npm - mobbdev - Versions diffs - 0.0.15 → 0.0.18 - Mend

mobbdev 0.0.15 → 0.0.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "mobbdev",
-    "version": "0.0.15",
+    "version": "0.0.18",
     "description": "Automated secure code remediation tool",
     "main": "index.mjs",
     "scripts": {
@@ -17,6 +17,7 @@
     "dependencies": {
         "colors": "1.4.0",
         "configstore": "6.0.0",
+        "debug": "4.3.4",
         "dotenv": "16.0.3",
         "extract-zip": "2.0.1",
         "node-fetch": "3.3.1",

package/src/constants.mjs CHANGED Viewed

@@ -2,7 +2,9 @@ import path from 'node:path';
 import { fileURLToPath } from 'node:url';
 import * as dotenv from 'dotenv';
 import { z } from 'zod';
+import Debug from 'debug';
+const debug = Debug('mobbdev:constants');
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 dotenv.config({ path: path.join(__dirname, '../.env') });
@@ -15,6 +17,7 @@ const envVariablesSchema = z
     .required();
 const envVariables = envVariablesSchema.parse(process.env);
+debug('config %o', envVariables);
 export const WEB_LOGIN_URL = envVariables.WEB_LOGIN_URL;
 export const WEB_APP_URL = envVariables.WEB_APP_URL;

package/src/github.mjs CHANGED Viewed

@@ -4,10 +4,13 @@ import path from 'node:path';
 import { promisify } from 'node:util';
 import fetch from 'node-fetch';
 import extract from 'extract-zip';
+import Debug from 'debug';
 const pipeline = promisify(stream.pipeline);
+const debug = Debug('mobbdev:github');
 export async function getDefaultBranch(repoUrl) {
+    debug('get default branch %s', repoUrl);
     let slug = repoUrl.replace(/https?:\/\/github\.com\//i, '');
     if (slug.endsWith('/')) {
@@ -17,6 +20,7 @@ export async function getDefaultBranch(repoUrl) {
     if (slug.endsWith('.git')) {
         slug = slug.substring(0, slug.length - '.git'.length);
     }
+    debug('slug %s', slug);
     const response = await fetch(`https://api.github.com/repos/${slug}`, {
         method: 'GET',
@@ -27,19 +31,34 @@ export async function getDefaultBranch(repoUrl) {
     });
     if (!response.ok) {
+        debug('GH request failed %s %s', response.body, response.status);
         throw new Error(
             `Can't get default branch, make sure the repository is public: ${repoUrl}.`
         );
     }
     const repoInfo = await response.json();
+    debug('GH request ok %o', repoInfo);
     return repoInfo.default_branch;
 }
 export async function downloadRepo(repoUrl, reference, dirname) {
+    debug('download repo %s %s %s', repoUrl, reference, dirname);
     const zipFilePath = path.join(dirname, 'repo.zip');
     const response = await fetch(`${repoUrl}/zipball/${reference}`);
+    if (!response.ok) {
+        debug(
+            'GH zipball request failed %s %s',
+            response.body,
+            response.status
+        );
+        throw new Error(
+            `Can't access the repository, make it is public: ${repoUrl}.`
+        );
+    }
     const fileWriterStream = fs.createWriteStream(zipFilePath);
     await pipeline(response.body, fileWriterStream);
@@ -49,6 +68,7 @@ export async function downloadRepo(repoUrl, reference, dirname) {
         .readdirSync(dirname, { withFileTypes: true })
         .filter((dirent) => dirent.isDirectory())
         .map((dirent) => dirent.name)[0];
+    debug('repo root %s', repoRoot);
     return path.join(dirname, repoRoot);
 }

package/src/gql.mjs CHANGED Viewed

@@ -1,22 +1,31 @@
 import fetch from 'node-fetch';
+import Debug from 'debug';
 import { API_URL } from './constants.mjs';
+const debug = Debug('mobbdev:gql');
 const ME = `
 query Me {
   user {
     id
     email
-    userOrganizations {
+  }
+}
+`;
+const GET_ORG_AND_PROJECT_ID = `
+query getOrgAndProjectId {
+  user {
+    userOrganizationsAndUserOrganizationRoles {
       organization {
         id
-        projects {
+        projects(order_by: {updatedAt: desc}) {
           id
         }
       }
     }
   }
-}
-`;
+}`;
 const CREATE_COMMUNITY_USER = `
 mutation CreateCommunityUser {
@@ -59,12 +68,12 @@ mutation SubmitVulnerabilityReport($vulnerabilityReportFileName: String!, $fixRe
 export class GQLClient {
     constructor(token) {
+        debug('init with token %s', token);
         this._token = token;
-        this._projectId = undefined;
-        this._organizationId = undefined;
     }
     async _apiCall(query, variables = {}) {
+        debug('api call %o %s', variables, query);
         const response = await fetch(API_URL, {
             method: 'POST',
             headers: {
@@ -77,13 +86,15 @@ export class GQLClient {
         });
         if (!response.ok) {
+            debug('API request failed %s %s', response.body, response.status);
             throw new Error(`API call failed: ${response.status}`);
         }
         const data = await response.json();
+        debug('API request ok %j', data);
         if (data.errors) {
-            throw new Error(`API error: ${response.errors[0].message}`);
+            throw new Error(`API error: ${data.errors[0].message}`);
         }
         if (!data.data) {
@@ -93,40 +104,35 @@ export class GQLClient {
         return data.data;
     }
-    getOrganizationId() {
-        return this._organizationId;
-    }
-    getProjectId() {
-        return this._projectId;
-    }
     async verifyToken() {
         await this.createCommunityUser();
         try {
-            const userInfo = await this._apiCall(ME);
-            const {
-                user: [{ userOrganizations }],
-            } = userInfo;
-            const [
-                {
-                    organization: { id: organizationId, projects },
-                },
-            ] = userOrganizations;
-            const [{ id: projectId }] = projects;
-            this._projectId = projectId;
-            this._organizationId = organizationId;
+            await this._apiCall(ME);
         } catch (e) {
+            debug('verify token failed %o', e);
             return false;
         }
         return true;
     }
+    async getOrgAndProjectId() {
+        const data = await this._apiCall(GET_ORG_AND_PROJECT_ID);
+        const org =
+            data.user[0].userOrganizationsAndUserOrganizationRoles[0]
+                .organization;
+        return {
+            organizationId: org.id,
+            projectId: org.projects[0].id,
+        };
+    }
     async createCommunityUser() {
         try {
             await this._apiCall(CREATE_COMMUNITY_USER);
         } catch (e) {
+            debug('create community user failed %o', e);
             // Ignore errors
         }
     }
@@ -146,13 +152,18 @@ export class GQLClient {
         };
     }
-    async submitVulnerabilityReport(fixReportId, repoUrl, reference) {
+    async submitVulnerabilityReport(
+        fixReportId,
+        repoUrl,
+        reference,
+        projectId
+    ) {
         await this._apiCall(SUBMIT_VULNERABILITY_REPORT, {
             fixReportId,
             repoUrl,
             reference,
             vulnerabilityReportFileName: 'report.json',
-            projectId: this._projectId,
+            projectId,
         });
     }
 }

package/src/index.mjs CHANGED Viewed

@@ -4,6 +4,7 @@ import path from 'node:path';
 import semver from 'semver';
 import open from 'open';
 import Configstore from 'configstore';
+import Debug from 'debug';
 import { GQLClient } from './gql.mjs';
 import { webLogin } from './web-login.mjs';
 import { downloadRepo, getDefaultBranch } from './github.mjs';
@@ -11,6 +12,7 @@ import { getSnykReport } from './snyk.mjs';
 import { uploadFile } from './upload-file.mjs';
 import { WEB_APP_URL } from './constants.mjs';
+const debug = Debug('mobbdev:index');
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const packageJson = JSON.parse(
     fs.readFileSync(path.join(__dirname, '../package.json'), 'utf8')
@@ -24,8 +26,11 @@ if (!semver.satisfies(process.version, packageJson.engines.node)) {
 }
 const config = new Configstore(packageJson.name, { token: '' });
+debug('config %o', config);
 export async function main(dirname, repoUrl) {
+    debug('start %s %s', dirname, repoUrl);
     if (!repoUrl) {
         console.warn(
             'Mobb CLI usage: npx mobbdev <public GitHub repository URL>'
@@ -34,6 +39,7 @@ export async function main(dirname, repoUrl) {
     }
     let token = config.get('token');
+    debug('token %s', token);
     let gqlClient = new GQLClient(token);
     if (!token || !(await gqlClient.verifyToken())) {
@@ -47,10 +53,15 @@ export async function main(dirname, repoUrl) {
             console.error('Something went wrong, API token is invalid.');
             return;
         }
+        debug('set token %s', token);
         config.set('token', token);
     }
+    const { projectId, organizationId } = await gqlClient.getOrgAndProjectId();
+    debug('org id %s', organizationId);
+    debug('project id %s', projectId);
     const reference = await getDefaultBranch(repoUrl);
+    debug('default branch %s', reference);
     const uploadData = await gqlClient.uploadS3BucketInfo();
     const repositoryRoot = await downloadRepo(repoUrl, reference, dirname);
@@ -59,7 +70,11 @@ export async function main(dirname, repoUrl) {
     console.log(
         'We will run Snyk CLI to scan the repository for vulnerabilities. You may be redirected to the login page in the process.'
     );
-    await getSnykReport(reportPath, repositoryRoot);
+    if (!(await getSnykReport(reportPath, repositoryRoot))) {
+        debug('snyk code is not enabled');
+        return;
+    }
     const report = JSON.parse(fs.readFileSync(reportPath, 'utf8'));
@@ -72,9 +87,12 @@ export async function main(dirname, repoUrl) {
     await gqlClient.submitVulnerabilityReport(
         uploadData.fixReportId,
         repoUrl,
-        reference
+        reference,
+        projectId
     );
+    debug('report %o', report);
     const results = ((report.runs || [])[0] || {}).results || [];
     if (results.length === 0) {
         console.log('Snyk has not found any vulnerabilities — nothing to fix.');
@@ -82,8 +100,6 @@ export async function main(dirname, repoUrl) {
         console.log(
             'You will be redirected to our report page, please wait until the analysis is finished and enjoy your fixes.'
         );
-        const projectId = gqlClient.getProjectId();
-        const organizationId = gqlClient.getOrganizationId();
         await open(
             `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${uploadData.fixReportId}`
         );

package/src/snyk.mjs CHANGED Viewed

@@ -4,11 +4,17 @@ import readline from 'node:readline';
 import { stdout } from 'colors/lib/system/supports-colors.js';
 import open from 'open';
 import * as process from 'process';
+import Debug from 'debug';
+const debug = Debug('mobbdev:snyk');
 const require = createRequire(import.meta.url);
 const SNYK_PATH = require.resolve('snyk/bin/snyk');
+debug('snyk executable path %s', SNYK_PATH);
 async function forkSnyk(args, display) {
+    debug('fork snyk with args %o %s', args, display);
     return new Promise((resolve, reject) => {
         const child = cp.fork(SNYK_PATH, args, {
             stdio: ['inherit', 'pipe', 'pipe', 'ipc'],
@@ -16,6 +22,7 @@ async function forkSnyk(args, display) {
         });
         let out = '';
         const onData = (chunk) => {
+            debug('chunk received from snyk std %s', chunk);
             out += chunk;
         };
@@ -28,9 +35,11 @@ async function forkSnyk(args, display) {
         }
         child.on('exit', () => {
+            debug('snyk exit');
             resolve(out);
         });
         child.on('error', (err) => {
+            debug('snyk error %o', err);
             reject(err);
         });
     });
@@ -51,9 +60,12 @@ async function question(questionString) {
 }
 export async function getSnykReport(reportPath, repoRoot) {
+    debug('get snyk report start %s %s', reportPath, repoRoot);
     const config = await forkSnyk(['config'], false);
     if (!config.includes('api: ')) {
+        debug('no token in the config %s', config);
         await forkSnyk(['auth'], true);
     }
@@ -67,16 +79,19 @@ export async function getSnykReport(reportPath, repoRoot) {
             'Snyk Code is not supported for org: enable in Settings > Snyk Code'
         )
     ) {
+        debug('snyk code is not enabled %s', out);
         const answer = await question(
             "Do you want to be taken to the relevant Snyk's online article? (Y/N)"
         );
+        debug('answer %s', answer);
         if (['y', 'yes', ''].includes(answer.toLowerCase())) {
+            debug('opening the browser');
             await open(
                 'https://docs.snyk.io/scan-application-code/snyk-code/getting-started-with-snyk-code/activating-snyk-code-using-the-web-ui/step-1-enabling-the-snyk-code-option'
             );
         }
-        process.exit(0);
+        return false;
     }
+    return true;
 }

package/src/upload-file.mjs CHANGED Viewed

@@ -1,6 +1,13 @@
 import fetch, { FormData, fileFrom } from 'node-fetch';
+import Debug from 'debug';
+const debug = Debug('mobbdev:upload-file');
 export async function uploadFile(reportPath, url, uploadKey, uploadFields) {
+    debug('upload report file start %s %s', reportPath, url);
+    debug('upload fields %o', uploadFields);
+    debug('upload key %s', uploadKey);
     const form = new FormData();
     for (const key in uploadFields) {
@@ -16,6 +23,8 @@ export async function uploadFile(reportPath, url, uploadKey, uploadFields) {
     });
     if (!response.ok) {
+        debug('error from S3 %s %s', response.body, response.status);
         throw new Error(`Failed to upload the report: ${response.status}`);
     }
+    debug('upload report file done');
 }

package/src/web-login.mjs CHANGED Viewed

@@ -1,10 +1,15 @@
+import Debug from 'debug';
 import { setTimeout, clearTimeout } from 'node:timers';
 import http from 'node:http';
-import { WEB_LOGIN_URL } from './constants.mjs';
 import querystring from 'node:querystring';
 import open from 'open';
+import { WEB_LOGIN_URL } from './constants.mjs';
+const debug = Debug('mobbdev:web-login');
 export async function webLogin() {
+    debug('web login start');
     let responseResolver;
     let responseRejecter;
     const responseAwaiter = new Promise((resolve, reject) => {
@@ -12,17 +17,21 @@ export async function webLogin() {
         responseRejecter = reject;
     });
     const timerHandler = setTimeout(() => {
-        responseRejecter(new Error('No login happened in one minute.'));
-    }, 60000);
+        debug('timeout happened');
+        responseRejecter(new Error('No login happened in three minutes.'));
+    }, 180000);
     const server = http.createServer((req, res) => {
+        debug('incoming request');
         let body = '';
         req.on('data', (chunk) => {
+            debug('http server get chunk %s', chunk);
             body += chunk;
         });
         req.on('end', () => {
+            debug('http server end %s', body);
             res.writeHead(301, {
                 Location: `${WEB_LOGIN_URL}?done=true`,
             }).end();
@@ -30,17 +39,22 @@ export async function webLogin() {
         });
     });
+    debug('http server starting');
     const port = await new Promise((resolve) => {
         server.listen(0, '127.0.0.1', () => {
             resolve(server.address().port);
         });
     });
+    debug('http server started on port %d', port);
+    debug('opening the browser on %s', `${WEB_LOGIN_URL}?port=${port}`);
     await open(`${WEB_LOGIN_URL}?port=${port}`);
     try {
+        debug('waiting for http request');
         return await responseAwaiter;
     } finally {
+        debug('http server close');
         clearTimeout(timerHandler);
         server.close();
     }