mobbdev 1.4.34 → 1.4.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/args/commands/upload_ai_blame.mjs +263 -1884
- package/dist/index.mjs +1077 -2776
- package/package.json +4 -4
package/dist/index.mjs
CHANGED
|
@@ -346,6 +346,9 @@ var init_client_generates = __esm({
|
|
|
346
346
|
key
|
|
347
347
|
value
|
|
348
348
|
}
|
|
349
|
+
content
|
|
350
|
+
description
|
|
351
|
+
guidance
|
|
349
352
|
}
|
|
350
353
|
extraContext {
|
|
351
354
|
extraContext {
|
|
@@ -590,6 +593,9 @@ var init_client_generates = __esm({
|
|
|
590
593
|
name
|
|
591
594
|
options
|
|
592
595
|
value
|
|
596
|
+
content
|
|
597
|
+
description
|
|
598
|
+
guidance
|
|
593
599
|
__typename
|
|
594
600
|
}
|
|
595
601
|
extraContext {
|
|
@@ -599,6 +605,7 @@ var init_client_generates = __esm({
|
|
|
599
605
|
__typename
|
|
600
606
|
}
|
|
601
607
|
fixDescription
|
|
608
|
+
guidances
|
|
602
609
|
manifestActionsRequired {
|
|
603
610
|
action
|
|
604
611
|
lib {
|
|
@@ -1087,6 +1094,9 @@ var init_client_generates = __esm({
|
|
|
1087
1094
|
key
|
|
1088
1095
|
value
|
|
1089
1096
|
}
|
|
1097
|
+
content
|
|
1098
|
+
description
|
|
1099
|
+
guidance
|
|
1090
1100
|
}
|
|
1091
1101
|
extraContext {
|
|
1092
1102
|
extraContext {
|
|
@@ -1367,26 +1377,26 @@ var init_getIssueType = __esm({
|
|
|
1367
1377
|
});
|
|
1368
1378
|
|
|
1369
1379
|
// src/features/analysis/scm/shared/src/types/shared.ts
|
|
1370
|
-
import { z as
|
|
1380
|
+
import { z as z2 } from "zod";
|
|
1371
1381
|
var ParsedSeverityZ, ScmSubmitFixRequestsZ;
|
|
1372
1382
|
var init_shared = __esm({
|
|
1373
1383
|
"src/features/analysis/scm/shared/src/types/shared.ts"() {
|
|
1374
1384
|
"use strict";
|
|
1375
1385
|
init_client_generates();
|
|
1376
|
-
ParsedSeverityZ =
|
|
1377
|
-
ScmSubmitFixRequestsZ =
|
|
1378
|
-
|
|
1379
|
-
scmSubmitFixRequest:
|
|
1380
|
-
submitFixRequest:
|
|
1381
|
-
createdByUser:
|
|
1382
|
-
email:
|
|
1386
|
+
ParsedSeverityZ = z2.nativeEnum(Vulnerability_Severity_Enum).nullish().transform((i) => i ?? "low" /* Low */);
|
|
1387
|
+
ScmSubmitFixRequestsZ = z2.array(
|
|
1388
|
+
z2.object({
|
|
1389
|
+
scmSubmitFixRequest: z2.object({
|
|
1390
|
+
submitFixRequest: z2.object({
|
|
1391
|
+
createdByUser: z2.object({
|
|
1392
|
+
email: z2.string()
|
|
1383
1393
|
}),
|
|
1384
|
-
targetBranchName:
|
|
1394
|
+
targetBranchName: z2.string().default("")
|
|
1385
1395
|
}),
|
|
1386
|
-
prUrl:
|
|
1387
|
-
prStatus:
|
|
1388
|
-
commitUrl:
|
|
1389
|
-
scmId:
|
|
1396
|
+
prUrl: z2.string().nullable(),
|
|
1397
|
+
prStatus: z2.nativeEnum(Pr_Status_Enum).nullable(),
|
|
1398
|
+
commitUrl: z2.string().nullable(),
|
|
1399
|
+
scmId: z2.string()
|
|
1390
1400
|
})
|
|
1391
1401
|
})
|
|
1392
1402
|
);
|
|
@@ -1394,94 +1404,106 @@ var init_shared = __esm({
|
|
|
1394
1404
|
});
|
|
1395
1405
|
|
|
1396
1406
|
// src/features/analysis/scm/shared/src/types/fix.ts
|
|
1397
|
-
import { z as
|
|
1407
|
+
import { z as z3 } from "zod";
|
|
1398
1408
|
var PackageInfoZ, ManifestActionRequiredZ, ExtraContextInternalZ, FixExtraContextZ, PatchAndQuestionsZ, FixRatingZ, IssueRatingZ, IssueSharedStateZ, FixSharedStateZ, FixQueryZ, FixPartsForFixScreenZ;
|
|
1399
1409
|
var init_fix = __esm({
|
|
1400
1410
|
"src/features/analysis/scm/shared/src/types/fix.ts"() {
|
|
1401
1411
|
"use strict";
|
|
1402
1412
|
init_client_generates();
|
|
1403
1413
|
init_shared();
|
|
1404
|
-
PackageInfoZ =
|
|
1405
|
-
name:
|
|
1406
|
-
version:
|
|
1407
|
-
envName:
|
|
1408
|
-
});
|
|
1409
|
-
ManifestActionRequiredZ =
|
|
1410
|
-
action:
|
|
1411
|
-
language:
|
|
1414
|
+
PackageInfoZ = z3.object({
|
|
1415
|
+
name: z3.string(),
|
|
1416
|
+
version: z3.string(),
|
|
1417
|
+
envName: z3.string().nullable()
|
|
1418
|
+
});
|
|
1419
|
+
ManifestActionRequiredZ = z3.object({
|
|
1420
|
+
action: z3.nativeEnum(ManifestAction),
|
|
1421
|
+
language: z3.nativeEnum(Language),
|
|
1412
1422
|
lib: PackageInfoZ,
|
|
1413
1423
|
typesLib: PackageInfoZ.nullable()
|
|
1414
1424
|
});
|
|
1415
|
-
ExtraContextInternalZ =
|
|
1416
|
-
key:
|
|
1417
|
-
value:
|
|
1418
|
-
|
|
1419
|
-
int:
|
|
1420
|
-
integer:
|
|
1421
|
-
string:
|
|
1422
|
-
date:
|
|
1425
|
+
ExtraContextInternalZ = z3.object({
|
|
1426
|
+
key: z3.string(),
|
|
1427
|
+
value: z3.string().or(z3.boolean()).or(
|
|
1428
|
+
z3.object({
|
|
1429
|
+
int: z3.boolean(),
|
|
1430
|
+
integer: z3.boolean(),
|
|
1431
|
+
string: z3.boolean(),
|
|
1432
|
+
date: z3.boolean()
|
|
1423
1433
|
})
|
|
1424
1434
|
)
|
|
1425
1435
|
});
|
|
1426
|
-
FixExtraContextZ =
|
|
1427
|
-
fixDescription:
|
|
1428
|
-
manifestActionsRequired:
|
|
1429
|
-
extraContext:
|
|
1430
|
-
|
|
1431
|
-
|
|
1432
|
-
|
|
1433
|
-
|
|
1434
|
-
|
|
1435
|
-
|
|
1436
|
-
|
|
1437
|
-
|
|
1438
|
-
|
|
1439
|
-
|
|
1440
|
-
|
|
1441
|
-
|
|
1442
|
-
|
|
1443
|
-
|
|
1444
|
-
|
|
1436
|
+
FixExtraContextZ = z3.object({
|
|
1437
|
+
fixDescription: z3.string(),
|
|
1438
|
+
manifestActionsRequired: z3.array(ManifestActionRequiredZ),
|
|
1439
|
+
extraContext: z3.array(ExtraContextInternalZ),
|
|
1440
|
+
// E-2015: analyzer-served fix-level guidance. default([]) so a query that
|
|
1441
|
+
// omits it still parses, while the output type is a required string[] to match
|
|
1442
|
+
// the non-null GraphQL field. The analyzer is the sole source; getFixGuidances
|
|
1443
|
+
// uses the served value directly (no fallback).
|
|
1444
|
+
guidances: z3.array(z3.string()).default([])
|
|
1445
|
+
});
|
|
1446
|
+
PatchAndQuestionsZ = z3.object({
|
|
1447
|
+
__typename: z3.literal("FixData"),
|
|
1448
|
+
patch: z3.string(),
|
|
1449
|
+
patchOriginalEncodingBase64: z3.string(),
|
|
1450
|
+
questions: z3.array(
|
|
1451
|
+
z3.object({
|
|
1452
|
+
name: z3.string(),
|
|
1453
|
+
key: z3.string(),
|
|
1454
|
+
index: z3.number(),
|
|
1455
|
+
defaultValue: z3.string(),
|
|
1456
|
+
value: z3.string().nullable(),
|
|
1457
|
+
extraContext: z3.array(ExtraContextInternalZ),
|
|
1458
|
+
inputType: z3.nativeEnum(FixQuestionInputType),
|
|
1459
|
+
options: z3.array(z3.string()),
|
|
1460
|
+
// E-2015: analyzer-served question text. default('') so a query that
|
|
1461
|
+
// omits these still parses (-> ''), while the output type stays a required
|
|
1462
|
+
// `string` to match the non-null GraphQL fields. The analyzer is the sole
|
|
1463
|
+
// source; consumers use the served value directly (no fallback).
|
|
1464
|
+
content: z3.string().default(""),
|
|
1465
|
+
description: z3.string().default(""),
|
|
1466
|
+
guidance: z3.string().default("")
|
|
1445
1467
|
})
|
|
1446
1468
|
),
|
|
1447
1469
|
extraContext: FixExtraContextZ
|
|
1448
1470
|
});
|
|
1449
|
-
FixRatingZ =
|
|
1450
|
-
voteScore:
|
|
1451
|
-
fixRatingTag:
|
|
1452
|
-
comment:
|
|
1453
|
-
updatedDate:
|
|
1454
|
-
user:
|
|
1455
|
-
email:
|
|
1456
|
-
name:
|
|
1471
|
+
FixRatingZ = z3.object({
|
|
1472
|
+
voteScore: z3.number(),
|
|
1473
|
+
fixRatingTag: z3.nativeEnum(Fix_Rating_Tag_Enum).nullable().default(null),
|
|
1474
|
+
comment: z3.string().nullable().default(null),
|
|
1475
|
+
updatedDate: z3.string().nullable(),
|
|
1476
|
+
user: z3.object({
|
|
1477
|
+
email: z3.string(),
|
|
1478
|
+
name: z3.string()
|
|
1457
1479
|
})
|
|
1458
1480
|
});
|
|
1459
|
-
IssueRatingZ =
|
|
1460
|
-
voteScore:
|
|
1461
|
-
comment:
|
|
1462
|
-
updatedDate:
|
|
1463
|
-
user:
|
|
1464
|
-
email:
|
|
1465
|
-
name:
|
|
1481
|
+
IssueRatingZ = z3.object({
|
|
1482
|
+
voteScore: z3.number(),
|
|
1483
|
+
comment: z3.string().nullable().default(null),
|
|
1484
|
+
updatedDate: z3.string().nullable(),
|
|
1485
|
+
user: z3.object({
|
|
1486
|
+
email: z3.string(),
|
|
1487
|
+
name: z3.string()
|
|
1466
1488
|
})
|
|
1467
1489
|
});
|
|
1468
|
-
IssueSharedStateZ =
|
|
1469
|
-
id:
|
|
1470
|
-
createdAt:
|
|
1471
|
-
isArchived:
|
|
1472
|
-
ticketIntegrationId:
|
|
1473
|
-
ticketIntegrations:
|
|
1474
|
-
|
|
1475
|
-
url:
|
|
1490
|
+
IssueSharedStateZ = z3.object({
|
|
1491
|
+
id: z3.string(),
|
|
1492
|
+
createdAt: z3.string(),
|
|
1493
|
+
isArchived: z3.boolean(),
|
|
1494
|
+
ticketIntegrationId: z3.string().nullable(),
|
|
1495
|
+
ticketIntegrations: z3.array(
|
|
1496
|
+
z3.object({
|
|
1497
|
+
url: z3.string()
|
|
1476
1498
|
})
|
|
1477
1499
|
),
|
|
1478
|
-
issueRatings:
|
|
1500
|
+
issueRatings: z3.array(IssueRatingZ).default([])
|
|
1479
1501
|
}).nullable();
|
|
1480
|
-
FixSharedStateZ =
|
|
1481
|
-
state:
|
|
1482
|
-
isArchived:
|
|
1502
|
+
FixSharedStateZ = z3.object({
|
|
1503
|
+
state: z3.nativeEnum(Fix_State_Enum),
|
|
1504
|
+
isArchived: z3.boolean(),
|
|
1483
1505
|
scmSubmitFixRequests: ScmSubmitFixRequestsZ,
|
|
1484
|
-
fixRatings:
|
|
1506
|
+
fixRatings: z3.array(FixRatingZ).default([])
|
|
1485
1507
|
}).nullish().transform(
|
|
1486
1508
|
(data) => data ? data : {
|
|
1487
1509
|
state: "Ready" /* Ready */,
|
|
@@ -1490,46 +1512,46 @@ var init_fix = __esm({
|
|
|
1490
1512
|
fixRatings: []
|
|
1491
1513
|
}
|
|
1492
1514
|
);
|
|
1493
|
-
FixQueryZ =
|
|
1494
|
-
__typename:
|
|
1495
|
-
id:
|
|
1515
|
+
FixQueryZ = z3.object({
|
|
1516
|
+
__typename: z3.literal("fix").optional(),
|
|
1517
|
+
id: z3.string().uuid(),
|
|
1496
1518
|
sharedState: FixSharedStateZ,
|
|
1497
|
-
modifiedBy:
|
|
1498
|
-
gitBlameLogin:
|
|
1499
|
-
safeIssueLanguage:
|
|
1500
|
-
safeIssueType:
|
|
1501
|
-
confidence:
|
|
1502
|
-
fixReportId:
|
|
1503
|
-
isExpired:
|
|
1504
|
-
fixFiles:
|
|
1505
|
-
|
|
1506
|
-
fileRepoRelativePath:
|
|
1519
|
+
modifiedBy: z3.string().nullable(),
|
|
1520
|
+
gitBlameLogin: z3.string().nullable(),
|
|
1521
|
+
safeIssueLanguage: z3.string(),
|
|
1522
|
+
safeIssueType: z3.string(),
|
|
1523
|
+
confidence: z3.number(),
|
|
1524
|
+
fixReportId: z3.string().uuid(),
|
|
1525
|
+
isExpired: z3.boolean().default(false),
|
|
1526
|
+
fixFiles: z3.array(
|
|
1527
|
+
z3.object({
|
|
1528
|
+
fileRepoRelativePath: z3.string()
|
|
1507
1529
|
})
|
|
1508
1530
|
),
|
|
1509
|
-
numberOfVulnerabilityIssues:
|
|
1510
|
-
severityText:
|
|
1511
|
-
vulnerabilityReportIssues:
|
|
1512
|
-
|
|
1513
|
-
vendorIssueId:
|
|
1514
|
-
issueLanguage:
|
|
1531
|
+
numberOfVulnerabilityIssues: z3.number(),
|
|
1532
|
+
severityText: z3.nativeEnum(Vulnerability_Severity_Enum),
|
|
1533
|
+
vulnerabilityReportIssues: z3.array(
|
|
1534
|
+
z3.object({
|
|
1535
|
+
vendorIssueId: z3.string(),
|
|
1536
|
+
issueLanguage: z3.string(),
|
|
1515
1537
|
parsedSeverity: ParsedSeverityZ,
|
|
1516
|
-
sharedState:
|
|
1517
|
-
id:
|
|
1518
|
-
isArchived:
|
|
1519
|
-
ticketIntegrationId:
|
|
1538
|
+
sharedState: z3.object({
|
|
1539
|
+
id: z3.string().uuid(),
|
|
1540
|
+
isArchived: z3.boolean(),
|
|
1541
|
+
ticketIntegrationId: z3.string().uuid().nullable()
|
|
1520
1542
|
}).nullable()
|
|
1521
1543
|
})
|
|
1522
1544
|
),
|
|
1523
1545
|
patchAndQuestions: PatchAndQuestionsZ,
|
|
1524
|
-
effortToApplyFix:
|
|
1546
|
+
effortToApplyFix: z3.nativeEnum(Effort_To_Apply_Fix_Enum).nullable()
|
|
1525
1547
|
});
|
|
1526
1548
|
FixPartsForFixScreenZ = FixQueryZ.merge(
|
|
1527
|
-
|
|
1528
|
-
vulnerabilityReportIssues:
|
|
1529
|
-
|
|
1530
|
-
vendorIssueId:
|
|
1531
|
-
issueType:
|
|
1532
|
-
issueLanguage:
|
|
1549
|
+
z3.object({
|
|
1550
|
+
vulnerabilityReportIssues: z3.array(
|
|
1551
|
+
z3.object({
|
|
1552
|
+
vendorIssueId: z3.string(),
|
|
1553
|
+
issueType: z3.string(),
|
|
1554
|
+
issueLanguage: z3.string(),
|
|
1533
1555
|
sharedState: IssueSharedStateZ
|
|
1534
1556
|
})
|
|
1535
1557
|
)
|
|
@@ -1539,24 +1561,24 @@ var init_fix = __esm({
|
|
|
1539
1561
|
});
|
|
1540
1562
|
|
|
1541
1563
|
// src/features/analysis/scm/shared/src/types/analysis.ts
|
|
1542
|
-
import { z as
|
|
1564
|
+
import { z as z4 } from "zod";
|
|
1543
1565
|
var FixPageFixReportZ;
|
|
1544
1566
|
var init_analysis = __esm({
|
|
1545
1567
|
"src/features/analysis/scm/shared/src/types/analysis.ts"() {
|
|
1546
1568
|
"use strict";
|
|
1547
1569
|
init_client_generates();
|
|
1548
1570
|
init_client_generates();
|
|
1549
|
-
FixPageFixReportZ =
|
|
1550
|
-
id:
|
|
1551
|
-
analysisUrl:
|
|
1552
|
-
createdOn:
|
|
1553
|
-
state:
|
|
1554
|
-
repo:
|
|
1555
|
-
name:
|
|
1556
|
-
originalUrl:
|
|
1557
|
-
reference:
|
|
1558
|
-
commitSha:
|
|
1559
|
-
isKnownBranch:
|
|
1571
|
+
FixPageFixReportZ = z4.object({
|
|
1572
|
+
id: z4.string().uuid(),
|
|
1573
|
+
analysisUrl: z4.string(),
|
|
1574
|
+
createdOn: z4.string(),
|
|
1575
|
+
state: z4.nativeEnum(Fix_Report_State_Enum),
|
|
1576
|
+
repo: z4.object({
|
|
1577
|
+
name: z4.string().nullable(),
|
|
1578
|
+
originalUrl: z4.string(),
|
|
1579
|
+
reference: z4.string(),
|
|
1580
|
+
commitSha: z4.string(),
|
|
1581
|
+
isKnownBranch: z4.boolean().nullish().default(true)
|
|
1560
1582
|
}).nullable().transform(
|
|
1561
1583
|
(repo) => repo ?? {
|
|
1562
1584
|
name: null,
|
|
@@ -1566,13 +1588,13 @@ var init_analysis = __esm({
|
|
|
1566
1588
|
isKnownBranch: true
|
|
1567
1589
|
}
|
|
1568
1590
|
),
|
|
1569
|
-
vulnerabilityReport:
|
|
1570
|
-
id:
|
|
1571
|
-
vendor:
|
|
1572
|
-
computedVendor:
|
|
1573
|
-
projectId:
|
|
1574
|
-
project:
|
|
1575
|
-
organizationId:
|
|
1591
|
+
vulnerabilityReport: z4.object({
|
|
1592
|
+
id: z4.string().uuid(),
|
|
1593
|
+
vendor: z4.nativeEnum(Vulnerability_Report_Vendor_Enum),
|
|
1594
|
+
computedVendor: z4.nativeEnum(Vulnerability_Report_Vendor_Enum),
|
|
1595
|
+
projectId: z4.string().uuid(),
|
|
1596
|
+
project: z4.object({
|
|
1597
|
+
organizationId: z4.string().uuid()
|
|
1576
1598
|
})
|
|
1577
1599
|
})
|
|
1578
1600
|
});
|
|
@@ -1580,7 +1602,7 @@ var init_analysis = __esm({
|
|
|
1580
1602
|
});
|
|
1581
1603
|
|
|
1582
1604
|
// src/features/analysis/scm/shared/src/types/issue.ts
|
|
1583
|
-
import { z as
|
|
1605
|
+
import { z as z5 } from "zod";
|
|
1584
1606
|
var MAX_SOURCE_CODE_FILE_SIZE_IN_BYTES, VulnerabilityReportIssueRatingZ, VulnerabilityReportIssueSharedStateZ, BaseIssuePartsZ, FalsePositivePartsZ, UnfixablePartsZ, IssuePartsWithFixZ, IssuePartsFpZ, GeneralIssueZ, IssuePartsZ, GetIssueIndexesZ, GetIssueScreenDataZ, IssueBucketZ, mapCategoryToBucket, mapBucketTypeToCategory;
|
|
1585
1607
|
var init_issue = __esm({
|
|
1586
1608
|
"src/features/analysis/scm/shared/src/types/issue.ts"() {
|
|
@@ -1590,57 +1612,57 @@ var init_issue = __esm({
|
|
|
1590
1612
|
init_fix();
|
|
1591
1613
|
init_shared();
|
|
1592
1614
|
MAX_SOURCE_CODE_FILE_SIZE_IN_BYTES = 1e5;
|
|
1593
|
-
VulnerabilityReportIssueRatingZ =
|
|
1594
|
-
voteScore:
|
|
1595
|
-
comment:
|
|
1596
|
-
updatedDate:
|
|
1597
|
-
user:
|
|
1598
|
-
email:
|
|
1599
|
-
name:
|
|
1615
|
+
VulnerabilityReportIssueRatingZ = z5.object({
|
|
1616
|
+
voteScore: z5.number(),
|
|
1617
|
+
comment: z5.string().nullable().default(null),
|
|
1618
|
+
updatedDate: z5.string().nullable(),
|
|
1619
|
+
user: z5.object({
|
|
1620
|
+
email: z5.string(),
|
|
1621
|
+
name: z5.string()
|
|
1600
1622
|
})
|
|
1601
1623
|
});
|
|
1602
|
-
VulnerabilityReportIssueSharedStateZ =
|
|
1603
|
-
id:
|
|
1604
|
-
createdAt:
|
|
1605
|
-
isArchived:
|
|
1606
|
-
ticketIntegrationId:
|
|
1607
|
-
ticketIntegrations:
|
|
1608
|
-
|
|
1609
|
-
url:
|
|
1624
|
+
VulnerabilityReportIssueSharedStateZ = z5.object({
|
|
1625
|
+
id: z5.string().uuid(),
|
|
1626
|
+
createdAt: z5.string(),
|
|
1627
|
+
isArchived: z5.boolean(),
|
|
1628
|
+
ticketIntegrationId: z5.string().uuid().nullable(),
|
|
1629
|
+
ticketIntegrations: z5.array(
|
|
1630
|
+
z5.object({
|
|
1631
|
+
url: z5.string()
|
|
1610
1632
|
})
|
|
1611
1633
|
),
|
|
1612
|
-
issueRatings:
|
|
1634
|
+
issueRatings: z5.array(VulnerabilityReportIssueRatingZ).default([])
|
|
1613
1635
|
}).nullish();
|
|
1614
|
-
BaseIssuePartsZ =
|
|
1615
|
-
id:
|
|
1616
|
-
safeIssueType:
|
|
1617
|
-
safeIssueLanguage:
|
|
1618
|
-
createdAt:
|
|
1636
|
+
BaseIssuePartsZ = z5.object({
|
|
1637
|
+
id: z5.string().uuid(),
|
|
1638
|
+
safeIssueType: z5.string(),
|
|
1639
|
+
safeIssueLanguage: z5.string(),
|
|
1640
|
+
createdAt: z5.string(),
|
|
1619
1641
|
parsedSeverity: ParsedSeverityZ,
|
|
1620
|
-
category:
|
|
1621
|
-
extraData:
|
|
1622
|
-
missing_files:
|
|
1623
|
-
error_files:
|
|
1624
|
-
ai_cost_limit_exceeded:
|
|
1642
|
+
category: z5.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
1643
|
+
extraData: z5.object({
|
|
1644
|
+
missing_files: z5.string().array().nullish(),
|
|
1645
|
+
error_files: z5.string().array().nullish(),
|
|
1646
|
+
ai_cost_limit_exceeded: z5.string().nullish()
|
|
1625
1647
|
}),
|
|
1626
|
-
vulnerabilityReportIssueTags:
|
|
1627
|
-
|
|
1628
|
-
tag:
|
|
1648
|
+
vulnerabilityReportIssueTags: z5.array(
|
|
1649
|
+
z5.object({
|
|
1650
|
+
tag: z5.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
|
|
1629
1651
|
})
|
|
1630
1652
|
),
|
|
1631
|
-
codeNodes:
|
|
1632
|
-
|
|
1633
|
-
path:
|
|
1634
|
-
line:
|
|
1635
|
-
index:
|
|
1653
|
+
codeNodes: z5.array(
|
|
1654
|
+
z5.object({
|
|
1655
|
+
path: z5.string(),
|
|
1656
|
+
line: z5.number(),
|
|
1657
|
+
index: z5.number()
|
|
1636
1658
|
})
|
|
1637
1659
|
).transform((nodes) => nodes.sort((a, b) => b.index - a.index)),
|
|
1638
|
-
sourceCodeNodes:
|
|
1639
|
-
|
|
1640
|
-
sourceCodeFile:
|
|
1641
|
-
path:
|
|
1642
|
-
signedFile:
|
|
1643
|
-
url:
|
|
1660
|
+
sourceCodeNodes: z5.array(
|
|
1661
|
+
z5.object({
|
|
1662
|
+
sourceCodeFile: z5.object({
|
|
1663
|
+
path: z5.string(),
|
|
1664
|
+
signedFile: z5.object({
|
|
1665
|
+
url: z5.string()
|
|
1644
1666
|
})
|
|
1645
1667
|
})
|
|
1646
1668
|
}).transform(async ({ sourceCodeFile }) => {
|
|
@@ -1656,71 +1678,71 @@ var init_issue = __esm({
|
|
|
1656
1678
|
})
|
|
1657
1679
|
).transform((nodes) => nodes.filter((node) => node !== null)),
|
|
1658
1680
|
fix: FixPartsForFixScreenZ.nullish(),
|
|
1659
|
-
vulnerabilityReportIssueNodeDiffFile:
|
|
1660
|
-
signedFile:
|
|
1661
|
-
url:
|
|
1681
|
+
vulnerabilityReportIssueNodeDiffFile: z5.object({
|
|
1682
|
+
signedFile: z5.object({
|
|
1683
|
+
url: z5.string()
|
|
1662
1684
|
}).transform(async ({ url }) => {
|
|
1663
1685
|
const codeDiff = await fetch(url).then((res) => res.text());
|
|
1664
1686
|
return { codeDiff };
|
|
1665
1687
|
})
|
|
1666
1688
|
}).nullish(),
|
|
1667
1689
|
sharedState: VulnerabilityReportIssueSharedStateZ,
|
|
1668
|
-
unfixableId:
|
|
1690
|
+
unfixableId: z5.string().uuid().nullish()
|
|
1669
1691
|
});
|
|
1670
|
-
FalsePositivePartsZ =
|
|
1671
|
-
extraContext:
|
|
1672
|
-
fixDescription:
|
|
1692
|
+
FalsePositivePartsZ = z5.object({
|
|
1693
|
+
extraContext: z5.array(z5.object({ key: z5.string(), value: z5.string() })),
|
|
1694
|
+
fixDescription: z5.string()
|
|
1673
1695
|
});
|
|
1674
|
-
UnfixablePartsZ =
|
|
1675
|
-
extraContext:
|
|
1676
|
-
fixDescription:
|
|
1696
|
+
UnfixablePartsZ = z5.object({
|
|
1697
|
+
extraContext: z5.array(z5.object({ key: z5.string(), value: z5.string() })),
|
|
1698
|
+
fixDescription: z5.string()
|
|
1677
1699
|
});
|
|
1678
1700
|
IssuePartsWithFixZ = BaseIssuePartsZ.merge(
|
|
1679
|
-
|
|
1680
|
-
category:
|
|
1701
|
+
z5.object({
|
|
1702
|
+
category: z5.literal("Irrelevant" /* Irrelevant */),
|
|
1681
1703
|
fix: FixPartsForFixScreenZ.nullish()
|
|
1682
1704
|
})
|
|
1683
1705
|
);
|
|
1684
1706
|
IssuePartsFpZ = BaseIssuePartsZ.merge(
|
|
1685
|
-
|
|
1686
|
-
category:
|
|
1687
|
-
fpId:
|
|
1707
|
+
z5.object({
|
|
1708
|
+
category: z5.literal("FalsePositive" /* FalsePositive */),
|
|
1709
|
+
fpId: z5.string().uuid(),
|
|
1688
1710
|
getFalsePositive: FalsePositivePartsZ
|
|
1689
1711
|
})
|
|
1690
1712
|
);
|
|
1691
1713
|
GeneralIssueZ = BaseIssuePartsZ.merge(
|
|
1692
|
-
|
|
1693
|
-
category:
|
|
1694
|
-
|
|
1695
|
-
|
|
1696
|
-
|
|
1697
|
-
|
|
1698
|
-
|
|
1714
|
+
z5.object({
|
|
1715
|
+
category: z5.union([
|
|
1716
|
+
z5.literal("NoFix" /* NoFix */),
|
|
1717
|
+
z5.literal("Unsupported" /* Unsupported */),
|
|
1718
|
+
z5.literal("Fixable" /* Fixable */),
|
|
1719
|
+
z5.literal("Filtered" /* Filtered */),
|
|
1720
|
+
z5.literal("Pending" /* Pending */)
|
|
1699
1721
|
]),
|
|
1700
1722
|
getUnfixable: UnfixablePartsZ.nullish()
|
|
1701
1723
|
})
|
|
1702
1724
|
);
|
|
1703
|
-
IssuePartsZ =
|
|
1725
|
+
IssuePartsZ = z5.union([
|
|
1704
1726
|
IssuePartsFpZ,
|
|
1705
1727
|
IssuePartsWithFixZ,
|
|
1706
1728
|
GeneralIssueZ
|
|
1707
1729
|
]);
|
|
1708
|
-
GetIssueIndexesZ =
|
|
1709
|
-
currentIndex:
|
|
1710
|
-
totalIssues:
|
|
1711
|
-
nextIssue:
|
|
1712
|
-
id:
|
|
1730
|
+
GetIssueIndexesZ = z5.object({
|
|
1731
|
+
currentIndex: z5.number(),
|
|
1732
|
+
totalIssues: z5.number(),
|
|
1733
|
+
nextIssue: z5.object({
|
|
1734
|
+
id: z5.string().uuid()
|
|
1713
1735
|
}).nullish(),
|
|
1714
|
-
prevIssue:
|
|
1715
|
-
id:
|
|
1736
|
+
prevIssue: z5.object({
|
|
1737
|
+
id: z5.string().uuid()
|
|
1716
1738
|
}).nullish()
|
|
1717
1739
|
});
|
|
1718
|
-
GetIssueScreenDataZ =
|
|
1740
|
+
GetIssueScreenDataZ = z5.object({
|
|
1719
1741
|
fixReport_by_pk: FixPageFixReportZ,
|
|
1720
1742
|
vulnerability_report_issue_by_pk: IssuePartsZ,
|
|
1721
1743
|
issueIndexes: GetIssueIndexesZ
|
|
1722
1744
|
});
|
|
1723
|
-
IssueBucketZ =
|
|
1745
|
+
IssueBucketZ = z5.enum(["fixable", "irrelevant", "remaining"]);
|
|
1724
1746
|
mapCategoryToBucket = {
|
|
1725
1747
|
FalsePositive: "irrelevant",
|
|
1726
1748
|
Irrelevant: "irrelevant",
|
|
@@ -1747,19 +1769,19 @@ var init_issue = __esm({
|
|
|
1747
1769
|
});
|
|
1748
1770
|
|
|
1749
1771
|
// src/features/analysis/scm/shared/src/validations.ts
|
|
1750
|
-
import { z as
|
|
1772
|
+
import { z as z6 } from "zod";
|
|
1751
1773
|
var IssueTypeSettingZ, IssueTypeSettingsZ;
|
|
1752
1774
|
var init_validations = __esm({
|
|
1753
1775
|
"src/features/analysis/scm/shared/src/validations.ts"() {
|
|
1754
1776
|
"use strict";
|
|
1755
1777
|
init_getIssueType();
|
|
1756
1778
|
init_issueTypeCatalog();
|
|
1757
|
-
IssueTypeSettingZ =
|
|
1758
|
-
autoPrEnabled:
|
|
1759
|
-
enabled:
|
|
1779
|
+
IssueTypeSettingZ = z6.object({
|
|
1780
|
+
autoPrEnabled: z6.boolean(),
|
|
1781
|
+
enabled: z6.boolean(),
|
|
1760
1782
|
issueType: SafeIssueTypeStringZ
|
|
1761
1783
|
});
|
|
1762
|
-
IssueTypeSettingsZ =
|
|
1784
|
+
IssueTypeSettingsZ = z6.array(IssueTypeSettingZ).transform((issueTypeSettings) => {
|
|
1763
1785
|
const catalogValues = listIssueTypeCatalog().map((entry) => entry.value);
|
|
1764
1786
|
if (catalogValues.length === 0) {
|
|
1765
1787
|
throw new Error(
|
|
@@ -1784,7 +1806,7 @@ var init_validations = __esm({
|
|
|
1784
1806
|
});
|
|
1785
1807
|
|
|
1786
1808
|
// src/features/analysis/scm/shared/src/types/types.ts
|
|
1787
|
-
import { z as
|
|
1809
|
+
import { z as z7 } from "zod";
|
|
1788
1810
|
var OrganizationScreenQueryParamsZ, ProjectPageQueryParamsZ, AnalysisPageQueryParamsZ, FixPageQueryParamsZ, IssuePageQueryParamsZ, CliLoginPageQueryParamsZ, AnalysisReportDigestedZ, IssueSharedStateZ2, ReportQueryResultZ, ReportFixesQueryFixZ, BaseVulnerabilityReportIssueZ, VulnerabilityReportIssueZ, VulnerabilityReportIssueWithCodeFilePathZ, GetReportIssuesQueryZ, FixReportByProjectZ, FixScreenQueryResultZ, FixPageQueryZ, GetReportFixesQueryZ, GetFixReportStatsQueryZ, ProjectVulnerabilityReport, GetProjectsQueryZ, ProjectPageQueryResultZ, GetProjectMembersDataZ, RepoArgsZ, scmCloudUrl, ScmType, ConvertToSarifInputFileFormat;
|
|
1789
1811
|
var init_types = __esm({
|
|
1790
1812
|
"src/features/analysis/scm/shared/src/types/types.ts"() {
|
|
@@ -1795,117 +1817,117 @@ var init_types = __esm({
|
|
|
1795
1817
|
init_fix();
|
|
1796
1818
|
init_issue();
|
|
1797
1819
|
init_shared();
|
|
1798
|
-
OrganizationScreenQueryParamsZ =
|
|
1799
|
-
organizationId:
|
|
1820
|
+
OrganizationScreenQueryParamsZ = z7.object({
|
|
1821
|
+
organizationId: z7.string().uuid()
|
|
1800
1822
|
});
|
|
1801
|
-
ProjectPageQueryParamsZ =
|
|
1802
|
-
organizationId:
|
|
1803
|
-
projectId:
|
|
1823
|
+
ProjectPageQueryParamsZ = z7.object({
|
|
1824
|
+
organizationId: z7.string().uuid(),
|
|
1825
|
+
projectId: z7.string().uuid()
|
|
1804
1826
|
});
|
|
1805
1827
|
AnalysisPageQueryParamsZ = ProjectPageQueryParamsZ.extend({
|
|
1806
|
-
reportId:
|
|
1828
|
+
reportId: z7.string().uuid()
|
|
1807
1829
|
});
|
|
1808
1830
|
FixPageQueryParamsZ = AnalysisPageQueryParamsZ.extend({
|
|
1809
|
-
fixId:
|
|
1831
|
+
fixId: z7.string().uuid()
|
|
1810
1832
|
});
|
|
1811
1833
|
IssuePageQueryParamsZ = AnalysisPageQueryParamsZ.extend({
|
|
1812
|
-
issueId:
|
|
1813
|
-
});
|
|
1814
|
-
CliLoginPageQueryParamsZ =
|
|
1815
|
-
loginId:
|
|
1816
|
-
});
|
|
1817
|
-
AnalysisReportDigestedZ =
|
|
1818
|
-
id:
|
|
1819
|
-
state:
|
|
1820
|
-
vulnerabilityReport:
|
|
1821
|
-
reportSummaryUrl:
|
|
1822
|
-
scanDate:
|
|
1823
|
-
supported:
|
|
1824
|
-
aggregate:
|
|
1825
|
-
count:
|
|
1834
|
+
issueId: z7.string().uuid()
|
|
1835
|
+
});
|
|
1836
|
+
CliLoginPageQueryParamsZ = z7.object({
|
|
1837
|
+
loginId: z7.string().uuid()
|
|
1838
|
+
});
|
|
1839
|
+
AnalysisReportDigestedZ = z7.object({
|
|
1840
|
+
id: z7.string().uuid(),
|
|
1841
|
+
state: z7.nativeEnum(Fix_Report_State_Enum),
|
|
1842
|
+
vulnerabilityReport: z7.object({
|
|
1843
|
+
reportSummaryUrl: z7.string().url().nullish(),
|
|
1844
|
+
scanDate: z7.string().nullable(),
|
|
1845
|
+
supported: z7.object({
|
|
1846
|
+
aggregate: z7.object({
|
|
1847
|
+
count: z7.number()
|
|
1826
1848
|
})
|
|
1827
1849
|
}),
|
|
1828
|
-
all:
|
|
1829
|
-
aggregate:
|
|
1830
|
-
count:
|
|
1850
|
+
all: z7.object({
|
|
1851
|
+
aggregate: z7.object({
|
|
1852
|
+
count: z7.number()
|
|
1831
1853
|
})
|
|
1832
1854
|
}),
|
|
1833
|
-
vendor:
|
|
1834
|
-
project:
|
|
1835
|
-
organizationId:
|
|
1855
|
+
vendor: z7.nativeEnum(Vulnerability_Report_Vendor_Enum),
|
|
1856
|
+
project: z7.object({
|
|
1857
|
+
organizationId: z7.string().uuid()
|
|
1836
1858
|
})
|
|
1837
1859
|
})
|
|
1838
1860
|
});
|
|
1839
|
-
IssueSharedStateZ2 =
|
|
1840
|
-
id:
|
|
1841
|
-
createdAt:
|
|
1842
|
-
isArchived:
|
|
1843
|
-
ticketIntegrationId:
|
|
1844
|
-
ticketIntegrations:
|
|
1845
|
-
|
|
1846
|
-
url:
|
|
1861
|
+
IssueSharedStateZ2 = z7.object({
|
|
1862
|
+
id: z7.string().uuid(),
|
|
1863
|
+
createdAt: z7.string(),
|
|
1864
|
+
isArchived: z7.boolean(),
|
|
1865
|
+
ticketIntegrationId: z7.string().uuid().nullable(),
|
|
1866
|
+
ticketIntegrations: z7.array(
|
|
1867
|
+
z7.object({
|
|
1868
|
+
url: z7.string()
|
|
1847
1869
|
})
|
|
1848
1870
|
)
|
|
1849
1871
|
}).nullable();
|
|
1850
|
-
ReportQueryResultZ =
|
|
1851
|
-
fixReport_by_pk:
|
|
1852
|
-
id:
|
|
1853
|
-
analysisUrl:
|
|
1854
|
-
fixesCommitted:
|
|
1855
|
-
aggregate:
|
|
1872
|
+
ReportQueryResultZ = z7.object({
|
|
1873
|
+
fixReport_by_pk: z7.object({
|
|
1874
|
+
id: z7.string().uuid(),
|
|
1875
|
+
analysisUrl: z7.string(),
|
|
1876
|
+
fixesCommitted: z7.object({
|
|
1877
|
+
aggregate: z7.object({ count: z7.number() })
|
|
1856
1878
|
}),
|
|
1857
|
-
fixesDownloaded:
|
|
1858
|
-
aggregate:
|
|
1879
|
+
fixesDownloaded: z7.object({
|
|
1880
|
+
aggregate: z7.object({ count: z7.number() })
|
|
1859
1881
|
}),
|
|
1860
|
-
fixesDoneCount:
|
|
1861
|
-
fixesInprogressCount:
|
|
1862
|
-
fixesReadyCount:
|
|
1863
|
-
aggregate:
|
|
1882
|
+
fixesDoneCount: z7.number(),
|
|
1883
|
+
fixesInprogressCount: z7.number(),
|
|
1884
|
+
fixesReadyCount: z7.object({
|
|
1885
|
+
aggregate: z7.object({ count: z7.number() })
|
|
1864
1886
|
}),
|
|
1865
|
-
issueTypes:
|
|
1866
|
-
issueLanguages:
|
|
1867
|
-
fixesCountByEffort:
|
|
1868
|
-
vulnerabilitySeverities:
|
|
1869
|
-
createdOn:
|
|
1870
|
-
expirationOn:
|
|
1871
|
-
state:
|
|
1872
|
-
failReason:
|
|
1873
|
-
candidateToRerun:
|
|
1874
|
-
fixes:
|
|
1875
|
-
|
|
1876
|
-
id:
|
|
1877
|
-
safeIssueLanguage:
|
|
1878
|
-
safeIssueType:
|
|
1879
|
-
confidence:
|
|
1880
|
-
effortToApplyFix:
|
|
1881
|
-
modifiedBy:
|
|
1882
|
-
gitBlameLogin:
|
|
1883
|
-
fixReportId:
|
|
1884
|
-
filePaths:
|
|
1885
|
-
|
|
1886
|
-
fileRepoRelativePath:
|
|
1887
|
+
issueTypes: z7.record(z7.string(), z7.number()).nullable(),
|
|
1888
|
+
issueLanguages: z7.record(z7.string(), z7.number()).nullable(),
|
|
1889
|
+
fixesCountByEffort: z7.record(z7.string(), z7.number()).nullable(),
|
|
1890
|
+
vulnerabilitySeverities: z7.record(z7.string(), z7.number()).nullable(),
|
|
1891
|
+
createdOn: z7.string(),
|
|
1892
|
+
expirationOn: z7.string().nullable(),
|
|
1893
|
+
state: z7.nativeEnum(Fix_Report_State_Enum),
|
|
1894
|
+
failReason: z7.string().nullable(),
|
|
1895
|
+
candidateToRerun: z7.boolean(),
|
|
1896
|
+
fixes: z7.array(
|
|
1897
|
+
z7.object({
|
|
1898
|
+
id: z7.string().uuid(),
|
|
1899
|
+
safeIssueLanguage: z7.string(),
|
|
1900
|
+
safeIssueType: z7.string(),
|
|
1901
|
+
confidence: z7.number(),
|
|
1902
|
+
effortToApplyFix: z7.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
|
|
1903
|
+
modifiedBy: z7.string().nullable(),
|
|
1904
|
+
gitBlameLogin: z7.string().nullable(),
|
|
1905
|
+
fixReportId: z7.string().uuid(),
|
|
1906
|
+
filePaths: z7.array(
|
|
1907
|
+
z7.object({
|
|
1908
|
+
fileRepoRelativePath: z7.string()
|
|
1887
1909
|
})
|
|
1888
1910
|
),
|
|
1889
1911
|
sharedState: FixSharedStateZ,
|
|
1890
|
-
numberOfVulnerabilityIssues:
|
|
1891
|
-
severityText:
|
|
1892
|
-
vulnerabilityReportIssues:
|
|
1893
|
-
|
|
1894
|
-
id:
|
|
1895
|
-
issueType:
|
|
1896
|
-
issueLanguage:
|
|
1897
|
-
category:
|
|
1912
|
+
numberOfVulnerabilityIssues: z7.number(),
|
|
1913
|
+
severityText: z7.nativeEnum(Vulnerability_Severity_Enum),
|
|
1914
|
+
vulnerabilityReportIssues: z7.array(
|
|
1915
|
+
z7.object({
|
|
1916
|
+
id: z7.string().uuid(),
|
|
1917
|
+
issueType: z7.string(),
|
|
1918
|
+
issueLanguage: z7.string(),
|
|
1919
|
+
category: z7.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
1898
1920
|
sharedState: IssueSharedStateZ2
|
|
1899
1921
|
})
|
|
1900
1922
|
)
|
|
1901
1923
|
})
|
|
1902
1924
|
),
|
|
1903
|
-
repo:
|
|
1904
|
-
name:
|
|
1905
|
-
originalUrl:
|
|
1906
|
-
reference:
|
|
1907
|
-
commitSha:
|
|
1908
|
-
isKnownBranch:
|
|
1925
|
+
repo: z7.object({
|
|
1926
|
+
name: z7.string().nullable(),
|
|
1927
|
+
originalUrl: z7.string(),
|
|
1928
|
+
reference: z7.string(),
|
|
1929
|
+
commitSha: z7.string(),
|
|
1930
|
+
isKnownBranch: z7.boolean().nullish().default(true)
|
|
1909
1931
|
}).nullable().transform(
|
|
1910
1932
|
(repo) => repo ?? {
|
|
1911
1933
|
name: null,
|
|
@@ -1915,229 +1937,229 @@ var init_types = __esm({
|
|
|
1915
1937
|
isKnownBranch: true
|
|
1916
1938
|
}
|
|
1917
1939
|
),
|
|
1918
|
-
vulnerabilityReportIssuesFixedCount:
|
|
1919
|
-
vulnerabilityReportIssues_aggregate:
|
|
1920
|
-
aggregate:
|
|
1940
|
+
vulnerabilityReportIssuesFixedCount: z7.object({
|
|
1941
|
+
vulnerabilityReportIssues_aggregate: z7.object({
|
|
1942
|
+
aggregate: z7.object({ count: z7.number() })
|
|
1921
1943
|
})
|
|
1922
1944
|
}),
|
|
1923
|
-
vulnerabilityReport:
|
|
1924
|
-
id:
|
|
1925
|
-
reportSummaryUrl:
|
|
1926
|
-
computedVendor:
|
|
1927
|
-
vendor:
|
|
1928
|
-
issuesWithKnownLanguage:
|
|
1929
|
-
scanDate:
|
|
1930
|
-
vendorReportId:
|
|
1931
|
-
projectId:
|
|
1932
|
-
project:
|
|
1933
|
-
organizationId:
|
|
1945
|
+
vulnerabilityReport: z7.object({
|
|
1946
|
+
id: z7.string().uuid(),
|
|
1947
|
+
reportSummaryUrl: z7.string().url().nullish(),
|
|
1948
|
+
computedVendor: z7.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
|
|
1949
|
+
vendor: z7.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
|
|
1950
|
+
issuesWithKnownLanguage: z7.number().nullable(),
|
|
1951
|
+
scanDate: z7.string().nullable(),
|
|
1952
|
+
vendorReportId: z7.string().uuid().nullable(),
|
|
1953
|
+
projectId: z7.string().uuid(),
|
|
1954
|
+
project: z7.object({
|
|
1955
|
+
organizationId: z7.string().uuid()
|
|
1934
1956
|
}),
|
|
1935
|
-
file:
|
|
1936
|
-
id:
|
|
1937
|
-
path:
|
|
1957
|
+
file: z7.object({
|
|
1958
|
+
id: z7.string().uuid(),
|
|
1959
|
+
path: z7.string()
|
|
1938
1960
|
}).nullable(),
|
|
1939
|
-
pending:
|
|
1940
|
-
aggregate:
|
|
1941
|
-
count:
|
|
1961
|
+
pending: z7.object({
|
|
1962
|
+
aggregate: z7.object({
|
|
1963
|
+
count: z7.number()
|
|
1942
1964
|
})
|
|
1943
1965
|
}),
|
|
1944
|
-
irrelevant:
|
|
1945
|
-
aggregate:
|
|
1946
|
-
count:
|
|
1966
|
+
irrelevant: z7.object({
|
|
1967
|
+
aggregate: z7.object({
|
|
1968
|
+
count: z7.number()
|
|
1947
1969
|
})
|
|
1948
1970
|
}),
|
|
1949
|
-
remaining:
|
|
1950
|
-
aggregate:
|
|
1951
|
-
count:
|
|
1971
|
+
remaining: z7.object({
|
|
1972
|
+
aggregate: z7.object({
|
|
1973
|
+
count: z7.number()
|
|
1952
1974
|
})
|
|
1953
1975
|
}),
|
|
1954
|
-
digested:
|
|
1955
|
-
aggregate:
|
|
1956
|
-
count:
|
|
1976
|
+
digested: z7.object({
|
|
1977
|
+
aggregate: z7.object({
|
|
1978
|
+
count: z7.number()
|
|
1957
1979
|
})
|
|
1958
1980
|
}),
|
|
1959
|
-
supported:
|
|
1960
|
-
aggregate:
|
|
1961
|
-
count:
|
|
1981
|
+
supported: z7.object({
|
|
1982
|
+
aggregate: z7.object({
|
|
1983
|
+
count: z7.number()
|
|
1962
1984
|
})
|
|
1963
1985
|
}),
|
|
1964
|
-
all:
|
|
1965
|
-
aggregate:
|
|
1966
|
-
count:
|
|
1986
|
+
all: z7.object({
|
|
1987
|
+
aggregate: z7.object({
|
|
1988
|
+
count: z7.number()
|
|
1967
1989
|
})
|
|
1968
1990
|
}),
|
|
1969
|
-
fixable:
|
|
1970
|
-
aggregate:
|
|
1971
|
-
count:
|
|
1991
|
+
fixable: z7.object({
|
|
1992
|
+
aggregate: z7.object({
|
|
1993
|
+
count: z7.number()
|
|
1972
1994
|
})
|
|
1973
1995
|
}),
|
|
1974
|
-
errors:
|
|
1975
|
-
aggregate:
|
|
1976
|
-
count:
|
|
1996
|
+
errors: z7.object({
|
|
1997
|
+
aggregate: z7.object({
|
|
1998
|
+
count: z7.number()
|
|
1977
1999
|
})
|
|
1978
2000
|
}),
|
|
1979
|
-
vulnerabilityReportIssues:
|
|
1980
|
-
id:
|
|
1981
|
-
extraData:
|
|
1982
|
-
missing_files:
|
|
1983
|
-
large_files:
|
|
1984
|
-
error_files:
|
|
1985
|
-
ai_cost_limit_exceeded:
|
|
2001
|
+
vulnerabilityReportIssues: z7.object({
|
|
2002
|
+
id: z7.string().uuid(),
|
|
2003
|
+
extraData: z7.object({
|
|
2004
|
+
missing_files: z7.string().array().nullish(),
|
|
2005
|
+
large_files: z7.string().array().nullish(),
|
|
2006
|
+
error_files: z7.string().array().nullish(),
|
|
2007
|
+
ai_cost_limit_exceeded: z7.string().nullish()
|
|
1986
2008
|
})
|
|
1987
2009
|
}).array()
|
|
1988
2010
|
})
|
|
1989
2011
|
})
|
|
1990
2012
|
});
|
|
1991
|
-
ReportFixesQueryFixZ =
|
|
1992
|
-
id:
|
|
2013
|
+
ReportFixesQueryFixZ = z7.object({
|
|
2014
|
+
id: z7.string().uuid(),
|
|
1993
2015
|
sharedState: FixSharedStateZ,
|
|
1994
|
-
confidence:
|
|
1995
|
-
gitBlameLogin:
|
|
1996
|
-
effortToApplyFix:
|
|
1997
|
-
safeIssueLanguage:
|
|
1998
|
-
safeIssueType:
|
|
1999
|
-
fixReportId:
|
|
2000
|
-
filePaths:
|
|
2001
|
-
|
|
2002
|
-
fileRepoRelativePath:
|
|
2016
|
+
confidence: z7.number(),
|
|
2017
|
+
gitBlameLogin: z7.string().nullable(),
|
|
2018
|
+
effortToApplyFix: z7.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
|
|
2019
|
+
safeIssueLanguage: z7.string(),
|
|
2020
|
+
safeIssueType: z7.string(),
|
|
2021
|
+
fixReportId: z7.string().uuid(),
|
|
2022
|
+
filePaths: z7.array(
|
|
2023
|
+
z7.object({
|
|
2024
|
+
fileRepoRelativePath: z7.string()
|
|
2003
2025
|
})
|
|
2004
2026
|
),
|
|
2005
|
-
numberOfVulnerabilityIssues:
|
|
2006
|
-
severityText:
|
|
2007
|
-
vulnerabilityReportIssues:
|
|
2008
|
-
|
|
2009
|
-
issueType:
|
|
2010
|
-
issueLanguage:
|
|
2027
|
+
numberOfVulnerabilityIssues: z7.number(),
|
|
2028
|
+
severityText: z7.nativeEnum(Vulnerability_Severity_Enum),
|
|
2029
|
+
vulnerabilityReportIssues: z7.array(
|
|
2030
|
+
z7.object({
|
|
2031
|
+
issueType: z7.string(),
|
|
2032
|
+
issueLanguage: z7.string(),
|
|
2011
2033
|
sharedState: IssueSharedStateZ2
|
|
2012
2034
|
})
|
|
2013
2035
|
).min(1)
|
|
2014
2036
|
});
|
|
2015
|
-
BaseVulnerabilityReportIssueZ =
|
|
2016
|
-
id:
|
|
2017
|
-
createdAt:
|
|
2018
|
-
state:
|
|
2019
|
-
safeIssueType:
|
|
2020
|
-
safeIssueLanguage:
|
|
2021
|
-
extraData:
|
|
2022
|
-
missing_files:
|
|
2023
|
-
large_files:
|
|
2024
|
-
error_files:
|
|
2025
|
-
ai_cost_limit_exceeded:
|
|
2037
|
+
BaseVulnerabilityReportIssueZ = z7.object({
|
|
2038
|
+
id: z7.string().uuid(),
|
|
2039
|
+
createdAt: z7.string(),
|
|
2040
|
+
state: z7.nativeEnum(Vulnerability_Report_Issue_State_Enum),
|
|
2041
|
+
safeIssueType: z7.string(),
|
|
2042
|
+
safeIssueLanguage: z7.string(),
|
|
2043
|
+
extraData: z7.object({
|
|
2044
|
+
missing_files: z7.string().array().nullish(),
|
|
2045
|
+
large_files: z7.string().array().nullish(),
|
|
2046
|
+
error_files: z7.string().array().nullish(),
|
|
2047
|
+
ai_cost_limit_exceeded: z7.string().nullish()
|
|
2026
2048
|
}),
|
|
2027
2049
|
fix: ReportFixesQueryFixZ.nullable(),
|
|
2028
|
-
falsePositive:
|
|
2029
|
-
id:
|
|
2050
|
+
falsePositive: z7.object({
|
|
2051
|
+
id: z7.string().uuid()
|
|
2030
2052
|
}).nullable(),
|
|
2031
2053
|
parsedSeverity: ParsedSeverityZ,
|
|
2032
|
-
severity:
|
|
2033
|
-
severityValue:
|
|
2034
|
-
category:
|
|
2035
|
-
vulnerabilityReportIssueTags:
|
|
2036
|
-
|
|
2037
|
-
vulnerability_report_issue_tag_value:
|
|
2054
|
+
severity: z7.string(),
|
|
2055
|
+
severityValue: z7.number(),
|
|
2056
|
+
category: z7.string(),
|
|
2057
|
+
vulnerabilityReportIssueTags: z7.array(
|
|
2058
|
+
z7.object({
|
|
2059
|
+
vulnerability_report_issue_tag_value: z7.string()
|
|
2038
2060
|
})
|
|
2039
2061
|
),
|
|
2040
2062
|
sharedState: VulnerabilityReportIssueSharedStateZ
|
|
2041
2063
|
});
|
|
2042
2064
|
VulnerabilityReportIssueZ = BaseVulnerabilityReportIssueZ.merge(
|
|
2043
|
-
|
|
2044
|
-
codeNodes:
|
|
2065
|
+
z7.object({
|
|
2066
|
+
codeNodes: z7.array(z7.object({ path: z7.string() }))
|
|
2045
2067
|
})
|
|
2046
2068
|
);
|
|
2047
2069
|
VulnerabilityReportIssueWithCodeFilePathZ = BaseVulnerabilityReportIssueZ.merge(
|
|
2048
|
-
|
|
2049
|
-
codeFilePath:
|
|
2070
|
+
z7.object({
|
|
2071
|
+
codeFilePath: z7.string().nullable()
|
|
2050
2072
|
})
|
|
2051
2073
|
);
|
|
2052
|
-
GetReportIssuesQueryZ =
|
|
2053
|
-
fixReport:
|
|
2054
|
-
vulnerabilityReport:
|
|
2055
|
-
id:
|
|
2056
|
-
lastIssueUpdatedAt:
|
|
2057
|
-
vulnerabilityReportIssues_aggregate:
|
|
2058
|
-
aggregate:
|
|
2074
|
+
GetReportIssuesQueryZ = z7.object({
|
|
2075
|
+
fixReport: z7.object({
|
|
2076
|
+
vulnerabilityReport: z7.object({
|
|
2077
|
+
id: z7.string().uuid(),
|
|
2078
|
+
lastIssueUpdatedAt: z7.string(),
|
|
2079
|
+
vulnerabilityReportIssues_aggregate: z7.object({
|
|
2080
|
+
aggregate: z7.object({ count: z7.number() })
|
|
2059
2081
|
}),
|
|
2060
|
-
vulnerabilityReportIssues:
|
|
2082
|
+
vulnerabilityReportIssues: z7.array(
|
|
2061
2083
|
VulnerabilityReportIssueWithCodeFilePathZ
|
|
2062
2084
|
)
|
|
2063
2085
|
})
|
|
2064
2086
|
}).array()
|
|
2065
2087
|
}).nullish();
|
|
2066
|
-
FixReportByProjectZ =
|
|
2067
|
-
project_by_pk:
|
|
2068
|
-
vulnerabilityReports:
|
|
2069
|
-
|
|
2070
|
-
fixReport:
|
|
2088
|
+
FixReportByProjectZ = z7.object({
|
|
2089
|
+
project_by_pk: z7.object({
|
|
2090
|
+
vulnerabilityReports: z7.array(
|
|
2091
|
+
z7.object({
|
|
2092
|
+
fixReport: z7.object({ id: z7.string().uuid() }).nullable()
|
|
2071
2093
|
})
|
|
2072
2094
|
)
|
|
2073
2095
|
})
|
|
2074
2096
|
});
|
|
2075
|
-
FixScreenQueryResultZ =
|
|
2097
|
+
FixScreenQueryResultZ = z7.object({
|
|
2076
2098
|
fixReport_by_pk: FixPageFixReportZ,
|
|
2077
2099
|
fix_by_pk: FixPartsForFixScreenZ,
|
|
2078
|
-
fixesWithSameIssueType:
|
|
2079
|
-
|
|
2080
|
-
id:
|
|
2081
|
-
sharedState:
|
|
2100
|
+
fixesWithSameIssueType: z7.array(
|
|
2101
|
+
z7.object({
|
|
2102
|
+
id: z7.string().uuid(),
|
|
2103
|
+
sharedState: z7.object({ state: z7.nativeEnum(Fix_State_Enum) }).nullable().default({ state: "Ready" /* Ready */ })
|
|
2082
2104
|
})
|
|
2083
2105
|
),
|
|
2084
2106
|
relevantIssue: IssuePartsZ.nullish()
|
|
2085
2107
|
});
|
|
2086
|
-
FixPageQueryZ =
|
|
2108
|
+
FixPageQueryZ = z7.object({
|
|
2087
2109
|
data: FixScreenQueryResultZ
|
|
2088
2110
|
});
|
|
2089
|
-
GetReportFixesQueryZ =
|
|
2090
|
-
fixReport:
|
|
2091
|
-
|
|
2092
|
-
fixes:
|
|
2093
|
-
vulnerabilityReportIssuesTotalCount:
|
|
2094
|
-
vulnerabilityReportIssues_aggregate:
|
|
2095
|
-
aggregate:
|
|
2111
|
+
GetReportFixesQueryZ = z7.object({
|
|
2112
|
+
fixReport: z7.array(
|
|
2113
|
+
z7.object({
|
|
2114
|
+
fixes: z7.array(ReportFixesQueryFixZ),
|
|
2115
|
+
vulnerabilityReportIssuesTotalCount: z7.object({
|
|
2116
|
+
vulnerabilityReportIssues_aggregate: z7.object({
|
|
2117
|
+
aggregate: z7.object({ count: z7.number() })
|
|
2096
2118
|
})
|
|
2097
2119
|
}),
|
|
2098
|
-
vulnerabilityReportIssuesFixedCount:
|
|
2099
|
-
vulnerabilityReportIssues_aggregate:
|
|
2100
|
-
aggregate:
|
|
2120
|
+
vulnerabilityReportIssuesFixedCount: z7.object({
|
|
2121
|
+
vulnerabilityReportIssues_aggregate: z7.object({
|
|
2122
|
+
aggregate: z7.object({ count: z7.number() })
|
|
2101
2123
|
})
|
|
2102
2124
|
}),
|
|
2103
|
-
vulnerabilityReportIssuesIrrelevantCount:
|
|
2104
|
-
vulnerabilityReportIssues_aggregate:
|
|
2105
|
-
aggregate:
|
|
2125
|
+
vulnerabilityReportIssuesIrrelevantCount: z7.object({
|
|
2126
|
+
vulnerabilityReportIssues_aggregate: z7.object({
|
|
2127
|
+
aggregate: z7.object({ count: z7.number() })
|
|
2106
2128
|
})
|
|
2107
2129
|
}),
|
|
2108
|
-
vulnerabilityReportIssuesRemainingCount:
|
|
2109
|
-
vulnerabilityReportIssues_aggregate:
|
|
2110
|
-
aggregate:
|
|
2130
|
+
vulnerabilityReportIssuesRemainingCount: z7.object({
|
|
2131
|
+
vulnerabilityReportIssues_aggregate: z7.object({
|
|
2132
|
+
aggregate: z7.object({ count: z7.number() })
|
|
2111
2133
|
})
|
|
2112
2134
|
})
|
|
2113
2135
|
})
|
|
2114
2136
|
)
|
|
2115
2137
|
}).nullish();
|
|
2116
|
-
GetFixReportStatsQueryZ =
|
|
2117
|
-
fixReport_by_pk:
|
|
2118
|
-
id:
|
|
2119
|
-
vulnerabilitySeverities:
|
|
2120
|
-
vulnerabilityReportIrrelevantIssuesCount:
|
|
2121
|
-
vulnerabilityReportIssues_aggregate:
|
|
2122
|
-
aggregate:
|
|
2138
|
+
GetFixReportStatsQueryZ = z7.object({
|
|
2139
|
+
fixReport_by_pk: z7.object({
|
|
2140
|
+
id: z7.string().uuid(),
|
|
2141
|
+
vulnerabilitySeverities: z7.record(z7.nativeEnum(Vulnerability_Severity_Enum), z7.number()).nullable(),
|
|
2142
|
+
vulnerabilityReportIrrelevantIssuesCount: z7.object({
|
|
2143
|
+
vulnerabilityReportIssues_aggregate: z7.object({
|
|
2144
|
+
aggregate: z7.object({ count: z7.number() })
|
|
2123
2145
|
})
|
|
2124
2146
|
})
|
|
2125
2147
|
}).nullable()
|
|
2126
2148
|
});
|
|
2127
|
-
ProjectVulnerabilityReport =
|
|
2128
|
-
id:
|
|
2129
|
-
name:
|
|
2130
|
-
vendor:
|
|
2131
|
-
computedVendor:
|
|
2132
|
-
fixReport:
|
|
2133
|
-
id:
|
|
2134
|
-
createdOn:
|
|
2135
|
-
issueTypes:
|
|
2136
|
-
issueLanguages:
|
|
2137
|
-
repo:
|
|
2138
|
-
originalUrl:
|
|
2139
|
-
reference:
|
|
2140
|
-
name:
|
|
2149
|
+
ProjectVulnerabilityReport = z7.object({
|
|
2150
|
+
id: z7.string().uuid(),
|
|
2151
|
+
name: z7.string().nullable(),
|
|
2152
|
+
vendor: z7.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
|
|
2153
|
+
computedVendor: z7.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
|
|
2154
|
+
fixReport: z7.object({
|
|
2155
|
+
id: z7.string().uuid(),
|
|
2156
|
+
createdOn: z7.string(),
|
|
2157
|
+
issueTypes: z7.record(z7.string(), z7.number()).nullable(),
|
|
2158
|
+
issueLanguages: z7.record(z7.nativeEnum(IssueLanguage_Enum), z7.number()).nullable(),
|
|
2159
|
+
repo: z7.object({
|
|
2160
|
+
originalUrl: z7.string(),
|
|
2161
|
+
reference: z7.string(),
|
|
2162
|
+
name: z7.string()
|
|
2141
2163
|
}).nullable().transform(
|
|
2142
2164
|
(repo) => repo ?? {
|
|
2143
2165
|
originalUrl: "",
|
|
@@ -2145,64 +2167,64 @@ var init_types = __esm({
|
|
|
2145
2167
|
name: ""
|
|
2146
2168
|
}
|
|
2147
2169
|
),
|
|
2148
|
-
createdByUser:
|
|
2149
|
-
email:
|
|
2170
|
+
createdByUser: z7.object({
|
|
2171
|
+
email: z7.string()
|
|
2150
2172
|
}).nullable(),
|
|
2151
|
-
state:
|
|
2152
|
-
expirationOn:
|
|
2173
|
+
state: z7.nativeEnum(Fix_Report_State_Enum),
|
|
2174
|
+
expirationOn: z7.string()
|
|
2153
2175
|
})
|
|
2154
2176
|
});
|
|
2155
|
-
GetProjectsQueryZ =
|
|
2156
|
-
organization:
|
|
2157
|
-
id:
|
|
2158
|
-
projects:
|
|
2159
|
-
|
|
2160
|
-
id:
|
|
2161
|
-
name:
|
|
2162
|
-
numberOfUniqueRepos:
|
|
2177
|
+
GetProjectsQueryZ = z7.object({
|
|
2178
|
+
organization: z7.object({
|
|
2179
|
+
id: z7.string(),
|
|
2180
|
+
projects: z7.array(
|
|
2181
|
+
z7.object({
|
|
2182
|
+
id: z7.string().uuid(),
|
|
2183
|
+
name: z7.string(),
|
|
2184
|
+
numberOfUniqueRepos: z7.number()
|
|
2163
2185
|
})
|
|
2164
2186
|
)
|
|
2165
2187
|
})
|
|
2166
2188
|
});
|
|
2167
|
-
ProjectPageQueryResultZ =
|
|
2168
|
-
name:
|
|
2169
|
-
id:
|
|
2170
|
-
isDefault:
|
|
2171
|
-
organizationId:
|
|
2172
|
-
vulnerabilityReports:
|
|
2173
|
-
autoPrIncludeAiFixes:
|
|
2189
|
+
ProjectPageQueryResultZ = z7.object({
|
|
2190
|
+
name: z7.string(),
|
|
2191
|
+
id: z7.string().uuid(),
|
|
2192
|
+
isDefault: z7.boolean().default(false),
|
|
2193
|
+
organizationId: z7.string().uuid(),
|
|
2194
|
+
vulnerabilityReports: z7.array(ProjectVulnerabilityReport),
|
|
2195
|
+
autoPrIncludeAiFixes: z7.preprocess(
|
|
2174
2196
|
(val) => val === null || val === void 0 ? false : val,
|
|
2175
|
-
|
|
2197
|
+
z7.boolean()
|
|
2176
2198
|
),
|
|
2177
|
-
projectIssueTypeSettings:
|
|
2178
|
-
IssueTypeSettingZ.merge(
|
|
2199
|
+
projectIssueTypeSettings: z7.array(
|
|
2200
|
+
IssueTypeSettingZ.merge(z7.object({ id: z7.string() }))
|
|
2179
2201
|
)
|
|
2180
2202
|
});
|
|
2181
|
-
GetProjectMembersDataZ =
|
|
2182
|
-
project_by_pk:
|
|
2183
|
-
name:
|
|
2184
|
-
id:
|
|
2185
|
-
projectUsers:
|
|
2186
|
-
|
|
2187
|
-
projectToRole:
|
|
2188
|
-
projectRole:
|
|
2189
|
-
type:
|
|
2203
|
+
GetProjectMembersDataZ = z7.object({
|
|
2204
|
+
project_by_pk: z7.object({
|
|
2205
|
+
name: z7.string(),
|
|
2206
|
+
id: z7.string(),
|
|
2207
|
+
projectUsers: z7.array(
|
|
2208
|
+
z7.object({
|
|
2209
|
+
projectToRole: z7.object({
|
|
2210
|
+
projectRole: z7.object({
|
|
2211
|
+
type: z7.nativeEnum(Project_Role_Type_Enum)
|
|
2190
2212
|
})
|
|
2191
2213
|
}),
|
|
2192
|
-
user:
|
|
2193
|
-
id:
|
|
2194
|
-
picture:
|
|
2195
|
-
name:
|
|
2196
|
-
email:
|
|
2214
|
+
user: z7.object({
|
|
2215
|
+
id: z7.string().uuid(),
|
|
2216
|
+
picture: z7.string().nullable().optional(),
|
|
2217
|
+
name: z7.string().nullish(),
|
|
2218
|
+
email: z7.string().email()
|
|
2197
2219
|
})
|
|
2198
2220
|
})
|
|
2199
2221
|
)
|
|
2200
2222
|
})
|
|
2201
2223
|
});
|
|
2202
|
-
RepoArgsZ =
|
|
2203
|
-
originalUrl:
|
|
2204
|
-
branch:
|
|
2205
|
-
commitSha:
|
|
2224
|
+
RepoArgsZ = z7.object({
|
|
2225
|
+
originalUrl: z7.string().url(),
|
|
2226
|
+
branch: z7.string(),
|
|
2227
|
+
commitSha: z7.string()
|
|
2206
2228
|
});
|
|
2207
2229
|
scmCloudUrl = {
|
|
2208
2230
|
GitLab: "https://gitlab.com",
|
|
@@ -2236,7 +2258,7 @@ var init_types2 = __esm({
|
|
|
2236
2258
|
});
|
|
2237
2259
|
|
|
2238
2260
|
// src/features/analysis/scm/shared/src/urlParser/urlParser.ts
|
|
2239
|
-
import { z as
|
|
2261
|
+
import { z as z8 } from "zod";
|
|
2240
2262
|
function computeCanonicalUrl(data) {
|
|
2241
2263
|
const {
|
|
2242
2264
|
scmType,
|
|
@@ -2278,7 +2300,7 @@ function detectAdoUrl(args) {
|
|
|
2278
2300
|
scmType: "Ado" /* Ado */,
|
|
2279
2301
|
organization,
|
|
2280
2302
|
// project has single repo - repoName === projectName
|
|
2281
|
-
projectName:
|
|
2303
|
+
projectName: z8.string().parse(projectName),
|
|
2282
2304
|
repoName: projectName,
|
|
2283
2305
|
prefixPath
|
|
2284
2306
|
};
|
|
@@ -2289,7 +2311,7 @@ function detectAdoUrl(args) {
|
|
|
2289
2311
|
return {
|
|
2290
2312
|
scmType: "Ado" /* Ado */,
|
|
2291
2313
|
organization,
|
|
2292
|
-
projectName:
|
|
2314
|
+
projectName: z8.string().parse(projectName),
|
|
2293
2315
|
repoName,
|
|
2294
2316
|
prefixPath
|
|
2295
2317
|
};
|
|
@@ -2303,7 +2325,7 @@ function detectAdoUrl(args) {
|
|
|
2303
2325
|
scmType: "Ado" /* Ado */,
|
|
2304
2326
|
organization,
|
|
2305
2327
|
// project has only one repo - repoName === projectName
|
|
2306
|
-
projectName:
|
|
2328
|
+
projectName: z8.string().parse(repoName),
|
|
2307
2329
|
repoName,
|
|
2308
2330
|
prefixPath
|
|
2309
2331
|
};
|
|
@@ -2313,7 +2335,7 @@ function detectAdoUrl(args) {
|
|
|
2313
2335
|
return {
|
|
2314
2336
|
scmType: "Ado" /* Ado */,
|
|
2315
2337
|
organization,
|
|
2316
|
-
projectName:
|
|
2338
|
+
projectName: z8.string().parse(projectName),
|
|
2317
2339
|
repoName,
|
|
2318
2340
|
prefixPath
|
|
2319
2341
|
};
|
|
@@ -2389,7 +2411,7 @@ function parseSshUrl(scmURL, scmType) {
|
|
|
2389
2411
|
if (pathElements.length === 3) {
|
|
2390
2412
|
const [organization2, projectName, repoName2] = pathElements;
|
|
2391
2413
|
if (organization2?.match(NAME_REGEX) && projectName && repoName2?.match(NAME_REGEX)) {
|
|
2392
|
-
const parsedProjectName =
|
|
2414
|
+
const parsedProjectName = z8.string().parse(projectName);
|
|
2393
2415
|
return {
|
|
2394
2416
|
scmType: "Ado" /* Ado */,
|
|
2395
2417
|
hostname: normalizedHostname,
|
|
@@ -2617,17 +2639,17 @@ var init_urlParser2 = __esm({
|
|
|
2617
2639
|
});
|
|
2618
2640
|
|
|
2619
2641
|
// src/features/analysis/scm/env.ts
|
|
2620
|
-
import { z as
|
|
2642
|
+
import { z as z11 } from "zod";
|
|
2621
2643
|
var EnvVariablesZod, GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST, MAX_UPLOAD_FILE_SIZE_MB, GITHUB_API_CONCURRENCY;
|
|
2622
2644
|
var init_env = __esm({
|
|
2623
2645
|
"src/features/analysis/scm/env.ts"() {
|
|
2624
2646
|
"use strict";
|
|
2625
|
-
EnvVariablesZod =
|
|
2626
|
-
GITLAB_API_TOKEN:
|
|
2627
|
-
GITHUB_API_TOKEN:
|
|
2628
|
-
GIT_PROXY_HOST:
|
|
2629
|
-
MAX_UPLOAD_FILE_SIZE_MB:
|
|
2630
|
-
GITHUB_API_CONCURRENCY:
|
|
2647
|
+
EnvVariablesZod = z11.object({
|
|
2648
|
+
GITLAB_API_TOKEN: z11.string().optional(),
|
|
2649
|
+
GITHUB_API_TOKEN: z11.string().optional(),
|
|
2650
|
+
GIT_PROXY_HOST: z11.string().optional().default("http://tinyproxy:8888"),
|
|
2651
|
+
MAX_UPLOAD_FILE_SIZE_MB: z11.coerce.number().gt(0).default(2),
|
|
2652
|
+
GITHUB_API_CONCURRENCY: z11.coerce.number().gt(0).optional().default(10)
|
|
2631
2653
|
});
|
|
2632
2654
|
({
|
|
2633
2655
|
GITLAB_API_TOKEN,
|
|
@@ -2664,7 +2686,7 @@ var init_configs = __esm({
|
|
|
2664
2686
|
});
|
|
2665
2687
|
|
|
2666
2688
|
// src/utils/blame/gitBlameTypes.ts
|
|
2667
|
-
import { z as
|
|
2689
|
+
import { z as z14 } from "zod";
|
|
2668
2690
|
function parseCoAuthorValue(raw) {
|
|
2669
2691
|
const trimmed = raw.trim();
|
|
2670
2692
|
if (!trimmed) {
|
|
@@ -2700,9 +2722,9 @@ var PrepareGitBlameMessageZ, PrepareGitBlameResponseMessageZ, CommitMetadataZ, L
|
|
|
2700
2722
|
var init_gitBlameTypes = __esm({
|
|
2701
2723
|
"src/utils/blame/gitBlameTypes.ts"() {
|
|
2702
2724
|
"use strict";
|
|
2703
|
-
PrepareGitBlameMessageZ =
|
|
2704
|
-
reportId:
|
|
2705
|
-
repoArchivePath:
|
|
2725
|
+
PrepareGitBlameMessageZ = z14.object({
|
|
2726
|
+
reportId: z14.string(),
|
|
2727
|
+
repoArchivePath: z14.string(),
|
|
2706
2728
|
// Optional list of file paths to blame. Producers must pick one of two modes:
|
|
2707
2729
|
//
|
|
2708
2730
|
// - **Omit `filePaths`** = "blame every file in the archive". Used by the
|
|
@@ -2718,132 +2740,132 @@ var init_gitBlameTypes = __esm({
|
|
|
2718
2740
|
// "Login.java" when the actual file is "src/main/java/Login.java") are
|
|
2719
2741
|
// tolerated — scm_agent's filter matches exact-or-trailing-basename. Empty
|
|
2720
2742
|
// strings are filtered out defensively.
|
|
2721
|
-
filePaths:
|
|
2722
|
-
});
|
|
2723
|
-
PrepareGitBlameResponseMessageZ =
|
|
2724
|
-
reportId:
|
|
2725
|
-
});
|
|
2726
|
-
CommitMetadataZ =
|
|
2727
|
-
author:
|
|
2728
|
-
"author-mail":
|
|
2729
|
-
"author-time":
|
|
2730
|
-
"author-tz":
|
|
2731
|
-
committer:
|
|
2732
|
-
"committer-mail":
|
|
2733
|
-
"committer-time":
|
|
2734
|
-
"committer-tz":
|
|
2735
|
-
summary:
|
|
2736
|
-
filename:
|
|
2737
|
-
});
|
|
2738
|
-
LineToCommitMapZ =
|
|
2739
|
-
CommitMetadataMapZ =
|
|
2740
|
-
BlameInfoZ =
|
|
2743
|
+
filePaths: z14.array(z14.string()).optional()
|
|
2744
|
+
});
|
|
2745
|
+
PrepareGitBlameResponseMessageZ = z14.object({
|
|
2746
|
+
reportId: z14.string()
|
|
2747
|
+
});
|
|
2748
|
+
CommitMetadataZ = z14.object({
|
|
2749
|
+
author: z14.string().optional(),
|
|
2750
|
+
"author-mail": z14.string().optional(),
|
|
2751
|
+
"author-time": z14.string().optional(),
|
|
2752
|
+
"author-tz": z14.string().optional(),
|
|
2753
|
+
committer: z14.string().optional(),
|
|
2754
|
+
"committer-mail": z14.string().optional(),
|
|
2755
|
+
"committer-time": z14.string().optional(),
|
|
2756
|
+
"committer-tz": z14.string().optional(),
|
|
2757
|
+
summary: z14.string().optional(),
|
|
2758
|
+
filename: z14.string().optional()
|
|
2759
|
+
});
|
|
2760
|
+
LineToCommitMapZ = z14.record(z14.string(), z14.string());
|
|
2761
|
+
CommitMetadataMapZ = z14.record(z14.string(), CommitMetadataZ);
|
|
2762
|
+
BlameInfoZ = z14.object({
|
|
2741
2763
|
lineToCommit: LineToCommitMapZ,
|
|
2742
2764
|
commitMetadata: CommitMetadataMapZ
|
|
2743
2765
|
});
|
|
2744
|
-
LineRangeZ =
|
|
2766
|
+
LineRangeZ = z14.object({
|
|
2745
2767
|
/** First line in chunk (1-indexed) */
|
|
2746
|
-
start:
|
|
2768
|
+
start: z14.number(),
|
|
2747
2769
|
/** Last line in chunk (inclusive) */
|
|
2748
|
-
end:
|
|
2749
|
-
});
|
|
2750
|
-
PrContextZ =
|
|
2751
|
-
prNumber:
|
|
2752
|
-
repositoryUrl:
|
|
2753
|
-
organizationId:
|
|
2754
|
-
userEmail:
|
|
2755
|
-
source:
|
|
2756
|
-
githubContext:
|
|
2757
|
-
prNumber:
|
|
2758
|
-
installationId:
|
|
2759
|
-
repositoryURL:
|
|
2770
|
+
end: z14.number()
|
|
2771
|
+
});
|
|
2772
|
+
PrContextZ = z14.object({
|
|
2773
|
+
prNumber: z14.number(),
|
|
2774
|
+
repositoryUrl: z14.string(),
|
|
2775
|
+
organizationId: z14.string(),
|
|
2776
|
+
userEmail: z14.string(),
|
|
2777
|
+
source: z14.enum(["pr", "github"]),
|
|
2778
|
+
githubContext: z14.object({
|
|
2779
|
+
prNumber: z14.number(),
|
|
2780
|
+
installationId: z14.number(),
|
|
2781
|
+
repositoryURL: z14.string()
|
|
2760
2782
|
}).optional()
|
|
2761
2783
|
});
|
|
2762
|
-
PrepareCommitBlameMessageZ =
|
|
2784
|
+
PrepareCommitBlameMessageZ = z14.object({
|
|
2763
2785
|
/** Commit blame request ID from database (for tracking and updating status) */
|
|
2764
|
-
commitBlameRequestId:
|
|
2786
|
+
commitBlameRequestId: z14.string(),
|
|
2765
2787
|
/** Organization ID (for org-scoped caching) */
|
|
2766
|
-
organizationId:
|
|
2788
|
+
organizationId: z14.string(),
|
|
2767
2789
|
/** Full repository URL (e.g., https://github.com/org/repo) */
|
|
2768
|
-
repositoryUrl:
|
|
2790
|
+
repositoryUrl: z14.string(),
|
|
2769
2791
|
/** Commit SHA to analyze (typically PR head commit) */
|
|
2770
|
-
commitSha:
|
|
2792
|
+
commitSha: z14.string(),
|
|
2771
2793
|
/** Authentication headers for repository access (e.g., GitHub token) */
|
|
2772
|
-
extraHeaders:
|
|
2794
|
+
extraHeaders: z14.record(z14.string(), z14.string()).default({}),
|
|
2773
2795
|
// --- PR analysis fields ---
|
|
2774
2796
|
/** Target branch name (from getPr() base.ref). When set, enables PR analysis mode. */
|
|
2775
|
-
targetBranch:
|
|
2797
|
+
targetBranch: z14.string().optional(),
|
|
2776
2798
|
/** Context for triggering blame attribution analysis after SCM agent completes. */
|
|
2777
2799
|
prContext: PrContextZ.optional(),
|
|
2778
2800
|
/** User email for blame attribution analysis trigger context (used for both PR and single commit flows). */
|
|
2779
|
-
userEmail:
|
|
2801
|
+
userEmail: z14.string().optional()
|
|
2780
2802
|
});
|
|
2781
|
-
BlameLineInfoZ =
|
|
2803
|
+
BlameLineInfoZ = z14.object({
|
|
2782
2804
|
/** Line number as it appeared in the introducing commit */
|
|
2783
|
-
originalLineNumber:
|
|
2805
|
+
originalLineNumber: z14.number(),
|
|
2784
2806
|
/** Commit SHA that introduced this line */
|
|
2785
|
-
commitSha:
|
|
2807
|
+
commitSha: z14.string(),
|
|
2786
2808
|
/** Author name for this line */
|
|
2787
|
-
authorName:
|
|
2809
|
+
authorName: z14.string().optional(),
|
|
2788
2810
|
/** Author email for this line */
|
|
2789
|
-
authorEmail:
|
|
2811
|
+
authorEmail: z14.string().optional()
|
|
2790
2812
|
}).nullable();
|
|
2791
|
-
FileBlameDataZ =
|
|
2792
|
-
ChunkFetchResultZ =
|
|
2793
|
-
filePath:
|
|
2794
|
-
lines:
|
|
2813
|
+
FileBlameDataZ = z14.array(BlameLineInfoZ);
|
|
2814
|
+
ChunkFetchResultZ = z14.object({
|
|
2815
|
+
filePath: z14.string(),
|
|
2816
|
+
lines: z14.array(z14.number()),
|
|
2795
2817
|
data: FileBlameDataZ.nullable()
|
|
2796
2818
|
});
|
|
2797
|
-
FileBlameResponseEntryZ =
|
|
2819
|
+
FileBlameResponseEntryZ = z14.object({
|
|
2798
2820
|
/** Chunk index (0 for small files, 0-N for large file chunks) */
|
|
2799
|
-
chunkIndex:
|
|
2821
|
+
chunkIndex: z14.number(),
|
|
2800
2822
|
/** Blame data array (1-indexed, index 0 is null) */
|
|
2801
2823
|
blameData: FileBlameDataZ
|
|
2802
2824
|
});
|
|
2803
|
-
CommitBlameDataZ =
|
|
2804
|
-
|
|
2825
|
+
CommitBlameDataZ = z14.record(
|
|
2826
|
+
z14.string(),
|
|
2805
2827
|
// fileName
|
|
2806
|
-
|
|
2828
|
+
z14.array(FileBlameResponseEntryZ)
|
|
2807
2829
|
);
|
|
2808
|
-
CommitInfoZ =
|
|
2830
|
+
CommitInfoZ = z14.object({
|
|
2809
2831
|
/** Number of parent commits (1 = normal commit, 2+ = merge commit, null = failed to determine) */
|
|
2810
|
-
parentCount:
|
|
2832
|
+
parentCount: z14.number().nullable()
|
|
2811
2833
|
});
|
|
2812
|
-
GitIdentityZ =
|
|
2813
|
-
name:
|
|
2814
|
-
email:
|
|
2834
|
+
GitIdentityZ = z14.object({
|
|
2835
|
+
name: z14.string(),
|
|
2836
|
+
email: z14.string()
|
|
2815
2837
|
});
|
|
2816
2838
|
COMMIT_LOG_FORMAT = "%H%x00%ae%x00%an%x00%ce%x00%cn%x00%at%x00%s%x00%(trailers:key=Co-authored-by,valueonly,separator=%x00)";
|
|
2817
|
-
CommitDataZ =
|
|
2818
|
-
diff:
|
|
2839
|
+
CommitDataZ = z14.object({
|
|
2840
|
+
diff: z14.string(),
|
|
2819
2841
|
author: GitIdentityZ,
|
|
2820
2842
|
committer: GitIdentityZ,
|
|
2821
|
-
coAuthors:
|
|
2822
|
-
timestamp:
|
|
2843
|
+
coAuthors: z14.array(GitIdentityZ),
|
|
2844
|
+
timestamp: z14.number(),
|
|
2823
2845
|
// Unix timestamp in seconds
|
|
2824
|
-
message:
|
|
2825
|
-
parentCount:
|
|
2846
|
+
message: z14.string().optional(),
|
|
2847
|
+
parentCount: z14.number().nullable()
|
|
2826
2848
|
});
|
|
2827
|
-
PrDiffDataZ =
|
|
2828
|
-
diff:
|
|
2849
|
+
PrDiffDataZ = z14.object({
|
|
2850
|
+
diff: z14.string()
|
|
2829
2851
|
});
|
|
2830
|
-
PrStatsZ =
|
|
2831
|
-
additions:
|
|
2832
|
-
deletions:
|
|
2852
|
+
PrStatsZ = z14.object({
|
|
2853
|
+
additions: z14.number(),
|
|
2854
|
+
deletions: z14.number()
|
|
2833
2855
|
});
|
|
2834
|
-
CommitsManifestZ =
|
|
2835
|
-
commits:
|
|
2856
|
+
CommitsManifestZ = z14.object({
|
|
2857
|
+
commits: z14.array(z14.string())
|
|
2836
2858
|
// Array of commit SHAs in order
|
|
2837
2859
|
});
|
|
2838
|
-
BlameLineEntryZ =
|
|
2860
|
+
BlameLineEntryZ = z14.object({
|
|
2839
2861
|
/** Current file path in the PR head (what git blame was invoked on). */
|
|
2840
|
-
file:
|
|
2862
|
+
file: z14.string(),
|
|
2841
2863
|
/** Current line number in the PR head. */
|
|
2842
|
-
line:
|
|
2864
|
+
line: z14.number(),
|
|
2843
2865
|
/** SHA of the commit that originally authored this line. */
|
|
2844
|
-
originalCommitSha:
|
|
2866
|
+
originalCommitSha: z14.string(),
|
|
2845
2867
|
/** Line number as it was in `originalCommitSha`. */
|
|
2846
|
-
originalLineNumber:
|
|
2868
|
+
originalLineNumber: z14.number(),
|
|
2847
2869
|
/**
|
|
2848
2870
|
* File path as it was in `originalCommitSha` at the time that commit
|
|
2849
2871
|
* authored this line. When a file has been renamed since, this differs
|
|
@@ -2856,24 +2878,24 @@ var init_gitBlameTypes = __esm({
|
|
|
2856
2878
|
* must treat empty as "fall back to `file`" (see enrichDiffLines,
|
|
2857
2879
|
* targetedBlame).
|
|
2858
2880
|
*/
|
|
2859
|
-
originalFile:
|
|
2881
|
+
originalFile: z14.string().default("")
|
|
2860
2882
|
});
|
|
2861
|
-
BlameLinesDataZ =
|
|
2862
|
-
lines:
|
|
2883
|
+
BlameLinesDataZ = z14.object({
|
|
2884
|
+
lines: z14.array(BlameLineEntryZ)
|
|
2863
2885
|
});
|
|
2864
|
-
PrepareCommitBlameResponseMessageZ =
|
|
2886
|
+
PrepareCommitBlameResponseMessageZ = z14.object({
|
|
2865
2887
|
/** Commit blame request ID (matches request, used to update specific DB record) */
|
|
2866
|
-
commitBlameRequestId:
|
|
2888
|
+
commitBlameRequestId: z14.string(),
|
|
2867
2889
|
/** Organization ID (matches request) */
|
|
2868
|
-
organizationId:
|
|
2890
|
+
organizationId: z14.string(),
|
|
2869
2891
|
/** Repository URL (matches request) */
|
|
2870
|
-
repositoryUrl:
|
|
2892
|
+
repositoryUrl: z14.string(),
|
|
2871
2893
|
/** Commit SHA analyzed (matches request) */
|
|
2872
|
-
commitSha:
|
|
2894
|
+
commitSha: z14.string(),
|
|
2873
2895
|
/** Processing status */
|
|
2874
|
-
status:
|
|
2896
|
+
status: z14.enum(["success", "failure"]),
|
|
2875
2897
|
/** Error message (only present if status is 'failure') */
|
|
2876
|
-
error:
|
|
2898
|
+
error: z14.string().optional(),
|
|
2877
2899
|
/**
|
|
2878
2900
|
* Blame data for all processed files/chunks.
|
|
2879
2901
|
* Empty dictionary if status is 'failure'.
|
|
@@ -2885,29 +2907,29 @@ var init_gitBlameTypes = __esm({
|
|
|
2885
2907
|
* Keyed by commit SHA, deduplicated.
|
|
2886
2908
|
* Empty dictionary if status is 'failure'.
|
|
2887
2909
|
*/
|
|
2888
|
-
commits:
|
|
2910
|
+
commits: z14.record(z14.string(), CommitInfoZ).default({}),
|
|
2889
2911
|
// --- New PR diff computation response fields ---
|
|
2890
2912
|
/** S3 paths for commit-level data (commitSha → S3 key). Present in PR analysis mode and single commit mode. */
|
|
2891
|
-
commitDataS3Paths:
|
|
2913
|
+
commitDataS3Paths: z14.record(z14.string(), z14.string()).optional(),
|
|
2892
2914
|
/** S3 key for PR diff JSON. Present in PR analysis mode. */
|
|
2893
|
-
prDiffS3Path:
|
|
2915
|
+
prDiffS3Path: z14.string().optional(),
|
|
2894
2916
|
/** S3 key for commits manifest. Present in PR analysis mode. */
|
|
2895
|
-
commitsManifestS3Path:
|
|
2917
|
+
commitsManifestS3Path: z14.string().optional(),
|
|
2896
2918
|
/** S3 key for per-line targeted blame data. Present in PR analysis mode. */
|
|
2897
|
-
blameLinesS3Path:
|
|
2919
|
+
blameLinesS3Path: z14.string().optional(),
|
|
2898
2920
|
/** S3 key for PR stats (additions/deletions). Present in PR analysis mode. */
|
|
2899
|
-
prStatsS3Path:
|
|
2921
|
+
prStatsS3Path: z14.string().optional(),
|
|
2900
2922
|
/** PR context passed through from request for response handler. */
|
|
2901
2923
|
prContext: PrContextZ.optional(),
|
|
2902
2924
|
/** PR title from the request metadata (passed through). */
|
|
2903
|
-
prTitle:
|
|
2925
|
+
prTitle: z14.string().optional(),
|
|
2904
2926
|
/** User email passed through from request for single commit blame attribution analysis trigger. */
|
|
2905
|
-
userEmail:
|
|
2927
|
+
userEmail: z14.string().optional()
|
|
2906
2928
|
});
|
|
2907
|
-
VulnerabilityAttributionMessageZ =
|
|
2908
|
-
fixReportId:
|
|
2909
|
-
vulnerabilityAttributionRequestId:
|
|
2910
|
-
userEmail:
|
|
2929
|
+
VulnerabilityAttributionMessageZ = z14.object({
|
|
2930
|
+
fixReportId: z14.string().uuid(),
|
|
2931
|
+
vulnerabilityAttributionRequestId: z14.string().uuid(),
|
|
2932
|
+
userEmail: z14.string()
|
|
2911
2933
|
});
|
|
2912
2934
|
}
|
|
2913
2935
|
});
|
|
@@ -4237,1843 +4259,180 @@ var contextLogger = {
|
|
|
4237
4259
|
const logger3 = await createContextLogger();
|
|
4238
4260
|
return logger3.debug(message, data);
|
|
4239
4261
|
},
|
|
4240
|
-
warn: async (message, data) => {
|
|
4241
|
-
const logger3 = await createContextLogger();
|
|
4242
|
-
return logger3.warn(message, data);
|
|
4243
|
-
},
|
|
4244
|
-
error: async (message, data) => {
|
|
4245
|
-
const logger3 = await createContextLogger();
|
|
4246
|
-
return logger3.error(message, data);
|
|
4247
|
-
}
|
|
4248
|
-
};
|
|
4249
|
-
|
|
4250
|
-
// src/features/analysis/scm/errors.ts
|
|
4251
|
-
var InvalidAccessTokenError = class extends Error {
|
|
4252
|
-
constructor(m, scmType) {
|
|
4253
|
-
super(m);
|
|
4254
|
-
this.scmType = scmType;
|
|
4255
|
-
}
|
|
4256
|
-
};
|
|
4257
|
-
var InvalidUrlPatternError = class extends Error {
|
|
4258
|
-
constructor(m, scmType) {
|
|
4259
|
-
super(m);
|
|
4260
|
-
this.scmType = scmType;
|
|
4261
|
-
}
|
|
4262
|
-
};
|
|
4263
|
-
var RefNotFoundError = class extends Error {
|
|
4264
|
-
constructor(m) {
|
|
4265
|
-
super(m);
|
|
4266
|
-
}
|
|
4267
|
-
};
|
|
4268
|
-
var ScmBadCredentialsError = class extends Error {
|
|
4269
|
-
constructor(m, scmType) {
|
|
4270
|
-
super(m);
|
|
4271
|
-
this.scmType = scmType;
|
|
4272
|
-
}
|
|
4273
|
-
};
|
|
4274
|
-
var InvalidRepoUrlError = class extends Error {
|
|
4275
|
-
constructor(m, scmType) {
|
|
4276
|
-
super(m);
|
|
4277
|
-
this.scmType = scmType;
|
|
4278
|
-
}
|
|
4279
|
-
};
|
|
4280
|
-
var RepoNoTokenAccessError = class extends Error {
|
|
4281
|
-
constructor(m, scmType) {
|
|
4282
|
-
super(m);
|
|
4283
|
-
this.scmType = scmType;
|
|
4284
|
-
}
|
|
4285
|
-
};
|
|
4286
|
-
var RateLimitError = class extends Error {
|
|
4287
|
-
constructor(m, scmType, retryAfter) {
|
|
4288
|
-
super(m);
|
|
4289
|
-
this.scmType = scmType;
|
|
4290
|
-
this.retryAfter = retryAfter;
|
|
4291
|
-
}
|
|
4292
|
-
};
|
|
4293
|
-
var NetworkError = class extends Error {
|
|
4294
|
-
constructor(m, scmType, errorCode) {
|
|
4295
|
-
super(m);
|
|
4296
|
-
this.scmType = scmType;
|
|
4297
|
-
this.errorCode = errorCode;
|
|
4298
|
-
}
|
|
4299
|
-
};
|
|
4300
|
-
|
|
4301
|
-
// src/features/analysis/scm/utils/index.ts
|
|
4302
|
-
import { z as z13 } from "zod";
|
|
4303
|
-
|
|
4304
|
-
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
4305
|
-
init_client_generates();
|
|
4306
|
-
init_getIssueType();
|
|
4307
|
-
init_issueTypeCatalog();
|
|
4308
|
-
function capitalizeFirstLetter(str) {
|
|
4309
|
-
return str?.length ? str[0].toUpperCase() + str.slice(1) : "";
|
|
4310
|
-
}
|
|
4311
|
-
function lowercaseFirstLetter(str) {
|
|
4312
|
-
if (!str) return str;
|
|
4313
|
-
return `${str.charAt(0).toLowerCase()}${str.slice(1)}`;
|
|
4314
|
-
}
|
|
4315
|
-
var severityToEmoji = {
|
|
4316
|
-
["critical" /* Critical */]: "\u{1F6A8}",
|
|
4317
|
-
["high" /* High */]: "\u{1F6A9}",
|
|
4318
|
-
["medium" /* Medium */]: "\u{1F7E1}",
|
|
4319
|
-
["low" /* Low */]: "\u{1F7E2}"
|
|
4320
|
-
};
|
|
4321
|
-
var getCommitDescription = ({
|
|
4322
|
-
vendor,
|
|
4323
|
-
issueType,
|
|
4324
|
-
severity,
|
|
4325
|
-
guidances,
|
|
4326
|
-
fixUrl,
|
|
4327
|
-
irrelevantIssueWithTags
|
|
4328
|
-
}) => {
|
|
4329
|
-
const issueTypeString = getIssueTypeFriendlyString(issueType);
|
|
4330
|
-
let description = `This change fixes a **${severity} severity** (${severityToEmoji[severity]}) **${issueTypeString}** issue reported by **${capitalizeFirstLetter(
|
|
4331
|
-
vendor
|
|
4332
|
-
)}**.
|
|
4333
|
-
|
|
4334
|
-
`;
|
|
4335
|
-
if (issueType) {
|
|
4336
|
-
if (irrelevantIssueWithTags?.[0]?.tag) {
|
|
4337
|
-
description += `
|
|
4338
|
-
> [!tip]
|
|
4339
|
-
> This issue was found to be irrelevant to your project - ${lowercaseFirstLetter(getTagTooltip(irrelevantIssueWithTags[0].tag))}.
|
|
4340
|
-
> Mobb recommends to ignore this issue, however fix is available if you think differently.
|
|
4341
|
-
|
|
4342
|
-
|
|
4343
|
-
## Justification
|
|
4344
|
-
${issueDescription[irrelevantIssueWithTags[0].tag]}
|
|
4345
|
-
`;
|
|
4346
|
-
}
|
|
4347
|
-
const catalogEntry = getIssueTypeCatalogEntry(issueType);
|
|
4348
|
-
if (catalogEntry?.issueDescription) {
|
|
4349
|
-
description += `## Issue description
|
|
4350
|
-
${catalogEntry.issueDescription}
|
|
4351
|
-
`;
|
|
4352
|
-
if (catalogEntry.fixInstructions) {
|
|
4353
|
-
description += `
|
|
4354
|
-
## Fix instructions
|
|
4355
|
-
${catalogEntry.fixInstructions}
|
|
4356
|
-
`;
|
|
4357
|
-
}
|
|
4358
|
-
}
|
|
4359
|
-
}
|
|
4360
|
-
description += `
|
|
4361
|
-
${guidances.map(({ guidance }) => `## Additional actions required
|
|
4362
|
-
${guidance}
|
|
4363
|
-
`).join("")}
|
|
4364
|
-
`;
|
|
4365
|
-
if (fixUrl) {
|
|
4366
|
-
description += `
|
|
4367
|
-
[More info and fix customization are available in the Mobb platform](${fixUrl})`;
|
|
4368
|
-
}
|
|
4369
|
-
return description;
|
|
4370
|
-
};
|
|
4371
|
-
var getCommitIssueDescription = ({
|
|
4372
|
-
vendor,
|
|
4373
|
-
issueType,
|
|
4374
|
-
irrelevantIssueWithTags,
|
|
4375
|
-
fpDescription,
|
|
4376
|
-
unfixableDescription
|
|
4377
|
-
}) => {
|
|
4378
|
-
const issueTypeString = getIssueTypeFriendlyString(issueType);
|
|
4379
|
-
let description = `The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
|
|
4380
|
-
`;
|
|
4381
|
-
if (issueType) {
|
|
4382
|
-
if (irrelevantIssueWithTags?.[0]?.tag) {
|
|
4383
|
-
description = `
|
|
4384
|
-
> [!tip]
|
|
4385
|
-
> The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
|
|
4386
|
-
> ${issueTypeString} - ${lowercaseFirstLetter(getTagTooltip(irrelevantIssueWithTags[0].tag))}.
|
|
4387
|
-
> Mobb recommends to ignore this issue, however fix is available if you think differently.
|
|
4388
|
-
|
|
4389
|
-
|
|
4390
|
-
## Justification
|
|
4391
|
-
${fpDescription ?? unfixableDescription ?? issueDescription[irrelevantIssueWithTags[0].tag]}
|
|
4392
|
-
`;
|
|
4393
|
-
}
|
|
4394
|
-
const catalogEntry = getIssueTypeCatalogEntry(issueType);
|
|
4395
|
-
if (catalogEntry?.issueDescription) {
|
|
4396
|
-
description += `## Issue description
|
|
4397
|
-
${catalogEntry.issueDescription}
|
|
4398
|
-
`;
|
|
4399
|
-
}
|
|
4400
|
-
}
|
|
4401
|
-
return description;
|
|
4402
|
-
};
|
|
4403
|
-
|
|
4404
|
-
// src/features/analysis/scm/shared/src/index.ts
|
|
4405
|
-
init_getIssueType();
|
|
4406
|
-
|
|
4407
|
-
// src/features/analysis/scm/shared/src/guidances.ts
|
|
4408
|
-
init_client_generates();
|
|
4409
|
-
init_getIssueType();
|
|
4410
|
-
import { z as z4 } from "zod";
|
|
4411
|
-
|
|
4412
|
-
// src/features/analysis/scm/shared/src/storedFixData/index.ts
|
|
4413
|
-
init_client_generates();
|
|
4414
|
-
import { z as z2 } from "zod";
|
|
4415
|
-
|
|
4416
|
-
// src/features/analysis/scm/shared/src/storedFixData/passwordInComment.ts
|
|
4417
|
-
var passwordInComment = {
|
|
4418
|
-
guidance: () => "Removing sensitive information from the comments is not enough. To ensure the security of your data, you have to rotate passwords and tokens and update all places where they were used."
|
|
4419
|
-
};
|
|
4420
|
-
|
|
4421
|
-
// src/features/analysis/scm/shared/src/storedFixData/csharp/missingAntiForgeryValidation.ts
|
|
4422
|
-
var missingAntiForgeryValidation = {
|
|
4423
|
-
guidance: () => `The \`ValidateAntiForgeryToken\` attribute helps prevent cross-site request forgery (CSRF) attacks. The token is automatically injected into the view by the [FormTagHelper](https://learn.microsoft.com/en-us/aspnet/core/mvc/views/working-with-forms?view=aspnetcore-8.0#the-form-tag-helper)
|
|
4424
|
-
and is included when the form is submitted by the user. The token is validated by the \`ValidateAntiForgeryToken\` attribute. The token could be also generated using the [Html.AntiForgeryToken](https://learn.microsoft.com/en-us/dotnet/api/system.web.mvc.htmlhelper.antiforgerytoken?view=aspnet-mvc-5.2) helper.
|
|
4425
|
-
|
|
4426
|
-
|
|
4427
|
-
|
|
4428
|
-
|
|
4429
|
-
***Make sure this controller's client provides the validation token before approving this change.***
|
|
4430
|
-
|
|
4431
|
-
|
|
4432
|
-
|
|
4433
|
-
|
|
4434
|
-
This is an illustration of how the form will look like:
|
|
4435
|
-
|
|
4436
|
-
|
|
4437
|
-
|
|
4438
|
-
<form method="post" action="/Action">
|
|
4439
|
-
<!-- Input and Submit elements -->
|
|
4440
|
-
<input name="__RequestVerificationToken"
|
|
4441
|
-
type="hidden" value="<removed for brevity>">
|
|
4442
|
-
</form>
|
|
4443
|
-
|
|
4444
|
-
|
|
4445
|
-
***Notice the \`__RequestVerificationToken\` parameters.***
|
|
4446
|
-
`
|
|
4447
|
-
};
|
|
4448
|
-
|
|
4449
|
-
// src/features/analysis/scm/shared/src/storedFixData/csharp/index.ts
|
|
4450
|
-
var vulnerabilities = {
|
|
4451
|
-
["MISSING_ANTIFORGERY_VALIDATION"]: missingAntiForgeryValidation,
|
|
4452
|
-
["PASSWORD_IN_COMMENT"]: passwordInComment
|
|
4453
|
-
};
|
|
4454
|
-
var csharp_default = vulnerabilities;
|
|
4455
|
-
|
|
4456
|
-
// src/features/analysis/scm/shared/src/storedFixData/dockerfile/index.ts
|
|
4457
|
-
var vulnerabilities2 = {};
|
|
4458
|
-
var dockerfile_default = vulnerabilities2;
|
|
4459
|
-
|
|
4460
|
-
// src/features/analysis/scm/shared/src/storedFixData/go/index.ts
|
|
4461
|
-
var vulnerabilities3 = {};
|
|
4462
|
-
var go_default = vulnerabilities3;
|
|
4463
|
-
|
|
4464
|
-
// src/features/analysis/scm/shared/src/storedFixData/hcl/index.ts
|
|
4465
|
-
var vulnerabilities4 = {};
|
|
4466
|
-
var hcl_default = vulnerabilities4;
|
|
4467
|
-
|
|
4468
|
-
// src/features/analysis/scm/shared/src/storedFixData/java/insecureDeserialization.ts
|
|
4469
|
-
var insecureDeserialization = {
|
|
4470
|
-
guidance: () => "Added a `@Consumes` annotation restricting the endpoint to common safe media types (JSON, XML, form, multipart, octet-stream, plain text). Requests with `Content-Type: application/x-java-serialized-object` are no longer routed to the RESTEasy `SerializableProvider`. If your endpoint legitimately accepts a content type not in this allowlist (e.g. `image/png`, a custom JSON variant), expect HTTP 415 from those clients and extend the `@Consumes` list to include it."
|
|
4471
|
-
};
|
|
4472
|
-
|
|
4473
|
-
// src/features/analysis/scm/shared/src/storedFixData/java/j2eeGetConnection.ts
|
|
4474
|
-
var j2eeGetConnection = {
|
|
4475
|
-
guidance: () => `This fix replaces direct \`DriverManager.getConnection(...)\` calls with a container-managed JNDI \`DataSource\` lookup. The new code expects the app server (Tomcat / WildFly / WebSphere / etc.) to expose a configured connection pool under the JNDI name you specified.
|
|
4476
|
-
|
|
4477
|
-
|
|
4478
|
-
|
|
4479
|
-
|
|
4480
|
-
***Make sure the resource pool exists before merging.*** The patched code will throw a \`NamingException\` at runtime if the JNDI name does not resolve. Configure it in your container's resource definition:
|
|
4481
|
-
|
|
4482
|
-
- **Tomcat**: declare a \`<Resource>\` element in \`context.xml\` (or per-app \`META-INF/context.xml\`) with the same JNDI name, plus \`url\`, \`username\`, \`password\`, \`driverClassName\`, and any pool sizing.
|
|
4483
|
-
- **Spring Boot (embedded Tomcat)**: configure via \`spring.datasource.jndi-name\` and matching \`<Resource>\`, or use \`@ConfigurationProperties\` to bind a \`DataSource\` bean.
|
|
4484
|
-
- **WildFly / JBoss EAP**: declare a \`<datasource>\` in the standalone/domain XML and reference its JNDI binding.
|
|
4485
|
-
- **WebSphere / WebLogic**: define the JDBC provider and data source through the admin console; bind it to the JNDI name.
|
|
4486
|
-
|
|
4487
|
-
|
|
4488
|
-
|
|
4489
|
-
|
|
4490
|
-
Also add a matching \`<resource-ref>\` (or \`<data-source>\`) in your \`WEB-INF/web.xml\` if you use one. The original connection details (URL, user, password) move from the call site into the resource definition \u2014 remove them from any constants / properties files where they were duplicated.
|
|
4491
|
-
|
|
4492
|
-
|
|
4493
|
-
|
|
4494
|
-
|
|
4495
|
-
This fix is mandated by the J2EE / Jakarta EE specification (CWE-245) \u2014 direct driver management bypasses the container's pooling, retry, and failover policies.`
|
|
4496
|
-
};
|
|
4497
|
-
|
|
4498
|
-
// src/features/analysis/scm/shared/src/storedFixData/java/sqlInjection.ts
|
|
4499
|
-
var sqlInjection = {
|
|
4500
|
-
guidance: ({
|
|
4501
|
-
hasQuestionMarksAfterTaintVar
|
|
4502
|
-
}) => {
|
|
4503
|
-
if (hasQuestionMarksAfterTaintVar) {
|
|
4504
|
-
return "Please make sure to correct the following indices of the setInt()/setString() calls after the new parameter is added.";
|
|
4505
|
-
}
|
|
4506
|
-
return "";
|
|
4507
|
-
}
|
|
4508
|
-
};
|
|
4509
|
-
|
|
4510
|
-
// src/features/analysis/scm/shared/src/storedFixData/java/systemInformationLeak.ts
|
|
4511
|
-
var systemInformationLeak = {
|
|
4512
|
-
guidance: ({
|
|
4513
|
-
clientMightBeAffected
|
|
4514
|
-
}) => {
|
|
4515
|
-
if (clientMightBeAffected) {
|
|
4516
|
-
return "You should never expose error details to the client. We removed the error details from the response. Ensure the client application code does not rely on the removed information.";
|
|
4517
|
-
}
|
|
4518
|
-
return "";
|
|
4519
|
-
}
|
|
4520
|
-
};
|
|
4521
|
-
|
|
4522
|
-
// src/features/analysis/scm/shared/src/storedFixData/java/index.ts
|
|
4523
|
-
var vulnerabilities5 = {
|
|
4524
|
-
["PASSWORD_IN_COMMENT"]: passwordInComment,
|
|
4525
|
-
["INSECURE_DESERIALIZATION"]: insecureDeserialization,
|
|
4526
|
-
["J2EE_GET_CONNECTION"]: j2eeGetConnection,
|
|
4527
|
-
["SQL_Injection"]: sqlInjection,
|
|
4528
|
-
["SYSTEM_INFORMATION_LEAK"]: systemInformationLeak
|
|
4529
|
-
};
|
|
4530
|
-
var java_default = vulnerabilities5;
|
|
4531
|
-
|
|
4532
|
-
// src/features/analysis/scm/shared/src/storedFixData/python/csrf.ts
|
|
4533
|
-
var csrf = {
|
|
4534
|
-
guidance: () => `Please make sure the CSRF middleware is activated by default in the MIDDLEWARE setting. If you override that setting, remember that \`django.middleware.csrf.CsrfViewMiddleware\` should come before any view middleware that assume that CSRF attacks have been dealt with.
|
|
4535
|
-
|
|
4536
|
-
|
|
4537
|
-
If you disabled it, which is not recommended, you can use [\`csrf_protect()\`](https://docs.djangoproject.com/en/5.1/ref/csrf/#django.views.decorators.csrf.csrf_protect) annotation on this particular view.
|
|
4538
|
-
|
|
4539
|
-
|
|
4540
|
-
See more information [here](https://docs.djangoproject.com/en/5.1/howto/csrf/).`
|
|
4541
|
-
};
|
|
4542
|
-
|
|
4543
|
-
// src/features/analysis/scm/shared/src/storedFixData/javascript/hardcodedSecrets.ts
|
|
4544
|
-
var hardcodedSecrets = {
|
|
4545
|
-
guidance: ({ questions }) => {
|
|
4546
|
-
const envVarName = questions.find((q) => q.key === "env_var_name")?.value || "the";
|
|
4547
|
-
const keepAsDefault = questions.find(
|
|
4548
|
-
(q) => q.key === "keep_as_default"
|
|
4549
|
-
)?.value;
|
|
4550
|
-
let additionalText = "";
|
|
4551
|
-
if (keepAsDefault === "yes") {
|
|
4552
|
-
additionalText = "\n1. Remove the hardcoded secret from the code.\n";
|
|
4553
|
-
}
|
|
4554
|
-
return `Please follow the steps in this specific order:
|
|
4555
|
-
|
|
4556
|
-
1. Change the secret that was hardcoded. It is essential because even when you commit the changes, the secret will remain in the git history.${additionalText}
|
|
4557
|
-
1. Update the configuration of all your application environments and CI/CD pipelines to set \`${envVarName}\` environment variable.
|
|
4558
|
-
1. Commit the changes.`;
|
|
4559
|
-
}
|
|
4560
|
-
};
|
|
4561
|
-
|
|
4562
|
-
// src/features/analysis/scm/shared/src/storedFixData/javascript/noLimitsOrThrottling.ts
|
|
4563
|
-
var noLimitsOrThrottling = {
|
|
4564
|
-
guidance: () => "We set the default limit to 60 requests per minute. To customize the rate limit settings, please read the documentation of the [express-rate-limit](https://www.npmjs.com/package/express-rate-limit) package."
|
|
4565
|
-
};
|
|
4566
|
-
|
|
4567
|
-
// src/features/analysis/scm/shared/src/storedFixData/javascript/ssrf.ts
|
|
4568
|
-
var ssrf = {
|
|
4569
|
-
guidance: () => "The server-side validates the domains it has access to, otherwise it throws an error if validation failed. Please make sure you handled the error correctly."
|
|
4570
|
-
};
|
|
4571
|
-
|
|
4572
|
-
// src/features/analysis/scm/shared/src/storedFixData/javascript/index.ts
|
|
4573
|
-
var vulnerabilities6 = {
|
|
4574
|
-
["SSRF"]: ssrf,
|
|
4575
|
-
["HARDCODED_SECRETS"]: hardcodedSecrets,
|
|
4576
|
-
["PASSWORD_IN_COMMENT"]: passwordInComment,
|
|
4577
|
-
["NO_LIMITS_OR_THROTTLING"]: noLimitsOrThrottling,
|
|
4578
|
-
["CSRF"]: csrf
|
|
4579
|
-
};
|
|
4580
|
-
var javascript_default = vulnerabilities6;
|
|
4581
|
-
|
|
4582
|
-
// src/features/analysis/scm/shared/src/storedFixData/php/index.ts
|
|
4583
|
-
var vulnerabilities7 = {};
|
|
4584
|
-
var php_default = vulnerabilities7;
|
|
4585
|
-
|
|
4586
|
-
// src/features/analysis/scm/shared/src/storedFixData/python/autoEscapeFalse.ts
|
|
4587
|
-
var autoEscapeFalse = {
|
|
4588
|
-
guidance: () => `This fix enables automatic escaping for HTML. When that's enabled, everything is escaped by default except for values explicitly marked as safe. Variables and expressions can be marked as safe either in:
|
|
4589
|
-
|
|
4590
|
-
a. The context dictionary by the application with \`markupsafe.Markup\`
|
|
4591
|
-
|
|
4592
|
-
b. The template, with the \`|safe\` filter.
|
|
4593
|
-
|
|
4594
|
-
|
|
4595
|
-
|
|
4596
|
-
|
|
4597
|
-
See more information [here](https://jinja.palletsprojects.com/en/3.1.x/templates/#working-with-automatic-escaping) and [here](https://pypi.org/project/MarkupSafe/).
|
|
4598
|
-
|
|
4599
|
-
|
|
4600
|
-
|
|
4601
|
-
|
|
4602
|
-
***Note: make sure that none of the data you're marking as safe is coming from user input, as this can lead to XSS vulnerabilities!***`
|
|
4603
|
-
};
|
|
4604
|
-
|
|
4605
|
-
// src/features/analysis/scm/shared/src/storedFixData/python/improperCertificateValidation.ts
|
|
4606
|
-
var improperCertificateValidation = {
|
|
4607
|
-
guidance: () => `This fix re-enables TLS certificate validation by changing \`verify=False\` to \`verify=True\` on the HTTP request. Any call that was deliberately reaching a server with a self-signed, expired, or otherwise untrusted certificate will start raising \`ssl.SSLError\` / \`requests.exceptions.SSLError\` after this change.
|
|
4608
|
-
|
|
4609
|
-
|
|
4610
|
-
|
|
4611
|
-
***Before merging, confirm that every endpoint reached by this call presents a certificate signed by a trusted CA.*** If the call must talk to an internal service that uses a private CA, prefer pointing \`verify\` at the CA bundle (\`verify="/path/to/ca.pem"\`) over disabling validation. If the certificate cannot be trusted at all, the safe fix is to terminate that connection at a properly configured proxy, not to keep it unvalidated.
|
|
4612
|
-
|
|
4613
|
-
|
|
4614
|
-
|
|
4615
|
-
See the [\`requests\` SSL verification docs](https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification) for the supported \`verify\` values.`
|
|
4616
|
-
};
|
|
4617
|
-
|
|
4618
|
-
// src/features/analysis/scm/shared/src/storedFixData/python/index.ts
|
|
4619
|
-
var vulnerabilities8 = {
|
|
4620
|
-
["AUTO_ESCAPE_FALSE"]: autoEscapeFalse,
|
|
4621
|
-
["CSRF"]: csrf,
|
|
4622
|
-
["IMPROPER_CERTIFICATE_VALIDATION"]: improperCertificateValidation
|
|
4623
|
-
};
|
|
4624
|
-
var python_default = vulnerabilities8;
|
|
4625
|
-
|
|
4626
|
-
// src/features/analysis/scm/shared/src/storedFixData/sql/defaultRightsInObjDefinition.ts
|
|
4627
|
-
var defaultRightsInObjDefinition = {
|
|
4628
|
-
guidance: () => "***Make sure the user who is supposed to run the procedure has sufficient permissions.***\n\nRead more details about the `EXECUTE AS` statement in [the official Microsoft documentation](https://learn.microsoft.com/en-us/sql/t-sql/statements/execute-as-clause-transact-sql?view=sql-server-ver16&tabs=sqlserver).\n\n`EXECUTE AS CALLER` is the default behavior for SQL Server 2005 and later."
|
|
4629
|
-
};
|
|
4630
|
-
|
|
4631
|
-
// src/features/analysis/scm/shared/src/storedFixData/sql/index.ts
|
|
4632
|
-
var vulnerabilities9 = {
|
|
4633
|
-
["DEFAULT_RIGHTS_IN_OBJ_DEFINITION"]: defaultRightsInObjDefinition
|
|
4634
|
-
};
|
|
4635
|
-
var sql_default = vulnerabilities9;
|
|
4636
|
-
|
|
4637
|
-
// src/features/analysis/scm/shared/src/storedFixData/xml/index.ts
|
|
4638
|
-
var vulnerabilities10 = {
|
|
4639
|
-
["PASSWORD_IN_COMMENT"]: passwordInComment
|
|
4640
|
-
};
|
|
4641
|
-
var xml_default = vulnerabilities10;
|
|
4642
|
-
|
|
4643
|
-
// src/features/analysis/scm/shared/src/storedFixData/index.ts
|
|
4644
|
-
var StoredFixDataItemZ = z2.object({
|
|
4645
|
-
guidance: z2.function().args(z2.any()).returns(z2.string())
|
|
4646
|
-
});
|
|
4647
|
-
var languages = {
|
|
4648
|
-
["Java" /* Java */]: java_default,
|
|
4649
|
-
["JavaScript" /* JavaScript */]: javascript_default,
|
|
4650
|
-
["CSharp" /* CSharp */]: csharp_default,
|
|
4651
|
-
["SQL" /* Sql */]: sql_default,
|
|
4652
|
-
["XML" /* Xml */]: xml_default,
|
|
4653
|
-
["Python" /* Python */]: python_default,
|
|
4654
|
-
["PHP" /* Php */]: php_default,
|
|
4655
|
-
["Go" /* Go */]: go_default,
|
|
4656
|
-
["Dockerfile" /* Dockerfile */]: dockerfile_default,
|
|
4657
|
-
["Hcl" /* Hcl */]: hcl_default
|
|
4658
|
-
};
|
|
4659
|
-
|
|
4660
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/index.ts
|
|
4661
|
-
init_client_generates();
|
|
4662
|
-
import { z as z3 } from "zod";
|
|
4663
|
-
|
|
4664
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/commandInjection.ts
|
|
4665
|
-
var commandInjection = {
|
|
4666
|
-
isUnixShellCommandPart: {
|
|
4667
|
-
content: () => "Is the input data interpolated into a shell command (not the program name or shell structure)?",
|
|
4668
|
-
description: () => `\`system()\` / \`popen()\` hand the whole string to \`/bin/sh -c\`. Answer **yes** when the input is *data* placed into a fixed command, for example:
|
|
4669
|
-
|
|
4670
|
-
- \`sprintf(cmd, "grep %s file.txt", input); system(cmd);\`
|
|
4671
|
-
- \`sprintf(cmd, "ping -c 5 %s", input); system(cmd);\`
|
|
4672
|
-
|
|
4673
|
-
Answer **no** (the input is not plain data) when the input is:
|
|
4674
|
-
|
|
4675
|
-
1. The program/executable itself:
|
|
4676
|
-
- \`system(input);\`
|
|
4677
|
-
- \`sprintf(cmd, "%s -x", input);\`
|
|
4678
|
-
2. A command after a pipe or redirect:
|
|
4679
|
-
- \`sprintf(cmd, "cat file.txt | %s", input);\`
|
|
4680
|
-
3. A part of a non-Unix or cross-platform shell command.
|
|
4681
|
-
4. A part of embedded code in another language:
|
|
4682
|
-
- \`sprintf(cmd, "php -r \\"echo '%s';\\"", input);\`
|
|
4683
|
-
- \`sprintf(cmd, "awk '%s' file", input);\`
|
|
4684
|
-
5. A flag/option that controls a tool's behaviour:
|
|
4685
|
-
- \`sprintf(cmd, "git --upload-pack %s", input);\``,
|
|
4686
|
-
guidance: () => "If yes and the command can run without a shell, it is rewritten to a no-shell argument-vector call (`posix_spawn`); if it needs the shell, the tainted argument is escaped in place so the shell keeps working. If the answer is no (the input controls the program or shell structure), there is no safe automatic rewrite, so the fix is withheld and the sink is left for manual review."
|
|
4687
|
-
},
|
|
4688
|
-
executableLocationPath: {
|
|
4689
|
-
content: () => "What is the absolute path of the directory containing the executable?",
|
|
4690
|
-
description: () => `When \`system()\` is rewritten to an \`execv()\` argument-vector call, the program is run by its path with **no \`$PATH\` search**, so a relative program name (e.g. \`tail\`) cannot be resolved and a poisoned \`PATH\` cannot be used to run a look-alike binary.
|
|
4691
|
-
|
|
4692
|
-
Provide the absolute directory that contains the executable (e.g. \`/usr/bin\`); the fix prepends it to the bare program name to form an absolute path.`,
|
|
4693
|
-
guidance: () => "Only asked when the program name in the command has no `/`. A program that is already an absolute or relative path (contains `/`) is used as written."
|
|
4694
|
-
}
|
|
4695
|
-
};
|
|
4696
|
-
|
|
4697
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/pathManipulation.ts
|
|
4698
|
-
var pathManipulation = {
|
|
4699
|
-
baseDirectory: {
|
|
4700
|
-
content: ({ expression }) => `Which directory must \`${expression}\` stay within? Enter the absolute base directory file access is restricted to.`,
|
|
4701
|
-
description: ({ expression }) => `The fix canonicalizes \`${expression}\` (resolving \`.\`, \`..\`, and symlinks) and verifies the result stays inside this base directory. Provide the **absolute** root the application is allowed to read or write under, for example \`/var/app/data\`. The directory must exist at runtime. A path that resolves outside it is rejected at runtime.`,
|
|
4702
|
-
guidance: (_) => "You **must** set this to an absolute path that exists at runtime and that your application confines file access to. If you leave it unset (or give a relative path), the generated fix is emitted with a placeholder identifier (`MOBB_SET_ALLOWED_BASE_DIR`) that **deliberately does not compile**, so a missing security boundary cannot be overlooked \u2014 replace it with your absolute base directory. A relative path would otherwise resolve against the process working directory (moving the boundary). At runtime the guard aborts (C: `exit(EXIT_FAILURE)`) / throws (C++: `std::runtime_error`) on a path that escapes the base. Pick the narrowest directory that still contains every legitimate file the code opens."
|
|
4703
|
-
}
|
|
4704
|
-
};
|
|
4705
|
-
|
|
4706
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
|
|
4707
|
-
var vulnerabilities11 = {
|
|
4708
|
-
["CMDi"]: commandInjection,
|
|
4709
|
-
["PT"]: pathManipulation
|
|
4710
|
-
};
|
|
4711
|
-
var cpp_default = vulnerabilities11;
|
|
4712
|
-
|
|
4713
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/httpOnlyCookie.ts
|
|
4714
|
-
var httpOnlyCookie = {
|
|
4715
|
-
httpOnlyCookie: {
|
|
4716
|
-
content: () => "Is the cookie value supposed to be exposed to client-side scripting code?",
|
|
4717
|
-
description: () => httpOnlyMessage,
|
|
4718
|
-
guidance: () => ""
|
|
4719
|
-
},
|
|
4720
|
-
cookieVarName: {
|
|
4721
|
-
content: () => "Please define a variable name",
|
|
4722
|
-
description: () => `We need a variable for the new cookie instance`,
|
|
4723
|
-
guidance: () => ""
|
|
4724
|
-
}
|
|
4725
|
-
};
|
|
4726
|
-
var httpOnlyMessage = `\`HttpOnly\` is a security feature for cookies that can be set by a web server
|
|
4727
|
-
when sending a Set-Cookie header in an HTTP response. When the HTTP Only flag is set for a cookie, it means that the cookie can only
|
|
4728
|
-
be accessed and modified by the server, and client-side scripts (like JavaScript) running in the browser are not allowed to access the cookie.
|
|
4729
|
-
|
|
4730
|
-
|
|
4731
|
-
|
|
4732
|
-
|
|
4733
|
-
***If your client-site application needs to access the value of this cookie, making this change might break the application logic.***
|
|
4734
|
-
|
|
4735
|
-
|
|
4736
|
-
|
|
4737
|
-
`;
|
|
4738
|
-
|
|
4739
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/insecureBinderConfiguration.ts
|
|
4740
|
-
var insecureBinderConfiguration = {
|
|
4741
|
-
bindAttributeParam: {
|
|
4742
|
-
content: ({ func_param_name }) => `Which properties of the model should be included in model binding for \`${func_param_name}\`?`,
|
|
4743
|
-
description: () => "Provide a comma-separated list of valid property names to be included in model binding. See [the official documentation](https://learn.microsoft.com/en-us/aspnet/core/mvc/models/model-binding?view=aspnetcore-8.0#bind-attribute) for more details.",
|
|
4744
|
-
guidance: () => ""
|
|
4745
|
-
}
|
|
4746
|
-
};
|
|
4747
|
-
|
|
4748
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/insecureCookie.ts
|
|
4749
|
-
var insecureCookie = {
|
|
4750
|
-
insecureCookie: {
|
|
4751
|
-
content: () => "Will this cookie be used only in encrypted channels (https)?",
|
|
4752
|
-
description: () => `When a cookie is marked as "secure" in a web environment, it means that the cookie should only be sent over secure, encrypted connections, like HTTPS.
|
|
4753
|
-
In environments like local development or test, setting cookies as secure might have some consequences:
|
|
4754
|
-
|
|
4755
|
-
|
|
4756
|
-
- Development Convenience: When developing locally, you might not always have HTTPS set up, as it often involves
|
|
4757
|
-
additional configuration and certificates. If cookies are marked as secure,
|
|
4758
|
-
they won't be sent over HTTP, and this could potentially interfere with the normal
|
|
4759
|
-
functioning of your application during development.
|
|
4760
|
-
|
|
4761
|
-
|
|
4762
|
-
- Testing for Secure Environments: If your application relies on secure cookies, you should ensure that your
|
|
4763
|
-
testing environment accurately simulates the production environment's security features.
|
|
4764
|
-
This may involve setting up HTTPS in your local development environment.
|
|
4765
|
-
|
|
4766
|
-
|
|
4767
|
-
- Debugging Challenges: Debugging may be more challenging when using secure cookies in a
|
|
4768
|
-
development environment, especially if you need to inspect or manipulate the cookies during
|
|
4769
|
-
development.`,
|
|
4770
|
-
guidance: () => ""
|
|
4771
|
-
},
|
|
4772
|
-
cookieVarName: {
|
|
4773
|
-
content: () => "Please define a variable name",
|
|
4774
|
-
description: () => `We need a variable for the new cookie instance`,
|
|
4775
|
-
guidance: () => ""
|
|
4776
|
-
}
|
|
4777
|
-
};
|
|
4778
|
-
|
|
4779
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/insecureRandomness.ts
|
|
4780
|
-
var insecureRandomness = {
|
|
4781
|
-
isRandomNumberGeneratorAvailable: {
|
|
4782
|
-
content: () => "We use the `RandomNumberGenerator` class from the `System.Security.Cryptography` package. Does this class exist for the .NET version you use?",
|
|
4783
|
-
description: () => "See [the official documentation](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.randomnumbergenerator?view=net-8.0#applies-to) for more details.",
|
|
4784
|
-
guidance: () => ""
|
|
4785
|
-
},
|
|
4786
|
-
isNetVersionGreaterThan6: {
|
|
4787
|
-
content: () => "We are able to offer a more concise solution if the .NET version is greater then .NET 6",
|
|
4788
|
-
description: () => "",
|
|
4789
|
-
guidance: () => ""
|
|
4790
|
-
}
|
|
4791
|
-
};
|
|
4792
|
-
|
|
4793
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/insufficientLogging.ts
|
|
4794
|
-
var insufficientLogging = {
|
|
4795
|
-
logMessage: {
|
|
4796
|
-
content: () => "Enter the message that you want to appear in the log",
|
|
4797
|
-
description: () => "",
|
|
4798
|
-
guidance: () => ""
|
|
4799
|
-
}
|
|
4800
|
-
};
|
|
4801
|
-
|
|
4802
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/logForging.ts
|
|
4803
|
-
var logForging = {
|
|
4804
|
-
isHtmlDisplay: {
|
|
4805
|
-
content: () => "Is the text written to the log going to be displayed as HTML?",
|
|
4806
|
-
description: () => "",
|
|
4807
|
-
guidance: ({ userInputValue }) => {
|
|
4808
|
-
switch (userInputValue) {
|
|
4809
|
-
case "yes":
|
|
4810
|
-
return "We use the `System.Web` `HttpUtility` to decode the HTML";
|
|
4811
|
-
default:
|
|
4812
|
-
return "";
|
|
4813
|
-
}
|
|
4814
|
-
}
|
|
4815
|
-
}
|
|
4816
|
-
};
|
|
4817
|
-
|
|
4818
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/overlyBroadCatch.ts
|
|
4819
|
-
var overlyBroadCatch = {
|
|
4820
|
-
defaultExceptionsInWhenFilter: {
|
|
4821
|
-
content: () => "Exceptions to filter",
|
|
4822
|
-
description: () => "Coma separated list of the Fully Qualified Exceptions names",
|
|
4823
|
-
guidance: () => ""
|
|
4824
|
-
}
|
|
4825
|
-
};
|
|
4826
|
-
|
|
4827
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/pt.ts
|
|
4828
|
-
var pt = {
|
|
4829
|
-
taintedTermType: {
|
|
4830
|
-
content: ({ expression }) => `Does \`${expression}\` represent a file name or a file path?`,
|
|
4831
|
-
description: ({ expression }) => `We replace all illegal file name characters for Unix, Windows, and macOS operation systems, including slashes. Ensure that \`${expression}\` isn't supposed to contain slashes or other illegal file name characters.`,
|
|
4832
|
-
guidance: () => ""
|
|
4833
|
-
},
|
|
4834
|
-
pathTargetDir: {
|
|
4835
|
-
content: () => "Allowed file path",
|
|
4836
|
-
description: () => "Provide the intended file path destination eg: /tmp/testfiles/users/",
|
|
4837
|
-
guidance: () => ""
|
|
4838
|
-
}
|
|
4839
|
-
};
|
|
4840
|
-
|
|
4841
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/regexMissingTimeout.ts
|
|
4842
|
-
var regexMissingTimeout = {
|
|
4843
|
-
netVersionGreaterOrEqual7: {
|
|
4844
|
-
content: () => "Is your target framework .NET 7 or greater?",
|
|
4845
|
-
description: () => "",
|
|
4846
|
-
guidance: () => ""
|
|
4847
|
-
},
|
|
4848
|
-
timeout: {
|
|
4849
|
-
content: () => "Enter the timeout in milliseconds",
|
|
4850
|
-
description: () => "If the limit is reached a RegexTimeoutException is thrown, this could be caused by excessive backtracking",
|
|
4851
|
-
guidance: () => ""
|
|
4852
|
-
},
|
|
4853
|
-
useBacktrackingOption: {
|
|
4854
|
-
content: () => "Use non backtracking option",
|
|
4855
|
-
description: () => "If the regex does not need to use backtracking we can disable it using regex options",
|
|
4856
|
-
guidance: () => ""
|
|
4857
|
-
}
|
|
4858
|
-
};
|
|
4859
|
-
|
|
4860
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/requestParametersBoundViaInput.ts
|
|
4861
|
-
var requestParametersBoundViaInput = {
|
|
4862
|
-
fieldsToCopy: {
|
|
4863
|
-
content: () => "Please list all the fields you expect as input from the user. Use comma separated list.",
|
|
4864
|
-
description: () => `This is meant to avoid mass assignment vulnerabilities, where the user would enter an inner unexpected field`,
|
|
4865
|
-
guidance: () => ""
|
|
4866
|
-
}
|
|
4867
|
-
};
|
|
4868
|
-
|
|
4869
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/sqlInjection.ts
|
|
4870
|
-
var sqlInjection2 = {
|
|
4871
|
-
databaseProvider: {
|
|
4872
|
-
content: () => "Select the database provider",
|
|
4873
|
-
description: () => "",
|
|
4874
|
-
guidance: () => ""
|
|
4875
|
-
}
|
|
4876
|
-
};
|
|
4877
|
-
|
|
4878
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/ssrf.ts
|
|
4879
|
-
var ssrf2 = {
|
|
4880
|
-
domainsAllowlist: {
|
|
4881
|
-
content: () => "Allowed domains",
|
|
4882
|
-
description: () => "Coma separated list of allowed domains.",
|
|
4883
|
-
guidance: () => ""
|
|
4884
|
-
}
|
|
4885
|
-
};
|
|
4886
|
-
|
|
4887
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/sysLeak.ts
|
|
4888
|
-
var sysLeak = {
|
|
4889
|
-
errorMessage: {
|
|
4890
|
-
content: () => "Enter the error message that you want to appear in the log",
|
|
4891
|
-
description: () => "",
|
|
4892
|
-
guidance: () => ""
|
|
4893
|
-
},
|
|
4894
|
-
noLoggerAction: {
|
|
4895
|
-
content: () => "Which of the following you want to use instead of the vulnerable code?",
|
|
4896
|
-
description: () => "",
|
|
4897
|
-
guidance: () => ""
|
|
4898
|
-
}
|
|
4899
|
-
};
|
|
4900
|
-
|
|
4901
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/trustBoundaryViolation.ts
|
|
4902
|
-
var trustBoundaryViolation = {
|
|
4903
|
-
validationPattern: {
|
|
4904
|
-
content: ({ expression }) => `What is the expected type of \`${expression}\`?`,
|
|
4905
|
-
description: () => "We use regex to validate the input to avoid runtime surprises",
|
|
4906
|
-
guidance: () => ""
|
|
4907
|
-
},
|
|
4908
|
-
otherPatternValue: {
|
|
4909
|
-
content: () => `Enter the regex pattern you would like to use to validate the input`,
|
|
4910
|
-
description: () => "See patterns at [the regex docs](https://learn.microsoft.com/en-us/dotnet/standard/base-types/regular-expression-language-quick-reference)",
|
|
4911
|
-
guidance: () => ""
|
|
4912
|
-
}
|
|
4913
|
-
};
|
|
4914
|
-
|
|
4915
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/useOfSystemOutputStream.ts
|
|
4916
|
-
var useOfSystemOutputStream = {
|
|
4917
|
-
noLoggerAction: {
|
|
4918
|
-
content: () => "Which of the following you want to use instead of the vulnerable code?",
|
|
4919
|
-
description: () => "",
|
|
4920
|
-
guidance: () => ""
|
|
4921
|
-
}
|
|
4922
|
-
};
|
|
4923
|
-
|
|
4924
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/valueShadowing.ts
|
|
4925
|
-
var valueShadowing = {
|
|
4926
|
-
collectionName: {
|
|
4927
|
-
content: () => "Please select the collection to search/index from",
|
|
4928
|
-
description: () => `Accessing the root object eg Request["item"] searches across all available collections and returns the first item that matches. Potentially leading to the correct value being shadowed. Available collections include:
|
|
4929
|
-
- QueryString: The values of variables in the HTTP query string.
|
|
4930
|
-
- Form: The values of form elements in the HTTP request body.
|
|
4931
|
-
- Cookies: The values of cookies sent in the HTTP request.
|
|
4932
|
-
- ClientCertificate: The values of fields stored in the client certificate that is sent in the HTTP request.
|
|
4933
|
-
- ServerVariables: The values of predetermined environment variables.`,
|
|
4934
|
-
guidance: () => `See
|
|
4935
|
-
- https://learn.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524948(v=vs.90),
|
|
4936
|
-
- https://learn.microsoft.com/en-us/dotnet/api/system.web.httprequest?view=netframework-4.8.1`
|
|
4937
|
-
}
|
|
4938
|
-
};
|
|
4939
|
-
|
|
4940
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/wcfMisconfigurationThrottlingNotEnabled.ts
|
|
4941
|
-
var wcfMisconfigurationThrottlingNotEnabled = {
|
|
4942
|
-
maxConcurrentCalls: {
|
|
4943
|
-
content: () => "Please define the maximum concurrent calls",
|
|
4944
|
-
description: () => `A positive integer that limits the number of messages that currently process across a ServiceHost. Calls in excess of the limit are queued. Setting this value to 0 is equivalent to setting it to Int32.MaxValue.`,
|
|
4945
|
-
guidance: () => {
|
|
4946
|
-
return "";
|
|
4947
|
-
}
|
|
4948
|
-
},
|
|
4949
|
-
maxConcurrentInstances: {
|
|
4950
|
-
content: () => "Please define the maximum concurrent instances",
|
|
4951
|
-
description: () => `A positive integer that limits the number of InstanceContext objects that execute at one time across a ServiceHost. Requests to create additional instances are queued and complete when a slot below the limit becomes available.`,
|
|
4952
|
-
guidance: () => {
|
|
4953
|
-
return "";
|
|
4954
|
-
}
|
|
4955
|
-
},
|
|
4956
|
-
maxConcurrentSessions: {
|
|
4957
|
-
content: () => "Please define the maximum concurrent sessions",
|
|
4958
|
-
description: () => `A positive integer that limits the number of sessions a ServiceHost object can accept.`,
|
|
4959
|
-
guidance: () => {
|
|
4960
|
-
return "";
|
|
4961
|
-
}
|
|
4962
|
-
}
|
|
4963
|
-
};
|
|
4964
|
-
|
|
4965
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/xss.ts
|
|
4966
|
-
var xss = {
|
|
4967
|
-
allowSpecialCharacters: {
|
|
4968
|
-
content: ({ source_value }) => `Does your code allow encodable HTML characters like '&', '<', '"' etc. in: \`${source_value}\`?`,
|
|
4969
|
-
description: () => "",
|
|
4970
|
-
guidance: () => ""
|
|
4971
|
-
},
|
|
4972
|
-
containsHtml: {
|
|
4973
|
-
content: ({ prop_value }) => `Does your code allow having HTML tags in: \`${prop_value}\`?`,
|
|
4974
|
-
description: () => "",
|
|
4975
|
-
guidance: () => ""
|
|
4976
|
-
},
|
|
4977
|
-
netVersionGreaterOrEqual45: {
|
|
4978
|
-
content: () => "Is your target framework .NET 4.5 or greater?",
|
|
4979
|
-
description: () => "",
|
|
4980
|
-
guidance: () => ""
|
|
4981
|
-
},
|
|
4982
|
-
useHTML4NamedEntities: {
|
|
4983
|
-
content: () => "Would you like to use HTML 4.0 Named entities?",
|
|
4984
|
-
description: () => "See [examples](https://www.w3schools.com/charsets/ref_html_entities_4.asp) and [full description](https://www.w3.org/TR/WD-html40-970708/sgml/entities.html)",
|
|
4985
|
-
guidance: () => ""
|
|
4986
|
-
}
|
|
4987
|
-
};
|
|
4988
|
-
|
|
4989
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/xxe.ts
|
|
4990
|
-
var xxe = {
|
|
4991
|
-
netVersionGreaterOrEqual4: {
|
|
4992
|
-
content: () => "Is your target framework .NET 4.0.0 or greater?",
|
|
4993
|
-
description: () => "",
|
|
4994
|
-
guidance: ({ userInputValue }) => {
|
|
4995
|
-
switch (userInputValue) {
|
|
4996
|
-
case "yes":
|
|
4997
|
-
return "We set `DtdProcessing` to `DtdProcessing.Prohibit` in order to prevent DTD parsing.";
|
|
4998
|
-
default:
|
|
4999
|
-
return "We set `ProhibitDtd` to `true` in order to prevent DTD parsing.";
|
|
5000
|
-
}
|
|
5001
|
-
}
|
|
5002
|
-
}
|
|
5003
|
-
};
|
|
5004
|
-
|
|
5005
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
|
|
5006
|
-
var vulnerabilities12 = {
|
|
5007
|
-
["LOG_FORGING"]: logForging,
|
|
5008
|
-
["SSRF"]: ssrf2,
|
|
5009
|
-
["XXE"]: xxe,
|
|
5010
|
-
["XSS"]: xss,
|
|
5011
|
-
["USE_OF_SYSTEM_OUTPUT_STREAM"]: useOfSystemOutputStream,
|
|
5012
|
-
["SYSTEM_INFORMATION_LEAK"]: sysLeak,
|
|
5013
|
-
["OVERLY_BROAD_CATCH"]: overlyBroadCatch,
|
|
5014
|
-
["TRUST_BOUNDARY_VIOLATION"]: trustBoundaryViolation,
|
|
5015
|
-
["PT"]: pt,
|
|
5016
|
-
["REGEX_MISSING_TIMEOUT"]: regexMissingTimeout,
|
|
5017
|
-
["HTTP_ONLY_COOKIE"]: httpOnlyCookie,
|
|
5018
|
-
["INSECURE_COOKIE"]: insecureCookie,
|
|
5019
|
-
["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED"]: wcfMisconfigurationThrottlingNotEnabled,
|
|
5020
|
-
["INSECURE_BINDER_CONFIGURATION"]: insecureBinderConfiguration,
|
|
5021
|
-
["VALUE_SHADOWING"]: valueShadowing,
|
|
5022
|
-
["INSECURE_RANDOMNESS"]: insecureRandomness,
|
|
5023
|
-
["INSUFFICIENT_LOGGING"]: insufficientLogging,
|
|
5024
|
-
["SQL_Injection"]: sqlInjection2,
|
|
5025
|
-
["REQUEST_PARAMETERS_BOUND_VIA_INPUT"]: requestParametersBoundViaInput
|
|
5026
|
-
};
|
|
5027
|
-
var csharp_default2 = vulnerabilities12;
|
|
5028
|
-
|
|
5029
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/go/logForging.ts
|
|
5030
|
-
var logForging2 = {
|
|
5031
|
-
isHtmlDisplay: {
|
|
5032
|
-
content: () => "Is the text written to the log going to be displayed as HTML?",
|
|
5033
|
-
description: () => "",
|
|
5034
|
-
guidance: () => ""
|
|
5035
|
-
}
|
|
5036
|
-
};
|
|
5037
|
-
|
|
5038
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/go/missingSslMinversion.ts
|
|
5039
|
-
var missingSslMinversion = {
|
|
5040
|
-
minTlsVersion: {
|
|
5041
|
-
content: () => "What is the minimum version of Transport Layer Security (TLS) you allow? Ensure compatibility between the server and clients.",
|
|
5042
|
-
description: () => "",
|
|
5043
|
-
guidance: () => ""
|
|
5044
|
-
}
|
|
5045
|
-
};
|
|
5046
|
-
|
|
5047
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/go/websocketMissingOriginCheck.ts
|
|
5048
|
-
var websocketMissingOriginCheck = {
|
|
5049
|
-
minTlsVersion: {
|
|
5050
|
-
content: () => "Please provide a comma-separated list of valid hosts. This list will serve as an allow list to check the connection `Origin` header.",
|
|
5051
|
-
description: () => "",
|
|
5052
|
-
guidance: () => ""
|
|
5053
|
-
}
|
|
5054
|
-
};
|
|
5055
|
-
|
|
5056
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
|
|
5057
|
-
var vulnerabilities13 = {
|
|
5058
|
-
["LOG_FORGING"]: logForging2,
|
|
5059
|
-
["MISSING_SSL_MINVERSION"]: missingSslMinversion,
|
|
5060
|
-
["WEBSOCKET_MISSING_ORIGIN_CHECK"]: websocketMissingOriginCheck
|
|
5061
|
-
};
|
|
5062
|
-
var go_default2 = vulnerabilities13;
|
|
5063
|
-
|
|
5064
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/commandInjection.ts
|
|
5065
|
-
var commandInjection2 = {
|
|
5066
|
-
isUnixShellCommandPart: {
|
|
5067
|
-
content: () => "Is the input part of Unix shell command?",
|
|
5068
|
-
description: () => `For example:
|
|
5069
|
-
|
|
5070
|
-
- \`Runtime.getRuntime().exec(new String[] {"/bin/sh", "-c", "ping -t 5 -c 5 " + input});\`
|
|
5071
|
-
- \`Runtime.getRuntime().exec(new String[] {"/bin/bash", "-c", "curl " + input + " > file.txt"});\`
|
|
5072
|
-
|
|
5073
|
-
Make sure the input is not:
|
|
5074
|
-
|
|
5075
|
-
1. An executable name:
|
|
5076
|
-
- \`Runtime.getRuntime().exec(input);\`
|
|
5077
|
-
- \`Runtime.getRuntime().exec(new String[] {"/bin/bash", input});\`
|
|
5078
|
-
- \`Runtime.getRuntime().exec(new String[] {"/bin/sh", "-c", input + " param"});\`
|
|
5079
|
-
- \`Runtime.getRuntime().exec(new String[] {"/bin/bash", "-c", "cat file.txt | " + input});\`
|
|
5080
|
-
- \`Runtime.getRuntime().exec(new String[] {"/usr/bin/git", "--upload-pack", input});\`
|
|
5081
|
-
2. A part of non-unix or cross platform shell command:
|
|
5082
|
-
- \`Runtime.getRuntime().exec(new String[] {"cmd.exe", "/c", "ping " + input});\`
|
|
5083
|
-
3. A part of programming language code:
|
|
5084
|
-
- \`Runtime.getRuntime().exec(new String[] {"php", "-r", "echo '" + input + "';"});\`
|
|
5085
|
-
- \`Runtime.getRuntime().exec(new String[] {"perl", "-e", "print '" + input + "'"});\``,
|
|
5086
|
-
guidance: () => ""
|
|
5087
|
-
},
|
|
5088
|
-
installApacheCommonsText: {
|
|
5089
|
-
content: () => "Is the Apache Commons library (org.apache.commons) included in your project, if not, can you add it?",
|
|
5090
|
-
description: () => "Apache Commons Text is a library focused on algorithms working on strings.",
|
|
5091
|
-
guidance: ({ userInputValue }) => userInputValue === "yes" ? "To add the library, modify your pom.xml or build.gradle to include the library. You can find the latest version here https://mvnrepository.com/artifact/org.apache.commons/commons-text" : ""
|
|
5092
|
-
},
|
|
5093
|
-
cmdAllowlist: {
|
|
5094
|
-
content: () => "Allowed Commands",
|
|
5095
|
-
description: () => "Make sure that the list of commands is separated by commas.",
|
|
5096
|
-
guidance: () => ""
|
|
5097
|
-
}
|
|
5098
|
-
};
|
|
5099
|
-
|
|
5100
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/confusingNaming.ts
|
|
5101
|
-
var confusingNaming = {
|
|
5102
|
-
newFieldName: {
|
|
5103
|
-
content: () => "Rename the existing field",
|
|
5104
|
-
description: () => "",
|
|
5105
|
-
guidance: () => ""
|
|
5106
|
-
}
|
|
5107
|
-
};
|
|
5108
|
-
|
|
5109
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/duplicatedStrings.ts
|
|
5110
|
-
var duplicatedStrings = {
|
|
5111
|
-
constantName: {
|
|
5112
|
-
content: () => "New constant name",
|
|
5113
|
-
description: () => "",
|
|
5114
|
-
guidance: () => ""
|
|
5115
|
-
}
|
|
5116
|
-
};
|
|
5117
|
-
|
|
5118
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/erroneousStringCompare.ts
|
|
5119
|
-
var erroneousStringCompare = {
|
|
5120
|
-
javaVersionGreaterOrEqual17: {
|
|
5121
|
-
content: () => "Is `java.util.Objects` package available in your runtime?",
|
|
5122
|
-
description: () => "`java.util.Objects` is supported in Java 1.7 or greater.",
|
|
5123
|
-
guidance: () => ""
|
|
5124
|
-
}
|
|
5125
|
-
};
|
|
5126
|
-
|
|
5127
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/errorConditionWithoutAction.ts
|
|
5128
|
-
var errorConditionWithoutAction = {
|
|
5129
|
-
errorMessage: {
|
|
5130
|
-
content: () => "Enter the error message that you want to appear in the log",
|
|
5131
|
-
description: () => "",
|
|
5132
|
-
guidance: () => ""
|
|
5133
|
-
}
|
|
5134
|
-
};
|
|
5135
|
-
|
|
5136
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/httpOnlyCookie.ts
|
|
5137
|
-
var httpOnlyCookie2 = {
|
|
5138
|
-
httpOnlyCookie: {
|
|
5139
|
-
content: () => "Is the cookie value supposed to be exposed to client-side scripting code?",
|
|
5140
|
-
description: ({ class_name }) => class_name == "Cookie" ? `${httpOnlyMessage2} ${setHttpOnlyMethodMessage}` : httpOnlyMessage2,
|
|
5141
|
-
guidance: () => ""
|
|
5142
|
-
},
|
|
5143
|
-
cookieVarName: {
|
|
5144
|
-
content: () => "Please define a variable name",
|
|
5145
|
-
description: () => `We need a variable for the new cookie instance`,
|
|
5146
|
-
guidance: () => ""
|
|
5147
|
-
}
|
|
5148
|
-
};
|
|
5149
|
-
var httpOnlyMessage2 = `\`HttpOnly\` is a security feature for cookies that can be set by a web server
|
|
5150
|
-
when sending a Set-Cookie header in an HTTP response. When the HTTP Only flag is set for a cookie, it means that the cookie can only
|
|
5151
|
-
be accessed and modified by the server, and client-side scripts (like JavaScript) running in the browser are not allowed to access the cookie.
|
|
5152
|
-
|
|
5153
|
-
|
|
5154
|
-
|
|
5155
|
-
|
|
5156
|
-
***If your client-site application needs to access the value of this cookie, making this change might break the application logic.***
|
|
5157
|
-
|
|
5158
|
-
|
|
5159
|
-
|
|
5160
|
-
`;
|
|
5161
|
-
var setHttpOnlyMethodMessage = `Beware that if your application is using a version of the javax.servlet-api package < 3.0
|
|
5162
|
-
this change will not work since the method "setHttpOnly" is not present in previous of the package.`;
|
|
5163
|
-
|
|
5164
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/insecureCookie.ts
|
|
5165
|
-
var insecureCookie2 = {
|
|
5166
|
-
insecureCookie: {
|
|
5167
|
-
content: () => "Will this cookie be used only in encrypted channels (https)?",
|
|
5168
|
-
description: () => `When a cookie is marked as "secure" in a web environment, it means that the cookie should only be sent over secure, encrypted connections, like HTTPS.
|
|
5169
|
-
In environments like local development or test, setting cookies as secure might have some consequences:
|
|
5170
|
-
|
|
5171
|
-
|
|
5172
|
-
- Development Convenience: When developing locally, you might not always have HTTPS set up, as it often involves
|
|
5173
|
-
additional configuration and certificates. If cookies are marked as secure,
|
|
5174
|
-
they won't be sent over HTTP, and this could potentially interfere with the normal
|
|
5175
|
-
functioning of your application during development.
|
|
5176
|
-
|
|
5177
|
-
|
|
5178
|
-
- Testing for Secure Environments: If your application relies on secure cookies, you should ensure that your
|
|
5179
|
-
testing environment accurately simulates the production environment's security features.
|
|
5180
|
-
This may involve setting up HTTPS in your local development environment.
|
|
5181
|
-
|
|
5182
|
-
|
|
5183
|
-
- Debugging Challenges: Debugging may be more challenging when using secure cookies in a
|
|
5184
|
-
development environment, especially if you need to inspect or manipulate the cookies during
|
|
5185
|
-
development.`,
|
|
5186
|
-
guidance: () => ""
|
|
5187
|
-
},
|
|
5188
|
-
cookieVarName: {
|
|
5189
|
-
content: () => "Please define a variable name",
|
|
5190
|
-
description: () => `We need a variable for the new cookie instance`,
|
|
5191
|
-
guidance: () => ""
|
|
5192
|
-
}
|
|
5193
|
-
};
|
|
5194
|
-
|
|
5195
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/j2eeGetConnection.ts
|
|
5196
|
-
var j2eeGetConnection2 = {
|
|
5197
|
-
jndiResourceName: {
|
|
5198
|
-
content: () => "What JNDI name is the database connection pool registered under?",
|
|
5199
|
-
description: () => 'We need the JNDI name your app server uses to expose its container-managed `DataSource`. The fix performs `new InitialContext().lookup(<jndi-name>)` to retrieve the pool, so this value must exactly match the resource definition (e.g. `<Resource name="...">` in Tomcat `context.xml`, or the binding declared in WildFly / WebSphere / WebLogic). The default `java:comp/env/jdbc/myDataSource` is the canonical Tomcat / Spring convention; replace it with whatever your environment uses.',
|
|
5200
|
-
guidance: () => ""
|
|
5201
|
-
}
|
|
5202
|
-
};
|
|
5203
|
-
|
|
5204
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/leftoverDebugCode.ts
|
|
5205
|
-
var leftoverDebugCode = {
|
|
5206
|
-
isCodeUsed: {
|
|
5207
|
-
content: () => "The function seems to be a remnant of debug code. Is it still being used?",
|
|
5208
|
-
description: () => "",
|
|
5209
|
-
guidance: () => ""
|
|
5210
|
-
}
|
|
5211
|
-
};
|
|
5212
|
-
|
|
5213
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/localeDependentComparison.ts
|
|
5214
|
-
var localeDependentComparison = {
|
|
5215
|
-
localeType: {
|
|
5216
|
-
content: ({ variable }) => `Is ${variable} locale dependent?`,
|
|
5217
|
-
description: () => `Select "locale insensitive" for string comparisons that are not dependent on the locale.
|
|
5218
|
-
|
|
5219
|
-
Select "default locale" for string comparisons that uses the default locale.
|
|
5220
|
-
|
|
5221
|
-
Select "custom locale" for string comparisons that are dependent on a specific locale language.`,
|
|
5222
|
-
guidance: () => ""
|
|
5223
|
-
},
|
|
5224
|
-
customLocaleLanguage: {
|
|
5225
|
-
content: () => "What is your locale language?",
|
|
5226
|
-
description: () => "A list of locales can be found [here](https://www.oracle.com/java/technologies/javase/jdk8-jre8-suported-locales.html)",
|
|
5227
|
-
guidance: () => ""
|
|
5228
|
-
},
|
|
5229
|
-
customLocaleCountry: {
|
|
5230
|
-
content: () => "What is your locale country?",
|
|
5231
|
-
description: () => "A list of locales can be found [here](https://www.oracle.com/java/technologies/javase/jdk8-jre8-suported-locales.html)",
|
|
5232
|
-
guidance: () => ""
|
|
5233
|
-
}
|
|
5234
|
-
};
|
|
5235
|
-
|
|
5236
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/logForging.ts
|
|
5237
|
-
var logForging3 = {
|
|
5238
|
-
isHtmlDisplay: {
|
|
5239
|
-
content: () => "Is the text written to the log going to be displayed as HTML?",
|
|
5240
|
-
description: () => "",
|
|
5241
|
-
guidance: () => ""
|
|
5242
|
-
},
|
|
5243
|
-
htmlEscapingLib: {
|
|
5244
|
-
content: () => "Which HTML escaping library would you like to use?",
|
|
5245
|
-
description: () => `
|
|
5246
|
-
- If you use the Spring framework, you likely already have \`org.springframework.web.util.HtmlUtils\`
|
|
5247
|
-
- Another \`option is org.apache.commons.text.StringEscapeUtils\``,
|
|
5248
|
-
guidance: () => ""
|
|
5249
|
-
}
|
|
5250
|
-
};
|
|
5251
|
-
|
|
5252
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/missingCheckAgainstNull.ts
|
|
5253
|
-
var missingCheckAgainstNull = {
|
|
5254
|
-
preferredAction: {
|
|
5255
|
-
content: ({ tainted_expression }) => `What is expected behavior if \`${tainted_expression}\` returns null?`,
|
|
5256
|
-
description: () => "",
|
|
5257
|
-
guidance: () => ""
|
|
5258
|
-
},
|
|
5259
|
-
javaVersionGreaterOrEqual17: {
|
|
5260
|
-
content: () => "Is `java.util.Objects` package available in your runtime?",
|
|
5261
|
-
description: () => "`java.util.Objects` is supported in Java 1.7 or greater.",
|
|
5262
|
-
guidance: () => ""
|
|
5263
|
-
}
|
|
5264
|
-
};
|
|
5265
|
-
|
|
5266
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/openRedirect.ts
|
|
5267
|
-
var openRedirect = {
|
|
5268
|
-
allowlist: {
|
|
5269
|
-
content: () => "Allowed domains",
|
|
5270
|
-
description: () => "Add a comma separated list of allowed domains (e.g. 'google.com,example.com')",
|
|
5271
|
-
guidance: () => ""
|
|
5272
|
-
}
|
|
5273
|
-
};
|
|
5274
|
-
|
|
5275
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/overlyBroadCatch.ts
|
|
5276
|
-
var overlyBroadCatch2 = {
|
|
5277
|
-
handleRuntimeExceptions: {
|
|
5278
|
-
content: () => "Does the code intentionally catch `RuntimeException` instances like `ArithmeticException` or `NullPointerException` in the `catch` block?",
|
|
5279
|
-
description: () => "Usually, when catching the general `Exception` class catching of `RuntimeException` is implied and not necessarily the wanted/safe behavior. The application needs to deal with it explicitly in a different way, as the Mobb fix suggests.",
|
|
5280
|
-
guidance: () => ""
|
|
5281
|
-
}
|
|
5282
|
-
};
|
|
5283
|
-
|
|
5284
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/privacyViolation.ts
|
|
5285
|
-
var privacyViolation = {
|
|
5286
|
-
remediationOption: {
|
|
5287
|
-
content: () => "Preferred fix solution",
|
|
5288
|
-
description: () => `
|
|
5289
|
-
- Completely Remove the log message
|
|
5290
|
-
- Replace the sensitive data with the string [Redacted]
|
|
5291
|
-
- SHA 256 Hash the sensitive information in the log message`,
|
|
5292
|
-
guidance: () => ""
|
|
5293
|
-
}
|
|
5294
|
-
};
|
|
5295
|
-
|
|
5296
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/pt.ts
|
|
5297
|
-
var pt2 = {
|
|
5298
|
-
isPathRelativeOnly: {
|
|
5299
|
-
content: ({ expression }) => `Do you expect \`${expression}\` to be a relative path?`,
|
|
5300
|
-
description: () => "You most likely want to serve files relative to the web server's static files folder in web applications. If so, your answer should be `yes`. In CLI applications, you probably would like to give the user more flexibility and allow them to specify absolute paths to any location on the disk \u2013 your answer should be `no` in such cases.",
|
|
5301
|
-
guidance: () => ""
|
|
5302
|
-
},
|
|
5303
|
-
isFileName: {
|
|
5304
|
-
content: ({ expression }) => `Does \`${expression}\` represent a file name or a file name part?`,
|
|
5305
|
-
description: ({ expression }) => `We replace all illegal file name characters for Unix, Windows, and macOS operation systems, including slashes. Ensure that \`${expression}\` isn't supposed to contain slashes or other illegal file name characters. If \`${expression}\` is supposed to legitimately include such characters, the answer should be "no".`,
|
|
5306
|
-
guidance: () => ""
|
|
5307
|
-
}
|
|
5308
|
-
};
|
|
5309
|
-
|
|
5310
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/relativePathCommand.ts
|
|
5311
|
-
var relativePathCommand = {
|
|
5312
|
-
executableLocationPath: {
|
|
5313
|
-
content: () => "What is the absolute path of the directory containing the executable?",
|
|
5314
|
-
description: () => "We need the absolute path to the executable to protect your application from command injection and ensure malicious actors cannot execute arbitrary commands on your system.",
|
|
5315
|
-
guidance: () => ""
|
|
5316
|
-
}
|
|
5317
|
-
};
|
|
5318
|
-
|
|
5319
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/sqlInjection.ts
|
|
5320
|
-
function capitalizeFirstLetter2(item) {
|
|
5321
|
-
return item.charAt(0).toUpperCase() + item.slice(1);
|
|
5322
|
-
}
|
|
5323
|
-
var typeToSetMethod = {
|
|
5324
|
-
integer: "setInt",
|
|
5325
|
-
date: "setDate",
|
|
5326
|
-
string: "setString"
|
|
5327
|
-
};
|
|
5328
|
-
var sqlInjection3 = {
|
|
5329
|
-
parameterType: {
|
|
5330
|
-
content: ({ tainted_term }) => `What is the SQL Data Type of the \`${tainted_term}\` parameter?`,
|
|
5331
|
-
description: () => "In order to make sure the statement is built correctly, we must ensure we use the same type that is defined for this parameter in the SQL table. If you are unsure of this type, please consult with your team.",
|
|
5332
|
-
guidance: ({
|
|
5333
|
-
tainted_term,
|
|
5334
|
-
taint_var_type_guidance_required,
|
|
5335
|
-
userInputValue
|
|
5336
|
-
}) => {
|
|
5337
|
-
if (!taint_var_type_guidance_required || !userInputValue) {
|
|
5338
|
-
return "";
|
|
5339
|
-
}
|
|
5340
|
-
if (!taint_var_type_guidance_required[userInputValue]) {
|
|
5341
|
-
return "";
|
|
5342
|
-
}
|
|
5343
|
-
return `Make sure to convert \`${tainted_term}\` to \`${capitalizeFirstLetter2(
|
|
5344
|
-
userInputValue
|
|
5345
|
-
)}\` which is the type expected by the new setter method: \`${typeToSetMethod[userInputValue]}\``;
|
|
5346
|
-
}
|
|
5347
|
-
},
|
|
5348
|
-
varName: {
|
|
5349
|
-
content: () => "Name the new PreparedStatement variable",
|
|
5350
|
-
description: () => "We needed to create a new variable for this fix. We actually like the name we picked, but maybe you follow different naming conventions, so you can change it here.",
|
|
5351
|
-
guidance: () => ""
|
|
5352
|
-
},
|
|
5353
|
-
taintIndex: {
|
|
5354
|
-
content: ({ tainted_term }) => `What is the index of \`\`\`${tainted_term}\`\`\` in the query?`,
|
|
5355
|
-
description: () => "When constructing a query, we need to know exactly where to insert this parameter. If the query has more than one parameter, the index gives us this information. Leave the value as 1 if there is only one parameter.",
|
|
5356
|
-
guidance: () => ""
|
|
5357
|
-
},
|
|
5358
|
-
statementAfterQuery: {
|
|
5359
|
-
content: ({ var_name }) => `Is the \`Statement\` variable \`${var_name}\` declared after constructing the query string?`,
|
|
5360
|
-
description: () => "When creating the `PreparedStatement` parameter, we need to give it the constructed query. Currently, Mobb doesn't support the case where the query string is defined after the statement in your code.",
|
|
5361
|
-
guidance: ({ userInputValue }) => userInputValue === "no" ? "You should move the code creating the query so it is executed before being used by the prepared statement" : ""
|
|
5362
|
-
},
|
|
5363
|
-
statementBeforeQuery: {
|
|
5364
|
-
content: ({ var_name }) => `Is the query string variable declared after the \`Statement\` variable \`${var_name}\`?`,
|
|
5365
|
-
description: ({ enquote_func_name }) => `We need to have the \`Statement\` object defined before using the \`${enquote_func_name}()\` method. Currently, Mobb doesn't support the case where the query string is defined before the statement in your code.`,
|
|
5366
|
-
guidance: ({
|
|
5367
|
-
userInputValue,
|
|
5368
|
-
enquote_func_name
|
|
5369
|
-
}) => userInputValue === "no" ? `You should move the code creating the query so it is executed after creating the \`Statement\` object as we need to have the \`Statement\` object defined before using the \`${enquote_func_name}()\` method.` : ""
|
|
5370
|
-
},
|
|
5371
|
-
containsControlCharacters: {
|
|
5372
|
-
content: ({ tainted_term }) => `Does \`\`\`${tainted_term}\`\`\` represent a single SQL parameter value?`,
|
|
5373
|
-
description: () => `This should be 'no' only in the rare cases where the input variable itself does not represent a single SQL parameter value but rather other parts of a SQL query such as a table name, a column name, a list of values, a complete or partial inner SQL statement, etc.
|
|
5374
|
-
|
|
5375
|
-
It may be confusing a bit, so here are some examples:
|
|
5376
|
-
|
|
5377
|
-
* A SQL identifier \`\`\`(SELECT * FROM \${tableName})\`\`\`
|
|
5378
|
-
|
|
5379
|
-
* A SQL statement \`\`\`(SELECT * FROM users ORDER BY id \${order})\`\`\``,
|
|
5380
|
-
guidance: () => ""
|
|
5381
|
-
},
|
|
5382
|
-
javaVersionGreaterOrEqual19: {
|
|
5383
|
-
content: ({ enquote_func_name }) => `Is \`java.sql.Statement.${enquote_func_name}\` method available in your runtime?`,
|
|
5384
|
-
description: ({ enquote_func_name }) => `\`java.sql.Statement.${enquote_func_name}\` is supported in Java 1.9 or greater.`,
|
|
5385
|
-
guidance: () => ""
|
|
5386
|
-
},
|
|
5387
|
-
queryParameterName: {
|
|
5388
|
-
content: () => "What should be the name of the query parameter?",
|
|
5389
|
-
description: () => "",
|
|
5390
|
-
guidance: () => ""
|
|
5391
|
-
}
|
|
5392
|
-
};
|
|
5393
|
-
|
|
5394
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/ssrf.ts
|
|
5395
|
-
var ssrf3 = {
|
|
5396
|
-
domainsAllowlist: {
|
|
5397
|
-
content: () => "Allowed URL prefixes",
|
|
5398
|
-
description: () => `The security risk of this issue is the ability of an attacker to provide input that shoots HTTP requests from your server to arbitrary URLs, including internal ones, like \`https://admin.mycompany.com\`
|
|
5399
|
-
|
|
5400
|
-
To eliminate the risk and fix the issue, check out your app logic and make a whitelist of URLs this API should be allowed to call.`,
|
|
5401
|
-
guidance: () => ""
|
|
5402
|
-
}
|
|
5403
|
-
};
|
|
5404
|
-
|
|
5405
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/sysLeak.ts
|
|
5406
|
-
var sysLeak2 = {
|
|
5407
|
-
errorMessage: {
|
|
5408
|
-
content: () => "Enter the error message that you want to appear in the log",
|
|
5409
|
-
description: () => "",
|
|
5410
|
-
guidance: () => ""
|
|
5411
|
-
},
|
|
5412
|
-
noLoggerAction: {
|
|
5413
|
-
content: () => "Which of the following you want to use instead of the vulnerable code?",
|
|
5414
|
-
description: () => "",
|
|
5415
|
-
guidance: () => ""
|
|
5416
|
-
}
|
|
5417
|
-
};
|
|
5418
|
-
|
|
5419
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/trustBoundaryViolation.ts
|
|
5420
|
-
var trustBoundaryViolation2 = {
|
|
5421
|
-
validationPattern: {
|
|
5422
|
-
content: ({ expression }) => `What is the expected type of \`${expression}\`?`,
|
|
5423
|
-
description: () => "We use regex to validate the input to avoid runtime surprises",
|
|
5424
|
-
guidance: () => ""
|
|
5425
|
-
},
|
|
5426
|
-
otherPatternValue: {
|
|
5427
|
-
content: () => `Enter the regex pattern you would like to use to validate the input`,
|
|
5428
|
-
description: () => "See patterns at [the regex javadoc](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/util/regex/Pattern.html)",
|
|
5429
|
-
guidance: () => ""
|
|
5430
|
-
}
|
|
5431
|
-
};
|
|
5432
|
-
|
|
5433
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/uncheckedLoopCondition.ts
|
|
5434
|
-
var uncheckedLoopCondition = {
|
|
5435
|
-
loopLimit: {
|
|
5436
|
-
content: () => "Please define a maximum loop limit",
|
|
5437
|
-
description: () => `Setting this number to a reasonable value will prevent the vulnerability`,
|
|
5438
|
-
guidance: () => ""
|
|
5439
|
-
},
|
|
5440
|
-
varName: {
|
|
5441
|
-
content: () => "Please define a variable name",
|
|
5442
|
-
description: () => `We need to define a variable to be used as a counter to limit the loop`,
|
|
5443
|
-
guidance: () => ""
|
|
5444
|
-
}
|
|
5445
|
-
};
|
|
5446
|
-
|
|
5447
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/unsafeReflection.ts
|
|
5448
|
-
var unsafeReflection = {
|
|
5449
|
-
classAllowlist: {
|
|
5450
|
-
content: () => "Allowed class names for reflection",
|
|
5451
|
-
description: () => `Provide a comma-separated list of fully-qualified class names that are permitted to be loaded via reflection (e.g. \`com.example.MyClass\`). Any other class name will be rejected at runtime.`,
|
|
5452
|
-
guidance: () => ""
|
|
5453
|
-
}
|
|
5454
|
-
};
|
|
5455
|
-
|
|
5456
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/useOfSystemOutputStream.ts
|
|
5457
|
-
var useOfSystemOutputStream2 = {
|
|
5458
|
-
noLoggerAction: {
|
|
5459
|
-
content: () => "Which of the following you want to use instead of the vulnerable code?",
|
|
5460
|
-
description: () => "",
|
|
5461
|
-
guidance: () => ""
|
|
5462
|
-
}
|
|
5463
|
-
};
|
|
5464
|
-
|
|
5465
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/xss.ts
|
|
5466
|
-
var xss2 = {
|
|
5467
|
-
isHtmlOrSafeAttribute: {
|
|
5468
|
-
content: ({ tainted_variable }) => `Where is \`${tainted_variable}\` written to?`,
|
|
5469
|
-
description: () => `Answer examples:
|
|
5470
|
-
|
|
5471
|
-
- a text in an HTML tag or a value of a safe HTML attribute:
|
|
5472
|
-
- \`<li><%= name %></li>\`
|
|
5473
|
-
- \`<div>Name: <%= name %></div>\`
|
|
5474
|
-
- \`<input value="<%= name %>" name="name"/>\`
|
|
5475
|
-
- \`<div data-name="<%= name %>"></div>\`
|
|
5476
|
-
- a JavaScript code block:
|
|
5477
|
-
- \`<script>const name = "<%= name %>";</script>\`
|
|
5478
|
-
- an event attribute of an HTML tag:
|
|
5479
|
-
- \`<a onclick="alert('<%= name %>')">click me</a>\`
|
|
5480
|
-
- \`<img onmouseover="alert('<%= name %>')"/>\`
|
|
5481
|
-
- a src-like attribute of an HTML tag:
|
|
5482
|
-
- \`<a href="/user/<%= name %>">me</a>\`
|
|
5483
|
-
- \`<img src="/img/<%= name %>"/>\`
|
|
5484
|
-
- \`<form action="<%= name %>"></form>\`
|
|
5485
|
-
- \`<iframe srcdoc="<%= name %>"/>\`
|
|
5486
|
-
- a part of an HTML tag attributes list:
|
|
5487
|
-
- \`<a <%= name %>>text</a>\`
|
|
5488
|
-
|
|
5489
|
-
See more details about safe and unsafe HTML attributes:
|
|
5490
|
-
- [PortSwigger cheat-sheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
|
|
5491
|
-
- [DOMPurify attributes filter implementation](https://github.com/cure53/DOMPurify/blob/c29aa900a1c286b82ee4f48a7ffab96cab3e84fa/src/attrs.js)
|
|
5492
|
-
`,
|
|
5493
|
-
guidance: () => ""
|
|
5494
|
-
},
|
|
5495
|
-
isHtmlEncoded: {
|
|
5496
|
-
content: () => "Is the user input already encoded as HTML text?",
|
|
5497
|
-
description: () => "If you are unsure, we will decode the user input and encode it again to ensure it is safe and the data is kept the same.",
|
|
5498
|
-
guidance: () => ""
|
|
5499
|
-
},
|
|
5500
|
-
htmlEscapingLib: {
|
|
5501
|
-
content: () => "Which HTML escaping library would you like to use?",
|
|
5502
|
-
description: () => `
|
|
5503
|
-
- If you use the Spring framework, you likely already have \`org.springframework.web.util.HtmlUtils\`
|
|
5504
|
-
- Another option is \`org.apache.commons.text.StringEscapeUtils\``,
|
|
5505
|
-
guidance: () => ""
|
|
5506
|
-
}
|
|
5507
|
-
};
|
|
5508
|
-
|
|
5509
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/xxe.ts
|
|
5510
|
-
var xxe2 = {
|
|
5511
|
-
factoryVarName: {
|
|
5512
|
-
content: () => "Name the new Factory variable",
|
|
5513
|
-
description: () => "We needed to create a new variable for this fix. We actually like the name we picked, but maybe you follow different naming conventions, so you can change it here.",
|
|
5514
|
-
guidance: () => ""
|
|
5515
|
-
}
|
|
5516
|
-
};
|
|
5517
|
-
|
|
5518
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
|
|
5519
|
-
var vulnerabilities14 = {
|
|
5520
|
-
["SQL_Injection"]: sqlInjection3,
|
|
5521
|
-
["CMDi_relative_path_command"]: relativePathCommand,
|
|
5522
|
-
["CMDi"]: commandInjection2,
|
|
5523
|
-
["CONFUSING_NAMING"]: confusingNaming,
|
|
5524
|
-
["ERROR_CONDTION_WITHOUT_ACTION"]: errorConditionWithoutAction,
|
|
5525
|
-
["XXE"]: xxe2,
|
|
5526
|
-
["XSS"]: xss2,
|
|
5527
|
-
["PRIVACY_VIOLATION"]: privacyViolation,
|
|
5528
|
-
["PT"]: pt2,
|
|
5529
|
-
["SSRF"]: ssrf3,
|
|
5530
|
-
["LOG_FORGING"]: logForging3,
|
|
5531
|
-
["LOCALE_DEPENDENT_COMPARISON"]: localeDependentComparison,
|
|
5532
|
-
["MISSING_CHECK_AGAINST_NULL"]: missingCheckAgainstNull,
|
|
5533
|
-
["OPEN_REDIRECT"]: openRedirect,
|
|
5534
|
-
["OVERLY_BROAD_CATCH"]: overlyBroadCatch2,
|
|
5535
|
-
["SYSTEM_INFORMATION_LEAK"]: sysLeak2,
|
|
5536
|
-
["USE_OF_SYSTEM_OUTPUT_STREAM"]: useOfSystemOutputStream2,
|
|
5537
|
-
["HTTP_ONLY_COOKIE"]: httpOnlyCookie2,
|
|
5538
|
-
["UNCHECKED_LOOP_CONDITION"]: uncheckedLoopCondition,
|
|
5539
|
-
["INSECURE_COOKIE"]: insecureCookie2,
|
|
5540
|
-
["TRUST_BOUNDARY_VIOLATION"]: trustBoundaryViolation2,
|
|
5541
|
-
["UNSAFE_REFLECTION"]: unsafeReflection,
|
|
5542
|
-
["J2EE_GET_CONNECTION"]: j2eeGetConnection2,
|
|
5543
|
-
["LEFTOVER_DEBUG_CODE"]: leftoverDebugCode,
|
|
5544
|
-
["ERRONEOUS_STRING_COMPARE"]: erroneousStringCompare,
|
|
5545
|
-
["DUPLICATED_STRINGS"]: duplicatedStrings
|
|
5546
|
-
};
|
|
5547
|
-
var java_default2 = vulnerabilities14;
|
|
5548
|
-
|
|
5549
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/python/csrf.ts
|
|
5550
|
-
var csrf2 = {
|
|
5551
|
-
isPythonDjangoTemplate: {
|
|
5552
|
-
content: () => "Is the reported file Python Django template?",
|
|
5553
|
-
description: () => "",
|
|
5554
|
-
guidance: () => ""
|
|
5555
|
-
}
|
|
5556
|
-
};
|
|
5557
|
-
|
|
5558
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/commandInjection.ts
|
|
5559
|
-
var commandInjection3 = {
|
|
5560
|
-
isCommandExecutable: {
|
|
5561
|
-
content: () => "Commands can be intrinsically unsafe if they call out to other executables or run arbitary code",
|
|
5562
|
-
description: () => `Does the command fall into one of the following categories:
|
|
5563
|
-
|
|
5564
|
-
1. An executable name:
|
|
5565
|
-
- \`exec(input);\`
|
|
5566
|
-
- \`exec("/bin/bash " + input);\`
|
|
5567
|
-
- \`exec("/bin/sh -c" + input + " param");\`
|
|
5568
|
-
- \`exec("/bin/bash -c cat file.txt | " + input);\`
|
|
5569
|
-
- \`exec("/usr/bin/git --upload-pack " + input);\`
|
|
5570
|
-
2. A part of non-unix or cross platform shell command:
|
|
5571
|
-
- \`exec("cmd.exe /c ping " + input);\`
|
|
5572
|
-
3. A part of programming language code:
|
|
5573
|
-
- \`exec("php -r echo '" + input + "';");\`
|
|
5574
|
-
- \`exec("perl -e print '" + input + "'");\``,
|
|
5575
|
-
guidance: () => ""
|
|
5576
|
-
}
|
|
5577
|
-
};
|
|
5578
|
-
|
|
5579
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/graphqlDepthLimit.ts
|
|
5580
|
-
var graphqlDepthLimit = {
|
|
5581
|
-
depthLimit: {
|
|
5582
|
-
content: () => "Please define a maximum query depth",
|
|
5583
|
-
description: () => `Setting this number to a reasonable value will prevent the attack.
|
|
5584
|
-
Make sure to pick a value large enough to allowed the nessecary amount of nested queries.`,
|
|
5585
|
-
guidance: () => {
|
|
5586
|
-
return "We use `graphql-depth-limit` npm package to limit the depth of nested queries. Please make sure you install the package using `npm install graphql-depth-limit`.";
|
|
5587
|
-
}
|
|
5588
|
-
}
|
|
5589
|
-
};
|
|
5590
|
-
|
|
5591
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/hardcodedDomainInHtml.ts
|
|
5592
|
-
var hardcodedDomainInHtml = {
|
|
5593
|
-
isCDNFixedVersion: {
|
|
5594
|
-
content: ({ url }) => `Does the content of \`${url}\` change over time? If it does, we can't offer this fix.`,
|
|
5595
|
-
description: () => "You need to make sure the content of the file you are loading from the external source is persistent. To guarantee the integrity hash does not change over time, please make sure you use a proper CDN and version of the script you are loading is pinned.",
|
|
5596
|
-
guidance: () => ""
|
|
5597
|
-
}
|
|
5598
|
-
};
|
|
5599
|
-
|
|
5600
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/hardcodedSecrets.ts
|
|
5601
|
-
var hardcodedSecrets2 = {
|
|
5602
|
-
envVarName: {
|
|
5603
|
-
content: () => "Please define an environment variable name",
|
|
5604
|
-
description: () => `We will use this environment variable instead of the hardcoded secret`,
|
|
5605
|
-
guidance: () => ""
|
|
5606
|
-
},
|
|
5607
|
-
keepAsDefault: {
|
|
5608
|
-
content: () => "Do you want to keep the hardcoded secret in the code for now?",
|
|
5609
|
-
description: () => 'Answer "yes" if you cannot set the environment variable in all environments right away.',
|
|
5610
|
-
guidance: () => ""
|
|
5611
|
-
}
|
|
5612
|
-
};
|
|
5613
|
-
|
|
5614
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/iframeWithoutSandbox.ts
|
|
5615
|
-
var iframeWithoutSandbox = {
|
|
5616
|
-
iframeRestrictions: {
|
|
5617
|
-
content: () => "Please define a comma-separated list of iframe sandbox restrictions (optional)",
|
|
5618
|
-
description: () => `Possible values:
|
|
5619
|
-
- allow-downloads
|
|
5620
|
-
- allow-forms
|
|
5621
|
-
- allow-modals
|
|
5622
|
-
- allow-orientation-lock
|
|
5623
|
-
- allow-pointer-lock
|
|
5624
|
-
- allow-popups
|
|
5625
|
-
- allow-popups-to-escape-sandbox
|
|
5626
|
-
- allow-presentation
|
|
5627
|
-
- allow-same-origin
|
|
5628
|
-
- allow-scripts
|
|
5629
|
-
- allow-storage-access-by-user-activation
|
|
5630
|
-
- allow-top-navigation
|
|
5631
|
-
- allow-top-navigation-by-user-activation
|
|
5632
|
-
- allow-top-navigation-to-custom-protocols
|
|
5633
|
-
|
|
5634
|
-
See more info [here](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox).`,
|
|
5635
|
-
guidance: () => ""
|
|
5636
|
-
}
|
|
5637
|
-
};
|
|
5638
|
-
|
|
5639
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/incompleteUrlSanitization.ts
|
|
5640
|
-
var incompleteUrlSanitization = {
|
|
5641
|
-
allowedRootDomain: {
|
|
5642
|
-
content: () => "The root domain of your application",
|
|
5643
|
-
description: () => "We needed to strengthen the security check by ensuring that the url is under the root domain of your application.",
|
|
5644
|
-
guidance: () => ""
|
|
5645
|
-
}
|
|
5646
|
-
};
|
|
5647
|
-
|
|
5648
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/insecureRandomness.ts
|
|
5649
|
-
var insecureRandomness2 = {
|
|
5650
|
-
isGetRandomValuesSupported: {
|
|
5651
|
-
content: () => "Is getRandomValues() function supported by your JavaScript engine?",
|
|
5652
|
-
description: () => "[getRandomValues()](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues) is supported by [more than 97% of browsers](https://caniuse.com/?search=getRandomValues) and [Node.js >= 15.0.0](https://nodejs.org/api/webcrypto.html#cryptogetrandomvaluestypedarray).",
|
|
5653
|
-
guidance: () => ""
|
|
5654
|
-
}
|
|
5655
|
-
};
|
|
5656
|
-
|
|
5657
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/logForging.ts
|
|
5658
|
-
var logForging4 = {
|
|
5659
|
-
isHtmlDisplay: {
|
|
5660
|
-
content: () => "Is the text written to the log going to be displayed as HTML?",
|
|
5661
|
-
description: () => "",
|
|
5662
|
-
guidance: () => ""
|
|
5663
|
-
}
|
|
5664
|
-
};
|
|
5665
|
-
|
|
5666
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/missingCSPHeader.ts
|
|
5667
|
-
var cspHeaderValue = {
|
|
5668
|
-
cspHeaderValue: {
|
|
5669
|
-
content: () => "Please provide the value for the Content-Security-Policy header",
|
|
5670
|
-
description: () => `The Content-Security-Policy (CSP) header is a critical security measure that helps protect websites from various attacks, particularly Cross-Site Scripting (XSS) and other code injection attacks. Here's a concise explanation:
|
|
5671
|
-
|
|
5672
|
-
|
|
5673
|
-
|
|
5674
|
-
**What it does**:
|
|
5675
|
-
|
|
5676
|
-
|
|
5677
|
-
|
|
5678
|
-
CSP lets you specify which content sources the browser should consider valid, essentially creating a whitelist of trusted content. It controls things like:
|
|
5679
|
-
|
|
5680
|
-
|
|
5681
|
-
|
|
5682
|
-
- Which scripts can execute.
|
|
5683
|
-
- Where images can be loaded from.
|
|
5684
|
-
- Which styles can be applied.
|
|
5685
|
-
- Which forms can be submitted to.
|
|
5686
|
-
- What domains can be connected to.
|
|
5687
|
-
|
|
5688
|
-
Default value explanation:
|
|
5689
|
-
|
|
5690
|
-
- default-src 'self: Only allows resources from the same origin by default.
|
|
5691
|
-
- script-src 'self': Only allows scripts to be loaded from the same origin.
|
|
5692
|
-
- style-src 'self': Only allows styles from the same origin.
|
|
5693
|
-
- object-src 'none': Disallows <object>, <embed>, and <applet> elements.
|
|
5694
|
-
- base-uri 'self': Restricts where the <base> tag can point to.
|
|
5695
|
-
- frame-ancestors 'self': Ensures that only the same origin can embed the page using an iframe.
|
|
5696
|
-
|
|
5697
|
-
|
|
5698
|
-
**This kind of \`CSP\` is more secure but may require adjustments for your specific application, especially if you need to load resources from external domains or use inline scripts/styles.**`,
|
|
5699
|
-
guidance: () => ``
|
|
5700
|
-
}
|
|
5701
|
-
};
|
|
5702
|
-
|
|
5703
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/missingHSTSHeader.ts
|
|
5704
|
-
var headerMaxAge = {
|
|
5705
|
-
headerMaxAge: {
|
|
5706
|
-
content: () => "Please provide the maximum age of the header",
|
|
5707
|
-
description: () => `This is the time, in seconds, that the browser should remember that the site is only to be accessed using \`HTTPS\`.
|
|
5708
|
-
|
|
5709
|
-
|
|
5710
|
-
Setting the \`max-age\` to \`0\` (over an https connection) will immediately expire the Strict-Transport-Security header, allowing access via \`HTTP\`.
|
|
5711
|
-
|
|
5712
|
-
|
|
5713
|
-
|
|
5714
|
-
|
|
5715
|
-
The HTTP Strict-Transport-Security response header (\`HSTS\`) informs browsers that the site
|
|
5716
|
-
should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically
|
|
5717
|
-
be converted to HTTPS.
|
|
5718
|
-
|
|
5719
|
-
|
|
5720
|
-
|
|
5721
|
-
|
|
5722
|
-
If a website accepts a connection through \`HTTP\` and redirects to \`HTTPS\`, visitors may initially communicate with
|
|
5723
|
-
the non-encrypted version of the site before being redirected, if, for example, the visitor
|
|
5724
|
-
types \`http://www.example.com\` or even just \`example.com\`. This creates an opportunity for a man-in-the-middle attack.
|
|
5725
|
-
The redirect could be exploited to direct visitors to a malicious site instead of the secure version of the original site.
|
|
5726
|
-
|
|
5727
|
-
|
|
5728
|
-
|
|
5729
|
-
The \`HTTP\` Strict Transport Security header informs the browser that it should never load a site using \`HTTP\`
|
|
5730
|
-
and should automatically convert all attempts to access the site using \`HTTP\` to \`HTTPS\` requests instead.`,
|
|
5731
|
-
guidance: () => ``
|
|
5732
|
-
}
|
|
5733
|
-
};
|
|
5734
|
-
|
|
5735
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/missingXFrameOptions.ts
|
|
5736
|
-
var xFrameOptionsValue = {
|
|
5737
|
-
xFrameOptionsValue: {
|
|
5738
|
-
content: () => "Please provide the value for the X-Frame-Options header",
|
|
5739
|
-
description: () => `The \`X-Frame-Options\` HTTP response header tells the browser whether the page is allowed to be rendered inside a \`<frame>\`, \`<iframe>\`, \`<embed>\` or \`<object>\`. Without it, attackers can embed your application in an invisible iframe and trick users into clicking on it \u2014 a class of attacks known as clickjacking (UI redressing).
|
|
5740
|
-
|
|
5741
|
-
**Allowed values:**
|
|
5742
|
-
- \`DENY\` \u2014 the page cannot be framed by any site, including your own. Recommended default for any page that does not need to be embedded.
|
|
5743
|
-
- \`SAMEORIGIN\` \u2014 the page can only be framed by pages served from the same origin. Use this only if your own application legitimately embeds this page in an iframe.`,
|
|
5744
|
-
guidance: () => ``
|
|
5745
|
-
}
|
|
5746
|
-
};
|
|
5747
|
-
|
|
5748
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/noLimitsOrThrottling.ts
|
|
5749
|
-
var noLimitsOrThrottling2 = {
|
|
5750
|
-
setGlobalLimiter: {
|
|
5751
|
-
content: () => "Would you like to use a global rate limit for all your endpoints within the same file?",
|
|
5752
|
-
description: () => "",
|
|
5753
|
-
guidance: () => ""
|
|
5754
|
-
}
|
|
5755
|
-
};
|
|
5756
|
-
|
|
5757
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/openRedirect.ts
|
|
5758
|
-
var openRedirect2 = {
|
|
5759
|
-
isExternal: {
|
|
5760
|
-
content: () => "Does the redirect go to an external site?",
|
|
5761
|
-
description: () => "",
|
|
5762
|
-
guidance: () => ""
|
|
5763
|
-
},
|
|
5764
|
-
domainAllowlist: {
|
|
5765
|
-
content: () => "Allowed domains names",
|
|
5766
|
-
description: () => "please provide a coma separated list of allowed domains names (example.com, example.org, etc.)",
|
|
5767
|
-
guidance: () => ""
|
|
5768
|
-
},
|
|
5769
|
-
pathAllowlist: {
|
|
5770
|
-
content: () => "Allowed paths (URIs)",
|
|
5771
|
-
description: () => "please provide a coma separated list of allowed path (/health, /api/v1/health, etc.)",
|
|
5772
|
-
guidance: () => ""
|
|
5773
|
-
},
|
|
5774
|
-
includeProtocolValidation: {
|
|
5775
|
-
content: () => "Should HTTP or HTTPS protocol be enforced?",
|
|
5776
|
-
description: () => "please indicate if the protocol should be enforced",
|
|
5777
|
-
guidance: () => ""
|
|
5778
|
-
}
|
|
5779
|
-
};
|
|
5780
|
-
|
|
5781
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/pt.ts
|
|
5782
|
-
var pt3 = {
|
|
5783
|
-
taintedTermType: {
|
|
5784
|
-
content: ({ expression }) => `Does \`${expression}\` represent a file name, a relative path or an absolute path?`,
|
|
5785
|
-
description: ({ expression }) => `We replace all illegal file name characters for Unix, Windows, and macOS operation systems, including slashes. Ensure that \`${expression}\` isn't supposed to contain slashes or other illegal file name characters.`,
|
|
5786
|
-
guidance: () => ""
|
|
5787
|
-
}
|
|
5788
|
-
};
|
|
5789
|
-
|
|
5790
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/ssrf.ts
|
|
5791
|
-
var ssrf4 = {
|
|
5792
|
-
domainsAllowlist: {
|
|
5793
|
-
content: () => "List of allowed domain names",
|
|
5794
|
-
description: () => `The security risk of this issue is the ability of an attacker to provide input that shoots HTTP requests from your server to arbitrary domains.
|
|
5795
|
-
|
|
5796
|
-
|
|
5797
|
-
To eliminate the risk and fix the issue, check out your app logic and make a whitelist of domains the server should be allowed to call.`,
|
|
5798
|
-
guidance: () => ""
|
|
5799
|
-
}
|
|
5800
|
-
};
|
|
5801
|
-
|
|
5802
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/sysLeak.ts
|
|
5803
|
-
var sysLeak3 = {
|
|
5804
|
-
errorMessage: {
|
|
5805
|
-
content: () => "Enter the error message that you want to appear in the log",
|
|
5806
|
-
description: () => "",
|
|
5807
|
-
guidance: () => ""
|
|
5808
|
-
},
|
|
5809
|
-
noLoggerAction: {
|
|
5810
|
-
content: () => "Which of the following you want to use instead of the vulnerable code?",
|
|
5811
|
-
description: () => "",
|
|
5812
|
-
guidance: () => ""
|
|
5813
|
-
}
|
|
5814
|
-
};
|
|
5815
|
-
|
|
5816
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/js/sysLeakExternal.ts
|
|
5817
|
-
var sysLeakExternal = {
|
|
5818
|
-
errorMessage: {
|
|
5819
|
-
content: () => "Enter the error message that you want to appear to the user",
|
|
5820
|
-
description: () => "",
|
|
5821
|
-
guidance: () => ""
|
|
4262
|
+
warn: async (message, data) => {
|
|
4263
|
+
const logger3 = await createContextLogger();
|
|
4264
|
+
return logger3.warn(message, data);
|
|
4265
|
+
},
|
|
4266
|
+
error: async (message, data) => {
|
|
4267
|
+
const logger3 = await createContextLogger();
|
|
4268
|
+
return logger3.error(message, data);
|
|
5822
4269
|
}
|
|
5823
4270
|
};
|
|
5824
4271
|
|
|
5825
|
-
// src/features/analysis/scm/
|
|
5826
|
-
var
|
|
5827
|
-
|
|
5828
|
-
|
|
5829
|
-
|
|
5830
|
-
guidance: () => ""
|
|
4272
|
+
// src/features/analysis/scm/errors.ts
|
|
4273
|
+
var InvalidAccessTokenError = class extends Error {
|
|
4274
|
+
constructor(m, scmType) {
|
|
4275
|
+
super(m);
|
|
4276
|
+
this.scmType = scmType;
|
|
5831
4277
|
}
|
|
5832
4278
|
};
|
|
5833
|
-
|
|
5834
|
-
|
|
5835
|
-
|
|
5836
|
-
|
|
5837
|
-
content: () => "Please define a maximum loop limit",
|
|
5838
|
-
description: () => `Setting this number to a reasonable value will prevent the vulnerability`,
|
|
5839
|
-
guidance: () => ""
|
|
5840
|
-
},
|
|
5841
|
-
varName: {
|
|
5842
|
-
content: () => "Please define a variable name",
|
|
5843
|
-
description: () => `We need to define a variable to be used as a counter to limit the loop`,
|
|
5844
|
-
guidance: () => ""
|
|
4279
|
+
var InvalidUrlPatternError = class extends Error {
|
|
4280
|
+
constructor(m, scmType) {
|
|
4281
|
+
super(m);
|
|
4282
|
+
this.scmType = scmType;
|
|
5845
4283
|
}
|
|
5846
4284
|
};
|
|
5847
|
-
|
|
5848
|
-
|
|
5849
|
-
|
|
5850
|
-
containsHtml: {
|
|
5851
|
-
content: () => "Does the element or variable contain HTML formatting",
|
|
5852
|
-
description: () => "",
|
|
5853
|
-
guidance: () => ""
|
|
5854
|
-
},
|
|
5855
|
-
isParamTypeString: {
|
|
5856
|
-
content: () => "Is the parameter passed to the $() function a string",
|
|
5857
|
-
description: () => "",
|
|
5858
|
-
guidance: () => ""
|
|
5859
|
-
},
|
|
5860
|
-
isSanitized: {
|
|
5861
|
-
content: ({ expression }) => `Is the expression \`${expression}\` supposed to be not sanitized in this context?`,
|
|
5862
|
-
description: () => "You are using unsafe string substitution in the template. This means that if the expression can contain maliciously crafted data, it may lead to XSS injection. To apply the fix, you have to make sure the expression is not sanitized on the backend already, and it does not represent an HTML code block.",
|
|
5863
|
-
guidance: () => ""
|
|
5864
|
-
},
|
|
5865
|
-
isServerSideCode: {
|
|
5866
|
-
content: () => "Is this code running on the server side (a NodeJS application)",
|
|
5867
|
-
description: () => "The fix to this vulnerability is different is the code runs in the client (browser) or the server side (NodeJs)",
|
|
5868
|
-
guidance: () => ""
|
|
4285
|
+
var RefNotFoundError = class extends Error {
|
|
4286
|
+
constructor(m) {
|
|
4287
|
+
super(m);
|
|
5869
4288
|
}
|
|
5870
4289
|
};
|
|
5871
|
-
|
|
5872
|
-
|
|
5873
|
-
|
|
5874
|
-
|
|
5875
|
-
["GRAPHQL_DEPTH_LIMIT"]: graphqlDepthLimit,
|
|
5876
|
-
["INSECURE_RANDOMNESS"]: insecureRandomness2,
|
|
5877
|
-
["SSRF"]: ssrf4,
|
|
5878
|
-
["TYPE_CONFUSION"]: typeConfusion,
|
|
5879
|
-
["INCOMPLETE_URL_SANITIZATION"]: incompleteUrlSanitization,
|
|
5880
|
-
["LOG_FORGING"]: logForging4,
|
|
5881
|
-
["XSS"]: xss3,
|
|
5882
|
-
["OPEN_REDIRECT"]: openRedirect2,
|
|
5883
|
-
["SYSTEM_INFORMATION_LEAK"]: sysLeak3,
|
|
5884
|
-
["SYSTEM_INFORMATION_LEAK_EXTERNAL"]: sysLeakExternal,
|
|
5885
|
-
["IFRAME_WITHOUT_SANDBOX"]: iframeWithoutSandbox,
|
|
5886
|
-
["PT"]: pt3,
|
|
5887
|
-
["HARDCODED_SECRETS"]: hardcodedSecrets2,
|
|
5888
|
-
["MISSING_HSTS_HEADER"]: headerMaxAge,
|
|
5889
|
-
["UNCHECKED_LOOP_CONDITION"]: uncheckedLoopCondition2,
|
|
5890
|
-
["NO_LIMITS_OR_THROTTLING"]: noLimitsOrThrottling2,
|
|
5891
|
-
["MISSING_CSP_HEADER"]: cspHeaderValue,
|
|
5892
|
-
["MISSING_X_FRAME_OPTIONS"]: xFrameOptionsValue,
|
|
5893
|
-
["HARDCODED_DOMAIN_IN_HTML"]: hardcodedDomainInHtml,
|
|
5894
|
-
["CSRF"]: csrf2
|
|
5895
|
-
};
|
|
5896
|
-
var js_default = vulnerabilities15;
|
|
5897
|
-
|
|
5898
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/python/duplicatedStrings.ts
|
|
5899
|
-
var duplicatedStrings2 = {
|
|
5900
|
-
constantName: {
|
|
5901
|
-
content: () => "New constant name",
|
|
5902
|
-
description: () => "",
|
|
5903
|
-
guidance: () => ""
|
|
4290
|
+
var ScmBadCredentialsError = class extends Error {
|
|
4291
|
+
constructor(m, scmType) {
|
|
4292
|
+
super(m);
|
|
4293
|
+
this.scmType = scmType;
|
|
5904
4294
|
}
|
|
5905
4295
|
};
|
|
5906
|
-
|
|
5907
|
-
|
|
5908
|
-
|
|
5909
|
-
|
|
5910
|
-
content: () => "Is the text written to the log going to be displayed as HTML?",
|
|
5911
|
-
description: () => "",
|
|
5912
|
-
guidance: ({ userInputValue }) => {
|
|
5913
|
-
switch (userInputValue) {
|
|
5914
|
-
case "yes":
|
|
5915
|
-
return "We use `html.escape` to decode the HTML";
|
|
5916
|
-
default:
|
|
5917
|
-
return "";
|
|
5918
|
-
}
|
|
5919
|
-
}
|
|
4296
|
+
var InvalidRepoUrlError = class extends Error {
|
|
4297
|
+
constructor(m, scmType) {
|
|
4298
|
+
super(m);
|
|
4299
|
+
this.scmType = scmType;
|
|
5920
4300
|
}
|
|
5921
4301
|
};
|
|
5922
|
-
|
|
5923
|
-
|
|
5924
|
-
|
|
5925
|
-
|
|
5926
|
-
content: () => "Enter the encoding of the file",
|
|
5927
|
-
description: () => "",
|
|
5928
|
-
guidance: () => ""
|
|
4302
|
+
var RepoNoTokenAccessError = class extends Error {
|
|
4303
|
+
constructor(m, scmType) {
|
|
4304
|
+
super(m);
|
|
4305
|
+
this.scmType = scmType;
|
|
5929
4306
|
}
|
|
5930
4307
|
};
|
|
5931
|
-
|
|
5932
|
-
|
|
5933
|
-
|
|
5934
|
-
|
|
5935
|
-
|
|
5936
|
-
description: () => "If external, provide a coma separated list of allowed domains. If internal, provide a coma seperated list of allowed paths",
|
|
5937
|
-
guidance: () => ""
|
|
4308
|
+
var RateLimitError = class extends Error {
|
|
4309
|
+
constructor(m, scmType, retryAfter) {
|
|
4310
|
+
super(m);
|
|
4311
|
+
this.scmType = scmType;
|
|
4312
|
+
this.retryAfter = retryAfter;
|
|
5938
4313
|
}
|
|
5939
4314
|
};
|
|
5940
|
-
|
|
5941
|
-
|
|
5942
|
-
|
|
5943
|
-
|
|
5944
|
-
|
|
5945
|
-
description: () => `The security risk of this issue is the ability of an attacker to provide input that shoots HTTP requests from your server to arbitrary URLs, including internal ones, like \`https://admin.mycompany.com\`
|
|
5946
|
-
|
|
5947
|
-
To eliminate the risk and fix the issue, check out your app logic and make a whitelist of URLs this API should be allowed to call.`,
|
|
5948
|
-
guidance: () => ""
|
|
4315
|
+
var NetworkError = class extends Error {
|
|
4316
|
+
constructor(m, scmType, errorCode) {
|
|
4317
|
+
super(m);
|
|
4318
|
+
this.scmType = scmType;
|
|
4319
|
+
this.errorCode = errorCode;
|
|
5949
4320
|
}
|
|
5950
4321
|
};
|
|
5951
4322
|
|
|
5952
|
-
// src/features/analysis/scm/
|
|
5953
|
-
|
|
5954
|
-
loopLimit: {
|
|
5955
|
-
content: () => "Please define a maximum loop limit",
|
|
5956
|
-
description: () => `Setting this number to a reasonable value will prevent the vulnerability`,
|
|
5957
|
-
guidance: () => ""
|
|
5958
|
-
},
|
|
5959
|
-
varName: {
|
|
5960
|
-
content: () => "Please define a variable name",
|
|
5961
|
-
description: () => `We need to define a variable to be used as a counter to limit the loop`,
|
|
5962
|
-
guidance: () => ""
|
|
5963
|
-
}
|
|
5964
|
-
};
|
|
4323
|
+
// src/features/analysis/scm/utils/index.ts
|
|
4324
|
+
import { z as z10 } from "zod";
|
|
5965
4325
|
|
|
5966
|
-
// src/features/analysis/scm/shared/src/
|
|
5967
|
-
|
|
5968
|
-
|
|
5969
|
-
|
|
5970
|
-
|
|
5971
|
-
[
|
|
5972
|
-
|
|
5973
|
-
|
|
5974
|
-
|
|
4326
|
+
// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
|
|
4327
|
+
init_client_generates();
|
|
4328
|
+
init_getIssueType();
|
|
4329
|
+
init_issueTypeCatalog();
|
|
4330
|
+
function capitalizeFirstLetter(str) {
|
|
4331
|
+
return str?.length ? str[0].toUpperCase() + str.slice(1) : "";
|
|
4332
|
+
}
|
|
4333
|
+
function lowercaseFirstLetter(str) {
|
|
4334
|
+
if (!str) return str;
|
|
4335
|
+
return `${str.charAt(0).toLowerCase()}${str.slice(1)}`;
|
|
4336
|
+
}
|
|
4337
|
+
var severityToEmoji = {
|
|
4338
|
+
["critical" /* Critical */]: "\u{1F6A8}",
|
|
4339
|
+
["high" /* High */]: "\u{1F6A9}",
|
|
4340
|
+
["medium" /* Medium */]: "\u{1F7E1}",
|
|
4341
|
+
["low" /* Low */]: "\u{1F7E2}"
|
|
5975
4342
|
};
|
|
5976
|
-
var
|
|
4343
|
+
var getCommitDescription = ({
|
|
4344
|
+
vendor,
|
|
4345
|
+
issueType,
|
|
4346
|
+
severity,
|
|
4347
|
+
guidances,
|
|
4348
|
+
fixUrl,
|
|
4349
|
+
irrelevantIssueWithTags
|
|
4350
|
+
}) => {
|
|
4351
|
+
const issueTypeString = getIssueTypeFriendlyString(issueType);
|
|
4352
|
+
let description = `This change fixes a **${severity} severity** (${severityToEmoji[severity]}) **${issueTypeString}** issue reported by **${capitalizeFirstLetter(
|
|
4353
|
+
vendor
|
|
4354
|
+
)}**.
|
|
5977
4355
|
|
|
5978
|
-
|
|
5979
|
-
|
|
5980
|
-
|
|
5981
|
-
|
|
5982
|
-
|
|
5983
|
-
|
|
5984
|
-
|
|
5985
|
-
A value too high will cause performance issues up to and including denial of service.`
|
|
5986
|
-
}
|
|
5987
|
-
};
|
|
4356
|
+
`;
|
|
4357
|
+
if (issueType) {
|
|
4358
|
+
if (irrelevantIssueWithTags?.[0]?.tag) {
|
|
4359
|
+
description += `
|
|
4360
|
+
> [!tip]
|
|
4361
|
+
> This issue was found to be irrelevant to your project - ${lowercaseFirstLetter(getTagTooltip(irrelevantIssueWithTags[0].tag))}.
|
|
4362
|
+
> Mobb recommends to ignore this issue, however fix is available if you think differently.
|
|
5988
4363
|
|
|
5989
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
|
|
5990
|
-
var vulnerabilities17 = {
|
|
5991
|
-
["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES"]: unboundedOccurrences
|
|
5992
|
-
};
|
|
5993
|
-
var xml_default2 = vulnerabilities17;
|
|
5994
4364
|
|
|
5995
|
-
|
|
5996
|
-
|
|
5997
|
-
|
|
5998
|
-
|
|
5999
|
-
|
|
6000
|
-
|
|
4365
|
+
## Justification
|
|
4366
|
+
${issueDescription[irrelevantIssueWithTags[0].tag]}
|
|
4367
|
+
`;
|
|
4368
|
+
}
|
|
4369
|
+
const catalogEntry = getIssueTypeCatalogEntry(issueType);
|
|
4370
|
+
if (catalogEntry?.issueDescription) {
|
|
4371
|
+
description += `## Issue description
|
|
4372
|
+
${catalogEntry.issueDescription}
|
|
4373
|
+
`;
|
|
4374
|
+
if (catalogEntry.fixInstructions) {
|
|
4375
|
+
description += `
|
|
4376
|
+
## Fix instructions
|
|
4377
|
+
${catalogEntry.fixInstructions}
|
|
4378
|
+
`;
|
|
4379
|
+
}
|
|
4380
|
+
}
|
|
6001
4381
|
}
|
|
6002
|
-
|
|
6003
|
-
|
|
6004
|
-
|
|
6005
|
-
|
|
6006
|
-
|
|
6007
|
-
|
|
6008
|
-
description
|
|
6009
|
-
|
|
4382
|
+
description += `
|
|
4383
|
+
${guidances.map(({ guidance }) => `## Additional actions required
|
|
4384
|
+
${guidance}
|
|
4385
|
+
`).join("")}
|
|
4386
|
+
`;
|
|
4387
|
+
if (fixUrl) {
|
|
4388
|
+
description += `
|
|
4389
|
+
[More info and fix customization are available in the Mobb platform](${fixUrl})`;
|
|
6010
4390
|
}
|
|
4391
|
+
return description;
|
|
6011
4392
|
};
|
|
4393
|
+
var getCommitIssueDescription = ({
|
|
4394
|
+
vendor,
|
|
4395
|
+
issueType,
|
|
4396
|
+
irrelevantIssueWithTags,
|
|
4397
|
+
fpDescription,
|
|
4398
|
+
unfixableDescription
|
|
4399
|
+
}) => {
|
|
4400
|
+
const issueTypeString = getIssueTypeFriendlyString(issueType);
|
|
4401
|
+
let description = `The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
|
|
4402
|
+
`;
|
|
4403
|
+
if (issueType) {
|
|
4404
|
+
if (irrelevantIssueWithTags?.[0]?.tag) {
|
|
4405
|
+
description = `
|
|
4406
|
+
> [!tip]
|
|
4407
|
+
> The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
|
|
4408
|
+
> ${issueTypeString} - ${lowercaseFirstLetter(getTagTooltip(irrelevantIssueWithTags[0].tag))}.
|
|
4409
|
+
> Mobb recommends to ignore this issue, however fix is available if you think differently.
|
|
6012
4410
|
|
|
6013
|
-
// src/features/analysis/scm/shared/src/storedQuestionData/yaml/writableFilesystemService.ts
|
|
6014
|
-
var writableFilesystemService = {
|
|
6015
|
-
requireWriteAccess: {
|
|
6016
|
-
content: () => "Does the container require writable filesystem access?",
|
|
6017
|
-
description: () => "",
|
|
6018
|
-
guidance: () => `If the container requires writable filesystem access, setting the filesystem as readonly might harm the container functionality.`
|
|
6019
|
-
}
|
|
6020
|
-
};
|
|
6021
4411
|
|
|
6022
|
-
|
|
6023
|
-
|
|
6024
|
-
|
|
6025
|
-
|
|
6026
|
-
|
|
4412
|
+
## Justification
|
|
4413
|
+
${fpDescription ?? unfixableDescription ?? issueDescription[irrelevantIssueWithTags[0].tag]}
|
|
4414
|
+
`;
|
|
4415
|
+
}
|
|
4416
|
+
const catalogEntry = getIssueTypeCatalogEntry(issueType);
|
|
4417
|
+
if (catalogEntry?.issueDescription) {
|
|
4418
|
+
description += `## Issue description
|
|
4419
|
+
${catalogEntry.issueDescription}
|
|
4420
|
+
`;
|
|
4421
|
+
}
|
|
4422
|
+
}
|
|
4423
|
+
return description;
|
|
6027
4424
|
};
|
|
6028
|
-
var yaml_default = vulnerabilities18;
|
|
6029
4425
|
|
|
6030
|
-
// src/features/analysis/scm/shared/src/
|
|
6031
|
-
|
|
6032
|
-
content: z3.function().args(z3.any()).returns(z3.string()),
|
|
6033
|
-
description: z3.function().args(z3.any()).returns(z3.string()),
|
|
6034
|
-
guidance: z3.function().args(z3.any()).returns(z3.string())
|
|
6035
|
-
});
|
|
6036
|
-
var languages2 = {
|
|
6037
|
-
["Java" /* Java */]: java_default2,
|
|
6038
|
-
["JavaScript" /* JavaScript */]: js_default,
|
|
6039
|
-
["XML" /* Xml */]: xml_default2,
|
|
6040
|
-
["CSharp" /* CSharp */]: csharp_default2,
|
|
6041
|
-
["Python" /* Python */]: python_default2,
|
|
6042
|
-
["Go" /* Go */]: go_default2,
|
|
6043
|
-
["Cpp" /* Cpp */]: cpp_default,
|
|
6044
|
-
["YAML" /* Yaml */]: yaml_default
|
|
6045
|
-
};
|
|
6046
|
-
var storedQuestionData_default = languages2;
|
|
4426
|
+
// src/features/analysis/scm/shared/src/index.ts
|
|
4427
|
+
init_getIssueType();
|
|
6047
4428
|
|
|
6048
4429
|
// src/features/analysis/scm/shared/src/guidances.ts
|
|
4430
|
+
init_client_generates();
|
|
6049
4431
|
function toQuestion(userInput) {
|
|
6050
4432
|
const { key, defaultValue } = userInput;
|
|
6051
4433
|
const value = userInput.value || defaultValue;
|
|
6052
4434
|
return { ...userInput, defaultValue, value, key, error: false };
|
|
6053
4435
|
}
|
|
6054
|
-
function getQuestionInformation({
|
|
6055
|
-
fixQuestionData,
|
|
6056
|
-
issueType,
|
|
6057
|
-
language
|
|
6058
|
-
}) {
|
|
6059
|
-
const { name } = fixQuestionData;
|
|
6060
|
-
const storedQuestionDataItem = storedQuestionData_default[language]?.[issueType]?.[name] ?? {
|
|
6061
|
-
content: () => "",
|
|
6062
|
-
description: () => "",
|
|
6063
|
-
guidance: () => ""
|
|
6064
|
-
};
|
|
6065
|
-
return StoredQuestionDataItemZ.parse(storedQuestionDataItem);
|
|
6066
|
-
}
|
|
6067
|
-
function curriedQuestionInformationByQuestion({
|
|
6068
|
-
issueType,
|
|
6069
|
-
language
|
|
6070
|
-
}) {
|
|
6071
|
-
return (fixQuestionData) => getQuestionInformation({
|
|
6072
|
-
issueType,
|
|
6073
|
-
language,
|
|
6074
|
-
fixQuestionData
|
|
6075
|
-
});
|
|
6076
|
-
}
|
|
6077
4436
|
function getPackageFixGuidance(actionsRequired) {
|
|
6078
4437
|
const actionRequiredStrings = actionsRequired.map((action) => {
|
|
6079
4438
|
if (action.language === "JS" /* Js */) {
|
|
@@ -6108,63 +4467,20 @@ function getPackageFixGuidance(actionsRequired) {
|
|
|
6108
4467
|
return actionRequiredStrings.filter((action) => !!action);
|
|
6109
4468
|
}
|
|
6110
4469
|
function getFixGuidances({
|
|
6111
|
-
|
|
6112
|
-
issueLanguage,
|
|
6113
|
-
fixExtraContext,
|
|
6114
|
-
questions
|
|
4470
|
+
fixExtraContext
|
|
6115
4471
|
}) {
|
|
6116
|
-
const storedFixGuidanceDataItem = languages[issueLanguage || ""]?.[issueType || ""] ?? {};
|
|
6117
|
-
const storeFixResult = StoredFixDataItemZ.safeParse(storedFixGuidanceDataItem);
|
|
6118
4472
|
const libGuidances = getPackageFixGuidance(
|
|
6119
4473
|
fixExtraContext.manifestActionsRequired
|
|
6120
4474
|
);
|
|
6121
|
-
const
|
|
6122
|
-
|
|
6123
|
-
acc[obj.key] = obj.value;
|
|
6124
|
-
return acc;
|
|
6125
|
-
},
|
|
6126
|
-
{}
|
|
6127
|
-
);
|
|
6128
|
-
const fixGuidance = storeFixResult.success ? [storeFixResult.data.guidance({ questions, ...extraContext })] : [];
|
|
6129
|
-
return libGuidances.concat(fixGuidance).filter((guidance) => !!guidance);
|
|
4475
|
+
const servedFixGuidances = fixExtraContext.guidances ?? [];
|
|
4476
|
+
return libGuidances.concat(servedFixGuidances).filter((guidance) => !!guidance);
|
|
6130
4477
|
}
|
|
6131
|
-
var IssueTypeAndLanguageZ = z4.object({
|
|
6132
|
-
issueType: SafeIssueTypeStringZ,
|
|
6133
|
-
issueLanguage: z4.nativeEnum(IssueLanguage_Enum)
|
|
6134
|
-
});
|
|
6135
4478
|
function getGuidances(args) {
|
|
6136
|
-
const safeIssueTypeAndLanguage = IssueTypeAndLanguageZ.safeParse({
|
|
6137
|
-
issueType: args.issueType,
|
|
6138
|
-
issueLanguage: args.issueLanguage
|
|
6139
|
-
});
|
|
6140
|
-
if (!safeIssueTypeAndLanguage.success) {
|
|
6141
|
-
return [];
|
|
6142
|
-
}
|
|
6143
4479
|
const { questions, fixExtraContext } = args;
|
|
6144
|
-
const {
|
|
6145
|
-
|
|
6146
|
-
|
|
6147
|
-
|
|
6148
|
-
fixExtraContext,
|
|
6149
|
-
questions
|
|
6150
|
-
}).map((guidance, index) => ({ guidance, key: `fixGuidance_index_${index}` }));
|
|
6151
|
-
return questions.map((question) => {
|
|
6152
|
-
let questionGuidance = question.guidance;
|
|
6153
|
-
if (!questionGuidance && issueType && issueLanguage) {
|
|
6154
|
-
const getFixInformation = curriedQuestionInformationByQuestion({
|
|
6155
|
-
issueType,
|
|
6156
|
-
language: issueLanguage
|
|
6157
|
-
});
|
|
6158
|
-
const { guidance } = getFixInformation(question);
|
|
6159
|
-
questionGuidance = guidance({
|
|
6160
|
-
userInputValue: question.value
|
|
6161
|
-
});
|
|
6162
|
-
}
|
|
6163
|
-
return {
|
|
6164
|
-
...question,
|
|
6165
|
-
guidance: questionGuidance
|
|
6166
|
-
};
|
|
6167
|
-
}).filter(({ guidance }) => !!guidance).map(({ guidance, key }) => ({ guidance, key })).concat(fixGuidances);
|
|
4480
|
+
const fixGuidances = getFixGuidances({ fixExtraContext }).map(
|
|
4481
|
+
(guidance, index) => ({ guidance, key: `fixGuidance_index_${index}` })
|
|
4482
|
+
);
|
|
4483
|
+
return questions.map((question) => ({ guidance: question.guidance, key: question.key })).filter(({ guidance }) => !!guidance).concat(fixGuidances);
|
|
6168
4484
|
}
|
|
6169
4485
|
|
|
6170
4486
|
// src/features/analysis/scm/shared/src/index.ts
|
|
@@ -6196,19 +4512,19 @@ function getIssueUrl({
|
|
|
6196
4512
|
init_validations();
|
|
6197
4513
|
|
|
6198
4514
|
// src/features/analysis/scm/types.ts
|
|
6199
|
-
import { z as
|
|
4515
|
+
import { z as z9 } from "zod";
|
|
6200
4516
|
var ReferenceType = /* @__PURE__ */ ((ReferenceType2) => {
|
|
6201
4517
|
ReferenceType2["BRANCH"] = "BRANCH";
|
|
6202
4518
|
ReferenceType2["COMMIT"] = "COMMIT";
|
|
6203
4519
|
ReferenceType2["TAG"] = "TAG";
|
|
6204
4520
|
return ReferenceType2;
|
|
6205
4521
|
})(ReferenceType || {});
|
|
6206
|
-
var GithubFullShaZ =
|
|
6207
|
-
var MergedPrSurvivalMetadataZ =
|
|
6208
|
-
mergeCommitShas:
|
|
4522
|
+
var GithubFullShaZ = z9.string().regex(/^[a-f0-9]{40}$/);
|
|
4523
|
+
var MergedPrSurvivalMetadataZ = z9.object({
|
|
4524
|
+
mergeCommitShas: z9.array(GithubFullShaZ).min(1).refine((shas) => new Set(shas).size === shas.length, {
|
|
6209
4525
|
message: "mergeCommitShas must contain unique SHAs"
|
|
6210
4526
|
}),
|
|
6211
|
-
targetBranch:
|
|
4527
|
+
targetBranch: z9.string().min(1)
|
|
6212
4528
|
});
|
|
6213
4529
|
var ScmLibScmType = /* @__PURE__ */ ((ScmLibScmType2) => {
|
|
6214
4530
|
ScmLibScmType2["GITHUB"] = "GITHUB";
|
|
@@ -6235,10 +4551,10 @@ var scmTypeToScmLibScmType = {
|
|
|
6235
4551
|
["Ado" /* Ado */]: "ADO" /* ADO */,
|
|
6236
4552
|
["Bitbucket" /* Bitbucket */]: "BITBUCKET" /* BITBUCKET */
|
|
6237
4553
|
};
|
|
6238
|
-
var GetReferenceResultZ =
|
|
6239
|
-
date:
|
|
6240
|
-
sha:
|
|
6241
|
-
type:
|
|
4554
|
+
var GetReferenceResultZ = z9.object({
|
|
4555
|
+
date: z9.date().optional(),
|
|
4556
|
+
sha: z9.string(),
|
|
4557
|
+
type: z9.nativeEnum(ReferenceType)
|
|
6242
4558
|
});
|
|
6243
4559
|
|
|
6244
4560
|
// src/features/analysis/scm/utils/scm.ts
|
|
@@ -6385,7 +4701,7 @@ function shouldValidateUrl(repoUrl) {
|
|
|
6385
4701
|
return repoUrl && isUrlHasPath(repoUrl);
|
|
6386
4702
|
}
|
|
6387
4703
|
function isBrokerUrl(url) {
|
|
6388
|
-
return
|
|
4704
|
+
return z10.string().uuid().safeParse(new URL(url).host).success;
|
|
6389
4705
|
}
|
|
6390
4706
|
function buildAuthorizedRepoUrl(args) {
|
|
6391
4707
|
const { url, username, password } = args;
|
|
@@ -6421,7 +4737,7 @@ function getCloudScmLibTypeFromUrl(url) {
|
|
|
6421
4737
|
return void 0;
|
|
6422
4738
|
}
|
|
6423
4739
|
function getScmLibTypeFromScmType(scmType) {
|
|
6424
|
-
const parsedScmType =
|
|
4740
|
+
const parsedScmType = z10.nativeEnum(ScmType).parse(scmType);
|
|
6425
4741
|
return scmTypeToScmLibScmType[parsedScmType];
|
|
6426
4742
|
}
|
|
6427
4743
|
function getScmConfig({
|
|
@@ -6489,39 +4805,39 @@ init_env();
|
|
|
6489
4805
|
import querystring from "querystring";
|
|
6490
4806
|
import * as api from "azure-devops-node-api";
|
|
6491
4807
|
import Debug from "debug";
|
|
6492
|
-
import { z as
|
|
4808
|
+
import { z as z13 } from "zod";
|
|
6493
4809
|
|
|
6494
4810
|
// src/features/analysis/scm/ado/validation.ts
|
|
6495
|
-
import { z as
|
|
6496
|
-
var ValidPullRequestStatusZ =
|
|
6497
|
-
|
|
6498
|
-
|
|
6499
|
-
|
|
4811
|
+
import { z as z12 } from "zod";
|
|
4812
|
+
var ValidPullRequestStatusZ = z12.union([
|
|
4813
|
+
z12.literal(1 /* Active */),
|
|
4814
|
+
z12.literal(2 /* Abandoned */),
|
|
4815
|
+
z12.literal(3 /* Completed */)
|
|
6500
4816
|
]);
|
|
6501
|
-
var AdoAuthResultZ =
|
|
6502
|
-
access_token:
|
|
6503
|
-
token_type:
|
|
6504
|
-
refresh_token:
|
|
4817
|
+
var AdoAuthResultZ = z12.object({
|
|
4818
|
+
access_token: z12.string().min(1),
|
|
4819
|
+
token_type: z12.string().min(1),
|
|
4820
|
+
refresh_token: z12.string().min(1)
|
|
6505
4821
|
});
|
|
6506
4822
|
var AdoAuthResultWithOrgsZ = AdoAuthResultZ.extend({
|
|
6507
|
-
scmOrgs:
|
|
4823
|
+
scmOrgs: z12.array(z12.string())
|
|
6508
4824
|
});
|
|
6509
|
-
var profileZ =
|
|
6510
|
-
displayName:
|
|
6511
|
-
publicAlias:
|
|
6512
|
-
emailAddress:
|
|
6513
|
-
coreRevision:
|
|
6514
|
-
timeStamp:
|
|
6515
|
-
id:
|
|
6516
|
-
revision:
|
|
4825
|
+
var profileZ = z12.object({
|
|
4826
|
+
displayName: z12.string(),
|
|
4827
|
+
publicAlias: z12.string().min(1),
|
|
4828
|
+
emailAddress: z12.string(),
|
|
4829
|
+
coreRevision: z12.number(),
|
|
4830
|
+
timeStamp: z12.string(),
|
|
4831
|
+
id: z12.string(),
|
|
4832
|
+
revision: z12.number()
|
|
6517
4833
|
});
|
|
6518
|
-
var accountsZ =
|
|
6519
|
-
count:
|
|
6520
|
-
value:
|
|
6521
|
-
|
|
6522
|
-
accountId:
|
|
6523
|
-
accountUri:
|
|
6524
|
-
accountName:
|
|
4834
|
+
var accountsZ = z12.object({
|
|
4835
|
+
count: z12.number(),
|
|
4836
|
+
value: z12.array(
|
|
4837
|
+
z12.object({
|
|
4838
|
+
accountId: z12.string(),
|
|
4839
|
+
accountUri: z12.string(),
|
|
4840
|
+
accountName: z12.string()
|
|
6525
4841
|
})
|
|
6526
4842
|
)
|
|
6527
4843
|
});
|
|
@@ -6614,7 +4930,7 @@ async function getAdoConnectData({
|
|
|
6614
4930
|
oauthToken: adoTokenInfo.accessToken
|
|
6615
4931
|
});
|
|
6616
4932
|
return {
|
|
6617
|
-
org:
|
|
4933
|
+
org: z13.string().parse(org),
|
|
6618
4934
|
origin: DEFUALT_ADO_ORIGIN
|
|
6619
4935
|
};
|
|
6620
4936
|
}
|
|
@@ -6700,7 +5016,7 @@ async function getAdoClientParams(params) {
|
|
|
6700
5016
|
return {
|
|
6701
5017
|
tokenType: "PAT" /* PAT */,
|
|
6702
5018
|
accessToken: adoTokenInfo.accessToken,
|
|
6703
|
-
patTokenOrg:
|
|
5019
|
+
patTokenOrg: z13.string().parse(tokenOrg).toLowerCase(),
|
|
6704
5020
|
origin,
|
|
6705
5021
|
orgName: org.toLowerCase()
|
|
6706
5022
|
};
|
|
@@ -7840,40 +6156,40 @@ import querystring2 from "querystring";
|
|
|
7840
6156
|
import * as bitbucketPkgNode from "bitbucket";
|
|
7841
6157
|
import bitbucketPkg from "bitbucket";
|
|
7842
6158
|
import Debug2 from "debug";
|
|
7843
|
-
import { z as
|
|
6159
|
+
import { z as z16 } from "zod";
|
|
7844
6160
|
|
|
7845
6161
|
// src/features/analysis/scm/bitbucket/validation.ts
|
|
7846
|
-
import { z as
|
|
7847
|
-
var BitbucketAuthResultZ =
|
|
7848
|
-
access_token:
|
|
7849
|
-
token_type:
|
|
7850
|
-
refresh_token:
|
|
6162
|
+
import { z as z15 } from "zod";
|
|
6163
|
+
var BitbucketAuthResultZ = z15.object({
|
|
6164
|
+
access_token: z15.string(),
|
|
6165
|
+
token_type: z15.string(),
|
|
6166
|
+
refresh_token: z15.string()
|
|
7851
6167
|
});
|
|
7852
6168
|
|
|
7853
6169
|
// src/features/analysis/scm/bitbucket/bitbucket.ts
|
|
7854
6170
|
var debug3 = Debug2("scm:bitbucket");
|
|
7855
6171
|
var BITBUCKET_HOSTNAME = "bitbucket.org";
|
|
7856
|
-
var TokenExpiredErrorZ =
|
|
7857
|
-
status:
|
|
7858
|
-
error:
|
|
7859
|
-
type:
|
|
7860
|
-
error:
|
|
7861
|
-
message:
|
|
6172
|
+
var TokenExpiredErrorZ = z16.object({
|
|
6173
|
+
status: z16.number(),
|
|
6174
|
+
error: z16.object({
|
|
6175
|
+
type: z16.string(),
|
|
6176
|
+
error: z16.object({
|
|
6177
|
+
message: z16.string()
|
|
7862
6178
|
})
|
|
7863
6179
|
})
|
|
7864
6180
|
});
|
|
7865
6181
|
var BITBUCKET_ACCESS_TOKEN_URL = `https://${BITBUCKET_HOSTNAME}/site/oauth2/access_token`;
|
|
7866
6182
|
var MAX_BITBUCKET_PR_BODY_LENGTH = 32768;
|
|
7867
|
-
var BitbucketParseResultZ =
|
|
7868
|
-
organization:
|
|
7869
|
-
repoName:
|
|
7870
|
-
hostname:
|
|
6183
|
+
var BitbucketParseResultZ = z16.object({
|
|
6184
|
+
organization: z16.string(),
|
|
6185
|
+
repoName: z16.string(),
|
|
6186
|
+
hostname: z16.literal(BITBUCKET_HOSTNAME)
|
|
7871
6187
|
});
|
|
7872
|
-
var UserWorkspacePermissionsRepositoriesResponseZ =
|
|
7873
|
-
values:
|
|
7874
|
-
|
|
7875
|
-
repository:
|
|
7876
|
-
full_name:
|
|
6188
|
+
var UserWorkspacePermissionsRepositoriesResponseZ = z16.object({
|
|
6189
|
+
values: z16.array(
|
|
6190
|
+
z16.object({
|
|
6191
|
+
repository: z16.object({
|
|
6192
|
+
full_name: z16.string().optional()
|
|
7877
6193
|
}).optional()
|
|
7878
6194
|
})
|
|
7879
6195
|
).optional()
|
|
@@ -7936,7 +6252,7 @@ function getBitbucketSdk(params) {
|
|
|
7936
6252
|
if (!res.data.values) {
|
|
7937
6253
|
return [];
|
|
7938
6254
|
}
|
|
7939
|
-
return res.data.values.filter((branch) => !!branch.name).map((branch) =>
|
|
6255
|
+
return res.data.values.filter((branch) => !!branch.name).map((branch) => z16.string().parse(branch.name));
|
|
7940
6256
|
},
|
|
7941
6257
|
async getIsUserCollaborator(params2) {
|
|
7942
6258
|
const { repoUrl } = params2;
|
|
@@ -8056,7 +6372,7 @@ function getBitbucketSdk(params) {
|
|
|
8056
6372
|
return GetReferenceResultZ.parse({
|
|
8057
6373
|
sha: tagRes.data.target?.hash,
|
|
8058
6374
|
type: "TAG" /* TAG */,
|
|
8059
|
-
date: new Date(
|
|
6375
|
+
date: new Date(z16.string().parse(tagRes.data.target?.date))
|
|
8060
6376
|
});
|
|
8061
6377
|
},
|
|
8062
6378
|
async getBranchRef(params2) {
|
|
@@ -8064,7 +6380,7 @@ function getBitbucketSdk(params) {
|
|
|
8064
6380
|
return GetReferenceResultZ.parse({
|
|
8065
6381
|
sha: getBranchRes.target?.hash,
|
|
8066
6382
|
type: "BRANCH" /* BRANCH */,
|
|
8067
|
-
date: new Date(
|
|
6383
|
+
date: new Date(z16.string().parse(getBranchRes.target?.date))
|
|
8068
6384
|
});
|
|
8069
6385
|
},
|
|
8070
6386
|
async getCommitRef(params2) {
|
|
@@ -8072,13 +6388,13 @@ function getBitbucketSdk(params) {
|
|
|
8072
6388
|
return GetReferenceResultZ.parse({
|
|
8073
6389
|
sha: getCommitRes.hash,
|
|
8074
6390
|
type: "COMMIT" /* COMMIT */,
|
|
8075
|
-
date: new Date(
|
|
6391
|
+
date: new Date(z16.string().parse(getCommitRes.date))
|
|
8076
6392
|
});
|
|
8077
6393
|
},
|
|
8078
6394
|
async getDownloadUrl({ url, sha }) {
|
|
8079
6395
|
this.getReferenceData({ ref: sha, url });
|
|
8080
6396
|
const repoRes = await this.getRepo({ repoUrl: url });
|
|
8081
|
-
const parsedRepoUrl =
|
|
6397
|
+
const parsedRepoUrl = z16.string().url().parse(repoRes.links?.html?.href);
|
|
8082
6398
|
return `${parsedRepoUrl}/get/${sha}.zip`;
|
|
8083
6399
|
},
|
|
8084
6400
|
async getPullRequest(params2) {
|
|
@@ -8236,7 +6552,7 @@ async function validateBitbucketParams(params) {
|
|
|
8236
6552
|
}
|
|
8237
6553
|
async function getUsersWorkspacesSlugs(bitbucketClient) {
|
|
8238
6554
|
const res = await bitbucketClient.workspaces.getWorkspaces({});
|
|
8239
|
-
return res.data.values?.map((v) =>
|
|
6555
|
+
return res.data.values?.map((v) => z16.string().parse(v.slug));
|
|
8240
6556
|
}
|
|
8241
6557
|
async function getAllUsersRepositories(bitbucketClient) {
|
|
8242
6558
|
const userWorkspacesSlugs = await getUsersWorkspacesSlugs(bitbucketClient);
|
|
@@ -8264,11 +6580,11 @@ async function getRepositoriesByWorkspace(bitbucketClient, { workspaceSlug }) {
|
|
|
8264
6580
|
|
|
8265
6581
|
// src/features/analysis/scm/bitbucket/BitbucketSCMLib.ts
|
|
8266
6582
|
import { setTimeout as setTimeout3 } from "timers/promises";
|
|
8267
|
-
import { z as
|
|
6583
|
+
import { z as z17 } from "zod";
|
|
8268
6584
|
var BITBUCKET_API_TOKEN_GIT_USERNAME = "x-bitbucket-api-token-auth";
|
|
8269
6585
|
function getUserAndPassword(token) {
|
|
8270
6586
|
const [username, password] = token.split(":");
|
|
8271
|
-
const safePasswordAndUsername =
|
|
6587
|
+
const safePasswordAndUsername = z17.object({ username: z17.string(), password: z17.string() }).parse({ username, password });
|
|
8272
6588
|
return {
|
|
8273
6589
|
username: safePasswordAndUsername.username,
|
|
8274
6590
|
password: safePasswordAndUsername.password
|
|
@@ -8344,7 +6660,7 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
8344
6660
|
return { username, password, authType };
|
|
8345
6661
|
}
|
|
8346
6662
|
case "token": {
|
|
8347
|
-
return { authType, token:
|
|
6663
|
+
return { authType, token: z17.string().parse(this.accessToken) };
|
|
8348
6664
|
}
|
|
8349
6665
|
case "public":
|
|
8350
6666
|
return { authType };
|
|
@@ -8358,7 +6674,7 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
8358
6674
|
...params,
|
|
8359
6675
|
repoUrl: this.url
|
|
8360
6676
|
});
|
|
8361
|
-
return String(
|
|
6677
|
+
return String(z17.number().parse(pullRequestRes.id));
|
|
8362
6678
|
} catch (e) {
|
|
8363
6679
|
console.warn(
|
|
8364
6680
|
`error creating pull request for BB. Try number ${String(i + 1).replace(/\n|\r/g, "")}`,
|
|
@@ -8443,7 +6759,7 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
8443
6759
|
async getUsername() {
|
|
8444
6760
|
this._validateAccessToken();
|
|
8445
6761
|
const res = await this.bitbucketSdk.getUser();
|
|
8446
|
-
return
|
|
6762
|
+
return z17.string().parse(res["username"]);
|
|
8447
6763
|
}
|
|
8448
6764
|
async getSubmitRequestStatus(_scmSubmitRequestId) {
|
|
8449
6765
|
this._validateAccessTokenAndUrl();
|
|
@@ -8469,7 +6785,7 @@ var BitbucketSCMLib = class extends SCMLib {
|
|
|
8469
6785
|
async getRepoDefaultBranch() {
|
|
8470
6786
|
this._validateUrl();
|
|
8471
6787
|
const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
|
|
8472
|
-
return
|
|
6788
|
+
return z17.string().parse(repoRes.mainbranch?.name);
|
|
8473
6789
|
}
|
|
8474
6790
|
getSubmitRequestUrl(submitRequestId) {
|
|
8475
6791
|
this._validateUrl();
|
|
@@ -8637,7 +6953,7 @@ init_env();
|
|
|
8637
6953
|
|
|
8638
6954
|
// src/features/analysis/scm/github/GithubSCMLib.ts
|
|
8639
6955
|
import pLimit3 from "p-limit";
|
|
8640
|
-
import { z as
|
|
6956
|
+
import { z as z18 } from "zod";
|
|
8641
6957
|
init_client_generates();
|
|
8642
6958
|
|
|
8643
6959
|
// src/features/analysis/scm/github/github.ts
|
|
@@ -9805,7 +8121,7 @@ var GithubSCMLib = class extends SCMLib {
|
|
|
9805
8121
|
owner,
|
|
9806
8122
|
repo
|
|
9807
8123
|
});
|
|
9808
|
-
return
|
|
8124
|
+
return z18.string().parse(prRes.data);
|
|
9809
8125
|
}
|
|
9810
8126
|
async getRepoList(_scmOrg) {
|
|
9811
8127
|
this._validateAccessToken();
|
|
@@ -10432,11 +8748,11 @@ import {
|
|
|
10432
8748
|
init_env();
|
|
10433
8749
|
|
|
10434
8750
|
// src/features/analysis/scm/gitlab/types.ts
|
|
10435
|
-
import { z as
|
|
10436
|
-
var GitlabAuthResultZ =
|
|
10437
|
-
access_token:
|
|
10438
|
-
token_type:
|
|
10439
|
-
refresh_token:
|
|
8751
|
+
import { z as z19 } from "zod";
|
|
8752
|
+
var GitlabAuthResultZ = z19.object({
|
|
8753
|
+
access_token: z19.string(),
|
|
8754
|
+
token_type: z19.string(),
|
|
8755
|
+
refresh_token: z19.string()
|
|
10440
8756
|
});
|
|
10441
8757
|
|
|
10442
8758
|
// src/features/analysis/scm/gitlab/gitlab.ts
|
|
@@ -10651,8 +8967,8 @@ async function getGitlabProjectLanguages({
|
|
|
10651
8967
|
}) {
|
|
10652
8968
|
try {
|
|
10653
8969
|
const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
|
|
10654
|
-
const
|
|
10655
|
-
return Object.keys(
|
|
8970
|
+
const languages = await api2.Projects.showLanguages(projectId);
|
|
8971
|
+
return Object.keys(languages);
|
|
10656
8972
|
} catch (e) {
|
|
10657
8973
|
debug4(
|
|
10658
8974
|
"[getGitlabProjectLanguages] Failed for project %d: %s",
|
|
@@ -11654,7 +9970,7 @@ var GitlabSCMLib = class extends SCMLib {
|
|
|
11654
9970
|
};
|
|
11655
9971
|
|
|
11656
9972
|
// src/features/analysis/scm/scmFactory.ts
|
|
11657
|
-
import { z as
|
|
9973
|
+
import { z as z20 } from "zod";
|
|
11658
9974
|
|
|
11659
9975
|
// src/features/analysis/scm/StubSCMLib.ts
|
|
11660
9976
|
var StubSCMLib = class extends SCMLib {
|
|
@@ -11807,7 +10123,7 @@ async function createScmLib({ url, accessToken, scmType, scmOrg }, {
|
|
|
11807
10123
|
if (e instanceof InvalidRepoUrlError && url) {
|
|
11808
10124
|
throw new RepoNoTokenAccessError(
|
|
11809
10125
|
"no access to repo",
|
|
11810
|
-
scmLibScmTypeToScmType[
|
|
10126
|
+
scmLibScmTypeToScmType[z20.nativeEnum(ScmLibScmType).parse(scmType)]
|
|
11811
10127
|
);
|
|
11812
10128
|
}
|
|
11813
10129
|
console.error(`error validating scm: ${scmType} `, e);
|
|
@@ -12414,7 +10730,7 @@ import path6 from "path";
|
|
|
12414
10730
|
import chalk from "chalk";
|
|
12415
10731
|
import Debug4 from "debug";
|
|
12416
10732
|
import * as dotenv from "dotenv";
|
|
12417
|
-
import { z as
|
|
10733
|
+
import { z as z21 } from "zod";
|
|
12418
10734
|
var debug5 = Debug4("mobbdev:constants");
|
|
12419
10735
|
var runtimeConfigPath = path6.join(
|
|
12420
10736
|
getModuleRootDir(),
|
|
@@ -12461,17 +10777,17 @@ var scannerToVulnerabilityReportVendorEnum = {
|
|
|
12461
10777
|
[SCANNERS.Datadog]: "datadog" /* Datadog */,
|
|
12462
10778
|
[SCANNERS.BlackDuck]: "blackDuck" /* BlackDuck */
|
|
12463
10779
|
};
|
|
12464
|
-
var SupportedScannersZ =
|
|
12465
|
-
var envVariablesSchema =
|
|
10780
|
+
var SupportedScannersZ = z21.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
|
|
10781
|
+
var envVariablesSchema = z21.object({
|
|
12466
10782
|
// These have safe defaults for production - the VS Code extension passes explicit URLs
|
|
12467
|
-
WEB_APP_URL:
|
|
12468
|
-
API_URL:
|
|
10783
|
+
WEB_APP_URL: z21.string().optional().default(DEFAULT_WEB_APP_URL),
|
|
10784
|
+
API_URL: z21.string().optional().default(DEFAULT_API_URL),
|
|
12469
10785
|
// These are only needed for local development with Hasura
|
|
12470
|
-
HASURA_ACCESS_KEY:
|
|
12471
|
-
LOCAL_GRAPHQL_ENDPOINT:
|
|
10786
|
+
HASURA_ACCESS_KEY: z21.string().optional().default(""),
|
|
10787
|
+
LOCAL_GRAPHQL_ENDPOINT: z21.string().optional().default(""),
|
|
12472
10788
|
// Proxy settings
|
|
12473
|
-
HTTP_PROXY:
|
|
12474
|
-
HTTPS_PROXY:
|
|
10789
|
+
HTTP_PROXY: z21.string().optional().default(""),
|
|
10790
|
+
HTTPS_PROXY: z21.string().optional().default("")
|
|
12475
10791
|
});
|
|
12476
10792
|
var envVariables = envVariablesSchema.parse(process.env);
|
|
12477
10793
|
debug5("config %o", envVariables);
|
|
@@ -12729,7 +11045,7 @@ import { createSpinner as createSpinner4 } from "nanospinner";
|
|
|
12729
11045
|
import fetch4 from "node-fetch";
|
|
12730
11046
|
import open3 from "open";
|
|
12731
11047
|
import tmp2 from "tmp";
|
|
12732
|
-
import { z as
|
|
11048
|
+
import { z as z27 } from "zod";
|
|
12733
11049
|
|
|
12734
11050
|
// src/commands/AuthManager.ts
|
|
12735
11051
|
import crypto from "crypto";
|
|
@@ -13006,62 +11322,62 @@ init_client_generates();
|
|
|
13006
11322
|
|
|
13007
11323
|
// src/features/analysis/graphql/types.ts
|
|
13008
11324
|
init_client_generates();
|
|
13009
|
-
import { z as
|
|
13010
|
-
var VulnerabilityReportIssueCodeNodeZ =
|
|
13011
|
-
vulnerabilityReportIssueId:
|
|
13012
|
-
path:
|
|
13013
|
-
startLine:
|
|
13014
|
-
vulnerabilityReportIssue:
|
|
13015
|
-
fixId:
|
|
13016
|
-
category:
|
|
13017
|
-
safeIssueType:
|
|
13018
|
-
vulnerabilityReportIssueTags:
|
|
13019
|
-
|
|
13020
|
-
tag:
|
|
11325
|
+
import { z as z22 } from "zod";
|
|
11326
|
+
var VulnerabilityReportIssueCodeNodeZ = z22.object({
|
|
11327
|
+
vulnerabilityReportIssueId: z22.string(),
|
|
11328
|
+
path: z22.string(),
|
|
11329
|
+
startLine: z22.number(),
|
|
11330
|
+
vulnerabilityReportIssue: z22.object({
|
|
11331
|
+
fixId: z22.string(),
|
|
11332
|
+
category: z22.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
11333
|
+
safeIssueType: z22.string(),
|
|
11334
|
+
vulnerabilityReportIssueTags: z22.array(
|
|
11335
|
+
z22.object({
|
|
11336
|
+
tag: z22.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
|
|
13021
11337
|
})
|
|
13022
11338
|
)
|
|
13023
11339
|
})
|
|
13024
11340
|
});
|
|
13025
|
-
var VulnerabilityReportIssueNoFixCodeNodeZ =
|
|
13026
|
-
vulnerabilityReportIssues:
|
|
13027
|
-
|
|
13028
|
-
id:
|
|
13029
|
-
fixId:
|
|
13030
|
-
category:
|
|
13031
|
-
safeIssueType:
|
|
13032
|
-
fpId:
|
|
13033
|
-
codeNodes:
|
|
13034
|
-
|
|
13035
|
-
path:
|
|
13036
|
-
startLine:
|
|
11341
|
+
var VulnerabilityReportIssueNoFixCodeNodeZ = z22.object({
|
|
11342
|
+
vulnerabilityReportIssues: z22.array(
|
|
11343
|
+
z22.object({
|
|
11344
|
+
id: z22.string(),
|
|
11345
|
+
fixId: z22.string().nullable(),
|
|
11346
|
+
category: z22.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
|
|
11347
|
+
safeIssueType: z22.string(),
|
|
11348
|
+
fpId: z22.string().uuid().nullable(),
|
|
11349
|
+
codeNodes: z22.array(
|
|
11350
|
+
z22.object({
|
|
11351
|
+
path: z22.string(),
|
|
11352
|
+
startLine: z22.number()
|
|
13037
11353
|
})
|
|
13038
11354
|
),
|
|
13039
|
-
vulnerabilityReportIssueTags:
|
|
13040
|
-
|
|
13041
|
-
tag:
|
|
11355
|
+
vulnerabilityReportIssueTags: z22.array(
|
|
11356
|
+
z22.object({
|
|
11357
|
+
tag: z22.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
|
|
13042
11358
|
})
|
|
13043
11359
|
)
|
|
13044
11360
|
})
|
|
13045
11361
|
)
|
|
13046
11362
|
});
|
|
13047
|
-
var GetVulByNodesMetadataZ =
|
|
13048
|
-
vulnerabilityReportIssueCodeNodes:
|
|
13049
|
-
nonFixablePrVuls:
|
|
13050
|
-
aggregate:
|
|
13051
|
-
count:
|
|
11363
|
+
var GetVulByNodesMetadataZ = z22.object({
|
|
11364
|
+
vulnerabilityReportIssueCodeNodes: z22.array(VulnerabilityReportIssueCodeNodeZ),
|
|
11365
|
+
nonFixablePrVuls: z22.object({
|
|
11366
|
+
aggregate: z22.object({
|
|
11367
|
+
count: z22.number()
|
|
13052
11368
|
})
|
|
13053
11369
|
}),
|
|
13054
|
-
fixablePrVuls:
|
|
13055
|
-
aggregate:
|
|
13056
|
-
count:
|
|
11370
|
+
fixablePrVuls: z22.object({
|
|
11371
|
+
aggregate: z22.object({
|
|
11372
|
+
count: z22.number()
|
|
13057
11373
|
})
|
|
13058
11374
|
}),
|
|
13059
|
-
totalScanVulnerabilities:
|
|
13060
|
-
aggregate:
|
|
13061
|
-
count:
|
|
11375
|
+
totalScanVulnerabilities: z22.object({
|
|
11376
|
+
aggregate: z22.object({
|
|
11377
|
+
count: z22.number()
|
|
13062
11378
|
})
|
|
13063
11379
|
}),
|
|
13064
|
-
irrelevantVulnerabilityReportIssue:
|
|
11380
|
+
irrelevantVulnerabilityReportIssue: z22.array(
|
|
13065
11381
|
VulnerabilityReportIssueNoFixCodeNodeZ
|
|
13066
11382
|
)
|
|
13067
11383
|
});
|
|
@@ -13583,7 +11899,7 @@ import * as os2 from "os";
|
|
|
13583
11899
|
import path7 from "path";
|
|
13584
11900
|
import chalk4 from "chalk";
|
|
13585
11901
|
import { withFile } from "tmp-promise";
|
|
13586
|
-
import
|
|
11902
|
+
import z23 from "zod";
|
|
13587
11903
|
|
|
13588
11904
|
// src/commands/handleMobbLogin.ts
|
|
13589
11905
|
import chalk3 from "chalk";
|
|
@@ -14123,8 +12439,8 @@ var defaultLogger2 = {
|
|
|
14123
12439
|
}
|
|
14124
12440
|
}
|
|
14125
12441
|
};
|
|
14126
|
-
var PromptItemZ =
|
|
14127
|
-
type:
|
|
12442
|
+
var PromptItemZ = z23.object({
|
|
12443
|
+
type: z23.enum([
|
|
14128
12444
|
"USER_PROMPT",
|
|
14129
12445
|
"AI_RESPONSE",
|
|
14130
12446
|
"TOOL_EXECUTION",
|
|
@@ -14132,32 +12448,32 @@ var PromptItemZ = z26.object({
|
|
|
14132
12448
|
"MCP_TOOL_CALL"
|
|
14133
12449
|
// MCP (Model Context Protocol) tool invocation
|
|
14134
12450
|
]),
|
|
14135
|
-
attachedFiles:
|
|
14136
|
-
|
|
14137
|
-
relativePath:
|
|
14138
|
-
startLine:
|
|
12451
|
+
attachedFiles: z23.array(
|
|
12452
|
+
z23.object({
|
|
12453
|
+
relativePath: z23.string(),
|
|
12454
|
+
startLine: z23.number().optional()
|
|
14139
12455
|
})
|
|
14140
12456
|
).optional(),
|
|
14141
|
-
tokens:
|
|
14142
|
-
inputCount:
|
|
14143
|
-
outputCount:
|
|
12457
|
+
tokens: z23.object({
|
|
12458
|
+
inputCount: z23.number(),
|
|
12459
|
+
outputCount: z23.number()
|
|
14144
12460
|
}).optional(),
|
|
14145
|
-
text:
|
|
14146
|
-
date:
|
|
14147
|
-
tool:
|
|
14148
|
-
name:
|
|
14149
|
-
parameters:
|
|
14150
|
-
result:
|
|
14151
|
-
rawArguments:
|
|
14152
|
-
accepted:
|
|
12461
|
+
text: z23.string().optional(),
|
|
12462
|
+
date: z23.date().optional(),
|
|
12463
|
+
tool: z23.object({
|
|
12464
|
+
name: z23.string(),
|
|
12465
|
+
parameters: z23.string(),
|
|
12466
|
+
result: z23.string(),
|
|
12467
|
+
rawArguments: z23.string().optional(),
|
|
12468
|
+
accepted: z23.boolean().optional(),
|
|
14153
12469
|
// MCP-specific fields (only populated for MCP_TOOL_CALL type)
|
|
14154
|
-
mcpServer:
|
|
12470
|
+
mcpServer: z23.string().optional(),
|
|
14155
12471
|
// MCP server name (e.g., "datadog", "mobb-mcp")
|
|
14156
|
-
mcpToolName:
|
|
12472
|
+
mcpToolName: z23.string().optional()
|
|
14157
12473
|
// MCP tool name without prefix (e.g., "scan_and_fix_vulnerabilities")
|
|
14158
12474
|
}).optional()
|
|
14159
12475
|
});
|
|
14160
|
-
var PromptItemArrayZ =
|
|
12476
|
+
var PromptItemArrayZ = z23.array(PromptItemZ);
|
|
14161
12477
|
var NULL_REPO_STATE = {
|
|
14162
12478
|
repositoryUrl: null,
|
|
14163
12479
|
branch: null,
|
|
@@ -15095,7 +13411,7 @@ import Debug15 from "debug";
|
|
|
15095
13411
|
// src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
|
|
15096
13412
|
import Debug14 from "debug";
|
|
15097
13413
|
import parseDiff from "parse-diff";
|
|
15098
|
-
import { z as
|
|
13414
|
+
import { z as z25 } from "zod";
|
|
15099
13415
|
|
|
15100
13416
|
// src/features/analysis/utils/by_key.ts
|
|
15101
13417
|
function keyBy(array, keyBy2) {
|
|
@@ -15184,7 +13500,7 @@ var scannerToFriendlyString = {
|
|
|
15184
13500
|
|
|
15185
13501
|
// src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
|
|
15186
13502
|
import Debug13 from "debug";
|
|
15187
|
-
import { z as
|
|
13503
|
+
import { z as z24 } from "zod";
|
|
15188
13504
|
init_client_generates();
|
|
15189
13505
|
var debug14 = Debug13("mobbdev:handle-finished-analysis");
|
|
15190
13506
|
var getCommitFixButton = (commitUrl) => `<a href="${commitUrl}"><img src=${COMMIT_FIX_SVG}></a>`;
|
|
@@ -15230,10 +13546,10 @@ function buildFixCommentBody({
|
|
|
15230
13546
|
});
|
|
15231
13547
|
const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
|
|
15232
13548
|
const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
|
|
15233
|
-
const validFixParseRes =
|
|
13549
|
+
const validFixParseRes = z24.object({
|
|
15234
13550
|
patchAndQuestions: PatchAndQuestionsZ,
|
|
15235
|
-
safeIssueLanguage:
|
|
15236
|
-
severityText:
|
|
13551
|
+
safeIssueLanguage: z24.nativeEnum(IssueLanguage_Enum),
|
|
13552
|
+
severityText: z24.nativeEnum(Vulnerability_Severity_Enum),
|
|
15237
13553
|
safeIssueType: SafeIssueTypeStringZ
|
|
15238
13554
|
}).safeParse(fix);
|
|
15239
13555
|
if (!validFixParseRes.success) {
|
|
@@ -15468,7 +13784,7 @@ async function getRelevantVulenrabilitiesFromDiff(params) {
|
|
|
15468
13784
|
});
|
|
15469
13785
|
const lineAddedRanges = calculateRanges(fileNumbers);
|
|
15470
13786
|
const fileFilter = {
|
|
15471
|
-
path:
|
|
13787
|
+
path: z25.string().parse(file.to),
|
|
15472
13788
|
ranges: lineAddedRanges.map(([startLine, endLine]) => ({
|
|
15473
13789
|
endLine,
|
|
15474
13790
|
startLine
|
|
@@ -15780,15 +14096,15 @@ import { globby } from "globby";
|
|
|
15780
14096
|
import { isBinary as isBinary2 } from "istextorbinary";
|
|
15781
14097
|
import { simpleGit as simpleGit3 } from "simple-git";
|
|
15782
14098
|
import { parseStringPromise } from "xml2js";
|
|
15783
|
-
import { z as
|
|
14099
|
+
import { z as z26 } from "zod";
|
|
15784
14100
|
var debug19 = Debug18("mobbdev:pack");
|
|
15785
|
-
var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA =
|
|
15786
|
-
properties:
|
|
15787
|
-
entry:
|
|
15788
|
-
|
|
15789
|
-
_:
|
|
15790
|
-
$:
|
|
15791
|
-
key:
|
|
14101
|
+
var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA = z26.object({
|
|
14102
|
+
properties: z26.object({
|
|
14103
|
+
entry: z26.array(
|
|
14104
|
+
z26.object({
|
|
14105
|
+
_: z26.string(),
|
|
14106
|
+
$: z26.object({
|
|
14107
|
+
key: z26.string()
|
|
15792
14108
|
})
|
|
15793
14109
|
})
|
|
15794
14110
|
)
|
|
@@ -16572,7 +14888,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
16572
14888
|
spinner: mobbSpinner,
|
|
16573
14889
|
submitVulnerabilityReportVariables: {
|
|
16574
14890
|
fixReportId: reportUploadInfo.fixReportId,
|
|
16575
|
-
repoUrl:
|
|
14891
|
+
repoUrl: z27.string().parse(repo),
|
|
16576
14892
|
reference,
|
|
16577
14893
|
projectId,
|
|
16578
14894
|
vulnerabilityReportFileName: shouldScan ? void 0 : REPORT_DEFAULT_FILE_NAME,
|
|
@@ -16912,9 +15228,9 @@ async function waitForAnaysisAndReviewPr({
|
|
|
16912
15228
|
gqlClient,
|
|
16913
15229
|
polling
|
|
16914
15230
|
}) {
|
|
16915
|
-
const params =
|
|
16916
|
-
repo:
|
|
16917
|
-
githubActionToken:
|
|
15231
|
+
const params = z27.object({
|
|
15232
|
+
repo: z27.string().url(),
|
|
15233
|
+
githubActionToken: z27.string()
|
|
16918
15234
|
}).parse({ repo, githubActionToken });
|
|
16919
15235
|
const scm = await createScmLib(
|
|
16920
15236
|
{
|
|
@@ -16932,7 +15248,7 @@ async function waitForAnaysisAndReviewPr({
|
|
|
16932
15248
|
analysisId: analysisId2,
|
|
16933
15249
|
gqlClient,
|
|
16934
15250
|
scm,
|
|
16935
|
-
scanner:
|
|
15251
|
+
scanner: z27.nativeEnum(SCANNERS).parse(scanner)
|
|
16936
15252
|
});
|
|
16937
15253
|
};
|
|
16938
15254
|
if (polling) {
|
|
@@ -17248,7 +15564,7 @@ async function scanSkill(options) {
|
|
|
17248
15564
|
// src/args/validation.ts
|
|
17249
15565
|
import chalk9 from "chalk";
|
|
17250
15566
|
import path12 from "path";
|
|
17251
|
-
import { z as
|
|
15567
|
+
import { z as z28 } from "zod";
|
|
17252
15568
|
function throwRepoUrlErrorMessage({
|
|
17253
15569
|
error,
|
|
17254
15570
|
repoUrl,
|
|
@@ -17265,11 +15581,11 @@ Example:
|
|
|
17265
15581
|
)}`;
|
|
17266
15582
|
throw new CliError(formattedErrorMessage);
|
|
17267
15583
|
}
|
|
17268
|
-
var UrlZ =
|
|
15584
|
+
var UrlZ = z28.string({
|
|
17269
15585
|
invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
|
|
17270
15586
|
});
|
|
17271
15587
|
function validateOrganizationId(organizationId) {
|
|
17272
|
-
const orgIdValidation =
|
|
15588
|
+
const orgIdValidation = z28.string().uuid().nullish().safeParse(organizationId);
|
|
17273
15589
|
if (!orgIdValidation.success) {
|
|
17274
15590
|
throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
|
|
17275
15591
|
}
|
|
@@ -19416,7 +17732,7 @@ function createLogger(config2) {
|
|
|
19416
17732
|
|
|
19417
17733
|
// src/features/claude_code/hook_logger.ts
|
|
19418
17734
|
var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
|
|
19419
|
-
var CLI_VERSION = true ? "1.4.
|
|
17735
|
+
var CLI_VERSION = true ? "1.4.36" : "unknown";
|
|
19420
17736
|
var NAMESPACE = "mobbdev-claude-code-hook-logs";
|
|
19421
17737
|
var claudeCodeVersion;
|
|
19422
17738
|
function buildDdTags() {
|
|
@@ -20946,145 +19262,151 @@ init_client_generates();
|
|
|
20946
19262
|
init_configs();
|
|
20947
19263
|
|
|
20948
19264
|
// src/mcp/types.ts
|
|
20949
|
-
import { z as
|
|
19265
|
+
import { z as z29 } from "zod";
|
|
20950
19266
|
init_client_generates();
|
|
20951
|
-
var ScanAndFixVulnerabilitiesToolSchema =
|
|
20952
|
-
path:
|
|
19267
|
+
var ScanAndFixVulnerabilitiesToolSchema = z29.object({
|
|
19268
|
+
path: z29.string()
|
|
20953
19269
|
});
|
|
20954
|
-
var VulnerabilityReportIssueTagSchema =
|
|
20955
|
-
vulnerability_report_issue_tag_value:
|
|
19270
|
+
var VulnerabilityReportIssueTagSchema = z29.object({
|
|
19271
|
+
vulnerability_report_issue_tag_value: z29.nativeEnum(
|
|
20956
19272
|
Vulnerability_Report_Issue_Tag_Enum
|
|
20957
19273
|
)
|
|
20958
19274
|
});
|
|
20959
|
-
var VulnerabilityReportIssueSchema =
|
|
20960
|
-
category:
|
|
19275
|
+
var VulnerabilityReportIssueSchema = z29.object({
|
|
19276
|
+
category: z29.any().optional().nullable(),
|
|
20961
19277
|
parsedIssueType: SafeIssueTypeStringZ.nullable().optional(),
|
|
20962
|
-
parsedSeverity:
|
|
20963
|
-
vulnerabilityReportIssueTags:
|
|
19278
|
+
parsedSeverity: z29.nativeEnum(Vulnerability_Severity_Enum).nullable().optional(),
|
|
19279
|
+
vulnerabilityReportIssueTags: z29.array(VulnerabilityReportIssueTagSchema)
|
|
20964
19280
|
});
|
|
20965
|
-
var SharedStateSchema =
|
|
20966
|
-
__typename:
|
|
20967
|
-
id:
|
|
19281
|
+
var SharedStateSchema = z29.object({
|
|
19282
|
+
__typename: z29.literal("fix_shared_state").optional(),
|
|
19283
|
+
id: z29.any(),
|
|
20968
19284
|
// GraphQL uses `any` type for UUID
|
|
20969
|
-
downloadedBy:
|
|
19285
|
+
downloadedBy: z29.array(z29.any().nullable()).optional().nullable()
|
|
20970
19286
|
});
|
|
20971
|
-
var UnstructuredFixExtraContextSchema =
|
|
20972
|
-
__typename:
|
|
20973
|
-
key:
|
|
20974
|
-
value:
|
|
19287
|
+
var UnstructuredFixExtraContextSchema = z29.object({
|
|
19288
|
+
__typename: z29.literal("UnstructuredFixExtraContext").optional(),
|
|
19289
|
+
key: z29.string(),
|
|
19290
|
+
value: z29.any()
|
|
20975
19291
|
// GraphQL JSON type
|
|
20976
19292
|
});
|
|
20977
|
-
var FixExtraContextResponseSchema =
|
|
20978
|
-
__typename:
|
|
20979
|
-
extraContext:
|
|
20980
|
-
fixDescription:
|
|
19293
|
+
var FixExtraContextResponseSchema = z29.object({
|
|
19294
|
+
__typename: z29.literal("FixExtraContextResponse").optional(),
|
|
19295
|
+
extraContext: z29.array(UnstructuredFixExtraContextSchema),
|
|
19296
|
+
fixDescription: z29.string()
|
|
20981
19297
|
});
|
|
20982
|
-
var FixQuestionSchema =
|
|
20983
|
-
__typename:
|
|
20984
|
-
key:
|
|
20985
|
-
name:
|
|
20986
|
-
defaultValue:
|
|
20987
|
-
value:
|
|
20988
|
-
inputType:
|
|
20989
|
-
options:
|
|
20990
|
-
index:
|
|
20991
|
-
extraContext:
|
|
19298
|
+
var FixQuestionSchema = z29.object({
|
|
19299
|
+
__typename: z29.literal("FixQuestion").optional(),
|
|
19300
|
+
key: z29.string(),
|
|
19301
|
+
name: z29.string(),
|
|
19302
|
+
defaultValue: z29.string(),
|
|
19303
|
+
value: z29.string().nullable().optional(),
|
|
19304
|
+
inputType: z29.nativeEnum(FixQuestionInputType),
|
|
19305
|
+
options: z29.array(z29.string()),
|
|
19306
|
+
index: z29.number(),
|
|
19307
|
+
extraContext: z29.array(UnstructuredFixExtraContextSchema),
|
|
19308
|
+
// E-2015: analyzer-served question text. default('') so a query that omits it
|
|
19309
|
+
// still parses, while the output type stays a required string. The analyzer is
|
|
19310
|
+
// the sole source; consumers use the served value directly (no fallback).
|
|
19311
|
+
content: z29.string().default(""),
|
|
19312
|
+
description: z29.string().default(""),
|
|
19313
|
+
guidance: z29.string().default("")
|
|
20992
19314
|
});
|
|
20993
|
-
var FixDataSchema =
|
|
20994
|
-
__typename:
|
|
20995
|
-
patch:
|
|
20996
|
-
patchOriginalEncodingBase64:
|
|
20997
|
-
questions:
|
|
19315
|
+
var FixDataSchema = z29.object({
|
|
19316
|
+
__typename: z29.literal("FixData"),
|
|
19317
|
+
patch: z29.string(),
|
|
19318
|
+
patchOriginalEncodingBase64: z29.string(),
|
|
19319
|
+
questions: z29.array(FixQuestionSchema),
|
|
20998
19320
|
extraContext: FixExtraContextResponseSchema
|
|
20999
19321
|
});
|
|
21000
|
-
var GetFixNoFixErrorSchema =
|
|
21001
|
-
__typename:
|
|
19322
|
+
var GetFixNoFixErrorSchema = z29.object({
|
|
19323
|
+
__typename: z29.literal("GetFixNoFixError")
|
|
21002
19324
|
});
|
|
21003
|
-
var PatchAndQuestionsSchema =
|
|
21004
|
-
var McpFixSchema =
|
|
21005
|
-
__typename:
|
|
21006
|
-
id:
|
|
19325
|
+
var PatchAndQuestionsSchema = z29.union([FixDataSchema, GetFixNoFixErrorSchema]);
|
|
19326
|
+
var McpFixSchema = z29.object({
|
|
19327
|
+
__typename: z29.literal("fix").optional(),
|
|
19328
|
+
id: z29.any(),
|
|
21007
19329
|
// GraphQL uses `any` type for UUID
|
|
21008
|
-
confidence:
|
|
21009
|
-
safeIssueType:
|
|
21010
|
-
safeIssueLanguage:
|
|
21011
|
-
severityText:
|
|
21012
|
-
gitBlameLogin:
|
|
19330
|
+
confidence: z29.number(),
|
|
19331
|
+
safeIssueType: z29.string().nullable(),
|
|
19332
|
+
safeIssueLanguage: z29.string().nullable().optional(),
|
|
19333
|
+
severityText: z29.string().nullable(),
|
|
19334
|
+
gitBlameLogin: z29.string().nullable().optional(),
|
|
21013
19335
|
// Optional in GraphQL
|
|
21014
|
-
severityValue:
|
|
21015
|
-
vulnerabilityReportIssues:
|
|
19336
|
+
severityValue: z29.number().nullable(),
|
|
19337
|
+
vulnerabilityReportIssues: z29.array(VulnerabilityReportIssueSchema),
|
|
21016
19338
|
sharedState: SharedStateSchema.nullable().optional(),
|
|
21017
19339
|
// Optional in GraphQL
|
|
21018
19340
|
patchAndQuestions: PatchAndQuestionsSchema,
|
|
21019
19341
|
// Additional field added by the client
|
|
21020
|
-
fixUrl:
|
|
19342
|
+
fixUrl: z29.string().optional()
|
|
21021
19343
|
});
|
|
21022
|
-
var FixAggregateSchema =
|
|
21023
|
-
__typename:
|
|
21024
|
-
aggregate:
|
|
21025
|
-
__typename:
|
|
21026
|
-
count:
|
|
19344
|
+
var FixAggregateSchema = z29.object({
|
|
19345
|
+
__typename: z29.literal("fix_aggregate").optional(),
|
|
19346
|
+
aggregate: z29.object({
|
|
19347
|
+
__typename: z29.literal("fix_aggregate_fields").optional(),
|
|
19348
|
+
count: z29.number()
|
|
21027
19349
|
}).nullable()
|
|
21028
19350
|
});
|
|
21029
|
-
var VulnerabilityReportIssueAggregateSchema =
|
|
21030
|
-
__typename:
|
|
21031
|
-
aggregate:
|
|
21032
|
-
__typename:
|
|
21033
|
-
count:
|
|
19351
|
+
var VulnerabilityReportIssueAggregateSchema = z29.object({
|
|
19352
|
+
__typename: z29.literal("vulnerability_report_issue_aggregate").optional(),
|
|
19353
|
+
aggregate: z29.object({
|
|
19354
|
+
__typename: z29.literal("vulnerability_report_issue_aggregate_fields").optional(),
|
|
19355
|
+
count: z29.number()
|
|
21034
19356
|
}).nullable()
|
|
21035
19357
|
});
|
|
21036
|
-
var RepoSchema =
|
|
21037
|
-
__typename:
|
|
21038
|
-
originalUrl:
|
|
19358
|
+
var RepoSchema = z29.object({
|
|
19359
|
+
__typename: z29.literal("repo").optional(),
|
|
19360
|
+
originalUrl: z29.string()
|
|
21039
19361
|
});
|
|
21040
|
-
var ProjectSchema =
|
|
21041
|
-
id:
|
|
19362
|
+
var ProjectSchema = z29.object({
|
|
19363
|
+
id: z29.any(),
|
|
21042
19364
|
// GraphQL uses `any` type for UUID
|
|
21043
|
-
organizationId:
|
|
19365
|
+
organizationId: z29.any()
|
|
21044
19366
|
// GraphQL uses `any` type for UUID
|
|
21045
19367
|
});
|
|
21046
|
-
var VulnerabilityReportSchema =
|
|
21047
|
-
scanDate:
|
|
19368
|
+
var VulnerabilityReportSchema = z29.object({
|
|
19369
|
+
scanDate: z29.any().nullable(),
|
|
21048
19370
|
// GraphQL uses `any` type for timestamp
|
|
21049
|
-
vendor:
|
|
19371
|
+
vendor: z29.string(),
|
|
21050
19372
|
// GraphQL generates as string, not enum
|
|
21051
|
-
projectId:
|
|
19373
|
+
projectId: z29.any().optional(),
|
|
21052
19374
|
// GraphQL uses `any` type for UUID
|
|
21053
19375
|
project: ProjectSchema,
|
|
21054
19376
|
totalVulnerabilityReportIssuesCount: VulnerabilityReportIssueAggregateSchema,
|
|
21055
19377
|
notFixableVulnerabilityReportIssuesCount: VulnerabilityReportIssueAggregateSchema
|
|
21056
19378
|
});
|
|
21057
|
-
var FixReportSummarySchema =
|
|
21058
|
-
__typename:
|
|
21059
|
-
id:
|
|
19379
|
+
var FixReportSummarySchema = z29.object({
|
|
19380
|
+
__typename: z29.literal("fixReport").optional(),
|
|
19381
|
+
id: z29.any(),
|
|
21060
19382
|
// GraphQL uses `any` type for UUID
|
|
21061
|
-
createdOn:
|
|
19383
|
+
createdOn: z29.any(),
|
|
21062
19384
|
// GraphQL uses `any` type for timestamp
|
|
21063
19385
|
repo: RepoSchema.nullable(),
|
|
21064
|
-
issueTypes:
|
|
19386
|
+
issueTypes: z29.any().nullable(),
|
|
21065
19387
|
// GraphQL uses `any` type for JSON
|
|
21066
19388
|
CRITICAL: FixAggregateSchema,
|
|
21067
19389
|
HIGH: FixAggregateSchema,
|
|
21068
19390
|
MEDIUM: FixAggregateSchema,
|
|
21069
19391
|
LOW: FixAggregateSchema,
|
|
21070
|
-
fixes:
|
|
21071
|
-
userFixes:
|
|
19392
|
+
fixes: z29.array(McpFixSchema),
|
|
19393
|
+
userFixes: z29.array(McpFixSchema).optional(),
|
|
21072
19394
|
// Present in some responses but can be omitted
|
|
21073
19395
|
filteredFixesCount: FixAggregateSchema,
|
|
21074
19396
|
totalFixesCount: FixAggregateSchema,
|
|
21075
19397
|
vulnerabilityReport: VulnerabilityReportSchema
|
|
21076
19398
|
});
|
|
21077
|
-
var ExpiredReportSchema =
|
|
21078
|
-
__typename:
|
|
21079
|
-
id:
|
|
19399
|
+
var ExpiredReportSchema = z29.object({
|
|
19400
|
+
__typename: z29.literal("fixReport").optional(),
|
|
19401
|
+
id: z29.any(),
|
|
21080
19402
|
// GraphQL uses `any` type for UUID
|
|
21081
|
-
expirationOn:
|
|
19403
|
+
expirationOn: z29.any().nullable()
|
|
21082
19404
|
// GraphQL uses `any` type for timestamp
|
|
21083
19405
|
});
|
|
21084
|
-
var GetLatestReportByRepoUrlResponseSchema =
|
|
21085
|
-
__typename:
|
|
21086
|
-
fixReport:
|
|
21087
|
-
expiredReport:
|
|
19406
|
+
var GetLatestReportByRepoUrlResponseSchema = z29.object({
|
|
19407
|
+
__typename: z29.literal("query_root").optional(),
|
|
19408
|
+
fixReport: z29.array(FixReportSummarySchema),
|
|
19409
|
+
expiredReport: z29.array(ExpiredReportSchema)
|
|
21088
19410
|
});
|
|
21089
19411
|
|
|
21090
19412
|
// src/mcp/services/InteractiveFixFilter.ts
|
|
@@ -22894,10 +21216,10 @@ var McpServer = class {
|
|
|
22894
21216
|
};
|
|
22895
21217
|
|
|
22896
21218
|
// src/mcp/prompts/CheckForNewVulnerabilitiesPrompt.ts
|
|
22897
|
-
import { z as
|
|
21219
|
+
import { z as z31 } from "zod";
|
|
22898
21220
|
|
|
22899
21221
|
// src/mcp/prompts/base/BasePrompt.ts
|
|
22900
|
-
import { z as
|
|
21222
|
+
import { z as z30 } from "zod";
|
|
22901
21223
|
var BasePrompt = class {
|
|
22902
21224
|
getDefinition() {
|
|
22903
21225
|
return {
|
|
@@ -22926,7 +21248,7 @@ var BasePrompt = class {
|
|
|
22926
21248
|
const argsToValidate = args === void 0 ? {} : args;
|
|
22927
21249
|
return this.argumentsValidationSchema.parse(argsToValidate);
|
|
22928
21250
|
} catch (error) {
|
|
22929
|
-
if (error instanceof
|
|
21251
|
+
if (error instanceof z30.ZodError) {
|
|
22930
21252
|
const errorDetails = error.errors.map((e) => {
|
|
22931
21253
|
const fieldPath = e.path.length > 0 ? e.path.join(".") : "root";
|
|
22932
21254
|
const message = e.message === "Required" ? `Missing required argument '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
|
|
@@ -22955,8 +21277,8 @@ var BasePrompt = class {
|
|
|
22955
21277
|
};
|
|
22956
21278
|
|
|
22957
21279
|
// src/mcp/prompts/CheckForNewVulnerabilitiesPrompt.ts
|
|
22958
|
-
var CheckForNewVulnerabilitiesArgsSchema =
|
|
22959
|
-
path:
|
|
21280
|
+
var CheckForNewVulnerabilitiesArgsSchema = z31.object({
|
|
21281
|
+
path: z31.string().optional()
|
|
22960
21282
|
});
|
|
22961
21283
|
var CheckForNewVulnerabilitiesPrompt = class extends BasePrompt {
|
|
22962
21284
|
constructor() {
|
|
@@ -23201,9 +21523,9 @@ Call the \`check_for_new_available_fixes\` tool now${args?.path ? ` for ${args.p
|
|
|
23201
21523
|
};
|
|
23202
21524
|
|
|
23203
21525
|
// src/mcp/prompts/FullSecurityAuditPrompt.ts
|
|
23204
|
-
import { z as
|
|
23205
|
-
var FullSecurityAuditArgsSchema =
|
|
23206
|
-
path:
|
|
21526
|
+
import { z as z32 } from "zod";
|
|
21527
|
+
var FullSecurityAuditArgsSchema = z32.object({
|
|
21528
|
+
path: z32.string().optional()
|
|
23207
21529
|
});
|
|
23208
21530
|
var FullSecurityAuditPrompt = class extends BasePrompt {
|
|
23209
21531
|
constructor() {
|
|
@@ -23654,9 +21976,9 @@ Begin the audit now${args?.path ? ` for ${args.path}` : ""}.
|
|
|
23654
21976
|
};
|
|
23655
21977
|
|
|
23656
21978
|
// src/mcp/prompts/ReviewAndFixCriticalPrompt.ts
|
|
23657
|
-
import { z as
|
|
23658
|
-
var ReviewAndFixCriticalArgsSchema =
|
|
23659
|
-
path:
|
|
21979
|
+
import { z as z33 } from "zod";
|
|
21980
|
+
var ReviewAndFixCriticalArgsSchema = z33.object({
|
|
21981
|
+
path: z33.string().optional()
|
|
23660
21982
|
});
|
|
23661
21983
|
var ReviewAndFixCriticalPrompt = class extends BasePrompt {
|
|
23662
21984
|
constructor() {
|
|
@@ -23960,9 +22282,9 @@ Start by scanning${args?.path ? ` ${args.path}` : " the repository"} and priorit
|
|
|
23960
22282
|
};
|
|
23961
22283
|
|
|
23962
22284
|
// src/mcp/prompts/ScanRecentChangesPrompt.ts
|
|
23963
|
-
import { z as
|
|
23964
|
-
var ScanRecentChangesArgsSchema =
|
|
23965
|
-
path:
|
|
22285
|
+
import { z as z34 } from "zod";
|
|
22286
|
+
var ScanRecentChangesArgsSchema = z34.object({
|
|
22287
|
+
path: z34.string().optional()
|
|
23966
22288
|
});
|
|
23967
22289
|
var ScanRecentChangesPrompt = class extends BasePrompt {
|
|
23968
22290
|
constructor() {
|
|
@@ -24173,9 +22495,9 @@ You now have the guidance needed to perform a fast, targeted security scan of re
|
|
|
24173
22495
|
};
|
|
24174
22496
|
|
|
24175
22497
|
// src/mcp/prompts/ScanRepositoryPrompt.ts
|
|
24176
|
-
import { z as
|
|
24177
|
-
var ScanRepositoryArgsSchema =
|
|
24178
|
-
path:
|
|
22498
|
+
import { z as z35 } from "zod";
|
|
22499
|
+
var ScanRepositoryArgsSchema = z35.object({
|
|
22500
|
+
path: z35.string().optional()
|
|
24179
22501
|
});
|
|
24180
22502
|
var ScanRepositoryPrompt = class extends BasePrompt {
|
|
24181
22503
|
constructor() {
|
|
@@ -24573,7 +22895,7 @@ import * as os15 from "os";
|
|
|
24573
22895
|
import * as path29 from "path";
|
|
24574
22896
|
|
|
24575
22897
|
// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
|
|
24576
|
-
import { z as
|
|
22898
|
+
import { z as z37 } from "zod";
|
|
24577
22899
|
|
|
24578
22900
|
// src/mcp/services/PathValidation.ts
|
|
24579
22901
|
import fs21 from "fs";
|
|
@@ -24649,7 +22971,7 @@ async function validatePath(inputPath) {
|
|
|
24649
22971
|
}
|
|
24650
22972
|
|
|
24651
22973
|
// src/mcp/tools/base/BaseTool.ts
|
|
24652
|
-
import { z as
|
|
22974
|
+
import { z as z36 } from "zod";
|
|
24653
22975
|
var BaseTool = class {
|
|
24654
22976
|
getDefinition() {
|
|
24655
22977
|
return {
|
|
@@ -24676,7 +22998,7 @@ var BaseTool = class {
|
|
|
24676
22998
|
try {
|
|
24677
22999
|
return this.inputValidationSchema.parse(args);
|
|
24678
23000
|
} catch (error) {
|
|
24679
|
-
if (error instanceof
|
|
23001
|
+
if (error instanceof z36.ZodError) {
|
|
24680
23002
|
const errorDetails = error.errors.map((e) => {
|
|
24681
23003
|
const fieldPath = e.path.length > 0 ? e.path.join(".") : "root";
|
|
24682
23004
|
const message = e.message === "Required" ? `Missing required parameter '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
|
|
@@ -24715,33 +23037,12 @@ function friendlyType(s) {
|
|
|
24715
23037
|
var noFixesReturnedForParameters = `No fixes returned for the given offset and limit parameters.
|
|
24716
23038
|
`;
|
|
24717
23039
|
var resolveQuestionText = ({
|
|
24718
|
-
fix,
|
|
24719
23040
|
question
|
|
24720
23041
|
}) => {
|
|
24721
|
-
|
|
24722
|
-
|
|
24723
|
-
|
|
24724
|
-
|
|
24725
|
-
}
|
|
24726
|
-
const item = storedQuestionData_default[language]?.[issueType]?.[question.name];
|
|
24727
|
-
if (!item) {
|
|
24728
|
-
return { content: question.name, description: "" };
|
|
24729
|
-
}
|
|
24730
|
-
const args = question.extraContext.reduce(
|
|
24731
|
-
(acc, ctx) => {
|
|
24732
|
-
acc[ctx.key] = ctx.value;
|
|
24733
|
-
return acc;
|
|
24734
|
-
},
|
|
24735
|
-
{}
|
|
24736
|
-
);
|
|
24737
|
-
try {
|
|
24738
|
-
return {
|
|
24739
|
-
content: item.content(args) || question.name,
|
|
24740
|
-
description: item.description(args) || ""
|
|
24741
|
-
};
|
|
24742
|
-
} catch {
|
|
24743
|
-
return { content: question.name, description: "" };
|
|
24744
|
-
}
|
|
23042
|
+
return {
|
|
23043
|
+
content: question.content || question.name,
|
|
23044
|
+
description: question.description ?? ""
|
|
23045
|
+
};
|
|
24745
23046
|
};
|
|
24746
23047
|
var formatQuestionInputContract = (question) => {
|
|
24747
23048
|
switch (question.inputType) {
|
|
@@ -24758,7 +23059,7 @@ var renderInteractiveFix = (fix, index) => {
|
|
|
24758
23059
|
const { questions, extraContext } = fix.patchAndQuestions;
|
|
24759
23060
|
const vulnerabilityType = friendlyType(fix.safeIssueType ?? "Unknown");
|
|
24760
23061
|
const questionsBlock = questions.slice().sort((a, b) => a.index - b.index).map((q, qIdx) => {
|
|
24761
|
-
const { content, description } = resolveQuestionText({
|
|
23062
|
+
const { content, description } = resolveQuestionText({ question: q });
|
|
24762
23063
|
const desc = description ? `
|
|
24763
23064
|
*Why it matters:* ${description}` : "";
|
|
24764
23065
|
const defaultLine = q.defaultValue ? `
|
|
@@ -28275,8 +26576,8 @@ Example payload:
|
|
|
28275
26576
|
},
|
|
28276
26577
|
required: ["path"]
|
|
28277
26578
|
});
|
|
28278
|
-
__publicField(this, "inputValidationSchema",
|
|
28279
|
-
path:
|
|
26579
|
+
__publicField(this, "inputValidationSchema", z37.object({
|
|
26580
|
+
path: z37.string().describe(
|
|
28280
26581
|
"Full local path to the cloned git repository to check for new available fixes"
|
|
28281
26582
|
)
|
|
28282
26583
|
}));
|
|
@@ -28306,7 +26607,7 @@ Example payload:
|
|
|
28306
26607
|
|
|
28307
26608
|
// src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesTool.ts
|
|
28308
26609
|
init_GitService();
|
|
28309
|
-
import { z as
|
|
26610
|
+
import { z as z38 } from "zod";
|
|
28310
26611
|
|
|
28311
26612
|
// src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesService.ts
|
|
28312
26613
|
init_configs();
|
|
@@ -28452,16 +26753,16 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
|
|
|
28452
26753
|
},
|
|
28453
26754
|
required: ["path"]
|
|
28454
26755
|
});
|
|
28455
|
-
__publicField(this, "inputValidationSchema",
|
|
28456
|
-
path:
|
|
26756
|
+
__publicField(this, "inputValidationSchema", z38.object({
|
|
26757
|
+
path: z38.string().describe(
|
|
28457
26758
|
"Full local path to the cloned git repository to check for available fixes"
|
|
28458
26759
|
),
|
|
28459
|
-
offset:
|
|
28460
|
-
limit:
|
|
28461
|
-
fileFilter:
|
|
26760
|
+
offset: z38.number().optional().describe("Optional offset for pagination"),
|
|
26761
|
+
limit: z38.number().optional().describe("Optional maximum number of fixes to return"),
|
|
26762
|
+
fileFilter: z38.array(z38.string()).optional().describe(
|
|
28462
26763
|
"Optional list of file paths relative to the path parameter to filter fixes by. INCOMPATIBLE with fetchFixesFromAnyFile"
|
|
28463
26764
|
),
|
|
28464
|
-
fetchFixesFromAnyFile:
|
|
26765
|
+
fetchFixesFromAnyFile: z38.boolean().optional().describe(
|
|
28465
26766
|
"Optional boolean to fetch fixes for all files. INCOMPATIBLE with fileFilter"
|
|
28466
26767
|
)
|
|
28467
26768
|
}));
|
|
@@ -28527,7 +26828,7 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
|
|
|
28527
26828
|
};
|
|
28528
26829
|
|
|
28529
26830
|
// src/mcp/tools/mcpChecker/mcpCheckerTool.ts
|
|
28530
|
-
import
|
|
26831
|
+
import z39 from "zod";
|
|
28531
26832
|
|
|
28532
26833
|
// src/mcp/tools/mcpChecker/mcpCheckerService.ts
|
|
28533
26834
|
var _McpCheckerService = class _McpCheckerService {
|
|
@@ -28588,7 +26889,7 @@ var McpCheckerTool = class extends BaseTool {
|
|
|
28588
26889
|
__publicField(this, "displayName", "MCP Checker");
|
|
28589
26890
|
// A detailed description to guide the LLM on when and how to invoke this tool.
|
|
28590
26891
|
__publicField(this, "description", "Check the MCP servers running on this IDE against organization policies.");
|
|
28591
|
-
__publicField(this, "inputValidationSchema",
|
|
26892
|
+
__publicField(this, "inputValidationSchema", z39.object({}));
|
|
28592
26893
|
__publicField(this, "inputSchema", {
|
|
28593
26894
|
type: "object",
|
|
28594
26895
|
properties: {},
|
|
@@ -28614,7 +26915,7 @@ var McpCheckerTool = class extends BaseTool {
|
|
|
28614
26915
|
};
|
|
28615
26916
|
|
|
28616
26917
|
// src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesTool.ts
|
|
28617
|
-
import
|
|
26918
|
+
import z40 from "zod";
|
|
28618
26919
|
init_configs();
|
|
28619
26920
|
|
|
28620
26921
|
// src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesService.ts
|
|
@@ -28994,26 +27295,26 @@ Example payload (Mode B \u2014 abstain from every interactive fix, no rescan):
|
|
|
28994
27295
|
"interactiveAnswers": []
|
|
28995
27296
|
}`);
|
|
28996
27297
|
__publicField(this, "hasAuthentication", true);
|
|
28997
|
-
__publicField(this, "inputValidationSchema",
|
|
28998
|
-
path:
|
|
27298
|
+
__publicField(this, "inputValidationSchema", z40.object({
|
|
27299
|
+
path: z40.string().describe(
|
|
28999
27300
|
"Full local path to repository to scan and fix vulnerabilities"
|
|
29000
27301
|
),
|
|
29001
|
-
offset:
|
|
29002
|
-
limit:
|
|
29003
|
-
maxFiles:
|
|
27302
|
+
offset: z40.number().optional().describe("Optional offset for pagination"),
|
|
27303
|
+
limit: z40.number().optional().describe("Optional maximum number of results to return"),
|
|
27304
|
+
maxFiles: z40.number().optional().describe(
|
|
29004
27305
|
`Optional maximum number of files to scan (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN}). Increase for comprehensive scans of larger codebases or decrease for faster focused scans.`
|
|
29005
27306
|
),
|
|
29006
|
-
rescan:
|
|
29007
|
-
scanRecentlyChangedFiles:
|
|
27307
|
+
rescan: z40.boolean().optional().describe("Optional whether to rescan the repository"),
|
|
27308
|
+
scanRecentlyChangedFiles: z40.boolean().optional().describe(
|
|
29008
27309
|
"Optional whether to automatically scan recently changed files when no changed files are found in git status. If false, the tool will prompt the user instead."
|
|
29009
27310
|
),
|
|
29010
|
-
interactiveAnswers:
|
|
29011
|
-
|
|
29012
|
-
fixId:
|
|
29013
|
-
answers:
|
|
29014
|
-
|
|
29015
|
-
key:
|
|
29016
|
-
value:
|
|
27311
|
+
interactiveAnswers: z40.array(
|
|
27312
|
+
z40.object({
|
|
27313
|
+
fixId: z40.string().min(1).describe('Fix id from a previous "Interactive fix" prompt block.'),
|
|
27314
|
+
answers: z40.array(
|
|
27315
|
+
z40.object({
|
|
27316
|
+
key: z40.string().min(1).describe("FixQuestion key."),
|
|
27317
|
+
value: z40.string().describe(
|
|
29017
27318
|
"For SELECT questions MUST be one of the listed options; for TEXT/NUMBER, a free-form value."
|
|
29018
27319
|
)
|
|
29019
27320
|
})
|
|
@@ -29376,7 +27677,7 @@ async function addScmTokenHandler(args) {
|
|
|
29376
27677
|
}
|
|
29377
27678
|
|
|
29378
27679
|
// src/features/codeium_intellij/data_collector.ts
|
|
29379
|
-
import { z as
|
|
27680
|
+
import { z as z41 } from "zod";
|
|
29380
27681
|
|
|
29381
27682
|
// src/utils/read-stdin.ts
|
|
29382
27683
|
import { setTimeout as setTimeout4 } from "timers";
|
|
@@ -29493,12 +27794,12 @@ function promisifyClient(client) {
|
|
|
29493
27794
|
}
|
|
29494
27795
|
});
|
|
29495
27796
|
}
|
|
29496
|
-
async function getGrpcClient(port,
|
|
27797
|
+
async function getGrpcClient(port, csrf) {
|
|
29497
27798
|
const client = promisifyClient(
|
|
29498
27799
|
new PROTO.exa.language_server_pb.LanguageServerService(
|
|
29499
27800
|
`localhost:${port}`,
|
|
29500
27801
|
grpc.credentials.createInsecure(),
|
|
29501
|
-
{ interceptors: [createCsrfInterceptor(
|
|
27802
|
+
{ interceptors: [createCsrfInterceptor(csrf)] }
|
|
29502
27803
|
)
|
|
29503
27804
|
);
|
|
29504
27805
|
try {
|
|
@@ -29578,8 +27879,8 @@ function findRunningCodeiumLanguageServers() {
|
|
|
29578
27879
|
}
|
|
29579
27880
|
|
|
29580
27881
|
// src/features/codeium_intellij/data_collector.ts
|
|
29581
|
-
var HookDataSchema =
|
|
29582
|
-
trajectory_id:
|
|
27882
|
+
var HookDataSchema = z41.object({
|
|
27883
|
+
trajectory_id: z41.string()
|
|
29583
27884
|
});
|
|
29584
27885
|
async function processAndUploadHookData() {
|
|
29585
27886
|
const tracePayload = await getTraceDataForHook();
|