mobbdev 0.0.15 → 0.0.20

package/.env

@@ -1,4 +1,5 @@
-# production@v6
+# production@v8
 WEB_LOGIN_URL="https://app.mobb.dev/cli-login"
 API_URL="https://api.mobb.dev/v1/graphql"
-WEB_APP_URL="https://app.mobb.dev"
+WEB_APP_URL="https://app.mobb.dev"
+GITHUB_CLIENT_ID="49d729663b401f91afe5"

package/README.md

@@ -27,11 +27,11 @@ Snyk CLI is used to produce a SAST vulnerability report.
 You can use Bugsy from the command line. To evaluate and remediate a new open-source repository, you can run the following command:
 
 ```shell
-npx mobbdev https://github.com/mobb-dev/simple-vulnerable-java-project
+npx mobbdev scan -r https://github.com/mobb-dev/simple-vulnerable-java-project
 ```
 
 Bugsy will automatically generate a fix for each supported vulnerability identified in the SAST results, present it to developers for review and commit to their code.
 
 ## Getting support
 
-If you need support using Bugsy or just want to share your thoughts and learn more, you are more than welcome to join our [discord server](https://discord.gg/ks6Nz3H828)
+If you need support using Bugsy or just want to share your thoughts and learn more, you are more than welcome to join our [discord server](https://discord.gg/Jmpb5QUa)

package/index.mjs

@@ -1,17 +1,23 @@
-import { main } from './src/index.mjs';
-import tmp from 'tmp';
+import { analyze, scan } from './src/commands/index.mjs';
+import { parseArgs } from './src/yargs.mjs';
+import { hideBin } from 'yargs/helpers';
 
-const tmpObj = tmp.dirSync({
-    unsafeCleanup: true,
-});
-
-main(tmpObj.name, process.argv[2])
-    .catch((err) => {
-        console.error(
-            'Something went wrong, please try again or contact support if issue persists.'
+async function run() {
+    const args = await parseArgs(hideBin(process.argv));
+    const [command] = args._;
+    if (command === 'scan') {
+        const { repo, branch, yes, scanner } = args;
+        await scan({ repoUrl: repo, branch, scanner }, { skipPrompts: yes });
+    }
+    if (command === 'analyze') {
+        const { repo, scanFile, branch, yes } = args;
+        await analyze(
+            { repoUrl: repo, scanFilePath: scanFile, branch },
+            { skipPrompts: yes }
         );
-        console.error(err);
-    })
-    .then(() => {
-        tmpObj.removeCallback();
-    });
+    }
+}
+
+(async () => {
+    await run();
+})();

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "mobbdev",
-    "version": "0.0.15",
+    "version": "0.0.20",
     "description": "Automated secure code remediation tool",
     "main": "index.mjs",
     "scripts": {
@@ -15,15 +15,21 @@
     "author": "",
     "license": "MIT",
     "dependencies": {
+        "chalk": "5.3.0",
+        "chalk-animation": "2.0.3",
         "colors": "1.4.0",
         "configstore": "6.0.0",
+        "debug": "4.3.4",
         "dotenv": "16.0.3",
         "extract-zip": "2.0.1",
+        "inquirer": "9.2.7",
+        "nanospinner": "1.1.0",
         "node-fetch": "3.3.1",
         "open": "8.4.2",
         "semver": "7.5.0",
         "snyk": "1.1118.0",
         "tmp": "0.2.1",
+        "yargs": "17.7.2",
         "zod": "3.21.4"
     },
     "devDependencies": {

package/src/commands/index.mjs

@@ -0,0 +1,78 @@
+import { z } from 'zod';
+import fs from 'node:fs';
+import chalk from 'chalk';
+import chalkAnimation from 'chalk-animation';
+import { choseScanner } from '../feature/analysis/prompts.mjs';
+import { SCANNERS, mobbAscii } from '../constants.mjs';
+import { runAnalysis } from '../feature/analysis/index.mjs';
+import { sleep } from '../utils.mjs';
+import path from 'path';
+
+const GITHUB_REPO_URL_PATTERN = new RegExp(
+    'https://github.com/[\\w-]+/[\\w-]+'
+);
+
+const UrlZ = z
+    .string({ required_error: 'Please Enter A Github Url' })
+    .regex(GITHUB_REPO_URL_PATTERN, {
+        message: 'Invalid Github repository URL',
+    });
+
+function handleScanErrorMessage({ error, repoUrl, command }) {
+    console.log('\n');
+    const errorMessage = error.issues[error.issues.length - 1].message;
+    if (repoUrl) {
+        console.log(`Error: ${chalk.bold(repoUrl)} is ${errorMessage}`);
+    }
+    console.log(
+        `Example: \n\tmobbdev ${command} ${chalk.bold(
+            '-r https://github.com/WebGoat/WebGoat'
+        )}`
+    );
+}
+
+export async function analyze(
+    { repoUrl, scanFilePath, branch },
+    { skipPrompts = false } = {}
+) {
+    const { success, error } = UrlZ.safeParse(repoUrl);
+    if (!success) {
+        return handleScanErrorMessage({ error, repoUrl, command: 'analyze' });
+    }
+    console.log('scanFilePath', scanFilePath);
+    if (!fs.existsSync(scanFilePath)) {
+        console.log(`\nCan't access ${chalk.bold(scanFilePath)}`);
+        return;
+    }
+    if (path.extname(scanFilePath) !== '.json') {
+        console.log(`\n${chalk.bold(scanFilePath)} is not a json file`);
+        return;
+    }
+    await showWelcomeMessage(skipPrompts);
+    await runAnalysis({ repoUrl, scanFilePath, branch }, { skipPrompts });
+}
+
+export async function scan(
+    { repoUrl, scanner, branch },
+    { skipPrompts = false } = {}
+) {
+    const { success, error } = UrlZ.safeParse(repoUrl);
+    if (!success) {
+        return handleScanErrorMessage({ error, repoUrl, command: 'scan' });
+    }
+    await showWelcomeMessage(skipPrompts);
+    scanner ??= scanner || (await choseScanner());
+    if (scanner !== SCANNERS.Snyk) {
+        console.log(
+            'Vulnerability scanning via Bugsy is available only with Snyk at the moment. Additional scanners will follow soon.'
+        );
+        return;
+    }
+    await runAnalysis({ repoUrl, scanner, branch }, { skipPrompts });
+}
+async function showWelcomeMessage(skipPrompts = false) {
+    console.log(mobbAscii);
+    const welcome = chalkAnimation.rainbow('\n\t\t\tWelcome to Bugsy\n');
+    skipPrompts ? await sleep(100) : await sleep(2000);
+    welcome.stop();
+}

package/src/constants.mjs

@@ -2,20 +2,61 @@ import path from 'node:path';
 import { fileURLToPath } from 'node:url';
 import * as dotenv from 'dotenv';
 import { z } from 'zod';
+import Debug from 'debug';
 
+const debug = Debug('mobbdev:constants');
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 dotenv.config({ path: path.join(__dirname, '../.env') });
 
+export const SCANNERS = {
+    Checkmarx: 'checkmarx',
+    Codeql: 'codeql',
+    Fortify: 'fortify',
+    Snyk: 'snyk',
+};
+
 const envVariablesSchema = z
     .object({
         WEB_LOGIN_URL: z.string(),
         WEB_APP_URL: z.string(),
         API_URL: z.string(),
+        GITHUB_CLIENT_ID: z.string(),
     })
     .required();
 
 const envVariables = envVariablesSchema.parse(process.env);
+debug('config %o', envVariables);
+
+export const mobbAscii = `
+                                   ..                       
+                             ..........                     
+                        .................                   
+               ...........................                  
+              ..............................                
+             ................................               
+             ..................................             
+            ....................................            
+            .....................................           
+            .............................................   
+          ................................................. 
+     ...............................       .................
+  ..................................           ............ 
+..................    .............            ..........   
+......... ........      .........             ......        
+  ...............                          ....             
+         .... ..                                            
+                                                            
+                                      . ...                 
+                              ..............                
+                       ......................               
+                   ...........................              
+               ................................             
+           ......................................           
+                ...............................             
+                       .................                    
+`;
 
 export const WEB_LOGIN_URL = envVariables.WEB_LOGIN_URL;
 export const WEB_APP_URL = envVariables.WEB_APP_URL;
 export const API_URL = envVariables.API_URL;
+export const GITHUB_CLIENT_ID = envVariables.GITHUB_CLIENT_ID;

package/src/{web-login.mjs → feature/analysis/callback-server.mjs}

@@ -1,10 +1,14 @@
+import Debug from 'debug';
 import { setTimeout, clearTimeout } from 'node:timers';
 import http from 'node:http';
-import { WEB_LOGIN_URL } from './constants.mjs';
 import querystring from 'node:querystring';
 import open from 'open';
 
-export async function webLogin() {
+const debug = Debug('mobbdev:web-login');
+
+export async function callbackServer(url, redirectUrl) {
+    debug('web login start');
+
     let responseResolver;
     let responseRejecter;
     const responseAwaiter = new Promise((resolve, reject) => {
@@ -12,35 +16,45 @@ export async function webLogin() {
         responseRejecter = reject;
     });
     const timerHandler = setTimeout(() => {
-        responseRejecter(new Error('No login happened in one minute.'));
-    }, 60000);
+        debug('timeout happened');
+        responseRejecter(new Error('No login happened in three minutes.'));
+    }, 180000);
 
     const server = http.createServer((req, res) => {
+        debug('incoming request');
         let body = '';
 
         req.on('data', (chunk) => {
+            debug('http server get chunk %s', chunk);
             body += chunk;
         });
 
         req.on('end', () => {
+            debug('http server end %s', body);
             res.writeHead(301, {
-                Location: `${WEB_LOGIN_URL}?done=true`,
+                Location: redirectUrl,
             }).end();
-            responseResolver(querystring.parse(body).token);
+
+            responseResolver(querystring.parse(body));
         });
     });
 
+    debug('http server starting');
     const port = await new Promise((resolve) => {
         server.listen(0, '127.0.0.1', () => {
             resolve(server.address().port);
         });
     });
+    debug('http server started on port %d', port);
 
-    await open(`${WEB_LOGIN_URL}?port=${port}`);
+    debug('opening the browser on %s', `${url}?port=${port}`);
+    await open(`${url}?port=${port}`);
 
     try {
+        debug('waiting for http request');
         return await responseAwaiter;
     } finally {
+        debug('http server close');
         clearTimeout(timerHandler);
         server.close();
     }

package/src/feature/analysis/github.mjs

@@ -0,0 +1,110 @@
+import fs from 'node:fs';
+import chalk from 'chalk';
+import stream from 'node:stream';
+import path from 'node:path';
+import { promisify } from 'node:util';
+import fetch from 'node-fetch';
+import extract from 'extract-zip';
+import Debug from 'debug';
+import { createSpinner } from 'nanospinner';
+import { GITHUB_CLIENT_ID, WEB_APP_URL } from '../../constants.mjs';
+const pipeline = promisify(stream.pipeline);
+const debug = Debug('mobbdev:github');
+
+const githubTokenUrl = `${WEB_APP_URL}/gh-callback`;
+
+export const GITHUB_OAUTH_URL = `https://github.com/login/oauth/authorize?client_id=${GITHUB_CLIENT_ID}&scope=repo&redirect_uri=${githubTokenUrl}`;
+
+async function getRepo(slug, { token } = {}) {
+    try {
+        return fetch(`https://api.github.com/repos/${slug}`, {
+            method: 'GET',
+            headers: {
+                Accept: 'application/vnd.github+json',
+                'X-GitHub-Api-Version': '2022-11-28',
+                ...(token && { Authorization: `bearer ${token}` }),
+            },
+        });
+    } catch (e) {
+        debug(`error fetching the repo ${slug}`, e);
+        throw e;
+    }
+}
+
+function extractSlug(repoUrl) {
+    debug('get default branch %s', repoUrl);
+    let slug = repoUrl.replace(/https?:\/\/github\.com\//i, '');
+
+    if (slug.endsWith('/')) {
+        slug = slug.substring(0, slug.length - 1);
+    }
+
+    if (slug.endsWith('.git')) {
+        slug = slug.substring(0, slug.length - '.git'.length);
+    }
+    debug('slug %s', slug);
+    return slug;
+}
+
+export async function canReachRepo(repoUrl, { token } = {}) {
+    const slug = extractSlug(repoUrl);
+    const response = await getRepo(slug, { token });
+    return response.ok;
+}
+
+export async function getDefaultBranch(repoUrl, { token } = {}) {
+    const slug = extractSlug(repoUrl);
+    const response = await getRepo(slug, { token });
+    if (!response.ok) {
+        debug('GH request failed %s %s', response.body, response.status);
+        throw new Error(
+            `Can't get default branch, make sure you have access to : ${repoUrl}.`
+        );
+    }
+
+    const repoInfo = await response.json();
+    debug('GH request ok %o', repoInfo);
+
+    return repoInfo.default_branch;
+}
+
+export async function downloadRepo(
+    { repoUrl, reference, dirname },
+    { token } = {}
+) {
+    const repoSpinner = createSpinner('💾 Downloading Repo').start();
+    debug('download repo %s %s %s', repoUrl, reference, dirname);
+    const zipFilePath = path.join(dirname, 'repo.zip');
+    const response = await fetch(`${repoUrl}/zipball/${reference}`, {
+        method: 'GET',
+        headers: {
+            ...(token && { Authorization: `bearer ${token}` }),
+        },
+    });
+    if (!response.ok) {
+        debug(
+            'GH zipball request failed %s %s',
+            response.body,
+            response.status
+        );
+        repoSpinner.error({ text: '💾 Repo download failed' });
+        throw new Error(
+            `Can't access the the branch ${chalk.bold(
+                reference
+            )} on ${chalk.bold(repoUrl)} make sure it exits.`
+        );
+    }
+
+    const fileWriterStream = fs.createWriteStream(zipFilePath);
+
+    await pipeline(response.body, fileWriterStream);
+    await extract(zipFilePath, { dir: dirname });
+
+    const repoRoot = fs
+        .readdirSync(dirname, { withFileTypes: true })
+        .filter((dirent) => dirent.isDirectory())
+        .map((dirent) => dirent.name)[0];
+    debug('repo root %s', repoRoot);
+    repoSpinner.success({ text: '💾 Repo downloaded successfully' });
+    return path.join(dirname, repoRoot);
+}

package/src/{gql.mjs → feature/analysis/gql.mjs}

@@ -1,22 +1,32 @@
 import fetch from 'node-fetch';
-import { API_URL } from './constants.mjs';
+import Debug from 'debug';
+import { API_URL } from '../../constants.mjs';
+
+const debug = Debug('mobbdev:gql');
 
 const ME = `
 query Me {
-  user {
+  me {
     id
     email
-    userOrganizations {
+    githubToken
+  }
+}
+`;
+
+const GET_ORG_AND_PROJECT_ID = `
+query getOrgAndProjectId {
+  user {
+    userOrganizationsAndUserOrganizationRoles {
       organization {
         id
-        projects {
+        projects(order_by: {updatedAt: desc}) {
           id
         }
       }
     }
   }
-}
-`;
+}`;
 
 const CREATE_COMMUNITY_USER = `
 mutation CreateCommunityUser {
@@ -59,12 +69,16 @@ mutation SubmitVulnerabilityReport($vulnerabilityReportFileName: String!, $fixRe
 
 export class GQLClient {
     constructor(token) {
+        debug('init with token %s', token);
         this._token = token;
-        this._projectId = undefined;
-        this._organizationId = undefined;
+    }
+    async getUserInfo() {
+        const { me } = await this._apiCall(ME);
+        return me;
     }
 
     async _apiCall(query, variables = {}) {
+        debug('api call %o %s', variables, query);
         const response = await fetch(API_URL, {
             method: 'POST',
             headers: {
@@ -77,13 +91,15 @@ export class GQLClient {
         });
 
         if (!response.ok) {
+            debug('API request failed %s %s', response.body, response.status);
             throw new Error(`API call failed: ${response.status}`);
         }
 
         const data = await response.json();
+        debug('API request ok %j', data);
 
         if (data.errors) {
-            throw new Error(`API error: ${response.errors[0].message}`);
+            throw new Error(`API error: ${data.errors[0].message}`);
         }
 
         if (!data.data) {
@@ -93,40 +109,35 @@ export class GQLClient {
         return data.data;
     }
 
-    getOrganizationId() {
-        return this._organizationId;
-    }
-
-    getProjectId() {
-        return this._projectId;
-    }
-
     async verifyToken() {
         await this.createCommunityUser();
 
         try {
-            const userInfo = await this._apiCall(ME);
-            const {
-                user: [{ userOrganizations }],
-            } = userInfo;
-            const [
-                {
-                    organization: { id: organizationId, projects },
-                },
-            ] = userOrganizations;
-            const [{ id: projectId }] = projects;
-            this._projectId = projectId;
-            this._organizationId = organizationId;
+            await this._apiCall(ME);
         } catch (e) {
+            debug('verify token failed %o', e);
             return false;
         }
         return true;
     }
 
+    async getOrgAndProjectId() {
+        const data = await this._apiCall(GET_ORG_AND_PROJECT_ID);
+        const org =
+            data.user[0].userOrganizationsAndUserOrganizationRoles[0]
+                .organization;
+
+        return {
+            organizationId: org.id,
+            projectId: org.projects[0].id,
+        };
+    }
+
     async createCommunityUser() {
         try {
             await this._apiCall(CREATE_COMMUNITY_USER);
         } catch (e) {
+            debug('create community user failed %o', e);
             // Ignore errors
         }
     }
@@ -146,13 +157,18 @@ export class GQLClient {
         };
     }
 
-    async submitVulnerabilityReport(fixReportId, repoUrl, reference) {
+    async submitVulnerabilityReport(
+        fixReportId,
+        repoUrl,
+        reference,
+        projectId
+    ) {
         await this._apiCall(SUBMIT_VULNERABILITY_REPORT, {
             fixReportId,
             repoUrl,
             reference,
             vulnerabilityReportFileName: 'report.json',
-            projectId: this._projectId,
+            projectId,
         });
     }
 }

package/src/feature/analysis/index.mjs

@@ -0,0 +1,223 @@
+import chalk from 'chalk';
+import Configstore from 'configstore';
+import Debug from 'debug';
+import { createSpinner } from 'nanospinner';
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import open from 'open';
+import semver from 'semver';
+import { callbackServer } from './callback-server.mjs';
+import tmp from 'tmp';
+
+import { WEB_APP_URL } from '../../constants.mjs';
+import {
+    canReachRepo,
+    downloadRepo,
+    getDefaultBranch,
+    GITHUB_OAUTH_URL,
+} from './github.mjs';
+import { GQLClient } from './gql.mjs';
+import { githubIntegrationPrompt, mobbAnalysisPrompt } from './prompts.mjs';
+import { getSnykReport } from './snyk.mjs';
+import { uploadFile } from './upload-file.mjs';
+import { keypress } from '../../utils.mjs';
+
+const webLoginUrl = `${WEB_APP_URL}/cli-login`;
+const githubSubmitUrl = `${WEB_APP_URL}/gh-callback`;
+
+const MOBB_LOGIN_REQUIRED_MSG = `🔓 Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk.bgBlue(
+    'press any key to continue'
+)};`;
+const tmpObj = tmp.dirSync({
+    unsafeCleanup: true,
+});
+
+const debug = Debug('mobbdev:index');
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+const packageJson = JSON.parse(
+    fs.readFileSync(path.join(__dirname, '../../../package.json'), 'utf8')
+);
+
+if (!semver.satisfies(process.version, packageJson.engines.node)) {
+    console.error(
+        `${packageJson.name} requires node version ${packageJson.engines.node}, but running ${process.version}.`
+    );
+    process.exit(1);
+}
+
+const config = new Configstore(packageJson.name, { token: '' });
+debug('config %o', config);
+
+export async function runAnalysis(
+    { repoUrl, scanner, scanFilePath, branch },
+    { skipPrompts }
+) {
+    try {
+        await _scan(
+            { dirname: tmpObj.name, repoUrl, scanner, scanFilePath, branch },
+            { skipPrompts }
+        );
+    } catch (err) {
+        console.error(
+            'Something went wrong, please try again or contact support if issue persists.'
+        );
+        console.error(err);
+    } finally {
+        tmpObj.removeCallback();
+    }
+}
+
+export async function _scan(
+    { dirname, repoUrl, scanFilePath, branch },
+    { skipPrompts = false } = {}
+) {
+    debug('start %s %s', dirname, repoUrl);
+
+    let token = config.get('token');
+    debug('token %s', token);
+    let gqlClient = new GQLClient(token);
+    await handleMobbLogin();
+    const userInfo = await gqlClient.getUserInfo();
+    let { githubToken } = userInfo;
+    const isRepoAvailable = await canReachRepo(repoUrl, {
+        token: userInfo.githubToken,
+    });
+    if (!isRepoAvailable) {
+        const { token } = await handleGithubIntegration();
+        githubToken = token;
+    }
+
+    const reference =
+        branch ?? (await getDefaultBranch(repoUrl, { token: githubToken }));
+    const { projectId, organizationId } = await gqlClient.getOrgAndProjectId();
+    debug('org id %s', organizationId);
+    debug('project id %s', projectId);
+    debug('default branch %s', reference);
+    const uploadData = await gqlClient.uploadS3BucketInfo();
+
+    const repositoryRoot = await downloadRepo(
+        {
+            repoUrl,
+            reference,
+            dirname,
+        },
+        { token: githubToken }
+    );
+
+    const reportPath = scanFilePath || (await getReportFromSnyk());
+
+    const report = JSON.parse(fs.readFileSync(reportPath, 'utf8'));
+    await uploadFile(
+        reportPath,
+        uploadData.url,
+        uploadData.uploadKey,
+        uploadData.uploadFields
+    );
+    const mobbSpinner = createSpinner('🕵️‍♂️ Initiating Mobb analysis').start();
+    try {
+        await gqlClient.submitVulnerabilityReport(
+            uploadData.fixReportId,
+            repoUrl,
+            reference,
+            projectId
+        );
+    } catch (e) {
+        mobbSpinner.error({ text: '🕵️‍♂️ Mobb analysis failed' });
+        throw e;
+    }
+
+    debug('report %o', report);
+
+    const results = ((report.runs || [])[0] || {}).results || [];
+    if (results.length === 0 && !scanFilePath) {
+        mobbSpinner.success({
+            text: '🕵️‍♂️ Report did not detect any vulnerabilities — nothing to fix.',
+        });
+    } else {
+        mobbSpinner.success({
+            text: '🕵️‍♂️ Generating fixes...',
+        });
+
+        await askToOpenAnalysis();
+    }
+    process.exit(0);
+    async function getReportFromSnyk() {
+        const reportPath = path.join(dirname, 'report.json');
+
+        if (
+            !(await getSnykReport(reportPath, repositoryRoot, { skipPrompts }))
+        ) {
+            debug('snyk code is not enabled');
+            return;
+        }
+        return reportPath;
+    }
+    async function askToOpenAnalysis() {
+        !skipPrompts && (await mobbAnalysisPrompt());
+        open(
+            `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${uploadData.fixReportId}`
+        );
+        console.log(
+            chalk.bgBlue(
+                '\n\n  My work here is done for now, see you soon! 🕵️‍♂️  '
+            )
+        );
+    }
+
+    async function handleMobbLogin() {
+        if (token && (await gqlClient.verifyToken())) {
+            createSpinner().start().success({
+                text: '🔓 Logged in to Mobb successfully',
+            });
+            return;
+        }
+        const mobbLoginSpinner = createSpinner().start();
+        if (!skipPrompts) {
+            mobbLoginSpinner.update({ text: MOBB_LOGIN_REQUIRED_MSG });
+            await keypress();
+        }
+
+        mobbLoginSpinner.update({
+            text: '🔓 Waiting for Mobb login...',
+        });
+
+        const loginResponse = await callbackServer(
+            webLoginUrl,
+            `${webLoginUrl}?done=true`
+        );
+        token = loginResponse.token;
+
+        gqlClient = new GQLClient(token);
+
+        if (!(await gqlClient.verifyToken())) {
+            mobbLoginSpinner.error({
+                text: 'Something went wrong, API token is invalid.',
+            });
+            process.exit(0);
+        }
+        debug('set token %s', token);
+        config.set('token', token);
+        mobbLoginSpinner.success({ text: '🔓 Login to Mobb successful!' });
+    }
+    async function handleGithubIntegration() {
+        const addGithubIntegration = skipPrompts
+            ? true
+            : await githubIntegrationPrompt();
+
+        const githubSpinner = createSpinner(
+            '🔗 Waiting for github integration...'
+        ).start();
+        if (!addGithubIntegration) {
+            githubSpinner.error();
+            throw Error('Could not reach github repo');
+        }
+        const result = await callbackServer(
+            GITHUB_OAUTH_URL,
+            `${githubSubmitUrl}?done=true`
+        );
+        githubSpinner.success({ text: '🔗 Github integration successful!' });
+        return result;
+    }
+}

package/src/feature/analysis/prompts.mjs

@@ -0,0 +1,55 @@
+import inquirer from 'inquirer';
+import { keypress } from '../../utils.mjs';
+import { SCANNERS } from '../../constants.mjs';
+import { createSpinner } from 'nanospinner';
+
+export async function choseScanner() {
+    const { scanner } = await inquirer.prompt({
+        name: 'scanner',
+        message: 'Choose a scanner you wish to use to scan your code',
+        type: 'list',
+        choices: [
+            { name: 'Snyk', value: SCANNERS.Snyk },
+            { name: 'Checkmarx', value: SCANNERS.Checkmarx },
+            { name: 'Codeql', value: SCANNERS.Codeql },
+            { name: 'Fortify', value: SCANNERS.Fortify },
+        ],
+    });
+    return scanner;
+}
+
+export async function snykLoginPrompt() {
+    const spinner = createSpinner(
+        '🔓 Login to Snyk is required, press any key to continue'
+    ).start();
+    await keypress();
+    return spinner.success();
+}
+
+export async function githubIntegrationPrompt() {
+    const answers = await inquirer.prompt({
+        name: 'githubConfirm',
+        type: 'confirm',
+        message:
+            "It seems we don't have access to the repo, do you want to grant access to your github account",
+        default: true,
+    });
+    return answers.githubConfirm;
+}
+export async function mobbAnalysisPrompt() {
+    const spinner = createSpinner().start();
+    spinner.update({ text: 'Hit any key to view available fixes' });
+    await keypress();
+    return spinner.success();
+}
+
+export async function snykArticlePrompt() {
+    const { snykArticleConfirm } = await inquirer.prompt({
+        name: 'snykArticleConfirm',
+        type: 'confirm',
+        message:
+            "Do you want to be taken to the relevant Snyk's online article?",
+        default: true,
+    });
+    return snykArticleConfirm;
+}

package/src/feature/analysis/snyk.mjs

@@ -0,0 +1,110 @@
+import cp from 'node:child_process';
+import { createRequire } from 'node:module';
+import { stdout } from 'colors/lib/system/supports-colors.js';
+import open from 'open';
+import * as process from 'process';
+import Debug from 'debug';
+import chalk from 'chalk';
+import { createSpinner } from 'nanospinner';
+import { snykArticlePrompt } from './prompts.mjs';
+import { keypress } from '../../utils.mjs';
+
+const debug = Debug('mobbdev:snyk');
+const require = createRequire(import.meta.url);
+const SNYK_PATH = require.resolve('snyk/bin/snyk');
+
+const SNYK_ARTICLE_URL =
+    'https://docs.snyk.io/scan-application-code/snyk-code/getting-started-with-snyk-code/activating-snyk-code-using-the-web-ui/step-1-enabling-the-snyk-code-option';
+
+debug('snyk executable path %s', SNYK_PATH);
+
+async function forkSnyk(args, display) {
+    debug('fork snyk with args %o %s', args, display);
+
+    return new Promise((resolve, reject) => {
+        const child = cp.fork(SNYK_PATH, args, {
+            stdio: ['inherit', 'pipe', 'pipe', 'ipc'],
+            env: { FORCE_COLOR: stdout.level },
+        });
+        let out = '';
+        const onData = (chunk) => {
+            debug('chunk received from snyk std %s', chunk);
+            out += chunk;
+        };
+
+        child.stdout.on('data', onData);
+        child.stderr.on('data', onData);
+
+        if (display) {
+            child.stdout.pipe(process.stdout);
+            child.stderr.pipe(process.stderr);
+        }
+
+        child.on('exit', () => {
+            debug('snyk exit');
+            resolve(out);
+        });
+        child.on('error', (err) => {
+            debug('snyk error %o', err);
+            reject(err);
+        });
+    });
+}
+
+export async function getSnykReport(
+    reportPath,
+    repoRoot,
+    { skipPrompts = false }
+) {
+    debug('get snyk report start %s %s', reportPath, repoRoot);
+
+    const config = await forkSnyk(['config'], false);
+    if (!config.includes('api: ')) {
+        const snykLoginSpinner = createSpinner().start();
+        if (!skipPrompts) {
+            snykLoginSpinner.update({
+                text: '🔓 Login to Snyk is required, press any key to continue',
+            });
+            await keypress();
+        }
+        snykLoginSpinner.update({
+            text: '🔓 Waiting for Snyk login to complete',
+        });
+
+        debug('no token in the config %s', config);
+        await forkSnyk(['auth'], true);
+        snykLoginSpinner.success({ text: '🔓 Login to Snyk Successful' });
+    }
+    const snykSpinner = createSpinner(
+        '🔍 Scanning your repo with Snyk '
+    ).start();
+    const out = await forkSnyk(
+        ['code', 'test', `--sarif-file-output=${reportPath}`, repoRoot],
+        true
+    );
+
+    if (
+        out.includes(
+            'Snyk Code is not supported for org: enable in Settings > Snyk Code'
+        )
+    ) {
+        debug('snyk code is not enabled %s', out);
+        snykSpinner.error({ text: '🔍 Snyk configuration needed' });
+        const answer = await snykArticlePrompt();
+        debug('answer %s', answer);
+
+        if (answer) {
+            debug('opening the browser');
+            await open(SNYK_ARTICLE_URL);
+        }
+        console.log(
+            chalk.bgBlue(
+                '\nPlease enable Snyk Code in your Snyk account and try again.'
+            )
+        );
+        return false;
+    }
+
+    snykSpinner.success({ text: '🔍 Snyk code scan completed' });
+    return true;
+}

package/src/{upload-file.mjs → feature/analysis/upload-file.mjs}

@@ -1,6 +1,13 @@
 import fetch, { FormData, fileFrom } from 'node-fetch';
+import Debug from 'debug';
+
+const debug = Debug('mobbdev:upload-file');
 
 export async function uploadFile(reportPath, url, uploadKey, uploadFields) {
+    debug('upload report file start %s %s', reportPath, url);
+    debug('upload fields %o', uploadFields);
+    debug('upload key %s', uploadKey);
+
     const form = new FormData();
 
     for (const key in uploadFields) {
@@ -16,6 +23,8 @@ export async function uploadFile(reportPath, url, uploadKey, uploadFields) {
     });
 
     if (!response.ok) {
+        debug('error from S3 %s %s', response.body, response.status);
         throw new Error(`Failed to upload the report: ${response.status}`);
     }
+    debug('upload report file done');
 }

package/src/utils.mjs

@@ -0,0 +1,18 @@
+import readline from 'node:readline';
+export const sleep = (ms = 2000) => new Promise((r) => setTimeout(r, ms));
+
+export async function keypress() {
+    const rl = readline.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+
+    return new Promise((resolve) => {
+        rl.question('', (answer) => {
+            rl.close();
+            process.stderr.moveCursor(0, -1);
+            process.stderr.clearLine(1);
+            resolve(answer);
+        });
+    });
+}

package/src/yargs.mjs

@@ -0,0 +1,100 @@
+import yargs from 'yargs/yargs';
+import chalk from 'chalk';
+
+import { SCANNERS } from './constants.mjs';
+
+const branchOption = {
+    alias: 'branch',
+    describe: chalk.bold('Branch of the repository'),
+    type: 'string',
+};
+
+const repoOption = {
+    alias: 'repo',
+    demandOption: true,
+    describe: chalk.bold('Github repository URL'),
+};
+
+const yesOption = {
+    alias: 'yes',
+    describe: chalk.bold('Skip prompts and use default values'),
+};
+
+const apiKeyOption = {
+    alias: 'api-key',
+    describe: chalk.bold('Mobb authentication api-key'),
+    type: 'string',
+};
+
+export const parseArgs = (args) => {
+    const yargsInstance = yargs(args);
+    return yargsInstance
+        .updateStrings({
+            'Commands:': chalk.yellow.underline.bold('Commands:'),
+            'Options:': chalk.yellow.underline.bold('Options:'),
+            'Examples:': chalk.yellow.underline.bold('Examples:'),
+            'Show help': chalk.bold('Show help'),
+        })
+        .usage(
+            `${chalk.bold(
+                '\n Bugsy - Trusted, Automatic Vulnerability Fixer 🕵️‍♂️\n\n'
+            )} ${chalk.yellow.underline.bold('Usage:')} \n  $0 ${chalk.green(
+                '<command>'
+            )} ${chalk.dim('[options]')}
+            `
+        )
+        .version(false)
+        .command({
+            //
+            command: 'scan',
+            describe: chalk.bold(
+                'Scan your code for vulnerabilities, get automated fixes right away.'
+            ),
+            builder: (yargs) => {
+                return yargs.options({
+                    r: repoOption,
+                    b: branchOption,
+                    s: {
+                        alias: 'scanner',
+                        choices: Object.values(SCANNERS),
+                        describe: chalk.bold('Select the scanner to use'),
+                    },
+                    y: yesOption,
+                    k: apiKeyOption,
+                });
+            },
+        })
+        .command({
+            command: 'analyze',
+            describe: chalk.bold(
+                'Provide a vulnerability report and relevant code repository, get automated fixes right away.'
+            ),
+            builder: (yargs) => {
+                return yargs.options({
+                    f: {
+                        alias: 'scan-file',
+                        demandOption: true,
+                        describe: chalk.bold(
+                            'Select the vulnerability report to analyze'
+                        ),
+                    },
+                    r: repoOption,
+                    y: yesOption,
+                    k: apiKeyOption,
+                });
+            },
+        })
+        .example('$0 scan -r https://github.com/WebGoat/WebGoat')
+        .command({
+            command: '*',
+            handler() {
+                yargsInstance.showHelp();
+            },
+        })
+        .help('h')
+        .alias('h', 'help')
+        .epilog(chalk.bgBlue('Made with ❤️  by Mobb'))
+        .showHelpOnFail(true)
+        .wrap(Math.min(120, yargsInstance.terminalWidth()))
+        .parse();
+};

package/src/github.mjs

@@ -1,54 +0,0 @@
-import fs from 'node:fs';
-import stream from 'node:stream';
-import path from 'node:path';
-import { promisify } from 'node:util';
-import fetch from 'node-fetch';
-import extract from 'extract-zip';
-
-const pipeline = promisify(stream.pipeline);
-
-export async function getDefaultBranch(repoUrl) {
-    let slug = repoUrl.replace(/https?:\/\/github\.com\//i, '');
-
-    if (slug.endsWith('/')) {
-        slug = slug.substring(0, slug.length - 1);
-    }
-
-    if (slug.endsWith('.git')) {
-        slug = slug.substring(0, slug.length - '.git'.length);
-    }
-
-    const response = await fetch(`https://api.github.com/repos/${slug}`, {
-        method: 'GET',
-        headers: {
-            Accept: 'application/vnd.github+json',
-            'X-GitHub-Api-Version': '2022-11-28',
-        },
-    });
-
-    if (!response.ok) {
-        throw new Error(
-            `Can't get default branch, make sure the repository is public: ${repoUrl}.`
-        );
-    }
-
-    const repoInfo = await response.json();
-
-    return repoInfo.default_branch;
-}
-
-export async function downloadRepo(repoUrl, reference, dirname) {
-    const zipFilePath = path.join(dirname, 'repo.zip');
-    const response = await fetch(`${repoUrl}/zipball/${reference}`);
-    const fileWriterStream = fs.createWriteStream(zipFilePath);
-
-    await pipeline(response.body, fileWriterStream);
-    await extract(zipFilePath, { dir: dirname });
-
-    const repoRoot = fs
-        .readdirSync(dirname, { withFileTypes: true })
-        .filter((dirent) => dirent.isDirectory())
-        .map((dirent) => dirent.name)[0];
-
-    return path.join(dirname, repoRoot);
-}

package/src/index.mjs

@@ -1,91 +0,0 @@
-import { fileURLToPath } from 'node:url';
-import fs from 'node:fs';
-import path from 'node:path';
-import semver from 'semver';
-import open from 'open';
-import Configstore from 'configstore';
-import { GQLClient } from './gql.mjs';
-import { webLogin } from './web-login.mjs';
-import { downloadRepo, getDefaultBranch } from './github.mjs';
-import { getSnykReport } from './snyk.mjs';
-import { uploadFile } from './upload-file.mjs';
-import { WEB_APP_URL } from './constants.mjs';
-
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const packageJson = JSON.parse(
-    fs.readFileSync(path.join(__dirname, '../package.json'), 'utf8')
-);
-
-if (!semver.satisfies(process.version, packageJson.engines.node)) {
-    console.error(
-        `${packageJson.name} requires node version ${packageJson.engines.node}, but running ${process.version}.`
-    );
-    process.exit(1);
-}
-
-const config = new Configstore(packageJson.name, { token: '' });
-
-export async function main(dirname, repoUrl) {
-    if (!repoUrl) {
-        console.warn(
-            'Mobb CLI usage: npx mobbdev <public GitHub repository URL>'
-        );
-        return;
-    }
-
-    let token = config.get('token');
-    let gqlClient = new GQLClient(token);
-
-    if (!token || !(await gqlClient.verifyToken())) {
-        console.log(
-            'You will be redirected to our login page, once the authorization is complete, return to this prompt.'
-        );
-        token = await webLogin();
-        gqlClient = new GQLClient(token);
-
-        if (!(await gqlClient.verifyToken())) {
-            console.error('Something went wrong, API token is invalid.');
-            return;
-        }
-        config.set('token', token);
-    }
-
-    const reference = await getDefaultBranch(repoUrl);
-    const uploadData = await gqlClient.uploadS3BucketInfo();
-
-    const repositoryRoot = await downloadRepo(repoUrl, reference, dirname);
-    const reportPath = path.join(dirname, 'report.json');
-
-    console.log(
-        'We will run Snyk CLI to scan the repository for vulnerabilities. You may be redirected to the login page in the process.'
-    );
-    await getSnykReport(reportPath, repositoryRoot);
-
-    const report = JSON.parse(fs.readFileSync(reportPath, 'utf8'));
-
-    await uploadFile(
-        reportPath,
-        uploadData.url,
-        uploadData.uploadKey,
-        uploadData.uploadFields
-    );
-    await gqlClient.submitVulnerabilityReport(
-        uploadData.fixReportId,
-        repoUrl,
-        reference
-    );
-
-    const results = ((report.runs || [])[0] || {}).results || [];
-    if (results.length === 0) {
-        console.log('Snyk has not found any vulnerabilities — nothing to fix.');
-    } else {
-        console.log(
-            'You will be redirected to our report page, please wait until the analysis is finished and enjoy your fixes.'
-        );
-        const projectId = gqlClient.getProjectId();
-        const organizationId = gqlClient.getOrganizationId();
-        await open(
-            `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${uploadData.fixReportId}`
-        );
-    }
-}

package/src/snyk.mjs

@@ -1,82 +0,0 @@
-import cp from 'node:child_process';
-import { createRequire } from 'node:module';
-import readline from 'node:readline';
-import { stdout } from 'colors/lib/system/supports-colors.js';
-import open from 'open';
-import * as process from 'process';
-
-const require = createRequire(import.meta.url);
-const SNYK_PATH = require.resolve('snyk/bin/snyk');
-
-async function forkSnyk(args, display) {
-    return new Promise((resolve, reject) => {
-        const child = cp.fork(SNYK_PATH, args, {
-            stdio: ['inherit', 'pipe', 'pipe', 'ipc'],
-            env: { FORCE_COLOR: stdout.level },
-        });
-        let out = '';
-        const onData = (chunk) => {
-            out += chunk;
-        };
-
-        child.stdout.on('data', onData);
-        child.stderr.on('data', onData);
-
-        if (display) {
-            child.stdout.pipe(process.stdout);
-            child.stderr.pipe(process.stderr);
-        }
-
-        child.on('exit', () => {
-            resolve(out);
-        });
-        child.on('error', (err) => {
-            reject(err);
-        });
-    });
-}
-
-async function question(questionString) {
-    const rl = readline.createInterface({
-        input: process.stdin,
-        output: process.stdout,
-    });
-
-    return new Promise((resolve) => {
-        rl.question(`${questionString} `, (answer) => {
-            rl.close();
-            resolve(answer);
-        });
-    });
-}
-
-export async function getSnykReport(reportPath, repoRoot) {
-    const config = await forkSnyk(['config'], false);
-
-    if (!config.includes('api: ')) {
-        await forkSnyk(['auth'], true);
-    }
-
-    const out = await forkSnyk(
-        ['code', 'test', `--sarif-file-output=${reportPath}`, repoRoot],
-        true
-    );
-
-    if (
-        out.includes(
-            'Snyk Code is not supported for org: enable in Settings > Snyk Code'
-        )
-    ) {
-        const answer = await question(
-            "Do you want to be taken to the relevant Snyk's online article? (Y/N)"
-        );
-
-        if (['y', 'yes', ''].includes(answer.toLowerCase())) {
-            await open(
-                'https://docs.snyk.io/scan-application-code/snyk-code/getting-started-with-snyk-code/activating-snyk-code-using-the-web-ui/step-1-enabling-the-snyk-code-option'
-            );
-        }
-
-        process.exit(0);
-    }
-}