mobbdev 1.4.28 → 1.4.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/args/commands/upload_ai_blame.mjs +14 -1
- package/dist/index.mjs +15 -2
- package/package.json +1 -1
|
@@ -338,6 +338,7 @@ var init_client_generates = __esm({
|
|
|
338
338
|
IssueType_Enum2["Pt"] = "PT";
|
|
339
339
|
IssueType_Enum2["RaceConditionFormatFlaw"] = "RACE_CONDITION_FORMAT_FLAW";
|
|
340
340
|
IssueType_Enum2["Redos"] = "REDOS";
|
|
341
|
+
IssueType_Enum2["RedundantCondition"] = "REDUNDANT_CONDITION";
|
|
341
342
|
IssueType_Enum2["RedundantNilErrorCheck"] = "REDUNDANT_NIL_ERROR_CHECK";
|
|
342
343
|
IssueType_Enum2["RegexInjection"] = "REGEX_INJECTION";
|
|
343
344
|
IssueType_Enum2["RegexMissingTimeout"] = "REGEX_MISSING_TIMEOUT";
|
|
@@ -1919,6 +1920,7 @@ var init_getIssueType = __esm({
|
|
|
1919
1920
|
["RETURN_IN_INIT" /* ReturnInInit */]: "Return in Init",
|
|
1920
1921
|
["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: "Action Not Pinned to Commit Sha",
|
|
1921
1922
|
["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
|
|
1923
|
+
["REDUNDANT_CONDITION" /* RedundantCondition */]: "Insider Threat: Redundant Condition",
|
|
1922
1924
|
["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
|
|
1923
1925
|
["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions",
|
|
1924
1926
|
["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure",
|
|
@@ -5168,6 +5170,7 @@ var fixDetailsData = {
|
|
|
5168
5170
|
["RETURN_IN_INIT" /* ReturnInInit */]: void 0,
|
|
5169
5171
|
["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: void 0,
|
|
5170
5172
|
["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
|
|
5173
|
+
["REDUNDANT_CONDITION" /* RedundantCondition */]: void 0,
|
|
5171
5174
|
["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
|
|
5172
5175
|
["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0,
|
|
5173
5176
|
["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0,
|
|
@@ -5514,9 +5517,19 @@ Provide the absolute directory that contains the executable (e.g. \`/usr/bin\`);
|
|
|
5514
5517
|
}
|
|
5515
5518
|
};
|
|
5516
5519
|
|
|
5520
|
+
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/pathManipulation.ts
|
|
5521
|
+
var pathManipulation = {
|
|
5522
|
+
baseDirectory: {
|
|
5523
|
+
content: ({ expression }) => `Which directory must \`${expression}\` stay within? Enter the absolute base directory file access is restricted to.`,
|
|
5524
|
+
description: ({ expression }) => `The fix canonicalizes \`${expression}\` (resolving \`.\`, \`..\`, and symlinks) and verifies the result stays inside this base directory. Provide the **absolute** root the application is allowed to read or write under, for example \`/var/app/data\`. The directory must exist at runtime. A path that resolves outside it is rejected at runtime.`,
|
|
5525
|
+
guidance: (_) => "You **must** set this to an absolute path that exists at runtime and that your application confines file access to. If you leave it unset (or give a relative path), the generated fix is emitted with a placeholder identifier (`MOBB_SET_ALLOWED_BASE_DIR`) that **deliberately does not compile**, so a missing security boundary cannot be overlooked \u2014 replace it with your absolute base directory. A relative path would otherwise resolve against the process working directory (moving the boundary). At runtime the guard aborts (C: `exit(EXIT_FAILURE)`) / throws (C++: `std::runtime_error`) on a path that escapes the base. Pick the narrowest directory that still contains every legitimate file the code opens."
|
|
5526
|
+
}
|
|
5527
|
+
};
|
|
5528
|
+
|
|
5517
5529
|
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
|
|
5518
5530
|
var vulnerabilities11 = {
|
|
5519
|
-
["CMDi" /* CmDi */]: commandInjection
|
|
5531
|
+
["CMDi" /* CmDi */]: commandInjection,
|
|
5532
|
+
["PT" /* Pt */]: pathManipulation
|
|
5520
5533
|
};
|
|
5521
5534
|
var cpp_default = vulnerabilities11;
|
|
5522
5535
|
|
package/dist/index.mjs
CHANGED
|
@@ -338,6 +338,7 @@ var init_client_generates = __esm({
|
|
|
338
338
|
IssueType_Enum2["Pt"] = "PT";
|
|
339
339
|
IssueType_Enum2["RaceConditionFormatFlaw"] = "RACE_CONDITION_FORMAT_FLAW";
|
|
340
340
|
IssueType_Enum2["Redos"] = "REDOS";
|
|
341
|
+
IssueType_Enum2["RedundantCondition"] = "REDUNDANT_CONDITION";
|
|
341
342
|
IssueType_Enum2["RedundantNilErrorCheck"] = "REDUNDANT_NIL_ERROR_CHECK";
|
|
342
343
|
IssueType_Enum2["RegexInjection"] = "REGEX_INJECTION";
|
|
343
344
|
IssueType_Enum2["RegexMissingTimeout"] = "REGEX_MISSING_TIMEOUT";
|
|
@@ -1584,6 +1585,7 @@ var init_getIssueType = __esm({
|
|
|
1584
1585
|
["RETURN_IN_INIT" /* ReturnInInit */]: "Return in Init",
|
|
1585
1586
|
["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: "Action Not Pinned to Commit Sha",
|
|
1586
1587
|
["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
|
|
1588
|
+
["REDUNDANT_CONDITION" /* RedundantCondition */]: "Insider Threat: Redundant Condition",
|
|
1587
1589
|
["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
|
|
1588
1590
|
["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions",
|
|
1589
1591
|
["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure",
|
|
@@ -4873,6 +4875,7 @@ var fixDetailsData = {
|
|
|
4873
4875
|
["RETURN_IN_INIT" /* ReturnInInit */]: void 0,
|
|
4874
4876
|
["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: void 0,
|
|
4875
4877
|
["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
|
|
4878
|
+
["REDUNDANT_CONDITION" /* RedundantCondition */]: void 0,
|
|
4876
4879
|
["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
|
|
4877
4880
|
["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0,
|
|
4878
4881
|
["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0,
|
|
@@ -5307,9 +5310,19 @@ Provide the absolute directory that contains the executable (e.g. \`/usr/bin\`);
|
|
|
5307
5310
|
}
|
|
5308
5311
|
};
|
|
5309
5312
|
|
|
5313
|
+
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/pathManipulation.ts
|
|
5314
|
+
var pathManipulation = {
|
|
5315
|
+
baseDirectory: {
|
|
5316
|
+
content: ({ expression }) => `Which directory must \`${expression}\` stay within? Enter the absolute base directory file access is restricted to.`,
|
|
5317
|
+
description: ({ expression }) => `The fix canonicalizes \`${expression}\` (resolving \`.\`, \`..\`, and symlinks) and verifies the result stays inside this base directory. Provide the **absolute** root the application is allowed to read or write under, for example \`/var/app/data\`. The directory must exist at runtime. A path that resolves outside it is rejected at runtime.`,
|
|
5318
|
+
guidance: (_) => "You **must** set this to an absolute path that exists at runtime and that your application confines file access to. If you leave it unset (or give a relative path), the generated fix is emitted with a placeholder identifier (`MOBB_SET_ALLOWED_BASE_DIR`) that **deliberately does not compile**, so a missing security boundary cannot be overlooked \u2014 replace it with your absolute base directory. A relative path would otherwise resolve against the process working directory (moving the boundary). At runtime the guard aborts (C: `exit(EXIT_FAILURE)`) / throws (C++: `std::runtime_error`) on a path that escapes the base. Pick the narrowest directory that still contains every legitimate file the code opens."
|
|
5319
|
+
}
|
|
5320
|
+
};
|
|
5321
|
+
|
|
5310
5322
|
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
|
|
5311
5323
|
var vulnerabilities11 = {
|
|
5312
|
-
["CMDi" /* CmDi */]: commandInjection
|
|
5324
|
+
["CMDi" /* CmDi */]: commandInjection,
|
|
5325
|
+
["PT" /* Pt */]: pathManipulation
|
|
5313
5326
|
};
|
|
5314
5327
|
var cpp_default = vulnerabilities11;
|
|
5315
5328
|
|
|
@@ -19930,7 +19943,7 @@ function createLogger(config2) {
|
|
|
19930
19943
|
|
|
19931
19944
|
// src/features/claude_code/hook_logger.ts
|
|
19932
19945
|
var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
|
|
19933
|
-
var CLI_VERSION = true ? "1.4.
|
|
19946
|
+
var CLI_VERSION = true ? "1.4.29" : "unknown";
|
|
19934
19947
|
var NAMESPACE = "mobbdev-claude-code-hook-logs";
|
|
19935
19948
|
var claudeCodeVersion;
|
|
19936
19949
|
function buildDdTags() {
|