mobbdev 0.0.168 → 0.0.170
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +124 -77
- package/package.json +14 -10
package/dist/index.mjs
CHANGED
|
@@ -188,14 +188,14 @@ var Project_Role_Type_Enum = /* @__PURE__ */ ((Project_Role_Type_Enum2) => {
|
|
|
188
188
|
Project_Role_Type_Enum2["Writer"] = "writer";
|
|
189
189
|
return Project_Role_Type_Enum2;
|
|
190
190
|
})(Project_Role_Type_Enum || {});
|
|
191
|
-
var Vulnerability_Report_Vendor_Enum = /* @__PURE__ */ ((
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
return
|
|
191
|
+
var Vulnerability_Report_Vendor_Enum = /* @__PURE__ */ ((Vulnerability_Report_Vendor_Enum4) => {
|
|
192
|
+
Vulnerability_Report_Vendor_Enum4["Checkmarx"] = "checkmarx";
|
|
193
|
+
Vulnerability_Report_Vendor_Enum4["CheckmarxXml"] = "checkmarxXml";
|
|
194
|
+
Vulnerability_Report_Vendor_Enum4["Codeql"] = "codeql";
|
|
195
|
+
Vulnerability_Report_Vendor_Enum4["Fortify"] = "fortify";
|
|
196
|
+
Vulnerability_Report_Vendor_Enum4["Snyk"] = "snyk";
|
|
197
|
+
Vulnerability_Report_Vendor_Enum4["Sonarqube"] = "sonarqube";
|
|
198
|
+
return Vulnerability_Report_Vendor_Enum4;
|
|
199
199
|
})(Vulnerability_Report_Vendor_Enum || {});
|
|
200
200
|
var Vulnerability_Severity_Enum = /* @__PURE__ */ ((Vulnerability_Severity_Enum2) => {
|
|
201
201
|
Vulnerability_Severity_Enum2["Critical"] = "critical";
|
|
@@ -308,7 +308,7 @@ var GetAnalsyisDocument = `
|
|
|
308
308
|
var GetFixesDocument = `
|
|
309
309
|
query getFixes($filters: fix_bool_exp!) {
|
|
310
310
|
fixes: fix(where: $filters) {
|
|
311
|
-
|
|
311
|
+
safeIssueType
|
|
312
312
|
id
|
|
313
313
|
vulnerabilitySeverity
|
|
314
314
|
issueLanguage
|
|
@@ -738,7 +738,7 @@ var ReportQueryResultZ = z.object({
|
|
|
738
738
|
z.object({
|
|
739
739
|
id: z.string().uuid(),
|
|
740
740
|
issueLanguage: z.nativeEnum(IssueLanguage_Enum).nullable(),
|
|
741
|
-
|
|
741
|
+
safeIssueType: z.string(),
|
|
742
742
|
confidence: z.number(),
|
|
743
743
|
effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
|
|
744
744
|
modifiedBy: z.string().nullable(),
|
|
@@ -833,7 +833,7 @@ var ReportFixesQueryZ = z.array(
|
|
|
833
833
|
gitBlameLogin: z.string().nullable(),
|
|
834
834
|
effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
|
|
835
835
|
issueLanguage: z.nativeEnum(IssueLanguage_Enum).nullable(),
|
|
836
|
-
|
|
836
|
+
safeIssueType: z.string(),
|
|
837
837
|
vulnerabilitySeverity: z.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
|
|
838
838
|
fixReportId: z.string().uuid(),
|
|
839
839
|
filePaths: z.array(
|
|
@@ -903,7 +903,8 @@ var FixQueryZ = z.object({
|
|
|
903
903
|
modifiedBy: z.string().nullable(),
|
|
904
904
|
gitBlameLogin: z.string().nullable(),
|
|
905
905
|
issueLanguage: z.nativeEnum(IssueLanguage_Enum).nullable(),
|
|
906
|
-
|
|
906
|
+
safeIssueType: z.string(),
|
|
907
|
+
// issueType: z.nativeEnum(IssueType_Enum).nullable(),
|
|
907
908
|
confidence: z.number(),
|
|
908
909
|
fixReportId: z.string().uuid(),
|
|
909
910
|
isExpired: z.boolean().default(false),
|
|
@@ -919,7 +920,6 @@ var FixQueryZ = z.object({
|
|
|
919
920
|
vulnerabilityReportIssues: z.array(
|
|
920
921
|
z.object({
|
|
921
922
|
vendorIssueId: z.string(),
|
|
922
|
-
issueType: z.string(),
|
|
923
923
|
issueLanguage: z.string()
|
|
924
924
|
})
|
|
925
925
|
),
|
|
@@ -990,7 +990,17 @@ var FixScreenQueryResultZ = z.object({
|
|
|
990
990
|
}).array()
|
|
991
991
|
})
|
|
992
992
|
}),
|
|
993
|
-
fix_by_pk: FixQueryZ
|
|
993
|
+
fix_by_pk: FixQueryZ.merge(
|
|
994
|
+
z.object({
|
|
995
|
+
vulnerabilityReportIssues: z.array(
|
|
996
|
+
z.object({
|
|
997
|
+
vendorIssueId: z.string(),
|
|
998
|
+
issueType: z.string(),
|
|
999
|
+
issueLanguage: z.string()
|
|
1000
|
+
})
|
|
1001
|
+
)
|
|
1002
|
+
})
|
|
1003
|
+
),
|
|
994
1004
|
fixesWithSameIssueType: z.object({
|
|
995
1005
|
fix: z.array(z.object({ id: z.string().uuid() }))
|
|
996
1006
|
})
|
|
@@ -1608,7 +1618,7 @@ var issueTypeMap = {
|
|
|
1608
1618
|
["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False"
|
|
1609
1619
|
};
|
|
1610
1620
|
var issueTypeZ = z4.nativeEnum(IssueType_Enum);
|
|
1611
|
-
var
|
|
1621
|
+
var getIssueTypeFriendlyString = (issueType) => {
|
|
1612
1622
|
const issueTypeZParseRes = issueTypeZ.safeParse(issueType);
|
|
1613
1623
|
if (!issueTypeZParseRes.success) {
|
|
1614
1624
|
return issueType ? issueType.replaceAll("_", " ") : "Other";
|
|
@@ -1643,7 +1653,7 @@ var getCommitDescription = ({
|
|
|
1643
1653
|
if (!staticData) {
|
|
1644
1654
|
return "";
|
|
1645
1655
|
}
|
|
1646
|
-
const issueTypeString =
|
|
1656
|
+
const issueTypeString = getIssueTypeFriendlyString(issueType);
|
|
1647
1657
|
let description = `This change fixes a **${severity} severity** (${severityToEmoji[severity]}) **${issueTypeString}** issue reported by **${capitalizeFirstLetter(
|
|
1648
1658
|
vendor
|
|
1649
1659
|
)}**.
|
|
@@ -2941,12 +2951,20 @@ function getFixGuidances({
|
|
|
2941
2951
|
const fixGuidance = storeFixResult.success ? [storeFixResult.data.guidance({ questions, ...extraContext })] : [];
|
|
2942
2952
|
return libGuidances.concat(fixGuidance).filter((guidance) => !!guidance);
|
|
2943
2953
|
}
|
|
2944
|
-
|
|
2945
|
-
|
|
2946
|
-
|
|
2947
|
-
|
|
2948
|
-
|
|
2949
|
-
|
|
2954
|
+
var IssueTypeAndLanguageZ = z8.object({
|
|
2955
|
+
issueType: z8.nativeEnum(IssueType_Enum),
|
|
2956
|
+
issueLanguage: z8.nativeEnum(IssueLanguage_Enum)
|
|
2957
|
+
});
|
|
2958
|
+
function getGuidances(args) {
|
|
2959
|
+
const safeIssueTypeAndLanguage = IssueTypeAndLanguageZ.safeParse({
|
|
2960
|
+
issueType: args.issueType,
|
|
2961
|
+
issueLanguage: args.issueLanguage
|
|
2962
|
+
});
|
|
2963
|
+
if (!safeIssueTypeAndLanguage.success) {
|
|
2964
|
+
return [];
|
|
2965
|
+
}
|
|
2966
|
+
const { questions, fixExtraContext } = args;
|
|
2967
|
+
const { issueType, issueLanguage } = safeIssueTypeAndLanguage.data;
|
|
2950
2968
|
const fixGuidances = getFixGuidances({
|
|
2951
2969
|
issueType,
|
|
2952
2970
|
issueLanguage,
|
|
@@ -2957,8 +2975,8 @@ function getGuidances({
|
|
|
2957
2975
|
let questionGuidance = question.guidance;
|
|
2958
2976
|
if (!questionGuidance && issueType && issueLanguage) {
|
|
2959
2977
|
const getFixInformation = curriedQuestionInformationByQuestion({
|
|
2960
|
-
issueType
|
|
2961
|
-
language:
|
|
2978
|
+
issueType,
|
|
2979
|
+
language: issueLanguage
|
|
2962
2980
|
});
|
|
2963
2981
|
const { guidance } = getFixInformation(question);
|
|
2964
2982
|
questionGuidance = guidance({
|
|
@@ -3637,7 +3655,7 @@ function getFetch(url) {
|
|
|
3637
3655
|
}
|
|
3638
3656
|
return fetch2;
|
|
3639
3657
|
}
|
|
3640
|
-
function
|
|
3658
|
+
function getOctoKit(options) {
|
|
3641
3659
|
const token = !options?.auth && !isGithubOnPrem(options?.url) ? GITHUB_API_TOKEN : options?.auth;
|
|
3642
3660
|
const baseUrl = options?.url && isGithubOnPrem(options.url) ? `${new URL(options.url).origin}/api/v3` : void 0;
|
|
3643
3661
|
return new Octokit({
|
|
@@ -3654,7 +3672,7 @@ function isGithubActionActionToken(token) {
|
|
|
3654
3672
|
}
|
|
3655
3673
|
async function githubValidateParams(url, accessToken) {
|
|
3656
3674
|
try {
|
|
3657
|
-
const oktoKit =
|
|
3675
|
+
const oktoKit = getOctoKit({ auth: accessToken, url });
|
|
3658
3676
|
if (accessToken && !isGithubActionActionToken(accessToken)) {
|
|
3659
3677
|
await oktoKit.rest.users.getAuthenticated();
|
|
3660
3678
|
}
|
|
@@ -3681,57 +3699,57 @@ async function githubValidateParams(url, accessToken) {
|
|
|
3681
3699
|
}
|
|
3682
3700
|
|
|
3683
3701
|
// src/features/analysis/scm/github/github.ts
|
|
3684
|
-
function getGithubSdk(
|
|
3685
|
-
const octokit =
|
|
3702
|
+
function getGithubSdk(params = {}) {
|
|
3703
|
+
const octokit = getOctoKit(params);
|
|
3686
3704
|
return {
|
|
3687
|
-
async postPrComment(
|
|
3688
|
-
return octokit.request(POST_COMMENT_PATH,
|
|
3705
|
+
async postPrComment(params2) {
|
|
3706
|
+
return octokit.request(POST_COMMENT_PATH, params2);
|
|
3689
3707
|
},
|
|
3690
|
-
async updatePrComment(
|
|
3691
|
-
return octokit.request(UPDATE_COMMENT_PATH,
|
|
3708
|
+
async updatePrComment(params2) {
|
|
3709
|
+
return octokit.request(UPDATE_COMMENT_PATH, params2);
|
|
3692
3710
|
},
|
|
3693
|
-
async getPrComments(
|
|
3694
|
-
return octokit.request(GET_PR_COMMENTS_PATH,
|
|
3711
|
+
async getPrComments(params2) {
|
|
3712
|
+
return octokit.request(GET_PR_COMMENTS_PATH, params2);
|
|
3695
3713
|
},
|
|
3696
|
-
async getPrComment(
|
|
3697
|
-
return octokit.request(GET_PR_COMMENT_PATH,
|
|
3714
|
+
async getPrComment(params2) {
|
|
3715
|
+
return octokit.request(GET_PR_COMMENT_PATH, params2);
|
|
3698
3716
|
},
|
|
3699
|
-
async deleteComment(
|
|
3700
|
-
return octokit.request(DELETE_COMMENT_PATH,
|
|
3717
|
+
async deleteComment(params2) {
|
|
3718
|
+
return octokit.request(DELETE_COMMENT_PATH, params2);
|
|
3701
3719
|
},
|
|
3702
|
-
async replyToCodeReviewComment(
|
|
3703
|
-
return octokit.request(REPLY_TO_CODE_REVIEW_COMMENT_PATH,
|
|
3720
|
+
async replyToCodeReviewComment(params2) {
|
|
3721
|
+
return octokit.request(REPLY_TO_CODE_REVIEW_COMMENT_PATH, params2);
|
|
3704
3722
|
},
|
|
3705
|
-
async getPrDiff(
|
|
3723
|
+
async getPrDiff(params2) {
|
|
3706
3724
|
return octokit.request(GET_PR, {
|
|
3707
|
-
...
|
|
3725
|
+
...params2,
|
|
3708
3726
|
mediaType: { format: "diff" }
|
|
3709
3727
|
});
|
|
3710
3728
|
},
|
|
3711
|
-
async getPr(
|
|
3712
|
-
return octokit.request(GET_PR, { ...
|
|
3729
|
+
async getPr(params2) {
|
|
3730
|
+
return octokit.request(GET_PR, { ...params2 });
|
|
3713
3731
|
},
|
|
3714
|
-
async createOrUpdateRepositorySecret(
|
|
3715
|
-
return octokit.request(CREATE_OR_UPDATE_A_REPOSITORY_SECRET,
|
|
3732
|
+
async createOrUpdateRepositorySecret(params2) {
|
|
3733
|
+
return octokit.request(CREATE_OR_UPDATE_A_REPOSITORY_SECRET, params2);
|
|
3716
3734
|
},
|
|
3717
|
-
async getRepositoryPublicKey(
|
|
3718
|
-
return octokit.request(GET_A_REPOSITORY_PUBLIC_KEY,
|
|
3735
|
+
async getRepositoryPublicKey(params2) {
|
|
3736
|
+
return octokit.request(GET_A_REPOSITORY_PUBLIC_KEY, params2);
|
|
3719
3737
|
},
|
|
3720
|
-
async postGeneralPrComment(
|
|
3721
|
-
return octokit.request(POST_GENERAL_PR_COMMENT,
|
|
3738
|
+
async postGeneralPrComment(params2) {
|
|
3739
|
+
return octokit.request(POST_GENERAL_PR_COMMENT, params2);
|
|
3722
3740
|
},
|
|
3723
|
-
async getGeneralPrComments(
|
|
3724
|
-
return octokit.request(GET_GENERAL_PR_COMMENTS,
|
|
3741
|
+
async getGeneralPrComments(params2) {
|
|
3742
|
+
return octokit.request(GET_GENERAL_PR_COMMENTS, params2);
|
|
3725
3743
|
},
|
|
3726
|
-
async deleteGeneralPrComment(
|
|
3727
|
-
return octokit.request(DELETE_GENERAL_PR_COMMENT,
|
|
3744
|
+
async deleteGeneralPrComment(params2) {
|
|
3745
|
+
return octokit.request(DELETE_GENERAL_PR_COMMENT, params2);
|
|
3728
3746
|
},
|
|
3729
3747
|
async getGithubUsername() {
|
|
3730
3748
|
const res = await octokit.rest.users.getAuthenticated();
|
|
3731
3749
|
return res.data.login;
|
|
3732
3750
|
},
|
|
3733
|
-
async getGithubIsUserCollaborator(
|
|
3734
|
-
const { username, repoUrl } =
|
|
3751
|
+
async getGithubIsUserCollaborator(params2) {
|
|
3752
|
+
const { username, repoUrl } = params2;
|
|
3735
3753
|
try {
|
|
3736
3754
|
const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
|
|
3737
3755
|
const res = await octokit.rest.repos.checkCollaborator({
|
|
@@ -3747,8 +3765,8 @@ function getGithubSdk(parmas = {}) {
|
|
|
3747
3765
|
}
|
|
3748
3766
|
return false;
|
|
3749
3767
|
},
|
|
3750
|
-
async getGithubPullRequestStatus(
|
|
3751
|
-
const { repoUrl, prNumber } =
|
|
3768
|
+
async getGithubPullRequestStatus(params2) {
|
|
3769
|
+
const { repoUrl, prNumber } = params2;
|
|
3752
3770
|
const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
|
|
3753
3771
|
const res = await octokit.rest.pulls.get({
|
|
3754
3772
|
owner,
|
|
@@ -3763,8 +3781,8 @@ function getGithubSdk(parmas = {}) {
|
|
|
3763
3781
|
}
|
|
3764
3782
|
return res.data.state;
|
|
3765
3783
|
},
|
|
3766
|
-
async getGithubIsRemoteBranch(
|
|
3767
|
-
const { repoUrl, branch } =
|
|
3784
|
+
async getGithubIsRemoteBranch(params2) {
|
|
3785
|
+
const { repoUrl, branch } = params2;
|
|
3768
3786
|
const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
|
|
3769
3787
|
try {
|
|
3770
3788
|
const res = await octokit.rest.repos.getBranch({
|
|
@@ -3891,8 +3909,8 @@ function getGithubSdk(parmas = {}) {
|
|
|
3891
3909
|
sha: res.data.sha
|
|
3892
3910
|
};
|
|
3893
3911
|
},
|
|
3894
|
-
async getGithubBlameRanges(
|
|
3895
|
-
const { ref, gitHubUrl, path: path9 } =
|
|
3912
|
+
async getGithubBlameRanges(params2) {
|
|
3913
|
+
const { ref, gitHubUrl, path: path9 } = params2;
|
|
3896
3914
|
const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
|
|
3897
3915
|
const res = await octokit.graphql(
|
|
3898
3916
|
GET_BLAME_DOCUMENT,
|
|
@@ -3915,8 +3933,8 @@ function getGithubSdk(parmas = {}) {
|
|
|
3915
3933
|
}));
|
|
3916
3934
|
},
|
|
3917
3935
|
// todo: refactor the name for this function
|
|
3918
|
-
async createPr(
|
|
3919
|
-
const { sourceRepoUrl, filesPaths, userRepoUrl, title, body } =
|
|
3936
|
+
async createPr(params2) {
|
|
3937
|
+
const { sourceRepoUrl, filesPaths, userRepoUrl, title, body } = params2;
|
|
3920
3938
|
const { owner: sourceOwner, repo: sourceRepo } = parseGithubOwnerAndRepo(sourceRepoUrl);
|
|
3921
3939
|
const { owner, repo } = parseGithubOwnerAndRepo(userRepoUrl);
|
|
3922
3940
|
const [sourceFilePath, secondFilePath] = filesPaths;
|
|
@@ -5721,6 +5739,10 @@ async function adoValidateParams({
|
|
|
5721
5739
|
await getAdoClientParams({ url, accessToken, tokenOrg })
|
|
5722
5740
|
);
|
|
5723
5741
|
await api2.connect();
|
|
5742
|
+
if (url) {
|
|
5743
|
+
const git = await api2.getGitApi();
|
|
5744
|
+
await validateAdoRepo({ git, repoUrl: url });
|
|
5745
|
+
}
|
|
5724
5746
|
} catch (e) {
|
|
5725
5747
|
console.log("adoValidateParams error", e);
|
|
5726
5748
|
const error = e;
|
|
@@ -5763,6 +5785,20 @@ async function _getOrgsForOauthToken({
|
|
|
5763
5785
|
const orgs = accounts.value.map((account) => account.accountName).filter((value, index, array) => array.indexOf(value) === index);
|
|
5764
5786
|
return orgs;
|
|
5765
5787
|
}
|
|
5788
|
+
async function validateAdoRepo({
|
|
5789
|
+
git,
|
|
5790
|
+
repoUrl
|
|
5791
|
+
}) {
|
|
5792
|
+
const isAdoRepo = !!parseScmURL(repoUrl, "Ado" /* Ado */);
|
|
5793
|
+
if (!isAdoRepo) {
|
|
5794
|
+
return;
|
|
5795
|
+
}
|
|
5796
|
+
const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
|
|
5797
|
+
const branches = await git.getBranches(repo, projectName);
|
|
5798
|
+
if (!branches || branches.length === 0) {
|
|
5799
|
+
throw new InvalidRepoUrlError("no branches");
|
|
5800
|
+
}
|
|
5801
|
+
}
|
|
5766
5802
|
|
|
5767
5803
|
// src/features/analysis/scm/ado/ado.ts
|
|
5768
5804
|
async function getAdoSdk(params) {
|
|
@@ -5770,12 +5806,8 @@ async function getAdoSdk(params) {
|
|
|
5770
5806
|
return {
|
|
5771
5807
|
async getAdoIsUserCollaborator({ repoUrl }) {
|
|
5772
5808
|
try {
|
|
5773
|
-
const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
|
|
5774
5809
|
const git = await api2.getGitApi();
|
|
5775
|
-
|
|
5776
|
-
if (!branches || branches.length === 0) {
|
|
5777
|
-
throw new InvalidRepoUrlError("no branches");
|
|
5778
|
-
}
|
|
5810
|
+
await validateAdoRepo({ git, repoUrl });
|
|
5779
5811
|
return true;
|
|
5780
5812
|
} catch (e) {
|
|
5781
5813
|
return false;
|
|
@@ -5805,10 +5837,12 @@ async function getAdoSdk(params) {
|
|
|
5805
5837
|
try {
|
|
5806
5838
|
const branchStatus = await git.getBranch(repo, branch, projectName);
|
|
5807
5839
|
if (!branchStatus || !branchStatus.commit) {
|
|
5840
|
+
console.log(`no branch status: ${JSON.stringify(branchStatus)}`);
|
|
5808
5841
|
throw new InvalidRepoUrlError("no branch status");
|
|
5809
5842
|
}
|
|
5810
5843
|
return branchStatus.name === branch;
|
|
5811
5844
|
} catch (e) {
|
|
5845
|
+
console.error(`error in getAdoIsRemoteBranch: ${JSON.stringify(e)}`);
|
|
5812
5846
|
return false;
|
|
5813
5847
|
}
|
|
5814
5848
|
},
|
|
@@ -6238,20 +6272,33 @@ Refresh the page in order to see the changes.`,
|
|
|
6238
6272
|
redirectUrl: commentRes.data.html_url,
|
|
6239
6273
|
commentId
|
|
6240
6274
|
});
|
|
6241
|
-
const issueType =
|
|
6275
|
+
const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
|
|
6242
6276
|
const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
|
|
6243
6277
|
const patchAndQuestions = await PatchAndQuestionsZ.parseAsync(
|
|
6244
6278
|
fix.patchAndQuestions
|
|
6245
6279
|
);
|
|
6280
|
+
const validFixParseRes = z18.object({
|
|
6281
|
+
vulnerabilitySeverity: z18.nativeEnum(Vulnerability_Severity_Enum),
|
|
6282
|
+
issueLanguage: z18.nativeEnum(IssueLanguage_Enum),
|
|
6283
|
+
safeIssueType: z18.nativeEnum(IssueType_Enum)
|
|
6284
|
+
}).safeParse(fix);
|
|
6285
|
+
if (!validFixParseRes.success) {
|
|
6286
|
+
debug5(
|
|
6287
|
+
`fix ${fixId} does not have all the required fields to create a comment`,
|
|
6288
|
+
validFixParseRes.error
|
|
6289
|
+
);
|
|
6290
|
+
return;
|
|
6291
|
+
}
|
|
6292
|
+
const validFix = validFixParseRes.data;
|
|
6246
6293
|
const subTitle = getCommitDescription({
|
|
6247
|
-
issueType:
|
|
6294
|
+
issueType: validFix.safeIssueType,
|
|
6248
6295
|
vendor: scanner,
|
|
6249
|
-
severity:
|
|
6250
|
-
issueLanguage:
|
|
6296
|
+
severity: validFix.vulnerabilitySeverity,
|
|
6297
|
+
issueLanguage: validFix.issueLanguage,
|
|
6251
6298
|
guidances: getGuidances({
|
|
6252
6299
|
questions: patchAndQuestions.questions.map(toQuestion),
|
|
6253
|
-
issueType:
|
|
6254
|
-
issueLanguage:
|
|
6300
|
+
issueType: validFix.safeIssueType,
|
|
6301
|
+
issueLanguage: validFix.issueLanguage,
|
|
6255
6302
|
fixExtraContext: patchAndQuestions.extraContext
|
|
6256
6303
|
})
|
|
6257
6304
|
});
|
|
@@ -6283,7 +6330,7 @@ function buildAnalysisSummaryComment(params) {
|
|
|
6283
6330
|
if (!fix) {
|
|
6284
6331
|
throw new Error(`fix ${vulnerabilityReportIssue.fixId} not found`);
|
|
6285
6332
|
}
|
|
6286
|
-
const issueType =
|
|
6333
|
+
const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
|
|
6287
6334
|
const vulnerabilityReportIssueCount = (result[issueType] || 0) + 1;
|
|
6288
6335
|
return {
|
|
6289
6336
|
...result,
|
|
@@ -8044,7 +8091,7 @@ async function scan(scanOptions, { skipPrompts = false } = {}) {
|
|
|
8044
8091
|
const selectedScanner = scanner || await choseScanner();
|
|
8045
8092
|
if (selectedScanner !== SCANNERS.Checkmarx && selectedScanner !== SCANNERS.Snyk) {
|
|
8046
8093
|
throw new CliError(
|
|
8047
|
-
"Vulnerability scanning via Bugsy is available only with Snyk at the moment. Additional scanners will follow soon."
|
|
8094
|
+
"Vulnerability scanning via Bugsy is available only with Snyk and Checkmarx at the moment. Additional scanners will follow soon."
|
|
8048
8095
|
);
|
|
8049
8096
|
}
|
|
8050
8097
|
selectedScanner === SCANNERS.Checkmarx && validateCheckmarxInstallation();
|
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mobbdev",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.170",
|
|
4
4
|
"description": "Automated secure code remediation tool",
|
|
5
|
-
"repository": "https://github.com/mobb-dev/bugsy",
|
|
5
|
+
"repository": "git+https://github.com/mobb-dev/bugsy.git",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"module": "dist/index.js",
|
|
8
8
|
"scripts": {
|
|
@@ -12,12 +12,14 @@
|
|
|
12
12
|
"build": "tsc && tsup-node --env.NODE_ENV production",
|
|
13
13
|
"build:dev": "tsup-node --env.NODE_ENV development",
|
|
14
14
|
"test": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest run",
|
|
15
|
+
"test:coverage": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest run --coverage ",
|
|
15
16
|
"test:watch": "TOKEN=$(../../scripts/login_auth0.sh) vitest",
|
|
16
17
|
"lint": "eslint --cache --max-warnings 0 --ignore-path .eslintignore --ext .ts,.tsx,.jsx .",
|
|
17
18
|
"lint:fix": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx .",
|
|
18
19
|
"lint:fix:files": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx",
|
|
19
20
|
"prepack": "dotenv-vault pull production .env && pnpm build",
|
|
20
|
-
"generate": "pnpm run env -- graphql-codegen -r dotenv/config --config client_codegen.ts"
|
|
21
|
+
"generate": "pnpm run env -- graphql-codegen -r dotenv/config --config client_codegen.ts",
|
|
22
|
+
"test:e2e": "cd ./__e2e__ && npm i && npm run test"
|
|
21
23
|
},
|
|
22
24
|
"bin": {
|
|
23
25
|
"mobbdev": "bin/cli.mjs"
|
|
@@ -63,19 +65,19 @@
|
|
|
63
65
|
"supports-color": "9.4.0",
|
|
64
66
|
"tar": "6.2.1",
|
|
65
67
|
"tmp": "0.2.3",
|
|
66
|
-
"undici": "6.
|
|
68
|
+
"undici": "6.20.0",
|
|
67
69
|
"uuid": "10.0.0",
|
|
68
70
|
"ws": "8.18.0",
|
|
69
71
|
"yargs": "17.7.2",
|
|
70
72
|
"zod": "3.23.8"
|
|
71
73
|
},
|
|
72
74
|
"devDependencies": {
|
|
73
|
-
"@graphql-codegen/cli": "5.0.
|
|
74
|
-
"@graphql-codegen/typescript": "4.0
|
|
75
|
+
"@graphql-codegen/cli": "5.0.3",
|
|
76
|
+
"@graphql-codegen/typescript": "4.1.0",
|
|
75
77
|
"@graphql-codegen/typescript-graphql-request": "6.2.0",
|
|
76
|
-
"@graphql-codegen/typescript-operations": "4.
|
|
78
|
+
"@graphql-codegen/typescript-operations": "4.3.0",
|
|
77
79
|
"@octokit/request-error": "3.0.3",
|
|
78
|
-
"@octokit/types": "13.6.
|
|
80
|
+
"@octokit/types": "13.6.1",
|
|
79
81
|
"@types/adm-zip": "0.5.5",
|
|
80
82
|
"@types/chalk-animation": "1.6.3",
|
|
81
83
|
"@types/configstore": "6.0.2",
|
|
@@ -89,14 +91,16 @@
|
|
|
89
91
|
"@types/yargs": "17.0.33",
|
|
90
92
|
"@typescript-eslint/eslint-plugin": "7.17.0",
|
|
91
93
|
"@typescript-eslint/parser": "7.17.0",
|
|
94
|
+
"@vitest/coverage-istanbul": "2.1.2",
|
|
95
|
+
"@vitest/ui": "^2.1.2",
|
|
92
96
|
"eslint": "8.57.0",
|
|
93
|
-
"eslint-plugin-import": "2.
|
|
97
|
+
"eslint-plugin-import": "2.31.0",
|
|
94
98
|
"eslint-plugin-prettier": "5.2.1",
|
|
95
99
|
"eslint-plugin-simple-import-sort": "10.0.0",
|
|
96
100
|
"prettier": "3.3.3",
|
|
97
101
|
"tsup": "7.2.0",
|
|
98
102
|
"typescript": "4.9.5",
|
|
99
|
-
"vitest": "
|
|
103
|
+
"vitest": "2.1.2"
|
|
100
104
|
},
|
|
101
105
|
"engines": {
|
|
102
106
|
"node": ">=18.18.0"
|