mobbdev 1.4.28 → 1.4.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -144,10 +144,13 @@ function getSdk(client, withWrapper = defaultWrapper) {
144
144
  },
145
145
  getMvsProject(variables, requestHeaders, signal) {
146
146
  return withWrapper((wrappedRequestHeaders) => client.request({ document: GetMvsProjectDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "getMvsProject", "mutation", variables);
147
+ },
148
+ IssueTypes(variables, requestHeaders, signal) {
149
+ return withWrapper((wrappedRequestHeaders) => client.request({ document: IssueTypesDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "IssueTypes", "query", variables);
147
150
  }
148
151
  };
149
152
  }
150
- var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixWithAnswersDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, LogMvsEventDocument, GetMvsProjectDocument, defaultWrapper;
153
+ var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixWithAnswersDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, LogMvsEventDocument, GetMvsProjectDocument, IssueTypesDocument, defaultWrapper;
151
154
  var init_client_generates = __esm({
152
155
  "src/features/analysis/scm/generates/client_generates.ts"() {
153
156
  "use strict";
@@ -338,6 +341,7 @@ var init_client_generates = __esm({
338
341
  IssueType_Enum2["Pt"] = "PT";
339
342
  IssueType_Enum2["RaceConditionFormatFlaw"] = "RACE_CONDITION_FORMAT_FLAW";
340
343
  IssueType_Enum2["Redos"] = "REDOS";
344
+ IssueType_Enum2["RedundantCondition"] = "REDUNDANT_CONDITION";
341
345
  IssueType_Enum2["RedundantNilErrorCheck"] = "REDUNDANT_NIL_ERROR_CHECK";
342
346
  IssueType_Enum2["RegexInjection"] = "REGEX_INJECTION";
343
347
  IssueType_Enum2["RegexMissingTimeout"] = "REGEX_MISSING_TIMEOUT";
@@ -1398,6 +1402,16 @@ var init_client_generates = __esm({
1398
1402
  getMvsProject(organizationId: $organizationId) {
1399
1403
  projectId
1400
1404
  }
1405
+ }
1406
+ `;
1407
+ IssueTypesDocument = `
1408
+ query IssueTypes {
1409
+ issueTypes {
1410
+ value
1411
+ label
1412
+ issueDescription
1413
+ fixInstructions
1414
+ }
1401
1415
  }
1402
1416
  `;
1403
1417
  defaultWrapper = (action, _operationName, _operationType, _variables) => action();
@@ -1775,6 +1789,21 @@ var init_issue = __esm({
1775
1789
  }
1776
1790
  });
1777
1791
 
1792
+ // src/features/analysis/scm/shared/src/issueTypeCatalog.ts
1793
+ function getIssueTypeCatalogEntry(value) {
1794
+ if (!catalog || !value) {
1795
+ return void 0;
1796
+ }
1797
+ return catalog.get(value);
1798
+ }
1799
+ var catalog;
1800
+ var init_issueTypeCatalog = __esm({
1801
+ "src/features/analysis/scm/shared/src/issueTypeCatalog.ts"() {
1802
+ "use strict";
1803
+ catalog = null;
1804
+ }
1805
+ });
1806
+
1778
1807
  // src/features/analysis/scm/shared/src/getIssueType.ts
1779
1808
  import { z as z5 } from "zod";
1780
1809
  var issueTypeMap, issueTypeZ, getIssueTypeFriendlyString, statusMap, statusZ, issueDescription;
@@ -1782,6 +1811,7 @@ var init_getIssueType = __esm({
1782
1811
  "src/features/analysis/scm/shared/src/getIssueType.ts"() {
1783
1812
  "use strict";
1784
1813
  init_client_generates();
1814
+ init_issueTypeCatalog();
1785
1815
  issueTypeMap = {
1786
1816
  ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: "Missing Rate Limiting",
1787
1817
  ["SQL_Injection" /* SqlInjection */]: "SQL Injection",
@@ -1919,6 +1949,7 @@ var init_getIssueType = __esm({
1919
1949
  ["RETURN_IN_INIT" /* ReturnInInit */]: "Return in Init",
1920
1950
  ["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: "Action Not Pinned to Commit Sha",
1921
1951
  ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
1952
+ ["REDUNDANT_CONDITION" /* RedundantCondition */]: "Insider Threat: Redundant Condition",
1922
1953
  ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
1923
1954
  ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions",
1924
1955
  ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure",
@@ -1936,6 +1967,10 @@ var init_getIssueType = __esm({
1936
1967
  };
1937
1968
  issueTypeZ = z5.nativeEnum(IssueType_Enum);
1938
1969
  getIssueTypeFriendlyString = (issueType) => {
1970
+ const fromCatalog = getIssueTypeCatalogEntry(issueType)?.label;
1971
+ if (fromCatalog) {
1972
+ return fromCatalog;
1973
+ }
1939
1974
  const issueTypeZParseRes = issueTypeZ.safeParse(issueType);
1940
1975
  if (!issueTypeZParseRes.success) {
1941
1976
  return issueType ? issueType.replaceAll("_", " ") : "Other";
@@ -5168,6 +5203,7 @@ var fixDetailsData = {
5168
5203
  ["RETURN_IN_INIT" /* ReturnInInit */]: void 0,
5169
5204
  ["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: void 0,
5170
5205
  ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
5206
+ ["REDUNDANT_CONDITION" /* RedundantCondition */]: void 0,
5171
5207
  ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
5172
5208
  ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0,
5173
5209
  ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0,
@@ -5514,9 +5550,19 @@ Provide the absolute directory that contains the executable (e.g. \`/usr/bin\`);
5514
5550
  }
5515
5551
  };
5516
5552
 
5553
+ // src/features/analysis/scm/shared/src/storedQuestionData/cpp/pathManipulation.ts
5554
+ var pathManipulation = {
5555
+ baseDirectory: {
5556
+ content: ({ expression }) => `Which directory must \`${expression}\` stay within? Enter the absolute base directory file access is restricted to.`,
5557
+ description: ({ expression }) => `The fix canonicalizes \`${expression}\` (resolving \`.\`, \`..\`, and symlinks) and verifies the result stays inside this base directory. Provide the **absolute** root the application is allowed to read or write under, for example \`/var/app/data\`. The directory must exist at runtime. A path that resolves outside it is rejected at runtime.`,
5558
+ guidance: (_) => "You **must** set this to an absolute path that exists at runtime and that your application confines file access to. If you leave it unset (or give a relative path), the generated fix is emitted with a placeholder identifier (`MOBB_SET_ALLOWED_BASE_DIR`) that **deliberately does not compile**, so a missing security boundary cannot be overlooked \u2014 replace it with your absolute base directory. A relative path would otherwise resolve against the process working directory (moving the boundary). At runtime the guard aborts (C: `exit(EXIT_FAILURE)`) / throws (C++: `std::runtime_error`) on a path that escapes the base. Pick the narrowest directory that still contains every legitimate file the code opens."
5559
+ }
5560
+ };
5561
+
5517
5562
  // src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
5518
5563
  var vulnerabilities11 = {
5519
- ["CMDi" /* CmDi */]: commandInjection
5564
+ ["CMDi" /* CmDi */]: commandInjection,
5565
+ ["PT" /* Pt */]: pathManipulation
5520
5566
  };
5521
5567
  var cpp_default = vulnerabilities11;
5522
5568
 
@@ -6882,6 +6928,7 @@ var IssueTypeAndLanguageZ = z12.object({
6882
6928
  });
6883
6929
 
6884
6930
  // src/features/analysis/scm/shared/src/index.ts
6931
+ init_issueTypeCatalog();
6885
6932
  init_types2();
6886
6933
  init_urlParser2();
6887
6934
  init_validations();
package/dist/index.mjs CHANGED
@@ -144,10 +144,13 @@ function getSdk(client, withWrapper = defaultWrapper) {
144
144
  },
145
145
  getMvsProject(variables, requestHeaders, signal) {
146
146
  return withWrapper((wrappedRequestHeaders) => client.request({ document: GetMvsProjectDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "getMvsProject", "mutation", variables);
147
+ },
148
+ IssueTypes(variables, requestHeaders, signal) {
149
+ return withWrapper((wrappedRequestHeaders) => client.request({ document: IssueTypesDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "IssueTypes", "query", variables);
147
150
  }
148
151
  };
149
152
  }
150
- var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixWithAnswersDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, LogMvsEventDocument, GetMvsProjectDocument, defaultWrapper;
153
+ var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixWithAnswersDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, LogMvsEventDocument, GetMvsProjectDocument, IssueTypesDocument, defaultWrapper;
151
154
  var init_client_generates = __esm({
152
155
  "src/features/analysis/scm/generates/client_generates.ts"() {
153
156
  "use strict";
@@ -338,6 +341,7 @@ var init_client_generates = __esm({
338
341
  IssueType_Enum2["Pt"] = "PT";
339
342
  IssueType_Enum2["RaceConditionFormatFlaw"] = "RACE_CONDITION_FORMAT_FLAW";
340
343
  IssueType_Enum2["Redos"] = "REDOS";
344
+ IssueType_Enum2["RedundantCondition"] = "REDUNDANT_CONDITION";
341
345
  IssueType_Enum2["RedundantNilErrorCheck"] = "REDUNDANT_NIL_ERROR_CHECK";
342
346
  IssueType_Enum2["RegexInjection"] = "REGEX_INJECTION";
343
347
  IssueType_Enum2["RegexMissingTimeout"] = "REGEX_MISSING_TIMEOUT";
@@ -1398,12 +1402,37 @@ var init_client_generates = __esm({
1398
1402
  getMvsProject(organizationId: $organizationId) {
1399
1403
  projectId
1400
1404
  }
1405
+ }
1406
+ `;
1407
+ IssueTypesDocument = `
1408
+ query IssueTypes {
1409
+ issueTypes {
1410
+ value
1411
+ label
1412
+ issueDescription
1413
+ fixInstructions
1414
+ }
1401
1415
  }
1402
1416
  `;
1403
1417
  defaultWrapper = (action, _operationName, _operationType, _variables) => action();
1404
1418
  }
1405
1419
  });
1406
1420
 
1421
+ // src/features/analysis/scm/shared/src/issueTypeCatalog.ts
1422
+ function getIssueTypeCatalogEntry(value) {
1423
+ if (!catalog || !value) {
1424
+ return void 0;
1425
+ }
1426
+ return catalog.get(value);
1427
+ }
1428
+ var catalog;
1429
+ var init_issueTypeCatalog = __esm({
1430
+ "src/features/analysis/scm/shared/src/issueTypeCatalog.ts"() {
1431
+ "use strict";
1432
+ catalog = null;
1433
+ }
1434
+ });
1435
+
1407
1436
  // src/features/analysis/scm/shared/src/getIssueType.ts
1408
1437
  import { z } from "zod";
1409
1438
  function getTagTooltip(tag2) {
@@ -1447,6 +1476,7 @@ var init_getIssueType = __esm({
1447
1476
  "src/features/analysis/scm/shared/src/getIssueType.ts"() {
1448
1477
  "use strict";
1449
1478
  init_client_generates();
1479
+ init_issueTypeCatalog();
1450
1480
  issueTypeMap = {
1451
1481
  ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: "Missing Rate Limiting",
1452
1482
  ["SQL_Injection" /* SqlInjection */]: "SQL Injection",
@@ -1584,6 +1614,7 @@ var init_getIssueType = __esm({
1584
1614
  ["RETURN_IN_INIT" /* ReturnInInit */]: "Return in Init",
1585
1615
  ["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: "Action Not Pinned to Commit Sha",
1586
1616
  ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
1617
+ ["REDUNDANT_CONDITION" /* RedundantCondition */]: "Insider Threat: Redundant Condition",
1587
1618
  ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
1588
1619
  ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions",
1589
1620
  ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure",
@@ -1601,6 +1632,10 @@ var init_getIssueType = __esm({
1601
1632
  };
1602
1633
  issueTypeZ = z.nativeEnum(IssueType_Enum);
1603
1634
  getIssueTypeFriendlyString = (issueType) => {
1635
+ const fromCatalog = getIssueTypeCatalogEntry(issueType)?.label;
1636
+ if (fromCatalog) {
1637
+ return fromCatalog;
1638
+ }
1604
1639
  const issueTypeZParseRes = issueTypeZ.safeParse(issueType);
1605
1640
  if (!issueTypeZParseRes.success) {
1606
1641
  return issueType ? issueType.replaceAll("_", " ") : "Other";
@@ -4873,6 +4908,7 @@ var fixDetailsData = {
4873
4908
  ["RETURN_IN_INIT" /* ReturnInInit */]: void 0,
4874
4909
  ["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: void 0,
4875
4910
  ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
4911
+ ["REDUNDANT_CONDITION" /* RedundantCondition */]: void 0,
4876
4912
  ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
4877
4913
  ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0,
4878
4914
  ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0,
@@ -5307,9 +5343,19 @@ Provide the absolute directory that contains the executable (e.g. \`/usr/bin\`);
5307
5343
  }
5308
5344
  };
5309
5345
 
5346
+ // src/features/analysis/scm/shared/src/storedQuestionData/cpp/pathManipulation.ts
5347
+ var pathManipulation = {
5348
+ baseDirectory: {
5349
+ content: ({ expression }) => `Which directory must \`${expression}\` stay within? Enter the absolute base directory file access is restricted to.`,
5350
+ description: ({ expression }) => `The fix canonicalizes \`${expression}\` (resolving \`.\`, \`..\`, and symlinks) and verifies the result stays inside this base directory. Provide the **absolute** root the application is allowed to read or write under, for example \`/var/app/data\`. The directory must exist at runtime. A path that resolves outside it is rejected at runtime.`,
5351
+ guidance: (_) => "You **must** set this to an absolute path that exists at runtime and that your application confines file access to. If you leave it unset (or give a relative path), the generated fix is emitted with a placeholder identifier (`MOBB_SET_ALLOWED_BASE_DIR`) that **deliberately does not compile**, so a missing security boundary cannot be overlooked \u2014 replace it with your absolute base directory. A relative path would otherwise resolve against the process working directory (moving the boundary). At runtime the guard aborts (C: `exit(EXIT_FAILURE)`) / throws (C++: `std::runtime_error`) on a path that escapes the base. Pick the narrowest directory that still contains every legitimate file the code opens."
5352
+ }
5353
+ };
5354
+
5310
5355
  // src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
5311
5356
  var vulnerabilities11 = {
5312
- ["CMDi" /* CmDi */]: commandInjection
5357
+ ["CMDi" /* CmDi */]: commandInjection,
5358
+ ["PT" /* Pt */]: pathManipulation
5313
5359
  };
5314
5360
  var cpp_default = vulnerabilities11;
5315
5361
 
@@ -6792,6 +6838,7 @@ function getGuidances(args) {
6792
6838
  }
6793
6839
 
6794
6840
  // src/features/analysis/scm/shared/src/index.ts
6841
+ init_issueTypeCatalog();
6795
6842
  init_types2();
6796
6843
  init_urlParser2();
6797
6844
 
@@ -19930,7 +19977,7 @@ function createLogger(config2) {
19930
19977
 
19931
19978
  // src/features/claude_code/hook_logger.ts
19932
19979
  var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
19933
- var CLI_VERSION = true ? "1.4.28" : "unknown";
19980
+ var CLI_VERSION = true ? "1.4.30" : "unknown";
19934
19981
  var NAMESPACE = "mobbdev-claude-code-hook-logs";
19935
19982
  var claudeCodeVersion;
19936
19983
  function buildDdTags() {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mobbdev",
3
- "version": "1.4.28",
3
+ "version": "1.4.30",
4
4
  "description": "Automated secure code remediation tool",
5
5
  "repository": "git+https://github.com/mobb-dev/bugsy.git",
6
6
  "main": "dist/index.mjs",