mobbdev 1.4.30 → 1.4.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/args/commands/upload_ai_blame.mjs +399 -1054
- package/dist/index.mjs +1178 -1749
- package/package.json +1 -1
|
@@ -150,7 +150,7 @@ function getSdk(client, withWrapper = defaultWrapper) {
|
|
|
150
150
|
}
|
|
151
151
|
};
|
|
152
152
|
}
|
|
153
|
-
var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum,
|
|
153
|
+
var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixWithAnswersDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, LogMvsEventDocument, GetMvsProjectDocument, IssueTypesDocument, defaultWrapper;
|
|
154
154
|
var init_client_generates = __esm({
|
|
155
155
|
"src/features/analysis/scm/generates/client_generates.ts"() {
|
|
156
156
|
"use strict";
|
|
@@ -237,160 +237,6 @@ var init_client_generates = __esm({
|
|
|
237
237
|
IssueLanguage_Enum2["Yaml"] = "YAML";
|
|
238
238
|
return IssueLanguage_Enum2;
|
|
239
239
|
})(IssueLanguage_Enum || {});
|
|
240
|
-
IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
241
|
-
IssueType_Enum2["ActionNotPinnedToCommitSha"] = "ACTION_NOT_PINNED_TO_COMMIT_SHA";
|
|
242
|
-
IssueType_Enum2["AutoEscapeFalse"] = "AUTO_ESCAPE_FALSE";
|
|
243
|
-
IssueType_Enum2["AvoidBuiltinShadowing"] = "AVOID_BUILTIN_SHADOWING";
|
|
244
|
-
IssueType_Enum2["AvoidIdentityComparisonCachedTypes"] = "AVOID_IDENTITY_COMPARISON_CACHED_TYPES";
|
|
245
|
-
IssueType_Enum2["AwsDynamodbPointInTimeRecoveryDisabled"] = "AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED";
|
|
246
|
-
IssueType_Enum2["BufferOverflow"] = "BUFFER_OVERFLOW";
|
|
247
|
-
IssueType_Enum2["ClientDomStoredCodeInjection"] = "CLIENT_DOM_STORED_CODE_INJECTION";
|
|
248
|
-
IssueType_Enum2["CmDi"] = "CMDi";
|
|
249
|
-
IssueType_Enum2["CmDiRelativePathCommand"] = "CMDi_relative_path_command";
|
|
250
|
-
IssueType_Enum2["CodeInComment"] = "CODE_IN_COMMENT";
|
|
251
|
-
IssueType_Enum2["ConfusingNaming"] = "CONFUSING_NAMING";
|
|
252
|
-
IssueType_Enum2["CredentialDisclosure"] = "CREDENTIAL_DISCLOSURE";
|
|
253
|
-
IssueType_Enum2["Csrf"] = "CSRF";
|
|
254
|
-
IssueType_Enum2["DangerousFunctionOverflow"] = "DANGEROUS_FUNCTION_OVERFLOW";
|
|
255
|
-
IssueType_Enum2["DeadCodeUnusedField"] = "DEAD_CODE_UNUSED_FIELD";
|
|
256
|
-
IssueType_Enum2["DebugEnabled"] = "DEBUG_ENABLED";
|
|
257
|
-
IssueType_Enum2["DeclareVariableExplicitly"] = "DECLARE_VARIABLE_EXPLICITLY";
|
|
258
|
-
IssueType_Enum2["DefaultRightsInObjDefinition"] = "DEFAULT_RIGHTS_IN_OBJ_DEFINITION";
|
|
259
|
-
IssueType_Enum2["DeprecatedFunction"] = "DEPRECATED_FUNCTION";
|
|
260
|
-
IssueType_Enum2["DjangoBlankFieldNeedsNullOrDefault"] = "DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT";
|
|
261
|
-
IssueType_Enum2["DosStringBuilder"] = "DOS_STRING_BUILDER";
|
|
262
|
-
IssueType_Enum2["DoNotRaiseException"] = "DO_NOT_RAISE_EXCEPTION";
|
|
263
|
-
IssueType_Enum2["DoNotThrowGenericException"] = "DO_NOT_THROW_GENERIC_EXCEPTION";
|
|
264
|
-
IssueType_Enum2["DuplicatedStrings"] = "DUPLICATED_STRINGS";
|
|
265
|
-
IssueType_Enum2["ErroneousStringCompare"] = "ERRONEOUS_STRING_COMPARE";
|
|
266
|
-
IssueType_Enum2["ErrorCondtionWithoutAction"] = "ERROR_CONDTION_WITHOUT_ACTION";
|
|
267
|
-
IssueType_Enum2["ExcessiveSecretsExposure"] = "EXCESSIVE_SECRETS_EXPOSURE";
|
|
268
|
-
IssueType_Enum2["FrameableLoginPage"] = "FRAMEABLE_LOGIN_PAGE";
|
|
269
|
-
IssueType_Enum2["FunctionCallWithoutParentheses"] = "FUNCTION_CALL_WITHOUT_PARENTHESES";
|
|
270
|
-
IssueType_Enum2["GhActionsShellInjection"] = "GH_ACTIONS_SHELL_INJECTION";
|
|
271
|
-
IssueType_Enum2["GraphqlDepthLimit"] = "GRAPHQL_DEPTH_LIMIT";
|
|
272
|
-
IssueType_Enum2["HardcodedDomainInHtml"] = "HARDCODED_DOMAIN_IN_HTML";
|
|
273
|
-
IssueType_Enum2["HardcodedSecrets"] = "HARDCODED_SECRETS";
|
|
274
|
-
IssueType_Enum2["HeaderManipulation"] = "HEADER_MANIPULATION";
|
|
275
|
-
IssueType_Enum2["HeapInspection"] = "HEAP_INSPECTION";
|
|
276
|
-
IssueType_Enum2["HtmlCommentInJsp"] = "HTML_COMMENT_IN_JSP";
|
|
277
|
-
IssueType_Enum2["HttpOnlyCookie"] = "HTTP_ONLY_COOKIE";
|
|
278
|
-
IssueType_Enum2["HttpParameterPollution"] = "HTTP_PARAMETER_POLLUTION";
|
|
279
|
-
IssueType_Enum2["HttpResponseSplitting"] = "HTTP_RESPONSE_SPLITTING";
|
|
280
|
-
IssueType_Enum2["IframeWithoutSandbox"] = "IFRAME_WITHOUT_SANDBOX";
|
|
281
|
-
IssueType_Enum2["ImproperCertificateValidation"] = "IMPROPER_CERTIFICATE_VALIDATION";
|
|
282
|
-
IssueType_Enum2["ImproperExceptionHandling"] = "IMPROPER_EXCEPTION_HANDLING";
|
|
283
|
-
IssueType_Enum2["ImproperResourceShutdownOrRelease"] = "IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE";
|
|
284
|
-
IssueType_Enum2["ImproperStringFormatting"] = "IMPROPER_STRING_FORMATTING";
|
|
285
|
-
IssueType_Enum2["ImproperValidationOfArrayIndex"] = "IMPROPER_VALIDATION_OF_ARRAY_INDEX";
|
|
286
|
-
IssueType_Enum2["IncompleteHostnameRegex"] = "INCOMPLETE_HOSTNAME_REGEX";
|
|
287
|
-
IssueType_Enum2["IncompleteSanitization"] = "INCOMPLETE_SANITIZATION";
|
|
288
|
-
IssueType_Enum2["IncompleteUrlSanitization"] = "INCOMPLETE_URL_SANITIZATION";
|
|
289
|
-
IssueType_Enum2["IncompleteUrlSchemeCheck"] = "INCOMPLETE_URL_SCHEME_CHECK";
|
|
290
|
-
IssueType_Enum2["IncorrectIntegerConversion"] = "INCORRECT_INTEGER_CONVERSION";
|
|
291
|
-
IssueType_Enum2["IncorrectSqlApiUsage"] = "INCORRECT_SQL_API_USAGE";
|
|
292
|
-
IssueType_Enum2["InformationExposureViaHeaders"] = "INFORMATION_EXPOSURE_VIA_HEADERS";
|
|
293
|
-
IssueType_Enum2["InsecureBinderConfiguration"] = "INSECURE_BINDER_CONFIGURATION";
|
|
294
|
-
IssueType_Enum2["InsecureCookie"] = "INSECURE_COOKIE";
|
|
295
|
-
IssueType_Enum2["InsecureDeserialization"] = "INSECURE_DESERIALIZATION";
|
|
296
|
-
IssueType_Enum2["InsecurePostmessage"] = "INSECURE_POSTMESSAGE";
|
|
297
|
-
IssueType_Enum2["InsecureRandomness"] = "INSECURE_RANDOMNESS";
|
|
298
|
-
IssueType_Enum2["InsecureTmpFile"] = "INSECURE_TMP_FILE";
|
|
299
|
-
IssueType_Enum2["InsecureUuidVersion"] = "INSECURE_UUID_VERSION";
|
|
300
|
-
IssueType_Enum2["InsufficientLogging"] = "INSUFFICIENT_LOGGING";
|
|
301
|
-
IssueType_Enum2["J2EeGetConnection"] = "J2EE_GET_CONNECTION";
|
|
302
|
-
IssueType_Enum2["JqueryDeprecatedSymbols"] = "JQUERY_DEPRECATED_SYMBOLS";
|
|
303
|
-
IssueType_Enum2["JwtDecodeWithoutVerify"] = "JWT_DECODE_WITHOUT_VERIFY";
|
|
304
|
-
IssueType_Enum2["LeftoverDebugCode"] = "LEFTOVER_DEBUG_CODE";
|
|
305
|
-
IssueType_Enum2["LocaleDependentComparison"] = "LOCALE_DEPENDENT_COMPARISON";
|
|
306
|
-
IssueType_Enum2["LogForging"] = "LOG_FORGING";
|
|
307
|
-
IssueType_Enum2["MissingAntiforgeryValidation"] = "MISSING_ANTIFORGERY_VALIDATION";
|
|
308
|
-
IssueType_Enum2["MissingCheckAgainstNull"] = "MISSING_CHECK_AGAINST_NULL";
|
|
309
|
-
IssueType_Enum2["MissingCspHeader"] = "MISSING_CSP_HEADER";
|
|
310
|
-
IssueType_Enum2["MissingEncodingFileOpen"] = "MISSING_ENCODING_FILE_OPEN";
|
|
311
|
-
IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
|
|
312
|
-
IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
|
|
313
|
-
IssueType_Enum2["MissingSslMinversion"] = "MISSING_SSL_MINVERSION";
|
|
314
|
-
IssueType_Enum2["MissingTemplateStringIndicator"] = "MISSING_TEMPLATE_STRING_INDICATOR";
|
|
315
|
-
IssueType_Enum2["MissingUser"] = "MISSING_USER";
|
|
316
|
-
IssueType_Enum2["MissingWhitespace"] = "MISSING_WHITESPACE";
|
|
317
|
-
IssueType_Enum2["MissingWorkflowPermissions"] = "MISSING_WORKFLOW_PERMISSIONS";
|
|
318
|
-
IssueType_Enum2["MissingXFrameOptions"] = "MISSING_X_FRAME_OPTIONS";
|
|
319
|
-
IssueType_Enum2["ModifiedDefaultParam"] = "MODIFIED_DEFAULT_PARAM";
|
|
320
|
-
IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
|
|
321
|
-
IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
|
|
322
|
-
IssueType_Enum2["NoAssert"] = "NO_ASSERT";
|
|
323
|
-
IssueType_Enum2["NoEquivalenceMethod"] = "NO_EQUIVALENCE_METHOD";
|
|
324
|
-
IssueType_Enum2["NoLimitsOrThrottling"] = "NO_LIMITS_OR_THROTTLING";
|
|
325
|
-
IssueType_Enum2["NoNestedTry"] = "NO_NESTED_TRY";
|
|
326
|
-
IssueType_Enum2["NoNewPrivileges"] = "NO_NEW_PRIVILEGES";
|
|
327
|
-
IssueType_Enum2["NoOpOverhead"] = "NO_OP_OVERHEAD";
|
|
328
|
-
IssueType_Enum2["NoPrintStatement"] = "NO_PRINT_STATEMENT";
|
|
329
|
-
IssueType_Enum2["NoReturnInFinally"] = "NO_RETURN_IN_FINALLY";
|
|
330
|
-
IssueType_Enum2["NoVar"] = "NO_VAR";
|
|
331
|
-
IssueType_Enum2["NullDereference"] = "NULL_DEREFERENCE";
|
|
332
|
-
IssueType_Enum2["OftenMisusedBooleanGetBoolean"] = "OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN";
|
|
333
|
-
IssueType_Enum2["OpenRedirect"] = "OPEN_REDIRECT";
|
|
334
|
-
IssueType_Enum2["OverlyBroadCatch"] = "OVERLY_BROAD_CATCH";
|
|
335
|
-
IssueType_Enum2["OverlyLargeRange"] = "OVERLY_LARGE_RANGE";
|
|
336
|
-
IssueType_Enum2["PasswordInComment"] = "PASSWORD_IN_COMMENT";
|
|
337
|
-
IssueType_Enum2["PoorErrorHandlingEmptyCatchBlock"] = "POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK";
|
|
338
|
-
IssueType_Enum2["PortAllInterfaces"] = "PORT_ALL_INTERFACES";
|
|
339
|
-
IssueType_Enum2["PrivacyViolation"] = "PRIVACY_VIOLATION";
|
|
340
|
-
IssueType_Enum2["PrototypePollution"] = "PROTOTYPE_POLLUTION";
|
|
341
|
-
IssueType_Enum2["Pt"] = "PT";
|
|
342
|
-
IssueType_Enum2["RaceConditionFormatFlaw"] = "RACE_CONDITION_FORMAT_FLAW";
|
|
343
|
-
IssueType_Enum2["Redos"] = "REDOS";
|
|
344
|
-
IssueType_Enum2["RedundantCondition"] = "REDUNDANT_CONDITION";
|
|
345
|
-
IssueType_Enum2["RedundantNilErrorCheck"] = "REDUNDANT_NIL_ERROR_CHECK";
|
|
346
|
-
IssueType_Enum2["RegexInjection"] = "REGEX_INJECTION";
|
|
347
|
-
IssueType_Enum2["RegexMissingTimeout"] = "REGEX_MISSING_TIMEOUT";
|
|
348
|
-
IssueType_Enum2["RequestParametersBoundViaInput"] = "REQUEST_PARAMETERS_BOUND_VIA_INPUT";
|
|
349
|
-
IssueType_Enum2["ReturnInInit"] = "RETURN_IN_INIT";
|
|
350
|
-
IssueType_Enum2["ReturnShouldNotBeInvariant"] = "RETURN_SHOULD_NOT_BE_INVARIANT";
|
|
351
|
-
IssueType_Enum2["SpringDefaultPermit"] = "SPRING_DEFAULT_PERMIT";
|
|
352
|
-
IssueType_Enum2["SqlInjection"] = "SQL_Injection";
|
|
353
|
-
IssueType_Enum2["Ssrf"] = "SSRF";
|
|
354
|
-
IssueType_Enum2["StringFormatMisuse"] = "STRING_FORMAT_MISUSE";
|
|
355
|
-
IssueType_Enum2["StringTerminationError"] = "STRING_TERMINATION_ERROR";
|
|
356
|
-
IssueType_Enum2["SystemExitShouldReraise"] = "SYSTEM_EXIT_SHOULD_RERAISE";
|
|
357
|
-
IssueType_Enum2["SystemInformationLeak"] = "SYSTEM_INFORMATION_LEAK";
|
|
358
|
-
IssueType_Enum2["SystemInformationLeakExternal"] = "SYSTEM_INFORMATION_LEAK_EXTERNAL";
|
|
359
|
-
IssueType_Enum2["TaintedNumericCast"] = "TAINTED_NUMERIC_CAST";
|
|
360
|
-
IssueType_Enum2["TarSlip"] = "TAR_SLIP";
|
|
361
|
-
IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
|
|
362
|
-
IssueType_Enum2["TypeConfusion"] = "TYPE_CONFUSION";
|
|
363
|
-
IssueType_Enum2["UncheckedLoopCondition"] = "UNCHECKED_LOOP_CONDITION";
|
|
364
|
-
IssueType_Enum2["UncheckedReturnValue"] = "UNCHECKED_RETURN_VALUE";
|
|
365
|
-
IssueType_Enum2["UnencryptedAwsSqsQueue"] = "UNENCRYPTED_AWS_SQS_QUEUE";
|
|
366
|
-
IssueType_Enum2["UnnecessaryImports"] = "UNNECESSARY_IMPORTS";
|
|
367
|
-
IssueType_Enum2["UnsafeDeserialization"] = "UNSAFE_DESERIALIZATION";
|
|
368
|
-
IssueType_Enum2["UnsafeReflection"] = "UNSAFE_REFLECTION";
|
|
369
|
-
IssueType_Enum2["UnsafeTargetBlank"] = "UNSAFE_TARGET_BLANK";
|
|
370
|
-
IssueType_Enum2["UnsafeWebThread"] = "UNSAFE_WEB_THREAD";
|
|
371
|
-
IssueType_Enum2["UnvalidatedPublicMethodArgument"] = "UNVALIDATED_PUBLIC_METHOD_ARGUMENT";
|
|
372
|
-
IssueType_Enum2["UselessIfBody"] = "USELESS_IF_BODY";
|
|
373
|
-
IssueType_Enum2["UselessRegexpCharEscape"] = "USELESS_REGEXP_CHAR_ESCAPE";
|
|
374
|
-
IssueType_Enum2["UselessTernary"] = "USELESS_TERNARY";
|
|
375
|
-
IssueType_Enum2["UseOfHardCodedCryptographicKey"] = "USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY";
|
|
376
|
-
IssueType_Enum2["UseOfSystemOutputStream"] = "USE_OF_SYSTEM_OUTPUT_STREAM";
|
|
377
|
-
IssueType_Enum2["UseRaiseForStatus"] = "USE_RAISE_FOR_STATUS";
|
|
378
|
-
IssueType_Enum2["UseSysExit"] = "USE_SYS_EXIT";
|
|
379
|
-
IssueType_Enum2["UseTimeout"] = "USE_TIMEOUT";
|
|
380
|
-
IssueType_Enum2["ValueNeverRead"] = "VALUE_NEVER_READ";
|
|
381
|
-
IssueType_Enum2["ValueShadowing"] = "VALUE_SHADOWING";
|
|
382
|
-
IssueType_Enum2["WcfMisconfigurationInsufficientLogging"] = "WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING";
|
|
383
|
-
IssueType_Enum2["WcfMisconfigurationThrottlingNotEnabled"] = "WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED";
|
|
384
|
-
IssueType_Enum2["WeakEncryption"] = "WEAK_ENCRYPTION";
|
|
385
|
-
IssueType_Enum2["WeakXmlSchemaUnboundedOccurrences"] = "WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES";
|
|
386
|
-
IssueType_Enum2["WebsocketMissingOriginCheck"] = "WEBSOCKET_MISSING_ORIGIN_CHECK";
|
|
387
|
-
IssueType_Enum2["WildcardImports"] = "WILDCARD_IMPORTS";
|
|
388
|
-
IssueType_Enum2["WritableFilesystemService"] = "WRITABLE_FILESYSTEM_SERVICE";
|
|
389
|
-
IssueType_Enum2["Xss"] = "XSS";
|
|
390
|
-
IssueType_Enum2["Xxe"] = "XXE";
|
|
391
|
-
IssueType_Enum2["ZipSlip"] = "ZIP_SLIP";
|
|
392
|
-
return IssueType_Enum2;
|
|
393
|
-
})(IssueType_Enum || {});
|
|
394
240
|
Pr_Status_Enum = /* @__PURE__ */ ((Pr_Status_Enum2) => {
|
|
395
241
|
Pr_Status_Enum2["Active"] = "ACTIVE";
|
|
396
242
|
Pr_Status_Enum2["Closed"] = "CLOSED";
|
|
@@ -1790,12 +1636,21 @@ var init_issue = __esm({
|
|
|
1790
1636
|
});
|
|
1791
1637
|
|
|
1792
1638
|
// src/features/analysis/scm/shared/src/issueTypeCatalog.ts
|
|
1639
|
+
function hydrateIssueTypeCatalog(entries) {
|
|
1640
|
+
catalog = new Map(entries.map((entry) => [entry.value, entry]));
|
|
1641
|
+
}
|
|
1642
|
+
function isIssueTypeCatalogHydrated() {
|
|
1643
|
+
return catalog !== null;
|
|
1644
|
+
}
|
|
1793
1645
|
function getIssueTypeCatalogEntry(value) {
|
|
1794
1646
|
if (!catalog || !value) {
|
|
1795
1647
|
return void 0;
|
|
1796
1648
|
}
|
|
1797
1649
|
return catalog.get(value);
|
|
1798
1650
|
}
|
|
1651
|
+
function listIssueTypeCatalog() {
|
|
1652
|
+
return catalog ? [...catalog.values()] : [];
|
|
1653
|
+
}
|
|
1799
1654
|
var catalog;
|
|
1800
1655
|
var init_issueTypeCatalog = __esm({
|
|
1801
1656
|
"src/features/analysis/scm/shared/src/issueTypeCatalog.ts"() {
|
|
@@ -1806,176 +1661,19 @@ var init_issueTypeCatalog = __esm({
|
|
|
1806
1661
|
|
|
1807
1662
|
// src/features/analysis/scm/shared/src/getIssueType.ts
|
|
1808
1663
|
import { z as z5 } from "zod";
|
|
1809
|
-
var
|
|
1664
|
+
var SafeIssueTypeStringZ, getIssueTypeFriendlyString, statusMap, statusZ, issueDescription;
|
|
1810
1665
|
var init_getIssueType = __esm({
|
|
1811
1666
|
"src/features/analysis/scm/shared/src/getIssueType.ts"() {
|
|
1812
1667
|
"use strict";
|
|
1813
1668
|
init_client_generates();
|
|
1814
1669
|
init_issueTypeCatalog();
|
|
1815
|
-
|
|
1816
|
-
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: "Missing Rate Limiting",
|
|
1817
|
-
["SQL_Injection" /* SqlInjection */]: "SQL Injection",
|
|
1818
|
-
["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: "Relative Path Command Injection",
|
|
1819
|
-
["CMDi" /* CmDi */]: "Command Injection",
|
|
1820
|
-
["CONFUSING_NAMING" /* ConfusingNaming */]: "Confusing Naming",
|
|
1821
|
-
["XXE" /* Xxe */]: "XXE",
|
|
1822
|
-
["XSS" /* Xss */]: "XSS",
|
|
1823
|
-
["PT" /* Pt */]: "Path Traversal",
|
|
1824
|
-
["ZIP_SLIP" /* ZipSlip */]: "Zip Slip",
|
|
1825
|
-
["INSECURE_RANDOMNESS" /* InsecureRandomness */]: "Insecure Randomness",
|
|
1826
|
-
["SSRF" /* Ssrf */]: "Server Side Request Forgery",
|
|
1827
|
-
["TYPE_CONFUSION" /* TypeConfusion */]: "Type Confusion",
|
|
1828
|
-
["REGEX_INJECTION" /* RegexInjection */]: "Regular Expression Injection",
|
|
1829
|
-
["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: "Incomplete URL Sanitization",
|
|
1830
|
-
["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: "Locale Dependent Comparison",
|
|
1831
|
-
["LOG_FORGING" /* LogForging */]: "Log Forging",
|
|
1832
|
-
["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: "Missing Check against Null",
|
|
1833
|
-
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: "Password in Comment",
|
|
1834
|
-
["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: "Poor Error Handling: Overly Broad Catch",
|
|
1835
|
-
["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: "Use of System.out/System.err",
|
|
1836
|
-
["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: "Use of dangerous function",
|
|
1837
|
-
["DOS_STRING_BUILDER" /* DosStringBuilder */]: "Denial of Service: StringBuilder",
|
|
1838
|
-
["OPEN_REDIRECT" /* OpenRedirect */]: "Open Redirect",
|
|
1839
|
-
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: "Weak XML Schema: Unbounded Occurrences",
|
|
1840
|
-
["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: "System Information Leak",
|
|
1841
|
-
["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: "External System Information Leak",
|
|
1842
|
-
["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: "HTTP response splitting",
|
|
1843
|
-
["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: "Cookie is not HttpOnly",
|
|
1844
|
-
["INSECURE_COOKIE" /* InsecureCookie */]: "Insecure Cookie",
|
|
1845
|
-
["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: "Trust Boundary Violation",
|
|
1846
|
-
["NULL_DEREFERENCE" /* NullDereference */]: "Null Dereference",
|
|
1847
|
-
["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: "Unsafe deserialization",
|
|
1848
|
-
["UNSAFE_REFLECTION" /* UnsafeReflection */]: "Unsafe Reflection",
|
|
1849
|
-
["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: "Insecure Binder Configuration",
|
|
1850
|
-
["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: "Unsafe use of target blank",
|
|
1851
|
-
["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: "Client use of iframe without sandbox",
|
|
1852
|
-
["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: "jQuery deprecated symbols",
|
|
1853
|
-
["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: "Missing Anti-Forgery Validation",
|
|
1854
|
-
["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: "GraphQL Depth Limit",
|
|
1855
|
-
["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: "Unchecked Loop Condition",
|
|
1856
|
-
["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: "Improper Resource Shutdown or Release",
|
|
1857
|
-
["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: "Improper Exception Handling",
|
|
1858
|
-
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: "Default Definer Rights in Package or Object Definition",
|
|
1859
|
-
["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: "HTML Comment in JSP",
|
|
1860
|
-
["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: "Error Condition Without Action",
|
|
1861
|
-
["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: "Deprecated Function",
|
|
1862
|
-
["HARDCODED_SECRETS" /* HardcodedSecrets */]: "Hardcoded Secrets",
|
|
1863
|
-
["PROTOTYPE_POLLUTION" /* PrototypePollution */]: "Prototype Pollution",
|
|
1864
|
-
["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: "Race Condition Format Flaw",
|
|
1865
|
-
["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: "Non-final Public Static Field",
|
|
1866
|
-
["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: "Missing HSTS Header",
|
|
1867
|
-
["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: "Dead Code: Unused Field",
|
|
1868
|
-
["HEADER_MANIPULATION" /* HeaderManipulation */]: "Header Manipulation",
|
|
1869
|
-
["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: "Missing equals or hashcode method",
|
|
1870
|
-
["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: "WCF Misconfiguration: Insufficient Logging",
|
|
1871
|
-
["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: "WCF Misconfiguration: Throttling Not Enabled",
|
|
1872
|
-
["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: "Useless regular-expression character escape",
|
|
1873
|
-
["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: "Incomplete Hostname Regex",
|
|
1874
|
-
["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: "Regex: Overly Large Range",
|
|
1875
|
-
["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: "Insufficient Logging of Sensitive Operations",
|
|
1876
|
-
["PRIVACY_VIOLATION" /* PrivacyViolation */]: "Privacy Violation",
|
|
1877
|
-
["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: "Incomplete URL Scheme Check",
|
|
1878
|
-
["VALUE_NEVER_READ" /* ValueNeverRead */]: "Value Never Read",
|
|
1879
|
-
["VALUE_SHADOWING" /* ValueShadowing */]: "Value Shadowing",
|
|
1880
|
-
["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: "Class Does Not Implement Equivalence Method",
|
|
1881
|
-
["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: "Information Exposure via Headers",
|
|
1882
|
-
["DEBUG_ENABLED" /* DebugEnabled */]: "Debug Enabled",
|
|
1883
|
-
["J2EE_GET_CONNECTION" /* J2EeGetConnection */]: "J2EE Bad Practices: getConnection()",
|
|
1884
|
-
["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: "Leftover Debug Code",
|
|
1885
|
-
["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: "Poor Error Handling: Empty Catch Block",
|
|
1886
|
-
["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: "Erroneous String Compare",
|
|
1887
|
-
["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: "Unvalidated Public Method Argument",
|
|
1888
|
-
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False",
|
|
1889
|
-
["MISSING_CSP_HEADER" /* MissingCspHeader */]: "Missing CSP Header",
|
|
1890
|
-
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML",
|
|
1891
|
-
["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection",
|
|
1892
|
-
["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: "Client Code Injection",
|
|
1893
|
-
["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: "String Format Misuse",
|
|
1894
|
-
["NON_READONLY_FIELD" /* NonReadonlyField */]: "Non Readonly Field",
|
|
1895
|
-
["CSRF" /* Csrf */]: "Cross-Site Request Forgery (CSRF)",
|
|
1896
|
-
["WEAK_ENCRYPTION" /* WeakEncryption */]: "Weak Encryption Mechanism",
|
|
1897
|
-
["CODE_IN_COMMENT" /* CodeInComment */]: "Code in Comment",
|
|
1898
|
-
["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: "Regex Missing Timeout",
|
|
1899
|
-
["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: "Frameable Login Page",
|
|
1900
|
-
["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: "Use of Hardcoded Cryptographic Key",
|
|
1901
|
-
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: "Missing SSL MinVersion",
|
|
1902
|
-
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: "Missing Websocket Origin Check",
|
|
1903
|
-
["DUPLICATED_STRINGS" /* DuplicatedStrings */]: "String Literals Should not Be Duplicated",
|
|
1904
|
-
["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: "Insecure UUID Version",
|
|
1905
|
-
["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: "GitHub Actions Shell Injection",
|
|
1906
|
-
["MODIFIED_DEFAULT_PARAM" /* ModifiedDefaultParam */]: "Modified Default Param",
|
|
1907
|
-
["UNSAFE_WEB_THREAD" /* UnsafeWebThread */]: "Unsafe Web Thread",
|
|
1908
|
-
["NO_VAR" /* NoVar */]: 'Prefer "let" or "const"',
|
|
1909
|
-
["INSECURE_TMP_FILE" /* InsecureTmpFile */]: "Insecure Temporary File",
|
|
1910
|
-
["RETURN_SHOULD_NOT_BE_INVARIANT" /* ReturnShouldNotBeInvariant */]: "Return Should Not Be Invariant",
|
|
1911
|
-
["SYSTEM_EXIT_SHOULD_RERAISE" /* SystemExitShouldReraise */]: "SystemExit Should Reraise",
|
|
1912
|
-
["NO_RETURN_IN_FINALLY" /* NoReturnInFinally */]: "No Return in Finally Block",
|
|
1913
|
-
["WILDCARD_IMPORTS" /* WildcardImports */]: "Wildcard Imports should not be used",
|
|
1914
|
-
["AVOID_IDENTITY_COMPARISON_CACHED_TYPES" /* AvoidIdentityComparisonCachedTypes */]: "Avoid Identity Comparison of Cached Types",
|
|
1915
|
-
["AVOID_BUILTIN_SHADOWING" /* AvoidBuiltinShadowing */]: "Avoid Builtin Shadowing",
|
|
1916
|
-
["IMPROPER_STRING_FORMATTING" /* ImproperStringFormatting */]: "Improper String Formatting",
|
|
1917
|
-
["TAR_SLIP" /* TarSlip */]: "Tar Slip",
|
|
1918
|
-
["MISSING_WHITESPACE" /* MissingWhitespace */]: "Missing Whitespace",
|
|
1919
|
-
["NO_PRINT_STATEMENT" /* NoPrintStatement */]: 'Python 2 "print" Statement Is Obsolete',
|
|
1920
|
-
["NO_OP_OVERHEAD" /* NoOpOverhead */]: "Expensive Arguments in Conditional Methods",
|
|
1921
|
-
["DO_NOT_RAISE_EXCEPTION" /* DoNotRaiseException */]: "Do Not Raise Exception",
|
|
1922
|
-
["DECLARE_VARIABLE_EXPLICITLY" /* DeclareVariableExplicitly */]: "Declare Variable Explicitly",
|
|
1923
|
-
["NO_NESTED_TRY" /* NoNestedTry */]: "No Nested Try",
|
|
1924
|
-
["UNNECESSARY_IMPORTS" /* UnnecessaryImports */]: "Unnecessary Imports",
|
|
1925
|
-
["REDOS" /* Redos */]: "Regular Expression Denial of Service",
|
|
1926
|
-
["DO_NOT_THROW_GENERIC_EXCEPTION" /* DoNotThrowGenericException */]: "Do Not Throw Generic Exception",
|
|
1927
|
-
["BUFFER_OVERFLOW" /* BufferOverflow */]: "Buffer Overflow",
|
|
1928
|
-
["STRING_TERMINATION_ERROR" /* StringTerminationError */]: "String Termination Error",
|
|
1929
|
-
["HTTP_PARAMETER_POLLUTION" /* HttpParameterPollution */]: "HTTP Parameter Pollution",
|
|
1930
|
-
["INCOMPLETE_SANITIZATION" /* IncompleteSanitization */]: "Incomplete Sanitization",
|
|
1931
|
-
["CREDENTIAL_DISCLOSURE" /* CredentialDisclosure */]: "Credential Disclosure",
|
|
1932
|
-
["INSECURE_POSTMESSAGE" /* InsecurePostmessage */]: "Insecure Postmessage",
|
|
1933
|
-
["MISSING_USER" /* MissingUser */]: "Missing User",
|
|
1934
|
-
["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: "Missing Encoding File Open",
|
|
1935
|
-
["PORT_ALL_INTERFACES" /* PortAllInterfaces */]: "Port All Interfaces",
|
|
1936
|
-
["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: "Writable Filesystem Service",
|
|
1937
|
-
["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: "No New Privileges",
|
|
1938
|
-
["MISSING_TEMPLATE_STRING_INDICATOR" /* MissingTemplateStringIndicator */]: "Missing Template String Indicator",
|
|
1939
|
-
["USELESS_TERNARY" /* UselessTernary */]: "Useless Ternary",
|
|
1940
|
-
["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: "Request Parameters Bound Via Input",
|
|
1941
|
-
["USE_SYS_EXIT" /* UseSysExit */]: "Use Sys Exit",
|
|
1942
|
-
["INCORRECT_SQL_API_USAGE" /* IncorrectSqlApiUsage */]: "Incorrect SQL API Usage",
|
|
1943
|
-
["USE_RAISE_FOR_STATUS" /* UseRaiseForStatus */]: "Use Raise For Status",
|
|
1944
|
-
["USE_TIMEOUT" /* UseTimeout */]: "Use Timeout",
|
|
1945
|
-
["USELESS_IF_BODY" /* UselessIfBody */]: "Useless If Body",
|
|
1946
|
-
["NO_ASSERT" /* NoAssert */]: "No Assert",
|
|
1947
|
-
["FUNCTION_CALL_WITHOUT_PARENTHESES" /* FunctionCallWithoutParentheses */]: "Function Call Without Parentheses",
|
|
1948
|
-
["SPRING_DEFAULT_PERMIT" /* SpringDefaultPermit */]: "Spring Default Permit",
|
|
1949
|
-
["RETURN_IN_INIT" /* ReturnInInit */]: "Return in Init",
|
|
1950
|
-
["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: "Action Not Pinned to Commit Sha",
|
|
1951
|
-
["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
|
|
1952
|
-
["REDUNDANT_CONDITION" /* RedundantCondition */]: "Insider Threat: Redundant Condition",
|
|
1953
|
-
["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
|
|
1954
|
-
["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions",
|
|
1955
|
-
["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure",
|
|
1956
|
-
["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: "Tainted Numeric Cast",
|
|
1957
|
-
["MISSING_X_FRAME_OPTIONS" /* MissingXFrameOptions */]: "Missing X-Frame-Options Header",
|
|
1958
|
-
["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: "Improper Validation of Array Index",
|
|
1959
|
-
["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: "Incorrect Integer Conversion",
|
|
1960
|
-
["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: "Improper Certificate Validation",
|
|
1961
|
-
["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: "Often Misused: Boolean.getBoolean()",
|
|
1962
|
-
["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: "AWS SQS Queue Unencrypted",
|
|
1963
|
-
["INSECURE_DESERIALIZATION" /* InsecureDeserialization */]: "Insecure Deserialization",
|
|
1964
|
-
["AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED" /* AwsDynamodbPointInTimeRecoveryDisabled */]: "AWS DynamoDB Point-in-Time Recovery Disabled",
|
|
1965
|
-
["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: "JWT Decoded Without Signature Verification",
|
|
1966
|
-
["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: "Unchecked Return Value"
|
|
1967
|
-
};
|
|
1968
|
-
issueTypeZ = z5.nativeEnum(IssueType_Enum);
|
|
1670
|
+
SafeIssueTypeStringZ = z5.string().regex(/^[A-Za-z0-9_]+$/).max(128);
|
|
1969
1671
|
getIssueTypeFriendlyString = (issueType) => {
|
|
1970
1672
|
const fromCatalog = getIssueTypeCatalogEntry(issueType)?.label;
|
|
1971
1673
|
if (fromCatalog) {
|
|
1972
1674
|
return fromCatalog;
|
|
1973
1675
|
}
|
|
1974
|
-
|
|
1975
|
-
if (!issueTypeZParseRes.success) {
|
|
1976
|
-
return issueType ? issueType.replaceAll("_", " ") : "Other";
|
|
1977
|
-
}
|
|
1978
|
-
return issueTypeMap[issueTypeZParseRes.data];
|
|
1676
|
+
return issueType ? issueType.replaceAll("_", " ") : "Other";
|
|
1979
1677
|
};
|
|
1980
1678
|
statusMap = {
|
|
1981
1679
|
["Digested" /* Digested */]: "Digested",
|
|
@@ -2009,31 +1707,33 @@ var IssueTypeSettingZ, IssueTypeSettingsZ;
|
|
|
2009
1707
|
var init_validations = __esm({
|
|
2010
1708
|
"src/features/analysis/scm/shared/src/validations.ts"() {
|
|
2011
1709
|
"use strict";
|
|
2012
|
-
init_client_generates();
|
|
2013
1710
|
init_getIssueType();
|
|
1711
|
+
init_issueTypeCatalog();
|
|
2014
1712
|
IssueTypeSettingZ = z6.object({
|
|
2015
1713
|
autoPrEnabled: z6.boolean(),
|
|
2016
1714
|
enabled: z6.boolean(),
|
|
2017
|
-
issueType:
|
|
1715
|
+
issueType: SafeIssueTypeStringZ
|
|
2018
1716
|
});
|
|
2019
1717
|
IssueTypeSettingsZ = z6.array(IssueTypeSettingZ).transform((issueTypeSettings) => {
|
|
2020
|
-
|
|
2021
|
-
|
|
2022
|
-
|
|
1718
|
+
const catalogValues = listIssueTypeCatalog().map((entry) => entry.value);
|
|
1719
|
+
if (catalogValues.length === 0) {
|
|
1720
|
+
throw new Error(
|
|
1721
|
+
"Issue-type catalog is not hydrated; cannot derive default issue-type settings"
|
|
2023
1722
|
);
|
|
2024
|
-
|
|
2025
|
-
|
|
2026
|
-
|
|
2027
|
-
|
|
1723
|
+
}
|
|
1724
|
+
const existingByIssueType = new Map(
|
|
1725
|
+
issueTypeSettings.map((setting) => [setting.issueType, setting])
|
|
1726
|
+
);
|
|
1727
|
+
return catalogValues.map(
|
|
1728
|
+
(issueType) => existingByIssueType.get(issueType) ?? {
|
|
2028
1729
|
autoPrEnabled: false,
|
|
2029
1730
|
enabled: true,
|
|
2030
|
-
issueType
|
|
2031
|
-
}
|
|
2032
|
-
|
|
2033
|
-
|
|
2034
|
-
|
|
2035
|
-
|
|
2036
|
-
});
|
|
1731
|
+
issueType
|
|
1732
|
+
}
|
|
1733
|
+
).map((setting) => ({
|
|
1734
|
+
setting,
|
|
1735
|
+
label: getIssueTypeFriendlyString(setting.issueType)
|
|
1736
|
+
})).sort((a, b) => a.label.localeCompare(b.label)).map(({ setting }) => setting);
|
|
2037
1737
|
});
|
|
2038
1738
|
}
|
|
2039
1739
|
});
|
|
@@ -2487,7 +2187,7 @@ var init_types2 = __esm({
|
|
|
2487
2187
|
});
|
|
2488
2188
|
|
|
2489
2189
|
// src/features/analysis/scm/shared/src/urlParser/urlParser.ts
|
|
2490
|
-
import { z as
|
|
2190
|
+
import { z as z12 } from "zod";
|
|
2491
2191
|
function computeCanonicalUrl(data) {
|
|
2492
2192
|
const {
|
|
2493
2193
|
scmType,
|
|
@@ -2529,7 +2229,7 @@ function detectAdoUrl(args) {
|
|
|
2529
2229
|
scmType: "Ado" /* Ado */,
|
|
2530
2230
|
organization,
|
|
2531
2231
|
// project has single repo - repoName === projectName
|
|
2532
|
-
projectName:
|
|
2232
|
+
projectName: z12.string().parse(projectName),
|
|
2533
2233
|
repoName: projectName,
|
|
2534
2234
|
prefixPath
|
|
2535
2235
|
};
|
|
@@ -2540,7 +2240,7 @@ function detectAdoUrl(args) {
|
|
|
2540
2240
|
return {
|
|
2541
2241
|
scmType: "Ado" /* Ado */,
|
|
2542
2242
|
organization,
|
|
2543
|
-
projectName:
|
|
2243
|
+
projectName: z12.string().parse(projectName),
|
|
2544
2244
|
repoName,
|
|
2545
2245
|
prefixPath
|
|
2546
2246
|
};
|
|
@@ -2554,7 +2254,7 @@ function detectAdoUrl(args) {
|
|
|
2554
2254
|
scmType: "Ado" /* Ado */,
|
|
2555
2255
|
organization,
|
|
2556
2256
|
// project has only one repo - repoName === projectName
|
|
2557
|
-
projectName:
|
|
2257
|
+
projectName: z12.string().parse(repoName),
|
|
2558
2258
|
repoName,
|
|
2559
2259
|
prefixPath
|
|
2560
2260
|
};
|
|
@@ -2564,7 +2264,7 @@ function detectAdoUrl(args) {
|
|
|
2564
2264
|
return {
|
|
2565
2265
|
scmType: "Ado" /* Ado */,
|
|
2566
2266
|
organization,
|
|
2567
|
-
projectName:
|
|
2267
|
+
projectName: z12.string().parse(projectName),
|
|
2568
2268
|
repoName,
|
|
2569
2269
|
prefixPath
|
|
2570
2270
|
};
|
|
@@ -2640,7 +2340,7 @@ function parseSshUrl(scmURL, scmType) {
|
|
|
2640
2340
|
if (pathElements.length === 3) {
|
|
2641
2341
|
const [organization2, projectName, repoName2] = pathElements;
|
|
2642
2342
|
if (organization2?.match(NAME_REGEX) && projectName && repoName2?.match(NAME_REGEX)) {
|
|
2643
|
-
const parsedProjectName =
|
|
2343
|
+
const parsedProjectName = z12.string().parse(projectName);
|
|
2644
2344
|
return {
|
|
2645
2345
|
scmType: "Ado" /* Ado */,
|
|
2646
2346
|
hostname: normalizedHostname,
|
|
@@ -2868,17 +2568,17 @@ var init_urlParser2 = __esm({
|
|
|
2868
2568
|
});
|
|
2869
2569
|
|
|
2870
2570
|
// src/features/analysis/scm/env.ts
|
|
2871
|
-
import { z as
|
|
2571
|
+
import { z as z15 } from "zod";
|
|
2872
2572
|
var EnvVariablesZod, GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST, MAX_UPLOAD_FILE_SIZE_MB, GITHUB_API_CONCURRENCY;
|
|
2873
2573
|
var init_env = __esm({
|
|
2874
2574
|
"src/features/analysis/scm/env.ts"() {
|
|
2875
2575
|
"use strict";
|
|
2876
|
-
EnvVariablesZod =
|
|
2877
|
-
GITLAB_API_TOKEN:
|
|
2878
|
-
GITHUB_API_TOKEN:
|
|
2879
|
-
GIT_PROXY_HOST:
|
|
2880
|
-
MAX_UPLOAD_FILE_SIZE_MB:
|
|
2881
|
-
GITHUB_API_CONCURRENCY:
|
|
2576
|
+
EnvVariablesZod = z15.object({
|
|
2577
|
+
GITLAB_API_TOKEN: z15.string().optional(),
|
|
2578
|
+
GITHUB_API_TOKEN: z15.string().optional(),
|
|
2579
|
+
GIT_PROXY_HOST: z15.string().optional().default("http://tinyproxy:8888"),
|
|
2580
|
+
MAX_UPLOAD_FILE_SIZE_MB: z15.coerce.number().gt(0).default(2),
|
|
2581
|
+
GITHUB_API_CONCURRENCY: z15.coerce.number().gt(0).optional().default(10)
|
|
2882
2582
|
});
|
|
2883
2583
|
({
|
|
2884
2584
|
GITLAB_API_TOKEN,
|
|
@@ -2912,7 +2612,7 @@ var init_configs = __esm({
|
|
|
2912
2612
|
});
|
|
2913
2613
|
|
|
2914
2614
|
// src/utils/blame/gitBlameTypes.ts
|
|
2915
|
-
import { z as
|
|
2615
|
+
import { z as z18 } from "zod";
|
|
2916
2616
|
function parseCoAuthorValue(raw) {
|
|
2917
2617
|
const trimmed = raw.trim();
|
|
2918
2618
|
if (!trimmed) {
|
|
@@ -2948,9 +2648,9 @@ var PrepareGitBlameMessageZ, PrepareGitBlameResponseMessageZ, CommitMetadataZ, L
|
|
|
2948
2648
|
var init_gitBlameTypes = __esm({
|
|
2949
2649
|
"src/utils/blame/gitBlameTypes.ts"() {
|
|
2950
2650
|
"use strict";
|
|
2951
|
-
PrepareGitBlameMessageZ =
|
|
2952
|
-
reportId:
|
|
2953
|
-
repoArchivePath:
|
|
2651
|
+
PrepareGitBlameMessageZ = z18.object({
|
|
2652
|
+
reportId: z18.string(),
|
|
2653
|
+
repoArchivePath: z18.string(),
|
|
2954
2654
|
// Optional list of file paths to blame. Producers must pick one of two modes:
|
|
2955
2655
|
//
|
|
2956
2656
|
// - **Omit `filePaths`** = "blame every file in the archive". Used by the
|
|
@@ -2966,132 +2666,132 @@ var init_gitBlameTypes = __esm({
|
|
|
2966
2666
|
// "Login.java" when the actual file is "src/main/java/Login.java") are
|
|
2967
2667
|
// tolerated — scm_agent's filter matches exact-or-trailing-basename. Empty
|
|
2968
2668
|
// strings are filtered out defensively.
|
|
2969
|
-
filePaths:
|
|
2669
|
+
filePaths: z18.array(z18.string()).optional()
|
|
2970
2670
|
});
|
|
2971
|
-
PrepareGitBlameResponseMessageZ =
|
|
2972
|
-
reportId:
|
|
2671
|
+
PrepareGitBlameResponseMessageZ = z18.object({
|
|
2672
|
+
reportId: z18.string()
|
|
2973
2673
|
});
|
|
2974
|
-
CommitMetadataZ =
|
|
2975
|
-
author:
|
|
2976
|
-
"author-mail":
|
|
2977
|
-
"author-time":
|
|
2978
|
-
"author-tz":
|
|
2979
|
-
committer:
|
|
2980
|
-
"committer-mail":
|
|
2981
|
-
"committer-time":
|
|
2982
|
-
"committer-tz":
|
|
2983
|
-
summary:
|
|
2984
|
-
filename:
|
|
2674
|
+
CommitMetadataZ = z18.object({
|
|
2675
|
+
author: z18.string().optional(),
|
|
2676
|
+
"author-mail": z18.string().optional(),
|
|
2677
|
+
"author-time": z18.string().optional(),
|
|
2678
|
+
"author-tz": z18.string().optional(),
|
|
2679
|
+
committer: z18.string().optional(),
|
|
2680
|
+
"committer-mail": z18.string().optional(),
|
|
2681
|
+
"committer-time": z18.string().optional(),
|
|
2682
|
+
"committer-tz": z18.string().optional(),
|
|
2683
|
+
summary: z18.string().optional(),
|
|
2684
|
+
filename: z18.string().optional()
|
|
2985
2685
|
});
|
|
2986
|
-
LineToCommitMapZ =
|
|
2987
|
-
CommitMetadataMapZ =
|
|
2988
|
-
BlameInfoZ =
|
|
2686
|
+
LineToCommitMapZ = z18.record(z18.string(), z18.string());
|
|
2687
|
+
CommitMetadataMapZ = z18.record(z18.string(), CommitMetadataZ);
|
|
2688
|
+
BlameInfoZ = z18.object({
|
|
2989
2689
|
lineToCommit: LineToCommitMapZ,
|
|
2990
2690
|
commitMetadata: CommitMetadataMapZ
|
|
2991
2691
|
});
|
|
2992
|
-
LineRangeZ =
|
|
2692
|
+
LineRangeZ = z18.object({
|
|
2993
2693
|
/** First line in chunk (1-indexed) */
|
|
2994
|
-
start:
|
|
2694
|
+
start: z18.number(),
|
|
2995
2695
|
/** Last line in chunk (inclusive) */
|
|
2996
|
-
end:
|
|
2696
|
+
end: z18.number()
|
|
2997
2697
|
});
|
|
2998
|
-
PrContextZ =
|
|
2999
|
-
prNumber:
|
|
3000
|
-
repositoryUrl:
|
|
3001
|
-
organizationId:
|
|
3002
|
-
userEmail:
|
|
3003
|
-
source:
|
|
3004
|
-
githubContext:
|
|
3005
|
-
prNumber:
|
|
3006
|
-
installationId:
|
|
3007
|
-
repositoryURL:
|
|
2698
|
+
PrContextZ = z18.object({
|
|
2699
|
+
prNumber: z18.number(),
|
|
2700
|
+
repositoryUrl: z18.string(),
|
|
2701
|
+
organizationId: z18.string(),
|
|
2702
|
+
userEmail: z18.string(),
|
|
2703
|
+
source: z18.enum(["pr", "github"]),
|
|
2704
|
+
githubContext: z18.object({
|
|
2705
|
+
prNumber: z18.number(),
|
|
2706
|
+
installationId: z18.number(),
|
|
2707
|
+
repositoryURL: z18.string()
|
|
3008
2708
|
}).optional()
|
|
3009
2709
|
});
|
|
3010
|
-
PrepareCommitBlameMessageZ =
|
|
2710
|
+
PrepareCommitBlameMessageZ = z18.object({
|
|
3011
2711
|
/** Commit blame request ID from database (for tracking and updating status) */
|
|
3012
|
-
commitBlameRequestId:
|
|
2712
|
+
commitBlameRequestId: z18.string(),
|
|
3013
2713
|
/** Organization ID (for org-scoped caching) */
|
|
3014
|
-
organizationId:
|
|
2714
|
+
organizationId: z18.string(),
|
|
3015
2715
|
/** Full repository URL (e.g., https://github.com/org/repo) */
|
|
3016
|
-
repositoryUrl:
|
|
2716
|
+
repositoryUrl: z18.string(),
|
|
3017
2717
|
/** Commit SHA to analyze (typically PR head commit) */
|
|
3018
|
-
commitSha:
|
|
2718
|
+
commitSha: z18.string(),
|
|
3019
2719
|
/** Authentication headers for repository access (e.g., GitHub token) */
|
|
3020
|
-
extraHeaders:
|
|
2720
|
+
extraHeaders: z18.record(z18.string(), z18.string()).default({}),
|
|
3021
2721
|
// --- PR analysis fields ---
|
|
3022
2722
|
/** Target branch name (from getPr() base.ref). When set, enables PR analysis mode. */
|
|
3023
|
-
targetBranch:
|
|
2723
|
+
targetBranch: z18.string().optional(),
|
|
3024
2724
|
/** Context for triggering blame attribution analysis after SCM agent completes. */
|
|
3025
2725
|
prContext: PrContextZ.optional(),
|
|
3026
2726
|
/** User email for blame attribution analysis trigger context (used for both PR and single commit flows). */
|
|
3027
|
-
userEmail:
|
|
2727
|
+
userEmail: z18.string().optional()
|
|
3028
2728
|
});
|
|
3029
|
-
BlameLineInfoZ =
|
|
2729
|
+
BlameLineInfoZ = z18.object({
|
|
3030
2730
|
/** Line number as it appeared in the introducing commit */
|
|
3031
|
-
originalLineNumber:
|
|
2731
|
+
originalLineNumber: z18.number(),
|
|
3032
2732
|
/** Commit SHA that introduced this line */
|
|
3033
|
-
commitSha:
|
|
2733
|
+
commitSha: z18.string(),
|
|
3034
2734
|
/** Author name for this line */
|
|
3035
|
-
authorName:
|
|
2735
|
+
authorName: z18.string().optional(),
|
|
3036
2736
|
/** Author email for this line */
|
|
3037
|
-
authorEmail:
|
|
2737
|
+
authorEmail: z18.string().optional()
|
|
3038
2738
|
}).nullable();
|
|
3039
|
-
FileBlameDataZ =
|
|
3040
|
-
ChunkFetchResultZ =
|
|
3041
|
-
filePath:
|
|
3042
|
-
lines:
|
|
2739
|
+
FileBlameDataZ = z18.array(BlameLineInfoZ);
|
|
2740
|
+
ChunkFetchResultZ = z18.object({
|
|
2741
|
+
filePath: z18.string(),
|
|
2742
|
+
lines: z18.array(z18.number()),
|
|
3043
2743
|
data: FileBlameDataZ.nullable()
|
|
3044
2744
|
});
|
|
3045
|
-
FileBlameResponseEntryZ =
|
|
2745
|
+
FileBlameResponseEntryZ = z18.object({
|
|
3046
2746
|
/** Chunk index (0 for small files, 0-N for large file chunks) */
|
|
3047
|
-
chunkIndex:
|
|
2747
|
+
chunkIndex: z18.number(),
|
|
3048
2748
|
/** Blame data array (1-indexed, index 0 is null) */
|
|
3049
2749
|
blameData: FileBlameDataZ
|
|
3050
2750
|
});
|
|
3051
|
-
CommitBlameDataZ =
|
|
3052
|
-
|
|
2751
|
+
CommitBlameDataZ = z18.record(
|
|
2752
|
+
z18.string(),
|
|
3053
2753
|
// fileName
|
|
3054
|
-
|
|
2754
|
+
z18.array(FileBlameResponseEntryZ)
|
|
3055
2755
|
);
|
|
3056
|
-
CommitInfoZ =
|
|
2756
|
+
CommitInfoZ = z18.object({
|
|
3057
2757
|
/** Number of parent commits (1 = normal commit, 2+ = merge commit, null = failed to determine) */
|
|
3058
|
-
parentCount:
|
|
2758
|
+
parentCount: z18.number().nullable()
|
|
3059
2759
|
});
|
|
3060
|
-
GitIdentityZ =
|
|
3061
|
-
name:
|
|
3062
|
-
email:
|
|
2760
|
+
GitIdentityZ = z18.object({
|
|
2761
|
+
name: z18.string(),
|
|
2762
|
+
email: z18.string()
|
|
3063
2763
|
});
|
|
3064
2764
|
COMMIT_LOG_FORMAT = "%H%x00%ae%x00%an%x00%ce%x00%cn%x00%at%x00%s%x00%(trailers:key=Co-authored-by,valueonly,separator=%x00)";
|
|
3065
|
-
CommitDataZ =
|
|
3066
|
-
diff:
|
|
2765
|
+
CommitDataZ = z18.object({
|
|
2766
|
+
diff: z18.string(),
|
|
3067
2767
|
author: GitIdentityZ,
|
|
3068
2768
|
committer: GitIdentityZ,
|
|
3069
|
-
coAuthors:
|
|
3070
|
-
timestamp:
|
|
2769
|
+
coAuthors: z18.array(GitIdentityZ),
|
|
2770
|
+
timestamp: z18.number(),
|
|
3071
2771
|
// Unix timestamp in seconds
|
|
3072
|
-
message:
|
|
3073
|
-
parentCount:
|
|
2772
|
+
message: z18.string().optional(),
|
|
2773
|
+
parentCount: z18.number().nullable()
|
|
3074
2774
|
});
|
|
3075
|
-
PrDiffDataZ =
|
|
3076
|
-
diff:
|
|
2775
|
+
PrDiffDataZ = z18.object({
|
|
2776
|
+
diff: z18.string()
|
|
3077
2777
|
});
|
|
3078
|
-
PrStatsZ =
|
|
3079
|
-
additions:
|
|
3080
|
-
deletions:
|
|
2778
|
+
PrStatsZ = z18.object({
|
|
2779
|
+
additions: z18.number(),
|
|
2780
|
+
deletions: z18.number()
|
|
3081
2781
|
});
|
|
3082
|
-
CommitsManifestZ =
|
|
3083
|
-
commits:
|
|
2782
|
+
CommitsManifestZ = z18.object({
|
|
2783
|
+
commits: z18.array(z18.string())
|
|
3084
2784
|
// Array of commit SHAs in order
|
|
3085
2785
|
});
|
|
3086
|
-
BlameLineEntryZ =
|
|
2786
|
+
BlameLineEntryZ = z18.object({
|
|
3087
2787
|
/** Current file path in the PR head (what git blame was invoked on). */
|
|
3088
|
-
file:
|
|
2788
|
+
file: z18.string(),
|
|
3089
2789
|
/** Current line number in the PR head. */
|
|
3090
|
-
line:
|
|
2790
|
+
line: z18.number(),
|
|
3091
2791
|
/** SHA of the commit that originally authored this line. */
|
|
3092
|
-
originalCommitSha:
|
|
2792
|
+
originalCommitSha: z18.string(),
|
|
3093
2793
|
/** Line number as it was in `originalCommitSha`. */
|
|
3094
|
-
originalLineNumber:
|
|
2794
|
+
originalLineNumber: z18.number(),
|
|
3095
2795
|
/**
|
|
3096
2796
|
* File path as it was in `originalCommitSha` at the time that commit
|
|
3097
2797
|
* authored this line. When a file has been renamed since, this differs
|
|
@@ -3104,24 +2804,24 @@ var init_gitBlameTypes = __esm({
|
|
|
3104
2804
|
* must treat empty as "fall back to `file`" (see enrichDiffLines,
|
|
3105
2805
|
* targetedBlame).
|
|
3106
2806
|
*/
|
|
3107
|
-
originalFile:
|
|
2807
|
+
originalFile: z18.string().default("")
|
|
3108
2808
|
});
|
|
3109
|
-
BlameLinesDataZ =
|
|
3110
|
-
lines:
|
|
2809
|
+
BlameLinesDataZ = z18.object({
|
|
2810
|
+
lines: z18.array(BlameLineEntryZ)
|
|
3111
2811
|
});
|
|
3112
|
-
PrepareCommitBlameResponseMessageZ =
|
|
2812
|
+
PrepareCommitBlameResponseMessageZ = z18.object({
|
|
3113
2813
|
/** Commit blame request ID (matches request, used to update specific DB record) */
|
|
3114
|
-
commitBlameRequestId:
|
|
2814
|
+
commitBlameRequestId: z18.string(),
|
|
3115
2815
|
/** Organization ID (matches request) */
|
|
3116
|
-
organizationId:
|
|
2816
|
+
organizationId: z18.string(),
|
|
3117
2817
|
/** Repository URL (matches request) */
|
|
3118
|
-
repositoryUrl:
|
|
2818
|
+
repositoryUrl: z18.string(),
|
|
3119
2819
|
/** Commit SHA analyzed (matches request) */
|
|
3120
|
-
commitSha:
|
|
2820
|
+
commitSha: z18.string(),
|
|
3121
2821
|
/** Processing status */
|
|
3122
|
-
status:
|
|
2822
|
+
status: z18.enum(["success", "failure"]),
|
|
3123
2823
|
/** Error message (only present if status is 'failure') */
|
|
3124
|
-
error:
|
|
2824
|
+
error: z18.string().optional(),
|
|
3125
2825
|
/**
|
|
3126
2826
|
* Blame data for all processed files/chunks.
|
|
3127
2827
|
* Empty dictionary if status is 'failure'.
|
|
@@ -3133,29 +2833,29 @@ var init_gitBlameTypes = __esm({
|
|
|
3133
2833
|
* Keyed by commit SHA, deduplicated.
|
|
3134
2834
|
* Empty dictionary if status is 'failure'.
|
|
3135
2835
|
*/
|
|
3136
|
-
commits:
|
|
2836
|
+
commits: z18.record(z18.string(), CommitInfoZ).default({}),
|
|
3137
2837
|
// --- New PR diff computation response fields ---
|
|
3138
2838
|
/** S3 paths for commit-level data (commitSha → S3 key). Present in PR analysis mode and single commit mode. */
|
|
3139
|
-
commitDataS3Paths:
|
|
2839
|
+
commitDataS3Paths: z18.record(z18.string(), z18.string()).optional(),
|
|
3140
2840
|
/** S3 key for PR diff JSON. Present in PR analysis mode. */
|
|
3141
|
-
prDiffS3Path:
|
|
2841
|
+
prDiffS3Path: z18.string().optional(),
|
|
3142
2842
|
/** S3 key for commits manifest. Present in PR analysis mode. */
|
|
3143
|
-
commitsManifestS3Path:
|
|
2843
|
+
commitsManifestS3Path: z18.string().optional(),
|
|
3144
2844
|
/** S3 key for per-line targeted blame data. Present in PR analysis mode. */
|
|
3145
|
-
blameLinesS3Path:
|
|
2845
|
+
blameLinesS3Path: z18.string().optional(),
|
|
3146
2846
|
/** S3 key for PR stats (additions/deletions). Present in PR analysis mode. */
|
|
3147
|
-
prStatsS3Path:
|
|
2847
|
+
prStatsS3Path: z18.string().optional(),
|
|
3148
2848
|
/** PR context passed through from request for response handler. */
|
|
3149
2849
|
prContext: PrContextZ.optional(),
|
|
3150
2850
|
/** PR title from the request metadata (passed through). */
|
|
3151
|
-
prTitle:
|
|
2851
|
+
prTitle: z18.string().optional(),
|
|
3152
2852
|
/** User email passed through from request for single commit blame attribution analysis trigger. */
|
|
3153
|
-
userEmail:
|
|
2853
|
+
userEmail: z18.string().optional()
|
|
3154
2854
|
});
|
|
3155
|
-
VulnerabilityAttributionMessageZ =
|
|
3156
|
-
fixReportId:
|
|
3157
|
-
vulnerabilityAttributionRequestId:
|
|
3158
|
-
userEmail:
|
|
2855
|
+
VulnerabilityAttributionMessageZ = z18.object({
|
|
2856
|
+
fixReportId: z18.string().uuid(),
|
|
2857
|
+
vulnerabilityAttributionRequestId: z18.string().uuid(),
|
|
2858
|
+
userEmail: z18.string()
|
|
3159
2859
|
});
|
|
3160
2860
|
}
|
|
3161
2861
|
});
|
|
@@ -4422,7 +4122,7 @@ import * as os3 from "os";
|
|
|
4422
4122
|
import path6 from "path";
|
|
4423
4123
|
import chalk3 from "chalk";
|
|
4424
4124
|
import { withFile } from "tmp-promise";
|
|
4425
|
-
import
|
|
4125
|
+
import z26 from "zod";
|
|
4426
4126
|
|
|
4427
4127
|
// src/commands/handleMobbLogin.ts
|
|
4428
4128
|
import chalk2 from "chalk";
|
|
@@ -4894,344 +4594,12 @@ import debugModule from "debug";
|
|
|
4894
4594
|
var debug3 = debugModule("mobb:shared");
|
|
4895
4595
|
|
|
4896
4596
|
// src/features/analysis/scm/utils/index.ts
|
|
4897
|
-
import { z as
|
|
4597
|
+
import { z as z14 } from "zod";
|
|
4898
4598
|
|
|
4899
4599
|
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
4900
4600
|
init_client_generates();
|
|
4901
|
-
import { z as z9 } from "zod";
|
|
4902
|
-
|
|
4903
|
-
// src/features/analysis/scm/shared/src/fixDetailsData.ts
|
|
4904
|
-
init_client_generates();
|
|
4905
|
-
var fixDetailsData = {
|
|
4906
|
-
["PT" /* Pt */]: {
|
|
4907
|
-
issueDescription: "Path Traversal AKA Directory Traversal occurs when a path coming from user input is not properly sanitized, allowing an attacker to navigate through directories beyond the intended scope. Attackers can exploit this to access sensitive files or execute arbitrary code.",
|
|
4908
|
-
fixInstructions: "Sanitize user-supplied paths, ensuring that they are restricted to a predefined directory structure."
|
|
4909
|
-
},
|
|
4910
|
-
["ZIP_SLIP" /* ZipSlip */]: {
|
|
4911
|
-
issueDescription: "Zip Slip is a form of directory traversal that can be exploited by extracting files from an archive. Attackers can manipulate archive files to overwrite sensitive files or execute arbitrary code.",
|
|
4912
|
-
fixInstructions: "Ensure that extracted files are relative and within the intended directory structure."
|
|
4913
|
-
},
|
|
4914
|
-
["XSS" /* Xss */]: {
|
|
4915
|
-
issueDescription: "Cross-Site Scripting (XSS) allows attackers to inject malicious scripts into web pages viewed by other users. This can lead to theft of session cookies, redirection to malicious websites, or defacement of the webpage.",
|
|
4916
|
-
fixInstructions: "Implement input validation and output encoding. This includes sanitizing user input and escaping special characters to prevent execution of injected scripts."
|
|
4917
|
-
},
|
|
4918
|
-
["XXE" /* Xxe */]: {
|
|
4919
|
-
issueDescription: "XML External Entity (XXE) allows attackers to exploit vulnerable XML processors by including external entities, leading to disclosure of confidential data, denial of service, or server-side request forgery.",
|
|
4920
|
-
fixInstructions: "Disable external entity processing in XML parsers or update to versions that mitigate XXE vulnerabilities. Input validation should be implemented to ensure that XML input does not contain external entity references."
|
|
4921
|
-
},
|
|
4922
|
-
["CMDi" /* CmDi */]: {
|
|
4923
|
-
issueDescription: "Command Injection (CMDI) allows attackers inject malicious commands into vulnerable applications, that can result in execution of arbitrary commands on the underlying operating system.",
|
|
4924
|
-
fixInstructions: "Validate or sanitize user input to prevent executing arbitrary commands."
|
|
4925
|
-
},
|
|
4926
|
-
["SQL_Injection" /* SqlInjection */]: {
|
|
4927
|
-
issueDescription: "SQL Injection allows attackers to execute malicious SQL queries by manipulating input data. This can result in unauthorized access to sensitive data, data manipulation, or even complete database compromise.",
|
|
4928
|
-
fixInstructions: "Use parameterized queries or prepared statements to sanitize user input and prevent manipulation of the SQL query."
|
|
4929
|
-
},
|
|
4930
|
-
["SSRF" /* Ssrf */]: {
|
|
4931
|
-
issueDescription: "Server-Side Request Forgery (SSRF) allows attackers to make unauthorized requests from a vulnerable server, potentially accessing internal systems, services, or data.",
|
|
4932
|
-
fixInstructions: "Validate or sanitize user-supplied URLs, ensuring that they are restricted to trusted domains. Implementing proper input validation and using whitelists for acceptable URLs can prevent SSRF attacks."
|
|
4933
|
-
},
|
|
4934
|
-
["LOG_FORGING" /* LogForging */]: {
|
|
4935
|
-
issueDescription: "Log Forging allows attackers to manipulate log files by injecting malicious content. This can be used to obfuscate attack traces or forge log entries to conceal unauthorized activities.",
|
|
4936
|
-
fixInstructions: "Implement proper input sanitization to remove new lines for values going to the log."
|
|
4937
|
-
},
|
|
4938
|
-
["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: {
|
|
4939
|
-
issueDescription: "Cookie without the 'HttpOnly' attribute can be accessed by client-side scripts, exposing them to potential XSS attacks.",
|
|
4940
|
-
fixInstructions: "Ensure that sensitive cookies are marked with the 'HttpOnly' attribute to prevent client-side scripts from accessing them."
|
|
4941
|
-
},
|
|
4942
|
-
["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: {
|
|
4943
|
-
issueDescription: "System Information Leak occurs when sensitive system information is inadvertently disclosed to external entities, potentially aiding attackers in identifying vulnerabilities or targets.",
|
|
4944
|
-
fixInstructions: "Review and restrict the amount of system information exposed through error messages, debug logs, or response headers."
|
|
4945
|
-
},
|
|
4946
|
-
["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: {
|
|
4947
|
-
issueDescription: "Unchecked Loop Condition can lead to infinite loops or unexpected behavior in software applications. Attackers can exploit this vulnerability to cause denial of service or consume excessive system resources.",
|
|
4948
|
-
fixInstructions: "Carefully review loop conditions to ensure that they are properly validated and bounded."
|
|
4949
|
-
},
|
|
4950
|
-
["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: {
|
|
4951
|
-
issueDescription: "Trust Boundary Violation occurs when untrusted data is added to a trusted context, potentially leading to security vulnerabilities. Attackers can exploit this to bypass security controls or execute unauthorized actions.",
|
|
4952
|
-
fixInstructions: "Clearly define and enforce trust boundaries within applications, ensuring that untrusted data is properly validated and sanitized before being used in a trusted context."
|
|
4953
|
-
},
|
|
4954
|
-
["REGEX_INJECTION" /* RegexInjection */]: {
|
|
4955
|
-
issueDescription: "Regex Injection occurs when attackers manipulate regular expressions to perform unintended actions or bypass security controls. This can lead to security vulnerabilities such as denial of service or injection attacks.",
|
|
4956
|
-
fixInstructions: "Avoid constructing regular expressions from user-supplied input whenever possible. If dynamic regular expressions are necessary, input should be properly validated and sanitized to prevent injection attacks."
|
|
4957
|
-
},
|
|
4958
|
-
["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: {
|
|
4959
|
-
issueDescription: "Error Condition Without Action refers to situations where error conditions are identified but not appropriately handled or mitigated. This can lead to unexpected behavior, system crashes, or security vulnerabilities.",
|
|
4960
|
-
fixInstructions: "Implement error handling mechanisms to gracefully handle unexpected conditions and prevent system crashes."
|
|
4961
|
-
},
|
|
4962
|
-
["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: {
|
|
4963
|
-
issueDescription: "HTTP Response Splitting occurs when attackers manipulate HTTP responses to inject additional headers or content. This can lead to security vulnerabilities such as cache poisoning, session fixation, or XSS attacks.",
|
|
4964
|
-
fixInstructions: "Properly sanitize user input before including it in HTTP response headers or content."
|
|
4965
|
-
},
|
|
4966
|
-
["INSECURE_COOKIE" /* InsecureCookie */]: {
|
|
4967
|
-
issueDescription: "Cookies lacking the 'Secure' attribute may be transmitted over unencrypted channels. This makes them vulnerable to interception or manipulation by attackers.",
|
|
4968
|
-
fixInstructions: "Ensure that sensitive cookies are transmitted over secure channels (e.g., HTTPS) and are marked with the 'Secure' attributes."
|
|
4969
|
-
},
|
|
4970
|
-
["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: {
|
|
4971
|
-
issueDescription: "Command Injection via Relative Path may allow attackers to manipulate file paths to execute arbitrary commands on the underlying system.",
|
|
4972
|
-
fixInstructions: "Paths coming from the input should be properly sanitized to ensure that only expected characters and paths are allowed."
|
|
4973
|
-
},
|
|
4974
|
-
["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: {
|
|
4975
|
-
issueDescription: "Missing Check Against Null occurs when null or uninitialized variables are not properly handled, leading to unexpected behavior or security vulnerabilities.",
|
|
4976
|
-
fixInstructions: "Implement proper null checks and error handling mechanisms to prevent null dereference vulnerabilities. Null values should be handled gracefully to avoid unexpected behavior or security issues."
|
|
4977
|
-
},
|
|
4978
|
-
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: {
|
|
4979
|
-
issueDescription: "Password in Comment refers to situations where sensitive information such as passwords or API keys are hardcoded or embedded in code comments. This can lead to inadvertent exposure of credentials and potential security breaches if the code is shared or leaked.",
|
|
4980
|
-
fixInstructions: "Remove hardcoded sensitive information from code comments."
|
|
4981
|
-
},
|
|
4982
|
-
["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: {
|
|
4983
|
-
issueDescription: "Overly Broad Catch occurs when exceptions are caught indiscriminately without proper handling or logging. This can lead to silent failures, masking potential security issues or allowing attackers to conduct reconnaissance.",
|
|
4984
|
-
fixInstructions: "Implement specific exception handling for different error scenarios to ensure proper diagnosis and mitigation of issues. Catch blocks should log relevant information and handle exceptions gracefully to prevent silent failures."
|
|
4985
|
-
},
|
|
4986
|
-
["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: {
|
|
4987
|
-
issueDescription: "Use of System Output Stream refers to situations where sensitive information is written to standard output streams such as System.out. This can lead to inadvertent exposure of sensitive data, especially in production environments.",
|
|
4988
|
-
fixInstructions: "Avoid writing sensitive information to standard output streams and instead use secure logging mechanisms or dedicated logging frameworks. Output streams should be properly configured to prevent leakage of sensitive data."
|
|
4989
|
-
},
|
|
4990
|
-
["DOS_STRING_BUILDER" /* DosStringBuilder */]: {
|
|
4991
|
-
issueDescription: "Denial of Service (DoS) via String Builder may allow attackers to manipulate string concatenation operations to consume excessive memory or CPU resources. This can lead to degradation of system performance or unresponsiveness.",
|
|
4992
|
-
fixInstructions: "Use StringBuilder or similar efficient data structures for string concatenation operations to minimize memory overhead. Input validation should be performed to limit the size and complexity of input strings, preventing abuse by attackers."
|
|
4993
|
-
},
|
|
4994
|
-
["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: {
|
|
4995
|
-
issueDescription: "HTML Comment in JSP occurs when developers inadvertently expose sensitive information or internal implementation details in HTML comments within JavaServer Pages (JSP) files. This can lead to inadvertent disclosure of credentials, configuration details, or security vulnerabilities.",
|
|
4996
|
-
fixInstructions: "Review JSP files to ensure that sensitive information or internal details are not exposed in HTML comments. Comments containing sensitive information should be removed or replaced with generic placeholders."
|
|
4997
|
-
},
|
|
4998
|
-
["OPEN_REDIRECT" /* OpenRedirect */]: {
|
|
4999
|
-
issueDescription: "Open Redirect vulnerabilities may allow attackers to manipulate URL parameters to redirect users to malicious websites or phishing pages. This can lead to theft of sensitive information or unauthorized access to user accounts.",
|
|
5000
|
-
fixInstructions: "Redirect URLs validation should be performed to ensure that redirect URLs point to trusted domains."
|
|
5001
|
-
},
|
|
5002
|
-
["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: {
|
|
5003
|
-
issueDescription: "Unsafe Target Blank occurs when developers use the target='_blank' attribute without the rel='noopener' attribute in anchor tags. This can lead to security vulnerabilities such as tabnabbing or reverse tabnabbing, allowing attackers to hijack user sessions or perform phishing attacks.",
|
|
5004
|
-
fixInstructions: "Ensure that anchor tags with target='_blank' attribute include the rel='noopener' attribute to prevent potential security vulnerabilities. This prevents the newly opened page from accessing the window.opener property, mitigating the risk of tabnabbing or reverse tabnabbing attacks."
|
|
5005
|
-
},
|
|
5006
|
-
["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: {
|
|
5007
|
-
issueDescription: "IFrame Without Sandbox occurs when <iframe> elements are used without the 'sandbox' attribute, allowing potentially malicious content to execute in the context of the parent page.",
|
|
5008
|
-
fixInstructions: "Use the 'sandbox' attribute to restrict the capabilities of <iframe> elements, isolating potentially untrusted content from the parent page. This helps mitigate the risk of malicious code execution and prevents attacks such as clickjacking."
|
|
5009
|
-
},
|
|
5010
|
-
["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: {
|
|
5011
|
-
issueDescription: "JQuery Deprecated Symbols refers to the use of deprecated or removed functions, methods, or symbols in jQuery libraries. This can lead to compatibility issues, security vulnerabilities, or performance degradation in applications.",
|
|
5012
|
-
fixInstructions: "Replace deprecated symbols with recommended alternatives."
|
|
5013
|
-
},
|
|
5014
|
-
["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: {
|
|
5015
|
-
issueDescription: "Deprecated Function refers to the use of functions, methods, or features that have been deprecated in programming languages or frameworks. This can lead to compatibility issues, security vulnerabilities, or performance degradation in applications.",
|
|
5016
|
-
fixInstructions: "Update code to replace deprecated functions with recommended alternatives provided by the language or framework."
|
|
5017
|
-
},
|
|
5018
|
-
["HARDCODED_SECRETS" /* HardcodedSecrets */]: {
|
|
5019
|
-
issueDescription: "Hardcoded Secrets refers to the practice of embedding sensitive information such as passwords, API keys, or cryptographic keys directly into source code or configuration files. This can lead to inadvertent exposure of credentials and potential security breaches if the code is shared or leaked.",
|
|
5020
|
-
fixInstructions: "Remove hardcoded sensitive information in source code or configuration files. Instead, sensitive data should be stored securely using encryption or secure credential management solutions."
|
|
5021
|
-
},
|
|
5022
|
-
["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: {
|
|
5023
|
-
issueDescription: "GraphQL Depth Limit refers to the lack of restrictions on query depth in GraphQL implementations, allowing attackers to execute complex and resource-intensive queries. This can lead to denial of service or excessive resource consumption.",
|
|
5024
|
-
fixInstructions: "Implement depth limits and query complexity thresholds in GraphQL schemas to restrict the complexity of incoming queries."
|
|
5025
|
-
},
|
|
5026
|
-
["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: {
|
|
5027
|
-
issueDescription: "System Information Leak occurs when sensitive system information is inadvertently disclosed to external entities, potentially aiding attackers in identifying vulnerabilities or targets.",
|
|
5028
|
-
fixInstructions: "Review and restrict the amount of system information exposed to external entities such as third-party APIs or integrations."
|
|
5029
|
-
},
|
|
5030
|
-
["INSECURE_RANDOMNESS" /* InsecureRandomness */]: {
|
|
5031
|
-
issueDescription: "Insecure Randomness refers to the use of insecure or predictable random number generation algorithms, leading to weak cryptographic keys, session tokens, or initialization vectors. This can facilitate brute-force attacks or cryptographic exploits.",
|
|
5032
|
-
fixInstructions: "Use secure random number generation algorithms provided by cryptographic libraries or frameworks."
|
|
5033
|
-
},
|
|
5034
|
-
["TYPE_CONFUSION" /* TypeConfusion */]: {
|
|
5035
|
-
issueDescription: "Type Confusion occurs in programming languages with weak typing systems when an attacker manipulates object types to bypass type checks or exploit memory corruption vulnerabilities. This can lead to arbitrary code execution or unauthorized access to sensitive data.",
|
|
5036
|
-
fixInstructions: "Implement strict type checking and validation to prevent type confusion vulnerabilities."
|
|
5037
|
-
},
|
|
5038
|
-
["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: {
|
|
5039
|
-
issueDescription: "Incomplete URL Sanitization occurs when user-supplied URLs are not properly sanitized, allowing attackers to inject malicious content or bypass security controls. This can lead to security vulnerabilities such as XSS attacks, open redirect, or SSRF.",
|
|
5040
|
-
fixInstructions: "Implement thorough URL validation and/or sanitization to ensure that user-supplied URLs conform to expected formats and do not contain malicious content."
|
|
5041
|
-
},
|
|
5042
|
-
["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: {
|
|
5043
|
-
issueDescription: "Unsafe Deserialization occurs when attackers manipulate serialized objects to execute arbitrary code or bypass security controls. This can lead to remote code execution, privilege escalation, or data tampering.",
|
|
5044
|
-
fixInstructions: "Implement strict validation and integrity checks on serialized objects."
|
|
5045
|
-
},
|
|
5046
|
-
["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: {
|
|
5047
|
-
issueDescription: "Improper Resource Shutdown or Release refers to situations where system resources such as file handles, database connections, or network sockets are not properly closed or released after use. This can lead to resource exhaustion, denial of service, or memory leaks.",
|
|
5048
|
-
fixInstructions: "Ensure that system resources are consistently closed or released after use. Using try-with resources blocks, finalizers, or dedicated resource management libraries can help mitigate the risk of improper resource shutdown or release vulnerabilities."
|
|
5049
|
-
},
|
|
5050
|
-
["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: {
|
|
5051
|
-
issueDescription: "Improper Exception Handling occurs when exceptions are not handled or propagated correctly, leading to unexpected behavior, security vulnerabilities, or application crashes.",
|
|
5052
|
-
fixInstructions: "Implement exception handling to gracefully handle unexpected errors."
|
|
5053
|
-
},
|
|
5054
|
-
["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: {
|
|
5055
|
-
issueDescription: "Missing Anti-Forgery Validation occurs when web applications do not properly validate or enforce anti-forgery tokens, allowing attackers to forge or replay requests from authenticated users.",
|
|
5056
|
-
fixInstructions: "Implement anti-forgery measures to validate the authenticity of user-submitted requests."
|
|
5057
|
-
},
|
|
5058
|
-
["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: {
|
|
5059
|
-
issueDescription: "Insecure Binder Configuration refers to misconfigurations in application frameworks or dependency injection containers, leading to security vulnerabilities such as injection attacks or privilege escalation.",
|
|
5060
|
-
fixInstructions: "Secure binder configurations to prevent injection attacks and enforce least privilege principles. Configurations should be restricted to trusted sources and sanitized to prevent unauthorized access or manipulation."
|
|
5061
|
-
},
|
|
5062
|
-
["NULL_DEREFERENCE" /* NullDereference */]: {
|
|
5063
|
-
issueDescription: "Null Dereference occurs when null or uninitialized pointers are dereferenced, leading to application crashes or security vulnerabilities. Attackers can exploit this to cause denial of service or execute arbitrary code.",
|
|
5064
|
-
fixInstructions: "Implement proper null checks and error handling mechanisms. Null values should be handled gracefully to avoid unexpected behavior or security issues."
|
|
5065
|
-
},
|
|
5066
|
-
["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: {
|
|
5067
|
-
issueDescription: "Dangerous Function Overflow occurs when functions or methods are called with parameters that exceed predefined limits, leading to buffer overflows or memory corruption vulnerabilities.",
|
|
5068
|
-
fixInstructions: "Implement proper input validation and bounds checking to prevent dangerous function overflows. Functions should be designed to handle input within safe limits and gracefully reject or truncate input that exceeds these limits."
|
|
5069
|
-
},
|
|
5070
|
-
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: {
|
|
5071
|
-
issueDescription: "Default Rights in Object Definition refers to situations where SQL objects are created with default or excessive permissions, leading to security vulnerabilities such as privilege escalation or unauthorized access.",
|
|
5072
|
-
fixInstructions: "Restrict default permissions in object definitions to enforce least privilege principles. Objects should be created with the minimum necessary permissions required for their intended functionality."
|
|
5073
|
-
},
|
|
5074
|
-
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: {
|
|
5075
|
-
issueDescription: "Weak XML Schema Unbounded Occurrences refers to the lack of restrictions on the maximum number of occurrences for elements or attributes in XML schemas. This can lead to denial of service or resource exhaustion attacks by causing excessive memory consumption or processing overhead.",
|
|
5076
|
-
fixInstructions: "Impose limits on the maximum number of occurrences for elements or attributes in XML schemas to prevent resource exhaustion attacks."
|
|
5077
|
-
},
|
|
5078
|
-
["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: void 0,
|
|
5079
|
-
["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: void 0,
|
|
5080
|
-
["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: void 0,
|
|
5081
|
-
["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: void 0,
|
|
5082
|
-
["PROTOTYPE_POLLUTION" /* PrototypePollution */]: void 0,
|
|
5083
|
-
["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: void 0,
|
|
5084
|
-
["HEADER_MANIPULATION" /* HeaderManipulation */]: void 0,
|
|
5085
|
-
["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: {
|
|
5086
|
-
issueDescription: "Missing equals or hashcode method can lead to unexpected behavior in collections. If two objects are equal, they should have the same hashcode.",
|
|
5087
|
-
fixInstructions: "Add the missing methods to ensure proper behavior in collections."
|
|
5088
|
-
},
|
|
5089
|
-
["VALUE_NEVER_READ" /* ValueNeverRead */]: {
|
|
5090
|
-
issueDescription: "The variable's value is not used. After the assignment, the variable is either assigned another value or goes out of scope.",
|
|
5091
|
-
fixInstructions: "Remove the assignment to the variable."
|
|
5092
|
-
},
|
|
5093
|
-
["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: void 0,
|
|
5094
|
-
["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: void 0,
|
|
5095
|
-
["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: void 0,
|
|
5096
|
-
["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: void 0,
|
|
5097
|
-
["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: void 0,
|
|
5098
|
-
["PRIVACY_VIOLATION" /* PrivacyViolation */]: void 0,
|
|
5099
|
-
["VALUE_SHADOWING" /* ValueShadowing */]: void 0,
|
|
5100
|
-
["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: void 0,
|
|
5101
|
-
["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: void 0,
|
|
5102
|
-
["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: void 0,
|
|
5103
|
-
["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: void 0,
|
|
5104
|
-
["DEBUG_ENABLED" /* DebugEnabled */]: void 0,
|
|
5105
|
-
["CONFUSING_NAMING" /* ConfusingNaming */]: {
|
|
5106
|
-
issueDescription: "A data member and a function have the same name which can be confusing to the developer.",
|
|
5107
|
-
fixInstructions: "Rename the data member to avoid confusion."
|
|
5108
|
-
},
|
|
5109
|
-
["J2EE_GET_CONNECTION" /* J2EeGetConnection */]: void 0,
|
|
5110
|
-
["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: void 0,
|
|
5111
|
-
["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: void 0,
|
|
5112
|
-
["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: void 0,
|
|
5113
|
-
["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: void 0,
|
|
5114
|
-
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: {
|
|
5115
|
-
issueDescription: "Auto Escape False occurs when automatic escaping is disabled in template engines, allowing untrusted data to be rendered without proper encoding. This can lead to Cross-Site Scripting (XSS) vulnerabilities.",
|
|
5116
|
-
fixInstructions: "Set auto escape to true."
|
|
5117
|
-
},
|
|
5118
|
-
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: {
|
|
5119
|
-
issueDescription: "The lack of a rate limit can allow denial-of-service attacks, in which an attacker can cause the application to crash or become unresponsive by issuing a large number of requests simultaneously.",
|
|
5120
|
-
fixInstructions: "Use express-rate-limit npm package to set a rate limit."
|
|
5121
|
-
},
|
|
5122
|
-
["MISSING_CSP_HEADER" /* MissingCspHeader */]: void 0,
|
|
5123
|
-
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: void 0,
|
|
5124
|
-
["HEAP_INSPECTION" /* HeapInspection */]: {
|
|
5125
|
-
issueDescription: "All variables stored by the application in unencrypted memory can be read by an attacker. This can lead to the exposure of sensitive information, such as passwords, credit card numbers, and personal data.",
|
|
5126
|
-
fixInstructions: "Use secure storage methods to store secrets in memory."
|
|
5127
|
-
},
|
|
5128
|
-
["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: {
|
|
5129
|
-
issueDescription: "Client DOM Stored Code Injection is a client-side security vulnerability where malicious JavaScript code gets stored in the DOM and later executed when retrieved by legitimate scripts.",
|
|
5130
|
-
fixInstructions: "Update the code to avoid the possibility for malicious JavaScript code to get stored in the DOM."
|
|
5131
|
-
},
|
|
5132
|
-
["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: void 0,
|
|
5133
|
-
["NON_READONLY_FIELD" /* NonReadonlyField */]: void 0,
|
|
5134
|
-
["CSRF" /* Csrf */]: {
|
|
5135
|
-
issueDescription: "Cross Site Request Forgery is an attack that forces an end user to execute unwanted actions on a web application in which they\u2019re currently authenticated.",
|
|
5136
|
-
fixInstructions: "Configure a CSRF protection mechanism, such as a CSRF token, in your application."
|
|
5137
|
-
},
|
|
5138
|
-
["WEAK_ENCRYPTION" /* WeakEncryption */]: void 0,
|
|
5139
|
-
["CODE_IN_COMMENT" /* CodeInComment */]: void 0,
|
|
5140
|
-
["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: void 0,
|
|
5141
|
-
["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: void 0,
|
|
5142
|
-
["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: void 0,
|
|
5143
|
-
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: void 0,
|
|
5144
|
-
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: void 0,
|
|
5145
|
-
["DUPLICATED_STRINGS" /* DuplicatedStrings */]: void 0,
|
|
5146
|
-
["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: void 0,
|
|
5147
|
-
["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: void 0,
|
|
5148
|
-
["MODIFIED_DEFAULT_PARAM" /* ModifiedDefaultParam */]: void 0,
|
|
5149
|
-
["UNSAFE_WEB_THREAD" /* UnsafeWebThread */]: void 0,
|
|
5150
|
-
["NO_VAR" /* NoVar */]: void 0,
|
|
5151
|
-
["INSECURE_TMP_FILE" /* InsecureTmpFile */]: void 0,
|
|
5152
|
-
["RETURN_SHOULD_NOT_BE_INVARIANT" /* ReturnShouldNotBeInvariant */]: void 0,
|
|
5153
|
-
["SYSTEM_EXIT_SHOULD_RERAISE" /* SystemExitShouldReraise */]: void 0,
|
|
5154
|
-
["NO_RETURN_IN_FINALLY" /* NoReturnInFinally */]: void 0,
|
|
5155
|
-
["AVOID_IDENTITY_COMPARISON_CACHED_TYPES" /* AvoidIdentityComparisonCachedTypes */]: void 0,
|
|
5156
|
-
["AVOID_BUILTIN_SHADOWING" /* AvoidBuiltinShadowing */]: void 0,
|
|
5157
|
-
["IMPROPER_STRING_FORMATTING" /* ImproperStringFormatting */]: void 0,
|
|
5158
|
-
["WILDCARD_IMPORTS" /* WildcardImports */]: void 0,
|
|
5159
|
-
["TAR_SLIP" /* TarSlip */]: void 0,
|
|
5160
|
-
["MISSING_WHITESPACE" /* MissingWhitespace */]: void 0,
|
|
5161
|
-
["NO_PRINT_STATEMENT" /* NoPrintStatement */]: void 0,
|
|
5162
|
-
["NO_OP_OVERHEAD" /* NoOpOverhead */]: void 0,
|
|
5163
|
-
["DO_NOT_RAISE_EXCEPTION" /* DoNotRaiseException */]: void 0,
|
|
5164
|
-
["DECLARE_VARIABLE_EXPLICITLY" /* DeclareVariableExplicitly */]: void 0,
|
|
5165
|
-
["UNNECESSARY_IMPORTS" /* UnnecessaryImports */]: void 0,
|
|
5166
|
-
["NO_NESTED_TRY" /* NoNestedTry */]: void 0,
|
|
5167
|
-
["REDOS" /* Redos */]: void 0,
|
|
5168
|
-
["DO_NOT_THROW_GENERIC_EXCEPTION" /* DoNotThrowGenericException */]: void 0,
|
|
5169
|
-
["BUFFER_OVERFLOW" /* BufferOverflow */]: {
|
|
5170
|
-
issueDescription: "Buffer Overflow occurs when a program writes data beyond the allocated memory space, leading to unexpected behavior or security vulnerabilities.",
|
|
5171
|
-
fixInstructions: "Implement proper input validation and bounds checking to prevent buffer overflows. Use safe string manipulation functions and ensure that the buffer size is properly managed."
|
|
5172
|
-
},
|
|
5173
|
-
["STRING_TERMINATION_ERROR" /* StringTerminationError */]: {
|
|
5174
|
-
issueDescription: "String Termination Error occurs when a string is not properly terminated, leading to unexpected behavior or security vulnerabilities.",
|
|
5175
|
-
fixInstructions: "Implement proper input validation and bounds checking to prevent string termination errors. Use safe string manipulation functions and ensure that the buffer size is properly managed."
|
|
5176
|
-
},
|
|
5177
|
-
["HTTP_PARAMETER_POLLUTION" /* HttpParameterPollution */]: {
|
|
5178
|
-
issueDescription: "HTTP Parameter Pollution occurs when an attacker can manipulate the parameters of an HTTP request to change the behavior of the server.",
|
|
5179
|
-
fixInstructions: "Implement proper input validation and bounds checking to prevent HTTP parameter pollution. Use safe string manipulation functions and ensure that the buffer size is properly managed."
|
|
5180
|
-
},
|
|
5181
|
-
["INCOMPLETE_SANITIZATION" /* IncompleteSanitization */]: void 0,
|
|
5182
|
-
["CREDENTIAL_DISCLOSURE" /* CredentialDisclosure */]: void 0,
|
|
5183
|
-
["INSECURE_POSTMESSAGE" /* InsecurePostmessage */]: void 0,
|
|
5184
|
-
["MISSING_USER" /* MissingUser */]: {
|
|
5185
|
-
issueDescription: "Missing User occurs when a user is not specified in the Dockerfile, leading to security vulnerabilities.",
|
|
5186
|
-
fixInstructions: "Specify a user in the Dockerfile to prevent security vulnerabilities."
|
|
5187
|
-
},
|
|
5188
|
-
["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: void 0,
|
|
5189
|
-
["PORT_ALL_INTERFACES" /* PortAllInterfaces */]: void 0,
|
|
5190
|
-
["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: void 0,
|
|
5191
|
-
["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: void 0,
|
|
5192
|
-
["USELESS_TERNARY" /* UselessTernary */]: void 0,
|
|
5193
|
-
["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: void 0,
|
|
5194
|
-
["USE_SYS_EXIT" /* UseSysExit */]: void 0,
|
|
5195
|
-
["INCORRECT_SQL_API_USAGE" /* IncorrectSqlApiUsage */]: void 0,
|
|
5196
|
-
["USE_RAISE_FOR_STATUS" /* UseRaiseForStatus */]: void 0,
|
|
5197
|
-
["USE_TIMEOUT" /* UseTimeout */]: void 0,
|
|
5198
|
-
["USELESS_IF_BODY" /* UselessIfBody */]: void 0,
|
|
5199
|
-
["MISSING_TEMPLATE_STRING_INDICATOR" /* MissingTemplateStringIndicator */]: void 0,
|
|
5200
|
-
["NO_ASSERT" /* NoAssert */]: void 0,
|
|
5201
|
-
["FUNCTION_CALL_WITHOUT_PARENTHESES" /* FunctionCallWithoutParentheses */]: void 0,
|
|
5202
|
-
["SPRING_DEFAULT_PERMIT" /* SpringDefaultPermit */]: void 0,
|
|
5203
|
-
["RETURN_IN_INIT" /* ReturnInInit */]: void 0,
|
|
5204
|
-
["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: void 0,
|
|
5205
|
-
["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
|
|
5206
|
-
["REDUNDANT_CONDITION" /* RedundantCondition */]: void 0,
|
|
5207
|
-
["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
|
|
5208
|
-
["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0,
|
|
5209
|
-
["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0,
|
|
5210
|
-
["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: void 0,
|
|
5211
|
-
["MISSING_X_FRAME_OPTIONS" /* MissingXFrameOptions */]: void 0,
|
|
5212
|
-
["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: void 0,
|
|
5213
|
-
["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: void 0,
|
|
5214
|
-
["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: void 0,
|
|
5215
|
-
["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: void 0,
|
|
5216
|
-
["UNSAFE_REFLECTION" /* UnsafeReflection */]: void 0,
|
|
5217
|
-
["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: {
|
|
5218
|
-
issueDescription: "AWS SQS queue contents are unencrypted; data could be read if the queue is compromised.",
|
|
5219
|
-
fixInstructions: "Enable server-side encryption by setting sqs_managed_sse_enabled = true, or supply a KMS key via kms_master_key_id."
|
|
5220
|
-
},
|
|
5221
|
-
["INSECURE_DESERIALIZATION" /* InsecureDeserialization */]: void 0,
|
|
5222
|
-
["AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED" /* AwsDynamodbPointInTimeRecoveryDisabled */]: {
|
|
5223
|
-
issueDescription: "AWS DynamoDB table has point-in-time recovery disabled; accidental or malicious writes/deletes cannot be rolled back from a known-good snapshot.",
|
|
5224
|
-
fixInstructions: "Enable point-in-time recovery by adding `point_in_time_recovery { enabled = true }` to the aws_dynamodb_table resource."
|
|
5225
|
-
},
|
|
5226
|
-
["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: {
|
|
5227
|
-
issueDescription: "Decoding a JWT with `JWT.decode()` only base64-decodes the token without checking its signature, so an attacker can forge a token with arbitrary claims (identity, roles, expiration) and have it trusted. CWE-345, OWASP A08:2021 Software and Data Integrity Failures.",
|
|
5228
|
-
fixInstructions: "Verify the signature before trusting any claims: build a verifier with the expected algorithm and secret/key (e.g. `JWT.require(Algorithm.HMAC256(secret)).build().verify(token)`) instead of calling `JWT.decode(token)`. After merging, confirm the verifier is configured with the same algorithm and secret/key used to sign your tokens \u2014 an incorrect or placeholder secret will make verification throw `JWTVerificationException` at runtime and reject legitimate tokens."
|
|
5229
|
-
},
|
|
5230
|
-
["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: void 0
|
|
5231
|
-
};
|
|
5232
|
-
|
|
5233
|
-
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
5234
4601
|
init_getIssueType();
|
|
4602
|
+
init_issueTypeCatalog();
|
|
5235
4603
|
var severityToEmoji = {
|
|
5236
4604
|
["critical" /* Critical */]: "\u{1F6A8}",
|
|
5237
4605
|
["high" /* High */]: "\u{1F6A9}",
|
|
@@ -5244,14 +4612,12 @@ init_getIssueType();
|
|
|
5244
4612
|
|
|
5245
4613
|
// src/features/analysis/scm/shared/src/guidances.ts
|
|
5246
4614
|
init_client_generates();
|
|
5247
|
-
|
|
4615
|
+
init_getIssueType();
|
|
4616
|
+
import { z as z11 } from "zod";
|
|
5248
4617
|
|
|
5249
4618
|
// src/features/analysis/scm/shared/src/storedFixData/index.ts
|
|
5250
4619
|
init_client_generates();
|
|
5251
|
-
import { z as
|
|
5252
|
-
|
|
5253
|
-
// src/features/analysis/scm/shared/src/storedFixData/csharp/index.ts
|
|
5254
|
-
init_client_generates();
|
|
4620
|
+
import { z as z9 } from "zod";
|
|
5255
4621
|
|
|
5256
4622
|
// src/features/analysis/scm/shared/src/storedFixData/passwordInComment.ts
|
|
5257
4623
|
var passwordInComment = {
|
|
@@ -5288,8 +4654,8 @@ This is an illustration of how the form will look like:
|
|
|
5288
4654
|
|
|
5289
4655
|
// src/features/analysis/scm/shared/src/storedFixData/csharp/index.ts
|
|
5290
4656
|
var vulnerabilities = {
|
|
5291
|
-
["MISSING_ANTIFORGERY_VALIDATION"
|
|
5292
|
-
["PASSWORD_IN_COMMENT"
|
|
4657
|
+
["MISSING_ANTIFORGERY_VALIDATION"]: missingAntiForgeryValidation,
|
|
4658
|
+
["PASSWORD_IN_COMMENT"]: passwordInComment
|
|
5293
4659
|
};
|
|
5294
4660
|
var csharp_default = vulnerabilities;
|
|
5295
4661
|
|
|
@@ -5305,9 +4671,6 @@ var go_default = vulnerabilities3;
|
|
|
5305
4671
|
var vulnerabilities4 = {};
|
|
5306
4672
|
var hcl_default = vulnerabilities4;
|
|
5307
4673
|
|
|
5308
|
-
// src/features/analysis/scm/shared/src/storedFixData/java/index.ts
|
|
5309
|
-
init_client_generates();
|
|
5310
|
-
|
|
5311
4674
|
// src/features/analysis/scm/shared/src/storedFixData/java/insecureDeserialization.ts
|
|
5312
4675
|
var insecureDeserialization = {
|
|
5313
4676
|
guidance: () => "Added a `@Consumes` annotation restricting the endpoint to common safe media types (JSON, XML, form, multipart, octet-stream, plain text). Requests with `Content-Type: application/x-java-serialized-object` are no longer routed to the RESTEasy `SerializableProvider`. If your endpoint legitimately accepts a content type not in this allowlist (e.g. `image/png`, a custom JSON variant), expect HTTP 415 from those clients and extend the `@Consumes` list to include it."
|
|
@@ -5364,17 +4727,14 @@ var systemInformationLeak = {
|
|
|
5364
4727
|
|
|
5365
4728
|
// src/features/analysis/scm/shared/src/storedFixData/java/index.ts
|
|
5366
4729
|
var vulnerabilities5 = {
|
|
5367
|
-
["PASSWORD_IN_COMMENT"
|
|
5368
|
-
["INSECURE_DESERIALIZATION"
|
|
5369
|
-
["J2EE_GET_CONNECTION"
|
|
5370
|
-
["SQL_Injection"
|
|
5371
|
-
["SYSTEM_INFORMATION_LEAK"
|
|
4730
|
+
["PASSWORD_IN_COMMENT"]: passwordInComment,
|
|
4731
|
+
["INSECURE_DESERIALIZATION"]: insecureDeserialization,
|
|
4732
|
+
["J2EE_GET_CONNECTION"]: j2eeGetConnection,
|
|
4733
|
+
["SQL_Injection"]: sqlInjection,
|
|
4734
|
+
["SYSTEM_INFORMATION_LEAK"]: systemInformationLeak
|
|
5372
4735
|
};
|
|
5373
4736
|
var java_default = vulnerabilities5;
|
|
5374
4737
|
|
|
5375
|
-
// src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
|
|
5376
|
-
init_client_generates();
|
|
5377
|
-
|
|
5378
4738
|
// src/features/analysis/scm/shared/src/storedFixData/python/csrf.ts
|
|
5379
4739
|
var csrf = {
|
|
5380
4740
|
guidance: () => `Please make sure the CSRF middleware is activated by default in the MIDDLEWARE setting. If you override that setting, remember that \`django.middleware.csrf.CsrfViewMiddleware\` should come before any view middleware that assume that CSRF attacks have been dealt with.
|
|
@@ -5417,11 +4777,11 @@ var ssrf = {
|
|
|
5417
4777
|
|
|
5418
4778
|
// src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
|
|
5419
4779
|
var vulnerabilities6 = {
|
|
5420
|
-
["SSRF"
|
|
5421
|
-
["HARDCODED_SECRETS"
|
|
5422
|
-
["PASSWORD_IN_COMMENT"
|
|
5423
|
-
["NO_LIMITS_OR_THROTTLING"
|
|
5424
|
-
["CSRF"
|
|
4780
|
+
["SSRF"]: ssrf,
|
|
4781
|
+
["HARDCODED_SECRETS"]: hardcodedSecrets,
|
|
4782
|
+
["PASSWORD_IN_COMMENT"]: passwordInComment,
|
|
4783
|
+
["NO_LIMITS_OR_THROTTLING"]: noLimitsOrThrottling,
|
|
4784
|
+
["CSRF"]: csrf
|
|
5425
4785
|
};
|
|
5426
4786
|
var javascript_default = vulnerabilities6;
|
|
5427
4787
|
|
|
@@ -5429,9 +4789,6 @@ var javascript_default = vulnerabilities6;
|
|
|
5429
4789
|
var vulnerabilities7 = {};
|
|
5430
4790
|
var php_default = vulnerabilities7;
|
|
5431
4791
|
|
|
5432
|
-
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
5433
|
-
init_client_generates();
|
|
5434
|
-
|
|
5435
4792
|
// src/features/analysis/scm/shared/src/storedFixData/python/autoEscapeFalse.ts
|
|
5436
4793
|
var autoEscapeFalse = {
|
|
5437
4794
|
guidance: () => `This fix enables automatic escaping for HTML. When that's enabled, everything is escaped by default except for values explicitly marked as safe. Variables and expressions can be marked as safe either in:
|
|
@@ -5466,15 +4823,12 @@ See the [\`requests\` SSL verification docs](https://requests.readthedocs.io/en/
|
|
|
5466
4823
|
|
|
5467
4824
|
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
5468
4825
|
var vulnerabilities8 = {
|
|
5469
|
-
["AUTO_ESCAPE_FALSE"
|
|
5470
|
-
["CSRF"
|
|
5471
|
-
["IMPROPER_CERTIFICATE_VALIDATION"
|
|
4826
|
+
["AUTO_ESCAPE_FALSE"]: autoEscapeFalse,
|
|
4827
|
+
["CSRF"]: csrf,
|
|
4828
|
+
["IMPROPER_CERTIFICATE_VALIDATION"]: improperCertificateValidation
|
|
5472
4829
|
};
|
|
5473
4830
|
var python_default = vulnerabilities8;
|
|
5474
4831
|
|
|
5475
|
-
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
5476
|
-
init_client_generates();
|
|
5477
|
-
|
|
5478
4832
|
// src/features/analysis/scm/shared/src/storedFixData/sql/defaultRightsInObjDefinition.ts
|
|
5479
4833
|
var defaultRightsInObjDefinition = {
|
|
5480
4834
|
guidance: () => "***Make sure the user who is supposed to run the procedure has sufficient permissions.***\n\nRead more details about the `EXECUTE AS` statement in [the official Microsoft documentation](https://learn.microsoft.com/en-us/sql/t-sql/statements/execute-as-clause-transact-sql?view=sql-server-ver16&tabs=sqlserver).\n\n`EXECUTE AS CALLER` is the default behavior for SQL Server 2005 and later."
|
|
@@ -5482,20 +4836,19 @@ var defaultRightsInObjDefinition = {
|
|
|
5482
4836
|
|
|
5483
4837
|
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
5484
4838
|
var vulnerabilities9 = {
|
|
5485
|
-
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION"
|
|
4839
|
+
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION"]: defaultRightsInObjDefinition
|
|
5486
4840
|
};
|
|
5487
4841
|
var sql_default = vulnerabilities9;
|
|
5488
4842
|
|
|
5489
4843
|
// src/features/analysis/scm/shared/src/storedFixData/xml/index.ts
|
|
5490
|
-
init_client_generates();
|
|
5491
4844
|
var vulnerabilities10 = {
|
|
5492
|
-
["PASSWORD_IN_COMMENT"
|
|
4845
|
+
["PASSWORD_IN_COMMENT"]: passwordInComment
|
|
5493
4846
|
};
|
|
5494
4847
|
var xml_default = vulnerabilities10;
|
|
5495
4848
|
|
|
5496
4849
|
// src/features/analysis/scm/shared/src/storedFixData/index.ts
|
|
5497
|
-
var StoredFixDataItemZ =
|
|
5498
|
-
guidance:
|
|
4850
|
+
var StoredFixDataItemZ = z9.object({
|
|
4851
|
+
guidance: z9.function().args(z9.any()).returns(z9.string())
|
|
5499
4852
|
});
|
|
5500
4853
|
var languages = {
|
|
5501
4854
|
["Java" /* Java */]: java_default,
|
|
@@ -5512,10 +4865,7 @@ var languages = {
|
|
|
5512
4865
|
|
|
5513
4866
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
5514
4867
|
init_client_generates();
|
|
5515
|
-
import { z as
|
|
5516
|
-
|
|
5517
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
|
|
5518
|
-
init_client_generates();
|
|
4868
|
+
import { z as z10 } from "zod";
|
|
5519
4869
|
|
|
5520
4870
|
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/commandInjection.ts
|
|
5521
4871
|
var commandInjection = {
|
|
@@ -5561,14 +4911,11 @@ var pathManipulation = {
|
|
|
5561
4911
|
|
|
5562
4912
|
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
|
|
5563
4913
|
var vulnerabilities11 = {
|
|
5564
|
-
["CMDi"
|
|
5565
|
-
["PT"
|
|
4914
|
+
["CMDi"]: commandInjection,
|
|
4915
|
+
["PT"]: pathManipulation
|
|
5566
4916
|
};
|
|
5567
4917
|
var cpp_default = vulnerabilities11;
|
|
5568
4918
|
|
|
5569
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
|
|
5570
|
-
init_client_generates();
|
|
5571
|
-
|
|
5572
4919
|
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/httpOnlyCookie.ts
|
|
5573
4920
|
var httpOnlyCookie = {
|
|
5574
4921
|
httpOnlyCookie: {
|
|
@@ -5863,31 +5210,28 @@ var xxe = {
|
|
|
5863
5210
|
|
|
5864
5211
|
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
|
|
5865
5212
|
var vulnerabilities12 = {
|
|
5866
|
-
["LOG_FORGING"
|
|
5867
|
-
["SSRF"
|
|
5868
|
-
["XXE"
|
|
5869
|
-
["XSS"
|
|
5870
|
-
["USE_OF_SYSTEM_OUTPUT_STREAM"
|
|
5871
|
-
["SYSTEM_INFORMATION_LEAK"
|
|
5872
|
-
["OVERLY_BROAD_CATCH"
|
|
5873
|
-
["TRUST_BOUNDARY_VIOLATION"
|
|
5874
|
-
["PT"
|
|
5875
|
-
["REGEX_MISSING_TIMEOUT"
|
|
5876
|
-
["HTTP_ONLY_COOKIE"
|
|
5877
|
-
["INSECURE_COOKIE"
|
|
5878
|
-
["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED"
|
|
5879
|
-
["INSECURE_BINDER_CONFIGURATION"
|
|
5880
|
-
["VALUE_SHADOWING"
|
|
5881
|
-
["INSECURE_RANDOMNESS"
|
|
5882
|
-
["INSUFFICIENT_LOGGING"
|
|
5883
|
-
["SQL_Injection"
|
|
5884
|
-
["REQUEST_PARAMETERS_BOUND_VIA_INPUT"
|
|
5213
|
+
["LOG_FORGING"]: logForging,
|
|
5214
|
+
["SSRF"]: ssrf2,
|
|
5215
|
+
["XXE"]: xxe,
|
|
5216
|
+
["XSS"]: xss,
|
|
5217
|
+
["USE_OF_SYSTEM_OUTPUT_STREAM"]: useOfSystemOutputStream,
|
|
5218
|
+
["SYSTEM_INFORMATION_LEAK"]: sysLeak,
|
|
5219
|
+
["OVERLY_BROAD_CATCH"]: overlyBroadCatch,
|
|
5220
|
+
["TRUST_BOUNDARY_VIOLATION"]: trustBoundaryViolation,
|
|
5221
|
+
["PT"]: pt,
|
|
5222
|
+
["REGEX_MISSING_TIMEOUT"]: regexMissingTimeout,
|
|
5223
|
+
["HTTP_ONLY_COOKIE"]: httpOnlyCookie,
|
|
5224
|
+
["INSECURE_COOKIE"]: insecureCookie,
|
|
5225
|
+
["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED"]: wcfMisconfigurationThrottlingNotEnabled,
|
|
5226
|
+
["INSECURE_BINDER_CONFIGURATION"]: insecureBinderConfiguration,
|
|
5227
|
+
["VALUE_SHADOWING"]: valueShadowing,
|
|
5228
|
+
["INSECURE_RANDOMNESS"]: insecureRandomness,
|
|
5229
|
+
["INSUFFICIENT_LOGGING"]: insufficientLogging,
|
|
5230
|
+
["SQL_Injection"]: sqlInjection2,
|
|
5231
|
+
["REQUEST_PARAMETERS_BOUND_VIA_INPUT"]: requestParametersBoundViaInput
|
|
5885
5232
|
};
|
|
5886
5233
|
var csharp_default2 = vulnerabilities12;
|
|
5887
5234
|
|
|
5888
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
5889
|
-
init_client_generates();
|
|
5890
|
-
|
|
5891
5235
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/logForging.ts
|
|
5892
5236
|
var logForging2 = {
|
|
5893
5237
|
isHtmlDisplay: {
|
|
@@ -5917,15 +5261,12 @@ var websocketMissingOriginCheck = {
|
|
|
5917
5261
|
|
|
5918
5262
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
5919
5263
|
var vulnerabilities13 = {
|
|
5920
|
-
["LOG_FORGING"
|
|
5921
|
-
["MISSING_SSL_MINVERSION"
|
|
5922
|
-
["WEBSOCKET_MISSING_ORIGIN_CHECK"
|
|
5264
|
+
["LOG_FORGING"]: logForging2,
|
|
5265
|
+
["MISSING_SSL_MINVERSION"]: missingSslMinversion,
|
|
5266
|
+
["WEBSOCKET_MISSING_ORIGIN_CHECK"]: websocketMissingOriginCheck
|
|
5923
5267
|
};
|
|
5924
5268
|
var go_default2 = vulnerabilities13;
|
|
5925
5269
|
|
|
5926
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
5927
|
-
init_client_generates();
|
|
5928
|
-
|
|
5929
5270
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/commandInjection.ts
|
|
5930
5271
|
var commandInjection2 = {
|
|
5931
5272
|
isUnixShellCommandPart: {
|
|
@@ -6382,38 +5723,35 @@ var xxe2 = {
|
|
|
6382
5723
|
|
|
6383
5724
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
6384
5725
|
var vulnerabilities14 = {
|
|
6385
|
-
["SQL_Injection"
|
|
6386
|
-
["CMDi_relative_path_command"
|
|
6387
|
-
["CMDi"
|
|
6388
|
-
["CONFUSING_NAMING"
|
|
6389
|
-
["ERROR_CONDTION_WITHOUT_ACTION"
|
|
6390
|
-
["XXE"
|
|
6391
|
-
["XSS"
|
|
6392
|
-
["PRIVACY_VIOLATION"
|
|
6393
|
-
["PT"
|
|
6394
|
-
["SSRF"
|
|
6395
|
-
["LOG_FORGING"
|
|
6396
|
-
["LOCALE_DEPENDENT_COMPARISON"
|
|
6397
|
-
["MISSING_CHECK_AGAINST_NULL"
|
|
6398
|
-
["OPEN_REDIRECT"
|
|
6399
|
-
["OVERLY_BROAD_CATCH"
|
|
6400
|
-
["SYSTEM_INFORMATION_LEAK"
|
|
6401
|
-
["USE_OF_SYSTEM_OUTPUT_STREAM"
|
|
6402
|
-
["HTTP_ONLY_COOKIE"
|
|
6403
|
-
["UNCHECKED_LOOP_CONDITION"
|
|
6404
|
-
["INSECURE_COOKIE"
|
|
6405
|
-
["TRUST_BOUNDARY_VIOLATION"
|
|
6406
|
-
["UNSAFE_REFLECTION"
|
|
6407
|
-
["J2EE_GET_CONNECTION"
|
|
6408
|
-
["LEFTOVER_DEBUG_CODE"
|
|
6409
|
-
["ERRONEOUS_STRING_COMPARE"
|
|
6410
|
-
["DUPLICATED_STRINGS"
|
|
5726
|
+
["SQL_Injection"]: sqlInjection3,
|
|
5727
|
+
["CMDi_relative_path_command"]: relativePathCommand,
|
|
5728
|
+
["CMDi"]: commandInjection2,
|
|
5729
|
+
["CONFUSING_NAMING"]: confusingNaming,
|
|
5730
|
+
["ERROR_CONDTION_WITHOUT_ACTION"]: errorConditionWithoutAction,
|
|
5731
|
+
["XXE"]: xxe2,
|
|
5732
|
+
["XSS"]: xss2,
|
|
5733
|
+
["PRIVACY_VIOLATION"]: privacyViolation,
|
|
5734
|
+
["PT"]: pt2,
|
|
5735
|
+
["SSRF"]: ssrf3,
|
|
5736
|
+
["LOG_FORGING"]: logForging3,
|
|
5737
|
+
["LOCALE_DEPENDENT_COMPARISON"]: localeDependentComparison,
|
|
5738
|
+
["MISSING_CHECK_AGAINST_NULL"]: missingCheckAgainstNull,
|
|
5739
|
+
["OPEN_REDIRECT"]: openRedirect,
|
|
5740
|
+
["OVERLY_BROAD_CATCH"]: overlyBroadCatch2,
|
|
5741
|
+
["SYSTEM_INFORMATION_LEAK"]: sysLeak2,
|
|
5742
|
+
["USE_OF_SYSTEM_OUTPUT_STREAM"]: useOfSystemOutputStream2,
|
|
5743
|
+
["HTTP_ONLY_COOKIE"]: httpOnlyCookie2,
|
|
5744
|
+
["UNCHECKED_LOOP_CONDITION"]: uncheckedLoopCondition,
|
|
5745
|
+
["INSECURE_COOKIE"]: insecureCookie2,
|
|
5746
|
+
["TRUST_BOUNDARY_VIOLATION"]: trustBoundaryViolation2,
|
|
5747
|
+
["UNSAFE_REFLECTION"]: unsafeReflection,
|
|
5748
|
+
["J2EE_GET_CONNECTION"]: j2eeGetConnection2,
|
|
5749
|
+
["LEFTOVER_DEBUG_CODE"]: leftoverDebugCode,
|
|
5750
|
+
["ERRONEOUS_STRING_COMPARE"]: erroneousStringCompare,
|
|
5751
|
+
["DUPLICATED_STRINGS"]: duplicatedStrings
|
|
6411
5752
|
};
|
|
6412
5753
|
var java_default2 = vulnerabilities14;
|
|
6413
5754
|
|
|
6414
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
|
|
6415
|
-
init_client_generates();
|
|
6416
|
-
|
|
6417
5755
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/csrf.ts
|
|
6418
5756
|
var csrf2 = {
|
|
6419
5757
|
isPythonDjangoTemplate: {
|
|
@@ -6739,33 +6077,30 @@ var xss3 = {
|
|
|
6739
6077
|
|
|
6740
6078
|
// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
|
|
6741
6079
|
var vulnerabilities15 = {
|
|
6742
|
-
["CMDi"
|
|
6743
|
-
["GRAPHQL_DEPTH_LIMIT"
|
|
6744
|
-
["INSECURE_RANDOMNESS"
|
|
6745
|
-
["SSRF"
|
|
6746
|
-
["TYPE_CONFUSION"
|
|
6747
|
-
["INCOMPLETE_URL_SANITIZATION"
|
|
6748
|
-
["LOG_FORGING"
|
|
6749
|
-
["XSS"
|
|
6750
|
-
["OPEN_REDIRECT"
|
|
6751
|
-
["SYSTEM_INFORMATION_LEAK"
|
|
6752
|
-
["SYSTEM_INFORMATION_LEAK_EXTERNAL"
|
|
6753
|
-
["IFRAME_WITHOUT_SANDBOX"
|
|
6754
|
-
["PT"
|
|
6755
|
-
["HARDCODED_SECRETS"
|
|
6756
|
-
["MISSING_HSTS_HEADER"
|
|
6757
|
-
["UNCHECKED_LOOP_CONDITION"
|
|
6758
|
-
["NO_LIMITS_OR_THROTTLING"
|
|
6759
|
-
["MISSING_CSP_HEADER"
|
|
6760
|
-
["MISSING_X_FRAME_OPTIONS"
|
|
6761
|
-
["HARDCODED_DOMAIN_IN_HTML"
|
|
6762
|
-
["CSRF"
|
|
6080
|
+
["CMDi"]: commandInjection3,
|
|
6081
|
+
["GRAPHQL_DEPTH_LIMIT"]: graphqlDepthLimit,
|
|
6082
|
+
["INSECURE_RANDOMNESS"]: insecureRandomness2,
|
|
6083
|
+
["SSRF"]: ssrf4,
|
|
6084
|
+
["TYPE_CONFUSION"]: typeConfusion,
|
|
6085
|
+
["INCOMPLETE_URL_SANITIZATION"]: incompleteUrlSanitization,
|
|
6086
|
+
["LOG_FORGING"]: logForging4,
|
|
6087
|
+
["XSS"]: xss3,
|
|
6088
|
+
["OPEN_REDIRECT"]: openRedirect2,
|
|
6089
|
+
["SYSTEM_INFORMATION_LEAK"]: sysLeak3,
|
|
6090
|
+
["SYSTEM_INFORMATION_LEAK_EXTERNAL"]: sysLeakExternal,
|
|
6091
|
+
["IFRAME_WITHOUT_SANDBOX"]: iframeWithoutSandbox,
|
|
6092
|
+
["PT"]: pt3,
|
|
6093
|
+
["HARDCODED_SECRETS"]: hardcodedSecrets2,
|
|
6094
|
+
["MISSING_HSTS_HEADER"]: headerMaxAge,
|
|
6095
|
+
["UNCHECKED_LOOP_CONDITION"]: uncheckedLoopCondition2,
|
|
6096
|
+
["NO_LIMITS_OR_THROTTLING"]: noLimitsOrThrottling2,
|
|
6097
|
+
["MISSING_CSP_HEADER"]: cspHeaderValue,
|
|
6098
|
+
["MISSING_X_FRAME_OPTIONS"]: xFrameOptionsValue,
|
|
6099
|
+
["HARDCODED_DOMAIN_IN_HTML"]: hardcodedDomainInHtml,
|
|
6100
|
+
["CSRF"]: csrf2
|
|
6763
6101
|
};
|
|
6764
6102
|
var js_default = vulnerabilities15;
|
|
6765
6103
|
|
|
6766
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
|
|
6767
|
-
init_client_generates();
|
|
6768
|
-
|
|
6769
6104
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/duplicatedStrings.ts
|
|
6770
6105
|
var duplicatedStrings2 = {
|
|
6771
6106
|
constantName: {
|
|
@@ -6836,19 +6171,16 @@ var uncheckedLoopCondition3 = {
|
|
|
6836
6171
|
|
|
6837
6172
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
|
|
6838
6173
|
var vulnerabilities16 = {
|
|
6839
|
-
["CSRF"
|
|
6840
|
-
["LOG_FORGING"
|
|
6841
|
-
["OPEN_REDIRECT"
|
|
6842
|
-
["UNCHECKED_LOOP_CONDITION"
|
|
6843
|
-
["DUPLICATED_STRINGS"
|
|
6844
|
-
["MISSING_ENCODING_FILE_OPEN"
|
|
6845
|
-
["SSRF"
|
|
6174
|
+
["CSRF"]: csrf2,
|
|
6175
|
+
["LOG_FORGING"]: logForging5,
|
|
6176
|
+
["OPEN_REDIRECT"]: openRedirect3,
|
|
6177
|
+
["UNCHECKED_LOOP_CONDITION"]: uncheckedLoopCondition3,
|
|
6178
|
+
["DUPLICATED_STRINGS"]: duplicatedStrings2,
|
|
6179
|
+
["MISSING_ENCODING_FILE_OPEN"]: missingEncoding,
|
|
6180
|
+
["SSRF"]: ssrf5
|
|
6846
6181
|
};
|
|
6847
6182
|
var python_default2 = vulnerabilities16;
|
|
6848
6183
|
|
|
6849
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
6850
|
-
init_client_generates();
|
|
6851
|
-
|
|
6852
6184
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/unboundedOccurrences.ts
|
|
6853
6185
|
var unboundedOccurrences = {
|
|
6854
6186
|
maxOccursLimit: {
|
|
@@ -6862,13 +6194,10 @@ A value too high will cause performance issues up to and including denial of ser
|
|
|
6862
6194
|
|
|
6863
6195
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
6864
6196
|
var vulnerabilities17 = {
|
|
6865
|
-
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES"
|
|
6197
|
+
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES"]: unboundedOccurrences
|
|
6866
6198
|
};
|
|
6867
6199
|
var xml_default2 = vulnerabilities17;
|
|
6868
6200
|
|
|
6869
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/yaml/index.ts
|
|
6870
|
-
init_client_generates();
|
|
6871
|
-
|
|
6872
6201
|
// src/features/analysis/scm/shared/src/storedQuestionData/yaml/noNewPrivileges.ts
|
|
6873
6202
|
var noNewPrivileges = {
|
|
6874
6203
|
requireNewPrivileges: {
|
|
@@ -6898,17 +6227,17 @@ var writableFilesystemService = {
|
|
|
6898
6227
|
|
|
6899
6228
|
// src/features/analysis/scm/shared/src/storedQuestionData/yaml/index.ts
|
|
6900
6229
|
var vulnerabilities18 = {
|
|
6901
|
-
["PORT_ALL_INTERFACES"
|
|
6902
|
-
["WRITABLE_FILESYSTEM_SERVICE"
|
|
6903
|
-
["NO_NEW_PRIVILEGES"
|
|
6230
|
+
["PORT_ALL_INTERFACES"]: portAllInterfaces,
|
|
6231
|
+
["WRITABLE_FILESYSTEM_SERVICE"]: writableFilesystemService,
|
|
6232
|
+
["NO_NEW_PRIVILEGES"]: noNewPrivileges
|
|
6904
6233
|
};
|
|
6905
6234
|
var yaml_default = vulnerabilities18;
|
|
6906
6235
|
|
|
6907
6236
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
6908
|
-
var StoredQuestionDataItemZ =
|
|
6909
|
-
content:
|
|
6910
|
-
description:
|
|
6911
|
-
guidance:
|
|
6237
|
+
var StoredQuestionDataItemZ = z10.object({
|
|
6238
|
+
content: z10.function().args(z10.any()).returns(z10.string()),
|
|
6239
|
+
description: z10.function().args(z10.any()).returns(z10.string()),
|
|
6240
|
+
guidance: z10.function().args(z10.any()).returns(z10.string())
|
|
6912
6241
|
});
|
|
6913
6242
|
var languages2 = {
|
|
6914
6243
|
["Java" /* Java */]: java_default2,
|
|
@@ -6922,9 +6251,9 @@ var languages2 = {
|
|
|
6922
6251
|
};
|
|
6923
6252
|
|
|
6924
6253
|
// src/features/analysis/scm/shared/src/guidances.ts
|
|
6925
|
-
var IssueTypeAndLanguageZ =
|
|
6926
|
-
issueType:
|
|
6927
|
-
issueLanguage:
|
|
6254
|
+
var IssueTypeAndLanguageZ = z11.object({
|
|
6255
|
+
issueType: SafeIssueTypeStringZ,
|
|
6256
|
+
issueLanguage: z11.nativeEnum(IssueLanguage_Enum)
|
|
6928
6257
|
});
|
|
6929
6258
|
|
|
6930
6259
|
// src/features/analysis/scm/shared/src/index.ts
|
|
@@ -6934,19 +6263,19 @@ init_urlParser2();
|
|
|
6934
6263
|
init_validations();
|
|
6935
6264
|
|
|
6936
6265
|
// src/features/analysis/scm/types.ts
|
|
6937
|
-
import { z as
|
|
6266
|
+
import { z as z13 } from "zod";
|
|
6938
6267
|
var ReferenceType = /* @__PURE__ */ ((ReferenceType2) => {
|
|
6939
6268
|
ReferenceType2["BRANCH"] = "BRANCH";
|
|
6940
6269
|
ReferenceType2["COMMIT"] = "COMMIT";
|
|
6941
6270
|
ReferenceType2["TAG"] = "TAG";
|
|
6942
6271
|
return ReferenceType2;
|
|
6943
6272
|
})(ReferenceType || {});
|
|
6944
|
-
var GithubFullShaZ =
|
|
6945
|
-
var MergedPrSurvivalMetadataZ =
|
|
6946
|
-
mergeCommitShas:
|
|
6273
|
+
var GithubFullShaZ = z13.string().regex(/^[a-f0-9]{40}$/);
|
|
6274
|
+
var MergedPrSurvivalMetadataZ = z13.object({
|
|
6275
|
+
mergeCommitShas: z13.array(GithubFullShaZ).min(1).refine((shas) => new Set(shas).size === shas.length, {
|
|
6947
6276
|
message: "mergeCommitShas must contain unique SHAs"
|
|
6948
6277
|
}),
|
|
6949
|
-
targetBranch:
|
|
6278
|
+
targetBranch: z13.string().min(1)
|
|
6950
6279
|
});
|
|
6951
6280
|
var scmCloudHostname = {
|
|
6952
6281
|
["GitLab" /* GitLab */]: new URL(scmCloudUrl.GitLab).hostname,
|
|
@@ -6966,10 +6295,10 @@ var scmTypeToScmLibScmType = {
|
|
|
6966
6295
|
["Ado" /* Ado */]: "ADO" /* ADO */,
|
|
6967
6296
|
["Bitbucket" /* Bitbucket */]: "BITBUCKET" /* BITBUCKET */
|
|
6968
6297
|
};
|
|
6969
|
-
var GetReferenceResultZ =
|
|
6970
|
-
date:
|
|
6971
|
-
sha:
|
|
6972
|
-
type:
|
|
6298
|
+
var GetReferenceResultZ = z13.object({
|
|
6299
|
+
date: z13.date().optional(),
|
|
6300
|
+
sha: z13.string(),
|
|
6301
|
+
type: z13.nativeEnum(ReferenceType)
|
|
6973
6302
|
});
|
|
6974
6303
|
|
|
6975
6304
|
// src/features/analysis/scm/ado/constants.ts
|
|
@@ -6981,39 +6310,39 @@ init_env();
|
|
|
6981
6310
|
import querystring from "querystring";
|
|
6982
6311
|
import * as api from "azure-devops-node-api";
|
|
6983
6312
|
import Debug3 from "debug";
|
|
6984
|
-
import { z as
|
|
6313
|
+
import { z as z17 } from "zod";
|
|
6985
6314
|
|
|
6986
6315
|
// src/features/analysis/scm/ado/validation.ts
|
|
6987
|
-
import { z as
|
|
6988
|
-
var ValidPullRequestStatusZ =
|
|
6989
|
-
|
|
6990
|
-
|
|
6991
|
-
|
|
6316
|
+
import { z as z16 } from "zod";
|
|
6317
|
+
var ValidPullRequestStatusZ = z16.union([
|
|
6318
|
+
z16.literal(1 /* Active */),
|
|
6319
|
+
z16.literal(2 /* Abandoned */),
|
|
6320
|
+
z16.literal(3 /* Completed */)
|
|
6992
6321
|
]);
|
|
6993
|
-
var AdoAuthResultZ =
|
|
6994
|
-
access_token:
|
|
6995
|
-
token_type:
|
|
6996
|
-
refresh_token:
|
|
6322
|
+
var AdoAuthResultZ = z16.object({
|
|
6323
|
+
access_token: z16.string().min(1),
|
|
6324
|
+
token_type: z16.string().min(1),
|
|
6325
|
+
refresh_token: z16.string().min(1)
|
|
6997
6326
|
});
|
|
6998
6327
|
var AdoAuthResultWithOrgsZ = AdoAuthResultZ.extend({
|
|
6999
|
-
scmOrgs:
|
|
6328
|
+
scmOrgs: z16.array(z16.string())
|
|
7000
6329
|
});
|
|
7001
|
-
var profileZ =
|
|
7002
|
-
displayName:
|
|
7003
|
-
publicAlias:
|
|
7004
|
-
emailAddress:
|
|
7005
|
-
coreRevision:
|
|
7006
|
-
timeStamp:
|
|
7007
|
-
id:
|
|
7008
|
-
revision:
|
|
6330
|
+
var profileZ = z16.object({
|
|
6331
|
+
displayName: z16.string(),
|
|
6332
|
+
publicAlias: z16.string().min(1),
|
|
6333
|
+
emailAddress: z16.string(),
|
|
6334
|
+
coreRevision: z16.number(),
|
|
6335
|
+
timeStamp: z16.string(),
|
|
6336
|
+
id: z16.string(),
|
|
6337
|
+
revision: z16.number()
|
|
7009
6338
|
});
|
|
7010
|
-
var accountsZ =
|
|
7011
|
-
count:
|
|
7012
|
-
value:
|
|
7013
|
-
|
|
7014
|
-
accountId:
|
|
7015
|
-
accountUri:
|
|
7016
|
-
accountName:
|
|
6339
|
+
var accountsZ = z16.object({
|
|
6340
|
+
count: z16.number(),
|
|
6341
|
+
value: z16.array(
|
|
6342
|
+
z16.object({
|
|
6343
|
+
accountId: z16.string(),
|
|
6344
|
+
accountUri: z16.string(),
|
|
6345
|
+
accountName: z16.string()
|
|
7017
6346
|
})
|
|
7018
6347
|
)
|
|
7019
6348
|
});
|
|
@@ -7034,39 +6363,39 @@ import querystring2 from "querystring";
|
|
|
7034
6363
|
import * as bitbucketPkgNode from "bitbucket";
|
|
7035
6364
|
import bitbucketPkg from "bitbucket";
|
|
7036
6365
|
import Debug4 from "debug";
|
|
7037
|
-
import { z as
|
|
6366
|
+
import { z as z20 } from "zod";
|
|
7038
6367
|
|
|
7039
6368
|
// src/features/analysis/scm/bitbucket/validation.ts
|
|
7040
|
-
import { z as
|
|
7041
|
-
var BitbucketAuthResultZ =
|
|
7042
|
-
access_token:
|
|
7043
|
-
token_type:
|
|
7044
|
-
refresh_token:
|
|
6369
|
+
import { z as z19 } from "zod";
|
|
6370
|
+
var BitbucketAuthResultZ = z19.object({
|
|
6371
|
+
access_token: z19.string(),
|
|
6372
|
+
token_type: z19.string(),
|
|
6373
|
+
refresh_token: z19.string()
|
|
7045
6374
|
});
|
|
7046
6375
|
|
|
7047
6376
|
// src/features/analysis/scm/bitbucket/bitbucket.ts
|
|
7048
6377
|
var debug5 = Debug4("scm:bitbucket");
|
|
7049
6378
|
var BITBUCKET_HOSTNAME = "bitbucket.org";
|
|
7050
|
-
var TokenExpiredErrorZ =
|
|
7051
|
-
status:
|
|
7052
|
-
error:
|
|
7053
|
-
type:
|
|
7054
|
-
error:
|
|
7055
|
-
message:
|
|
6379
|
+
var TokenExpiredErrorZ = z20.object({
|
|
6380
|
+
status: z20.number(),
|
|
6381
|
+
error: z20.object({
|
|
6382
|
+
type: z20.string(),
|
|
6383
|
+
error: z20.object({
|
|
6384
|
+
message: z20.string()
|
|
7056
6385
|
})
|
|
7057
6386
|
})
|
|
7058
6387
|
});
|
|
7059
6388
|
var BITBUCKET_ACCESS_TOKEN_URL = `https://${BITBUCKET_HOSTNAME}/site/oauth2/access_token`;
|
|
7060
|
-
var BitbucketParseResultZ =
|
|
7061
|
-
organization:
|
|
7062
|
-
repoName:
|
|
7063
|
-
hostname:
|
|
6389
|
+
var BitbucketParseResultZ = z20.object({
|
|
6390
|
+
organization: z20.string(),
|
|
6391
|
+
repoName: z20.string(),
|
|
6392
|
+
hostname: z20.literal(BITBUCKET_HOSTNAME)
|
|
7064
6393
|
});
|
|
7065
|
-
var UserWorkspacePermissionsRepositoriesResponseZ =
|
|
7066
|
-
values:
|
|
7067
|
-
|
|
7068
|
-
repository:
|
|
7069
|
-
full_name:
|
|
6394
|
+
var UserWorkspacePermissionsRepositoriesResponseZ = z20.object({
|
|
6395
|
+
values: z20.array(
|
|
6396
|
+
z20.object({
|
|
6397
|
+
repository: z20.object({
|
|
6398
|
+
full_name: z20.string().optional()
|
|
7070
6399
|
}).optional()
|
|
7071
6400
|
})
|
|
7072
6401
|
).optional()
|
|
@@ -7074,7 +6403,7 @@ var UserWorkspacePermissionsRepositoriesResponseZ = z21.object({
|
|
|
7074
6403
|
|
|
7075
6404
|
// src/features/analysis/scm/bitbucket/BitbucketSCMLib.ts
|
|
7076
6405
|
import { setTimeout as setTimeout3 } from "timers/promises";
|
|
7077
|
-
import { z as
|
|
6406
|
+
import { z as z21 } from "zod";
|
|
7078
6407
|
|
|
7079
6408
|
// src/features/analysis/scm/constants.ts
|
|
7080
6409
|
var REPORT_DEFAULT_FILE_NAME = "report.json";
|
|
@@ -7084,7 +6413,7 @@ init_env();
|
|
|
7084
6413
|
|
|
7085
6414
|
// src/features/analysis/scm/github/GithubSCMLib.ts
|
|
7086
6415
|
import pLimit3 from "p-limit";
|
|
7087
|
-
import { z as
|
|
6416
|
+
import { z as z22 } from "zod";
|
|
7088
6417
|
init_client_generates();
|
|
7089
6418
|
|
|
7090
6419
|
// src/features/analysis/scm/github/github.ts
|
|
@@ -7117,11 +6446,11 @@ import {
|
|
|
7117
6446
|
init_env();
|
|
7118
6447
|
|
|
7119
6448
|
// src/features/analysis/scm/gitlab/types.ts
|
|
7120
|
-
import { z as
|
|
7121
|
-
var GitlabAuthResultZ =
|
|
7122
|
-
access_token:
|
|
7123
|
-
token_type:
|
|
7124
|
-
refresh_token:
|
|
6449
|
+
import { z as z23 } from "zod";
|
|
6450
|
+
var GitlabAuthResultZ = z23.object({
|
|
6451
|
+
access_token: z23.string(),
|
|
6452
|
+
token_type: z23.string(),
|
|
6453
|
+
refresh_token: z23.string()
|
|
7125
6454
|
});
|
|
7126
6455
|
|
|
7127
6456
|
// src/features/analysis/scm/gitlab/gitlab.ts
|
|
@@ -7132,69 +6461,69 @@ import pLimit5 from "p-limit";
|
|
|
7132
6461
|
init_client_generates();
|
|
7133
6462
|
|
|
7134
6463
|
// src/features/analysis/scm/scmFactory.ts
|
|
7135
|
-
import { z as
|
|
6464
|
+
import { z as z24 } from "zod";
|
|
7136
6465
|
|
|
7137
6466
|
// src/features/analysis/graphql/gql.ts
|
|
7138
6467
|
init_client_generates();
|
|
7139
6468
|
|
|
7140
6469
|
// src/features/analysis/graphql/types.ts
|
|
7141
6470
|
init_client_generates();
|
|
7142
|
-
import { z as
|
|
7143
|
-
var VulnerabilityReportIssueCodeNodeZ =
|
|
7144
|
-
vulnerabilityReportIssueId:
|
|
7145
|
-
path:
|
|
7146
|
-
startLine:
|
|
7147
|
-
vulnerabilityReportIssue:
|
|
7148
|
-
fixId:
|
|
7149
|
-
category:
|
|
7150
|
-
safeIssueType:
|
|
7151
|
-
vulnerabilityReportIssueTags:
|
|
7152
|
-
|
|
7153
|
-
tag:
|
|
6471
|
+
import { z as z25 } from "zod";
|
|
6472
|
+
var VulnerabilityReportIssueCodeNodeZ = z25.object({
|
|
6473
|
+
vulnerabilityReportIssueId: z25.string(),
|
|
6474
|
+
path: z25.string(),
|
|
6475
|
+
startLine: z25.number(),
|
|
6476
|
+
vulnerabilityReportIssue: z25.object({
|
|
6477
|
+
fixId: z25.string(),
|
|
6478
|
+
category: z25.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
6479
|
+
safeIssueType: z25.string(),
|
|
6480
|
+
vulnerabilityReportIssueTags: z25.array(
|
|
6481
|
+
z25.object({
|
|
6482
|
+
tag: z25.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
|
|
7154
6483
|
})
|
|
7155
6484
|
)
|
|
7156
6485
|
})
|
|
7157
6486
|
});
|
|
7158
|
-
var VulnerabilityReportIssueNoFixCodeNodeZ =
|
|
7159
|
-
vulnerabilityReportIssues:
|
|
7160
|
-
|
|
7161
|
-
id:
|
|
7162
|
-
fixId:
|
|
7163
|
-
category:
|
|
7164
|
-
safeIssueType:
|
|
7165
|
-
fpId:
|
|
7166
|
-
codeNodes:
|
|
7167
|
-
|
|
7168
|
-
path:
|
|
7169
|
-
startLine:
|
|
6487
|
+
var VulnerabilityReportIssueNoFixCodeNodeZ = z25.object({
|
|
6488
|
+
vulnerabilityReportIssues: z25.array(
|
|
6489
|
+
z25.object({
|
|
6490
|
+
id: z25.string(),
|
|
6491
|
+
fixId: z25.string().nullable(),
|
|
6492
|
+
category: z25.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
6493
|
+
safeIssueType: z25.string(),
|
|
6494
|
+
fpId: z25.string().uuid().nullable(),
|
|
6495
|
+
codeNodes: z25.array(
|
|
6496
|
+
z25.object({
|
|
6497
|
+
path: z25.string(),
|
|
6498
|
+
startLine: z25.number()
|
|
7170
6499
|
})
|
|
7171
6500
|
),
|
|
7172
|
-
vulnerabilityReportIssueTags:
|
|
7173
|
-
|
|
7174
|
-
tag:
|
|
6501
|
+
vulnerabilityReportIssueTags: z25.array(
|
|
6502
|
+
z25.object({
|
|
6503
|
+
tag: z25.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
|
|
7175
6504
|
})
|
|
7176
6505
|
)
|
|
7177
6506
|
})
|
|
7178
6507
|
)
|
|
7179
6508
|
});
|
|
7180
|
-
var GetVulByNodesMetadataZ =
|
|
7181
|
-
vulnerabilityReportIssueCodeNodes:
|
|
7182
|
-
nonFixablePrVuls:
|
|
7183
|
-
aggregate:
|
|
7184
|
-
count:
|
|
6509
|
+
var GetVulByNodesMetadataZ = z25.object({
|
|
6510
|
+
vulnerabilityReportIssueCodeNodes: z25.array(VulnerabilityReportIssueCodeNodeZ),
|
|
6511
|
+
nonFixablePrVuls: z25.object({
|
|
6512
|
+
aggregate: z25.object({
|
|
6513
|
+
count: z25.number()
|
|
7185
6514
|
})
|
|
7186
6515
|
}),
|
|
7187
|
-
fixablePrVuls:
|
|
7188
|
-
aggregate:
|
|
7189
|
-
count:
|
|
6516
|
+
fixablePrVuls: z25.object({
|
|
6517
|
+
aggregate: z25.object({
|
|
6518
|
+
count: z25.number()
|
|
7190
6519
|
})
|
|
7191
6520
|
}),
|
|
7192
|
-
totalScanVulnerabilities:
|
|
7193
|
-
aggregate:
|
|
7194
|
-
count:
|
|
6521
|
+
totalScanVulnerabilities: z25.object({
|
|
6522
|
+
aggregate: z25.object({
|
|
6523
|
+
count: z25.number()
|
|
7195
6524
|
})
|
|
7196
6525
|
}),
|
|
7197
|
-
irrelevantVulnerabilityReportIssue:
|
|
6526
|
+
irrelevantVulnerabilityReportIssue: z25.array(
|
|
7198
6527
|
VulnerabilityReportIssueNoFixCodeNodeZ
|
|
7199
6528
|
)
|
|
7200
6529
|
});
|
|
@@ -7261,6 +6590,22 @@ var GQLClient = class {
|
|
|
7261
6590
|
});
|
|
7262
6591
|
this._clientSdk = getSdk(this._client);
|
|
7263
6592
|
}
|
|
6593
|
+
// Fetch the analyzer-owned issue-type catalog once and hydrate the shared
|
|
6594
|
+
// in-memory cache so the synchronous display helpers serve analyzer labels
|
|
6595
|
+
// and descriptions. NO FALLBACK: a fetch error or an empty response throws so
|
|
6596
|
+
// the CLI fails loudly instead of silently rendering degraded labels.
|
|
6597
|
+
async loadIssueTypeCatalog() {
|
|
6598
|
+
if (isIssueTypeCatalogHydrated()) {
|
|
6599
|
+
return;
|
|
6600
|
+
}
|
|
6601
|
+
const { issueTypes } = await this._clientSdk.IssueTypes();
|
|
6602
|
+
if (issueTypes.length === 0) {
|
|
6603
|
+
throw new Error(
|
|
6604
|
+
"Issue-type catalog is empty: the issueTypes query returned no entries"
|
|
6605
|
+
);
|
|
6606
|
+
}
|
|
6607
|
+
hydrateIssueTypeCatalog(issueTypes);
|
|
6608
|
+
}
|
|
7264
6609
|
async getUserInfo() {
|
|
7265
6610
|
const { me } = await this._clientSdk.Me();
|
|
7266
6611
|
return me;
|
|
@@ -8478,8 +7823,8 @@ var defaultLogger2 = {
|
|
|
8478
7823
|
}
|
|
8479
7824
|
}
|
|
8480
7825
|
};
|
|
8481
|
-
var PromptItemZ =
|
|
8482
|
-
type:
|
|
7826
|
+
var PromptItemZ = z26.object({
|
|
7827
|
+
type: z26.enum([
|
|
8483
7828
|
"USER_PROMPT",
|
|
8484
7829
|
"AI_RESPONSE",
|
|
8485
7830
|
"TOOL_EXECUTION",
|
|
@@ -8487,32 +7832,32 @@ var PromptItemZ = z27.object({
|
|
|
8487
7832
|
"MCP_TOOL_CALL"
|
|
8488
7833
|
// MCP (Model Context Protocol) tool invocation
|
|
8489
7834
|
]),
|
|
8490
|
-
attachedFiles:
|
|
8491
|
-
|
|
8492
|
-
relativePath:
|
|
8493
|
-
startLine:
|
|
7835
|
+
attachedFiles: z26.array(
|
|
7836
|
+
z26.object({
|
|
7837
|
+
relativePath: z26.string(),
|
|
7838
|
+
startLine: z26.number().optional()
|
|
8494
7839
|
})
|
|
8495
7840
|
).optional(),
|
|
8496
|
-
tokens:
|
|
8497
|
-
inputCount:
|
|
8498
|
-
outputCount:
|
|
7841
|
+
tokens: z26.object({
|
|
7842
|
+
inputCount: z26.number(),
|
|
7843
|
+
outputCount: z26.number()
|
|
8499
7844
|
}).optional(),
|
|
8500
|
-
text:
|
|
8501
|
-
date:
|
|
8502
|
-
tool:
|
|
8503
|
-
name:
|
|
8504
|
-
parameters:
|
|
8505
|
-
result:
|
|
8506
|
-
rawArguments:
|
|
8507
|
-
accepted:
|
|
7845
|
+
text: z26.string().optional(),
|
|
7846
|
+
date: z26.date().optional(),
|
|
7847
|
+
tool: z26.object({
|
|
7848
|
+
name: z26.string(),
|
|
7849
|
+
parameters: z26.string(),
|
|
7850
|
+
result: z26.string(),
|
|
7851
|
+
rawArguments: z26.string().optional(),
|
|
7852
|
+
accepted: z26.boolean().optional(),
|
|
8508
7853
|
// MCP-specific fields (only populated for MCP_TOOL_CALL type)
|
|
8509
|
-
mcpServer:
|
|
7854
|
+
mcpServer: z26.string().optional(),
|
|
8510
7855
|
// MCP server name (e.g., "datadog", "mobb-mcp")
|
|
8511
|
-
mcpToolName:
|
|
7856
|
+
mcpToolName: z26.string().optional()
|
|
8512
7857
|
// MCP tool name without prefix (e.g., "scan_and_fix_vulnerabilities")
|
|
8513
7858
|
}).optional()
|
|
8514
7859
|
});
|
|
8515
|
-
var PromptItemArrayZ =
|
|
7860
|
+
var PromptItemArrayZ = z26.array(PromptItemZ);
|
|
8516
7861
|
var NULL_REPO_STATE = {
|
|
8517
7862
|
repositoryUrl: null,
|
|
8518
7863
|
branch: null,
|