mobbdev 0.0.167 → 0.0.169

package/dist/index.mjs

@@ -3637,7 +3637,7 @@ function getFetch(url) {
   }
   return fetch2;
 }
-function getOktoKit(options) {
+function getOctoKit(options) {
   const token = !options?.auth && !isGithubOnPrem(options?.url) ? GITHUB_API_TOKEN : options?.auth;
   const baseUrl = options?.url && isGithubOnPrem(options.url) ? `${new URL(options.url).origin}/api/v3` : void 0;
   return new Octokit({
@@ -3654,7 +3654,7 @@ function isGithubActionActionToken(token) {
 }
 async function githubValidateParams(url, accessToken) {
   try {
-    const oktoKit = getOktoKit({ auth: accessToken, url });
+    const oktoKit = getOctoKit({ auth: accessToken, url });
     if (accessToken && !isGithubActionActionToken(accessToken)) {
       await oktoKit.rest.users.getAuthenticated();
     }
@@ -3681,57 +3681,57 @@ async function githubValidateParams(url, accessToken) {
 }
 
 // src/features/analysis/scm/github/github.ts
-function getGithubSdk(parmas = {}) {
-  const octokit = getOktoKit(parmas);
+function getGithubSdk(params = {}) {
+  const octokit = getOctoKit(params);
   return {
-    async postPrComment(params) {
-      return octokit.request(POST_COMMENT_PATH, params);
+    async postPrComment(params2) {
+      return octokit.request(POST_COMMENT_PATH, params2);
     },
-    async updatePrComment(params) {
-      return octokit.request(UPDATE_COMMENT_PATH, params);
+    async updatePrComment(params2) {
+      return octokit.request(UPDATE_COMMENT_PATH, params2);
     },
-    async getPrComments(params) {
-      return octokit.request(GET_PR_COMMENTS_PATH, params);
+    async getPrComments(params2) {
+      return octokit.request(GET_PR_COMMENTS_PATH, params2);
     },
-    async getPrComment(params) {
-      return octokit.request(GET_PR_COMMENT_PATH, params);
+    async getPrComment(params2) {
+      return octokit.request(GET_PR_COMMENT_PATH, params2);
     },
-    async deleteComment(params) {
-      return octokit.request(DELETE_COMMENT_PATH, params);
+    async deleteComment(params2) {
+      return octokit.request(DELETE_COMMENT_PATH, params2);
     },
-    async replyToCodeReviewComment(params) {
-      return octokit.request(REPLY_TO_CODE_REVIEW_COMMENT_PATH, params);
+    async replyToCodeReviewComment(params2) {
+      return octokit.request(REPLY_TO_CODE_REVIEW_COMMENT_PATH, params2);
     },
-    async getPrDiff(params) {
+    async getPrDiff(params2) {
       return octokit.request(GET_PR, {
-        ...params,
+        ...params2,
         mediaType: { format: "diff" }
       });
     },
-    async getPr(params) {
-      return octokit.request(GET_PR, { ...params });
+    async getPr(params2) {
+      return octokit.request(GET_PR, { ...params2 });
     },
-    async createOrUpdateRepositorySecret(params) {
-      return octokit.request(CREATE_OR_UPDATE_A_REPOSITORY_SECRET, params);
+    async createOrUpdateRepositorySecret(params2) {
+      return octokit.request(CREATE_OR_UPDATE_A_REPOSITORY_SECRET, params2);
     },
-    async getRepositoryPublicKey(params) {
-      return octokit.request(GET_A_REPOSITORY_PUBLIC_KEY, params);
+    async getRepositoryPublicKey(params2) {
+      return octokit.request(GET_A_REPOSITORY_PUBLIC_KEY, params2);
     },
-    async postGeneralPrComment(params) {
-      return octokit.request(POST_GENERAL_PR_COMMENT, params);
+    async postGeneralPrComment(params2) {
+      return octokit.request(POST_GENERAL_PR_COMMENT, params2);
     },
-    async getGeneralPrComments(params) {
-      return octokit.request(GET_GENERAL_PR_COMMENTS, params);
+    async getGeneralPrComments(params2) {
+      return octokit.request(GET_GENERAL_PR_COMMENTS, params2);
     },
-    async deleteGeneralPrComment(params) {
-      return octokit.request(DELETE_GENERAL_PR_COMMENT, params);
+    async deleteGeneralPrComment(params2) {
+      return octokit.request(DELETE_GENERAL_PR_COMMENT, params2);
     },
     async getGithubUsername() {
       const res = await octokit.rest.users.getAuthenticated();
       return res.data.login;
     },
-    async getGithubIsUserCollaborator(params) {
-      const { username, repoUrl } = params;
+    async getGithubIsUserCollaborator(params2) {
+      const { username, repoUrl } = params2;
       try {
         const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
         const res = await octokit.rest.repos.checkCollaborator({
@@ -3747,8 +3747,8 @@ function getGithubSdk(parmas = {}) {
       }
       return false;
     },
-    async getGithubPullRequestStatus(params) {
-      const { repoUrl, prNumber } = params;
+    async getGithubPullRequestStatus(params2) {
+      const { repoUrl, prNumber } = params2;
       const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
       const res = await octokit.rest.pulls.get({
         owner,
@@ -3763,8 +3763,8 @@ function getGithubSdk(parmas = {}) {
       }
       return res.data.state;
     },
-    async getGithubIsRemoteBranch(params) {
-      const { repoUrl, branch } = params;
+    async getGithubIsRemoteBranch(params2) {
+      const { repoUrl, branch } = params2;
       const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
       try {
         const res = await octokit.rest.repos.getBranch({
@@ -3891,8 +3891,8 @@ function getGithubSdk(parmas = {}) {
         sha: res.data.sha
       };
     },
-    async getGithubBlameRanges(params) {
-      const { ref, gitHubUrl, path: path9 } = params;
+    async getGithubBlameRanges(params2) {
+      const { ref, gitHubUrl, path: path9 } = params2;
       const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
       const res = await octokit.graphql(
         GET_BLAME_DOCUMENT,
@@ -3915,8 +3915,8 @@ function getGithubSdk(parmas = {}) {
       }));
     },
     // todo: refactor the name for this function
-    async createPr(params) {
-      const { sourceRepoUrl, filesPaths, userRepoUrl, title, body } = params;
+    async createPr(params2) {
+      const { sourceRepoUrl, filesPaths, userRepoUrl, title, body } = params2;
       const { owner: sourceOwner, repo: sourceRepo } = parseGithubOwnerAndRepo(sourceRepoUrl);
       const { owner, repo } = parseGithubOwnerAndRepo(userRepoUrl);
       const [sourceFilePath, secondFilePath] = filesPaths;
@@ -4042,10 +4042,17 @@ function getGithubSdk(parmas = {}) {
 
 // src/features/analysis/scm/gitlab/gitlab.ts
 import querystring2 from "node:querystring";
+import { setTimeout as setTimeout2 } from "node:timers/promises";
+import {
+  createRequesterFn
+} from "@gitbeaker/requester-utils";
 import {
   Gitlab
 } from "@gitbeaker/rest";
-import { ProxyAgent as ProxyAgent2 } from "undici";
+import {
+  fetch as undiciFetch,
+  ProxyAgent as ProxyAgent2
+} from "undici";
 
 // src/features/analysis/scm/gitlab/types.ts
 import { z as z12 } from "zod";
@@ -4065,9 +4072,23 @@ function getGitBeaker(options) {
   const url = options.url;
   const host = url ? new URL(url).origin : "https://gitlab.com";
   if (token?.startsWith("glpat-") || token === "") {
-    return new Gitlab({ token, host });
+    return new Gitlab({
+      token,
+      host,
+      requesterFn: createRequesterFn(
+        (_, reqo) => Promise.resolve(reqo),
+        brokerRequestHandler
+      )
+    });
   }
-  return new Gitlab({ oauthToken: token, host });
+  return new Gitlab({
+    oauthToken: token,
+    host,
+    requesterFn: createRequesterFn(
+      (_, reqo) => Promise.resolve(reqo),
+      brokerRequestHandler
+    )
+  });
 }
 async function gitlabValidateParams({
   url,
@@ -4317,41 +4338,56 @@ async function getGitlabBlameRanges({ ref, gitlabUrl, path: path9 }, options) {
     };
   });
 }
-function initGitlabFetchMock() {
-  console.log("initGitlabFetchMock starting");
-  const globalFetch = global.fetch;
-  function myFetch(input, init) {
-    console.log(
-      `myFetch called with input: ${input} ${JSON.stringify(input)} ${JSON.stringify(init)}`,
-      input,
-      input?.url
-    );
-    let urlParsed = null;
-    try {
-      urlParsed = input?.url ? new URL(input?.url) : null;
-    } catch (err) {
-      console.log(
-        `this block is used for unit tests only. URL ${input?.url} starts from local directory`
-      );
-    }
-    console.log(`urlParsed: ${urlParsed} ${urlParsed?.href}`);
-    if (urlParsed && isBrokerUrl(urlParsed.href)) {
-      console.log(`urlParsed is broker url: ${urlParsed.href}`);
-      const dispatcher = new ProxyAgent2({
-        uri: GIT_PROXY_HOST,
-        requestTls: {
-          rejectUnauthorized: false
-        }
-      });
-      return globalFetch(input, { dispatcher });
-    }
-    console.log("urlParsed is not broker url");
-    return globalFetch(input, init);
+async function processBody(response) {
+  const headers = response.headers;
+  const type2 = headers.get("content-type")?.split(";")[0]?.trim();
+  if (type2 === "application/json") {
+    return await response.json();
+  }
+  return await response.text();
+}
+async function brokerRequestHandler(endpoint, options) {
+  const retryCodes = [429, 502];
+  const maxRetries = 10;
+  const { prefixUrl, searchParams } = options || {};
+  let baseUrl;
+  if (prefixUrl)
+    baseUrl = prefixUrl.endsWith("/") ? prefixUrl : `${prefixUrl}/`;
+  const url = new URL(endpoint, baseUrl);
+  url.search = searchParams || "";
+  const dispatcher = url && isBrokerUrl(url.href) ? new ProxyAgent2({
+    uri: GIT_PROXY_HOST,
+    requestTls: {
+      rejectUnauthorized: false
+    }
+  }) : void 0;
+  for (let i = 0; i < maxRetries; i += 1) {
+    const response = await undiciFetch(url, {
+      headers: options?.headers,
+      method: options?.method,
+      body: options?.body ? String(options?.body) : void 0,
+      dispatcher
+    }).catch((e) => {
+      if (e.name === "TimeoutError" || e.name === "AbortError") {
+        throw new Error("Query timeout was reached");
+      }
+      throw e;
+    });
+    if (response.ok)
+      return {
+        body: await processBody(response),
+        headers: Object.fromEntries(response.headers.entries()),
+        status: response.status
+      };
+    if (!retryCodes.includes(response.status))
+      throw new Error(`gitbeaker: ${response.statusText}`);
+    await setTimeout2(2 ** i * 0.25);
+    continue;
   }
-  global.fetch = myFetch;
-  console.log("initGitlabFetchMock finished");
+  throw new Error(
+    `Could not successfully complete this request due to Error 429. Check the applicable rate limits for this endpoint.`
+  );
 }
-initGitlabFetchMock();
 
 // src/features/analysis/scm/scmSubmit/index.ts
 import fs from "node:fs/promises";
@@ -5685,6 +5721,10 @@ async function adoValidateParams({
       await getAdoClientParams({ url, accessToken, tokenOrg })
     );
     await api2.connect();
+    if (url) {
+      const git = await api2.getGitApi();
+      await validateAdoRepo({ git, repoUrl: url });
+    }
   } catch (e) {
     console.log("adoValidateParams error", e);
     const error = e;
@@ -5727,6 +5767,20 @@ async function _getOrgsForOauthToken({
   const orgs = accounts.value.map((account) => account.accountName).filter((value, index, array) => array.indexOf(value) === index);
   return orgs;
 }
+async function validateAdoRepo({
+  git,
+  repoUrl
+}) {
+  const isAdoRepo = !!parseScmURL(repoUrl, "Ado" /* Ado */);
+  if (!isAdoRepo) {
+    return;
+  }
+  const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+  const branches = await git.getBranches(repo, projectName);
+  if (!branches || branches.length === 0) {
+    throw new InvalidRepoUrlError("no branches");
+  }
+}
 
 // src/features/analysis/scm/ado/ado.ts
 async function getAdoSdk(params) {
@@ -5734,12 +5788,8 @@ async function getAdoSdk(params) {
   return {
     async getAdoIsUserCollaborator({ repoUrl }) {
       try {
-        const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
         const git = await api2.getGitApi();
-        const branches = await git.getBranches(repo, projectName);
-        if (!branches || branches.length === 0) {
-          throw new InvalidRepoUrlError("no branches");
-        }
+        await validateAdoRepo({ git, repoUrl });
         return true;
       } catch (e) {
         return false;
@@ -8008,7 +8058,7 @@ async function scan(scanOptions, { skipPrompts = false } = {}) {
   const selectedScanner = scanner || await choseScanner();
   if (selectedScanner !== SCANNERS.Checkmarx && selectedScanner !== SCANNERS.Snyk) {
     throw new CliError(
-      "Vulnerability scanning via Bugsy is available only with Snyk at the moment. Additional scanners will follow soon."
+      "Vulnerability scanning via Bugsy is available only with Snyk and Checkmarx at the moment. Additional scanners will follow soon."
     );
   }
   selectedScanner === SCANNERS.Checkmarx && validateCheckmarxInstallation();

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "mobbdev",
-  "version": "0.0.167",
+  "version": "0.0.169",
   "description": "Automated secure code remediation tool",
-  "repository": "https://github.com/mobb-dev/bugsy",
+  "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",
   "module": "dist/index.js",
   "scripts": {
@@ -12,12 +12,14 @@
     "build": "tsc && tsup-node --env.NODE_ENV production",
     "build:dev": "tsup-node --env.NODE_ENV development",
     "test": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest run",
+    "test:coverage": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest run --coverage ",
     "test:watch": "TOKEN=$(../../scripts/login_auth0.sh) vitest",
     "lint": "eslint --cache --max-warnings 0 --ignore-path .eslintignore --ext .ts,.tsx,.jsx .",
     "lint:fix": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx .",
     "lint:fix:files": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx",
     "prepack": "dotenv-vault pull production .env && pnpm build",
-    "generate": "pnpm run env -- graphql-codegen -r dotenv/config --config client_codegen.ts"
+    "generate": "pnpm run env -- graphql-codegen -r dotenv/config --config client_codegen.ts",
+    "test:e2e": "cd ./__e2e__ && npm i && npm run test"
   },
   "bin": {
     "mobbdev": "bin/cli.mjs"
@@ -63,19 +65,19 @@
     "supports-color": "9.4.0",
     "tar": "6.2.1",
     "tmp": "0.2.3",
-    "undici": "6.19.8",
+    "undici": "6.20.0",
     "uuid": "10.0.0",
     "ws": "8.18.0",
     "yargs": "17.7.2",
     "zod": "3.23.8"
   },
   "devDependencies": {
-    "@graphql-codegen/cli": "5.0.2",
-    "@graphql-codegen/typescript": "4.0.9",
+    "@graphql-codegen/cli": "5.0.3",
+    "@graphql-codegen/typescript": "4.1.0",
     "@graphql-codegen/typescript-graphql-request": "6.2.0",
-    "@graphql-codegen/typescript-operations": "4.2.3",
+    "@graphql-codegen/typescript-operations": "4.3.0",
     "@octokit/request-error": "3.0.3",
-    "@octokit/types": "13.6.0",
+    "@octokit/types": "13.6.1",
     "@types/adm-zip": "0.5.5",
     "@types/chalk-animation": "1.6.3",
     "@types/configstore": "6.0.2",
@@ -89,14 +91,16 @@
     "@types/yargs": "17.0.33",
     "@typescript-eslint/eslint-plugin": "7.17.0",
     "@typescript-eslint/parser": "7.17.0",
+    "@vitest/coverage-istanbul": "2.1.2",
+    "@vitest/ui": "^2.1.2",
     "eslint": "8.57.0",
-    "eslint-plugin-import": "2.30.0",
+    "eslint-plugin-import": "2.31.0",
     "eslint-plugin-prettier": "5.2.1",
     "eslint-plugin-simple-import-sort": "10.0.0",
     "prettier": "3.3.3",
     "tsup": "7.2.0",
     "typescript": "4.9.5",
-    "vitest": "0.34.6"
+    "vitest": "2.1.2"
   },
   "engines": {
     "node": ">=18.18.0"