npm - mobbdev - Versions diffs - 0.0.169 → 0.0.170 - Mend

mobbdev 0.0.169 → 0.0.170

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +64 -31
package/package.json +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -188,14 +188,14 @@ var Project_Role_Type_Enum = /* @__PURE__ */ ((Project_Role_Type_Enum2) => {
   Project_Role_Type_Enum2["Writer"] = "writer";
   return Project_Role_Type_Enum2;
 })(Project_Role_Type_Enum || {});
-var Vulnerability_Report_Vendor_Enum = /* @__PURE__ */ ((Vulnerability_Report_Vendor_Enum3) => {
-  Vulnerability_Report_Vendor_Enum3["Checkmarx"] = "checkmarx";
-  Vulnerability_Report_Vendor_Enum3["CheckmarxXml"] = "checkmarxXml";
-  Vulnerability_Report_Vendor_Enum3["Codeql"] = "codeql";
-  Vulnerability_Report_Vendor_Enum3["Fortify"] = "fortify";
-  Vulnerability_Report_Vendor_Enum3["Snyk"] = "snyk";
-  Vulnerability_Report_Vendor_Enum3["Sonarqube"] = "sonarqube";
-  return Vulnerability_Report_Vendor_Enum3;
+var Vulnerability_Report_Vendor_Enum = /* @__PURE__ */ ((Vulnerability_Report_Vendor_Enum4) => {
+  Vulnerability_Report_Vendor_Enum4["Checkmarx"] = "checkmarx";
+  Vulnerability_Report_Vendor_Enum4["CheckmarxXml"] = "checkmarxXml";
+  Vulnerability_Report_Vendor_Enum4["Codeql"] = "codeql";
+  Vulnerability_Report_Vendor_Enum4["Fortify"] = "fortify";
+  Vulnerability_Report_Vendor_Enum4["Snyk"] = "snyk";
+  Vulnerability_Report_Vendor_Enum4["Sonarqube"] = "sonarqube";
+  return Vulnerability_Report_Vendor_Enum4;
 })(Vulnerability_Report_Vendor_Enum || {});
 var Vulnerability_Severity_Enum = /* @__PURE__ */ ((Vulnerability_Severity_Enum2) => {
   Vulnerability_Severity_Enum2["Critical"] = "critical";
@@ -308,7 +308,7 @@ var GetAnalsyisDocument = `
 var GetFixesDocument = `
     query getFixes($filters: fix_bool_exp!) {
   fixes: fix(where: $filters) {
-    issueType
+    safeIssueType
     id
     vulnerabilitySeverity
     issueLanguage
@@ -738,7 +738,7 @@ var ReportQueryResultZ = z.object({
       z.object({
         id: z.string().uuid(),
         issueLanguage: z.nativeEnum(IssueLanguage_Enum).nullable(),
-        issueType: z.nativeEnum(IssueType_Enum).nullable(),
+        safeIssueType: z.string(),
         confidence: z.number(),
         effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
         modifiedBy: z.string().nullable(),
@@ -833,7 +833,7 @@ var ReportFixesQueryZ = z.array(
     gitBlameLogin: z.string().nullable(),
     effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
     issueLanguage: z.nativeEnum(IssueLanguage_Enum).nullable(),
-    issueType: z.nativeEnum(IssueType_Enum).nullable(),
+    safeIssueType: z.string(),
     vulnerabilitySeverity: z.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
     fixReportId: z.string().uuid(),
     filePaths: z.array(
@@ -903,7 +903,8 @@ var FixQueryZ = z.object({
   modifiedBy: z.string().nullable(),
   gitBlameLogin: z.string().nullable(),
   issueLanguage: z.nativeEnum(IssueLanguage_Enum).nullable(),
-  issueType: z.nativeEnum(IssueType_Enum).nullable(),
+  safeIssueType: z.string(),
+  // issueType: z.nativeEnum(IssueType_Enum).nullable(),
   confidence: z.number(),
   fixReportId: z.string().uuid(),
   isExpired: z.boolean().default(false),
@@ -919,7 +920,6 @@ var FixQueryZ = z.object({
   vulnerabilityReportIssues: z.array(
     z.object({
       vendorIssueId: z.string(),
-      issueType: z.string(),
       issueLanguage: z.string()
     })
   ),
@@ -990,7 +990,17 @@ var FixScreenQueryResultZ = z.object({
       }).array()
     })
   }),
-  fix_by_pk: FixQueryZ,
+  fix_by_pk: FixQueryZ.merge(
+    z.object({
+      vulnerabilityReportIssues: z.array(
+        z.object({
+          vendorIssueId: z.string(),
+          issueType: z.string(),
+          issueLanguage: z.string()
+        })
+      )
+    })
+  ),
   fixesWithSameIssueType: z.object({
     fix: z.array(z.object({ id: z.string().uuid() }))
   })
@@ -1608,7 +1618,7 @@ var issueTypeMap = {
   ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False"
 };
 var issueTypeZ = z4.nativeEnum(IssueType_Enum);
-var getIssueType = (issueType) => {
+var getIssueTypeFriendlyString = (issueType) => {
   const issueTypeZParseRes = issueTypeZ.safeParse(issueType);
   if (!issueTypeZParseRes.success) {
     return issueType ? issueType.replaceAll("_", " ") : "Other";
@@ -1643,7 +1653,7 @@ var getCommitDescription = ({
   if (!staticData) {
     return "";
   }
-  const issueTypeString = getIssueType(issueType);
+  const issueTypeString = getIssueTypeFriendlyString(issueType);
   let description = `This change fixes a **${severity} severity** (${severityToEmoji[severity]}) **${issueTypeString}** issue reported by **${capitalizeFirstLetter(
     vendor
   )}**.
@@ -2941,12 +2951,20 @@ function getFixGuidances({
   const fixGuidance = storeFixResult.success ? [storeFixResult.data.guidance({ questions, ...extraContext })] : [];
   return libGuidances.concat(fixGuidance).filter((guidance) => !!guidance);
 }
-function getGuidances({
-  questions,
-  issueType,
-  issueLanguage,
-  fixExtraContext
-}) {
+var IssueTypeAndLanguageZ = z8.object({
+  issueType: z8.nativeEnum(IssueType_Enum),
+  issueLanguage: z8.nativeEnum(IssueLanguage_Enum)
+});
+function getGuidances(args) {
+  const safeIssueTypeAndLanguage = IssueTypeAndLanguageZ.safeParse({
+    issueType: args.issueType,
+    issueLanguage: args.issueLanguage
+  });
+  if (!safeIssueTypeAndLanguage.success) {
+    return [];
+  }
+  const { questions, fixExtraContext } = args;
+  const { issueType, issueLanguage } = safeIssueTypeAndLanguage.data;
   const fixGuidances = getFixGuidances({
     issueType,
     issueLanguage,
@@ -2957,8 +2975,8 @@ function getGuidances({
     let questionGuidance = question.guidance;
     if (!questionGuidance && issueType && issueLanguage) {
       const getFixInformation = curriedQuestionInformationByQuestion({
-        issueType: z8.nativeEnum(IssueType_Enum).parse(issueType),
-        language: z8.nativeEnum(IssueLanguage_Enum).parse(issueLanguage)
+        issueType,
+        language: issueLanguage
       });
       const { guidance } = getFixInformation(question);
       questionGuidance = guidance({
@@ -5819,10 +5837,12 @@ async function getAdoSdk(params) {
       try {
         const branchStatus = await git.getBranch(repo, branch, projectName);
         if (!branchStatus || !branchStatus.commit) {
+          console.log(`no branch status: ${JSON.stringify(branchStatus)}`);
           throw new InvalidRepoUrlError("no branch status");
         }
         return branchStatus.name === branch;
       } catch (e) {
+        console.error(`error in getAdoIsRemoteBranch: ${JSON.stringify(e)}`);
         return false;
       }
     },
@@ -6252,20 +6272,33 @@ Refresh the page in order to see the changes.`,
     redirectUrl: commentRes.data.html_url,
     commentId
   });
-  const issueType = getIssueType(fix.issueType ?? null);
+  const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
   const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
   const patchAndQuestions = await PatchAndQuestionsZ.parseAsync(
     fix.patchAndQuestions
   );
+  const validFixParseRes = z18.object({
+    vulnerabilitySeverity: z18.nativeEnum(Vulnerability_Severity_Enum),
+    issueLanguage: z18.nativeEnum(IssueLanguage_Enum),
+    safeIssueType: z18.nativeEnum(IssueType_Enum)
+  }).safeParse(fix);
+  if (!validFixParseRes.success) {
+    debug5(
+      `fix ${fixId} does not have all the required fields to create a comment`,
+      validFixParseRes.error
+    );
+    return;
+  }
+  const validFix = validFixParseRes.data;
   const subTitle = getCommitDescription({
-    issueType: fix.issueType,
+    issueType: validFix.safeIssueType,
     vendor: scanner,
-    severity: fix.vulnerabilitySeverity,
-    issueLanguage: fix.issueLanguage,
+    severity: validFix.vulnerabilitySeverity,
+    issueLanguage: validFix.issueLanguage,
     guidances: getGuidances({
       questions: patchAndQuestions.questions.map(toQuestion),
-      issueType: fix.issueType,
-      issueLanguage: fix.issueLanguage,
+      issueType: validFix.safeIssueType,
+      issueLanguage: validFix.issueLanguage,
       fixExtraContext: patchAndQuestions.extraContext
     })
   });
@@ -6297,7 +6330,7 @@ function buildAnalysisSummaryComment(params) {
         if (!fix) {
           throw new Error(`fix ${vulnerabilityReportIssue.fixId} not found`);
         }
-        const issueType = getIssueType(fix.issueType ?? null);
+        const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
         const vulnerabilityReportIssueCount = (result[issueType] || 0) + 1;
         return {
           ...result,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "0.0.169",
+  "version": "0.0.170",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",