mobbdev 1.0.50 → 1.0.53
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +59 -4
- package/package.json +2 -1
package/dist/index.mjs
CHANGED
|
@@ -154,6 +154,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
|
154
154
|
IssueType_Enum2["MissingCspHeader"] = "MISSING_CSP_HEADER";
|
|
155
155
|
IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
|
|
156
156
|
IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
|
|
157
|
+
IssueType_Enum2["MissingSslMinversion"] = "MISSING_SSL_MINVERSION";
|
|
157
158
|
IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
|
|
158
159
|
IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
|
|
159
160
|
IssueType_Enum2["NoEquivalenceMethod"] = "NO_EQUIVALENCE_METHOD";
|
|
@@ -190,6 +191,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
|
190
191
|
IssueType_Enum2["WcfMisconfigurationThrottlingNotEnabled"] = "WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED";
|
|
191
192
|
IssueType_Enum2["WeakEncryption"] = "WEAK_ENCRYPTION";
|
|
192
193
|
IssueType_Enum2["WeakXmlSchemaUnboundedOccurrences"] = "WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES";
|
|
194
|
+
IssueType_Enum2["WebsocketMissingOriginCheck"] = "WEBSOCKET_MISSING_ORIGIN_CHECK";
|
|
193
195
|
IssueType_Enum2["Xss"] = "XSS";
|
|
194
196
|
IssueType_Enum2["Xxe"] = "XXE";
|
|
195
197
|
IssueType_Enum2["ZipSlip"] = "ZIP_SLIP";
|
|
@@ -895,6 +897,7 @@ var FixPageFixReportZ = z3.object({
|
|
|
895
897
|
});
|
|
896
898
|
|
|
897
899
|
// src/features/analysis/scm/shared/src/types/issue.ts
|
|
900
|
+
var MAX_SOURCE_CODE_FILE_SIZE_IN_BYTES = 1e5;
|
|
898
901
|
var category = {
|
|
899
902
|
NoFix: "NoFix",
|
|
900
903
|
Unsupported: "Unsupported",
|
|
@@ -928,7 +931,35 @@ var BaseIssuePartsZ = z4.object({
|
|
|
928
931
|
index: z4.number()
|
|
929
932
|
})
|
|
930
933
|
).transform((nodes) => nodes.sort((a, b) => b.index - a.index)),
|
|
931
|
-
|
|
934
|
+
sourceCodeNodes: z4.array(
|
|
935
|
+
z4.object({
|
|
936
|
+
sourceCodeFile: z4.object({
|
|
937
|
+
path: z4.string(),
|
|
938
|
+
signedFile: z4.object({
|
|
939
|
+
url: z4.string()
|
|
940
|
+
})
|
|
941
|
+
})
|
|
942
|
+
}).transform(async ({ sourceCodeFile }) => {
|
|
943
|
+
const { url } = sourceCodeFile.signedFile;
|
|
944
|
+
const sourceCodeRes = await fetch(url);
|
|
945
|
+
if (Number(sourceCodeRes.headers.get("Content-Length")) > MAX_SOURCE_CODE_FILE_SIZE_IN_BYTES) {
|
|
946
|
+
return null;
|
|
947
|
+
}
|
|
948
|
+
return {
|
|
949
|
+
path: sourceCodeFile.path,
|
|
950
|
+
fileContent: await sourceCodeRes.text()
|
|
951
|
+
};
|
|
952
|
+
})
|
|
953
|
+
).transform((nodes) => nodes.filter((node) => node !== null)),
|
|
954
|
+
fix: FixPartsForFixScreenZ.nullish(),
|
|
955
|
+
vulnerabilityReportIssueNodeDiffFile: z4.object({
|
|
956
|
+
signedFile: z4.object({
|
|
957
|
+
url: z4.string()
|
|
958
|
+
}).transform(async ({ url }) => {
|
|
959
|
+
const codeDiff = await fetch(url).then((res) => res.text());
|
|
960
|
+
return { codeDiff };
|
|
961
|
+
})
|
|
962
|
+
}).nullish()
|
|
932
963
|
});
|
|
933
964
|
var FalsePositivePartsZ = z4.object({
|
|
934
965
|
extraContext: z4.array(z4.object({ key: z4.string(), value: z4.string() })),
|
|
@@ -1069,7 +1100,9 @@ var issueTypeMap = {
|
|
|
1069
1100
|
["CODE_IN_COMMENT" /* CodeInComment */]: "Code in Comment",
|
|
1070
1101
|
["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: "Regex Missing Timeout",
|
|
1071
1102
|
["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: "Frameable Login Page",
|
|
1072
|
-
["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: "Use of Hardcoded Cryptographic Key"
|
|
1103
|
+
["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: "Use of Hardcoded Cryptographic Key",
|
|
1104
|
+
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: "Missing SSL MinVersion",
|
|
1105
|
+
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: "Missing Websocket Origin Check"
|
|
1073
1106
|
};
|
|
1074
1107
|
var issueTypeZ = z5.nativeEnum(IssueType_Enum);
|
|
1075
1108
|
var getIssueTypeFriendlyString = (issueType) => {
|
|
@@ -1972,7 +2005,9 @@ var fixDetailsData = {
|
|
|
1972
2005
|
["CODE_IN_COMMENT" /* CodeInComment */]: void 0,
|
|
1973
2006
|
["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: void 0,
|
|
1974
2007
|
["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: void 0,
|
|
1975
|
-
["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: void 0
|
|
2008
|
+
["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: void 0,
|
|
2009
|
+
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: void 0,
|
|
2010
|
+
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: void 0
|
|
1976
2011
|
};
|
|
1977
2012
|
|
|
1978
2013
|
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
@@ -2534,9 +2569,29 @@ var logForging2 = {
|
|
|
2534
2569
|
}
|
|
2535
2570
|
};
|
|
2536
2571
|
|
|
2572
|
+
// src/features/analysis/scm/shared/src/storedQuestionData/go/missingSslMinversion.ts
|
|
2573
|
+
var missingSslMinversion = {
|
|
2574
|
+
minTlsVersion: {
|
|
2575
|
+
content: () => "What is the minimum version of Transport Layer Security (TLS) you allow? Ensure compatibility between the server and clients.",
|
|
2576
|
+
description: () => "",
|
|
2577
|
+
guidance: () => ""
|
|
2578
|
+
}
|
|
2579
|
+
};
|
|
2580
|
+
|
|
2581
|
+
// src/features/analysis/scm/shared/src/storedQuestionData/go/websocketMissingOriginCheck.ts
|
|
2582
|
+
var websocketMissingOriginCheck = {
|
|
2583
|
+
minTlsVersion: {
|
|
2584
|
+
content: () => "Please provide a comma-separated list of valid hosts. This list will serve as an allow list to check the connection `Origin` header.",
|
|
2585
|
+
description: () => "",
|
|
2586
|
+
guidance: () => ""
|
|
2587
|
+
}
|
|
2588
|
+
};
|
|
2589
|
+
|
|
2537
2590
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
2538
2591
|
var vulnerabilities10 = {
|
|
2539
|
-
["LOG_FORGING" /* LogForging */]: logForging2
|
|
2592
|
+
["LOG_FORGING" /* LogForging */]: logForging2,
|
|
2593
|
+
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: missingSslMinversion,
|
|
2594
|
+
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: websocketMissingOriginCheck
|
|
2540
2595
|
};
|
|
2541
2596
|
var go_default2 = vulnerabilities10;
|
|
2542
2597
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mobbdev",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.53",
|
|
4
4
|
"description": "Automated secure code remediation tool",
|
|
5
5
|
"repository": "git+https://github.com/mobb-dev/bugsy.git",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -100,6 +100,7 @@
|
|
|
100
100
|
"eslint-plugin-import": "2.31.0",
|
|
101
101
|
"eslint-plugin-prettier": "5.2.3",
|
|
102
102
|
"eslint-plugin-simple-import-sort": "10.0.0",
|
|
103
|
+
"nock": "14.0.1",
|
|
103
104
|
"prettier": "3.5.1",
|
|
104
105
|
"tsup": "7.2.0",
|
|
105
106
|
"typescript": "4.9.5",
|