mobbdev 1.4.25 → 1.4.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/args/commands/upload_ai_blame.mjs +13 -6
- package/dist/index.mjs +55 -27
- package/package.json +1 -1
|
@@ -357,6 +357,7 @@ var init_client_generates = __esm({
|
|
|
357
357
|
IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
|
|
358
358
|
IssueType_Enum2["TypeConfusion"] = "TYPE_CONFUSION";
|
|
359
359
|
IssueType_Enum2["UncheckedLoopCondition"] = "UNCHECKED_LOOP_CONDITION";
|
|
360
|
+
IssueType_Enum2["UncheckedReturnValue"] = "UNCHECKED_RETURN_VALUE";
|
|
360
361
|
IssueType_Enum2["UnencryptedAwsSqsQueue"] = "UNENCRYPTED_AWS_SQS_QUEUE";
|
|
361
362
|
IssueType_Enum2["UnnecessaryImports"] = "UNNECESSARY_IMPORTS";
|
|
362
363
|
IssueType_Enum2["UnsafeDeserialization"] = "UNSAFE_DESERIALIZATION";
|
|
@@ -1657,7 +1658,8 @@ var init_issue = __esm({
|
|
|
1657
1658
|
category: z4.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
1658
1659
|
extraData: z4.object({
|
|
1659
1660
|
missing_files: z4.string().array().nullish(),
|
|
1660
|
-
error_files: z4.string().array().nullish()
|
|
1661
|
+
error_files: z4.string().array().nullish(),
|
|
1662
|
+
ai_cost_limit_exceeded: z4.string().nullish()
|
|
1661
1663
|
}),
|
|
1662
1664
|
vulnerabilityReportIssueTags: z4.array(
|
|
1663
1665
|
z4.object({
|
|
@@ -1929,7 +1931,8 @@ var init_getIssueType = __esm({
|
|
|
1929
1931
|
["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: "AWS SQS Queue Unencrypted",
|
|
1930
1932
|
["INSECURE_DESERIALIZATION" /* InsecureDeserialization */]: "Insecure Deserialization",
|
|
1931
1933
|
["AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED" /* AwsDynamodbPointInTimeRecoveryDisabled */]: "AWS DynamoDB Point-in-Time Recovery Disabled",
|
|
1932
|
-
["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: "JWT Decoded Without Signature Verification"
|
|
1934
|
+
["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: "JWT Decoded Without Signature Verification",
|
|
1935
|
+
["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: "Unchecked Return Value"
|
|
1933
1936
|
};
|
|
1934
1937
|
issueTypeZ = z5.nativeEnum(IssueType_Enum);
|
|
1935
1938
|
getIssueTypeFriendlyString = (issueType) => {
|
|
@@ -2198,7 +2201,8 @@ var init_types = __esm({
|
|
|
2198
2201
|
extraData: z7.object({
|
|
2199
2202
|
missing_files: z7.string().array().nullish(),
|
|
2200
2203
|
large_files: z7.string().array().nullish(),
|
|
2201
|
-
error_files: z7.string().array().nullish()
|
|
2204
|
+
error_files: z7.string().array().nullish(),
|
|
2205
|
+
ai_cost_limit_exceeded: z7.string().nullish()
|
|
2202
2206
|
})
|
|
2203
2207
|
}).array()
|
|
2204
2208
|
})
|
|
@@ -2237,7 +2241,8 @@ var init_types = __esm({
|
|
|
2237
2241
|
extraData: z7.object({
|
|
2238
2242
|
missing_files: z7.string().array().nullish(),
|
|
2239
2243
|
large_files: z7.string().array().nullish(),
|
|
2240
|
-
error_files: z7.string().array().nullish()
|
|
2244
|
+
error_files: z7.string().array().nullish(),
|
|
2245
|
+
ai_cost_limit_exceeded: z7.string().nullish()
|
|
2241
2246
|
}),
|
|
2242
2247
|
fix: ReportFixesQueryFixZ.nullable(),
|
|
2243
2248
|
falsePositive: z7.object({
|
|
@@ -5185,7 +5190,8 @@ var fixDetailsData = {
|
|
|
5185
5190
|
["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: {
|
|
5186
5191
|
issueDescription: "Decoding a JWT with `JWT.decode()` only base64-decodes the token without checking its signature, so an attacker can forge a token with arbitrary claims (identity, roles, expiration) and have it trusted. CWE-345, OWASP A08:2021 Software and Data Integrity Failures.",
|
|
5187
5192
|
fixInstructions: "Verify the signature before trusting any claims: build a verifier with the expected algorithm and secret/key (e.g. `JWT.require(Algorithm.HMAC256(secret)).build().verify(token)`) instead of calling `JWT.decode(token)`. After merging, confirm the verifier is configured with the same algorithm and secret/key used to sign your tokens \u2014 an incorrect or placeholder secret will make verification throw `JWTVerificationException` at runtime and reject legitimate tokens."
|
|
5188
|
-
}
|
|
5193
|
+
},
|
|
5194
|
+
["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: void 0
|
|
5189
5195
|
};
|
|
5190
5196
|
|
|
5191
5197
|
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
@@ -7046,6 +7052,7 @@ import { fetch as fetch2, ProxyAgent } from "undici";
|
|
|
7046
7052
|
|
|
7047
7053
|
// src/features/analysis/scm/gitlab/gitlab.ts
|
|
7048
7054
|
import querystring3 from "querystring";
|
|
7055
|
+
import { setTimeout as delay } from "timers/promises";
|
|
7049
7056
|
import {
|
|
7050
7057
|
createRequesterFn
|
|
7051
7058
|
} from "@gitbeaker/requester-utils";
|
|
@@ -7812,7 +7819,7 @@ async function sanitizeDataWithCounts(obj, options) {
|
|
|
7812
7819
|
}
|
|
7813
7820
|
|
|
7814
7821
|
// src/utils/with-timeout.ts
|
|
7815
|
-
import { setTimeout as
|
|
7822
|
+
import { setTimeout as delay2 } from "timers/promises";
|
|
7816
7823
|
|
|
7817
7824
|
// src/features/analysis/graphql/s3-raw-data-upload.ts
|
|
7818
7825
|
import { setTimeout as sleep2 } from "timers/promises";
|
package/dist/index.mjs
CHANGED
|
@@ -357,6 +357,7 @@ var init_client_generates = __esm({
|
|
|
357
357
|
IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
|
|
358
358
|
IssueType_Enum2["TypeConfusion"] = "TYPE_CONFUSION";
|
|
359
359
|
IssueType_Enum2["UncheckedLoopCondition"] = "UNCHECKED_LOOP_CONDITION";
|
|
360
|
+
IssueType_Enum2["UncheckedReturnValue"] = "UNCHECKED_RETURN_VALUE";
|
|
360
361
|
IssueType_Enum2["UnencryptedAwsSqsQueue"] = "UNENCRYPTED_AWS_SQS_QUEUE";
|
|
361
362
|
IssueType_Enum2["UnnecessaryImports"] = "UNNECESSARY_IMPORTS";
|
|
362
363
|
IssueType_Enum2["UnsafeDeserialization"] = "UNSAFE_DESERIALIZATION";
|
|
@@ -1595,7 +1596,8 @@ var init_getIssueType = __esm({
|
|
|
1595
1596
|
["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: "AWS SQS Queue Unencrypted",
|
|
1596
1597
|
["INSECURE_DESERIALIZATION" /* InsecureDeserialization */]: "Insecure Deserialization",
|
|
1597
1598
|
["AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED" /* AwsDynamodbPointInTimeRecoveryDisabled */]: "AWS DynamoDB Point-in-Time Recovery Disabled",
|
|
1598
|
-
["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: "JWT Decoded Without Signature Verification"
|
|
1599
|
+
["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: "JWT Decoded Without Signature Verification",
|
|
1600
|
+
["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: "Unchecked Return Value"
|
|
1599
1601
|
};
|
|
1600
1602
|
issueTypeZ = z.nativeEnum(IssueType_Enum);
|
|
1601
1603
|
getIssueTypeFriendlyString = (issueType) => {
|
|
@@ -1885,7 +1887,8 @@ var init_issue = __esm({
|
|
|
1885
1887
|
category: z9.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
1886
1888
|
extraData: z9.object({
|
|
1887
1889
|
missing_files: z9.string().array().nullish(),
|
|
1888
|
-
error_files: z9.string().array().nullish()
|
|
1890
|
+
error_files: z9.string().array().nullish(),
|
|
1891
|
+
ai_cost_limit_exceeded: z9.string().nullish()
|
|
1889
1892
|
}),
|
|
1890
1893
|
vulnerabilityReportIssueTags: z9.array(
|
|
1891
1894
|
z9.object({
|
|
@@ -2243,7 +2246,8 @@ var init_types = __esm({
|
|
|
2243
2246
|
extraData: z11.object({
|
|
2244
2247
|
missing_files: z11.string().array().nullish(),
|
|
2245
2248
|
large_files: z11.string().array().nullish(),
|
|
2246
|
-
error_files: z11.string().array().nullish()
|
|
2249
|
+
error_files: z11.string().array().nullish(),
|
|
2250
|
+
ai_cost_limit_exceeded: z11.string().nullish()
|
|
2247
2251
|
})
|
|
2248
2252
|
}).array()
|
|
2249
2253
|
})
|
|
@@ -2282,7 +2286,8 @@ var init_types = __esm({
|
|
|
2282
2286
|
extraData: z11.object({
|
|
2283
2287
|
missing_files: z11.string().array().nullish(),
|
|
2284
2288
|
large_files: z11.string().array().nullish(),
|
|
2285
|
-
error_files: z11.string().array().nullish()
|
|
2289
|
+
error_files: z11.string().array().nullish(),
|
|
2290
|
+
ai_cost_limit_exceeded: z11.string().nullish()
|
|
2286
2291
|
}),
|
|
2287
2292
|
fix: ReportFixesQueryFixZ.nullable(),
|
|
2288
2293
|
falsePositive: z11.object({
|
|
@@ -4890,7 +4895,8 @@ var fixDetailsData = {
|
|
|
4890
4895
|
["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: {
|
|
4891
4896
|
issueDescription: "Decoding a JWT with `JWT.decode()` only base64-decodes the token without checking its signature, so an attacker can forge a token with arbitrary claims (identity, roles, expiration) and have it trusted. CWE-345, OWASP A08:2021 Software and Data Integrity Failures.",
|
|
4892
4897
|
fixInstructions: "Verify the signature before trusting any claims: build a verifier with the expected algorithm and secret/key (e.g. `JWT.require(Algorithm.HMAC256(secret)).build().verify(token)`) instead of calling `JWT.decode(token)`. After merging, confirm the verifier is configured with the same algorithm and secret/key used to sign your tokens \u2014 an incorrect or placeholder secret will make verification throw `JWTVerificationException` at runtime and reject legitimate tokens."
|
|
4893
|
-
}
|
|
4898
|
+
},
|
|
4899
|
+
["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: void 0
|
|
4894
4900
|
};
|
|
4895
4901
|
|
|
4896
4902
|
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
@@ -10947,6 +10953,7 @@ var GithubSCMLib = class extends SCMLib {
|
|
|
10947
10953
|
|
|
10948
10954
|
// src/features/analysis/scm/gitlab/gitlab.ts
|
|
10949
10955
|
import querystring3 from "querystring";
|
|
10956
|
+
import { setTimeout as delay } from "timers/promises";
|
|
10950
10957
|
import {
|
|
10951
10958
|
createRequesterFn
|
|
10952
10959
|
} from "@gitbeaker/requester-utils";
|
|
@@ -11608,6 +11615,9 @@ async function processBody(response) {
|
|
|
11608
11615
|
}
|
|
11609
11616
|
return await response.text();
|
|
11610
11617
|
}
|
|
11618
|
+
var GITLAB_RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 502, 503, 504]);
|
|
11619
|
+
var GITLAB_REQUEST_MAX_ATTEMPTS = 4;
|
|
11620
|
+
var GITLAB_REQUEST_BASE_BACKOFF_MS = 1e3;
|
|
11611
11621
|
async function brokerRequestHandler(endpoint, options) {
|
|
11612
11622
|
const { prefixUrl, searchParams } = options || {};
|
|
11613
11623
|
let baseUrl;
|
|
@@ -11620,24 +11630,42 @@ async function brokerRequestHandler(endpoint, options) {
|
|
|
11620
11630
|
rejectUnauthorized: false
|
|
11621
11631
|
}
|
|
11622
11632
|
}) : void 0;
|
|
11623
|
-
|
|
11624
|
-
|
|
11625
|
-
|
|
11626
|
-
|
|
11627
|
-
|
|
11628
|
-
|
|
11629
|
-
|
|
11630
|
-
|
|
11633
|
+
let lastError;
|
|
11634
|
+
for (let attempt = 1; attempt <= GITLAB_REQUEST_MAX_ATTEMPTS; attempt++) {
|
|
11635
|
+
let response;
|
|
11636
|
+
try {
|
|
11637
|
+
response = await undiciFetch(url, {
|
|
11638
|
+
headers: options?.headers,
|
|
11639
|
+
method: options?.method,
|
|
11640
|
+
body: options?.body ? String(options?.body) : void 0,
|
|
11641
|
+
dispatcher
|
|
11642
|
+
});
|
|
11643
|
+
} catch (e) {
|
|
11644
|
+
if (e.name === "TimeoutError" || e.name === "AbortError") {
|
|
11645
|
+
lastError = new Error("Query timeout was reached");
|
|
11646
|
+
} else {
|
|
11647
|
+
throw e;
|
|
11648
|
+
}
|
|
11631
11649
|
}
|
|
11632
|
-
|
|
11633
|
-
|
|
11634
|
-
|
|
11635
|
-
|
|
11636
|
-
|
|
11637
|
-
|
|
11638
|
-
|
|
11639
|
-
|
|
11640
|
-
|
|
11650
|
+
if (response) {
|
|
11651
|
+
if (response.ok) {
|
|
11652
|
+
return {
|
|
11653
|
+
body: await processBody(response),
|
|
11654
|
+
headers: Object.fromEntries(response.headers.entries()),
|
|
11655
|
+
status: response.status
|
|
11656
|
+
};
|
|
11657
|
+
}
|
|
11658
|
+
if (!GITLAB_RETRYABLE_STATUSES.has(response.status)) {
|
|
11659
|
+
throw new Error(`gitbeaker: ${response.statusText}`);
|
|
11660
|
+
}
|
|
11661
|
+
lastError = new Error(`gitbeaker: ${response.statusText}`);
|
|
11662
|
+
}
|
|
11663
|
+
if (attempt === GITLAB_REQUEST_MAX_ATTEMPTS) break;
|
|
11664
|
+
const retryAfter = Number(response?.headers.get("retry-after"));
|
|
11665
|
+
const waitMs = Number.isFinite(retryAfter) && retryAfter > 0 ? retryAfter * 1e3 : GITLAB_REQUEST_BASE_BACKOFF_MS * 2 ** (attempt - 1);
|
|
11666
|
+
await delay(waitMs);
|
|
11667
|
+
}
|
|
11668
|
+
throw lastError ?? new Error("gitbeaker: request failed");
|
|
11641
11669
|
}
|
|
11642
11670
|
async function listGitlabProjectMembers({
|
|
11643
11671
|
repoUrl,
|
|
@@ -14916,12 +14944,12 @@ async function uploadAiBlameCommandHandler(args) {
|
|
|
14916
14944
|
}
|
|
14917
14945
|
|
|
14918
14946
|
// src/utils/with-timeout.ts
|
|
14919
|
-
import { setTimeout as
|
|
14947
|
+
import { setTimeout as delay2 } from "timers/promises";
|
|
14920
14948
|
function withTimeout(promise, ms, label) {
|
|
14921
14949
|
const ac = new AbortController();
|
|
14922
14950
|
return Promise.race([
|
|
14923
14951
|
promise.finally(() => ac.abort()),
|
|
14924
|
-
|
|
14952
|
+
delay2(ms, void 0, { signal: ac.signal }).then(() => {
|
|
14925
14953
|
throw new Error(`${label} timed out after ${ms}ms`);
|
|
14926
14954
|
})
|
|
14927
14955
|
]);
|
|
@@ -19782,7 +19810,7 @@ function createLogger(config2) {
|
|
|
19782
19810
|
|
|
19783
19811
|
// src/features/claude_code/hook_logger.ts
|
|
19784
19812
|
var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
|
|
19785
|
-
var CLI_VERSION = true ? "1.4.
|
|
19813
|
+
var CLI_VERSION = true ? "1.4.27" : "unknown";
|
|
19786
19814
|
var NAMESPACE = "mobbdev-claude-code-hook-logs";
|
|
19787
19815
|
var claudeCodeVersion;
|
|
19788
19816
|
function buildDdTags() {
|
|
@@ -28745,7 +28773,7 @@ var _FetchAvailableFixesService = class _FetchAvailableFixesService {
|
|
|
28745
28773
|
interactiveFixes: fixReport.interactiveFixes ?? [],
|
|
28746
28774
|
repositoryPath
|
|
28747
28775
|
});
|
|
28748
|
-
this.currentOffset = effectiveOffset + (fixReport.fixes?.length || 0);
|
|
28776
|
+
this.currentOffset = effectiveOffset + (fixReport.fixes?.length || 0) + (fixReport.interactiveFixes?.length || 0);
|
|
28749
28777
|
return prompt;
|
|
28750
28778
|
} catch (error) {
|
|
28751
28779
|
logError("Failed to check for available fixes", {
|
|
@@ -29103,7 +29131,7 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
|
|
|
29103
29131
|
interactiveFixes: fixes.interactiveFixes,
|
|
29104
29132
|
repositoryPath
|
|
29105
29133
|
});
|
|
29106
|
-
this.currentOffset = effectiveOffset + (fixes.fixes?.length || 0);
|
|
29134
|
+
this.currentOffset = effectiveOffset + (fixes.fixes?.length || 0) + (fixes.interactiveFixes?.length || 0);
|
|
29107
29135
|
return prompt;
|
|
29108
29136
|
} catch (error) {
|
|
29109
29137
|
const message = error.message;
|