mobbdev 1.4.30 → 1.4.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/args/commands/upload_ai_blame.mjs +399 -1054
- package/dist/index.mjs +1178 -1749
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -150,7 +150,7 @@ function getSdk(client, withWrapper = defaultWrapper) {
|
|
|
150
150
|
}
|
|
151
151
|
};
|
|
152
152
|
}
|
|
153
|
-
var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum,
|
|
153
|
+
var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixWithAnswersDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, LogMvsEventDocument, GetMvsProjectDocument, IssueTypesDocument, defaultWrapper;
|
|
154
154
|
var init_client_generates = __esm({
|
|
155
155
|
"src/features/analysis/scm/generates/client_generates.ts"() {
|
|
156
156
|
"use strict";
|
|
@@ -237,160 +237,6 @@ var init_client_generates = __esm({
|
|
|
237
237
|
IssueLanguage_Enum2["Yaml"] = "YAML";
|
|
238
238
|
return IssueLanguage_Enum2;
|
|
239
239
|
})(IssueLanguage_Enum || {});
|
|
240
|
-
IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
241
|
-
IssueType_Enum2["ActionNotPinnedToCommitSha"] = "ACTION_NOT_PINNED_TO_COMMIT_SHA";
|
|
242
|
-
IssueType_Enum2["AutoEscapeFalse"] = "AUTO_ESCAPE_FALSE";
|
|
243
|
-
IssueType_Enum2["AvoidBuiltinShadowing"] = "AVOID_BUILTIN_SHADOWING";
|
|
244
|
-
IssueType_Enum2["AvoidIdentityComparisonCachedTypes"] = "AVOID_IDENTITY_COMPARISON_CACHED_TYPES";
|
|
245
|
-
IssueType_Enum2["AwsDynamodbPointInTimeRecoveryDisabled"] = "AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED";
|
|
246
|
-
IssueType_Enum2["BufferOverflow"] = "BUFFER_OVERFLOW";
|
|
247
|
-
IssueType_Enum2["ClientDomStoredCodeInjection"] = "CLIENT_DOM_STORED_CODE_INJECTION";
|
|
248
|
-
IssueType_Enum2["CmDi"] = "CMDi";
|
|
249
|
-
IssueType_Enum2["CmDiRelativePathCommand"] = "CMDi_relative_path_command";
|
|
250
|
-
IssueType_Enum2["CodeInComment"] = "CODE_IN_COMMENT";
|
|
251
|
-
IssueType_Enum2["ConfusingNaming"] = "CONFUSING_NAMING";
|
|
252
|
-
IssueType_Enum2["CredentialDisclosure"] = "CREDENTIAL_DISCLOSURE";
|
|
253
|
-
IssueType_Enum2["Csrf"] = "CSRF";
|
|
254
|
-
IssueType_Enum2["DangerousFunctionOverflow"] = "DANGEROUS_FUNCTION_OVERFLOW";
|
|
255
|
-
IssueType_Enum2["DeadCodeUnusedField"] = "DEAD_CODE_UNUSED_FIELD";
|
|
256
|
-
IssueType_Enum2["DebugEnabled"] = "DEBUG_ENABLED";
|
|
257
|
-
IssueType_Enum2["DeclareVariableExplicitly"] = "DECLARE_VARIABLE_EXPLICITLY";
|
|
258
|
-
IssueType_Enum2["DefaultRightsInObjDefinition"] = "DEFAULT_RIGHTS_IN_OBJ_DEFINITION";
|
|
259
|
-
IssueType_Enum2["DeprecatedFunction"] = "DEPRECATED_FUNCTION";
|
|
260
|
-
IssueType_Enum2["DjangoBlankFieldNeedsNullOrDefault"] = "DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT";
|
|
261
|
-
IssueType_Enum2["DosStringBuilder"] = "DOS_STRING_BUILDER";
|
|
262
|
-
IssueType_Enum2["DoNotRaiseException"] = "DO_NOT_RAISE_EXCEPTION";
|
|
263
|
-
IssueType_Enum2["DoNotThrowGenericException"] = "DO_NOT_THROW_GENERIC_EXCEPTION";
|
|
264
|
-
IssueType_Enum2["DuplicatedStrings"] = "DUPLICATED_STRINGS";
|
|
265
|
-
IssueType_Enum2["ErroneousStringCompare"] = "ERRONEOUS_STRING_COMPARE";
|
|
266
|
-
IssueType_Enum2["ErrorCondtionWithoutAction"] = "ERROR_CONDTION_WITHOUT_ACTION";
|
|
267
|
-
IssueType_Enum2["ExcessiveSecretsExposure"] = "EXCESSIVE_SECRETS_EXPOSURE";
|
|
268
|
-
IssueType_Enum2["FrameableLoginPage"] = "FRAMEABLE_LOGIN_PAGE";
|
|
269
|
-
IssueType_Enum2["FunctionCallWithoutParentheses"] = "FUNCTION_CALL_WITHOUT_PARENTHESES";
|
|
270
|
-
IssueType_Enum2["GhActionsShellInjection"] = "GH_ACTIONS_SHELL_INJECTION";
|
|
271
|
-
IssueType_Enum2["GraphqlDepthLimit"] = "GRAPHQL_DEPTH_LIMIT";
|
|
272
|
-
IssueType_Enum2["HardcodedDomainInHtml"] = "HARDCODED_DOMAIN_IN_HTML";
|
|
273
|
-
IssueType_Enum2["HardcodedSecrets"] = "HARDCODED_SECRETS";
|
|
274
|
-
IssueType_Enum2["HeaderManipulation"] = "HEADER_MANIPULATION";
|
|
275
|
-
IssueType_Enum2["HeapInspection"] = "HEAP_INSPECTION";
|
|
276
|
-
IssueType_Enum2["HtmlCommentInJsp"] = "HTML_COMMENT_IN_JSP";
|
|
277
|
-
IssueType_Enum2["HttpOnlyCookie"] = "HTTP_ONLY_COOKIE";
|
|
278
|
-
IssueType_Enum2["HttpParameterPollution"] = "HTTP_PARAMETER_POLLUTION";
|
|
279
|
-
IssueType_Enum2["HttpResponseSplitting"] = "HTTP_RESPONSE_SPLITTING";
|
|
280
|
-
IssueType_Enum2["IframeWithoutSandbox"] = "IFRAME_WITHOUT_SANDBOX";
|
|
281
|
-
IssueType_Enum2["ImproperCertificateValidation"] = "IMPROPER_CERTIFICATE_VALIDATION";
|
|
282
|
-
IssueType_Enum2["ImproperExceptionHandling"] = "IMPROPER_EXCEPTION_HANDLING";
|
|
283
|
-
IssueType_Enum2["ImproperResourceShutdownOrRelease"] = "IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE";
|
|
284
|
-
IssueType_Enum2["ImproperStringFormatting"] = "IMPROPER_STRING_FORMATTING";
|
|
285
|
-
IssueType_Enum2["ImproperValidationOfArrayIndex"] = "IMPROPER_VALIDATION_OF_ARRAY_INDEX";
|
|
286
|
-
IssueType_Enum2["IncompleteHostnameRegex"] = "INCOMPLETE_HOSTNAME_REGEX";
|
|
287
|
-
IssueType_Enum2["IncompleteSanitization"] = "INCOMPLETE_SANITIZATION";
|
|
288
|
-
IssueType_Enum2["IncompleteUrlSanitization"] = "INCOMPLETE_URL_SANITIZATION";
|
|
289
|
-
IssueType_Enum2["IncompleteUrlSchemeCheck"] = "INCOMPLETE_URL_SCHEME_CHECK";
|
|
290
|
-
IssueType_Enum2["IncorrectIntegerConversion"] = "INCORRECT_INTEGER_CONVERSION";
|
|
291
|
-
IssueType_Enum2["IncorrectSqlApiUsage"] = "INCORRECT_SQL_API_USAGE";
|
|
292
|
-
IssueType_Enum2["InformationExposureViaHeaders"] = "INFORMATION_EXPOSURE_VIA_HEADERS";
|
|
293
|
-
IssueType_Enum2["InsecureBinderConfiguration"] = "INSECURE_BINDER_CONFIGURATION";
|
|
294
|
-
IssueType_Enum2["InsecureCookie"] = "INSECURE_COOKIE";
|
|
295
|
-
IssueType_Enum2["InsecureDeserialization"] = "INSECURE_DESERIALIZATION";
|
|
296
|
-
IssueType_Enum2["InsecurePostmessage"] = "INSECURE_POSTMESSAGE";
|
|
297
|
-
IssueType_Enum2["InsecureRandomness"] = "INSECURE_RANDOMNESS";
|
|
298
|
-
IssueType_Enum2["InsecureTmpFile"] = "INSECURE_TMP_FILE";
|
|
299
|
-
IssueType_Enum2["InsecureUuidVersion"] = "INSECURE_UUID_VERSION";
|
|
300
|
-
IssueType_Enum2["InsufficientLogging"] = "INSUFFICIENT_LOGGING";
|
|
301
|
-
IssueType_Enum2["J2EeGetConnection"] = "J2EE_GET_CONNECTION";
|
|
302
|
-
IssueType_Enum2["JqueryDeprecatedSymbols"] = "JQUERY_DEPRECATED_SYMBOLS";
|
|
303
|
-
IssueType_Enum2["JwtDecodeWithoutVerify"] = "JWT_DECODE_WITHOUT_VERIFY";
|
|
304
|
-
IssueType_Enum2["LeftoverDebugCode"] = "LEFTOVER_DEBUG_CODE";
|
|
305
|
-
IssueType_Enum2["LocaleDependentComparison"] = "LOCALE_DEPENDENT_COMPARISON";
|
|
306
|
-
IssueType_Enum2["LogForging"] = "LOG_FORGING";
|
|
307
|
-
IssueType_Enum2["MissingAntiforgeryValidation"] = "MISSING_ANTIFORGERY_VALIDATION";
|
|
308
|
-
IssueType_Enum2["MissingCheckAgainstNull"] = "MISSING_CHECK_AGAINST_NULL";
|
|
309
|
-
IssueType_Enum2["MissingCspHeader"] = "MISSING_CSP_HEADER";
|
|
310
|
-
IssueType_Enum2["MissingEncodingFileOpen"] = "MISSING_ENCODING_FILE_OPEN";
|
|
311
|
-
IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
|
|
312
|
-
IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
|
|
313
|
-
IssueType_Enum2["MissingSslMinversion"] = "MISSING_SSL_MINVERSION";
|
|
314
|
-
IssueType_Enum2["MissingTemplateStringIndicator"] = "MISSING_TEMPLATE_STRING_INDICATOR";
|
|
315
|
-
IssueType_Enum2["MissingUser"] = "MISSING_USER";
|
|
316
|
-
IssueType_Enum2["MissingWhitespace"] = "MISSING_WHITESPACE";
|
|
317
|
-
IssueType_Enum2["MissingWorkflowPermissions"] = "MISSING_WORKFLOW_PERMISSIONS";
|
|
318
|
-
IssueType_Enum2["MissingXFrameOptions"] = "MISSING_X_FRAME_OPTIONS";
|
|
319
|
-
IssueType_Enum2["ModifiedDefaultParam"] = "MODIFIED_DEFAULT_PARAM";
|
|
320
|
-
IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
|
|
321
|
-
IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
|
|
322
|
-
IssueType_Enum2["NoAssert"] = "NO_ASSERT";
|
|
323
|
-
IssueType_Enum2["NoEquivalenceMethod"] = "NO_EQUIVALENCE_METHOD";
|
|
324
|
-
IssueType_Enum2["NoLimitsOrThrottling"] = "NO_LIMITS_OR_THROTTLING";
|
|
325
|
-
IssueType_Enum2["NoNestedTry"] = "NO_NESTED_TRY";
|
|
326
|
-
IssueType_Enum2["NoNewPrivileges"] = "NO_NEW_PRIVILEGES";
|
|
327
|
-
IssueType_Enum2["NoOpOverhead"] = "NO_OP_OVERHEAD";
|
|
328
|
-
IssueType_Enum2["NoPrintStatement"] = "NO_PRINT_STATEMENT";
|
|
329
|
-
IssueType_Enum2["NoReturnInFinally"] = "NO_RETURN_IN_FINALLY";
|
|
330
|
-
IssueType_Enum2["NoVar"] = "NO_VAR";
|
|
331
|
-
IssueType_Enum2["NullDereference"] = "NULL_DEREFERENCE";
|
|
332
|
-
IssueType_Enum2["OftenMisusedBooleanGetBoolean"] = "OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN";
|
|
333
|
-
IssueType_Enum2["OpenRedirect"] = "OPEN_REDIRECT";
|
|
334
|
-
IssueType_Enum2["OverlyBroadCatch"] = "OVERLY_BROAD_CATCH";
|
|
335
|
-
IssueType_Enum2["OverlyLargeRange"] = "OVERLY_LARGE_RANGE";
|
|
336
|
-
IssueType_Enum2["PasswordInComment"] = "PASSWORD_IN_COMMENT";
|
|
337
|
-
IssueType_Enum2["PoorErrorHandlingEmptyCatchBlock"] = "POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK";
|
|
338
|
-
IssueType_Enum2["PortAllInterfaces"] = "PORT_ALL_INTERFACES";
|
|
339
|
-
IssueType_Enum2["PrivacyViolation"] = "PRIVACY_VIOLATION";
|
|
340
|
-
IssueType_Enum2["PrototypePollution"] = "PROTOTYPE_POLLUTION";
|
|
341
|
-
IssueType_Enum2["Pt"] = "PT";
|
|
342
|
-
IssueType_Enum2["RaceConditionFormatFlaw"] = "RACE_CONDITION_FORMAT_FLAW";
|
|
343
|
-
IssueType_Enum2["Redos"] = "REDOS";
|
|
344
|
-
IssueType_Enum2["RedundantCondition"] = "REDUNDANT_CONDITION";
|
|
345
|
-
IssueType_Enum2["RedundantNilErrorCheck"] = "REDUNDANT_NIL_ERROR_CHECK";
|
|
346
|
-
IssueType_Enum2["RegexInjection"] = "REGEX_INJECTION";
|
|
347
|
-
IssueType_Enum2["RegexMissingTimeout"] = "REGEX_MISSING_TIMEOUT";
|
|
348
|
-
IssueType_Enum2["RequestParametersBoundViaInput"] = "REQUEST_PARAMETERS_BOUND_VIA_INPUT";
|
|
349
|
-
IssueType_Enum2["ReturnInInit"] = "RETURN_IN_INIT";
|
|
350
|
-
IssueType_Enum2["ReturnShouldNotBeInvariant"] = "RETURN_SHOULD_NOT_BE_INVARIANT";
|
|
351
|
-
IssueType_Enum2["SpringDefaultPermit"] = "SPRING_DEFAULT_PERMIT";
|
|
352
|
-
IssueType_Enum2["SqlInjection"] = "SQL_Injection";
|
|
353
|
-
IssueType_Enum2["Ssrf"] = "SSRF";
|
|
354
|
-
IssueType_Enum2["StringFormatMisuse"] = "STRING_FORMAT_MISUSE";
|
|
355
|
-
IssueType_Enum2["StringTerminationError"] = "STRING_TERMINATION_ERROR";
|
|
356
|
-
IssueType_Enum2["SystemExitShouldReraise"] = "SYSTEM_EXIT_SHOULD_RERAISE";
|
|
357
|
-
IssueType_Enum2["SystemInformationLeak"] = "SYSTEM_INFORMATION_LEAK";
|
|
358
|
-
IssueType_Enum2["SystemInformationLeakExternal"] = "SYSTEM_INFORMATION_LEAK_EXTERNAL";
|
|
359
|
-
IssueType_Enum2["TaintedNumericCast"] = "TAINTED_NUMERIC_CAST";
|
|
360
|
-
IssueType_Enum2["TarSlip"] = "TAR_SLIP";
|
|
361
|
-
IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
|
|
362
|
-
IssueType_Enum2["TypeConfusion"] = "TYPE_CONFUSION";
|
|
363
|
-
IssueType_Enum2["UncheckedLoopCondition"] = "UNCHECKED_LOOP_CONDITION";
|
|
364
|
-
IssueType_Enum2["UncheckedReturnValue"] = "UNCHECKED_RETURN_VALUE";
|
|
365
|
-
IssueType_Enum2["UnencryptedAwsSqsQueue"] = "UNENCRYPTED_AWS_SQS_QUEUE";
|
|
366
|
-
IssueType_Enum2["UnnecessaryImports"] = "UNNECESSARY_IMPORTS";
|
|
367
|
-
IssueType_Enum2["UnsafeDeserialization"] = "UNSAFE_DESERIALIZATION";
|
|
368
|
-
IssueType_Enum2["UnsafeReflection"] = "UNSAFE_REFLECTION";
|
|
369
|
-
IssueType_Enum2["UnsafeTargetBlank"] = "UNSAFE_TARGET_BLANK";
|
|
370
|
-
IssueType_Enum2["UnsafeWebThread"] = "UNSAFE_WEB_THREAD";
|
|
371
|
-
IssueType_Enum2["UnvalidatedPublicMethodArgument"] = "UNVALIDATED_PUBLIC_METHOD_ARGUMENT";
|
|
372
|
-
IssueType_Enum2["UselessIfBody"] = "USELESS_IF_BODY";
|
|
373
|
-
IssueType_Enum2["UselessRegexpCharEscape"] = "USELESS_REGEXP_CHAR_ESCAPE";
|
|
374
|
-
IssueType_Enum2["UselessTernary"] = "USELESS_TERNARY";
|
|
375
|
-
IssueType_Enum2["UseOfHardCodedCryptographicKey"] = "USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY";
|
|
376
|
-
IssueType_Enum2["UseOfSystemOutputStream"] = "USE_OF_SYSTEM_OUTPUT_STREAM";
|
|
377
|
-
IssueType_Enum2["UseRaiseForStatus"] = "USE_RAISE_FOR_STATUS";
|
|
378
|
-
IssueType_Enum2["UseSysExit"] = "USE_SYS_EXIT";
|
|
379
|
-
IssueType_Enum2["UseTimeout"] = "USE_TIMEOUT";
|
|
380
|
-
IssueType_Enum2["ValueNeverRead"] = "VALUE_NEVER_READ";
|
|
381
|
-
IssueType_Enum2["ValueShadowing"] = "VALUE_SHADOWING";
|
|
382
|
-
IssueType_Enum2["WcfMisconfigurationInsufficientLogging"] = "WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING";
|
|
383
|
-
IssueType_Enum2["WcfMisconfigurationThrottlingNotEnabled"] = "WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED";
|
|
384
|
-
IssueType_Enum2["WeakEncryption"] = "WEAK_ENCRYPTION";
|
|
385
|
-
IssueType_Enum2["WeakXmlSchemaUnboundedOccurrences"] = "WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES";
|
|
386
|
-
IssueType_Enum2["WebsocketMissingOriginCheck"] = "WEBSOCKET_MISSING_ORIGIN_CHECK";
|
|
387
|
-
IssueType_Enum2["WildcardImports"] = "WILDCARD_IMPORTS";
|
|
388
|
-
IssueType_Enum2["WritableFilesystemService"] = "WRITABLE_FILESYSTEM_SERVICE";
|
|
389
|
-
IssueType_Enum2["Xss"] = "XSS";
|
|
390
|
-
IssueType_Enum2["Xxe"] = "XXE";
|
|
391
|
-
IssueType_Enum2["ZipSlip"] = "ZIP_SLIP";
|
|
392
|
-
return IssueType_Enum2;
|
|
393
|
-
})(IssueType_Enum || {});
|
|
394
240
|
Pr_Status_Enum = /* @__PURE__ */ ((Pr_Status_Enum2) => {
|
|
395
241
|
Pr_Status_Enum2["Active"] = "ACTIVE";
|
|
396
242
|
Pr_Status_Enum2["Closed"] = "CLOSED";
|
|
@@ -1419,12 +1265,21 @@ var init_client_generates = __esm({
|
|
|
1419
1265
|
});
|
|
1420
1266
|
|
|
1421
1267
|
// src/features/analysis/scm/shared/src/issueTypeCatalog.ts
|
|
1268
|
+
function hydrateIssueTypeCatalog(entries) {
|
|
1269
|
+
catalog = new Map(entries.map((entry) => [entry.value, entry]));
|
|
1270
|
+
}
|
|
1271
|
+
function isIssueTypeCatalogHydrated() {
|
|
1272
|
+
return catalog !== null;
|
|
1273
|
+
}
|
|
1422
1274
|
function getIssueTypeCatalogEntry(value) {
|
|
1423
1275
|
if (!catalog || !value) {
|
|
1424
1276
|
return void 0;
|
|
1425
1277
|
}
|
|
1426
1278
|
return catalog.get(value);
|
|
1427
1279
|
}
|
|
1280
|
+
function listIssueTypeCatalog() {
|
|
1281
|
+
return catalog ? [...catalog.values()] : [];
|
|
1282
|
+
}
|
|
1428
1283
|
var catalog;
|
|
1429
1284
|
var init_issueTypeCatalog = __esm({
|
|
1430
1285
|
"src/features/analysis/scm/shared/src/issueTypeCatalog.ts"() {
|
|
@@ -1471,176 +1326,19 @@ function getParsedFalsePositiveMessage(data) {
|
|
|
1471
1326
|
const contextString = containsTemplate ? null : `\`\`\`${extraContext.map(({ value }) => value).join(" ")} \`\`\``;
|
|
1472
1327
|
return { description, contextString };
|
|
1473
1328
|
}
|
|
1474
|
-
var
|
|
1329
|
+
var SafeIssueTypeStringZ, getIssueTypeFriendlyString, statusMap, statusZ, issueDescription;
|
|
1475
1330
|
var init_getIssueType = __esm({
|
|
1476
1331
|
"src/features/analysis/scm/shared/src/getIssueType.ts"() {
|
|
1477
1332
|
"use strict";
|
|
1478
1333
|
init_client_generates();
|
|
1479
1334
|
init_issueTypeCatalog();
|
|
1480
|
-
|
|
1481
|
-
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: "Missing Rate Limiting",
|
|
1482
|
-
["SQL_Injection" /* SqlInjection */]: "SQL Injection",
|
|
1483
|
-
["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: "Relative Path Command Injection",
|
|
1484
|
-
["CMDi" /* CmDi */]: "Command Injection",
|
|
1485
|
-
["CONFUSING_NAMING" /* ConfusingNaming */]: "Confusing Naming",
|
|
1486
|
-
["XXE" /* Xxe */]: "XXE",
|
|
1487
|
-
["XSS" /* Xss */]: "XSS",
|
|
1488
|
-
["PT" /* Pt */]: "Path Traversal",
|
|
1489
|
-
["ZIP_SLIP" /* ZipSlip */]: "Zip Slip",
|
|
1490
|
-
["INSECURE_RANDOMNESS" /* InsecureRandomness */]: "Insecure Randomness",
|
|
1491
|
-
["SSRF" /* Ssrf */]: "Server Side Request Forgery",
|
|
1492
|
-
["TYPE_CONFUSION" /* TypeConfusion */]: "Type Confusion",
|
|
1493
|
-
["REGEX_INJECTION" /* RegexInjection */]: "Regular Expression Injection",
|
|
1494
|
-
["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: "Incomplete URL Sanitization",
|
|
1495
|
-
["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: "Locale Dependent Comparison",
|
|
1496
|
-
["LOG_FORGING" /* LogForging */]: "Log Forging",
|
|
1497
|
-
["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: "Missing Check against Null",
|
|
1498
|
-
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: "Password in Comment",
|
|
1499
|
-
["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: "Poor Error Handling: Overly Broad Catch",
|
|
1500
|
-
["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: "Use of System.out/System.err",
|
|
1501
|
-
["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: "Use of dangerous function",
|
|
1502
|
-
["DOS_STRING_BUILDER" /* DosStringBuilder */]: "Denial of Service: StringBuilder",
|
|
1503
|
-
["OPEN_REDIRECT" /* OpenRedirect */]: "Open Redirect",
|
|
1504
|
-
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: "Weak XML Schema: Unbounded Occurrences",
|
|
1505
|
-
["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: "System Information Leak",
|
|
1506
|
-
["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: "External System Information Leak",
|
|
1507
|
-
["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: "HTTP response splitting",
|
|
1508
|
-
["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: "Cookie is not HttpOnly",
|
|
1509
|
-
["INSECURE_COOKIE" /* InsecureCookie */]: "Insecure Cookie",
|
|
1510
|
-
["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: "Trust Boundary Violation",
|
|
1511
|
-
["NULL_DEREFERENCE" /* NullDereference */]: "Null Dereference",
|
|
1512
|
-
["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: "Unsafe deserialization",
|
|
1513
|
-
["UNSAFE_REFLECTION" /* UnsafeReflection */]: "Unsafe Reflection",
|
|
1514
|
-
["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: "Insecure Binder Configuration",
|
|
1515
|
-
["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: "Unsafe use of target blank",
|
|
1516
|
-
["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: "Client use of iframe without sandbox",
|
|
1517
|
-
["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: "jQuery deprecated symbols",
|
|
1518
|
-
["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: "Missing Anti-Forgery Validation",
|
|
1519
|
-
["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: "GraphQL Depth Limit",
|
|
1520
|
-
["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: "Unchecked Loop Condition",
|
|
1521
|
-
["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: "Improper Resource Shutdown or Release",
|
|
1522
|
-
["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: "Improper Exception Handling",
|
|
1523
|
-
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: "Default Definer Rights in Package or Object Definition",
|
|
1524
|
-
["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: "HTML Comment in JSP",
|
|
1525
|
-
["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: "Error Condition Without Action",
|
|
1526
|
-
["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: "Deprecated Function",
|
|
1527
|
-
["HARDCODED_SECRETS" /* HardcodedSecrets */]: "Hardcoded Secrets",
|
|
1528
|
-
["PROTOTYPE_POLLUTION" /* PrototypePollution */]: "Prototype Pollution",
|
|
1529
|
-
["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: "Race Condition Format Flaw",
|
|
1530
|
-
["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: "Non-final Public Static Field",
|
|
1531
|
-
["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: "Missing HSTS Header",
|
|
1532
|
-
["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: "Dead Code: Unused Field",
|
|
1533
|
-
["HEADER_MANIPULATION" /* HeaderManipulation */]: "Header Manipulation",
|
|
1534
|
-
["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: "Missing equals or hashcode method",
|
|
1535
|
-
["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: "WCF Misconfiguration: Insufficient Logging",
|
|
1536
|
-
["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: "WCF Misconfiguration: Throttling Not Enabled",
|
|
1537
|
-
["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: "Useless regular-expression character escape",
|
|
1538
|
-
["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: "Incomplete Hostname Regex",
|
|
1539
|
-
["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: "Regex: Overly Large Range",
|
|
1540
|
-
["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: "Insufficient Logging of Sensitive Operations",
|
|
1541
|
-
["PRIVACY_VIOLATION" /* PrivacyViolation */]: "Privacy Violation",
|
|
1542
|
-
["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: "Incomplete URL Scheme Check",
|
|
1543
|
-
["VALUE_NEVER_READ" /* ValueNeverRead */]: "Value Never Read",
|
|
1544
|
-
["VALUE_SHADOWING" /* ValueShadowing */]: "Value Shadowing",
|
|
1545
|
-
["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: "Class Does Not Implement Equivalence Method",
|
|
1546
|
-
["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: "Information Exposure via Headers",
|
|
1547
|
-
["DEBUG_ENABLED" /* DebugEnabled */]: "Debug Enabled",
|
|
1548
|
-
["J2EE_GET_CONNECTION" /* J2EeGetConnection */]: "J2EE Bad Practices: getConnection()",
|
|
1549
|
-
["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: "Leftover Debug Code",
|
|
1550
|
-
["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: "Poor Error Handling: Empty Catch Block",
|
|
1551
|
-
["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: "Erroneous String Compare",
|
|
1552
|
-
["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: "Unvalidated Public Method Argument",
|
|
1553
|
-
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False",
|
|
1554
|
-
["MISSING_CSP_HEADER" /* MissingCspHeader */]: "Missing CSP Header",
|
|
1555
|
-
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML",
|
|
1556
|
-
["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection",
|
|
1557
|
-
["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: "Client Code Injection",
|
|
1558
|
-
["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: "String Format Misuse",
|
|
1559
|
-
["NON_READONLY_FIELD" /* NonReadonlyField */]: "Non Readonly Field",
|
|
1560
|
-
["CSRF" /* Csrf */]: "Cross-Site Request Forgery (CSRF)",
|
|
1561
|
-
["WEAK_ENCRYPTION" /* WeakEncryption */]: "Weak Encryption Mechanism",
|
|
1562
|
-
["CODE_IN_COMMENT" /* CodeInComment */]: "Code in Comment",
|
|
1563
|
-
["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: "Regex Missing Timeout",
|
|
1564
|
-
["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: "Frameable Login Page",
|
|
1565
|
-
["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: "Use of Hardcoded Cryptographic Key",
|
|
1566
|
-
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: "Missing SSL MinVersion",
|
|
1567
|
-
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: "Missing Websocket Origin Check",
|
|
1568
|
-
["DUPLICATED_STRINGS" /* DuplicatedStrings */]: "String Literals Should not Be Duplicated",
|
|
1569
|
-
["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: "Insecure UUID Version",
|
|
1570
|
-
["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: "GitHub Actions Shell Injection",
|
|
1571
|
-
["MODIFIED_DEFAULT_PARAM" /* ModifiedDefaultParam */]: "Modified Default Param",
|
|
1572
|
-
["UNSAFE_WEB_THREAD" /* UnsafeWebThread */]: "Unsafe Web Thread",
|
|
1573
|
-
["NO_VAR" /* NoVar */]: 'Prefer "let" or "const"',
|
|
1574
|
-
["INSECURE_TMP_FILE" /* InsecureTmpFile */]: "Insecure Temporary File",
|
|
1575
|
-
["RETURN_SHOULD_NOT_BE_INVARIANT" /* ReturnShouldNotBeInvariant */]: "Return Should Not Be Invariant",
|
|
1576
|
-
["SYSTEM_EXIT_SHOULD_RERAISE" /* SystemExitShouldReraise */]: "SystemExit Should Reraise",
|
|
1577
|
-
["NO_RETURN_IN_FINALLY" /* NoReturnInFinally */]: "No Return in Finally Block",
|
|
1578
|
-
["WILDCARD_IMPORTS" /* WildcardImports */]: "Wildcard Imports should not be used",
|
|
1579
|
-
["AVOID_IDENTITY_COMPARISON_CACHED_TYPES" /* AvoidIdentityComparisonCachedTypes */]: "Avoid Identity Comparison of Cached Types",
|
|
1580
|
-
["AVOID_BUILTIN_SHADOWING" /* AvoidBuiltinShadowing */]: "Avoid Builtin Shadowing",
|
|
1581
|
-
["IMPROPER_STRING_FORMATTING" /* ImproperStringFormatting */]: "Improper String Formatting",
|
|
1582
|
-
["TAR_SLIP" /* TarSlip */]: "Tar Slip",
|
|
1583
|
-
["MISSING_WHITESPACE" /* MissingWhitespace */]: "Missing Whitespace",
|
|
1584
|
-
["NO_PRINT_STATEMENT" /* NoPrintStatement */]: 'Python 2 "print" Statement Is Obsolete',
|
|
1585
|
-
["NO_OP_OVERHEAD" /* NoOpOverhead */]: "Expensive Arguments in Conditional Methods",
|
|
1586
|
-
["DO_NOT_RAISE_EXCEPTION" /* DoNotRaiseException */]: "Do Not Raise Exception",
|
|
1587
|
-
["DECLARE_VARIABLE_EXPLICITLY" /* DeclareVariableExplicitly */]: "Declare Variable Explicitly",
|
|
1588
|
-
["NO_NESTED_TRY" /* NoNestedTry */]: "No Nested Try",
|
|
1589
|
-
["UNNECESSARY_IMPORTS" /* UnnecessaryImports */]: "Unnecessary Imports",
|
|
1590
|
-
["REDOS" /* Redos */]: "Regular Expression Denial of Service",
|
|
1591
|
-
["DO_NOT_THROW_GENERIC_EXCEPTION" /* DoNotThrowGenericException */]: "Do Not Throw Generic Exception",
|
|
1592
|
-
["BUFFER_OVERFLOW" /* BufferOverflow */]: "Buffer Overflow",
|
|
1593
|
-
["STRING_TERMINATION_ERROR" /* StringTerminationError */]: "String Termination Error",
|
|
1594
|
-
["HTTP_PARAMETER_POLLUTION" /* HttpParameterPollution */]: "HTTP Parameter Pollution",
|
|
1595
|
-
["INCOMPLETE_SANITIZATION" /* IncompleteSanitization */]: "Incomplete Sanitization",
|
|
1596
|
-
["CREDENTIAL_DISCLOSURE" /* CredentialDisclosure */]: "Credential Disclosure",
|
|
1597
|
-
["INSECURE_POSTMESSAGE" /* InsecurePostmessage */]: "Insecure Postmessage",
|
|
1598
|
-
["MISSING_USER" /* MissingUser */]: "Missing User",
|
|
1599
|
-
["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: "Missing Encoding File Open",
|
|
1600
|
-
["PORT_ALL_INTERFACES" /* PortAllInterfaces */]: "Port All Interfaces",
|
|
1601
|
-
["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: "Writable Filesystem Service",
|
|
1602
|
-
["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: "No New Privileges",
|
|
1603
|
-
["MISSING_TEMPLATE_STRING_INDICATOR" /* MissingTemplateStringIndicator */]: "Missing Template String Indicator",
|
|
1604
|
-
["USELESS_TERNARY" /* UselessTernary */]: "Useless Ternary",
|
|
1605
|
-
["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: "Request Parameters Bound Via Input",
|
|
1606
|
-
["USE_SYS_EXIT" /* UseSysExit */]: "Use Sys Exit",
|
|
1607
|
-
["INCORRECT_SQL_API_USAGE" /* IncorrectSqlApiUsage */]: "Incorrect SQL API Usage",
|
|
1608
|
-
["USE_RAISE_FOR_STATUS" /* UseRaiseForStatus */]: "Use Raise For Status",
|
|
1609
|
-
["USE_TIMEOUT" /* UseTimeout */]: "Use Timeout",
|
|
1610
|
-
["USELESS_IF_BODY" /* UselessIfBody */]: "Useless If Body",
|
|
1611
|
-
["NO_ASSERT" /* NoAssert */]: "No Assert",
|
|
1612
|
-
["FUNCTION_CALL_WITHOUT_PARENTHESES" /* FunctionCallWithoutParentheses */]: "Function Call Without Parentheses",
|
|
1613
|
-
["SPRING_DEFAULT_PERMIT" /* SpringDefaultPermit */]: "Spring Default Permit",
|
|
1614
|
-
["RETURN_IN_INIT" /* ReturnInInit */]: "Return in Init",
|
|
1615
|
-
["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: "Action Not Pinned to Commit Sha",
|
|
1616
|
-
["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
|
|
1617
|
-
["REDUNDANT_CONDITION" /* RedundantCondition */]: "Insider Threat: Redundant Condition",
|
|
1618
|
-
["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
|
|
1619
|
-
["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions",
|
|
1620
|
-
["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure",
|
|
1621
|
-
["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: "Tainted Numeric Cast",
|
|
1622
|
-
["MISSING_X_FRAME_OPTIONS" /* MissingXFrameOptions */]: "Missing X-Frame-Options Header",
|
|
1623
|
-
["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: "Improper Validation of Array Index",
|
|
1624
|
-
["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: "Incorrect Integer Conversion",
|
|
1625
|
-
["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: "Improper Certificate Validation",
|
|
1626
|
-
["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: "Often Misused: Boolean.getBoolean()",
|
|
1627
|
-
["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: "AWS SQS Queue Unencrypted",
|
|
1628
|
-
["INSECURE_DESERIALIZATION" /* InsecureDeserialization */]: "Insecure Deserialization",
|
|
1629
|
-
["AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED" /* AwsDynamodbPointInTimeRecoveryDisabled */]: "AWS DynamoDB Point-in-Time Recovery Disabled",
|
|
1630
|
-
["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: "JWT Decoded Without Signature Verification",
|
|
1631
|
-
["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: "Unchecked Return Value"
|
|
1632
|
-
};
|
|
1633
|
-
issueTypeZ = z.nativeEnum(IssueType_Enum);
|
|
1335
|
+
SafeIssueTypeStringZ = z.string().regex(/^[A-Za-z0-9_]+$/).max(128);
|
|
1634
1336
|
getIssueTypeFriendlyString = (issueType) => {
|
|
1635
1337
|
const fromCatalog = getIssueTypeCatalogEntry(issueType)?.label;
|
|
1636
1338
|
if (fromCatalog) {
|
|
1637
1339
|
return fromCatalog;
|
|
1638
1340
|
}
|
|
1639
|
-
|
|
1640
|
-
if (!issueTypeZParseRes.success) {
|
|
1641
|
-
return issueType ? issueType.replaceAll("_", " ") : "Other";
|
|
1642
|
-
}
|
|
1643
|
-
return issueTypeMap[issueTypeZParseRes.data];
|
|
1341
|
+
return issueType ? issueType.replaceAll("_", " ") : "Other";
|
|
1644
1342
|
};
|
|
1645
1343
|
statusMap = {
|
|
1646
1344
|
["Digested" /* Digested */]: "Digested",
|
|
@@ -1669,26 +1367,26 @@ var init_getIssueType = __esm({
|
|
|
1669
1367
|
});
|
|
1670
1368
|
|
|
1671
1369
|
// src/features/analysis/scm/shared/src/types/shared.ts
|
|
1672
|
-
import { z as
|
|
1370
|
+
import { z as z5 } from "zod";
|
|
1673
1371
|
var ParsedSeverityZ, ScmSubmitFixRequestsZ;
|
|
1674
1372
|
var init_shared = __esm({
|
|
1675
1373
|
"src/features/analysis/scm/shared/src/types/shared.ts"() {
|
|
1676
1374
|
"use strict";
|
|
1677
1375
|
init_client_generates();
|
|
1678
|
-
ParsedSeverityZ =
|
|
1679
|
-
ScmSubmitFixRequestsZ =
|
|
1680
|
-
|
|
1681
|
-
scmSubmitFixRequest:
|
|
1682
|
-
submitFixRequest:
|
|
1683
|
-
createdByUser:
|
|
1684
|
-
email:
|
|
1376
|
+
ParsedSeverityZ = z5.nativeEnum(Vulnerability_Severity_Enum).nullish().transform((i) => i ?? "low" /* Low */);
|
|
1377
|
+
ScmSubmitFixRequestsZ = z5.array(
|
|
1378
|
+
z5.object({
|
|
1379
|
+
scmSubmitFixRequest: z5.object({
|
|
1380
|
+
submitFixRequest: z5.object({
|
|
1381
|
+
createdByUser: z5.object({
|
|
1382
|
+
email: z5.string()
|
|
1685
1383
|
}),
|
|
1686
|
-
targetBranchName:
|
|
1384
|
+
targetBranchName: z5.string().default("")
|
|
1687
1385
|
}),
|
|
1688
|
-
prUrl:
|
|
1689
|
-
prStatus:
|
|
1690
|
-
commitUrl:
|
|
1691
|
-
scmId:
|
|
1386
|
+
prUrl: z5.string().nullable(),
|
|
1387
|
+
prStatus: z5.nativeEnum(Pr_Status_Enum).nullable(),
|
|
1388
|
+
commitUrl: z5.string().nullable(),
|
|
1389
|
+
scmId: z5.string()
|
|
1692
1390
|
})
|
|
1693
1391
|
})
|
|
1694
1392
|
);
|
|
@@ -1696,94 +1394,94 @@ var init_shared = __esm({
|
|
|
1696
1394
|
});
|
|
1697
1395
|
|
|
1698
1396
|
// src/features/analysis/scm/shared/src/types/fix.ts
|
|
1699
|
-
import { z as
|
|
1397
|
+
import { z as z6 } from "zod";
|
|
1700
1398
|
var PackageInfoZ, ManifestActionRequiredZ, ExtraContextInternalZ, FixExtraContextZ, PatchAndQuestionsZ, FixRatingZ, IssueRatingZ, IssueSharedStateZ, FixSharedStateZ, FixQueryZ, FixPartsForFixScreenZ;
|
|
1701
1399
|
var init_fix = __esm({
|
|
1702
1400
|
"src/features/analysis/scm/shared/src/types/fix.ts"() {
|
|
1703
1401
|
"use strict";
|
|
1704
1402
|
init_client_generates();
|
|
1705
1403
|
init_shared();
|
|
1706
|
-
PackageInfoZ =
|
|
1707
|
-
name:
|
|
1708
|
-
version:
|
|
1709
|
-
envName:
|
|
1710
|
-
});
|
|
1711
|
-
ManifestActionRequiredZ =
|
|
1712
|
-
action:
|
|
1713
|
-
language:
|
|
1404
|
+
PackageInfoZ = z6.object({
|
|
1405
|
+
name: z6.string(),
|
|
1406
|
+
version: z6.string(),
|
|
1407
|
+
envName: z6.string().nullable()
|
|
1408
|
+
});
|
|
1409
|
+
ManifestActionRequiredZ = z6.object({
|
|
1410
|
+
action: z6.nativeEnum(ManifestAction),
|
|
1411
|
+
language: z6.nativeEnum(Language),
|
|
1714
1412
|
lib: PackageInfoZ,
|
|
1715
1413
|
typesLib: PackageInfoZ.nullable()
|
|
1716
1414
|
});
|
|
1717
|
-
ExtraContextInternalZ =
|
|
1718
|
-
key:
|
|
1719
|
-
value:
|
|
1720
|
-
|
|
1721
|
-
int:
|
|
1722
|
-
integer:
|
|
1723
|
-
string:
|
|
1724
|
-
date:
|
|
1415
|
+
ExtraContextInternalZ = z6.object({
|
|
1416
|
+
key: z6.string(),
|
|
1417
|
+
value: z6.string().or(z6.boolean()).or(
|
|
1418
|
+
z6.object({
|
|
1419
|
+
int: z6.boolean(),
|
|
1420
|
+
integer: z6.boolean(),
|
|
1421
|
+
string: z6.boolean(),
|
|
1422
|
+
date: z6.boolean()
|
|
1725
1423
|
})
|
|
1726
1424
|
)
|
|
1727
1425
|
});
|
|
1728
|
-
FixExtraContextZ =
|
|
1729
|
-
fixDescription:
|
|
1730
|
-
manifestActionsRequired:
|
|
1731
|
-
extraContext:
|
|
1732
|
-
});
|
|
1733
|
-
PatchAndQuestionsZ =
|
|
1734
|
-
__typename:
|
|
1735
|
-
patch:
|
|
1736
|
-
patchOriginalEncodingBase64:
|
|
1737
|
-
questions:
|
|
1738
|
-
|
|
1739
|
-
name:
|
|
1740
|
-
key:
|
|
1741
|
-
index:
|
|
1742
|
-
defaultValue:
|
|
1743
|
-
value:
|
|
1744
|
-
extraContext:
|
|
1745
|
-
inputType:
|
|
1746
|
-
options:
|
|
1426
|
+
FixExtraContextZ = z6.object({
|
|
1427
|
+
fixDescription: z6.string(),
|
|
1428
|
+
manifestActionsRequired: z6.array(ManifestActionRequiredZ),
|
|
1429
|
+
extraContext: z6.array(ExtraContextInternalZ)
|
|
1430
|
+
});
|
|
1431
|
+
PatchAndQuestionsZ = z6.object({
|
|
1432
|
+
__typename: z6.literal("FixData"),
|
|
1433
|
+
patch: z6.string(),
|
|
1434
|
+
patchOriginalEncodingBase64: z6.string(),
|
|
1435
|
+
questions: z6.array(
|
|
1436
|
+
z6.object({
|
|
1437
|
+
name: z6.string(),
|
|
1438
|
+
key: z6.string(),
|
|
1439
|
+
index: z6.number(),
|
|
1440
|
+
defaultValue: z6.string(),
|
|
1441
|
+
value: z6.string().nullable(),
|
|
1442
|
+
extraContext: z6.array(ExtraContextInternalZ),
|
|
1443
|
+
inputType: z6.nativeEnum(FixQuestionInputType),
|
|
1444
|
+
options: z6.array(z6.string())
|
|
1747
1445
|
})
|
|
1748
1446
|
),
|
|
1749
1447
|
extraContext: FixExtraContextZ
|
|
1750
1448
|
});
|
|
1751
|
-
FixRatingZ =
|
|
1752
|
-
voteScore:
|
|
1753
|
-
fixRatingTag:
|
|
1754
|
-
comment:
|
|
1755
|
-
updatedDate:
|
|
1756
|
-
user:
|
|
1757
|
-
email:
|
|
1758
|
-
name:
|
|
1449
|
+
FixRatingZ = z6.object({
|
|
1450
|
+
voteScore: z6.number(),
|
|
1451
|
+
fixRatingTag: z6.nativeEnum(Fix_Rating_Tag_Enum).nullable().default(null),
|
|
1452
|
+
comment: z6.string().nullable().default(null),
|
|
1453
|
+
updatedDate: z6.string().nullable(),
|
|
1454
|
+
user: z6.object({
|
|
1455
|
+
email: z6.string(),
|
|
1456
|
+
name: z6.string()
|
|
1759
1457
|
})
|
|
1760
1458
|
});
|
|
1761
|
-
IssueRatingZ =
|
|
1762
|
-
voteScore:
|
|
1763
|
-
comment:
|
|
1764
|
-
updatedDate:
|
|
1765
|
-
user:
|
|
1766
|
-
email:
|
|
1767
|
-
name:
|
|
1459
|
+
IssueRatingZ = z6.object({
|
|
1460
|
+
voteScore: z6.number(),
|
|
1461
|
+
comment: z6.string().nullable().default(null),
|
|
1462
|
+
updatedDate: z6.string().nullable(),
|
|
1463
|
+
user: z6.object({
|
|
1464
|
+
email: z6.string(),
|
|
1465
|
+
name: z6.string()
|
|
1768
1466
|
})
|
|
1769
1467
|
});
|
|
1770
|
-
IssueSharedStateZ =
|
|
1771
|
-
id:
|
|
1772
|
-
createdAt:
|
|
1773
|
-
isArchived:
|
|
1774
|
-
ticketIntegrationId:
|
|
1775
|
-
ticketIntegrations:
|
|
1776
|
-
|
|
1777
|
-
url:
|
|
1468
|
+
IssueSharedStateZ = z6.object({
|
|
1469
|
+
id: z6.string(),
|
|
1470
|
+
createdAt: z6.string(),
|
|
1471
|
+
isArchived: z6.boolean(),
|
|
1472
|
+
ticketIntegrationId: z6.string().nullable(),
|
|
1473
|
+
ticketIntegrations: z6.array(
|
|
1474
|
+
z6.object({
|
|
1475
|
+
url: z6.string()
|
|
1778
1476
|
})
|
|
1779
1477
|
),
|
|
1780
|
-
issueRatings:
|
|
1478
|
+
issueRatings: z6.array(IssueRatingZ).default([])
|
|
1781
1479
|
}).nullable();
|
|
1782
|
-
FixSharedStateZ =
|
|
1783
|
-
state:
|
|
1784
|
-
isArchived:
|
|
1480
|
+
FixSharedStateZ = z6.object({
|
|
1481
|
+
state: z6.nativeEnum(Fix_State_Enum),
|
|
1482
|
+
isArchived: z6.boolean(),
|
|
1785
1483
|
scmSubmitFixRequests: ScmSubmitFixRequestsZ,
|
|
1786
|
-
fixRatings:
|
|
1484
|
+
fixRatings: z6.array(FixRatingZ).default([])
|
|
1787
1485
|
}).nullish().transform(
|
|
1788
1486
|
(data) => data ? data : {
|
|
1789
1487
|
state: "Ready" /* Ready */,
|
|
@@ -1792,46 +1490,46 @@ var init_fix = __esm({
|
|
|
1792
1490
|
fixRatings: []
|
|
1793
1491
|
}
|
|
1794
1492
|
);
|
|
1795
|
-
FixQueryZ =
|
|
1796
|
-
__typename:
|
|
1797
|
-
id:
|
|
1493
|
+
FixQueryZ = z6.object({
|
|
1494
|
+
__typename: z6.literal("fix").optional(),
|
|
1495
|
+
id: z6.string().uuid(),
|
|
1798
1496
|
sharedState: FixSharedStateZ,
|
|
1799
|
-
modifiedBy:
|
|
1800
|
-
gitBlameLogin:
|
|
1801
|
-
safeIssueLanguage:
|
|
1802
|
-
safeIssueType:
|
|
1803
|
-
confidence:
|
|
1804
|
-
fixReportId:
|
|
1805
|
-
isExpired:
|
|
1806
|
-
fixFiles:
|
|
1807
|
-
|
|
1808
|
-
fileRepoRelativePath:
|
|
1497
|
+
modifiedBy: z6.string().nullable(),
|
|
1498
|
+
gitBlameLogin: z6.string().nullable(),
|
|
1499
|
+
safeIssueLanguage: z6.string(),
|
|
1500
|
+
safeIssueType: z6.string(),
|
|
1501
|
+
confidence: z6.number(),
|
|
1502
|
+
fixReportId: z6.string().uuid(),
|
|
1503
|
+
isExpired: z6.boolean().default(false),
|
|
1504
|
+
fixFiles: z6.array(
|
|
1505
|
+
z6.object({
|
|
1506
|
+
fileRepoRelativePath: z6.string()
|
|
1809
1507
|
})
|
|
1810
1508
|
),
|
|
1811
|
-
numberOfVulnerabilityIssues:
|
|
1812
|
-
severityText:
|
|
1813
|
-
vulnerabilityReportIssues:
|
|
1814
|
-
|
|
1815
|
-
vendorIssueId:
|
|
1816
|
-
issueLanguage:
|
|
1509
|
+
numberOfVulnerabilityIssues: z6.number(),
|
|
1510
|
+
severityText: z6.nativeEnum(Vulnerability_Severity_Enum),
|
|
1511
|
+
vulnerabilityReportIssues: z6.array(
|
|
1512
|
+
z6.object({
|
|
1513
|
+
vendorIssueId: z6.string(),
|
|
1514
|
+
issueLanguage: z6.string(),
|
|
1817
1515
|
parsedSeverity: ParsedSeverityZ,
|
|
1818
|
-
sharedState:
|
|
1819
|
-
id:
|
|
1820
|
-
isArchived:
|
|
1821
|
-
ticketIntegrationId:
|
|
1516
|
+
sharedState: z6.object({
|
|
1517
|
+
id: z6.string().uuid(),
|
|
1518
|
+
isArchived: z6.boolean(),
|
|
1519
|
+
ticketIntegrationId: z6.string().uuid().nullable()
|
|
1822
1520
|
}).nullable()
|
|
1823
1521
|
})
|
|
1824
1522
|
),
|
|
1825
1523
|
patchAndQuestions: PatchAndQuestionsZ,
|
|
1826
|
-
effortToApplyFix:
|
|
1524
|
+
effortToApplyFix: z6.nativeEnum(Effort_To_Apply_Fix_Enum).nullable()
|
|
1827
1525
|
});
|
|
1828
1526
|
FixPartsForFixScreenZ = FixQueryZ.merge(
|
|
1829
|
-
|
|
1830
|
-
vulnerabilityReportIssues:
|
|
1831
|
-
|
|
1832
|
-
vendorIssueId:
|
|
1833
|
-
issueType:
|
|
1834
|
-
issueLanguage:
|
|
1527
|
+
z6.object({
|
|
1528
|
+
vulnerabilityReportIssues: z6.array(
|
|
1529
|
+
z6.object({
|
|
1530
|
+
vendorIssueId: z6.string(),
|
|
1531
|
+
issueType: z6.string(),
|
|
1532
|
+
issueLanguage: z6.string(),
|
|
1835
1533
|
sharedState: IssueSharedStateZ
|
|
1836
1534
|
})
|
|
1837
1535
|
)
|
|
@@ -1841,24 +1539,24 @@ var init_fix = __esm({
|
|
|
1841
1539
|
});
|
|
1842
1540
|
|
|
1843
1541
|
// src/features/analysis/scm/shared/src/types/analysis.ts
|
|
1844
|
-
import { z as
|
|
1542
|
+
import { z as z7 } from "zod";
|
|
1845
1543
|
var FixPageFixReportZ;
|
|
1846
1544
|
var init_analysis = __esm({
|
|
1847
1545
|
"src/features/analysis/scm/shared/src/types/analysis.ts"() {
|
|
1848
1546
|
"use strict";
|
|
1849
1547
|
init_client_generates();
|
|
1850
1548
|
init_client_generates();
|
|
1851
|
-
FixPageFixReportZ =
|
|
1852
|
-
id:
|
|
1853
|
-
analysisUrl:
|
|
1854
|
-
createdOn:
|
|
1855
|
-
state:
|
|
1856
|
-
repo:
|
|
1857
|
-
name:
|
|
1858
|
-
originalUrl:
|
|
1859
|
-
reference:
|
|
1860
|
-
commitSha:
|
|
1861
|
-
isKnownBranch:
|
|
1549
|
+
FixPageFixReportZ = z7.object({
|
|
1550
|
+
id: z7.string().uuid(),
|
|
1551
|
+
analysisUrl: z7.string(),
|
|
1552
|
+
createdOn: z7.string(),
|
|
1553
|
+
state: z7.nativeEnum(Fix_Report_State_Enum),
|
|
1554
|
+
repo: z7.object({
|
|
1555
|
+
name: z7.string().nullable(),
|
|
1556
|
+
originalUrl: z7.string(),
|
|
1557
|
+
reference: z7.string(),
|
|
1558
|
+
commitSha: z7.string(),
|
|
1559
|
+
isKnownBranch: z7.boolean().nullish().default(true)
|
|
1862
1560
|
}).nullable().transform(
|
|
1863
1561
|
(repo) => repo ?? {
|
|
1864
1562
|
name: null,
|
|
@@ -1868,13 +1566,13 @@ var init_analysis = __esm({
|
|
|
1868
1566
|
isKnownBranch: true
|
|
1869
1567
|
}
|
|
1870
1568
|
),
|
|
1871
|
-
vulnerabilityReport:
|
|
1872
|
-
id:
|
|
1873
|
-
vendor:
|
|
1874
|
-
computedVendor:
|
|
1875
|
-
projectId:
|
|
1876
|
-
project:
|
|
1877
|
-
organizationId:
|
|
1569
|
+
vulnerabilityReport: z7.object({
|
|
1570
|
+
id: z7.string().uuid(),
|
|
1571
|
+
vendor: z7.nativeEnum(Vulnerability_Report_Vendor_Enum),
|
|
1572
|
+
computedVendor: z7.nativeEnum(Vulnerability_Report_Vendor_Enum),
|
|
1573
|
+
projectId: z7.string().uuid(),
|
|
1574
|
+
project: z7.object({
|
|
1575
|
+
organizationId: z7.string().uuid()
|
|
1878
1576
|
})
|
|
1879
1577
|
})
|
|
1880
1578
|
});
|
|
@@ -1882,7 +1580,7 @@ var init_analysis = __esm({
|
|
|
1882
1580
|
});
|
|
1883
1581
|
|
|
1884
1582
|
// src/features/analysis/scm/shared/src/types/issue.ts
|
|
1885
|
-
import { z as
|
|
1583
|
+
import { z as z8 } from "zod";
|
|
1886
1584
|
var MAX_SOURCE_CODE_FILE_SIZE_IN_BYTES, VulnerabilityReportIssueRatingZ, VulnerabilityReportIssueSharedStateZ, BaseIssuePartsZ, FalsePositivePartsZ, UnfixablePartsZ, IssuePartsWithFixZ, IssuePartsFpZ, GeneralIssueZ, IssuePartsZ, GetIssueIndexesZ, GetIssueScreenDataZ, IssueBucketZ, mapCategoryToBucket, mapBucketTypeToCategory;
|
|
1887
1585
|
var init_issue = __esm({
|
|
1888
1586
|
"src/features/analysis/scm/shared/src/types/issue.ts"() {
|
|
@@ -1892,57 +1590,57 @@ var init_issue = __esm({
|
|
|
1892
1590
|
init_fix();
|
|
1893
1591
|
init_shared();
|
|
1894
1592
|
MAX_SOURCE_CODE_FILE_SIZE_IN_BYTES = 1e5;
|
|
1895
|
-
VulnerabilityReportIssueRatingZ =
|
|
1896
|
-
voteScore:
|
|
1897
|
-
comment:
|
|
1898
|
-
updatedDate:
|
|
1899
|
-
user:
|
|
1900
|
-
email:
|
|
1901
|
-
name:
|
|
1593
|
+
VulnerabilityReportIssueRatingZ = z8.object({
|
|
1594
|
+
voteScore: z8.number(),
|
|
1595
|
+
comment: z8.string().nullable().default(null),
|
|
1596
|
+
updatedDate: z8.string().nullable(),
|
|
1597
|
+
user: z8.object({
|
|
1598
|
+
email: z8.string(),
|
|
1599
|
+
name: z8.string()
|
|
1902
1600
|
})
|
|
1903
1601
|
});
|
|
1904
|
-
VulnerabilityReportIssueSharedStateZ =
|
|
1905
|
-
id:
|
|
1906
|
-
createdAt:
|
|
1907
|
-
isArchived:
|
|
1908
|
-
ticketIntegrationId:
|
|
1909
|
-
ticketIntegrations:
|
|
1910
|
-
|
|
1911
|
-
url:
|
|
1602
|
+
VulnerabilityReportIssueSharedStateZ = z8.object({
|
|
1603
|
+
id: z8.string().uuid(),
|
|
1604
|
+
createdAt: z8.string(),
|
|
1605
|
+
isArchived: z8.boolean(),
|
|
1606
|
+
ticketIntegrationId: z8.string().uuid().nullable(),
|
|
1607
|
+
ticketIntegrations: z8.array(
|
|
1608
|
+
z8.object({
|
|
1609
|
+
url: z8.string()
|
|
1912
1610
|
})
|
|
1913
1611
|
),
|
|
1914
|
-
issueRatings:
|
|
1612
|
+
issueRatings: z8.array(VulnerabilityReportIssueRatingZ).default([])
|
|
1915
1613
|
}).nullish();
|
|
1916
|
-
BaseIssuePartsZ =
|
|
1917
|
-
id:
|
|
1918
|
-
safeIssueType:
|
|
1919
|
-
safeIssueLanguage:
|
|
1920
|
-
createdAt:
|
|
1614
|
+
BaseIssuePartsZ = z8.object({
|
|
1615
|
+
id: z8.string().uuid(),
|
|
1616
|
+
safeIssueType: z8.string(),
|
|
1617
|
+
safeIssueLanguage: z8.string(),
|
|
1618
|
+
createdAt: z8.string(),
|
|
1921
1619
|
parsedSeverity: ParsedSeverityZ,
|
|
1922
|
-
category:
|
|
1923
|
-
extraData:
|
|
1924
|
-
missing_files:
|
|
1925
|
-
error_files:
|
|
1926
|
-
ai_cost_limit_exceeded:
|
|
1620
|
+
category: z8.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
1621
|
+
extraData: z8.object({
|
|
1622
|
+
missing_files: z8.string().array().nullish(),
|
|
1623
|
+
error_files: z8.string().array().nullish(),
|
|
1624
|
+
ai_cost_limit_exceeded: z8.string().nullish()
|
|
1927
1625
|
}),
|
|
1928
|
-
vulnerabilityReportIssueTags:
|
|
1929
|
-
|
|
1930
|
-
tag:
|
|
1626
|
+
vulnerabilityReportIssueTags: z8.array(
|
|
1627
|
+
z8.object({
|
|
1628
|
+
tag: z8.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
|
|
1931
1629
|
})
|
|
1932
1630
|
),
|
|
1933
|
-
codeNodes:
|
|
1934
|
-
|
|
1935
|
-
path:
|
|
1936
|
-
line:
|
|
1937
|
-
index:
|
|
1631
|
+
codeNodes: z8.array(
|
|
1632
|
+
z8.object({
|
|
1633
|
+
path: z8.string(),
|
|
1634
|
+
line: z8.number(),
|
|
1635
|
+
index: z8.number()
|
|
1938
1636
|
})
|
|
1939
1637
|
).transform((nodes) => nodes.sort((a, b) => b.index - a.index)),
|
|
1940
|
-
sourceCodeNodes:
|
|
1941
|
-
|
|
1942
|
-
sourceCodeFile:
|
|
1943
|
-
path:
|
|
1944
|
-
signedFile:
|
|
1945
|
-
url:
|
|
1638
|
+
sourceCodeNodes: z8.array(
|
|
1639
|
+
z8.object({
|
|
1640
|
+
sourceCodeFile: z8.object({
|
|
1641
|
+
path: z8.string(),
|
|
1642
|
+
signedFile: z8.object({
|
|
1643
|
+
url: z8.string()
|
|
1946
1644
|
})
|
|
1947
1645
|
})
|
|
1948
1646
|
}).transform(async ({ sourceCodeFile }) => {
|
|
@@ -1958,71 +1656,71 @@ var init_issue = __esm({
|
|
|
1958
1656
|
})
|
|
1959
1657
|
).transform((nodes) => nodes.filter((node) => node !== null)),
|
|
1960
1658
|
fix: FixPartsForFixScreenZ.nullish(),
|
|
1961
|
-
vulnerabilityReportIssueNodeDiffFile:
|
|
1962
|
-
signedFile:
|
|
1963
|
-
url:
|
|
1659
|
+
vulnerabilityReportIssueNodeDiffFile: z8.object({
|
|
1660
|
+
signedFile: z8.object({
|
|
1661
|
+
url: z8.string()
|
|
1964
1662
|
}).transform(async ({ url }) => {
|
|
1965
1663
|
const codeDiff = await fetch(url).then((res) => res.text());
|
|
1966
1664
|
return { codeDiff };
|
|
1967
1665
|
})
|
|
1968
1666
|
}).nullish(),
|
|
1969
1667
|
sharedState: VulnerabilityReportIssueSharedStateZ,
|
|
1970
|
-
unfixableId:
|
|
1668
|
+
unfixableId: z8.string().uuid().nullish()
|
|
1971
1669
|
});
|
|
1972
|
-
FalsePositivePartsZ =
|
|
1973
|
-
extraContext:
|
|
1974
|
-
fixDescription:
|
|
1670
|
+
FalsePositivePartsZ = z8.object({
|
|
1671
|
+
extraContext: z8.array(z8.object({ key: z8.string(), value: z8.string() })),
|
|
1672
|
+
fixDescription: z8.string()
|
|
1975
1673
|
});
|
|
1976
|
-
UnfixablePartsZ =
|
|
1977
|
-
extraContext:
|
|
1978
|
-
fixDescription:
|
|
1674
|
+
UnfixablePartsZ = z8.object({
|
|
1675
|
+
extraContext: z8.array(z8.object({ key: z8.string(), value: z8.string() })),
|
|
1676
|
+
fixDescription: z8.string()
|
|
1979
1677
|
});
|
|
1980
1678
|
IssuePartsWithFixZ = BaseIssuePartsZ.merge(
|
|
1981
|
-
|
|
1982
|
-
category:
|
|
1679
|
+
z8.object({
|
|
1680
|
+
category: z8.literal("Irrelevant" /* Irrelevant */),
|
|
1983
1681
|
fix: FixPartsForFixScreenZ.nullish()
|
|
1984
1682
|
})
|
|
1985
1683
|
);
|
|
1986
1684
|
IssuePartsFpZ = BaseIssuePartsZ.merge(
|
|
1987
|
-
|
|
1988
|
-
category:
|
|
1989
|
-
fpId:
|
|
1685
|
+
z8.object({
|
|
1686
|
+
category: z8.literal("FalsePositive" /* FalsePositive */),
|
|
1687
|
+
fpId: z8.string().uuid(),
|
|
1990
1688
|
getFalsePositive: FalsePositivePartsZ
|
|
1991
1689
|
})
|
|
1992
1690
|
);
|
|
1993
1691
|
GeneralIssueZ = BaseIssuePartsZ.merge(
|
|
1994
|
-
|
|
1995
|
-
category:
|
|
1996
|
-
|
|
1997
|
-
|
|
1998
|
-
|
|
1999
|
-
|
|
2000
|
-
|
|
1692
|
+
z8.object({
|
|
1693
|
+
category: z8.union([
|
|
1694
|
+
z8.literal("NoFix" /* NoFix */),
|
|
1695
|
+
z8.literal("Unsupported" /* Unsupported */),
|
|
1696
|
+
z8.literal("Fixable" /* Fixable */),
|
|
1697
|
+
z8.literal("Filtered" /* Filtered */),
|
|
1698
|
+
z8.literal("Pending" /* Pending */)
|
|
2001
1699
|
]),
|
|
2002
1700
|
getUnfixable: UnfixablePartsZ.nullish()
|
|
2003
1701
|
})
|
|
2004
1702
|
);
|
|
2005
|
-
IssuePartsZ =
|
|
1703
|
+
IssuePartsZ = z8.union([
|
|
2006
1704
|
IssuePartsFpZ,
|
|
2007
1705
|
IssuePartsWithFixZ,
|
|
2008
1706
|
GeneralIssueZ
|
|
2009
1707
|
]);
|
|
2010
|
-
GetIssueIndexesZ =
|
|
2011
|
-
currentIndex:
|
|
2012
|
-
totalIssues:
|
|
2013
|
-
nextIssue:
|
|
2014
|
-
id:
|
|
1708
|
+
GetIssueIndexesZ = z8.object({
|
|
1709
|
+
currentIndex: z8.number(),
|
|
1710
|
+
totalIssues: z8.number(),
|
|
1711
|
+
nextIssue: z8.object({
|
|
1712
|
+
id: z8.string().uuid()
|
|
2015
1713
|
}).nullish(),
|
|
2016
|
-
prevIssue:
|
|
2017
|
-
id:
|
|
1714
|
+
prevIssue: z8.object({
|
|
1715
|
+
id: z8.string().uuid()
|
|
2018
1716
|
}).nullish()
|
|
2019
1717
|
});
|
|
2020
|
-
GetIssueScreenDataZ =
|
|
1718
|
+
GetIssueScreenDataZ = z8.object({
|
|
2021
1719
|
fixReport_by_pk: FixPageFixReportZ,
|
|
2022
1720
|
vulnerability_report_issue_by_pk: IssuePartsZ,
|
|
2023
1721
|
issueIndexes: GetIssueIndexesZ
|
|
2024
1722
|
});
|
|
2025
|
-
IssueBucketZ =
|
|
1723
|
+
IssueBucketZ = z8.enum(["fixable", "irrelevant", "remaining"]);
|
|
2026
1724
|
mapCategoryToBucket = {
|
|
2027
1725
|
FalsePositive: "irrelevant",
|
|
2028
1726
|
Irrelevant: "irrelevant",
|
|
@@ -2049,42 +1747,44 @@ var init_issue = __esm({
|
|
|
2049
1747
|
});
|
|
2050
1748
|
|
|
2051
1749
|
// src/features/analysis/scm/shared/src/validations.ts
|
|
2052
|
-
import { z as
|
|
1750
|
+
import { z as z9 } from "zod";
|
|
2053
1751
|
var IssueTypeSettingZ, IssueTypeSettingsZ;
|
|
2054
1752
|
var init_validations = __esm({
|
|
2055
1753
|
"src/features/analysis/scm/shared/src/validations.ts"() {
|
|
2056
1754
|
"use strict";
|
|
2057
|
-
init_client_generates();
|
|
2058
1755
|
init_getIssueType();
|
|
2059
|
-
|
|
2060
|
-
|
|
2061
|
-
|
|
2062
|
-
|
|
2063
|
-
|
|
2064
|
-
|
|
2065
|
-
|
|
2066
|
-
|
|
2067
|
-
|
|
1756
|
+
init_issueTypeCatalog();
|
|
1757
|
+
IssueTypeSettingZ = z9.object({
|
|
1758
|
+
autoPrEnabled: z9.boolean(),
|
|
1759
|
+
enabled: z9.boolean(),
|
|
1760
|
+
issueType: SafeIssueTypeStringZ
|
|
1761
|
+
});
|
|
1762
|
+
IssueTypeSettingsZ = z9.array(IssueTypeSettingZ).transform((issueTypeSettings) => {
|
|
1763
|
+
const catalogValues = listIssueTypeCatalog().map((entry) => entry.value);
|
|
1764
|
+
if (catalogValues.length === 0) {
|
|
1765
|
+
throw new Error(
|
|
1766
|
+
"Issue-type catalog is not hydrated; cannot derive default issue-type settings"
|
|
2068
1767
|
);
|
|
2069
|
-
|
|
2070
|
-
|
|
2071
|
-
|
|
2072
|
-
|
|
1768
|
+
}
|
|
1769
|
+
const existingByIssueType = new Map(
|
|
1770
|
+
issueTypeSettings.map((setting) => [setting.issueType, setting])
|
|
1771
|
+
);
|
|
1772
|
+
return catalogValues.map(
|
|
1773
|
+
(issueType) => existingByIssueType.get(issueType) ?? {
|
|
2073
1774
|
autoPrEnabled: false,
|
|
2074
1775
|
enabled: true,
|
|
2075
|
-
issueType
|
|
2076
|
-
}
|
|
2077
|
-
|
|
2078
|
-
|
|
2079
|
-
|
|
2080
|
-
|
|
2081
|
-
});
|
|
1776
|
+
issueType
|
|
1777
|
+
}
|
|
1778
|
+
).map((setting) => ({
|
|
1779
|
+
setting,
|
|
1780
|
+
label: getIssueTypeFriendlyString(setting.issueType)
|
|
1781
|
+
})).sort((a, b) => a.label.localeCompare(b.label)).map(({ setting }) => setting);
|
|
2082
1782
|
});
|
|
2083
1783
|
}
|
|
2084
1784
|
});
|
|
2085
1785
|
|
|
2086
1786
|
// src/features/analysis/scm/shared/src/types/types.ts
|
|
2087
|
-
import { z as
|
|
1787
|
+
import { z as z10 } from "zod";
|
|
2088
1788
|
var OrganizationScreenQueryParamsZ, ProjectPageQueryParamsZ, AnalysisPageQueryParamsZ, FixPageQueryParamsZ, IssuePageQueryParamsZ, CliLoginPageQueryParamsZ, AnalysisReportDigestedZ, IssueSharedStateZ2, ReportQueryResultZ, ReportFixesQueryFixZ, BaseVulnerabilityReportIssueZ, VulnerabilityReportIssueZ, VulnerabilityReportIssueWithCodeFilePathZ, GetReportIssuesQueryZ, FixReportByProjectZ, FixScreenQueryResultZ, FixPageQueryZ, GetReportFixesQueryZ, GetFixReportStatsQueryZ, ProjectVulnerabilityReport, GetProjectsQueryZ, ProjectPageQueryResultZ, GetProjectMembersDataZ, RepoArgsZ, scmCloudUrl, ScmType, ConvertToSarifInputFileFormat;
|
|
2089
1789
|
var init_types = __esm({
|
|
2090
1790
|
"src/features/analysis/scm/shared/src/types/types.ts"() {
|
|
@@ -2095,117 +1795,117 @@ var init_types = __esm({
|
|
|
2095
1795
|
init_fix();
|
|
2096
1796
|
init_issue();
|
|
2097
1797
|
init_shared();
|
|
2098
|
-
OrganizationScreenQueryParamsZ =
|
|
2099
|
-
organizationId:
|
|
1798
|
+
OrganizationScreenQueryParamsZ = z10.object({
|
|
1799
|
+
organizationId: z10.string().uuid()
|
|
2100
1800
|
});
|
|
2101
|
-
ProjectPageQueryParamsZ =
|
|
2102
|
-
organizationId:
|
|
2103
|
-
projectId:
|
|
1801
|
+
ProjectPageQueryParamsZ = z10.object({
|
|
1802
|
+
organizationId: z10.string().uuid(),
|
|
1803
|
+
projectId: z10.string().uuid()
|
|
2104
1804
|
});
|
|
2105
1805
|
AnalysisPageQueryParamsZ = ProjectPageQueryParamsZ.extend({
|
|
2106
|
-
reportId:
|
|
1806
|
+
reportId: z10.string().uuid()
|
|
2107
1807
|
});
|
|
2108
1808
|
FixPageQueryParamsZ = AnalysisPageQueryParamsZ.extend({
|
|
2109
|
-
fixId:
|
|
1809
|
+
fixId: z10.string().uuid()
|
|
2110
1810
|
});
|
|
2111
1811
|
IssuePageQueryParamsZ = AnalysisPageQueryParamsZ.extend({
|
|
2112
|
-
issueId:
|
|
2113
|
-
});
|
|
2114
|
-
CliLoginPageQueryParamsZ =
|
|
2115
|
-
loginId:
|
|
2116
|
-
});
|
|
2117
|
-
AnalysisReportDigestedZ =
|
|
2118
|
-
id:
|
|
2119
|
-
state:
|
|
2120
|
-
vulnerabilityReport:
|
|
2121
|
-
reportSummaryUrl:
|
|
2122
|
-
scanDate:
|
|
2123
|
-
supported:
|
|
2124
|
-
aggregate:
|
|
2125
|
-
count:
|
|
1812
|
+
issueId: z10.string().uuid()
|
|
1813
|
+
});
|
|
1814
|
+
CliLoginPageQueryParamsZ = z10.object({
|
|
1815
|
+
loginId: z10.string().uuid()
|
|
1816
|
+
});
|
|
1817
|
+
AnalysisReportDigestedZ = z10.object({
|
|
1818
|
+
id: z10.string().uuid(),
|
|
1819
|
+
state: z10.nativeEnum(Fix_Report_State_Enum),
|
|
1820
|
+
vulnerabilityReport: z10.object({
|
|
1821
|
+
reportSummaryUrl: z10.string().url().nullish(),
|
|
1822
|
+
scanDate: z10.string().nullable(),
|
|
1823
|
+
supported: z10.object({
|
|
1824
|
+
aggregate: z10.object({
|
|
1825
|
+
count: z10.number()
|
|
2126
1826
|
})
|
|
2127
1827
|
}),
|
|
2128
|
-
all:
|
|
2129
|
-
aggregate:
|
|
2130
|
-
count:
|
|
1828
|
+
all: z10.object({
|
|
1829
|
+
aggregate: z10.object({
|
|
1830
|
+
count: z10.number()
|
|
2131
1831
|
})
|
|
2132
1832
|
}),
|
|
2133
|
-
vendor:
|
|
2134
|
-
project:
|
|
2135
|
-
organizationId:
|
|
1833
|
+
vendor: z10.nativeEnum(Vulnerability_Report_Vendor_Enum),
|
|
1834
|
+
project: z10.object({
|
|
1835
|
+
organizationId: z10.string().uuid()
|
|
2136
1836
|
})
|
|
2137
1837
|
})
|
|
2138
1838
|
});
|
|
2139
|
-
IssueSharedStateZ2 =
|
|
2140
|
-
id:
|
|
2141
|
-
createdAt:
|
|
2142
|
-
isArchived:
|
|
2143
|
-
ticketIntegrationId:
|
|
2144
|
-
ticketIntegrations:
|
|
2145
|
-
|
|
2146
|
-
url:
|
|
1839
|
+
IssueSharedStateZ2 = z10.object({
|
|
1840
|
+
id: z10.string().uuid(),
|
|
1841
|
+
createdAt: z10.string(),
|
|
1842
|
+
isArchived: z10.boolean(),
|
|
1843
|
+
ticketIntegrationId: z10.string().uuid().nullable(),
|
|
1844
|
+
ticketIntegrations: z10.array(
|
|
1845
|
+
z10.object({
|
|
1846
|
+
url: z10.string()
|
|
2147
1847
|
})
|
|
2148
1848
|
)
|
|
2149
1849
|
}).nullable();
|
|
2150
|
-
ReportQueryResultZ =
|
|
2151
|
-
fixReport_by_pk:
|
|
2152
|
-
id:
|
|
2153
|
-
analysisUrl:
|
|
2154
|
-
fixesCommitted:
|
|
2155
|
-
aggregate:
|
|
1850
|
+
ReportQueryResultZ = z10.object({
|
|
1851
|
+
fixReport_by_pk: z10.object({
|
|
1852
|
+
id: z10.string().uuid(),
|
|
1853
|
+
analysisUrl: z10.string(),
|
|
1854
|
+
fixesCommitted: z10.object({
|
|
1855
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2156
1856
|
}),
|
|
2157
|
-
fixesDownloaded:
|
|
2158
|
-
aggregate:
|
|
1857
|
+
fixesDownloaded: z10.object({
|
|
1858
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2159
1859
|
}),
|
|
2160
|
-
fixesDoneCount:
|
|
2161
|
-
fixesInprogressCount:
|
|
2162
|
-
fixesReadyCount:
|
|
2163
|
-
aggregate:
|
|
1860
|
+
fixesDoneCount: z10.number(),
|
|
1861
|
+
fixesInprogressCount: z10.number(),
|
|
1862
|
+
fixesReadyCount: z10.object({
|
|
1863
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2164
1864
|
}),
|
|
2165
|
-
issueTypes:
|
|
2166
|
-
issueLanguages:
|
|
2167
|
-
fixesCountByEffort:
|
|
2168
|
-
vulnerabilitySeverities:
|
|
2169
|
-
createdOn:
|
|
2170
|
-
expirationOn:
|
|
2171
|
-
state:
|
|
2172
|
-
failReason:
|
|
2173
|
-
candidateToRerun:
|
|
2174
|
-
fixes:
|
|
2175
|
-
|
|
2176
|
-
id:
|
|
2177
|
-
safeIssueLanguage:
|
|
2178
|
-
safeIssueType:
|
|
2179
|
-
confidence:
|
|
2180
|
-
effortToApplyFix:
|
|
2181
|
-
modifiedBy:
|
|
2182
|
-
gitBlameLogin:
|
|
2183
|
-
fixReportId:
|
|
2184
|
-
filePaths:
|
|
2185
|
-
|
|
2186
|
-
fileRepoRelativePath:
|
|
1865
|
+
issueTypes: z10.record(z10.string(), z10.number()).nullable(),
|
|
1866
|
+
issueLanguages: z10.record(z10.string(), z10.number()).nullable(),
|
|
1867
|
+
fixesCountByEffort: z10.record(z10.string(), z10.number()).nullable(),
|
|
1868
|
+
vulnerabilitySeverities: z10.record(z10.string(), z10.number()).nullable(),
|
|
1869
|
+
createdOn: z10.string(),
|
|
1870
|
+
expirationOn: z10.string().nullable(),
|
|
1871
|
+
state: z10.nativeEnum(Fix_Report_State_Enum),
|
|
1872
|
+
failReason: z10.string().nullable(),
|
|
1873
|
+
candidateToRerun: z10.boolean(),
|
|
1874
|
+
fixes: z10.array(
|
|
1875
|
+
z10.object({
|
|
1876
|
+
id: z10.string().uuid(),
|
|
1877
|
+
safeIssueLanguage: z10.string(),
|
|
1878
|
+
safeIssueType: z10.string(),
|
|
1879
|
+
confidence: z10.number(),
|
|
1880
|
+
effortToApplyFix: z10.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
|
|
1881
|
+
modifiedBy: z10.string().nullable(),
|
|
1882
|
+
gitBlameLogin: z10.string().nullable(),
|
|
1883
|
+
fixReportId: z10.string().uuid(),
|
|
1884
|
+
filePaths: z10.array(
|
|
1885
|
+
z10.object({
|
|
1886
|
+
fileRepoRelativePath: z10.string()
|
|
2187
1887
|
})
|
|
2188
1888
|
),
|
|
2189
1889
|
sharedState: FixSharedStateZ,
|
|
2190
|
-
numberOfVulnerabilityIssues:
|
|
2191
|
-
severityText:
|
|
2192
|
-
vulnerabilityReportIssues:
|
|
2193
|
-
|
|
2194
|
-
id:
|
|
2195
|
-
issueType:
|
|
2196
|
-
issueLanguage:
|
|
2197
|
-
category:
|
|
1890
|
+
numberOfVulnerabilityIssues: z10.number(),
|
|
1891
|
+
severityText: z10.nativeEnum(Vulnerability_Severity_Enum),
|
|
1892
|
+
vulnerabilityReportIssues: z10.array(
|
|
1893
|
+
z10.object({
|
|
1894
|
+
id: z10.string().uuid(),
|
|
1895
|
+
issueType: z10.string(),
|
|
1896
|
+
issueLanguage: z10.string(),
|
|
1897
|
+
category: z10.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
2198
1898
|
sharedState: IssueSharedStateZ2
|
|
2199
1899
|
})
|
|
2200
1900
|
)
|
|
2201
1901
|
})
|
|
2202
1902
|
),
|
|
2203
|
-
repo:
|
|
2204
|
-
name:
|
|
2205
|
-
originalUrl:
|
|
2206
|
-
reference:
|
|
2207
|
-
commitSha:
|
|
2208
|
-
isKnownBranch:
|
|
1903
|
+
repo: z10.object({
|
|
1904
|
+
name: z10.string().nullable(),
|
|
1905
|
+
originalUrl: z10.string(),
|
|
1906
|
+
reference: z10.string(),
|
|
1907
|
+
commitSha: z10.string(),
|
|
1908
|
+
isKnownBranch: z10.boolean().nullish().default(true)
|
|
2209
1909
|
}).nullable().transform(
|
|
2210
1910
|
(repo) => repo ?? {
|
|
2211
1911
|
name: null,
|
|
@@ -2215,229 +1915,229 @@ var init_types = __esm({
|
|
|
2215
1915
|
isKnownBranch: true
|
|
2216
1916
|
}
|
|
2217
1917
|
),
|
|
2218
|
-
vulnerabilityReportIssuesFixedCount:
|
|
2219
|
-
vulnerabilityReportIssues_aggregate:
|
|
2220
|
-
aggregate:
|
|
1918
|
+
vulnerabilityReportIssuesFixedCount: z10.object({
|
|
1919
|
+
vulnerabilityReportIssues_aggregate: z10.object({
|
|
1920
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2221
1921
|
})
|
|
2222
1922
|
}),
|
|
2223
|
-
vulnerabilityReport:
|
|
2224
|
-
id:
|
|
2225
|
-
reportSummaryUrl:
|
|
2226
|
-
computedVendor:
|
|
2227
|
-
vendor:
|
|
2228
|
-
issuesWithKnownLanguage:
|
|
2229
|
-
scanDate:
|
|
2230
|
-
vendorReportId:
|
|
2231
|
-
projectId:
|
|
2232
|
-
project:
|
|
2233
|
-
organizationId:
|
|
1923
|
+
vulnerabilityReport: z10.object({
|
|
1924
|
+
id: z10.string().uuid(),
|
|
1925
|
+
reportSummaryUrl: z10.string().url().nullish(),
|
|
1926
|
+
computedVendor: z10.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
|
|
1927
|
+
vendor: z10.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
|
|
1928
|
+
issuesWithKnownLanguage: z10.number().nullable(),
|
|
1929
|
+
scanDate: z10.string().nullable(),
|
|
1930
|
+
vendorReportId: z10.string().uuid().nullable(),
|
|
1931
|
+
projectId: z10.string().uuid(),
|
|
1932
|
+
project: z10.object({
|
|
1933
|
+
organizationId: z10.string().uuid()
|
|
2234
1934
|
}),
|
|
2235
|
-
file:
|
|
2236
|
-
id:
|
|
2237
|
-
path:
|
|
1935
|
+
file: z10.object({
|
|
1936
|
+
id: z10.string().uuid(),
|
|
1937
|
+
path: z10.string()
|
|
2238
1938
|
}).nullable(),
|
|
2239
|
-
pending:
|
|
2240
|
-
aggregate:
|
|
2241
|
-
count:
|
|
1939
|
+
pending: z10.object({
|
|
1940
|
+
aggregate: z10.object({
|
|
1941
|
+
count: z10.number()
|
|
2242
1942
|
})
|
|
2243
1943
|
}),
|
|
2244
|
-
irrelevant:
|
|
2245
|
-
aggregate:
|
|
2246
|
-
count:
|
|
1944
|
+
irrelevant: z10.object({
|
|
1945
|
+
aggregate: z10.object({
|
|
1946
|
+
count: z10.number()
|
|
2247
1947
|
})
|
|
2248
1948
|
}),
|
|
2249
|
-
remaining:
|
|
2250
|
-
aggregate:
|
|
2251
|
-
count:
|
|
1949
|
+
remaining: z10.object({
|
|
1950
|
+
aggregate: z10.object({
|
|
1951
|
+
count: z10.number()
|
|
2252
1952
|
})
|
|
2253
1953
|
}),
|
|
2254
|
-
digested:
|
|
2255
|
-
aggregate:
|
|
2256
|
-
count:
|
|
1954
|
+
digested: z10.object({
|
|
1955
|
+
aggregate: z10.object({
|
|
1956
|
+
count: z10.number()
|
|
2257
1957
|
})
|
|
2258
1958
|
}),
|
|
2259
|
-
supported:
|
|
2260
|
-
aggregate:
|
|
2261
|
-
count:
|
|
1959
|
+
supported: z10.object({
|
|
1960
|
+
aggregate: z10.object({
|
|
1961
|
+
count: z10.number()
|
|
2262
1962
|
})
|
|
2263
1963
|
}),
|
|
2264
|
-
all:
|
|
2265
|
-
aggregate:
|
|
2266
|
-
count:
|
|
1964
|
+
all: z10.object({
|
|
1965
|
+
aggregate: z10.object({
|
|
1966
|
+
count: z10.number()
|
|
2267
1967
|
})
|
|
2268
1968
|
}),
|
|
2269
|
-
fixable:
|
|
2270
|
-
aggregate:
|
|
2271
|
-
count:
|
|
1969
|
+
fixable: z10.object({
|
|
1970
|
+
aggregate: z10.object({
|
|
1971
|
+
count: z10.number()
|
|
2272
1972
|
})
|
|
2273
1973
|
}),
|
|
2274
|
-
errors:
|
|
2275
|
-
aggregate:
|
|
2276
|
-
count:
|
|
1974
|
+
errors: z10.object({
|
|
1975
|
+
aggregate: z10.object({
|
|
1976
|
+
count: z10.number()
|
|
2277
1977
|
})
|
|
2278
1978
|
}),
|
|
2279
|
-
vulnerabilityReportIssues:
|
|
2280
|
-
id:
|
|
2281
|
-
extraData:
|
|
2282
|
-
missing_files:
|
|
2283
|
-
large_files:
|
|
2284
|
-
error_files:
|
|
2285
|
-
ai_cost_limit_exceeded:
|
|
1979
|
+
vulnerabilityReportIssues: z10.object({
|
|
1980
|
+
id: z10.string().uuid(),
|
|
1981
|
+
extraData: z10.object({
|
|
1982
|
+
missing_files: z10.string().array().nullish(),
|
|
1983
|
+
large_files: z10.string().array().nullish(),
|
|
1984
|
+
error_files: z10.string().array().nullish(),
|
|
1985
|
+
ai_cost_limit_exceeded: z10.string().nullish()
|
|
2286
1986
|
})
|
|
2287
1987
|
}).array()
|
|
2288
1988
|
})
|
|
2289
1989
|
})
|
|
2290
1990
|
});
|
|
2291
|
-
ReportFixesQueryFixZ =
|
|
2292
|
-
id:
|
|
1991
|
+
ReportFixesQueryFixZ = z10.object({
|
|
1992
|
+
id: z10.string().uuid(),
|
|
2293
1993
|
sharedState: FixSharedStateZ,
|
|
2294
|
-
confidence:
|
|
2295
|
-
gitBlameLogin:
|
|
2296
|
-
effortToApplyFix:
|
|
2297
|
-
safeIssueLanguage:
|
|
2298
|
-
safeIssueType:
|
|
2299
|
-
fixReportId:
|
|
2300
|
-
filePaths:
|
|
2301
|
-
|
|
2302
|
-
fileRepoRelativePath:
|
|
1994
|
+
confidence: z10.number(),
|
|
1995
|
+
gitBlameLogin: z10.string().nullable(),
|
|
1996
|
+
effortToApplyFix: z10.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
|
|
1997
|
+
safeIssueLanguage: z10.string(),
|
|
1998
|
+
safeIssueType: z10.string(),
|
|
1999
|
+
fixReportId: z10.string().uuid(),
|
|
2000
|
+
filePaths: z10.array(
|
|
2001
|
+
z10.object({
|
|
2002
|
+
fileRepoRelativePath: z10.string()
|
|
2303
2003
|
})
|
|
2304
2004
|
),
|
|
2305
|
-
numberOfVulnerabilityIssues:
|
|
2306
|
-
severityText:
|
|
2307
|
-
vulnerabilityReportIssues:
|
|
2308
|
-
|
|
2309
|
-
issueType:
|
|
2310
|
-
issueLanguage:
|
|
2005
|
+
numberOfVulnerabilityIssues: z10.number(),
|
|
2006
|
+
severityText: z10.nativeEnum(Vulnerability_Severity_Enum),
|
|
2007
|
+
vulnerabilityReportIssues: z10.array(
|
|
2008
|
+
z10.object({
|
|
2009
|
+
issueType: z10.string(),
|
|
2010
|
+
issueLanguage: z10.string(),
|
|
2311
2011
|
sharedState: IssueSharedStateZ2
|
|
2312
2012
|
})
|
|
2313
2013
|
).min(1)
|
|
2314
2014
|
});
|
|
2315
|
-
BaseVulnerabilityReportIssueZ =
|
|
2316
|
-
id:
|
|
2317
|
-
createdAt:
|
|
2318
|
-
state:
|
|
2319
|
-
safeIssueType:
|
|
2320
|
-
safeIssueLanguage:
|
|
2321
|
-
extraData:
|
|
2322
|
-
missing_files:
|
|
2323
|
-
large_files:
|
|
2324
|
-
error_files:
|
|
2325
|
-
ai_cost_limit_exceeded:
|
|
2015
|
+
BaseVulnerabilityReportIssueZ = z10.object({
|
|
2016
|
+
id: z10.string().uuid(),
|
|
2017
|
+
createdAt: z10.string(),
|
|
2018
|
+
state: z10.nativeEnum(Vulnerability_Report_Issue_State_Enum),
|
|
2019
|
+
safeIssueType: z10.string(),
|
|
2020
|
+
safeIssueLanguage: z10.string(),
|
|
2021
|
+
extraData: z10.object({
|
|
2022
|
+
missing_files: z10.string().array().nullish(),
|
|
2023
|
+
large_files: z10.string().array().nullish(),
|
|
2024
|
+
error_files: z10.string().array().nullish(),
|
|
2025
|
+
ai_cost_limit_exceeded: z10.string().nullish()
|
|
2326
2026
|
}),
|
|
2327
2027
|
fix: ReportFixesQueryFixZ.nullable(),
|
|
2328
|
-
falsePositive:
|
|
2329
|
-
id:
|
|
2028
|
+
falsePositive: z10.object({
|
|
2029
|
+
id: z10.string().uuid()
|
|
2330
2030
|
}).nullable(),
|
|
2331
2031
|
parsedSeverity: ParsedSeverityZ,
|
|
2332
|
-
severity:
|
|
2333
|
-
severityValue:
|
|
2334
|
-
category:
|
|
2335
|
-
vulnerabilityReportIssueTags:
|
|
2336
|
-
|
|
2337
|
-
vulnerability_report_issue_tag_value:
|
|
2032
|
+
severity: z10.string(),
|
|
2033
|
+
severityValue: z10.number(),
|
|
2034
|
+
category: z10.string(),
|
|
2035
|
+
vulnerabilityReportIssueTags: z10.array(
|
|
2036
|
+
z10.object({
|
|
2037
|
+
vulnerability_report_issue_tag_value: z10.string()
|
|
2338
2038
|
})
|
|
2339
2039
|
),
|
|
2340
2040
|
sharedState: VulnerabilityReportIssueSharedStateZ
|
|
2341
2041
|
});
|
|
2342
2042
|
VulnerabilityReportIssueZ = BaseVulnerabilityReportIssueZ.merge(
|
|
2343
|
-
|
|
2344
|
-
codeNodes:
|
|
2043
|
+
z10.object({
|
|
2044
|
+
codeNodes: z10.array(z10.object({ path: z10.string() }))
|
|
2345
2045
|
})
|
|
2346
2046
|
);
|
|
2347
2047
|
VulnerabilityReportIssueWithCodeFilePathZ = BaseVulnerabilityReportIssueZ.merge(
|
|
2348
|
-
|
|
2349
|
-
codeFilePath:
|
|
2048
|
+
z10.object({
|
|
2049
|
+
codeFilePath: z10.string().nullable()
|
|
2350
2050
|
})
|
|
2351
2051
|
);
|
|
2352
|
-
GetReportIssuesQueryZ =
|
|
2353
|
-
fixReport:
|
|
2354
|
-
vulnerabilityReport:
|
|
2355
|
-
id:
|
|
2356
|
-
lastIssueUpdatedAt:
|
|
2357
|
-
vulnerabilityReportIssues_aggregate:
|
|
2358
|
-
aggregate:
|
|
2052
|
+
GetReportIssuesQueryZ = z10.object({
|
|
2053
|
+
fixReport: z10.object({
|
|
2054
|
+
vulnerabilityReport: z10.object({
|
|
2055
|
+
id: z10.string().uuid(),
|
|
2056
|
+
lastIssueUpdatedAt: z10.string(),
|
|
2057
|
+
vulnerabilityReportIssues_aggregate: z10.object({
|
|
2058
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2359
2059
|
}),
|
|
2360
|
-
vulnerabilityReportIssues:
|
|
2060
|
+
vulnerabilityReportIssues: z10.array(
|
|
2361
2061
|
VulnerabilityReportIssueWithCodeFilePathZ
|
|
2362
2062
|
)
|
|
2363
2063
|
})
|
|
2364
2064
|
}).array()
|
|
2365
2065
|
}).nullish();
|
|
2366
|
-
FixReportByProjectZ =
|
|
2367
|
-
project_by_pk:
|
|
2368
|
-
vulnerabilityReports:
|
|
2369
|
-
|
|
2370
|
-
fixReport:
|
|
2066
|
+
FixReportByProjectZ = z10.object({
|
|
2067
|
+
project_by_pk: z10.object({
|
|
2068
|
+
vulnerabilityReports: z10.array(
|
|
2069
|
+
z10.object({
|
|
2070
|
+
fixReport: z10.object({ id: z10.string().uuid() }).nullable()
|
|
2371
2071
|
})
|
|
2372
2072
|
)
|
|
2373
2073
|
})
|
|
2374
2074
|
});
|
|
2375
|
-
FixScreenQueryResultZ =
|
|
2075
|
+
FixScreenQueryResultZ = z10.object({
|
|
2376
2076
|
fixReport_by_pk: FixPageFixReportZ,
|
|
2377
2077
|
fix_by_pk: FixPartsForFixScreenZ,
|
|
2378
|
-
fixesWithSameIssueType:
|
|
2379
|
-
|
|
2380
|
-
id:
|
|
2381
|
-
sharedState:
|
|
2078
|
+
fixesWithSameIssueType: z10.array(
|
|
2079
|
+
z10.object({
|
|
2080
|
+
id: z10.string().uuid(),
|
|
2081
|
+
sharedState: z10.object({ state: z10.nativeEnum(Fix_State_Enum) }).nullable().default({ state: "Ready" /* Ready */ })
|
|
2382
2082
|
})
|
|
2383
2083
|
),
|
|
2384
2084
|
relevantIssue: IssuePartsZ.nullish()
|
|
2385
2085
|
});
|
|
2386
|
-
FixPageQueryZ =
|
|
2086
|
+
FixPageQueryZ = z10.object({
|
|
2387
2087
|
data: FixScreenQueryResultZ
|
|
2388
2088
|
});
|
|
2389
|
-
GetReportFixesQueryZ =
|
|
2390
|
-
fixReport:
|
|
2391
|
-
|
|
2392
|
-
fixes:
|
|
2393
|
-
vulnerabilityReportIssuesTotalCount:
|
|
2394
|
-
vulnerabilityReportIssues_aggregate:
|
|
2395
|
-
aggregate:
|
|
2089
|
+
GetReportFixesQueryZ = z10.object({
|
|
2090
|
+
fixReport: z10.array(
|
|
2091
|
+
z10.object({
|
|
2092
|
+
fixes: z10.array(ReportFixesQueryFixZ),
|
|
2093
|
+
vulnerabilityReportIssuesTotalCount: z10.object({
|
|
2094
|
+
vulnerabilityReportIssues_aggregate: z10.object({
|
|
2095
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2396
2096
|
})
|
|
2397
2097
|
}),
|
|
2398
|
-
vulnerabilityReportIssuesFixedCount:
|
|
2399
|
-
vulnerabilityReportIssues_aggregate:
|
|
2400
|
-
aggregate:
|
|
2098
|
+
vulnerabilityReportIssuesFixedCount: z10.object({
|
|
2099
|
+
vulnerabilityReportIssues_aggregate: z10.object({
|
|
2100
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2401
2101
|
})
|
|
2402
2102
|
}),
|
|
2403
|
-
vulnerabilityReportIssuesIrrelevantCount:
|
|
2404
|
-
vulnerabilityReportIssues_aggregate:
|
|
2405
|
-
aggregate:
|
|
2103
|
+
vulnerabilityReportIssuesIrrelevantCount: z10.object({
|
|
2104
|
+
vulnerabilityReportIssues_aggregate: z10.object({
|
|
2105
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2406
2106
|
})
|
|
2407
2107
|
}),
|
|
2408
|
-
vulnerabilityReportIssuesRemainingCount:
|
|
2409
|
-
vulnerabilityReportIssues_aggregate:
|
|
2410
|
-
aggregate:
|
|
2108
|
+
vulnerabilityReportIssuesRemainingCount: z10.object({
|
|
2109
|
+
vulnerabilityReportIssues_aggregate: z10.object({
|
|
2110
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2411
2111
|
})
|
|
2412
2112
|
})
|
|
2413
2113
|
})
|
|
2414
2114
|
)
|
|
2415
2115
|
}).nullish();
|
|
2416
|
-
GetFixReportStatsQueryZ =
|
|
2417
|
-
fixReport_by_pk:
|
|
2418
|
-
id:
|
|
2419
|
-
vulnerabilitySeverities:
|
|
2420
|
-
vulnerabilityReportIrrelevantIssuesCount:
|
|
2421
|
-
vulnerabilityReportIssues_aggregate:
|
|
2422
|
-
aggregate:
|
|
2116
|
+
GetFixReportStatsQueryZ = z10.object({
|
|
2117
|
+
fixReport_by_pk: z10.object({
|
|
2118
|
+
id: z10.string().uuid(),
|
|
2119
|
+
vulnerabilitySeverities: z10.record(z10.nativeEnum(Vulnerability_Severity_Enum), z10.number()).nullable(),
|
|
2120
|
+
vulnerabilityReportIrrelevantIssuesCount: z10.object({
|
|
2121
|
+
vulnerabilityReportIssues_aggregate: z10.object({
|
|
2122
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2423
2123
|
})
|
|
2424
2124
|
})
|
|
2425
2125
|
}).nullable()
|
|
2426
2126
|
});
|
|
2427
|
-
ProjectVulnerabilityReport =
|
|
2428
|
-
id:
|
|
2429
|
-
name:
|
|
2430
|
-
vendor:
|
|
2431
|
-
computedVendor:
|
|
2432
|
-
fixReport:
|
|
2433
|
-
id:
|
|
2434
|
-
createdOn:
|
|
2435
|
-
issueTypes:
|
|
2436
|
-
issueLanguages:
|
|
2437
|
-
repo:
|
|
2438
|
-
originalUrl:
|
|
2439
|
-
reference:
|
|
2440
|
-
name:
|
|
2127
|
+
ProjectVulnerabilityReport = z10.object({
|
|
2128
|
+
id: z10.string().uuid(),
|
|
2129
|
+
name: z10.string().nullable(),
|
|
2130
|
+
vendor: z10.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
|
|
2131
|
+
computedVendor: z10.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
|
|
2132
|
+
fixReport: z10.object({
|
|
2133
|
+
id: z10.string().uuid(),
|
|
2134
|
+
createdOn: z10.string(),
|
|
2135
|
+
issueTypes: z10.record(z10.string(), z10.number()).nullable(),
|
|
2136
|
+
issueLanguages: z10.record(z10.nativeEnum(IssueLanguage_Enum), z10.number()).nullable(),
|
|
2137
|
+
repo: z10.object({
|
|
2138
|
+
originalUrl: z10.string(),
|
|
2139
|
+
reference: z10.string(),
|
|
2140
|
+
name: z10.string()
|
|
2441
2141
|
}).nullable().transform(
|
|
2442
2142
|
(repo) => repo ?? {
|
|
2443
2143
|
originalUrl: "",
|
|
@@ -2445,64 +2145,64 @@ var init_types = __esm({
|
|
|
2445
2145
|
name: ""
|
|
2446
2146
|
}
|
|
2447
2147
|
),
|
|
2448
|
-
createdByUser:
|
|
2449
|
-
email:
|
|
2148
|
+
createdByUser: z10.object({
|
|
2149
|
+
email: z10.string()
|
|
2450
2150
|
}).nullable(),
|
|
2451
|
-
state:
|
|
2452
|
-
expirationOn:
|
|
2151
|
+
state: z10.nativeEnum(Fix_Report_State_Enum),
|
|
2152
|
+
expirationOn: z10.string()
|
|
2453
2153
|
})
|
|
2454
2154
|
});
|
|
2455
|
-
GetProjectsQueryZ =
|
|
2456
|
-
organization:
|
|
2457
|
-
id:
|
|
2458
|
-
projects:
|
|
2459
|
-
|
|
2460
|
-
id:
|
|
2461
|
-
name:
|
|
2462
|
-
numberOfUniqueRepos:
|
|
2155
|
+
GetProjectsQueryZ = z10.object({
|
|
2156
|
+
organization: z10.object({
|
|
2157
|
+
id: z10.string(),
|
|
2158
|
+
projects: z10.array(
|
|
2159
|
+
z10.object({
|
|
2160
|
+
id: z10.string().uuid(),
|
|
2161
|
+
name: z10.string(),
|
|
2162
|
+
numberOfUniqueRepos: z10.number()
|
|
2463
2163
|
})
|
|
2464
2164
|
)
|
|
2465
2165
|
})
|
|
2466
2166
|
});
|
|
2467
|
-
ProjectPageQueryResultZ =
|
|
2468
|
-
name:
|
|
2469
|
-
id:
|
|
2470
|
-
isDefault:
|
|
2471
|
-
organizationId:
|
|
2472
|
-
vulnerabilityReports:
|
|
2473
|
-
autoPrIncludeAiFixes:
|
|
2167
|
+
ProjectPageQueryResultZ = z10.object({
|
|
2168
|
+
name: z10.string(),
|
|
2169
|
+
id: z10.string().uuid(),
|
|
2170
|
+
isDefault: z10.boolean().default(false),
|
|
2171
|
+
organizationId: z10.string().uuid(),
|
|
2172
|
+
vulnerabilityReports: z10.array(ProjectVulnerabilityReport),
|
|
2173
|
+
autoPrIncludeAiFixes: z10.preprocess(
|
|
2474
2174
|
(val) => val === null || val === void 0 ? false : val,
|
|
2475
|
-
|
|
2175
|
+
z10.boolean()
|
|
2476
2176
|
),
|
|
2477
|
-
projectIssueTypeSettings:
|
|
2478
|
-
IssueTypeSettingZ.merge(
|
|
2177
|
+
projectIssueTypeSettings: z10.array(
|
|
2178
|
+
IssueTypeSettingZ.merge(z10.object({ id: z10.string() }))
|
|
2479
2179
|
)
|
|
2480
2180
|
});
|
|
2481
|
-
GetProjectMembersDataZ =
|
|
2482
|
-
project_by_pk:
|
|
2483
|
-
name:
|
|
2484
|
-
id:
|
|
2485
|
-
projectUsers:
|
|
2486
|
-
|
|
2487
|
-
projectToRole:
|
|
2488
|
-
projectRole:
|
|
2489
|
-
type:
|
|
2181
|
+
GetProjectMembersDataZ = z10.object({
|
|
2182
|
+
project_by_pk: z10.object({
|
|
2183
|
+
name: z10.string(),
|
|
2184
|
+
id: z10.string(),
|
|
2185
|
+
projectUsers: z10.array(
|
|
2186
|
+
z10.object({
|
|
2187
|
+
projectToRole: z10.object({
|
|
2188
|
+
projectRole: z10.object({
|
|
2189
|
+
type: z10.nativeEnum(Project_Role_Type_Enum)
|
|
2490
2190
|
})
|
|
2491
2191
|
}),
|
|
2492
|
-
user:
|
|
2493
|
-
id:
|
|
2494
|
-
picture:
|
|
2495
|
-
name:
|
|
2496
|
-
email:
|
|
2192
|
+
user: z10.object({
|
|
2193
|
+
id: z10.string().uuid(),
|
|
2194
|
+
picture: z10.string().nullable().optional(),
|
|
2195
|
+
name: z10.string().nullish(),
|
|
2196
|
+
email: z10.string().email()
|
|
2497
2197
|
})
|
|
2498
2198
|
})
|
|
2499
2199
|
)
|
|
2500
2200
|
})
|
|
2501
2201
|
});
|
|
2502
|
-
RepoArgsZ =
|
|
2503
|
-
originalUrl:
|
|
2504
|
-
branch:
|
|
2505
|
-
commitSha:
|
|
2202
|
+
RepoArgsZ = z10.object({
|
|
2203
|
+
originalUrl: z10.string().url(),
|
|
2204
|
+
branch: z10.string(),
|
|
2205
|
+
commitSha: z10.string()
|
|
2506
2206
|
});
|
|
2507
2207
|
scmCloudUrl = {
|
|
2508
2208
|
GitLab: "https://gitlab.com",
|
|
@@ -2536,7 +2236,7 @@ var init_types2 = __esm({
|
|
|
2536
2236
|
});
|
|
2537
2237
|
|
|
2538
2238
|
// src/features/analysis/scm/shared/src/urlParser/urlParser.ts
|
|
2539
|
-
import { z as
|
|
2239
|
+
import { z as z11 } from "zod";
|
|
2540
2240
|
function computeCanonicalUrl(data) {
|
|
2541
2241
|
const {
|
|
2542
2242
|
scmType,
|
|
@@ -2578,7 +2278,7 @@ function detectAdoUrl(args) {
|
|
|
2578
2278
|
scmType: "Ado" /* Ado */,
|
|
2579
2279
|
organization,
|
|
2580
2280
|
// project has single repo - repoName === projectName
|
|
2581
|
-
projectName:
|
|
2281
|
+
projectName: z11.string().parse(projectName),
|
|
2582
2282
|
repoName: projectName,
|
|
2583
2283
|
prefixPath
|
|
2584
2284
|
};
|
|
@@ -2589,7 +2289,7 @@ function detectAdoUrl(args) {
|
|
|
2589
2289
|
return {
|
|
2590
2290
|
scmType: "Ado" /* Ado */,
|
|
2591
2291
|
organization,
|
|
2592
|
-
projectName:
|
|
2292
|
+
projectName: z11.string().parse(projectName),
|
|
2593
2293
|
repoName,
|
|
2594
2294
|
prefixPath
|
|
2595
2295
|
};
|
|
@@ -2603,7 +2303,7 @@ function detectAdoUrl(args) {
|
|
|
2603
2303
|
scmType: "Ado" /* Ado */,
|
|
2604
2304
|
organization,
|
|
2605
2305
|
// project has only one repo - repoName === projectName
|
|
2606
|
-
projectName:
|
|
2306
|
+
projectName: z11.string().parse(repoName),
|
|
2607
2307
|
repoName,
|
|
2608
2308
|
prefixPath
|
|
2609
2309
|
};
|
|
@@ -2613,7 +2313,7 @@ function detectAdoUrl(args) {
|
|
|
2613
2313
|
return {
|
|
2614
2314
|
scmType: "Ado" /* Ado */,
|
|
2615
2315
|
organization,
|
|
2616
|
-
projectName:
|
|
2316
|
+
projectName: z11.string().parse(projectName),
|
|
2617
2317
|
repoName,
|
|
2618
2318
|
prefixPath
|
|
2619
2319
|
};
|
|
@@ -2689,7 +2389,7 @@ function parseSshUrl(scmURL, scmType) {
|
|
|
2689
2389
|
if (pathElements.length === 3) {
|
|
2690
2390
|
const [organization2, projectName, repoName2] = pathElements;
|
|
2691
2391
|
if (organization2?.match(NAME_REGEX) && projectName && repoName2?.match(NAME_REGEX)) {
|
|
2692
|
-
const parsedProjectName =
|
|
2392
|
+
const parsedProjectName = z11.string().parse(projectName);
|
|
2693
2393
|
return {
|
|
2694
2394
|
scmType: "Ado" /* Ado */,
|
|
2695
2395
|
hostname: normalizedHostname,
|
|
@@ -2917,17 +2617,17 @@ var init_urlParser2 = __esm({
|
|
|
2917
2617
|
});
|
|
2918
2618
|
|
|
2919
2619
|
// src/features/analysis/scm/env.ts
|
|
2920
|
-
import { z as
|
|
2620
|
+
import { z as z14 } from "zod";
|
|
2921
2621
|
var EnvVariablesZod, GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST, MAX_UPLOAD_FILE_SIZE_MB, GITHUB_API_CONCURRENCY;
|
|
2922
2622
|
var init_env = __esm({
|
|
2923
2623
|
"src/features/analysis/scm/env.ts"() {
|
|
2924
2624
|
"use strict";
|
|
2925
|
-
EnvVariablesZod =
|
|
2926
|
-
GITLAB_API_TOKEN:
|
|
2927
|
-
GITHUB_API_TOKEN:
|
|
2928
|
-
GIT_PROXY_HOST:
|
|
2929
|
-
MAX_UPLOAD_FILE_SIZE_MB:
|
|
2930
|
-
GITHUB_API_CONCURRENCY:
|
|
2625
|
+
EnvVariablesZod = z14.object({
|
|
2626
|
+
GITLAB_API_TOKEN: z14.string().optional(),
|
|
2627
|
+
GITHUB_API_TOKEN: z14.string().optional(),
|
|
2628
|
+
GIT_PROXY_HOST: z14.string().optional().default("http://tinyproxy:8888"),
|
|
2629
|
+
MAX_UPLOAD_FILE_SIZE_MB: z14.coerce.number().gt(0).default(2),
|
|
2630
|
+
GITHUB_API_CONCURRENCY: z14.coerce.number().gt(0).optional().default(10)
|
|
2931
2631
|
});
|
|
2932
2632
|
({
|
|
2933
2633
|
GITLAB_API_TOKEN,
|
|
@@ -2964,7 +2664,7 @@ var init_configs = __esm({
|
|
|
2964
2664
|
});
|
|
2965
2665
|
|
|
2966
2666
|
// src/utils/blame/gitBlameTypes.ts
|
|
2967
|
-
import { z as
|
|
2667
|
+
import { z as z17 } from "zod";
|
|
2968
2668
|
function parseCoAuthorValue(raw) {
|
|
2969
2669
|
const trimmed = raw.trim();
|
|
2970
2670
|
if (!trimmed) {
|
|
@@ -3000,9 +2700,9 @@ var PrepareGitBlameMessageZ, PrepareGitBlameResponseMessageZ, CommitMetadataZ, L
|
|
|
3000
2700
|
var init_gitBlameTypes = __esm({
|
|
3001
2701
|
"src/utils/blame/gitBlameTypes.ts"() {
|
|
3002
2702
|
"use strict";
|
|
3003
|
-
PrepareGitBlameMessageZ =
|
|
3004
|
-
reportId:
|
|
3005
|
-
repoArchivePath:
|
|
2703
|
+
PrepareGitBlameMessageZ = z17.object({
|
|
2704
|
+
reportId: z17.string(),
|
|
2705
|
+
repoArchivePath: z17.string(),
|
|
3006
2706
|
// Optional list of file paths to blame. Producers must pick one of two modes:
|
|
3007
2707
|
//
|
|
3008
2708
|
// - **Omit `filePaths`** = "blame every file in the archive". Used by the
|
|
@@ -3018,132 +2718,132 @@ var init_gitBlameTypes = __esm({
|
|
|
3018
2718
|
// "Login.java" when the actual file is "src/main/java/Login.java") are
|
|
3019
2719
|
// tolerated — scm_agent's filter matches exact-or-trailing-basename. Empty
|
|
3020
2720
|
// strings are filtered out defensively.
|
|
3021
|
-
filePaths:
|
|
3022
|
-
});
|
|
3023
|
-
PrepareGitBlameResponseMessageZ =
|
|
3024
|
-
reportId:
|
|
3025
|
-
});
|
|
3026
|
-
CommitMetadataZ =
|
|
3027
|
-
author:
|
|
3028
|
-
"author-mail":
|
|
3029
|
-
"author-time":
|
|
3030
|
-
"author-tz":
|
|
3031
|
-
committer:
|
|
3032
|
-
"committer-mail":
|
|
3033
|
-
"committer-time":
|
|
3034
|
-
"committer-tz":
|
|
3035
|
-
summary:
|
|
3036
|
-
filename:
|
|
3037
|
-
});
|
|
3038
|
-
LineToCommitMapZ =
|
|
3039
|
-
CommitMetadataMapZ =
|
|
3040
|
-
BlameInfoZ =
|
|
2721
|
+
filePaths: z17.array(z17.string()).optional()
|
|
2722
|
+
});
|
|
2723
|
+
PrepareGitBlameResponseMessageZ = z17.object({
|
|
2724
|
+
reportId: z17.string()
|
|
2725
|
+
});
|
|
2726
|
+
CommitMetadataZ = z17.object({
|
|
2727
|
+
author: z17.string().optional(),
|
|
2728
|
+
"author-mail": z17.string().optional(),
|
|
2729
|
+
"author-time": z17.string().optional(),
|
|
2730
|
+
"author-tz": z17.string().optional(),
|
|
2731
|
+
committer: z17.string().optional(),
|
|
2732
|
+
"committer-mail": z17.string().optional(),
|
|
2733
|
+
"committer-time": z17.string().optional(),
|
|
2734
|
+
"committer-tz": z17.string().optional(),
|
|
2735
|
+
summary: z17.string().optional(),
|
|
2736
|
+
filename: z17.string().optional()
|
|
2737
|
+
});
|
|
2738
|
+
LineToCommitMapZ = z17.record(z17.string(), z17.string());
|
|
2739
|
+
CommitMetadataMapZ = z17.record(z17.string(), CommitMetadataZ);
|
|
2740
|
+
BlameInfoZ = z17.object({
|
|
3041
2741
|
lineToCommit: LineToCommitMapZ,
|
|
3042
2742
|
commitMetadata: CommitMetadataMapZ
|
|
3043
2743
|
});
|
|
3044
|
-
LineRangeZ =
|
|
2744
|
+
LineRangeZ = z17.object({
|
|
3045
2745
|
/** First line in chunk (1-indexed) */
|
|
3046
|
-
start:
|
|
2746
|
+
start: z17.number(),
|
|
3047
2747
|
/** Last line in chunk (inclusive) */
|
|
3048
|
-
end:
|
|
3049
|
-
});
|
|
3050
|
-
PrContextZ =
|
|
3051
|
-
prNumber:
|
|
3052
|
-
repositoryUrl:
|
|
3053
|
-
organizationId:
|
|
3054
|
-
userEmail:
|
|
3055
|
-
source:
|
|
3056
|
-
githubContext:
|
|
3057
|
-
prNumber:
|
|
3058
|
-
installationId:
|
|
3059
|
-
repositoryURL:
|
|
2748
|
+
end: z17.number()
|
|
2749
|
+
});
|
|
2750
|
+
PrContextZ = z17.object({
|
|
2751
|
+
prNumber: z17.number(),
|
|
2752
|
+
repositoryUrl: z17.string(),
|
|
2753
|
+
organizationId: z17.string(),
|
|
2754
|
+
userEmail: z17.string(),
|
|
2755
|
+
source: z17.enum(["pr", "github"]),
|
|
2756
|
+
githubContext: z17.object({
|
|
2757
|
+
prNumber: z17.number(),
|
|
2758
|
+
installationId: z17.number(),
|
|
2759
|
+
repositoryURL: z17.string()
|
|
3060
2760
|
}).optional()
|
|
3061
2761
|
});
|
|
3062
|
-
PrepareCommitBlameMessageZ =
|
|
2762
|
+
PrepareCommitBlameMessageZ = z17.object({
|
|
3063
2763
|
/** Commit blame request ID from database (for tracking and updating status) */
|
|
3064
|
-
commitBlameRequestId:
|
|
2764
|
+
commitBlameRequestId: z17.string(),
|
|
3065
2765
|
/** Organization ID (for org-scoped caching) */
|
|
3066
|
-
organizationId:
|
|
2766
|
+
organizationId: z17.string(),
|
|
3067
2767
|
/** Full repository URL (e.g., https://github.com/org/repo) */
|
|
3068
|
-
repositoryUrl:
|
|
2768
|
+
repositoryUrl: z17.string(),
|
|
3069
2769
|
/** Commit SHA to analyze (typically PR head commit) */
|
|
3070
|
-
commitSha:
|
|
2770
|
+
commitSha: z17.string(),
|
|
3071
2771
|
/** Authentication headers for repository access (e.g., GitHub token) */
|
|
3072
|
-
extraHeaders:
|
|
2772
|
+
extraHeaders: z17.record(z17.string(), z17.string()).default({}),
|
|
3073
2773
|
// --- PR analysis fields ---
|
|
3074
2774
|
/** Target branch name (from getPr() base.ref). When set, enables PR analysis mode. */
|
|
3075
|
-
targetBranch:
|
|
2775
|
+
targetBranch: z17.string().optional(),
|
|
3076
2776
|
/** Context for triggering blame attribution analysis after SCM agent completes. */
|
|
3077
2777
|
prContext: PrContextZ.optional(),
|
|
3078
2778
|
/** User email for blame attribution analysis trigger context (used for both PR and single commit flows). */
|
|
3079
|
-
userEmail:
|
|
2779
|
+
userEmail: z17.string().optional()
|
|
3080
2780
|
});
|
|
3081
|
-
BlameLineInfoZ =
|
|
2781
|
+
BlameLineInfoZ = z17.object({
|
|
3082
2782
|
/** Line number as it appeared in the introducing commit */
|
|
3083
|
-
originalLineNumber:
|
|
2783
|
+
originalLineNumber: z17.number(),
|
|
3084
2784
|
/** Commit SHA that introduced this line */
|
|
3085
|
-
commitSha:
|
|
2785
|
+
commitSha: z17.string(),
|
|
3086
2786
|
/** Author name for this line */
|
|
3087
|
-
authorName:
|
|
2787
|
+
authorName: z17.string().optional(),
|
|
3088
2788
|
/** Author email for this line */
|
|
3089
|
-
authorEmail:
|
|
2789
|
+
authorEmail: z17.string().optional()
|
|
3090
2790
|
}).nullable();
|
|
3091
|
-
FileBlameDataZ =
|
|
3092
|
-
ChunkFetchResultZ =
|
|
3093
|
-
filePath:
|
|
3094
|
-
lines:
|
|
2791
|
+
FileBlameDataZ = z17.array(BlameLineInfoZ);
|
|
2792
|
+
ChunkFetchResultZ = z17.object({
|
|
2793
|
+
filePath: z17.string(),
|
|
2794
|
+
lines: z17.array(z17.number()),
|
|
3095
2795
|
data: FileBlameDataZ.nullable()
|
|
3096
2796
|
});
|
|
3097
|
-
FileBlameResponseEntryZ =
|
|
2797
|
+
FileBlameResponseEntryZ = z17.object({
|
|
3098
2798
|
/** Chunk index (0 for small files, 0-N for large file chunks) */
|
|
3099
|
-
chunkIndex:
|
|
2799
|
+
chunkIndex: z17.number(),
|
|
3100
2800
|
/** Blame data array (1-indexed, index 0 is null) */
|
|
3101
2801
|
blameData: FileBlameDataZ
|
|
3102
2802
|
});
|
|
3103
|
-
CommitBlameDataZ =
|
|
3104
|
-
|
|
2803
|
+
CommitBlameDataZ = z17.record(
|
|
2804
|
+
z17.string(),
|
|
3105
2805
|
// fileName
|
|
3106
|
-
|
|
2806
|
+
z17.array(FileBlameResponseEntryZ)
|
|
3107
2807
|
);
|
|
3108
|
-
CommitInfoZ =
|
|
2808
|
+
CommitInfoZ = z17.object({
|
|
3109
2809
|
/** Number of parent commits (1 = normal commit, 2+ = merge commit, null = failed to determine) */
|
|
3110
|
-
parentCount:
|
|
2810
|
+
parentCount: z17.number().nullable()
|
|
3111
2811
|
});
|
|
3112
|
-
GitIdentityZ =
|
|
3113
|
-
name:
|
|
3114
|
-
email:
|
|
2812
|
+
GitIdentityZ = z17.object({
|
|
2813
|
+
name: z17.string(),
|
|
2814
|
+
email: z17.string()
|
|
3115
2815
|
});
|
|
3116
2816
|
COMMIT_LOG_FORMAT = "%H%x00%ae%x00%an%x00%ce%x00%cn%x00%at%x00%s%x00%(trailers:key=Co-authored-by,valueonly,separator=%x00)";
|
|
3117
|
-
CommitDataZ =
|
|
3118
|
-
diff:
|
|
2817
|
+
CommitDataZ = z17.object({
|
|
2818
|
+
diff: z17.string(),
|
|
3119
2819
|
author: GitIdentityZ,
|
|
3120
2820
|
committer: GitIdentityZ,
|
|
3121
|
-
coAuthors:
|
|
3122
|
-
timestamp:
|
|
2821
|
+
coAuthors: z17.array(GitIdentityZ),
|
|
2822
|
+
timestamp: z17.number(),
|
|
3123
2823
|
// Unix timestamp in seconds
|
|
3124
|
-
message:
|
|
3125
|
-
parentCount:
|
|
2824
|
+
message: z17.string().optional(),
|
|
2825
|
+
parentCount: z17.number().nullable()
|
|
3126
2826
|
});
|
|
3127
|
-
PrDiffDataZ =
|
|
3128
|
-
diff:
|
|
2827
|
+
PrDiffDataZ = z17.object({
|
|
2828
|
+
diff: z17.string()
|
|
3129
2829
|
});
|
|
3130
|
-
PrStatsZ =
|
|
3131
|
-
additions:
|
|
3132
|
-
deletions:
|
|
2830
|
+
PrStatsZ = z17.object({
|
|
2831
|
+
additions: z17.number(),
|
|
2832
|
+
deletions: z17.number()
|
|
3133
2833
|
});
|
|
3134
|
-
CommitsManifestZ =
|
|
3135
|
-
commits:
|
|
2834
|
+
CommitsManifestZ = z17.object({
|
|
2835
|
+
commits: z17.array(z17.string())
|
|
3136
2836
|
// Array of commit SHAs in order
|
|
3137
2837
|
});
|
|
3138
|
-
BlameLineEntryZ =
|
|
2838
|
+
BlameLineEntryZ = z17.object({
|
|
3139
2839
|
/** Current file path in the PR head (what git blame was invoked on). */
|
|
3140
|
-
file:
|
|
2840
|
+
file: z17.string(),
|
|
3141
2841
|
/** Current line number in the PR head. */
|
|
3142
|
-
line:
|
|
2842
|
+
line: z17.number(),
|
|
3143
2843
|
/** SHA of the commit that originally authored this line. */
|
|
3144
|
-
originalCommitSha:
|
|
2844
|
+
originalCommitSha: z17.string(),
|
|
3145
2845
|
/** Line number as it was in `originalCommitSha`. */
|
|
3146
|
-
originalLineNumber:
|
|
2846
|
+
originalLineNumber: z17.number(),
|
|
3147
2847
|
/**
|
|
3148
2848
|
* File path as it was in `originalCommitSha` at the time that commit
|
|
3149
2849
|
* authored this line. When a file has been renamed since, this differs
|
|
@@ -3156,24 +2856,24 @@ var init_gitBlameTypes = __esm({
|
|
|
3156
2856
|
* must treat empty as "fall back to `file`" (see enrichDiffLines,
|
|
3157
2857
|
* targetedBlame).
|
|
3158
2858
|
*/
|
|
3159
|
-
originalFile:
|
|
2859
|
+
originalFile: z17.string().default("")
|
|
3160
2860
|
});
|
|
3161
|
-
BlameLinesDataZ =
|
|
3162
|
-
lines:
|
|
2861
|
+
BlameLinesDataZ = z17.object({
|
|
2862
|
+
lines: z17.array(BlameLineEntryZ)
|
|
3163
2863
|
});
|
|
3164
|
-
PrepareCommitBlameResponseMessageZ =
|
|
2864
|
+
PrepareCommitBlameResponseMessageZ = z17.object({
|
|
3165
2865
|
/** Commit blame request ID (matches request, used to update specific DB record) */
|
|
3166
|
-
commitBlameRequestId:
|
|
2866
|
+
commitBlameRequestId: z17.string(),
|
|
3167
2867
|
/** Organization ID (matches request) */
|
|
3168
|
-
organizationId:
|
|
2868
|
+
organizationId: z17.string(),
|
|
3169
2869
|
/** Repository URL (matches request) */
|
|
3170
|
-
repositoryUrl:
|
|
2870
|
+
repositoryUrl: z17.string(),
|
|
3171
2871
|
/** Commit SHA analyzed (matches request) */
|
|
3172
|
-
commitSha:
|
|
2872
|
+
commitSha: z17.string(),
|
|
3173
2873
|
/** Processing status */
|
|
3174
|
-
status:
|
|
2874
|
+
status: z17.enum(["success", "failure"]),
|
|
3175
2875
|
/** Error message (only present if status is 'failure') */
|
|
3176
|
-
error:
|
|
2876
|
+
error: z17.string().optional(),
|
|
3177
2877
|
/**
|
|
3178
2878
|
* Blame data for all processed files/chunks.
|
|
3179
2879
|
* Empty dictionary if status is 'failure'.
|
|
@@ -3185,29 +2885,29 @@ var init_gitBlameTypes = __esm({
|
|
|
3185
2885
|
* Keyed by commit SHA, deduplicated.
|
|
3186
2886
|
* Empty dictionary if status is 'failure'.
|
|
3187
2887
|
*/
|
|
3188
|
-
commits:
|
|
2888
|
+
commits: z17.record(z17.string(), CommitInfoZ).default({}),
|
|
3189
2889
|
// --- New PR diff computation response fields ---
|
|
3190
2890
|
/** S3 paths for commit-level data (commitSha → S3 key). Present in PR analysis mode and single commit mode. */
|
|
3191
|
-
commitDataS3Paths:
|
|
2891
|
+
commitDataS3Paths: z17.record(z17.string(), z17.string()).optional(),
|
|
3192
2892
|
/** S3 key for PR diff JSON. Present in PR analysis mode. */
|
|
3193
|
-
prDiffS3Path:
|
|
2893
|
+
prDiffS3Path: z17.string().optional(),
|
|
3194
2894
|
/** S3 key for commits manifest. Present in PR analysis mode. */
|
|
3195
|
-
commitsManifestS3Path:
|
|
2895
|
+
commitsManifestS3Path: z17.string().optional(),
|
|
3196
2896
|
/** S3 key for per-line targeted blame data. Present in PR analysis mode. */
|
|
3197
|
-
blameLinesS3Path:
|
|
2897
|
+
blameLinesS3Path: z17.string().optional(),
|
|
3198
2898
|
/** S3 key for PR stats (additions/deletions). Present in PR analysis mode. */
|
|
3199
|
-
prStatsS3Path:
|
|
2899
|
+
prStatsS3Path: z17.string().optional(),
|
|
3200
2900
|
/** PR context passed through from request for response handler. */
|
|
3201
2901
|
prContext: PrContextZ.optional(),
|
|
3202
2902
|
/** PR title from the request metadata (passed through). */
|
|
3203
|
-
prTitle:
|
|
2903
|
+
prTitle: z17.string().optional(),
|
|
3204
2904
|
/** User email passed through from request for single commit blame attribution analysis trigger. */
|
|
3205
|
-
userEmail:
|
|
2905
|
+
userEmail: z17.string().optional()
|
|
3206
2906
|
});
|
|
3207
|
-
VulnerabilityAttributionMessageZ =
|
|
3208
|
-
fixReportId:
|
|
3209
|
-
vulnerabilityAttributionRequestId:
|
|
3210
|
-
userEmail:
|
|
2907
|
+
VulnerabilityAttributionMessageZ = z17.object({
|
|
2908
|
+
fixReportId: z17.string().uuid(),
|
|
2909
|
+
vulnerabilityAttributionRequestId: z17.string().uuid(),
|
|
2910
|
+
userEmail: z17.string()
|
|
3211
2911
|
});
|
|
3212
2912
|
}
|
|
3213
2913
|
});
|
|
@@ -4599,344 +4299,12 @@ var NetworkError = class extends Error {
|
|
|
4599
4299
|
};
|
|
4600
4300
|
|
|
4601
4301
|
// src/features/analysis/scm/utils/index.ts
|
|
4602
|
-
import { z as
|
|
4302
|
+
import { z as z13 } from "zod";
|
|
4603
4303
|
|
|
4604
4304
|
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
4605
4305
|
init_client_generates();
|
|
4606
|
-
import { z as z2 } from "zod";
|
|
4607
|
-
|
|
4608
|
-
// src/features/analysis/scm/shared/src/fixDetailsData.ts
|
|
4609
|
-
init_client_generates();
|
|
4610
|
-
var fixDetailsData = {
|
|
4611
|
-
["PT" /* Pt */]: {
|
|
4612
|
-
issueDescription: "Path Traversal AKA Directory Traversal occurs when a path coming from user input is not properly sanitized, allowing an attacker to navigate through directories beyond the intended scope. Attackers can exploit this to access sensitive files or execute arbitrary code.",
|
|
4613
|
-
fixInstructions: "Sanitize user-supplied paths, ensuring that they are restricted to a predefined directory structure."
|
|
4614
|
-
},
|
|
4615
|
-
["ZIP_SLIP" /* ZipSlip */]: {
|
|
4616
|
-
issueDescription: "Zip Slip is a form of directory traversal that can be exploited by extracting files from an archive. Attackers can manipulate archive files to overwrite sensitive files or execute arbitrary code.",
|
|
4617
|
-
fixInstructions: "Ensure that extracted files are relative and within the intended directory structure."
|
|
4618
|
-
},
|
|
4619
|
-
["XSS" /* Xss */]: {
|
|
4620
|
-
issueDescription: "Cross-Site Scripting (XSS) allows attackers to inject malicious scripts into web pages viewed by other users. This can lead to theft of session cookies, redirection to malicious websites, or defacement of the webpage.",
|
|
4621
|
-
fixInstructions: "Implement input validation and output encoding. This includes sanitizing user input and escaping special characters to prevent execution of injected scripts."
|
|
4622
|
-
},
|
|
4623
|
-
["XXE" /* Xxe */]: {
|
|
4624
|
-
issueDescription: "XML External Entity (XXE) allows attackers to exploit vulnerable XML processors by including external entities, leading to disclosure of confidential data, denial of service, or server-side request forgery.",
|
|
4625
|
-
fixInstructions: "Disable external entity processing in XML parsers or update to versions that mitigate XXE vulnerabilities. Input validation should be implemented to ensure that XML input does not contain external entity references."
|
|
4626
|
-
},
|
|
4627
|
-
["CMDi" /* CmDi */]: {
|
|
4628
|
-
issueDescription: "Command Injection (CMDI) allows attackers inject malicious commands into vulnerable applications, that can result in execution of arbitrary commands on the underlying operating system.",
|
|
4629
|
-
fixInstructions: "Validate or sanitize user input to prevent executing arbitrary commands."
|
|
4630
|
-
},
|
|
4631
|
-
["SQL_Injection" /* SqlInjection */]: {
|
|
4632
|
-
issueDescription: "SQL Injection allows attackers to execute malicious SQL queries by manipulating input data. This can result in unauthorized access to sensitive data, data manipulation, or even complete database compromise.",
|
|
4633
|
-
fixInstructions: "Use parameterized queries or prepared statements to sanitize user input and prevent manipulation of the SQL query."
|
|
4634
|
-
},
|
|
4635
|
-
["SSRF" /* Ssrf */]: {
|
|
4636
|
-
issueDescription: "Server-Side Request Forgery (SSRF) allows attackers to make unauthorized requests from a vulnerable server, potentially accessing internal systems, services, or data.",
|
|
4637
|
-
fixInstructions: "Validate or sanitize user-supplied URLs, ensuring that they are restricted to trusted domains. Implementing proper input validation and using whitelists for acceptable URLs can prevent SSRF attacks."
|
|
4638
|
-
},
|
|
4639
|
-
["LOG_FORGING" /* LogForging */]: {
|
|
4640
|
-
issueDescription: "Log Forging allows attackers to manipulate log files by injecting malicious content. This can be used to obfuscate attack traces or forge log entries to conceal unauthorized activities.",
|
|
4641
|
-
fixInstructions: "Implement proper input sanitization to remove new lines for values going to the log."
|
|
4642
|
-
},
|
|
4643
|
-
["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: {
|
|
4644
|
-
issueDescription: "Cookie without the 'HttpOnly' attribute can be accessed by client-side scripts, exposing them to potential XSS attacks.",
|
|
4645
|
-
fixInstructions: "Ensure that sensitive cookies are marked with the 'HttpOnly' attribute to prevent client-side scripts from accessing them."
|
|
4646
|
-
},
|
|
4647
|
-
["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: {
|
|
4648
|
-
issueDescription: "System Information Leak occurs when sensitive system information is inadvertently disclosed to external entities, potentially aiding attackers in identifying vulnerabilities or targets.",
|
|
4649
|
-
fixInstructions: "Review and restrict the amount of system information exposed through error messages, debug logs, or response headers."
|
|
4650
|
-
},
|
|
4651
|
-
["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: {
|
|
4652
|
-
issueDescription: "Unchecked Loop Condition can lead to infinite loops or unexpected behavior in software applications. Attackers can exploit this vulnerability to cause denial of service or consume excessive system resources.",
|
|
4653
|
-
fixInstructions: "Carefully review loop conditions to ensure that they are properly validated and bounded."
|
|
4654
|
-
},
|
|
4655
|
-
["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: {
|
|
4656
|
-
issueDescription: "Trust Boundary Violation occurs when untrusted data is added to a trusted context, potentially leading to security vulnerabilities. Attackers can exploit this to bypass security controls or execute unauthorized actions.",
|
|
4657
|
-
fixInstructions: "Clearly define and enforce trust boundaries within applications, ensuring that untrusted data is properly validated and sanitized before being used in a trusted context."
|
|
4658
|
-
},
|
|
4659
|
-
["REGEX_INJECTION" /* RegexInjection */]: {
|
|
4660
|
-
issueDescription: "Regex Injection occurs when attackers manipulate regular expressions to perform unintended actions or bypass security controls. This can lead to security vulnerabilities such as denial of service or injection attacks.",
|
|
4661
|
-
fixInstructions: "Avoid constructing regular expressions from user-supplied input whenever possible. If dynamic regular expressions are necessary, input should be properly validated and sanitized to prevent injection attacks."
|
|
4662
|
-
},
|
|
4663
|
-
["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: {
|
|
4664
|
-
issueDescription: "Error Condition Without Action refers to situations where error conditions are identified but not appropriately handled or mitigated. This can lead to unexpected behavior, system crashes, or security vulnerabilities.",
|
|
4665
|
-
fixInstructions: "Implement error handling mechanisms to gracefully handle unexpected conditions and prevent system crashes."
|
|
4666
|
-
},
|
|
4667
|
-
["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: {
|
|
4668
|
-
issueDescription: "HTTP Response Splitting occurs when attackers manipulate HTTP responses to inject additional headers or content. This can lead to security vulnerabilities such as cache poisoning, session fixation, or XSS attacks.",
|
|
4669
|
-
fixInstructions: "Properly sanitize user input before including it in HTTP response headers or content."
|
|
4670
|
-
},
|
|
4671
|
-
["INSECURE_COOKIE" /* InsecureCookie */]: {
|
|
4672
|
-
issueDescription: "Cookies lacking the 'Secure' attribute may be transmitted over unencrypted channels. This makes them vulnerable to interception or manipulation by attackers.",
|
|
4673
|
-
fixInstructions: "Ensure that sensitive cookies are transmitted over secure channels (e.g., HTTPS) and are marked with the 'Secure' attributes."
|
|
4674
|
-
},
|
|
4675
|
-
["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: {
|
|
4676
|
-
issueDescription: "Command Injection via Relative Path may allow attackers to manipulate file paths to execute arbitrary commands on the underlying system.",
|
|
4677
|
-
fixInstructions: "Paths coming from the input should be properly sanitized to ensure that only expected characters and paths are allowed."
|
|
4678
|
-
},
|
|
4679
|
-
["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: {
|
|
4680
|
-
issueDescription: "Missing Check Against Null occurs when null or uninitialized variables are not properly handled, leading to unexpected behavior or security vulnerabilities.",
|
|
4681
|
-
fixInstructions: "Implement proper null checks and error handling mechanisms to prevent null dereference vulnerabilities. Null values should be handled gracefully to avoid unexpected behavior or security issues."
|
|
4682
|
-
},
|
|
4683
|
-
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: {
|
|
4684
|
-
issueDescription: "Password in Comment refers to situations where sensitive information such as passwords or API keys are hardcoded or embedded in code comments. This can lead to inadvertent exposure of credentials and potential security breaches if the code is shared or leaked.",
|
|
4685
|
-
fixInstructions: "Remove hardcoded sensitive information from code comments."
|
|
4686
|
-
},
|
|
4687
|
-
["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: {
|
|
4688
|
-
issueDescription: "Overly Broad Catch occurs when exceptions are caught indiscriminately without proper handling or logging. This can lead to silent failures, masking potential security issues or allowing attackers to conduct reconnaissance.",
|
|
4689
|
-
fixInstructions: "Implement specific exception handling for different error scenarios to ensure proper diagnosis and mitigation of issues. Catch blocks should log relevant information and handle exceptions gracefully to prevent silent failures."
|
|
4690
|
-
},
|
|
4691
|
-
["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: {
|
|
4692
|
-
issueDescription: "Use of System Output Stream refers to situations where sensitive information is written to standard output streams such as System.out. This can lead to inadvertent exposure of sensitive data, especially in production environments.",
|
|
4693
|
-
fixInstructions: "Avoid writing sensitive information to standard output streams and instead use secure logging mechanisms or dedicated logging frameworks. Output streams should be properly configured to prevent leakage of sensitive data."
|
|
4694
|
-
},
|
|
4695
|
-
["DOS_STRING_BUILDER" /* DosStringBuilder */]: {
|
|
4696
|
-
issueDescription: "Denial of Service (DoS) via String Builder may allow attackers to manipulate string concatenation operations to consume excessive memory or CPU resources. This can lead to degradation of system performance or unresponsiveness.",
|
|
4697
|
-
fixInstructions: "Use StringBuilder or similar efficient data structures for string concatenation operations to minimize memory overhead. Input validation should be performed to limit the size and complexity of input strings, preventing abuse by attackers."
|
|
4698
|
-
},
|
|
4699
|
-
["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: {
|
|
4700
|
-
issueDescription: "HTML Comment in JSP occurs when developers inadvertently expose sensitive information or internal implementation details in HTML comments within JavaServer Pages (JSP) files. This can lead to inadvertent disclosure of credentials, configuration details, or security vulnerabilities.",
|
|
4701
|
-
fixInstructions: "Review JSP files to ensure that sensitive information or internal details are not exposed in HTML comments. Comments containing sensitive information should be removed or replaced with generic placeholders."
|
|
4702
|
-
},
|
|
4703
|
-
["OPEN_REDIRECT" /* OpenRedirect */]: {
|
|
4704
|
-
issueDescription: "Open Redirect vulnerabilities may allow attackers to manipulate URL parameters to redirect users to malicious websites or phishing pages. This can lead to theft of sensitive information or unauthorized access to user accounts.",
|
|
4705
|
-
fixInstructions: "Redirect URLs validation should be performed to ensure that redirect URLs point to trusted domains."
|
|
4706
|
-
},
|
|
4707
|
-
["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: {
|
|
4708
|
-
issueDescription: "Unsafe Target Blank occurs when developers use the target='_blank' attribute without the rel='noopener' attribute in anchor tags. This can lead to security vulnerabilities such as tabnabbing or reverse tabnabbing, allowing attackers to hijack user sessions or perform phishing attacks.",
|
|
4709
|
-
fixInstructions: "Ensure that anchor tags with target='_blank' attribute include the rel='noopener' attribute to prevent potential security vulnerabilities. This prevents the newly opened page from accessing the window.opener property, mitigating the risk of tabnabbing or reverse tabnabbing attacks."
|
|
4710
|
-
},
|
|
4711
|
-
["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: {
|
|
4712
|
-
issueDescription: "IFrame Without Sandbox occurs when <iframe> elements are used without the 'sandbox' attribute, allowing potentially malicious content to execute in the context of the parent page.",
|
|
4713
|
-
fixInstructions: "Use the 'sandbox' attribute to restrict the capabilities of <iframe> elements, isolating potentially untrusted content from the parent page. This helps mitigate the risk of malicious code execution and prevents attacks such as clickjacking."
|
|
4714
|
-
},
|
|
4715
|
-
["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: {
|
|
4716
|
-
issueDescription: "JQuery Deprecated Symbols refers to the use of deprecated or removed functions, methods, or symbols in jQuery libraries. This can lead to compatibility issues, security vulnerabilities, or performance degradation in applications.",
|
|
4717
|
-
fixInstructions: "Replace deprecated symbols with recommended alternatives."
|
|
4718
|
-
},
|
|
4719
|
-
["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: {
|
|
4720
|
-
issueDescription: "Deprecated Function refers to the use of functions, methods, or features that have been deprecated in programming languages or frameworks. This can lead to compatibility issues, security vulnerabilities, or performance degradation in applications.",
|
|
4721
|
-
fixInstructions: "Update code to replace deprecated functions with recommended alternatives provided by the language or framework."
|
|
4722
|
-
},
|
|
4723
|
-
["HARDCODED_SECRETS" /* HardcodedSecrets */]: {
|
|
4724
|
-
issueDescription: "Hardcoded Secrets refers to the practice of embedding sensitive information such as passwords, API keys, or cryptographic keys directly into source code or configuration files. This can lead to inadvertent exposure of credentials and potential security breaches if the code is shared or leaked.",
|
|
4725
|
-
fixInstructions: "Remove hardcoded sensitive information in source code or configuration files. Instead, sensitive data should be stored securely using encryption or secure credential management solutions."
|
|
4726
|
-
},
|
|
4727
|
-
["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: {
|
|
4728
|
-
issueDescription: "GraphQL Depth Limit refers to the lack of restrictions on query depth in GraphQL implementations, allowing attackers to execute complex and resource-intensive queries. This can lead to denial of service or excessive resource consumption.",
|
|
4729
|
-
fixInstructions: "Implement depth limits and query complexity thresholds in GraphQL schemas to restrict the complexity of incoming queries."
|
|
4730
|
-
},
|
|
4731
|
-
["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: {
|
|
4732
|
-
issueDescription: "System Information Leak occurs when sensitive system information is inadvertently disclosed to external entities, potentially aiding attackers in identifying vulnerabilities or targets.",
|
|
4733
|
-
fixInstructions: "Review and restrict the amount of system information exposed to external entities such as third-party APIs or integrations."
|
|
4734
|
-
},
|
|
4735
|
-
["INSECURE_RANDOMNESS" /* InsecureRandomness */]: {
|
|
4736
|
-
issueDescription: "Insecure Randomness refers to the use of insecure or predictable random number generation algorithms, leading to weak cryptographic keys, session tokens, or initialization vectors. This can facilitate brute-force attacks or cryptographic exploits.",
|
|
4737
|
-
fixInstructions: "Use secure random number generation algorithms provided by cryptographic libraries or frameworks."
|
|
4738
|
-
},
|
|
4739
|
-
["TYPE_CONFUSION" /* TypeConfusion */]: {
|
|
4740
|
-
issueDescription: "Type Confusion occurs in programming languages with weak typing systems when an attacker manipulates object types to bypass type checks or exploit memory corruption vulnerabilities. This can lead to arbitrary code execution or unauthorized access to sensitive data.",
|
|
4741
|
-
fixInstructions: "Implement strict type checking and validation to prevent type confusion vulnerabilities."
|
|
4742
|
-
},
|
|
4743
|
-
["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: {
|
|
4744
|
-
issueDescription: "Incomplete URL Sanitization occurs when user-supplied URLs are not properly sanitized, allowing attackers to inject malicious content or bypass security controls. This can lead to security vulnerabilities such as XSS attacks, open redirect, or SSRF.",
|
|
4745
|
-
fixInstructions: "Implement thorough URL validation and/or sanitization to ensure that user-supplied URLs conform to expected formats and do not contain malicious content."
|
|
4746
|
-
},
|
|
4747
|
-
["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: {
|
|
4748
|
-
issueDescription: "Unsafe Deserialization occurs when attackers manipulate serialized objects to execute arbitrary code or bypass security controls. This can lead to remote code execution, privilege escalation, or data tampering.",
|
|
4749
|
-
fixInstructions: "Implement strict validation and integrity checks on serialized objects."
|
|
4750
|
-
},
|
|
4751
|
-
["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: {
|
|
4752
|
-
issueDescription: "Improper Resource Shutdown or Release refers to situations where system resources such as file handles, database connections, or network sockets are not properly closed or released after use. This can lead to resource exhaustion, denial of service, or memory leaks.",
|
|
4753
|
-
fixInstructions: "Ensure that system resources are consistently closed or released after use. Using try-with resources blocks, finalizers, or dedicated resource management libraries can help mitigate the risk of improper resource shutdown or release vulnerabilities."
|
|
4754
|
-
},
|
|
4755
|
-
["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: {
|
|
4756
|
-
issueDescription: "Improper Exception Handling occurs when exceptions are not handled or propagated correctly, leading to unexpected behavior, security vulnerabilities, or application crashes.",
|
|
4757
|
-
fixInstructions: "Implement exception handling to gracefully handle unexpected errors."
|
|
4758
|
-
},
|
|
4759
|
-
["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: {
|
|
4760
|
-
issueDescription: "Missing Anti-Forgery Validation occurs when web applications do not properly validate or enforce anti-forgery tokens, allowing attackers to forge or replay requests from authenticated users.",
|
|
4761
|
-
fixInstructions: "Implement anti-forgery measures to validate the authenticity of user-submitted requests."
|
|
4762
|
-
},
|
|
4763
|
-
["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: {
|
|
4764
|
-
issueDescription: "Insecure Binder Configuration refers to misconfigurations in application frameworks or dependency injection containers, leading to security vulnerabilities such as injection attacks or privilege escalation.",
|
|
4765
|
-
fixInstructions: "Secure binder configurations to prevent injection attacks and enforce least privilege principles. Configurations should be restricted to trusted sources and sanitized to prevent unauthorized access or manipulation."
|
|
4766
|
-
},
|
|
4767
|
-
["NULL_DEREFERENCE" /* NullDereference */]: {
|
|
4768
|
-
issueDescription: "Null Dereference occurs when null or uninitialized pointers are dereferenced, leading to application crashes or security vulnerabilities. Attackers can exploit this to cause denial of service or execute arbitrary code.",
|
|
4769
|
-
fixInstructions: "Implement proper null checks and error handling mechanisms. Null values should be handled gracefully to avoid unexpected behavior or security issues."
|
|
4770
|
-
},
|
|
4771
|
-
["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: {
|
|
4772
|
-
issueDescription: "Dangerous Function Overflow occurs when functions or methods are called with parameters that exceed predefined limits, leading to buffer overflows or memory corruption vulnerabilities.",
|
|
4773
|
-
fixInstructions: "Implement proper input validation and bounds checking to prevent dangerous function overflows. Functions should be designed to handle input within safe limits and gracefully reject or truncate input that exceeds these limits."
|
|
4774
|
-
},
|
|
4775
|
-
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: {
|
|
4776
|
-
issueDescription: "Default Rights in Object Definition refers to situations where SQL objects are created with default or excessive permissions, leading to security vulnerabilities such as privilege escalation or unauthorized access.",
|
|
4777
|
-
fixInstructions: "Restrict default permissions in object definitions to enforce least privilege principles. Objects should be created with the minimum necessary permissions required for their intended functionality."
|
|
4778
|
-
},
|
|
4779
|
-
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: {
|
|
4780
|
-
issueDescription: "Weak XML Schema Unbounded Occurrences refers to the lack of restrictions on the maximum number of occurrences for elements or attributes in XML schemas. This can lead to denial of service or resource exhaustion attacks by causing excessive memory consumption or processing overhead.",
|
|
4781
|
-
fixInstructions: "Impose limits on the maximum number of occurrences for elements or attributes in XML schemas to prevent resource exhaustion attacks."
|
|
4782
|
-
},
|
|
4783
|
-
["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: void 0,
|
|
4784
|
-
["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: void 0,
|
|
4785
|
-
["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: void 0,
|
|
4786
|
-
["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: void 0,
|
|
4787
|
-
["PROTOTYPE_POLLUTION" /* PrototypePollution */]: void 0,
|
|
4788
|
-
["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: void 0,
|
|
4789
|
-
["HEADER_MANIPULATION" /* HeaderManipulation */]: void 0,
|
|
4790
|
-
["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: {
|
|
4791
|
-
issueDescription: "Missing equals or hashcode method can lead to unexpected behavior in collections. If two objects are equal, they should have the same hashcode.",
|
|
4792
|
-
fixInstructions: "Add the missing methods to ensure proper behavior in collections."
|
|
4793
|
-
},
|
|
4794
|
-
["VALUE_NEVER_READ" /* ValueNeverRead */]: {
|
|
4795
|
-
issueDescription: "The variable's value is not used. After the assignment, the variable is either assigned another value or goes out of scope.",
|
|
4796
|
-
fixInstructions: "Remove the assignment to the variable."
|
|
4797
|
-
},
|
|
4798
|
-
["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: void 0,
|
|
4799
|
-
["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: void 0,
|
|
4800
|
-
["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: void 0,
|
|
4801
|
-
["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: void 0,
|
|
4802
|
-
["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: void 0,
|
|
4803
|
-
["PRIVACY_VIOLATION" /* PrivacyViolation */]: void 0,
|
|
4804
|
-
["VALUE_SHADOWING" /* ValueShadowing */]: void 0,
|
|
4805
|
-
["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: void 0,
|
|
4806
|
-
["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: void 0,
|
|
4807
|
-
["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: void 0,
|
|
4808
|
-
["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: void 0,
|
|
4809
|
-
["DEBUG_ENABLED" /* DebugEnabled */]: void 0,
|
|
4810
|
-
["CONFUSING_NAMING" /* ConfusingNaming */]: {
|
|
4811
|
-
issueDescription: "A data member and a function have the same name which can be confusing to the developer.",
|
|
4812
|
-
fixInstructions: "Rename the data member to avoid confusion."
|
|
4813
|
-
},
|
|
4814
|
-
["J2EE_GET_CONNECTION" /* J2EeGetConnection */]: void 0,
|
|
4815
|
-
["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: void 0,
|
|
4816
|
-
["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: void 0,
|
|
4817
|
-
["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: void 0,
|
|
4818
|
-
["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: void 0,
|
|
4819
|
-
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: {
|
|
4820
|
-
issueDescription: "Auto Escape False occurs when automatic escaping is disabled in template engines, allowing untrusted data to be rendered without proper encoding. This can lead to Cross-Site Scripting (XSS) vulnerabilities.",
|
|
4821
|
-
fixInstructions: "Set auto escape to true."
|
|
4822
|
-
},
|
|
4823
|
-
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: {
|
|
4824
|
-
issueDescription: "The lack of a rate limit can allow denial-of-service attacks, in which an attacker can cause the application to crash or become unresponsive by issuing a large number of requests simultaneously.",
|
|
4825
|
-
fixInstructions: "Use express-rate-limit npm package to set a rate limit."
|
|
4826
|
-
},
|
|
4827
|
-
["MISSING_CSP_HEADER" /* MissingCspHeader */]: void 0,
|
|
4828
|
-
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: void 0,
|
|
4829
|
-
["HEAP_INSPECTION" /* HeapInspection */]: {
|
|
4830
|
-
issueDescription: "All variables stored by the application in unencrypted memory can be read by an attacker. This can lead to the exposure of sensitive information, such as passwords, credit card numbers, and personal data.",
|
|
4831
|
-
fixInstructions: "Use secure storage methods to store secrets in memory."
|
|
4832
|
-
},
|
|
4833
|
-
["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: {
|
|
4834
|
-
issueDescription: "Client DOM Stored Code Injection is a client-side security vulnerability where malicious JavaScript code gets stored in the DOM and later executed when retrieved by legitimate scripts.",
|
|
4835
|
-
fixInstructions: "Update the code to avoid the possibility for malicious JavaScript code to get stored in the DOM."
|
|
4836
|
-
},
|
|
4837
|
-
["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: void 0,
|
|
4838
|
-
["NON_READONLY_FIELD" /* NonReadonlyField */]: void 0,
|
|
4839
|
-
["CSRF" /* Csrf */]: {
|
|
4840
|
-
issueDescription: "Cross Site Request Forgery is an attack that forces an end user to execute unwanted actions on a web application in which they\u2019re currently authenticated.",
|
|
4841
|
-
fixInstructions: "Configure a CSRF protection mechanism, such as a CSRF token, in your application."
|
|
4842
|
-
},
|
|
4843
|
-
["WEAK_ENCRYPTION" /* WeakEncryption */]: void 0,
|
|
4844
|
-
["CODE_IN_COMMENT" /* CodeInComment */]: void 0,
|
|
4845
|
-
["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: void 0,
|
|
4846
|
-
["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: void 0,
|
|
4847
|
-
["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: void 0,
|
|
4848
|
-
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: void 0,
|
|
4849
|
-
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: void 0,
|
|
4850
|
-
["DUPLICATED_STRINGS" /* DuplicatedStrings */]: void 0,
|
|
4851
|
-
["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: void 0,
|
|
4852
|
-
["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: void 0,
|
|
4853
|
-
["MODIFIED_DEFAULT_PARAM" /* ModifiedDefaultParam */]: void 0,
|
|
4854
|
-
["UNSAFE_WEB_THREAD" /* UnsafeWebThread */]: void 0,
|
|
4855
|
-
["NO_VAR" /* NoVar */]: void 0,
|
|
4856
|
-
["INSECURE_TMP_FILE" /* InsecureTmpFile */]: void 0,
|
|
4857
|
-
["RETURN_SHOULD_NOT_BE_INVARIANT" /* ReturnShouldNotBeInvariant */]: void 0,
|
|
4858
|
-
["SYSTEM_EXIT_SHOULD_RERAISE" /* SystemExitShouldReraise */]: void 0,
|
|
4859
|
-
["NO_RETURN_IN_FINALLY" /* NoReturnInFinally */]: void 0,
|
|
4860
|
-
["AVOID_IDENTITY_COMPARISON_CACHED_TYPES" /* AvoidIdentityComparisonCachedTypes */]: void 0,
|
|
4861
|
-
["AVOID_BUILTIN_SHADOWING" /* AvoidBuiltinShadowing */]: void 0,
|
|
4862
|
-
["IMPROPER_STRING_FORMATTING" /* ImproperStringFormatting */]: void 0,
|
|
4863
|
-
["WILDCARD_IMPORTS" /* WildcardImports */]: void 0,
|
|
4864
|
-
["TAR_SLIP" /* TarSlip */]: void 0,
|
|
4865
|
-
["MISSING_WHITESPACE" /* MissingWhitespace */]: void 0,
|
|
4866
|
-
["NO_PRINT_STATEMENT" /* NoPrintStatement */]: void 0,
|
|
4867
|
-
["NO_OP_OVERHEAD" /* NoOpOverhead */]: void 0,
|
|
4868
|
-
["DO_NOT_RAISE_EXCEPTION" /* DoNotRaiseException */]: void 0,
|
|
4869
|
-
["DECLARE_VARIABLE_EXPLICITLY" /* DeclareVariableExplicitly */]: void 0,
|
|
4870
|
-
["UNNECESSARY_IMPORTS" /* UnnecessaryImports */]: void 0,
|
|
4871
|
-
["NO_NESTED_TRY" /* NoNestedTry */]: void 0,
|
|
4872
|
-
["REDOS" /* Redos */]: void 0,
|
|
4873
|
-
["DO_NOT_THROW_GENERIC_EXCEPTION" /* DoNotThrowGenericException */]: void 0,
|
|
4874
|
-
["BUFFER_OVERFLOW" /* BufferOverflow */]: {
|
|
4875
|
-
issueDescription: "Buffer Overflow occurs when a program writes data beyond the allocated memory space, leading to unexpected behavior or security vulnerabilities.",
|
|
4876
|
-
fixInstructions: "Implement proper input validation and bounds checking to prevent buffer overflows. Use safe string manipulation functions and ensure that the buffer size is properly managed."
|
|
4877
|
-
},
|
|
4878
|
-
["STRING_TERMINATION_ERROR" /* StringTerminationError */]: {
|
|
4879
|
-
issueDescription: "String Termination Error occurs when a string is not properly terminated, leading to unexpected behavior or security vulnerabilities.",
|
|
4880
|
-
fixInstructions: "Implement proper input validation and bounds checking to prevent string termination errors. Use safe string manipulation functions and ensure that the buffer size is properly managed."
|
|
4881
|
-
},
|
|
4882
|
-
["HTTP_PARAMETER_POLLUTION" /* HttpParameterPollution */]: {
|
|
4883
|
-
issueDescription: "HTTP Parameter Pollution occurs when an attacker can manipulate the parameters of an HTTP request to change the behavior of the server.",
|
|
4884
|
-
fixInstructions: "Implement proper input validation and bounds checking to prevent HTTP parameter pollution. Use safe string manipulation functions and ensure that the buffer size is properly managed."
|
|
4885
|
-
},
|
|
4886
|
-
["INCOMPLETE_SANITIZATION" /* IncompleteSanitization */]: void 0,
|
|
4887
|
-
["CREDENTIAL_DISCLOSURE" /* CredentialDisclosure */]: void 0,
|
|
4888
|
-
["INSECURE_POSTMESSAGE" /* InsecurePostmessage */]: void 0,
|
|
4889
|
-
["MISSING_USER" /* MissingUser */]: {
|
|
4890
|
-
issueDescription: "Missing User occurs when a user is not specified in the Dockerfile, leading to security vulnerabilities.",
|
|
4891
|
-
fixInstructions: "Specify a user in the Dockerfile to prevent security vulnerabilities."
|
|
4892
|
-
},
|
|
4893
|
-
["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: void 0,
|
|
4894
|
-
["PORT_ALL_INTERFACES" /* PortAllInterfaces */]: void 0,
|
|
4895
|
-
["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: void 0,
|
|
4896
|
-
["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: void 0,
|
|
4897
|
-
["USELESS_TERNARY" /* UselessTernary */]: void 0,
|
|
4898
|
-
["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: void 0,
|
|
4899
|
-
["USE_SYS_EXIT" /* UseSysExit */]: void 0,
|
|
4900
|
-
["INCORRECT_SQL_API_USAGE" /* IncorrectSqlApiUsage */]: void 0,
|
|
4901
|
-
["USE_RAISE_FOR_STATUS" /* UseRaiseForStatus */]: void 0,
|
|
4902
|
-
["USE_TIMEOUT" /* UseTimeout */]: void 0,
|
|
4903
|
-
["USELESS_IF_BODY" /* UselessIfBody */]: void 0,
|
|
4904
|
-
["MISSING_TEMPLATE_STRING_INDICATOR" /* MissingTemplateStringIndicator */]: void 0,
|
|
4905
|
-
["NO_ASSERT" /* NoAssert */]: void 0,
|
|
4906
|
-
["FUNCTION_CALL_WITHOUT_PARENTHESES" /* FunctionCallWithoutParentheses */]: void 0,
|
|
4907
|
-
["SPRING_DEFAULT_PERMIT" /* SpringDefaultPermit */]: void 0,
|
|
4908
|
-
["RETURN_IN_INIT" /* ReturnInInit */]: void 0,
|
|
4909
|
-
["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: void 0,
|
|
4910
|
-
["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
|
|
4911
|
-
["REDUNDANT_CONDITION" /* RedundantCondition */]: void 0,
|
|
4912
|
-
["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
|
|
4913
|
-
["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0,
|
|
4914
|
-
["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0,
|
|
4915
|
-
["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: void 0,
|
|
4916
|
-
["MISSING_X_FRAME_OPTIONS" /* MissingXFrameOptions */]: void 0,
|
|
4917
|
-
["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: void 0,
|
|
4918
|
-
["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: void 0,
|
|
4919
|
-
["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: void 0,
|
|
4920
|
-
["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: void 0,
|
|
4921
|
-
["UNSAFE_REFLECTION" /* UnsafeReflection */]: void 0,
|
|
4922
|
-
["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: {
|
|
4923
|
-
issueDescription: "AWS SQS queue contents are unencrypted; data could be read if the queue is compromised.",
|
|
4924
|
-
fixInstructions: "Enable server-side encryption by setting sqs_managed_sse_enabled = true, or supply a KMS key via kms_master_key_id."
|
|
4925
|
-
},
|
|
4926
|
-
["INSECURE_DESERIALIZATION" /* InsecureDeserialization */]: void 0,
|
|
4927
|
-
["AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED" /* AwsDynamodbPointInTimeRecoveryDisabled */]: {
|
|
4928
|
-
issueDescription: "AWS DynamoDB table has point-in-time recovery disabled; accidental or malicious writes/deletes cannot be rolled back from a known-good snapshot.",
|
|
4929
|
-
fixInstructions: "Enable point-in-time recovery by adding `point_in_time_recovery { enabled = true }` to the aws_dynamodb_table resource."
|
|
4930
|
-
},
|
|
4931
|
-
["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: {
|
|
4932
|
-
issueDescription: "Decoding a JWT with `JWT.decode()` only base64-decodes the token without checking its signature, so an attacker can forge a token with arbitrary claims (identity, roles, expiration) and have it trusted. CWE-345, OWASP A08:2021 Software and Data Integrity Failures.",
|
|
4933
|
-
fixInstructions: "Verify the signature before trusting any claims: build a verifier with the expected algorithm and secret/key (e.g. `JWT.require(Algorithm.HMAC256(secret)).build().verify(token)`) instead of calling `JWT.decode(token)`. After merging, confirm the verifier is configured with the same algorithm and secret/key used to sign your tokens \u2014 an incorrect or placeholder secret will make verification throw `JWTVerificationException` at runtime and reject legitimate tokens."
|
|
4934
|
-
},
|
|
4935
|
-
["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: void 0
|
|
4936
|
-
};
|
|
4937
|
-
|
|
4938
|
-
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
4939
4306
|
init_getIssueType();
|
|
4307
|
+
init_issueTypeCatalog();
|
|
4940
4308
|
function capitalizeFirstLetter(str) {
|
|
4941
4309
|
return str?.length ? str[0].toUpperCase() + str.slice(1) : "";
|
|
4942
4310
|
}
|
|
@@ -4964,8 +4332,7 @@ var getCommitDescription = ({
|
|
|
4964
4332
|
)}**.
|
|
4965
4333
|
|
|
4966
4334
|
`;
|
|
4967
|
-
|
|
4968
|
-
if (issueType && parseIssueTypeRes.success) {
|
|
4335
|
+
if (issueType) {
|
|
4969
4336
|
if (irrelevantIssueWithTags?.[0]?.tag) {
|
|
4970
4337
|
description += `
|
|
4971
4338
|
> [!tip]
|
|
@@ -4977,14 +4344,17 @@ var getCommitDescription = ({
|
|
|
4977
4344
|
${issueDescription[irrelevantIssueWithTags[0].tag]}
|
|
4978
4345
|
`;
|
|
4979
4346
|
}
|
|
4980
|
-
const
|
|
4981
|
-
if (
|
|
4347
|
+
const catalogEntry = getIssueTypeCatalogEntry(issueType);
|
|
4348
|
+
if (catalogEntry?.issueDescription) {
|
|
4982
4349
|
description += `## Issue description
|
|
4983
|
-
${
|
|
4984
|
-
|
|
4350
|
+
${catalogEntry.issueDescription}
|
|
4351
|
+
`;
|
|
4352
|
+
if (catalogEntry.fixInstructions) {
|
|
4353
|
+
description += `
|
|
4985
4354
|
## Fix instructions
|
|
4986
|
-
${
|
|
4355
|
+
${catalogEntry.fixInstructions}
|
|
4987
4356
|
`;
|
|
4357
|
+
}
|
|
4988
4358
|
}
|
|
4989
4359
|
}
|
|
4990
4360
|
description += `
|
|
@@ -5008,8 +4378,7 @@ var getCommitIssueDescription = ({
|
|
|
5008
4378
|
const issueTypeString = getIssueTypeFriendlyString(issueType);
|
|
5009
4379
|
let description = `The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
|
|
5010
4380
|
`;
|
|
5011
|
-
|
|
5012
|
-
if (issueType && parseIssueTypeRes.success) {
|
|
4381
|
+
if (issueType) {
|
|
5013
4382
|
if (irrelevantIssueWithTags?.[0]?.tag) {
|
|
5014
4383
|
description = `
|
|
5015
4384
|
> [!tip]
|
|
@@ -5022,10 +4391,10 @@ var getCommitIssueDescription = ({
|
|
|
5022
4391
|
${fpDescription ?? unfixableDescription ?? issueDescription[irrelevantIssueWithTags[0].tag]}
|
|
5023
4392
|
`;
|
|
5024
4393
|
}
|
|
5025
|
-
const
|
|
5026
|
-
if (
|
|
4394
|
+
const catalogEntry = getIssueTypeCatalogEntry(issueType);
|
|
4395
|
+
if (catalogEntry?.issueDescription) {
|
|
5027
4396
|
description += `## Issue description
|
|
5028
|
-
${
|
|
4397
|
+
${catalogEntry.issueDescription}
|
|
5029
4398
|
`;
|
|
5030
4399
|
}
|
|
5031
4400
|
}
|
|
@@ -5037,14 +4406,12 @@ init_getIssueType();
|
|
|
5037
4406
|
|
|
5038
4407
|
// src/features/analysis/scm/shared/src/guidances.ts
|
|
5039
4408
|
init_client_generates();
|
|
5040
|
-
|
|
4409
|
+
init_getIssueType();
|
|
4410
|
+
import { z as z4 } from "zod";
|
|
5041
4411
|
|
|
5042
4412
|
// src/features/analysis/scm/shared/src/storedFixData/index.ts
|
|
5043
4413
|
init_client_generates();
|
|
5044
|
-
import { z as
|
|
5045
|
-
|
|
5046
|
-
// src/features/analysis/scm/shared/src/storedFixData/csharp/index.ts
|
|
5047
|
-
init_client_generates();
|
|
4414
|
+
import { z as z2 } from "zod";
|
|
5048
4415
|
|
|
5049
4416
|
// src/features/analysis/scm/shared/src/storedFixData/passwordInComment.ts
|
|
5050
4417
|
var passwordInComment = {
|
|
@@ -5081,8 +4448,8 @@ This is an illustration of how the form will look like:
|
|
|
5081
4448
|
|
|
5082
4449
|
// src/features/analysis/scm/shared/src/storedFixData/csharp/index.ts
|
|
5083
4450
|
var vulnerabilities = {
|
|
5084
|
-
["MISSING_ANTIFORGERY_VALIDATION"
|
|
5085
|
-
["PASSWORD_IN_COMMENT"
|
|
4451
|
+
["MISSING_ANTIFORGERY_VALIDATION"]: missingAntiForgeryValidation,
|
|
4452
|
+
["PASSWORD_IN_COMMENT"]: passwordInComment
|
|
5086
4453
|
};
|
|
5087
4454
|
var csharp_default = vulnerabilities;
|
|
5088
4455
|
|
|
@@ -5098,9 +4465,6 @@ var go_default = vulnerabilities3;
|
|
|
5098
4465
|
var vulnerabilities4 = {};
|
|
5099
4466
|
var hcl_default = vulnerabilities4;
|
|
5100
4467
|
|
|
5101
|
-
// src/features/analysis/scm/shared/src/storedFixData/java/index.ts
|
|
5102
|
-
init_client_generates();
|
|
5103
|
-
|
|
5104
4468
|
// src/features/analysis/scm/shared/src/storedFixData/java/insecureDeserialization.ts
|
|
5105
4469
|
var insecureDeserialization = {
|
|
5106
4470
|
guidance: () => "Added a `@Consumes` annotation restricting the endpoint to common safe media types (JSON, XML, form, multipart, octet-stream, plain text). Requests with `Content-Type: application/x-java-serialized-object` are no longer routed to the RESTEasy `SerializableProvider`. If your endpoint legitimately accepts a content type not in this allowlist (e.g. `image/png`, a custom JSON variant), expect HTTP 415 from those clients and extend the `@Consumes` list to include it."
|
|
@@ -5157,17 +4521,14 @@ var systemInformationLeak = {
|
|
|
5157
4521
|
|
|
5158
4522
|
// src/features/analysis/scm/shared/src/storedFixData/java/index.ts
|
|
5159
4523
|
var vulnerabilities5 = {
|
|
5160
|
-
["PASSWORD_IN_COMMENT"
|
|
5161
|
-
["INSECURE_DESERIALIZATION"
|
|
5162
|
-
["J2EE_GET_CONNECTION"
|
|
5163
|
-
["SQL_Injection"
|
|
5164
|
-
["SYSTEM_INFORMATION_LEAK"
|
|
4524
|
+
["PASSWORD_IN_COMMENT"]: passwordInComment,
|
|
4525
|
+
["INSECURE_DESERIALIZATION"]: insecureDeserialization,
|
|
4526
|
+
["J2EE_GET_CONNECTION"]: j2eeGetConnection,
|
|
4527
|
+
["SQL_Injection"]: sqlInjection,
|
|
4528
|
+
["SYSTEM_INFORMATION_LEAK"]: systemInformationLeak
|
|
5165
4529
|
};
|
|
5166
4530
|
var java_default = vulnerabilities5;
|
|
5167
4531
|
|
|
5168
|
-
// src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
|
|
5169
|
-
init_client_generates();
|
|
5170
|
-
|
|
5171
4532
|
// src/features/analysis/scm/shared/src/storedFixData/python/csrf.ts
|
|
5172
4533
|
var csrf = {
|
|
5173
4534
|
guidance: () => `Please make sure the CSRF middleware is activated by default in the MIDDLEWARE setting. If you override that setting, remember that \`django.middleware.csrf.CsrfViewMiddleware\` should come before any view middleware that assume that CSRF attacks have been dealt with.
|
|
@@ -5210,11 +4571,11 @@ var ssrf = {
|
|
|
5210
4571
|
|
|
5211
4572
|
// src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
|
|
5212
4573
|
var vulnerabilities6 = {
|
|
5213
|
-
["SSRF"
|
|
5214
|
-
["HARDCODED_SECRETS"
|
|
5215
|
-
["PASSWORD_IN_COMMENT"
|
|
5216
|
-
["NO_LIMITS_OR_THROTTLING"
|
|
5217
|
-
["CSRF"
|
|
4574
|
+
["SSRF"]: ssrf,
|
|
4575
|
+
["HARDCODED_SECRETS"]: hardcodedSecrets,
|
|
4576
|
+
["PASSWORD_IN_COMMENT"]: passwordInComment,
|
|
4577
|
+
["NO_LIMITS_OR_THROTTLING"]: noLimitsOrThrottling,
|
|
4578
|
+
["CSRF"]: csrf
|
|
5218
4579
|
};
|
|
5219
4580
|
var javascript_default = vulnerabilities6;
|
|
5220
4581
|
|
|
@@ -5222,9 +4583,6 @@ var javascript_default = vulnerabilities6;
|
|
|
5222
4583
|
var vulnerabilities7 = {};
|
|
5223
4584
|
var php_default = vulnerabilities7;
|
|
5224
4585
|
|
|
5225
|
-
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
5226
|
-
init_client_generates();
|
|
5227
|
-
|
|
5228
4586
|
// src/features/analysis/scm/shared/src/storedFixData/python/autoEscapeFalse.ts
|
|
5229
4587
|
var autoEscapeFalse = {
|
|
5230
4588
|
guidance: () => `This fix enables automatic escaping for HTML. When that's enabled, everything is escaped by default except for values explicitly marked as safe. Variables and expressions can be marked as safe either in:
|
|
@@ -5259,15 +4617,12 @@ See the [\`requests\` SSL verification docs](https://requests.readthedocs.io/en/
|
|
|
5259
4617
|
|
|
5260
4618
|
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
5261
4619
|
var vulnerabilities8 = {
|
|
5262
|
-
["AUTO_ESCAPE_FALSE"
|
|
5263
|
-
["CSRF"
|
|
5264
|
-
["IMPROPER_CERTIFICATE_VALIDATION"
|
|
4620
|
+
["AUTO_ESCAPE_FALSE"]: autoEscapeFalse,
|
|
4621
|
+
["CSRF"]: csrf,
|
|
4622
|
+
["IMPROPER_CERTIFICATE_VALIDATION"]: improperCertificateValidation
|
|
5265
4623
|
};
|
|
5266
4624
|
var python_default = vulnerabilities8;
|
|
5267
4625
|
|
|
5268
|
-
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
5269
|
-
init_client_generates();
|
|
5270
|
-
|
|
5271
4626
|
// src/features/analysis/scm/shared/src/storedFixData/sql/defaultRightsInObjDefinition.ts
|
|
5272
4627
|
var defaultRightsInObjDefinition = {
|
|
5273
4628
|
guidance: () => "***Make sure the user who is supposed to run the procedure has sufficient permissions.***\n\nRead more details about the `EXECUTE AS` statement in [the official Microsoft documentation](https://learn.microsoft.com/en-us/sql/t-sql/statements/execute-as-clause-transact-sql?view=sql-server-ver16&tabs=sqlserver).\n\n`EXECUTE AS CALLER` is the default behavior for SQL Server 2005 and later."
|
|
@@ -5275,20 +4630,19 @@ var defaultRightsInObjDefinition = {
|
|
|
5275
4630
|
|
|
5276
4631
|
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
5277
4632
|
var vulnerabilities9 = {
|
|
5278
|
-
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION"
|
|
4633
|
+
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION"]: defaultRightsInObjDefinition
|
|
5279
4634
|
};
|
|
5280
4635
|
var sql_default = vulnerabilities9;
|
|
5281
4636
|
|
|
5282
4637
|
// src/features/analysis/scm/shared/src/storedFixData/xml/index.ts
|
|
5283
|
-
init_client_generates();
|
|
5284
4638
|
var vulnerabilities10 = {
|
|
5285
|
-
["PASSWORD_IN_COMMENT"
|
|
4639
|
+
["PASSWORD_IN_COMMENT"]: passwordInComment
|
|
5286
4640
|
};
|
|
5287
4641
|
var xml_default = vulnerabilities10;
|
|
5288
4642
|
|
|
5289
4643
|
// src/features/analysis/scm/shared/src/storedFixData/index.ts
|
|
5290
|
-
var StoredFixDataItemZ =
|
|
5291
|
-
guidance:
|
|
4644
|
+
var StoredFixDataItemZ = z2.object({
|
|
4645
|
+
guidance: z2.function().args(z2.any()).returns(z2.string())
|
|
5292
4646
|
});
|
|
5293
4647
|
var languages = {
|
|
5294
4648
|
["Java" /* Java */]: java_default,
|
|
@@ -5305,10 +4659,7 @@ var languages = {
|
|
|
5305
4659
|
|
|
5306
4660
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
5307
4661
|
init_client_generates();
|
|
5308
|
-
import { z as
|
|
5309
|
-
|
|
5310
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
|
|
5311
|
-
init_client_generates();
|
|
4662
|
+
import { z as z3 } from "zod";
|
|
5312
4663
|
|
|
5313
4664
|
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/commandInjection.ts
|
|
5314
4665
|
var commandInjection = {
|
|
@@ -5354,14 +4705,11 @@ var pathManipulation = {
|
|
|
5354
4705
|
|
|
5355
4706
|
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
|
|
5356
4707
|
var vulnerabilities11 = {
|
|
5357
|
-
["CMDi"
|
|
5358
|
-
["PT"
|
|
4708
|
+
["CMDi"]: commandInjection,
|
|
4709
|
+
["PT"]: pathManipulation
|
|
5359
4710
|
};
|
|
5360
4711
|
var cpp_default = vulnerabilities11;
|
|
5361
4712
|
|
|
5362
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
|
|
5363
|
-
init_client_generates();
|
|
5364
|
-
|
|
5365
4713
|
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/httpOnlyCookie.ts
|
|
5366
4714
|
var httpOnlyCookie = {
|
|
5367
4715
|
httpOnlyCookie: {
|
|
@@ -5656,31 +5004,28 @@ var xxe = {
|
|
|
5656
5004
|
|
|
5657
5005
|
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
|
|
5658
5006
|
var vulnerabilities12 = {
|
|
5659
|
-
["LOG_FORGING"
|
|
5660
|
-
["SSRF"
|
|
5661
|
-
["XXE"
|
|
5662
|
-
["XSS"
|
|
5663
|
-
["USE_OF_SYSTEM_OUTPUT_STREAM"
|
|
5664
|
-
["SYSTEM_INFORMATION_LEAK"
|
|
5665
|
-
["OVERLY_BROAD_CATCH"
|
|
5666
|
-
["TRUST_BOUNDARY_VIOLATION"
|
|
5667
|
-
["PT"
|
|
5668
|
-
["REGEX_MISSING_TIMEOUT"
|
|
5669
|
-
["HTTP_ONLY_COOKIE"
|
|
5670
|
-
["INSECURE_COOKIE"
|
|
5671
|
-
["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED"
|
|
5672
|
-
["INSECURE_BINDER_CONFIGURATION"
|
|
5673
|
-
["VALUE_SHADOWING"
|
|
5674
|
-
["INSECURE_RANDOMNESS"
|
|
5675
|
-
["INSUFFICIENT_LOGGING"
|
|
5676
|
-
["SQL_Injection"
|
|
5677
|
-
["REQUEST_PARAMETERS_BOUND_VIA_INPUT"
|
|
5007
|
+
["LOG_FORGING"]: logForging,
|
|
5008
|
+
["SSRF"]: ssrf2,
|
|
5009
|
+
["XXE"]: xxe,
|
|
5010
|
+
["XSS"]: xss,
|
|
5011
|
+
["USE_OF_SYSTEM_OUTPUT_STREAM"]: useOfSystemOutputStream,
|
|
5012
|
+
["SYSTEM_INFORMATION_LEAK"]: sysLeak,
|
|
5013
|
+
["OVERLY_BROAD_CATCH"]: overlyBroadCatch,
|
|
5014
|
+
["TRUST_BOUNDARY_VIOLATION"]: trustBoundaryViolation,
|
|
5015
|
+
["PT"]: pt,
|
|
5016
|
+
["REGEX_MISSING_TIMEOUT"]: regexMissingTimeout,
|
|
5017
|
+
["HTTP_ONLY_COOKIE"]: httpOnlyCookie,
|
|
5018
|
+
["INSECURE_COOKIE"]: insecureCookie,
|
|
5019
|
+
["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED"]: wcfMisconfigurationThrottlingNotEnabled,
|
|
5020
|
+
["INSECURE_BINDER_CONFIGURATION"]: insecureBinderConfiguration,
|
|
5021
|
+
["VALUE_SHADOWING"]: valueShadowing,
|
|
5022
|
+
["INSECURE_RANDOMNESS"]: insecureRandomness,
|
|
5023
|
+
["INSUFFICIENT_LOGGING"]: insufficientLogging,
|
|
5024
|
+
["SQL_Injection"]: sqlInjection2,
|
|
5025
|
+
["REQUEST_PARAMETERS_BOUND_VIA_INPUT"]: requestParametersBoundViaInput
|
|
5678
5026
|
};
|
|
5679
5027
|
var csharp_default2 = vulnerabilities12;
|
|
5680
5028
|
|
|
5681
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
5682
|
-
init_client_generates();
|
|
5683
|
-
|
|
5684
5029
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/logForging.ts
|
|
5685
5030
|
var logForging2 = {
|
|
5686
5031
|
isHtmlDisplay: {
|
|
@@ -5710,15 +5055,12 @@ var websocketMissingOriginCheck = {
|
|
|
5710
5055
|
|
|
5711
5056
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
5712
5057
|
var vulnerabilities13 = {
|
|
5713
|
-
["LOG_FORGING"
|
|
5714
|
-
["MISSING_SSL_MINVERSION"
|
|
5715
|
-
["WEBSOCKET_MISSING_ORIGIN_CHECK"
|
|
5058
|
+
["LOG_FORGING"]: logForging2,
|
|
5059
|
+
["MISSING_SSL_MINVERSION"]: missingSslMinversion,
|
|
5060
|
+
["WEBSOCKET_MISSING_ORIGIN_CHECK"]: websocketMissingOriginCheck
|
|
5716
5061
|
};
|
|
5717
5062
|
var go_default2 = vulnerabilities13;
|
|
5718
5063
|
|
|
5719
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
5720
|
-
init_client_generates();
|
|
5721
|
-
|
|
5722
5064
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/commandInjection.ts
|
|
5723
5065
|
var commandInjection2 = {
|
|
5724
5066
|
isUnixShellCommandPart: {
|
|
@@ -6175,38 +5517,35 @@ var xxe2 = {
|
|
|
6175
5517
|
|
|
6176
5518
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
6177
5519
|
var vulnerabilities14 = {
|
|
6178
|
-
["SQL_Injection"
|
|
6179
|
-
["CMDi_relative_path_command"
|
|
6180
|
-
["CMDi"
|
|
6181
|
-
["CONFUSING_NAMING"
|
|
6182
|
-
["ERROR_CONDTION_WITHOUT_ACTION"
|
|
6183
|
-
["XXE"
|
|
6184
|
-
["XSS"
|
|
6185
|
-
["PRIVACY_VIOLATION"
|
|
6186
|
-
["PT"
|
|
6187
|
-
["SSRF"
|
|
6188
|
-
["LOG_FORGING"
|
|
6189
|
-
["LOCALE_DEPENDENT_COMPARISON"
|
|
6190
|
-
["MISSING_CHECK_AGAINST_NULL"
|
|
6191
|
-
["OPEN_REDIRECT"
|
|
6192
|
-
["OVERLY_BROAD_CATCH"
|
|
6193
|
-
["SYSTEM_INFORMATION_LEAK"
|
|
6194
|
-
["USE_OF_SYSTEM_OUTPUT_STREAM"
|
|
6195
|
-
["HTTP_ONLY_COOKIE"
|
|
6196
|
-
["UNCHECKED_LOOP_CONDITION"
|
|
6197
|
-
["INSECURE_COOKIE"
|
|
6198
|
-
["TRUST_BOUNDARY_VIOLATION"
|
|
6199
|
-
["UNSAFE_REFLECTION"
|
|
6200
|
-
["J2EE_GET_CONNECTION"
|
|
6201
|
-
["LEFTOVER_DEBUG_CODE"
|
|
6202
|
-
["ERRONEOUS_STRING_COMPARE"
|
|
6203
|
-
["DUPLICATED_STRINGS"
|
|
5520
|
+
["SQL_Injection"]: sqlInjection3,
|
|
5521
|
+
["CMDi_relative_path_command"]: relativePathCommand,
|
|
5522
|
+
["CMDi"]: commandInjection2,
|
|
5523
|
+
["CONFUSING_NAMING"]: confusingNaming,
|
|
5524
|
+
["ERROR_CONDTION_WITHOUT_ACTION"]: errorConditionWithoutAction,
|
|
5525
|
+
["XXE"]: xxe2,
|
|
5526
|
+
["XSS"]: xss2,
|
|
5527
|
+
["PRIVACY_VIOLATION"]: privacyViolation,
|
|
5528
|
+
["PT"]: pt2,
|
|
5529
|
+
["SSRF"]: ssrf3,
|
|
5530
|
+
["LOG_FORGING"]: logForging3,
|
|
5531
|
+
["LOCALE_DEPENDENT_COMPARISON"]: localeDependentComparison,
|
|
5532
|
+
["MISSING_CHECK_AGAINST_NULL"]: missingCheckAgainstNull,
|
|
5533
|
+
["OPEN_REDIRECT"]: openRedirect,
|
|
5534
|
+
["OVERLY_BROAD_CATCH"]: overlyBroadCatch2,
|
|
5535
|
+
["SYSTEM_INFORMATION_LEAK"]: sysLeak2,
|
|
5536
|
+
["USE_OF_SYSTEM_OUTPUT_STREAM"]: useOfSystemOutputStream2,
|
|
5537
|
+
["HTTP_ONLY_COOKIE"]: httpOnlyCookie2,
|
|
5538
|
+
["UNCHECKED_LOOP_CONDITION"]: uncheckedLoopCondition,
|
|
5539
|
+
["INSECURE_COOKIE"]: insecureCookie2,
|
|
5540
|
+
["TRUST_BOUNDARY_VIOLATION"]: trustBoundaryViolation2,
|
|
5541
|
+
["UNSAFE_REFLECTION"]: unsafeReflection,
|
|
5542
|
+
["J2EE_GET_CONNECTION"]: j2eeGetConnection2,
|
|
5543
|
+
["LEFTOVER_DEBUG_CODE"]: leftoverDebugCode,
|
|
5544
|
+
["ERRONEOUS_STRING_COMPARE"]: erroneousStringCompare,
|
|
5545
|
+
["DUPLICATED_STRINGS"]: duplicatedStrings
|
|
6204
5546
|
};
|
|
6205
5547
|
var java_default2 = vulnerabilities14;
|
|
6206
5548
|
|
|
6207
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
|
|
6208
|
-
init_client_generates();
|
|
6209
|
-
|
|
6210
5549
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/csrf.ts
|
|
6211
5550
|
var csrf2 = {
|
|
6212
5551
|
isPythonDjangoTemplate: {
|
|
@@ -6532,33 +5871,30 @@ var xss3 = {
|
|
|
6532
5871
|
|
|
6533
5872
|
// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
|
|
6534
5873
|
var vulnerabilities15 = {
|
|
6535
|
-
["CMDi"
|
|
6536
|
-
["GRAPHQL_DEPTH_LIMIT"
|
|
6537
|
-
["INSECURE_RANDOMNESS"
|
|
6538
|
-
["SSRF"
|
|
6539
|
-
["TYPE_CONFUSION"
|
|
6540
|
-
["INCOMPLETE_URL_SANITIZATION"
|
|
6541
|
-
["LOG_FORGING"
|
|
6542
|
-
["XSS"
|
|
6543
|
-
["OPEN_REDIRECT"
|
|
6544
|
-
["SYSTEM_INFORMATION_LEAK"
|
|
6545
|
-
["SYSTEM_INFORMATION_LEAK_EXTERNAL"
|
|
6546
|
-
["IFRAME_WITHOUT_SANDBOX"
|
|
6547
|
-
["PT"
|
|
6548
|
-
["HARDCODED_SECRETS"
|
|
6549
|
-
["MISSING_HSTS_HEADER"
|
|
6550
|
-
["UNCHECKED_LOOP_CONDITION"
|
|
6551
|
-
["NO_LIMITS_OR_THROTTLING"
|
|
6552
|
-
["MISSING_CSP_HEADER"
|
|
6553
|
-
["MISSING_X_FRAME_OPTIONS"
|
|
6554
|
-
["HARDCODED_DOMAIN_IN_HTML"
|
|
6555
|
-
["CSRF"
|
|
5874
|
+
["CMDi"]: commandInjection3,
|
|
5875
|
+
["GRAPHQL_DEPTH_LIMIT"]: graphqlDepthLimit,
|
|
5876
|
+
["INSECURE_RANDOMNESS"]: insecureRandomness2,
|
|
5877
|
+
["SSRF"]: ssrf4,
|
|
5878
|
+
["TYPE_CONFUSION"]: typeConfusion,
|
|
5879
|
+
["INCOMPLETE_URL_SANITIZATION"]: incompleteUrlSanitization,
|
|
5880
|
+
["LOG_FORGING"]: logForging4,
|
|
5881
|
+
["XSS"]: xss3,
|
|
5882
|
+
["OPEN_REDIRECT"]: openRedirect2,
|
|
5883
|
+
["SYSTEM_INFORMATION_LEAK"]: sysLeak3,
|
|
5884
|
+
["SYSTEM_INFORMATION_LEAK_EXTERNAL"]: sysLeakExternal,
|
|
5885
|
+
["IFRAME_WITHOUT_SANDBOX"]: iframeWithoutSandbox,
|
|
5886
|
+
["PT"]: pt3,
|
|
5887
|
+
["HARDCODED_SECRETS"]: hardcodedSecrets2,
|
|
5888
|
+
["MISSING_HSTS_HEADER"]: headerMaxAge,
|
|
5889
|
+
["UNCHECKED_LOOP_CONDITION"]: uncheckedLoopCondition2,
|
|
5890
|
+
["NO_LIMITS_OR_THROTTLING"]: noLimitsOrThrottling2,
|
|
5891
|
+
["MISSING_CSP_HEADER"]: cspHeaderValue,
|
|
5892
|
+
["MISSING_X_FRAME_OPTIONS"]: xFrameOptionsValue,
|
|
5893
|
+
["HARDCODED_DOMAIN_IN_HTML"]: hardcodedDomainInHtml,
|
|
5894
|
+
["CSRF"]: csrf2
|
|
6556
5895
|
};
|
|
6557
5896
|
var js_default = vulnerabilities15;
|
|
6558
5897
|
|
|
6559
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
|
|
6560
|
-
init_client_generates();
|
|
6561
|
-
|
|
6562
5898
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/duplicatedStrings.ts
|
|
6563
5899
|
var duplicatedStrings2 = {
|
|
6564
5900
|
constantName: {
|
|
@@ -6629,19 +5965,16 @@ var uncheckedLoopCondition3 = {
|
|
|
6629
5965
|
|
|
6630
5966
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
|
|
6631
5967
|
var vulnerabilities16 = {
|
|
6632
|
-
["CSRF"
|
|
6633
|
-
["LOG_FORGING"
|
|
6634
|
-
["OPEN_REDIRECT"
|
|
6635
|
-
["UNCHECKED_LOOP_CONDITION"
|
|
6636
|
-
["DUPLICATED_STRINGS"
|
|
6637
|
-
["MISSING_ENCODING_FILE_OPEN"
|
|
6638
|
-
["SSRF"
|
|
5968
|
+
["CSRF"]: csrf2,
|
|
5969
|
+
["LOG_FORGING"]: logForging5,
|
|
5970
|
+
["OPEN_REDIRECT"]: openRedirect3,
|
|
5971
|
+
["UNCHECKED_LOOP_CONDITION"]: uncheckedLoopCondition3,
|
|
5972
|
+
["DUPLICATED_STRINGS"]: duplicatedStrings2,
|
|
5973
|
+
["MISSING_ENCODING_FILE_OPEN"]: missingEncoding,
|
|
5974
|
+
["SSRF"]: ssrf5
|
|
6639
5975
|
};
|
|
6640
5976
|
var python_default2 = vulnerabilities16;
|
|
6641
5977
|
|
|
6642
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
6643
|
-
init_client_generates();
|
|
6644
|
-
|
|
6645
5978
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/unboundedOccurrences.ts
|
|
6646
5979
|
var unboundedOccurrences = {
|
|
6647
5980
|
maxOccursLimit: {
|
|
@@ -6655,13 +5988,10 @@ A value too high will cause performance issues up to and including denial of ser
|
|
|
6655
5988
|
|
|
6656
5989
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
6657
5990
|
var vulnerabilities17 = {
|
|
6658
|
-
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES"
|
|
5991
|
+
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES"]: unboundedOccurrences
|
|
6659
5992
|
};
|
|
6660
5993
|
var xml_default2 = vulnerabilities17;
|
|
6661
5994
|
|
|
6662
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/yaml/index.ts
|
|
6663
|
-
init_client_generates();
|
|
6664
|
-
|
|
6665
5995
|
// src/features/analysis/scm/shared/src/storedQuestionData/yaml/noNewPrivileges.ts
|
|
6666
5996
|
var noNewPrivileges = {
|
|
6667
5997
|
requireNewPrivileges: {
|
|
@@ -6691,17 +6021,17 @@ var writableFilesystemService = {
|
|
|
6691
6021
|
|
|
6692
6022
|
// src/features/analysis/scm/shared/src/storedQuestionData/yaml/index.ts
|
|
6693
6023
|
var vulnerabilities18 = {
|
|
6694
|
-
["PORT_ALL_INTERFACES"
|
|
6695
|
-
["WRITABLE_FILESYSTEM_SERVICE"
|
|
6696
|
-
["NO_NEW_PRIVILEGES"
|
|
6024
|
+
["PORT_ALL_INTERFACES"]: portAllInterfaces,
|
|
6025
|
+
["WRITABLE_FILESYSTEM_SERVICE"]: writableFilesystemService,
|
|
6026
|
+
["NO_NEW_PRIVILEGES"]: noNewPrivileges
|
|
6697
6027
|
};
|
|
6698
6028
|
var yaml_default = vulnerabilities18;
|
|
6699
6029
|
|
|
6700
6030
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
6701
|
-
var StoredQuestionDataItemZ =
|
|
6702
|
-
content:
|
|
6703
|
-
description:
|
|
6704
|
-
guidance:
|
|
6031
|
+
var StoredQuestionDataItemZ = z3.object({
|
|
6032
|
+
content: z3.function().args(z3.any()).returns(z3.string()),
|
|
6033
|
+
description: z3.function().args(z3.any()).returns(z3.string()),
|
|
6034
|
+
guidance: z3.function().args(z3.any()).returns(z3.string())
|
|
6705
6035
|
});
|
|
6706
6036
|
var languages2 = {
|
|
6707
6037
|
["Java" /* Java */]: java_default2,
|
|
@@ -6798,9 +6128,9 @@ function getFixGuidances({
|
|
|
6798
6128
|
const fixGuidance = storeFixResult.success ? [storeFixResult.data.guidance({ questions, ...extraContext })] : [];
|
|
6799
6129
|
return libGuidances.concat(fixGuidance).filter((guidance) => !!guidance);
|
|
6800
6130
|
}
|
|
6801
|
-
var IssueTypeAndLanguageZ =
|
|
6802
|
-
issueType:
|
|
6803
|
-
issueLanguage:
|
|
6131
|
+
var IssueTypeAndLanguageZ = z4.object({
|
|
6132
|
+
issueType: SafeIssueTypeStringZ,
|
|
6133
|
+
issueLanguage: z4.nativeEnum(IssueLanguage_Enum)
|
|
6804
6134
|
});
|
|
6805
6135
|
function getGuidances(args) {
|
|
6806
6136
|
const safeIssueTypeAndLanguage = IssueTypeAndLanguageZ.safeParse({
|
|
@@ -6866,19 +6196,19 @@ function getIssueUrl({
|
|
|
6866
6196
|
init_validations();
|
|
6867
6197
|
|
|
6868
6198
|
// src/features/analysis/scm/types.ts
|
|
6869
|
-
import { z as
|
|
6199
|
+
import { z as z12 } from "zod";
|
|
6870
6200
|
var ReferenceType = /* @__PURE__ */ ((ReferenceType2) => {
|
|
6871
6201
|
ReferenceType2["BRANCH"] = "BRANCH";
|
|
6872
6202
|
ReferenceType2["COMMIT"] = "COMMIT";
|
|
6873
6203
|
ReferenceType2["TAG"] = "TAG";
|
|
6874
6204
|
return ReferenceType2;
|
|
6875
6205
|
})(ReferenceType || {});
|
|
6876
|
-
var GithubFullShaZ =
|
|
6877
|
-
var MergedPrSurvivalMetadataZ =
|
|
6878
|
-
mergeCommitShas:
|
|
6206
|
+
var GithubFullShaZ = z12.string().regex(/^[a-f0-9]{40}$/);
|
|
6207
|
+
var MergedPrSurvivalMetadataZ = z12.object({
|
|
6208
|
+
mergeCommitShas: z12.array(GithubFullShaZ).min(1).refine((shas) => new Set(shas).size === shas.length, {
|
|
6879
6209
|
message: "mergeCommitShas must contain unique SHAs"
|
|
6880
6210
|
}),
|
|
6881
|
-
targetBranch:
|
|
6211
|
+
targetBranch: z12.string().min(1)
|
|
6882
6212
|
});
|
|
6883
6213
|
var ScmLibScmType = /* @__PURE__ */ ((ScmLibScmType2) => {
|
|
6884
6214
|
ScmLibScmType2["GITHUB"] = "GITHUB";
|
|
@@ -6905,10 +6235,10 @@ var scmTypeToScmLibScmType = {
|
|
|
6905
6235
|
["Ado" /* Ado */]: "ADO" /* ADO */,
|
|
6906
6236
|
["Bitbucket" /* Bitbucket */]: "BITBUCKET" /* BITBUCKET */
|
|
6907
6237
|
};
|
|
6908
|
-
var GetReferenceResultZ =
|
|
6909
|
-
date:
|
|
6910
|
-
sha:
|
|
6911
|
-
type:
|
|
6238
|
+
var GetReferenceResultZ = z12.object({
|
|
6239
|
+
date: z12.date().optional(),
|
|
6240
|
+
sha: z12.string(),
|
|
6241
|
+
type: z12.nativeEnum(ReferenceType)
|
|
6912
6242
|
});
|
|
6913
6243
|
|
|
6914
6244
|
// src/features/analysis/scm/utils/scm.ts
|
|
@@ -7055,7 +6385,7 @@ function shouldValidateUrl(repoUrl) {
|
|
|
7055
6385
|
return repoUrl && isUrlHasPath(repoUrl);
|
|
7056
6386
|
}
|
|
7057
6387
|
function isBrokerUrl(url) {
|
|
7058
|
-
return
|
|
6388
|
+
return z13.string().uuid().safeParse(new URL(url).host).success;
|
|
7059
6389
|
}
|
|
7060
6390
|
function buildAuthorizedRepoUrl(args) {
|
|
7061
6391
|
const { url, username, password } = args;
|
|
@@ -7091,7 +6421,7 @@ function getCloudScmLibTypeFromUrl(url) {
|
|
|
7091
6421
|
return void 0;
|
|
7092
6422
|
}
|
|
7093
6423
|
function getScmLibTypeFromScmType(scmType) {
|
|
7094
|
-
const parsedScmType =
|
|
6424
|
+
const parsedScmType = z13.nativeEnum(ScmType).parse(scmType);
|
|
7095
6425
|
return scmTypeToScmLibScmType[parsedScmType];
|
|
7096
6426
|
}
|
|
7097
6427
|
function getScmConfig({
|
|
@@ -7159,39 +6489,39 @@ init_env();
|
|
|
7159
6489
|
import querystring from "querystring";
|
|
7160
6490
|
import * as api from "azure-devops-node-api";
|
|
7161
6491
|
import Debug from "debug";
|
|
7162
|
-
import { z as
|
|
6492
|
+
import { z as z16 } from "zod";
|
|
7163
6493
|
|
|
7164
6494
|
// src/features/analysis/scm/ado/validation.ts
|
|
7165
|
-
import { z as
|
|
7166
|
-
var ValidPullRequestStatusZ =
|
|
7167
|
-
|
|
7168
|
-
|
|
7169
|
-
|
|
6495
|
+
import { z as z15 } from "zod";
|
|
6496
|
+
var ValidPullRequestStatusZ = z15.union([
|
|
6497
|
+
z15.literal(1 /* Active */),
|
|
6498
|
+
z15.literal(2 /* Abandoned */),
|
|
6499
|
+
z15.literal(3 /* Completed */)
|
|
7170
6500
|
]);
|
|
7171
|
-
var AdoAuthResultZ =
|
|
7172
|
-
access_token:
|
|
7173
|
-
token_type:
|
|
7174
|
-
refresh_token:
|
|
6501
|
+
var AdoAuthResultZ = z15.object({
|
|
6502
|
+
access_token: z15.string().min(1),
|
|
6503
|
+
token_type: z15.string().min(1),
|
|
6504
|
+
refresh_token: z15.string().min(1)
|
|
7175
6505
|
});
|
|
7176
6506
|
var AdoAuthResultWithOrgsZ = AdoAuthResultZ.extend({
|
|
7177
|
-
scmOrgs:
|
|
6507
|
+
scmOrgs: z15.array(z15.string())
|
|
7178
6508
|
});
|
|
7179
|
-
var profileZ =
|
|
7180
|
-
displayName:
|
|
7181
|
-
publicAlias:
|
|
7182
|
-
emailAddress:
|
|
7183
|
-
coreRevision:
|
|
7184
|
-
timeStamp:
|
|
7185
|
-
id:
|
|
7186
|
-
revision:
|
|
6509
|
+
var profileZ = z15.object({
|
|
6510
|
+
displayName: z15.string(),
|
|
6511
|
+
publicAlias: z15.string().min(1),
|
|
6512
|
+
emailAddress: z15.string(),
|
|
6513
|
+
coreRevision: z15.number(),
|
|
6514
|
+
timeStamp: z15.string(),
|
|
6515
|
+
id: z15.string(),
|
|
6516
|
+
revision: z15.number()
|
|
7187
6517
|
});
|
|
7188
|
-
var accountsZ =
|
|
7189
|
-
count:
|
|
7190
|
-
value:
|
|
7191
|
-
|
|
7192
|
-
accountId:
|
|
7193
|
-
accountUri:
|
|
7194
|
-
accountName:
|
|
6518
|
+
var accountsZ = z15.object({
|
|
6519
|
+
count: z15.number(),
|
|
6520
|
+
value: z15.array(
|
|
6521
|
+
z15.object({
|
|
6522
|
+
accountId: z15.string(),
|
|
6523
|
+
accountUri: z15.string(),
|
|
6524
|
+
accountName: z15.string()
|
|
7195
6525
|
})
|
|
7196
6526
|
)
|
|
7197
6527
|
});
|
|
@@ -7284,7 +6614,7 @@ async function getAdoConnectData({
|
|
|
7284
6614
|
oauthToken: adoTokenInfo.accessToken
|
|
7285
6615
|
});
|
|
7286
6616
|
return {
|
|
7287
|
-
org:
|
|
6617
|
+
org: z16.string().parse(org),
|
|
7288
6618
|
origin: DEFUALT_ADO_ORIGIN
|
|
7289
6619
|
};
|
|
7290
6620
|
}
|
|
@@ -7370,7 +6700,7 @@ async function getAdoClientParams(params) {
|
|
|
7370
6700
|
return {
|
|
7371
6701
|
tokenType: "PAT" /* PAT */,
|
|
7372
6702
|
accessToken: adoTokenInfo.accessToken,
|
|
7373
|
-
patTokenOrg:
|
|
6703
|
+
patTokenOrg: z16.string().parse(tokenOrg).toLowerCase(),
|
|
7374
6704
|
origin,
|
|
7375
6705
|
orgName: org.toLowerCase()
|
|
7376
6706
|
};
|
|
@@ -8510,40 +7840,40 @@ import querystring2 from "querystring";
|
|
|
8510
7840
|
import * as bitbucketPkgNode from "bitbucket";
|
|
8511
7841
|
import bitbucketPkg from "bitbucket";
|
|
8512
7842
|
import Debug2 from "debug";
|
|
8513
|
-
import { z as
|
|
7843
|
+
import { z as z19 } from "zod";
|
|
8514
7844
|
|
|
8515
7845
|
// src/features/analysis/scm/bitbucket/validation.ts
|
|
8516
|
-
import { z as
|
|
8517
|
-
var BitbucketAuthResultZ =
|
|
8518
|
-
access_token:
|
|
8519
|
-
token_type:
|
|
8520
|
-
refresh_token:
|
|
7846
|
+
import { z as z18 } from "zod";
|
|
7847
|
+
var BitbucketAuthResultZ = z18.object({
|
|
7848
|
+
access_token: z18.string(),
|
|
7849
|
+
token_type: z18.string(),
|
|
7850
|
+
refresh_token: z18.string()
|
|
8521
7851
|
});
|
|
8522
7852
|
|
|
8523
7853
|
// src/features/analysis/scm/bitbucket/bitbucket.ts
|
|
8524
7854
|
var debug3 = Debug2("scm:bitbucket");
|
|
8525
7855
|
var BITBUCKET_HOSTNAME = "bitbucket.org";
|
|
8526
|
-
var TokenExpiredErrorZ =
|
|
8527
|
-
status:
|
|
8528
|
-
error:
|
|
8529
|
-
type:
|
|
8530
|
-
error:
|
|
8531
|
-
message:
|
|
7856
|
+
var TokenExpiredErrorZ = z19.object({
|
|
7857
|
+
status: z19.number(),
|
|
7858
|
+
error: z19.object({
|
|
7859
|
+
type: z19.string(),
|
|
7860
|
+
error: z19.object({
|
|
7861
|
+
message: z19.string()
|
|
8532
7862
|
})
|
|
8533
7863
|
})
|
|
8534
7864
|
});
|
|
8535
7865
|
var BITBUCKET_ACCESS_TOKEN_URL = `https://${BITBUCKET_HOSTNAME}/site/oauth2/access_token`;
|
|
8536
7866
|
var MAX_BITBUCKET_PR_BODY_LENGTH = 32768;
|
|
8537
|
-
var BitbucketParseResultZ =
|
|
8538
|
-
organization:
|
|
8539
|
-
repoName:
|
|
8540
|
-
hostname:
|
|
7867
|
+
var BitbucketParseResultZ = z19.object({
|
|
7868
|
+
organization: z19.string(),
|
|
7869
|
+
repoName: z19.string(),
|
|
7870
|
+
hostname: z19.literal(BITBUCKET_HOSTNAME)
|
|
8541
7871
|
});
|
|
8542
|
-
var UserWorkspacePermissionsRepositoriesResponseZ =
|
|
8543
|
-
values:
|
|
8544
|
-
|
|
8545
|
-
repository:
|
|
8546
|
-
full_name:
|
|
7872
|
+
var UserWorkspacePermissionsRepositoriesResponseZ = z19.object({
|
|
7873
|
+
values: z19.array(
|
|
7874
|
+
z19.object({
|
|
7875
|
+
repository: z19.object({
|
|
7876
|
+
full_name: z19.string().optional()
|
|
8547
7877
|
}).optional()
|
|
8548
7878
|
})
|
|
8549
7879
|
).optional()
|
|
@@ -8606,7 +7936,7 @@ function getBitbucketSdk(params) {
|
|
|
8606
7936
|
if (!res.data.values) {
|
|
8607
7937
|
return [];
|
|
8608
7938
|
}
|
|
8609
|
-
return res.data.values.filter((branch) => !!branch.name).map((branch) =>
|
|
7939
|
+
return res.data.values.filter((branch) => !!branch.name).map((branch) => z19.string().parse(branch.name));
|
|
8610
7940
|
},
|
|
8611
7941
|
async getIsUserCollaborator(params2) {
|
|
8612
7942
|
const { repoUrl } = params2;
|
|
@@ -8726,7 +8056,7 @@ function getBitbucketSdk(params) {
|
|
|
8726
8056
|
return GetReferenceResultZ.parse({
|
|
8727
8057
|
sha: tagRes.data.target?.hash,
|
|
8728
8058
|
type: "TAG" /* TAG */,
|
|
8729
|
-
date: new Date(
|
|
8059
|
+
date: new Date(z19.string().parse(tagRes.data.target?.date))
|
|
8730
8060
|
});
|
|
8731
8061
|
},
|
|
8732
8062
|
async getBranchRef(params2) {
|
|
@@ -8734,7 +8064,7 @@ function getBitbucketSdk(params) {
|
|
|
8734
8064
|
return GetReferenceResultZ.parse({
|
|
8735
8065
|
sha: getBranchRes.target?.hash,
|
|
8736
8066
|
type: "BRANCH" /* BRANCH */,
|
|
8737
|
-
date: new Date(
|
|
8067
|
+
date: new Date(z19.string().parse(getBranchRes.target?.date))
|
|
8738
8068
|
});
|
|
8739
8069
|
},
|
|
8740
8070
|
async getCommitRef(params2) {
|
|
@@ -8742,13 +8072,13 @@ function getBitbucketSdk(params) {
|
|
|
8742
8072
|
return GetReferenceResultZ.parse({
|
|
8743
8073
|
sha: getCommitRes.hash,
|
|
8744
8074
|
type: "COMMIT" /* COMMIT */,
|
|
8745
|
-
date: new Date(
|
|
8075
|
+
date: new Date(z19.string().parse(getCommitRes.date))
|
|
8746
8076
|
});
|
|
8747
8077
|
},
|
|
8748
8078
|
async getDownloadUrl({ url, sha }) {
|
|
8749
8079
|
this.getReferenceData({ ref: sha, url });
|
|
8750
8080
|
const repoRes = await this.getRepo({ repoUrl: url });
|
|
8751
|
-
const parsedRepoUrl =
|
|
8081
|
+
const parsedRepoUrl = z19.string().url().parse(repoRes.links?.html?.href);
|
|
8752
8082
|
return `${parsedRepoUrl}/get/${sha}.zip`;
|
|
8753
8083
|
},
|
|
8754
8084
|
async getPullRequest(params2) {
|
|
@@ -8814,6 +8144,35 @@ function getBitbucketSdk(params) {
|
|
|
8814
8144
|
return { accountId: null, email: null };
|
|
8815
8145
|
}
|
|
8816
8146
|
},
|
|
8147
|
+
async listRecentCommits(params2) {
|
|
8148
|
+
const sinceDate = new Date(params2.since);
|
|
8149
|
+
const commits = [];
|
|
8150
|
+
const MAX_PAGES = 100;
|
|
8151
|
+
let page = 1;
|
|
8152
|
+
let done = false;
|
|
8153
|
+
while (!done && page <= MAX_PAGES) {
|
|
8154
|
+
const res = await bitbucketClient.repositories.listCommits({
|
|
8155
|
+
repo_slug: params2.repo_slug,
|
|
8156
|
+
workspace: params2.workspace,
|
|
8157
|
+
page: String(page),
|
|
8158
|
+
pagelen: 100
|
|
8159
|
+
});
|
|
8160
|
+
const data = res.data;
|
|
8161
|
+
const values = data?.values ?? [];
|
|
8162
|
+
if (values.length === 0) break;
|
|
8163
|
+
for (const commit of values) {
|
|
8164
|
+
const date = commit?.["date"];
|
|
8165
|
+
if (date && new Date(date) < sinceDate) {
|
|
8166
|
+
done = true;
|
|
8167
|
+
continue;
|
|
8168
|
+
}
|
|
8169
|
+
commits.push(commit);
|
|
8170
|
+
}
|
|
8171
|
+
if (!data?.next) break;
|
|
8172
|
+
page++;
|
|
8173
|
+
}
|
|
8174
|
+
return commits;
|
|
8175
|
+
},
|
|
8817
8176
|
async getRepoCommitAuthors(params2) {
|
|
8818
8177
|
try {
|
|
8819
8178
|
const res = await bitbucketClient.repositories.listCommits({
|
|
@@ -8877,7 +8236,7 @@ async function validateBitbucketParams(params) {
|
|
|
8877
8236
|
}
|
|
8878
8237
|
async function getUsersWorkspacesSlugs(bitbucketClient) {
|
|
8879
8238
|
const res = await bitbucketClient.workspaces.getWorkspaces({});
|
|
8880
|
-
return res.data.values?.map((v) =>
|
|
8239
|
+
return res.data.values?.map((v) => z19.string().parse(v.slug));
|
|
8881
8240
|
}
|
|
8882
8241
|
async function getAllUsersRepositories(bitbucketClient) {
|
|
8883
8242
|
const userWorkspacesSlugs = await getUsersWorkspacesSlugs(bitbucketClient);
|
|
@@ -8905,10 +8264,10 @@ async function getRepositoriesByWorkspace(bitbucketClient, { workspaceSlug }) {
|
|
|
8905
8264
|
|
|
8906
8265
|
// src/features/analysis/scm/bitbucket/BitbucketSCMLib.ts
|
|
8907
8266
|
import { setTimeout as setTimeout3 } from "timers/promises";
|
|
8908
|
-
import { z as
|
|
8267
|
+
import { z as z20 } from "zod";
|
|
8909
8268
|
function getUserAndPassword(token) {
|
|
8910
8269
|
const [username, password] = token.split(":");
|
|
8911
|
-
const safePasswordAndUsername =
|
|
8270
|
+
const safePasswordAndUsername = z20.object({ username: z20.string(), password: z20.string() }).parse({ username, password });
|
|
8912
8271
|
return {
|
|
8913
8272
|
username: safePasswordAndUsername.username,
|
|
8914
8273
|
password: safePasswordAndUsername.password
|
|
@@ -8980,7 +8339,7 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
8980
8339
|
return { username, password, authType };
|
|
8981
8340
|
}
|
|
8982
8341
|
case "token": {
|
|
8983
|
-
return { authType, token:
|
|
8342
|
+
return { authType, token: z20.string().parse(this.accessToken) };
|
|
8984
8343
|
}
|
|
8985
8344
|
case "public":
|
|
8986
8345
|
return { authType };
|
|
@@ -8994,7 +8353,7 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
8994
8353
|
...params,
|
|
8995
8354
|
repoUrl: this.url
|
|
8996
8355
|
});
|
|
8997
|
-
return String(
|
|
8356
|
+
return String(z20.number().parse(pullRequestRes.id));
|
|
8998
8357
|
} catch (e) {
|
|
8999
8358
|
console.warn(
|
|
9000
8359
|
`error creating pull request for BB. Try number ${String(i + 1).replace(/\n|\r/g, "")}`,
|
|
@@ -9079,7 +8438,7 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
9079
8438
|
async getUsername() {
|
|
9080
8439
|
this._validateAccessToken();
|
|
9081
8440
|
const res = await this.bitbucketSdk.getUser();
|
|
9082
|
-
return
|
|
8441
|
+
return z20.string().parse(res["username"]);
|
|
9083
8442
|
}
|
|
9084
8443
|
async getSubmitRequestStatus(_scmSubmitRequestId) {
|
|
9085
8444
|
this._validateAccessTokenAndUrl();
|
|
@@ -9105,7 +8464,7 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
9105
8464
|
async getRepoDefaultBranch() {
|
|
9106
8465
|
this._validateUrl();
|
|
9107
8466
|
const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
|
|
9108
|
-
return
|
|
8467
|
+
return z20.string().parse(repoRes.mainbranch?.name);
|
|
9109
8468
|
}
|
|
9110
8469
|
getSubmitRequestUrl(submitRequestId) {
|
|
9111
8470
|
this._validateUrl();
|
|
@@ -9157,8 +8516,33 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
9157
8516
|
async getPullRequestMetrics(_prNumber) {
|
|
9158
8517
|
throw new Error("getPullRequestMetrics not implemented for Bitbucket");
|
|
9159
8518
|
}
|
|
9160
|
-
async getRecentCommits(
|
|
9161
|
-
|
|
8519
|
+
async getRecentCommits(since) {
|
|
8520
|
+
this._validateAccessTokenAndUrl();
|
|
8521
|
+
const { workspace, repo_slug } = parseBitbucketOrganizationAndRepo(this.url);
|
|
8522
|
+
const bitbucketSdk = createBitbucketSdk(this.accessToken);
|
|
8523
|
+
const rawCommits = await bitbucketSdk.listRecentCommits({
|
|
8524
|
+
workspace,
|
|
8525
|
+
repo_slug,
|
|
8526
|
+
since
|
|
8527
|
+
});
|
|
8528
|
+
return {
|
|
8529
|
+
data: rawCommits.map((commit) => {
|
|
8530
|
+
const c = commit;
|
|
8531
|
+
const author = c["author"];
|
|
8532
|
+
const match = author?.raw?.match(/^(.+?)\s*<([^>]+)>/);
|
|
8533
|
+
return {
|
|
8534
|
+
sha: c["hash"] ?? "",
|
|
8535
|
+
commit: {
|
|
8536
|
+
committer: c["date"] ? { date: c["date"] } : void 0,
|
|
8537
|
+
author: match ? { name: match[1]?.trim(), email: match[2] } : void 0,
|
|
8538
|
+
message: c["message"] ?? ""
|
|
8539
|
+
},
|
|
8540
|
+
// Bitbucket resolves the commit to an account when it can; account_id
|
|
8541
|
+
// matches repo_contributor.external_id for Bitbucket rows.
|
|
8542
|
+
authorExternalId: author?.user?.account_id ?? null
|
|
8543
|
+
};
|
|
8544
|
+
})
|
|
8545
|
+
};
|
|
9162
8546
|
}
|
|
9163
8547
|
async getRateLimitStatus() {
|
|
9164
8548
|
return null;
|
|
@@ -9248,7 +8632,7 @@ init_env();
|
|
|
9248
8632
|
|
|
9249
8633
|
// src/features/analysis/scm/github/GithubSCMLib.ts
|
|
9250
8634
|
import pLimit3 from "p-limit";
|
|
9251
|
-
import { z as
|
|
8635
|
+
import { z as z21 } from "zod";
|
|
9252
8636
|
init_client_generates();
|
|
9253
8637
|
|
|
9254
8638
|
// src/features/analysis/scm/github/github.ts
|
|
@@ -9423,7 +8807,7 @@ function getOctoKit(options) {
|
|
|
9423
8807
|
octokit.log.warn(
|
|
9424
8808
|
`Request quota exhausted for request ${options2.method} ${options2.url}`
|
|
9425
8809
|
);
|
|
9426
|
-
if (retryCount
|
|
8810
|
+
if (retryCount < 3) {
|
|
9427
8811
|
octokit.log.info(`Retrying after ${retryAfter} seconds!`);
|
|
9428
8812
|
return true;
|
|
9429
8813
|
}
|
|
@@ -9433,7 +8817,7 @@ function getOctoKit(options) {
|
|
|
9433
8817
|
octokit.log.warn(
|
|
9434
8818
|
`SecondaryRateLimit detected for request ${options2.method} ${options2.url}`
|
|
9435
8819
|
);
|
|
9436
|
-
if (retryCount
|
|
8820
|
+
if (retryCount < 3) {
|
|
9437
8821
|
octokit.log.info(`Retrying after ${retryAfter} seconds!`);
|
|
9438
8822
|
return true;
|
|
9439
8823
|
}
|
|
@@ -10198,10 +9582,16 @@ function getGithubSdk(params = {}) {
|
|
|
10198
9582
|
});
|
|
10199
9583
|
return members;
|
|
10200
9584
|
},
|
|
10201
|
-
async getUserProfile(
|
|
9585
|
+
async getUserProfile(getProfileParams) {
|
|
9586
|
+
const cache = params.userProfileCache;
|
|
9587
|
+
const cached = cache?.get(getProfileParams.username);
|
|
9588
|
+
if (cached) {
|
|
9589
|
+
return cached;
|
|
9590
|
+
}
|
|
10202
9591
|
const { data } = await octokit.rest.users.getByUsername({
|
|
10203
|
-
username:
|
|
9592
|
+
username: getProfileParams.username
|
|
10204
9593
|
});
|
|
9594
|
+
cache?.set(getProfileParams.username, data);
|
|
10205
9595
|
return data;
|
|
10206
9596
|
},
|
|
10207
9597
|
async getLatestRepoCommitByAuthor(params2) {
|
|
@@ -10294,12 +9684,16 @@ function determinePrStatus(state, isDraft) {
|
|
|
10294
9684
|
}
|
|
10295
9685
|
var GithubSCMLib = class extends SCMLib {
|
|
10296
9686
|
// we don't always need a url, what's important is that we have an access token
|
|
10297
|
-
constructor(url, accessToken, scmOrg) {
|
|
9687
|
+
constructor(url, accessToken, scmOrg, options) {
|
|
10298
9688
|
super(url, accessToken, scmOrg);
|
|
10299
9689
|
__publicField(this, "githubSdk");
|
|
10300
9690
|
this.githubSdk = getGithubSdk({
|
|
10301
9691
|
auth: accessToken,
|
|
10302
|
-
url
|
|
9692
|
+
url,
|
|
9693
|
+
// Honor GitHub's rate-limit/Retry-After backoff for bulk callers
|
|
9694
|
+
// (e.g. the contributor sync) instead of failing fast.
|
|
9695
|
+
isEnableRetries: options?.enableThrottling,
|
|
9696
|
+
userProfileCache: options?.userProfileCache
|
|
10303
9697
|
});
|
|
10304
9698
|
}
|
|
10305
9699
|
async createSubmitRequest(params) {
|
|
@@ -10406,7 +9800,7 @@ var GithubSCMLib = class extends SCMLib {
|
|
|
10406
9800
|
owner,
|
|
10407
9801
|
repo
|
|
10408
9802
|
});
|
|
10409
|
-
return
|
|
9803
|
+
return z21.string().parse(prRes.data);
|
|
10410
9804
|
}
|
|
10411
9805
|
async getRepoList(_scmOrg) {
|
|
10412
9806
|
this._validateAccessToken();
|
|
@@ -10429,7 +9823,13 @@ var GithubSCMLib = class extends SCMLib {
|
|
|
10429
9823
|
author: c.commit.author ? { email: c.commit.author.email, name: c.commit.author.name } : void 0,
|
|
10430
9824
|
message: c.commit.message
|
|
10431
9825
|
},
|
|
10432
|
-
parents: c.parents?.map((p) => ({ sha: p.sha }))
|
|
9826
|
+
parents: c.parents?.map((p) => ({ sha: p.sha })),
|
|
9827
|
+
// Top-level `author` is GitHub's resolution of the commit to an account
|
|
9828
|
+
// (null when GitHub can't tie the commit email to a user). Its numeric
|
|
9829
|
+
// id matches repo_contributor.external_id (stored as String(id)), and
|
|
9830
|
+
// its type marks GitHub App / bot accounts authoritatively.
|
|
9831
|
+
authorExternalId: c.author?.id != null ? String(c.author.id) : null,
|
|
9832
|
+
authorIsBot: c.author?.type === "Bot"
|
|
10433
9833
|
}))
|
|
10434
9834
|
};
|
|
10435
9835
|
}
|
|
@@ -10498,7 +9898,11 @@ var GithubSCMLib = class extends SCMLib {
|
|
|
10498
9898
|
author: c.login
|
|
10499
9899
|
}
|
|
10500
9900
|
);
|
|
10501
|
-
const
|
|
9901
|
+
const commitAuthor = commit?.commit?.author;
|
|
9902
|
+
const commitEmail = commitAuthor?.email;
|
|
9903
|
+
if (commitAuthor?.name && displayName === c.login) {
|
|
9904
|
+
displayName = commitAuthor.name;
|
|
9905
|
+
}
|
|
10502
9906
|
if (commitEmail) {
|
|
10503
9907
|
if (isRealEmail(commitEmail)) {
|
|
10504
9908
|
profileEmail = commitEmail;
|
|
@@ -10577,6 +9981,11 @@ var GithubSCMLib = class extends SCMLib {
|
|
|
10577
9981
|
username: c.login
|
|
10578
9982
|
});
|
|
10579
9983
|
}
|
|
9984
|
+
contextLogger.info("[GitHub] Contributor resolved", {
|
|
9985
|
+
username: c.login,
|
|
9986
|
+
profileName: displayName,
|
|
9987
|
+
displayNameIsNull: displayName === null
|
|
9988
|
+
});
|
|
10580
9989
|
return {
|
|
10581
9990
|
externalId: String(c.id),
|
|
10582
9991
|
username: c.login ?? null,
|
|
@@ -11018,11 +10427,11 @@ import {
|
|
|
11018
10427
|
init_env();
|
|
11019
10428
|
|
|
11020
10429
|
// src/features/analysis/scm/gitlab/types.ts
|
|
11021
|
-
import { z as
|
|
11022
|
-
var GitlabAuthResultZ =
|
|
11023
|
-
access_token:
|
|
11024
|
-
token_type:
|
|
11025
|
-
refresh_token:
|
|
10430
|
+
import { z as z22 } from "zod";
|
|
10431
|
+
var GitlabAuthResultZ = z22.object({
|
|
10432
|
+
access_token: z22.string(),
|
|
10433
|
+
token_type: z22.string(),
|
|
10434
|
+
refresh_token: z22.string()
|
|
11026
10435
|
});
|
|
11027
10436
|
|
|
11028
10437
|
// src/features/analysis/scm/gitlab/gitlab.ts
|
|
@@ -12240,7 +11649,7 @@ var GitlabSCMLib = class extends SCMLib {
|
|
|
12240
11649
|
};
|
|
12241
11650
|
|
|
12242
11651
|
// src/features/analysis/scm/scmFactory.ts
|
|
12243
|
-
import { z as
|
|
11652
|
+
import { z as z23 } from "zod";
|
|
12244
11653
|
|
|
12245
11654
|
// src/features/analysis/scm/StubSCMLib.ts
|
|
12246
11655
|
var StubSCMLib = class extends SCMLib {
|
|
@@ -12355,12 +11764,20 @@ var StubSCMLib = class extends SCMLib {
|
|
|
12355
11764
|
};
|
|
12356
11765
|
|
|
12357
11766
|
// src/features/analysis/scm/scmFactory.ts
|
|
12358
|
-
async function createScmLib({ url, accessToken, scmType, scmOrg }, {
|
|
11767
|
+
async function createScmLib({ url, accessToken, scmType, scmOrg }, {
|
|
11768
|
+
propagateExceptions = false,
|
|
11769
|
+
skipValidation = false,
|
|
11770
|
+
enableThrottling = false,
|
|
11771
|
+
githubUserProfileCache
|
|
11772
|
+
} = {}) {
|
|
12359
11773
|
const trimmedUrl = url ? url.trim().replace(/\/$/, "").replace(/.git$/i, "") : void 0;
|
|
12360
11774
|
try {
|
|
12361
11775
|
switch (scmType) {
|
|
12362
11776
|
case "GITHUB" /* GITHUB */: {
|
|
12363
|
-
const scm = new GithubSCMLib(trimmedUrl, accessToken, scmOrg
|
|
11777
|
+
const scm = new GithubSCMLib(trimmedUrl, accessToken, scmOrg, {
|
|
11778
|
+
enableThrottling,
|
|
11779
|
+
userProfileCache: githubUserProfileCache
|
|
11780
|
+
});
|
|
12364
11781
|
if (!skipValidation) await scm.validateParams();
|
|
12365
11782
|
return scm;
|
|
12366
11783
|
}
|
|
@@ -12385,7 +11802,7 @@ async function createScmLib({ url, accessToken, scmType, scmOrg }, { propagateEx
|
|
|
12385
11802
|
if (e instanceof InvalidRepoUrlError && url) {
|
|
12386
11803
|
throw new RepoNoTokenAccessError(
|
|
12387
11804
|
"no access to repo",
|
|
12388
|
-
scmLibScmTypeToScmType[
|
|
11805
|
+
scmLibScmTypeToScmType[z23.nativeEnum(ScmLibScmType).parse(scmType)]
|
|
12389
11806
|
);
|
|
12390
11807
|
}
|
|
12391
11808
|
console.error(`error validating scm: ${scmType} `, e);
|
|
@@ -12992,7 +12409,7 @@ import path6 from "path";
|
|
|
12992
12409
|
import chalk from "chalk";
|
|
12993
12410
|
import Debug4 from "debug";
|
|
12994
12411
|
import * as dotenv from "dotenv";
|
|
12995
|
-
import { z as
|
|
12412
|
+
import { z as z24 } from "zod";
|
|
12996
12413
|
var debug5 = Debug4("mobbdev:constants");
|
|
12997
12414
|
var runtimeConfigPath = path6.join(
|
|
12998
12415
|
getModuleRootDir(),
|
|
@@ -13039,17 +12456,17 @@ var scannerToVulnerabilityReportVendorEnum = {
|
|
|
13039
12456
|
[SCANNERS.Datadog]: "datadog" /* Datadog */,
|
|
13040
12457
|
[SCANNERS.BlackDuck]: "blackDuck" /* BlackDuck */
|
|
13041
12458
|
};
|
|
13042
|
-
var SupportedScannersZ =
|
|
13043
|
-
var envVariablesSchema =
|
|
12459
|
+
var SupportedScannersZ = z24.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
|
|
12460
|
+
var envVariablesSchema = z24.object({
|
|
13044
12461
|
// These have safe defaults for production - the VS Code extension passes explicit URLs
|
|
13045
|
-
WEB_APP_URL:
|
|
13046
|
-
API_URL:
|
|
12462
|
+
WEB_APP_URL: z24.string().optional().default(DEFAULT_WEB_APP_URL),
|
|
12463
|
+
API_URL: z24.string().optional().default(DEFAULT_API_URL),
|
|
13047
12464
|
// These are only needed for local development with Hasura
|
|
13048
|
-
HASURA_ACCESS_KEY:
|
|
13049
|
-
LOCAL_GRAPHQL_ENDPOINT:
|
|
12465
|
+
HASURA_ACCESS_KEY: z24.string().optional().default(""),
|
|
12466
|
+
LOCAL_GRAPHQL_ENDPOINT: z24.string().optional().default(""),
|
|
13050
12467
|
// Proxy settings
|
|
13051
|
-
HTTP_PROXY:
|
|
13052
|
-
HTTPS_PROXY:
|
|
12468
|
+
HTTP_PROXY: z24.string().optional().default(""),
|
|
12469
|
+
HTTPS_PROXY: z24.string().optional().default("")
|
|
13053
12470
|
});
|
|
13054
12471
|
var envVariables = envVariablesSchema.parse(process.env);
|
|
13055
12472
|
debug5("config %o", envVariables);
|
|
@@ -13307,7 +12724,7 @@ import { createSpinner as createSpinner4 } from "nanospinner";
|
|
|
13307
12724
|
import fetch4 from "node-fetch";
|
|
13308
12725
|
import open3 from "open";
|
|
13309
12726
|
import tmp2 from "tmp";
|
|
13310
|
-
import { z as
|
|
12727
|
+
import { z as z30 } from "zod";
|
|
13311
12728
|
|
|
13312
12729
|
// src/commands/AuthManager.ts
|
|
13313
12730
|
import crypto from "crypto";
|
|
@@ -13584,62 +13001,62 @@ init_client_generates();
|
|
|
13584
13001
|
|
|
13585
13002
|
// src/features/analysis/graphql/types.ts
|
|
13586
13003
|
init_client_generates();
|
|
13587
|
-
import { z as
|
|
13588
|
-
var VulnerabilityReportIssueCodeNodeZ =
|
|
13589
|
-
vulnerabilityReportIssueId:
|
|
13590
|
-
path:
|
|
13591
|
-
startLine:
|
|
13592
|
-
vulnerabilityReportIssue:
|
|
13593
|
-
fixId:
|
|
13594
|
-
category:
|
|
13595
|
-
safeIssueType:
|
|
13596
|
-
vulnerabilityReportIssueTags:
|
|
13597
|
-
|
|
13598
|
-
tag:
|
|
13004
|
+
import { z as z25 } from "zod";
|
|
13005
|
+
var VulnerabilityReportIssueCodeNodeZ = z25.object({
|
|
13006
|
+
vulnerabilityReportIssueId: z25.string(),
|
|
13007
|
+
path: z25.string(),
|
|
13008
|
+
startLine: z25.number(),
|
|
13009
|
+
vulnerabilityReportIssue: z25.object({
|
|
13010
|
+
fixId: z25.string(),
|
|
13011
|
+
category: z25.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
13012
|
+
safeIssueType: z25.string(),
|
|
13013
|
+
vulnerabilityReportIssueTags: z25.array(
|
|
13014
|
+
z25.object({
|
|
13015
|
+
tag: z25.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
|
|
13599
13016
|
})
|
|
13600
13017
|
)
|
|
13601
13018
|
})
|
|
13602
13019
|
});
|
|
13603
|
-
var VulnerabilityReportIssueNoFixCodeNodeZ =
|
|
13604
|
-
vulnerabilityReportIssues:
|
|
13605
|
-
|
|
13606
|
-
id:
|
|
13607
|
-
fixId:
|
|
13608
|
-
category:
|
|
13609
|
-
safeIssueType:
|
|
13610
|
-
fpId:
|
|
13611
|
-
codeNodes:
|
|
13612
|
-
|
|
13613
|
-
path:
|
|
13614
|
-
startLine:
|
|
13020
|
+
var VulnerabilityReportIssueNoFixCodeNodeZ = z25.object({
|
|
13021
|
+
vulnerabilityReportIssues: z25.array(
|
|
13022
|
+
z25.object({
|
|
13023
|
+
id: z25.string(),
|
|
13024
|
+
fixId: z25.string().nullable(),
|
|
13025
|
+
category: z25.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
13026
|
+
safeIssueType: z25.string(),
|
|
13027
|
+
fpId: z25.string().uuid().nullable(),
|
|
13028
|
+
codeNodes: z25.array(
|
|
13029
|
+
z25.object({
|
|
13030
|
+
path: z25.string(),
|
|
13031
|
+
startLine: z25.number()
|
|
13615
13032
|
})
|
|
13616
13033
|
),
|
|
13617
|
-
vulnerabilityReportIssueTags:
|
|
13618
|
-
|
|
13619
|
-
tag:
|
|
13034
|
+
vulnerabilityReportIssueTags: z25.array(
|
|
13035
|
+
z25.object({
|
|
13036
|
+
tag: z25.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
|
|
13620
13037
|
})
|
|
13621
13038
|
)
|
|
13622
13039
|
})
|
|
13623
13040
|
)
|
|
13624
13041
|
});
|
|
13625
|
-
var GetVulByNodesMetadataZ =
|
|
13626
|
-
vulnerabilityReportIssueCodeNodes:
|
|
13627
|
-
nonFixablePrVuls:
|
|
13628
|
-
aggregate:
|
|
13629
|
-
count:
|
|
13042
|
+
var GetVulByNodesMetadataZ = z25.object({
|
|
13043
|
+
vulnerabilityReportIssueCodeNodes: z25.array(VulnerabilityReportIssueCodeNodeZ),
|
|
13044
|
+
nonFixablePrVuls: z25.object({
|
|
13045
|
+
aggregate: z25.object({
|
|
13046
|
+
count: z25.number()
|
|
13630
13047
|
})
|
|
13631
13048
|
}),
|
|
13632
|
-
fixablePrVuls:
|
|
13633
|
-
aggregate:
|
|
13634
|
-
count:
|
|
13049
|
+
fixablePrVuls: z25.object({
|
|
13050
|
+
aggregate: z25.object({
|
|
13051
|
+
count: z25.number()
|
|
13635
13052
|
})
|
|
13636
13053
|
}),
|
|
13637
|
-
totalScanVulnerabilities:
|
|
13638
|
-
aggregate:
|
|
13639
|
-
count:
|
|
13054
|
+
totalScanVulnerabilities: z25.object({
|
|
13055
|
+
aggregate: z25.object({
|
|
13056
|
+
count: z25.number()
|
|
13640
13057
|
})
|
|
13641
13058
|
}),
|
|
13642
|
-
irrelevantVulnerabilityReportIssue:
|
|
13059
|
+
irrelevantVulnerabilityReportIssue: z25.array(
|
|
13643
13060
|
VulnerabilityReportIssueNoFixCodeNodeZ
|
|
13644
13061
|
)
|
|
13645
13062
|
});
|
|
@@ -13706,6 +13123,22 @@ var GQLClient = class {
|
|
|
13706
13123
|
});
|
|
13707
13124
|
this._clientSdk = getSdk(this._client);
|
|
13708
13125
|
}
|
|
13126
|
+
// Fetch the analyzer-owned issue-type catalog once and hydrate the shared
|
|
13127
|
+
// in-memory cache so the synchronous display helpers serve analyzer labels
|
|
13128
|
+
// and descriptions. NO FALLBACK: a fetch error or an empty response throws so
|
|
13129
|
+
// the CLI fails loudly instead of silently rendering degraded labels.
|
|
13130
|
+
async loadIssueTypeCatalog() {
|
|
13131
|
+
if (isIssueTypeCatalogHydrated()) {
|
|
13132
|
+
return;
|
|
13133
|
+
}
|
|
13134
|
+
const { issueTypes } = await this._clientSdk.IssueTypes();
|
|
13135
|
+
if (issueTypes.length === 0) {
|
|
13136
|
+
throw new Error(
|
|
13137
|
+
"Issue-type catalog is empty: the issueTypes query returned no entries"
|
|
13138
|
+
);
|
|
13139
|
+
}
|
|
13140
|
+
hydrateIssueTypeCatalog(issueTypes);
|
|
13141
|
+
}
|
|
13709
13142
|
async getUserInfo() {
|
|
13710
13143
|
const { me } = await this._clientSdk.Me();
|
|
13711
13144
|
return me;
|
|
@@ -14145,7 +13578,7 @@ import * as os2 from "os";
|
|
|
14145
13578
|
import path7 from "path";
|
|
14146
13579
|
import chalk4 from "chalk";
|
|
14147
13580
|
import { withFile } from "tmp-promise";
|
|
14148
|
-
import
|
|
13581
|
+
import z26 from "zod";
|
|
14149
13582
|
|
|
14150
13583
|
// src/commands/handleMobbLogin.ts
|
|
14151
13584
|
import chalk3 from "chalk";
|
|
@@ -14685,8 +14118,8 @@ var defaultLogger2 = {
|
|
|
14685
14118
|
}
|
|
14686
14119
|
}
|
|
14687
14120
|
};
|
|
14688
|
-
var PromptItemZ =
|
|
14689
|
-
type:
|
|
14121
|
+
var PromptItemZ = z26.object({
|
|
14122
|
+
type: z26.enum([
|
|
14690
14123
|
"USER_PROMPT",
|
|
14691
14124
|
"AI_RESPONSE",
|
|
14692
14125
|
"TOOL_EXECUTION",
|
|
@@ -14694,32 +14127,32 @@ var PromptItemZ = z27.object({
|
|
|
14694
14127
|
"MCP_TOOL_CALL"
|
|
14695
14128
|
// MCP (Model Context Protocol) tool invocation
|
|
14696
14129
|
]),
|
|
14697
|
-
attachedFiles:
|
|
14698
|
-
|
|
14699
|
-
relativePath:
|
|
14700
|
-
startLine:
|
|
14130
|
+
attachedFiles: z26.array(
|
|
14131
|
+
z26.object({
|
|
14132
|
+
relativePath: z26.string(),
|
|
14133
|
+
startLine: z26.number().optional()
|
|
14701
14134
|
})
|
|
14702
14135
|
).optional(),
|
|
14703
|
-
tokens:
|
|
14704
|
-
inputCount:
|
|
14705
|
-
outputCount:
|
|
14136
|
+
tokens: z26.object({
|
|
14137
|
+
inputCount: z26.number(),
|
|
14138
|
+
outputCount: z26.number()
|
|
14706
14139
|
}).optional(),
|
|
14707
|
-
text:
|
|
14708
|
-
date:
|
|
14709
|
-
tool:
|
|
14710
|
-
name:
|
|
14711
|
-
parameters:
|
|
14712
|
-
result:
|
|
14713
|
-
rawArguments:
|
|
14714
|
-
accepted:
|
|
14140
|
+
text: z26.string().optional(),
|
|
14141
|
+
date: z26.date().optional(),
|
|
14142
|
+
tool: z26.object({
|
|
14143
|
+
name: z26.string(),
|
|
14144
|
+
parameters: z26.string(),
|
|
14145
|
+
result: z26.string(),
|
|
14146
|
+
rawArguments: z26.string().optional(),
|
|
14147
|
+
accepted: z26.boolean().optional(),
|
|
14715
14148
|
// MCP-specific fields (only populated for MCP_TOOL_CALL type)
|
|
14716
|
-
mcpServer:
|
|
14149
|
+
mcpServer: z26.string().optional(),
|
|
14717
14150
|
// MCP server name (e.g., "datadog", "mobb-mcp")
|
|
14718
|
-
mcpToolName:
|
|
14151
|
+
mcpToolName: z26.string().optional()
|
|
14719
14152
|
// MCP tool name without prefix (e.g., "scan_and_fix_vulnerabilities")
|
|
14720
14153
|
}).optional()
|
|
14721
14154
|
});
|
|
14722
|
-
var PromptItemArrayZ =
|
|
14155
|
+
var PromptItemArrayZ = z26.array(PromptItemZ);
|
|
14723
14156
|
var NULL_REPO_STATE = {
|
|
14724
14157
|
repositoryUrl: null,
|
|
14725
14158
|
branch: null,
|
|
@@ -15657,7 +15090,7 @@ import Debug15 from "debug";
|
|
|
15657
15090
|
// src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
|
|
15658
15091
|
import Debug14 from "debug";
|
|
15659
15092
|
import parseDiff from "parse-diff";
|
|
15660
|
-
import { z as
|
|
15093
|
+
import { z as z28 } from "zod";
|
|
15661
15094
|
|
|
15662
15095
|
// src/features/analysis/utils/by_key.ts
|
|
15663
15096
|
function keyBy(array, keyBy2) {
|
|
@@ -15746,7 +15179,7 @@ var scannerToFriendlyString = {
|
|
|
15746
15179
|
|
|
15747
15180
|
// src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
|
|
15748
15181
|
import Debug13 from "debug";
|
|
15749
|
-
import { z as
|
|
15182
|
+
import { z as z27 } from "zod";
|
|
15750
15183
|
init_client_generates();
|
|
15751
15184
|
var debug14 = Debug13("mobbdev:handle-finished-analysis");
|
|
15752
15185
|
var getCommitFixButton = (commitUrl) => `<a href="${commitUrl}"><img src=${COMMIT_FIX_SVG}></a>`;
|
|
@@ -15792,11 +15225,11 @@ function buildFixCommentBody({
|
|
|
15792
15225
|
});
|
|
15793
15226
|
const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
|
|
15794
15227
|
const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
|
|
15795
|
-
const validFixParseRes =
|
|
15228
|
+
const validFixParseRes = z27.object({
|
|
15796
15229
|
patchAndQuestions: PatchAndQuestionsZ,
|
|
15797
|
-
safeIssueLanguage:
|
|
15798
|
-
severityText:
|
|
15799
|
-
safeIssueType:
|
|
15230
|
+
safeIssueLanguage: z27.nativeEnum(IssueLanguage_Enum),
|
|
15231
|
+
severityText: z27.nativeEnum(Vulnerability_Severity_Enum),
|
|
15232
|
+
safeIssueType: SafeIssueTypeStringZ
|
|
15800
15233
|
}).safeParse(fix);
|
|
15801
15234
|
if (!validFixParseRes.success) {
|
|
15802
15235
|
debug14(
|
|
@@ -16030,7 +15463,7 @@ async function getRelevantVulenrabilitiesFromDiff(params) {
|
|
|
16030
15463
|
});
|
|
16031
15464
|
const lineAddedRanges = calculateRanges(fileNumbers);
|
|
16032
15465
|
const fileFilter = {
|
|
16033
|
-
path:
|
|
15466
|
+
path: z28.string().parse(file.to),
|
|
16034
15467
|
ranges: lineAddedRanges.map(([startLine, endLine]) => ({
|
|
16035
15468
|
endLine,
|
|
16036
15469
|
startLine
|
|
@@ -16342,15 +15775,15 @@ import { globby } from "globby";
|
|
|
16342
15775
|
import { isBinary as isBinary2 } from "istextorbinary";
|
|
16343
15776
|
import { simpleGit as simpleGit3 } from "simple-git";
|
|
16344
15777
|
import { parseStringPromise } from "xml2js";
|
|
16345
|
-
import { z as
|
|
15778
|
+
import { z as z29 } from "zod";
|
|
16346
15779
|
var debug19 = Debug18("mobbdev:pack");
|
|
16347
|
-
var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA =
|
|
16348
|
-
properties:
|
|
16349
|
-
entry:
|
|
16350
|
-
|
|
16351
|
-
_:
|
|
16352
|
-
$:
|
|
16353
|
-
key:
|
|
15780
|
+
var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA = z29.object({
|
|
15781
|
+
properties: z29.object({
|
|
15782
|
+
entry: z29.array(
|
|
15783
|
+
z29.object({
|
|
15784
|
+
_: z29.string(),
|
|
15785
|
+
$: z29.object({
|
|
15786
|
+
key: z29.string()
|
|
16354
15787
|
})
|
|
16355
15788
|
})
|
|
16356
15789
|
)
|
|
@@ -17014,6 +16447,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
17014
16447
|
inputApiKey: apiKey,
|
|
17015
16448
|
isSkipPrompts: skipPrompts
|
|
17016
16449
|
});
|
|
16450
|
+
await gqlClient.loadIssueTypeCatalog();
|
|
17017
16451
|
if (!mobbProjectName) {
|
|
17018
16452
|
throw new Error("mobbProjectName is required");
|
|
17019
16453
|
}
|
|
@@ -17133,7 +16567,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
17133
16567
|
spinner: mobbSpinner,
|
|
17134
16568
|
submitVulnerabilityReportVariables: {
|
|
17135
16569
|
fixReportId: reportUploadInfo.fixReportId,
|
|
17136
|
-
repoUrl:
|
|
16570
|
+
repoUrl: z30.string().parse(repo),
|
|
17137
16571
|
reference,
|
|
17138
16572
|
projectId,
|
|
17139
16573
|
vulnerabilityReportFileName: shouldScan ? void 0 : REPORT_DEFAULT_FILE_NAME,
|
|
@@ -17473,9 +16907,9 @@ async function waitForAnaysisAndReviewPr({
|
|
|
17473
16907
|
gqlClient,
|
|
17474
16908
|
polling
|
|
17475
16909
|
}) {
|
|
17476
|
-
const params =
|
|
17477
|
-
repo:
|
|
17478
|
-
githubActionToken:
|
|
16910
|
+
const params = z30.object({
|
|
16911
|
+
repo: z30.string().url(),
|
|
16912
|
+
githubActionToken: z30.string()
|
|
17479
16913
|
}).parse({ repo, githubActionToken });
|
|
17480
16914
|
const scm = await createScmLib(
|
|
17481
16915
|
{
|
|
@@ -17493,7 +16927,7 @@ async function waitForAnaysisAndReviewPr({
|
|
|
17493
16927
|
analysisId: analysisId2,
|
|
17494
16928
|
gqlClient,
|
|
17495
16929
|
scm,
|
|
17496
|
-
scanner:
|
|
16930
|
+
scanner: z30.nativeEnum(SCANNERS).parse(scanner)
|
|
17497
16931
|
});
|
|
17498
16932
|
};
|
|
17499
16933
|
if (polling) {
|
|
@@ -17809,7 +17243,7 @@ async function scanSkill(options) {
|
|
|
17809
17243
|
// src/args/validation.ts
|
|
17810
17244
|
import chalk9 from "chalk";
|
|
17811
17245
|
import path12 from "path";
|
|
17812
|
-
import { z as
|
|
17246
|
+
import { z as z31 } from "zod";
|
|
17813
17247
|
function throwRepoUrlErrorMessage({
|
|
17814
17248
|
error,
|
|
17815
17249
|
repoUrl,
|
|
@@ -17826,11 +17260,11 @@ Example:
|
|
|
17826
17260
|
)}`;
|
|
17827
17261
|
throw new CliError(formattedErrorMessage);
|
|
17828
17262
|
}
|
|
17829
|
-
var UrlZ =
|
|
17263
|
+
var UrlZ = z31.string({
|
|
17830
17264
|
invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
|
|
17831
17265
|
});
|
|
17832
17266
|
function validateOrganizationId(organizationId) {
|
|
17833
|
-
const orgIdValidation =
|
|
17267
|
+
const orgIdValidation = z31.string().uuid().nullish().safeParse(organizationId);
|
|
17834
17268
|
if (!orgIdValidation.success) {
|
|
17835
17269
|
throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
|
|
17836
17270
|
}
|
|
@@ -19977,7 +19411,7 @@ function createLogger(config2) {
|
|
|
19977
19411
|
|
|
19978
19412
|
// src/features/claude_code/hook_logger.ts
|
|
19979
19413
|
var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
|
|
19980
|
-
var CLI_VERSION = true ? "1.4.
|
|
19414
|
+
var CLI_VERSION = true ? "1.4.32" : "unknown";
|
|
19981
19415
|
var NAMESPACE = "mobbdev-claude-code-hook-logs";
|
|
19982
19416
|
var claudeCodeVersion;
|
|
19983
19417
|
function buildDdTags() {
|
|
@@ -21507,145 +20941,145 @@ init_client_generates();
|
|
|
21507
20941
|
init_configs();
|
|
21508
20942
|
|
|
21509
20943
|
// src/mcp/types.ts
|
|
20944
|
+
import { z as z32 } from "zod";
|
|
21510
20945
|
init_client_generates();
|
|
21511
|
-
|
|
21512
|
-
|
|
21513
|
-
path: z33.string()
|
|
20946
|
+
var ScanAndFixVulnerabilitiesToolSchema = z32.object({
|
|
20947
|
+
path: z32.string()
|
|
21514
20948
|
});
|
|
21515
|
-
var VulnerabilityReportIssueTagSchema =
|
|
21516
|
-
vulnerability_report_issue_tag_value:
|
|
20949
|
+
var VulnerabilityReportIssueTagSchema = z32.object({
|
|
20950
|
+
vulnerability_report_issue_tag_value: z32.nativeEnum(
|
|
21517
20951
|
Vulnerability_Report_Issue_Tag_Enum
|
|
21518
20952
|
)
|
|
21519
20953
|
});
|
|
21520
|
-
var VulnerabilityReportIssueSchema =
|
|
21521
|
-
category:
|
|
21522
|
-
parsedIssueType:
|
|
21523
|
-
parsedSeverity:
|
|
21524
|
-
vulnerabilityReportIssueTags:
|
|
20954
|
+
var VulnerabilityReportIssueSchema = z32.object({
|
|
20955
|
+
category: z32.any().optional().nullable(),
|
|
20956
|
+
parsedIssueType: SafeIssueTypeStringZ.nullable().optional(),
|
|
20957
|
+
parsedSeverity: z32.nativeEnum(Vulnerability_Severity_Enum).nullable().optional(),
|
|
20958
|
+
vulnerabilityReportIssueTags: z32.array(VulnerabilityReportIssueTagSchema)
|
|
21525
20959
|
});
|
|
21526
|
-
var SharedStateSchema =
|
|
21527
|
-
__typename:
|
|
21528
|
-
id:
|
|
20960
|
+
var SharedStateSchema = z32.object({
|
|
20961
|
+
__typename: z32.literal("fix_shared_state").optional(),
|
|
20962
|
+
id: z32.any(),
|
|
21529
20963
|
// GraphQL uses `any` type for UUID
|
|
21530
|
-
downloadedBy:
|
|
20964
|
+
downloadedBy: z32.array(z32.any().nullable()).optional().nullable()
|
|
21531
20965
|
});
|
|
21532
|
-
var UnstructuredFixExtraContextSchema =
|
|
21533
|
-
__typename:
|
|
21534
|
-
key:
|
|
21535
|
-
value:
|
|
20966
|
+
var UnstructuredFixExtraContextSchema = z32.object({
|
|
20967
|
+
__typename: z32.literal("UnstructuredFixExtraContext").optional(),
|
|
20968
|
+
key: z32.string(),
|
|
20969
|
+
value: z32.any()
|
|
21536
20970
|
// GraphQL JSON type
|
|
21537
20971
|
});
|
|
21538
|
-
var FixExtraContextResponseSchema =
|
|
21539
|
-
__typename:
|
|
21540
|
-
extraContext:
|
|
21541
|
-
fixDescription:
|
|
20972
|
+
var FixExtraContextResponseSchema = z32.object({
|
|
20973
|
+
__typename: z32.literal("FixExtraContextResponse").optional(),
|
|
20974
|
+
extraContext: z32.array(UnstructuredFixExtraContextSchema),
|
|
20975
|
+
fixDescription: z32.string()
|
|
21542
20976
|
});
|
|
21543
|
-
var FixQuestionSchema =
|
|
21544
|
-
__typename:
|
|
21545
|
-
key:
|
|
21546
|
-
name:
|
|
21547
|
-
defaultValue:
|
|
21548
|
-
value:
|
|
21549
|
-
inputType:
|
|
21550
|
-
options:
|
|
21551
|
-
index:
|
|
21552
|
-
extraContext:
|
|
20977
|
+
var FixQuestionSchema = z32.object({
|
|
20978
|
+
__typename: z32.literal("FixQuestion").optional(),
|
|
20979
|
+
key: z32.string(),
|
|
20980
|
+
name: z32.string(),
|
|
20981
|
+
defaultValue: z32.string(),
|
|
20982
|
+
value: z32.string().nullable().optional(),
|
|
20983
|
+
inputType: z32.nativeEnum(FixQuestionInputType),
|
|
20984
|
+
options: z32.array(z32.string()),
|
|
20985
|
+
index: z32.number(),
|
|
20986
|
+
extraContext: z32.array(UnstructuredFixExtraContextSchema)
|
|
21553
20987
|
});
|
|
21554
|
-
var FixDataSchema =
|
|
21555
|
-
__typename:
|
|
21556
|
-
patch:
|
|
21557
|
-
patchOriginalEncodingBase64:
|
|
21558
|
-
questions:
|
|
20988
|
+
var FixDataSchema = z32.object({
|
|
20989
|
+
__typename: z32.literal("FixData"),
|
|
20990
|
+
patch: z32.string(),
|
|
20991
|
+
patchOriginalEncodingBase64: z32.string(),
|
|
20992
|
+
questions: z32.array(FixQuestionSchema),
|
|
21559
20993
|
extraContext: FixExtraContextResponseSchema
|
|
21560
20994
|
});
|
|
21561
|
-
var GetFixNoFixErrorSchema =
|
|
21562
|
-
__typename:
|
|
20995
|
+
var GetFixNoFixErrorSchema = z32.object({
|
|
20996
|
+
__typename: z32.literal("GetFixNoFixError")
|
|
21563
20997
|
});
|
|
21564
|
-
var PatchAndQuestionsSchema =
|
|
21565
|
-
var McpFixSchema =
|
|
21566
|
-
__typename:
|
|
21567
|
-
id:
|
|
20998
|
+
var PatchAndQuestionsSchema = z32.union([FixDataSchema, GetFixNoFixErrorSchema]);
|
|
20999
|
+
var McpFixSchema = z32.object({
|
|
21000
|
+
__typename: z32.literal("fix").optional(),
|
|
21001
|
+
id: z32.any(),
|
|
21568
21002
|
// GraphQL uses `any` type for UUID
|
|
21569
|
-
confidence:
|
|
21570
|
-
safeIssueType:
|
|
21571
|
-
safeIssueLanguage:
|
|
21572
|
-
severityText:
|
|
21573
|
-
gitBlameLogin:
|
|
21003
|
+
confidence: z32.number(),
|
|
21004
|
+
safeIssueType: z32.string().nullable(),
|
|
21005
|
+
safeIssueLanguage: z32.string().nullable().optional(),
|
|
21006
|
+
severityText: z32.string().nullable(),
|
|
21007
|
+
gitBlameLogin: z32.string().nullable().optional(),
|
|
21574
21008
|
// Optional in GraphQL
|
|
21575
|
-
severityValue:
|
|
21576
|
-
vulnerabilityReportIssues:
|
|
21009
|
+
severityValue: z32.number().nullable(),
|
|
21010
|
+
vulnerabilityReportIssues: z32.array(VulnerabilityReportIssueSchema),
|
|
21577
21011
|
sharedState: SharedStateSchema.nullable().optional(),
|
|
21578
21012
|
// Optional in GraphQL
|
|
21579
21013
|
patchAndQuestions: PatchAndQuestionsSchema,
|
|
21580
21014
|
// Additional field added by the client
|
|
21581
|
-
fixUrl:
|
|
21015
|
+
fixUrl: z32.string().optional()
|
|
21582
21016
|
});
|
|
21583
|
-
var FixAggregateSchema =
|
|
21584
|
-
__typename:
|
|
21585
|
-
aggregate:
|
|
21586
|
-
__typename:
|
|
21587
|
-
count:
|
|
21017
|
+
var FixAggregateSchema = z32.object({
|
|
21018
|
+
__typename: z32.literal("fix_aggregate").optional(),
|
|
21019
|
+
aggregate: z32.object({
|
|
21020
|
+
__typename: z32.literal("fix_aggregate_fields").optional(),
|
|
21021
|
+
count: z32.number()
|
|
21588
21022
|
}).nullable()
|
|
21589
21023
|
});
|
|
21590
|
-
var VulnerabilityReportIssueAggregateSchema =
|
|
21591
|
-
__typename:
|
|
21592
|
-
aggregate:
|
|
21593
|
-
__typename:
|
|
21594
|
-
count:
|
|
21024
|
+
var VulnerabilityReportIssueAggregateSchema = z32.object({
|
|
21025
|
+
__typename: z32.literal("vulnerability_report_issue_aggregate").optional(),
|
|
21026
|
+
aggregate: z32.object({
|
|
21027
|
+
__typename: z32.literal("vulnerability_report_issue_aggregate_fields").optional(),
|
|
21028
|
+
count: z32.number()
|
|
21595
21029
|
}).nullable()
|
|
21596
21030
|
});
|
|
21597
|
-
var RepoSchema =
|
|
21598
|
-
__typename:
|
|
21599
|
-
originalUrl:
|
|
21031
|
+
var RepoSchema = z32.object({
|
|
21032
|
+
__typename: z32.literal("repo").optional(),
|
|
21033
|
+
originalUrl: z32.string()
|
|
21600
21034
|
});
|
|
21601
|
-
var ProjectSchema =
|
|
21602
|
-
id:
|
|
21035
|
+
var ProjectSchema = z32.object({
|
|
21036
|
+
id: z32.any(),
|
|
21603
21037
|
// GraphQL uses `any` type for UUID
|
|
21604
|
-
organizationId:
|
|
21038
|
+
organizationId: z32.any()
|
|
21605
21039
|
// GraphQL uses `any` type for UUID
|
|
21606
21040
|
});
|
|
21607
|
-
var VulnerabilityReportSchema =
|
|
21608
|
-
scanDate:
|
|
21041
|
+
var VulnerabilityReportSchema = z32.object({
|
|
21042
|
+
scanDate: z32.any().nullable(),
|
|
21609
21043
|
// GraphQL uses `any` type for timestamp
|
|
21610
|
-
vendor:
|
|
21044
|
+
vendor: z32.string(),
|
|
21611
21045
|
// GraphQL generates as string, not enum
|
|
21612
|
-
projectId:
|
|
21046
|
+
projectId: z32.any().optional(),
|
|
21613
21047
|
// GraphQL uses `any` type for UUID
|
|
21614
21048
|
project: ProjectSchema,
|
|
21615
21049
|
totalVulnerabilityReportIssuesCount: VulnerabilityReportIssueAggregateSchema,
|
|
21616
21050
|
notFixableVulnerabilityReportIssuesCount: VulnerabilityReportIssueAggregateSchema
|
|
21617
21051
|
});
|
|
21618
|
-
var FixReportSummarySchema =
|
|
21619
|
-
__typename:
|
|
21620
|
-
id:
|
|
21052
|
+
var FixReportSummarySchema = z32.object({
|
|
21053
|
+
__typename: z32.literal("fixReport").optional(),
|
|
21054
|
+
id: z32.any(),
|
|
21621
21055
|
// GraphQL uses `any` type for UUID
|
|
21622
|
-
createdOn:
|
|
21056
|
+
createdOn: z32.any(),
|
|
21623
21057
|
// GraphQL uses `any` type for timestamp
|
|
21624
21058
|
repo: RepoSchema.nullable(),
|
|
21625
|
-
issueTypes:
|
|
21059
|
+
issueTypes: z32.any().nullable(),
|
|
21626
21060
|
// GraphQL uses `any` type for JSON
|
|
21627
21061
|
CRITICAL: FixAggregateSchema,
|
|
21628
21062
|
HIGH: FixAggregateSchema,
|
|
21629
21063
|
MEDIUM: FixAggregateSchema,
|
|
21630
21064
|
LOW: FixAggregateSchema,
|
|
21631
|
-
fixes:
|
|
21632
|
-
userFixes:
|
|
21065
|
+
fixes: z32.array(McpFixSchema),
|
|
21066
|
+
userFixes: z32.array(McpFixSchema).optional(),
|
|
21633
21067
|
// Present in some responses but can be omitted
|
|
21634
21068
|
filteredFixesCount: FixAggregateSchema,
|
|
21635
21069
|
totalFixesCount: FixAggregateSchema,
|
|
21636
21070
|
vulnerabilityReport: VulnerabilityReportSchema
|
|
21637
21071
|
});
|
|
21638
|
-
var ExpiredReportSchema =
|
|
21639
|
-
__typename:
|
|
21640
|
-
id:
|
|
21072
|
+
var ExpiredReportSchema = z32.object({
|
|
21073
|
+
__typename: z32.literal("fixReport").optional(),
|
|
21074
|
+
id: z32.any(),
|
|
21641
21075
|
// GraphQL uses `any` type for UUID
|
|
21642
|
-
expirationOn:
|
|
21076
|
+
expirationOn: z32.any().nullable()
|
|
21643
21077
|
// GraphQL uses `any` type for timestamp
|
|
21644
21078
|
});
|
|
21645
|
-
var GetLatestReportByRepoUrlResponseSchema =
|
|
21646
|
-
__typename:
|
|
21647
|
-
fixReport:
|
|
21648
|
-
expiredReport:
|
|
21079
|
+
var GetLatestReportByRepoUrlResponseSchema = z32.object({
|
|
21080
|
+
__typename: z32.literal("query_root").optional(),
|
|
21081
|
+
fixReport: z32.array(FixReportSummarySchema),
|
|
21082
|
+
expiredReport: z32.array(ExpiredReportSchema)
|
|
21649
21083
|
});
|
|
21650
21084
|
|
|
21651
21085
|
// src/mcp/services/InteractiveFixFilter.ts
|
|
@@ -23455,10 +22889,10 @@ var McpServer = class {
|
|
|
23455
22889
|
};
|
|
23456
22890
|
|
|
23457
22891
|
// src/mcp/prompts/CheckForNewVulnerabilitiesPrompt.ts
|
|
23458
|
-
import { z as
|
|
22892
|
+
import { z as z34 } from "zod";
|
|
23459
22893
|
|
|
23460
22894
|
// src/mcp/prompts/base/BasePrompt.ts
|
|
23461
|
-
import { z as
|
|
22895
|
+
import { z as z33 } from "zod";
|
|
23462
22896
|
var BasePrompt = class {
|
|
23463
22897
|
getDefinition() {
|
|
23464
22898
|
return {
|
|
@@ -23487,7 +22921,7 @@ var BasePrompt = class {
|
|
|
23487
22921
|
const argsToValidate = args === void 0 ? {} : args;
|
|
23488
22922
|
return this.argumentsValidationSchema.parse(argsToValidate);
|
|
23489
22923
|
} catch (error) {
|
|
23490
|
-
if (error instanceof
|
|
22924
|
+
if (error instanceof z33.ZodError) {
|
|
23491
22925
|
const errorDetails = error.errors.map((e) => {
|
|
23492
22926
|
const fieldPath = e.path.length > 0 ? e.path.join(".") : "root";
|
|
23493
22927
|
const message = e.message === "Required" ? `Missing required argument '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
|
|
@@ -23516,8 +22950,8 @@ var BasePrompt = class {
|
|
|
23516
22950
|
};
|
|
23517
22951
|
|
|
23518
22952
|
// src/mcp/prompts/CheckForNewVulnerabilitiesPrompt.ts
|
|
23519
|
-
var CheckForNewVulnerabilitiesArgsSchema =
|
|
23520
|
-
path:
|
|
22953
|
+
var CheckForNewVulnerabilitiesArgsSchema = z34.object({
|
|
22954
|
+
path: z34.string().optional()
|
|
23521
22955
|
});
|
|
23522
22956
|
var CheckForNewVulnerabilitiesPrompt = class extends BasePrompt {
|
|
23523
22957
|
constructor() {
|
|
@@ -23762,9 +23196,9 @@ Call the \`check_for_new_available_fixes\` tool now${args?.path ? ` for ${args.p
|
|
|
23762
23196
|
};
|
|
23763
23197
|
|
|
23764
23198
|
// src/mcp/prompts/FullSecurityAuditPrompt.ts
|
|
23765
|
-
import { z as
|
|
23766
|
-
var FullSecurityAuditArgsSchema =
|
|
23767
|
-
path:
|
|
23199
|
+
import { z as z35 } from "zod";
|
|
23200
|
+
var FullSecurityAuditArgsSchema = z35.object({
|
|
23201
|
+
path: z35.string().optional()
|
|
23768
23202
|
});
|
|
23769
23203
|
var FullSecurityAuditPrompt = class extends BasePrompt {
|
|
23770
23204
|
constructor() {
|
|
@@ -24215,9 +23649,9 @@ Begin the audit now${args?.path ? ` for ${args.path}` : ""}.
|
|
|
24215
23649
|
};
|
|
24216
23650
|
|
|
24217
23651
|
// src/mcp/prompts/ReviewAndFixCriticalPrompt.ts
|
|
24218
|
-
import { z as
|
|
24219
|
-
var ReviewAndFixCriticalArgsSchema =
|
|
24220
|
-
path:
|
|
23652
|
+
import { z as z36 } from "zod";
|
|
23653
|
+
var ReviewAndFixCriticalArgsSchema = z36.object({
|
|
23654
|
+
path: z36.string().optional()
|
|
24221
23655
|
});
|
|
24222
23656
|
var ReviewAndFixCriticalPrompt = class extends BasePrompt {
|
|
24223
23657
|
constructor() {
|
|
@@ -24521,9 +23955,9 @@ Start by scanning${args?.path ? ` ${args.path}` : " the repository"} and priorit
|
|
|
24521
23955
|
};
|
|
24522
23956
|
|
|
24523
23957
|
// src/mcp/prompts/ScanRecentChangesPrompt.ts
|
|
24524
|
-
import { z as
|
|
24525
|
-
var ScanRecentChangesArgsSchema =
|
|
24526
|
-
path:
|
|
23958
|
+
import { z as z37 } from "zod";
|
|
23959
|
+
var ScanRecentChangesArgsSchema = z37.object({
|
|
23960
|
+
path: z37.string().optional()
|
|
24527
23961
|
});
|
|
24528
23962
|
var ScanRecentChangesPrompt = class extends BasePrompt {
|
|
24529
23963
|
constructor() {
|
|
@@ -24734,9 +24168,9 @@ You now have the guidance needed to perform a fast, targeted security scan of re
|
|
|
24734
24168
|
};
|
|
24735
24169
|
|
|
24736
24170
|
// src/mcp/prompts/ScanRepositoryPrompt.ts
|
|
24737
|
-
import { z as
|
|
24738
|
-
var ScanRepositoryArgsSchema =
|
|
24739
|
-
path:
|
|
24171
|
+
import { z as z38 } from "zod";
|
|
24172
|
+
var ScanRepositoryArgsSchema = z38.object({
|
|
24173
|
+
path: z38.string().optional()
|
|
24740
24174
|
});
|
|
24741
24175
|
var ScanRepositoryPrompt = class extends BasePrompt {
|
|
24742
24176
|
constructor() {
|
|
@@ -25134,7 +24568,7 @@ import * as os15 from "os";
|
|
|
25134
24568
|
import * as path29 from "path";
|
|
25135
24569
|
|
|
25136
24570
|
// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
|
|
25137
|
-
import { z as
|
|
24571
|
+
import { z as z40 } from "zod";
|
|
25138
24572
|
|
|
25139
24573
|
// src/mcp/services/PathValidation.ts
|
|
25140
24574
|
import fs21 from "fs";
|
|
@@ -25210,7 +24644,7 @@ async function validatePath(inputPath) {
|
|
|
25210
24644
|
}
|
|
25211
24645
|
|
|
25212
24646
|
// src/mcp/tools/base/BaseTool.ts
|
|
25213
|
-
import { z as
|
|
24647
|
+
import { z as z39 } from "zod";
|
|
25214
24648
|
var BaseTool = class {
|
|
25215
24649
|
getDefinition() {
|
|
25216
24650
|
return {
|
|
@@ -25237,7 +24671,7 @@ var BaseTool = class {
|
|
|
25237
24671
|
try {
|
|
25238
24672
|
return this.inputValidationSchema.parse(args);
|
|
25239
24673
|
} catch (error) {
|
|
25240
|
-
if (error instanceof
|
|
24674
|
+
if (error instanceof z39.ZodError) {
|
|
25241
24675
|
const errorDetails = error.errors.map((e) => {
|
|
25242
24676
|
const fieldPath = e.path.length > 0 ? e.path.join(".") : "root";
|
|
25243
24677
|
const message = e.message === "Required" ? `Missing required parameter '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
|
|
@@ -26104,18 +25538,14 @@ var getLocalFiles = async ({
|
|
|
26104
25538
|
};
|
|
26105
25539
|
|
|
26106
25540
|
// src/mcp/services/LocalMobbFolderService.ts
|
|
26107
|
-
init_client_generates();
|
|
26108
25541
|
init_GitService();
|
|
25542
|
+
init_issueTypeCatalog();
|
|
26109
25543
|
import fs23 from "fs";
|
|
26110
25544
|
import path31 from "path";
|
|
26111
|
-
import { z as z41 } from "zod";
|
|
26112
25545
|
function extractPathFromPatch(patch) {
|
|
26113
25546
|
const match = patch?.match(/diff --git a\/([^\s]+) b\//);
|
|
26114
25547
|
return match?.[1] ?? null;
|
|
26115
25548
|
}
|
|
26116
|
-
function parsedIssueTypeRes(issueType) {
|
|
26117
|
-
return z41.nativeEnum(IssueType_Enum).safeParse(issueType);
|
|
26118
|
-
}
|
|
26119
25549
|
var LocalMobbFolderService = class {
|
|
26120
25550
|
/**
|
|
26121
25551
|
* Creates a new LocalMobbFolderService instance
|
|
@@ -26535,9 +25965,8 @@ var LocalMobbFolderService = class {
|
|
|
26535
25965
|
|
|
26536
25966
|
`;
|
|
26537
25967
|
}
|
|
26538
|
-
const
|
|
26539
|
-
const
|
|
26540
|
-
const { issueDescription: issueDescription2, fixInstructions } = staticData || {};
|
|
25968
|
+
const catalogEntry = getIssueTypeCatalogEntry(fix.safeIssueType);
|
|
25969
|
+
const { issueDescription: issueDescription2, fixInstructions } = catalogEntry ?? {};
|
|
26541
25970
|
markdown += `
|
|
26542
25971
|
## Vulnerability Details
|
|
26543
25972
|
|
|
@@ -28841,8 +28270,8 @@ Example payload:
|
|
|
28841
28270
|
},
|
|
28842
28271
|
required: ["path"]
|
|
28843
28272
|
});
|
|
28844
|
-
__publicField(this, "inputValidationSchema",
|
|
28845
|
-
path:
|
|
28273
|
+
__publicField(this, "inputValidationSchema", z40.object({
|
|
28274
|
+
path: z40.string().describe(
|
|
28846
28275
|
"Full local path to the cloned git repository to check for new available fixes"
|
|
28847
28276
|
)
|
|
28848
28277
|
}));
|
|
@@ -28872,7 +28301,7 @@ Example payload:
|
|
|
28872
28301
|
|
|
28873
28302
|
// src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesTool.ts
|
|
28874
28303
|
init_GitService();
|
|
28875
|
-
import { z as
|
|
28304
|
+
import { z as z41 } from "zod";
|
|
28876
28305
|
|
|
28877
28306
|
// src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesService.ts
|
|
28878
28307
|
init_configs();
|
|
@@ -29018,16 +28447,16 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
|
|
|
29018
28447
|
},
|
|
29019
28448
|
required: ["path"]
|
|
29020
28449
|
});
|
|
29021
|
-
__publicField(this, "inputValidationSchema",
|
|
29022
|
-
path:
|
|
28450
|
+
__publicField(this, "inputValidationSchema", z41.object({
|
|
28451
|
+
path: z41.string().describe(
|
|
29023
28452
|
"Full local path to the cloned git repository to check for available fixes"
|
|
29024
28453
|
),
|
|
29025
|
-
offset:
|
|
29026
|
-
limit:
|
|
29027
|
-
fileFilter:
|
|
28454
|
+
offset: z41.number().optional().describe("Optional offset for pagination"),
|
|
28455
|
+
limit: z41.number().optional().describe("Optional maximum number of fixes to return"),
|
|
28456
|
+
fileFilter: z41.array(z41.string()).optional().describe(
|
|
29028
28457
|
"Optional list of file paths relative to the path parameter to filter fixes by. INCOMPATIBLE with fetchFixesFromAnyFile"
|
|
29029
28458
|
),
|
|
29030
|
-
fetchFixesFromAnyFile:
|
|
28459
|
+
fetchFixesFromAnyFile: z41.boolean().optional().describe(
|
|
29031
28460
|
"Optional boolean to fetch fixes for all files. INCOMPATIBLE with fileFilter"
|
|
29032
28461
|
)
|
|
29033
28462
|
}));
|
|
@@ -29093,7 +28522,7 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
|
|
|
29093
28522
|
};
|
|
29094
28523
|
|
|
29095
28524
|
// src/mcp/tools/mcpChecker/mcpCheckerTool.ts
|
|
29096
|
-
import
|
|
28525
|
+
import z42 from "zod";
|
|
29097
28526
|
|
|
29098
28527
|
// src/mcp/tools/mcpChecker/mcpCheckerService.ts
|
|
29099
28528
|
var _McpCheckerService = class _McpCheckerService {
|
|
@@ -29154,7 +28583,7 @@ var McpCheckerTool = class extends BaseTool {
|
|
|
29154
28583
|
__publicField(this, "displayName", "MCP Checker");
|
|
29155
28584
|
// A detailed description to guide the LLM on when and how to invoke this tool.
|
|
29156
28585
|
__publicField(this, "description", "Check the MCP servers running on this IDE against organization policies.");
|
|
29157
|
-
__publicField(this, "inputValidationSchema",
|
|
28586
|
+
__publicField(this, "inputValidationSchema", z42.object({}));
|
|
29158
28587
|
__publicField(this, "inputSchema", {
|
|
29159
28588
|
type: "object",
|
|
29160
28589
|
properties: {},
|
|
@@ -29180,7 +28609,7 @@ var McpCheckerTool = class extends BaseTool {
|
|
|
29180
28609
|
};
|
|
29181
28610
|
|
|
29182
28611
|
// src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesTool.ts
|
|
29183
|
-
import
|
|
28612
|
+
import z43 from "zod";
|
|
29184
28613
|
init_configs();
|
|
29185
28614
|
|
|
29186
28615
|
// src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesService.ts
|
|
@@ -29560,26 +28989,26 @@ Example payload (Mode B \u2014 abstain from every interactive fix, no rescan):
|
|
|
29560
28989
|
"interactiveAnswers": []
|
|
29561
28990
|
}`);
|
|
29562
28991
|
__publicField(this, "hasAuthentication", true);
|
|
29563
|
-
__publicField(this, "inputValidationSchema",
|
|
29564
|
-
path:
|
|
28992
|
+
__publicField(this, "inputValidationSchema", z43.object({
|
|
28993
|
+
path: z43.string().describe(
|
|
29565
28994
|
"Full local path to repository to scan and fix vulnerabilities"
|
|
29566
28995
|
),
|
|
29567
|
-
offset:
|
|
29568
|
-
limit:
|
|
29569
|
-
maxFiles:
|
|
28996
|
+
offset: z43.number().optional().describe("Optional offset for pagination"),
|
|
28997
|
+
limit: z43.number().optional().describe("Optional maximum number of results to return"),
|
|
28998
|
+
maxFiles: z43.number().optional().describe(
|
|
29570
28999
|
`Optional maximum number of files to scan (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN}). Increase for comprehensive scans of larger codebases or decrease for faster focused scans.`
|
|
29571
29000
|
),
|
|
29572
|
-
rescan:
|
|
29573
|
-
scanRecentlyChangedFiles:
|
|
29001
|
+
rescan: z43.boolean().optional().describe("Optional whether to rescan the repository"),
|
|
29002
|
+
scanRecentlyChangedFiles: z43.boolean().optional().describe(
|
|
29574
29003
|
"Optional whether to automatically scan recently changed files when no changed files are found in git status. If false, the tool will prompt the user instead."
|
|
29575
29004
|
),
|
|
29576
|
-
interactiveAnswers:
|
|
29577
|
-
|
|
29578
|
-
fixId:
|
|
29579
|
-
answers:
|
|
29580
|
-
|
|
29581
|
-
key:
|
|
29582
|
-
value:
|
|
29005
|
+
interactiveAnswers: z43.array(
|
|
29006
|
+
z43.object({
|
|
29007
|
+
fixId: z43.string().min(1).describe('Fix id from a previous "Interactive fix" prompt block.'),
|
|
29008
|
+
answers: z43.array(
|
|
29009
|
+
z43.object({
|
|
29010
|
+
key: z43.string().min(1).describe("FixQuestion key."),
|
|
29011
|
+
value: z43.string().describe(
|
|
29583
29012
|
"For SELECT questions MUST be one of the listed options; for TEXT/NUMBER, a free-form value."
|
|
29584
29013
|
)
|
|
29585
29014
|
})
|
|
@@ -29942,7 +29371,7 @@ async function addScmTokenHandler(args) {
|
|
|
29942
29371
|
}
|
|
29943
29372
|
|
|
29944
29373
|
// src/features/codeium_intellij/data_collector.ts
|
|
29945
|
-
import { z as
|
|
29374
|
+
import { z as z44 } from "zod";
|
|
29946
29375
|
|
|
29947
29376
|
// src/utils/read-stdin.ts
|
|
29948
29377
|
import { setTimeout as setTimeout4 } from "timers";
|
|
@@ -30144,8 +29573,8 @@ function findRunningCodeiumLanguageServers() {
|
|
|
30144
29573
|
}
|
|
30145
29574
|
|
|
30146
29575
|
// src/features/codeium_intellij/data_collector.ts
|
|
30147
|
-
var HookDataSchema =
|
|
30148
|
-
trajectory_id:
|
|
29576
|
+
var HookDataSchema = z44.object({
|
|
29577
|
+
trajectory_id: z44.string()
|
|
30149
29578
|
});
|
|
30150
29579
|
async function processAndUploadHookData() {
|
|
30151
29580
|
const tracePayload = await getTraceDataForHook();
|