mobbdev 1.0.121 → 1.0.125
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +48 -29
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -1440,6 +1440,7 @@ var Language = /* @__PURE__ */ ((Language2) => {
|
|
|
1440
1440
|
Language2["Cpp"] = "CPP";
|
|
1441
1441
|
Language2["Csharp"] = "CSHARP";
|
|
1442
1442
|
Language2["Default"] = "DEFAULT";
|
|
1443
|
+
Language2["Dockerfile"] = "DOCKERFILE";
|
|
1443
1444
|
Language2["Go"] = "GO";
|
|
1444
1445
|
Language2["Java"] = "JAVA";
|
|
1445
1446
|
Language2["Js"] = "JS";
|
|
@@ -1493,6 +1494,7 @@ var IssueLanguage_Enum = /* @__PURE__ */ ((IssueLanguage_Enum2) => {
|
|
|
1493
1494
|
IssueLanguage_Enum2["CSharp"] = "CSharp";
|
|
1494
1495
|
IssueLanguage_Enum2["Cpp"] = "Cpp";
|
|
1495
1496
|
IssueLanguage_Enum2["Default"] = "Default";
|
|
1497
|
+
IssueLanguage_Enum2["Dockerfile"] = "Dockerfile";
|
|
1496
1498
|
IssueLanguage_Enum2["Go"] = "Go";
|
|
1497
1499
|
IssueLanguage_Enum2["Java"] = "Java";
|
|
1498
1500
|
IssueLanguage_Enum2["JavaScript"] = "JavaScript";
|
|
@@ -1513,6 +1515,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
|
1513
1515
|
IssueType_Enum2["CmDiRelativePathCommand"] = "CMDi_relative_path_command";
|
|
1514
1516
|
IssueType_Enum2["CodeInComment"] = "CODE_IN_COMMENT";
|
|
1515
1517
|
IssueType_Enum2["ConfusingNaming"] = "CONFUSING_NAMING";
|
|
1518
|
+
IssueType_Enum2["CredentialDisclosure"] = "CREDENTIAL_DISCLOSURE";
|
|
1516
1519
|
IssueType_Enum2["Csrf"] = "CSRF";
|
|
1517
1520
|
IssueType_Enum2["DangerousFunctionOverflow"] = "DANGEROUS_FUNCTION_OVERFLOW";
|
|
1518
1521
|
IssueType_Enum2["DeadCodeUnusedField"] = "DEAD_CODE_UNUSED_FIELD";
|
|
@@ -1548,6 +1551,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
|
1548
1551
|
IssueType_Enum2["InformationExposureViaHeaders"] = "INFORMATION_EXPOSURE_VIA_HEADERS";
|
|
1549
1552
|
IssueType_Enum2["InsecureBinderConfiguration"] = "INSECURE_BINDER_CONFIGURATION";
|
|
1550
1553
|
IssueType_Enum2["InsecureCookie"] = "INSECURE_COOKIE";
|
|
1554
|
+
IssueType_Enum2["InsecurePostmessage"] = "INSECURE_POSTMESSAGE";
|
|
1551
1555
|
IssueType_Enum2["InsecureRandomness"] = "INSECURE_RANDOMNESS";
|
|
1552
1556
|
IssueType_Enum2["InsecureTmpFile"] = "INSECURE_TMP_FILE";
|
|
1553
1557
|
IssueType_Enum2["InsecureUuidVersion"] = "INSECURE_UUID_VERSION";
|
|
@@ -1562,6 +1566,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
|
1562
1566
|
IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
|
|
1563
1567
|
IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
|
|
1564
1568
|
IssueType_Enum2["MissingSslMinversion"] = "MISSING_SSL_MINVERSION";
|
|
1569
|
+
IssueType_Enum2["MissingUser"] = "MISSING_USER";
|
|
1565
1570
|
IssueType_Enum2["MissingWhitespace"] = "MISSING_WHITESPACE";
|
|
1566
1571
|
IssueType_Enum2["ModifiedDefaultParam"] = "MODIFIED_DEFAULT_PARAM";
|
|
1567
1572
|
IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
|
|
@@ -2634,7 +2639,13 @@ var fixDetailsData = {
|
|
|
2634
2639
|
issueDescription: "HTTP Parameter Pollution occurs when an attacker can manipulate the parameters of an HTTP request to change the behavior of the server.",
|
|
2635
2640
|
fixInstructions: "Implement proper input validation and bounds checking to prevent HTTP parameter pollution. Use safe string manipulation functions and ensure that the buffer size is properly managed."
|
|
2636
2641
|
},
|
|
2637
|
-
["INCOMPLETE_SANITIZATION" /* IncompleteSanitization */]: void 0
|
|
2642
|
+
["INCOMPLETE_SANITIZATION" /* IncompleteSanitization */]: void 0,
|
|
2643
|
+
["CREDENTIAL_DISCLOSURE" /* CredentialDisclosure */]: void 0,
|
|
2644
|
+
["INSECURE_POSTMESSAGE" /* InsecurePostmessage */]: void 0,
|
|
2645
|
+
["MISSING_USER" /* MissingUser */]: {
|
|
2646
|
+
issueDescription: "Missing User occurs when a user is not specified in the Dockerfile, leading to security vulnerabilities.",
|
|
2647
|
+
fixInstructions: "Specify a user in the Dockerfile to prevent security vulnerabilities."
|
|
2648
|
+
}
|
|
2638
2649
|
};
|
|
2639
2650
|
|
|
2640
2651
|
// src/features/analysis/scm/shared/src/getIssueType.ts
|
|
@@ -2752,7 +2763,10 @@ var issueTypeMap = {
|
|
|
2752
2763
|
["BUFFER_OVERFLOW" /* BufferOverflow */]: "Buffer Overflow",
|
|
2753
2764
|
["STRING_TERMINATION_ERROR" /* StringTerminationError */]: "String Termination Error",
|
|
2754
2765
|
["HTTP_PARAMETER_POLLUTION" /* HttpParameterPollution */]: "HTTP Parameter Pollution",
|
|
2755
|
-
["INCOMPLETE_SANITIZATION" /* IncompleteSanitization */]: "Incomplete Sanitization"
|
|
2766
|
+
["INCOMPLETE_SANITIZATION" /* IncompleteSanitization */]: "Incomplete Sanitization",
|
|
2767
|
+
["CREDENTIAL_DISCLOSURE" /* CredentialDisclosure */]: "Credential Disclosure",
|
|
2768
|
+
["INSECURE_POSTMESSAGE" /* InsecurePostmessage */]: "Insecure Postmessage",
|
|
2769
|
+
["MISSING_USER" /* MissingUser */]: "Missing User"
|
|
2756
2770
|
};
|
|
2757
2771
|
var issueTypeZ = z.nativeEnum(IssueType_Enum);
|
|
2758
2772
|
var getIssueTypeFriendlyString = (issueType) => {
|
|
@@ -2949,9 +2963,13 @@ var vulnerabilities = {
|
|
|
2949
2963
|
};
|
|
2950
2964
|
var csharp_default = vulnerabilities;
|
|
2951
2965
|
|
|
2952
|
-
// src/features/analysis/scm/shared/src/storedFixData/
|
|
2966
|
+
// src/features/analysis/scm/shared/src/storedFixData/dockerfile/index.ts
|
|
2953
2967
|
var vulnerabilities2 = {};
|
|
2954
|
-
var
|
|
2968
|
+
var dockerfile_default = vulnerabilities2;
|
|
2969
|
+
|
|
2970
|
+
// src/features/analysis/scm/shared/src/storedFixData/go/index.ts
|
|
2971
|
+
var vulnerabilities3 = {};
|
|
2972
|
+
var go_default = vulnerabilities3;
|
|
2955
2973
|
|
|
2956
2974
|
// src/features/analysis/scm/shared/src/storedFixData/java/sqlInjection.ts
|
|
2957
2975
|
var sqlInjection = {
|
|
@@ -2978,12 +2996,12 @@ var systemInformationLeak = {
|
|
|
2978
2996
|
};
|
|
2979
2997
|
|
|
2980
2998
|
// src/features/analysis/scm/shared/src/storedFixData/java/index.ts
|
|
2981
|
-
var
|
|
2999
|
+
var vulnerabilities4 = {
|
|
2982
3000
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment,
|
|
2983
3001
|
["SQL_Injection" /* SqlInjection */]: sqlInjection,
|
|
2984
3002
|
["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: systemInformationLeak
|
|
2985
3003
|
};
|
|
2986
|
-
var java_default =
|
|
3004
|
+
var java_default = vulnerabilities4;
|
|
2987
3005
|
|
|
2988
3006
|
// src/features/analysis/scm/shared/src/storedFixData/python/csrf.ts
|
|
2989
3007
|
var csrf = {
|
|
@@ -3026,18 +3044,18 @@ var ssrf = {
|
|
|
3026
3044
|
};
|
|
3027
3045
|
|
|
3028
3046
|
// src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
|
|
3029
|
-
var
|
|
3047
|
+
var vulnerabilities5 = {
|
|
3030
3048
|
["SSRF" /* Ssrf */]: ssrf,
|
|
3031
3049
|
["HARDCODED_SECRETS" /* HardcodedSecrets */]: hardcodedSecrets,
|
|
3032
3050
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment,
|
|
3033
3051
|
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: noLimitsOrThrottling,
|
|
3034
3052
|
["CSRF" /* Csrf */]: csrf
|
|
3035
3053
|
};
|
|
3036
|
-
var javascript_default =
|
|
3054
|
+
var javascript_default = vulnerabilities5;
|
|
3037
3055
|
|
|
3038
3056
|
// src/features/analysis/scm/shared/src/storedFixData/php/index.ts
|
|
3039
|
-
var
|
|
3040
|
-
var php_default =
|
|
3057
|
+
var vulnerabilities6 = {};
|
|
3058
|
+
var php_default = vulnerabilities6;
|
|
3041
3059
|
|
|
3042
3060
|
// src/features/analysis/scm/shared/src/storedFixData/python/autoEscapeFalse.ts
|
|
3043
3061
|
var autoEscapeFalse = {
|
|
@@ -3059,11 +3077,11 @@ See more information [here](https://jinja.palletsprojects.com/en/3.1.x/templates
|
|
|
3059
3077
|
};
|
|
3060
3078
|
|
|
3061
3079
|
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
3062
|
-
var
|
|
3080
|
+
var vulnerabilities7 = {
|
|
3063
3081
|
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: autoEscapeFalse,
|
|
3064
3082
|
["CSRF" /* Csrf */]: csrf
|
|
3065
3083
|
};
|
|
3066
|
-
var python_default =
|
|
3084
|
+
var python_default = vulnerabilities7;
|
|
3067
3085
|
|
|
3068
3086
|
// src/features/analysis/scm/shared/src/storedFixData/sql/defaultRightsInObjDefinition.ts
|
|
3069
3087
|
var defaultRightsInObjDefinition = {
|
|
@@ -3071,16 +3089,16 @@ var defaultRightsInObjDefinition = {
|
|
|
3071
3089
|
};
|
|
3072
3090
|
|
|
3073
3091
|
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
3074
|
-
var
|
|
3092
|
+
var vulnerabilities8 = {
|
|
3075
3093
|
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: defaultRightsInObjDefinition
|
|
3076
3094
|
};
|
|
3077
|
-
var sql_default =
|
|
3095
|
+
var sql_default = vulnerabilities8;
|
|
3078
3096
|
|
|
3079
3097
|
// src/features/analysis/scm/shared/src/storedFixData/xml/index.ts
|
|
3080
|
-
var
|
|
3098
|
+
var vulnerabilities9 = {
|
|
3081
3099
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment
|
|
3082
3100
|
};
|
|
3083
|
-
var xml_default =
|
|
3101
|
+
var xml_default = vulnerabilities9;
|
|
3084
3102
|
|
|
3085
3103
|
// src/features/analysis/scm/shared/src/storedFixData/index.ts
|
|
3086
3104
|
var StoredFixDataItemZ = z3.object({
|
|
@@ -3094,7 +3112,8 @@ var languages = {
|
|
|
3094
3112
|
["XML" /* Xml */]: xml_default,
|
|
3095
3113
|
["Python" /* Python */]: python_default,
|
|
3096
3114
|
["PHP" /* Php */]: php_default,
|
|
3097
|
-
["Go" /* Go */]: go_default
|
|
3115
|
+
["Go" /* Go */]: go_default,
|
|
3116
|
+
["Dockerfile" /* Dockerfile */]: dockerfile_default
|
|
3098
3117
|
};
|
|
3099
3118
|
|
|
3100
3119
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
@@ -3384,7 +3403,7 @@ var xxe = {
|
|
|
3384
3403
|
};
|
|
3385
3404
|
|
|
3386
3405
|
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
|
|
3387
|
-
var
|
|
3406
|
+
var vulnerabilities10 = {
|
|
3388
3407
|
["LOG_FORGING" /* LogForging */]: logForging,
|
|
3389
3408
|
["SSRF" /* Ssrf */]: ssrf2,
|
|
3390
3409
|
["XXE" /* Xxe */]: xxe,
|
|
@@ -3404,7 +3423,7 @@ var vulnerabilities9 = {
|
|
|
3404
3423
|
["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: insufficientLogging,
|
|
3405
3424
|
["SQL_Injection" /* SqlInjection */]: sqlInjection2
|
|
3406
3425
|
};
|
|
3407
|
-
var csharp_default2 =
|
|
3426
|
+
var csharp_default2 = vulnerabilities10;
|
|
3408
3427
|
|
|
3409
3428
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/logForging.ts
|
|
3410
3429
|
var logForging2 = {
|
|
@@ -3434,12 +3453,12 @@ var websocketMissingOriginCheck = {
|
|
|
3434
3453
|
};
|
|
3435
3454
|
|
|
3436
3455
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
3437
|
-
var
|
|
3456
|
+
var vulnerabilities11 = {
|
|
3438
3457
|
["LOG_FORGING" /* LogForging */]: logForging2,
|
|
3439
3458
|
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: missingSslMinversion,
|
|
3440
3459
|
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: websocketMissingOriginCheck
|
|
3441
3460
|
};
|
|
3442
|
-
var go_default2 =
|
|
3461
|
+
var go_default2 = vulnerabilities11;
|
|
3443
3462
|
|
|
3444
3463
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/commandInjection.ts
|
|
3445
3464
|
var commandInjection = {
|
|
@@ -3893,7 +3912,7 @@ var xxe2 = {
|
|
|
3893
3912
|
};
|
|
3894
3913
|
|
|
3895
3914
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
3896
|
-
var
|
|
3915
|
+
var vulnerabilities12 = {
|
|
3897
3916
|
["SQL_Injection" /* SqlInjection */]: sqlInjection3,
|
|
3898
3917
|
["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: relativePathCommand,
|
|
3899
3918
|
["CMDi" /* CmDi */]: commandInjection,
|
|
@@ -3919,7 +3938,7 @@ var vulnerabilities11 = {
|
|
|
3919
3938
|
["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: erroneousStringCompare,
|
|
3920
3939
|
["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings
|
|
3921
3940
|
};
|
|
3922
|
-
var java_default2 =
|
|
3941
|
+
var java_default2 = vulnerabilities12;
|
|
3923
3942
|
|
|
3924
3943
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/csrf.ts
|
|
3925
3944
|
var csrf2 = {
|
|
@@ -4227,7 +4246,7 @@ var xss3 = {
|
|
|
4227
4246
|
};
|
|
4228
4247
|
|
|
4229
4248
|
// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
|
|
4230
|
-
var
|
|
4249
|
+
var vulnerabilities13 = {
|
|
4231
4250
|
["CMDi" /* CmDi */]: commandInjection2,
|
|
4232
4251
|
["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: graphqlDepthLimit,
|
|
4233
4252
|
["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness2,
|
|
@@ -4249,7 +4268,7 @@ var vulnerabilities12 = {
|
|
|
4249
4268
|
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: hardcodedDomainInHtml,
|
|
4250
4269
|
["CSRF" /* Csrf */]: csrf2
|
|
4251
4270
|
};
|
|
4252
|
-
var js_default =
|
|
4271
|
+
var js_default = vulnerabilities13;
|
|
4253
4272
|
|
|
4254
4273
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/duplicatedStrings.ts
|
|
4255
4274
|
var duplicatedStrings2 = {
|
|
@@ -4300,14 +4319,14 @@ var uncheckedLoopCondition3 = {
|
|
|
4300
4319
|
};
|
|
4301
4320
|
|
|
4302
4321
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
|
|
4303
|
-
var
|
|
4322
|
+
var vulnerabilities14 = {
|
|
4304
4323
|
["CSRF" /* Csrf */]: csrf2,
|
|
4305
4324
|
["LOG_FORGING" /* LogForging */]: logForging5,
|
|
4306
4325
|
["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect3,
|
|
4307
4326
|
["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition3,
|
|
4308
4327
|
["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings2
|
|
4309
4328
|
};
|
|
4310
|
-
var python_default2 =
|
|
4329
|
+
var python_default2 = vulnerabilities14;
|
|
4311
4330
|
|
|
4312
4331
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/unboundedOccurrences.ts
|
|
4313
4332
|
var unboundedOccurrences = {
|
|
@@ -4321,10 +4340,10 @@ A value too high will cause performance issues up to and including denial of ser
|
|
|
4321
4340
|
};
|
|
4322
4341
|
|
|
4323
4342
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
4324
|
-
var
|
|
4343
|
+
var vulnerabilities15 = {
|
|
4325
4344
|
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: unboundedOccurrences
|
|
4326
4345
|
};
|
|
4327
|
-
var xml_default2 =
|
|
4346
|
+
var xml_default2 = vulnerabilities15;
|
|
4328
4347
|
|
|
4329
4348
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
4330
4349
|
var StoredQuestionDataItemZ = z4.object({
|