npm - mobbdev - Versions diffs - 1.3.5 → 1.4.0 - Mend

mobbdev 1.3.5 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/args/commands/upload_ai_blame.d.mts +32 -32
package/dist/args/commands/upload_ai_blame.mjs +49 -6
package/dist/index.mjs +1725 -270
package/package.json +4 -1

package/dist/args/commands/upload_ai_blame.d.mts CHANGED Viewed

@@ -56,32 +56,22 @@ declare const PromptItemZ: z.ZodObject<{
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
         mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     }, {
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
         mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     }>>;
 }, "strip", z.ZodTypeAny, {
     type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
-    tool?: {
-        name: string;
-        parameters: string;
-        result: string;
-        accepted?: boolean | undefined;
-        rawArguments?: string | undefined;
-        mcpServer?: string | undefined;
-        mcpToolName?: string | undefined;
-    } | undefined;
     date?: Date | undefined;
-    text?: string | undefined;
     attachedFiles?: {
         relativePath: string;
         startLine?: number | undefined;
@@ -90,19 +80,19 @@ declare const PromptItemZ: z.ZodObject<{
         inputCount: number;
         outputCount: number;
     } | undefined;
-}, {
-    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
+    text?: string | undefined;
     tool?: {
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
         mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     } | undefined;
+}, {
+    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
     date?: Date | undefined;
-    text?: string | undefined;
     attachedFiles?: {
         relativePath: string;
         startLine?: number | undefined;
@@ -111,6 +101,16 @@ declare const PromptItemZ: z.ZodObject<{
         inputCount: number;
         outputCount: number;
     } | undefined;
+    text?: string | undefined;
+    tool?: {
+        name: string;
+        parameters: string;
+        result: string;
+        rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
+        mcpServer?: string | undefined;
+        mcpToolName?: string | undefined;
+    } | undefined;
 }>;
 type PromptItem = z.infer<typeof PromptItemZ>;
 declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
@@ -149,32 +149,22 @@ declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
         mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     }, {
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
         mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     }>>;
 }, "strip", z.ZodTypeAny, {
     type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
-    tool?: {
-        name: string;
-        parameters: string;
-        result: string;
-        accepted?: boolean | undefined;
-        rawArguments?: string | undefined;
-        mcpServer?: string | undefined;
-        mcpToolName?: string | undefined;
-    } | undefined;
     date?: Date | undefined;
-    text?: string | undefined;
     attachedFiles?: {
         relativePath: string;
         startLine?: number | undefined;
@@ -183,19 +173,19 @@ declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
         inputCount: number;
         outputCount: number;
     } | undefined;
-}, {
-    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
+    text?: string | undefined;
     tool?: {
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
         mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     } | undefined;
+}, {
+    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
     date?: Date | undefined;
-    text?: string | undefined;
     attachedFiles?: {
         relativePath: string;
         startLine?: number | undefined;
@@ -204,6 +194,16 @@ declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
         inputCount: number;
         outputCount: number;
     } | undefined;
+    text?: string | undefined;
+    tool?: {
+        name: string;
+        parameters: string;
+        result: string;
+        rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
+        mcpServer?: string | undefined;
+        mcpToolName?: string | undefined;
+    } | undefined;
 }>, "many">;
 type PromptItemArray = z.infer<typeof PromptItemArrayZ>;
 /**

package/dist/args/commands/upload_ai_blame.mjs CHANGED Viewed

@@ -129,10 +129,13 @@ function getSdk(client, withWrapper = defaultWrapper) {
     },
     ScanSkill(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: ScanSkillDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "ScanSkill", "mutation", variables);
+    },
+    SkillVerdictsByMd5(variables, requestHeaders, signal) {
+      return withWrapper((wrappedRequestHeaders) => client.request({ document: SkillVerdictsByMd5Document, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "SkillVerdictsByMd5", "query", variables);
     }
   };
 }
-var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, defaultWrapper;
+var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, defaultWrapper;
 var init_client_generates = __esm({
   "src/features/analysis/scm/generates/client_generates.ts"() {
     "use strict";
@@ -326,6 +329,7 @@ var init_client_generates = __esm({
       IssueType_Enum2["SystemExitShouldReraise"] = "SYSTEM_EXIT_SHOULD_RERAISE";
       IssueType_Enum2["SystemInformationLeak"] = "SYSTEM_INFORMATION_LEAK";
       IssueType_Enum2["SystemInformationLeakExternal"] = "SYSTEM_INFORMATION_LEAK_EXTERNAL";
+      IssueType_Enum2["TaintedNumericCast"] = "TAINTED_NUMERIC_CAST";
       IssueType_Enum2["TarSlip"] = "TAR_SLIP";
       IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
       IssueType_Enum2["TypeConfusion"] = "TYPE_CONFUSION";
@@ -1264,6 +1268,18 @@ var init_client_generates = __esm({
     cached
     summary
   }
+}
+    `;
+    SkillVerdictsByMd5Document = `
+    query SkillVerdictsByMd5($md5s: [String!]!) {
+  skillVerdictsByMd5(md5s: $md5s) {
+    md5
+    verdict
+    summary
+    scannerName
+    scannerVersion
+    scannedAt
+  }
 }
     `;
     defaultWrapper = (action, _operationName, _operationType, _variables) => action();
@@ -1758,7 +1774,8 @@ var init_getIssueType = __esm({
       ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
       ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
       ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions",
-      ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure"
+      ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure",
+      ["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: "Tainted Numeric Cast"
     };
     issueTypeZ = z5.nativeEnum(IssueType_Enum);
     getIssueTypeFriendlyString = (issueType) => {
@@ -4924,7 +4941,8 @@ var fixDetailsData = {
   ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
   ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
   ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0,
-  ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0
+  ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0,
+  ["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: void 0
 };
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -6369,6 +6387,17 @@ var openRedirect3 = {
   }
 };
+// src/features/analysis/scm/shared/src/storedQuestionData/python/ssrf.ts
+var ssrf5 = {
+  domainsAllowlist: {
+    content: () => "Allowed URL prefixes",
+    description: () => `The security risk of this issue is the ability of an attacker to provide input that shoots HTTP requests from your server to arbitrary URLs, including internal ones, like \`https://admin.mycompany.com\`
+&nbsp;
+&nbsp;    To eliminate the risk and fix the issue, check out your app logic and make a whitelist of URLs this API should be allowed to call.`,
+    guidance: () => ""
+  }
+};
 // src/features/analysis/scm/shared/src/storedQuestionData/python/uncheckedLoopCondition.ts
 var uncheckedLoopCondition3 = {
   loopLimit: {
@@ -6390,7 +6419,8 @@ var vulnerabilities14 = {
   ["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect3,
   ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition3,
   ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings2,
-  ["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: missingEncoding
+  ["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: missingEncoding,
+  ["SSRF" /* Ssrf */]: ssrf5
 };
 var python_default2 = vulnerabilities14;
@@ -6601,6 +6631,15 @@ var BitbucketParseResultZ = z21.object({
   repoName: z21.string(),
   hostname: z21.literal(BITBUCKET_HOSTNAME)
 });
+var UserWorkspacePermissionsRepositoriesResponseZ = z21.object({
+  values: z21.array(
+    z21.object({
+      repository: z21.object({
+        full_name: z21.string().optional()
+      }).optional()
+    })
+  ).optional()
+});
 // src/features/analysis/scm/bitbucket/BitbucketSCMLib.ts
 import { setTimeout as setTimeout3 } from "timers/promises";
@@ -7209,6 +7248,10 @@ var GQLClient = class {
   async scanSkill(variables) {
     return await this._clientSdk.ScanSkill(variables);
   }
+  // T-467 — batched verdict lookup for the client-side quarantine check.
+  async skillVerdictsByMd5(md5s) {
+    return await this._clientSdk.SkillVerdictsByMd5({ md5s });
+  }
 };
 // src/features/analysis/graphql/tracy-batch-upload.ts
@@ -7320,13 +7363,13 @@ function maskString(str, showStart = 2, showEnd = 2) {
   }
   return str.slice(0, showStart) + "*".repeat(str.length - showStart - showEnd) + str.slice(-showEnd);
 }
-async function sanitizeDataWithCounts(obj) {
+async function sanitizeDataWithCounts(obj, options) {
   const counts = {
     detections: { total: 0, high: 0, medium: 0, low: 0 }
   };
   const MAX_SCAN_LENGTH = 1e5;
   const sanitizeString = async (str) => {
-    if (str.length > MAX_SCAN_LENGTH) {
+    if (!options?.noSizeLimit && str.length > MAX_SCAN_LENGTH) {
       return str;
     }
     let result = str;