mobbdev 1.0.9 → 1.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +31 -8
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -164,6 +164,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
|
164
164
|
IssueType_Enum2["Pt"] = "PT";
|
|
165
165
|
IssueType_Enum2["RaceConditionFormatFlaw"] = "RACE_CONDITION_FORMAT_FLAW";
|
|
166
166
|
IssueType_Enum2["RegexInjection"] = "REGEX_INJECTION";
|
|
167
|
+
IssueType_Enum2["RegexMissingTimeout"] = "REGEX_MISSING_TIMEOUT";
|
|
167
168
|
IssueType_Enum2["SqlInjection"] = "SQL_Injection";
|
|
168
169
|
IssueType_Enum2["Ssrf"] = "SSRF";
|
|
169
170
|
IssueType_Enum2["StringFormatMisuse"] = "STRING_FORMAT_MISUSE";
|
|
@@ -751,7 +752,8 @@ var issueTypeMap = {
|
|
|
751
752
|
["NON_READONLY_FIELD" /* NonReadonlyField */]: "Non Readonly Field",
|
|
752
753
|
["CSRF" /* Csrf */]: "Cross-Site Request Forgery (CSRF)",
|
|
753
754
|
["WEAK_ENCRYPTION" /* WeakEncryption */]: "Weak Encryption Mechanism",
|
|
754
|
-
["CODE_IN_COMMENT" /* CodeInComment */]: "Code in Comment"
|
|
755
|
+
["CODE_IN_COMMENT" /* CodeInComment */]: "Code in Comment",
|
|
756
|
+
["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: "Regex Missing Timeout"
|
|
755
757
|
};
|
|
756
758
|
var issueTypeZ = z.nativeEnum(IssueType_Enum);
|
|
757
759
|
var getIssueTypeFriendlyString = (issueType) => {
|
|
@@ -1728,7 +1730,8 @@ var fixDetailsData = {
|
|
|
1728
1730
|
["NON_READONLY_FIELD" /* NonReadonlyField */]: void 0,
|
|
1729
1731
|
["CSRF" /* Csrf */]: void 0,
|
|
1730
1732
|
["WEAK_ENCRYPTION" /* WeakEncryption */]: void 0,
|
|
1731
|
-
["CODE_IN_COMMENT" /* CodeInComment */]: void 0
|
|
1733
|
+
["CODE_IN_COMMENT" /* CodeInComment */]: void 0,
|
|
1734
|
+
["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: void 0
|
|
1732
1735
|
};
|
|
1733
1736
|
|
|
1734
1737
|
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
@@ -2080,6 +2083,25 @@ var pt = {
|
|
|
2080
2083
|
}
|
|
2081
2084
|
};
|
|
2082
2085
|
|
|
2086
|
+
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/regexMissingTimeout.ts
|
|
2087
|
+
var regexMissingTimeout = {
|
|
2088
|
+
netVersionGreaterOrEqual7: {
|
|
2089
|
+
content: () => "Is your target framework .NET 7 or greater?",
|
|
2090
|
+
description: () => "",
|
|
2091
|
+
guidance: () => ""
|
|
2092
|
+
},
|
|
2093
|
+
timeout: {
|
|
2094
|
+
content: () => "Enter the timeout in milliseconds",
|
|
2095
|
+
description: () => "If the limit is reached a RegexTimeoutException is thrown, this could be caused by excessive backtracking",
|
|
2096
|
+
guidance: () => ""
|
|
2097
|
+
},
|
|
2098
|
+
useBacktrackingOption: {
|
|
2099
|
+
content: () => "Use non backtracking option",
|
|
2100
|
+
description: () => "If the regex does not need to use backtracking we can disable it using regex options",
|
|
2101
|
+
guidance: () => ""
|
|
2102
|
+
}
|
|
2103
|
+
};
|
|
2104
|
+
|
|
2083
2105
|
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/sqlInjection.ts
|
|
2084
2106
|
var sqlInjection2 = {
|
|
2085
2107
|
databaseProvider: {
|
|
@@ -2227,6 +2249,7 @@ var vulnerabilities7 = {
|
|
|
2227
2249
|
["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: overlyBroadCatch,
|
|
2228
2250
|
["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: trustBoundaryViolation,
|
|
2229
2251
|
["PT" /* Pt */]: pt,
|
|
2252
|
+
["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: regexMissingTimeout,
|
|
2230
2253
|
["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: httpOnlyCookie,
|
|
2231
2254
|
["INSECURE_COOKIE" /* InsecureCookie */]: insecureCookie,
|
|
2232
2255
|
["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: wcfMisconfigurationThrottlingNotEnabled,
|
|
@@ -8516,7 +8539,7 @@ var yesOption = {
|
|
|
8516
8539
|
describe: chalk6.bold("Skip prompts and use default values")
|
|
8517
8540
|
};
|
|
8518
8541
|
var refOption = {
|
|
8519
|
-
describe: chalk6.bold("
|
|
8542
|
+
describe: chalk6.bold("Reference of the repository (branch, tag, commit)"),
|
|
8520
8543
|
type: "string",
|
|
8521
8544
|
demandOption: false
|
|
8522
8545
|
};
|
|
@@ -8662,7 +8685,7 @@ function analyzeBuilder(yargs2) {
|
|
|
8662
8685
|
describe: chalk8.bold("Hash of the commit"),
|
|
8663
8686
|
type: "string"
|
|
8664
8687
|
}).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("org", organizationIdOptions).option("api-key", apiKeyOption).option("commit-hash", commitHashOption).option("auto-pr", autoPrOption).example(
|
|
8665
|
-
"
|
|
8688
|
+
"npx mobbdev@latest analyze -r https://github.com/WebGoat/WebGoat -f <your_vulnerability_report_path>",
|
|
8666
8689
|
"analyze an existing repository"
|
|
8667
8690
|
).help();
|
|
8668
8691
|
}
|
|
@@ -8721,7 +8744,7 @@ function reviewBuilder(yargs2) {
|
|
|
8721
8744
|
type: "string",
|
|
8722
8745
|
demandOption: true
|
|
8723
8746
|
}).example(
|
|
8724
|
-
"
|
|
8747
|
+
"npx mobbdev@latest review -r https://github.com/WebGoat/WebGoat -f <your_vulnerability_report_path> --ch <pr_last_commit> --pr <pr_number> --ref <pr_branch_name> --api-key <api_key> --src-path <your_repo_path>",
|
|
8725
8748
|
"add fixes to your pr"
|
|
8726
8749
|
).help();
|
|
8727
8750
|
}
|
|
@@ -8741,7 +8764,7 @@ async function reviewHandler(args) {
|
|
|
8741
8764
|
// src/args/commands/scan.ts
|
|
8742
8765
|
function scanBuilder(args) {
|
|
8743
8766
|
return args.coerce("scanner", (arg) => arg.toLowerCase()).option("repo", repoOption).option("ref", refOption).option("scanner", scannerOptions).option("org", organizationIdOptions).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("api-key", apiKeyOption).option("cx-project-name", projectNameOption).option("auto-pr", autoPrOption).example(
|
|
8744
|
-
"
|
|
8767
|
+
"npx mobbdev@latest scan -r https://github.com/WebGoat/WebGoat",
|
|
8745
8768
|
"Scan an existing repository"
|
|
8746
8769
|
).help();
|
|
8747
8770
|
}
|
|
@@ -8766,7 +8789,7 @@ async function scanHandler(args) {
|
|
|
8766
8789
|
// src/args/commands/token.ts
|
|
8767
8790
|
function addScmTokenBuilder(args) {
|
|
8768
8791
|
return args.option("scm-type", scmTypeOption).option("url", urlOption).option("token", scmTokenOption).option("organization", scmOrgOption).option("refresh-token", scmRefreshTokenOption).option("api-key", apiKeyOption).option("ci", ciOption).example(
|
|
8769
|
-
"
|
|
8792
|
+
"npx mobbdev@latest add-scm-token --scm-type Ado --url https://dev.azure.com/adoorg/test/_git/repo --token abcdef0123456 --organization myOrg",
|
|
8770
8793
|
`Add your SCM (${Object.values(scmFriendlyText).join(", ")}) token to Mobb to enable automated fixes.`
|
|
8771
8794
|
).help().demandOption(["url", "token"]);
|
|
8772
8795
|
}
|
|
@@ -8843,7 +8866,7 @@ var parseArgs = async (args) => {
|
|
|
8843
8866
|
addScmTokenBuilder,
|
|
8844
8867
|
addScmTokenHandler
|
|
8845
8868
|
).example(
|
|
8846
|
-
"
|
|
8869
|
+
"npx mobbdev@latest scan -r https://github.com/WebGoat/WebGoat",
|
|
8847
8870
|
"Scan an existing repository"
|
|
8848
8871
|
).command({
|
|
8849
8872
|
command: "*",
|