] = "SQL";
|
|
105
107
|
IssueLanguage_Enum2["Xml"] = "XML";
|
|
@@ -590,8 +592,8 @@ var GitReferenceDocument = `
|
|
|
590
592
|
}
|
|
591
593
|
`;
|
|
592
594
|
var AutoPrAnalysisDocument = `
|
|
593
|
-
mutation autoPrAnalysis($analysisId: String
|
|
594
|
-
autoPrAnalysis(analysisId: $analysisId) {
|
|
595
|
+
mutation autoPrAnalysis($analysisId: String!, $commitDirectly: Boolean) {
|
|
596
|
+
autoPrAnalysis(analysisId: $analysisId, sameBranchCommit: $commitDirectly) {
|
|
595
597
|
__typename
|
|
596
598
|
... on AutoPrSuccess {
|
|
597
599
|
status
|
|
@@ -1740,7 +1742,10 @@ var fixDetailsData = {
|
|
|
1740
1742
|
},
|
|
1741
1743
|
["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: void 0,
|
|
1742
1744
|
["NON_READONLY_FIELD" /* NonReadonlyField */]: void 0,
|
|
1743
|
-
["CSRF" /* Csrf */]:
|
|
1745
|
+
["CSRF" /* Csrf */]: {
|
|
1746
|
+
issueDescription: "Cross Site Request Forgery is an attack that forces an end user to execute unwanted actions on a web application in which they\u2019re currently authenticated.",
|
|
1747
|
+
fixInstructions: "Configure a CSRF protection mechanism, such as a CSRF token, in your application."
|
|
1748
|
+
},
|
|
1744
1749
|
["WEAK_ENCRYPTION" /* WeakEncryption */]: void 0,
|
|
1745
1750
|
["CODE_IN_COMMENT" /* CodeInComment */]: void 0,
|
|
1746
1751
|
["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: void 0
|
|
@@ -1871,6 +1876,17 @@ var vulnerabilities2 = {
|
|
|
1871
1876
|
};
|
|
1872
1877
|
var java_default = vulnerabilities2;
|
|
1873
1878
|
|
|
1879
|
+
// src/features/analysis/scm/shared/src/storedFixData/python/csrf.ts
|
|
1880
|
+
var csrf = {
|
|
1881
|
+
guidance: () => `Please make sure the CSRF middleware is activated by default in the MIDDLEWARE setting. If you override that setting, remember that \`django.middleware.csrf.CsrfViewMiddleware\` should come before any view middleware that assume that CSRF attacks have been dealt with.
|
|
1882
|
+
|
|
1883
|
+
|
|
1884
|
+
If you disabled it, which is not recommended, you can use [\`csrf_protect()\`](https://docs.djangoproject.com/en/5.1/ref/csrf/#django.views.decorators.csrf.csrf_protect) annotation on this particular view.
|
|
1885
|
+
|
|
1886
|
+
|
|
1887
|
+
See more information [here](https://docs.djangoproject.com/en/5.1/howto/csrf/).`
|
|
1888
|
+
};
|
|
1889
|
+
|
|
1874
1890
|
// src/features/analysis/scm/shared/src/storedFixData/javascript/hardcodedSecrets.ts
|
|
1875
1891
|
var hardcodedSecrets = {
|
|
1876
1892
|
guidance: ({ questions }) => {
|
|
@@ -1905,10 +1921,15 @@ var vulnerabilities3 = {
|
|
|
1905
1921
|
["SSRF" /* Ssrf */]: ssrf,
|
|
1906
1922
|
["HARDCODED_SECRETS" /* HardcodedSecrets */]: hardcodedSecrets,
|
|
1907
1923
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment,
|
|
1908
|
-
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: noLimitsOrThrottling
|
|
1924
|
+
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: noLimitsOrThrottling,
|
|
1925
|
+
["CSRF" /* Csrf */]: csrf
|
|
1909
1926
|
};
|
|
1910
1927
|
var javascript_default = vulnerabilities3;
|
|
1911
1928
|
|
|
1929
|
+
// src/features/analysis/scm/shared/src/storedFixData/php/index.ts
|
|
1930
|
+
var vulnerabilities4 = {};
|
|
1931
|
+
var php_default = vulnerabilities4;
|
|
1932
|
+
|
|
1912
1933
|
// src/features/analysis/scm/shared/src/storedFixData/python/autoEscapeFalse.ts
|
|
1913
1934
|
var autoEscapeFalse = {
|
|
1914
1935
|
guidance: () => `This fix enables automatic escaping for HTML. When that's enabled, everything is escaped by default except for values explicitly marked as safe. Variables and expressions can be marked as safe either in:
|
|
@@ -1929,10 +1950,11 @@ See more information [here](https://jinja.palletsprojects.com/en/3.1.x/templates
|
|
|
1929
1950
|
};
|
|
1930
1951
|
|
|
1931
1952
|
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
1932
|
-
var
|
|
1933
|
-
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: autoEscapeFalse
|
|
1953
|
+
var vulnerabilities5 = {
|
|
1954
|
+
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: autoEscapeFalse,
|
|
1955
|
+
["CSRF" /* Csrf */]: csrf
|
|
1934
1956
|
};
|
|
1935
|
-
var python_default =
|
|
1957
|
+
var python_default = vulnerabilities5;
|
|
1936
1958
|
|
|
1937
1959
|
// src/features/analysis/scm/shared/src/storedFixData/sql/defaultRightsInObjDefinition.ts
|
|
1938
1960
|
var defaultRightsInObjDefinition = {
|
|
@@ -1940,16 +1962,16 @@ var defaultRightsInObjDefinition = {
|
|
|
1940
1962
|
};
|
|
1941
1963
|
|
|
1942
1964
|
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
1943
|
-
var
|
|
1965
|
+
var vulnerabilities6 = {
|
|
1944
1966
|
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: defaultRightsInObjDefinition
|
|
1945
1967
|
};
|
|
1946
|
-
var sql_default =
|
|
1968
|
+
var sql_default = vulnerabilities6;
|
|
1947
1969
|
|
|
1948
1970
|
// src/features/analysis/scm/shared/src/storedFixData/xml/index.ts
|
|
1949
|
-
var
|
|
1971
|
+
var vulnerabilities7 = {
|
|
1950
1972
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment
|
|
1951
1973
|
};
|
|
1952
|
-
var xml_default =
|
|
1974
|
+
var xml_default = vulnerabilities7;
|
|
1953
1975
|
|
|
1954
1976
|
// src/features/analysis/scm/shared/src/storedFixData/index.ts
|
|
1955
1977
|
var StoredFixDataItemZ = z6.object({
|
|
@@ -1961,7 +1983,8 @@ var languages = {
|
|
|
1961
1983
|
["CSharp" /* CSharp */]: csharp_default,
|
|
1962
1984
|
["SQL" /* Sql */]: sql_default,
|
|
1963
1985
|
["XML" /* Xml */]: xml_default,
|
|
1964
|
-
["Python" /* Python */]: python_default
|
|
1986
|
+
["Python" /* Python */]: python_default,
|
|
1987
|
+
["PHP" /* Php */]: php_default
|
|
1965
1988
|
};
|
|
1966
1989
|
|
|
1967
1990
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
@@ -2251,7 +2274,7 @@ var xxe = {
|
|
|
2251
2274
|
};
|
|
2252
2275
|
|
|
2253
2276
|
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
|
|
2254
|
-
var
|
|
2277
|
+
var vulnerabilities8 = {
|
|
2255
2278
|
["LOG_FORGING" /* LogForging */]: logForging,
|
|
2256
2279
|
["SSRF" /* Ssrf */]: ssrf2,
|
|
2257
2280
|
["XXE" /* Xxe */]: xxe,
|
|
@@ -2271,7 +2294,7 @@ var vulnerabilities7 = {
|
|
|
2271
2294
|
["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: insufficientLogging,
|
|
2272
2295
|
["SQL_Injection" /* SqlInjection */]: sqlInjection2
|
|
2273
2296
|
};
|
|
2274
|
-
var csharp_default2 =
|
|
2297
|
+
var csharp_default2 = vulnerabilities8;
|
|
2275
2298
|
|
|
2276
2299
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/commandInjection.ts
|
|
2277
2300
|
var commandInjection = {
|
|
@@ -2707,7 +2730,7 @@ var xxe2 = {
|
|
|
2707
2730
|
};
|
|
2708
2731
|
|
|
2709
2732
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
2710
|
-
var
|
|
2733
|
+
var vulnerabilities9 = {
|
|
2711
2734
|
["SQL_Injection" /* SqlInjection */]: sqlInjection3,
|
|
2712
2735
|
["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: relativePathCommand,
|
|
2713
2736
|
["CMDi" /* CmDi */]: commandInjection,
|
|
@@ -2731,7 +2754,16 @@ var vulnerabilities8 = {
|
|
|
2731
2754
|
["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: leftoverDebugCode,
|
|
2732
2755
|
["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: erroneousStringCompare
|
|
2733
2756
|
};
|
|
2734
|
-
var java_default2 =
|
|
2757
|
+
var java_default2 = vulnerabilities9;
|
|
2758
|
+
|
|
2759
|
+
// src/features/analysis/scm/shared/src/storedQuestionData/python/csrf.ts
|
|
2760
|
+
var csrf2 = {
|
|
2761
|
+
isPythonDjangoTemplate: {
|
|
2762
|
+
content: () => "Is the reported file Python Django template?",
|
|
2763
|
+
description: () => "",
|
|
2764
|
+
guidance: () => ""
|
|
2765
|
+
}
|
|
2766
|
+
};
|
|
2735
2767
|
|
|
2736
2768
|
// src/features/analysis/scm/shared/src/storedQuestionData/js/commandInjection.ts
|
|
2737
2769
|
var commandInjection2 = {
|
|
@@ -3011,11 +3043,16 @@ var xss3 = {
|
|
|
3011
3043
|
content: () => "Is the parameter passed to the $() function a string",
|
|
3012
3044
|
description: () => "",
|
|
3013
3045
|
guidance: () => ""
|
|
3046
|
+
},
|
|
3047
|
+
isSanitized: {
|
|
3048
|
+
content: ({ expression }) => `Is the expression \`${expression}\` supposed to be not sanitized in this context?`,
|
|
3049
|
+
description: () => "You are using unsafe string substitution in the template. This means that if the expression can contain maliciously crafted data, it may lead to XSS injection. To apply the fix, you have to make sure the expression is not sanitized on the backend already, and it does not represent an HTML code block.",
|
|
3050
|
+
guidance: () => ""
|
|
3014
3051
|
}
|
|
3015
3052
|
};
|
|
3016
3053
|
|
|
3017
3054
|
// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
|
|
3018
|
-
var
|
|
3055
|
+
var vulnerabilities10 = {
|
|
3019
3056
|
["CMDi" /* CmDi */]: commandInjection2,
|
|
3020
3057
|
["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: graphqlDepthLimit,
|
|
3021
3058
|
["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness2,
|
|
@@ -3034,9 +3071,43 @@ var vulnerabilities9 = {
|
|
|
3034
3071
|
["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition2,
|
|
3035
3072
|
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: noLimitsOrThrottling2,
|
|
3036
3073
|
["MISSING_CSP_HEADER" /* MissingCspHeader */]: cspHeaderValue,
|
|
3037
|
-
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: hardcodedDomainInHtml
|
|
3074
|
+
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: hardcodedDomainInHtml,
|
|
3075
|
+
["CSRF" /* Csrf */]: csrf2
|
|
3038
3076
|
};
|
|
3039
|
-
var js_default =
|
|
3077
|
+
var js_default = vulnerabilities10;
|
|
3078
|
+
|
|
3079
|
+
// src/features/analysis/scm/shared/src/storedQuestionData/python/logForging.ts
|
|
3080
|
+
var logForging4 = {
|
|
3081
|
+
isHtmlDisplay: {
|
|
3082
|
+
content: () => "Is the text written to the log going to be displayed as HTML?",
|
|
3083
|
+
description: () => "",
|
|
3084
|
+
guidance: ({ userInputValue }) => {
|
|
3085
|
+
switch (userInputValue) {
|
|
3086
|
+
case "yes":
|
|
3087
|
+
return "We use `html.escape` to decode the HTML";
|
|
3088
|
+
default:
|
|
3089
|
+
return "";
|
|
3090
|
+
}
|
|
3091
|
+
}
|
|
3092
|
+
}
|
|
3093
|
+
};
|
|
3094
|
+
|
|
3095
|
+
// src/features/analysis/scm/shared/src/storedQuestionData/python/openRedirect.ts
|
|
3096
|
+
var openRedirect2 = {
|
|
3097
|
+
allowed_hosts: {
|
|
3098
|
+
content: () => "Allowed domains/paths",
|
|
3099
|
+
description: () => "If external, provide a coma separated list of allowed domains. If internal, provide a coma seperated list of allowed paths",
|
|
3100
|
+
guidance: () => ""
|
|
3101
|
+
}
|
|
3102
|
+
};
|
|
3103
|
+
|
|
3104
|
+
// src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
|
|
3105
|
+
var vulnerabilities11 = {
|
|
3106
|
+
["CSRF" /* Csrf */]: csrf2,
|
|
3107
|
+
["LOG_FORGING" /* LogForging */]: logForging4,
|
|
3108
|
+
["LOG_FORGING" /* LogForging */]: openRedirect2
|
|
3109
|
+
};
|
|
3110
|
+
var python_default2 = vulnerabilities11;
|
|
3040
3111
|
|
|
3041
3112
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/unboundedOccurrences.ts
|
|
3042
3113
|
var unboundedOccurrences = {
|
|
@@ -3050,10 +3121,10 @@ A value too high will cause performance issues up to and including denial of ser
|
|
|
3050
3121
|
};
|
|
3051
3122
|
|
|
3052
3123
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
3053
|
-
var
|
|
3124
|
+
var vulnerabilities12 = {
|
|
3054
3125
|
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: unboundedOccurrences
|
|
3055
3126
|
};
|
|
3056
|
-
var xml_default2 =
|
|
3127
|
+
var xml_default2 = vulnerabilities12;
|
|
3057
3128
|
|
|
3058
3129
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
3059
3130
|
var StoredQuestionDataItemZ = z7.object({
|
|
@@ -3065,7 +3136,8 @@ var languages2 = {
|
|
|
3065
3136
|
["Java" /* Java */]: java_default2,
|
|
3066
3137
|
["JavaScript" /* JavaScript */]: js_default,
|
|
3067
3138
|
["XML" /* Xml */]: xml_default2,
|
|
3068
|
-
["CSharp" /* CSharp */]: csharp_default2
|
|
3139
|
+
["CSharp" /* CSharp */]: csharp_default2,
|
|
3140
|
+
["Python" /* Python */]: python_default2
|
|
3069
3141
|
};
|
|
3070
3142
|
var storedQuestionData_default = languages2;
|
|
3071
3143
|
|
|
@@ -3193,6 +3265,8 @@ function getGuidances(args) {
|
|
|
3193
3265
|
|
|
3194
3266
|
// src/features/analysis/scm/shared/src/urlParser/urlParser.ts
|
|
3195
3267
|
import { z as z9 } from "zod";
|
|
3268
|
+
var ADO_PREFIX_PATH = "tfs";
|
|
3269
|
+
var NAME_REGEX = /[a-z0-9\-_.+]+/i;
|
|
3196
3270
|
function detectAdoUrl(args) {
|
|
3197
3271
|
const { pathname, hostname, scmType } = args;
|
|
3198
3272
|
const hostnameParts = hostname.split(".");
|
|
@@ -3361,10 +3435,6 @@ function getFixUrl({
|
|
|
3361
3435
|
return `${appBaseUrl}/organization/${organizationId}/project/${projectId}/report/${analysisId}/fix/${fixId}`;
|
|
3362
3436
|
}
|
|
3363
3437
|
|
|
3364
|
-
// src/features/analysis/scm/shared/src/index.ts
|
|
3365
|
-
var NAME_REGEX = /[a-z0-9\-_.+]+/i;
|
|
3366
|
-
var ADO_PREFIX_PATH = "tfs";
|
|
3367
|
-
|
|
3368
3438
|
// src/features/analysis/scm/types.ts
|
|
3369
3439
|
var ReferenceType = /* @__PURE__ */ ((ReferenceType2) => {
|
|
3370
3440
|
ReferenceType2["BRANCH"] = "BRANCH";
|
|
@@ -6947,7 +7017,7 @@ async function addFixCommentsForPr({
|
|
|
6947
7017
|
import Debug8 from "debug";
|
|
6948
7018
|
var debug8 = Debug8("mobbdev:handleAutoPr");
|
|
6949
7019
|
async function handleAutoPr(params) {
|
|
6950
|
-
const { gqlClient, analysisId, createSpinner: createSpinner5 } = params;
|
|
7020
|
+
const { gqlClient, analysisId, commitDirectly, createSpinner: createSpinner5 } = params;
|
|
6951
7021
|
const createAutoPrSpinner = createSpinner5(
|
|
6952
7022
|
"\u{1F504} Waiting for the analysis to finish before initiating automatic pull request creation"
|
|
6953
7023
|
).start();
|
|
@@ -6956,7 +7026,10 @@ async function handleAutoPr(params) {
|
|
|
6956
7026
|
analysisId
|
|
6957
7027
|
},
|
|
6958
7028
|
callback: async (analysisId2) => {
|
|
6959
|
-
const autoPrAnalysisRes = await gqlClient.autoPrAnalysis(
|
|
7029
|
+
const autoPrAnalysisRes = await gqlClient.autoPrAnalysis(
|
|
7030
|
+
analysisId2,
|
|
7031
|
+
commitDirectly
|
|
7032
|
+
);
|
|
6960
7033
|
debug8("auto pr analysis res %o", autoPrAnalysisRes);
|
|
6961
7034
|
if (autoPrAnalysisRes.autoPrAnalysis?.__typename === "AutoPrError") {
|
|
6962
7035
|
createAutoPrSpinner.error({
|
|
@@ -7412,9 +7485,10 @@ var GQLClient = class {
|
|
|
7412
7485
|
}
|
|
7413
7486
|
return res.analysis;
|
|
7414
7487
|
}
|
|
7415
|
-
async autoPrAnalysis(analysisId) {
|
|
7488
|
+
async autoPrAnalysis(analysisId, commitDirectly) {
|
|
7416
7489
|
return this._clientSdk.autoPrAnalysis({
|
|
7417
|
-
analysisId
|
|
7490
|
+
analysisId,
|
|
7491
|
+
commitDirectly
|
|
7418
7492
|
});
|
|
7419
7493
|
}
|
|
7420
7494
|
async getFixes(fixIds) {
|
|
@@ -8038,7 +8112,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
8038
8112
|
githubToken: githubActionToken,
|
|
8039
8113
|
command,
|
|
8040
8114
|
organizationId: userOrganizationId,
|
|
8041
|
-
autoPr
|
|
8115
|
+
autoPr,
|
|
8116
|
+
commitDirectly
|
|
8042
8117
|
} = params;
|
|
8043
8118
|
debug15("start %s %s", dirname, repo);
|
|
8044
8119
|
const { createSpinner: createSpinner5 } = Spinner2({ ci });
|
|
@@ -8177,6 +8252,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
8177
8252
|
await handleAutoPr({
|
|
8178
8253
|
gqlClient,
|
|
8179
8254
|
analysisId: reportUploadInfo.fixReportId,
|
|
8255
|
+
commitDirectly,
|
|
8180
8256
|
createSpinner: createSpinner5
|
|
8181
8257
|
});
|
|
8182
8258
|
}
|
|
@@ -8342,6 +8418,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
8342
8418
|
await handleAutoPr({
|
|
8343
8419
|
gqlClient,
|
|
8344
8420
|
analysisId: reportUploadInfo.fixReportId,
|
|
8421
|
+
commitDirectly,
|
|
8345
8422
|
createSpinner: createSpinner5
|
|
8346
8423
|
});
|
|
8347
8424
|
}
|
|
@@ -8447,7 +8524,8 @@ async function analyze({
|
|
|
8447
8524
|
srcPath,
|
|
8448
8525
|
mobbProjectName,
|
|
8449
8526
|
organizationId,
|
|
8450
|
-
autoPr
|
|
8527
|
+
autoPr,
|
|
8528
|
+
commitDirectly
|
|
8451
8529
|
}, { skipPrompts = false } = {}) {
|
|
8452
8530
|
!ci && await showWelcomeMessage(skipPrompts);
|
|
8453
8531
|
await runAnalysis(
|
|
@@ -8462,7 +8540,8 @@ async function analyze({
|
|
|
8462
8540
|
srcPath,
|
|
8463
8541
|
organizationId,
|
|
8464
8542
|
command: "analyze",
|
|
8465
|
-
autoPr
|
|
8543
|
+
autoPr,
|
|
8544
|
+
commitDirectly
|
|
8466
8545
|
},
|
|
8467
8546
|
{ skipPrompts }
|
|
8468
8547
|
);
|
|
@@ -8663,6 +8742,13 @@ var autoPrOption = {
|
|
|
8663
8742
|
type: "boolean",
|
|
8664
8743
|
default: false
|
|
8665
8744
|
};
|
|
8745
|
+
var commitDirectlyOption = {
|
|
8746
|
+
describe: chalk6.bold(
|
|
8747
|
+
"Commit directly to the scanned branch instead of creating a pull request"
|
|
8748
|
+
),
|
|
8749
|
+
type: "boolean",
|
|
8750
|
+
default: false
|
|
8751
|
+
};
|
|
8666
8752
|
var scmTypeOption = {
|
|
8667
8753
|
demandOption: true,
|
|
8668
8754
|
describe: chalk6.bold("SCM type"),
|
|
@@ -8767,7 +8853,7 @@ function analyzeBuilder(yargs2) {
|
|
|
8767
8853
|
alias: "commit-hash",
|
|
8768
8854
|
describe: chalk8.bold("Hash of the commit"),
|
|
8769
8855
|
type: "string"
|
|
8770
|
-
}).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("org", organizationIdOptions).option("api-key", apiKeyOption).option("commit-hash", commitHashOption).option("auto-pr", autoPrOption).example(
|
|
8856
|
+
}).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("org", organizationIdOptions).option("api-key", apiKeyOption).option("commit-hash", commitHashOption).option("auto-pr", autoPrOption).option("commit-directly", commitDirectlyOption).example(
|
|
8771
8857
|
"npx mobbdev@latest analyze -r https://github.com/WebGoat/WebGoat -f <your_vulnerability_report_path>",
|
|
8772
8858
|
"analyze an existing repository"
|
|
8773
8859
|
).help();
|
|
@@ -8787,6 +8873,11 @@ Can't access ${chalk8.bold(argv.f)}`);
|
|
|
8787
8873
|
if (argv.ci && !argv.apiKey) {
|
|
8788
8874
|
throw new CliError("--ci flag requires --api-key to be provided as well");
|
|
8789
8875
|
}
|
|
8876
|
+
if (argv.commitDirectly && !argv["auto-pr"]) {
|
|
8877
|
+
throw new CliError(
|
|
8878
|
+
"--commit-directly flag requires --auto-pr to be provided as well"
|
|
8879
|
+
);
|
|
8880
|
+
}
|
|
8790
8881
|
validateReportFileFormat(argv.f);
|
|
8791
8882
|
}
|
|
8792
8883
|
async function analyzeHandler(args) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mobbdev",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.15",
|
|
4
4
|
"description": "Automated secure code remediation tool",
|
|
5
5
|
"repository": "git+https://github.com/mobb-dev/bugsy.git",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -29,9 +29,9 @@
|
|
|
29
29
|
"author": "",
|
|
30
30
|
"license": "MIT",
|
|
31
31
|
"dependencies": {
|
|
32
|
-
"@gitbeaker/core": "
|
|
33
|
-
"@gitbeaker/requester-utils": "
|
|
34
|
-
"@gitbeaker/rest": "
|
|
32
|
+
"@gitbeaker/core": "42.0.2",
|
|
33
|
+
"@gitbeaker/requester-utils": "42.0.2",
|
|
34
|
+
"@gitbeaker/rest": "42.0.2",
|
|
35
35
|
"@octokit/core": "5.2.0",
|
|
36
36
|
"@octokit/graphql": "5.0.6",
|
|
37
37
|
"@octokit/plugin-rest-endpoint-methods": "7.2.3",
|
|
@@ -51,7 +51,7 @@
|
|
|
51
51
|
"graphql": "16.10.0",
|
|
52
52
|
"graphql-request": "6.1.0",
|
|
53
53
|
"graphql-tag": "2.12.6",
|
|
54
|
-
"graphql-ws": "5.16.
|
|
54
|
+
"graphql-ws": "5.16.2",
|
|
55
55
|
"inquirer": "9.2.23",
|
|
56
56
|
"isomorphic-ws": "5.0.0",
|
|
57
57
|
"istextorbinary": "6.0.0",
|
|
@@ -63,7 +63,7 @@
|
|
|
63
63
|
"parse-diff": "0.11.1",
|
|
64
64
|
"semver": "7.6.3",
|
|
65
65
|
"simple-git": "3.27.0",
|
|
66
|
-
"snyk": "1.
|
|
66
|
+
"snyk": "1.1295.0",
|
|
67
67
|
"supports-color": "9.4.0",
|
|
68
68
|
"tar": "6.2.1",
|
|
69
69
|
"tmp": "0.2.3",
|
|
@@ -79,7 +79,7 @@
|
|
|
79
79
|
"@graphql-codegen/typescript-graphql-request": "6.2.0",
|
|
80
80
|
"@graphql-codegen/typescript-operations": "4.4.0",
|
|
81
81
|
"@octokit/request-error": "3.0.3",
|
|
82
|
-
"@octokit/types": "13.
|
|
82
|
+
"@octokit/types": "13.7.0",
|
|
83
83
|
"@types/adm-zip": "0.5.7",
|
|
84
84
|
"@types/chalk-animation": "1.6.3",
|
|
85
85
|
"@types/configstore": "6.0.2",
|
|
@@ -97,7 +97,7 @@
|
|
|
97
97
|
"@vitest/ui": "2.1.8",
|
|
98
98
|
"eslint": "8.57.0",
|
|
99
99
|
"eslint-plugin-import": "2.31.0",
|
|
100
|
-
"eslint-plugin-prettier": "5.2.
|
|
100
|
+
"eslint-plugin-prettier": "5.2.2",
|
|
101
101
|
"eslint-plugin-simple-import-sort": "10.0.0",
|
|
102
102
|
"prettier": "3.4.2",
|
|
103
103
|
"tsup": "7.2.0",
|