mobbdev 1.0.51 → 1.0.53
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +46 -4
- package/package.json +2 -1
package/dist/index.mjs
CHANGED
|
@@ -191,6 +191,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
|
191
191
|
IssueType_Enum2["WcfMisconfigurationThrottlingNotEnabled"] = "WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED";
|
|
192
192
|
IssueType_Enum2["WeakEncryption"] = "WEAK_ENCRYPTION";
|
|
193
193
|
IssueType_Enum2["WeakXmlSchemaUnboundedOccurrences"] = "WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES";
|
|
194
|
+
IssueType_Enum2["WebsocketMissingOriginCheck"] = "WEBSOCKET_MISSING_ORIGIN_CHECK";
|
|
194
195
|
IssueType_Enum2["Xss"] = "XSS";
|
|
195
196
|
IssueType_Enum2["Xxe"] = "XXE";
|
|
196
197
|
IssueType_Enum2["ZipSlip"] = "ZIP_SLIP";
|
|
@@ -896,6 +897,7 @@ var FixPageFixReportZ = z3.object({
|
|
|
896
897
|
});
|
|
897
898
|
|
|
898
899
|
// src/features/analysis/scm/shared/src/types/issue.ts
|
|
900
|
+
var MAX_SOURCE_CODE_FILE_SIZE_IN_BYTES = 1e5;
|
|
899
901
|
var category = {
|
|
900
902
|
NoFix: "NoFix",
|
|
901
903
|
Unsupported: "Unsupported",
|
|
@@ -929,7 +931,35 @@ var BaseIssuePartsZ = z4.object({
|
|
|
929
931
|
index: z4.number()
|
|
930
932
|
})
|
|
931
933
|
).transform((nodes) => nodes.sort((a, b) => b.index - a.index)),
|
|
932
|
-
|
|
934
|
+
sourceCodeNodes: z4.array(
|
|
935
|
+
z4.object({
|
|
936
|
+
sourceCodeFile: z4.object({
|
|
937
|
+
path: z4.string(),
|
|
938
|
+
signedFile: z4.object({
|
|
939
|
+
url: z4.string()
|
|
940
|
+
})
|
|
941
|
+
})
|
|
942
|
+
}).transform(async ({ sourceCodeFile }) => {
|
|
943
|
+
const { url } = sourceCodeFile.signedFile;
|
|
944
|
+
const sourceCodeRes = await fetch(url);
|
|
945
|
+
if (Number(sourceCodeRes.headers.get("Content-Length")) > MAX_SOURCE_CODE_FILE_SIZE_IN_BYTES) {
|
|
946
|
+
return null;
|
|
947
|
+
}
|
|
948
|
+
return {
|
|
949
|
+
path: sourceCodeFile.path,
|
|
950
|
+
fileContent: await sourceCodeRes.text()
|
|
951
|
+
};
|
|
952
|
+
})
|
|
953
|
+
).transform((nodes) => nodes.filter((node) => node !== null)),
|
|
954
|
+
fix: FixPartsForFixScreenZ.nullish(),
|
|
955
|
+
vulnerabilityReportIssueNodeDiffFile: z4.object({
|
|
956
|
+
signedFile: z4.object({
|
|
957
|
+
url: z4.string()
|
|
958
|
+
}).transform(async ({ url }) => {
|
|
959
|
+
const codeDiff = await fetch(url).then((res) => res.text());
|
|
960
|
+
return { codeDiff };
|
|
961
|
+
})
|
|
962
|
+
}).nullish()
|
|
933
963
|
});
|
|
934
964
|
var FalsePositivePartsZ = z4.object({
|
|
935
965
|
extraContext: z4.array(z4.object({ key: z4.string(), value: z4.string() })),
|
|
@@ -1071,7 +1101,8 @@ var issueTypeMap = {
|
|
|
1071
1101
|
["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: "Regex Missing Timeout",
|
|
1072
1102
|
["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: "Frameable Login Page",
|
|
1073
1103
|
["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: "Use of Hardcoded Cryptographic Key",
|
|
1074
|
-
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: "Missing SSL MinVersion"
|
|
1104
|
+
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: "Missing SSL MinVersion",
|
|
1105
|
+
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: "Missing Websocket Origin Check"
|
|
1075
1106
|
};
|
|
1076
1107
|
var issueTypeZ = z5.nativeEnum(IssueType_Enum);
|
|
1077
1108
|
var getIssueTypeFriendlyString = (issueType) => {
|
|
@@ -1975,7 +2006,8 @@ var fixDetailsData = {
|
|
|
1975
2006
|
["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: void 0,
|
|
1976
2007
|
["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: void 0,
|
|
1977
2008
|
["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: void 0,
|
|
1978
|
-
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: void 0
|
|
2009
|
+
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: void 0,
|
|
2010
|
+
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: void 0
|
|
1979
2011
|
};
|
|
1980
2012
|
|
|
1981
2013
|
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
@@ -2546,10 +2578,20 @@ var missingSslMinversion = {
|
|
|
2546
2578
|
}
|
|
2547
2579
|
};
|
|
2548
2580
|
|
|
2581
|
+
// src/features/analysis/scm/shared/src/storedQuestionData/go/websocketMissingOriginCheck.ts
|
|
2582
|
+
var websocketMissingOriginCheck = {
|
|
2583
|
+
minTlsVersion: {
|
|
2584
|
+
content: () => "Please provide a comma-separated list of valid hosts. This list will serve as an allow list to check the connection `Origin` header.",
|
|
2585
|
+
description: () => "",
|
|
2586
|
+
guidance: () => ""
|
|
2587
|
+
}
|
|
2588
|
+
};
|
|
2589
|
+
|
|
2549
2590
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
2550
2591
|
var vulnerabilities10 = {
|
|
2551
2592
|
["LOG_FORGING" /* LogForging */]: logForging2,
|
|
2552
|
-
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: missingSslMinversion
|
|
2593
|
+
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: missingSslMinversion,
|
|
2594
|
+
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: websocketMissingOriginCheck
|
|
2553
2595
|
};
|
|
2554
2596
|
var go_default2 = vulnerabilities10;
|
|
2555
2597
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mobbdev",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.53",
|
|
4
4
|
"description": "Automated secure code remediation tool",
|
|
5
5
|
"repository": "git+https://github.com/mobb-dev/bugsy.git",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -100,6 +100,7 @@
|
|
|
100
100
|
"eslint-plugin-import": "2.31.0",
|
|
101
101
|
"eslint-plugin-prettier": "5.2.3",
|
|
102
102
|
"eslint-plugin-simple-import-sort": "10.0.0",
|
|
103
|
+
"nock": "14.0.1",
|
|
103
104
|
"prettier": "3.5.1",
|
|
104
105
|
"tsup": "7.2.0",
|
|
105
106
|
"typescript": "4.9.5",
|