mobbdev 1.4.28 → 1.4.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/args/commands/upload_ai_blame.mjs +49 -2
- package/dist/index.mjs +50 -3
- package/package.json +1 -1
|
@@ -144,10 +144,13 @@ function getSdk(client, withWrapper = defaultWrapper) {
|
|
|
144
144
|
},
|
|
145
145
|
getMvsProject(variables, requestHeaders, signal) {
|
|
146
146
|
return withWrapper((wrappedRequestHeaders) => client.request({ document: GetMvsProjectDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "getMvsProject", "mutation", variables);
|
|
147
|
+
},
|
|
148
|
+
IssueTypes(variables, requestHeaders, signal) {
|
|
149
|
+
return withWrapper((wrappedRequestHeaders) => client.request({ document: IssueTypesDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "IssueTypes", "query", variables);
|
|
147
150
|
}
|
|
148
151
|
};
|
|
149
152
|
}
|
|
150
|
-
var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixWithAnswersDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, LogMvsEventDocument, GetMvsProjectDocument, defaultWrapper;
|
|
153
|
+
var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixWithAnswersDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, LogMvsEventDocument, GetMvsProjectDocument, IssueTypesDocument, defaultWrapper;
|
|
151
154
|
var init_client_generates = __esm({
|
|
152
155
|
"src/features/analysis/scm/generates/client_generates.ts"() {
|
|
153
156
|
"use strict";
|
|
@@ -338,6 +341,7 @@ var init_client_generates = __esm({
|
|
|
338
341
|
IssueType_Enum2["Pt"] = "PT";
|
|
339
342
|
IssueType_Enum2["RaceConditionFormatFlaw"] = "RACE_CONDITION_FORMAT_FLAW";
|
|
340
343
|
IssueType_Enum2["Redos"] = "REDOS";
|
|
344
|
+
IssueType_Enum2["RedundantCondition"] = "REDUNDANT_CONDITION";
|
|
341
345
|
IssueType_Enum2["RedundantNilErrorCheck"] = "REDUNDANT_NIL_ERROR_CHECK";
|
|
342
346
|
IssueType_Enum2["RegexInjection"] = "REGEX_INJECTION";
|
|
343
347
|
IssueType_Enum2["RegexMissingTimeout"] = "REGEX_MISSING_TIMEOUT";
|
|
@@ -1398,6 +1402,16 @@ var init_client_generates = __esm({
|
|
|
1398
1402
|
getMvsProject(organizationId: $organizationId) {
|
|
1399
1403
|
projectId
|
|
1400
1404
|
}
|
|
1405
|
+
}
|
|
1406
|
+
`;
|
|
1407
|
+
IssueTypesDocument = `
|
|
1408
|
+
query IssueTypes {
|
|
1409
|
+
issueTypes {
|
|
1410
|
+
value
|
|
1411
|
+
label
|
|
1412
|
+
issueDescription
|
|
1413
|
+
fixInstructions
|
|
1414
|
+
}
|
|
1401
1415
|
}
|
|
1402
1416
|
`;
|
|
1403
1417
|
defaultWrapper = (action, _operationName, _operationType, _variables) => action();
|
|
@@ -1775,6 +1789,21 @@ var init_issue = __esm({
|
|
|
1775
1789
|
}
|
|
1776
1790
|
});
|
|
1777
1791
|
|
|
1792
|
+
// src/features/analysis/scm/shared/src/issueTypeCatalog.ts
|
|
1793
|
+
function getIssueTypeCatalogEntry(value) {
|
|
1794
|
+
if (!catalog || !value) {
|
|
1795
|
+
return void 0;
|
|
1796
|
+
}
|
|
1797
|
+
return catalog.get(value);
|
|
1798
|
+
}
|
|
1799
|
+
var catalog;
|
|
1800
|
+
var init_issueTypeCatalog = __esm({
|
|
1801
|
+
"src/features/analysis/scm/shared/src/issueTypeCatalog.ts"() {
|
|
1802
|
+
"use strict";
|
|
1803
|
+
catalog = null;
|
|
1804
|
+
}
|
|
1805
|
+
});
|
|
1806
|
+
|
|
1778
1807
|
// src/features/analysis/scm/shared/src/getIssueType.ts
|
|
1779
1808
|
import { z as z5 } from "zod";
|
|
1780
1809
|
var issueTypeMap, issueTypeZ, getIssueTypeFriendlyString, statusMap, statusZ, issueDescription;
|
|
@@ -1782,6 +1811,7 @@ var init_getIssueType = __esm({
|
|
|
1782
1811
|
"src/features/analysis/scm/shared/src/getIssueType.ts"() {
|
|
1783
1812
|
"use strict";
|
|
1784
1813
|
init_client_generates();
|
|
1814
|
+
init_issueTypeCatalog();
|
|
1785
1815
|
issueTypeMap = {
|
|
1786
1816
|
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: "Missing Rate Limiting",
|
|
1787
1817
|
["SQL_Injection" /* SqlInjection */]: "SQL Injection",
|
|
@@ -1919,6 +1949,7 @@ var init_getIssueType = __esm({
|
|
|
1919
1949
|
["RETURN_IN_INIT" /* ReturnInInit */]: "Return in Init",
|
|
1920
1950
|
["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: "Action Not Pinned to Commit Sha",
|
|
1921
1951
|
["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
|
|
1952
|
+
["REDUNDANT_CONDITION" /* RedundantCondition */]: "Insider Threat: Redundant Condition",
|
|
1922
1953
|
["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
|
|
1923
1954
|
["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions",
|
|
1924
1955
|
["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure",
|
|
@@ -1936,6 +1967,10 @@ var init_getIssueType = __esm({
|
|
|
1936
1967
|
};
|
|
1937
1968
|
issueTypeZ = z5.nativeEnum(IssueType_Enum);
|
|
1938
1969
|
getIssueTypeFriendlyString = (issueType) => {
|
|
1970
|
+
const fromCatalog = getIssueTypeCatalogEntry(issueType)?.label;
|
|
1971
|
+
if (fromCatalog) {
|
|
1972
|
+
return fromCatalog;
|
|
1973
|
+
}
|
|
1939
1974
|
const issueTypeZParseRes = issueTypeZ.safeParse(issueType);
|
|
1940
1975
|
if (!issueTypeZParseRes.success) {
|
|
1941
1976
|
return issueType ? issueType.replaceAll("_", " ") : "Other";
|
|
@@ -5168,6 +5203,7 @@ var fixDetailsData = {
|
|
|
5168
5203
|
["RETURN_IN_INIT" /* ReturnInInit */]: void 0,
|
|
5169
5204
|
["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: void 0,
|
|
5170
5205
|
["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
|
|
5206
|
+
["REDUNDANT_CONDITION" /* RedundantCondition */]: void 0,
|
|
5171
5207
|
["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
|
|
5172
5208
|
["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0,
|
|
5173
5209
|
["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0,
|
|
@@ -5514,9 +5550,19 @@ Provide the absolute directory that contains the executable (e.g. \`/usr/bin\`);
|
|
|
5514
5550
|
}
|
|
5515
5551
|
};
|
|
5516
5552
|
|
|
5553
|
+
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/pathManipulation.ts
|
|
5554
|
+
var pathManipulation = {
|
|
5555
|
+
baseDirectory: {
|
|
5556
|
+
content: ({ expression }) => `Which directory must \`${expression}\` stay within? Enter the absolute base directory file access is restricted to.`,
|
|
5557
|
+
description: ({ expression }) => `The fix canonicalizes \`${expression}\` (resolving \`.\`, \`..\`, and symlinks) and verifies the result stays inside this base directory. Provide the **absolute** root the application is allowed to read or write under, for example \`/var/app/data\`. The directory must exist at runtime. A path that resolves outside it is rejected at runtime.`,
|
|
5558
|
+
guidance: (_) => "You **must** set this to an absolute path that exists at runtime and that your application confines file access to. If you leave it unset (or give a relative path), the generated fix is emitted with a placeholder identifier (`MOBB_SET_ALLOWED_BASE_DIR`) that **deliberately does not compile**, so a missing security boundary cannot be overlooked \u2014 replace it with your absolute base directory. A relative path would otherwise resolve against the process working directory (moving the boundary). At runtime the guard aborts (C: `exit(EXIT_FAILURE)`) / throws (C++: `std::runtime_error`) on a path that escapes the base. Pick the narrowest directory that still contains every legitimate file the code opens."
|
|
5559
|
+
}
|
|
5560
|
+
};
|
|
5561
|
+
|
|
5517
5562
|
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
|
|
5518
5563
|
var vulnerabilities11 = {
|
|
5519
|
-
["CMDi" /* CmDi */]: commandInjection
|
|
5564
|
+
["CMDi" /* CmDi */]: commandInjection,
|
|
5565
|
+
["PT" /* Pt */]: pathManipulation
|
|
5520
5566
|
};
|
|
5521
5567
|
var cpp_default = vulnerabilities11;
|
|
5522
5568
|
|
|
@@ -6882,6 +6928,7 @@ var IssueTypeAndLanguageZ = z12.object({
|
|
|
6882
6928
|
});
|
|
6883
6929
|
|
|
6884
6930
|
// src/features/analysis/scm/shared/src/index.ts
|
|
6931
|
+
init_issueTypeCatalog();
|
|
6885
6932
|
init_types2();
|
|
6886
6933
|
init_urlParser2();
|
|
6887
6934
|
init_validations();
|
package/dist/index.mjs
CHANGED
|
@@ -144,10 +144,13 @@ function getSdk(client, withWrapper = defaultWrapper) {
|
|
|
144
144
|
},
|
|
145
145
|
getMvsProject(variables, requestHeaders, signal) {
|
|
146
146
|
return withWrapper((wrappedRequestHeaders) => client.request({ document: GetMvsProjectDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "getMvsProject", "mutation", variables);
|
|
147
|
+
},
|
|
148
|
+
IssueTypes(variables, requestHeaders, signal) {
|
|
149
|
+
return withWrapper((wrappedRequestHeaders) => client.request({ document: IssueTypesDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "IssueTypes", "query", variables);
|
|
147
150
|
}
|
|
148
151
|
};
|
|
149
152
|
}
|
|
150
|
-
var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixWithAnswersDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, LogMvsEventDocument, GetMvsProjectDocument, defaultWrapper;
|
|
153
|
+
var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixWithAnswersDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, LogMvsEventDocument, GetMvsProjectDocument, IssueTypesDocument, defaultWrapper;
|
|
151
154
|
var init_client_generates = __esm({
|
|
152
155
|
"src/features/analysis/scm/generates/client_generates.ts"() {
|
|
153
156
|
"use strict";
|
|
@@ -338,6 +341,7 @@ var init_client_generates = __esm({
|
|
|
338
341
|
IssueType_Enum2["Pt"] = "PT";
|
|
339
342
|
IssueType_Enum2["RaceConditionFormatFlaw"] = "RACE_CONDITION_FORMAT_FLAW";
|
|
340
343
|
IssueType_Enum2["Redos"] = "REDOS";
|
|
344
|
+
IssueType_Enum2["RedundantCondition"] = "REDUNDANT_CONDITION";
|
|
341
345
|
IssueType_Enum2["RedundantNilErrorCheck"] = "REDUNDANT_NIL_ERROR_CHECK";
|
|
342
346
|
IssueType_Enum2["RegexInjection"] = "REGEX_INJECTION";
|
|
343
347
|
IssueType_Enum2["RegexMissingTimeout"] = "REGEX_MISSING_TIMEOUT";
|
|
@@ -1398,12 +1402,37 @@ var init_client_generates = __esm({
|
|
|
1398
1402
|
getMvsProject(organizationId: $organizationId) {
|
|
1399
1403
|
projectId
|
|
1400
1404
|
}
|
|
1405
|
+
}
|
|
1406
|
+
`;
|
|
1407
|
+
IssueTypesDocument = `
|
|
1408
|
+
query IssueTypes {
|
|
1409
|
+
issueTypes {
|
|
1410
|
+
value
|
|
1411
|
+
label
|
|
1412
|
+
issueDescription
|
|
1413
|
+
fixInstructions
|
|
1414
|
+
}
|
|
1401
1415
|
}
|
|
1402
1416
|
`;
|
|
1403
1417
|
defaultWrapper = (action, _operationName, _operationType, _variables) => action();
|
|
1404
1418
|
}
|
|
1405
1419
|
});
|
|
1406
1420
|
|
|
1421
|
+
// src/features/analysis/scm/shared/src/issueTypeCatalog.ts
|
|
1422
|
+
function getIssueTypeCatalogEntry(value) {
|
|
1423
|
+
if (!catalog || !value) {
|
|
1424
|
+
return void 0;
|
|
1425
|
+
}
|
|
1426
|
+
return catalog.get(value);
|
|
1427
|
+
}
|
|
1428
|
+
var catalog;
|
|
1429
|
+
var init_issueTypeCatalog = __esm({
|
|
1430
|
+
"src/features/analysis/scm/shared/src/issueTypeCatalog.ts"() {
|
|
1431
|
+
"use strict";
|
|
1432
|
+
catalog = null;
|
|
1433
|
+
}
|
|
1434
|
+
});
|
|
1435
|
+
|
|
1407
1436
|
// src/features/analysis/scm/shared/src/getIssueType.ts
|
|
1408
1437
|
import { z } from "zod";
|
|
1409
1438
|
function getTagTooltip(tag2) {
|
|
@@ -1447,6 +1476,7 @@ var init_getIssueType = __esm({
|
|
|
1447
1476
|
"src/features/analysis/scm/shared/src/getIssueType.ts"() {
|
|
1448
1477
|
"use strict";
|
|
1449
1478
|
init_client_generates();
|
|
1479
|
+
init_issueTypeCatalog();
|
|
1450
1480
|
issueTypeMap = {
|
|
1451
1481
|
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: "Missing Rate Limiting",
|
|
1452
1482
|
["SQL_Injection" /* SqlInjection */]: "SQL Injection",
|
|
@@ -1584,6 +1614,7 @@ var init_getIssueType = __esm({
|
|
|
1584
1614
|
["RETURN_IN_INIT" /* ReturnInInit */]: "Return in Init",
|
|
1585
1615
|
["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: "Action Not Pinned to Commit Sha",
|
|
1586
1616
|
["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
|
|
1617
|
+
["REDUNDANT_CONDITION" /* RedundantCondition */]: "Insider Threat: Redundant Condition",
|
|
1587
1618
|
["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
|
|
1588
1619
|
["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions",
|
|
1589
1620
|
["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure",
|
|
@@ -1601,6 +1632,10 @@ var init_getIssueType = __esm({
|
|
|
1601
1632
|
};
|
|
1602
1633
|
issueTypeZ = z.nativeEnum(IssueType_Enum);
|
|
1603
1634
|
getIssueTypeFriendlyString = (issueType) => {
|
|
1635
|
+
const fromCatalog = getIssueTypeCatalogEntry(issueType)?.label;
|
|
1636
|
+
if (fromCatalog) {
|
|
1637
|
+
return fromCatalog;
|
|
1638
|
+
}
|
|
1604
1639
|
const issueTypeZParseRes = issueTypeZ.safeParse(issueType);
|
|
1605
1640
|
if (!issueTypeZParseRes.success) {
|
|
1606
1641
|
return issueType ? issueType.replaceAll("_", " ") : "Other";
|
|
@@ -4873,6 +4908,7 @@ var fixDetailsData = {
|
|
|
4873
4908
|
["RETURN_IN_INIT" /* ReturnInInit */]: void 0,
|
|
4874
4909
|
["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: void 0,
|
|
4875
4910
|
["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
|
|
4911
|
+
["REDUNDANT_CONDITION" /* RedundantCondition */]: void 0,
|
|
4876
4912
|
["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
|
|
4877
4913
|
["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0,
|
|
4878
4914
|
["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0,
|
|
@@ -5307,9 +5343,19 @@ Provide the absolute directory that contains the executable (e.g. \`/usr/bin\`);
|
|
|
5307
5343
|
}
|
|
5308
5344
|
};
|
|
5309
5345
|
|
|
5346
|
+
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/pathManipulation.ts
|
|
5347
|
+
var pathManipulation = {
|
|
5348
|
+
baseDirectory: {
|
|
5349
|
+
content: ({ expression }) => `Which directory must \`${expression}\` stay within? Enter the absolute base directory file access is restricted to.`,
|
|
5350
|
+
description: ({ expression }) => `The fix canonicalizes \`${expression}\` (resolving \`.\`, \`..\`, and symlinks) and verifies the result stays inside this base directory. Provide the **absolute** root the application is allowed to read or write under, for example \`/var/app/data\`. The directory must exist at runtime. A path that resolves outside it is rejected at runtime.`,
|
|
5351
|
+
guidance: (_) => "You **must** set this to an absolute path that exists at runtime and that your application confines file access to. If you leave it unset (or give a relative path), the generated fix is emitted with a placeholder identifier (`MOBB_SET_ALLOWED_BASE_DIR`) that **deliberately does not compile**, so a missing security boundary cannot be overlooked \u2014 replace it with your absolute base directory. A relative path would otherwise resolve against the process working directory (moving the boundary). At runtime the guard aborts (C: `exit(EXIT_FAILURE)`) / throws (C++: `std::runtime_error`) on a path that escapes the base. Pick the narrowest directory that still contains every legitimate file the code opens."
|
|
5352
|
+
}
|
|
5353
|
+
};
|
|
5354
|
+
|
|
5310
5355
|
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
|
|
5311
5356
|
var vulnerabilities11 = {
|
|
5312
|
-
["CMDi" /* CmDi */]: commandInjection
|
|
5357
|
+
["CMDi" /* CmDi */]: commandInjection,
|
|
5358
|
+
["PT" /* Pt */]: pathManipulation
|
|
5313
5359
|
};
|
|
5314
5360
|
var cpp_default = vulnerabilities11;
|
|
5315
5361
|
|
|
@@ -6792,6 +6838,7 @@ function getGuidances(args) {
|
|
|
6792
6838
|
}
|
|
6793
6839
|
|
|
6794
6840
|
// src/features/analysis/scm/shared/src/index.ts
|
|
6841
|
+
init_issueTypeCatalog();
|
|
6795
6842
|
init_types2();
|
|
6796
6843
|
init_urlParser2();
|
|
6797
6844
|
|
|
@@ -19930,7 +19977,7 @@ function createLogger(config2) {
|
|
|
19930
19977
|
|
|
19931
19978
|
// src/features/claude_code/hook_logger.ts
|
|
19932
19979
|
var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
|
|
19933
|
-
var CLI_VERSION = true ? "1.4.
|
|
19980
|
+
var CLI_VERSION = true ? "1.4.30" : "unknown";
|
|
19934
19981
|
var NAMESPACE = "mobbdev-claude-code-hook-logs";
|
|
19935
19982
|
var claudeCodeVersion;
|
|
19936
19983
|
function buildDdTags() {
|