mobbdev 1.4.30 → 1.4.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -150,7 +150,7 @@ function getSdk(client, withWrapper = defaultWrapper) {
150
150
  }
151
151
  };
152
152
  }
153
- var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixWithAnswersDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, LogMvsEventDocument, GetMvsProjectDocument, IssueTypesDocument, defaultWrapper;
153
+ var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixWithAnswersDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, LogMvsEventDocument, GetMvsProjectDocument, IssueTypesDocument, defaultWrapper;
154
154
  var init_client_generates = __esm({
155
155
  "src/features/analysis/scm/generates/client_generates.ts"() {
156
156
  "use strict";
@@ -237,160 +237,6 @@ var init_client_generates = __esm({
237
237
  IssueLanguage_Enum2["Yaml"] = "YAML";
238
238
  return IssueLanguage_Enum2;
239
239
  })(IssueLanguage_Enum || {});
240
- IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
241
- IssueType_Enum2["ActionNotPinnedToCommitSha"] = "ACTION_NOT_PINNED_TO_COMMIT_SHA";
242
- IssueType_Enum2["AutoEscapeFalse"] = "AUTO_ESCAPE_FALSE";
243
- IssueType_Enum2["AvoidBuiltinShadowing"] = "AVOID_BUILTIN_SHADOWING";
244
- IssueType_Enum2["AvoidIdentityComparisonCachedTypes"] = "AVOID_IDENTITY_COMPARISON_CACHED_TYPES";
245
- IssueType_Enum2["AwsDynamodbPointInTimeRecoveryDisabled"] = "AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED";
246
- IssueType_Enum2["BufferOverflow"] = "BUFFER_OVERFLOW";
247
- IssueType_Enum2["ClientDomStoredCodeInjection"] = "CLIENT_DOM_STORED_CODE_INJECTION";
248
- IssueType_Enum2["CmDi"] = "CMDi";
249
- IssueType_Enum2["CmDiRelativePathCommand"] = "CMDi_relative_path_command";
250
- IssueType_Enum2["CodeInComment"] = "CODE_IN_COMMENT";
251
- IssueType_Enum2["ConfusingNaming"] = "CONFUSING_NAMING";
252
- IssueType_Enum2["CredentialDisclosure"] = "CREDENTIAL_DISCLOSURE";
253
- IssueType_Enum2["Csrf"] = "CSRF";
254
- IssueType_Enum2["DangerousFunctionOverflow"] = "DANGEROUS_FUNCTION_OVERFLOW";
255
- IssueType_Enum2["DeadCodeUnusedField"] = "DEAD_CODE_UNUSED_FIELD";
256
- IssueType_Enum2["DebugEnabled"] = "DEBUG_ENABLED";
257
- IssueType_Enum2["DeclareVariableExplicitly"] = "DECLARE_VARIABLE_EXPLICITLY";
258
- IssueType_Enum2["DefaultRightsInObjDefinition"] = "DEFAULT_RIGHTS_IN_OBJ_DEFINITION";
259
- IssueType_Enum2["DeprecatedFunction"] = "DEPRECATED_FUNCTION";
260
- IssueType_Enum2["DjangoBlankFieldNeedsNullOrDefault"] = "DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT";
261
- IssueType_Enum2["DosStringBuilder"] = "DOS_STRING_BUILDER";
262
- IssueType_Enum2["DoNotRaiseException"] = "DO_NOT_RAISE_EXCEPTION";
263
- IssueType_Enum2["DoNotThrowGenericException"] = "DO_NOT_THROW_GENERIC_EXCEPTION";
264
- IssueType_Enum2["DuplicatedStrings"] = "DUPLICATED_STRINGS";
265
- IssueType_Enum2["ErroneousStringCompare"] = "ERRONEOUS_STRING_COMPARE";
266
- IssueType_Enum2["ErrorCondtionWithoutAction"] = "ERROR_CONDTION_WITHOUT_ACTION";
267
- IssueType_Enum2["ExcessiveSecretsExposure"] = "EXCESSIVE_SECRETS_EXPOSURE";
268
- IssueType_Enum2["FrameableLoginPage"] = "FRAMEABLE_LOGIN_PAGE";
269
- IssueType_Enum2["FunctionCallWithoutParentheses"] = "FUNCTION_CALL_WITHOUT_PARENTHESES";
270
- IssueType_Enum2["GhActionsShellInjection"] = "GH_ACTIONS_SHELL_INJECTION";
271
- IssueType_Enum2["GraphqlDepthLimit"] = "GRAPHQL_DEPTH_LIMIT";
272
- IssueType_Enum2["HardcodedDomainInHtml"] = "HARDCODED_DOMAIN_IN_HTML";
273
- IssueType_Enum2["HardcodedSecrets"] = "HARDCODED_SECRETS";
274
- IssueType_Enum2["HeaderManipulation"] = "HEADER_MANIPULATION";
275
- IssueType_Enum2["HeapInspection"] = "HEAP_INSPECTION";
276
- IssueType_Enum2["HtmlCommentInJsp"] = "HTML_COMMENT_IN_JSP";
277
- IssueType_Enum2["HttpOnlyCookie"] = "HTTP_ONLY_COOKIE";
278
- IssueType_Enum2["HttpParameterPollution"] = "HTTP_PARAMETER_POLLUTION";
279
- IssueType_Enum2["HttpResponseSplitting"] = "HTTP_RESPONSE_SPLITTING";
280
- IssueType_Enum2["IframeWithoutSandbox"] = "IFRAME_WITHOUT_SANDBOX";
281
- IssueType_Enum2["ImproperCertificateValidation"] = "IMPROPER_CERTIFICATE_VALIDATION";
282
- IssueType_Enum2["ImproperExceptionHandling"] = "IMPROPER_EXCEPTION_HANDLING";
283
- IssueType_Enum2["ImproperResourceShutdownOrRelease"] = "IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE";
284
- IssueType_Enum2["ImproperStringFormatting"] = "IMPROPER_STRING_FORMATTING";
285
- IssueType_Enum2["ImproperValidationOfArrayIndex"] = "IMPROPER_VALIDATION_OF_ARRAY_INDEX";
286
- IssueType_Enum2["IncompleteHostnameRegex"] = "INCOMPLETE_HOSTNAME_REGEX";
287
- IssueType_Enum2["IncompleteSanitization"] = "INCOMPLETE_SANITIZATION";
288
- IssueType_Enum2["IncompleteUrlSanitization"] = "INCOMPLETE_URL_SANITIZATION";
289
- IssueType_Enum2["IncompleteUrlSchemeCheck"] = "INCOMPLETE_URL_SCHEME_CHECK";
290
- IssueType_Enum2["IncorrectIntegerConversion"] = "INCORRECT_INTEGER_CONVERSION";
291
- IssueType_Enum2["IncorrectSqlApiUsage"] = "INCORRECT_SQL_API_USAGE";
292
- IssueType_Enum2["InformationExposureViaHeaders"] = "INFORMATION_EXPOSURE_VIA_HEADERS";
293
- IssueType_Enum2["InsecureBinderConfiguration"] = "INSECURE_BINDER_CONFIGURATION";
294
- IssueType_Enum2["InsecureCookie"] = "INSECURE_COOKIE";
295
- IssueType_Enum2["InsecureDeserialization"] = "INSECURE_DESERIALIZATION";
296
- IssueType_Enum2["InsecurePostmessage"] = "INSECURE_POSTMESSAGE";
297
- IssueType_Enum2["InsecureRandomness"] = "INSECURE_RANDOMNESS";
298
- IssueType_Enum2["InsecureTmpFile"] = "INSECURE_TMP_FILE";
299
- IssueType_Enum2["InsecureUuidVersion"] = "INSECURE_UUID_VERSION";
300
- IssueType_Enum2["InsufficientLogging"] = "INSUFFICIENT_LOGGING";
301
- IssueType_Enum2["J2EeGetConnection"] = "J2EE_GET_CONNECTION";
302
- IssueType_Enum2["JqueryDeprecatedSymbols"] = "JQUERY_DEPRECATED_SYMBOLS";
303
- IssueType_Enum2["JwtDecodeWithoutVerify"] = "JWT_DECODE_WITHOUT_VERIFY";
304
- IssueType_Enum2["LeftoverDebugCode"] = "LEFTOVER_DEBUG_CODE";
305
- IssueType_Enum2["LocaleDependentComparison"] = "LOCALE_DEPENDENT_COMPARISON";
306
- IssueType_Enum2["LogForging"] = "LOG_FORGING";
307
- IssueType_Enum2["MissingAntiforgeryValidation"] = "MISSING_ANTIFORGERY_VALIDATION";
308
- IssueType_Enum2["MissingCheckAgainstNull"] = "MISSING_CHECK_AGAINST_NULL";
309
- IssueType_Enum2["MissingCspHeader"] = "MISSING_CSP_HEADER";
310
- IssueType_Enum2["MissingEncodingFileOpen"] = "MISSING_ENCODING_FILE_OPEN";
311
- IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
312
- IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
313
- IssueType_Enum2["MissingSslMinversion"] = "MISSING_SSL_MINVERSION";
314
- IssueType_Enum2["MissingTemplateStringIndicator"] = "MISSING_TEMPLATE_STRING_INDICATOR";
315
- IssueType_Enum2["MissingUser"] = "MISSING_USER";
316
- IssueType_Enum2["MissingWhitespace"] = "MISSING_WHITESPACE";
317
- IssueType_Enum2["MissingWorkflowPermissions"] = "MISSING_WORKFLOW_PERMISSIONS";
318
- IssueType_Enum2["MissingXFrameOptions"] = "MISSING_X_FRAME_OPTIONS";
319
- IssueType_Enum2["ModifiedDefaultParam"] = "MODIFIED_DEFAULT_PARAM";
320
- IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
321
- IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
322
- IssueType_Enum2["NoAssert"] = "NO_ASSERT";
323
- IssueType_Enum2["NoEquivalenceMethod"] = "NO_EQUIVALENCE_METHOD";
324
- IssueType_Enum2["NoLimitsOrThrottling"] = "NO_LIMITS_OR_THROTTLING";
325
- IssueType_Enum2["NoNestedTry"] = "NO_NESTED_TRY";
326
- IssueType_Enum2["NoNewPrivileges"] = "NO_NEW_PRIVILEGES";
327
- IssueType_Enum2["NoOpOverhead"] = "NO_OP_OVERHEAD";
328
- IssueType_Enum2["NoPrintStatement"] = "NO_PRINT_STATEMENT";
329
- IssueType_Enum2["NoReturnInFinally"] = "NO_RETURN_IN_FINALLY";
330
- IssueType_Enum2["NoVar"] = "NO_VAR";
331
- IssueType_Enum2["NullDereference"] = "NULL_DEREFERENCE";
332
- IssueType_Enum2["OftenMisusedBooleanGetBoolean"] = "OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN";
333
- IssueType_Enum2["OpenRedirect"] = "OPEN_REDIRECT";
334
- IssueType_Enum2["OverlyBroadCatch"] = "OVERLY_BROAD_CATCH";
335
- IssueType_Enum2["OverlyLargeRange"] = "OVERLY_LARGE_RANGE";
336
- IssueType_Enum2["PasswordInComment"] = "PASSWORD_IN_COMMENT";
337
- IssueType_Enum2["PoorErrorHandlingEmptyCatchBlock"] = "POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK";
338
- IssueType_Enum2["PortAllInterfaces"] = "PORT_ALL_INTERFACES";
339
- IssueType_Enum2["PrivacyViolation"] = "PRIVACY_VIOLATION";
340
- IssueType_Enum2["PrototypePollution"] = "PROTOTYPE_POLLUTION";
341
- IssueType_Enum2["Pt"] = "PT";
342
- IssueType_Enum2["RaceConditionFormatFlaw"] = "RACE_CONDITION_FORMAT_FLAW";
343
- IssueType_Enum2["Redos"] = "REDOS";
344
- IssueType_Enum2["RedundantCondition"] = "REDUNDANT_CONDITION";
345
- IssueType_Enum2["RedundantNilErrorCheck"] = "REDUNDANT_NIL_ERROR_CHECK";
346
- IssueType_Enum2["RegexInjection"] = "REGEX_INJECTION";
347
- IssueType_Enum2["RegexMissingTimeout"] = "REGEX_MISSING_TIMEOUT";
348
- IssueType_Enum2["RequestParametersBoundViaInput"] = "REQUEST_PARAMETERS_BOUND_VIA_INPUT";
349
- IssueType_Enum2["ReturnInInit"] = "RETURN_IN_INIT";
350
- IssueType_Enum2["ReturnShouldNotBeInvariant"] = "RETURN_SHOULD_NOT_BE_INVARIANT";
351
- IssueType_Enum2["SpringDefaultPermit"] = "SPRING_DEFAULT_PERMIT";
352
- IssueType_Enum2["SqlInjection"] = "SQL_Injection";
353
- IssueType_Enum2["Ssrf"] = "SSRF";
354
- IssueType_Enum2["StringFormatMisuse"] = "STRING_FORMAT_MISUSE";
355
- IssueType_Enum2["StringTerminationError"] = "STRING_TERMINATION_ERROR";
356
- IssueType_Enum2["SystemExitShouldReraise"] = "SYSTEM_EXIT_SHOULD_RERAISE";
357
- IssueType_Enum2["SystemInformationLeak"] = "SYSTEM_INFORMATION_LEAK";
358
- IssueType_Enum2["SystemInformationLeakExternal"] = "SYSTEM_INFORMATION_LEAK_EXTERNAL";
359
- IssueType_Enum2["TaintedNumericCast"] = "TAINTED_NUMERIC_CAST";
360
- IssueType_Enum2["TarSlip"] = "TAR_SLIP";
361
- IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
362
- IssueType_Enum2["TypeConfusion"] = "TYPE_CONFUSION";
363
- IssueType_Enum2["UncheckedLoopCondition"] = "UNCHECKED_LOOP_CONDITION";
364
- IssueType_Enum2["UncheckedReturnValue"] = "UNCHECKED_RETURN_VALUE";
365
- IssueType_Enum2["UnencryptedAwsSqsQueue"] = "UNENCRYPTED_AWS_SQS_QUEUE";
366
- IssueType_Enum2["UnnecessaryImports"] = "UNNECESSARY_IMPORTS";
367
- IssueType_Enum2["UnsafeDeserialization"] = "UNSAFE_DESERIALIZATION";
368
- IssueType_Enum2["UnsafeReflection"] = "UNSAFE_REFLECTION";
369
- IssueType_Enum2["UnsafeTargetBlank"] = "UNSAFE_TARGET_BLANK";
370
- IssueType_Enum2["UnsafeWebThread"] = "UNSAFE_WEB_THREAD";
371
- IssueType_Enum2["UnvalidatedPublicMethodArgument"] = "UNVALIDATED_PUBLIC_METHOD_ARGUMENT";
372
- IssueType_Enum2["UselessIfBody"] = "USELESS_IF_BODY";
373
- IssueType_Enum2["UselessRegexpCharEscape"] = "USELESS_REGEXP_CHAR_ESCAPE";
374
- IssueType_Enum2["UselessTernary"] = "USELESS_TERNARY";
375
- IssueType_Enum2["UseOfHardCodedCryptographicKey"] = "USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY";
376
- IssueType_Enum2["UseOfSystemOutputStream"] = "USE_OF_SYSTEM_OUTPUT_STREAM";
377
- IssueType_Enum2["UseRaiseForStatus"] = "USE_RAISE_FOR_STATUS";
378
- IssueType_Enum2["UseSysExit"] = "USE_SYS_EXIT";
379
- IssueType_Enum2["UseTimeout"] = "USE_TIMEOUT";
380
- IssueType_Enum2["ValueNeverRead"] = "VALUE_NEVER_READ";
381
- IssueType_Enum2["ValueShadowing"] = "VALUE_SHADOWING";
382
- IssueType_Enum2["WcfMisconfigurationInsufficientLogging"] = "WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING";
383
- IssueType_Enum2["WcfMisconfigurationThrottlingNotEnabled"] = "WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED";
384
- IssueType_Enum2["WeakEncryption"] = "WEAK_ENCRYPTION";
385
- IssueType_Enum2["WeakXmlSchemaUnboundedOccurrences"] = "WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES";
386
- IssueType_Enum2["WebsocketMissingOriginCheck"] = "WEBSOCKET_MISSING_ORIGIN_CHECK";
387
- IssueType_Enum2["WildcardImports"] = "WILDCARD_IMPORTS";
388
- IssueType_Enum2["WritableFilesystemService"] = "WRITABLE_FILESYSTEM_SERVICE";
389
- IssueType_Enum2["Xss"] = "XSS";
390
- IssueType_Enum2["Xxe"] = "XXE";
391
- IssueType_Enum2["ZipSlip"] = "ZIP_SLIP";
392
- return IssueType_Enum2;
393
- })(IssueType_Enum || {});
394
240
  Pr_Status_Enum = /* @__PURE__ */ ((Pr_Status_Enum2) => {
395
241
  Pr_Status_Enum2["Active"] = "ACTIVE";
396
242
  Pr_Status_Enum2["Closed"] = "CLOSED";
@@ -1790,12 +1636,21 @@ var init_issue = __esm({
1790
1636
  });
1791
1637
 
1792
1638
  // src/features/analysis/scm/shared/src/issueTypeCatalog.ts
1639
+ function hydrateIssueTypeCatalog(entries) {
1640
+ catalog = new Map(entries.map((entry) => [entry.value, entry]));
1641
+ }
1642
+ function isIssueTypeCatalogHydrated() {
1643
+ return catalog !== null;
1644
+ }
1793
1645
  function getIssueTypeCatalogEntry(value) {
1794
1646
  if (!catalog || !value) {
1795
1647
  return void 0;
1796
1648
  }
1797
1649
  return catalog.get(value);
1798
1650
  }
1651
+ function listIssueTypeCatalog() {
1652
+ return catalog ? [...catalog.values()] : [];
1653
+ }
1799
1654
  var catalog;
1800
1655
  var init_issueTypeCatalog = __esm({
1801
1656
  "src/features/analysis/scm/shared/src/issueTypeCatalog.ts"() {
@@ -1806,176 +1661,19 @@ var init_issueTypeCatalog = __esm({
1806
1661
 
1807
1662
  // src/features/analysis/scm/shared/src/getIssueType.ts
1808
1663
  import { z as z5 } from "zod";
1809
- var issueTypeMap, issueTypeZ, getIssueTypeFriendlyString, statusMap, statusZ, issueDescription;
1664
+ var SafeIssueTypeStringZ, getIssueTypeFriendlyString, statusMap, statusZ, issueDescription;
1810
1665
  var init_getIssueType = __esm({
1811
1666
  "src/features/analysis/scm/shared/src/getIssueType.ts"() {
1812
1667
  "use strict";
1813
1668
  init_client_generates();
1814
1669
  init_issueTypeCatalog();
1815
- issueTypeMap = {
1816
- ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: "Missing Rate Limiting",
1817
- ["SQL_Injection" /* SqlInjection */]: "SQL Injection",
1818
- ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: "Relative Path Command Injection",
1819
- ["CMDi" /* CmDi */]: "Command Injection",
1820
- ["CONFUSING_NAMING" /* ConfusingNaming */]: "Confusing Naming",
1821
- ["XXE" /* Xxe */]: "XXE",
1822
- ["XSS" /* Xss */]: "XSS",
1823
- ["PT" /* Pt */]: "Path Traversal",
1824
- ["ZIP_SLIP" /* ZipSlip */]: "Zip Slip",
1825
- ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: "Insecure Randomness",
1826
- ["SSRF" /* Ssrf */]: "Server Side Request Forgery",
1827
- ["TYPE_CONFUSION" /* TypeConfusion */]: "Type Confusion",
1828
- ["REGEX_INJECTION" /* RegexInjection */]: "Regular Expression Injection",
1829
- ["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: "Incomplete URL Sanitization",
1830
- ["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: "Locale Dependent Comparison",
1831
- ["LOG_FORGING" /* LogForging */]: "Log Forging",
1832
- ["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: "Missing Check against Null",
1833
- ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: "Password in Comment",
1834
- ["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: "Poor Error Handling: Overly Broad Catch",
1835
- ["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: "Use of System.out/System.err",
1836
- ["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: "Use of dangerous function",
1837
- ["DOS_STRING_BUILDER" /* DosStringBuilder */]: "Denial of Service: StringBuilder",
1838
- ["OPEN_REDIRECT" /* OpenRedirect */]: "Open Redirect",
1839
- ["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: "Weak XML Schema: Unbounded Occurrences",
1840
- ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: "System Information Leak",
1841
- ["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: "External System Information Leak",
1842
- ["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: "HTTP response splitting",
1843
- ["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: "Cookie is not HttpOnly",
1844
- ["INSECURE_COOKIE" /* InsecureCookie */]: "Insecure Cookie",
1845
- ["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: "Trust Boundary Violation",
1846
- ["NULL_DEREFERENCE" /* NullDereference */]: "Null Dereference",
1847
- ["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: "Unsafe deserialization",
1848
- ["UNSAFE_REFLECTION" /* UnsafeReflection */]: "Unsafe Reflection",
1849
- ["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: "Insecure Binder Configuration",
1850
- ["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: "Unsafe use of target blank",
1851
- ["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: "Client use of iframe without sandbox",
1852
- ["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: "jQuery deprecated symbols",
1853
- ["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: "Missing Anti-Forgery Validation",
1854
- ["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: "GraphQL Depth Limit",
1855
- ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: "Unchecked Loop Condition",
1856
- ["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: "Improper Resource Shutdown or Release",
1857
- ["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: "Improper Exception Handling",
1858
- ["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: "Default Definer Rights in Package or Object Definition",
1859
- ["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: "HTML Comment in JSP",
1860
- ["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: "Error Condition Without Action",
1861
- ["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: "Deprecated Function",
1862
- ["HARDCODED_SECRETS" /* HardcodedSecrets */]: "Hardcoded Secrets",
1863
- ["PROTOTYPE_POLLUTION" /* PrototypePollution */]: "Prototype Pollution",
1864
- ["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: "Race Condition Format Flaw",
1865
- ["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: "Non-final Public Static Field",
1866
- ["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: "Missing HSTS Header",
1867
- ["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: "Dead Code: Unused Field",
1868
- ["HEADER_MANIPULATION" /* HeaderManipulation */]: "Header Manipulation",
1869
- ["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: "Missing equals or hashcode method",
1870
- ["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: "WCF Misconfiguration: Insufficient Logging",
1871
- ["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: "WCF Misconfiguration: Throttling Not Enabled",
1872
- ["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: "Useless regular-expression character escape",
1873
- ["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: "Incomplete Hostname Regex",
1874
- ["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: "Regex: Overly Large Range",
1875
- ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: "Insufficient Logging of Sensitive Operations",
1876
- ["PRIVACY_VIOLATION" /* PrivacyViolation */]: "Privacy Violation",
1877
- ["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: "Incomplete URL Scheme Check",
1878
- ["VALUE_NEVER_READ" /* ValueNeverRead */]: "Value Never Read",
1879
- ["VALUE_SHADOWING" /* ValueShadowing */]: "Value Shadowing",
1880
- ["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: "Class Does Not Implement Equivalence Method",
1881
- ["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: "Information Exposure via Headers",
1882
- ["DEBUG_ENABLED" /* DebugEnabled */]: "Debug Enabled",
1883
- ["J2EE_GET_CONNECTION" /* J2EeGetConnection */]: "J2EE Bad Practices: getConnection()",
1884
- ["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: "Leftover Debug Code",
1885
- ["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: "Poor Error Handling: Empty Catch Block",
1886
- ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: "Erroneous String Compare",
1887
- ["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: "Unvalidated Public Method Argument",
1888
- ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False",
1889
- ["MISSING_CSP_HEADER" /* MissingCspHeader */]: "Missing CSP Header",
1890
- ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML",
1891
- ["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection",
1892
- ["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: "Client Code Injection",
1893
- ["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: "String Format Misuse",
1894
- ["NON_READONLY_FIELD" /* NonReadonlyField */]: "Non Readonly Field",
1895
- ["CSRF" /* Csrf */]: "Cross-Site Request Forgery (CSRF)",
1896
- ["WEAK_ENCRYPTION" /* WeakEncryption */]: "Weak Encryption Mechanism",
1897
- ["CODE_IN_COMMENT" /* CodeInComment */]: "Code in Comment",
1898
- ["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: "Regex Missing Timeout",
1899
- ["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: "Frameable Login Page",
1900
- ["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: "Use of Hardcoded Cryptographic Key",
1901
- ["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: "Missing SSL MinVersion",
1902
- ["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: "Missing Websocket Origin Check",
1903
- ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: "String Literals Should not Be Duplicated",
1904
- ["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: "Insecure UUID Version",
1905
- ["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: "GitHub Actions Shell Injection",
1906
- ["MODIFIED_DEFAULT_PARAM" /* ModifiedDefaultParam */]: "Modified Default Param",
1907
- ["UNSAFE_WEB_THREAD" /* UnsafeWebThread */]: "Unsafe Web Thread",
1908
- ["NO_VAR" /* NoVar */]: 'Prefer "let" or "const"',
1909
- ["INSECURE_TMP_FILE" /* InsecureTmpFile */]: "Insecure Temporary File",
1910
- ["RETURN_SHOULD_NOT_BE_INVARIANT" /* ReturnShouldNotBeInvariant */]: "Return Should Not Be Invariant",
1911
- ["SYSTEM_EXIT_SHOULD_RERAISE" /* SystemExitShouldReraise */]: "SystemExit Should Reraise",
1912
- ["NO_RETURN_IN_FINALLY" /* NoReturnInFinally */]: "No Return in Finally Block",
1913
- ["WILDCARD_IMPORTS" /* WildcardImports */]: "Wildcard Imports should not be used",
1914
- ["AVOID_IDENTITY_COMPARISON_CACHED_TYPES" /* AvoidIdentityComparisonCachedTypes */]: "Avoid Identity Comparison of Cached Types",
1915
- ["AVOID_BUILTIN_SHADOWING" /* AvoidBuiltinShadowing */]: "Avoid Builtin Shadowing",
1916
- ["IMPROPER_STRING_FORMATTING" /* ImproperStringFormatting */]: "Improper String Formatting",
1917
- ["TAR_SLIP" /* TarSlip */]: "Tar Slip",
1918
- ["MISSING_WHITESPACE" /* MissingWhitespace */]: "Missing Whitespace",
1919
- ["NO_PRINT_STATEMENT" /* NoPrintStatement */]: 'Python 2 "print" Statement Is Obsolete',
1920
- ["NO_OP_OVERHEAD" /* NoOpOverhead */]: "Expensive Arguments in Conditional Methods",
1921
- ["DO_NOT_RAISE_EXCEPTION" /* DoNotRaiseException */]: "Do Not Raise Exception",
1922
- ["DECLARE_VARIABLE_EXPLICITLY" /* DeclareVariableExplicitly */]: "Declare Variable Explicitly",
1923
- ["NO_NESTED_TRY" /* NoNestedTry */]: "No Nested Try",
1924
- ["UNNECESSARY_IMPORTS" /* UnnecessaryImports */]: "Unnecessary Imports",
1925
- ["REDOS" /* Redos */]: "Regular Expression Denial of Service",
1926
- ["DO_NOT_THROW_GENERIC_EXCEPTION" /* DoNotThrowGenericException */]: "Do Not Throw Generic Exception",
1927
- ["BUFFER_OVERFLOW" /* BufferOverflow */]: "Buffer Overflow",
1928
- ["STRING_TERMINATION_ERROR" /* StringTerminationError */]: "String Termination Error",
1929
- ["HTTP_PARAMETER_POLLUTION" /* HttpParameterPollution */]: "HTTP Parameter Pollution",
1930
- ["INCOMPLETE_SANITIZATION" /* IncompleteSanitization */]: "Incomplete Sanitization",
1931
- ["CREDENTIAL_DISCLOSURE" /* CredentialDisclosure */]: "Credential Disclosure",
1932
- ["INSECURE_POSTMESSAGE" /* InsecurePostmessage */]: "Insecure Postmessage",
1933
- ["MISSING_USER" /* MissingUser */]: "Missing User",
1934
- ["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: "Missing Encoding File Open",
1935
- ["PORT_ALL_INTERFACES" /* PortAllInterfaces */]: "Port All Interfaces",
1936
- ["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: "Writable Filesystem Service",
1937
- ["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: "No New Privileges",
1938
- ["MISSING_TEMPLATE_STRING_INDICATOR" /* MissingTemplateStringIndicator */]: "Missing Template String Indicator",
1939
- ["USELESS_TERNARY" /* UselessTernary */]: "Useless Ternary",
1940
- ["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: "Request Parameters Bound Via Input",
1941
- ["USE_SYS_EXIT" /* UseSysExit */]: "Use Sys Exit",
1942
- ["INCORRECT_SQL_API_USAGE" /* IncorrectSqlApiUsage */]: "Incorrect SQL API Usage",
1943
- ["USE_RAISE_FOR_STATUS" /* UseRaiseForStatus */]: "Use Raise For Status",
1944
- ["USE_TIMEOUT" /* UseTimeout */]: "Use Timeout",
1945
- ["USELESS_IF_BODY" /* UselessIfBody */]: "Useless If Body",
1946
- ["NO_ASSERT" /* NoAssert */]: "No Assert",
1947
- ["FUNCTION_CALL_WITHOUT_PARENTHESES" /* FunctionCallWithoutParentheses */]: "Function Call Without Parentheses",
1948
- ["SPRING_DEFAULT_PERMIT" /* SpringDefaultPermit */]: "Spring Default Permit",
1949
- ["RETURN_IN_INIT" /* ReturnInInit */]: "Return in Init",
1950
- ["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: "Action Not Pinned to Commit Sha",
1951
- ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
1952
- ["REDUNDANT_CONDITION" /* RedundantCondition */]: "Insider Threat: Redundant Condition",
1953
- ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
1954
- ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions",
1955
- ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure",
1956
- ["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: "Tainted Numeric Cast",
1957
- ["MISSING_X_FRAME_OPTIONS" /* MissingXFrameOptions */]: "Missing X-Frame-Options Header",
1958
- ["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: "Improper Validation of Array Index",
1959
- ["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: "Incorrect Integer Conversion",
1960
- ["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: "Improper Certificate Validation",
1961
- ["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: "Often Misused: Boolean.getBoolean()",
1962
- ["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: "AWS SQS Queue Unencrypted",
1963
- ["INSECURE_DESERIALIZATION" /* InsecureDeserialization */]: "Insecure Deserialization",
1964
- ["AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED" /* AwsDynamodbPointInTimeRecoveryDisabled */]: "AWS DynamoDB Point-in-Time Recovery Disabled",
1965
- ["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: "JWT Decoded Without Signature Verification",
1966
- ["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: "Unchecked Return Value"
1967
- };
1968
- issueTypeZ = z5.nativeEnum(IssueType_Enum);
1670
+ SafeIssueTypeStringZ = z5.string().regex(/^[A-Za-z0-9_]+$/).max(128);
1969
1671
  getIssueTypeFriendlyString = (issueType) => {
1970
1672
  const fromCatalog = getIssueTypeCatalogEntry(issueType)?.label;
1971
1673
  if (fromCatalog) {
1972
1674
  return fromCatalog;
1973
1675
  }
1974
- const issueTypeZParseRes = issueTypeZ.safeParse(issueType);
1975
- if (!issueTypeZParseRes.success) {
1976
- return issueType ? issueType.replaceAll("_", " ") : "Other";
1977
- }
1978
- return issueTypeMap[issueTypeZParseRes.data];
1676
+ return issueType ? issueType.replaceAll("_", " ") : "Other";
1979
1677
  };
1980
1678
  statusMap = {
1981
1679
  ["Digested" /* Digested */]: "Digested",
@@ -2009,31 +1707,33 @@ var IssueTypeSettingZ, IssueTypeSettingsZ;
2009
1707
  var init_validations = __esm({
2010
1708
  "src/features/analysis/scm/shared/src/validations.ts"() {
2011
1709
  "use strict";
2012
- init_client_generates();
2013
1710
  init_getIssueType();
1711
+ init_issueTypeCatalog();
2014
1712
  IssueTypeSettingZ = z6.object({
2015
1713
  autoPrEnabled: z6.boolean(),
2016
1714
  enabled: z6.boolean(),
2017
- issueType: z6.nativeEnum(IssueType_Enum)
1715
+ issueType: SafeIssueTypeStringZ
2018
1716
  });
2019
1717
  IssueTypeSettingsZ = z6.array(IssueTypeSettingZ).transform((issueTypeSettings) => {
2020
- return Object.values(IssueType_Enum).map((issueTypeEnum) => {
2021
- const existingIssueTypeSetting = issueTypeSettings.find(
2022
- ({ issueType: dbIssueType }) => dbIssueType === issueTypeEnum
1718
+ const catalogValues = listIssueTypeCatalog().map((entry) => entry.value);
1719
+ if (catalogValues.length === 0) {
1720
+ throw new Error(
1721
+ "Issue-type catalog is not hydrated; cannot derive default issue-type settings"
2023
1722
  );
2024
- if (existingIssueTypeSetting) {
2025
- return existingIssueTypeSetting;
2026
- }
2027
- return {
1723
+ }
1724
+ const existingByIssueType = new Map(
1725
+ issueTypeSettings.map((setting) => [setting.issueType, setting])
1726
+ );
1727
+ return catalogValues.map(
1728
+ (issueType) => existingByIssueType.get(issueType) ?? {
2028
1729
  autoPrEnabled: false,
2029
1730
  enabled: true,
2030
- issueType: issueTypeEnum
2031
- };
2032
- }).sort((a, b) => {
2033
- return getIssueTypeFriendlyString(a.issueType).localeCompare(
2034
- getIssueTypeFriendlyString(b.issueType)
2035
- );
2036
- });
1731
+ issueType
1732
+ }
1733
+ ).map((setting) => ({
1734
+ setting,
1735
+ label: getIssueTypeFriendlyString(setting.issueType)
1736
+ })).sort((a, b) => a.label.localeCompare(b.label)).map(({ setting }) => setting);
2037
1737
  });
2038
1738
  }
2039
1739
  });
@@ -2487,7 +2187,7 @@ var init_types2 = __esm({
2487
2187
  });
2488
2188
 
2489
2189
  // src/features/analysis/scm/shared/src/urlParser/urlParser.ts
2490
- import { z as z13 } from "zod";
2190
+ import { z as z12 } from "zod";
2491
2191
  function computeCanonicalUrl(data) {
2492
2192
  const {
2493
2193
  scmType,
@@ -2529,7 +2229,7 @@ function detectAdoUrl(args) {
2529
2229
  scmType: "Ado" /* Ado */,
2530
2230
  organization,
2531
2231
  // project has single repo - repoName === projectName
2532
- projectName: z13.string().parse(projectName),
2232
+ projectName: z12.string().parse(projectName),
2533
2233
  repoName: projectName,
2534
2234
  prefixPath
2535
2235
  };
@@ -2540,7 +2240,7 @@ function detectAdoUrl(args) {
2540
2240
  return {
2541
2241
  scmType: "Ado" /* Ado */,
2542
2242
  organization,
2543
- projectName: z13.string().parse(projectName),
2243
+ projectName: z12.string().parse(projectName),
2544
2244
  repoName,
2545
2245
  prefixPath
2546
2246
  };
@@ -2554,7 +2254,7 @@ function detectAdoUrl(args) {
2554
2254
  scmType: "Ado" /* Ado */,
2555
2255
  organization,
2556
2256
  // project has only one repo - repoName === projectName
2557
- projectName: z13.string().parse(repoName),
2257
+ projectName: z12.string().parse(repoName),
2558
2258
  repoName,
2559
2259
  prefixPath
2560
2260
  };
@@ -2564,7 +2264,7 @@ function detectAdoUrl(args) {
2564
2264
  return {
2565
2265
  scmType: "Ado" /* Ado */,
2566
2266
  organization,
2567
- projectName: z13.string().parse(projectName),
2267
+ projectName: z12.string().parse(projectName),
2568
2268
  repoName,
2569
2269
  prefixPath
2570
2270
  };
@@ -2640,7 +2340,7 @@ function parseSshUrl(scmURL, scmType) {
2640
2340
  if (pathElements.length === 3) {
2641
2341
  const [organization2, projectName, repoName2] = pathElements;
2642
2342
  if (organization2?.match(NAME_REGEX) && projectName && repoName2?.match(NAME_REGEX)) {
2643
- const parsedProjectName = z13.string().parse(projectName);
2343
+ const parsedProjectName = z12.string().parse(projectName);
2644
2344
  return {
2645
2345
  scmType: "Ado" /* Ado */,
2646
2346
  hostname: normalizedHostname,
@@ -2868,17 +2568,17 @@ var init_urlParser2 = __esm({
2868
2568
  });
2869
2569
 
2870
2570
  // src/features/analysis/scm/env.ts
2871
- import { z as z16 } from "zod";
2571
+ import { z as z15 } from "zod";
2872
2572
  var EnvVariablesZod, GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST, MAX_UPLOAD_FILE_SIZE_MB, GITHUB_API_CONCURRENCY;
2873
2573
  var init_env = __esm({
2874
2574
  "src/features/analysis/scm/env.ts"() {
2875
2575
  "use strict";
2876
- EnvVariablesZod = z16.object({
2877
- GITLAB_API_TOKEN: z16.string().optional(),
2878
- GITHUB_API_TOKEN: z16.string().optional(),
2879
- GIT_PROXY_HOST: z16.string().optional().default("http://tinyproxy:8888"),
2880
- MAX_UPLOAD_FILE_SIZE_MB: z16.coerce.number().gt(0).default(2),
2881
- GITHUB_API_CONCURRENCY: z16.coerce.number().gt(0).optional().default(10)
2576
+ EnvVariablesZod = z15.object({
2577
+ GITLAB_API_TOKEN: z15.string().optional(),
2578
+ GITHUB_API_TOKEN: z15.string().optional(),
2579
+ GIT_PROXY_HOST: z15.string().optional().default("http://tinyproxy:8888"),
2580
+ MAX_UPLOAD_FILE_SIZE_MB: z15.coerce.number().gt(0).default(2),
2581
+ GITHUB_API_CONCURRENCY: z15.coerce.number().gt(0).optional().default(10)
2882
2582
  });
2883
2583
  ({
2884
2584
  GITLAB_API_TOKEN,
@@ -2912,7 +2612,7 @@ var init_configs = __esm({
2912
2612
  });
2913
2613
 
2914
2614
  // src/utils/blame/gitBlameTypes.ts
2915
- import { z as z19 } from "zod";
2615
+ import { z as z18 } from "zod";
2916
2616
  function parseCoAuthorValue(raw) {
2917
2617
  const trimmed = raw.trim();
2918
2618
  if (!trimmed) {
@@ -2948,9 +2648,9 @@ var PrepareGitBlameMessageZ, PrepareGitBlameResponseMessageZ, CommitMetadataZ, L
2948
2648
  var init_gitBlameTypes = __esm({
2949
2649
  "src/utils/blame/gitBlameTypes.ts"() {
2950
2650
  "use strict";
2951
- PrepareGitBlameMessageZ = z19.object({
2952
- reportId: z19.string(),
2953
- repoArchivePath: z19.string(),
2651
+ PrepareGitBlameMessageZ = z18.object({
2652
+ reportId: z18.string(),
2653
+ repoArchivePath: z18.string(),
2954
2654
  // Optional list of file paths to blame. Producers must pick one of two modes:
2955
2655
  //
2956
2656
  // - **Omit `filePaths`** = "blame every file in the archive". Used by the
@@ -2966,132 +2666,132 @@ var init_gitBlameTypes = __esm({
2966
2666
  // "Login.java" when the actual file is "src/main/java/Login.java") are
2967
2667
  // tolerated — scm_agent's filter matches exact-or-trailing-basename. Empty
2968
2668
  // strings are filtered out defensively.
2969
- filePaths: z19.array(z19.string()).optional()
2669
+ filePaths: z18.array(z18.string()).optional()
2970
2670
  });
2971
- PrepareGitBlameResponseMessageZ = z19.object({
2972
- reportId: z19.string()
2671
+ PrepareGitBlameResponseMessageZ = z18.object({
2672
+ reportId: z18.string()
2973
2673
  });
2974
- CommitMetadataZ = z19.object({
2975
- author: z19.string().optional(),
2976
- "author-mail": z19.string().optional(),
2977
- "author-time": z19.string().optional(),
2978
- "author-tz": z19.string().optional(),
2979
- committer: z19.string().optional(),
2980
- "committer-mail": z19.string().optional(),
2981
- "committer-time": z19.string().optional(),
2982
- "committer-tz": z19.string().optional(),
2983
- summary: z19.string().optional(),
2984
- filename: z19.string().optional()
2674
+ CommitMetadataZ = z18.object({
2675
+ author: z18.string().optional(),
2676
+ "author-mail": z18.string().optional(),
2677
+ "author-time": z18.string().optional(),
2678
+ "author-tz": z18.string().optional(),
2679
+ committer: z18.string().optional(),
2680
+ "committer-mail": z18.string().optional(),
2681
+ "committer-time": z18.string().optional(),
2682
+ "committer-tz": z18.string().optional(),
2683
+ summary: z18.string().optional(),
2684
+ filename: z18.string().optional()
2985
2685
  });
2986
- LineToCommitMapZ = z19.record(z19.string(), z19.string());
2987
- CommitMetadataMapZ = z19.record(z19.string(), CommitMetadataZ);
2988
- BlameInfoZ = z19.object({
2686
+ LineToCommitMapZ = z18.record(z18.string(), z18.string());
2687
+ CommitMetadataMapZ = z18.record(z18.string(), CommitMetadataZ);
2688
+ BlameInfoZ = z18.object({
2989
2689
  lineToCommit: LineToCommitMapZ,
2990
2690
  commitMetadata: CommitMetadataMapZ
2991
2691
  });
2992
- LineRangeZ = z19.object({
2692
+ LineRangeZ = z18.object({
2993
2693
  /** First line in chunk (1-indexed) */
2994
- start: z19.number(),
2694
+ start: z18.number(),
2995
2695
  /** Last line in chunk (inclusive) */
2996
- end: z19.number()
2696
+ end: z18.number()
2997
2697
  });
2998
- PrContextZ = z19.object({
2999
- prNumber: z19.number(),
3000
- repositoryUrl: z19.string(),
3001
- organizationId: z19.string(),
3002
- userEmail: z19.string(),
3003
- source: z19.enum(["pr", "github"]),
3004
- githubContext: z19.object({
3005
- prNumber: z19.number(),
3006
- installationId: z19.number(),
3007
- repositoryURL: z19.string()
2698
+ PrContextZ = z18.object({
2699
+ prNumber: z18.number(),
2700
+ repositoryUrl: z18.string(),
2701
+ organizationId: z18.string(),
2702
+ userEmail: z18.string(),
2703
+ source: z18.enum(["pr", "github"]),
2704
+ githubContext: z18.object({
2705
+ prNumber: z18.number(),
2706
+ installationId: z18.number(),
2707
+ repositoryURL: z18.string()
3008
2708
  }).optional()
3009
2709
  });
3010
- PrepareCommitBlameMessageZ = z19.object({
2710
+ PrepareCommitBlameMessageZ = z18.object({
3011
2711
  /** Commit blame request ID from database (for tracking and updating status) */
3012
- commitBlameRequestId: z19.string(),
2712
+ commitBlameRequestId: z18.string(),
3013
2713
  /** Organization ID (for org-scoped caching) */
3014
- organizationId: z19.string(),
2714
+ organizationId: z18.string(),
3015
2715
  /** Full repository URL (e.g., https://github.com/org/repo) */
3016
- repositoryUrl: z19.string(),
2716
+ repositoryUrl: z18.string(),
3017
2717
  /** Commit SHA to analyze (typically PR head commit) */
3018
- commitSha: z19.string(),
2718
+ commitSha: z18.string(),
3019
2719
  /** Authentication headers for repository access (e.g., GitHub token) */
3020
- extraHeaders: z19.record(z19.string(), z19.string()).default({}),
2720
+ extraHeaders: z18.record(z18.string(), z18.string()).default({}),
3021
2721
  // --- PR analysis fields ---
3022
2722
  /** Target branch name (from getPr() base.ref). When set, enables PR analysis mode. */
3023
- targetBranch: z19.string().optional(),
2723
+ targetBranch: z18.string().optional(),
3024
2724
  /** Context for triggering blame attribution analysis after SCM agent completes. */
3025
2725
  prContext: PrContextZ.optional(),
3026
2726
  /** User email for blame attribution analysis trigger context (used for both PR and single commit flows). */
3027
- userEmail: z19.string().optional()
2727
+ userEmail: z18.string().optional()
3028
2728
  });
3029
- BlameLineInfoZ = z19.object({
2729
+ BlameLineInfoZ = z18.object({
3030
2730
  /** Line number as it appeared in the introducing commit */
3031
- originalLineNumber: z19.number(),
2731
+ originalLineNumber: z18.number(),
3032
2732
  /** Commit SHA that introduced this line */
3033
- commitSha: z19.string(),
2733
+ commitSha: z18.string(),
3034
2734
  /** Author name for this line */
3035
- authorName: z19.string().optional(),
2735
+ authorName: z18.string().optional(),
3036
2736
  /** Author email for this line */
3037
- authorEmail: z19.string().optional()
2737
+ authorEmail: z18.string().optional()
3038
2738
  }).nullable();
3039
- FileBlameDataZ = z19.array(BlameLineInfoZ);
3040
- ChunkFetchResultZ = z19.object({
3041
- filePath: z19.string(),
3042
- lines: z19.array(z19.number()),
2739
+ FileBlameDataZ = z18.array(BlameLineInfoZ);
2740
+ ChunkFetchResultZ = z18.object({
2741
+ filePath: z18.string(),
2742
+ lines: z18.array(z18.number()),
3043
2743
  data: FileBlameDataZ.nullable()
3044
2744
  });
3045
- FileBlameResponseEntryZ = z19.object({
2745
+ FileBlameResponseEntryZ = z18.object({
3046
2746
  /** Chunk index (0 for small files, 0-N for large file chunks) */
3047
- chunkIndex: z19.number(),
2747
+ chunkIndex: z18.number(),
3048
2748
  /** Blame data array (1-indexed, index 0 is null) */
3049
2749
  blameData: FileBlameDataZ
3050
2750
  });
3051
- CommitBlameDataZ = z19.record(
3052
- z19.string(),
2751
+ CommitBlameDataZ = z18.record(
2752
+ z18.string(),
3053
2753
  // fileName
3054
- z19.array(FileBlameResponseEntryZ)
2754
+ z18.array(FileBlameResponseEntryZ)
3055
2755
  );
3056
- CommitInfoZ = z19.object({
2756
+ CommitInfoZ = z18.object({
3057
2757
  /** Number of parent commits (1 = normal commit, 2+ = merge commit, null = failed to determine) */
3058
- parentCount: z19.number().nullable()
2758
+ parentCount: z18.number().nullable()
3059
2759
  });
3060
- GitIdentityZ = z19.object({
3061
- name: z19.string(),
3062
- email: z19.string()
2760
+ GitIdentityZ = z18.object({
2761
+ name: z18.string(),
2762
+ email: z18.string()
3063
2763
  });
3064
2764
  COMMIT_LOG_FORMAT = "%H%x00%ae%x00%an%x00%ce%x00%cn%x00%at%x00%s%x00%(trailers:key=Co-authored-by,valueonly,separator=%x00)";
3065
- CommitDataZ = z19.object({
3066
- diff: z19.string(),
2765
+ CommitDataZ = z18.object({
2766
+ diff: z18.string(),
3067
2767
  author: GitIdentityZ,
3068
2768
  committer: GitIdentityZ,
3069
- coAuthors: z19.array(GitIdentityZ),
3070
- timestamp: z19.number(),
2769
+ coAuthors: z18.array(GitIdentityZ),
2770
+ timestamp: z18.number(),
3071
2771
  // Unix timestamp in seconds
3072
- message: z19.string().optional(),
3073
- parentCount: z19.number().nullable()
2772
+ message: z18.string().optional(),
2773
+ parentCount: z18.number().nullable()
3074
2774
  });
3075
- PrDiffDataZ = z19.object({
3076
- diff: z19.string()
2775
+ PrDiffDataZ = z18.object({
2776
+ diff: z18.string()
3077
2777
  });
3078
- PrStatsZ = z19.object({
3079
- additions: z19.number(),
3080
- deletions: z19.number()
2778
+ PrStatsZ = z18.object({
2779
+ additions: z18.number(),
2780
+ deletions: z18.number()
3081
2781
  });
3082
- CommitsManifestZ = z19.object({
3083
- commits: z19.array(z19.string())
2782
+ CommitsManifestZ = z18.object({
2783
+ commits: z18.array(z18.string())
3084
2784
  // Array of commit SHAs in order
3085
2785
  });
3086
- BlameLineEntryZ = z19.object({
2786
+ BlameLineEntryZ = z18.object({
3087
2787
  /** Current file path in the PR head (what git blame was invoked on). */
3088
- file: z19.string(),
2788
+ file: z18.string(),
3089
2789
  /** Current line number in the PR head. */
3090
- line: z19.number(),
2790
+ line: z18.number(),
3091
2791
  /** SHA of the commit that originally authored this line. */
3092
- originalCommitSha: z19.string(),
2792
+ originalCommitSha: z18.string(),
3093
2793
  /** Line number as it was in `originalCommitSha`. */
3094
- originalLineNumber: z19.number(),
2794
+ originalLineNumber: z18.number(),
3095
2795
  /**
3096
2796
  * File path as it was in `originalCommitSha` at the time that commit
3097
2797
  * authored this line. When a file has been renamed since, this differs
@@ -3104,24 +2804,24 @@ var init_gitBlameTypes = __esm({
3104
2804
  * must treat empty as "fall back to `file`" (see enrichDiffLines,
3105
2805
  * targetedBlame).
3106
2806
  */
3107
- originalFile: z19.string().default("")
2807
+ originalFile: z18.string().default("")
3108
2808
  });
3109
- BlameLinesDataZ = z19.object({
3110
- lines: z19.array(BlameLineEntryZ)
2809
+ BlameLinesDataZ = z18.object({
2810
+ lines: z18.array(BlameLineEntryZ)
3111
2811
  });
3112
- PrepareCommitBlameResponseMessageZ = z19.object({
2812
+ PrepareCommitBlameResponseMessageZ = z18.object({
3113
2813
  /** Commit blame request ID (matches request, used to update specific DB record) */
3114
- commitBlameRequestId: z19.string(),
2814
+ commitBlameRequestId: z18.string(),
3115
2815
  /** Organization ID (matches request) */
3116
- organizationId: z19.string(),
2816
+ organizationId: z18.string(),
3117
2817
  /** Repository URL (matches request) */
3118
- repositoryUrl: z19.string(),
2818
+ repositoryUrl: z18.string(),
3119
2819
  /** Commit SHA analyzed (matches request) */
3120
- commitSha: z19.string(),
2820
+ commitSha: z18.string(),
3121
2821
  /** Processing status */
3122
- status: z19.enum(["success", "failure"]),
2822
+ status: z18.enum(["success", "failure"]),
3123
2823
  /** Error message (only present if status is 'failure') */
3124
- error: z19.string().optional(),
2824
+ error: z18.string().optional(),
3125
2825
  /**
3126
2826
  * Blame data for all processed files/chunks.
3127
2827
  * Empty dictionary if status is 'failure'.
@@ -3133,29 +2833,29 @@ var init_gitBlameTypes = __esm({
3133
2833
  * Keyed by commit SHA, deduplicated.
3134
2834
  * Empty dictionary if status is 'failure'.
3135
2835
  */
3136
- commits: z19.record(z19.string(), CommitInfoZ).default({}),
2836
+ commits: z18.record(z18.string(), CommitInfoZ).default({}),
3137
2837
  // --- New PR diff computation response fields ---
3138
2838
  /** S3 paths for commit-level data (commitSha → S3 key). Present in PR analysis mode and single commit mode. */
3139
- commitDataS3Paths: z19.record(z19.string(), z19.string()).optional(),
2839
+ commitDataS3Paths: z18.record(z18.string(), z18.string()).optional(),
3140
2840
  /** S3 key for PR diff JSON. Present in PR analysis mode. */
3141
- prDiffS3Path: z19.string().optional(),
2841
+ prDiffS3Path: z18.string().optional(),
3142
2842
  /** S3 key for commits manifest. Present in PR analysis mode. */
3143
- commitsManifestS3Path: z19.string().optional(),
2843
+ commitsManifestS3Path: z18.string().optional(),
3144
2844
  /** S3 key for per-line targeted blame data. Present in PR analysis mode. */
3145
- blameLinesS3Path: z19.string().optional(),
2845
+ blameLinesS3Path: z18.string().optional(),
3146
2846
  /** S3 key for PR stats (additions/deletions). Present in PR analysis mode. */
3147
- prStatsS3Path: z19.string().optional(),
2847
+ prStatsS3Path: z18.string().optional(),
3148
2848
  /** PR context passed through from request for response handler. */
3149
2849
  prContext: PrContextZ.optional(),
3150
2850
  /** PR title from the request metadata (passed through). */
3151
- prTitle: z19.string().optional(),
2851
+ prTitle: z18.string().optional(),
3152
2852
  /** User email passed through from request for single commit blame attribution analysis trigger. */
3153
- userEmail: z19.string().optional()
2853
+ userEmail: z18.string().optional()
3154
2854
  });
3155
- VulnerabilityAttributionMessageZ = z19.object({
3156
- fixReportId: z19.string().uuid(),
3157
- vulnerabilityAttributionRequestId: z19.string().uuid(),
3158
- userEmail: z19.string()
2855
+ VulnerabilityAttributionMessageZ = z18.object({
2856
+ fixReportId: z18.string().uuid(),
2857
+ vulnerabilityAttributionRequestId: z18.string().uuid(),
2858
+ userEmail: z18.string()
3159
2859
  });
3160
2860
  }
3161
2861
  });
@@ -4422,7 +4122,7 @@ import * as os3 from "os";
4422
4122
  import path6 from "path";
4423
4123
  import chalk3 from "chalk";
4424
4124
  import { withFile } from "tmp-promise";
4425
- import z27 from "zod";
4125
+ import z26 from "zod";
4426
4126
 
4427
4127
  // src/commands/handleMobbLogin.ts
4428
4128
  import chalk2 from "chalk";
@@ -4894,344 +4594,12 @@ import debugModule from "debug";
4894
4594
  var debug3 = debugModule("mobb:shared");
4895
4595
 
4896
4596
  // src/features/analysis/scm/utils/index.ts
4897
- import { z as z15 } from "zod";
4597
+ import { z as z14 } from "zod";
4898
4598
 
4899
4599
  // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
4900
4600
  init_client_generates();
4901
- import { z as z9 } from "zod";
4902
-
4903
- // src/features/analysis/scm/shared/src/fixDetailsData.ts
4904
- init_client_generates();
4905
- var fixDetailsData = {
4906
- ["PT" /* Pt */]: {
4907
- issueDescription: "Path Traversal AKA Directory Traversal occurs when a path coming from user input is not properly sanitized, allowing an attacker to navigate through directories beyond the intended scope. Attackers can exploit this to access sensitive files or execute arbitrary code.",
4908
- fixInstructions: "Sanitize user-supplied paths, ensuring that they are restricted to a predefined directory structure."
4909
- },
4910
- ["ZIP_SLIP" /* ZipSlip */]: {
4911
- issueDescription: "Zip Slip is a form of directory traversal that can be exploited by extracting files from an archive. Attackers can manipulate archive files to overwrite sensitive files or execute arbitrary code.",
4912
- fixInstructions: "Ensure that extracted files are relative and within the intended directory structure."
4913
- },
4914
- ["XSS" /* Xss */]: {
4915
- issueDescription: "Cross-Site Scripting (XSS) allows attackers to inject malicious scripts into web pages viewed by other users. This can lead to theft of session cookies, redirection to malicious websites, or defacement of the webpage.",
4916
- fixInstructions: "Implement input validation and output encoding. This includes sanitizing user input and escaping special characters to prevent execution of injected scripts."
4917
- },
4918
- ["XXE" /* Xxe */]: {
4919
- issueDescription: "XML External Entity (XXE) allows attackers to exploit vulnerable XML processors by including external entities, leading to disclosure of confidential data, denial of service, or server-side request forgery.",
4920
- fixInstructions: "Disable external entity processing in XML parsers or update to versions that mitigate XXE vulnerabilities. Input validation should be implemented to ensure that XML input does not contain external entity references."
4921
- },
4922
- ["CMDi" /* CmDi */]: {
4923
- issueDescription: "Command Injection (CMDI) allows attackers inject malicious commands into vulnerable applications, that can result in execution of arbitrary commands on the underlying operating system.",
4924
- fixInstructions: "Validate or sanitize user input to prevent executing arbitrary commands."
4925
- },
4926
- ["SQL_Injection" /* SqlInjection */]: {
4927
- issueDescription: "SQL Injection allows attackers to execute malicious SQL queries by manipulating input data. This can result in unauthorized access to sensitive data, data manipulation, or even complete database compromise.",
4928
- fixInstructions: "Use parameterized queries or prepared statements to sanitize user input and prevent manipulation of the SQL query."
4929
- },
4930
- ["SSRF" /* Ssrf */]: {
4931
- issueDescription: "Server-Side Request Forgery (SSRF) allows attackers to make unauthorized requests from a vulnerable server, potentially accessing internal systems, services, or data.",
4932
- fixInstructions: "Validate or sanitize user-supplied URLs, ensuring that they are restricted to trusted domains. Implementing proper input validation and using whitelists for acceptable URLs can prevent SSRF attacks."
4933
- },
4934
- ["LOG_FORGING" /* LogForging */]: {
4935
- issueDescription: "Log Forging allows attackers to manipulate log files by injecting malicious content. This can be used to obfuscate attack traces or forge log entries to conceal unauthorized activities.",
4936
- fixInstructions: "Implement proper input sanitization to remove new lines for values going to the log."
4937
- },
4938
- ["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: {
4939
- issueDescription: "Cookie without the 'HttpOnly' attribute can be accessed by client-side scripts, exposing them to potential XSS attacks.",
4940
- fixInstructions: "Ensure that sensitive cookies are marked with the 'HttpOnly' attribute to prevent client-side scripts from accessing them."
4941
- },
4942
- ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: {
4943
- issueDescription: "System Information Leak occurs when sensitive system information is inadvertently disclosed to external entities, potentially aiding attackers in identifying vulnerabilities or targets.",
4944
- fixInstructions: "Review and restrict the amount of system information exposed through error messages, debug logs, or response headers."
4945
- },
4946
- ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: {
4947
- issueDescription: "Unchecked Loop Condition can lead to infinite loops or unexpected behavior in software applications. Attackers can exploit this vulnerability to cause denial of service or consume excessive system resources.",
4948
- fixInstructions: "Carefully review loop conditions to ensure that they are properly validated and bounded."
4949
- },
4950
- ["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: {
4951
- issueDescription: "Trust Boundary Violation occurs when untrusted data is added to a trusted context, potentially leading to security vulnerabilities. Attackers can exploit this to bypass security controls or execute unauthorized actions.",
4952
- fixInstructions: "Clearly define and enforce trust boundaries within applications, ensuring that untrusted data is properly validated and sanitized before being used in a trusted context."
4953
- },
4954
- ["REGEX_INJECTION" /* RegexInjection */]: {
4955
- issueDescription: "Regex Injection occurs when attackers manipulate regular expressions to perform unintended actions or bypass security controls. This can lead to security vulnerabilities such as denial of service or injection attacks.",
4956
- fixInstructions: "Avoid constructing regular expressions from user-supplied input whenever possible. If dynamic regular expressions are necessary, input should be properly validated and sanitized to prevent injection attacks."
4957
- },
4958
- ["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: {
4959
- issueDescription: "Error Condition Without Action refers to situations where error conditions are identified but not appropriately handled or mitigated. This can lead to unexpected behavior, system crashes, or security vulnerabilities.",
4960
- fixInstructions: "Implement error handling mechanisms to gracefully handle unexpected conditions and prevent system crashes."
4961
- },
4962
- ["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: {
4963
- issueDescription: "HTTP Response Splitting occurs when attackers manipulate HTTP responses to inject additional headers or content. This can lead to security vulnerabilities such as cache poisoning, session fixation, or XSS attacks.",
4964
- fixInstructions: "Properly sanitize user input before including it in HTTP response headers or content."
4965
- },
4966
- ["INSECURE_COOKIE" /* InsecureCookie */]: {
4967
- issueDescription: "Cookies lacking the 'Secure' attribute may be transmitted over unencrypted channels. This makes them vulnerable to interception or manipulation by attackers.",
4968
- fixInstructions: "Ensure that sensitive cookies are transmitted over secure channels (e.g., HTTPS) and are marked with the 'Secure' attributes."
4969
- },
4970
- ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: {
4971
- issueDescription: "Command Injection via Relative Path may allow attackers to manipulate file paths to execute arbitrary commands on the underlying system.",
4972
- fixInstructions: "Paths coming from the input should be properly sanitized to ensure that only expected characters and paths are allowed."
4973
- },
4974
- ["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: {
4975
- issueDescription: "Missing Check Against Null occurs when null or uninitialized variables are not properly handled, leading to unexpected behavior or security vulnerabilities.",
4976
- fixInstructions: "Implement proper null checks and error handling mechanisms to prevent null dereference vulnerabilities. Null values should be handled gracefully to avoid unexpected behavior or security issues."
4977
- },
4978
- ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: {
4979
- issueDescription: "Password in Comment refers to situations where sensitive information such as passwords or API keys are hardcoded or embedded in code comments. This can lead to inadvertent exposure of credentials and potential security breaches if the code is shared or leaked.",
4980
- fixInstructions: "Remove hardcoded sensitive information from code comments."
4981
- },
4982
- ["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: {
4983
- issueDescription: "Overly Broad Catch occurs when exceptions are caught indiscriminately without proper handling or logging. This can lead to silent failures, masking potential security issues or allowing attackers to conduct reconnaissance.",
4984
- fixInstructions: "Implement specific exception handling for different error scenarios to ensure proper diagnosis and mitigation of issues. Catch blocks should log relevant information and handle exceptions gracefully to prevent silent failures."
4985
- },
4986
- ["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: {
4987
- issueDescription: "Use of System Output Stream refers to situations where sensitive information is written to standard output streams such as System.out. This can lead to inadvertent exposure of sensitive data, especially in production environments.",
4988
- fixInstructions: "Avoid writing sensitive information to standard output streams and instead use secure logging mechanisms or dedicated logging frameworks. Output streams should be properly configured to prevent leakage of sensitive data."
4989
- },
4990
- ["DOS_STRING_BUILDER" /* DosStringBuilder */]: {
4991
- issueDescription: "Denial of Service (DoS) via String Builder may allow attackers to manipulate string concatenation operations to consume excessive memory or CPU resources. This can lead to degradation of system performance or unresponsiveness.",
4992
- fixInstructions: "Use StringBuilder or similar efficient data structures for string concatenation operations to minimize memory overhead. Input validation should be performed to limit the size and complexity of input strings, preventing abuse by attackers."
4993
- },
4994
- ["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: {
4995
- issueDescription: "HTML Comment in JSP occurs when developers inadvertently expose sensitive information or internal implementation details in HTML comments within JavaServer Pages (JSP) files. This can lead to inadvertent disclosure of credentials, configuration details, or security vulnerabilities.",
4996
- fixInstructions: "Review JSP files to ensure that sensitive information or internal details are not exposed in HTML comments. Comments containing sensitive information should be removed or replaced with generic placeholders."
4997
- },
4998
- ["OPEN_REDIRECT" /* OpenRedirect */]: {
4999
- issueDescription: "Open Redirect vulnerabilities may allow attackers to manipulate URL parameters to redirect users to malicious websites or phishing pages. This can lead to theft of sensitive information or unauthorized access to user accounts.",
5000
- fixInstructions: "Redirect URLs validation should be performed to ensure that redirect URLs point to trusted domains."
5001
- },
5002
- ["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: {
5003
- issueDescription: "Unsafe Target Blank occurs when developers use the target='_blank' attribute without the rel='noopener' attribute in anchor tags. This can lead to security vulnerabilities such as tabnabbing or reverse tabnabbing, allowing attackers to hijack user sessions or perform phishing attacks.",
5004
- fixInstructions: "Ensure that anchor tags with target='_blank' attribute include the rel='noopener' attribute to prevent potential security vulnerabilities. This prevents the newly opened page from accessing the window.opener property, mitigating the risk of tabnabbing or reverse tabnabbing attacks."
5005
- },
5006
- ["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: {
5007
- issueDescription: "IFrame Without Sandbox occurs when <iframe> elements are used without the 'sandbox' attribute, allowing potentially malicious content to execute in the context of the parent page.",
5008
- fixInstructions: "Use the 'sandbox' attribute to restrict the capabilities of <iframe> elements, isolating potentially untrusted content from the parent page. This helps mitigate the risk of malicious code execution and prevents attacks such as clickjacking."
5009
- },
5010
- ["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: {
5011
- issueDescription: "JQuery Deprecated Symbols refers to the use of deprecated or removed functions, methods, or symbols in jQuery libraries. This can lead to compatibility issues, security vulnerabilities, or performance degradation in applications.",
5012
- fixInstructions: "Replace deprecated symbols with recommended alternatives."
5013
- },
5014
- ["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: {
5015
- issueDescription: "Deprecated Function refers to the use of functions, methods, or features that have been deprecated in programming languages or frameworks. This can lead to compatibility issues, security vulnerabilities, or performance degradation in applications.",
5016
- fixInstructions: "Update code to replace deprecated functions with recommended alternatives provided by the language or framework."
5017
- },
5018
- ["HARDCODED_SECRETS" /* HardcodedSecrets */]: {
5019
- issueDescription: "Hardcoded Secrets refers to the practice of embedding sensitive information such as passwords, API keys, or cryptographic keys directly into source code or configuration files. This can lead to inadvertent exposure of credentials and potential security breaches if the code is shared or leaked.",
5020
- fixInstructions: "Remove hardcoded sensitive information in source code or configuration files. Instead, sensitive data should be stored securely using encryption or secure credential management solutions."
5021
- },
5022
- ["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: {
5023
- issueDescription: "GraphQL Depth Limit refers to the lack of restrictions on query depth in GraphQL implementations, allowing attackers to execute complex and resource-intensive queries. This can lead to denial of service or excessive resource consumption.",
5024
- fixInstructions: "Implement depth limits and query complexity thresholds in GraphQL schemas to restrict the complexity of incoming queries."
5025
- },
5026
- ["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: {
5027
- issueDescription: "System Information Leak occurs when sensitive system information is inadvertently disclosed to external entities, potentially aiding attackers in identifying vulnerabilities or targets.",
5028
- fixInstructions: "Review and restrict the amount of system information exposed to external entities such as third-party APIs or integrations."
5029
- },
5030
- ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: {
5031
- issueDescription: "Insecure Randomness refers to the use of insecure or predictable random number generation algorithms, leading to weak cryptographic keys, session tokens, or initialization vectors. This can facilitate brute-force attacks or cryptographic exploits.",
5032
- fixInstructions: "Use secure random number generation algorithms provided by cryptographic libraries or frameworks."
5033
- },
5034
- ["TYPE_CONFUSION" /* TypeConfusion */]: {
5035
- issueDescription: "Type Confusion occurs in programming languages with weak typing systems when an attacker manipulates object types to bypass type checks or exploit memory corruption vulnerabilities. This can lead to arbitrary code execution or unauthorized access to sensitive data.",
5036
- fixInstructions: "Implement strict type checking and validation to prevent type confusion vulnerabilities."
5037
- },
5038
- ["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: {
5039
- issueDescription: "Incomplete URL Sanitization occurs when user-supplied URLs are not properly sanitized, allowing attackers to inject malicious content or bypass security controls. This can lead to security vulnerabilities such as XSS attacks, open redirect, or SSRF.",
5040
- fixInstructions: "Implement thorough URL validation and/or sanitization to ensure that user-supplied URLs conform to expected formats and do not contain malicious content."
5041
- },
5042
- ["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: {
5043
- issueDescription: "Unsafe Deserialization occurs when attackers manipulate serialized objects to execute arbitrary code or bypass security controls. This can lead to remote code execution, privilege escalation, or data tampering.",
5044
- fixInstructions: "Implement strict validation and integrity checks on serialized objects."
5045
- },
5046
- ["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: {
5047
- issueDescription: "Improper Resource Shutdown or Release refers to situations where system resources such as file handles, database connections, or network sockets are not properly closed or released after use. This can lead to resource exhaustion, denial of service, or memory leaks.",
5048
- fixInstructions: "Ensure that system resources are consistently closed or released after use. Using try-with resources blocks, finalizers, or dedicated resource management libraries can help mitigate the risk of improper resource shutdown or release vulnerabilities."
5049
- },
5050
- ["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: {
5051
- issueDescription: "Improper Exception Handling occurs when exceptions are not handled or propagated correctly, leading to unexpected behavior, security vulnerabilities, or application crashes.",
5052
- fixInstructions: "Implement exception handling to gracefully handle unexpected errors."
5053
- },
5054
- ["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: {
5055
- issueDescription: "Missing Anti-Forgery Validation occurs when web applications do not properly validate or enforce anti-forgery tokens, allowing attackers to forge or replay requests from authenticated users.",
5056
- fixInstructions: "Implement anti-forgery measures to validate the authenticity of user-submitted requests."
5057
- },
5058
- ["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: {
5059
- issueDescription: "Insecure Binder Configuration refers to misconfigurations in application frameworks or dependency injection containers, leading to security vulnerabilities such as injection attacks or privilege escalation.",
5060
- fixInstructions: "Secure binder configurations to prevent injection attacks and enforce least privilege principles. Configurations should be restricted to trusted sources and sanitized to prevent unauthorized access or manipulation."
5061
- },
5062
- ["NULL_DEREFERENCE" /* NullDereference */]: {
5063
- issueDescription: "Null Dereference occurs when null or uninitialized pointers are dereferenced, leading to application crashes or security vulnerabilities. Attackers can exploit this to cause denial of service or execute arbitrary code.",
5064
- fixInstructions: "Implement proper null checks and error handling mechanisms. Null values should be handled gracefully to avoid unexpected behavior or security issues."
5065
- },
5066
- ["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: {
5067
- issueDescription: "Dangerous Function Overflow occurs when functions or methods are called with parameters that exceed predefined limits, leading to buffer overflows or memory corruption vulnerabilities.",
5068
- fixInstructions: "Implement proper input validation and bounds checking to prevent dangerous function overflows. Functions should be designed to handle input within safe limits and gracefully reject or truncate input that exceeds these limits."
5069
- },
5070
- ["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: {
5071
- issueDescription: "Default Rights in Object Definition refers to situations where SQL objects are created with default or excessive permissions, leading to security vulnerabilities such as privilege escalation or unauthorized access.",
5072
- fixInstructions: "Restrict default permissions in object definitions to enforce least privilege principles. Objects should be created with the minimum necessary permissions required for their intended functionality."
5073
- },
5074
- ["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: {
5075
- issueDescription: "Weak XML Schema Unbounded Occurrences refers to the lack of restrictions on the maximum number of occurrences for elements or attributes in XML schemas. This can lead to denial of service or resource exhaustion attacks by causing excessive memory consumption or processing overhead.",
5076
- fixInstructions: "Impose limits on the maximum number of occurrences for elements or attributes in XML schemas to prevent resource exhaustion attacks."
5077
- },
5078
- ["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: void 0,
5079
- ["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: void 0,
5080
- ["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: void 0,
5081
- ["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: void 0,
5082
- ["PROTOTYPE_POLLUTION" /* PrototypePollution */]: void 0,
5083
- ["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: void 0,
5084
- ["HEADER_MANIPULATION" /* HeaderManipulation */]: void 0,
5085
- ["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: {
5086
- issueDescription: "Missing equals or hashcode method can lead to unexpected behavior in collections. If two objects are equal, they should have the same hashcode.",
5087
- fixInstructions: "Add the missing methods to ensure proper behavior in collections."
5088
- },
5089
- ["VALUE_NEVER_READ" /* ValueNeverRead */]: {
5090
- issueDescription: "The variable's value is not used. After the assignment, the variable is either assigned another value or goes out of scope.",
5091
- fixInstructions: "Remove the assignment to the variable."
5092
- },
5093
- ["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: void 0,
5094
- ["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: void 0,
5095
- ["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: void 0,
5096
- ["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: void 0,
5097
- ["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: void 0,
5098
- ["PRIVACY_VIOLATION" /* PrivacyViolation */]: void 0,
5099
- ["VALUE_SHADOWING" /* ValueShadowing */]: void 0,
5100
- ["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: void 0,
5101
- ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: void 0,
5102
- ["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: void 0,
5103
- ["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: void 0,
5104
- ["DEBUG_ENABLED" /* DebugEnabled */]: void 0,
5105
- ["CONFUSING_NAMING" /* ConfusingNaming */]: {
5106
- issueDescription: "A data member and a function have the same name which can be confusing to the developer.",
5107
- fixInstructions: "Rename the data member to avoid confusion."
5108
- },
5109
- ["J2EE_GET_CONNECTION" /* J2EeGetConnection */]: void 0,
5110
- ["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: void 0,
5111
- ["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: void 0,
5112
- ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: void 0,
5113
- ["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: void 0,
5114
- ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: {
5115
- issueDescription: "Auto Escape False occurs when automatic escaping is disabled in template engines, allowing untrusted data to be rendered without proper encoding. This can lead to Cross-Site Scripting (XSS) vulnerabilities.",
5116
- fixInstructions: "Set auto escape to true."
5117
- },
5118
- ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: {
5119
- issueDescription: "The lack of a rate limit can allow denial-of-service attacks, in which an attacker can cause the application to crash or become unresponsive by issuing a large number of requests simultaneously.",
5120
- fixInstructions: "Use express-rate-limit npm package to set a rate limit."
5121
- },
5122
- ["MISSING_CSP_HEADER" /* MissingCspHeader */]: void 0,
5123
- ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: void 0,
5124
- ["HEAP_INSPECTION" /* HeapInspection */]: {
5125
- issueDescription: "All variables stored by the application in unencrypted memory can be read by an attacker. This can lead to the exposure of sensitive information, such as passwords, credit card numbers, and personal data.",
5126
- fixInstructions: "Use secure storage methods to store secrets in memory."
5127
- },
5128
- ["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: {
5129
- issueDescription: "Client DOM Stored Code Injection is a client-side security vulnerability where malicious JavaScript code gets stored in the DOM and later executed when retrieved by legitimate scripts.",
5130
- fixInstructions: "Update the code to avoid the possibility for malicious JavaScript code to get stored in the DOM."
5131
- },
5132
- ["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: void 0,
5133
- ["NON_READONLY_FIELD" /* NonReadonlyField */]: void 0,
5134
- ["CSRF" /* Csrf */]: {
5135
- issueDescription: "Cross Site Request Forgery is an attack that forces an end user to execute unwanted actions on a web application in which they\u2019re currently authenticated.",
5136
- fixInstructions: "Configure a CSRF protection mechanism, such as a CSRF token, in your application."
5137
- },
5138
- ["WEAK_ENCRYPTION" /* WeakEncryption */]: void 0,
5139
- ["CODE_IN_COMMENT" /* CodeInComment */]: void 0,
5140
- ["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: void 0,
5141
- ["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: void 0,
5142
- ["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: void 0,
5143
- ["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: void 0,
5144
- ["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: void 0,
5145
- ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: void 0,
5146
- ["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: void 0,
5147
- ["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: void 0,
5148
- ["MODIFIED_DEFAULT_PARAM" /* ModifiedDefaultParam */]: void 0,
5149
- ["UNSAFE_WEB_THREAD" /* UnsafeWebThread */]: void 0,
5150
- ["NO_VAR" /* NoVar */]: void 0,
5151
- ["INSECURE_TMP_FILE" /* InsecureTmpFile */]: void 0,
5152
- ["RETURN_SHOULD_NOT_BE_INVARIANT" /* ReturnShouldNotBeInvariant */]: void 0,
5153
- ["SYSTEM_EXIT_SHOULD_RERAISE" /* SystemExitShouldReraise */]: void 0,
5154
- ["NO_RETURN_IN_FINALLY" /* NoReturnInFinally */]: void 0,
5155
- ["AVOID_IDENTITY_COMPARISON_CACHED_TYPES" /* AvoidIdentityComparisonCachedTypes */]: void 0,
5156
- ["AVOID_BUILTIN_SHADOWING" /* AvoidBuiltinShadowing */]: void 0,
5157
- ["IMPROPER_STRING_FORMATTING" /* ImproperStringFormatting */]: void 0,
5158
- ["WILDCARD_IMPORTS" /* WildcardImports */]: void 0,
5159
- ["TAR_SLIP" /* TarSlip */]: void 0,
5160
- ["MISSING_WHITESPACE" /* MissingWhitespace */]: void 0,
5161
- ["NO_PRINT_STATEMENT" /* NoPrintStatement */]: void 0,
5162
- ["NO_OP_OVERHEAD" /* NoOpOverhead */]: void 0,
5163
- ["DO_NOT_RAISE_EXCEPTION" /* DoNotRaiseException */]: void 0,
5164
- ["DECLARE_VARIABLE_EXPLICITLY" /* DeclareVariableExplicitly */]: void 0,
5165
- ["UNNECESSARY_IMPORTS" /* UnnecessaryImports */]: void 0,
5166
- ["NO_NESTED_TRY" /* NoNestedTry */]: void 0,
5167
- ["REDOS" /* Redos */]: void 0,
5168
- ["DO_NOT_THROW_GENERIC_EXCEPTION" /* DoNotThrowGenericException */]: void 0,
5169
- ["BUFFER_OVERFLOW" /* BufferOverflow */]: {
5170
- issueDescription: "Buffer Overflow occurs when a program writes data beyond the allocated memory space, leading to unexpected behavior or security vulnerabilities.",
5171
- fixInstructions: "Implement proper input validation and bounds checking to prevent buffer overflows. Use safe string manipulation functions and ensure that the buffer size is properly managed."
5172
- },
5173
- ["STRING_TERMINATION_ERROR" /* StringTerminationError */]: {
5174
- issueDescription: "String Termination Error occurs when a string is not properly terminated, leading to unexpected behavior or security vulnerabilities.",
5175
- fixInstructions: "Implement proper input validation and bounds checking to prevent string termination errors. Use safe string manipulation functions and ensure that the buffer size is properly managed."
5176
- },
5177
- ["HTTP_PARAMETER_POLLUTION" /* HttpParameterPollution */]: {
5178
- issueDescription: "HTTP Parameter Pollution occurs when an attacker can manipulate the parameters of an HTTP request to change the behavior of the server.",
5179
- fixInstructions: "Implement proper input validation and bounds checking to prevent HTTP parameter pollution. Use safe string manipulation functions and ensure that the buffer size is properly managed."
5180
- },
5181
- ["INCOMPLETE_SANITIZATION" /* IncompleteSanitization */]: void 0,
5182
- ["CREDENTIAL_DISCLOSURE" /* CredentialDisclosure */]: void 0,
5183
- ["INSECURE_POSTMESSAGE" /* InsecurePostmessage */]: void 0,
5184
- ["MISSING_USER" /* MissingUser */]: {
5185
- issueDescription: "Missing User occurs when a user is not specified in the Dockerfile, leading to security vulnerabilities.",
5186
- fixInstructions: "Specify a user in the Dockerfile to prevent security vulnerabilities."
5187
- },
5188
- ["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: void 0,
5189
- ["PORT_ALL_INTERFACES" /* PortAllInterfaces */]: void 0,
5190
- ["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: void 0,
5191
- ["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: void 0,
5192
- ["USELESS_TERNARY" /* UselessTernary */]: void 0,
5193
- ["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: void 0,
5194
- ["USE_SYS_EXIT" /* UseSysExit */]: void 0,
5195
- ["INCORRECT_SQL_API_USAGE" /* IncorrectSqlApiUsage */]: void 0,
5196
- ["USE_RAISE_FOR_STATUS" /* UseRaiseForStatus */]: void 0,
5197
- ["USE_TIMEOUT" /* UseTimeout */]: void 0,
5198
- ["USELESS_IF_BODY" /* UselessIfBody */]: void 0,
5199
- ["MISSING_TEMPLATE_STRING_INDICATOR" /* MissingTemplateStringIndicator */]: void 0,
5200
- ["NO_ASSERT" /* NoAssert */]: void 0,
5201
- ["FUNCTION_CALL_WITHOUT_PARENTHESES" /* FunctionCallWithoutParentheses */]: void 0,
5202
- ["SPRING_DEFAULT_PERMIT" /* SpringDefaultPermit */]: void 0,
5203
- ["RETURN_IN_INIT" /* ReturnInInit */]: void 0,
5204
- ["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: void 0,
5205
- ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
5206
- ["REDUNDANT_CONDITION" /* RedundantCondition */]: void 0,
5207
- ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
5208
- ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0,
5209
- ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0,
5210
- ["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: void 0,
5211
- ["MISSING_X_FRAME_OPTIONS" /* MissingXFrameOptions */]: void 0,
5212
- ["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: void 0,
5213
- ["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: void 0,
5214
- ["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: void 0,
5215
- ["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: void 0,
5216
- ["UNSAFE_REFLECTION" /* UnsafeReflection */]: void 0,
5217
- ["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: {
5218
- issueDescription: "AWS SQS queue contents are unencrypted; data could be read if the queue is compromised.",
5219
- fixInstructions: "Enable server-side encryption by setting sqs_managed_sse_enabled = true, or supply a KMS key via kms_master_key_id."
5220
- },
5221
- ["INSECURE_DESERIALIZATION" /* InsecureDeserialization */]: void 0,
5222
- ["AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED" /* AwsDynamodbPointInTimeRecoveryDisabled */]: {
5223
- issueDescription: "AWS DynamoDB table has point-in-time recovery disabled; accidental or malicious writes/deletes cannot be rolled back from a known-good snapshot.",
5224
- fixInstructions: "Enable point-in-time recovery by adding `point_in_time_recovery { enabled = true }` to the aws_dynamodb_table resource."
5225
- },
5226
- ["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: {
5227
- issueDescription: "Decoding a JWT with `JWT.decode()` only base64-decodes the token without checking its signature, so an attacker can forge a token with arbitrary claims (identity, roles, expiration) and have it trusted. CWE-345, OWASP A08:2021 Software and Data Integrity Failures.",
5228
- fixInstructions: "Verify the signature before trusting any claims: build a verifier with the expected algorithm and secret/key (e.g. `JWT.require(Algorithm.HMAC256(secret)).build().verify(token)`) instead of calling `JWT.decode(token)`. After merging, confirm the verifier is configured with the same algorithm and secret/key used to sign your tokens \u2014 an incorrect or placeholder secret will make verification throw `JWTVerificationException` at runtime and reject legitimate tokens."
5229
- },
5230
- ["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: void 0
5231
- };
5232
-
5233
- // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
5234
4601
  init_getIssueType();
4602
+ init_issueTypeCatalog();
5235
4603
  var severityToEmoji = {
5236
4604
  ["critical" /* Critical */]: "\u{1F6A8}",
5237
4605
  ["high" /* High */]: "\u{1F6A9}",
@@ -5244,14 +4612,12 @@ init_getIssueType();
5244
4612
 
5245
4613
  // src/features/analysis/scm/shared/src/guidances.ts
5246
4614
  init_client_generates();
5247
- import { z as z12 } from "zod";
4615
+ init_getIssueType();
4616
+ import { z as z11 } from "zod";
5248
4617
 
5249
4618
  // src/features/analysis/scm/shared/src/storedFixData/index.ts
5250
4619
  init_client_generates();
5251
- import { z as z10 } from "zod";
5252
-
5253
- // src/features/analysis/scm/shared/src/storedFixData/csharp/index.ts
5254
- init_client_generates();
4620
+ import { z as z9 } from "zod";
5255
4621
 
5256
4622
  // src/features/analysis/scm/shared/src/storedFixData/passwordInComment.ts
5257
4623
  var passwordInComment = {
@@ -5288,8 +4654,8 @@ This is an illustration of how the form will look like:
5288
4654
 
5289
4655
  // src/features/analysis/scm/shared/src/storedFixData/csharp/index.ts
5290
4656
  var vulnerabilities = {
5291
- ["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: missingAntiForgeryValidation,
5292
- ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment
4657
+ ["MISSING_ANTIFORGERY_VALIDATION"]: missingAntiForgeryValidation,
4658
+ ["PASSWORD_IN_COMMENT"]: passwordInComment
5293
4659
  };
5294
4660
  var csharp_default = vulnerabilities;
5295
4661
 
@@ -5305,9 +4671,6 @@ var go_default = vulnerabilities3;
5305
4671
  var vulnerabilities4 = {};
5306
4672
  var hcl_default = vulnerabilities4;
5307
4673
 
5308
- // src/features/analysis/scm/shared/src/storedFixData/java/index.ts
5309
- init_client_generates();
5310
-
5311
4674
  // src/features/analysis/scm/shared/src/storedFixData/java/insecureDeserialization.ts
5312
4675
  var insecureDeserialization = {
5313
4676
  guidance: () => "Added a `@Consumes` annotation restricting the endpoint to common safe media types (JSON, XML, form, multipart, octet-stream, plain text). Requests with `Content-Type: application/x-java-serialized-object` are no longer routed to the RESTEasy `SerializableProvider`. If your endpoint legitimately accepts a content type not in this allowlist (e.g. `image/png`, a custom JSON variant), expect HTTP 415 from those clients and extend the `@Consumes` list to include it."
@@ -5364,17 +4727,14 @@ var systemInformationLeak = {
5364
4727
 
5365
4728
  // src/features/analysis/scm/shared/src/storedFixData/java/index.ts
5366
4729
  var vulnerabilities5 = {
5367
- ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment,
5368
- ["INSECURE_DESERIALIZATION" /* InsecureDeserialization */]: insecureDeserialization,
5369
- ["J2EE_GET_CONNECTION" /* J2EeGetConnection */]: j2eeGetConnection,
5370
- ["SQL_Injection" /* SqlInjection */]: sqlInjection,
5371
- ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: systemInformationLeak
4730
+ ["PASSWORD_IN_COMMENT"]: passwordInComment,
4731
+ ["INSECURE_DESERIALIZATION"]: insecureDeserialization,
4732
+ ["J2EE_GET_CONNECTION"]: j2eeGetConnection,
4733
+ ["SQL_Injection"]: sqlInjection,
4734
+ ["SYSTEM_INFORMATION_LEAK"]: systemInformationLeak
5372
4735
  };
5373
4736
  var java_default = vulnerabilities5;
5374
4737
 
5375
- // src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
5376
- init_client_generates();
5377
-
5378
4738
  // src/features/analysis/scm/shared/src/storedFixData/python/csrf.ts
5379
4739
  var csrf = {
5380
4740
  guidance: () => `Please make sure the CSRF middleware is activated by default in the MIDDLEWARE setting. If you override that setting, remember that \`django.middleware.csrf.CsrfViewMiddleware\` should come before any view middleware that assume that CSRF attacks have been dealt with.
@@ -5417,11 +4777,11 @@ var ssrf = {
5417
4777
 
5418
4778
  // src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
5419
4779
  var vulnerabilities6 = {
5420
- ["SSRF" /* Ssrf */]: ssrf,
5421
- ["HARDCODED_SECRETS" /* HardcodedSecrets */]: hardcodedSecrets,
5422
- ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment,
5423
- ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: noLimitsOrThrottling,
5424
- ["CSRF" /* Csrf */]: csrf
4780
+ ["SSRF"]: ssrf,
4781
+ ["HARDCODED_SECRETS"]: hardcodedSecrets,
4782
+ ["PASSWORD_IN_COMMENT"]: passwordInComment,
4783
+ ["NO_LIMITS_OR_THROTTLING"]: noLimitsOrThrottling,
4784
+ ["CSRF"]: csrf
5425
4785
  };
5426
4786
  var javascript_default = vulnerabilities6;
5427
4787
 
@@ -5429,9 +4789,6 @@ var javascript_default = vulnerabilities6;
5429
4789
  var vulnerabilities7 = {};
5430
4790
  var php_default = vulnerabilities7;
5431
4791
 
5432
- // src/features/analysis/scm/shared/src/storedFixData/python/index.ts
5433
- init_client_generates();
5434
-
5435
4792
  // src/features/analysis/scm/shared/src/storedFixData/python/autoEscapeFalse.ts
5436
4793
  var autoEscapeFalse = {
5437
4794
  guidance: () => `This fix enables automatic escaping for HTML. When that's enabled, everything is escaped by default except for values explicitly marked as safe. Variables and expressions can be marked as safe either in:
@@ -5466,15 +4823,12 @@ See the [\`requests\` SSL verification docs](https://requests.readthedocs.io/en/
5466
4823
 
5467
4824
  // src/features/analysis/scm/shared/src/storedFixData/python/index.ts
5468
4825
  var vulnerabilities8 = {
5469
- ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: autoEscapeFalse,
5470
- ["CSRF" /* Csrf */]: csrf,
5471
- ["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: improperCertificateValidation
4826
+ ["AUTO_ESCAPE_FALSE"]: autoEscapeFalse,
4827
+ ["CSRF"]: csrf,
4828
+ ["IMPROPER_CERTIFICATE_VALIDATION"]: improperCertificateValidation
5472
4829
  };
5473
4830
  var python_default = vulnerabilities8;
5474
4831
 
5475
- // src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
5476
- init_client_generates();
5477
-
5478
4832
  // src/features/analysis/scm/shared/src/storedFixData/sql/defaultRightsInObjDefinition.ts
5479
4833
  var defaultRightsInObjDefinition = {
5480
4834
  guidance: () => "***Make sure the user who is supposed to run the procedure has sufficient permissions.***\n\nRead more details about the `EXECUTE AS` statement in [the official Microsoft documentation](https://learn.microsoft.com/en-us/sql/t-sql/statements/execute-as-clause-transact-sql?view=sql-server-ver16&tabs=sqlserver).\n\n`EXECUTE AS CALLER` is the default behavior for SQL Server 2005 and later."
@@ -5482,20 +4836,19 @@ var defaultRightsInObjDefinition = {
5482
4836
 
5483
4837
  // src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
5484
4838
  var vulnerabilities9 = {
5485
- ["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: defaultRightsInObjDefinition
4839
+ ["DEFAULT_RIGHTS_IN_OBJ_DEFINITION"]: defaultRightsInObjDefinition
5486
4840
  };
5487
4841
  var sql_default = vulnerabilities9;
5488
4842
 
5489
4843
  // src/features/analysis/scm/shared/src/storedFixData/xml/index.ts
5490
- init_client_generates();
5491
4844
  var vulnerabilities10 = {
5492
- ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: passwordInComment
4845
+ ["PASSWORD_IN_COMMENT"]: passwordInComment
5493
4846
  };
5494
4847
  var xml_default = vulnerabilities10;
5495
4848
 
5496
4849
  // src/features/analysis/scm/shared/src/storedFixData/index.ts
5497
- var StoredFixDataItemZ = z10.object({
5498
- guidance: z10.function().returns(z10.string())
4850
+ var StoredFixDataItemZ = z9.object({
4851
+ guidance: z9.function().args(z9.any()).returns(z9.string())
5499
4852
  });
5500
4853
  var languages = {
5501
4854
  ["Java" /* Java */]: java_default,
@@ -5512,10 +4865,7 @@ var languages = {
5512
4865
 
5513
4866
  // src/features/analysis/scm/shared/src/storedQuestionData/index.ts
5514
4867
  init_client_generates();
5515
- import { z as z11 } from "zod";
5516
-
5517
- // src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
5518
- init_client_generates();
4868
+ import { z as z10 } from "zod";
5519
4869
 
5520
4870
  // src/features/analysis/scm/shared/src/storedQuestionData/cpp/commandInjection.ts
5521
4871
  var commandInjection = {
@@ -5561,14 +4911,11 @@ var pathManipulation = {
5561
4911
 
5562
4912
  // src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
5563
4913
  var vulnerabilities11 = {
5564
- ["CMDi" /* CmDi */]: commandInjection,
5565
- ["PT" /* Pt */]: pathManipulation
4914
+ ["CMDi"]: commandInjection,
4915
+ ["PT"]: pathManipulation
5566
4916
  };
5567
4917
  var cpp_default = vulnerabilities11;
5568
4918
 
5569
- // src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
5570
- init_client_generates();
5571
-
5572
4919
  // src/features/analysis/scm/shared/src/storedQuestionData/csharp/httpOnlyCookie.ts
5573
4920
  var httpOnlyCookie = {
5574
4921
  httpOnlyCookie: {
@@ -5863,31 +5210,28 @@ var xxe = {
5863
5210
 
5864
5211
  // src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
5865
5212
  var vulnerabilities12 = {
5866
- ["LOG_FORGING" /* LogForging */]: logForging,
5867
- ["SSRF" /* Ssrf */]: ssrf2,
5868
- ["XXE" /* Xxe */]: xxe,
5869
- ["XSS" /* Xss */]: xss,
5870
- ["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: useOfSystemOutputStream,
5871
- ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: sysLeak,
5872
- ["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: overlyBroadCatch,
5873
- ["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: trustBoundaryViolation,
5874
- ["PT" /* Pt */]: pt,
5875
- ["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: regexMissingTimeout,
5876
- ["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: httpOnlyCookie,
5877
- ["INSECURE_COOKIE" /* InsecureCookie */]: insecureCookie,
5878
- ["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: wcfMisconfigurationThrottlingNotEnabled,
5879
- ["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: insecureBinderConfiguration,
5880
- ["VALUE_SHADOWING" /* ValueShadowing */]: valueShadowing,
5881
- ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness,
5882
- ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: insufficientLogging,
5883
- ["SQL_Injection" /* SqlInjection */]: sqlInjection2,
5884
- ["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: requestParametersBoundViaInput
5213
+ ["LOG_FORGING"]: logForging,
5214
+ ["SSRF"]: ssrf2,
5215
+ ["XXE"]: xxe,
5216
+ ["XSS"]: xss,
5217
+ ["USE_OF_SYSTEM_OUTPUT_STREAM"]: useOfSystemOutputStream,
5218
+ ["SYSTEM_INFORMATION_LEAK"]: sysLeak,
5219
+ ["OVERLY_BROAD_CATCH"]: overlyBroadCatch,
5220
+ ["TRUST_BOUNDARY_VIOLATION"]: trustBoundaryViolation,
5221
+ ["PT"]: pt,
5222
+ ["REGEX_MISSING_TIMEOUT"]: regexMissingTimeout,
5223
+ ["HTTP_ONLY_COOKIE"]: httpOnlyCookie,
5224
+ ["INSECURE_COOKIE"]: insecureCookie,
5225
+ ["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED"]: wcfMisconfigurationThrottlingNotEnabled,
5226
+ ["INSECURE_BINDER_CONFIGURATION"]: insecureBinderConfiguration,
5227
+ ["VALUE_SHADOWING"]: valueShadowing,
5228
+ ["INSECURE_RANDOMNESS"]: insecureRandomness,
5229
+ ["INSUFFICIENT_LOGGING"]: insufficientLogging,
5230
+ ["SQL_Injection"]: sqlInjection2,
5231
+ ["REQUEST_PARAMETERS_BOUND_VIA_INPUT"]: requestParametersBoundViaInput
5885
5232
  };
5886
5233
  var csharp_default2 = vulnerabilities12;
5887
5234
 
5888
- // src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
5889
- init_client_generates();
5890
-
5891
5235
  // src/features/analysis/scm/shared/src/storedQuestionData/go/logForging.ts
5892
5236
  var logForging2 = {
5893
5237
  isHtmlDisplay: {
@@ -5917,15 +5261,12 @@ var websocketMissingOriginCheck = {
5917
5261
 
5918
5262
  // src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
5919
5263
  var vulnerabilities13 = {
5920
- ["LOG_FORGING" /* LogForging */]: logForging2,
5921
- ["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: missingSslMinversion,
5922
- ["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: websocketMissingOriginCheck
5264
+ ["LOG_FORGING"]: logForging2,
5265
+ ["MISSING_SSL_MINVERSION"]: missingSslMinversion,
5266
+ ["WEBSOCKET_MISSING_ORIGIN_CHECK"]: websocketMissingOriginCheck
5923
5267
  };
5924
5268
  var go_default2 = vulnerabilities13;
5925
5269
 
5926
- // src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
5927
- init_client_generates();
5928
-
5929
5270
  // src/features/analysis/scm/shared/src/storedQuestionData/java/commandInjection.ts
5930
5271
  var commandInjection2 = {
5931
5272
  isUnixShellCommandPart: {
@@ -6382,38 +5723,35 @@ var xxe2 = {
6382
5723
 
6383
5724
  // src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
6384
5725
  var vulnerabilities14 = {
6385
- ["SQL_Injection" /* SqlInjection */]: sqlInjection3,
6386
- ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: relativePathCommand,
6387
- ["CMDi" /* CmDi */]: commandInjection2,
6388
- ["CONFUSING_NAMING" /* ConfusingNaming */]: confusingNaming,
6389
- ["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: errorConditionWithoutAction,
6390
- ["XXE" /* Xxe */]: xxe2,
6391
- ["XSS" /* Xss */]: xss2,
6392
- ["PRIVACY_VIOLATION" /* PrivacyViolation */]: privacyViolation,
6393
- ["PT" /* Pt */]: pt2,
6394
- ["SSRF" /* Ssrf */]: ssrf3,
6395
- ["LOG_FORGING" /* LogForging */]: logForging3,
6396
- ["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: localeDependentComparison,
6397
- ["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: missingCheckAgainstNull,
6398
- ["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect,
6399
- ["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: overlyBroadCatch2,
6400
- ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: sysLeak2,
6401
- ["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: useOfSystemOutputStream2,
6402
- ["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: httpOnlyCookie2,
6403
- ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition,
6404
- ["INSECURE_COOKIE" /* InsecureCookie */]: insecureCookie2,
6405
- ["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: trustBoundaryViolation2,
6406
- ["UNSAFE_REFLECTION" /* UnsafeReflection */]: unsafeReflection,
6407
- ["J2EE_GET_CONNECTION" /* J2EeGetConnection */]: j2eeGetConnection2,
6408
- ["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: leftoverDebugCode,
6409
- ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: erroneousStringCompare,
6410
- ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings
5726
+ ["SQL_Injection"]: sqlInjection3,
5727
+ ["CMDi_relative_path_command"]: relativePathCommand,
5728
+ ["CMDi"]: commandInjection2,
5729
+ ["CONFUSING_NAMING"]: confusingNaming,
5730
+ ["ERROR_CONDTION_WITHOUT_ACTION"]: errorConditionWithoutAction,
5731
+ ["XXE"]: xxe2,
5732
+ ["XSS"]: xss2,
5733
+ ["PRIVACY_VIOLATION"]: privacyViolation,
5734
+ ["PT"]: pt2,
5735
+ ["SSRF"]: ssrf3,
5736
+ ["LOG_FORGING"]: logForging3,
5737
+ ["LOCALE_DEPENDENT_COMPARISON"]: localeDependentComparison,
5738
+ ["MISSING_CHECK_AGAINST_NULL"]: missingCheckAgainstNull,
5739
+ ["OPEN_REDIRECT"]: openRedirect,
5740
+ ["OVERLY_BROAD_CATCH"]: overlyBroadCatch2,
5741
+ ["SYSTEM_INFORMATION_LEAK"]: sysLeak2,
5742
+ ["USE_OF_SYSTEM_OUTPUT_STREAM"]: useOfSystemOutputStream2,
5743
+ ["HTTP_ONLY_COOKIE"]: httpOnlyCookie2,
5744
+ ["UNCHECKED_LOOP_CONDITION"]: uncheckedLoopCondition,
5745
+ ["INSECURE_COOKIE"]: insecureCookie2,
5746
+ ["TRUST_BOUNDARY_VIOLATION"]: trustBoundaryViolation2,
5747
+ ["UNSAFE_REFLECTION"]: unsafeReflection,
5748
+ ["J2EE_GET_CONNECTION"]: j2eeGetConnection2,
5749
+ ["LEFTOVER_DEBUG_CODE"]: leftoverDebugCode,
5750
+ ["ERRONEOUS_STRING_COMPARE"]: erroneousStringCompare,
5751
+ ["DUPLICATED_STRINGS"]: duplicatedStrings
6411
5752
  };
6412
5753
  var java_default2 = vulnerabilities14;
6413
5754
 
6414
- // src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
6415
- init_client_generates();
6416
-
6417
5755
  // src/features/analysis/scm/shared/src/storedQuestionData/python/csrf.ts
6418
5756
  var csrf2 = {
6419
5757
  isPythonDjangoTemplate: {
@@ -6739,33 +6077,30 @@ var xss3 = {
6739
6077
 
6740
6078
  // src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
6741
6079
  var vulnerabilities15 = {
6742
- ["CMDi" /* CmDi */]: commandInjection3,
6743
- ["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: graphqlDepthLimit,
6744
- ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness2,
6745
- ["SSRF" /* Ssrf */]: ssrf4,
6746
- ["TYPE_CONFUSION" /* TypeConfusion */]: typeConfusion,
6747
- ["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: incompleteUrlSanitization,
6748
- ["LOG_FORGING" /* LogForging */]: logForging4,
6749
- ["XSS" /* Xss */]: xss3,
6750
- ["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect2,
6751
- ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: sysLeak3,
6752
- ["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: sysLeakExternal,
6753
- ["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: iframeWithoutSandbox,
6754
- ["PT" /* Pt */]: pt3,
6755
- ["HARDCODED_SECRETS" /* HardcodedSecrets */]: hardcodedSecrets2,
6756
- ["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: headerMaxAge,
6757
- ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition2,
6758
- ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: noLimitsOrThrottling2,
6759
- ["MISSING_CSP_HEADER" /* MissingCspHeader */]: cspHeaderValue,
6760
- ["MISSING_X_FRAME_OPTIONS" /* MissingXFrameOptions */]: xFrameOptionsValue,
6761
- ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: hardcodedDomainInHtml,
6762
- ["CSRF" /* Csrf */]: csrf2
6080
+ ["CMDi"]: commandInjection3,
6081
+ ["GRAPHQL_DEPTH_LIMIT"]: graphqlDepthLimit,
6082
+ ["INSECURE_RANDOMNESS"]: insecureRandomness2,
6083
+ ["SSRF"]: ssrf4,
6084
+ ["TYPE_CONFUSION"]: typeConfusion,
6085
+ ["INCOMPLETE_URL_SANITIZATION"]: incompleteUrlSanitization,
6086
+ ["LOG_FORGING"]: logForging4,
6087
+ ["XSS"]: xss3,
6088
+ ["OPEN_REDIRECT"]: openRedirect2,
6089
+ ["SYSTEM_INFORMATION_LEAK"]: sysLeak3,
6090
+ ["SYSTEM_INFORMATION_LEAK_EXTERNAL"]: sysLeakExternal,
6091
+ ["IFRAME_WITHOUT_SANDBOX"]: iframeWithoutSandbox,
6092
+ ["PT"]: pt3,
6093
+ ["HARDCODED_SECRETS"]: hardcodedSecrets2,
6094
+ ["MISSING_HSTS_HEADER"]: headerMaxAge,
6095
+ ["UNCHECKED_LOOP_CONDITION"]: uncheckedLoopCondition2,
6096
+ ["NO_LIMITS_OR_THROTTLING"]: noLimitsOrThrottling2,
6097
+ ["MISSING_CSP_HEADER"]: cspHeaderValue,
6098
+ ["MISSING_X_FRAME_OPTIONS"]: xFrameOptionsValue,
6099
+ ["HARDCODED_DOMAIN_IN_HTML"]: hardcodedDomainInHtml,
6100
+ ["CSRF"]: csrf2
6763
6101
  };
6764
6102
  var js_default = vulnerabilities15;
6765
6103
 
6766
- // src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
6767
- init_client_generates();
6768
-
6769
6104
  // src/features/analysis/scm/shared/src/storedQuestionData/python/duplicatedStrings.ts
6770
6105
  var duplicatedStrings2 = {
6771
6106
  constantName: {
@@ -6836,19 +6171,16 @@ var uncheckedLoopCondition3 = {
6836
6171
 
6837
6172
  // src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
6838
6173
  var vulnerabilities16 = {
6839
- ["CSRF" /* Csrf */]: csrf2,
6840
- ["LOG_FORGING" /* LogForging */]: logForging5,
6841
- ["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect3,
6842
- ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition3,
6843
- ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings2,
6844
- ["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: missingEncoding,
6845
- ["SSRF" /* Ssrf */]: ssrf5
6174
+ ["CSRF"]: csrf2,
6175
+ ["LOG_FORGING"]: logForging5,
6176
+ ["OPEN_REDIRECT"]: openRedirect3,
6177
+ ["UNCHECKED_LOOP_CONDITION"]: uncheckedLoopCondition3,
6178
+ ["DUPLICATED_STRINGS"]: duplicatedStrings2,
6179
+ ["MISSING_ENCODING_FILE_OPEN"]: missingEncoding,
6180
+ ["SSRF"]: ssrf5
6846
6181
  };
6847
6182
  var python_default2 = vulnerabilities16;
6848
6183
 
6849
- // src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
6850
- init_client_generates();
6851
-
6852
6184
  // src/features/analysis/scm/shared/src/storedQuestionData/xml/unboundedOccurrences.ts
6853
6185
  var unboundedOccurrences = {
6854
6186
  maxOccursLimit: {
@@ -6862,13 +6194,10 @@ A value too high will cause performance issues up to and including denial of ser
6862
6194
 
6863
6195
  // src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
6864
6196
  var vulnerabilities17 = {
6865
- ["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: unboundedOccurrences
6197
+ ["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES"]: unboundedOccurrences
6866
6198
  };
6867
6199
  var xml_default2 = vulnerabilities17;
6868
6200
 
6869
- // src/features/analysis/scm/shared/src/storedQuestionData/yaml/index.ts
6870
- init_client_generates();
6871
-
6872
6201
  // src/features/analysis/scm/shared/src/storedQuestionData/yaml/noNewPrivileges.ts
6873
6202
  var noNewPrivileges = {
6874
6203
  requireNewPrivileges: {
@@ -6898,17 +6227,17 @@ var writableFilesystemService = {
6898
6227
 
6899
6228
  // src/features/analysis/scm/shared/src/storedQuestionData/yaml/index.ts
6900
6229
  var vulnerabilities18 = {
6901
- ["PORT_ALL_INTERFACES" /* PortAllInterfaces */]: portAllInterfaces,
6902
- ["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: writableFilesystemService,
6903
- ["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: noNewPrivileges
6230
+ ["PORT_ALL_INTERFACES"]: portAllInterfaces,
6231
+ ["WRITABLE_FILESYSTEM_SERVICE"]: writableFilesystemService,
6232
+ ["NO_NEW_PRIVILEGES"]: noNewPrivileges
6904
6233
  };
6905
6234
  var yaml_default = vulnerabilities18;
6906
6235
 
6907
6236
  // src/features/analysis/scm/shared/src/storedQuestionData/index.ts
6908
- var StoredQuestionDataItemZ = z11.object({
6909
- content: z11.function().args(z11.any()).returns(z11.string()),
6910
- description: z11.function().args(z11.any()).returns(z11.string()),
6911
- guidance: z11.function().args(z11.any()).returns(z11.string())
6237
+ var StoredQuestionDataItemZ = z10.object({
6238
+ content: z10.function().args(z10.any()).returns(z10.string()),
6239
+ description: z10.function().args(z10.any()).returns(z10.string()),
6240
+ guidance: z10.function().args(z10.any()).returns(z10.string())
6912
6241
  });
6913
6242
  var languages2 = {
6914
6243
  ["Java" /* Java */]: java_default2,
@@ -6922,9 +6251,9 @@ var languages2 = {
6922
6251
  };
6923
6252
 
6924
6253
  // src/features/analysis/scm/shared/src/guidances.ts
6925
- var IssueTypeAndLanguageZ = z12.object({
6926
- issueType: z12.nativeEnum(IssueType_Enum),
6927
- issueLanguage: z12.nativeEnum(IssueLanguage_Enum)
6254
+ var IssueTypeAndLanguageZ = z11.object({
6255
+ issueType: SafeIssueTypeStringZ,
6256
+ issueLanguage: z11.nativeEnum(IssueLanguage_Enum)
6928
6257
  });
6929
6258
 
6930
6259
  // src/features/analysis/scm/shared/src/index.ts
@@ -6934,19 +6263,19 @@ init_urlParser2();
6934
6263
  init_validations();
6935
6264
 
6936
6265
  // src/features/analysis/scm/types.ts
6937
- import { z as z14 } from "zod";
6266
+ import { z as z13 } from "zod";
6938
6267
  var ReferenceType = /* @__PURE__ */ ((ReferenceType2) => {
6939
6268
  ReferenceType2["BRANCH"] = "BRANCH";
6940
6269
  ReferenceType2["COMMIT"] = "COMMIT";
6941
6270
  ReferenceType2["TAG"] = "TAG";
6942
6271
  return ReferenceType2;
6943
6272
  })(ReferenceType || {});
6944
- var GithubFullShaZ = z14.string().regex(/^[a-f0-9]{40}$/);
6945
- var MergedPrSurvivalMetadataZ = z14.object({
6946
- mergeCommitShas: z14.array(GithubFullShaZ).min(1).refine((shas) => new Set(shas).size === shas.length, {
6273
+ var GithubFullShaZ = z13.string().regex(/^[a-f0-9]{40}$/);
6274
+ var MergedPrSurvivalMetadataZ = z13.object({
6275
+ mergeCommitShas: z13.array(GithubFullShaZ).min(1).refine((shas) => new Set(shas).size === shas.length, {
6947
6276
  message: "mergeCommitShas must contain unique SHAs"
6948
6277
  }),
6949
- targetBranch: z14.string().min(1)
6278
+ targetBranch: z13.string().min(1)
6950
6279
  });
6951
6280
  var scmCloudHostname = {
6952
6281
  ["GitLab" /* GitLab */]: new URL(scmCloudUrl.GitLab).hostname,
@@ -6966,10 +6295,10 @@ var scmTypeToScmLibScmType = {
6966
6295
  ["Ado" /* Ado */]: "ADO" /* ADO */,
6967
6296
  ["Bitbucket" /* Bitbucket */]: "BITBUCKET" /* BITBUCKET */
6968
6297
  };
6969
- var GetReferenceResultZ = z14.object({
6970
- date: z14.date().optional(),
6971
- sha: z14.string(),
6972
- type: z14.nativeEnum(ReferenceType)
6298
+ var GetReferenceResultZ = z13.object({
6299
+ date: z13.date().optional(),
6300
+ sha: z13.string(),
6301
+ type: z13.nativeEnum(ReferenceType)
6973
6302
  });
6974
6303
 
6975
6304
  // src/features/analysis/scm/ado/constants.ts
@@ -6981,39 +6310,39 @@ init_env();
6981
6310
  import querystring from "querystring";
6982
6311
  import * as api from "azure-devops-node-api";
6983
6312
  import Debug3 from "debug";
6984
- import { z as z18 } from "zod";
6313
+ import { z as z17 } from "zod";
6985
6314
 
6986
6315
  // src/features/analysis/scm/ado/validation.ts
6987
- import { z as z17 } from "zod";
6988
- var ValidPullRequestStatusZ = z17.union([
6989
- z17.literal(1 /* Active */),
6990
- z17.literal(2 /* Abandoned */),
6991
- z17.literal(3 /* Completed */)
6316
+ import { z as z16 } from "zod";
6317
+ var ValidPullRequestStatusZ = z16.union([
6318
+ z16.literal(1 /* Active */),
6319
+ z16.literal(2 /* Abandoned */),
6320
+ z16.literal(3 /* Completed */)
6992
6321
  ]);
6993
- var AdoAuthResultZ = z17.object({
6994
- access_token: z17.string().min(1),
6995
- token_type: z17.string().min(1),
6996
- refresh_token: z17.string().min(1)
6322
+ var AdoAuthResultZ = z16.object({
6323
+ access_token: z16.string().min(1),
6324
+ token_type: z16.string().min(1),
6325
+ refresh_token: z16.string().min(1)
6997
6326
  });
6998
6327
  var AdoAuthResultWithOrgsZ = AdoAuthResultZ.extend({
6999
- scmOrgs: z17.array(z17.string())
6328
+ scmOrgs: z16.array(z16.string())
7000
6329
  });
7001
- var profileZ = z17.object({
7002
- displayName: z17.string(),
7003
- publicAlias: z17.string().min(1),
7004
- emailAddress: z17.string(),
7005
- coreRevision: z17.number(),
7006
- timeStamp: z17.string(),
7007
- id: z17.string(),
7008
- revision: z17.number()
6330
+ var profileZ = z16.object({
6331
+ displayName: z16.string(),
6332
+ publicAlias: z16.string().min(1),
6333
+ emailAddress: z16.string(),
6334
+ coreRevision: z16.number(),
6335
+ timeStamp: z16.string(),
6336
+ id: z16.string(),
6337
+ revision: z16.number()
7009
6338
  });
7010
- var accountsZ = z17.object({
7011
- count: z17.number(),
7012
- value: z17.array(
7013
- z17.object({
7014
- accountId: z17.string(),
7015
- accountUri: z17.string(),
7016
- accountName: z17.string()
6339
+ var accountsZ = z16.object({
6340
+ count: z16.number(),
6341
+ value: z16.array(
6342
+ z16.object({
6343
+ accountId: z16.string(),
6344
+ accountUri: z16.string(),
6345
+ accountName: z16.string()
7017
6346
  })
7018
6347
  )
7019
6348
  });
@@ -7034,39 +6363,39 @@ import querystring2 from "querystring";
7034
6363
  import * as bitbucketPkgNode from "bitbucket";
7035
6364
  import bitbucketPkg from "bitbucket";
7036
6365
  import Debug4 from "debug";
7037
- import { z as z21 } from "zod";
6366
+ import { z as z20 } from "zod";
7038
6367
 
7039
6368
  // src/features/analysis/scm/bitbucket/validation.ts
7040
- import { z as z20 } from "zod";
7041
- var BitbucketAuthResultZ = z20.object({
7042
- access_token: z20.string(),
7043
- token_type: z20.string(),
7044
- refresh_token: z20.string()
6369
+ import { z as z19 } from "zod";
6370
+ var BitbucketAuthResultZ = z19.object({
6371
+ access_token: z19.string(),
6372
+ token_type: z19.string(),
6373
+ refresh_token: z19.string()
7045
6374
  });
7046
6375
 
7047
6376
  // src/features/analysis/scm/bitbucket/bitbucket.ts
7048
6377
  var debug5 = Debug4("scm:bitbucket");
7049
6378
  var BITBUCKET_HOSTNAME = "bitbucket.org";
7050
- var TokenExpiredErrorZ = z21.object({
7051
- status: z21.number(),
7052
- error: z21.object({
7053
- type: z21.string(),
7054
- error: z21.object({
7055
- message: z21.string()
6379
+ var TokenExpiredErrorZ = z20.object({
6380
+ status: z20.number(),
6381
+ error: z20.object({
6382
+ type: z20.string(),
6383
+ error: z20.object({
6384
+ message: z20.string()
7056
6385
  })
7057
6386
  })
7058
6387
  });
7059
6388
  var BITBUCKET_ACCESS_TOKEN_URL = `https://${BITBUCKET_HOSTNAME}/site/oauth2/access_token`;
7060
- var BitbucketParseResultZ = z21.object({
7061
- organization: z21.string(),
7062
- repoName: z21.string(),
7063
- hostname: z21.literal(BITBUCKET_HOSTNAME)
6389
+ var BitbucketParseResultZ = z20.object({
6390
+ organization: z20.string(),
6391
+ repoName: z20.string(),
6392
+ hostname: z20.literal(BITBUCKET_HOSTNAME)
7064
6393
  });
7065
- var UserWorkspacePermissionsRepositoriesResponseZ = z21.object({
7066
- values: z21.array(
7067
- z21.object({
7068
- repository: z21.object({
7069
- full_name: z21.string().optional()
6394
+ var UserWorkspacePermissionsRepositoriesResponseZ = z20.object({
6395
+ values: z20.array(
6396
+ z20.object({
6397
+ repository: z20.object({
6398
+ full_name: z20.string().optional()
7070
6399
  }).optional()
7071
6400
  })
7072
6401
  ).optional()
@@ -7074,7 +6403,7 @@ var UserWorkspacePermissionsRepositoriesResponseZ = z21.object({
7074
6403
 
7075
6404
  // src/features/analysis/scm/bitbucket/BitbucketSCMLib.ts
7076
6405
  import { setTimeout as setTimeout3 } from "timers/promises";
7077
- import { z as z22 } from "zod";
6406
+ import { z as z21 } from "zod";
7078
6407
 
7079
6408
  // src/features/analysis/scm/constants.ts
7080
6409
  var REPORT_DEFAULT_FILE_NAME = "report.json";
@@ -7084,7 +6413,7 @@ init_env();
7084
6413
 
7085
6414
  // src/features/analysis/scm/github/GithubSCMLib.ts
7086
6415
  import pLimit3 from "p-limit";
7087
- import { z as z23 } from "zod";
6416
+ import { z as z22 } from "zod";
7088
6417
  init_client_generates();
7089
6418
 
7090
6419
  // src/features/analysis/scm/github/github.ts
@@ -7117,11 +6446,11 @@ import {
7117
6446
  init_env();
7118
6447
 
7119
6448
  // src/features/analysis/scm/gitlab/types.ts
7120
- import { z as z24 } from "zod";
7121
- var GitlabAuthResultZ = z24.object({
7122
- access_token: z24.string(),
7123
- token_type: z24.string(),
7124
- refresh_token: z24.string()
6449
+ import { z as z23 } from "zod";
6450
+ var GitlabAuthResultZ = z23.object({
6451
+ access_token: z23.string(),
6452
+ token_type: z23.string(),
6453
+ refresh_token: z23.string()
7125
6454
  });
7126
6455
 
7127
6456
  // src/features/analysis/scm/gitlab/gitlab.ts
@@ -7132,69 +6461,69 @@ import pLimit5 from "p-limit";
7132
6461
  init_client_generates();
7133
6462
 
7134
6463
  // src/features/analysis/scm/scmFactory.ts
7135
- import { z as z25 } from "zod";
6464
+ import { z as z24 } from "zod";
7136
6465
 
7137
6466
  // src/features/analysis/graphql/gql.ts
7138
6467
  init_client_generates();
7139
6468
 
7140
6469
  // src/features/analysis/graphql/types.ts
7141
6470
  init_client_generates();
7142
- import { z as z26 } from "zod";
7143
- var VulnerabilityReportIssueCodeNodeZ = z26.object({
7144
- vulnerabilityReportIssueId: z26.string(),
7145
- path: z26.string(),
7146
- startLine: z26.number(),
7147
- vulnerabilityReportIssue: z26.object({
7148
- fixId: z26.string(),
7149
- category: z26.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
7150
- safeIssueType: z26.string(),
7151
- vulnerabilityReportIssueTags: z26.array(
7152
- z26.object({
7153
- tag: z26.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
6471
+ import { z as z25 } from "zod";
6472
+ var VulnerabilityReportIssueCodeNodeZ = z25.object({
6473
+ vulnerabilityReportIssueId: z25.string(),
6474
+ path: z25.string(),
6475
+ startLine: z25.number(),
6476
+ vulnerabilityReportIssue: z25.object({
6477
+ fixId: z25.string(),
6478
+ category: z25.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
6479
+ safeIssueType: z25.string(),
6480
+ vulnerabilityReportIssueTags: z25.array(
6481
+ z25.object({
6482
+ tag: z25.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
7154
6483
  })
7155
6484
  )
7156
6485
  })
7157
6486
  });
7158
- var VulnerabilityReportIssueNoFixCodeNodeZ = z26.object({
7159
- vulnerabilityReportIssues: z26.array(
7160
- z26.object({
7161
- id: z26.string(),
7162
- fixId: z26.string().nullable(),
7163
- category: z26.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
7164
- safeIssueType: z26.string(),
7165
- fpId: z26.string().uuid().nullable(),
7166
- codeNodes: z26.array(
7167
- z26.object({
7168
- path: z26.string(),
7169
- startLine: z26.number()
6487
+ var VulnerabilityReportIssueNoFixCodeNodeZ = z25.object({
6488
+ vulnerabilityReportIssues: z25.array(
6489
+ z25.object({
6490
+ id: z25.string(),
6491
+ fixId: z25.string().nullable(),
6492
+ category: z25.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
6493
+ safeIssueType: z25.string(),
6494
+ fpId: z25.string().uuid().nullable(),
6495
+ codeNodes: z25.array(
6496
+ z25.object({
6497
+ path: z25.string(),
6498
+ startLine: z25.number()
7170
6499
  })
7171
6500
  ),
7172
- vulnerabilityReportIssueTags: z26.array(
7173
- z26.object({
7174
- tag: z26.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
6501
+ vulnerabilityReportIssueTags: z25.array(
6502
+ z25.object({
6503
+ tag: z25.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
7175
6504
  })
7176
6505
  )
7177
6506
  })
7178
6507
  )
7179
6508
  });
7180
- var GetVulByNodesMetadataZ = z26.object({
7181
- vulnerabilityReportIssueCodeNodes: z26.array(VulnerabilityReportIssueCodeNodeZ),
7182
- nonFixablePrVuls: z26.object({
7183
- aggregate: z26.object({
7184
- count: z26.number()
6509
+ var GetVulByNodesMetadataZ = z25.object({
6510
+ vulnerabilityReportIssueCodeNodes: z25.array(VulnerabilityReportIssueCodeNodeZ),
6511
+ nonFixablePrVuls: z25.object({
6512
+ aggregate: z25.object({
6513
+ count: z25.number()
7185
6514
  })
7186
6515
  }),
7187
- fixablePrVuls: z26.object({
7188
- aggregate: z26.object({
7189
- count: z26.number()
6516
+ fixablePrVuls: z25.object({
6517
+ aggregate: z25.object({
6518
+ count: z25.number()
7190
6519
  })
7191
6520
  }),
7192
- totalScanVulnerabilities: z26.object({
7193
- aggregate: z26.object({
7194
- count: z26.number()
6521
+ totalScanVulnerabilities: z25.object({
6522
+ aggregate: z25.object({
6523
+ count: z25.number()
7195
6524
  })
7196
6525
  }),
7197
- irrelevantVulnerabilityReportIssue: z26.array(
6526
+ irrelevantVulnerabilityReportIssue: z25.array(
7198
6527
  VulnerabilityReportIssueNoFixCodeNodeZ
7199
6528
  )
7200
6529
  });
@@ -7261,6 +6590,22 @@ var GQLClient = class {
7261
6590
  });
7262
6591
  this._clientSdk = getSdk(this._client);
7263
6592
  }
6593
+ // Fetch the analyzer-owned issue-type catalog once and hydrate the shared
6594
+ // in-memory cache so the synchronous display helpers serve analyzer labels
6595
+ // and descriptions. NO FALLBACK: a fetch error or an empty response throws so
6596
+ // the CLI fails loudly instead of silently rendering degraded labels.
6597
+ async loadIssueTypeCatalog() {
6598
+ if (isIssueTypeCatalogHydrated()) {
6599
+ return;
6600
+ }
6601
+ const { issueTypes } = await this._clientSdk.IssueTypes();
6602
+ if (issueTypes.length === 0) {
6603
+ throw new Error(
6604
+ "Issue-type catalog is empty: the issueTypes query returned no entries"
6605
+ );
6606
+ }
6607
+ hydrateIssueTypeCatalog(issueTypes);
6608
+ }
7264
6609
  async getUserInfo() {
7265
6610
  const { me } = await this._clientSdk.Me();
7266
6611
  return me;
@@ -8478,8 +7823,8 @@ var defaultLogger2 = {
8478
7823
  }
8479
7824
  }
8480
7825
  };
8481
- var PromptItemZ = z27.object({
8482
- type: z27.enum([
7826
+ var PromptItemZ = z26.object({
7827
+ type: z26.enum([
8483
7828
  "USER_PROMPT",
8484
7829
  "AI_RESPONSE",
8485
7830
  "TOOL_EXECUTION",
@@ -8487,32 +7832,32 @@ var PromptItemZ = z27.object({
8487
7832
  "MCP_TOOL_CALL"
8488
7833
  // MCP (Model Context Protocol) tool invocation
8489
7834
  ]),
8490
- attachedFiles: z27.array(
8491
- z27.object({
8492
- relativePath: z27.string(),
8493
- startLine: z27.number().optional()
7835
+ attachedFiles: z26.array(
7836
+ z26.object({
7837
+ relativePath: z26.string(),
7838
+ startLine: z26.number().optional()
8494
7839
  })
8495
7840
  ).optional(),
8496
- tokens: z27.object({
8497
- inputCount: z27.number(),
8498
- outputCount: z27.number()
7841
+ tokens: z26.object({
7842
+ inputCount: z26.number(),
7843
+ outputCount: z26.number()
8499
7844
  }).optional(),
8500
- text: z27.string().optional(),
8501
- date: z27.date().optional(),
8502
- tool: z27.object({
8503
- name: z27.string(),
8504
- parameters: z27.string(),
8505
- result: z27.string(),
8506
- rawArguments: z27.string().optional(),
8507
- accepted: z27.boolean().optional(),
7845
+ text: z26.string().optional(),
7846
+ date: z26.date().optional(),
7847
+ tool: z26.object({
7848
+ name: z26.string(),
7849
+ parameters: z26.string(),
7850
+ result: z26.string(),
7851
+ rawArguments: z26.string().optional(),
7852
+ accepted: z26.boolean().optional(),
8508
7853
  // MCP-specific fields (only populated for MCP_TOOL_CALL type)
8509
- mcpServer: z27.string().optional(),
7854
+ mcpServer: z26.string().optional(),
8510
7855
  // MCP server name (e.g., "datadog", "mobb-mcp")
8511
- mcpToolName: z27.string().optional()
7856
+ mcpToolName: z26.string().optional()
8512
7857
  // MCP tool name without prefix (e.g., "scan_and_fix_vulnerabilities")
8513
7858
  }).optional()
8514
7859
  });
8515
- var PromptItemArrayZ = z27.array(PromptItemZ);
7860
+ var PromptItemArrayZ = z26.array(PromptItemZ);
8516
7861
  var NULL_REPO_STATE = {
8517
7862
  repositoryUrl: null,
8518
7863
  branch: null,