mobbdev 0.0.115 → 0.0.119
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +62 -35
- package/package.json +11 -11
package/dist/index.mjs
CHANGED
|
@@ -311,11 +311,12 @@ var UploadS3BucketInfoDocument = `
|
|
|
311
311
|
}
|
|
312
312
|
`;
|
|
313
313
|
var DigestVulnerabilityReportDocument = `
|
|
314
|
-
mutation DigestVulnerabilityReport($vulnerabilityReportFileName: String!, $fixReportId: String!, $projectId: String!) {
|
|
314
|
+
mutation DigestVulnerabilityReport($vulnerabilityReportFileName: String!, $fixReportId: String!, $projectId: String!, $scanSource: String!) {
|
|
315
315
|
digestVulnerabilityReport(
|
|
316
316
|
fixReportId: $fixReportId
|
|
317
317
|
vulnerabilityReportFileName: $vulnerabilityReportFileName
|
|
318
318
|
projectId: $projectId
|
|
319
|
+
scanSource: $scanSource
|
|
319
320
|
) {
|
|
320
321
|
__typename
|
|
321
322
|
... on VulnerabilityReport {
|
|
@@ -338,7 +339,7 @@ var DigestVulnerabilityReportDocument = `
|
|
|
338
339
|
}
|
|
339
340
|
`;
|
|
340
341
|
var SubmitVulnerabilityReportDocument = `
|
|
341
|
-
mutation SubmitVulnerabilityReport($fixReportId: String!, $repoUrl: String!, $reference: String!, $projectId: String!, $sha: String, $experimentalEnabled: Boolean, $vulnerabilityReportFileName: String, $pullRequest: Int) {
|
|
342
|
+
mutation SubmitVulnerabilityReport($fixReportId: String!, $repoUrl: String!, $reference: String!, $projectId: String!, $scanSource: String!, $sha: String, $experimentalEnabled: Boolean, $vulnerabilityReportFileName: String, $pullRequest: Int) {
|
|
342
343
|
submitVulnerabilityReport(
|
|
343
344
|
fixReportId: $fixReportId
|
|
344
345
|
repoUrl: $repoUrl
|
|
@@ -348,6 +349,7 @@ var SubmitVulnerabilityReportDocument = `
|
|
|
348
349
|
pullRequest: $pullRequest
|
|
349
350
|
projectId: $projectId
|
|
350
351
|
vulnerabilityReportFileName: $vulnerabilityReportFileName
|
|
352
|
+
scanSource: $scanSource
|
|
351
353
|
) {
|
|
352
354
|
__typename
|
|
353
355
|
... on VulnerabilityReport {
|
|
@@ -593,9 +595,9 @@ function createWSClient(options) {
|
|
|
593
595
|
webSocketImpl: options.websocket || WebSocket,
|
|
594
596
|
connectionParams: () => {
|
|
595
597
|
return {
|
|
596
|
-
headers: {
|
|
598
|
+
headers: options.type === "apiKey" ? {
|
|
597
599
|
[API_KEY_HEADER_NAME]: options.apiKey
|
|
598
|
-
}
|
|
600
|
+
} : { authorization: `Bearer ${options.token}` }
|
|
599
601
|
};
|
|
600
602
|
}
|
|
601
603
|
});
|
|
@@ -699,13 +701,14 @@ var REPORT_STATE_CHECK_DELAY = 5 * 1e3;
|
|
|
699
701
|
var GQLClient = class {
|
|
700
702
|
constructor(args) {
|
|
701
703
|
__publicField(this, "_client");
|
|
702
|
-
__publicField(this, "_apiKey");
|
|
703
704
|
__publicField(this, "_clientSdk");
|
|
704
|
-
|
|
705
|
-
|
|
706
|
-
|
|
705
|
+
__publicField(this, "_auth");
|
|
706
|
+
debug3(`init with ${args}`);
|
|
707
|
+
this._auth = args;
|
|
707
708
|
this._client = new GraphQLClient(API_URL, {
|
|
708
|
-
headers: { [API_KEY_HEADER_NAME]: apiKey || "" }
|
|
709
|
+
headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME]: args.apiKey || "" } : {
|
|
710
|
+
Authorization: `Bearer ${args.token}`
|
|
711
|
+
},
|
|
709
712
|
requestMiddleware: (request) => {
|
|
710
713
|
const requestId = uuidv4();
|
|
711
714
|
debug3(
|
|
@@ -805,10 +808,12 @@ var GQLClient = class {
|
|
|
805
808
|
const filters = hunks.map((hunk) => {
|
|
806
809
|
const filter = {
|
|
807
810
|
path: { _eq: hunk.path },
|
|
808
|
-
_or: hunk.ranges.
|
|
809
|
-
|
|
810
|
-
|
|
811
|
-
|
|
811
|
+
_or: hunk.ranges.flatMap(({ endLine, startLine }) => {
|
|
812
|
+
return [
|
|
813
|
+
{ startLine: { _gte: startLine, _lte: endLine } },
|
|
814
|
+
{ endLine: { _gte: startLine, _lte: endLine } }
|
|
815
|
+
];
|
|
816
|
+
})
|
|
812
817
|
};
|
|
813
818
|
return filter;
|
|
814
819
|
});
|
|
@@ -846,12 +851,14 @@ var GQLClient = class {
|
|
|
846
851
|
}
|
|
847
852
|
async digestVulnerabilityReport({
|
|
848
853
|
fixReportId,
|
|
849
|
-
projectId
|
|
854
|
+
projectId,
|
|
855
|
+
scanSource
|
|
850
856
|
}) {
|
|
851
857
|
const res = await this._clientSdk.DigestVulnerabilityReport({
|
|
852
858
|
fixReportId,
|
|
853
859
|
vulnerabilityReportFileName: "report.json",
|
|
854
|
-
projectId
|
|
860
|
+
projectId,
|
|
861
|
+
scanSource
|
|
855
862
|
});
|
|
856
863
|
if (res.digestVulnerabilityReport.__typename !== "VulnerabilityReport") {
|
|
857
864
|
throw new Error("Digesting vulnerability report failed");
|
|
@@ -869,7 +876,7 @@ var GQLClient = class {
|
|
|
869
876
|
vulnerabilityReportFileName,
|
|
870
877
|
pullRequest
|
|
871
878
|
} = params;
|
|
872
|
-
|
|
879
|
+
return await this._clientSdk.SubmitVulnerabilityReport({
|
|
873
880
|
fixReportId,
|
|
874
881
|
repoUrl,
|
|
875
882
|
reference,
|
|
@@ -877,9 +884,9 @@ var GQLClient = class {
|
|
|
877
884
|
projectId,
|
|
878
885
|
pullRequest,
|
|
879
886
|
sha: sha || "",
|
|
880
|
-
experimentalEnabled
|
|
887
|
+
experimentalEnabled,
|
|
888
|
+
scanSource: params.scanSource
|
|
881
889
|
});
|
|
882
|
-
return res;
|
|
883
890
|
}
|
|
884
891
|
async getFixReportState(fixReportId) {
|
|
885
892
|
const res = await this._clientSdk.FixReportState({ id: fixReportId });
|
|
@@ -925,8 +932,13 @@ var GQLClient = class {
|
|
|
925
932
|
resolve(data);
|
|
926
933
|
}
|
|
927
934
|
},
|
|
928
|
-
{
|
|
929
|
-
apiKey: this.
|
|
935
|
+
this._auth.type === "apiKey" ? {
|
|
936
|
+
apiKey: this._auth.apiKey,
|
|
937
|
+
type: "apiKey",
|
|
938
|
+
timeoutInMs: params.timeoutInMs
|
|
939
|
+
} : {
|
|
940
|
+
token: this._auth.token,
|
|
941
|
+
type: "token",
|
|
930
942
|
timeoutInMs: params.timeoutInMs
|
|
931
943
|
}
|
|
932
944
|
);
|
|
@@ -4336,7 +4348,7 @@ async function handleFinishedAnalysis({
|
|
|
4336
4348
|
${patch}
|
|
4337
4349
|
\`\`\``;
|
|
4338
4350
|
const fixPageLink = `[Learn more and fine tune the fix](${fixUrl})`;
|
|
4339
|
-
await scm.updatePrComment(
|
|
4351
|
+
return await scm.updatePrComment(
|
|
4340
4352
|
{
|
|
4341
4353
|
body: `${title}
|
|
4342
4354
|
${subTitle}
|
|
@@ -4444,6 +4456,9 @@ function endsWithAny(str, suffixes) {
|
|
|
4444
4456
|
return str.endsWith(suffix);
|
|
4445
4457
|
});
|
|
4446
4458
|
}
|
|
4459
|
+
function _get_manifest_files_suffixes() {
|
|
4460
|
+
return ["package.json"];
|
|
4461
|
+
}
|
|
4447
4462
|
async function pack(srcDirPath, vulnFiles) {
|
|
4448
4463
|
debug6("pack folder %s", srcDirPath);
|
|
4449
4464
|
const filepaths = await globby("**", {
|
|
@@ -4457,6 +4472,7 @@ async function pack(srcDirPath, vulnFiles) {
|
|
|
4457
4472
|
debug6("compressing files");
|
|
4458
4473
|
for (const filepath of filepaths) {
|
|
4459
4474
|
const absFilepath = path4.join(srcDirPath, filepath.toString());
|
|
4475
|
+
vulnFiles = vulnFiles.concat(_get_manifest_files_suffixes());
|
|
4460
4476
|
if (!endsWithAny(
|
|
4461
4477
|
absFilepath.toString().replaceAll(path4.win32.sep, path4.posix.sep),
|
|
4462
4478
|
vulnFiles
|
|
@@ -4821,8 +4837,13 @@ async function uploadFile({
|
|
|
4821
4837
|
}
|
|
4822
4838
|
|
|
4823
4839
|
// src/features/analysis/index.ts
|
|
4824
|
-
var { CliError: CliError2, Spinner: Spinner2, keypress: keypress2
|
|
4840
|
+
var { CliError: CliError2, Spinner: Spinner2, keypress: keypress2 } = utils_exports;
|
|
4825
4841
|
var webLoginUrl = `${WEB_APP_URL}/cli-login`;
|
|
4842
|
+
function _getScanSource(command) {
|
|
4843
|
+
if (command === "review")
|
|
4844
|
+
return "AUTO_FIXER" /* AutoFixer */;
|
|
4845
|
+
return "CLI" /* Cli */;
|
|
4846
|
+
}
|
|
4826
4847
|
async function downloadRepo({
|
|
4827
4848
|
repoUrl,
|
|
4828
4849
|
authHeaders,
|
|
@@ -4865,9 +4886,6 @@ var LOGIN_CHECK_DELAY = 5 * 1e3;
|
|
|
4865
4886
|
var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk4.bgBlue(
|
|
4866
4887
|
"press any key to continue"
|
|
4867
4888
|
)};`;
|
|
4868
|
-
var tmpObj = tmp2.dirSync({
|
|
4869
|
-
unsafeCleanup: true
|
|
4870
|
-
});
|
|
4871
4889
|
var getReportUrl = ({
|
|
4872
4890
|
organizationId,
|
|
4873
4891
|
projectId,
|
|
@@ -4875,7 +4893,7 @@ var getReportUrl = ({
|
|
|
4875
4893
|
}) => `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${fixReportId}`;
|
|
4876
4894
|
var debug10 = Debug11("mobbdev:index");
|
|
4877
4895
|
var packageJson = JSON.parse(
|
|
4878
|
-
fs3.readFileSync(path6.join(
|
|
4896
|
+
fs3.readFileSync(path6.join(getDirName(), "../package.json"), "utf8")
|
|
4879
4897
|
);
|
|
4880
4898
|
if (!semver.satisfies(process.version, packageJson.engines.node)) {
|
|
4881
4899
|
throw new CliError2(
|
|
@@ -4885,8 +4903,11 @@ if (!semver.satisfies(process.version, packageJson.engines.node)) {
|
|
|
4885
4903
|
var config2 = new Configstore(packageJson.name, { apiToken: "" });
|
|
4886
4904
|
debug10("config %o", config2);
|
|
4887
4905
|
async function runAnalysis(params, options) {
|
|
4906
|
+
const tmpObj = tmp2.dirSync({
|
|
4907
|
+
unsafeCleanup: true
|
|
4908
|
+
});
|
|
4888
4909
|
try {
|
|
4889
|
-
await _scan(
|
|
4910
|
+
return await _scan(
|
|
4890
4911
|
{
|
|
4891
4912
|
...params,
|
|
4892
4913
|
dirname: tmpObj.name
|
|
@@ -4943,7 +4964,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
4943
4964
|
const { createSpinner: createSpinner4 } = Spinner2({ ci });
|
|
4944
4965
|
skipPrompts = skipPrompts || ci;
|
|
4945
4966
|
let gqlClient = new GQLClient({
|
|
4946
|
-
apiKey: apiKey || config2.get("apiToken")
|
|
4967
|
+
apiKey: apiKey || config2.get("apiToken"),
|
|
4968
|
+
type: "apiKey"
|
|
4947
4969
|
});
|
|
4948
4970
|
await handleMobbLogin();
|
|
4949
4971
|
const { projectId, organizationId } = await gqlClient.getOrgAndProjectId(mobbProjectName);
|
|
@@ -5051,7 +5073,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
5051
5073
|
vulnerabilityReportFileName: "report.json",
|
|
5052
5074
|
sha,
|
|
5053
5075
|
experimentalEnabled,
|
|
5054
|
-
pullRequest: params.pullRequest
|
|
5076
|
+
pullRequest: params.pullRequest,
|
|
5077
|
+
scanSource: _getScanSource(command)
|
|
5055
5078
|
}
|
|
5056
5079
|
});
|
|
5057
5080
|
if (sendReportRes.submitVulnerabilityReport.__typename !== "VulnerabilityReport") {
|
|
@@ -5077,6 +5100,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
5077
5100
|
text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Generating fixes..."
|
|
5078
5101
|
});
|
|
5079
5102
|
await askToOpenAnalysis();
|
|
5103
|
+
return reportUploadInfo.fixReportId;
|
|
5080
5104
|
async function getReport(scanner2) {
|
|
5081
5105
|
const reportPath2 = path6.join(dirname, "report.json");
|
|
5082
5106
|
switch (scanner2) {
|
|
@@ -5168,7 +5192,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
5168
5192
|
});
|
|
5169
5193
|
throw new CliError2();
|
|
5170
5194
|
}
|
|
5171
|
-
gqlClient = new GQLClient({ apiKey: newApiToken });
|
|
5195
|
+
gqlClient = new GQLClient({ apiKey: newApiToken, type: "apiKey" });
|
|
5172
5196
|
if (await gqlClient.verifyToken()) {
|
|
5173
5197
|
debug10("set api token %s", newApiToken);
|
|
5174
5198
|
config2.set("apiToken", newApiToken);
|
|
@@ -5248,7 +5272,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
5248
5272
|
try {
|
|
5249
5273
|
const { vulnerabilityReportId } = await gqlClient.digestVulnerabilityReport({
|
|
5250
5274
|
fixReportId: reportUploadInfo.fixReportId,
|
|
5251
|
-
projectId
|
|
5275
|
+
projectId,
|
|
5276
|
+
scanSource: _getScanSource(command)
|
|
5252
5277
|
});
|
|
5253
5278
|
try {
|
|
5254
5279
|
await gqlClient.subscribeToAnalysis({
|
|
@@ -5303,7 +5328,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
5303
5328
|
projectId,
|
|
5304
5329
|
repoUrl: repo || gitInfo.repoUrl || getTopLevelDirName(srcPath),
|
|
5305
5330
|
reference: gitInfo.reference || "no-branch",
|
|
5306
|
-
sha: commitHash || gitInfo.hash || "0123456789abcdef"
|
|
5331
|
+
sha: commitHash || gitInfo.hash || "0123456789abcdef",
|
|
5332
|
+
scanSource: _getScanSource(command)
|
|
5307
5333
|
}
|
|
5308
5334
|
});
|
|
5309
5335
|
} catch (e) {
|
|
@@ -5314,13 +5340,13 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
5314
5340
|
text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Generating fixes..."
|
|
5315
5341
|
});
|
|
5316
5342
|
await askToOpenAnalysis();
|
|
5343
|
+
return reportUploadInfo.fixReportId;
|
|
5317
5344
|
}
|
|
5318
5345
|
}
|
|
5319
5346
|
|
|
5320
5347
|
// src/commands/index.ts
|
|
5321
5348
|
import chalkAnimation from "chalk-animation";
|
|
5322
5349
|
import Configstore2 from "configstore";
|
|
5323
|
-
var { getDirName: getDirName3 } = utils_exports;
|
|
5324
5350
|
async function review(params, { skipPrompts = true } = {}) {
|
|
5325
5351
|
const {
|
|
5326
5352
|
repo,
|
|
@@ -5378,13 +5404,14 @@ async function analyze({
|
|
|
5378
5404
|
);
|
|
5379
5405
|
}
|
|
5380
5406
|
var packageJson2 = JSON.parse(
|
|
5381
|
-
fs4.readFileSync(path7.join(
|
|
5407
|
+
fs4.readFileSync(path7.join(getDirName(), "../package.json"), "utf8")
|
|
5382
5408
|
);
|
|
5383
5409
|
var config3 = new Configstore2(packageJson2.name, { apiToken: "" });
|
|
5384
5410
|
async function addScmToken(addScmTokenOptions) {
|
|
5385
5411
|
const { apiKey, token, organization, scmType, url, username, refreshToken } = addScmTokenOptions;
|
|
5386
5412
|
const gqlClient = new GQLClient({
|
|
5387
|
-
apiKey: apiKey || config3.get("apiToken")
|
|
5413
|
+
apiKey: apiKey || config3.get("apiToken"),
|
|
5414
|
+
type: "apiKey"
|
|
5388
5415
|
});
|
|
5389
5416
|
if (!scmType) {
|
|
5390
5417
|
throw new CliError(errorMessages.invalidScmType);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mobbdev",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.119",
|
|
4
4
|
"description": "Automated secure code remediation tool",
|
|
5
5
|
"repository": "https://github.com/mobb-dev/bugsy",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -43,11 +43,11 @@
|
|
|
43
43
|
"dotenv": "16.4.5",
|
|
44
44
|
"extract-zip": "2.0.1",
|
|
45
45
|
"globby": "13.2.2",
|
|
46
|
-
"graphql": "16.8.
|
|
46
|
+
"graphql": "16.8.2",
|
|
47
47
|
"graphql-request": "5.0.0",
|
|
48
48
|
"graphql-tag": "2.12.6",
|
|
49
|
-
"graphql-ws": "5.
|
|
50
|
-
"inquirer": "9.2.
|
|
49
|
+
"graphql-ws": "5.16.0",
|
|
50
|
+
"inquirer": "9.2.23",
|
|
51
51
|
"isomorphic-ws": "5.0.0",
|
|
52
52
|
"istextorbinary": "6.0.0",
|
|
53
53
|
"libsodium-wrappers": "0.7.13",
|
|
@@ -57,22 +57,22 @@
|
|
|
57
57
|
"open": "8.4.2",
|
|
58
58
|
"parse-diff": "0.11.1",
|
|
59
59
|
"semver": "7.6.2",
|
|
60
|
-
"simple-git": "3.
|
|
60
|
+
"simple-git": "3.25.0",
|
|
61
61
|
"snyk": "1.1118.0",
|
|
62
62
|
"supports-color": "9.4.0",
|
|
63
63
|
"tar": "6.2.1",
|
|
64
64
|
"tmp": "0.2.3",
|
|
65
65
|
"undici": "6.7.0",
|
|
66
|
-
"uuid": "
|
|
66
|
+
"uuid": "10.0.0",
|
|
67
67
|
"ws": "8.10.0",
|
|
68
68
|
"yargs": "17.7.2",
|
|
69
69
|
"zod": "3.23.8"
|
|
70
70
|
},
|
|
71
71
|
"devDependencies": {
|
|
72
|
-
"@graphql-codegen/cli": "
|
|
73
|
-
"@graphql-codegen/typescript": "
|
|
72
|
+
"@graphql-codegen/cli": "3.3.1",
|
|
73
|
+
"@graphql-codegen/typescript": "3.0.4",
|
|
74
74
|
"@graphql-codegen/typescript-graphql-request": "4.5.8",
|
|
75
|
-
"@graphql-codegen/typescript-operations": "
|
|
75
|
+
"@graphql-codegen/typescript-operations": "3.0.4",
|
|
76
76
|
"@octokit/request-error": "3.0.3",
|
|
77
77
|
"@octokit/types": "13.5.0",
|
|
78
78
|
"@types/adm-zip": "0.5.0",
|
|
@@ -89,10 +89,10 @@
|
|
|
89
89
|
"@typescript-eslint/eslint-plugin": "5.44.0",
|
|
90
90
|
"@typescript-eslint/parser": "5.44.0",
|
|
91
91
|
"eslint": "8.56.0",
|
|
92
|
-
"eslint-plugin-import": "2.
|
|
92
|
+
"eslint-plugin-import": "2.29.1",
|
|
93
93
|
"eslint-plugin-prettier": "5.1.3",
|
|
94
94
|
"eslint-plugin-simple-import-sort": "10.0.0",
|
|
95
|
-
"prettier": "3.3.
|
|
95
|
+
"prettier": "3.3.2",
|
|
96
96
|
"tsup": "7.2.0",
|
|
97
97
|
"typescript": "4.9.5",
|
|
98
98
|
"vitest": "0.34.6"
|