mobbdev 1.0.122 → 1.0.125
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +45 -29
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -1440,6 +1440,7 @@ var Language = /* @__PURE__ */ ((Language2) => {
|
|
|
1440
1440
|
Language2["Cpp"] = "CPP";
|
|
1441
1441
|
Language2["Csharp"] = "CSHARP";
|
|
1442
1442
|
Language2["Default"] = "DEFAULT";
|
|
1443
|
+
Language2["Dockerfile"] = "DOCKERFILE";
|
|
1443
1444
|
Language2["Go"] = "GO";
|
|
1444
1445
|
Language2["Java"] = "JAVA";
|
|
1445
1446
|
Language2["Js"] = "JS";
|
|
@@ -1493,6 +1494,7 @@ var IssueLanguage_Enum = /* @__PURE__ */ ((IssueLanguage_Enum2) => {
|
|
|
1493
1494
|
IssueLanguage_Enum2["CSharp"] = "CSharp";
|
|
1494
1495
|
IssueLanguage_Enum2["Cpp"] = "Cpp";
|
|
1495
1496
|
IssueLanguage_Enum2["Default"] = "Default";
|
|
1497
|
+
IssueLanguage_Enum2["Dockerfile"] = "Dockerfile";
|
|
1496
1498
|
IssueLanguage_Enum2["Go"] = "Go";
|
|
1497
1499
|
IssueLanguage_Enum2["Java"] = "Java";
|
|
1498
1500
|
IssueLanguage_Enum2["JavaScript"] = "JavaScript";
|
|
@@ -1549,6 +1551,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
|
1549
1551
|
IssueType_Enum2["InformationExposureViaHeaders"] = "INFORMATION_EXPOSURE_VIA_HEADERS";
|
|
1550
1552
|
IssueType_Enum2["InsecureBinderConfiguration"] = "INSECURE_BINDER_CONFIGURATION";
|
|
1551
1553
|
IssueType_Enum2["InsecureCookie"] = "INSECURE_COOKIE";
|
|
1554
|
+
IssueType_Enum2["InsecurePostmessage"] = "INSECURE_POSTMESSAGE";
|
|
1552
1555
|
IssueType_Enum2["InsecureRandomness"] = "INSECURE_RANDOMNESS";
|
|
1553
1556
|
IssueType_Enum2["InsecureTmpFile"] = "INSECURE_TMP_FILE";
|
|
1554
1557
|
IssueType_Enum2["InsecureUuidVersion"] = "INSECURE_UUID_VERSION";
|
|
@@ -1563,6 +1566,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
|
1563
1566
|
IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
|
|
1564
1567
|
IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
|
|
1565
1568
|
IssueType_Enum2["MissingSslMinversion"] = "MISSING_SSL_MINVERSION";
|
|
1569
|
+
IssueType_Enum2["MissingUser"] = "MISSING_USER";
|
|
1566
1570
|
IssueType_Enum2["MissingWhitespace"] = "MISSING_WHITESPACE";
|
|
1567
1571
|
IssueType_Enum2["ModifiedDefaultParam"] = "MODIFIED_DEFAULT_PARAM";
|
|
1568
1572
|
IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
|
|
@@ -2636,7 +2640,12 @@ var fixDetailsData = {
|
|
|
2636
2640
|
fixInstructions: "Implement proper input validation and bounds checking to prevent HTTP parameter pollution. Use safe string manipulation functions and ensure that the buffer size is properly managed."
|
|
2637
2641
|
},
|
|
2638
2642
|
["INCOMPLETE_SANITIZATION" /* IncompleteSanitization */]: void 0,
|
|
2639
|
-
["CREDENTIAL_DISCLOSURE" /* CredentialDisclosure */]: void 0
|
|
2643
|
+
["CREDENTIAL_DISCLOSURE" /* CredentialDisclosure */]: void 0,
|
|
2644
|
+
["INSECURE_POSTMESSAGE" /* InsecurePostmessage */]: void 0,
|
|
2645
|
+
["MISSING_USER" /* MissingUser */]: {
|
|
2646
|
+
issueDescription: "Missing User occurs when a user is not specified in the Dockerfile, leading to security vulnerabilities.",
|
|
2647
|
+
fixInstructions: "Specify a user in the Dockerfile to prevent security vulnerabilities."
|
|
2648
|
+
}
|
|
2640
2649
|
};
|
|
2641
2650
|
|
|
2642
2651
|
// src/features/analysis/scm/shared/src/getIssueType.ts
|
|
@@ -2755,7 +2764,9 @@ var issueTypeMap = {
|
|
|
2755
2764
|
["STRING_TERMINATION_ERROR" /* StringTerminationError */]: "String Termination Error",
|
|
2756
2765
|
["HTTP_PARAMETER_POLLUTION" /* HttpParameterPollution */]: "HTTP Parameter Pollution",
|
|
2757
2766
|
["INCOMPLETE_SANITIZATION" /* IncompleteSanitization */]: "Incomplete Sanitization",
|
|
2758
|
-
["CREDENTIAL_DISCLOSURE" /* CredentialDisclosure */]: "Credential Disclosure"
|
|
2767
|
+
["CREDENTIAL_DISCLOSURE" /* CredentialDisclosure */]: "Credential Disclosure",
|
|
2768
|
+
["INSECURE_POSTMESSAGE" /* InsecurePostmessage */]: "Insecure Postmessage",
|
|
2769
|
+
["MISSING_USER" /* MissingUser */]: "Missing User"
|
|
2759
2770
|
};
|
|
2760
2771
|
var issueTypeZ = z.nativeEnum(IssueType_Enum);
|
|
2761
2772
|
var getIssueTypeFriendlyString = (issueType) => {
|
|
@@ -2952,9 +2963,13 @@ var vulnerabilities = {
|
|
|
2952
2963
|
};
|
|
2953
2964
|
var csharp_default = vulnerabilities;
|
|
2954
2965
|
|
|
2955
|
-
// src/features/analysis/scm/shared/src/storedFixData/
|
|
2966
|
+
// src/features/analysis/scm/shared/src/storedFixData/dockerfile/index.ts
|
|
2956
2967
|
var vulnerabilities2 = {};
|
|
2957
|
-
var
|
|
2968
|
+
var dockerfile_default = vulnerabilities2;
|
|
2969
|
+
|
|
2970
|
+
// src/features/analysis/scm/shared/src/storedFixData/go/index.ts
|
|
2971
|
+
var vulnerabilities3 = {};
|
|
2972
|
+
var go_default = vulnerabilities3;
|
|
2958
2973
|
|
|
2959
2974
|
// src/features/analysis/scm/shared/src/storedFixData/java/sqlInjection.ts
|
|
2960
2975
|
var sqlInjection = {
|
|
@@ -2981,12 +2996,12 @@ var systemInformationLeak = {
|
|
|
2981
2996
|
};
|
|
2982
2997
|
|
|
2983
2998
|
// src/features/analysis/scm/shared/src/storedFixData/java/index.ts
|
|
2984
|
-
var
|
|
2999
|
+
var vulnerabilities4 = {
|
|
2985
3000
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment,
|
|
2986
3001
|
["SQL_Injection" /* SqlInjection */]: sqlInjection,
|
|
2987
3002
|
["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: systemInformationLeak
|
|
2988
3003
|
};
|
|
2989
|
-
var java_default =
|
|
3004
|
+
var java_default = vulnerabilities4;
|
|
2990
3005
|
|
|
2991
3006
|
// src/features/analysis/scm/shared/src/storedFixData/python/csrf.ts
|
|
2992
3007
|
var csrf = {
|
|
@@ -3029,18 +3044,18 @@ var ssrf = {
|
|
|
3029
3044
|
};
|
|
3030
3045
|
|
|
3031
3046
|
// src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
|
|
3032
|
-
var
|
|
3047
|
+
var vulnerabilities5 = {
|
|
3033
3048
|
["SSRF" /* Ssrf */]: ssrf,
|
|
3034
3049
|
["HARDCODED_SECRETS" /* HardcodedSecrets */]: hardcodedSecrets,
|
|
3035
3050
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment,
|
|
3036
3051
|
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: noLimitsOrThrottling,
|
|
3037
3052
|
["CSRF" /* Csrf */]: csrf
|
|
3038
3053
|
};
|
|
3039
|
-
var javascript_default =
|
|
3054
|
+
var javascript_default = vulnerabilities5;
|
|
3040
3055
|
|
|
3041
3056
|
// src/features/analysis/scm/shared/src/storedFixData/php/index.ts
|
|
3042
|
-
var
|
|
3043
|
-
var php_default =
|
|
3057
|
+
var vulnerabilities6 = {};
|
|
3058
|
+
var php_default = vulnerabilities6;
|
|
3044
3059
|
|
|
3045
3060
|
// src/features/analysis/scm/shared/src/storedFixData/python/autoEscapeFalse.ts
|
|
3046
3061
|
var autoEscapeFalse = {
|
|
@@ -3062,11 +3077,11 @@ See more information [here](https://jinja.palletsprojects.com/en/3.1.x/templates
|
|
|
3062
3077
|
};
|
|
3063
3078
|
|
|
3064
3079
|
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
3065
|
-
var
|
|
3080
|
+
var vulnerabilities7 = {
|
|
3066
3081
|
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: autoEscapeFalse,
|
|
3067
3082
|
["CSRF" /* Csrf */]: csrf
|
|
3068
3083
|
};
|
|
3069
|
-
var python_default =
|
|
3084
|
+
var python_default = vulnerabilities7;
|
|
3070
3085
|
|
|
3071
3086
|
// src/features/analysis/scm/shared/src/storedFixData/sql/defaultRightsInObjDefinition.ts
|
|
3072
3087
|
var defaultRightsInObjDefinition = {
|
|
@@ -3074,16 +3089,16 @@ var defaultRightsInObjDefinition = {
|
|
|
3074
3089
|
};
|
|
3075
3090
|
|
|
3076
3091
|
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
3077
|
-
var
|
|
3092
|
+
var vulnerabilities8 = {
|
|
3078
3093
|
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: defaultRightsInObjDefinition
|
|
3079
3094
|
};
|
|
3080
|
-
var sql_default =
|
|
3095
|
+
var sql_default = vulnerabilities8;
|
|
3081
3096
|
|
|
3082
3097
|
// src/features/analysis/scm/shared/src/storedFixData/xml/index.ts
|
|
3083
|
-
var
|
|
3098
|
+
var vulnerabilities9 = {
|
|
3084
3099
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment
|
|
3085
3100
|
};
|
|
3086
|
-
var xml_default =
|
|
3101
|
+
var xml_default = vulnerabilities9;
|
|
3087
3102
|
|
|
3088
3103
|
// src/features/analysis/scm/shared/src/storedFixData/index.ts
|
|
3089
3104
|
var StoredFixDataItemZ = z3.object({
|
|
@@ -3097,7 +3112,8 @@ var languages = {
|
|
|
3097
3112
|
["XML" /* Xml */]: xml_default,
|
|
3098
3113
|
["Python" /* Python */]: python_default,
|
|
3099
3114
|
["PHP" /* Php */]: php_default,
|
|
3100
|
-
["Go" /* Go */]: go_default
|
|
3115
|
+
["Go" /* Go */]: go_default,
|
|
3116
|
+
["Dockerfile" /* Dockerfile */]: dockerfile_default
|
|
3101
3117
|
};
|
|
3102
3118
|
|
|
3103
3119
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
@@ -3387,7 +3403,7 @@ var xxe = {
|
|
|
3387
3403
|
};
|
|
3388
3404
|
|
|
3389
3405
|
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
|
|
3390
|
-
var
|
|
3406
|
+
var vulnerabilities10 = {
|
|
3391
3407
|
["LOG_FORGING" /* LogForging */]: logForging,
|
|
3392
3408
|
["SSRF" /* Ssrf */]: ssrf2,
|
|
3393
3409
|
["XXE" /* Xxe */]: xxe,
|
|
@@ -3407,7 +3423,7 @@ var vulnerabilities9 = {
|
|
|
3407
3423
|
["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: insufficientLogging,
|
|
3408
3424
|
["SQL_Injection" /* SqlInjection */]: sqlInjection2
|
|
3409
3425
|
};
|
|
3410
|
-
var csharp_default2 =
|
|
3426
|
+
var csharp_default2 = vulnerabilities10;
|
|
3411
3427
|
|
|
3412
3428
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/logForging.ts
|
|
3413
3429
|
var logForging2 = {
|
|
@@ -3437,12 +3453,12 @@ var websocketMissingOriginCheck = {
|
|
|
3437
3453
|
};
|
|
3438
3454
|
|
|
3439
3455
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
3440
|
-
var
|
|
3456
|
+
var vulnerabilities11 = {
|
|
3441
3457
|
["LOG_FORGING" /* LogForging */]: logForging2,
|
|
3442
3458
|
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: missingSslMinversion,
|
|
3443
3459
|
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: websocketMissingOriginCheck
|
|
3444
3460
|
};
|
|
3445
|
-
var go_default2 =
|
|
3461
|
+
var go_default2 = vulnerabilities11;
|
|
3446
3462
|
|
|
3447
3463
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/commandInjection.ts
|
|
3448
3464
|
var commandInjection = {
|
|
@@ -3896,7 +3912,7 @@ var xxe2 = {
|
|
|
3896
3912
|
};
|
|
3897
3913
|
|
|
3898
3914
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
3899
|
-
var
|
|
3915
|
+
var vulnerabilities12 = {
|
|
3900
3916
|
["SQL_Injection" /* SqlInjection */]: sqlInjection3,
|
|
3901
3917
|
["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: relativePathCommand,
|
|
3902
3918
|
["CMDi" /* CmDi */]: commandInjection,
|
|
@@ -3922,7 +3938,7 @@ var vulnerabilities11 = {
|
|
|
3922
3938
|
["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: erroneousStringCompare,
|
|
3923
3939
|
["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings
|
|
3924
3940
|
};
|
|
3925
|
-
var java_default2 =
|
|
3941
|
+
var java_default2 = vulnerabilities12;
|
|
3926
3942
|
|
|
3927
3943
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/csrf.ts
|
|
3928
3944
|
var csrf2 = {
|
|
@@ -4230,7 +4246,7 @@ var xss3 = {
|
|
|
4230
4246
|
};
|
|
4231
4247
|
|
|
4232
4248
|
// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
|
|
4233
|
-
var
|
|
4249
|
+
var vulnerabilities13 = {
|
|
4234
4250
|
["CMDi" /* CmDi */]: commandInjection2,
|
|
4235
4251
|
["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: graphqlDepthLimit,
|
|
4236
4252
|
["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness2,
|
|
@@ -4252,7 +4268,7 @@ var vulnerabilities12 = {
|
|
|
4252
4268
|
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: hardcodedDomainInHtml,
|
|
4253
4269
|
["CSRF" /* Csrf */]: csrf2
|
|
4254
4270
|
};
|
|
4255
|
-
var js_default =
|
|
4271
|
+
var js_default = vulnerabilities13;
|
|
4256
4272
|
|
|
4257
4273
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/duplicatedStrings.ts
|
|
4258
4274
|
var duplicatedStrings2 = {
|
|
@@ -4303,14 +4319,14 @@ var uncheckedLoopCondition3 = {
|
|
|
4303
4319
|
};
|
|
4304
4320
|
|
|
4305
4321
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
|
|
4306
|
-
var
|
|
4322
|
+
var vulnerabilities14 = {
|
|
4307
4323
|
["CSRF" /* Csrf */]: csrf2,
|
|
4308
4324
|
["LOG_FORGING" /* LogForging */]: logForging5,
|
|
4309
4325
|
["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect3,
|
|
4310
4326
|
["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition3,
|
|
4311
4327
|
["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings2
|
|
4312
4328
|
};
|
|
4313
|
-
var python_default2 =
|
|
4329
|
+
var python_default2 = vulnerabilities14;
|
|
4314
4330
|
|
|
4315
4331
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/unboundedOccurrences.ts
|
|
4316
4332
|
var unboundedOccurrences = {
|
|
@@ -4324,10 +4340,10 @@ A value too high will cause performance issues up to and including denial of ser
|
|
|
4324
4340
|
};
|
|
4325
4341
|
|
|
4326
4342
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
4327
|
-
var
|
|
4343
|
+
var vulnerabilities15 = {
|
|
4328
4344
|
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: unboundedOccurrences
|
|
4329
4345
|
};
|
|
4330
|
-
var xml_default2 =
|
|
4346
|
+
var xml_default2 = vulnerabilities15;
|
|
4331
4347
|
|
|
4332
4348
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
4333
4349
|
var StoredQuestionDataItemZ = z4.object({
|