mobbdev 1.0.155 → 1.0.157

package/dist/index.mjs

@@ -369,75 +369,18 @@ var init_ExcludedDirs = __esm({
   }
 });
 
-// src/features/analysis/scm/services/ExcludedFilePatterns.ts
-var EXCLUDED_FILE_PATTERNS;
-var init_ExcludedFilePatterns = __esm({
-  "src/features/analysis/scm/services/ExcludedFilePatterns.ts"() {
+// src/features/analysis/scm/services/FilePatterns.ts
+var EXCLUDED_FILE_PATTERNS, SUPPORTED_EXTENSIONS, IMPORTANT_PROJECT_FILES;
+var init_FilePatterns = __esm({
+  "src/features/analysis/scm/services/FilePatterns.ts"() {
     "use strict";
     EXCLUDED_FILE_PATTERNS = [
-      ".json",
-      ".snap",
-      ".env.vault",
-      ".env",
-      ".yaml",
-      ".yml",
-      ".toml",
-      ".ini",
-      ".conf",
-      ".config",
-      ".xml",
-      ".env",
-      ".md",
-      ".txt",
-      ".rst",
-      ".adoc",
-      ".lock",
-      ".png",
-      ".jpg",
-      ".jpeg",
-      ".gif",
-      ".svg",
-      ".ico",
-      ".webp",
-      ".bmp",
-      ".tiff",
-      ".ttf",
-      ".otf",
-      ".woff",
-      ".woff2",
-      ".eot",
-      ".zip",
-      ".tar",
-      ".gz",
-      ".rar",
-      ".7z",
-      ".log",
-      ".db",
-      ".sqlite",
-      ".sql",
-      ".pem",
-      ".crt",
-      ".key",
-      ".p12",
-      ".pfx",
-      ".editorconfig",
-      ".sublime-project",
-      ".sublime-workspace",
-      ".DS_Store",
-      "Thumbs.db",
-      ".lcov",
-      ".exe",
-      ".dll",
-      ".so",
-      ".dylib",
-      ".class",
-      ".pyc",
-      ".pyo",
-      ".o",
-      ".obj",
+      // Minified and bundled files (have supported extensions but should be excluded)
       ".min.js",
-      ".min.css",
       ".min.html",
+      ".bundle.js",
+      ".chunk.js",
+      // Test files (have supported extensions but should be excluded)
       ".test.js",
       ".test.ts",
       ".test.jsx",
@@ -446,30 +389,17 @@ var init_ExcludedFilePatterns = __esm({
       ".spec.ts",
       ".spec.jsx",
       ".spec.tsx",
+      // TypeScript declaration files
       ".d.ts",
-      ".bundle.js",
-      ".chunk.js",
-      "dockerfile",
-      "jenkinsfile",
-      "go.sum",
-      ".gitignore",
-      ".gitattributes",
-      ".gitmodules",
-      ".gitkeep",
-      ".keep",
-      ".hgignore",
-      ".nvmrc",
-      ".node-version",
-      ".npmrc",
-      ".yarnrc",
+      // Runtime version files that have supported extensions
       ".pnpmfile.cjs",
-      ".ruby-version",
-      ".python-version",
-      ".rvmrc",
-      ".rbenv-version",
-      ".gvmrc",
-      "makefile",
-      "rakefile",
+      // Language-specific files with supported extensions that should be excluded
+      "go.sum",
+      "project.clj",
+      "setup.py",
+      "setup.cfg",
+      "manifest.in",
+      // Build tool configuration files (have supported extensions but should be excluded)
       "gulpfile.js",
       "gruntfile.js",
       "webpack.config.js",
@@ -481,41 +411,154 @@ var init_ExcludedFilePatterns = __esm({
       "nuxt.config.js",
       "tailwind.config.js",
       "postcss.config.js",
-      ".babelrc",
+      // Linter and formatter config files (with supported extensions)
       ".babelrc.js",
-      ".swcrc",
-      ".browserslistrc",
+      ".eslintrc.js",
+      ".prettierrc.js",
+      ".stylelintrc.js",
+      // Test framework config files (with supported extensions)
       "jest.config.js",
       "jest.config.ts",
       "vitest.config.js",
       "karma.conf.js",
       "protractor.conf.js",
       "cypress.config.js",
-      "playwright.config.js",
-      ".nycrc",
-      ".c8rc",
-      ".eslintrc",
-      ".eslintrc.js",
-      ".prettierrc",
-      ".prettierrc.js",
-      ".stylelintrc",
-      ".stylelintrc.js",
-      "pipfile",
-      "gemfile",
-      "go.mod",
-      "project.clj",
-      "setup.py",
-      "setup.cfg",
-      "manifest.in",
-      ".pythonrc",
-      "readme",
-      "changelog",
-      "authors",
-      "contributors",
-      "license",
-      "notice",
-      "copyright",
-      ".htaccess"
+      "playwright.config.js"
+    ];
+    SUPPORTED_EXTENSIONS = [
+      // Apex
+      ".cls",
+      // Bash
+      ".bash",
+      ".sh",
+      // C
+      ".c",
+      ".h",
+      // Cairo
+      ".cairo",
+      // Circom
+      ".circom",
+      // Clojure
+      ".clj",
+      ".cljs",
+      ".cljc",
+      ".edn",
+      // C++
+      ".cc",
+      ".cpp",
+      ".cxx",
+      ".c++",
+      ".pcc",
+      ".tpp",
+      ".C",
+      ".hh",
+      ".hpp",
+      ".hxx",
+      ".inl",
+      ".ipp",
+      // C#
+      ".cs",
+      // Dart
+      ".dart",
+      // Dockerfile
+      ".dockerfile",
+      ".Dockerfile",
+      "Dockerfile",
+      "dockerfile",
+      // Elixir
+      ".ex",
+      ".exs",
+      // Go
+      ".go",
+      // Hack
+      ".hack",
+      ".hck",
+      ".hh",
+      // HTML
+      ".htm",
+      ".html",
+      // Java
+      ".java",
+      // JavaScript
+      ".cjs",
+      ".js",
+      ".jsx",
+      ".mjs",
+      // JSON
+      ".json",
+      ".ipynb",
+      // Jsonnet
+      ".jsonnet",
+      ".libsonnet",
+      // Julia
+      ".jl",
+      // Kotlin
+      ".kt",
+      ".kts",
+      ".ktm",
+      // Lisp
+      ".lisp",
+      ".cl",
+      ".el",
+      // Lua
+      ".lua",
+      // Move (both Sui and Aptos)
+      ".move",
+      // OCaml
+      ".ml",
+      ".mli",
+      // PHP
+      ".php",
+      ".tpl",
+      ".phtml",
+      // PromQL
+      ".promql",
+      // Protocol Buffers
+      ".proto",
+      // Python
+      ".py",
+      ".pyi",
+      // QL
+      ".ql",
+      ".qll",
+      // R
+      ".r",
+      ".R",
+      // Ruby
+      ".rb",
+      // Rust
+      ".rs",
+      // Scala
+      ".scala",
+      // Scheme
+      ".scm",
+      ".ss",
+      // Solidity
+      ".sol",
+      // Swift
+      ".swift",
+      // Terraform
+      ".tf",
+      ".hcl",
+      ".tfvars",
+      // TypeScript
+      ".ts",
+      ".tsx",
+      // Vue
+      ".vue",
+      // XML
+      ".xml",
+      ".plist",
+      // YAML
+      ".yml",
+      ".yaml"
+    ];
+    IMPORTANT_PROJECT_FILES = [
+      "package.json",
+      "package-lock.json",
+      "pnpm-lock.yaml",
+      "yarn.lock",
+      "pom.xml"
     ];
   }
 });
@@ -531,11 +574,17 @@ var init_FileUtils = __esm({
     "use strict";
     init_configs();
     init_ExcludedDirs();
-    init_ExcludedFilePatterns();
+    init_FilePatterns();
     FileUtils = class {
+      // Important project configuration files that should always be included
       static isExcludedFileType(filepath) {
         const basename = path.basename(filepath).toLowerCase();
-        if (basename === ".env" || basename.startsWith(".env.")) {
+        if (IMPORTANT_PROJECT_FILES.includes(basename)) {
+          return false;
+        }
+        const ext = path.extname(filepath).toLowerCase();
+        const isSupported = SUPPORTED_EXTENSIONS.includes(ext) || SUPPORTED_EXTENSIONS.includes(basename);
+        if (!isSupported) {
           return true;
         }
         if (EXCLUDED_FILE_PATTERNS.some((pattern) => basename.endsWith(pattern))) {
@@ -1555,6 +1604,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["IncompleteSanitization"] = "INCOMPLETE_SANITIZATION";
   IssueType_Enum2["IncompleteUrlSanitization"] = "INCOMPLETE_URL_SANITIZATION";
   IssueType_Enum2["IncompleteUrlSchemeCheck"] = "INCOMPLETE_URL_SCHEME_CHECK";
+  IssueType_Enum2["IncorrectSqlApiUsage"] = "INCORRECT_SQL_API_USAGE";
   IssueType_Enum2["InformationExposureViaHeaders"] = "INFORMATION_EXPOSURE_VIA_HEADERS";
   IssueType_Enum2["InsecureBinderConfiguration"] = "INSECURE_BINDER_CONFIGURATION";
   IssueType_Enum2["InsecureCookie"] = "INSECURE_COOKIE";
@@ -1623,6 +1673,8 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["UselessTernary"] = "USELESS_TERNARY";
   IssueType_Enum2["UseOfHardCodedCryptographicKey"] = "USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY";
   IssueType_Enum2["UseOfSystemOutputStream"] = "USE_OF_SYSTEM_OUTPUT_STREAM";
+  IssueType_Enum2["UseRaiseForStatus"] = "USE_RAISE_FOR_STATUS";
+  IssueType_Enum2["UseSysExit"] = "USE_SYS_EXIT";
   IssueType_Enum2["ValueNeverRead"] = "VALUE_NEVER_READ";
   IssueType_Enum2["ValueShadowing"] = "VALUE_SHADOWING";
   IssueType_Enum2["WcfMisconfigurationInsufficientLogging"] = "WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING";
@@ -2666,7 +2718,10 @@ var fixDetailsData = {
   ["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: void 0,
   ["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: void 0,
   ["USELESS_TERNARY" /* UselessTernary */]: void 0,
-  ["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: void 0
+  ["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: void 0,
+  ["USE_SYS_EXIT" /* UseSysExit */]: void 0,
+  ["INCORRECT_SQL_API_USAGE" /* IncorrectSqlApiUsage */]: void 0,
+  ["USE_RAISE_FOR_STATUS" /* UseRaiseForStatus */]: void 0
 };
 
 // src/features/analysis/scm/shared/src/getIssueType.ts
@@ -2793,7 +2848,10 @@ var issueTypeMap = {
   ["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: "Writable Filesystem Service",
   ["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: "No New Privileges",
   ["USELESS_TERNARY" /* UselessTernary */]: "Useless Ternary",
-  ["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: "Request Parameters Bound Via Input"
+  ["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: "Request Parameters Bound Via Input",
+  ["USE_SYS_EXIT" /* UseSysExit */]: "Use Sys Exit",
+  ["INCORRECT_SQL_API_USAGE" /* IncorrectSqlApiUsage */]: "Incorrect SQL API Usage",
+  ["USE_RAISE_FOR_STATUS" /* UseRaiseForStatus */]: "Use Raise For Status"
 };
 var issueTypeZ = z.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -5229,7 +5287,6 @@ var ProjectVulnerabilityReport = z11.object({
     createdOn: z11.string(),
     issueTypes: z11.record(z11.string(), z11.number()).nullable(),
     issueLanguages: z11.record(z11.nativeEnum(IssueLanguage_Enum), z11.number()).nullable(),
-    fixesCountByEffort: z11.record(z11.nativeEnum(Effort_To_Apply_Fix_Enum), z11.number()).nullable(),
     repo: z11.object({
       originalUrl: z11.string(),
       reference: z11.string(),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.155",
+  "version": "1.0.157",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",
@@ -30,7 +30,6 @@
     "test:watch": "TOKEN=$(../../scripts/login_auth0.sh) vitest",
     "test:integration:proxy": "GIT_PROXY_HOST=http://tinyproxy:8888 HTTP_PROXY=http://localhost:8888 API_URL=http://app-api:8080/v1/graphql TOKEN=$(../../scripts/login_auth0.sh) vitest run --sequence.concurrent=false false integration.test.ts",
     "lint": "eslint --cache --max-warnings 0 --ignore-path .eslintignore --ext .ts,.tsx,.jsx,.graphql .",
-    "lint:fix": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx,.graphql . && prettier --write \"src/**/*.graphql\"",
     "lint:fix:files": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx,.graphql",
     "prepack": "dotenv-vault pull production .env && pnpm build",
     "dev:mcp": "pnpm run build && node dist/index.mjs mcp",