npm - mobbdev - Versions diffs - 1.0.91 → 1.0.94 - Mend

mobbdev 1.0.91 → 1.0.94

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +64 -30
package/package.json +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -293,6 +293,7 @@ var FixQuestionInputType = /* @__PURE__ */ ((FixQuestionInputType2) => {
 var Language = /* @__PURE__ */ ((Language2) => {
   Language2["Cpp"] = "CPP";
   Language2["Csharp"] = "CSHARP";
+  Language2["Default"] = "DEFAULT";
   Language2["Go"] = "GO";
   Language2["Java"] = "JAVA";
   Language2["Js"] = "JS";
@@ -345,6 +346,7 @@ var Fix_State_Enum = /* @__PURE__ */ ((Fix_State_Enum2) => {
 var IssueLanguage_Enum = /* @__PURE__ */ ((IssueLanguage_Enum2) => {
   IssueLanguage_Enum2["CSharp"] = "CSharp";
   IssueLanguage_Enum2["Cpp"] = "Cpp";
+  IssueLanguage_Enum2["Default"] = "Default";
   IssueLanguage_Enum2["Go"] = "Go";
   IssueLanguage_Enum2["Java"] = "Java";
   IssueLanguage_Enum2["JavaScript"] = "JavaScript";
@@ -408,11 +410,14 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
   IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
   IssueType_Enum2["MissingSslMinversion"] = "MISSING_SSL_MINVERSION";
+  IssueType_Enum2["MissingWhitespace"] = "MISSING_WHITESPACE";
   IssueType_Enum2["ModifiedDefaultParam"] = "MODIFIED_DEFAULT_PARAM";
   IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
   IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
   IssueType_Enum2["NoEquivalenceMethod"] = "NO_EQUIVALENCE_METHOD";
   IssueType_Enum2["NoLimitsOrThrottling"] = "NO_LIMITS_OR_THROTTLING";
+  IssueType_Enum2["NoOpOverhead"] = "NO_OP_OVERHEAD";
+  IssueType_Enum2["NoPrintStatement"] = "NO_PRINT_STATEMENT";
   IssueType_Enum2["NoReturnInFinally"] = "NO_RETURN_IN_FINALLY";
   IssueType_Enum2["NoVar"] = "NO_VAR";
   IssueType_Enum2["NullDereference"] = "NULL_DEREFERENCE";
@@ -1472,7 +1477,10 @@ var issueTypeMap = {
   ["AVOID_IDENTITY_COMPARISON_CACHED_TYPES" /* AvoidIdentityComparisonCachedTypes */]: "Avoid Identity Comparison of Cached Types",
   ["AVOID_BUILTIN_SHADOWING" /* AvoidBuiltinShadowing */]: "Avoid Builtin Shadowing",
   ["IMPROPER_STRING_FORMATTING" /* ImproperStringFormatting */]: "Improper String Formatting",
-  ["TAR_SLIP" /* TarSlip */]: "Tar Slip"
+  ["TAR_SLIP" /* TarSlip */]: "Tar Slip",
+  ["MISSING_WHITESPACE" /* MissingWhitespace */]: "Missing Whitespace",
+  ["NO_PRINT_STATEMENT" /* NoPrintStatement */]: 'Python 2 "print" Statement Is Obsolete',
+  ["NO_OP_OVERHEAD" /* NoOpOverhead */]: "Expensive Arguments in Conditional Methods"
 };
 var issueTypeZ = z5.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -1517,9 +1525,9 @@ function getParsedFalsePositiveMessage(data) {
   const containsTemplate = extraContext.some(
     (context) => fixDescription.includes(`\${${context.key}}`)
   );
-  const description = containsTemplate ? replaceKeysWithValues(fixDescription, extraContext) : fixDescription;
+  const description2 = containsTemplate ? replaceKeysWithValues(fixDescription, extraContext) : fixDescription;
   const contextString = containsTemplate ? null : `\`\`\`${extraContext.map(({ value }) => value).join(" ")} \`\`\``;
-  return { description, contextString };
+  return { description: description2, contextString };
 }
 // src/features/analysis/scm/shared/src/validations.ts
@@ -2206,7 +2214,10 @@ var fixDetailsData = {
   ["AVOID_BUILTIN_SHADOWING" /* AvoidBuiltinShadowing */]: void 0,
   ["IMPROPER_STRING_FORMATTING" /* ImproperStringFormatting */]: void 0,
   ["WILDCARD_IMPORTS" /* WildcardImports */]: void 0,
-  ["TAR_SLIP" /* TarSlip */]: void 0
+  ["TAR_SLIP" /* TarSlip */]: void 0,
+  ["MISSING_WHITESPACE" /* MissingWhitespace */]: void 0,
+  ["NO_PRINT_STATEMENT" /* NoPrintStatement */]: void 0,
+  ["NO_OP_OVERHEAD" /* NoOpOverhead */]: void 0
 };
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -2232,7 +2243,7 @@ var getCommitDescription = ({
   irrelevantIssueWithTags
 }) => {
   const issueTypeString = getIssueTypeFriendlyString(issueType);
-  let description = `This change fixes a **${severity} severity** (${severityToEmoji[severity]}) **${issueTypeString}** issue reported by **${capitalizeFirstLetter(
+  let description2 = `This change fixes a **${severity} severity** (${severityToEmoji[severity]}) **${issueTypeString}** issue reported by **${capitalizeFirstLetter(
     vendor
   )}**.
@@ -2240,7 +2251,7 @@ var getCommitDescription = ({
   const parseIssueTypeRes = z9.nativeEnum(IssueType_Enum).safeParse(issueType);
   if (issueType && parseIssueTypeRes.success) {
     if (irrelevantIssueWithTags?.[0]?.tag) {
-      description += `
+      description2 += `
 > [!tip]
 > This issue was found to be irrelevant to your project - ${lowercaseFirstLetter(getTagTooltip(irrelevantIssueWithTags[0].tag))}.
 > Mobb recommends to ignore this issue, however fix is available if you think differently.
@@ -2252,7 +2263,7 @@ ${issueDescription[irrelevantIssueWithTags[0].tag]}
     }
     const staticData = fixDetailsData[parseIssueTypeRes.data];
     if (staticData) {
-      description += `## Issue description
+      description2 += `## Issue description
 ${staticData.issueDescription}
 ## Fix instructions
@@ -2260,16 +2271,16 @@ ${staticData.fixInstructions}
 `;
     }
   }
-  description += `
+  description2 += `
 ${guidances.map(({ guidance }) => `## Additional actions required
  ${guidance}
 `).join("")}
 `;
   if (fixUrl) {
-    description += `
+    description2 += `
 [More info and fix customization are available in the Mobb platform](${fixUrl})`;
   }
-  return description;
+  return description2;
 };
 var getCommitIssueDescription = ({
   vendor,
@@ -2278,12 +2289,12 @@ var getCommitIssueDescription = ({
   fpDescription
 }) => {
   const issueTypeString = getIssueTypeFriendlyString(issueType);
-  let description = `The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
+  let description2 = `The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
 `;
   const parseIssueTypeRes = z9.nativeEnum(IssueType_Enum).safeParse(issueType);
   if (issueType && parseIssueTypeRes.success) {
     if (irrelevantIssueWithTags?.[0]?.tag) {
-      description = `
+      description2 = `
 > [!tip]
 > The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
 > ${issueTypeString} - ${lowercaseFirstLetter(getTagTooltip(irrelevantIssueWithTags[0].tag))}.
@@ -2296,12 +2307,12 @@ ${fpDescription ?? issueDescription[irrelevantIssueWithTags[0].tag]}
     }
     const staticData = fixDetailsData[parseIssueTypeRes.data];
     if (staticData) {
-      description += `## Issue description
+      description2 += `## Issue description
 ${staticData.issueDescription}
 `;
     }
   }
-  return description;
+  return description2;
 };
 // src/features/analysis/scm/shared/src/guidances.ts
@@ -3050,6 +3061,15 @@ var missingCheckAgainstNull = {
   }
 };
+// src/features/analysis/scm/shared/src/storedQuestionData/java/openRedirect.ts
+var openRedirect = {
+  allowlist: {
+    content: () => "Allowed domains",
+    description: () => "Add a comma separated list of allowed domains (e.g. 'google.com,example.com')",
+    guidance: () => ""
+  }
+};
 // src/features/analysis/scm/shared/src/storedQuestionData/java/overlyBroadCatch.ts
 var overlyBroadCatch2 = {
   handleRuntimeExceptions: {
@@ -3299,6 +3319,7 @@ var vulnerabilities11 = {
   ["LOG_FORGING" /* LogForging */]: logForging3,
   ["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: localeDependentComparison,
   ["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: missingCheckAgainstNull,
+  ["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect,
   ["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: overlyBroadCatch2,
   ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: sysLeak2,
   ["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: useOfSystemOutputStream2,
@@ -3508,18 +3529,21 @@ var noLimitsOrThrottling2 = {
 };
 // src/features/analysis/scm/shared/src/storedQuestionData/js/openRedirect.ts
-var openRedirect = {
+var openRedirect2 = {
   isExternal: {
-    content: () => "Does the redirect go to an external site",
+    content: () => "Does the redirect go to an external site?",
     description: () => "",
     guidance: () => ""
   },
   allowlist: {
     content: () => "Allowed domains/paths",
-    description: () => "If external, provide a coma separated list of allowed domains. If internal, provide a coma seperated list of allowed paths",
+    description: () => description,
     guidance: () => ""
   }
 };
+var description = `- *If external*, provide a coma separated list of allowed domains.
+&nbsp;
+- *If internal*, provide a coma seperated list of allowed paths`;
 // src/features/analysis/scm/shared/src/storedQuestionData/js/pt.ts
 var pt3 = {
@@ -3617,7 +3641,7 @@ var vulnerabilities12 = {
   ["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: incompleteUrlSanitization,
   ["LOG_FORGING" /* LogForging */]: logForging4,
   ["XSS" /* Xss */]: xss3,
-  ["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect,
+  ["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect2,
   ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: sysLeak3,
   ["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: sysLeakExternal,
   ["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: iframeWithoutSandbox,
@@ -3632,6 +3656,15 @@ var vulnerabilities12 = {
 };
 var js_default = vulnerabilities12;
+// src/features/analysis/scm/shared/src/storedQuestionData/python/duplicatedStrings.ts
+var duplicatedStrings2 = {
+  constantName: {
+    content: () => "New constant name",
+    description: () => "",
+    guidance: () => ""
+  }
+};
 // src/features/analysis/scm/shared/src/storedQuestionData/python/logForging.ts
 var logForging5 = {
   isHtmlDisplay: {
@@ -3649,7 +3682,7 @@ var logForging5 = {
 };
 // src/features/analysis/scm/shared/src/storedQuestionData/python/openRedirect.ts
-var openRedirect2 = {
+var openRedirect3 = {
   allowed_hosts: {
     content: () => "Allowed domains/paths",
     description: () => "If external, provide a coma separated list of allowed domains. If internal, provide a coma seperated list of allowed paths",
@@ -3675,8 +3708,9 @@ var uncheckedLoopCondition3 = {
 var vulnerabilities13 = {
   ["CSRF" /* Csrf */]: csrf2,
   ["LOG_FORGING" /* LogForging */]: logForging5,
-  ["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect2,
-  ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition3
+  ["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect3,
+  ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition3,
+  ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings2
 };
 var python_default2 = vulnerabilities13;
@@ -4495,11 +4529,11 @@ async function adoValidateParams({
     console.log("adoValidateParams error", e);
     const error = e;
     const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
-    const description = error.description || `${e}`;
-    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
+    const description2 = error.description || `${e}`;
+    if (code === 401 || code === 403 || description2.includes("401") || description2.includes("403")) {
       throw new InvalidAccessTokenError(`invalid ADO access token`);
     }
-    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
+    if (code === 404 || description2.includes("404") || description2.includes("Not Found")) {
       throw new InvalidRepoUrlError(`invalid ADO repo URL ${url}`);
     }
     console.log("adoValidateParams error", e);
@@ -7094,11 +7128,11 @@ async function gitlabValidateParams({
   } catch (e) {
     const error = e;
     const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
-    const description = error.description || `${e}`;
-    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
+    const description2 = error.description || `${e}`;
+    if (code === 401 || code === 403 || description2.includes("401") || description2.includes("403")) {
       throw new InvalidAccessTokenError(`invalid gitlab access token`);
     }
-    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
+    if (code === 404 || description2.includes("404") || description2.includes("Not Found")) {
       throw new InvalidRepoUrlError(`invalid gitlab repo URL: ${url}`);
     }
     console.log("gitlabValidateParams error", e);
@@ -8775,10 +8809,10 @@ async function addFixCommentsForPr({
           const parsedFpRes = await FalsePositivePartsZ.parseAsync(
             fpRes?.getFalsePositive
           );
-          const { description, contextString } = getParsedFalsePositiveMessage(parsedFpRes);
-          fpDescription = contextString ? `${description}
+          const { description: description2, contextString } = getParsedFalsePositiveMessage(parsedFpRes);
+          fpDescription = contextString ? `${description2}
-${contextString}` : description;
+${contextString}` : description2;
         }
         return vulnerabilityReportIssue.codeNodes.map(
           (vulnerabilityReportIssueCodeNode) => {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.91",
+  "version": "1.0.94",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",