mobbdev 1.1.5 → 1.1.7

package/dist/args/commands/upload_ai_blame.d.mts

@@ -7,6 +7,16 @@ declare enum AiBlameInferenceType {
     TabAutocomplete = "TAB_AUTOCOMPLETE"
 }
 
+type SanitizationCounts = {
+    pii: {
+        total: number;
+        high: number;
+        medium: number;
+        low: number;
+    };
+    secrets: number;
+};
+
 declare const PromptItemZ: z.ZodObject<{
     type: z.ZodEnum<["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING"]>;
     attachedFiles: z.ZodOptional<z.ZodArray<z.ZodObject<{
@@ -185,6 +195,12 @@ type UploadAiBlameOptions = {
     'blame-type'?: AiBlameInferenceType[];
 };
 declare function uploadAiBlameBuilder(args: Yargs.Argv<unknown>): Yargs.Argv<UploadAiBlameOptions>;
+type UploadAiBlameResult = {
+    promptsCounts: SanitizationCounts;
+    inferenceCounts: SanitizationCounts;
+    promptsUUID?: string;
+    inferenceUUID?: string;
+};
 declare function uploadAiBlameHandlerFromExtension(args: {
     prompts: PromptItemArray;
     inference: string;
@@ -192,7 +208,7 @@ declare function uploadAiBlameHandlerFromExtension(args: {
     tool: string;
     responseTime: string;
     blameType?: AiBlameInferenceType;
-}): Promise<void>;
+}): Promise<UploadAiBlameResult>;
 declare function uploadAiBlameHandler(args: UploadAiBlameOptions, exitOnError?: boolean): Promise<void>;
 
-export { type PromptItem, type PromptItemArray, type UploadAiBlameOptions, uploadAiBlameBuilder, uploadAiBlameHandler, uploadAiBlameHandlerFromExtension };
+export { type PromptItem, type PromptItemArray, type UploadAiBlameOptions, type UploadAiBlameResult, uploadAiBlameBuilder, uploadAiBlameHandler, uploadAiBlameHandlerFromExtension };

package/dist/args/commands/upload_ai_blame.mjs

@@ -5128,6 +5128,143 @@ async function uploadFile({
   logInfo(`FileUpload: upload file done`);
 }
 
+// src/utils/sanitize-sensitive-data.ts
+import { OpenRedaction } from "@openredaction/openredaction";
+import { spawn } from "child_process";
+import { installGitleaks } from "gitleaks-secret-scanner/lib/installer.js";
+var openRedaction = new OpenRedaction();
+var gitleaksBinaryPath = null;
+async function initializeGitleaks() {
+  try {
+    gitleaksBinaryPath = await installGitleaks({ version: "8.27.2" });
+    return gitleaksBinaryPath;
+  } catch {
+    return null;
+  }
+}
+var gitleaksInitPromise = initializeGitleaks();
+async function detectSecretsWithGitleaks(text) {
+  const secrets = /* @__PURE__ */ new Set();
+  const binaryPath = gitleaksBinaryPath || await gitleaksInitPromise;
+  if (!binaryPath) {
+    return secrets;
+  }
+  return new Promise((resolve) => {
+    const gitleaks = spawn(
+      binaryPath,
+      [
+        "detect",
+        "--pipe",
+        "--no-banner",
+        "--exit-code",
+        "0",
+        "--report-format",
+        "json"
+      ],
+      {
+        stdio: ["pipe", "pipe", "ignore"]
+      }
+    );
+    let output = "";
+    gitleaks.stdout.on("data", (data) => {
+      output += data.toString();
+    });
+    gitleaks.on("close", () => {
+      try {
+        const findings = JSON.parse(output);
+        if (Array.isArray(findings)) {
+          for (const finding of findings) {
+            if (finding.Secret) {
+              secrets.add(finding.Secret);
+            }
+          }
+        }
+      } catch {
+      }
+      resolve(secrets);
+    });
+    gitleaks.on("error", () => {
+      resolve(secrets);
+    });
+    gitleaks.stdin.write(text);
+    gitleaks.stdin.end();
+  });
+}
+function maskString(str, showStart = 2, showEnd = 2) {
+  if (str.length <= showStart + showEnd) {
+    return "*".repeat(str.length);
+  }
+  return str.slice(0, showStart) + "*".repeat(str.length - showStart - showEnd) + str.slice(-showEnd);
+}
+async function sanitizeDataWithCounts(obj) {
+  const counts = {
+    pii: { total: 0, high: 0, medium: 0, low: 0 },
+    secrets: 0
+  };
+  const sanitizeString = async (str) => {
+    let result = str;
+    const piiDetections = openRedaction.scan(str);
+    if (piiDetections && piiDetections.total > 0) {
+      const allDetections = [
+        ...piiDetections.high,
+        ...piiDetections.medium,
+        ...piiDetections.low
+      ];
+      const filteredDetections = allDetections.filter((detection) => {
+        if (detection.type === "INSTAGRAM_USERNAME") {
+          return false;
+        }
+        if (detection.value.length < 3 && detection.severity !== "high") {
+          return false;
+        }
+        return true;
+      });
+      for (const detection of filteredDetections) {
+        counts.pii.total++;
+        if (detection.severity === "high") counts.pii.high++;
+        else if (detection.severity === "medium") counts.pii.medium++;
+        else if (detection.severity === "low") counts.pii.low++;
+        const masked = maskString(detection.value);
+        result = result.replaceAll(detection.value, masked);
+      }
+    }
+    const secrets = await detectSecretsWithGitleaks(result);
+    counts.secrets += secrets.size;
+    for (const secret of secrets) {
+      const masked = maskString(secret);
+      result = result.replaceAll(secret, masked);
+    }
+    return result;
+  };
+  const sanitizeRecursive = async (data) => {
+    if (typeof data === "string") {
+      return sanitizeString(data);
+    } else if (Array.isArray(data)) {
+      return Promise.all(data.map((item) => sanitizeRecursive(item)));
+    } else if (data instanceof Error) {
+      return data;
+    } else if (data instanceof Date) {
+      return data;
+    } else if (typeof data === "object" && data !== null) {
+      const sanitized = {};
+      const record = data;
+      for (const key in record) {
+        if (Object.prototype.hasOwnProperty.call(record, key)) {
+          sanitized[key] = await sanitizeRecursive(record[key]);
+        }
+      }
+      return sanitized;
+    }
+    return data;
+  };
+  const sanitizedData = await sanitizeRecursive(obj);
+  return { sanitizedData, counts };
+}
+async function sanitizeData(obj) {
+  const result = await sanitizeDataWithCounts(obj);
+  return result.sanitizedData;
+}
+
 // src/args/commands/upload_ai_blame.ts
 var PromptItemZ = z26.object({
   type: z26.enum(["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING"]),
@@ -5197,15 +5334,32 @@ async function uploadAiBlameHandlerFromExtension(args) {
     aiResponseAt: [],
     blameType: []
   };
+  let promptsCounts;
+  let inferenceCounts;
+  let promptsUUID;
+  let inferenceUUID;
   await withFile(async (promptFile) => {
+    const promptsResult = await sanitizeDataWithCounts(args.prompts);
+    promptsCounts = promptsResult.counts;
+    promptsUUID = path6.basename(promptFile.path, path6.extname(promptFile.path));
     await fsPromises2.writeFile(
       promptFile.path,
-      JSON.stringify(args.prompts, null, 2),
+      JSON.stringify(promptsResult.sanitizedData, null, 2),
       "utf-8"
     );
     uploadArgs.prompt.push(promptFile.path);
     await withFile(async (inferenceFile) => {
-      await fsPromises2.writeFile(inferenceFile.path, args.inference, "utf-8");
+      const inferenceResult = await sanitizeDataWithCounts(args.inference);
+      inferenceCounts = inferenceResult.counts;
+      inferenceUUID = path6.basename(
+        inferenceFile.path,
+        path6.extname(inferenceFile.path)
+      );
+      await fsPromises2.writeFile(
+        inferenceFile.path,
+        inferenceResult.sanitizedData,
+        "utf-8"
+      );
       uploadArgs.inference.push(inferenceFile.path);
       uploadArgs.model.push(args.model);
       uploadArgs.toolName.push(args.tool);
@@ -5214,6 +5368,12 @@ async function uploadAiBlameHandlerFromExtension(args) {
       await uploadAiBlameHandler(uploadArgs, false);
     });
   });
+  return {
+    promptsCounts,
+    inferenceCounts,
+    promptsUUID,
+    inferenceUUID
+  };
 }
 async function uploadAiBlameHandler(args, exitOnError = true) {
   const prompts = args.prompt || [];
@@ -5260,8 +5420,11 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
   const authenticatedClient = await getAuthenticatedGQLClient({
     isSkipPrompts: true
   });
-  const initRes = await authenticatedClient.uploadAIBlameInferencesInitRaw({
+  const sanitizedSessions = await sanitizeData(
     sessions
+  );
+  const initRes = await authenticatedClient.uploadAIBlameInferencesInitRaw({
+    sessions: sanitizedSessions
   });
   const uploadSessions = initRes.uploadAIBlameInferencesInit?.uploadSessions ?? [];
   if (uploadSessions.length !== sessions.length) {
@@ -5305,8 +5468,11 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
       blameType: s.blameType
     };
   });
+  const sanitizedFinalizeSessions = await sanitizeData(
+    finalizeSessions
+  );
   const finRes = await authenticatedClient.finalizeAIBlameInferencesUploadRaw({
-    sessions: finalizeSessions
+    sessions: sanitizedFinalizeSessions
   });
   const status = finRes?.finalizeAIBlameInferencesUpload?.status;
   if (status !== "OK") {

package/dist/index.mjs

@@ -11705,7 +11705,16 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
       debug15("ignoring %s because the size is > 5MB", filepath);
       continue;
     }
-    const data = git ? await git.showBuffer([`HEAD:./${filepath}`]) : fs8.readFileSync(absFilepath);
+    let data;
+    if (git) {
+      try {
+        data = await git.showBuffer([`HEAD:./${filepath}`]);
+      } catch {
+        data = fs8.readFileSync(absFilepath);
+      }
+    } else {
+      data = fs8.readFileSync(absFilepath);
+    }
     if (isBinary2(null, data)) {
       debug15("ignoring %s because is seems to be a binary file", filepath);
       continue;
@@ -13037,6 +13046,145 @@ import path11 from "path";
 import chalk9 from "chalk";
 import { withFile } from "tmp-promise";
 import z31 from "zod";
+
+// src/utils/sanitize-sensitive-data.ts
+import { OpenRedaction } from "@openredaction/openredaction";
+import { spawn } from "child_process";
+import { installGitleaks } from "gitleaks-secret-scanner/lib/installer.js";
+var openRedaction = new OpenRedaction();
+var gitleaksBinaryPath = null;
+async function initializeGitleaks() {
+  try {
+    gitleaksBinaryPath = await installGitleaks({ version: "8.27.2" });
+    return gitleaksBinaryPath;
+  } catch {
+    return null;
+  }
+}
+var gitleaksInitPromise = initializeGitleaks();
+async function detectSecretsWithGitleaks(text) {
+  const secrets = /* @__PURE__ */ new Set();
+  const binaryPath = gitleaksBinaryPath || await gitleaksInitPromise;
+  if (!binaryPath) {
+    return secrets;
+  }
+  return new Promise((resolve) => {
+    const gitleaks = spawn(
+      binaryPath,
+      [
+        "detect",
+        "--pipe",
+        "--no-banner",
+        "--exit-code",
+        "0",
+        "--report-format",
+        "json"
+      ],
+      {
+        stdio: ["pipe", "pipe", "ignore"]
+      }
+    );
+    let output = "";
+    gitleaks.stdout.on("data", (data) => {
+      output += data.toString();
+    });
+    gitleaks.on("close", () => {
+      try {
+        const findings = JSON.parse(output);
+        if (Array.isArray(findings)) {
+          for (const finding of findings) {
+            if (finding.Secret) {
+              secrets.add(finding.Secret);
+            }
+          }
+        }
+      } catch {
+      }
+      resolve(secrets);
+    });
+    gitleaks.on("error", () => {
+      resolve(secrets);
+    });
+    gitleaks.stdin.write(text);
+    gitleaks.stdin.end();
+  });
+}
+function maskString(str, showStart = 2, showEnd = 2) {
+  if (str.length <= showStart + showEnd) {
+    return "*".repeat(str.length);
+  }
+  return str.slice(0, showStart) + "*".repeat(str.length - showStart - showEnd) + str.slice(-showEnd);
+}
+async function sanitizeDataWithCounts(obj) {
+  const counts = {
+    pii: { total: 0, high: 0, medium: 0, low: 0 },
+    secrets: 0
+  };
+  const sanitizeString = async (str) => {
+    let result = str;
+    const piiDetections = openRedaction.scan(str);
+    if (piiDetections && piiDetections.total > 0) {
+      const allDetections = [
+        ...piiDetections.high,
+        ...piiDetections.medium,
+        ...piiDetections.low
+      ];
+      const filteredDetections = allDetections.filter((detection) => {
+        if (detection.type === "INSTAGRAM_USERNAME") {
+          return false;
+        }
+        if (detection.value.length < 3 && detection.severity !== "high") {
+          return false;
+        }
+        return true;
+      });
+      for (const detection of filteredDetections) {
+        counts.pii.total++;
+        if (detection.severity === "high") counts.pii.high++;
+        else if (detection.severity === "medium") counts.pii.medium++;
+        else if (detection.severity === "low") counts.pii.low++;
+        const masked = maskString(detection.value);
+        result = result.replaceAll(detection.value, masked);
+      }
+    }
+    const secrets = await detectSecretsWithGitleaks(result);
+    counts.secrets += secrets.size;
+    for (const secret of secrets) {
+      const masked = maskString(secret);
+      result = result.replaceAll(secret, masked);
+    }
+    return result;
+  };
+  const sanitizeRecursive = async (data) => {
+    if (typeof data === "string") {
+      return sanitizeString(data);
+    } else if (Array.isArray(data)) {
+      return Promise.all(data.map((item) => sanitizeRecursive(item)));
+    } else if (data instanceof Error) {
+      return data;
+    } else if (data instanceof Date) {
+      return data;
+    } else if (typeof data === "object" && data !== null) {
+      const sanitized = {};
+      const record = data;
+      for (const key in record) {
+        if (Object.prototype.hasOwnProperty.call(record, key)) {
+          sanitized[key] = await sanitizeRecursive(record[key]);
+        }
+      }
+      return sanitized;
+    }
+    return data;
+  };
+  const sanitizedData = await sanitizeRecursive(obj);
+  return { sanitizedData, counts };
+}
+async function sanitizeData(obj) {
+  const result = await sanitizeDataWithCounts(obj);
+  return result.sanitizedData;
+}
+
+// src/args/commands/upload_ai_blame.ts
 var PromptItemZ = z31.object({
   type: z31.enum(["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING"]),
   attachedFiles: z31.array(
@@ -13105,15 +13253,32 @@ async function uploadAiBlameHandlerFromExtension(args) {
     aiResponseAt: [],
     blameType: []
   };
+  let promptsCounts;
+  let inferenceCounts;
+  let promptsUUID;
+  let inferenceUUID;
   await withFile(async (promptFile) => {
+    const promptsResult = await sanitizeDataWithCounts(args.prompts);
+    promptsCounts = promptsResult.counts;
+    promptsUUID = path11.basename(promptFile.path, path11.extname(promptFile.path));
     await fsPromises3.writeFile(
       promptFile.path,
-      JSON.stringify(args.prompts, null, 2),
+      JSON.stringify(promptsResult.sanitizedData, null, 2),
       "utf-8"
     );
     uploadArgs.prompt.push(promptFile.path);
     await withFile(async (inferenceFile) => {
-      await fsPromises3.writeFile(inferenceFile.path, args.inference, "utf-8");
+      const inferenceResult = await sanitizeDataWithCounts(args.inference);
+      inferenceCounts = inferenceResult.counts;
+      inferenceUUID = path11.basename(
+        inferenceFile.path,
+        path11.extname(inferenceFile.path)
+      );
+      await fsPromises3.writeFile(
+        inferenceFile.path,
+        inferenceResult.sanitizedData,
+        "utf-8"
+      );
       uploadArgs.inference.push(inferenceFile.path);
       uploadArgs.model.push(args.model);
       uploadArgs.toolName.push(args.tool);
@@ -13122,6 +13287,12 @@ async function uploadAiBlameHandlerFromExtension(args) {
       await uploadAiBlameHandler(uploadArgs, false);
     });
   });
+  return {
+    promptsCounts,
+    inferenceCounts,
+    promptsUUID,
+    inferenceUUID
+  };
 }
 async function uploadAiBlameHandler(args, exitOnError = true) {
   const prompts = args.prompt || [];
@@ -13168,8 +13339,11 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
   const authenticatedClient = await getAuthenticatedGQLClient({
     isSkipPrompts: true
   });
-  const initRes = await authenticatedClient.uploadAIBlameInferencesInitRaw({
+  const sanitizedSessions = await sanitizeData(
     sessions
+  );
+  const initRes = await authenticatedClient.uploadAIBlameInferencesInitRaw({
+    sessions: sanitizedSessions
   });
   const uploadSessions = initRes.uploadAIBlameInferencesInit?.uploadSessions ?? [];
   if (uploadSessions.length !== sessions.length) {
@@ -13213,8 +13387,11 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
       blameType: s.blameType
     };
   });
+  const sanitizedFinalizeSessions = await sanitizeData(
+    finalizeSessions
+  );
   const finRes = await authenticatedClient.finalizeAIBlameInferencesUploadRaw({
-    sessions: finalizeSessions
+    sessions: sanitizedFinalizeSessions
   });
   const status = finRes?.finalizeAIBlameInferencesUpload?.status;
   if (status !== "OK") {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.1.5",
+  "version": "1.1.7",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.mjs",
@@ -56,6 +56,7 @@
     "@modelcontextprotocol/sdk": "1.21.1",
     "@octokit/core": "5.2.0",
     "@octokit/request-error": "5.1.1",
+    "@openredaction/openredaction": "1.0.4",
     "adm-zip": "0.5.16",
     "axios": "1.13.2",
     "azure-devops-node-api": "15.1.1",
@@ -67,6 +68,7 @@
     "debug": "4.4.3",
     "dotenv": "16.6.1",
     "extract-zip": "2.0.1",
+    "gitleaks-secret-scanner": "1.2.2",
     "globby": "14.1.0",
     "graphql": "16.12.0",
     "graphql-request": "6.1.0",