mobbdev 1.4.16 → 1.4.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/args/commands/upload_ai_blame.mjs +43 -29
- package/dist/index.mjs +44 -30
- package/package.json +1 -1
|
@@ -163,6 +163,7 @@ var init_client_generates = __esm({
|
|
|
163
163
|
Language2["Default"] = "DEFAULT";
|
|
164
164
|
Language2["Dockerfile"] = "DOCKERFILE";
|
|
165
165
|
Language2["Go"] = "GO";
|
|
166
|
+
Language2["Hcl"] = "HCL";
|
|
166
167
|
Language2["Java"] = "JAVA";
|
|
167
168
|
Language2["Js"] = "JS";
|
|
168
169
|
Language2["Php"] = "PHP";
|
|
@@ -217,6 +218,7 @@ var init_client_generates = __esm({
|
|
|
217
218
|
IssueLanguage_Enum2["Default"] = "Default";
|
|
218
219
|
IssueLanguage_Enum2["Dockerfile"] = "Dockerfile";
|
|
219
220
|
IssueLanguage_Enum2["Go"] = "Go";
|
|
221
|
+
IssueLanguage_Enum2["Hcl"] = "Hcl";
|
|
220
222
|
IssueLanguage_Enum2["Java"] = "Java";
|
|
221
223
|
IssueLanguage_Enum2["JavaScript"] = "JavaScript";
|
|
222
224
|
IssueLanguage_Enum2["Php"] = "PHP";
|
|
@@ -346,6 +348,7 @@ var init_client_generates = __esm({
|
|
|
346
348
|
IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
|
|
347
349
|
IssueType_Enum2["TypeConfusion"] = "TYPE_CONFUSION";
|
|
348
350
|
IssueType_Enum2["UncheckedLoopCondition"] = "UNCHECKED_LOOP_CONDITION";
|
|
351
|
+
IssueType_Enum2["UnencryptedAwsSqsQueue"] = "UNENCRYPTED_AWS_SQS_QUEUE";
|
|
349
352
|
IssueType_Enum2["UnnecessaryImports"] = "UNNECESSARY_IMPORTS";
|
|
350
353
|
IssueType_Enum2["UnsafeDeserialization"] = "UNSAFE_DESERIALIZATION";
|
|
351
354
|
IssueType_Enum2["UnsafeTargetBlank"] = "UNSAFE_TARGET_BLANK";
|
|
@@ -1884,7 +1887,8 @@ var init_getIssueType = __esm({
|
|
|
1884
1887
|
["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: "Improper Validation of Array Index",
|
|
1885
1888
|
["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: "Incorrect Integer Conversion",
|
|
1886
1889
|
["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: "Improper Certificate Validation",
|
|
1887
|
-
["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: "Often Misused: Boolean.getBoolean()"
|
|
1890
|
+
["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: "Often Misused: Boolean.getBoolean()",
|
|
1891
|
+
["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: "AWS SQS Queue Unencrypted"
|
|
1888
1892
|
};
|
|
1889
1893
|
issueTypeZ = z5.nativeEnum(IssueType_Enum);
|
|
1890
1894
|
getIssueTypeFriendlyString = (issueType) => {
|
|
@@ -3546,6 +3550,7 @@ var init_FilePatterns = __esm({
|
|
|
3546
3550
|
".tf",
|
|
3547
3551
|
".hcl",
|
|
3548
3552
|
".tfvars",
|
|
3553
|
+
".tofu",
|
|
3549
3554
|
// TypeScript
|
|
3550
3555
|
".ts",
|
|
3551
3556
|
".tsx",
|
|
@@ -5108,7 +5113,11 @@ var fixDetailsData = {
|
|
|
5108
5113
|
["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: void 0,
|
|
5109
5114
|
["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: void 0,
|
|
5110
5115
|
["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: void 0,
|
|
5111
|
-
["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: void 0
|
|
5116
|
+
["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: void 0,
|
|
5117
|
+
["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: {
|
|
5118
|
+
issueDescription: "AWS SQS queue contents are unencrypted; data could be read if the queue is compromised.",
|
|
5119
|
+
fixInstructions: "Enable server-side encryption by setting sqs_managed_sse_enabled = true, or supply a KMS key via kms_master_key_id."
|
|
5120
|
+
}
|
|
5112
5121
|
};
|
|
5113
5122
|
|
|
5114
5123
|
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
@@ -5182,6 +5191,10 @@ var dockerfile_default = vulnerabilities2;
|
|
|
5182
5191
|
var vulnerabilities3 = {};
|
|
5183
5192
|
var go_default = vulnerabilities3;
|
|
5184
5193
|
|
|
5194
|
+
// src/features/analysis/scm/shared/src/storedFixData/hcl/index.ts
|
|
5195
|
+
var vulnerabilities4 = {};
|
|
5196
|
+
var hcl_default = vulnerabilities4;
|
|
5197
|
+
|
|
5185
5198
|
// src/features/analysis/scm/shared/src/storedFixData/java/index.ts
|
|
5186
5199
|
init_client_generates();
|
|
5187
5200
|
|
|
@@ -5235,13 +5248,13 @@ var systemInformationLeak = {
|
|
|
5235
5248
|
};
|
|
5236
5249
|
|
|
5237
5250
|
// src/features/analysis/scm/shared/src/storedFixData/java/index.ts
|
|
5238
|
-
var
|
|
5251
|
+
var vulnerabilities5 = {
|
|
5239
5252
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment,
|
|
5240
5253
|
["J2EE_GET_CONNECTION" /* J2EeGetConnection */]: j2eeGetConnection,
|
|
5241
5254
|
["SQL_Injection" /* SqlInjection */]: sqlInjection,
|
|
5242
5255
|
["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: systemInformationLeak
|
|
5243
5256
|
};
|
|
5244
|
-
var java_default =
|
|
5257
|
+
var java_default = vulnerabilities5;
|
|
5245
5258
|
|
|
5246
5259
|
// src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
|
|
5247
5260
|
init_client_generates();
|
|
@@ -5287,18 +5300,18 @@ var ssrf = {
|
|
|
5287
5300
|
};
|
|
5288
5301
|
|
|
5289
5302
|
// src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
|
|
5290
|
-
var
|
|
5303
|
+
var vulnerabilities6 = {
|
|
5291
5304
|
["SSRF" /* Ssrf */]: ssrf,
|
|
5292
5305
|
["HARDCODED_SECRETS" /* HardcodedSecrets */]: hardcodedSecrets,
|
|
5293
5306
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment,
|
|
5294
5307
|
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: noLimitsOrThrottling,
|
|
5295
5308
|
["CSRF" /* Csrf */]: csrf
|
|
5296
5309
|
};
|
|
5297
|
-
var javascript_default =
|
|
5310
|
+
var javascript_default = vulnerabilities6;
|
|
5298
5311
|
|
|
5299
5312
|
// src/features/analysis/scm/shared/src/storedFixData/php/index.ts
|
|
5300
|
-
var
|
|
5301
|
-
var php_default =
|
|
5313
|
+
var vulnerabilities7 = {};
|
|
5314
|
+
var php_default = vulnerabilities7;
|
|
5302
5315
|
|
|
5303
5316
|
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
5304
5317
|
init_client_generates();
|
|
@@ -5336,12 +5349,12 @@ See the [\`requests\` SSL verification docs](https://requests.readthedocs.io/en/
|
|
|
5336
5349
|
};
|
|
5337
5350
|
|
|
5338
5351
|
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
5339
|
-
var
|
|
5352
|
+
var vulnerabilities8 = {
|
|
5340
5353
|
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: autoEscapeFalse,
|
|
5341
5354
|
["CSRF" /* Csrf */]: csrf,
|
|
5342
5355
|
["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: improperCertificateValidation
|
|
5343
5356
|
};
|
|
5344
|
-
var python_default =
|
|
5357
|
+
var python_default = vulnerabilities8;
|
|
5345
5358
|
|
|
5346
5359
|
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
5347
5360
|
init_client_generates();
|
|
@@ -5352,17 +5365,17 @@ var defaultRightsInObjDefinition = {
|
|
|
5352
5365
|
};
|
|
5353
5366
|
|
|
5354
5367
|
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
5355
|
-
var
|
|
5368
|
+
var vulnerabilities9 = {
|
|
5356
5369
|
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: defaultRightsInObjDefinition
|
|
5357
5370
|
};
|
|
5358
|
-
var sql_default =
|
|
5371
|
+
var sql_default = vulnerabilities9;
|
|
5359
5372
|
|
|
5360
5373
|
// src/features/analysis/scm/shared/src/storedFixData/xml/index.ts
|
|
5361
5374
|
init_client_generates();
|
|
5362
|
-
var
|
|
5375
|
+
var vulnerabilities10 = {
|
|
5363
5376
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment
|
|
5364
5377
|
};
|
|
5365
|
-
var xml_default =
|
|
5378
|
+
var xml_default = vulnerabilities10;
|
|
5366
5379
|
|
|
5367
5380
|
// src/features/analysis/scm/shared/src/storedFixData/index.ts
|
|
5368
5381
|
var StoredFixDataItemZ = z10.object({
|
|
@@ -5377,7 +5390,8 @@ var languages = {
|
|
|
5377
5390
|
["Python" /* Python */]: python_default,
|
|
5378
5391
|
["PHP" /* Php */]: php_default,
|
|
5379
5392
|
["Go" /* Go */]: go_default,
|
|
5380
|
-
["Dockerfile" /* Dockerfile */]: dockerfile_default
|
|
5393
|
+
["Dockerfile" /* Dockerfile */]: dockerfile_default,
|
|
5394
|
+
["Hcl" /* Hcl */]: hcl_default
|
|
5381
5395
|
};
|
|
5382
5396
|
|
|
5383
5397
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
@@ -5680,7 +5694,7 @@ var xxe = {
|
|
|
5680
5694
|
};
|
|
5681
5695
|
|
|
5682
5696
|
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
|
|
5683
|
-
var
|
|
5697
|
+
var vulnerabilities11 = {
|
|
5684
5698
|
["LOG_FORGING" /* LogForging */]: logForging,
|
|
5685
5699
|
["SSRF" /* Ssrf */]: ssrf2,
|
|
5686
5700
|
["XXE" /* Xxe */]: xxe,
|
|
@@ -5701,7 +5715,7 @@ var vulnerabilities10 = {
|
|
|
5701
5715
|
["SQL_Injection" /* SqlInjection */]: sqlInjection2,
|
|
5702
5716
|
["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: requestParametersBoundViaInput
|
|
5703
5717
|
};
|
|
5704
|
-
var csharp_default2 =
|
|
5718
|
+
var csharp_default2 = vulnerabilities11;
|
|
5705
5719
|
|
|
5706
5720
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
5707
5721
|
init_client_generates();
|
|
@@ -5734,12 +5748,12 @@ var websocketMissingOriginCheck = {
|
|
|
5734
5748
|
};
|
|
5735
5749
|
|
|
5736
5750
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
5737
|
-
var
|
|
5751
|
+
var vulnerabilities12 = {
|
|
5738
5752
|
["LOG_FORGING" /* LogForging */]: logForging2,
|
|
5739
5753
|
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: missingSslMinversion,
|
|
5740
5754
|
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: websocketMissingOriginCheck
|
|
5741
5755
|
};
|
|
5742
|
-
var go_default2 =
|
|
5756
|
+
var go_default2 = vulnerabilities12;
|
|
5743
5757
|
|
|
5744
5758
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
5745
5759
|
init_client_generates();
|
|
@@ -6190,7 +6204,7 @@ var xxe2 = {
|
|
|
6190
6204
|
};
|
|
6191
6205
|
|
|
6192
6206
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
6193
|
-
var
|
|
6207
|
+
var vulnerabilities13 = {
|
|
6194
6208
|
["SQL_Injection" /* SqlInjection */]: sqlInjection3,
|
|
6195
6209
|
["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: relativePathCommand,
|
|
6196
6210
|
["CMDi" /* CmDi */]: commandInjection,
|
|
@@ -6217,7 +6231,7 @@ var vulnerabilities12 = {
|
|
|
6217
6231
|
["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: erroneousStringCompare,
|
|
6218
6232
|
["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings
|
|
6219
6233
|
};
|
|
6220
|
-
var java_default2 =
|
|
6234
|
+
var java_default2 = vulnerabilities13;
|
|
6221
6235
|
|
|
6222
6236
|
// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
|
|
6223
6237
|
init_client_generates();
|
|
@@ -6546,7 +6560,7 @@ var xss3 = {
|
|
|
6546
6560
|
};
|
|
6547
6561
|
|
|
6548
6562
|
// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
|
|
6549
|
-
var
|
|
6563
|
+
var vulnerabilities14 = {
|
|
6550
6564
|
["CMDi" /* CmDi */]: commandInjection2,
|
|
6551
6565
|
["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: graphqlDepthLimit,
|
|
6552
6566
|
["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness2,
|
|
@@ -6569,7 +6583,7 @@ var vulnerabilities13 = {
|
|
|
6569
6583
|
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: hardcodedDomainInHtml,
|
|
6570
6584
|
["CSRF" /* Csrf */]: csrf2
|
|
6571
6585
|
};
|
|
6572
|
-
var js_default =
|
|
6586
|
+
var js_default = vulnerabilities14;
|
|
6573
6587
|
|
|
6574
6588
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
|
|
6575
6589
|
init_client_generates();
|
|
@@ -6643,7 +6657,7 @@ var uncheckedLoopCondition3 = {
|
|
|
6643
6657
|
};
|
|
6644
6658
|
|
|
6645
6659
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
|
|
6646
|
-
var
|
|
6660
|
+
var vulnerabilities15 = {
|
|
6647
6661
|
["CSRF" /* Csrf */]: csrf2,
|
|
6648
6662
|
["LOG_FORGING" /* LogForging */]: logForging5,
|
|
6649
6663
|
["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect3,
|
|
@@ -6652,7 +6666,7 @@ var vulnerabilities14 = {
|
|
|
6652
6666
|
["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: missingEncoding,
|
|
6653
6667
|
["SSRF" /* Ssrf */]: ssrf5
|
|
6654
6668
|
};
|
|
6655
|
-
var python_default2 =
|
|
6669
|
+
var python_default2 = vulnerabilities15;
|
|
6656
6670
|
|
|
6657
6671
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
6658
6672
|
init_client_generates();
|
|
@@ -6669,10 +6683,10 @@ A value too high will cause performance issues up to and including denial of ser
|
|
|
6669
6683
|
};
|
|
6670
6684
|
|
|
6671
6685
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
6672
|
-
var
|
|
6686
|
+
var vulnerabilities16 = {
|
|
6673
6687
|
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: unboundedOccurrences
|
|
6674
6688
|
};
|
|
6675
|
-
var xml_default2 =
|
|
6689
|
+
var xml_default2 = vulnerabilities16;
|
|
6676
6690
|
|
|
6677
6691
|
// src/features/analysis/scm/shared/src/storedQuestionData/yaml/index.ts
|
|
6678
6692
|
init_client_generates();
|
|
@@ -6705,12 +6719,12 @@ var writableFilesystemService = {
|
|
|
6705
6719
|
};
|
|
6706
6720
|
|
|
6707
6721
|
// src/features/analysis/scm/shared/src/storedQuestionData/yaml/index.ts
|
|
6708
|
-
var
|
|
6722
|
+
var vulnerabilities17 = {
|
|
6709
6723
|
["PORT_ALL_INTERFACES" /* PortAllInterfaces */]: portAllInterfaces,
|
|
6710
6724
|
["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: writableFilesystemService,
|
|
6711
6725
|
["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: noNewPrivileges
|
|
6712
6726
|
};
|
|
6713
|
-
var yaml_default =
|
|
6727
|
+
var yaml_default = vulnerabilities17;
|
|
6714
6728
|
|
|
6715
6729
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
6716
6730
|
var StoredQuestionDataItemZ = z11.object({
|
package/dist/index.mjs
CHANGED
|
@@ -163,6 +163,7 @@ var init_client_generates = __esm({
|
|
|
163
163
|
Language2["Default"] = "DEFAULT";
|
|
164
164
|
Language2["Dockerfile"] = "DOCKERFILE";
|
|
165
165
|
Language2["Go"] = "GO";
|
|
166
|
+
Language2["Hcl"] = "HCL";
|
|
166
167
|
Language2["Java"] = "JAVA";
|
|
167
168
|
Language2["Js"] = "JS";
|
|
168
169
|
Language2["Php"] = "PHP";
|
|
@@ -217,6 +218,7 @@ var init_client_generates = __esm({
|
|
|
217
218
|
IssueLanguage_Enum2["Default"] = "Default";
|
|
218
219
|
IssueLanguage_Enum2["Dockerfile"] = "Dockerfile";
|
|
219
220
|
IssueLanguage_Enum2["Go"] = "Go";
|
|
221
|
+
IssueLanguage_Enum2["Hcl"] = "Hcl";
|
|
220
222
|
IssueLanguage_Enum2["Java"] = "Java";
|
|
221
223
|
IssueLanguage_Enum2["JavaScript"] = "JavaScript";
|
|
222
224
|
IssueLanguage_Enum2["Php"] = "PHP";
|
|
@@ -346,6 +348,7 @@ var init_client_generates = __esm({
|
|
|
346
348
|
IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
|
|
347
349
|
IssueType_Enum2["TypeConfusion"] = "TYPE_CONFUSION";
|
|
348
350
|
IssueType_Enum2["UncheckedLoopCondition"] = "UNCHECKED_LOOP_CONDITION";
|
|
351
|
+
IssueType_Enum2["UnencryptedAwsSqsQueue"] = "UNENCRYPTED_AWS_SQS_QUEUE";
|
|
349
352
|
IssueType_Enum2["UnnecessaryImports"] = "UNNECESSARY_IMPORTS";
|
|
350
353
|
IssueType_Enum2["UnsafeDeserialization"] = "UNSAFE_DESERIALIZATION";
|
|
351
354
|
IssueType_Enum2["UnsafeTargetBlank"] = "UNSAFE_TARGET_BLANK";
|
|
@@ -1550,7 +1553,8 @@ var init_getIssueType = __esm({
|
|
|
1550
1553
|
["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: "Improper Validation of Array Index",
|
|
1551
1554
|
["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: "Incorrect Integer Conversion",
|
|
1552
1555
|
["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: "Improper Certificate Validation",
|
|
1553
|
-
["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: "Often Misused: Boolean.getBoolean()"
|
|
1556
|
+
["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: "Often Misused: Boolean.getBoolean()",
|
|
1557
|
+
["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: "AWS SQS Queue Unencrypted"
|
|
1554
1558
|
};
|
|
1555
1559
|
issueTypeZ = z.nativeEnum(IssueType_Enum);
|
|
1556
1560
|
getIssueTypeFriendlyString = (issueType) => {
|
|
@@ -3598,6 +3602,7 @@ var init_FilePatterns = __esm({
|
|
|
3598
3602
|
".tf",
|
|
3599
3603
|
".hcl",
|
|
3600
3604
|
".tfvars",
|
|
3605
|
+
".tofu",
|
|
3601
3606
|
// TypeScript
|
|
3602
3607
|
".ts",
|
|
3603
3608
|
".tsx",
|
|
@@ -4812,7 +4817,11 @@ var fixDetailsData = {
|
|
|
4812
4817
|
["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: void 0,
|
|
4813
4818
|
["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: void 0,
|
|
4814
4819
|
["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: void 0,
|
|
4815
|
-
["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: void 0
|
|
4820
|
+
["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: void 0,
|
|
4821
|
+
["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: {
|
|
4822
|
+
issueDescription: "AWS SQS queue contents are unencrypted; data could be read if the queue is compromised.",
|
|
4823
|
+
fixInstructions: "Enable server-side encryption by setting sqs_managed_sse_enabled = true, or supply a KMS key via kms_master_key_id."
|
|
4824
|
+
}
|
|
4816
4825
|
};
|
|
4817
4826
|
|
|
4818
4827
|
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
@@ -4974,6 +4983,10 @@ var dockerfile_default = vulnerabilities2;
|
|
|
4974
4983
|
var vulnerabilities3 = {};
|
|
4975
4984
|
var go_default = vulnerabilities3;
|
|
4976
4985
|
|
|
4986
|
+
// src/features/analysis/scm/shared/src/storedFixData/hcl/index.ts
|
|
4987
|
+
var vulnerabilities4 = {};
|
|
4988
|
+
var hcl_default = vulnerabilities4;
|
|
4989
|
+
|
|
4977
4990
|
// src/features/analysis/scm/shared/src/storedFixData/java/index.ts
|
|
4978
4991
|
init_client_generates();
|
|
4979
4992
|
|
|
@@ -5027,13 +5040,13 @@ var systemInformationLeak = {
|
|
|
5027
5040
|
};
|
|
5028
5041
|
|
|
5029
5042
|
// src/features/analysis/scm/shared/src/storedFixData/java/index.ts
|
|
5030
|
-
var
|
|
5043
|
+
var vulnerabilities5 = {
|
|
5031
5044
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment,
|
|
5032
5045
|
["J2EE_GET_CONNECTION" /* J2EeGetConnection */]: j2eeGetConnection,
|
|
5033
5046
|
["SQL_Injection" /* SqlInjection */]: sqlInjection,
|
|
5034
5047
|
["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: systemInformationLeak
|
|
5035
5048
|
};
|
|
5036
|
-
var java_default =
|
|
5049
|
+
var java_default = vulnerabilities5;
|
|
5037
5050
|
|
|
5038
5051
|
// src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
|
|
5039
5052
|
init_client_generates();
|
|
@@ -5079,18 +5092,18 @@ var ssrf = {
|
|
|
5079
5092
|
};
|
|
5080
5093
|
|
|
5081
5094
|
// src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
|
|
5082
|
-
var
|
|
5095
|
+
var vulnerabilities6 = {
|
|
5083
5096
|
["SSRF" /* Ssrf */]: ssrf,
|
|
5084
5097
|
["HARDCODED_SECRETS" /* HardcodedSecrets */]: hardcodedSecrets,
|
|
5085
5098
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment,
|
|
5086
5099
|
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: noLimitsOrThrottling,
|
|
5087
5100
|
["CSRF" /* Csrf */]: csrf
|
|
5088
5101
|
};
|
|
5089
|
-
var javascript_default =
|
|
5102
|
+
var javascript_default = vulnerabilities6;
|
|
5090
5103
|
|
|
5091
5104
|
// src/features/analysis/scm/shared/src/storedFixData/php/index.ts
|
|
5092
|
-
var
|
|
5093
|
-
var php_default =
|
|
5105
|
+
var vulnerabilities7 = {};
|
|
5106
|
+
var php_default = vulnerabilities7;
|
|
5094
5107
|
|
|
5095
5108
|
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
5096
5109
|
init_client_generates();
|
|
@@ -5128,12 +5141,12 @@ See the [\`requests\` SSL verification docs](https://requests.readthedocs.io/en/
|
|
|
5128
5141
|
};
|
|
5129
5142
|
|
|
5130
5143
|
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
5131
|
-
var
|
|
5144
|
+
var vulnerabilities8 = {
|
|
5132
5145
|
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: autoEscapeFalse,
|
|
5133
5146
|
["CSRF" /* Csrf */]: csrf,
|
|
5134
5147
|
["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: improperCertificateValidation
|
|
5135
5148
|
};
|
|
5136
|
-
var python_default =
|
|
5149
|
+
var python_default = vulnerabilities8;
|
|
5137
5150
|
|
|
5138
5151
|
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
5139
5152
|
init_client_generates();
|
|
@@ -5144,17 +5157,17 @@ var defaultRightsInObjDefinition = {
|
|
|
5144
5157
|
};
|
|
5145
5158
|
|
|
5146
5159
|
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
5147
|
-
var
|
|
5160
|
+
var vulnerabilities9 = {
|
|
5148
5161
|
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: defaultRightsInObjDefinition
|
|
5149
5162
|
};
|
|
5150
|
-
var sql_default =
|
|
5163
|
+
var sql_default = vulnerabilities9;
|
|
5151
5164
|
|
|
5152
5165
|
// src/features/analysis/scm/shared/src/storedFixData/xml/index.ts
|
|
5153
5166
|
init_client_generates();
|
|
5154
|
-
var
|
|
5167
|
+
var vulnerabilities10 = {
|
|
5155
5168
|
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment
|
|
5156
5169
|
};
|
|
5157
|
-
var xml_default =
|
|
5170
|
+
var xml_default = vulnerabilities10;
|
|
5158
5171
|
|
|
5159
5172
|
// src/features/analysis/scm/shared/src/storedFixData/index.ts
|
|
5160
5173
|
var StoredFixDataItemZ = z3.object({
|
|
@@ -5169,7 +5182,8 @@ var languages = {
|
|
|
5169
5182
|
["Python" /* Python */]: python_default,
|
|
5170
5183
|
["PHP" /* Php */]: php_default,
|
|
5171
5184
|
["Go" /* Go */]: go_default,
|
|
5172
|
-
["Dockerfile" /* Dockerfile */]: dockerfile_default
|
|
5185
|
+
["Dockerfile" /* Dockerfile */]: dockerfile_default,
|
|
5186
|
+
["Hcl" /* Hcl */]: hcl_default
|
|
5173
5187
|
};
|
|
5174
5188
|
|
|
5175
5189
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
@@ -5472,7 +5486,7 @@ var xxe = {
|
|
|
5472
5486
|
};
|
|
5473
5487
|
|
|
5474
5488
|
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
|
|
5475
|
-
var
|
|
5489
|
+
var vulnerabilities11 = {
|
|
5476
5490
|
["LOG_FORGING" /* LogForging */]: logForging,
|
|
5477
5491
|
["SSRF" /* Ssrf */]: ssrf2,
|
|
5478
5492
|
["XXE" /* Xxe */]: xxe,
|
|
@@ -5493,7 +5507,7 @@ var vulnerabilities10 = {
|
|
|
5493
5507
|
["SQL_Injection" /* SqlInjection */]: sqlInjection2,
|
|
5494
5508
|
["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: requestParametersBoundViaInput
|
|
5495
5509
|
};
|
|
5496
|
-
var csharp_default2 =
|
|
5510
|
+
var csharp_default2 = vulnerabilities11;
|
|
5497
5511
|
|
|
5498
5512
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
5499
5513
|
init_client_generates();
|
|
@@ -5526,12 +5540,12 @@ var websocketMissingOriginCheck = {
|
|
|
5526
5540
|
};
|
|
5527
5541
|
|
|
5528
5542
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
5529
|
-
var
|
|
5543
|
+
var vulnerabilities12 = {
|
|
5530
5544
|
["LOG_FORGING" /* LogForging */]: logForging2,
|
|
5531
5545
|
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: missingSslMinversion,
|
|
5532
5546
|
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: websocketMissingOriginCheck
|
|
5533
5547
|
};
|
|
5534
|
-
var go_default2 =
|
|
5548
|
+
var go_default2 = vulnerabilities12;
|
|
5535
5549
|
|
|
5536
5550
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
5537
5551
|
init_client_generates();
|
|
@@ -5982,7 +5996,7 @@ var xxe2 = {
|
|
|
5982
5996
|
};
|
|
5983
5997
|
|
|
5984
5998
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
5985
|
-
var
|
|
5999
|
+
var vulnerabilities13 = {
|
|
5986
6000
|
["SQL_Injection" /* SqlInjection */]: sqlInjection3,
|
|
5987
6001
|
["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: relativePathCommand,
|
|
5988
6002
|
["CMDi" /* CmDi */]: commandInjection,
|
|
@@ -6009,7 +6023,7 @@ var vulnerabilities12 = {
|
|
|
6009
6023
|
["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: erroneousStringCompare,
|
|
6010
6024
|
["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings
|
|
6011
6025
|
};
|
|
6012
|
-
var java_default2 =
|
|
6026
|
+
var java_default2 = vulnerabilities13;
|
|
6013
6027
|
|
|
6014
6028
|
// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
|
|
6015
6029
|
init_client_generates();
|
|
@@ -6338,7 +6352,7 @@ var xss3 = {
|
|
|
6338
6352
|
};
|
|
6339
6353
|
|
|
6340
6354
|
// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
|
|
6341
|
-
var
|
|
6355
|
+
var vulnerabilities14 = {
|
|
6342
6356
|
["CMDi" /* CmDi */]: commandInjection2,
|
|
6343
6357
|
["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: graphqlDepthLimit,
|
|
6344
6358
|
["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness2,
|
|
@@ -6361,7 +6375,7 @@ var vulnerabilities13 = {
|
|
|
6361
6375
|
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: hardcodedDomainInHtml,
|
|
6362
6376
|
["CSRF" /* Csrf */]: csrf2
|
|
6363
6377
|
};
|
|
6364
|
-
var js_default =
|
|
6378
|
+
var js_default = vulnerabilities14;
|
|
6365
6379
|
|
|
6366
6380
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
|
|
6367
6381
|
init_client_generates();
|
|
@@ -6435,7 +6449,7 @@ var uncheckedLoopCondition3 = {
|
|
|
6435
6449
|
};
|
|
6436
6450
|
|
|
6437
6451
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
|
|
6438
|
-
var
|
|
6452
|
+
var vulnerabilities15 = {
|
|
6439
6453
|
["CSRF" /* Csrf */]: csrf2,
|
|
6440
6454
|
["LOG_FORGING" /* LogForging */]: logForging5,
|
|
6441
6455
|
["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect3,
|
|
@@ -6444,7 +6458,7 @@ var vulnerabilities14 = {
|
|
|
6444
6458
|
["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: missingEncoding,
|
|
6445
6459
|
["SSRF" /* Ssrf */]: ssrf5
|
|
6446
6460
|
};
|
|
6447
|
-
var python_default2 =
|
|
6461
|
+
var python_default2 = vulnerabilities15;
|
|
6448
6462
|
|
|
6449
6463
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
6450
6464
|
init_client_generates();
|
|
@@ -6461,10 +6475,10 @@ A value too high will cause performance issues up to and including denial of ser
|
|
|
6461
6475
|
};
|
|
6462
6476
|
|
|
6463
6477
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
6464
|
-
var
|
|
6478
|
+
var vulnerabilities16 = {
|
|
6465
6479
|
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: unboundedOccurrences
|
|
6466
6480
|
};
|
|
6467
|
-
var xml_default2 =
|
|
6481
|
+
var xml_default2 = vulnerabilities16;
|
|
6468
6482
|
|
|
6469
6483
|
// src/features/analysis/scm/shared/src/storedQuestionData/yaml/index.ts
|
|
6470
6484
|
init_client_generates();
|
|
@@ -6497,12 +6511,12 @@ var writableFilesystemService = {
|
|
|
6497
6511
|
};
|
|
6498
6512
|
|
|
6499
6513
|
// src/features/analysis/scm/shared/src/storedQuestionData/yaml/index.ts
|
|
6500
|
-
var
|
|
6514
|
+
var vulnerabilities17 = {
|
|
6501
6515
|
["PORT_ALL_INTERFACES" /* PortAllInterfaces */]: portAllInterfaces,
|
|
6502
6516
|
["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: writableFilesystemService,
|
|
6503
6517
|
["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: noNewPrivileges
|
|
6504
6518
|
};
|
|
6505
|
-
var yaml_default =
|
|
6519
|
+
var yaml_default = vulnerabilities17;
|
|
6506
6520
|
|
|
6507
6521
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
6508
6522
|
var StoredQuestionDataItemZ = z4.object({
|
|
@@ -19403,7 +19417,7 @@ function createLogger(config2) {
|
|
|
19403
19417
|
|
|
19404
19418
|
// src/features/claude_code/hook_logger.ts
|
|
19405
19419
|
var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
|
|
19406
|
-
var CLI_VERSION = true ? "1.4.
|
|
19420
|
+
var CLI_VERSION = true ? "1.4.17" : "unknown";
|
|
19407
19421
|
var NAMESPACE = "mobbdev-claude-code-hook-logs";
|
|
19408
19422
|
var claudeCodeVersion;
|
|
19409
19423
|
function buildDdTags() {
|