mobbdev 1.0.199 → 1.0.201

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/args/commands/upload_ai_blame.mjs +18 -0
  2. package/dist/hash_search/index.d.mts +10 -0
  3. package/dist/hash_search/index.mjs +112 -0
  4. package/dist/index.mjs +18 -0
  5. package/package.json +2 -1
package/dist/args/commands/upload_ai_blame.mjs CHANGED
@@ -1647,6 +1647,19 @@ var getIssueTypeFriendlyString = (issueType) => {
1647
1647
  }
1648
1648
  return issueTypeMap[issueTypeZParseRes.data];
1649
1649
  };
1650
+ var statusMap = {
1651
+ ["Digested" /* Digested */]: "Digested",
1652
+ ["Error" /* Error */]: "Error",
1653
+ ["FalsePositive" /* FalsePositive */]: "False Positive",
1654
+ ["Filtered" /* Filtered */]: "Filtered",
1655
+ ["FilteredAiQuota" /* FilteredAiQuota */]: "Filtered AI Quota",
1656
+ ["Fixed" /* Fixed */]: "Fixable",
1657
+ ["NoFix" /* NoFix */]: "No Fix",
1658
+ ["Pending" /* Pending */]: "Pending",
1659
+ ["Unfixable" /* Unfixable */]: "Unfixable",
1660
+ ["Unsupported" /* Unsupported */]: "Unsupported"
1661
+ };
1662
+ var statusZ = z5.nativeEnum(Vulnerability_Report_Issue_State_Enum);
1650
1663
  var issueDescription = {
1651
1664
  ["AUTOGENERATED_CODE" /* AutogeneratedCode */]: "The flagged code is generated automatically by tools or frameworks as part of the build or runtime process. This categorization highlights that **the issue resides in non-manual code**, which often requires tool-specific solutions or exemptions.",
1652
1665
  ["AUXILIARY_CODE" /* AuxiliaryCode */]: "The flagged code is auxiliary or supporting code, such as configuration files, build scripts, or other non-application logic. This categorization indicates that the issue is not directly related to the application's core functionality.",
@@ -3824,6 +3837,11 @@ var xss3 = {
3824
3837
  content: ({ expression }) => `Is the expression \`${expression}\` supposed to be not sanitized in this context?`,
3825
3838
  description: () => "You are using unsafe string substitution in the template. This means that if the expression can contain maliciously crafted data, it may lead to XSS injection. To apply the fix, you have to make sure the expression is not sanitized on the backend already, and it does not represent an HTML code block.",
3826
3839
  guidance: () => ""
3840
+ },
3841
+ isServerSideCode: {
3842
+ content: () => "Is this code running on the server side (a NodeJS application)",
3843
+ description: () => "The fix to this vulnerability is different is the code runs in the client (browser) or the server side (NodeJs)",
3844
+ guidance: () => ""
3827
3845
  }
3828
3846
  };
3829
3847
 
package/dist/hash_search/index.d.mts ADDED
@@ -0,0 +1,10 @@
1
+ import { Buffer } from 'node:buffer';
2
+
3
+ declare class HashSearchError extends Error {
4
+ constructor(message: string);
5
+ }
6
+
7
+ declare function createIndex(originalText: string, windowSize?: number): Promise<Buffer>;
8
+ declare function searchIndex(searchText: string, index: Buffer): Promise<number[]>;
9
+
10
+ export { HashSearchError, createIndex, searchIndex };
package/dist/hash_search/index.mjs ADDED
@@ -0,0 +1,112 @@
1
+ // src/hash_search/index.ts
2
+ import { Buffer } from "buffer";
3
+ import { randomBytes } from "crypto";
4
+ import { blake3 } from "hash-wasm";
5
+
6
+ // src/hash_search/errors.ts
7
+ var HashSearchError = class _HashSearchError extends Error {
8
+ constructor(message) {
9
+ super(message);
10
+ this.name = "HashSearchError";
11
+ Object.setPrototypeOf(this, _HashSearchError.prototype);
12
+ }
13
+ };
14
+
15
+ // src/hash_search/index.ts
16
+ var MIN_WINDOW_SIZE = 8;
17
+ var DEFAULT_WINDOW_SIZE = 30;
18
+ async function createIndex(originalText, windowSize = DEFAULT_WINDOW_SIZE) {
19
+ if (!originalText || typeof originalText !== "string") {
20
+ throw new HashSearchError("Original text must be a non-empty string");
21
+ }
22
+ if (windowSize < MIN_WINDOW_SIZE) {
23
+ throw new HashSearchError(`Window size must be at least ${MIN_WINDOW_SIZE}`);
24
+ }
25
+ if (originalText.length < windowSize) {
26
+ throw new HashSearchError(
27
+ `Text length must be at least ${windowSize} characters (window size)`
28
+ );
29
+ }
30
+ const originalLength = originalText.length;
31
+ const paddingNeeded = (windowSize - originalLength % windowSize) % windowSize;
32
+ const paddedText = originalText + "\0".repeat(paddingNeeded);
33
+ const numChunks = paddedText.length - windowSize + 1;
34
+ const bufferSize = 12 + numChunks * 24;
35
+ const buffer = Buffer.alloc(bufferSize);
36
+ buffer.writeUInt8(114, 0);
37
+ buffer.writeUInt8(131, 1);
38
+ buffer.writeUInt8(0, 2);
39
+ buffer.writeUInt8(1, 3);
40
+ buffer.writeUInt32BE(originalLength, 4);
41
+ buffer.writeUInt32BE(windowSize, 8);
42
+ for (let i = 0; i < numChunks; i++) {
43
+ const chunk = paddedText.slice(i, i + windowSize);
44
+ const salt = randomBytes(8);
45
+ const dataToHash = Buffer.concat([salt, Buffer.from(chunk, "utf-8")]);
46
+ const hashHex = await blake3(dataToHash, 128);
47
+ const hash = Buffer.from(hashHex, "hex");
48
+ const offset = 12 + i * 24;
49
+ salt.copy(buffer, offset);
50
+ hash.copy(buffer, offset + 8);
51
+ }
52
+ return buffer;
53
+ }
54
+ async function searchIndex(searchText, index) {
55
+ if (!searchText || typeof searchText !== "string") {
56
+ throw new HashSearchError("Search text must be a non-empty string");
57
+ }
58
+ if (!Buffer.isBuffer(index)) {
59
+ throw new HashSearchError("Index must be a Buffer");
60
+ }
61
+ if (index.length < 12) {
62
+ throw new HashSearchError("Invalid index buffer: too small");
63
+ }
64
+ if ((index.length - 12) % 24 !== 0) {
65
+ throw new HashSearchError("Invalid index buffer: incorrect structure");
66
+ }
67
+ if (index.readUInt8(0) !== 114 || index.readUInt8(1) !== 131 || index.readUInt8(2) !== 0 || index.readUInt8(3) !== 1) {
68
+ throw new HashSearchError("Invalid magic number in index buffer");
69
+ }
70
+ const windowSize = index.readUInt32BE(8);
71
+ if (searchText.length < windowSize) {
72
+ throw new HashSearchError(
73
+ `Search text must be at least ${windowSize} characters (window size)`
74
+ );
75
+ }
76
+ const originalTextLength = index.readUInt32BE(4);
77
+ const searchLength = searchText.length;
78
+ const paddingNeeded = (windowSize - searchLength % windowSize) % windowSize;
79
+ const paddedSearch = searchText + "\0".repeat(paddingNeeded);
80
+ const numPositions = (index.length - 12) / 24;
81
+ const searchChunks = searchLength - windowSize + 1;
82
+ const results = [];
83
+ for (let startPos = 0; startPos <= numPositions - searchChunks; startPos++) {
84
+ let match = true;
85
+ for (let j = 0; j < searchChunks; j++) {
86
+ const searchChunk = paddedSearch.slice(j, j + windowSize);
87
+ const saltOffset = 12 + (startPos + j) * 24;
88
+ const salt = index.subarray(saltOffset, saltOffset + 8);
89
+ const dataToHash = Buffer.concat([
90
+ salt,
91
+ Buffer.from(searchChunk, "utf-8")
92
+ ]);
93
+ const expectedHashHex = await blake3(dataToHash, 128);
94
+ const expectedHash = Buffer.from(expectedHashHex, "hex");
95
+ const hashOffset = saltOffset + 8;
96
+ const actualHash = index.subarray(hashOffset, hashOffset + 16);
97
+ if (!expectedHash.equals(actualHash)) {
98
+ match = false;
99
+ break;
100
+ }
101
+ }
102
+ if (match && startPos + searchLength <= originalTextLength) {
103
+ results.push(startPos);
104
+ }
105
+ }
106
+ return results;
107
+ }
108
+ export {
109
+ HashSearchError,
110
+ createIndex,
111
+ searchIndex
112
+ };
package/dist/index.mjs CHANGED
@@ -3075,6 +3075,19 @@ var getIssueTypeFriendlyString = (issueType) => {
3075
3075
  }
3076
3076
  return issueTypeMap[issueTypeZParseRes.data];
3077
3077
  };
3078
+ var statusMap = {
3079
+ ["Digested" /* Digested */]: "Digested",
3080
+ ["Error" /* Error */]: "Error",
3081
+ ["FalsePositive" /* FalsePositive */]: "False Positive",
3082
+ ["Filtered" /* Filtered */]: "Filtered",
3083
+ ["FilteredAiQuota" /* FilteredAiQuota */]: "Filtered AI Quota",
3084
+ ["Fixed" /* Fixed */]: "Fixable",
3085
+ ["NoFix" /* NoFix */]: "No Fix",
3086
+ ["Pending" /* Pending */]: "Pending",
3087
+ ["Unfixable" /* Unfixable */]: "Unfixable",
3088
+ ["Unsupported" /* Unsupported */]: "Unsupported"
3089
+ };
3090
+ var statusZ = z.nativeEnum(Vulnerability_Report_Issue_State_Enum);
3078
3091
  function getTagTooltip(tag) {
3079
3092
  switch (tag) {
3080
3093
  case "FALSE_POSITIVE":
@@ -4551,6 +4564,11 @@ var xss3 = {
4551
4564
  content: ({ expression }) => `Is the expression \`${expression}\` supposed to be not sanitized in this context?`,
4552
4565
  description: () => "You are using unsafe string substitution in the template. This means that if the expression can contain maliciously crafted data, it may lead to XSS injection. To apply the fix, you have to make sure the expression is not sanitized on the backend already, and it does not represent an HTML code block.",
4553
4566
  guidance: () => ""
4567
+ },
4568
+ isServerSideCode: {
4569
+ content: () => "Is this code running on the server side (a NodeJS application)",
4570
+ description: () => "The fix to this vulnerability is different is the code runs in the client (browser) or the server side (NodeJs)",
4571
+ guidance: () => ""
4554
4572
  }
4555
4573
  };
4556
4574
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mobbdev",
3
- "version": "1.0.199",
3
+ "version": "1.0.201",
4
4
  "description": "Automated secure code remediation tool",
5
5
  "repository": "git+https://github.com/mobb-dev/bugsy.git",
6
6
  "main": "dist/index.mjs",
@@ -71,6 +71,7 @@
71
71
  "graphql": "16.11.0",
72
72
  "graphql-request": "6.1.0",
73
73
  "graphql-ws": "5.16.2",
74
+ "hash-wasm": "4.12.0",
74
75
  "http-proxy-agent": "7.0.2",
75
76
  "https-proxy-agent": "7.0.6",
76
77
  "ignore": "7.0.5",