mobbdev 1.4.31 → 1.4.33
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/args/commands/upload_ai_blame.mjs +399 -1054
- package/dist/index.mjs +1079 -1737
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -150,7 +150,7 @@ function getSdk(client, withWrapper = defaultWrapper) {
|
|
|
150
150
|
}
|
|
151
151
|
};
|
|
152
152
|
}
|
|
153
|
-
var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum,
|
|
153
|
+
var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixWithAnswersDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, LogMvsEventDocument, GetMvsProjectDocument, IssueTypesDocument, defaultWrapper;
|
|
154
154
|
var init_client_generates = __esm({
|
|
155
155
|
"src/features/analysis/scm/generates/client_generates.ts"() {
|
|
156
156
|
"use strict";
|
|
@@ -237,160 +237,6 @@ var init_client_generates = __esm({
|
|
|
237
237
|
IssueLanguage_Enum2["Yaml"] = "YAML";
|
|
238
238
|
return IssueLanguage_Enum2;
|
|
239
239
|
})(IssueLanguage_Enum || {});
|
|
240
|
-
IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
241
|
-
IssueType_Enum2["ActionNotPinnedToCommitSha"] = "ACTION_NOT_PINNED_TO_COMMIT_SHA";
|
|
242
|
-
IssueType_Enum2["AutoEscapeFalse"] = "AUTO_ESCAPE_FALSE";
|
|
243
|
-
IssueType_Enum2["AvoidBuiltinShadowing"] = "AVOID_BUILTIN_SHADOWING";
|
|
244
|
-
IssueType_Enum2["AvoidIdentityComparisonCachedTypes"] = "AVOID_IDENTITY_COMPARISON_CACHED_TYPES";
|
|
245
|
-
IssueType_Enum2["AwsDynamodbPointInTimeRecoveryDisabled"] = "AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED";
|
|
246
|
-
IssueType_Enum2["BufferOverflow"] = "BUFFER_OVERFLOW";
|
|
247
|
-
IssueType_Enum2["ClientDomStoredCodeInjection"] = "CLIENT_DOM_STORED_CODE_INJECTION";
|
|
248
|
-
IssueType_Enum2["CmDi"] = "CMDi";
|
|
249
|
-
IssueType_Enum2["CmDiRelativePathCommand"] = "CMDi_relative_path_command";
|
|
250
|
-
IssueType_Enum2["CodeInComment"] = "CODE_IN_COMMENT";
|
|
251
|
-
IssueType_Enum2["ConfusingNaming"] = "CONFUSING_NAMING";
|
|
252
|
-
IssueType_Enum2["CredentialDisclosure"] = "CREDENTIAL_DISCLOSURE";
|
|
253
|
-
IssueType_Enum2["Csrf"] = "CSRF";
|
|
254
|
-
IssueType_Enum2["DangerousFunctionOverflow"] = "DANGEROUS_FUNCTION_OVERFLOW";
|
|
255
|
-
IssueType_Enum2["DeadCodeUnusedField"] = "DEAD_CODE_UNUSED_FIELD";
|
|
256
|
-
IssueType_Enum2["DebugEnabled"] = "DEBUG_ENABLED";
|
|
257
|
-
IssueType_Enum2["DeclareVariableExplicitly"] = "DECLARE_VARIABLE_EXPLICITLY";
|
|
258
|
-
IssueType_Enum2["DefaultRightsInObjDefinition"] = "DEFAULT_RIGHTS_IN_OBJ_DEFINITION";
|
|
259
|
-
IssueType_Enum2["DeprecatedFunction"] = "DEPRECATED_FUNCTION";
|
|
260
|
-
IssueType_Enum2["DjangoBlankFieldNeedsNullOrDefault"] = "DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT";
|
|
261
|
-
IssueType_Enum2["DosStringBuilder"] = "DOS_STRING_BUILDER";
|
|
262
|
-
IssueType_Enum2["DoNotRaiseException"] = "DO_NOT_RAISE_EXCEPTION";
|
|
263
|
-
IssueType_Enum2["DoNotThrowGenericException"] = "DO_NOT_THROW_GENERIC_EXCEPTION";
|
|
264
|
-
IssueType_Enum2["DuplicatedStrings"] = "DUPLICATED_STRINGS";
|
|
265
|
-
IssueType_Enum2["ErroneousStringCompare"] = "ERRONEOUS_STRING_COMPARE";
|
|
266
|
-
IssueType_Enum2["ErrorCondtionWithoutAction"] = "ERROR_CONDTION_WITHOUT_ACTION";
|
|
267
|
-
IssueType_Enum2["ExcessiveSecretsExposure"] = "EXCESSIVE_SECRETS_EXPOSURE";
|
|
268
|
-
IssueType_Enum2["FrameableLoginPage"] = "FRAMEABLE_LOGIN_PAGE";
|
|
269
|
-
IssueType_Enum2["FunctionCallWithoutParentheses"] = "FUNCTION_CALL_WITHOUT_PARENTHESES";
|
|
270
|
-
IssueType_Enum2["GhActionsShellInjection"] = "GH_ACTIONS_SHELL_INJECTION";
|
|
271
|
-
IssueType_Enum2["GraphqlDepthLimit"] = "GRAPHQL_DEPTH_LIMIT";
|
|
272
|
-
IssueType_Enum2["HardcodedDomainInHtml"] = "HARDCODED_DOMAIN_IN_HTML";
|
|
273
|
-
IssueType_Enum2["HardcodedSecrets"] = "HARDCODED_SECRETS";
|
|
274
|
-
IssueType_Enum2["HeaderManipulation"] = "HEADER_MANIPULATION";
|
|
275
|
-
IssueType_Enum2["HeapInspection"] = "HEAP_INSPECTION";
|
|
276
|
-
IssueType_Enum2["HtmlCommentInJsp"] = "HTML_COMMENT_IN_JSP";
|
|
277
|
-
IssueType_Enum2["HttpOnlyCookie"] = "HTTP_ONLY_COOKIE";
|
|
278
|
-
IssueType_Enum2["HttpParameterPollution"] = "HTTP_PARAMETER_POLLUTION";
|
|
279
|
-
IssueType_Enum2["HttpResponseSplitting"] = "HTTP_RESPONSE_SPLITTING";
|
|
280
|
-
IssueType_Enum2["IframeWithoutSandbox"] = "IFRAME_WITHOUT_SANDBOX";
|
|
281
|
-
IssueType_Enum2["ImproperCertificateValidation"] = "IMPROPER_CERTIFICATE_VALIDATION";
|
|
282
|
-
IssueType_Enum2["ImproperExceptionHandling"] = "IMPROPER_EXCEPTION_HANDLING";
|
|
283
|
-
IssueType_Enum2["ImproperResourceShutdownOrRelease"] = "IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE";
|
|
284
|
-
IssueType_Enum2["ImproperStringFormatting"] = "IMPROPER_STRING_FORMATTING";
|
|
285
|
-
IssueType_Enum2["ImproperValidationOfArrayIndex"] = "IMPROPER_VALIDATION_OF_ARRAY_INDEX";
|
|
286
|
-
IssueType_Enum2["IncompleteHostnameRegex"] = "INCOMPLETE_HOSTNAME_REGEX";
|
|
287
|
-
IssueType_Enum2["IncompleteSanitization"] = "INCOMPLETE_SANITIZATION";
|
|
288
|
-
IssueType_Enum2["IncompleteUrlSanitization"] = "INCOMPLETE_URL_SANITIZATION";
|
|
289
|
-
IssueType_Enum2["IncompleteUrlSchemeCheck"] = "INCOMPLETE_URL_SCHEME_CHECK";
|
|
290
|
-
IssueType_Enum2["IncorrectIntegerConversion"] = "INCORRECT_INTEGER_CONVERSION";
|
|
291
|
-
IssueType_Enum2["IncorrectSqlApiUsage"] = "INCORRECT_SQL_API_USAGE";
|
|
292
|
-
IssueType_Enum2["InformationExposureViaHeaders"] = "INFORMATION_EXPOSURE_VIA_HEADERS";
|
|
293
|
-
IssueType_Enum2["InsecureBinderConfiguration"] = "INSECURE_BINDER_CONFIGURATION";
|
|
294
|
-
IssueType_Enum2["InsecureCookie"] = "INSECURE_COOKIE";
|
|
295
|
-
IssueType_Enum2["InsecureDeserialization"] = "INSECURE_DESERIALIZATION";
|
|
296
|
-
IssueType_Enum2["InsecurePostmessage"] = "INSECURE_POSTMESSAGE";
|
|
297
|
-
IssueType_Enum2["InsecureRandomness"] = "INSECURE_RANDOMNESS";
|
|
298
|
-
IssueType_Enum2["InsecureTmpFile"] = "INSECURE_TMP_FILE";
|
|
299
|
-
IssueType_Enum2["InsecureUuidVersion"] = "INSECURE_UUID_VERSION";
|
|
300
|
-
IssueType_Enum2["InsufficientLogging"] = "INSUFFICIENT_LOGGING";
|
|
301
|
-
IssueType_Enum2["J2EeGetConnection"] = "J2EE_GET_CONNECTION";
|
|
302
|
-
IssueType_Enum2["JqueryDeprecatedSymbols"] = "JQUERY_DEPRECATED_SYMBOLS";
|
|
303
|
-
IssueType_Enum2["JwtDecodeWithoutVerify"] = "JWT_DECODE_WITHOUT_VERIFY";
|
|
304
|
-
IssueType_Enum2["LeftoverDebugCode"] = "LEFTOVER_DEBUG_CODE";
|
|
305
|
-
IssueType_Enum2["LocaleDependentComparison"] = "LOCALE_DEPENDENT_COMPARISON";
|
|
306
|
-
IssueType_Enum2["LogForging"] = "LOG_FORGING";
|
|
307
|
-
IssueType_Enum2["MissingAntiforgeryValidation"] = "MISSING_ANTIFORGERY_VALIDATION";
|
|
308
|
-
IssueType_Enum2["MissingCheckAgainstNull"] = "MISSING_CHECK_AGAINST_NULL";
|
|
309
|
-
IssueType_Enum2["MissingCspHeader"] = "MISSING_CSP_HEADER";
|
|
310
|
-
IssueType_Enum2["MissingEncodingFileOpen"] = "MISSING_ENCODING_FILE_OPEN";
|
|
311
|
-
IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
|
|
312
|
-
IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
|
|
313
|
-
IssueType_Enum2["MissingSslMinversion"] = "MISSING_SSL_MINVERSION";
|
|
314
|
-
IssueType_Enum2["MissingTemplateStringIndicator"] = "MISSING_TEMPLATE_STRING_INDICATOR";
|
|
315
|
-
IssueType_Enum2["MissingUser"] = "MISSING_USER";
|
|
316
|
-
IssueType_Enum2["MissingWhitespace"] = "MISSING_WHITESPACE";
|
|
317
|
-
IssueType_Enum2["MissingWorkflowPermissions"] = "MISSING_WORKFLOW_PERMISSIONS";
|
|
318
|
-
IssueType_Enum2["MissingXFrameOptions"] = "MISSING_X_FRAME_OPTIONS";
|
|
319
|
-
IssueType_Enum2["ModifiedDefaultParam"] = "MODIFIED_DEFAULT_PARAM";
|
|
320
|
-
IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
|
|
321
|
-
IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
|
|
322
|
-
IssueType_Enum2["NoAssert"] = "NO_ASSERT";
|
|
323
|
-
IssueType_Enum2["NoEquivalenceMethod"] = "NO_EQUIVALENCE_METHOD";
|
|
324
|
-
IssueType_Enum2["NoLimitsOrThrottling"] = "NO_LIMITS_OR_THROTTLING";
|
|
325
|
-
IssueType_Enum2["NoNestedTry"] = "NO_NESTED_TRY";
|
|
326
|
-
IssueType_Enum2["NoNewPrivileges"] = "NO_NEW_PRIVILEGES";
|
|
327
|
-
IssueType_Enum2["NoOpOverhead"] = "NO_OP_OVERHEAD";
|
|
328
|
-
IssueType_Enum2["NoPrintStatement"] = "NO_PRINT_STATEMENT";
|
|
329
|
-
IssueType_Enum2["NoReturnInFinally"] = "NO_RETURN_IN_FINALLY";
|
|
330
|
-
IssueType_Enum2["NoVar"] = "NO_VAR";
|
|
331
|
-
IssueType_Enum2["NullDereference"] = "NULL_DEREFERENCE";
|
|
332
|
-
IssueType_Enum2["OftenMisusedBooleanGetBoolean"] = "OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN";
|
|
333
|
-
IssueType_Enum2["OpenRedirect"] = "OPEN_REDIRECT";
|
|
334
|
-
IssueType_Enum2["OverlyBroadCatch"] = "OVERLY_BROAD_CATCH";
|
|
335
|
-
IssueType_Enum2["OverlyLargeRange"] = "OVERLY_LARGE_RANGE";
|
|
336
|
-
IssueType_Enum2["PasswordInComment"] = "PASSWORD_IN_COMMENT";
|
|
337
|
-
IssueType_Enum2["PoorErrorHandlingEmptyCatchBlock"] = "POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK";
|
|
338
|
-
IssueType_Enum2["PortAllInterfaces"] = "PORT_ALL_INTERFACES";
|
|
339
|
-
IssueType_Enum2["PrivacyViolation"] = "PRIVACY_VIOLATION";
|
|
340
|
-
IssueType_Enum2["PrototypePollution"] = "PROTOTYPE_POLLUTION";
|
|
341
|
-
IssueType_Enum2["Pt"] = "PT";
|
|
342
|
-
IssueType_Enum2["RaceConditionFormatFlaw"] = "RACE_CONDITION_FORMAT_FLAW";
|
|
343
|
-
IssueType_Enum2["Redos"] = "REDOS";
|
|
344
|
-
IssueType_Enum2["RedundantCondition"] = "REDUNDANT_CONDITION";
|
|
345
|
-
IssueType_Enum2["RedundantNilErrorCheck"] = "REDUNDANT_NIL_ERROR_CHECK";
|
|
346
|
-
IssueType_Enum2["RegexInjection"] = "REGEX_INJECTION";
|
|
347
|
-
IssueType_Enum2["RegexMissingTimeout"] = "REGEX_MISSING_TIMEOUT";
|
|
348
|
-
IssueType_Enum2["RequestParametersBoundViaInput"] = "REQUEST_PARAMETERS_BOUND_VIA_INPUT";
|
|
349
|
-
IssueType_Enum2["ReturnInInit"] = "RETURN_IN_INIT";
|
|
350
|
-
IssueType_Enum2["ReturnShouldNotBeInvariant"] = "RETURN_SHOULD_NOT_BE_INVARIANT";
|
|
351
|
-
IssueType_Enum2["SpringDefaultPermit"] = "SPRING_DEFAULT_PERMIT";
|
|
352
|
-
IssueType_Enum2["SqlInjection"] = "SQL_Injection";
|
|
353
|
-
IssueType_Enum2["Ssrf"] = "SSRF";
|
|
354
|
-
IssueType_Enum2["StringFormatMisuse"] = "STRING_FORMAT_MISUSE";
|
|
355
|
-
IssueType_Enum2["StringTerminationError"] = "STRING_TERMINATION_ERROR";
|
|
356
|
-
IssueType_Enum2["SystemExitShouldReraise"] = "SYSTEM_EXIT_SHOULD_RERAISE";
|
|
357
|
-
IssueType_Enum2["SystemInformationLeak"] = "SYSTEM_INFORMATION_LEAK";
|
|
358
|
-
IssueType_Enum2["SystemInformationLeakExternal"] = "SYSTEM_INFORMATION_LEAK_EXTERNAL";
|
|
359
|
-
IssueType_Enum2["TaintedNumericCast"] = "TAINTED_NUMERIC_CAST";
|
|
360
|
-
IssueType_Enum2["TarSlip"] = "TAR_SLIP";
|
|
361
|
-
IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
|
|
362
|
-
IssueType_Enum2["TypeConfusion"] = "TYPE_CONFUSION";
|
|
363
|
-
IssueType_Enum2["UncheckedLoopCondition"] = "UNCHECKED_LOOP_CONDITION";
|
|
364
|
-
IssueType_Enum2["UncheckedReturnValue"] = "UNCHECKED_RETURN_VALUE";
|
|
365
|
-
IssueType_Enum2["UnencryptedAwsSqsQueue"] = "UNENCRYPTED_AWS_SQS_QUEUE";
|
|
366
|
-
IssueType_Enum2["UnnecessaryImports"] = "UNNECESSARY_IMPORTS";
|
|
367
|
-
IssueType_Enum2["UnsafeDeserialization"] = "UNSAFE_DESERIALIZATION";
|
|
368
|
-
IssueType_Enum2["UnsafeReflection"] = "UNSAFE_REFLECTION";
|
|
369
|
-
IssueType_Enum2["UnsafeTargetBlank"] = "UNSAFE_TARGET_BLANK";
|
|
370
|
-
IssueType_Enum2["UnsafeWebThread"] = "UNSAFE_WEB_THREAD";
|
|
371
|
-
IssueType_Enum2["UnvalidatedPublicMethodArgument"] = "UNVALIDATED_PUBLIC_METHOD_ARGUMENT";
|
|
372
|
-
IssueType_Enum2["UselessIfBody"] = "USELESS_IF_BODY";
|
|
373
|
-
IssueType_Enum2["UselessRegexpCharEscape"] = "USELESS_REGEXP_CHAR_ESCAPE";
|
|
374
|
-
IssueType_Enum2["UselessTernary"] = "USELESS_TERNARY";
|
|
375
|
-
IssueType_Enum2["UseOfHardCodedCryptographicKey"] = "USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY";
|
|
376
|
-
IssueType_Enum2["UseOfSystemOutputStream"] = "USE_OF_SYSTEM_OUTPUT_STREAM";
|
|
377
|
-
IssueType_Enum2["UseRaiseForStatus"] = "USE_RAISE_FOR_STATUS";
|
|
378
|
-
IssueType_Enum2["UseSysExit"] = "USE_SYS_EXIT";
|
|
379
|
-
IssueType_Enum2["UseTimeout"] = "USE_TIMEOUT";
|
|
380
|
-
IssueType_Enum2["ValueNeverRead"] = "VALUE_NEVER_READ";
|
|
381
|
-
IssueType_Enum2["ValueShadowing"] = "VALUE_SHADOWING";
|
|
382
|
-
IssueType_Enum2["WcfMisconfigurationInsufficientLogging"] = "WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING";
|
|
383
|
-
IssueType_Enum2["WcfMisconfigurationThrottlingNotEnabled"] = "WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED";
|
|
384
|
-
IssueType_Enum2["WeakEncryption"] = "WEAK_ENCRYPTION";
|
|
385
|
-
IssueType_Enum2["WeakXmlSchemaUnboundedOccurrences"] = "WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES";
|
|
386
|
-
IssueType_Enum2["WebsocketMissingOriginCheck"] = "WEBSOCKET_MISSING_ORIGIN_CHECK";
|
|
387
|
-
IssueType_Enum2["WildcardImports"] = "WILDCARD_IMPORTS";
|
|
388
|
-
IssueType_Enum2["WritableFilesystemService"] = "WRITABLE_FILESYSTEM_SERVICE";
|
|
389
|
-
IssueType_Enum2["Xss"] = "XSS";
|
|
390
|
-
IssueType_Enum2["Xxe"] = "XXE";
|
|
391
|
-
IssueType_Enum2["ZipSlip"] = "ZIP_SLIP";
|
|
392
|
-
return IssueType_Enum2;
|
|
393
|
-
})(IssueType_Enum || {});
|
|
394
240
|
Pr_Status_Enum = /* @__PURE__ */ ((Pr_Status_Enum2) => {
|
|
395
241
|
Pr_Status_Enum2["Active"] = "ACTIVE";
|
|
396
242
|
Pr_Status_Enum2["Closed"] = "CLOSED";
|
|
@@ -1419,12 +1265,21 @@ var init_client_generates = __esm({
|
|
|
1419
1265
|
});
|
|
1420
1266
|
|
|
1421
1267
|
// src/features/analysis/scm/shared/src/issueTypeCatalog.ts
|
|
1268
|
+
function hydrateIssueTypeCatalog(entries) {
|
|
1269
|
+
catalog = new Map(entries.map((entry) => [entry.value, entry]));
|
|
1270
|
+
}
|
|
1271
|
+
function isIssueTypeCatalogHydrated() {
|
|
1272
|
+
return catalog !== null;
|
|
1273
|
+
}
|
|
1422
1274
|
function getIssueTypeCatalogEntry(value) {
|
|
1423
1275
|
if (!catalog || !value) {
|
|
1424
1276
|
return void 0;
|
|
1425
1277
|
}
|
|
1426
1278
|
return catalog.get(value);
|
|
1427
1279
|
}
|
|
1280
|
+
function listIssueTypeCatalog() {
|
|
1281
|
+
return catalog ? [...catalog.values()] : [];
|
|
1282
|
+
}
|
|
1428
1283
|
var catalog;
|
|
1429
1284
|
var init_issueTypeCatalog = __esm({
|
|
1430
1285
|
"src/features/analysis/scm/shared/src/issueTypeCatalog.ts"() {
|
|
@@ -1471,176 +1326,19 @@ function getParsedFalsePositiveMessage(data) {
|
|
|
1471
1326
|
const contextString = containsTemplate ? null : `\`\`\`${extraContext.map(({ value }) => value).join(" ")} \`\`\``;
|
|
1472
1327
|
return { description, contextString };
|
|
1473
1328
|
}
|
|
1474
|
-
var
|
|
1329
|
+
var SafeIssueTypeStringZ, getIssueTypeFriendlyString, statusMap, statusZ, issueDescription;
|
|
1475
1330
|
var init_getIssueType = __esm({
|
|
1476
1331
|
"src/features/analysis/scm/shared/src/getIssueType.ts"() {
|
|
1477
1332
|
"use strict";
|
|
1478
1333
|
init_client_generates();
|
|
1479
1334
|
init_issueTypeCatalog();
|
|
1480
|
-
|
|
1481
|
-
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: "Missing Rate Limiting",
|
|
1482
|
-
["SQL_Injection" /* SqlInjection */]: "SQL Injection",
|
|
1483
|
-
["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: "Relative Path Command Injection",
|
|
1484
|
-
["CMDi" /* CmDi */]: "Command Injection",
|
|
1485
|
-
["CONFUSING_NAMING" /* ConfusingNaming */]: "Confusing Naming",
|
|
1486
|
-
["XXE" /* Xxe */]: "XXE",
|
|
1487
|
-
["XSS" /* Xss */]: "XSS",
|
|
1488
|
-
["PT" /* Pt */]: "Path Traversal",
|
|
1489
|
-
["ZIP_SLIP" /* ZipSlip */]: "Zip Slip",
|
|
1490
|
-
["INSECURE_RANDOMNESS" /* InsecureRandomness */]: "Insecure Randomness",
|
|
1491
|
-
["SSRF" /* Ssrf */]: "Server Side Request Forgery",
|
|
1492
|
-
["TYPE_CONFUSION" /* TypeConfusion */]: "Type Confusion",
|
|
1493
|
-
["REGEX_INJECTION" /* RegexInjection */]: "Regular Expression Injection",
|
|
1494
|
-
["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: "Incomplete URL Sanitization",
|
|
1495
|
-
["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: "Locale Dependent Comparison",
|
|
1496
|
-
["LOG_FORGING" /* LogForging */]: "Log Forging",
|
|
1497
|
-
["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: "Missing Check against Null",
|
|
1498
|
-
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: "Password in Comment",
|
|
1499
|
-
["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: "Poor Error Handling: Overly Broad Catch",
|
|
1500
|
-
["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: "Use of System.out/System.err",
|
|
1501
|
-
["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: "Use of dangerous function",
|
|
1502
|
-
["DOS_STRING_BUILDER" /* DosStringBuilder */]: "Denial of Service: StringBuilder",
|
|
1503
|
-
["OPEN_REDIRECT" /* OpenRedirect */]: "Open Redirect",
|
|
1504
|
-
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: "Weak XML Schema: Unbounded Occurrences",
|
|
1505
|
-
["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: "System Information Leak",
|
|
1506
|
-
["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: "External System Information Leak",
|
|
1507
|
-
["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: "HTTP response splitting",
|
|
1508
|
-
["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: "Cookie is not HttpOnly",
|
|
1509
|
-
["INSECURE_COOKIE" /* InsecureCookie */]: "Insecure Cookie",
|
|
1510
|
-
["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: "Trust Boundary Violation",
|
|
1511
|
-
["NULL_DEREFERENCE" /* NullDereference */]: "Null Dereference",
|
|
1512
|
-
["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: "Unsafe deserialization",
|
|
1513
|
-
["UNSAFE_REFLECTION" /* UnsafeReflection */]: "Unsafe Reflection",
|
|
1514
|
-
["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: "Insecure Binder Configuration",
|
|
1515
|
-
["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: "Unsafe use of target blank",
|
|
1516
|
-
["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: "Client use of iframe without sandbox",
|
|
1517
|
-
["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: "jQuery deprecated symbols",
|
|
1518
|
-
["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: "Missing Anti-Forgery Validation",
|
|
1519
|
-
["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: "GraphQL Depth Limit",
|
|
1520
|
-
["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: "Unchecked Loop Condition",
|
|
1521
|
-
["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: "Improper Resource Shutdown or Release",
|
|
1522
|
-
["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: "Improper Exception Handling",
|
|
1523
|
-
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: "Default Definer Rights in Package or Object Definition",
|
|
1524
|
-
["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: "HTML Comment in JSP",
|
|
1525
|
-
["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: "Error Condition Without Action",
|
|
1526
|
-
["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: "Deprecated Function",
|
|
1527
|
-
["HARDCODED_SECRETS" /* HardcodedSecrets */]: "Hardcoded Secrets",
|
|
1528
|
-
["PROTOTYPE_POLLUTION" /* PrototypePollution */]: "Prototype Pollution",
|
|
1529
|
-
["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: "Race Condition Format Flaw",
|
|
1530
|
-
["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: "Non-final Public Static Field",
|
|
1531
|
-
["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: "Missing HSTS Header",
|
|
1532
|
-
["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: "Dead Code: Unused Field",
|
|
1533
|
-
["HEADER_MANIPULATION" /* HeaderManipulation */]: "Header Manipulation",
|
|
1534
|
-
["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: "Missing equals or hashcode method",
|
|
1535
|
-
["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: "WCF Misconfiguration: Insufficient Logging",
|
|
1536
|
-
["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: "WCF Misconfiguration: Throttling Not Enabled",
|
|
1537
|
-
["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: "Useless regular-expression character escape",
|
|
1538
|
-
["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: "Incomplete Hostname Regex",
|
|
1539
|
-
["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: "Regex: Overly Large Range",
|
|
1540
|
-
["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: "Insufficient Logging of Sensitive Operations",
|
|
1541
|
-
["PRIVACY_VIOLATION" /* PrivacyViolation */]: "Privacy Violation",
|
|
1542
|
-
["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: "Incomplete URL Scheme Check",
|
|
1543
|
-
["VALUE_NEVER_READ" /* ValueNeverRead */]: "Value Never Read",
|
|
1544
|
-
["VALUE_SHADOWING" /* ValueShadowing */]: "Value Shadowing",
|
|
1545
|
-
["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: "Class Does Not Implement Equivalence Method",
|
|
1546
|
-
["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: "Information Exposure via Headers",
|
|
1547
|
-
["DEBUG_ENABLED" /* DebugEnabled */]: "Debug Enabled",
|
|
1548
|
-
["J2EE_GET_CONNECTION" /* J2EeGetConnection */]: "J2EE Bad Practices: getConnection()",
|
|
1549
|
-
["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: "Leftover Debug Code",
|
|
1550
|
-
["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: "Poor Error Handling: Empty Catch Block",
|
|
1551
|
-
["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: "Erroneous String Compare",
|
|
1552
|
-
["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: "Unvalidated Public Method Argument",
|
|
1553
|
-
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False",
|
|
1554
|
-
["MISSING_CSP_HEADER" /* MissingCspHeader */]: "Missing CSP Header",
|
|
1555
|
-
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML",
|
|
1556
|
-
["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection",
|
|
1557
|
-
["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: "Client Code Injection",
|
|
1558
|
-
["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: "String Format Misuse",
|
|
1559
|
-
["NON_READONLY_FIELD" /* NonReadonlyField */]: "Non Readonly Field",
|
|
1560
|
-
["CSRF" /* Csrf */]: "Cross-Site Request Forgery (CSRF)",
|
|
1561
|
-
["WEAK_ENCRYPTION" /* WeakEncryption */]: "Weak Encryption Mechanism",
|
|
1562
|
-
["CODE_IN_COMMENT" /* CodeInComment */]: "Code in Comment",
|
|
1563
|
-
["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: "Regex Missing Timeout",
|
|
1564
|
-
["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: "Frameable Login Page",
|
|
1565
|
-
["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: "Use of Hardcoded Cryptographic Key",
|
|
1566
|
-
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: "Missing SSL MinVersion",
|
|
1567
|
-
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: "Missing Websocket Origin Check",
|
|
1568
|
-
["DUPLICATED_STRINGS" /* DuplicatedStrings */]: "String Literals Should not Be Duplicated",
|
|
1569
|
-
["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: "Insecure UUID Version",
|
|
1570
|
-
["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: "GitHub Actions Shell Injection",
|
|
1571
|
-
["MODIFIED_DEFAULT_PARAM" /* ModifiedDefaultParam */]: "Modified Default Param",
|
|
1572
|
-
["UNSAFE_WEB_THREAD" /* UnsafeWebThread */]: "Unsafe Web Thread",
|
|
1573
|
-
["NO_VAR" /* NoVar */]: 'Prefer "let" or "const"',
|
|
1574
|
-
["INSECURE_TMP_FILE" /* InsecureTmpFile */]: "Insecure Temporary File",
|
|
1575
|
-
["RETURN_SHOULD_NOT_BE_INVARIANT" /* ReturnShouldNotBeInvariant */]: "Return Should Not Be Invariant",
|
|
1576
|
-
["SYSTEM_EXIT_SHOULD_RERAISE" /* SystemExitShouldReraise */]: "SystemExit Should Reraise",
|
|
1577
|
-
["NO_RETURN_IN_FINALLY" /* NoReturnInFinally */]: "No Return in Finally Block",
|
|
1578
|
-
["WILDCARD_IMPORTS" /* WildcardImports */]: "Wildcard Imports should not be used",
|
|
1579
|
-
["AVOID_IDENTITY_COMPARISON_CACHED_TYPES" /* AvoidIdentityComparisonCachedTypes */]: "Avoid Identity Comparison of Cached Types",
|
|
1580
|
-
["AVOID_BUILTIN_SHADOWING" /* AvoidBuiltinShadowing */]: "Avoid Builtin Shadowing",
|
|
1581
|
-
["IMPROPER_STRING_FORMATTING" /* ImproperStringFormatting */]: "Improper String Formatting",
|
|
1582
|
-
["TAR_SLIP" /* TarSlip */]: "Tar Slip",
|
|
1583
|
-
["MISSING_WHITESPACE" /* MissingWhitespace */]: "Missing Whitespace",
|
|
1584
|
-
["NO_PRINT_STATEMENT" /* NoPrintStatement */]: 'Python 2 "print" Statement Is Obsolete',
|
|
1585
|
-
["NO_OP_OVERHEAD" /* NoOpOverhead */]: "Expensive Arguments in Conditional Methods",
|
|
1586
|
-
["DO_NOT_RAISE_EXCEPTION" /* DoNotRaiseException */]: "Do Not Raise Exception",
|
|
1587
|
-
["DECLARE_VARIABLE_EXPLICITLY" /* DeclareVariableExplicitly */]: "Declare Variable Explicitly",
|
|
1588
|
-
["NO_NESTED_TRY" /* NoNestedTry */]: "No Nested Try",
|
|
1589
|
-
["UNNECESSARY_IMPORTS" /* UnnecessaryImports */]: "Unnecessary Imports",
|
|
1590
|
-
["REDOS" /* Redos */]: "Regular Expression Denial of Service",
|
|
1591
|
-
["DO_NOT_THROW_GENERIC_EXCEPTION" /* DoNotThrowGenericException */]: "Do Not Throw Generic Exception",
|
|
1592
|
-
["BUFFER_OVERFLOW" /* BufferOverflow */]: "Buffer Overflow",
|
|
1593
|
-
["STRING_TERMINATION_ERROR" /* StringTerminationError */]: "String Termination Error",
|
|
1594
|
-
["HTTP_PARAMETER_POLLUTION" /* HttpParameterPollution */]: "HTTP Parameter Pollution",
|
|
1595
|
-
["INCOMPLETE_SANITIZATION" /* IncompleteSanitization */]: "Incomplete Sanitization",
|
|
1596
|
-
["CREDENTIAL_DISCLOSURE" /* CredentialDisclosure */]: "Credential Disclosure",
|
|
1597
|
-
["INSECURE_POSTMESSAGE" /* InsecurePostmessage */]: "Insecure Postmessage",
|
|
1598
|
-
["MISSING_USER" /* MissingUser */]: "Missing User",
|
|
1599
|
-
["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: "Missing Encoding File Open",
|
|
1600
|
-
["PORT_ALL_INTERFACES" /* PortAllInterfaces */]: "Port All Interfaces",
|
|
1601
|
-
["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: "Writable Filesystem Service",
|
|
1602
|
-
["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: "No New Privileges",
|
|
1603
|
-
["MISSING_TEMPLATE_STRING_INDICATOR" /* MissingTemplateStringIndicator */]: "Missing Template String Indicator",
|
|
1604
|
-
["USELESS_TERNARY" /* UselessTernary */]: "Useless Ternary",
|
|
1605
|
-
["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: "Request Parameters Bound Via Input",
|
|
1606
|
-
["USE_SYS_EXIT" /* UseSysExit */]: "Use Sys Exit",
|
|
1607
|
-
["INCORRECT_SQL_API_USAGE" /* IncorrectSqlApiUsage */]: "Incorrect SQL API Usage",
|
|
1608
|
-
["USE_RAISE_FOR_STATUS" /* UseRaiseForStatus */]: "Use Raise For Status",
|
|
1609
|
-
["USE_TIMEOUT" /* UseTimeout */]: "Use Timeout",
|
|
1610
|
-
["USELESS_IF_BODY" /* UselessIfBody */]: "Useless If Body",
|
|
1611
|
-
["NO_ASSERT" /* NoAssert */]: "No Assert",
|
|
1612
|
-
["FUNCTION_CALL_WITHOUT_PARENTHESES" /* FunctionCallWithoutParentheses */]: "Function Call Without Parentheses",
|
|
1613
|
-
["SPRING_DEFAULT_PERMIT" /* SpringDefaultPermit */]: "Spring Default Permit",
|
|
1614
|
-
["RETURN_IN_INIT" /* ReturnInInit */]: "Return in Init",
|
|
1615
|
-
["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: "Action Not Pinned to Commit Sha",
|
|
1616
|
-
["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
|
|
1617
|
-
["REDUNDANT_CONDITION" /* RedundantCondition */]: "Insider Threat: Redundant Condition",
|
|
1618
|
-
["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
|
|
1619
|
-
["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions",
|
|
1620
|
-
["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure",
|
|
1621
|
-
["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: "Tainted Numeric Cast",
|
|
1622
|
-
["MISSING_X_FRAME_OPTIONS" /* MissingXFrameOptions */]: "Missing X-Frame-Options Header",
|
|
1623
|
-
["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: "Improper Validation of Array Index",
|
|
1624
|
-
["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: "Incorrect Integer Conversion",
|
|
1625
|
-
["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: "Improper Certificate Validation",
|
|
1626
|
-
["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: "Often Misused: Boolean.getBoolean()",
|
|
1627
|
-
["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: "AWS SQS Queue Unencrypted",
|
|
1628
|
-
["INSECURE_DESERIALIZATION" /* InsecureDeserialization */]: "Insecure Deserialization",
|
|
1629
|
-
["AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED" /* AwsDynamodbPointInTimeRecoveryDisabled */]: "AWS DynamoDB Point-in-Time Recovery Disabled",
|
|
1630
|
-
["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: "JWT Decoded Without Signature Verification",
|
|
1631
|
-
["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: "Unchecked Return Value"
|
|
1632
|
-
};
|
|
1633
|
-
issueTypeZ = z.nativeEnum(IssueType_Enum);
|
|
1335
|
+
SafeIssueTypeStringZ = z.string().regex(/^[A-Za-z0-9_]+$/).max(128);
|
|
1634
1336
|
getIssueTypeFriendlyString = (issueType) => {
|
|
1635
1337
|
const fromCatalog = getIssueTypeCatalogEntry(issueType)?.label;
|
|
1636
1338
|
if (fromCatalog) {
|
|
1637
1339
|
return fromCatalog;
|
|
1638
1340
|
}
|
|
1639
|
-
|
|
1640
|
-
if (!issueTypeZParseRes.success) {
|
|
1641
|
-
return issueType ? issueType.replaceAll("_", " ") : "Other";
|
|
1642
|
-
}
|
|
1643
|
-
return issueTypeMap[issueTypeZParseRes.data];
|
|
1341
|
+
return issueType ? issueType.replaceAll("_", " ") : "Other";
|
|
1644
1342
|
};
|
|
1645
1343
|
statusMap = {
|
|
1646
1344
|
["Digested" /* Digested */]: "Digested",
|
|
@@ -1669,26 +1367,26 @@ var init_getIssueType = __esm({
|
|
|
1669
1367
|
});
|
|
1670
1368
|
|
|
1671
1369
|
// src/features/analysis/scm/shared/src/types/shared.ts
|
|
1672
|
-
import { z as
|
|
1370
|
+
import { z as z5 } from "zod";
|
|
1673
1371
|
var ParsedSeverityZ, ScmSubmitFixRequestsZ;
|
|
1674
1372
|
var init_shared = __esm({
|
|
1675
1373
|
"src/features/analysis/scm/shared/src/types/shared.ts"() {
|
|
1676
1374
|
"use strict";
|
|
1677
1375
|
init_client_generates();
|
|
1678
|
-
ParsedSeverityZ =
|
|
1679
|
-
ScmSubmitFixRequestsZ =
|
|
1680
|
-
|
|
1681
|
-
scmSubmitFixRequest:
|
|
1682
|
-
submitFixRequest:
|
|
1683
|
-
createdByUser:
|
|
1684
|
-
email:
|
|
1376
|
+
ParsedSeverityZ = z5.nativeEnum(Vulnerability_Severity_Enum).nullish().transform((i) => i ?? "low" /* Low */);
|
|
1377
|
+
ScmSubmitFixRequestsZ = z5.array(
|
|
1378
|
+
z5.object({
|
|
1379
|
+
scmSubmitFixRequest: z5.object({
|
|
1380
|
+
submitFixRequest: z5.object({
|
|
1381
|
+
createdByUser: z5.object({
|
|
1382
|
+
email: z5.string()
|
|
1685
1383
|
}),
|
|
1686
|
-
targetBranchName:
|
|
1384
|
+
targetBranchName: z5.string().default("")
|
|
1687
1385
|
}),
|
|
1688
|
-
prUrl:
|
|
1689
|
-
prStatus:
|
|
1690
|
-
commitUrl:
|
|
1691
|
-
scmId:
|
|
1386
|
+
prUrl: z5.string().nullable(),
|
|
1387
|
+
prStatus: z5.nativeEnum(Pr_Status_Enum).nullable(),
|
|
1388
|
+
commitUrl: z5.string().nullable(),
|
|
1389
|
+
scmId: z5.string()
|
|
1692
1390
|
})
|
|
1693
1391
|
})
|
|
1694
1392
|
);
|
|
@@ -1696,94 +1394,94 @@ var init_shared = __esm({
|
|
|
1696
1394
|
});
|
|
1697
1395
|
|
|
1698
1396
|
// src/features/analysis/scm/shared/src/types/fix.ts
|
|
1699
|
-
import { z as
|
|
1397
|
+
import { z as z6 } from "zod";
|
|
1700
1398
|
var PackageInfoZ, ManifestActionRequiredZ, ExtraContextInternalZ, FixExtraContextZ, PatchAndQuestionsZ, FixRatingZ, IssueRatingZ, IssueSharedStateZ, FixSharedStateZ, FixQueryZ, FixPartsForFixScreenZ;
|
|
1701
1399
|
var init_fix = __esm({
|
|
1702
1400
|
"src/features/analysis/scm/shared/src/types/fix.ts"() {
|
|
1703
1401
|
"use strict";
|
|
1704
1402
|
init_client_generates();
|
|
1705
1403
|
init_shared();
|
|
1706
|
-
PackageInfoZ =
|
|
1707
|
-
name:
|
|
1708
|
-
version:
|
|
1709
|
-
envName:
|
|
1710
|
-
});
|
|
1711
|
-
ManifestActionRequiredZ =
|
|
1712
|
-
action:
|
|
1713
|
-
language:
|
|
1404
|
+
PackageInfoZ = z6.object({
|
|
1405
|
+
name: z6.string(),
|
|
1406
|
+
version: z6.string(),
|
|
1407
|
+
envName: z6.string().nullable()
|
|
1408
|
+
});
|
|
1409
|
+
ManifestActionRequiredZ = z6.object({
|
|
1410
|
+
action: z6.nativeEnum(ManifestAction),
|
|
1411
|
+
language: z6.nativeEnum(Language),
|
|
1714
1412
|
lib: PackageInfoZ,
|
|
1715
1413
|
typesLib: PackageInfoZ.nullable()
|
|
1716
1414
|
});
|
|
1717
|
-
ExtraContextInternalZ =
|
|
1718
|
-
key:
|
|
1719
|
-
value:
|
|
1720
|
-
|
|
1721
|
-
int:
|
|
1722
|
-
integer:
|
|
1723
|
-
string:
|
|
1724
|
-
date:
|
|
1415
|
+
ExtraContextInternalZ = z6.object({
|
|
1416
|
+
key: z6.string(),
|
|
1417
|
+
value: z6.string().or(z6.boolean()).or(
|
|
1418
|
+
z6.object({
|
|
1419
|
+
int: z6.boolean(),
|
|
1420
|
+
integer: z6.boolean(),
|
|
1421
|
+
string: z6.boolean(),
|
|
1422
|
+
date: z6.boolean()
|
|
1725
1423
|
})
|
|
1726
1424
|
)
|
|
1727
1425
|
});
|
|
1728
|
-
FixExtraContextZ =
|
|
1729
|
-
fixDescription:
|
|
1730
|
-
manifestActionsRequired:
|
|
1731
|
-
extraContext:
|
|
1732
|
-
});
|
|
1733
|
-
PatchAndQuestionsZ =
|
|
1734
|
-
__typename:
|
|
1735
|
-
patch:
|
|
1736
|
-
patchOriginalEncodingBase64:
|
|
1737
|
-
questions:
|
|
1738
|
-
|
|
1739
|
-
name:
|
|
1740
|
-
key:
|
|
1741
|
-
index:
|
|
1742
|
-
defaultValue:
|
|
1743
|
-
value:
|
|
1744
|
-
extraContext:
|
|
1745
|
-
inputType:
|
|
1746
|
-
options:
|
|
1426
|
+
FixExtraContextZ = z6.object({
|
|
1427
|
+
fixDescription: z6.string(),
|
|
1428
|
+
manifestActionsRequired: z6.array(ManifestActionRequiredZ),
|
|
1429
|
+
extraContext: z6.array(ExtraContextInternalZ)
|
|
1430
|
+
});
|
|
1431
|
+
PatchAndQuestionsZ = z6.object({
|
|
1432
|
+
__typename: z6.literal("FixData"),
|
|
1433
|
+
patch: z6.string(),
|
|
1434
|
+
patchOriginalEncodingBase64: z6.string(),
|
|
1435
|
+
questions: z6.array(
|
|
1436
|
+
z6.object({
|
|
1437
|
+
name: z6.string(),
|
|
1438
|
+
key: z6.string(),
|
|
1439
|
+
index: z6.number(),
|
|
1440
|
+
defaultValue: z6.string(),
|
|
1441
|
+
value: z6.string().nullable(),
|
|
1442
|
+
extraContext: z6.array(ExtraContextInternalZ),
|
|
1443
|
+
inputType: z6.nativeEnum(FixQuestionInputType),
|
|
1444
|
+
options: z6.array(z6.string())
|
|
1747
1445
|
})
|
|
1748
1446
|
),
|
|
1749
1447
|
extraContext: FixExtraContextZ
|
|
1750
1448
|
});
|
|
1751
|
-
FixRatingZ =
|
|
1752
|
-
voteScore:
|
|
1753
|
-
fixRatingTag:
|
|
1754
|
-
comment:
|
|
1755
|
-
updatedDate:
|
|
1756
|
-
user:
|
|
1757
|
-
email:
|
|
1758
|
-
name:
|
|
1449
|
+
FixRatingZ = z6.object({
|
|
1450
|
+
voteScore: z6.number(),
|
|
1451
|
+
fixRatingTag: z6.nativeEnum(Fix_Rating_Tag_Enum).nullable().default(null),
|
|
1452
|
+
comment: z6.string().nullable().default(null),
|
|
1453
|
+
updatedDate: z6.string().nullable(),
|
|
1454
|
+
user: z6.object({
|
|
1455
|
+
email: z6.string(),
|
|
1456
|
+
name: z6.string()
|
|
1759
1457
|
})
|
|
1760
1458
|
});
|
|
1761
|
-
IssueRatingZ =
|
|
1762
|
-
voteScore:
|
|
1763
|
-
comment:
|
|
1764
|
-
updatedDate:
|
|
1765
|
-
user:
|
|
1766
|
-
email:
|
|
1767
|
-
name:
|
|
1459
|
+
IssueRatingZ = z6.object({
|
|
1460
|
+
voteScore: z6.number(),
|
|
1461
|
+
comment: z6.string().nullable().default(null),
|
|
1462
|
+
updatedDate: z6.string().nullable(),
|
|
1463
|
+
user: z6.object({
|
|
1464
|
+
email: z6.string(),
|
|
1465
|
+
name: z6.string()
|
|
1768
1466
|
})
|
|
1769
1467
|
});
|
|
1770
|
-
IssueSharedStateZ =
|
|
1771
|
-
id:
|
|
1772
|
-
createdAt:
|
|
1773
|
-
isArchived:
|
|
1774
|
-
ticketIntegrationId:
|
|
1775
|
-
ticketIntegrations:
|
|
1776
|
-
|
|
1777
|
-
url:
|
|
1468
|
+
IssueSharedStateZ = z6.object({
|
|
1469
|
+
id: z6.string(),
|
|
1470
|
+
createdAt: z6.string(),
|
|
1471
|
+
isArchived: z6.boolean(),
|
|
1472
|
+
ticketIntegrationId: z6.string().nullable(),
|
|
1473
|
+
ticketIntegrations: z6.array(
|
|
1474
|
+
z6.object({
|
|
1475
|
+
url: z6.string()
|
|
1778
1476
|
})
|
|
1779
1477
|
),
|
|
1780
|
-
issueRatings:
|
|
1478
|
+
issueRatings: z6.array(IssueRatingZ).default([])
|
|
1781
1479
|
}).nullable();
|
|
1782
|
-
FixSharedStateZ =
|
|
1783
|
-
state:
|
|
1784
|
-
isArchived:
|
|
1480
|
+
FixSharedStateZ = z6.object({
|
|
1481
|
+
state: z6.nativeEnum(Fix_State_Enum),
|
|
1482
|
+
isArchived: z6.boolean(),
|
|
1785
1483
|
scmSubmitFixRequests: ScmSubmitFixRequestsZ,
|
|
1786
|
-
fixRatings:
|
|
1484
|
+
fixRatings: z6.array(FixRatingZ).default([])
|
|
1787
1485
|
}).nullish().transform(
|
|
1788
1486
|
(data) => data ? data : {
|
|
1789
1487
|
state: "Ready" /* Ready */,
|
|
@@ -1792,46 +1490,46 @@ var init_fix = __esm({
|
|
|
1792
1490
|
fixRatings: []
|
|
1793
1491
|
}
|
|
1794
1492
|
);
|
|
1795
|
-
FixQueryZ =
|
|
1796
|
-
__typename:
|
|
1797
|
-
id:
|
|
1493
|
+
FixQueryZ = z6.object({
|
|
1494
|
+
__typename: z6.literal("fix").optional(),
|
|
1495
|
+
id: z6.string().uuid(),
|
|
1798
1496
|
sharedState: FixSharedStateZ,
|
|
1799
|
-
modifiedBy:
|
|
1800
|
-
gitBlameLogin:
|
|
1801
|
-
safeIssueLanguage:
|
|
1802
|
-
safeIssueType:
|
|
1803
|
-
confidence:
|
|
1804
|
-
fixReportId:
|
|
1805
|
-
isExpired:
|
|
1806
|
-
fixFiles:
|
|
1807
|
-
|
|
1808
|
-
fileRepoRelativePath:
|
|
1497
|
+
modifiedBy: z6.string().nullable(),
|
|
1498
|
+
gitBlameLogin: z6.string().nullable(),
|
|
1499
|
+
safeIssueLanguage: z6.string(),
|
|
1500
|
+
safeIssueType: z6.string(),
|
|
1501
|
+
confidence: z6.number(),
|
|
1502
|
+
fixReportId: z6.string().uuid(),
|
|
1503
|
+
isExpired: z6.boolean().default(false),
|
|
1504
|
+
fixFiles: z6.array(
|
|
1505
|
+
z6.object({
|
|
1506
|
+
fileRepoRelativePath: z6.string()
|
|
1809
1507
|
})
|
|
1810
1508
|
),
|
|
1811
|
-
numberOfVulnerabilityIssues:
|
|
1812
|
-
severityText:
|
|
1813
|
-
vulnerabilityReportIssues:
|
|
1814
|
-
|
|
1815
|
-
vendorIssueId:
|
|
1816
|
-
issueLanguage:
|
|
1509
|
+
numberOfVulnerabilityIssues: z6.number(),
|
|
1510
|
+
severityText: z6.nativeEnum(Vulnerability_Severity_Enum),
|
|
1511
|
+
vulnerabilityReportIssues: z6.array(
|
|
1512
|
+
z6.object({
|
|
1513
|
+
vendorIssueId: z6.string(),
|
|
1514
|
+
issueLanguage: z6.string(),
|
|
1817
1515
|
parsedSeverity: ParsedSeverityZ,
|
|
1818
|
-
sharedState:
|
|
1819
|
-
id:
|
|
1820
|
-
isArchived:
|
|
1821
|
-
ticketIntegrationId:
|
|
1516
|
+
sharedState: z6.object({
|
|
1517
|
+
id: z6.string().uuid(),
|
|
1518
|
+
isArchived: z6.boolean(),
|
|
1519
|
+
ticketIntegrationId: z6.string().uuid().nullable()
|
|
1822
1520
|
}).nullable()
|
|
1823
1521
|
})
|
|
1824
1522
|
),
|
|
1825
1523
|
patchAndQuestions: PatchAndQuestionsZ,
|
|
1826
|
-
effortToApplyFix:
|
|
1524
|
+
effortToApplyFix: z6.nativeEnum(Effort_To_Apply_Fix_Enum).nullable()
|
|
1827
1525
|
});
|
|
1828
1526
|
FixPartsForFixScreenZ = FixQueryZ.merge(
|
|
1829
|
-
|
|
1830
|
-
vulnerabilityReportIssues:
|
|
1831
|
-
|
|
1832
|
-
vendorIssueId:
|
|
1833
|
-
issueType:
|
|
1834
|
-
issueLanguage:
|
|
1527
|
+
z6.object({
|
|
1528
|
+
vulnerabilityReportIssues: z6.array(
|
|
1529
|
+
z6.object({
|
|
1530
|
+
vendorIssueId: z6.string(),
|
|
1531
|
+
issueType: z6.string(),
|
|
1532
|
+
issueLanguage: z6.string(),
|
|
1835
1533
|
sharedState: IssueSharedStateZ
|
|
1836
1534
|
})
|
|
1837
1535
|
)
|
|
@@ -1841,24 +1539,24 @@ var init_fix = __esm({
|
|
|
1841
1539
|
});
|
|
1842
1540
|
|
|
1843
1541
|
// src/features/analysis/scm/shared/src/types/analysis.ts
|
|
1844
|
-
import { z as
|
|
1542
|
+
import { z as z7 } from "zod";
|
|
1845
1543
|
var FixPageFixReportZ;
|
|
1846
1544
|
var init_analysis = __esm({
|
|
1847
1545
|
"src/features/analysis/scm/shared/src/types/analysis.ts"() {
|
|
1848
1546
|
"use strict";
|
|
1849
1547
|
init_client_generates();
|
|
1850
1548
|
init_client_generates();
|
|
1851
|
-
FixPageFixReportZ =
|
|
1852
|
-
id:
|
|
1853
|
-
analysisUrl:
|
|
1854
|
-
createdOn:
|
|
1855
|
-
state:
|
|
1856
|
-
repo:
|
|
1857
|
-
name:
|
|
1858
|
-
originalUrl:
|
|
1859
|
-
reference:
|
|
1860
|
-
commitSha:
|
|
1861
|
-
isKnownBranch:
|
|
1549
|
+
FixPageFixReportZ = z7.object({
|
|
1550
|
+
id: z7.string().uuid(),
|
|
1551
|
+
analysisUrl: z7.string(),
|
|
1552
|
+
createdOn: z7.string(),
|
|
1553
|
+
state: z7.nativeEnum(Fix_Report_State_Enum),
|
|
1554
|
+
repo: z7.object({
|
|
1555
|
+
name: z7.string().nullable(),
|
|
1556
|
+
originalUrl: z7.string(),
|
|
1557
|
+
reference: z7.string(),
|
|
1558
|
+
commitSha: z7.string(),
|
|
1559
|
+
isKnownBranch: z7.boolean().nullish().default(true)
|
|
1862
1560
|
}).nullable().transform(
|
|
1863
1561
|
(repo) => repo ?? {
|
|
1864
1562
|
name: null,
|
|
@@ -1868,13 +1566,13 @@ var init_analysis = __esm({
|
|
|
1868
1566
|
isKnownBranch: true
|
|
1869
1567
|
}
|
|
1870
1568
|
),
|
|
1871
|
-
vulnerabilityReport:
|
|
1872
|
-
id:
|
|
1873
|
-
vendor:
|
|
1874
|
-
computedVendor:
|
|
1875
|
-
projectId:
|
|
1876
|
-
project:
|
|
1877
|
-
organizationId:
|
|
1569
|
+
vulnerabilityReport: z7.object({
|
|
1570
|
+
id: z7.string().uuid(),
|
|
1571
|
+
vendor: z7.nativeEnum(Vulnerability_Report_Vendor_Enum),
|
|
1572
|
+
computedVendor: z7.nativeEnum(Vulnerability_Report_Vendor_Enum),
|
|
1573
|
+
projectId: z7.string().uuid(),
|
|
1574
|
+
project: z7.object({
|
|
1575
|
+
organizationId: z7.string().uuid()
|
|
1878
1576
|
})
|
|
1879
1577
|
})
|
|
1880
1578
|
});
|
|
@@ -1882,7 +1580,7 @@ var init_analysis = __esm({
|
|
|
1882
1580
|
});
|
|
1883
1581
|
|
|
1884
1582
|
// src/features/analysis/scm/shared/src/types/issue.ts
|
|
1885
|
-
import { z as
|
|
1583
|
+
import { z as z8 } from "zod";
|
|
1886
1584
|
var MAX_SOURCE_CODE_FILE_SIZE_IN_BYTES, VulnerabilityReportIssueRatingZ, VulnerabilityReportIssueSharedStateZ, BaseIssuePartsZ, FalsePositivePartsZ, UnfixablePartsZ, IssuePartsWithFixZ, IssuePartsFpZ, GeneralIssueZ, IssuePartsZ, GetIssueIndexesZ, GetIssueScreenDataZ, IssueBucketZ, mapCategoryToBucket, mapBucketTypeToCategory;
|
|
1887
1585
|
var init_issue = __esm({
|
|
1888
1586
|
"src/features/analysis/scm/shared/src/types/issue.ts"() {
|
|
@@ -1892,57 +1590,57 @@ var init_issue = __esm({
|
|
|
1892
1590
|
init_fix();
|
|
1893
1591
|
init_shared();
|
|
1894
1592
|
MAX_SOURCE_CODE_FILE_SIZE_IN_BYTES = 1e5;
|
|
1895
|
-
VulnerabilityReportIssueRatingZ =
|
|
1896
|
-
voteScore:
|
|
1897
|
-
comment:
|
|
1898
|
-
updatedDate:
|
|
1899
|
-
user:
|
|
1900
|
-
email:
|
|
1901
|
-
name:
|
|
1593
|
+
VulnerabilityReportIssueRatingZ = z8.object({
|
|
1594
|
+
voteScore: z8.number(),
|
|
1595
|
+
comment: z8.string().nullable().default(null),
|
|
1596
|
+
updatedDate: z8.string().nullable(),
|
|
1597
|
+
user: z8.object({
|
|
1598
|
+
email: z8.string(),
|
|
1599
|
+
name: z8.string()
|
|
1902
1600
|
})
|
|
1903
1601
|
});
|
|
1904
|
-
VulnerabilityReportIssueSharedStateZ =
|
|
1905
|
-
id:
|
|
1906
|
-
createdAt:
|
|
1907
|
-
isArchived:
|
|
1908
|
-
ticketIntegrationId:
|
|
1909
|
-
ticketIntegrations:
|
|
1910
|
-
|
|
1911
|
-
url:
|
|
1602
|
+
VulnerabilityReportIssueSharedStateZ = z8.object({
|
|
1603
|
+
id: z8.string().uuid(),
|
|
1604
|
+
createdAt: z8.string(),
|
|
1605
|
+
isArchived: z8.boolean(),
|
|
1606
|
+
ticketIntegrationId: z8.string().uuid().nullable(),
|
|
1607
|
+
ticketIntegrations: z8.array(
|
|
1608
|
+
z8.object({
|
|
1609
|
+
url: z8.string()
|
|
1912
1610
|
})
|
|
1913
1611
|
),
|
|
1914
|
-
issueRatings:
|
|
1612
|
+
issueRatings: z8.array(VulnerabilityReportIssueRatingZ).default([])
|
|
1915
1613
|
}).nullish();
|
|
1916
|
-
BaseIssuePartsZ =
|
|
1917
|
-
id:
|
|
1918
|
-
safeIssueType:
|
|
1919
|
-
safeIssueLanguage:
|
|
1920
|
-
createdAt:
|
|
1614
|
+
BaseIssuePartsZ = z8.object({
|
|
1615
|
+
id: z8.string().uuid(),
|
|
1616
|
+
safeIssueType: z8.string(),
|
|
1617
|
+
safeIssueLanguage: z8.string(),
|
|
1618
|
+
createdAt: z8.string(),
|
|
1921
1619
|
parsedSeverity: ParsedSeverityZ,
|
|
1922
|
-
category:
|
|
1923
|
-
extraData:
|
|
1924
|
-
missing_files:
|
|
1925
|
-
error_files:
|
|
1926
|
-
ai_cost_limit_exceeded:
|
|
1620
|
+
category: z8.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
1621
|
+
extraData: z8.object({
|
|
1622
|
+
missing_files: z8.string().array().nullish(),
|
|
1623
|
+
error_files: z8.string().array().nullish(),
|
|
1624
|
+
ai_cost_limit_exceeded: z8.string().nullish()
|
|
1927
1625
|
}),
|
|
1928
|
-
vulnerabilityReportIssueTags:
|
|
1929
|
-
|
|
1930
|
-
tag:
|
|
1626
|
+
vulnerabilityReportIssueTags: z8.array(
|
|
1627
|
+
z8.object({
|
|
1628
|
+
tag: z8.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
|
|
1931
1629
|
})
|
|
1932
1630
|
),
|
|
1933
|
-
codeNodes:
|
|
1934
|
-
|
|
1935
|
-
path:
|
|
1936
|
-
line:
|
|
1937
|
-
index:
|
|
1631
|
+
codeNodes: z8.array(
|
|
1632
|
+
z8.object({
|
|
1633
|
+
path: z8.string(),
|
|
1634
|
+
line: z8.number(),
|
|
1635
|
+
index: z8.number()
|
|
1938
1636
|
})
|
|
1939
1637
|
).transform((nodes) => nodes.sort((a, b) => b.index - a.index)),
|
|
1940
|
-
sourceCodeNodes:
|
|
1941
|
-
|
|
1942
|
-
sourceCodeFile:
|
|
1943
|
-
path:
|
|
1944
|
-
signedFile:
|
|
1945
|
-
url:
|
|
1638
|
+
sourceCodeNodes: z8.array(
|
|
1639
|
+
z8.object({
|
|
1640
|
+
sourceCodeFile: z8.object({
|
|
1641
|
+
path: z8.string(),
|
|
1642
|
+
signedFile: z8.object({
|
|
1643
|
+
url: z8.string()
|
|
1946
1644
|
})
|
|
1947
1645
|
})
|
|
1948
1646
|
}).transform(async ({ sourceCodeFile }) => {
|
|
@@ -1958,71 +1656,71 @@ var init_issue = __esm({
|
|
|
1958
1656
|
})
|
|
1959
1657
|
).transform((nodes) => nodes.filter((node) => node !== null)),
|
|
1960
1658
|
fix: FixPartsForFixScreenZ.nullish(),
|
|
1961
|
-
vulnerabilityReportIssueNodeDiffFile:
|
|
1962
|
-
signedFile:
|
|
1963
|
-
url:
|
|
1659
|
+
vulnerabilityReportIssueNodeDiffFile: z8.object({
|
|
1660
|
+
signedFile: z8.object({
|
|
1661
|
+
url: z8.string()
|
|
1964
1662
|
}).transform(async ({ url }) => {
|
|
1965
1663
|
const codeDiff = await fetch(url).then((res) => res.text());
|
|
1966
1664
|
return { codeDiff };
|
|
1967
1665
|
})
|
|
1968
1666
|
}).nullish(),
|
|
1969
1667
|
sharedState: VulnerabilityReportIssueSharedStateZ,
|
|
1970
|
-
unfixableId:
|
|
1668
|
+
unfixableId: z8.string().uuid().nullish()
|
|
1971
1669
|
});
|
|
1972
|
-
FalsePositivePartsZ =
|
|
1973
|
-
extraContext:
|
|
1974
|
-
fixDescription:
|
|
1670
|
+
FalsePositivePartsZ = z8.object({
|
|
1671
|
+
extraContext: z8.array(z8.object({ key: z8.string(), value: z8.string() })),
|
|
1672
|
+
fixDescription: z8.string()
|
|
1975
1673
|
});
|
|
1976
|
-
UnfixablePartsZ =
|
|
1977
|
-
extraContext:
|
|
1978
|
-
fixDescription:
|
|
1674
|
+
UnfixablePartsZ = z8.object({
|
|
1675
|
+
extraContext: z8.array(z8.object({ key: z8.string(), value: z8.string() })),
|
|
1676
|
+
fixDescription: z8.string()
|
|
1979
1677
|
});
|
|
1980
1678
|
IssuePartsWithFixZ = BaseIssuePartsZ.merge(
|
|
1981
|
-
|
|
1982
|
-
category:
|
|
1679
|
+
z8.object({
|
|
1680
|
+
category: z8.literal("Irrelevant" /* Irrelevant */),
|
|
1983
1681
|
fix: FixPartsForFixScreenZ.nullish()
|
|
1984
1682
|
})
|
|
1985
1683
|
);
|
|
1986
1684
|
IssuePartsFpZ = BaseIssuePartsZ.merge(
|
|
1987
|
-
|
|
1988
|
-
category:
|
|
1989
|
-
fpId:
|
|
1685
|
+
z8.object({
|
|
1686
|
+
category: z8.literal("FalsePositive" /* FalsePositive */),
|
|
1687
|
+
fpId: z8.string().uuid(),
|
|
1990
1688
|
getFalsePositive: FalsePositivePartsZ
|
|
1991
1689
|
})
|
|
1992
1690
|
);
|
|
1993
1691
|
GeneralIssueZ = BaseIssuePartsZ.merge(
|
|
1994
|
-
|
|
1995
|
-
category:
|
|
1996
|
-
|
|
1997
|
-
|
|
1998
|
-
|
|
1999
|
-
|
|
2000
|
-
|
|
1692
|
+
z8.object({
|
|
1693
|
+
category: z8.union([
|
|
1694
|
+
z8.literal("NoFix" /* NoFix */),
|
|
1695
|
+
z8.literal("Unsupported" /* Unsupported */),
|
|
1696
|
+
z8.literal("Fixable" /* Fixable */),
|
|
1697
|
+
z8.literal("Filtered" /* Filtered */),
|
|
1698
|
+
z8.literal("Pending" /* Pending */)
|
|
2001
1699
|
]),
|
|
2002
1700
|
getUnfixable: UnfixablePartsZ.nullish()
|
|
2003
1701
|
})
|
|
2004
1702
|
);
|
|
2005
|
-
IssuePartsZ =
|
|
1703
|
+
IssuePartsZ = z8.union([
|
|
2006
1704
|
IssuePartsFpZ,
|
|
2007
1705
|
IssuePartsWithFixZ,
|
|
2008
1706
|
GeneralIssueZ
|
|
2009
1707
|
]);
|
|
2010
|
-
GetIssueIndexesZ =
|
|
2011
|
-
currentIndex:
|
|
2012
|
-
totalIssues:
|
|
2013
|
-
nextIssue:
|
|
2014
|
-
id:
|
|
1708
|
+
GetIssueIndexesZ = z8.object({
|
|
1709
|
+
currentIndex: z8.number(),
|
|
1710
|
+
totalIssues: z8.number(),
|
|
1711
|
+
nextIssue: z8.object({
|
|
1712
|
+
id: z8.string().uuid()
|
|
2015
1713
|
}).nullish(),
|
|
2016
|
-
prevIssue:
|
|
2017
|
-
id:
|
|
1714
|
+
prevIssue: z8.object({
|
|
1715
|
+
id: z8.string().uuid()
|
|
2018
1716
|
}).nullish()
|
|
2019
1717
|
});
|
|
2020
|
-
GetIssueScreenDataZ =
|
|
1718
|
+
GetIssueScreenDataZ = z8.object({
|
|
2021
1719
|
fixReport_by_pk: FixPageFixReportZ,
|
|
2022
1720
|
vulnerability_report_issue_by_pk: IssuePartsZ,
|
|
2023
1721
|
issueIndexes: GetIssueIndexesZ
|
|
2024
1722
|
});
|
|
2025
|
-
IssueBucketZ =
|
|
1723
|
+
IssueBucketZ = z8.enum(["fixable", "irrelevant", "remaining"]);
|
|
2026
1724
|
mapCategoryToBucket = {
|
|
2027
1725
|
FalsePositive: "irrelevant",
|
|
2028
1726
|
Irrelevant: "irrelevant",
|
|
@@ -2049,42 +1747,44 @@ var init_issue = __esm({
|
|
|
2049
1747
|
});
|
|
2050
1748
|
|
|
2051
1749
|
// src/features/analysis/scm/shared/src/validations.ts
|
|
2052
|
-
import { z as
|
|
1750
|
+
import { z as z9 } from "zod";
|
|
2053
1751
|
var IssueTypeSettingZ, IssueTypeSettingsZ;
|
|
2054
1752
|
var init_validations = __esm({
|
|
2055
1753
|
"src/features/analysis/scm/shared/src/validations.ts"() {
|
|
2056
1754
|
"use strict";
|
|
2057
|
-
init_client_generates();
|
|
2058
1755
|
init_getIssueType();
|
|
2059
|
-
|
|
2060
|
-
|
|
2061
|
-
|
|
2062
|
-
|
|
2063
|
-
|
|
2064
|
-
|
|
2065
|
-
|
|
2066
|
-
|
|
2067
|
-
|
|
1756
|
+
init_issueTypeCatalog();
|
|
1757
|
+
IssueTypeSettingZ = z9.object({
|
|
1758
|
+
autoPrEnabled: z9.boolean(),
|
|
1759
|
+
enabled: z9.boolean(),
|
|
1760
|
+
issueType: SafeIssueTypeStringZ
|
|
1761
|
+
});
|
|
1762
|
+
IssueTypeSettingsZ = z9.array(IssueTypeSettingZ).transform((issueTypeSettings) => {
|
|
1763
|
+
const catalogValues = listIssueTypeCatalog().map((entry) => entry.value);
|
|
1764
|
+
if (catalogValues.length === 0) {
|
|
1765
|
+
throw new Error(
|
|
1766
|
+
"Issue-type catalog is not hydrated; cannot derive default issue-type settings"
|
|
2068
1767
|
);
|
|
2069
|
-
|
|
2070
|
-
|
|
2071
|
-
|
|
2072
|
-
|
|
1768
|
+
}
|
|
1769
|
+
const existingByIssueType = new Map(
|
|
1770
|
+
issueTypeSettings.map((setting) => [setting.issueType, setting])
|
|
1771
|
+
);
|
|
1772
|
+
return catalogValues.map(
|
|
1773
|
+
(issueType) => existingByIssueType.get(issueType) ?? {
|
|
2073
1774
|
autoPrEnabled: false,
|
|
2074
1775
|
enabled: true,
|
|
2075
|
-
issueType
|
|
2076
|
-
}
|
|
2077
|
-
|
|
2078
|
-
|
|
2079
|
-
|
|
2080
|
-
|
|
2081
|
-
});
|
|
1776
|
+
issueType
|
|
1777
|
+
}
|
|
1778
|
+
).map((setting) => ({
|
|
1779
|
+
setting,
|
|
1780
|
+
label: getIssueTypeFriendlyString(setting.issueType)
|
|
1781
|
+
})).sort((a, b) => a.label.localeCompare(b.label)).map(({ setting }) => setting);
|
|
2082
1782
|
});
|
|
2083
1783
|
}
|
|
2084
1784
|
});
|
|
2085
1785
|
|
|
2086
1786
|
// src/features/analysis/scm/shared/src/types/types.ts
|
|
2087
|
-
import { z as
|
|
1787
|
+
import { z as z10 } from "zod";
|
|
2088
1788
|
var OrganizationScreenQueryParamsZ, ProjectPageQueryParamsZ, AnalysisPageQueryParamsZ, FixPageQueryParamsZ, IssuePageQueryParamsZ, CliLoginPageQueryParamsZ, AnalysisReportDigestedZ, IssueSharedStateZ2, ReportQueryResultZ, ReportFixesQueryFixZ, BaseVulnerabilityReportIssueZ, VulnerabilityReportIssueZ, VulnerabilityReportIssueWithCodeFilePathZ, GetReportIssuesQueryZ, FixReportByProjectZ, FixScreenQueryResultZ, FixPageQueryZ, GetReportFixesQueryZ, GetFixReportStatsQueryZ, ProjectVulnerabilityReport, GetProjectsQueryZ, ProjectPageQueryResultZ, GetProjectMembersDataZ, RepoArgsZ, scmCloudUrl, ScmType, ConvertToSarifInputFileFormat;
|
|
2089
1789
|
var init_types = __esm({
|
|
2090
1790
|
"src/features/analysis/scm/shared/src/types/types.ts"() {
|
|
@@ -2095,117 +1795,117 @@ var init_types = __esm({
|
|
|
2095
1795
|
init_fix();
|
|
2096
1796
|
init_issue();
|
|
2097
1797
|
init_shared();
|
|
2098
|
-
OrganizationScreenQueryParamsZ =
|
|
2099
|
-
organizationId:
|
|
1798
|
+
OrganizationScreenQueryParamsZ = z10.object({
|
|
1799
|
+
organizationId: z10.string().uuid()
|
|
2100
1800
|
});
|
|
2101
|
-
ProjectPageQueryParamsZ =
|
|
2102
|
-
organizationId:
|
|
2103
|
-
projectId:
|
|
1801
|
+
ProjectPageQueryParamsZ = z10.object({
|
|
1802
|
+
organizationId: z10.string().uuid(),
|
|
1803
|
+
projectId: z10.string().uuid()
|
|
2104
1804
|
});
|
|
2105
1805
|
AnalysisPageQueryParamsZ = ProjectPageQueryParamsZ.extend({
|
|
2106
|
-
reportId:
|
|
1806
|
+
reportId: z10.string().uuid()
|
|
2107
1807
|
});
|
|
2108
1808
|
FixPageQueryParamsZ = AnalysisPageQueryParamsZ.extend({
|
|
2109
|
-
fixId:
|
|
1809
|
+
fixId: z10.string().uuid()
|
|
2110
1810
|
});
|
|
2111
1811
|
IssuePageQueryParamsZ = AnalysisPageQueryParamsZ.extend({
|
|
2112
|
-
issueId:
|
|
2113
|
-
});
|
|
2114
|
-
CliLoginPageQueryParamsZ =
|
|
2115
|
-
loginId:
|
|
2116
|
-
});
|
|
2117
|
-
AnalysisReportDigestedZ =
|
|
2118
|
-
id:
|
|
2119
|
-
state:
|
|
2120
|
-
vulnerabilityReport:
|
|
2121
|
-
reportSummaryUrl:
|
|
2122
|
-
scanDate:
|
|
2123
|
-
supported:
|
|
2124
|
-
aggregate:
|
|
2125
|
-
count:
|
|
1812
|
+
issueId: z10.string().uuid()
|
|
1813
|
+
});
|
|
1814
|
+
CliLoginPageQueryParamsZ = z10.object({
|
|
1815
|
+
loginId: z10.string().uuid()
|
|
1816
|
+
});
|
|
1817
|
+
AnalysisReportDigestedZ = z10.object({
|
|
1818
|
+
id: z10.string().uuid(),
|
|
1819
|
+
state: z10.nativeEnum(Fix_Report_State_Enum),
|
|
1820
|
+
vulnerabilityReport: z10.object({
|
|
1821
|
+
reportSummaryUrl: z10.string().url().nullish(),
|
|
1822
|
+
scanDate: z10.string().nullable(),
|
|
1823
|
+
supported: z10.object({
|
|
1824
|
+
aggregate: z10.object({
|
|
1825
|
+
count: z10.number()
|
|
2126
1826
|
})
|
|
2127
1827
|
}),
|
|
2128
|
-
all:
|
|
2129
|
-
aggregate:
|
|
2130
|
-
count:
|
|
1828
|
+
all: z10.object({
|
|
1829
|
+
aggregate: z10.object({
|
|
1830
|
+
count: z10.number()
|
|
2131
1831
|
})
|
|
2132
1832
|
}),
|
|
2133
|
-
vendor:
|
|
2134
|
-
project:
|
|
2135
|
-
organizationId:
|
|
1833
|
+
vendor: z10.nativeEnum(Vulnerability_Report_Vendor_Enum),
|
|
1834
|
+
project: z10.object({
|
|
1835
|
+
organizationId: z10.string().uuid()
|
|
2136
1836
|
})
|
|
2137
1837
|
})
|
|
2138
1838
|
});
|
|
2139
|
-
IssueSharedStateZ2 =
|
|
2140
|
-
id:
|
|
2141
|
-
createdAt:
|
|
2142
|
-
isArchived:
|
|
2143
|
-
ticketIntegrationId:
|
|
2144
|
-
ticketIntegrations:
|
|
2145
|
-
|
|
2146
|
-
url:
|
|
1839
|
+
IssueSharedStateZ2 = z10.object({
|
|
1840
|
+
id: z10.string().uuid(),
|
|
1841
|
+
createdAt: z10.string(),
|
|
1842
|
+
isArchived: z10.boolean(),
|
|
1843
|
+
ticketIntegrationId: z10.string().uuid().nullable(),
|
|
1844
|
+
ticketIntegrations: z10.array(
|
|
1845
|
+
z10.object({
|
|
1846
|
+
url: z10.string()
|
|
2147
1847
|
})
|
|
2148
1848
|
)
|
|
2149
1849
|
}).nullable();
|
|
2150
|
-
ReportQueryResultZ =
|
|
2151
|
-
fixReport_by_pk:
|
|
2152
|
-
id:
|
|
2153
|
-
analysisUrl:
|
|
2154
|
-
fixesCommitted:
|
|
2155
|
-
aggregate:
|
|
1850
|
+
ReportQueryResultZ = z10.object({
|
|
1851
|
+
fixReport_by_pk: z10.object({
|
|
1852
|
+
id: z10.string().uuid(),
|
|
1853
|
+
analysisUrl: z10.string(),
|
|
1854
|
+
fixesCommitted: z10.object({
|
|
1855
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2156
1856
|
}),
|
|
2157
|
-
fixesDownloaded:
|
|
2158
|
-
aggregate:
|
|
1857
|
+
fixesDownloaded: z10.object({
|
|
1858
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2159
1859
|
}),
|
|
2160
|
-
fixesDoneCount:
|
|
2161
|
-
fixesInprogressCount:
|
|
2162
|
-
fixesReadyCount:
|
|
2163
|
-
aggregate:
|
|
1860
|
+
fixesDoneCount: z10.number(),
|
|
1861
|
+
fixesInprogressCount: z10.number(),
|
|
1862
|
+
fixesReadyCount: z10.object({
|
|
1863
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2164
1864
|
}),
|
|
2165
|
-
issueTypes:
|
|
2166
|
-
issueLanguages:
|
|
2167
|
-
fixesCountByEffort:
|
|
2168
|
-
vulnerabilitySeverities:
|
|
2169
|
-
createdOn:
|
|
2170
|
-
expirationOn:
|
|
2171
|
-
state:
|
|
2172
|
-
failReason:
|
|
2173
|
-
candidateToRerun:
|
|
2174
|
-
fixes:
|
|
2175
|
-
|
|
2176
|
-
id:
|
|
2177
|
-
safeIssueLanguage:
|
|
2178
|
-
safeIssueType:
|
|
2179
|
-
confidence:
|
|
2180
|
-
effortToApplyFix:
|
|
2181
|
-
modifiedBy:
|
|
2182
|
-
gitBlameLogin:
|
|
2183
|
-
fixReportId:
|
|
2184
|
-
filePaths:
|
|
2185
|
-
|
|
2186
|
-
fileRepoRelativePath:
|
|
1865
|
+
issueTypes: z10.record(z10.string(), z10.number()).nullable(),
|
|
1866
|
+
issueLanguages: z10.record(z10.string(), z10.number()).nullable(),
|
|
1867
|
+
fixesCountByEffort: z10.record(z10.string(), z10.number()).nullable(),
|
|
1868
|
+
vulnerabilitySeverities: z10.record(z10.string(), z10.number()).nullable(),
|
|
1869
|
+
createdOn: z10.string(),
|
|
1870
|
+
expirationOn: z10.string().nullable(),
|
|
1871
|
+
state: z10.nativeEnum(Fix_Report_State_Enum),
|
|
1872
|
+
failReason: z10.string().nullable(),
|
|
1873
|
+
candidateToRerun: z10.boolean(),
|
|
1874
|
+
fixes: z10.array(
|
|
1875
|
+
z10.object({
|
|
1876
|
+
id: z10.string().uuid(),
|
|
1877
|
+
safeIssueLanguage: z10.string(),
|
|
1878
|
+
safeIssueType: z10.string(),
|
|
1879
|
+
confidence: z10.number(),
|
|
1880
|
+
effortToApplyFix: z10.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
|
|
1881
|
+
modifiedBy: z10.string().nullable(),
|
|
1882
|
+
gitBlameLogin: z10.string().nullable(),
|
|
1883
|
+
fixReportId: z10.string().uuid(),
|
|
1884
|
+
filePaths: z10.array(
|
|
1885
|
+
z10.object({
|
|
1886
|
+
fileRepoRelativePath: z10.string()
|
|
2187
1887
|
})
|
|
2188
1888
|
),
|
|
2189
1889
|
sharedState: FixSharedStateZ,
|
|
2190
|
-
numberOfVulnerabilityIssues:
|
|
2191
|
-
severityText:
|
|
2192
|
-
vulnerabilityReportIssues:
|
|
2193
|
-
|
|
2194
|
-
id:
|
|
2195
|
-
issueType:
|
|
2196
|
-
issueLanguage:
|
|
2197
|
-
category:
|
|
1890
|
+
numberOfVulnerabilityIssues: z10.number(),
|
|
1891
|
+
severityText: z10.nativeEnum(Vulnerability_Severity_Enum),
|
|
1892
|
+
vulnerabilityReportIssues: z10.array(
|
|
1893
|
+
z10.object({
|
|
1894
|
+
id: z10.string().uuid(),
|
|
1895
|
+
issueType: z10.string(),
|
|
1896
|
+
issueLanguage: z10.string(),
|
|
1897
|
+
category: z10.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
2198
1898
|
sharedState: IssueSharedStateZ2
|
|
2199
1899
|
})
|
|
2200
1900
|
)
|
|
2201
1901
|
})
|
|
2202
1902
|
),
|
|
2203
|
-
repo:
|
|
2204
|
-
name:
|
|
2205
|
-
originalUrl:
|
|
2206
|
-
reference:
|
|
2207
|
-
commitSha:
|
|
2208
|
-
isKnownBranch:
|
|
1903
|
+
repo: z10.object({
|
|
1904
|
+
name: z10.string().nullable(),
|
|
1905
|
+
originalUrl: z10.string(),
|
|
1906
|
+
reference: z10.string(),
|
|
1907
|
+
commitSha: z10.string(),
|
|
1908
|
+
isKnownBranch: z10.boolean().nullish().default(true)
|
|
2209
1909
|
}).nullable().transform(
|
|
2210
1910
|
(repo) => repo ?? {
|
|
2211
1911
|
name: null,
|
|
@@ -2215,229 +1915,229 @@ var init_types = __esm({
|
|
|
2215
1915
|
isKnownBranch: true
|
|
2216
1916
|
}
|
|
2217
1917
|
),
|
|
2218
|
-
vulnerabilityReportIssuesFixedCount:
|
|
2219
|
-
vulnerabilityReportIssues_aggregate:
|
|
2220
|
-
aggregate:
|
|
1918
|
+
vulnerabilityReportIssuesFixedCount: z10.object({
|
|
1919
|
+
vulnerabilityReportIssues_aggregate: z10.object({
|
|
1920
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2221
1921
|
})
|
|
2222
1922
|
}),
|
|
2223
|
-
vulnerabilityReport:
|
|
2224
|
-
id:
|
|
2225
|
-
reportSummaryUrl:
|
|
2226
|
-
computedVendor:
|
|
2227
|
-
vendor:
|
|
2228
|
-
issuesWithKnownLanguage:
|
|
2229
|
-
scanDate:
|
|
2230
|
-
vendorReportId:
|
|
2231
|
-
projectId:
|
|
2232
|
-
project:
|
|
2233
|
-
organizationId:
|
|
1923
|
+
vulnerabilityReport: z10.object({
|
|
1924
|
+
id: z10.string().uuid(),
|
|
1925
|
+
reportSummaryUrl: z10.string().url().nullish(),
|
|
1926
|
+
computedVendor: z10.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
|
|
1927
|
+
vendor: z10.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
|
|
1928
|
+
issuesWithKnownLanguage: z10.number().nullable(),
|
|
1929
|
+
scanDate: z10.string().nullable(),
|
|
1930
|
+
vendorReportId: z10.string().uuid().nullable(),
|
|
1931
|
+
projectId: z10.string().uuid(),
|
|
1932
|
+
project: z10.object({
|
|
1933
|
+
organizationId: z10.string().uuid()
|
|
2234
1934
|
}),
|
|
2235
|
-
file:
|
|
2236
|
-
id:
|
|
2237
|
-
path:
|
|
1935
|
+
file: z10.object({
|
|
1936
|
+
id: z10.string().uuid(),
|
|
1937
|
+
path: z10.string()
|
|
2238
1938
|
}).nullable(),
|
|
2239
|
-
pending:
|
|
2240
|
-
aggregate:
|
|
2241
|
-
count:
|
|
1939
|
+
pending: z10.object({
|
|
1940
|
+
aggregate: z10.object({
|
|
1941
|
+
count: z10.number()
|
|
2242
1942
|
})
|
|
2243
1943
|
}),
|
|
2244
|
-
irrelevant:
|
|
2245
|
-
aggregate:
|
|
2246
|
-
count:
|
|
1944
|
+
irrelevant: z10.object({
|
|
1945
|
+
aggregate: z10.object({
|
|
1946
|
+
count: z10.number()
|
|
2247
1947
|
})
|
|
2248
1948
|
}),
|
|
2249
|
-
remaining:
|
|
2250
|
-
aggregate:
|
|
2251
|
-
count:
|
|
1949
|
+
remaining: z10.object({
|
|
1950
|
+
aggregate: z10.object({
|
|
1951
|
+
count: z10.number()
|
|
2252
1952
|
})
|
|
2253
1953
|
}),
|
|
2254
|
-
digested:
|
|
2255
|
-
aggregate:
|
|
2256
|
-
count:
|
|
1954
|
+
digested: z10.object({
|
|
1955
|
+
aggregate: z10.object({
|
|
1956
|
+
count: z10.number()
|
|
2257
1957
|
})
|
|
2258
1958
|
}),
|
|
2259
|
-
supported:
|
|
2260
|
-
aggregate:
|
|
2261
|
-
count:
|
|
1959
|
+
supported: z10.object({
|
|
1960
|
+
aggregate: z10.object({
|
|
1961
|
+
count: z10.number()
|
|
2262
1962
|
})
|
|
2263
1963
|
}),
|
|
2264
|
-
all:
|
|
2265
|
-
aggregate:
|
|
2266
|
-
count:
|
|
1964
|
+
all: z10.object({
|
|
1965
|
+
aggregate: z10.object({
|
|
1966
|
+
count: z10.number()
|
|
2267
1967
|
})
|
|
2268
1968
|
}),
|
|
2269
|
-
fixable:
|
|
2270
|
-
aggregate:
|
|
2271
|
-
count:
|
|
1969
|
+
fixable: z10.object({
|
|
1970
|
+
aggregate: z10.object({
|
|
1971
|
+
count: z10.number()
|
|
2272
1972
|
})
|
|
2273
1973
|
}),
|
|
2274
|
-
errors:
|
|
2275
|
-
aggregate:
|
|
2276
|
-
count:
|
|
1974
|
+
errors: z10.object({
|
|
1975
|
+
aggregate: z10.object({
|
|
1976
|
+
count: z10.number()
|
|
2277
1977
|
})
|
|
2278
1978
|
}),
|
|
2279
|
-
vulnerabilityReportIssues:
|
|
2280
|
-
id:
|
|
2281
|
-
extraData:
|
|
2282
|
-
missing_files:
|
|
2283
|
-
large_files:
|
|
2284
|
-
error_files:
|
|
2285
|
-
ai_cost_limit_exceeded:
|
|
1979
|
+
vulnerabilityReportIssues: z10.object({
|
|
1980
|
+
id: z10.string().uuid(),
|
|
1981
|
+
extraData: z10.object({
|
|
1982
|
+
missing_files: z10.string().array().nullish(),
|
|
1983
|
+
large_files: z10.string().array().nullish(),
|
|
1984
|
+
error_files: z10.string().array().nullish(),
|
|
1985
|
+
ai_cost_limit_exceeded: z10.string().nullish()
|
|
2286
1986
|
})
|
|
2287
1987
|
}).array()
|
|
2288
1988
|
})
|
|
2289
1989
|
})
|
|
2290
1990
|
});
|
|
2291
|
-
ReportFixesQueryFixZ =
|
|
2292
|
-
id:
|
|
1991
|
+
ReportFixesQueryFixZ = z10.object({
|
|
1992
|
+
id: z10.string().uuid(),
|
|
2293
1993
|
sharedState: FixSharedStateZ,
|
|
2294
|
-
confidence:
|
|
2295
|
-
gitBlameLogin:
|
|
2296
|
-
effortToApplyFix:
|
|
2297
|
-
safeIssueLanguage:
|
|
2298
|
-
safeIssueType:
|
|
2299
|
-
fixReportId:
|
|
2300
|
-
filePaths:
|
|
2301
|
-
|
|
2302
|
-
fileRepoRelativePath:
|
|
1994
|
+
confidence: z10.number(),
|
|
1995
|
+
gitBlameLogin: z10.string().nullable(),
|
|
1996
|
+
effortToApplyFix: z10.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
|
|
1997
|
+
safeIssueLanguage: z10.string(),
|
|
1998
|
+
safeIssueType: z10.string(),
|
|
1999
|
+
fixReportId: z10.string().uuid(),
|
|
2000
|
+
filePaths: z10.array(
|
|
2001
|
+
z10.object({
|
|
2002
|
+
fileRepoRelativePath: z10.string()
|
|
2303
2003
|
})
|
|
2304
2004
|
),
|
|
2305
|
-
numberOfVulnerabilityIssues:
|
|
2306
|
-
severityText:
|
|
2307
|
-
vulnerabilityReportIssues:
|
|
2308
|
-
|
|
2309
|
-
issueType:
|
|
2310
|
-
issueLanguage:
|
|
2005
|
+
numberOfVulnerabilityIssues: z10.number(),
|
|
2006
|
+
severityText: z10.nativeEnum(Vulnerability_Severity_Enum),
|
|
2007
|
+
vulnerabilityReportIssues: z10.array(
|
|
2008
|
+
z10.object({
|
|
2009
|
+
issueType: z10.string(),
|
|
2010
|
+
issueLanguage: z10.string(),
|
|
2311
2011
|
sharedState: IssueSharedStateZ2
|
|
2312
2012
|
})
|
|
2313
2013
|
).min(1)
|
|
2314
2014
|
});
|
|
2315
|
-
BaseVulnerabilityReportIssueZ =
|
|
2316
|
-
id:
|
|
2317
|
-
createdAt:
|
|
2318
|
-
state:
|
|
2319
|
-
safeIssueType:
|
|
2320
|
-
safeIssueLanguage:
|
|
2321
|
-
extraData:
|
|
2322
|
-
missing_files:
|
|
2323
|
-
large_files:
|
|
2324
|
-
error_files:
|
|
2325
|
-
ai_cost_limit_exceeded:
|
|
2015
|
+
BaseVulnerabilityReportIssueZ = z10.object({
|
|
2016
|
+
id: z10.string().uuid(),
|
|
2017
|
+
createdAt: z10.string(),
|
|
2018
|
+
state: z10.nativeEnum(Vulnerability_Report_Issue_State_Enum),
|
|
2019
|
+
safeIssueType: z10.string(),
|
|
2020
|
+
safeIssueLanguage: z10.string(),
|
|
2021
|
+
extraData: z10.object({
|
|
2022
|
+
missing_files: z10.string().array().nullish(),
|
|
2023
|
+
large_files: z10.string().array().nullish(),
|
|
2024
|
+
error_files: z10.string().array().nullish(),
|
|
2025
|
+
ai_cost_limit_exceeded: z10.string().nullish()
|
|
2326
2026
|
}),
|
|
2327
2027
|
fix: ReportFixesQueryFixZ.nullable(),
|
|
2328
|
-
falsePositive:
|
|
2329
|
-
id:
|
|
2028
|
+
falsePositive: z10.object({
|
|
2029
|
+
id: z10.string().uuid()
|
|
2330
2030
|
}).nullable(),
|
|
2331
2031
|
parsedSeverity: ParsedSeverityZ,
|
|
2332
|
-
severity:
|
|
2333
|
-
severityValue:
|
|
2334
|
-
category:
|
|
2335
|
-
vulnerabilityReportIssueTags:
|
|
2336
|
-
|
|
2337
|
-
vulnerability_report_issue_tag_value:
|
|
2032
|
+
severity: z10.string(),
|
|
2033
|
+
severityValue: z10.number(),
|
|
2034
|
+
category: z10.string(),
|
|
2035
|
+
vulnerabilityReportIssueTags: z10.array(
|
|
2036
|
+
z10.object({
|
|
2037
|
+
vulnerability_report_issue_tag_value: z10.string()
|
|
2338
2038
|
})
|
|
2339
2039
|
),
|
|
2340
2040
|
sharedState: VulnerabilityReportIssueSharedStateZ
|
|
2341
2041
|
});
|
|
2342
2042
|
VulnerabilityReportIssueZ = BaseVulnerabilityReportIssueZ.merge(
|
|
2343
|
-
|
|
2344
|
-
codeNodes:
|
|
2043
|
+
z10.object({
|
|
2044
|
+
codeNodes: z10.array(z10.object({ path: z10.string() }))
|
|
2345
2045
|
})
|
|
2346
2046
|
);
|
|
2347
2047
|
VulnerabilityReportIssueWithCodeFilePathZ = BaseVulnerabilityReportIssueZ.merge(
|
|
2348
|
-
|
|
2349
|
-
codeFilePath:
|
|
2048
|
+
z10.object({
|
|
2049
|
+
codeFilePath: z10.string().nullable()
|
|
2350
2050
|
})
|
|
2351
2051
|
);
|
|
2352
|
-
GetReportIssuesQueryZ =
|
|
2353
|
-
fixReport:
|
|
2354
|
-
vulnerabilityReport:
|
|
2355
|
-
id:
|
|
2356
|
-
lastIssueUpdatedAt:
|
|
2357
|
-
vulnerabilityReportIssues_aggregate:
|
|
2358
|
-
aggregate:
|
|
2052
|
+
GetReportIssuesQueryZ = z10.object({
|
|
2053
|
+
fixReport: z10.object({
|
|
2054
|
+
vulnerabilityReport: z10.object({
|
|
2055
|
+
id: z10.string().uuid(),
|
|
2056
|
+
lastIssueUpdatedAt: z10.string(),
|
|
2057
|
+
vulnerabilityReportIssues_aggregate: z10.object({
|
|
2058
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2359
2059
|
}),
|
|
2360
|
-
vulnerabilityReportIssues:
|
|
2060
|
+
vulnerabilityReportIssues: z10.array(
|
|
2361
2061
|
VulnerabilityReportIssueWithCodeFilePathZ
|
|
2362
2062
|
)
|
|
2363
2063
|
})
|
|
2364
2064
|
}).array()
|
|
2365
2065
|
}).nullish();
|
|
2366
|
-
FixReportByProjectZ =
|
|
2367
|
-
project_by_pk:
|
|
2368
|
-
vulnerabilityReports:
|
|
2369
|
-
|
|
2370
|
-
fixReport:
|
|
2066
|
+
FixReportByProjectZ = z10.object({
|
|
2067
|
+
project_by_pk: z10.object({
|
|
2068
|
+
vulnerabilityReports: z10.array(
|
|
2069
|
+
z10.object({
|
|
2070
|
+
fixReport: z10.object({ id: z10.string().uuid() }).nullable()
|
|
2371
2071
|
})
|
|
2372
2072
|
)
|
|
2373
2073
|
})
|
|
2374
2074
|
});
|
|
2375
|
-
FixScreenQueryResultZ =
|
|
2075
|
+
FixScreenQueryResultZ = z10.object({
|
|
2376
2076
|
fixReport_by_pk: FixPageFixReportZ,
|
|
2377
2077
|
fix_by_pk: FixPartsForFixScreenZ,
|
|
2378
|
-
fixesWithSameIssueType:
|
|
2379
|
-
|
|
2380
|
-
id:
|
|
2381
|
-
sharedState:
|
|
2078
|
+
fixesWithSameIssueType: z10.array(
|
|
2079
|
+
z10.object({
|
|
2080
|
+
id: z10.string().uuid(),
|
|
2081
|
+
sharedState: z10.object({ state: z10.nativeEnum(Fix_State_Enum) }).nullable().default({ state: "Ready" /* Ready */ })
|
|
2382
2082
|
})
|
|
2383
2083
|
),
|
|
2384
2084
|
relevantIssue: IssuePartsZ.nullish()
|
|
2385
2085
|
});
|
|
2386
|
-
FixPageQueryZ =
|
|
2086
|
+
FixPageQueryZ = z10.object({
|
|
2387
2087
|
data: FixScreenQueryResultZ
|
|
2388
2088
|
});
|
|
2389
|
-
GetReportFixesQueryZ =
|
|
2390
|
-
fixReport:
|
|
2391
|
-
|
|
2392
|
-
fixes:
|
|
2393
|
-
vulnerabilityReportIssuesTotalCount:
|
|
2394
|
-
vulnerabilityReportIssues_aggregate:
|
|
2395
|
-
aggregate:
|
|
2089
|
+
GetReportFixesQueryZ = z10.object({
|
|
2090
|
+
fixReport: z10.array(
|
|
2091
|
+
z10.object({
|
|
2092
|
+
fixes: z10.array(ReportFixesQueryFixZ),
|
|
2093
|
+
vulnerabilityReportIssuesTotalCount: z10.object({
|
|
2094
|
+
vulnerabilityReportIssues_aggregate: z10.object({
|
|
2095
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2396
2096
|
})
|
|
2397
2097
|
}),
|
|
2398
|
-
vulnerabilityReportIssuesFixedCount:
|
|
2399
|
-
vulnerabilityReportIssues_aggregate:
|
|
2400
|
-
aggregate:
|
|
2098
|
+
vulnerabilityReportIssuesFixedCount: z10.object({
|
|
2099
|
+
vulnerabilityReportIssues_aggregate: z10.object({
|
|
2100
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2401
2101
|
})
|
|
2402
2102
|
}),
|
|
2403
|
-
vulnerabilityReportIssuesIrrelevantCount:
|
|
2404
|
-
vulnerabilityReportIssues_aggregate:
|
|
2405
|
-
aggregate:
|
|
2103
|
+
vulnerabilityReportIssuesIrrelevantCount: z10.object({
|
|
2104
|
+
vulnerabilityReportIssues_aggregate: z10.object({
|
|
2105
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2406
2106
|
})
|
|
2407
2107
|
}),
|
|
2408
|
-
vulnerabilityReportIssuesRemainingCount:
|
|
2409
|
-
vulnerabilityReportIssues_aggregate:
|
|
2410
|
-
aggregate:
|
|
2108
|
+
vulnerabilityReportIssuesRemainingCount: z10.object({
|
|
2109
|
+
vulnerabilityReportIssues_aggregate: z10.object({
|
|
2110
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2411
2111
|
})
|
|
2412
2112
|
})
|
|
2413
2113
|
})
|
|
2414
2114
|
)
|
|
2415
2115
|
}).nullish();
|
|
2416
|
-
GetFixReportStatsQueryZ =
|
|
2417
|
-
fixReport_by_pk:
|
|
2418
|
-
id:
|
|
2419
|
-
vulnerabilitySeverities:
|
|
2420
|
-
vulnerabilityReportIrrelevantIssuesCount:
|
|
2421
|
-
vulnerabilityReportIssues_aggregate:
|
|
2422
|
-
aggregate:
|
|
2116
|
+
GetFixReportStatsQueryZ = z10.object({
|
|
2117
|
+
fixReport_by_pk: z10.object({
|
|
2118
|
+
id: z10.string().uuid(),
|
|
2119
|
+
vulnerabilitySeverities: z10.record(z10.nativeEnum(Vulnerability_Severity_Enum), z10.number()).nullable(),
|
|
2120
|
+
vulnerabilityReportIrrelevantIssuesCount: z10.object({
|
|
2121
|
+
vulnerabilityReportIssues_aggregate: z10.object({
|
|
2122
|
+
aggregate: z10.object({ count: z10.number() })
|
|
2423
2123
|
})
|
|
2424
2124
|
})
|
|
2425
2125
|
}).nullable()
|
|
2426
2126
|
});
|
|
2427
|
-
ProjectVulnerabilityReport =
|
|
2428
|
-
id:
|
|
2429
|
-
name:
|
|
2430
|
-
vendor:
|
|
2431
|
-
computedVendor:
|
|
2432
|
-
fixReport:
|
|
2433
|
-
id:
|
|
2434
|
-
createdOn:
|
|
2435
|
-
issueTypes:
|
|
2436
|
-
issueLanguages:
|
|
2437
|
-
repo:
|
|
2438
|
-
originalUrl:
|
|
2439
|
-
reference:
|
|
2440
|
-
name:
|
|
2127
|
+
ProjectVulnerabilityReport = z10.object({
|
|
2128
|
+
id: z10.string().uuid(),
|
|
2129
|
+
name: z10.string().nullable(),
|
|
2130
|
+
vendor: z10.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
|
|
2131
|
+
computedVendor: z10.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
|
|
2132
|
+
fixReport: z10.object({
|
|
2133
|
+
id: z10.string().uuid(),
|
|
2134
|
+
createdOn: z10.string(),
|
|
2135
|
+
issueTypes: z10.record(z10.string(), z10.number()).nullable(),
|
|
2136
|
+
issueLanguages: z10.record(z10.nativeEnum(IssueLanguage_Enum), z10.number()).nullable(),
|
|
2137
|
+
repo: z10.object({
|
|
2138
|
+
originalUrl: z10.string(),
|
|
2139
|
+
reference: z10.string(),
|
|
2140
|
+
name: z10.string()
|
|
2441
2141
|
}).nullable().transform(
|
|
2442
2142
|
(repo) => repo ?? {
|
|
2443
2143
|
originalUrl: "",
|
|
@@ -2445,64 +2145,64 @@ var init_types = __esm({
|
|
|
2445
2145
|
name: ""
|
|
2446
2146
|
}
|
|
2447
2147
|
),
|
|
2448
|
-
createdByUser:
|
|
2449
|
-
email:
|
|
2148
|
+
createdByUser: z10.object({
|
|
2149
|
+
email: z10.string()
|
|
2450
2150
|
}).nullable(),
|
|
2451
|
-
state:
|
|
2452
|
-
expirationOn:
|
|
2151
|
+
state: z10.nativeEnum(Fix_Report_State_Enum),
|
|
2152
|
+
expirationOn: z10.string()
|
|
2453
2153
|
})
|
|
2454
2154
|
});
|
|
2455
|
-
GetProjectsQueryZ =
|
|
2456
|
-
organization:
|
|
2457
|
-
id:
|
|
2458
|
-
projects:
|
|
2459
|
-
|
|
2460
|
-
id:
|
|
2461
|
-
name:
|
|
2462
|
-
numberOfUniqueRepos:
|
|
2155
|
+
GetProjectsQueryZ = z10.object({
|
|
2156
|
+
organization: z10.object({
|
|
2157
|
+
id: z10.string(),
|
|
2158
|
+
projects: z10.array(
|
|
2159
|
+
z10.object({
|
|
2160
|
+
id: z10.string().uuid(),
|
|
2161
|
+
name: z10.string(),
|
|
2162
|
+
numberOfUniqueRepos: z10.number()
|
|
2463
2163
|
})
|
|
2464
2164
|
)
|
|
2465
2165
|
})
|
|
2466
2166
|
});
|
|
2467
|
-
ProjectPageQueryResultZ =
|
|
2468
|
-
name:
|
|
2469
|
-
id:
|
|
2470
|
-
isDefault:
|
|
2471
|
-
organizationId:
|
|
2472
|
-
vulnerabilityReports:
|
|
2473
|
-
autoPrIncludeAiFixes:
|
|
2167
|
+
ProjectPageQueryResultZ = z10.object({
|
|
2168
|
+
name: z10.string(),
|
|
2169
|
+
id: z10.string().uuid(),
|
|
2170
|
+
isDefault: z10.boolean().default(false),
|
|
2171
|
+
organizationId: z10.string().uuid(),
|
|
2172
|
+
vulnerabilityReports: z10.array(ProjectVulnerabilityReport),
|
|
2173
|
+
autoPrIncludeAiFixes: z10.preprocess(
|
|
2474
2174
|
(val) => val === null || val === void 0 ? false : val,
|
|
2475
|
-
|
|
2175
|
+
z10.boolean()
|
|
2476
2176
|
),
|
|
2477
|
-
projectIssueTypeSettings:
|
|
2478
|
-
IssueTypeSettingZ.merge(
|
|
2177
|
+
projectIssueTypeSettings: z10.array(
|
|
2178
|
+
IssueTypeSettingZ.merge(z10.object({ id: z10.string() }))
|
|
2479
2179
|
)
|
|
2480
2180
|
});
|
|
2481
|
-
GetProjectMembersDataZ =
|
|
2482
|
-
project_by_pk:
|
|
2483
|
-
name:
|
|
2484
|
-
id:
|
|
2485
|
-
projectUsers:
|
|
2486
|
-
|
|
2487
|
-
projectToRole:
|
|
2488
|
-
projectRole:
|
|
2489
|
-
type:
|
|
2181
|
+
GetProjectMembersDataZ = z10.object({
|
|
2182
|
+
project_by_pk: z10.object({
|
|
2183
|
+
name: z10.string(),
|
|
2184
|
+
id: z10.string(),
|
|
2185
|
+
projectUsers: z10.array(
|
|
2186
|
+
z10.object({
|
|
2187
|
+
projectToRole: z10.object({
|
|
2188
|
+
projectRole: z10.object({
|
|
2189
|
+
type: z10.nativeEnum(Project_Role_Type_Enum)
|
|
2490
2190
|
})
|
|
2491
2191
|
}),
|
|
2492
|
-
user:
|
|
2493
|
-
id:
|
|
2494
|
-
picture:
|
|
2495
|
-
name:
|
|
2496
|
-
email:
|
|
2192
|
+
user: z10.object({
|
|
2193
|
+
id: z10.string().uuid(),
|
|
2194
|
+
picture: z10.string().nullable().optional(),
|
|
2195
|
+
name: z10.string().nullish(),
|
|
2196
|
+
email: z10.string().email()
|
|
2497
2197
|
})
|
|
2498
2198
|
})
|
|
2499
2199
|
)
|
|
2500
2200
|
})
|
|
2501
2201
|
});
|
|
2502
|
-
RepoArgsZ =
|
|
2503
|
-
originalUrl:
|
|
2504
|
-
branch:
|
|
2505
|
-
commitSha:
|
|
2202
|
+
RepoArgsZ = z10.object({
|
|
2203
|
+
originalUrl: z10.string().url(),
|
|
2204
|
+
branch: z10.string(),
|
|
2205
|
+
commitSha: z10.string()
|
|
2506
2206
|
});
|
|
2507
2207
|
scmCloudUrl = {
|
|
2508
2208
|
GitLab: "https://gitlab.com",
|
|
@@ -2536,7 +2236,7 @@ var init_types2 = __esm({
|
|
|
2536
2236
|
});
|
|
2537
2237
|
|
|
2538
2238
|
// src/features/analysis/scm/shared/src/urlParser/urlParser.ts
|
|
2539
|
-
import { z as
|
|
2239
|
+
import { z as z11 } from "zod";
|
|
2540
2240
|
function computeCanonicalUrl(data) {
|
|
2541
2241
|
const {
|
|
2542
2242
|
scmType,
|
|
@@ -2578,7 +2278,7 @@ function detectAdoUrl(args) {
|
|
|
2578
2278
|
scmType: "Ado" /* Ado */,
|
|
2579
2279
|
organization,
|
|
2580
2280
|
// project has single repo - repoName === projectName
|
|
2581
|
-
projectName:
|
|
2281
|
+
projectName: z11.string().parse(projectName),
|
|
2582
2282
|
repoName: projectName,
|
|
2583
2283
|
prefixPath
|
|
2584
2284
|
};
|
|
@@ -2589,7 +2289,7 @@ function detectAdoUrl(args) {
|
|
|
2589
2289
|
return {
|
|
2590
2290
|
scmType: "Ado" /* Ado */,
|
|
2591
2291
|
organization,
|
|
2592
|
-
projectName:
|
|
2292
|
+
projectName: z11.string().parse(projectName),
|
|
2593
2293
|
repoName,
|
|
2594
2294
|
prefixPath
|
|
2595
2295
|
};
|
|
@@ -2603,7 +2303,7 @@ function detectAdoUrl(args) {
|
|
|
2603
2303
|
scmType: "Ado" /* Ado */,
|
|
2604
2304
|
organization,
|
|
2605
2305
|
// project has only one repo - repoName === projectName
|
|
2606
|
-
projectName:
|
|
2306
|
+
projectName: z11.string().parse(repoName),
|
|
2607
2307
|
repoName,
|
|
2608
2308
|
prefixPath
|
|
2609
2309
|
};
|
|
@@ -2613,7 +2313,7 @@ function detectAdoUrl(args) {
|
|
|
2613
2313
|
return {
|
|
2614
2314
|
scmType: "Ado" /* Ado */,
|
|
2615
2315
|
organization,
|
|
2616
|
-
projectName:
|
|
2316
|
+
projectName: z11.string().parse(projectName),
|
|
2617
2317
|
repoName,
|
|
2618
2318
|
prefixPath
|
|
2619
2319
|
};
|
|
@@ -2689,7 +2389,7 @@ function parseSshUrl(scmURL, scmType) {
|
|
|
2689
2389
|
if (pathElements.length === 3) {
|
|
2690
2390
|
const [organization2, projectName, repoName2] = pathElements;
|
|
2691
2391
|
if (organization2?.match(NAME_REGEX) && projectName && repoName2?.match(NAME_REGEX)) {
|
|
2692
|
-
const parsedProjectName =
|
|
2392
|
+
const parsedProjectName = z11.string().parse(projectName);
|
|
2693
2393
|
return {
|
|
2694
2394
|
scmType: "Ado" /* Ado */,
|
|
2695
2395
|
hostname: normalizedHostname,
|
|
@@ -2917,17 +2617,17 @@ var init_urlParser2 = __esm({
|
|
|
2917
2617
|
});
|
|
2918
2618
|
|
|
2919
2619
|
// src/features/analysis/scm/env.ts
|
|
2920
|
-
import { z as
|
|
2620
|
+
import { z as z14 } from "zod";
|
|
2921
2621
|
var EnvVariablesZod, GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST, MAX_UPLOAD_FILE_SIZE_MB, GITHUB_API_CONCURRENCY;
|
|
2922
2622
|
var init_env = __esm({
|
|
2923
2623
|
"src/features/analysis/scm/env.ts"() {
|
|
2924
2624
|
"use strict";
|
|
2925
|
-
EnvVariablesZod =
|
|
2926
|
-
GITLAB_API_TOKEN:
|
|
2927
|
-
GITHUB_API_TOKEN:
|
|
2928
|
-
GIT_PROXY_HOST:
|
|
2929
|
-
MAX_UPLOAD_FILE_SIZE_MB:
|
|
2930
|
-
GITHUB_API_CONCURRENCY:
|
|
2625
|
+
EnvVariablesZod = z14.object({
|
|
2626
|
+
GITLAB_API_TOKEN: z14.string().optional(),
|
|
2627
|
+
GITHUB_API_TOKEN: z14.string().optional(),
|
|
2628
|
+
GIT_PROXY_HOST: z14.string().optional().default("http://tinyproxy:8888"),
|
|
2629
|
+
MAX_UPLOAD_FILE_SIZE_MB: z14.coerce.number().gt(0).default(2),
|
|
2630
|
+
GITHUB_API_CONCURRENCY: z14.coerce.number().gt(0).optional().default(10)
|
|
2931
2631
|
});
|
|
2932
2632
|
({
|
|
2933
2633
|
GITLAB_API_TOKEN,
|
|
@@ -2964,7 +2664,7 @@ var init_configs = __esm({
|
|
|
2964
2664
|
});
|
|
2965
2665
|
|
|
2966
2666
|
// src/utils/blame/gitBlameTypes.ts
|
|
2967
|
-
import { z as
|
|
2667
|
+
import { z as z17 } from "zod";
|
|
2968
2668
|
function parseCoAuthorValue(raw) {
|
|
2969
2669
|
const trimmed = raw.trim();
|
|
2970
2670
|
if (!trimmed) {
|
|
@@ -3000,9 +2700,9 @@ var PrepareGitBlameMessageZ, PrepareGitBlameResponseMessageZ, CommitMetadataZ, L
|
|
|
3000
2700
|
var init_gitBlameTypes = __esm({
|
|
3001
2701
|
"src/utils/blame/gitBlameTypes.ts"() {
|
|
3002
2702
|
"use strict";
|
|
3003
|
-
PrepareGitBlameMessageZ =
|
|
3004
|
-
reportId:
|
|
3005
|
-
repoArchivePath:
|
|
2703
|
+
PrepareGitBlameMessageZ = z17.object({
|
|
2704
|
+
reportId: z17.string(),
|
|
2705
|
+
repoArchivePath: z17.string(),
|
|
3006
2706
|
// Optional list of file paths to blame. Producers must pick one of two modes:
|
|
3007
2707
|
//
|
|
3008
2708
|
// - **Omit `filePaths`** = "blame every file in the archive". Used by the
|
|
@@ -3018,132 +2718,132 @@ var init_gitBlameTypes = __esm({
|
|
|
3018
2718
|
// "Login.java" when the actual file is "src/main/java/Login.java") are
|
|
3019
2719
|
// tolerated — scm_agent's filter matches exact-or-trailing-basename. Empty
|
|
3020
2720
|
// strings are filtered out defensively.
|
|
3021
|
-
filePaths:
|
|
3022
|
-
});
|
|
3023
|
-
PrepareGitBlameResponseMessageZ =
|
|
3024
|
-
reportId:
|
|
3025
|
-
});
|
|
3026
|
-
CommitMetadataZ =
|
|
3027
|
-
author:
|
|
3028
|
-
"author-mail":
|
|
3029
|
-
"author-time":
|
|
3030
|
-
"author-tz":
|
|
3031
|
-
committer:
|
|
3032
|
-
"committer-mail":
|
|
3033
|
-
"committer-time":
|
|
3034
|
-
"committer-tz":
|
|
3035
|
-
summary:
|
|
3036
|
-
filename:
|
|
3037
|
-
});
|
|
3038
|
-
LineToCommitMapZ =
|
|
3039
|
-
CommitMetadataMapZ =
|
|
3040
|
-
BlameInfoZ =
|
|
2721
|
+
filePaths: z17.array(z17.string()).optional()
|
|
2722
|
+
});
|
|
2723
|
+
PrepareGitBlameResponseMessageZ = z17.object({
|
|
2724
|
+
reportId: z17.string()
|
|
2725
|
+
});
|
|
2726
|
+
CommitMetadataZ = z17.object({
|
|
2727
|
+
author: z17.string().optional(),
|
|
2728
|
+
"author-mail": z17.string().optional(),
|
|
2729
|
+
"author-time": z17.string().optional(),
|
|
2730
|
+
"author-tz": z17.string().optional(),
|
|
2731
|
+
committer: z17.string().optional(),
|
|
2732
|
+
"committer-mail": z17.string().optional(),
|
|
2733
|
+
"committer-time": z17.string().optional(),
|
|
2734
|
+
"committer-tz": z17.string().optional(),
|
|
2735
|
+
summary: z17.string().optional(),
|
|
2736
|
+
filename: z17.string().optional()
|
|
2737
|
+
});
|
|
2738
|
+
LineToCommitMapZ = z17.record(z17.string(), z17.string());
|
|
2739
|
+
CommitMetadataMapZ = z17.record(z17.string(), CommitMetadataZ);
|
|
2740
|
+
BlameInfoZ = z17.object({
|
|
3041
2741
|
lineToCommit: LineToCommitMapZ,
|
|
3042
2742
|
commitMetadata: CommitMetadataMapZ
|
|
3043
2743
|
});
|
|
3044
|
-
LineRangeZ =
|
|
2744
|
+
LineRangeZ = z17.object({
|
|
3045
2745
|
/** First line in chunk (1-indexed) */
|
|
3046
|
-
start:
|
|
2746
|
+
start: z17.number(),
|
|
3047
2747
|
/** Last line in chunk (inclusive) */
|
|
3048
|
-
end:
|
|
3049
|
-
});
|
|
3050
|
-
PrContextZ =
|
|
3051
|
-
prNumber:
|
|
3052
|
-
repositoryUrl:
|
|
3053
|
-
organizationId:
|
|
3054
|
-
userEmail:
|
|
3055
|
-
source:
|
|
3056
|
-
githubContext:
|
|
3057
|
-
prNumber:
|
|
3058
|
-
installationId:
|
|
3059
|
-
repositoryURL:
|
|
2748
|
+
end: z17.number()
|
|
2749
|
+
});
|
|
2750
|
+
PrContextZ = z17.object({
|
|
2751
|
+
prNumber: z17.number(),
|
|
2752
|
+
repositoryUrl: z17.string(),
|
|
2753
|
+
organizationId: z17.string(),
|
|
2754
|
+
userEmail: z17.string(),
|
|
2755
|
+
source: z17.enum(["pr", "github"]),
|
|
2756
|
+
githubContext: z17.object({
|
|
2757
|
+
prNumber: z17.number(),
|
|
2758
|
+
installationId: z17.number(),
|
|
2759
|
+
repositoryURL: z17.string()
|
|
3060
2760
|
}).optional()
|
|
3061
2761
|
});
|
|
3062
|
-
PrepareCommitBlameMessageZ =
|
|
2762
|
+
PrepareCommitBlameMessageZ = z17.object({
|
|
3063
2763
|
/** Commit blame request ID from database (for tracking and updating status) */
|
|
3064
|
-
commitBlameRequestId:
|
|
2764
|
+
commitBlameRequestId: z17.string(),
|
|
3065
2765
|
/** Organization ID (for org-scoped caching) */
|
|
3066
|
-
organizationId:
|
|
2766
|
+
organizationId: z17.string(),
|
|
3067
2767
|
/** Full repository URL (e.g., https://github.com/org/repo) */
|
|
3068
|
-
repositoryUrl:
|
|
2768
|
+
repositoryUrl: z17.string(),
|
|
3069
2769
|
/** Commit SHA to analyze (typically PR head commit) */
|
|
3070
|
-
commitSha:
|
|
2770
|
+
commitSha: z17.string(),
|
|
3071
2771
|
/** Authentication headers for repository access (e.g., GitHub token) */
|
|
3072
|
-
extraHeaders:
|
|
2772
|
+
extraHeaders: z17.record(z17.string(), z17.string()).default({}),
|
|
3073
2773
|
// --- PR analysis fields ---
|
|
3074
2774
|
/** Target branch name (from getPr() base.ref). When set, enables PR analysis mode. */
|
|
3075
|
-
targetBranch:
|
|
2775
|
+
targetBranch: z17.string().optional(),
|
|
3076
2776
|
/** Context for triggering blame attribution analysis after SCM agent completes. */
|
|
3077
2777
|
prContext: PrContextZ.optional(),
|
|
3078
2778
|
/** User email for blame attribution analysis trigger context (used for both PR and single commit flows). */
|
|
3079
|
-
userEmail:
|
|
2779
|
+
userEmail: z17.string().optional()
|
|
3080
2780
|
});
|
|
3081
|
-
BlameLineInfoZ =
|
|
2781
|
+
BlameLineInfoZ = z17.object({
|
|
3082
2782
|
/** Line number as it appeared in the introducing commit */
|
|
3083
|
-
originalLineNumber:
|
|
2783
|
+
originalLineNumber: z17.number(),
|
|
3084
2784
|
/** Commit SHA that introduced this line */
|
|
3085
|
-
commitSha:
|
|
2785
|
+
commitSha: z17.string(),
|
|
3086
2786
|
/** Author name for this line */
|
|
3087
|
-
authorName:
|
|
2787
|
+
authorName: z17.string().optional(),
|
|
3088
2788
|
/** Author email for this line */
|
|
3089
|
-
authorEmail:
|
|
2789
|
+
authorEmail: z17.string().optional()
|
|
3090
2790
|
}).nullable();
|
|
3091
|
-
FileBlameDataZ =
|
|
3092
|
-
ChunkFetchResultZ =
|
|
3093
|
-
filePath:
|
|
3094
|
-
lines:
|
|
2791
|
+
FileBlameDataZ = z17.array(BlameLineInfoZ);
|
|
2792
|
+
ChunkFetchResultZ = z17.object({
|
|
2793
|
+
filePath: z17.string(),
|
|
2794
|
+
lines: z17.array(z17.number()),
|
|
3095
2795
|
data: FileBlameDataZ.nullable()
|
|
3096
2796
|
});
|
|
3097
|
-
FileBlameResponseEntryZ =
|
|
2797
|
+
FileBlameResponseEntryZ = z17.object({
|
|
3098
2798
|
/** Chunk index (0 for small files, 0-N for large file chunks) */
|
|
3099
|
-
chunkIndex:
|
|
2799
|
+
chunkIndex: z17.number(),
|
|
3100
2800
|
/** Blame data array (1-indexed, index 0 is null) */
|
|
3101
2801
|
blameData: FileBlameDataZ
|
|
3102
2802
|
});
|
|
3103
|
-
CommitBlameDataZ =
|
|
3104
|
-
|
|
2803
|
+
CommitBlameDataZ = z17.record(
|
|
2804
|
+
z17.string(),
|
|
3105
2805
|
// fileName
|
|
3106
|
-
|
|
2806
|
+
z17.array(FileBlameResponseEntryZ)
|
|
3107
2807
|
);
|
|
3108
|
-
CommitInfoZ =
|
|
2808
|
+
CommitInfoZ = z17.object({
|
|
3109
2809
|
/** Number of parent commits (1 = normal commit, 2+ = merge commit, null = failed to determine) */
|
|
3110
|
-
parentCount:
|
|
2810
|
+
parentCount: z17.number().nullable()
|
|
3111
2811
|
});
|
|
3112
|
-
GitIdentityZ =
|
|
3113
|
-
name:
|
|
3114
|
-
email:
|
|
2812
|
+
GitIdentityZ = z17.object({
|
|
2813
|
+
name: z17.string(),
|
|
2814
|
+
email: z17.string()
|
|
3115
2815
|
});
|
|
3116
2816
|
COMMIT_LOG_FORMAT = "%H%x00%ae%x00%an%x00%ce%x00%cn%x00%at%x00%s%x00%(trailers:key=Co-authored-by,valueonly,separator=%x00)";
|
|
3117
|
-
CommitDataZ =
|
|
3118
|
-
diff:
|
|
2817
|
+
CommitDataZ = z17.object({
|
|
2818
|
+
diff: z17.string(),
|
|
3119
2819
|
author: GitIdentityZ,
|
|
3120
2820
|
committer: GitIdentityZ,
|
|
3121
|
-
coAuthors:
|
|
3122
|
-
timestamp:
|
|
2821
|
+
coAuthors: z17.array(GitIdentityZ),
|
|
2822
|
+
timestamp: z17.number(),
|
|
3123
2823
|
// Unix timestamp in seconds
|
|
3124
|
-
message:
|
|
3125
|
-
parentCount:
|
|
2824
|
+
message: z17.string().optional(),
|
|
2825
|
+
parentCount: z17.number().nullable()
|
|
3126
2826
|
});
|
|
3127
|
-
PrDiffDataZ =
|
|
3128
|
-
diff:
|
|
2827
|
+
PrDiffDataZ = z17.object({
|
|
2828
|
+
diff: z17.string()
|
|
3129
2829
|
});
|
|
3130
|
-
PrStatsZ =
|
|
3131
|
-
additions:
|
|
3132
|
-
deletions:
|
|
2830
|
+
PrStatsZ = z17.object({
|
|
2831
|
+
additions: z17.number(),
|
|
2832
|
+
deletions: z17.number()
|
|
3133
2833
|
});
|
|
3134
|
-
CommitsManifestZ =
|
|
3135
|
-
commits:
|
|
2834
|
+
CommitsManifestZ = z17.object({
|
|
2835
|
+
commits: z17.array(z17.string())
|
|
3136
2836
|
// Array of commit SHAs in order
|
|
3137
2837
|
});
|
|
3138
|
-
BlameLineEntryZ =
|
|
2838
|
+
BlameLineEntryZ = z17.object({
|
|
3139
2839
|
/** Current file path in the PR head (what git blame was invoked on). */
|
|
3140
|
-
file:
|
|
2840
|
+
file: z17.string(),
|
|
3141
2841
|
/** Current line number in the PR head. */
|
|
3142
|
-
line:
|
|
2842
|
+
line: z17.number(),
|
|
3143
2843
|
/** SHA of the commit that originally authored this line. */
|
|
3144
|
-
originalCommitSha:
|
|
2844
|
+
originalCommitSha: z17.string(),
|
|
3145
2845
|
/** Line number as it was in `originalCommitSha`. */
|
|
3146
|
-
originalLineNumber:
|
|
2846
|
+
originalLineNumber: z17.number(),
|
|
3147
2847
|
/**
|
|
3148
2848
|
* File path as it was in `originalCommitSha` at the time that commit
|
|
3149
2849
|
* authored this line. When a file has been renamed since, this differs
|
|
@@ -3156,24 +2856,24 @@ var init_gitBlameTypes = __esm({
|
|
|
3156
2856
|
* must treat empty as "fall back to `file`" (see enrichDiffLines,
|
|
3157
2857
|
* targetedBlame).
|
|
3158
2858
|
*/
|
|
3159
|
-
originalFile:
|
|
2859
|
+
originalFile: z17.string().default("")
|
|
3160
2860
|
});
|
|
3161
|
-
BlameLinesDataZ =
|
|
3162
|
-
lines:
|
|
2861
|
+
BlameLinesDataZ = z17.object({
|
|
2862
|
+
lines: z17.array(BlameLineEntryZ)
|
|
3163
2863
|
});
|
|
3164
|
-
PrepareCommitBlameResponseMessageZ =
|
|
2864
|
+
PrepareCommitBlameResponseMessageZ = z17.object({
|
|
3165
2865
|
/** Commit blame request ID (matches request, used to update specific DB record) */
|
|
3166
|
-
commitBlameRequestId:
|
|
2866
|
+
commitBlameRequestId: z17.string(),
|
|
3167
2867
|
/** Organization ID (matches request) */
|
|
3168
|
-
organizationId:
|
|
2868
|
+
organizationId: z17.string(),
|
|
3169
2869
|
/** Repository URL (matches request) */
|
|
3170
|
-
repositoryUrl:
|
|
2870
|
+
repositoryUrl: z17.string(),
|
|
3171
2871
|
/** Commit SHA analyzed (matches request) */
|
|
3172
|
-
commitSha:
|
|
2872
|
+
commitSha: z17.string(),
|
|
3173
2873
|
/** Processing status */
|
|
3174
|
-
status:
|
|
2874
|
+
status: z17.enum(["success", "failure"]),
|
|
3175
2875
|
/** Error message (only present if status is 'failure') */
|
|
3176
|
-
error:
|
|
2876
|
+
error: z17.string().optional(),
|
|
3177
2877
|
/**
|
|
3178
2878
|
* Blame data for all processed files/chunks.
|
|
3179
2879
|
* Empty dictionary if status is 'failure'.
|
|
@@ -3185,29 +2885,29 @@ var init_gitBlameTypes = __esm({
|
|
|
3185
2885
|
* Keyed by commit SHA, deduplicated.
|
|
3186
2886
|
* Empty dictionary if status is 'failure'.
|
|
3187
2887
|
*/
|
|
3188
|
-
commits:
|
|
2888
|
+
commits: z17.record(z17.string(), CommitInfoZ).default({}),
|
|
3189
2889
|
// --- New PR diff computation response fields ---
|
|
3190
2890
|
/** S3 paths for commit-level data (commitSha → S3 key). Present in PR analysis mode and single commit mode. */
|
|
3191
|
-
commitDataS3Paths:
|
|
2891
|
+
commitDataS3Paths: z17.record(z17.string(), z17.string()).optional(),
|
|
3192
2892
|
/** S3 key for PR diff JSON. Present in PR analysis mode. */
|
|
3193
|
-
prDiffS3Path:
|
|
2893
|
+
prDiffS3Path: z17.string().optional(),
|
|
3194
2894
|
/** S3 key for commits manifest. Present in PR analysis mode. */
|
|
3195
|
-
commitsManifestS3Path:
|
|
2895
|
+
commitsManifestS3Path: z17.string().optional(),
|
|
3196
2896
|
/** S3 key for per-line targeted blame data. Present in PR analysis mode. */
|
|
3197
|
-
blameLinesS3Path:
|
|
2897
|
+
blameLinesS3Path: z17.string().optional(),
|
|
3198
2898
|
/** S3 key for PR stats (additions/deletions). Present in PR analysis mode. */
|
|
3199
|
-
prStatsS3Path:
|
|
2899
|
+
prStatsS3Path: z17.string().optional(),
|
|
3200
2900
|
/** PR context passed through from request for response handler. */
|
|
3201
2901
|
prContext: PrContextZ.optional(),
|
|
3202
2902
|
/** PR title from the request metadata (passed through). */
|
|
3203
|
-
prTitle:
|
|
2903
|
+
prTitle: z17.string().optional(),
|
|
3204
2904
|
/** User email passed through from request for single commit blame attribution analysis trigger. */
|
|
3205
|
-
userEmail:
|
|
2905
|
+
userEmail: z17.string().optional()
|
|
3206
2906
|
});
|
|
3207
|
-
VulnerabilityAttributionMessageZ =
|
|
3208
|
-
fixReportId:
|
|
3209
|
-
vulnerabilityAttributionRequestId:
|
|
3210
|
-
userEmail:
|
|
2907
|
+
VulnerabilityAttributionMessageZ = z17.object({
|
|
2908
|
+
fixReportId: z17.string().uuid(),
|
|
2909
|
+
vulnerabilityAttributionRequestId: z17.string().uuid(),
|
|
2910
|
+
userEmail: z17.string()
|
|
3211
2911
|
});
|
|
3212
2912
|
}
|
|
3213
2913
|
});
|
|
@@ -4599,344 +4299,12 @@ var NetworkError = class extends Error {
|
|
|
4599
4299
|
};
|
|
4600
4300
|
|
|
4601
4301
|
// src/features/analysis/scm/utils/index.ts
|
|
4602
|
-
import { z as
|
|
4302
|
+
import { z as z13 } from "zod";
|
|
4603
4303
|
|
|
4604
4304
|
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
4605
4305
|
init_client_generates();
|
|
4606
|
-
import { z as z2 } from "zod";
|
|
4607
|
-
|
|
4608
|
-
// src/features/analysis/scm/shared/src/fixDetailsData.ts
|
|
4609
|
-
init_client_generates();
|
|
4610
|
-
var fixDetailsData = {
|
|
4611
|
-
["PT" /* Pt */]: {
|
|
4612
|
-
issueDescription: "Path Traversal AKA Directory Traversal occurs when a path coming from user input is not properly sanitized, allowing an attacker to navigate through directories beyond the intended scope. Attackers can exploit this to access sensitive files or execute arbitrary code.",
|
|
4613
|
-
fixInstructions: "Sanitize user-supplied paths, ensuring that they are restricted to a predefined directory structure."
|
|
4614
|
-
},
|
|
4615
|
-
["ZIP_SLIP" /* ZipSlip */]: {
|
|
4616
|
-
issueDescription: "Zip Slip is a form of directory traversal that can be exploited by extracting files from an archive. Attackers can manipulate archive files to overwrite sensitive files or execute arbitrary code.",
|
|
4617
|
-
fixInstructions: "Ensure that extracted files are relative and within the intended directory structure."
|
|
4618
|
-
},
|
|
4619
|
-
["XSS" /* Xss */]: {
|
|
4620
|
-
issueDescription: "Cross-Site Scripting (XSS) allows attackers to inject malicious scripts into web pages viewed by other users. This can lead to theft of session cookies, redirection to malicious websites, or defacement of the webpage.",
|
|
4621
|
-
fixInstructions: "Implement input validation and output encoding. This includes sanitizing user input and escaping special characters to prevent execution of injected scripts."
|
|
4622
|
-
},
|
|
4623
|
-
["XXE" /* Xxe */]: {
|
|
4624
|
-
issueDescription: "XML External Entity (XXE) allows attackers to exploit vulnerable XML processors by including external entities, leading to disclosure of confidential data, denial of service, or server-side request forgery.",
|
|
4625
|
-
fixInstructions: "Disable external entity processing in XML parsers or update to versions that mitigate XXE vulnerabilities. Input validation should be implemented to ensure that XML input does not contain external entity references."
|
|
4626
|
-
},
|
|
4627
|
-
["CMDi" /* CmDi */]: {
|
|
4628
|
-
issueDescription: "Command Injection (CMDI) allows attackers inject malicious commands into vulnerable applications, that can result in execution of arbitrary commands on the underlying operating system.",
|
|
4629
|
-
fixInstructions: "Validate or sanitize user input to prevent executing arbitrary commands."
|
|
4630
|
-
},
|
|
4631
|
-
["SQL_Injection" /* SqlInjection */]: {
|
|
4632
|
-
issueDescription: "SQL Injection allows attackers to execute malicious SQL queries by manipulating input data. This can result in unauthorized access to sensitive data, data manipulation, or even complete database compromise.",
|
|
4633
|
-
fixInstructions: "Use parameterized queries or prepared statements to sanitize user input and prevent manipulation of the SQL query."
|
|
4634
|
-
},
|
|
4635
|
-
["SSRF" /* Ssrf */]: {
|
|
4636
|
-
issueDescription: "Server-Side Request Forgery (SSRF) allows attackers to make unauthorized requests from a vulnerable server, potentially accessing internal systems, services, or data.",
|
|
4637
|
-
fixInstructions: "Validate or sanitize user-supplied URLs, ensuring that they are restricted to trusted domains. Implementing proper input validation and using whitelists for acceptable URLs can prevent SSRF attacks."
|
|
4638
|
-
},
|
|
4639
|
-
["LOG_FORGING" /* LogForging */]: {
|
|
4640
|
-
issueDescription: "Log Forging allows attackers to manipulate log files by injecting malicious content. This can be used to obfuscate attack traces or forge log entries to conceal unauthorized activities.",
|
|
4641
|
-
fixInstructions: "Implement proper input sanitization to remove new lines for values going to the log."
|
|
4642
|
-
},
|
|
4643
|
-
["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: {
|
|
4644
|
-
issueDescription: "Cookie without the 'HttpOnly' attribute can be accessed by client-side scripts, exposing them to potential XSS attacks.",
|
|
4645
|
-
fixInstructions: "Ensure that sensitive cookies are marked with the 'HttpOnly' attribute to prevent client-side scripts from accessing them."
|
|
4646
|
-
},
|
|
4647
|
-
["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: {
|
|
4648
|
-
issueDescription: "System Information Leak occurs when sensitive system information is inadvertently disclosed to external entities, potentially aiding attackers in identifying vulnerabilities or targets.",
|
|
4649
|
-
fixInstructions: "Review and restrict the amount of system information exposed through error messages, debug logs, or response headers."
|
|
4650
|
-
},
|
|
4651
|
-
["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: {
|
|
4652
|
-
issueDescription: "Unchecked Loop Condition can lead to infinite loops or unexpected behavior in software applications. Attackers can exploit this vulnerability to cause denial of service or consume excessive system resources.",
|
|
4653
|
-
fixInstructions: "Carefully review loop conditions to ensure that they are properly validated and bounded."
|
|
4654
|
-
},
|
|
4655
|
-
["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: {
|
|
4656
|
-
issueDescription: "Trust Boundary Violation occurs when untrusted data is added to a trusted context, potentially leading to security vulnerabilities. Attackers can exploit this to bypass security controls or execute unauthorized actions.",
|
|
4657
|
-
fixInstructions: "Clearly define and enforce trust boundaries within applications, ensuring that untrusted data is properly validated and sanitized before being used in a trusted context."
|
|
4658
|
-
},
|
|
4659
|
-
["REGEX_INJECTION" /* RegexInjection */]: {
|
|
4660
|
-
issueDescription: "Regex Injection occurs when attackers manipulate regular expressions to perform unintended actions or bypass security controls. This can lead to security vulnerabilities such as denial of service or injection attacks.",
|
|
4661
|
-
fixInstructions: "Avoid constructing regular expressions from user-supplied input whenever possible. If dynamic regular expressions are necessary, input should be properly validated and sanitized to prevent injection attacks."
|
|
4662
|
-
},
|
|
4663
|
-
["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: {
|
|
4664
|
-
issueDescription: "Error Condition Without Action refers to situations where error conditions are identified but not appropriately handled or mitigated. This can lead to unexpected behavior, system crashes, or security vulnerabilities.",
|
|
4665
|
-
fixInstructions: "Implement error handling mechanisms to gracefully handle unexpected conditions and prevent system crashes."
|
|
4666
|
-
},
|
|
4667
|
-
["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: {
|
|
4668
|
-
issueDescription: "HTTP Response Splitting occurs when attackers manipulate HTTP responses to inject additional headers or content. This can lead to security vulnerabilities such as cache poisoning, session fixation, or XSS attacks.",
|
|
4669
|
-
fixInstructions: "Properly sanitize user input before including it in HTTP response headers or content."
|
|
4670
|
-
},
|
|
4671
|
-
["INSECURE_COOKIE" /* InsecureCookie */]: {
|
|
4672
|
-
issueDescription: "Cookies lacking the 'Secure' attribute may be transmitted over unencrypted channels. This makes them vulnerable to interception or manipulation by attackers.",
|
|
4673
|
-
fixInstructions: "Ensure that sensitive cookies are transmitted over secure channels (e.g., HTTPS) and are marked with the 'Secure' attributes."
|
|
4674
|
-
},
|
|
4675
|
-
["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: {
|
|
4676
|
-
issueDescription: "Command Injection via Relative Path may allow attackers to manipulate file paths to execute arbitrary commands on the underlying system.",
|
|
4677
|
-
fixInstructions: "Paths coming from the input should be properly sanitized to ensure that only expected characters and paths are allowed."
|
|
4678
|
-
},
|
|
4679
|
-
["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: {
|
|
4680
|
-
issueDescription: "Missing Check Against Null occurs when null or uninitialized variables are not properly handled, leading to unexpected behavior or security vulnerabilities.",
|
|
4681
|
-
fixInstructions: "Implement proper null checks and error handling mechanisms to prevent null dereference vulnerabilities. Null values should be handled gracefully to avoid unexpected behavior or security issues."
|
|
4682
|
-
},
|
|
4683
|
-
["PASSWORD_IN_COMMENT" /* PasswordInComment */]: {
|
|
4684
|
-
issueDescription: "Password in Comment refers to situations where sensitive information such as passwords or API keys are hardcoded or embedded in code comments. This can lead to inadvertent exposure of credentials and potential security breaches if the code is shared or leaked.",
|
|
4685
|
-
fixInstructions: "Remove hardcoded sensitive information from code comments."
|
|
4686
|
-
},
|
|
4687
|
-
["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: {
|
|
4688
|
-
issueDescription: "Overly Broad Catch occurs when exceptions are caught indiscriminately without proper handling or logging. This can lead to silent failures, masking potential security issues or allowing attackers to conduct reconnaissance.",
|
|
4689
|
-
fixInstructions: "Implement specific exception handling for different error scenarios to ensure proper diagnosis and mitigation of issues. Catch blocks should log relevant information and handle exceptions gracefully to prevent silent failures."
|
|
4690
|
-
},
|
|
4691
|
-
["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: {
|
|
4692
|
-
issueDescription: "Use of System Output Stream refers to situations where sensitive information is written to standard output streams such as System.out. This can lead to inadvertent exposure of sensitive data, especially in production environments.",
|
|
4693
|
-
fixInstructions: "Avoid writing sensitive information to standard output streams and instead use secure logging mechanisms or dedicated logging frameworks. Output streams should be properly configured to prevent leakage of sensitive data."
|
|
4694
|
-
},
|
|
4695
|
-
["DOS_STRING_BUILDER" /* DosStringBuilder */]: {
|
|
4696
|
-
issueDescription: "Denial of Service (DoS) via String Builder may allow attackers to manipulate string concatenation operations to consume excessive memory or CPU resources. This can lead to degradation of system performance or unresponsiveness.",
|
|
4697
|
-
fixInstructions: "Use StringBuilder or similar efficient data structures for string concatenation operations to minimize memory overhead. Input validation should be performed to limit the size and complexity of input strings, preventing abuse by attackers."
|
|
4698
|
-
},
|
|
4699
|
-
["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: {
|
|
4700
|
-
issueDescription: "HTML Comment in JSP occurs when developers inadvertently expose sensitive information or internal implementation details in HTML comments within JavaServer Pages (JSP) files. This can lead to inadvertent disclosure of credentials, configuration details, or security vulnerabilities.",
|
|
4701
|
-
fixInstructions: "Review JSP files to ensure that sensitive information or internal details are not exposed in HTML comments. Comments containing sensitive information should be removed or replaced with generic placeholders."
|
|
4702
|
-
},
|
|
4703
|
-
["OPEN_REDIRECT" /* OpenRedirect */]: {
|
|
4704
|
-
issueDescription: "Open Redirect vulnerabilities may allow attackers to manipulate URL parameters to redirect users to malicious websites or phishing pages. This can lead to theft of sensitive information or unauthorized access to user accounts.",
|
|
4705
|
-
fixInstructions: "Redirect URLs validation should be performed to ensure that redirect URLs point to trusted domains."
|
|
4706
|
-
},
|
|
4707
|
-
["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: {
|
|
4708
|
-
issueDescription: "Unsafe Target Blank occurs when developers use the target='_blank' attribute without the rel='noopener' attribute in anchor tags. This can lead to security vulnerabilities such as tabnabbing or reverse tabnabbing, allowing attackers to hijack user sessions or perform phishing attacks.",
|
|
4709
|
-
fixInstructions: "Ensure that anchor tags with target='_blank' attribute include the rel='noopener' attribute to prevent potential security vulnerabilities. This prevents the newly opened page from accessing the window.opener property, mitigating the risk of tabnabbing or reverse tabnabbing attacks."
|
|
4710
|
-
},
|
|
4711
|
-
["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: {
|
|
4712
|
-
issueDescription: "IFrame Without Sandbox occurs when <iframe> elements are used without the 'sandbox' attribute, allowing potentially malicious content to execute in the context of the parent page.",
|
|
4713
|
-
fixInstructions: "Use the 'sandbox' attribute to restrict the capabilities of <iframe> elements, isolating potentially untrusted content from the parent page. This helps mitigate the risk of malicious code execution and prevents attacks such as clickjacking."
|
|
4714
|
-
},
|
|
4715
|
-
["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: {
|
|
4716
|
-
issueDescription: "JQuery Deprecated Symbols refers to the use of deprecated or removed functions, methods, or symbols in jQuery libraries. This can lead to compatibility issues, security vulnerabilities, or performance degradation in applications.",
|
|
4717
|
-
fixInstructions: "Replace deprecated symbols with recommended alternatives."
|
|
4718
|
-
},
|
|
4719
|
-
["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: {
|
|
4720
|
-
issueDescription: "Deprecated Function refers to the use of functions, methods, or features that have been deprecated in programming languages or frameworks. This can lead to compatibility issues, security vulnerabilities, or performance degradation in applications.",
|
|
4721
|
-
fixInstructions: "Update code to replace deprecated functions with recommended alternatives provided by the language or framework."
|
|
4722
|
-
},
|
|
4723
|
-
["HARDCODED_SECRETS" /* HardcodedSecrets */]: {
|
|
4724
|
-
issueDescription: "Hardcoded Secrets refers to the practice of embedding sensitive information such as passwords, API keys, or cryptographic keys directly into source code or configuration files. This can lead to inadvertent exposure of credentials and potential security breaches if the code is shared or leaked.",
|
|
4725
|
-
fixInstructions: "Remove hardcoded sensitive information in source code or configuration files. Instead, sensitive data should be stored securely using encryption or secure credential management solutions."
|
|
4726
|
-
},
|
|
4727
|
-
["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: {
|
|
4728
|
-
issueDescription: "GraphQL Depth Limit refers to the lack of restrictions on query depth in GraphQL implementations, allowing attackers to execute complex and resource-intensive queries. This can lead to denial of service or excessive resource consumption.",
|
|
4729
|
-
fixInstructions: "Implement depth limits and query complexity thresholds in GraphQL schemas to restrict the complexity of incoming queries."
|
|
4730
|
-
},
|
|
4731
|
-
["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: {
|
|
4732
|
-
issueDescription: "System Information Leak occurs when sensitive system information is inadvertently disclosed to external entities, potentially aiding attackers in identifying vulnerabilities or targets.",
|
|
4733
|
-
fixInstructions: "Review and restrict the amount of system information exposed to external entities such as third-party APIs or integrations."
|
|
4734
|
-
},
|
|
4735
|
-
["INSECURE_RANDOMNESS" /* InsecureRandomness */]: {
|
|
4736
|
-
issueDescription: "Insecure Randomness refers to the use of insecure or predictable random number generation algorithms, leading to weak cryptographic keys, session tokens, or initialization vectors. This can facilitate brute-force attacks or cryptographic exploits.",
|
|
4737
|
-
fixInstructions: "Use secure random number generation algorithms provided by cryptographic libraries or frameworks."
|
|
4738
|
-
},
|
|
4739
|
-
["TYPE_CONFUSION" /* TypeConfusion */]: {
|
|
4740
|
-
issueDescription: "Type Confusion occurs in programming languages with weak typing systems when an attacker manipulates object types to bypass type checks or exploit memory corruption vulnerabilities. This can lead to arbitrary code execution or unauthorized access to sensitive data.",
|
|
4741
|
-
fixInstructions: "Implement strict type checking and validation to prevent type confusion vulnerabilities."
|
|
4742
|
-
},
|
|
4743
|
-
["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: {
|
|
4744
|
-
issueDescription: "Incomplete URL Sanitization occurs when user-supplied URLs are not properly sanitized, allowing attackers to inject malicious content or bypass security controls. This can lead to security vulnerabilities such as XSS attacks, open redirect, or SSRF.",
|
|
4745
|
-
fixInstructions: "Implement thorough URL validation and/or sanitization to ensure that user-supplied URLs conform to expected formats and do not contain malicious content."
|
|
4746
|
-
},
|
|
4747
|
-
["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: {
|
|
4748
|
-
issueDescription: "Unsafe Deserialization occurs when attackers manipulate serialized objects to execute arbitrary code or bypass security controls. This can lead to remote code execution, privilege escalation, or data tampering.",
|
|
4749
|
-
fixInstructions: "Implement strict validation and integrity checks on serialized objects."
|
|
4750
|
-
},
|
|
4751
|
-
["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: {
|
|
4752
|
-
issueDescription: "Improper Resource Shutdown or Release refers to situations where system resources such as file handles, database connections, or network sockets are not properly closed or released after use. This can lead to resource exhaustion, denial of service, or memory leaks.",
|
|
4753
|
-
fixInstructions: "Ensure that system resources are consistently closed or released after use. Using try-with resources blocks, finalizers, or dedicated resource management libraries can help mitigate the risk of improper resource shutdown or release vulnerabilities."
|
|
4754
|
-
},
|
|
4755
|
-
["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: {
|
|
4756
|
-
issueDescription: "Improper Exception Handling occurs when exceptions are not handled or propagated correctly, leading to unexpected behavior, security vulnerabilities, or application crashes.",
|
|
4757
|
-
fixInstructions: "Implement exception handling to gracefully handle unexpected errors."
|
|
4758
|
-
},
|
|
4759
|
-
["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: {
|
|
4760
|
-
issueDescription: "Missing Anti-Forgery Validation occurs when web applications do not properly validate or enforce anti-forgery tokens, allowing attackers to forge or replay requests from authenticated users.",
|
|
4761
|
-
fixInstructions: "Implement anti-forgery measures to validate the authenticity of user-submitted requests."
|
|
4762
|
-
},
|
|
4763
|
-
["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: {
|
|
4764
|
-
issueDescription: "Insecure Binder Configuration refers to misconfigurations in application frameworks or dependency injection containers, leading to security vulnerabilities such as injection attacks or privilege escalation.",
|
|
4765
|
-
fixInstructions: "Secure binder configurations to prevent injection attacks and enforce least privilege principles. Configurations should be restricted to trusted sources and sanitized to prevent unauthorized access or manipulation."
|
|
4766
|
-
},
|
|
4767
|
-
["NULL_DEREFERENCE" /* NullDereference */]: {
|
|
4768
|
-
issueDescription: "Null Dereference occurs when null or uninitialized pointers are dereferenced, leading to application crashes or security vulnerabilities. Attackers can exploit this to cause denial of service or execute arbitrary code.",
|
|
4769
|
-
fixInstructions: "Implement proper null checks and error handling mechanisms. Null values should be handled gracefully to avoid unexpected behavior or security issues."
|
|
4770
|
-
},
|
|
4771
|
-
["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: {
|
|
4772
|
-
issueDescription: "Dangerous Function Overflow occurs when functions or methods are called with parameters that exceed predefined limits, leading to buffer overflows or memory corruption vulnerabilities.",
|
|
4773
|
-
fixInstructions: "Implement proper input validation and bounds checking to prevent dangerous function overflows. Functions should be designed to handle input within safe limits and gracefully reject or truncate input that exceeds these limits."
|
|
4774
|
-
},
|
|
4775
|
-
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: {
|
|
4776
|
-
issueDescription: "Default Rights in Object Definition refers to situations where SQL objects are created with default or excessive permissions, leading to security vulnerabilities such as privilege escalation or unauthorized access.",
|
|
4777
|
-
fixInstructions: "Restrict default permissions in object definitions to enforce least privilege principles. Objects should be created with the minimum necessary permissions required for their intended functionality."
|
|
4778
|
-
},
|
|
4779
|
-
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: {
|
|
4780
|
-
issueDescription: "Weak XML Schema Unbounded Occurrences refers to the lack of restrictions on the maximum number of occurrences for elements or attributes in XML schemas. This can lead to denial of service or resource exhaustion attacks by causing excessive memory consumption or processing overhead.",
|
|
4781
|
-
fixInstructions: "Impose limits on the maximum number of occurrences for elements or attributes in XML schemas to prevent resource exhaustion attacks."
|
|
4782
|
-
},
|
|
4783
|
-
["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: void 0,
|
|
4784
|
-
["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: void 0,
|
|
4785
|
-
["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: void 0,
|
|
4786
|
-
["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: void 0,
|
|
4787
|
-
["PROTOTYPE_POLLUTION" /* PrototypePollution */]: void 0,
|
|
4788
|
-
["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: void 0,
|
|
4789
|
-
["HEADER_MANIPULATION" /* HeaderManipulation */]: void 0,
|
|
4790
|
-
["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: {
|
|
4791
|
-
issueDescription: "Missing equals or hashcode method can lead to unexpected behavior in collections. If two objects are equal, they should have the same hashcode.",
|
|
4792
|
-
fixInstructions: "Add the missing methods to ensure proper behavior in collections."
|
|
4793
|
-
},
|
|
4794
|
-
["VALUE_NEVER_READ" /* ValueNeverRead */]: {
|
|
4795
|
-
issueDescription: "The variable's value is not used. After the assignment, the variable is either assigned another value or goes out of scope.",
|
|
4796
|
-
fixInstructions: "Remove the assignment to the variable."
|
|
4797
|
-
},
|
|
4798
|
-
["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: void 0,
|
|
4799
|
-
["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: void 0,
|
|
4800
|
-
["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: void 0,
|
|
4801
|
-
["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: void 0,
|
|
4802
|
-
["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: void 0,
|
|
4803
|
-
["PRIVACY_VIOLATION" /* PrivacyViolation */]: void 0,
|
|
4804
|
-
["VALUE_SHADOWING" /* ValueShadowing */]: void 0,
|
|
4805
|
-
["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: void 0,
|
|
4806
|
-
["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: void 0,
|
|
4807
|
-
["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: void 0,
|
|
4808
|
-
["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: void 0,
|
|
4809
|
-
["DEBUG_ENABLED" /* DebugEnabled */]: void 0,
|
|
4810
|
-
["CONFUSING_NAMING" /* ConfusingNaming */]: {
|
|
4811
|
-
issueDescription: "A data member and a function have the same name which can be confusing to the developer.",
|
|
4812
|
-
fixInstructions: "Rename the data member to avoid confusion."
|
|
4813
|
-
},
|
|
4814
|
-
["J2EE_GET_CONNECTION" /* J2EeGetConnection */]: void 0,
|
|
4815
|
-
["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: void 0,
|
|
4816
|
-
["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: void 0,
|
|
4817
|
-
["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: void 0,
|
|
4818
|
-
["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: void 0,
|
|
4819
|
-
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: {
|
|
4820
|
-
issueDescription: "Auto Escape False occurs when automatic escaping is disabled in template engines, allowing untrusted data to be rendered without proper encoding. This can lead to Cross-Site Scripting (XSS) vulnerabilities.",
|
|
4821
|
-
fixInstructions: "Set auto escape to true."
|
|
4822
|
-
},
|
|
4823
|
-
["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: {
|
|
4824
|
-
issueDescription: "The lack of a rate limit can allow denial-of-service attacks, in which an attacker can cause the application to crash or become unresponsive by issuing a large number of requests simultaneously.",
|
|
4825
|
-
fixInstructions: "Use express-rate-limit npm package to set a rate limit."
|
|
4826
|
-
},
|
|
4827
|
-
["MISSING_CSP_HEADER" /* MissingCspHeader */]: void 0,
|
|
4828
|
-
["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: void 0,
|
|
4829
|
-
["HEAP_INSPECTION" /* HeapInspection */]: {
|
|
4830
|
-
issueDescription: "All variables stored by the application in unencrypted memory can be read by an attacker. This can lead to the exposure of sensitive information, such as passwords, credit card numbers, and personal data.",
|
|
4831
|
-
fixInstructions: "Use secure storage methods to store secrets in memory."
|
|
4832
|
-
},
|
|
4833
|
-
["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: {
|
|
4834
|
-
issueDescription: "Client DOM Stored Code Injection is a client-side security vulnerability where malicious JavaScript code gets stored in the DOM and later executed when retrieved by legitimate scripts.",
|
|
4835
|
-
fixInstructions: "Update the code to avoid the possibility for malicious JavaScript code to get stored in the DOM."
|
|
4836
|
-
},
|
|
4837
|
-
["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: void 0,
|
|
4838
|
-
["NON_READONLY_FIELD" /* NonReadonlyField */]: void 0,
|
|
4839
|
-
["CSRF" /* Csrf */]: {
|
|
4840
|
-
issueDescription: "Cross Site Request Forgery is an attack that forces an end user to execute unwanted actions on a web application in which they\u2019re currently authenticated.",
|
|
4841
|
-
fixInstructions: "Configure a CSRF protection mechanism, such as a CSRF token, in your application."
|
|
4842
|
-
},
|
|
4843
|
-
["WEAK_ENCRYPTION" /* WeakEncryption */]: void 0,
|
|
4844
|
-
["CODE_IN_COMMENT" /* CodeInComment */]: void 0,
|
|
4845
|
-
["REGEX_MISSING_TIMEOUT" /* RegexMissingTimeout */]: void 0,
|
|
4846
|
-
["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: void 0,
|
|
4847
|
-
["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: void 0,
|
|
4848
|
-
["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: void 0,
|
|
4849
|
-
["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: void 0,
|
|
4850
|
-
["DUPLICATED_STRINGS" /* DuplicatedStrings */]: void 0,
|
|
4851
|
-
["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: void 0,
|
|
4852
|
-
["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: void 0,
|
|
4853
|
-
["MODIFIED_DEFAULT_PARAM" /* ModifiedDefaultParam */]: void 0,
|
|
4854
|
-
["UNSAFE_WEB_THREAD" /* UnsafeWebThread */]: void 0,
|
|
4855
|
-
["NO_VAR" /* NoVar */]: void 0,
|
|
4856
|
-
["INSECURE_TMP_FILE" /* InsecureTmpFile */]: void 0,
|
|
4857
|
-
["RETURN_SHOULD_NOT_BE_INVARIANT" /* ReturnShouldNotBeInvariant */]: void 0,
|
|
4858
|
-
["SYSTEM_EXIT_SHOULD_RERAISE" /* SystemExitShouldReraise */]: void 0,
|
|
4859
|
-
["NO_RETURN_IN_FINALLY" /* NoReturnInFinally */]: void 0,
|
|
4860
|
-
["AVOID_IDENTITY_COMPARISON_CACHED_TYPES" /* AvoidIdentityComparisonCachedTypes */]: void 0,
|
|
4861
|
-
["AVOID_BUILTIN_SHADOWING" /* AvoidBuiltinShadowing */]: void 0,
|
|
4862
|
-
["IMPROPER_STRING_FORMATTING" /* ImproperStringFormatting */]: void 0,
|
|
4863
|
-
["WILDCARD_IMPORTS" /* WildcardImports */]: void 0,
|
|
4864
|
-
["TAR_SLIP" /* TarSlip */]: void 0,
|
|
4865
|
-
["MISSING_WHITESPACE" /* MissingWhitespace */]: void 0,
|
|
4866
|
-
["NO_PRINT_STATEMENT" /* NoPrintStatement */]: void 0,
|
|
4867
|
-
["NO_OP_OVERHEAD" /* NoOpOverhead */]: void 0,
|
|
4868
|
-
["DO_NOT_RAISE_EXCEPTION" /* DoNotRaiseException */]: void 0,
|
|
4869
|
-
["DECLARE_VARIABLE_EXPLICITLY" /* DeclareVariableExplicitly */]: void 0,
|
|
4870
|
-
["UNNECESSARY_IMPORTS" /* UnnecessaryImports */]: void 0,
|
|
4871
|
-
["NO_NESTED_TRY" /* NoNestedTry */]: void 0,
|
|
4872
|
-
["REDOS" /* Redos */]: void 0,
|
|
4873
|
-
["DO_NOT_THROW_GENERIC_EXCEPTION" /* DoNotThrowGenericException */]: void 0,
|
|
4874
|
-
["BUFFER_OVERFLOW" /* BufferOverflow */]: {
|
|
4875
|
-
issueDescription: "Buffer Overflow occurs when a program writes data beyond the allocated memory space, leading to unexpected behavior or security vulnerabilities.",
|
|
4876
|
-
fixInstructions: "Implement proper input validation and bounds checking to prevent buffer overflows. Use safe string manipulation functions and ensure that the buffer size is properly managed."
|
|
4877
|
-
},
|
|
4878
|
-
["STRING_TERMINATION_ERROR" /* StringTerminationError */]: {
|
|
4879
|
-
issueDescription: "String Termination Error occurs when a string is not properly terminated, leading to unexpected behavior or security vulnerabilities.",
|
|
4880
|
-
fixInstructions: "Implement proper input validation and bounds checking to prevent string termination errors. Use safe string manipulation functions and ensure that the buffer size is properly managed."
|
|
4881
|
-
},
|
|
4882
|
-
["HTTP_PARAMETER_POLLUTION" /* HttpParameterPollution */]: {
|
|
4883
|
-
issueDescription: "HTTP Parameter Pollution occurs when an attacker can manipulate the parameters of an HTTP request to change the behavior of the server.",
|
|
4884
|
-
fixInstructions: "Implement proper input validation and bounds checking to prevent HTTP parameter pollution. Use safe string manipulation functions and ensure that the buffer size is properly managed."
|
|
4885
|
-
},
|
|
4886
|
-
["INCOMPLETE_SANITIZATION" /* IncompleteSanitization */]: void 0,
|
|
4887
|
-
["CREDENTIAL_DISCLOSURE" /* CredentialDisclosure */]: void 0,
|
|
4888
|
-
["INSECURE_POSTMESSAGE" /* InsecurePostmessage */]: void 0,
|
|
4889
|
-
["MISSING_USER" /* MissingUser */]: {
|
|
4890
|
-
issueDescription: "Missing User occurs when a user is not specified in the Dockerfile, leading to security vulnerabilities.",
|
|
4891
|
-
fixInstructions: "Specify a user in the Dockerfile to prevent security vulnerabilities."
|
|
4892
|
-
},
|
|
4893
|
-
["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: void 0,
|
|
4894
|
-
["PORT_ALL_INTERFACES" /* PortAllInterfaces */]: void 0,
|
|
4895
|
-
["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: void 0,
|
|
4896
|
-
["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: void 0,
|
|
4897
|
-
["USELESS_TERNARY" /* UselessTernary */]: void 0,
|
|
4898
|
-
["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: void 0,
|
|
4899
|
-
["USE_SYS_EXIT" /* UseSysExit */]: void 0,
|
|
4900
|
-
["INCORRECT_SQL_API_USAGE" /* IncorrectSqlApiUsage */]: void 0,
|
|
4901
|
-
["USE_RAISE_FOR_STATUS" /* UseRaiseForStatus */]: void 0,
|
|
4902
|
-
["USE_TIMEOUT" /* UseTimeout */]: void 0,
|
|
4903
|
-
["USELESS_IF_BODY" /* UselessIfBody */]: void 0,
|
|
4904
|
-
["MISSING_TEMPLATE_STRING_INDICATOR" /* MissingTemplateStringIndicator */]: void 0,
|
|
4905
|
-
["NO_ASSERT" /* NoAssert */]: void 0,
|
|
4906
|
-
["FUNCTION_CALL_WITHOUT_PARENTHESES" /* FunctionCallWithoutParentheses */]: void 0,
|
|
4907
|
-
["SPRING_DEFAULT_PERMIT" /* SpringDefaultPermit */]: void 0,
|
|
4908
|
-
["RETURN_IN_INIT" /* ReturnInInit */]: void 0,
|
|
4909
|
-
["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: void 0,
|
|
4910
|
-
["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
|
|
4911
|
-
["REDUNDANT_CONDITION" /* RedundantCondition */]: void 0,
|
|
4912
|
-
["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
|
|
4913
|
-
["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0,
|
|
4914
|
-
["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0,
|
|
4915
|
-
["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: void 0,
|
|
4916
|
-
["MISSING_X_FRAME_OPTIONS" /* MissingXFrameOptions */]: void 0,
|
|
4917
|
-
["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: void 0,
|
|
4918
|
-
["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: void 0,
|
|
4919
|
-
["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: void 0,
|
|
4920
|
-
["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: void 0,
|
|
4921
|
-
["UNSAFE_REFLECTION" /* UnsafeReflection */]: void 0,
|
|
4922
|
-
["UNENCRYPTED_AWS_SQS_QUEUE" /* UnencryptedAwsSqsQueue */]: {
|
|
4923
|
-
issueDescription: "AWS SQS queue contents are unencrypted; data could be read if the queue is compromised.",
|
|
4924
|
-
fixInstructions: "Enable server-side encryption by setting sqs_managed_sse_enabled = true, or supply a KMS key via kms_master_key_id."
|
|
4925
|
-
},
|
|
4926
|
-
["INSECURE_DESERIALIZATION" /* InsecureDeserialization */]: void 0,
|
|
4927
|
-
["AWS_DYNAMODB_POINT_IN_TIME_RECOVERY_DISABLED" /* AwsDynamodbPointInTimeRecoveryDisabled */]: {
|
|
4928
|
-
issueDescription: "AWS DynamoDB table has point-in-time recovery disabled; accidental or malicious writes/deletes cannot be rolled back from a known-good snapshot.",
|
|
4929
|
-
fixInstructions: "Enable point-in-time recovery by adding `point_in_time_recovery { enabled = true }` to the aws_dynamodb_table resource."
|
|
4930
|
-
},
|
|
4931
|
-
["JWT_DECODE_WITHOUT_VERIFY" /* JwtDecodeWithoutVerify */]: {
|
|
4932
|
-
issueDescription: "Decoding a JWT with `JWT.decode()` only base64-decodes the token without checking its signature, so an attacker can forge a token with arbitrary claims (identity, roles, expiration) and have it trusted. CWE-345, OWASP A08:2021 Software and Data Integrity Failures.",
|
|
4933
|
-
fixInstructions: "Verify the signature before trusting any claims: build a verifier with the expected algorithm and secret/key (e.g. `JWT.require(Algorithm.HMAC256(secret)).build().verify(token)`) instead of calling `JWT.decode(token)`. After merging, confirm the verifier is configured with the same algorithm and secret/key used to sign your tokens \u2014 an incorrect or placeholder secret will make verification throw `JWTVerificationException` at runtime and reject legitimate tokens."
|
|
4934
|
-
},
|
|
4935
|
-
["UNCHECKED_RETURN_VALUE" /* UncheckedReturnValue */]: void 0
|
|
4936
|
-
};
|
|
4937
|
-
|
|
4938
|
-
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
4939
4306
|
init_getIssueType();
|
|
4307
|
+
init_issueTypeCatalog();
|
|
4940
4308
|
function capitalizeFirstLetter(str) {
|
|
4941
4309
|
return str?.length ? str[0].toUpperCase() + str.slice(1) : "";
|
|
4942
4310
|
}
|
|
@@ -4964,8 +4332,7 @@ var getCommitDescription = ({
|
|
|
4964
4332
|
)}**.
|
|
4965
4333
|
|
|
4966
4334
|
`;
|
|
4967
|
-
|
|
4968
|
-
if (issueType && parseIssueTypeRes.success) {
|
|
4335
|
+
if (issueType) {
|
|
4969
4336
|
if (irrelevantIssueWithTags?.[0]?.tag) {
|
|
4970
4337
|
description += `
|
|
4971
4338
|
> [!tip]
|
|
@@ -4977,14 +4344,17 @@ var getCommitDescription = ({
|
|
|
4977
4344
|
${issueDescription[irrelevantIssueWithTags[0].tag]}
|
|
4978
4345
|
`;
|
|
4979
4346
|
}
|
|
4980
|
-
const
|
|
4981
|
-
if (
|
|
4347
|
+
const catalogEntry = getIssueTypeCatalogEntry(issueType);
|
|
4348
|
+
if (catalogEntry?.issueDescription) {
|
|
4982
4349
|
description += `## Issue description
|
|
4983
|
-
${
|
|
4984
|
-
|
|
4350
|
+
${catalogEntry.issueDescription}
|
|
4351
|
+
`;
|
|
4352
|
+
if (catalogEntry.fixInstructions) {
|
|
4353
|
+
description += `
|
|
4985
4354
|
## Fix instructions
|
|
4986
|
-
${
|
|
4355
|
+
${catalogEntry.fixInstructions}
|
|
4987
4356
|
`;
|
|
4357
|
+
}
|
|
4988
4358
|
}
|
|
4989
4359
|
}
|
|
4990
4360
|
description += `
|
|
@@ -5008,8 +4378,7 @@ var getCommitIssueDescription = ({
|
|
|
5008
4378
|
const issueTypeString = getIssueTypeFriendlyString(issueType);
|
|
5009
4379
|
let description = `The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
|
|
5010
4380
|
`;
|
|
5011
|
-
|
|
5012
|
-
if (issueType && parseIssueTypeRes.success) {
|
|
4381
|
+
if (issueType) {
|
|
5013
4382
|
if (irrelevantIssueWithTags?.[0]?.tag) {
|
|
5014
4383
|
description = `
|
|
5015
4384
|
> [!tip]
|
|
@@ -5022,10 +4391,10 @@ var getCommitIssueDescription = ({
|
|
|
5022
4391
|
${fpDescription ?? unfixableDescription ?? issueDescription[irrelevantIssueWithTags[0].tag]}
|
|
5023
4392
|
`;
|
|
5024
4393
|
}
|
|
5025
|
-
const
|
|
5026
|
-
if (
|
|
4394
|
+
const catalogEntry = getIssueTypeCatalogEntry(issueType);
|
|
4395
|
+
if (catalogEntry?.issueDescription) {
|
|
5027
4396
|
description += `## Issue description
|
|
5028
|
-
${
|
|
4397
|
+
${catalogEntry.issueDescription}
|
|
5029
4398
|
`;
|
|
5030
4399
|
}
|
|
5031
4400
|
}
|
|
@@ -5037,14 +4406,12 @@ init_getIssueType();
|
|
|
5037
4406
|
|
|
5038
4407
|
// src/features/analysis/scm/shared/src/guidances.ts
|
|
5039
4408
|
init_client_generates();
|
|
5040
|
-
|
|
4409
|
+
init_getIssueType();
|
|
4410
|
+
import { z as z4 } from "zod";
|
|
5041
4411
|
|
|
5042
4412
|
// src/features/analysis/scm/shared/src/storedFixData/index.ts
|
|
5043
4413
|
init_client_generates();
|
|
5044
|
-
import { z as
|
|
5045
|
-
|
|
5046
|
-
// src/features/analysis/scm/shared/src/storedFixData/csharp/index.ts
|
|
5047
|
-
init_client_generates();
|
|
4414
|
+
import { z as z2 } from "zod";
|
|
5048
4415
|
|
|
5049
4416
|
// src/features/analysis/scm/shared/src/storedFixData/passwordInComment.ts
|
|
5050
4417
|
var passwordInComment = {
|
|
@@ -5081,8 +4448,8 @@ This is an illustration of how the form will look like:
|
|
|
5081
4448
|
|
|
5082
4449
|
// src/features/analysis/scm/shared/src/storedFixData/csharp/index.ts
|
|
5083
4450
|
var vulnerabilities = {
|
|
5084
|
-
["MISSING_ANTIFORGERY_VALIDATION"
|
|
5085
|
-
["PASSWORD_IN_COMMENT"
|
|
4451
|
+
["MISSING_ANTIFORGERY_VALIDATION"]: missingAntiForgeryValidation,
|
|
4452
|
+
["PASSWORD_IN_COMMENT"]: passwordInComment
|
|
5086
4453
|
};
|
|
5087
4454
|
var csharp_default = vulnerabilities;
|
|
5088
4455
|
|
|
@@ -5098,9 +4465,6 @@ var go_default = vulnerabilities3;
|
|
|
5098
4465
|
var vulnerabilities4 = {};
|
|
5099
4466
|
var hcl_default = vulnerabilities4;
|
|
5100
4467
|
|
|
5101
|
-
// src/features/analysis/scm/shared/src/storedFixData/java/index.ts
|
|
5102
|
-
init_client_generates();
|
|
5103
|
-
|
|
5104
4468
|
// src/features/analysis/scm/shared/src/storedFixData/java/insecureDeserialization.ts
|
|
5105
4469
|
var insecureDeserialization = {
|
|
5106
4470
|
guidance: () => "Added a `@Consumes` annotation restricting the endpoint to common safe media types (JSON, XML, form, multipart, octet-stream, plain text). Requests with `Content-Type: application/x-java-serialized-object` are no longer routed to the RESTEasy `SerializableProvider`. If your endpoint legitimately accepts a content type not in this allowlist (e.g. `image/png`, a custom JSON variant), expect HTTP 415 from those clients and extend the `@Consumes` list to include it."
|
|
@@ -5157,17 +4521,14 @@ var systemInformationLeak = {
|
|
|
5157
4521
|
|
|
5158
4522
|
// src/features/analysis/scm/shared/src/storedFixData/java/index.ts
|
|
5159
4523
|
var vulnerabilities5 = {
|
|
5160
|
-
["PASSWORD_IN_COMMENT"
|
|
5161
|
-
["INSECURE_DESERIALIZATION"
|
|
5162
|
-
["J2EE_GET_CONNECTION"
|
|
5163
|
-
["SQL_Injection"
|
|
5164
|
-
["SYSTEM_INFORMATION_LEAK"
|
|
4524
|
+
["PASSWORD_IN_COMMENT"]: passwordInComment,
|
|
4525
|
+
["INSECURE_DESERIALIZATION"]: insecureDeserialization,
|
|
4526
|
+
["J2EE_GET_CONNECTION"]: j2eeGetConnection,
|
|
4527
|
+
["SQL_Injection"]: sqlInjection,
|
|
4528
|
+
["SYSTEM_INFORMATION_LEAK"]: systemInformationLeak
|
|
5165
4529
|
};
|
|
5166
4530
|
var java_default = vulnerabilities5;
|
|
5167
4531
|
|
|
5168
|
-
// src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
|
|
5169
|
-
init_client_generates();
|
|
5170
|
-
|
|
5171
4532
|
// src/features/analysis/scm/shared/src/storedFixData/python/csrf.ts
|
|
5172
4533
|
var csrf = {
|
|
5173
4534
|
guidance: () => `Please make sure the CSRF middleware is activated by default in the MIDDLEWARE setting. If you override that setting, remember that \`django.middleware.csrf.CsrfViewMiddleware\` should come before any view middleware that assume that CSRF attacks have been dealt with.
|
|
@@ -5210,11 +4571,11 @@ var ssrf = {
|
|
|
5210
4571
|
|
|
5211
4572
|
// src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
|
|
5212
4573
|
var vulnerabilities6 = {
|
|
5213
|
-
["SSRF"
|
|
5214
|
-
["HARDCODED_SECRETS"
|
|
5215
|
-
["PASSWORD_IN_COMMENT"
|
|
5216
|
-
["NO_LIMITS_OR_THROTTLING"
|
|
5217
|
-
["CSRF"
|
|
4574
|
+
["SSRF"]: ssrf,
|
|
4575
|
+
["HARDCODED_SECRETS"]: hardcodedSecrets,
|
|
4576
|
+
["PASSWORD_IN_COMMENT"]: passwordInComment,
|
|
4577
|
+
["NO_LIMITS_OR_THROTTLING"]: noLimitsOrThrottling,
|
|
4578
|
+
["CSRF"]: csrf
|
|
5218
4579
|
};
|
|
5219
4580
|
var javascript_default = vulnerabilities6;
|
|
5220
4581
|
|
|
@@ -5222,9 +4583,6 @@ var javascript_default = vulnerabilities6;
|
|
|
5222
4583
|
var vulnerabilities7 = {};
|
|
5223
4584
|
var php_default = vulnerabilities7;
|
|
5224
4585
|
|
|
5225
|
-
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
5226
|
-
init_client_generates();
|
|
5227
|
-
|
|
5228
4586
|
// src/features/analysis/scm/shared/src/storedFixData/python/autoEscapeFalse.ts
|
|
5229
4587
|
var autoEscapeFalse = {
|
|
5230
4588
|
guidance: () => `This fix enables automatic escaping for HTML. When that's enabled, everything is escaped by default except for values explicitly marked as safe. Variables and expressions can be marked as safe either in:
|
|
@@ -5259,15 +4617,12 @@ See the [\`requests\` SSL verification docs](https://requests.readthedocs.io/en/
|
|
|
5259
4617
|
|
|
5260
4618
|
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
5261
4619
|
var vulnerabilities8 = {
|
|
5262
|
-
["AUTO_ESCAPE_FALSE"
|
|
5263
|
-
["CSRF"
|
|
5264
|
-
["IMPROPER_CERTIFICATE_VALIDATION"
|
|
4620
|
+
["AUTO_ESCAPE_FALSE"]: autoEscapeFalse,
|
|
4621
|
+
["CSRF"]: csrf,
|
|
4622
|
+
["IMPROPER_CERTIFICATE_VALIDATION"]: improperCertificateValidation
|
|
5265
4623
|
};
|
|
5266
4624
|
var python_default = vulnerabilities8;
|
|
5267
4625
|
|
|
5268
|
-
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
5269
|
-
init_client_generates();
|
|
5270
|
-
|
|
5271
4626
|
// src/features/analysis/scm/shared/src/storedFixData/sql/defaultRightsInObjDefinition.ts
|
|
5272
4627
|
var defaultRightsInObjDefinition = {
|
|
5273
4628
|
guidance: () => "***Make sure the user who is supposed to run the procedure has sufficient permissions.***\n\nRead more details about the `EXECUTE AS` statement in [the official Microsoft documentation](https://learn.microsoft.com/en-us/sql/t-sql/statements/execute-as-clause-transact-sql?view=sql-server-ver16&tabs=sqlserver).\n\n`EXECUTE AS CALLER` is the default behavior for SQL Server 2005 and later."
|
|
@@ -5275,20 +4630,19 @@ var defaultRightsInObjDefinition = {
|
|
|
5275
4630
|
|
|
5276
4631
|
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
5277
4632
|
var vulnerabilities9 = {
|
|
5278
|
-
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION"
|
|
4633
|
+
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION"]: defaultRightsInObjDefinition
|
|
5279
4634
|
};
|
|
5280
4635
|
var sql_default = vulnerabilities9;
|
|
5281
4636
|
|
|
5282
4637
|
// src/features/analysis/scm/shared/src/storedFixData/xml/index.ts
|
|
5283
|
-
init_client_generates();
|
|
5284
4638
|
var vulnerabilities10 = {
|
|
5285
|
-
["PASSWORD_IN_COMMENT"
|
|
4639
|
+
["PASSWORD_IN_COMMENT"]: passwordInComment
|
|
5286
4640
|
};
|
|
5287
4641
|
var xml_default = vulnerabilities10;
|
|
5288
4642
|
|
|
5289
4643
|
// src/features/analysis/scm/shared/src/storedFixData/index.ts
|
|
5290
|
-
var StoredFixDataItemZ =
|
|
5291
|
-
guidance:
|
|
4644
|
+
var StoredFixDataItemZ = z2.object({
|
|
4645
|
+
guidance: z2.function().args(z2.any()).returns(z2.string())
|
|
5292
4646
|
});
|
|
5293
4647
|
var languages = {
|
|
5294
4648
|
["Java" /* Java */]: java_default,
|
|
@@ -5305,10 +4659,7 @@ var languages = {
|
|
|
5305
4659
|
|
|
5306
4660
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
5307
4661
|
init_client_generates();
|
|
5308
|
-
import { z as
|
|
5309
|
-
|
|
5310
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
|
|
5311
|
-
init_client_generates();
|
|
4662
|
+
import { z as z3 } from "zod";
|
|
5312
4663
|
|
|
5313
4664
|
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/commandInjection.ts
|
|
5314
4665
|
var commandInjection = {
|
|
@@ -5354,14 +4705,11 @@ var pathManipulation = {
|
|
|
5354
4705
|
|
|
5355
4706
|
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
|
|
5356
4707
|
var vulnerabilities11 = {
|
|
5357
|
-
["CMDi"
|
|
5358
|
-
["PT"
|
|
4708
|
+
["CMDi"]: commandInjection,
|
|
4709
|
+
["PT"]: pathManipulation
|
|
5359
4710
|
};
|
|
5360
4711
|
var cpp_default = vulnerabilities11;
|
|
5361
4712
|
|
|
5362
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
|
|
5363
|
-
init_client_generates();
|
|
5364
|
-
|
|
5365
4713
|
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/httpOnlyCookie.ts
|
|
5366
4714
|
var httpOnlyCookie = {
|
|
5367
4715
|
httpOnlyCookie: {
|
|
@@ -5656,31 +5004,28 @@ var xxe = {
|
|
|
5656
5004
|
|
|
5657
5005
|
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
|
|
5658
5006
|
var vulnerabilities12 = {
|
|
5659
|
-
["LOG_FORGING"
|
|
5660
|
-
["SSRF"
|
|
5661
|
-
["XXE"
|
|
5662
|
-
["XSS"
|
|
5663
|
-
["USE_OF_SYSTEM_OUTPUT_STREAM"
|
|
5664
|
-
["SYSTEM_INFORMATION_LEAK"
|
|
5665
|
-
["OVERLY_BROAD_CATCH"
|
|
5666
|
-
["TRUST_BOUNDARY_VIOLATION"
|
|
5667
|
-
["PT"
|
|
5668
|
-
["REGEX_MISSING_TIMEOUT"
|
|
5669
|
-
["HTTP_ONLY_COOKIE"
|
|
5670
|
-
["INSECURE_COOKIE"
|
|
5671
|
-
["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED"
|
|
5672
|
-
["INSECURE_BINDER_CONFIGURATION"
|
|
5673
|
-
["VALUE_SHADOWING"
|
|
5674
|
-
["INSECURE_RANDOMNESS"
|
|
5675
|
-
["INSUFFICIENT_LOGGING"
|
|
5676
|
-
["SQL_Injection"
|
|
5677
|
-
["REQUEST_PARAMETERS_BOUND_VIA_INPUT"
|
|
5007
|
+
["LOG_FORGING"]: logForging,
|
|
5008
|
+
["SSRF"]: ssrf2,
|
|
5009
|
+
["XXE"]: xxe,
|
|
5010
|
+
["XSS"]: xss,
|
|
5011
|
+
["USE_OF_SYSTEM_OUTPUT_STREAM"]: useOfSystemOutputStream,
|
|
5012
|
+
["SYSTEM_INFORMATION_LEAK"]: sysLeak,
|
|
5013
|
+
["OVERLY_BROAD_CATCH"]: overlyBroadCatch,
|
|
5014
|
+
["TRUST_BOUNDARY_VIOLATION"]: trustBoundaryViolation,
|
|
5015
|
+
["PT"]: pt,
|
|
5016
|
+
["REGEX_MISSING_TIMEOUT"]: regexMissingTimeout,
|
|
5017
|
+
["HTTP_ONLY_COOKIE"]: httpOnlyCookie,
|
|
5018
|
+
["INSECURE_COOKIE"]: insecureCookie,
|
|
5019
|
+
["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED"]: wcfMisconfigurationThrottlingNotEnabled,
|
|
5020
|
+
["INSECURE_BINDER_CONFIGURATION"]: insecureBinderConfiguration,
|
|
5021
|
+
["VALUE_SHADOWING"]: valueShadowing,
|
|
5022
|
+
["INSECURE_RANDOMNESS"]: insecureRandomness,
|
|
5023
|
+
["INSUFFICIENT_LOGGING"]: insufficientLogging,
|
|
5024
|
+
["SQL_Injection"]: sqlInjection2,
|
|
5025
|
+
["REQUEST_PARAMETERS_BOUND_VIA_INPUT"]: requestParametersBoundViaInput
|
|
5678
5026
|
};
|
|
5679
5027
|
var csharp_default2 = vulnerabilities12;
|
|
5680
5028
|
|
|
5681
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
5682
|
-
init_client_generates();
|
|
5683
|
-
|
|
5684
5029
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/logForging.ts
|
|
5685
5030
|
var logForging2 = {
|
|
5686
5031
|
isHtmlDisplay: {
|
|
@@ -5710,15 +5055,12 @@ var websocketMissingOriginCheck = {
|
|
|
5710
5055
|
|
|
5711
5056
|
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
5712
5057
|
var vulnerabilities13 = {
|
|
5713
|
-
["LOG_FORGING"
|
|
5714
|
-
["MISSING_SSL_MINVERSION"
|
|
5715
|
-
["WEBSOCKET_MISSING_ORIGIN_CHECK"
|
|
5058
|
+
["LOG_FORGING"]: logForging2,
|
|
5059
|
+
["MISSING_SSL_MINVERSION"]: missingSslMinversion,
|
|
5060
|
+
["WEBSOCKET_MISSING_ORIGIN_CHECK"]: websocketMissingOriginCheck
|
|
5716
5061
|
};
|
|
5717
5062
|
var go_default2 = vulnerabilities13;
|
|
5718
5063
|
|
|
5719
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
5720
|
-
init_client_generates();
|
|
5721
|
-
|
|
5722
5064
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/commandInjection.ts
|
|
5723
5065
|
var commandInjection2 = {
|
|
5724
5066
|
isUnixShellCommandPart: {
|
|
@@ -6175,38 +5517,35 @@ var xxe2 = {
|
|
|
6175
5517
|
|
|
6176
5518
|
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
6177
5519
|
var vulnerabilities14 = {
|
|
6178
|
-
["SQL_Injection"
|
|
6179
|
-
["CMDi_relative_path_command"
|
|
6180
|
-
["CMDi"
|
|
6181
|
-
["CONFUSING_NAMING"
|
|
6182
|
-
["ERROR_CONDTION_WITHOUT_ACTION"
|
|
6183
|
-
["XXE"
|
|
6184
|
-
["XSS"
|
|
6185
|
-
["PRIVACY_VIOLATION"
|
|
6186
|
-
["PT"
|
|
6187
|
-
["SSRF"
|
|
6188
|
-
["LOG_FORGING"
|
|
6189
|
-
["LOCALE_DEPENDENT_COMPARISON"
|
|
6190
|
-
["MISSING_CHECK_AGAINST_NULL"
|
|
6191
|
-
["OPEN_REDIRECT"
|
|
6192
|
-
["OVERLY_BROAD_CATCH"
|
|
6193
|
-
["SYSTEM_INFORMATION_LEAK"
|
|
6194
|
-
["USE_OF_SYSTEM_OUTPUT_STREAM"
|
|
6195
|
-
["HTTP_ONLY_COOKIE"
|
|
6196
|
-
["UNCHECKED_LOOP_CONDITION"
|
|
6197
|
-
["INSECURE_COOKIE"
|
|
6198
|
-
["TRUST_BOUNDARY_VIOLATION"
|
|
6199
|
-
["UNSAFE_REFLECTION"
|
|
6200
|
-
["J2EE_GET_CONNECTION"
|
|
6201
|
-
["LEFTOVER_DEBUG_CODE"
|
|
6202
|
-
["ERRONEOUS_STRING_COMPARE"
|
|
6203
|
-
["DUPLICATED_STRINGS"
|
|
5520
|
+
["SQL_Injection"]: sqlInjection3,
|
|
5521
|
+
["CMDi_relative_path_command"]: relativePathCommand,
|
|
5522
|
+
["CMDi"]: commandInjection2,
|
|
5523
|
+
["CONFUSING_NAMING"]: confusingNaming,
|
|
5524
|
+
["ERROR_CONDTION_WITHOUT_ACTION"]: errorConditionWithoutAction,
|
|
5525
|
+
["XXE"]: xxe2,
|
|
5526
|
+
["XSS"]: xss2,
|
|
5527
|
+
["PRIVACY_VIOLATION"]: privacyViolation,
|
|
5528
|
+
["PT"]: pt2,
|
|
5529
|
+
["SSRF"]: ssrf3,
|
|
5530
|
+
["LOG_FORGING"]: logForging3,
|
|
5531
|
+
["LOCALE_DEPENDENT_COMPARISON"]: localeDependentComparison,
|
|
5532
|
+
["MISSING_CHECK_AGAINST_NULL"]: missingCheckAgainstNull,
|
|
5533
|
+
["OPEN_REDIRECT"]: openRedirect,
|
|
5534
|
+
["OVERLY_BROAD_CATCH"]: overlyBroadCatch2,
|
|
5535
|
+
["SYSTEM_INFORMATION_LEAK"]: sysLeak2,
|
|
5536
|
+
["USE_OF_SYSTEM_OUTPUT_STREAM"]: useOfSystemOutputStream2,
|
|
5537
|
+
["HTTP_ONLY_COOKIE"]: httpOnlyCookie2,
|
|
5538
|
+
["UNCHECKED_LOOP_CONDITION"]: uncheckedLoopCondition,
|
|
5539
|
+
["INSECURE_COOKIE"]: insecureCookie2,
|
|
5540
|
+
["TRUST_BOUNDARY_VIOLATION"]: trustBoundaryViolation2,
|
|
5541
|
+
["UNSAFE_REFLECTION"]: unsafeReflection,
|
|
5542
|
+
["J2EE_GET_CONNECTION"]: j2eeGetConnection2,
|
|
5543
|
+
["LEFTOVER_DEBUG_CODE"]: leftoverDebugCode,
|
|
5544
|
+
["ERRONEOUS_STRING_COMPARE"]: erroneousStringCompare,
|
|
5545
|
+
["DUPLICATED_STRINGS"]: duplicatedStrings
|
|
6204
5546
|
};
|
|
6205
5547
|
var java_default2 = vulnerabilities14;
|
|
6206
5548
|
|
|
6207
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
|
|
6208
|
-
init_client_generates();
|
|
6209
|
-
|
|
6210
5549
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/csrf.ts
|
|
6211
5550
|
var csrf2 = {
|
|
6212
5551
|
isPythonDjangoTemplate: {
|
|
@@ -6532,33 +5871,30 @@ var xss3 = {
|
|
|
6532
5871
|
|
|
6533
5872
|
// src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
|
|
6534
5873
|
var vulnerabilities15 = {
|
|
6535
|
-
["CMDi"
|
|
6536
|
-
["GRAPHQL_DEPTH_LIMIT"
|
|
6537
|
-
["INSECURE_RANDOMNESS"
|
|
6538
|
-
["SSRF"
|
|
6539
|
-
["TYPE_CONFUSION"
|
|
6540
|
-
["INCOMPLETE_URL_SANITIZATION"
|
|
6541
|
-
["LOG_FORGING"
|
|
6542
|
-
["XSS"
|
|
6543
|
-
["OPEN_REDIRECT"
|
|
6544
|
-
["SYSTEM_INFORMATION_LEAK"
|
|
6545
|
-
["SYSTEM_INFORMATION_LEAK_EXTERNAL"
|
|
6546
|
-
["IFRAME_WITHOUT_SANDBOX"
|
|
6547
|
-
["PT"
|
|
6548
|
-
["HARDCODED_SECRETS"
|
|
6549
|
-
["MISSING_HSTS_HEADER"
|
|
6550
|
-
["UNCHECKED_LOOP_CONDITION"
|
|
6551
|
-
["NO_LIMITS_OR_THROTTLING"
|
|
6552
|
-
["MISSING_CSP_HEADER"
|
|
6553
|
-
["MISSING_X_FRAME_OPTIONS"
|
|
6554
|
-
["HARDCODED_DOMAIN_IN_HTML"
|
|
6555
|
-
["CSRF"
|
|
5874
|
+
["CMDi"]: commandInjection3,
|
|
5875
|
+
["GRAPHQL_DEPTH_LIMIT"]: graphqlDepthLimit,
|
|
5876
|
+
["INSECURE_RANDOMNESS"]: insecureRandomness2,
|
|
5877
|
+
["SSRF"]: ssrf4,
|
|
5878
|
+
["TYPE_CONFUSION"]: typeConfusion,
|
|
5879
|
+
["INCOMPLETE_URL_SANITIZATION"]: incompleteUrlSanitization,
|
|
5880
|
+
["LOG_FORGING"]: logForging4,
|
|
5881
|
+
["XSS"]: xss3,
|
|
5882
|
+
["OPEN_REDIRECT"]: openRedirect2,
|
|
5883
|
+
["SYSTEM_INFORMATION_LEAK"]: sysLeak3,
|
|
5884
|
+
["SYSTEM_INFORMATION_LEAK_EXTERNAL"]: sysLeakExternal,
|
|
5885
|
+
["IFRAME_WITHOUT_SANDBOX"]: iframeWithoutSandbox,
|
|
5886
|
+
["PT"]: pt3,
|
|
5887
|
+
["HARDCODED_SECRETS"]: hardcodedSecrets2,
|
|
5888
|
+
["MISSING_HSTS_HEADER"]: headerMaxAge,
|
|
5889
|
+
["UNCHECKED_LOOP_CONDITION"]: uncheckedLoopCondition2,
|
|
5890
|
+
["NO_LIMITS_OR_THROTTLING"]: noLimitsOrThrottling2,
|
|
5891
|
+
["MISSING_CSP_HEADER"]: cspHeaderValue,
|
|
5892
|
+
["MISSING_X_FRAME_OPTIONS"]: xFrameOptionsValue,
|
|
5893
|
+
["HARDCODED_DOMAIN_IN_HTML"]: hardcodedDomainInHtml,
|
|
5894
|
+
["CSRF"]: csrf2
|
|
6556
5895
|
};
|
|
6557
5896
|
var js_default = vulnerabilities15;
|
|
6558
5897
|
|
|
6559
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
|
|
6560
|
-
init_client_generates();
|
|
6561
|
-
|
|
6562
5898
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/duplicatedStrings.ts
|
|
6563
5899
|
var duplicatedStrings2 = {
|
|
6564
5900
|
constantName: {
|
|
@@ -6629,19 +5965,16 @@ var uncheckedLoopCondition3 = {
|
|
|
6629
5965
|
|
|
6630
5966
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
|
|
6631
5967
|
var vulnerabilities16 = {
|
|
6632
|
-
["CSRF"
|
|
6633
|
-
["LOG_FORGING"
|
|
6634
|
-
["OPEN_REDIRECT"
|
|
6635
|
-
["UNCHECKED_LOOP_CONDITION"
|
|
6636
|
-
["DUPLICATED_STRINGS"
|
|
6637
|
-
["MISSING_ENCODING_FILE_OPEN"
|
|
6638
|
-
["SSRF"
|
|
5968
|
+
["CSRF"]: csrf2,
|
|
5969
|
+
["LOG_FORGING"]: logForging5,
|
|
5970
|
+
["OPEN_REDIRECT"]: openRedirect3,
|
|
5971
|
+
["UNCHECKED_LOOP_CONDITION"]: uncheckedLoopCondition3,
|
|
5972
|
+
["DUPLICATED_STRINGS"]: duplicatedStrings2,
|
|
5973
|
+
["MISSING_ENCODING_FILE_OPEN"]: missingEncoding,
|
|
5974
|
+
["SSRF"]: ssrf5
|
|
6639
5975
|
};
|
|
6640
5976
|
var python_default2 = vulnerabilities16;
|
|
6641
5977
|
|
|
6642
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
6643
|
-
init_client_generates();
|
|
6644
|
-
|
|
6645
5978
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/unboundedOccurrences.ts
|
|
6646
5979
|
var unboundedOccurrences = {
|
|
6647
5980
|
maxOccursLimit: {
|
|
@@ -6655,13 +5988,10 @@ A value too high will cause performance issues up to and including denial of ser
|
|
|
6655
5988
|
|
|
6656
5989
|
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
6657
5990
|
var vulnerabilities17 = {
|
|
6658
|
-
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES"
|
|
5991
|
+
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES"]: unboundedOccurrences
|
|
6659
5992
|
};
|
|
6660
5993
|
var xml_default2 = vulnerabilities17;
|
|
6661
5994
|
|
|
6662
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/yaml/index.ts
|
|
6663
|
-
init_client_generates();
|
|
6664
|
-
|
|
6665
5995
|
// src/features/analysis/scm/shared/src/storedQuestionData/yaml/noNewPrivileges.ts
|
|
6666
5996
|
var noNewPrivileges = {
|
|
6667
5997
|
requireNewPrivileges: {
|
|
@@ -6691,17 +6021,17 @@ var writableFilesystemService = {
|
|
|
6691
6021
|
|
|
6692
6022
|
// src/features/analysis/scm/shared/src/storedQuestionData/yaml/index.ts
|
|
6693
6023
|
var vulnerabilities18 = {
|
|
6694
|
-
["PORT_ALL_INTERFACES"
|
|
6695
|
-
["WRITABLE_FILESYSTEM_SERVICE"
|
|
6696
|
-
["NO_NEW_PRIVILEGES"
|
|
6024
|
+
["PORT_ALL_INTERFACES"]: portAllInterfaces,
|
|
6025
|
+
["WRITABLE_FILESYSTEM_SERVICE"]: writableFilesystemService,
|
|
6026
|
+
["NO_NEW_PRIVILEGES"]: noNewPrivileges
|
|
6697
6027
|
};
|
|
6698
6028
|
var yaml_default = vulnerabilities18;
|
|
6699
6029
|
|
|
6700
6030
|
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
6701
|
-
var StoredQuestionDataItemZ =
|
|
6702
|
-
content:
|
|
6703
|
-
description:
|
|
6704
|
-
guidance:
|
|
6031
|
+
var StoredQuestionDataItemZ = z3.object({
|
|
6032
|
+
content: z3.function().args(z3.any()).returns(z3.string()),
|
|
6033
|
+
description: z3.function().args(z3.any()).returns(z3.string()),
|
|
6034
|
+
guidance: z3.function().args(z3.any()).returns(z3.string())
|
|
6705
6035
|
});
|
|
6706
6036
|
var languages2 = {
|
|
6707
6037
|
["Java" /* Java */]: java_default2,
|
|
@@ -6798,9 +6128,9 @@ function getFixGuidances({
|
|
|
6798
6128
|
const fixGuidance = storeFixResult.success ? [storeFixResult.data.guidance({ questions, ...extraContext })] : [];
|
|
6799
6129
|
return libGuidances.concat(fixGuidance).filter((guidance) => !!guidance);
|
|
6800
6130
|
}
|
|
6801
|
-
var IssueTypeAndLanguageZ =
|
|
6802
|
-
issueType:
|
|
6803
|
-
issueLanguage:
|
|
6131
|
+
var IssueTypeAndLanguageZ = z4.object({
|
|
6132
|
+
issueType: SafeIssueTypeStringZ,
|
|
6133
|
+
issueLanguage: z4.nativeEnum(IssueLanguage_Enum)
|
|
6804
6134
|
});
|
|
6805
6135
|
function getGuidances(args) {
|
|
6806
6136
|
const safeIssueTypeAndLanguage = IssueTypeAndLanguageZ.safeParse({
|
|
@@ -6866,19 +6196,19 @@ function getIssueUrl({
|
|
|
6866
6196
|
init_validations();
|
|
6867
6197
|
|
|
6868
6198
|
// src/features/analysis/scm/types.ts
|
|
6869
|
-
import { z as
|
|
6199
|
+
import { z as z12 } from "zod";
|
|
6870
6200
|
var ReferenceType = /* @__PURE__ */ ((ReferenceType2) => {
|
|
6871
6201
|
ReferenceType2["BRANCH"] = "BRANCH";
|
|
6872
6202
|
ReferenceType2["COMMIT"] = "COMMIT";
|
|
6873
6203
|
ReferenceType2["TAG"] = "TAG";
|
|
6874
6204
|
return ReferenceType2;
|
|
6875
6205
|
})(ReferenceType || {});
|
|
6876
|
-
var GithubFullShaZ =
|
|
6877
|
-
var MergedPrSurvivalMetadataZ =
|
|
6878
|
-
mergeCommitShas:
|
|
6206
|
+
var GithubFullShaZ = z12.string().regex(/^[a-f0-9]{40}$/);
|
|
6207
|
+
var MergedPrSurvivalMetadataZ = z12.object({
|
|
6208
|
+
mergeCommitShas: z12.array(GithubFullShaZ).min(1).refine((shas) => new Set(shas).size === shas.length, {
|
|
6879
6209
|
message: "mergeCommitShas must contain unique SHAs"
|
|
6880
6210
|
}),
|
|
6881
|
-
targetBranch:
|
|
6211
|
+
targetBranch: z12.string().min(1)
|
|
6882
6212
|
});
|
|
6883
6213
|
var ScmLibScmType = /* @__PURE__ */ ((ScmLibScmType2) => {
|
|
6884
6214
|
ScmLibScmType2["GITHUB"] = "GITHUB";
|
|
@@ -6905,10 +6235,10 @@ var scmTypeToScmLibScmType = {
|
|
|
6905
6235
|
["Ado" /* Ado */]: "ADO" /* ADO */,
|
|
6906
6236
|
["Bitbucket" /* Bitbucket */]: "BITBUCKET" /* BITBUCKET */
|
|
6907
6237
|
};
|
|
6908
|
-
var GetReferenceResultZ =
|
|
6909
|
-
date:
|
|
6910
|
-
sha:
|
|
6911
|
-
type:
|
|
6238
|
+
var GetReferenceResultZ = z12.object({
|
|
6239
|
+
date: z12.date().optional(),
|
|
6240
|
+
sha: z12.string(),
|
|
6241
|
+
type: z12.nativeEnum(ReferenceType)
|
|
6912
6242
|
});
|
|
6913
6243
|
|
|
6914
6244
|
// src/features/analysis/scm/utils/scm.ts
|
|
@@ -7055,7 +6385,7 @@ function shouldValidateUrl(repoUrl) {
|
|
|
7055
6385
|
return repoUrl && isUrlHasPath(repoUrl);
|
|
7056
6386
|
}
|
|
7057
6387
|
function isBrokerUrl(url) {
|
|
7058
|
-
return
|
|
6388
|
+
return z13.string().uuid().safeParse(new URL(url).host).success;
|
|
7059
6389
|
}
|
|
7060
6390
|
function buildAuthorizedRepoUrl(args) {
|
|
7061
6391
|
const { url, username, password } = args;
|
|
@@ -7091,7 +6421,7 @@ function getCloudScmLibTypeFromUrl(url) {
|
|
|
7091
6421
|
return void 0;
|
|
7092
6422
|
}
|
|
7093
6423
|
function getScmLibTypeFromScmType(scmType) {
|
|
7094
|
-
const parsedScmType =
|
|
6424
|
+
const parsedScmType = z13.nativeEnum(ScmType).parse(scmType);
|
|
7095
6425
|
return scmTypeToScmLibScmType[parsedScmType];
|
|
7096
6426
|
}
|
|
7097
6427
|
function getScmConfig({
|
|
@@ -7159,39 +6489,39 @@ init_env();
|
|
|
7159
6489
|
import querystring from "querystring";
|
|
7160
6490
|
import * as api from "azure-devops-node-api";
|
|
7161
6491
|
import Debug from "debug";
|
|
7162
|
-
import { z as
|
|
6492
|
+
import { z as z16 } from "zod";
|
|
7163
6493
|
|
|
7164
6494
|
// src/features/analysis/scm/ado/validation.ts
|
|
7165
|
-
import { z as
|
|
7166
|
-
var ValidPullRequestStatusZ =
|
|
7167
|
-
|
|
7168
|
-
|
|
7169
|
-
|
|
6495
|
+
import { z as z15 } from "zod";
|
|
6496
|
+
var ValidPullRequestStatusZ = z15.union([
|
|
6497
|
+
z15.literal(1 /* Active */),
|
|
6498
|
+
z15.literal(2 /* Abandoned */),
|
|
6499
|
+
z15.literal(3 /* Completed */)
|
|
7170
6500
|
]);
|
|
7171
|
-
var AdoAuthResultZ =
|
|
7172
|
-
access_token:
|
|
7173
|
-
token_type:
|
|
7174
|
-
refresh_token:
|
|
6501
|
+
var AdoAuthResultZ = z15.object({
|
|
6502
|
+
access_token: z15.string().min(1),
|
|
6503
|
+
token_type: z15.string().min(1),
|
|
6504
|
+
refresh_token: z15.string().min(1)
|
|
7175
6505
|
});
|
|
7176
6506
|
var AdoAuthResultWithOrgsZ = AdoAuthResultZ.extend({
|
|
7177
|
-
scmOrgs:
|
|
6507
|
+
scmOrgs: z15.array(z15.string())
|
|
7178
6508
|
});
|
|
7179
|
-
var profileZ =
|
|
7180
|
-
displayName:
|
|
7181
|
-
publicAlias:
|
|
7182
|
-
emailAddress:
|
|
7183
|
-
coreRevision:
|
|
7184
|
-
timeStamp:
|
|
7185
|
-
id:
|
|
7186
|
-
revision:
|
|
6509
|
+
var profileZ = z15.object({
|
|
6510
|
+
displayName: z15.string(),
|
|
6511
|
+
publicAlias: z15.string().min(1),
|
|
6512
|
+
emailAddress: z15.string(),
|
|
6513
|
+
coreRevision: z15.number(),
|
|
6514
|
+
timeStamp: z15.string(),
|
|
6515
|
+
id: z15.string(),
|
|
6516
|
+
revision: z15.number()
|
|
7187
6517
|
});
|
|
7188
|
-
var accountsZ =
|
|
7189
|
-
count:
|
|
7190
|
-
value:
|
|
7191
|
-
|
|
7192
|
-
accountId:
|
|
7193
|
-
accountUri:
|
|
7194
|
-
accountName:
|
|
6518
|
+
var accountsZ = z15.object({
|
|
6519
|
+
count: z15.number(),
|
|
6520
|
+
value: z15.array(
|
|
6521
|
+
z15.object({
|
|
6522
|
+
accountId: z15.string(),
|
|
6523
|
+
accountUri: z15.string(),
|
|
6524
|
+
accountName: z15.string()
|
|
7195
6525
|
})
|
|
7196
6526
|
)
|
|
7197
6527
|
});
|
|
@@ -7284,7 +6614,7 @@ async function getAdoConnectData({
|
|
|
7284
6614
|
oauthToken: adoTokenInfo.accessToken
|
|
7285
6615
|
});
|
|
7286
6616
|
return {
|
|
7287
|
-
org:
|
|
6617
|
+
org: z16.string().parse(org),
|
|
7288
6618
|
origin: DEFUALT_ADO_ORIGIN
|
|
7289
6619
|
};
|
|
7290
6620
|
}
|
|
@@ -7370,7 +6700,7 @@ async function getAdoClientParams(params) {
|
|
|
7370
6700
|
return {
|
|
7371
6701
|
tokenType: "PAT" /* PAT */,
|
|
7372
6702
|
accessToken: adoTokenInfo.accessToken,
|
|
7373
|
-
patTokenOrg:
|
|
6703
|
+
patTokenOrg: z16.string().parse(tokenOrg).toLowerCase(),
|
|
7374
6704
|
origin,
|
|
7375
6705
|
orgName: org.toLowerCase()
|
|
7376
6706
|
};
|
|
@@ -8510,40 +7840,40 @@ import querystring2 from "querystring";
|
|
|
8510
7840
|
import * as bitbucketPkgNode from "bitbucket";
|
|
8511
7841
|
import bitbucketPkg from "bitbucket";
|
|
8512
7842
|
import Debug2 from "debug";
|
|
8513
|
-
import { z as
|
|
7843
|
+
import { z as z19 } from "zod";
|
|
8514
7844
|
|
|
8515
7845
|
// src/features/analysis/scm/bitbucket/validation.ts
|
|
8516
|
-
import { z as
|
|
8517
|
-
var BitbucketAuthResultZ =
|
|
8518
|
-
access_token:
|
|
8519
|
-
token_type:
|
|
8520
|
-
refresh_token:
|
|
7846
|
+
import { z as z18 } from "zod";
|
|
7847
|
+
var BitbucketAuthResultZ = z18.object({
|
|
7848
|
+
access_token: z18.string(),
|
|
7849
|
+
token_type: z18.string(),
|
|
7850
|
+
refresh_token: z18.string()
|
|
8521
7851
|
});
|
|
8522
7852
|
|
|
8523
7853
|
// src/features/analysis/scm/bitbucket/bitbucket.ts
|
|
8524
7854
|
var debug3 = Debug2("scm:bitbucket");
|
|
8525
7855
|
var BITBUCKET_HOSTNAME = "bitbucket.org";
|
|
8526
|
-
var TokenExpiredErrorZ =
|
|
8527
|
-
status:
|
|
8528
|
-
error:
|
|
8529
|
-
type:
|
|
8530
|
-
error:
|
|
8531
|
-
message:
|
|
7856
|
+
var TokenExpiredErrorZ = z19.object({
|
|
7857
|
+
status: z19.number(),
|
|
7858
|
+
error: z19.object({
|
|
7859
|
+
type: z19.string(),
|
|
7860
|
+
error: z19.object({
|
|
7861
|
+
message: z19.string()
|
|
8532
7862
|
})
|
|
8533
7863
|
})
|
|
8534
7864
|
});
|
|
8535
7865
|
var BITBUCKET_ACCESS_TOKEN_URL = `https://${BITBUCKET_HOSTNAME}/site/oauth2/access_token`;
|
|
8536
7866
|
var MAX_BITBUCKET_PR_BODY_LENGTH = 32768;
|
|
8537
|
-
var BitbucketParseResultZ =
|
|
8538
|
-
organization:
|
|
8539
|
-
repoName:
|
|
8540
|
-
hostname:
|
|
7867
|
+
var BitbucketParseResultZ = z19.object({
|
|
7868
|
+
organization: z19.string(),
|
|
7869
|
+
repoName: z19.string(),
|
|
7870
|
+
hostname: z19.literal(BITBUCKET_HOSTNAME)
|
|
8541
7871
|
});
|
|
8542
|
-
var UserWorkspacePermissionsRepositoriesResponseZ =
|
|
8543
|
-
values:
|
|
8544
|
-
|
|
8545
|
-
repository:
|
|
8546
|
-
full_name:
|
|
7872
|
+
var UserWorkspacePermissionsRepositoriesResponseZ = z19.object({
|
|
7873
|
+
values: z19.array(
|
|
7874
|
+
z19.object({
|
|
7875
|
+
repository: z19.object({
|
|
7876
|
+
full_name: z19.string().optional()
|
|
8547
7877
|
}).optional()
|
|
8548
7878
|
})
|
|
8549
7879
|
).optional()
|
|
@@ -8606,7 +7936,7 @@ function getBitbucketSdk(params) {
|
|
|
8606
7936
|
if (!res.data.values) {
|
|
8607
7937
|
return [];
|
|
8608
7938
|
}
|
|
8609
|
-
return res.data.values.filter((branch) => !!branch.name).map((branch) =>
|
|
7939
|
+
return res.data.values.filter((branch) => !!branch.name).map((branch) => z19.string().parse(branch.name));
|
|
8610
7940
|
},
|
|
8611
7941
|
async getIsUserCollaborator(params2) {
|
|
8612
7942
|
const { repoUrl } = params2;
|
|
@@ -8726,7 +8056,7 @@ function getBitbucketSdk(params) {
|
|
|
8726
8056
|
return GetReferenceResultZ.parse({
|
|
8727
8057
|
sha: tagRes.data.target?.hash,
|
|
8728
8058
|
type: "TAG" /* TAG */,
|
|
8729
|
-
date: new Date(
|
|
8059
|
+
date: new Date(z19.string().parse(tagRes.data.target?.date))
|
|
8730
8060
|
});
|
|
8731
8061
|
},
|
|
8732
8062
|
async getBranchRef(params2) {
|
|
@@ -8734,7 +8064,7 @@ function getBitbucketSdk(params) {
|
|
|
8734
8064
|
return GetReferenceResultZ.parse({
|
|
8735
8065
|
sha: getBranchRes.target?.hash,
|
|
8736
8066
|
type: "BRANCH" /* BRANCH */,
|
|
8737
|
-
date: new Date(
|
|
8067
|
+
date: new Date(z19.string().parse(getBranchRes.target?.date))
|
|
8738
8068
|
});
|
|
8739
8069
|
},
|
|
8740
8070
|
async getCommitRef(params2) {
|
|
@@ -8742,13 +8072,13 @@ function getBitbucketSdk(params) {
|
|
|
8742
8072
|
return GetReferenceResultZ.parse({
|
|
8743
8073
|
sha: getCommitRes.hash,
|
|
8744
8074
|
type: "COMMIT" /* COMMIT */,
|
|
8745
|
-
date: new Date(
|
|
8075
|
+
date: new Date(z19.string().parse(getCommitRes.date))
|
|
8746
8076
|
});
|
|
8747
8077
|
},
|
|
8748
8078
|
async getDownloadUrl({ url, sha }) {
|
|
8749
8079
|
this.getReferenceData({ ref: sha, url });
|
|
8750
8080
|
const repoRes = await this.getRepo({ repoUrl: url });
|
|
8751
|
-
const parsedRepoUrl =
|
|
8081
|
+
const parsedRepoUrl = z19.string().url().parse(repoRes.links?.html?.href);
|
|
8752
8082
|
return `${parsedRepoUrl}/get/${sha}.zip`;
|
|
8753
8083
|
},
|
|
8754
8084
|
async getPullRequest(params2) {
|
|
@@ -8906,7 +8236,7 @@ async function validateBitbucketParams(params) {
|
|
|
8906
8236
|
}
|
|
8907
8237
|
async function getUsersWorkspacesSlugs(bitbucketClient) {
|
|
8908
8238
|
const res = await bitbucketClient.workspaces.getWorkspaces({});
|
|
8909
|
-
return res.data.values?.map((v) =>
|
|
8239
|
+
return res.data.values?.map((v) => z19.string().parse(v.slug));
|
|
8910
8240
|
}
|
|
8911
8241
|
async function getAllUsersRepositories(bitbucketClient) {
|
|
8912
8242
|
const userWorkspacesSlugs = await getUsersWorkspacesSlugs(bitbucketClient);
|
|
@@ -8934,10 +8264,10 @@ async function getRepositoriesByWorkspace(bitbucketClient, { workspaceSlug }) {
|
|
|
8934
8264
|
|
|
8935
8265
|
// src/features/analysis/scm/bitbucket/BitbucketSCMLib.ts
|
|
8936
8266
|
import { setTimeout as setTimeout3 } from "timers/promises";
|
|
8937
|
-
import { z as
|
|
8267
|
+
import { z as z20 } from "zod";
|
|
8938
8268
|
function getUserAndPassword(token) {
|
|
8939
8269
|
const [username, password] = token.split(":");
|
|
8940
|
-
const safePasswordAndUsername =
|
|
8270
|
+
const safePasswordAndUsername = z20.object({ username: z20.string(), password: z20.string() }).parse({ username, password });
|
|
8941
8271
|
return {
|
|
8942
8272
|
username: safePasswordAndUsername.username,
|
|
8943
8273
|
password: safePasswordAndUsername.password
|
|
@@ -9009,7 +8339,7 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
9009
8339
|
return { username, password, authType };
|
|
9010
8340
|
}
|
|
9011
8341
|
case "token": {
|
|
9012
|
-
return { authType, token:
|
|
8342
|
+
return { authType, token: z20.string().parse(this.accessToken) };
|
|
9013
8343
|
}
|
|
9014
8344
|
case "public":
|
|
9015
8345
|
return { authType };
|
|
@@ -9023,7 +8353,7 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
9023
8353
|
...params,
|
|
9024
8354
|
repoUrl: this.url
|
|
9025
8355
|
});
|
|
9026
|
-
return String(
|
|
8356
|
+
return String(z20.number().parse(pullRequestRes.id));
|
|
9027
8357
|
} catch (e) {
|
|
9028
8358
|
console.warn(
|
|
9029
8359
|
`error creating pull request for BB. Try number ${String(i + 1).replace(/\n|\r/g, "")}`,
|
|
@@ -9108,7 +8438,7 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
9108
8438
|
async getUsername() {
|
|
9109
8439
|
this._validateAccessToken();
|
|
9110
8440
|
const res = await this.bitbucketSdk.getUser();
|
|
9111
|
-
return
|
|
8441
|
+
return z20.string().parse(res["username"]);
|
|
9112
8442
|
}
|
|
9113
8443
|
async getSubmitRequestStatus(_scmSubmitRequestId) {
|
|
9114
8444
|
this._validateAccessTokenAndUrl();
|
|
@@ -9134,7 +8464,7 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
9134
8464
|
async getRepoDefaultBranch() {
|
|
9135
8465
|
this._validateUrl();
|
|
9136
8466
|
const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
|
|
9137
|
-
return
|
|
8467
|
+
return z20.string().parse(repoRes.mainbranch?.name);
|
|
9138
8468
|
}
|
|
9139
8469
|
getSubmitRequestUrl(submitRequestId) {
|
|
9140
8470
|
this._validateUrl();
|
|
@@ -9302,7 +8632,7 @@ init_env();
|
|
|
9302
8632
|
|
|
9303
8633
|
// src/features/analysis/scm/github/GithubSCMLib.ts
|
|
9304
8634
|
import pLimit3 from "p-limit";
|
|
9305
|
-
import { z as
|
|
8635
|
+
import { z as z21 } from "zod";
|
|
9306
8636
|
init_client_generates();
|
|
9307
8637
|
|
|
9308
8638
|
// src/features/analysis/scm/github/github.ts
|
|
@@ -10470,7 +9800,7 @@ var GithubSCMLib = class extends SCMLib {
|
|
|
10470
9800
|
owner,
|
|
10471
9801
|
repo
|
|
10472
9802
|
});
|
|
10473
|
-
return
|
|
9803
|
+
return z21.string().parse(prRes.data);
|
|
10474
9804
|
}
|
|
10475
9805
|
async getRepoList(_scmOrg) {
|
|
10476
9806
|
this._validateAccessToken();
|
|
@@ -11097,11 +10427,11 @@ import {
|
|
|
11097
10427
|
init_env();
|
|
11098
10428
|
|
|
11099
10429
|
// src/features/analysis/scm/gitlab/types.ts
|
|
11100
|
-
import { z as
|
|
11101
|
-
var GitlabAuthResultZ =
|
|
11102
|
-
access_token:
|
|
11103
|
-
token_type:
|
|
11104
|
-
refresh_token:
|
|
10430
|
+
import { z as z22 } from "zod";
|
|
10431
|
+
var GitlabAuthResultZ = z22.object({
|
|
10432
|
+
access_token: z22.string(),
|
|
10433
|
+
token_type: z22.string(),
|
|
10434
|
+
refresh_token: z22.string()
|
|
11105
10435
|
});
|
|
11106
10436
|
|
|
11107
10437
|
// src/features/analysis/scm/gitlab/gitlab.ts
|
|
@@ -12319,7 +11649,7 @@ var GitlabSCMLib = class extends SCMLib {
|
|
|
12319
11649
|
};
|
|
12320
11650
|
|
|
12321
11651
|
// src/features/analysis/scm/scmFactory.ts
|
|
12322
|
-
import { z as
|
|
11652
|
+
import { z as z23 } from "zod";
|
|
12323
11653
|
|
|
12324
11654
|
// src/features/analysis/scm/StubSCMLib.ts
|
|
12325
11655
|
var StubSCMLib = class extends SCMLib {
|
|
@@ -12472,7 +11802,7 @@ async function createScmLib({ url, accessToken, scmType, scmOrg }, {
|
|
|
12472
11802
|
if (e instanceof InvalidRepoUrlError && url) {
|
|
12473
11803
|
throw new RepoNoTokenAccessError(
|
|
12474
11804
|
"no access to repo",
|
|
12475
|
-
scmLibScmTypeToScmType[
|
|
11805
|
+
scmLibScmTypeToScmType[z23.nativeEnum(ScmLibScmType).parse(scmType)]
|
|
12476
11806
|
);
|
|
12477
11807
|
}
|
|
12478
11808
|
console.error(`error validating scm: ${scmType} `, e);
|
|
@@ -13079,7 +12409,7 @@ import path6 from "path";
|
|
|
13079
12409
|
import chalk from "chalk";
|
|
13080
12410
|
import Debug4 from "debug";
|
|
13081
12411
|
import * as dotenv from "dotenv";
|
|
13082
|
-
import { z as
|
|
12412
|
+
import { z as z24 } from "zod";
|
|
13083
12413
|
var debug5 = Debug4("mobbdev:constants");
|
|
13084
12414
|
var runtimeConfigPath = path6.join(
|
|
13085
12415
|
getModuleRootDir(),
|
|
@@ -13126,17 +12456,17 @@ var scannerToVulnerabilityReportVendorEnum = {
|
|
|
13126
12456
|
[SCANNERS.Datadog]: "datadog" /* Datadog */,
|
|
13127
12457
|
[SCANNERS.BlackDuck]: "blackDuck" /* BlackDuck */
|
|
13128
12458
|
};
|
|
13129
|
-
var SupportedScannersZ =
|
|
13130
|
-
var envVariablesSchema =
|
|
12459
|
+
var SupportedScannersZ = z24.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
|
|
12460
|
+
var envVariablesSchema = z24.object({
|
|
13131
12461
|
// These have safe defaults for production - the VS Code extension passes explicit URLs
|
|
13132
|
-
WEB_APP_URL:
|
|
13133
|
-
API_URL:
|
|
12462
|
+
WEB_APP_URL: z24.string().optional().default(DEFAULT_WEB_APP_URL),
|
|
12463
|
+
API_URL: z24.string().optional().default(DEFAULT_API_URL),
|
|
13134
12464
|
// These are only needed for local development with Hasura
|
|
13135
|
-
HASURA_ACCESS_KEY:
|
|
13136
|
-
LOCAL_GRAPHQL_ENDPOINT:
|
|
12465
|
+
HASURA_ACCESS_KEY: z24.string().optional().default(""),
|
|
12466
|
+
LOCAL_GRAPHQL_ENDPOINT: z24.string().optional().default(""),
|
|
13137
12467
|
// Proxy settings
|
|
13138
|
-
HTTP_PROXY:
|
|
13139
|
-
HTTPS_PROXY:
|
|
12468
|
+
HTTP_PROXY: z24.string().optional().default(""),
|
|
12469
|
+
HTTPS_PROXY: z24.string().optional().default("")
|
|
13140
12470
|
});
|
|
13141
12471
|
var envVariables = envVariablesSchema.parse(process.env);
|
|
13142
12472
|
debug5("config %o", envVariables);
|
|
@@ -13394,7 +12724,7 @@ import { createSpinner as createSpinner4 } from "nanospinner";
|
|
|
13394
12724
|
import fetch4 from "node-fetch";
|
|
13395
12725
|
import open3 from "open";
|
|
13396
12726
|
import tmp2 from "tmp";
|
|
13397
|
-
import { z as
|
|
12727
|
+
import { z as z30 } from "zod";
|
|
13398
12728
|
|
|
13399
12729
|
// src/commands/AuthManager.ts
|
|
13400
12730
|
import crypto from "crypto";
|
|
@@ -13671,62 +13001,62 @@ init_client_generates();
|
|
|
13671
13001
|
|
|
13672
13002
|
// src/features/analysis/graphql/types.ts
|
|
13673
13003
|
init_client_generates();
|
|
13674
|
-
import { z as
|
|
13675
|
-
var VulnerabilityReportIssueCodeNodeZ =
|
|
13676
|
-
vulnerabilityReportIssueId:
|
|
13677
|
-
path:
|
|
13678
|
-
startLine:
|
|
13679
|
-
vulnerabilityReportIssue:
|
|
13680
|
-
fixId:
|
|
13681
|
-
category:
|
|
13682
|
-
safeIssueType:
|
|
13683
|
-
vulnerabilityReportIssueTags:
|
|
13684
|
-
|
|
13685
|
-
tag:
|
|
13004
|
+
import { z as z25 } from "zod";
|
|
13005
|
+
var VulnerabilityReportIssueCodeNodeZ = z25.object({
|
|
13006
|
+
vulnerabilityReportIssueId: z25.string(),
|
|
13007
|
+
path: z25.string(),
|
|
13008
|
+
startLine: z25.number(),
|
|
13009
|
+
vulnerabilityReportIssue: z25.object({
|
|
13010
|
+
fixId: z25.string(),
|
|
13011
|
+
category: z25.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
13012
|
+
safeIssueType: z25.string(),
|
|
13013
|
+
vulnerabilityReportIssueTags: z25.array(
|
|
13014
|
+
z25.object({
|
|
13015
|
+
tag: z25.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
|
|
13686
13016
|
})
|
|
13687
13017
|
)
|
|
13688
13018
|
})
|
|
13689
13019
|
});
|
|
13690
|
-
var VulnerabilityReportIssueNoFixCodeNodeZ =
|
|
13691
|
-
vulnerabilityReportIssues:
|
|
13692
|
-
|
|
13693
|
-
id:
|
|
13694
|
-
fixId:
|
|
13695
|
-
category:
|
|
13696
|
-
safeIssueType:
|
|
13697
|
-
fpId:
|
|
13698
|
-
codeNodes:
|
|
13699
|
-
|
|
13700
|
-
path:
|
|
13701
|
-
startLine:
|
|
13020
|
+
var VulnerabilityReportIssueNoFixCodeNodeZ = z25.object({
|
|
13021
|
+
vulnerabilityReportIssues: z25.array(
|
|
13022
|
+
z25.object({
|
|
13023
|
+
id: z25.string(),
|
|
13024
|
+
fixId: z25.string().nullable(),
|
|
13025
|
+
category: z25.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
13026
|
+
safeIssueType: z25.string(),
|
|
13027
|
+
fpId: z25.string().uuid().nullable(),
|
|
13028
|
+
codeNodes: z25.array(
|
|
13029
|
+
z25.object({
|
|
13030
|
+
path: z25.string(),
|
|
13031
|
+
startLine: z25.number()
|
|
13702
13032
|
})
|
|
13703
13033
|
),
|
|
13704
|
-
vulnerabilityReportIssueTags:
|
|
13705
|
-
|
|
13706
|
-
tag:
|
|
13034
|
+
vulnerabilityReportIssueTags: z25.array(
|
|
13035
|
+
z25.object({
|
|
13036
|
+
tag: z25.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
|
|
13707
13037
|
})
|
|
13708
13038
|
)
|
|
13709
13039
|
})
|
|
13710
13040
|
)
|
|
13711
13041
|
});
|
|
13712
|
-
var GetVulByNodesMetadataZ =
|
|
13713
|
-
vulnerabilityReportIssueCodeNodes:
|
|
13714
|
-
nonFixablePrVuls:
|
|
13715
|
-
aggregate:
|
|
13716
|
-
count:
|
|
13042
|
+
var GetVulByNodesMetadataZ = z25.object({
|
|
13043
|
+
vulnerabilityReportIssueCodeNodes: z25.array(VulnerabilityReportIssueCodeNodeZ),
|
|
13044
|
+
nonFixablePrVuls: z25.object({
|
|
13045
|
+
aggregate: z25.object({
|
|
13046
|
+
count: z25.number()
|
|
13717
13047
|
})
|
|
13718
13048
|
}),
|
|
13719
|
-
fixablePrVuls:
|
|
13720
|
-
aggregate:
|
|
13721
|
-
count:
|
|
13049
|
+
fixablePrVuls: z25.object({
|
|
13050
|
+
aggregate: z25.object({
|
|
13051
|
+
count: z25.number()
|
|
13722
13052
|
})
|
|
13723
13053
|
}),
|
|
13724
|
-
totalScanVulnerabilities:
|
|
13725
|
-
aggregate:
|
|
13726
|
-
count:
|
|
13054
|
+
totalScanVulnerabilities: z25.object({
|
|
13055
|
+
aggregate: z25.object({
|
|
13056
|
+
count: z25.number()
|
|
13727
13057
|
})
|
|
13728
13058
|
}),
|
|
13729
|
-
irrelevantVulnerabilityReportIssue:
|
|
13059
|
+
irrelevantVulnerabilityReportIssue: z25.array(
|
|
13730
13060
|
VulnerabilityReportIssueNoFixCodeNodeZ
|
|
13731
13061
|
)
|
|
13732
13062
|
});
|
|
@@ -13793,6 +13123,22 @@ var GQLClient = class {
|
|
|
13793
13123
|
});
|
|
13794
13124
|
this._clientSdk = getSdk(this._client);
|
|
13795
13125
|
}
|
|
13126
|
+
// Fetch the analyzer-owned issue-type catalog once and hydrate the shared
|
|
13127
|
+
// in-memory cache so the synchronous display helpers serve analyzer labels
|
|
13128
|
+
// and descriptions. NO FALLBACK: a fetch error or an empty response throws so
|
|
13129
|
+
// the CLI fails loudly instead of silently rendering degraded labels.
|
|
13130
|
+
async loadIssueTypeCatalog() {
|
|
13131
|
+
if (isIssueTypeCatalogHydrated()) {
|
|
13132
|
+
return;
|
|
13133
|
+
}
|
|
13134
|
+
const { issueTypes } = await this._clientSdk.IssueTypes();
|
|
13135
|
+
if (issueTypes.length === 0) {
|
|
13136
|
+
throw new Error(
|
|
13137
|
+
"Issue-type catalog is empty: the issueTypes query returned no entries"
|
|
13138
|
+
);
|
|
13139
|
+
}
|
|
13140
|
+
hydrateIssueTypeCatalog(issueTypes);
|
|
13141
|
+
}
|
|
13796
13142
|
async getUserInfo() {
|
|
13797
13143
|
const { me } = await this._clientSdk.Me();
|
|
13798
13144
|
return me;
|
|
@@ -14232,7 +13578,7 @@ import * as os2 from "os";
|
|
|
14232
13578
|
import path7 from "path";
|
|
14233
13579
|
import chalk4 from "chalk";
|
|
14234
13580
|
import { withFile } from "tmp-promise";
|
|
14235
|
-
import
|
|
13581
|
+
import z26 from "zod";
|
|
14236
13582
|
|
|
14237
13583
|
// src/commands/handleMobbLogin.ts
|
|
14238
13584
|
import chalk3 from "chalk";
|
|
@@ -14772,8 +14118,8 @@ var defaultLogger2 = {
|
|
|
14772
14118
|
}
|
|
14773
14119
|
}
|
|
14774
14120
|
};
|
|
14775
|
-
var PromptItemZ =
|
|
14776
|
-
type:
|
|
14121
|
+
var PromptItemZ = z26.object({
|
|
14122
|
+
type: z26.enum([
|
|
14777
14123
|
"USER_PROMPT",
|
|
14778
14124
|
"AI_RESPONSE",
|
|
14779
14125
|
"TOOL_EXECUTION",
|
|
@@ -14781,32 +14127,32 @@ var PromptItemZ = z27.object({
|
|
|
14781
14127
|
"MCP_TOOL_CALL"
|
|
14782
14128
|
// MCP (Model Context Protocol) tool invocation
|
|
14783
14129
|
]),
|
|
14784
|
-
attachedFiles:
|
|
14785
|
-
|
|
14786
|
-
relativePath:
|
|
14787
|
-
startLine:
|
|
14130
|
+
attachedFiles: z26.array(
|
|
14131
|
+
z26.object({
|
|
14132
|
+
relativePath: z26.string(),
|
|
14133
|
+
startLine: z26.number().optional()
|
|
14788
14134
|
})
|
|
14789
14135
|
).optional(),
|
|
14790
|
-
tokens:
|
|
14791
|
-
inputCount:
|
|
14792
|
-
outputCount:
|
|
14136
|
+
tokens: z26.object({
|
|
14137
|
+
inputCount: z26.number(),
|
|
14138
|
+
outputCount: z26.number()
|
|
14793
14139
|
}).optional(),
|
|
14794
|
-
text:
|
|
14795
|
-
date:
|
|
14796
|
-
tool:
|
|
14797
|
-
name:
|
|
14798
|
-
parameters:
|
|
14799
|
-
result:
|
|
14800
|
-
rawArguments:
|
|
14801
|
-
accepted:
|
|
14140
|
+
text: z26.string().optional(),
|
|
14141
|
+
date: z26.date().optional(),
|
|
14142
|
+
tool: z26.object({
|
|
14143
|
+
name: z26.string(),
|
|
14144
|
+
parameters: z26.string(),
|
|
14145
|
+
result: z26.string(),
|
|
14146
|
+
rawArguments: z26.string().optional(),
|
|
14147
|
+
accepted: z26.boolean().optional(),
|
|
14802
14148
|
// MCP-specific fields (only populated for MCP_TOOL_CALL type)
|
|
14803
|
-
mcpServer:
|
|
14149
|
+
mcpServer: z26.string().optional(),
|
|
14804
14150
|
// MCP server name (e.g., "datadog", "mobb-mcp")
|
|
14805
|
-
mcpToolName:
|
|
14151
|
+
mcpToolName: z26.string().optional()
|
|
14806
14152
|
// MCP tool name without prefix (e.g., "scan_and_fix_vulnerabilities")
|
|
14807
14153
|
}).optional()
|
|
14808
14154
|
});
|
|
14809
|
-
var PromptItemArrayZ =
|
|
14155
|
+
var PromptItemArrayZ = z26.array(PromptItemZ);
|
|
14810
14156
|
var NULL_REPO_STATE = {
|
|
14811
14157
|
repositoryUrl: null,
|
|
14812
14158
|
branch: null,
|
|
@@ -15744,7 +15090,7 @@ import Debug15 from "debug";
|
|
|
15744
15090
|
// src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
|
|
15745
15091
|
import Debug14 from "debug";
|
|
15746
15092
|
import parseDiff from "parse-diff";
|
|
15747
|
-
import { z as
|
|
15093
|
+
import { z as z28 } from "zod";
|
|
15748
15094
|
|
|
15749
15095
|
// src/features/analysis/utils/by_key.ts
|
|
15750
15096
|
function keyBy(array, keyBy2) {
|
|
@@ -15833,7 +15179,7 @@ var scannerToFriendlyString = {
|
|
|
15833
15179
|
|
|
15834
15180
|
// src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
|
|
15835
15181
|
import Debug13 from "debug";
|
|
15836
|
-
import { z as
|
|
15182
|
+
import { z as z27 } from "zod";
|
|
15837
15183
|
init_client_generates();
|
|
15838
15184
|
var debug14 = Debug13("mobbdev:handle-finished-analysis");
|
|
15839
15185
|
var getCommitFixButton = (commitUrl) => `<a href="${commitUrl}"><img src=${COMMIT_FIX_SVG}></a>`;
|
|
@@ -15879,11 +15225,11 @@ function buildFixCommentBody({
|
|
|
15879
15225
|
});
|
|
15880
15226
|
const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
|
|
15881
15227
|
const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
|
|
15882
|
-
const validFixParseRes =
|
|
15228
|
+
const validFixParseRes = z27.object({
|
|
15883
15229
|
patchAndQuestions: PatchAndQuestionsZ,
|
|
15884
|
-
safeIssueLanguage:
|
|
15885
|
-
severityText:
|
|
15886
|
-
safeIssueType:
|
|
15230
|
+
safeIssueLanguage: z27.nativeEnum(IssueLanguage_Enum),
|
|
15231
|
+
severityText: z27.nativeEnum(Vulnerability_Severity_Enum),
|
|
15232
|
+
safeIssueType: SafeIssueTypeStringZ
|
|
15887
15233
|
}).safeParse(fix);
|
|
15888
15234
|
if (!validFixParseRes.success) {
|
|
15889
15235
|
debug14(
|
|
@@ -16117,7 +15463,7 @@ async function getRelevantVulenrabilitiesFromDiff(params) {
|
|
|
16117
15463
|
});
|
|
16118
15464
|
const lineAddedRanges = calculateRanges(fileNumbers);
|
|
16119
15465
|
const fileFilter = {
|
|
16120
|
-
path:
|
|
15466
|
+
path: z28.string().parse(file.to),
|
|
16121
15467
|
ranges: lineAddedRanges.map(([startLine, endLine]) => ({
|
|
16122
15468
|
endLine,
|
|
16123
15469
|
startLine
|
|
@@ -16429,15 +15775,15 @@ import { globby } from "globby";
|
|
|
16429
15775
|
import { isBinary as isBinary2 } from "istextorbinary";
|
|
16430
15776
|
import { simpleGit as simpleGit3 } from "simple-git";
|
|
16431
15777
|
import { parseStringPromise } from "xml2js";
|
|
16432
|
-
import { z as
|
|
15778
|
+
import { z as z29 } from "zod";
|
|
16433
15779
|
var debug19 = Debug18("mobbdev:pack");
|
|
16434
|
-
var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA =
|
|
16435
|
-
properties:
|
|
16436
|
-
entry:
|
|
16437
|
-
|
|
16438
|
-
_:
|
|
16439
|
-
$:
|
|
16440
|
-
key:
|
|
15780
|
+
var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA = z29.object({
|
|
15781
|
+
properties: z29.object({
|
|
15782
|
+
entry: z29.array(
|
|
15783
|
+
z29.object({
|
|
15784
|
+
_: z29.string(),
|
|
15785
|
+
$: z29.object({
|
|
15786
|
+
key: z29.string()
|
|
16441
15787
|
})
|
|
16442
15788
|
})
|
|
16443
15789
|
)
|
|
@@ -17101,6 +16447,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
17101
16447
|
inputApiKey: apiKey,
|
|
17102
16448
|
isSkipPrompts: skipPrompts
|
|
17103
16449
|
});
|
|
16450
|
+
await gqlClient.loadIssueTypeCatalog();
|
|
17104
16451
|
if (!mobbProjectName) {
|
|
17105
16452
|
throw new Error("mobbProjectName is required");
|
|
17106
16453
|
}
|
|
@@ -17220,7 +16567,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
17220
16567
|
spinner: mobbSpinner,
|
|
17221
16568
|
submitVulnerabilityReportVariables: {
|
|
17222
16569
|
fixReportId: reportUploadInfo.fixReportId,
|
|
17223
|
-
repoUrl:
|
|
16570
|
+
repoUrl: z30.string().parse(repo),
|
|
17224
16571
|
reference,
|
|
17225
16572
|
projectId,
|
|
17226
16573
|
vulnerabilityReportFileName: shouldScan ? void 0 : REPORT_DEFAULT_FILE_NAME,
|
|
@@ -17560,9 +16907,9 @@ async function waitForAnaysisAndReviewPr({
|
|
|
17560
16907
|
gqlClient,
|
|
17561
16908
|
polling
|
|
17562
16909
|
}) {
|
|
17563
|
-
const params =
|
|
17564
|
-
repo:
|
|
17565
|
-
githubActionToken:
|
|
16910
|
+
const params = z30.object({
|
|
16911
|
+
repo: z30.string().url(),
|
|
16912
|
+
githubActionToken: z30.string()
|
|
17566
16913
|
}).parse({ repo, githubActionToken });
|
|
17567
16914
|
const scm = await createScmLib(
|
|
17568
16915
|
{
|
|
@@ -17580,7 +16927,7 @@ async function waitForAnaysisAndReviewPr({
|
|
|
17580
16927
|
analysisId: analysisId2,
|
|
17581
16928
|
gqlClient,
|
|
17582
16929
|
scm,
|
|
17583
|
-
scanner:
|
|
16930
|
+
scanner: z30.nativeEnum(SCANNERS).parse(scanner)
|
|
17584
16931
|
});
|
|
17585
16932
|
};
|
|
17586
16933
|
if (polling) {
|
|
@@ -17896,7 +17243,7 @@ async function scanSkill(options) {
|
|
|
17896
17243
|
// src/args/validation.ts
|
|
17897
17244
|
import chalk9 from "chalk";
|
|
17898
17245
|
import path12 from "path";
|
|
17899
|
-
import { z as
|
|
17246
|
+
import { z as z31 } from "zod";
|
|
17900
17247
|
function throwRepoUrlErrorMessage({
|
|
17901
17248
|
error,
|
|
17902
17249
|
repoUrl,
|
|
@@ -17913,11 +17260,11 @@ Example:
|
|
|
17913
17260
|
)}`;
|
|
17914
17261
|
throw new CliError(formattedErrorMessage);
|
|
17915
17262
|
}
|
|
17916
|
-
var UrlZ =
|
|
17263
|
+
var UrlZ = z31.string({
|
|
17917
17264
|
invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
|
|
17918
17265
|
});
|
|
17919
17266
|
function validateOrganizationId(organizationId) {
|
|
17920
|
-
const orgIdValidation =
|
|
17267
|
+
const orgIdValidation = z31.string().uuid().nullish().safeParse(organizationId);
|
|
17921
17268
|
if (!orgIdValidation.success) {
|
|
17922
17269
|
throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
|
|
17923
17270
|
}
|
|
@@ -20064,7 +19411,7 @@ function createLogger(config2) {
|
|
|
20064
19411
|
|
|
20065
19412
|
// src/features/claude_code/hook_logger.ts
|
|
20066
19413
|
var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
|
|
20067
|
-
var CLI_VERSION = true ? "1.4.
|
|
19414
|
+
var CLI_VERSION = true ? "1.4.33" : "unknown";
|
|
20068
19415
|
var NAMESPACE = "mobbdev-claude-code-hook-logs";
|
|
20069
19416
|
var claudeCodeVersion;
|
|
20070
19417
|
function buildDdTags() {
|
|
@@ -21594,145 +20941,145 @@ init_client_generates();
|
|
|
21594
20941
|
init_configs();
|
|
21595
20942
|
|
|
21596
20943
|
// src/mcp/types.ts
|
|
20944
|
+
import { z as z32 } from "zod";
|
|
21597
20945
|
init_client_generates();
|
|
21598
|
-
|
|
21599
|
-
|
|
21600
|
-
path: z33.string()
|
|
20946
|
+
var ScanAndFixVulnerabilitiesToolSchema = z32.object({
|
|
20947
|
+
path: z32.string()
|
|
21601
20948
|
});
|
|
21602
|
-
var VulnerabilityReportIssueTagSchema =
|
|
21603
|
-
vulnerability_report_issue_tag_value:
|
|
20949
|
+
var VulnerabilityReportIssueTagSchema = z32.object({
|
|
20950
|
+
vulnerability_report_issue_tag_value: z32.nativeEnum(
|
|
21604
20951
|
Vulnerability_Report_Issue_Tag_Enum
|
|
21605
20952
|
)
|
|
21606
20953
|
});
|
|
21607
|
-
var VulnerabilityReportIssueSchema =
|
|
21608
|
-
category:
|
|
21609
|
-
parsedIssueType:
|
|
21610
|
-
parsedSeverity:
|
|
21611
|
-
vulnerabilityReportIssueTags:
|
|
20954
|
+
var VulnerabilityReportIssueSchema = z32.object({
|
|
20955
|
+
category: z32.any().optional().nullable(),
|
|
20956
|
+
parsedIssueType: SafeIssueTypeStringZ.nullable().optional(),
|
|
20957
|
+
parsedSeverity: z32.nativeEnum(Vulnerability_Severity_Enum).nullable().optional(),
|
|
20958
|
+
vulnerabilityReportIssueTags: z32.array(VulnerabilityReportIssueTagSchema)
|
|
21612
20959
|
});
|
|
21613
|
-
var SharedStateSchema =
|
|
21614
|
-
__typename:
|
|
21615
|
-
id:
|
|
20960
|
+
var SharedStateSchema = z32.object({
|
|
20961
|
+
__typename: z32.literal("fix_shared_state").optional(),
|
|
20962
|
+
id: z32.any(),
|
|
21616
20963
|
// GraphQL uses `any` type for UUID
|
|
21617
|
-
downloadedBy:
|
|
20964
|
+
downloadedBy: z32.array(z32.any().nullable()).optional().nullable()
|
|
21618
20965
|
});
|
|
21619
|
-
var UnstructuredFixExtraContextSchema =
|
|
21620
|
-
__typename:
|
|
21621
|
-
key:
|
|
21622
|
-
value:
|
|
20966
|
+
var UnstructuredFixExtraContextSchema = z32.object({
|
|
20967
|
+
__typename: z32.literal("UnstructuredFixExtraContext").optional(),
|
|
20968
|
+
key: z32.string(),
|
|
20969
|
+
value: z32.any()
|
|
21623
20970
|
// GraphQL JSON type
|
|
21624
20971
|
});
|
|
21625
|
-
var FixExtraContextResponseSchema =
|
|
21626
|
-
__typename:
|
|
21627
|
-
extraContext:
|
|
21628
|
-
fixDescription:
|
|
20972
|
+
var FixExtraContextResponseSchema = z32.object({
|
|
20973
|
+
__typename: z32.literal("FixExtraContextResponse").optional(),
|
|
20974
|
+
extraContext: z32.array(UnstructuredFixExtraContextSchema),
|
|
20975
|
+
fixDescription: z32.string()
|
|
21629
20976
|
});
|
|
21630
|
-
var FixQuestionSchema =
|
|
21631
|
-
__typename:
|
|
21632
|
-
key:
|
|
21633
|
-
name:
|
|
21634
|
-
defaultValue:
|
|
21635
|
-
value:
|
|
21636
|
-
inputType:
|
|
21637
|
-
options:
|
|
21638
|
-
index:
|
|
21639
|
-
extraContext:
|
|
20977
|
+
var FixQuestionSchema = z32.object({
|
|
20978
|
+
__typename: z32.literal("FixQuestion").optional(),
|
|
20979
|
+
key: z32.string(),
|
|
20980
|
+
name: z32.string(),
|
|
20981
|
+
defaultValue: z32.string(),
|
|
20982
|
+
value: z32.string().nullable().optional(),
|
|
20983
|
+
inputType: z32.nativeEnum(FixQuestionInputType),
|
|
20984
|
+
options: z32.array(z32.string()),
|
|
20985
|
+
index: z32.number(),
|
|
20986
|
+
extraContext: z32.array(UnstructuredFixExtraContextSchema)
|
|
21640
20987
|
});
|
|
21641
|
-
var FixDataSchema =
|
|
21642
|
-
__typename:
|
|
21643
|
-
patch:
|
|
21644
|
-
patchOriginalEncodingBase64:
|
|
21645
|
-
questions:
|
|
20988
|
+
var FixDataSchema = z32.object({
|
|
20989
|
+
__typename: z32.literal("FixData"),
|
|
20990
|
+
patch: z32.string(),
|
|
20991
|
+
patchOriginalEncodingBase64: z32.string(),
|
|
20992
|
+
questions: z32.array(FixQuestionSchema),
|
|
21646
20993
|
extraContext: FixExtraContextResponseSchema
|
|
21647
20994
|
});
|
|
21648
|
-
var GetFixNoFixErrorSchema =
|
|
21649
|
-
__typename:
|
|
20995
|
+
var GetFixNoFixErrorSchema = z32.object({
|
|
20996
|
+
__typename: z32.literal("GetFixNoFixError")
|
|
21650
20997
|
});
|
|
21651
|
-
var PatchAndQuestionsSchema =
|
|
21652
|
-
var McpFixSchema =
|
|
21653
|
-
__typename:
|
|
21654
|
-
id:
|
|
20998
|
+
var PatchAndQuestionsSchema = z32.union([FixDataSchema, GetFixNoFixErrorSchema]);
|
|
20999
|
+
var McpFixSchema = z32.object({
|
|
21000
|
+
__typename: z32.literal("fix").optional(),
|
|
21001
|
+
id: z32.any(),
|
|
21655
21002
|
// GraphQL uses `any` type for UUID
|
|
21656
|
-
confidence:
|
|
21657
|
-
safeIssueType:
|
|
21658
|
-
safeIssueLanguage:
|
|
21659
|
-
severityText:
|
|
21660
|
-
gitBlameLogin:
|
|
21003
|
+
confidence: z32.number(),
|
|
21004
|
+
safeIssueType: z32.string().nullable(),
|
|
21005
|
+
safeIssueLanguage: z32.string().nullable().optional(),
|
|
21006
|
+
severityText: z32.string().nullable(),
|
|
21007
|
+
gitBlameLogin: z32.string().nullable().optional(),
|
|
21661
21008
|
// Optional in GraphQL
|
|
21662
|
-
severityValue:
|
|
21663
|
-
vulnerabilityReportIssues:
|
|
21009
|
+
severityValue: z32.number().nullable(),
|
|
21010
|
+
vulnerabilityReportIssues: z32.array(VulnerabilityReportIssueSchema),
|
|
21664
21011
|
sharedState: SharedStateSchema.nullable().optional(),
|
|
21665
21012
|
// Optional in GraphQL
|
|
21666
21013
|
patchAndQuestions: PatchAndQuestionsSchema,
|
|
21667
21014
|
// Additional field added by the client
|
|
21668
|
-
fixUrl:
|
|
21015
|
+
fixUrl: z32.string().optional()
|
|
21669
21016
|
});
|
|
21670
|
-
var FixAggregateSchema =
|
|
21671
|
-
__typename:
|
|
21672
|
-
aggregate:
|
|
21673
|
-
__typename:
|
|
21674
|
-
count:
|
|
21017
|
+
var FixAggregateSchema = z32.object({
|
|
21018
|
+
__typename: z32.literal("fix_aggregate").optional(),
|
|
21019
|
+
aggregate: z32.object({
|
|
21020
|
+
__typename: z32.literal("fix_aggregate_fields").optional(),
|
|
21021
|
+
count: z32.number()
|
|
21675
21022
|
}).nullable()
|
|
21676
21023
|
});
|
|
21677
|
-
var VulnerabilityReportIssueAggregateSchema =
|
|
21678
|
-
__typename:
|
|
21679
|
-
aggregate:
|
|
21680
|
-
__typename:
|
|
21681
|
-
count:
|
|
21024
|
+
var VulnerabilityReportIssueAggregateSchema = z32.object({
|
|
21025
|
+
__typename: z32.literal("vulnerability_report_issue_aggregate").optional(),
|
|
21026
|
+
aggregate: z32.object({
|
|
21027
|
+
__typename: z32.literal("vulnerability_report_issue_aggregate_fields").optional(),
|
|
21028
|
+
count: z32.number()
|
|
21682
21029
|
}).nullable()
|
|
21683
21030
|
});
|
|
21684
|
-
var RepoSchema =
|
|
21685
|
-
__typename:
|
|
21686
|
-
originalUrl:
|
|
21031
|
+
var RepoSchema = z32.object({
|
|
21032
|
+
__typename: z32.literal("repo").optional(),
|
|
21033
|
+
originalUrl: z32.string()
|
|
21687
21034
|
});
|
|
21688
|
-
var ProjectSchema =
|
|
21689
|
-
id:
|
|
21035
|
+
var ProjectSchema = z32.object({
|
|
21036
|
+
id: z32.any(),
|
|
21690
21037
|
// GraphQL uses `any` type for UUID
|
|
21691
|
-
organizationId:
|
|
21038
|
+
organizationId: z32.any()
|
|
21692
21039
|
// GraphQL uses `any` type for UUID
|
|
21693
21040
|
});
|
|
21694
|
-
var VulnerabilityReportSchema =
|
|
21695
|
-
scanDate:
|
|
21041
|
+
var VulnerabilityReportSchema = z32.object({
|
|
21042
|
+
scanDate: z32.any().nullable(),
|
|
21696
21043
|
// GraphQL uses `any` type for timestamp
|
|
21697
|
-
vendor:
|
|
21044
|
+
vendor: z32.string(),
|
|
21698
21045
|
// GraphQL generates as string, not enum
|
|
21699
|
-
projectId:
|
|
21046
|
+
projectId: z32.any().optional(),
|
|
21700
21047
|
// GraphQL uses `any` type for UUID
|
|
21701
21048
|
project: ProjectSchema,
|
|
21702
21049
|
totalVulnerabilityReportIssuesCount: VulnerabilityReportIssueAggregateSchema,
|
|
21703
21050
|
notFixableVulnerabilityReportIssuesCount: VulnerabilityReportIssueAggregateSchema
|
|
21704
21051
|
});
|
|
21705
|
-
var FixReportSummarySchema =
|
|
21706
|
-
__typename:
|
|
21707
|
-
id:
|
|
21052
|
+
var FixReportSummarySchema = z32.object({
|
|
21053
|
+
__typename: z32.literal("fixReport").optional(),
|
|
21054
|
+
id: z32.any(),
|
|
21708
21055
|
// GraphQL uses `any` type for UUID
|
|
21709
|
-
createdOn:
|
|
21056
|
+
createdOn: z32.any(),
|
|
21710
21057
|
// GraphQL uses `any` type for timestamp
|
|
21711
21058
|
repo: RepoSchema.nullable(),
|
|
21712
|
-
issueTypes:
|
|
21059
|
+
issueTypes: z32.any().nullable(),
|
|
21713
21060
|
// GraphQL uses `any` type for JSON
|
|
21714
21061
|
CRITICAL: FixAggregateSchema,
|
|
21715
21062
|
HIGH: FixAggregateSchema,
|
|
21716
21063
|
MEDIUM: FixAggregateSchema,
|
|
21717
21064
|
LOW: FixAggregateSchema,
|
|
21718
|
-
fixes:
|
|
21719
|
-
userFixes:
|
|
21065
|
+
fixes: z32.array(McpFixSchema),
|
|
21066
|
+
userFixes: z32.array(McpFixSchema).optional(),
|
|
21720
21067
|
// Present in some responses but can be omitted
|
|
21721
21068
|
filteredFixesCount: FixAggregateSchema,
|
|
21722
21069
|
totalFixesCount: FixAggregateSchema,
|
|
21723
21070
|
vulnerabilityReport: VulnerabilityReportSchema
|
|
21724
21071
|
});
|
|
21725
|
-
var ExpiredReportSchema =
|
|
21726
|
-
__typename:
|
|
21727
|
-
id:
|
|
21072
|
+
var ExpiredReportSchema = z32.object({
|
|
21073
|
+
__typename: z32.literal("fixReport").optional(),
|
|
21074
|
+
id: z32.any(),
|
|
21728
21075
|
// GraphQL uses `any` type for UUID
|
|
21729
|
-
expirationOn:
|
|
21076
|
+
expirationOn: z32.any().nullable()
|
|
21730
21077
|
// GraphQL uses `any` type for timestamp
|
|
21731
21078
|
});
|
|
21732
|
-
var GetLatestReportByRepoUrlResponseSchema =
|
|
21733
|
-
__typename:
|
|
21734
|
-
fixReport:
|
|
21735
|
-
expiredReport:
|
|
21079
|
+
var GetLatestReportByRepoUrlResponseSchema = z32.object({
|
|
21080
|
+
__typename: z32.literal("query_root").optional(),
|
|
21081
|
+
fixReport: z32.array(FixReportSummarySchema),
|
|
21082
|
+
expiredReport: z32.array(ExpiredReportSchema)
|
|
21736
21083
|
});
|
|
21737
21084
|
|
|
21738
21085
|
// src/mcp/services/InteractiveFixFilter.ts
|
|
@@ -23542,10 +22889,10 @@ var McpServer = class {
|
|
|
23542
22889
|
};
|
|
23543
22890
|
|
|
23544
22891
|
// src/mcp/prompts/CheckForNewVulnerabilitiesPrompt.ts
|
|
23545
|
-
import { z as
|
|
22892
|
+
import { z as z34 } from "zod";
|
|
23546
22893
|
|
|
23547
22894
|
// src/mcp/prompts/base/BasePrompt.ts
|
|
23548
|
-
import { z as
|
|
22895
|
+
import { z as z33 } from "zod";
|
|
23549
22896
|
var BasePrompt = class {
|
|
23550
22897
|
getDefinition() {
|
|
23551
22898
|
return {
|
|
@@ -23574,7 +22921,7 @@ var BasePrompt = class {
|
|
|
23574
22921
|
const argsToValidate = args === void 0 ? {} : args;
|
|
23575
22922
|
return this.argumentsValidationSchema.parse(argsToValidate);
|
|
23576
22923
|
} catch (error) {
|
|
23577
|
-
if (error instanceof
|
|
22924
|
+
if (error instanceof z33.ZodError) {
|
|
23578
22925
|
const errorDetails = error.errors.map((e) => {
|
|
23579
22926
|
const fieldPath = e.path.length > 0 ? e.path.join(".") : "root";
|
|
23580
22927
|
const message = e.message === "Required" ? `Missing required argument '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
|
|
@@ -23603,8 +22950,8 @@ var BasePrompt = class {
|
|
|
23603
22950
|
};
|
|
23604
22951
|
|
|
23605
22952
|
// src/mcp/prompts/CheckForNewVulnerabilitiesPrompt.ts
|
|
23606
|
-
var CheckForNewVulnerabilitiesArgsSchema =
|
|
23607
|
-
path:
|
|
22953
|
+
var CheckForNewVulnerabilitiesArgsSchema = z34.object({
|
|
22954
|
+
path: z34.string().optional()
|
|
23608
22955
|
});
|
|
23609
22956
|
var CheckForNewVulnerabilitiesPrompt = class extends BasePrompt {
|
|
23610
22957
|
constructor() {
|
|
@@ -23849,9 +23196,9 @@ Call the \`check_for_new_available_fixes\` tool now${args?.path ? ` for ${args.p
|
|
|
23849
23196
|
};
|
|
23850
23197
|
|
|
23851
23198
|
// src/mcp/prompts/FullSecurityAuditPrompt.ts
|
|
23852
|
-
import { z as
|
|
23853
|
-
var FullSecurityAuditArgsSchema =
|
|
23854
|
-
path:
|
|
23199
|
+
import { z as z35 } from "zod";
|
|
23200
|
+
var FullSecurityAuditArgsSchema = z35.object({
|
|
23201
|
+
path: z35.string().optional()
|
|
23855
23202
|
});
|
|
23856
23203
|
var FullSecurityAuditPrompt = class extends BasePrompt {
|
|
23857
23204
|
constructor() {
|
|
@@ -24302,9 +23649,9 @@ Begin the audit now${args?.path ? ` for ${args.path}` : ""}.
|
|
|
24302
23649
|
};
|
|
24303
23650
|
|
|
24304
23651
|
// src/mcp/prompts/ReviewAndFixCriticalPrompt.ts
|
|
24305
|
-
import { z as
|
|
24306
|
-
var ReviewAndFixCriticalArgsSchema =
|
|
24307
|
-
path:
|
|
23652
|
+
import { z as z36 } from "zod";
|
|
23653
|
+
var ReviewAndFixCriticalArgsSchema = z36.object({
|
|
23654
|
+
path: z36.string().optional()
|
|
24308
23655
|
});
|
|
24309
23656
|
var ReviewAndFixCriticalPrompt = class extends BasePrompt {
|
|
24310
23657
|
constructor() {
|
|
@@ -24608,9 +23955,9 @@ Start by scanning${args?.path ? ` ${args.path}` : " the repository"} and priorit
|
|
|
24608
23955
|
};
|
|
24609
23956
|
|
|
24610
23957
|
// src/mcp/prompts/ScanRecentChangesPrompt.ts
|
|
24611
|
-
import { z as
|
|
24612
|
-
var ScanRecentChangesArgsSchema =
|
|
24613
|
-
path:
|
|
23958
|
+
import { z as z37 } from "zod";
|
|
23959
|
+
var ScanRecentChangesArgsSchema = z37.object({
|
|
23960
|
+
path: z37.string().optional()
|
|
24614
23961
|
});
|
|
24615
23962
|
var ScanRecentChangesPrompt = class extends BasePrompt {
|
|
24616
23963
|
constructor() {
|
|
@@ -24821,9 +24168,9 @@ You now have the guidance needed to perform a fast, targeted security scan of re
|
|
|
24821
24168
|
};
|
|
24822
24169
|
|
|
24823
24170
|
// src/mcp/prompts/ScanRepositoryPrompt.ts
|
|
24824
|
-
import { z as
|
|
24825
|
-
var ScanRepositoryArgsSchema =
|
|
24826
|
-
path:
|
|
24171
|
+
import { z as z38 } from "zod";
|
|
24172
|
+
var ScanRepositoryArgsSchema = z38.object({
|
|
24173
|
+
path: z38.string().optional()
|
|
24827
24174
|
});
|
|
24828
24175
|
var ScanRepositoryPrompt = class extends BasePrompt {
|
|
24829
24176
|
constructor() {
|
|
@@ -25221,7 +24568,7 @@ import * as os15 from "os";
|
|
|
25221
24568
|
import * as path29 from "path";
|
|
25222
24569
|
|
|
25223
24570
|
// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
|
|
25224
|
-
import { z as
|
|
24571
|
+
import { z as z40 } from "zod";
|
|
25225
24572
|
|
|
25226
24573
|
// src/mcp/services/PathValidation.ts
|
|
25227
24574
|
import fs21 from "fs";
|
|
@@ -25297,7 +24644,7 @@ async function validatePath(inputPath) {
|
|
|
25297
24644
|
}
|
|
25298
24645
|
|
|
25299
24646
|
// src/mcp/tools/base/BaseTool.ts
|
|
25300
|
-
import { z as
|
|
24647
|
+
import { z as z39 } from "zod";
|
|
25301
24648
|
var BaseTool = class {
|
|
25302
24649
|
getDefinition() {
|
|
25303
24650
|
return {
|
|
@@ -25324,7 +24671,7 @@ var BaseTool = class {
|
|
|
25324
24671
|
try {
|
|
25325
24672
|
return this.inputValidationSchema.parse(args);
|
|
25326
24673
|
} catch (error) {
|
|
25327
|
-
if (error instanceof
|
|
24674
|
+
if (error instanceof z39.ZodError) {
|
|
25328
24675
|
const errorDetails = error.errors.map((e) => {
|
|
25329
24676
|
const fieldPath = e.path.length > 0 ? e.path.join(".") : "root";
|
|
25330
24677
|
const message = e.message === "Required" ? `Missing required parameter '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
|
|
@@ -26191,18 +25538,14 @@ var getLocalFiles = async ({
|
|
|
26191
25538
|
};
|
|
26192
25539
|
|
|
26193
25540
|
// src/mcp/services/LocalMobbFolderService.ts
|
|
26194
|
-
init_client_generates();
|
|
26195
25541
|
init_GitService();
|
|
25542
|
+
init_issueTypeCatalog();
|
|
26196
25543
|
import fs23 from "fs";
|
|
26197
25544
|
import path31 from "path";
|
|
26198
|
-
import { z as z41 } from "zod";
|
|
26199
25545
|
function extractPathFromPatch(patch) {
|
|
26200
25546
|
const match = patch?.match(/diff --git a\/([^\s]+) b\//);
|
|
26201
25547
|
return match?.[1] ?? null;
|
|
26202
25548
|
}
|
|
26203
|
-
function parsedIssueTypeRes(issueType) {
|
|
26204
|
-
return z41.nativeEnum(IssueType_Enum).safeParse(issueType);
|
|
26205
|
-
}
|
|
26206
25549
|
var LocalMobbFolderService = class {
|
|
26207
25550
|
/**
|
|
26208
25551
|
* Creates a new LocalMobbFolderService instance
|
|
@@ -26622,9 +25965,8 @@ var LocalMobbFolderService = class {
|
|
|
26622
25965
|
|
|
26623
25966
|
`;
|
|
26624
25967
|
}
|
|
26625
|
-
const
|
|
26626
|
-
const
|
|
26627
|
-
const { issueDescription: issueDescription2, fixInstructions } = staticData || {};
|
|
25968
|
+
const catalogEntry = getIssueTypeCatalogEntry(fix.safeIssueType);
|
|
25969
|
+
const { issueDescription: issueDescription2, fixInstructions } = catalogEntry ?? {};
|
|
26628
25970
|
markdown += `
|
|
26629
25971
|
## Vulnerability Details
|
|
26630
25972
|
|
|
@@ -28928,8 +28270,8 @@ Example payload:
|
|
|
28928
28270
|
},
|
|
28929
28271
|
required: ["path"]
|
|
28930
28272
|
});
|
|
28931
|
-
__publicField(this, "inputValidationSchema",
|
|
28932
|
-
path:
|
|
28273
|
+
__publicField(this, "inputValidationSchema", z40.object({
|
|
28274
|
+
path: z40.string().describe(
|
|
28933
28275
|
"Full local path to the cloned git repository to check for new available fixes"
|
|
28934
28276
|
)
|
|
28935
28277
|
}));
|
|
@@ -28959,7 +28301,7 @@ Example payload:
|
|
|
28959
28301
|
|
|
28960
28302
|
// src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesTool.ts
|
|
28961
28303
|
init_GitService();
|
|
28962
|
-
import { z as
|
|
28304
|
+
import { z as z41 } from "zod";
|
|
28963
28305
|
|
|
28964
28306
|
// src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesService.ts
|
|
28965
28307
|
init_configs();
|
|
@@ -29105,16 +28447,16 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
|
|
|
29105
28447
|
},
|
|
29106
28448
|
required: ["path"]
|
|
29107
28449
|
});
|
|
29108
|
-
__publicField(this, "inputValidationSchema",
|
|
29109
|
-
path:
|
|
28450
|
+
__publicField(this, "inputValidationSchema", z41.object({
|
|
28451
|
+
path: z41.string().describe(
|
|
29110
28452
|
"Full local path to the cloned git repository to check for available fixes"
|
|
29111
28453
|
),
|
|
29112
|
-
offset:
|
|
29113
|
-
limit:
|
|
29114
|
-
fileFilter:
|
|
28454
|
+
offset: z41.number().optional().describe("Optional offset for pagination"),
|
|
28455
|
+
limit: z41.number().optional().describe("Optional maximum number of fixes to return"),
|
|
28456
|
+
fileFilter: z41.array(z41.string()).optional().describe(
|
|
29115
28457
|
"Optional list of file paths relative to the path parameter to filter fixes by. INCOMPATIBLE with fetchFixesFromAnyFile"
|
|
29116
28458
|
),
|
|
29117
|
-
fetchFixesFromAnyFile:
|
|
28459
|
+
fetchFixesFromAnyFile: z41.boolean().optional().describe(
|
|
29118
28460
|
"Optional boolean to fetch fixes for all files. INCOMPATIBLE with fileFilter"
|
|
29119
28461
|
)
|
|
29120
28462
|
}));
|
|
@@ -29180,7 +28522,7 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
|
|
|
29180
28522
|
};
|
|
29181
28523
|
|
|
29182
28524
|
// src/mcp/tools/mcpChecker/mcpCheckerTool.ts
|
|
29183
|
-
import
|
|
28525
|
+
import z42 from "zod";
|
|
29184
28526
|
|
|
29185
28527
|
// src/mcp/tools/mcpChecker/mcpCheckerService.ts
|
|
29186
28528
|
var _McpCheckerService = class _McpCheckerService {
|
|
@@ -29241,7 +28583,7 @@ var McpCheckerTool = class extends BaseTool {
|
|
|
29241
28583
|
__publicField(this, "displayName", "MCP Checker");
|
|
29242
28584
|
// A detailed description to guide the LLM on when and how to invoke this tool.
|
|
29243
28585
|
__publicField(this, "description", "Check the MCP servers running on this IDE against organization policies.");
|
|
29244
|
-
__publicField(this, "inputValidationSchema",
|
|
28586
|
+
__publicField(this, "inputValidationSchema", z42.object({}));
|
|
29245
28587
|
__publicField(this, "inputSchema", {
|
|
29246
28588
|
type: "object",
|
|
29247
28589
|
properties: {},
|
|
@@ -29267,7 +28609,7 @@ var McpCheckerTool = class extends BaseTool {
|
|
|
29267
28609
|
};
|
|
29268
28610
|
|
|
29269
28611
|
// src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesTool.ts
|
|
29270
|
-
import
|
|
28612
|
+
import z43 from "zod";
|
|
29271
28613
|
init_configs();
|
|
29272
28614
|
|
|
29273
28615
|
// src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesService.ts
|
|
@@ -29647,26 +28989,26 @@ Example payload (Mode B \u2014 abstain from every interactive fix, no rescan):
|
|
|
29647
28989
|
"interactiveAnswers": []
|
|
29648
28990
|
}`);
|
|
29649
28991
|
__publicField(this, "hasAuthentication", true);
|
|
29650
|
-
__publicField(this, "inputValidationSchema",
|
|
29651
|
-
path:
|
|
28992
|
+
__publicField(this, "inputValidationSchema", z43.object({
|
|
28993
|
+
path: z43.string().describe(
|
|
29652
28994
|
"Full local path to repository to scan and fix vulnerabilities"
|
|
29653
28995
|
),
|
|
29654
|
-
offset:
|
|
29655
|
-
limit:
|
|
29656
|
-
maxFiles:
|
|
28996
|
+
offset: z43.number().optional().describe("Optional offset for pagination"),
|
|
28997
|
+
limit: z43.number().optional().describe("Optional maximum number of results to return"),
|
|
28998
|
+
maxFiles: z43.number().optional().describe(
|
|
29657
28999
|
`Optional maximum number of files to scan (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN}). Increase for comprehensive scans of larger codebases or decrease for faster focused scans.`
|
|
29658
29000
|
),
|
|
29659
|
-
rescan:
|
|
29660
|
-
scanRecentlyChangedFiles:
|
|
29001
|
+
rescan: z43.boolean().optional().describe("Optional whether to rescan the repository"),
|
|
29002
|
+
scanRecentlyChangedFiles: z43.boolean().optional().describe(
|
|
29661
29003
|
"Optional whether to automatically scan recently changed files when no changed files are found in git status. If false, the tool will prompt the user instead."
|
|
29662
29004
|
),
|
|
29663
|
-
interactiveAnswers:
|
|
29664
|
-
|
|
29665
|
-
fixId:
|
|
29666
|
-
answers:
|
|
29667
|
-
|
|
29668
|
-
key:
|
|
29669
|
-
value:
|
|
29005
|
+
interactiveAnswers: z43.array(
|
|
29006
|
+
z43.object({
|
|
29007
|
+
fixId: z43.string().min(1).describe('Fix id from a previous "Interactive fix" prompt block.'),
|
|
29008
|
+
answers: z43.array(
|
|
29009
|
+
z43.object({
|
|
29010
|
+
key: z43.string().min(1).describe("FixQuestion key."),
|
|
29011
|
+
value: z43.string().describe(
|
|
29670
29012
|
"For SELECT questions MUST be one of the listed options; for TEXT/NUMBER, a free-form value."
|
|
29671
29013
|
)
|
|
29672
29014
|
})
|
|
@@ -30029,7 +29371,7 @@ async function addScmTokenHandler(args) {
|
|
|
30029
29371
|
}
|
|
30030
29372
|
|
|
30031
29373
|
// src/features/codeium_intellij/data_collector.ts
|
|
30032
|
-
import { z as
|
|
29374
|
+
import { z as z44 } from "zod";
|
|
30033
29375
|
|
|
30034
29376
|
// src/utils/read-stdin.ts
|
|
30035
29377
|
import { setTimeout as setTimeout4 } from "timers";
|
|
@@ -30231,8 +29573,8 @@ function findRunningCodeiumLanguageServers() {
|
|
|
30231
29573
|
}
|
|
30232
29574
|
|
|
30233
29575
|
// src/features/codeium_intellij/data_collector.ts
|
|
30234
|
-
var HookDataSchema =
|
|
30235
|
-
trajectory_id:
|
|
29576
|
+
var HookDataSchema = z44.object({
|
|
29577
|
+
trajectory_id: z44.string()
|
|
30236
29578
|
});
|
|
30237
29579
|
async function processAndUploadHookData() {
|
|
30238
29580
|
const tracePayload = await getTraceDataForHook();
|