mobbdev 1.4.26 → 1.4.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/args/commands/upload_ai_blame.mjs +5 -2
  2. package/dist/index.mjs +8 -5
  3. package/package.json +1 -1
package/dist/args/commands/upload_ai_blame.mjs CHANGED
@@ -357,6 +357,7 @@ var init_client_generates = __esm({
357
357
  IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
358
358
  IssueType_Enum2["TypeConfusion"] = "TYPE_CONFUSION";
359
359
  IssueType_Enum2["UncheckedLoopCondition"] = "UNCHECKED_LOOP_CONDITION";
360
+ IssueType_Enum2["UncheckedReturnValue"] = "UNCHECKED_RETURN_VALUE";
360
361
  IssueType_Enum2["UnencryptedAwsSqsQueue"] = "UNENCRYPTED_AWS_SQS_QUEUE";
361
362
  IssueType_Enum2["UnnecessaryImports"] = "UNNECESSARY_IMPORTS";
362
363
  IssueType_Enum2["UnsafeDeserialization"] = "UNSAFE_DESERIALIZATION";
@@ -1930,7 +1931,8 @@ var init_getIssueType = __esm({
1930
1931
  ["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: "AWS SQS Queue Unencrypted",
1931
1932
  ["INSECURE_DESERIALIZATION" /* InsecureDeserialization */]: "Insecure Deserialization",
1932
1933
  ["AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED" /* AwsDynamodbPointInTimeRecoveryDisabled */]: "AWS DynamoDB Point-in-Time Recovery Disabled",
1933
- ["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: "JWT Decoded Without Signature Verification"
1934
+ ["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: "JWT Decoded Without Signature Verification",
1935
+ ["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: "Unchecked Return Value"
1934
1936
  };
1935
1937
  issueTypeZ = z5.nativeEnum(IssueType_Enum);
1936
1938
  getIssueTypeFriendlyString = (issueType) => {
@@ -5188,7 +5190,8 @@ var fixDetailsData = {
5188
5190
  ["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: {
5189
5191
  issueDescription: "Decoding a JWT with `JWT.decode()` only base64-decodes the token without checking its signature, so an attacker can forge a token with arbitrary claims (identity, roles, expiration) and have it trusted. CWE-345, OWASP A08:2021 Software and Data Integrity Failures.",
5190
5192
  fixInstructions: "Verify the signature before trusting any claims: build a verifier with the expected algorithm and secret/key (e.g. `JWT.require(Algorithm.HMAC256(secret)).build().verify(token)`) instead of calling `JWT.decode(token)`. After merging, confirm the verifier is configured with the same algorithm and secret/key used to sign your tokens \u2014 an incorrect or placeholder secret will make verification throw `JWTVerificationException` at runtime and reject legitimate tokens."
5191
- }
5193
+ },
5194
+ ["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: void 0
5192
5195
  };
5193
5196
 
5194
5197
  // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
package/dist/index.mjs CHANGED
@@ -357,6 +357,7 @@ var init_client_generates = __esm({
357
357
  IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
358
358
  IssueType_Enum2["TypeConfusion"] = "TYPE_CONFUSION";
359
359
  IssueType_Enum2["UncheckedLoopCondition"] = "UNCHECKED_LOOP_CONDITION";
360
+ IssueType_Enum2["UncheckedReturnValue"] = "UNCHECKED_RETURN_VALUE";
360
361
  IssueType_Enum2["UnencryptedAwsSqsQueue"] = "UNENCRYPTED_AWS_SQS_QUEUE";
361
362
  IssueType_Enum2["UnnecessaryImports"] = "UNNECESSARY_IMPORTS";
362
363
  IssueType_Enum2["UnsafeDeserialization"] = "UNSAFE_DESERIALIZATION";
@@ -1595,7 +1596,8 @@ var init_getIssueType = __esm({
1595
1596
  ["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: "AWS SQS Queue Unencrypted",
1596
1597
  ["INSECURE_DESERIALIZATION" /* InsecureDeserialization */]: "Insecure Deserialization",
1597
1598
  ["AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED" /* AwsDynamodbPointInTimeRecoveryDisabled */]: "AWS DynamoDB Point-in-Time Recovery Disabled",
1598
- ["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: "JWT Decoded Without Signature Verification"
1599
+ ["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: "JWT Decoded Without Signature Verification",
1600
+ ["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: "Unchecked Return Value"
1599
1601
  };
1600
1602
  issueTypeZ = z.nativeEnum(IssueType_Enum);
1601
1603
  getIssueTypeFriendlyString = (issueType) => {
@@ -4893,7 +4895,8 @@ var fixDetailsData = {
4893
4895
  ["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: {
4894
4896
  issueDescription: "Decoding a JWT with `JWT.decode()` only base64-decodes the token without checking its signature, so an attacker can forge a token with arbitrary claims (identity, roles, expiration) and have it trusted. CWE-345, OWASP A08:2021 Software and Data Integrity Failures.",
4895
4897
  fixInstructions: "Verify the signature before trusting any claims: build a verifier with the expected algorithm and secret/key (e.g. `JWT.require(Algorithm.HMAC256(secret)).build().verify(token)`) instead of calling `JWT.decode(token)`. After merging, confirm the verifier is configured with the same algorithm and secret/key used to sign your tokens \u2014 an incorrect or placeholder secret will make verification throw `JWTVerificationException` at runtime and reject legitimate tokens."
4896
- }
4898
+ },
4899
+ ["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: void 0
4897
4900
  };
4898
4901
 
4899
4902
  // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -19807,7 +19810,7 @@ function createLogger(config2) {
19807
19810
 
19808
19811
  // src/features/claude_code/hook_logger.ts
19809
19812
  var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
19810
- var CLI_VERSION = true ? "1.4.26" : "unknown";
19813
+ var CLI_VERSION = true ? "1.4.27" : "unknown";
19811
19814
  var NAMESPACE = "mobbdev-claude-code-hook-logs";
19812
19815
  var claudeCodeVersion;
19813
19816
  function buildDdTags() {
@@ -28770,7 +28773,7 @@ var _FetchAvailableFixesService = class _FetchAvailableFixesService {
28770
28773
  interactiveFixes: fixReport.interactiveFixes ?? [],
28771
28774
  repositoryPath
28772
28775
  });
28773
- this.currentOffset = effectiveOffset + (fixReport.fixes?.length || 0);
28776
+ this.currentOffset = effectiveOffset + (fixReport.fixes?.length || 0) + (fixReport.interactiveFixes?.length || 0);
28774
28777
  return prompt;
28775
28778
  } catch (error) {
28776
28779
  logError("Failed to check for available fixes", {
@@ -29128,7 +29131,7 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
29128
29131
  interactiveFixes: fixes.interactiveFixes,
29129
29132
  repositoryPath
29130
29133
  });
29131
- this.currentOffset = effectiveOffset + (fixes.fixes?.length || 0);
29134
+ this.currentOffset = effectiveOffset + (fixes.fixes?.length || 0) + (fixes.interactiveFixes?.length || 0);
29132
29135
  return prompt;
29133
29136
  } catch (error) {
29134
29137
  const message = error.message;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mobbdev",
3
- "version": "1.4.26",
3
+ "version": "1.4.27",
4
4
  "description": "Automated secure code remediation tool",
5
5
  "repository": "git+https://github.com/mobb-dev/bugsy.git",
6
6
  "main": "dist/index.mjs",