mobbdev 1.0.141 → 1.0.145

package/dist/index.mjs

@@ -1601,6 +1601,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["Redos"] = "REDOS";
   IssueType_Enum2["RegexInjection"] = "REGEX_INJECTION";
   IssueType_Enum2["RegexMissingTimeout"] = "REGEX_MISSING_TIMEOUT";
+  IssueType_Enum2["RequestParametersBoundViaInput"] = "REQUEST_PARAMETERS_BOUND_VIA_INPUT";
   IssueType_Enum2["ReturnShouldNotBeInvariant"] = "RETURN_SHOULD_NOT_BE_INVARIANT";
   IssueType_Enum2["SqlInjection"] = "SQL_Injection";
   IssueType_Enum2["Ssrf"] = "SSRF";
@@ -1619,6 +1620,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["UnsafeWebThread"] = "UNSAFE_WEB_THREAD";
   IssueType_Enum2["UnvalidatedPublicMethodArgument"] = "UNVALIDATED_PUBLIC_METHOD_ARGUMENT";
   IssueType_Enum2["UselessRegexpCharEscape"] = "USELESS_REGEXP_CHAR_ESCAPE";
+  IssueType_Enum2["UselessTernary"] = "USELESS_TERNARY";
   IssueType_Enum2["UseOfHardCodedCryptographicKey"] = "USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY";
   IssueType_Enum2["UseOfSystemOutputStream"] = "USE_OF_SYSTEM_OUTPUT_STREAM";
   IssueType_Enum2["ValueNeverRead"] = "VALUE_NEVER_READ";
@@ -2662,7 +2664,9 @@ var fixDetailsData = {
   ["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: void 0,
   ["PORT_ALL_INTERFACES" /* PortAllInterfaces */]: void 0,
   ["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: void 0,
-  ["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: void 0
+  ["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: void 0,
+  ["USELESS_TERNARY" /* UselessTernary */]: void 0,
+  ["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: void 0
 };
 
 // src/features/analysis/scm/shared/src/getIssueType.ts
@@ -2787,7 +2791,9 @@ var issueTypeMap = {
   ["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: "Missing Encoding File Open",
   ["PORT_ALL_INTERFACES" /* PortAllInterfaces */]: "Port All Interfaces",
   ["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: "Writable Filesystem Service",
-  ["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: "No New Privileges"
+  ["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: "No New Privileges",
+  ["USELESS_TERNARY" /* UselessTernary */]: "Useless Ternary",
+  ["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: "Request Parameters Bound Via Input"
 };
 var issueTypeZ = z.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -3287,6 +3293,15 @@ var regexMissingTimeout = {
   }
 };
 
+// src/features/analysis/scm/shared/src/storedQuestionData/csharp/requestParametersBoundViaInput.ts
+var requestParametersBoundViaInput = {
+  fieldsToCopy: {
+    content: () => "Please list all the fields you expect as input from the user. Use comma separated list.",
+    description: () => `This is meant to avoid mass assignment vulnerabilities, where the user would enter an inner unexpected field`,
+    guidance: () => ""
+  }
+};
+
 // src/features/analysis/scm/shared/src/storedQuestionData/csharp/sqlInjection.ts
 var sqlInjection2 = {
   databaseProvider: {
@@ -3442,7 +3457,8 @@ var vulnerabilities10 = {
   ["VALUE_SHADOWING" /* ValueShadowing */]: valueShadowing,
   ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness,
   ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: insufficientLogging,
-  ["SQL_Injection" /* SqlInjection */]: sqlInjection2
+  ["SQL_Injection" /* SqlInjection */]: sqlInjection2,
+  ["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: requestParametersBoundViaInput
 };
 var csharp_default2 = vulnerabilities10;
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.141",
+  "version": "1.0.145",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",