mobbdev 1.0.7 → 1.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +36 -20
- package/package.json +2 -2
package/dist/index.mjs
CHANGED
|
@@ -110,7 +110,9 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
|
110
110
|
IssueType_Enum2["ClientDomStoredCodeInjection"] = "CLIENT_DOM_STORED_CODE_INJECTION";
|
|
111
111
|
IssueType_Enum2["CmDi"] = "CMDi";
|
|
112
112
|
IssueType_Enum2["CmDiRelativePathCommand"] = "CMDi_relative_path_command";
|
|
113
|
+
IssueType_Enum2["CodeInComment"] = "CODE_IN_COMMENT";
|
|
113
114
|
IssueType_Enum2["ConfusingNaming"] = "CONFUSING_NAMING";
|
|
115
|
+
IssueType_Enum2["Csrf"] = "CSRF";
|
|
114
116
|
IssueType_Enum2["DangerousFunctionOverflow"] = "DANGEROUS_FUNCTION_OVERFLOW";
|
|
115
117
|
IssueType_Enum2["DeadCodeUnusedField"] = "DEAD_CODE_UNUSED_FIELD";
|
|
116
118
|
IssueType_Enum2["DebugEnabled"] = "DEBUG_ENABLED";
|
|
@@ -179,6 +181,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
|
179
181
|
IssueType_Enum2["ValueShadowing"] = "VALUE_SHADOWING";
|
|
180
182
|
IssueType_Enum2["WcfMisconfigurationInsufficientLogging"] = "WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING";
|
|
181
183
|
IssueType_Enum2["WcfMisconfigurationThrottlingNotEnabled"] = "WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED";
|
|
184
|
+
IssueType_Enum2["WeakEncryption"] = "WEAK_ENCRYPTION";
|
|
182
185
|
IssueType_Enum2["WeakXmlSchemaUnboundedOccurrences"] = "WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES";
|
|
183
186
|
IssueType_Enum2["Xss"] = "XSS";
|
|
184
187
|
IssueType_Enum2["Xxe"] = "XXE";
|
|
@@ -201,12 +204,12 @@ var Vulnerability_Report_Vendor_Enum = /* @__PURE__ */ ((Vulnerability_Report_Ve
|
|
|
201
204
|
Vulnerability_Report_Vendor_Enum3["Sonarqube"] = "sonarqube";
|
|
202
205
|
return Vulnerability_Report_Vendor_Enum3;
|
|
203
206
|
})(Vulnerability_Report_Vendor_Enum || {});
|
|
204
|
-
var Vulnerability_Severity_Enum = /* @__PURE__ */ ((
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
return
|
|
207
|
+
var Vulnerability_Severity_Enum = /* @__PURE__ */ ((Vulnerability_Severity_Enum3) => {
|
|
208
|
+
Vulnerability_Severity_Enum3["Critical"] = "critical";
|
|
209
|
+
Vulnerability_Severity_Enum3["High"] = "high";
|
|
210
|
+
Vulnerability_Severity_Enum3["Low"] = "low";
|
|
211
|
+
Vulnerability_Severity_Enum3["Medium"] = "medium";
|
|
212
|
+
return Vulnerability_Severity_Enum3;
|
|
210
213
|
})(Vulnerability_Severity_Enum || {});
|
|
211
214
|
var MeDocument = `
|
|
212
215
|
query Me {
|
|
@@ -314,7 +317,9 @@ var GetFixesDocument = `
|
|
|
314
317
|
fixes: fix(where: $filters) {
|
|
315
318
|
safeIssueType
|
|
316
319
|
id
|
|
317
|
-
|
|
320
|
+
vulnerabilityReportIssues(limit: 1) {
|
|
321
|
+
parsedSeverity
|
|
322
|
+
}
|
|
318
323
|
safeIssueLanguage
|
|
319
324
|
patchAndQuestions {
|
|
320
325
|
__typename
|
|
@@ -743,7 +748,10 @@ var issueTypeMap = {
|
|
|
743
748
|
["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection",
|
|
744
749
|
["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: "Client Code Injection",
|
|
745
750
|
["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: "String Format Misuse",
|
|
746
|
-
["NON_READONLY_FIELD" /* NonReadonlyField */]: "Non Readonly Field"
|
|
751
|
+
["NON_READONLY_FIELD" /* NonReadonlyField */]: "Non Readonly Field",
|
|
752
|
+
["CSRF" /* Csrf */]: "Cross-Site Request Forgery (CSRF)",
|
|
753
|
+
["WEAK_ENCRYPTION" /* WeakEncryption */]: "Weak Encryption Mechanism",
|
|
754
|
+
["CODE_IN_COMMENT" /* CodeInComment */]: "Code in Comment"
|
|
747
755
|
};
|
|
748
756
|
var issueTypeZ = z.nativeEnum(IssueType_Enum);
|
|
749
757
|
var getIssueTypeFriendlyString = (issueType) => {
|
|
@@ -784,6 +792,7 @@ var IssueTypeSettingsZ = z2.array(IssueTypeSettingZ).transform((issueTypeSetting
|
|
|
784
792
|
var OrganizationScreenQueryParamsZ = z3.object({
|
|
785
793
|
organizationId: z3.string().uuid()
|
|
786
794
|
});
|
|
795
|
+
var ParsedSeverityZ = z3.nativeEnum(Vulnerability_Severity_Enum).nullish().transform((i) => i ?? "low" /* Low */);
|
|
787
796
|
var ProjectPageQueryParamsZ = z3.object({
|
|
788
797
|
organizationId: z3.string().uuid(),
|
|
789
798
|
projectId: z3.string().uuid()
|
|
@@ -876,7 +885,6 @@ var ReportQueryResultZ = z3.object({
|
|
|
876
885
|
modifiedBy: z3.string().nullable(),
|
|
877
886
|
gitBlameLogin: z3.string().nullable(),
|
|
878
887
|
fixReportId: z3.string().uuid(),
|
|
879
|
-
vulnerabilitySeverity: z3.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
|
|
880
888
|
filePaths: z3.array(
|
|
881
889
|
z3.object({
|
|
882
890
|
fileRepoRelativePath: z3.string()
|
|
@@ -887,7 +895,8 @@ var ReportQueryResultZ = z3.object({
|
|
|
887
895
|
vulnerabilityReportIssues: z3.array(
|
|
888
896
|
z3.object({
|
|
889
897
|
issueType: z3.string(),
|
|
890
|
-
issueLanguage: z3.string()
|
|
898
|
+
issueLanguage: z3.string(),
|
|
899
|
+
parsedSeverity: ParsedSeverityZ
|
|
891
900
|
})
|
|
892
901
|
),
|
|
893
902
|
scmSubmitFixRequests: ScmSubmitFixRequestsZ,
|
|
@@ -966,7 +975,6 @@ var ReportFixesQueryZ = z3.array(
|
|
|
966
975
|
effortToApplyFix: z3.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
|
|
967
976
|
safeIssueLanguage: z3.string(),
|
|
968
977
|
safeIssueType: z3.string(),
|
|
969
|
-
vulnerabilitySeverity: z3.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
|
|
970
978
|
fixReportId: z3.string().uuid(),
|
|
971
979
|
filePaths: z3.array(
|
|
972
980
|
z3.object({
|
|
@@ -977,9 +985,10 @@ var ReportFixesQueryZ = z3.array(
|
|
|
977
985
|
vulnerabilityReportIssues: z3.array(
|
|
978
986
|
z3.object({
|
|
979
987
|
issueType: z3.string(),
|
|
980
|
-
issueLanguage: z3.string()
|
|
988
|
+
issueLanguage: z3.string(),
|
|
989
|
+
parsedSeverity: ParsedSeverityZ
|
|
981
990
|
})
|
|
982
|
-
),
|
|
991
|
+
).min(1),
|
|
983
992
|
scmSubmitFixRequests: ScmSubmitFixRequestsZ,
|
|
984
993
|
fixRatings: z3.array(FixRatingZ).default([])
|
|
985
994
|
})
|
|
@@ -1041,8 +1050,6 @@ var FixQueryZ = z3.object({
|
|
|
1041
1050
|
fixReportId: z3.string().uuid(),
|
|
1042
1051
|
isExpired: z3.boolean().default(false),
|
|
1043
1052
|
isArchived: z3.boolean().nullable(),
|
|
1044
|
-
// TODO: remove nullish once the data on the backend is ready
|
|
1045
|
-
vulnerabilitySeverity: z3.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
|
|
1046
1053
|
fixFiles: z3.array(
|
|
1047
1054
|
z3.object({
|
|
1048
1055
|
fileRepoRelativePath: z3.string()
|
|
@@ -1052,7 +1059,8 @@ var FixQueryZ = z3.object({
|
|
|
1052
1059
|
vulnerabilityReportIssues: z3.array(
|
|
1053
1060
|
z3.object({
|
|
1054
1061
|
vendorIssueId: z3.string(),
|
|
1055
|
-
issueLanguage: z3.string()
|
|
1062
|
+
issueLanguage: z3.string(),
|
|
1063
|
+
parsedSeverity: ParsedSeverityZ
|
|
1056
1064
|
})
|
|
1057
1065
|
),
|
|
1058
1066
|
patchAndQuestions: PatchAndQuestionsZ,
|
|
@@ -1128,7 +1136,8 @@ var FixScreenQueryResultZ = z3.object({
|
|
|
1128
1136
|
z3.object({
|
|
1129
1137
|
vendorIssueId: z3.string(),
|
|
1130
1138
|
issueType: z3.string(),
|
|
1131
|
-
issueLanguage: z3.string()
|
|
1139
|
+
issueLanguage: z3.string(),
|
|
1140
|
+
parsedSeverity: ParsedSeverityZ
|
|
1132
1141
|
})
|
|
1133
1142
|
)
|
|
1134
1143
|
})
|
|
@@ -1716,7 +1725,10 @@ var fixDetailsData = {
|
|
|
1716
1725
|
fixInstructions: "Update the code to avoid the possibility for malicious JavaScript code to get stored in the DOM."
|
|
1717
1726
|
},
|
|
1718
1727
|
["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: void 0,
|
|
1719
|
-
["NON_READONLY_FIELD" /* NonReadonlyField */]: void 0
|
|
1728
|
+
["NON_READONLY_FIELD" /* NonReadonlyField */]: void 0,
|
|
1729
|
+
["CSRF" /* Csrf */]: void 0,
|
|
1730
|
+
["WEAK_ENCRYPTION" /* WeakEncryption */]: void 0,
|
|
1731
|
+
["CODE_IN_COMMENT" /* CodeInComment */]: void 0
|
|
1720
1732
|
};
|
|
1721
1733
|
|
|
1722
1734
|
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
@@ -6477,7 +6489,11 @@ function buildCommentBody({
|
|
|
6477
6489
|
const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
|
|
6478
6490
|
const validFixParseRes = z19.object({
|
|
6479
6491
|
patchAndQuestions: PatchAndQuestionsZ,
|
|
6480
|
-
|
|
6492
|
+
vulnerabilityReportIssues: z19.array(
|
|
6493
|
+
z19.object({
|
|
6494
|
+
parsedSeverity: ParsedSeverityZ
|
|
6495
|
+
})
|
|
6496
|
+
).min(1),
|
|
6481
6497
|
safeIssueLanguage: z19.nativeEnum(IssueLanguage_Enum),
|
|
6482
6498
|
safeIssueType: z19.nativeEnum(IssueType_Enum)
|
|
6483
6499
|
}).safeParse(fix);
|
|
@@ -6490,7 +6506,7 @@ function buildCommentBody({
|
|
|
6490
6506
|
const subTitle = validFixParseRes.success ? getCommitDescription({
|
|
6491
6507
|
issueType: validFixParseRes.data.safeIssueType,
|
|
6492
6508
|
vendor: scannerToVulnerability_Report_Vendor_Enum[scanner],
|
|
6493
|
-
severity: validFixParseRes.data.
|
|
6509
|
+
severity: validFixParseRes.data.vulnerabilityReportIssues[0]?.parsedSeverity,
|
|
6494
6510
|
guidances: getGuidances({
|
|
6495
6511
|
questions: validFixParseRes.data.patchAndQuestions.questions.map(toQuestion),
|
|
6496
6512
|
issueType: validFixParseRes.data.safeIssueType,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mobbdev",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.9",
|
|
4
4
|
"description": "Automated secure code remediation tool",
|
|
5
5
|
"repository": "git+https://github.com/mobb-dev/bugsy.git",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -40,7 +40,7 @@
|
|
|
40
40
|
"axios": "1.7.9",
|
|
41
41
|
"azure-devops-node-api": "12.1.0",
|
|
42
42
|
"bitbucket": "2.11.0",
|
|
43
|
-
"chalk": "5.
|
|
43
|
+
"chalk": "5.4.1",
|
|
44
44
|
"chalk-animation": "2.0.3",
|
|
45
45
|
"configstore": "6.0.0",
|
|
46
46
|
"debug": "4.4.0",
|