mobbdev 1.0.47 → 1.0.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.mjs +40 -11
  2. package/package.json +3 -3
package/dist/index.mjs CHANGED
@@ -154,6 +154,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
154
154
  IssueType_Enum2["MissingCspHeader"] = "MISSING_CSP_HEADER";
155
155
  IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
156
156
  IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
157
+ IssueType_Enum2["MissingSslMinversion"] = "MISSING_SSL_MINVERSION";
157
158
  IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
158
159
  IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
159
160
  IssueType_Enum2["NoEquivalenceMethod"] = "NO_EQUIVALENCE_METHOD";
@@ -1069,7 +1070,8 @@ var issueTypeMap = {
1069
1070
  ["CODE_IN_COMMENT" /* CodeInComment */]: "Code in Comment",
1070
1071
  ["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: "Regex Missing Timeout",
1071
1072
  ["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: "Frameable Login Page",
1072
- ["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: "Use of Hardcoded Cryptographic Key"
1073
+ ["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: "Use of Hardcoded Cryptographic Key",
1074
+ ["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: "Missing SSL MinVersion"
1073
1075
  };
1074
1076
  var issueTypeZ = z5.nativeEnum(IssueType_Enum);
1075
1077
  var getIssueTypeFriendlyString = (issueType) => {
@@ -1972,7 +1974,8 @@ var fixDetailsData = {
1972
1974
  ["CODE_IN_COMMENT" /* CodeInComment */]: void 0,
1973
1975
  ["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: void 0,
1974
1976
  ["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: void 0,
1975
- ["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: void 0
1977
+ ["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: void 0,
1978
+ ["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: void 0
1976
1979
  };
1977
1980
 
1978
1981
  // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -2534,9 +2537,19 @@ var logForging2 = {
2534
2537
  }
2535
2538
  };
2536
2539
 
2540
+ // src/features/analysis/scm/shared/src/storedQuestionData/go/missingSslMinversion.ts
2541
+ var missingSslMinversion = {
2542
+ minTlsVersion: {
2543
+ content: () => "What is the minimum version of Transport Layer Security (TLS) you allow? Ensure compatibility between the server and clients.",
2544
+ description: () => "",
2545
+ guidance: () => ""
2546
+ }
2547
+ };
2548
+
2537
2549
  // src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
2538
2550
  var vulnerabilities10 = {
2539
- ["LOG_FORGING" /* LogForging */]: logForging2
2551
+ ["LOG_FORGING" /* LogForging */]: logForging2,
2552
+ ["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: missingSslMinversion
2540
2553
  };
2541
2554
  var go_default2 = vulnerabilities10;
2542
2555
 
@@ -5896,6 +5909,9 @@ async function getGitlabIsUserCollaborator({
5896
5909
  const members = await api2.ProjectMembers.all(res.id, {
5897
5910
  includeInherited: true
5898
5911
  });
5912
+ if (!username) {
5913
+ return true;
5914
+ }
5899
5915
  return !!members.find((member) => member.username === username);
5900
5916
  } catch (e) {
5901
5917
  return false;
@@ -6254,7 +6270,14 @@ var GitlabSCMLib = class extends SCMLib {
6254
6270
  }
6255
6271
  async getUserHasAccessToRepo() {
6256
6272
  this._validateAccessTokenAndUrl();
6257
- const username = await this.getUsername();
6273
+ let username = void 0;
6274
+ try {
6275
+ username = await this.getUsername();
6276
+ } catch (e) {
6277
+ console.warn(
6278
+ "could not get username. this is okay if a project token is used"
6279
+ );
6280
+ }
6258
6281
  return getGitlabIsUserCollaborator({
6259
6282
  username,
6260
6283
  accessToken: this.accessToken,
@@ -8346,7 +8369,7 @@ async function uploadFile({
8346
8369
 
8347
8370
  // src/features/analysis/index.ts
8348
8371
  var { CliError: CliError2, Spinner: Spinner2 } = utils_exports;
8349
- function _getScanSource(command) {
8372
+ function _getScanSource(command, ci) {
8350
8373
  if (command === "review")
8351
8374
  return "AUTO_FIXER" /* AutoFixer */;
8352
8375
  const envToCi = [
@@ -8362,6 +8385,9 @@ function _getScanSource(command) {
8362
8385
  return source;
8363
8386
  }
8364
8387
  }
8388
+ if (ci) {
8389
+ return "CI_UNKNOWN" /* CiUnknown */;
8390
+ }
8365
8391
  return "CLI" /* Cli */;
8366
8392
  }
8367
8393
  async function downloadRepo({
@@ -8659,7 +8685,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
8659
8685
  gqlClient,
8660
8686
  fixReportId: reportUploadInfo.fixReportId,
8661
8687
  projectId,
8662
- command
8688
+ command,
8689
+ ci
8663
8690
  });
8664
8691
  uploadReportSpinner.success({ text: "\u{1F4C1} Report uploaded successfully" });
8665
8692
  const mobbSpinner = createSpinner5("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
@@ -8675,7 +8702,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
8675
8702
  sha,
8676
8703
  experimentalEnabled,
8677
8704
  pullRequest: params.pullRequest,
8678
- scanSource: _getScanSource(command)
8705
+ scanSource: _getScanSource(command, ci)
8679
8706
  }
8680
8707
  });
8681
8708
  if (sendReportRes.submitVulnerabilityReport.__typename !== "VulnerabilityReport") {
@@ -8780,7 +8807,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
8780
8807
  gqlClient,
8781
8808
  fixReportId: reportUploadInfo.fixReportId,
8782
8809
  projectId,
8783
- command
8810
+ command,
8811
+ ci
8784
8812
  });
8785
8813
  const srcFileStatus = await fsPromises.lstat(srcPath);
8786
8814
  const zippingSpinner = createSpinner5("\u{1F4E6} Zipping repo").start();
@@ -8817,7 +8845,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
8817
8845
  repoUrl: repo || gitInfo.repoUrl || getTopLevelDirName(srcPath),
8818
8846
  reference: ref || gitInfo.reference || "no-branch",
8819
8847
  sha: commitHash || gitInfo.hash || "0123456789abcdef",
8820
- scanSource: _getScanSource(command),
8848
+ scanSource: _getScanSource(command, ci),
8821
8849
  pullRequest: params.pullRequest
8822
8850
  }
8823
8851
  });
@@ -8876,7 +8904,8 @@ async function _digestReport({
8876
8904
  gqlClient,
8877
8905
  fixReportId,
8878
8906
  projectId,
8879
- command
8907
+ command,
8908
+ ci
8880
8909
  }) {
8881
8910
  const digestSpinner = createSpinner4(
8882
8911
  progressMassages.processingVulnerabilityReport
@@ -8886,7 +8915,7 @@ async function _digestReport({
8886
8915
  {
8887
8916
  fixReportId,
8888
8917
  projectId,
8889
- scanSource: _getScanSource(command)
8918
+ scanSource: _getScanSource(command, ci)
8890
8919
  }
8891
8920
  );
8892
8921
  try {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mobbdev",
3
- "version": "1.0.47",
3
+ "version": "1.0.51",
4
4
  "description": "Automated secure code remediation tool",
5
5
  "repository": "git+https://github.com/mobb-dev/bugsy.git",
6
6
  "main": "dist/index.js",
@@ -35,10 +35,10 @@
35
35
  "@octokit/core": "5.2.0",
36
36
  "@octokit/graphql": "5.0.6",
37
37
  "@octokit/plugin-rest-endpoint-methods": "7.2.3",
38
- "@octokit/request-error": "5.1.0",
38
+ "@octokit/request-error": "5.1.1",
39
39
  "@types/libsodium-wrappers": "0.7.14",
40
40
  "adm-zip": "0.5.16",
41
- "axios": "1.7.9",
41
+ "axios": "1.8.2",
42
42
  "azure-devops-node-api": "12.1.0",
43
43
  "bitbucket": "2.11.0",
44
44
  "chalk": "5.4.1",