mobbdev 0.0.177 → 0.0.178
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +213 -187
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -39,9 +39,6 @@ import Debug from "debug";
|
|
|
39
39
|
import * as dotenv from "dotenv";
|
|
40
40
|
import { z as z2 } from "zod";
|
|
41
41
|
|
|
42
|
-
// src/features/analysis/scm/shared/src/types.ts
|
|
43
|
-
import { z } from "zod";
|
|
44
|
-
|
|
45
42
|
// src/features/analysis/scm/generates/client_generates.ts
|
|
46
43
|
var FixQuestionInputType = /* @__PURE__ */ ((FixQuestionInputType2) => {
|
|
47
44
|
FixQuestionInputType2["Number"] = "NUMBER";
|
|
@@ -98,15 +95,15 @@ var Fix_State_Enum = /* @__PURE__ */ ((Fix_State_Enum2) => {
|
|
|
98
95
|
Fix_State_Enum2["Ready"] = "Ready";
|
|
99
96
|
return Fix_State_Enum2;
|
|
100
97
|
})(Fix_State_Enum || {});
|
|
101
|
-
var IssueLanguage_Enum = /* @__PURE__ */ ((
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
return
|
|
98
|
+
var IssueLanguage_Enum = /* @__PURE__ */ ((IssueLanguage_Enum2) => {
|
|
99
|
+
IssueLanguage_Enum2["CSharp"] = "CSharp";
|
|
100
|
+
IssueLanguage_Enum2["Cpp"] = "Cpp";
|
|
101
|
+
IssueLanguage_Enum2["Java"] = "Java";
|
|
102
|
+
IssueLanguage_Enum2["JavaScript"] = "JavaScript";
|
|
103
|
+
IssueLanguage_Enum2["Python"] = "Python";
|
|
104
|
+
IssueLanguage_Enum2["Sql"] = "SQL";
|
|
105
|
+
IssueLanguage_Enum2["Xml"] = "XML";
|
|
106
|
+
return IssueLanguage_Enum2;
|
|
110
107
|
})(IssueLanguage_Enum || {});
|
|
111
108
|
var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
|
|
112
109
|
IssueType_Enum2["AutoEscapeFalse"] = "AUTO_ESCAPE_FALSE";
|
|
@@ -190,14 +187,14 @@ var Project_Role_Type_Enum = /* @__PURE__ */ ((Project_Role_Type_Enum2) => {
|
|
|
190
187
|
Project_Role_Type_Enum2["Writer"] = "writer";
|
|
191
188
|
return Project_Role_Type_Enum2;
|
|
192
189
|
})(Project_Role_Type_Enum || {});
|
|
193
|
-
var Vulnerability_Report_Vendor_Enum = /* @__PURE__ */ ((
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
return
|
|
190
|
+
var Vulnerability_Report_Vendor_Enum = /* @__PURE__ */ ((Vulnerability_Report_Vendor_Enum3) => {
|
|
191
|
+
Vulnerability_Report_Vendor_Enum3["Checkmarx"] = "checkmarx";
|
|
192
|
+
Vulnerability_Report_Vendor_Enum3["CheckmarxXml"] = "checkmarxXml";
|
|
193
|
+
Vulnerability_Report_Vendor_Enum3["Codeql"] = "codeql";
|
|
194
|
+
Vulnerability_Report_Vendor_Enum3["Fortify"] = "fortify";
|
|
195
|
+
Vulnerability_Report_Vendor_Enum3["Snyk"] = "snyk";
|
|
196
|
+
Vulnerability_Report_Vendor_Enum3["Sonarqube"] = "sonarqube";
|
|
197
|
+
return Vulnerability_Report_Vendor_Enum3;
|
|
201
198
|
})(Vulnerability_Report_Vendor_Enum || {});
|
|
202
199
|
var Vulnerability_Severity_Enum = /* @__PURE__ */ ((Vulnerability_Severity_Enum2) => {
|
|
203
200
|
Vulnerability_Severity_Enum2["Critical"] = "critical";
|
|
@@ -313,7 +310,7 @@ var GetFixesDocument = `
|
|
|
313
310
|
safeIssueType
|
|
314
311
|
id
|
|
315
312
|
vulnerabilitySeverity
|
|
316
|
-
|
|
313
|
+
safeIssueLanguage
|
|
317
314
|
patchAndQuestions {
|
|
318
315
|
__typename
|
|
319
316
|
... on FixData {
|
|
@@ -653,6 +650,7 @@ function getSdk(client, withWrapper = defaultWrapper) {
|
|
|
653
650
|
}
|
|
654
651
|
|
|
655
652
|
// src/features/analysis/scm/shared/src/types.ts
|
|
653
|
+
import { z } from "zod";
|
|
656
654
|
var OrganizationScreenQueryParamsZ = z.object({
|
|
657
655
|
organizationId: z.string().uuid()
|
|
658
656
|
});
|
|
@@ -739,7 +737,7 @@ var ReportQueryResultZ = z.object({
|
|
|
739
737
|
fixes: z.array(
|
|
740
738
|
z.object({
|
|
741
739
|
id: z.string().uuid(),
|
|
742
|
-
|
|
740
|
+
safeIssueLanguage: z.string(),
|
|
743
741
|
safeIssueType: z.string(),
|
|
744
742
|
confidence: z.number(),
|
|
745
743
|
effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
|
|
@@ -834,7 +832,7 @@ var ReportFixesQueryZ = z.array(
|
|
|
834
832
|
confidence: z.number(),
|
|
835
833
|
gitBlameLogin: z.string().nullable(),
|
|
836
834
|
effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
|
|
837
|
-
|
|
835
|
+
safeIssueLanguage: z.string(),
|
|
838
836
|
safeIssueType: z.string(),
|
|
839
837
|
vulnerabilitySeverity: z.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
|
|
840
838
|
fixReportId: z.string().uuid(),
|
|
@@ -904,9 +902,8 @@ var FixQueryZ = z.object({
|
|
|
904
902
|
state: z.nativeEnum(Fix_State_Enum),
|
|
905
903
|
modifiedBy: z.string().nullable(),
|
|
906
904
|
gitBlameLogin: z.string().nullable(),
|
|
907
|
-
|
|
905
|
+
safeIssueLanguage: z.string(),
|
|
908
906
|
safeIssueType: z.string(),
|
|
909
|
-
// issueType: z.nativeEnum(IssueType_Enum).nullable(),
|
|
910
907
|
confidence: z.number(),
|
|
911
908
|
fixReportId: z.string().uuid(),
|
|
912
909
|
isExpired: z.boolean().default(false),
|
|
@@ -1146,6 +1143,13 @@ var SCANNERS = {
|
|
|
1146
1143
|
Snyk: "snyk",
|
|
1147
1144
|
Sonarqube: "sonarqube"
|
|
1148
1145
|
};
|
|
1146
|
+
var scannerToVulnerability_Report_Vendor_Enum = {
|
|
1147
|
+
[SCANNERS.Checkmarx]: "checkmarx" /* Checkmarx */,
|
|
1148
|
+
[SCANNERS.Snyk]: "snyk" /* Snyk */,
|
|
1149
|
+
[SCANNERS.Sonarqube]: "sonarqube" /* Sonarqube */,
|
|
1150
|
+
[SCANNERS.Codeql]: "codeql" /* Codeql */,
|
|
1151
|
+
[SCANNERS.Fortify]: "fortify" /* Fortify */
|
|
1152
|
+
};
|
|
1149
1153
|
var SupportedScannersZ = z2.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
|
|
1150
1154
|
var envVariablesSchema = z2.object({
|
|
1151
1155
|
WEB_APP_URL: z2.string(),
|
|
@@ -1283,16 +1287,16 @@ var CliError = class extends Error {
|
|
|
1283
1287
|
// src/features/analysis/index.ts
|
|
1284
1288
|
import chalk4 from "chalk";
|
|
1285
1289
|
import Configstore from "configstore";
|
|
1286
|
-
import
|
|
1290
|
+
import Debug16 from "debug";
|
|
1287
1291
|
import extract from "extract-zip";
|
|
1288
1292
|
import fetch4 from "node-fetch";
|
|
1289
1293
|
import open2 from "open";
|
|
1290
1294
|
import semver from "semver";
|
|
1291
1295
|
import tmp2 from "tmp";
|
|
1292
|
-
import { z as
|
|
1296
|
+
import { z as z21 } from "zod";
|
|
1293
1297
|
|
|
1294
1298
|
// src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
|
|
1295
|
-
import
|
|
1299
|
+
import Debug7 from "debug";
|
|
1296
1300
|
|
|
1297
1301
|
// src/features/analysis/scm/ado/constants.ts
|
|
1298
1302
|
var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
|
|
@@ -1653,8 +1657,6 @@ var getCommitDescription = ({
|
|
|
1653
1657
|
if (!parseIssueTypeRes.success) {
|
|
1654
1658
|
return "";
|
|
1655
1659
|
}
|
|
1656
|
-
if (!issueType)
|
|
1657
|
-
return "";
|
|
1658
1660
|
const staticData = fixDetailsData[parseIssueTypeRes.data];
|
|
1659
1661
|
if (!staticData) {
|
|
1660
1662
|
return "";
|
|
@@ -6146,10 +6148,10 @@ async function getAdoRepoList({
|
|
|
6146
6148
|
// src/features/analysis/scm/constants.ts
|
|
6147
6149
|
var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
|
|
6148
6150
|
|
|
6149
|
-
// src/features/analysis/add_fix_comments_for_pr/utils.ts
|
|
6150
|
-
import
|
|
6151
|
+
// src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
|
|
6152
|
+
import Debug6 from "debug";
|
|
6151
6153
|
import parseDiff2 from "parse-diff";
|
|
6152
|
-
import { z as
|
|
6154
|
+
import { z as z19 } from "zod";
|
|
6153
6155
|
|
|
6154
6156
|
// src/features/analysis/utils/by_key.ts
|
|
6155
6157
|
function keyBy(array, keyBy2) {
|
|
@@ -6218,9 +6220,80 @@ var scannerToFriendlyString = {
|
|
|
6218
6220
|
sonarqube: "Sonarqube"
|
|
6219
6221
|
};
|
|
6220
6222
|
|
|
6221
|
-
// src/features/analysis/add_fix_comments_for_pr/utils.ts
|
|
6223
|
+
// src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
|
|
6224
|
+
import Debug5 from "debug";
|
|
6225
|
+
import { z as z18 } from "zod";
|
|
6222
6226
|
var debug5 = Debug5("mobbdev:handle-finished-analysis");
|
|
6223
6227
|
var getCommitFixButton = (commitUrl) => `<a href="${commitUrl}"><img src=${COMMIT_FIX_SVG}></a>`;
|
|
6228
|
+
function buildCommentBody({
|
|
6229
|
+
fix,
|
|
6230
|
+
commentId,
|
|
6231
|
+
commentUrl,
|
|
6232
|
+
scanner,
|
|
6233
|
+
fixId,
|
|
6234
|
+
projectId,
|
|
6235
|
+
analysisId,
|
|
6236
|
+
organizationId,
|
|
6237
|
+
patch
|
|
6238
|
+
}) {
|
|
6239
|
+
const commitUrl = getCommitUrl({
|
|
6240
|
+
appBaseUrl: WEB_APP_URL,
|
|
6241
|
+
fixId,
|
|
6242
|
+
projectId,
|
|
6243
|
+
analysisId,
|
|
6244
|
+
organizationId,
|
|
6245
|
+
redirectUrl: commentUrl,
|
|
6246
|
+
commentId
|
|
6247
|
+
});
|
|
6248
|
+
const fixUrl = getFixUrlWithRedirect({
|
|
6249
|
+
appBaseUrl: WEB_APP_URL,
|
|
6250
|
+
fixId,
|
|
6251
|
+
projectId,
|
|
6252
|
+
analysisId,
|
|
6253
|
+
organizationId,
|
|
6254
|
+
redirectUrl: commentUrl,
|
|
6255
|
+
commentId
|
|
6256
|
+
});
|
|
6257
|
+
const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
|
|
6258
|
+
const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
|
|
6259
|
+
const validFixParseRes = z18.object({
|
|
6260
|
+
patchAndQuestions: PatchAndQuestionsZ,
|
|
6261
|
+
vulnerabilitySeverity: z18.nativeEnum(Vulnerability_Severity_Enum),
|
|
6262
|
+
safeIssueLanguage: z18.nativeEnum(IssueLanguage_Enum),
|
|
6263
|
+
safeIssueType: z18.nativeEnum(IssueType_Enum)
|
|
6264
|
+
}).safeParse(fix);
|
|
6265
|
+
if (!validFixParseRes.success) {
|
|
6266
|
+
debug5(
|
|
6267
|
+
`fix ${fixId} has custom issue type or language, therefore the commit description will not be added`,
|
|
6268
|
+
validFixParseRes.error
|
|
6269
|
+
);
|
|
6270
|
+
}
|
|
6271
|
+
const subTitle = validFixParseRes.success ? getCommitDescription({
|
|
6272
|
+
issueType: validFixParseRes.data.safeIssueType,
|
|
6273
|
+
vendor: scannerToVulnerability_Report_Vendor_Enum[scanner],
|
|
6274
|
+
severity: validFixParseRes.data.vulnerabilitySeverity,
|
|
6275
|
+
guidances: getGuidances({
|
|
6276
|
+
questions: validFixParseRes.data.patchAndQuestions.questions.map(toQuestion),
|
|
6277
|
+
issueType: validFixParseRes.data.safeIssueType,
|
|
6278
|
+
issueLanguage: validFixParseRes.data.safeIssueLanguage,
|
|
6279
|
+
fixExtraContext: validFixParseRes.data.patchAndQuestions.extraContext
|
|
6280
|
+
})
|
|
6281
|
+
}) : "";
|
|
6282
|
+
const diff = `\`\`\`diff
|
|
6283
|
+
${patch}
|
|
6284
|
+
\`\`\``;
|
|
6285
|
+
const fixPageLink = `[Learn more and fine tune the fix](${fixUrl})`;
|
|
6286
|
+
return `${title}
|
|
6287
|
+
${subTitle}
|
|
6288
|
+
${diff}
|
|
6289
|
+
${getCommitFixButton(
|
|
6290
|
+
commitUrl
|
|
6291
|
+
)}
|
|
6292
|
+
${fixPageLink}`;
|
|
6293
|
+
}
|
|
6294
|
+
|
|
6295
|
+
// src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
|
|
6296
|
+
var debug6 = Debug6("mobbdev:handle-finished-analysis");
|
|
6224
6297
|
function calculateRanges(integers) {
|
|
6225
6298
|
if (integers.length === 0) {
|
|
6226
6299
|
return [];
|
|
@@ -6254,7 +6327,7 @@ function deleteAllPreviousComments({
|
|
|
6254
6327
|
try {
|
|
6255
6328
|
return scm.deleteComment({ comment_id: comment.id });
|
|
6256
6329
|
} catch (e) {
|
|
6257
|
-
|
|
6330
|
+
debug6("delete comment failed %s", e);
|
|
6258
6331
|
return Promise.resolve();
|
|
6259
6332
|
}
|
|
6260
6333
|
});
|
|
@@ -6270,7 +6343,7 @@ function deleteAllPreviousGeneralPrComments(params) {
|
|
|
6270
6343
|
try {
|
|
6271
6344
|
return scm.deleteGeneralPrComment({ commentId: comment.id });
|
|
6272
6345
|
} catch (e) {
|
|
6273
|
-
|
|
6346
|
+
debug6("delete comment failed %s", e);
|
|
6274
6347
|
return Promise.resolve();
|
|
6275
6348
|
}
|
|
6276
6349
|
});
|
|
@@ -6308,66 +6381,19 @@ Refresh the page in order to see the changes.`,
|
|
|
6308
6381
|
line: startLine
|
|
6309
6382
|
});
|
|
6310
6383
|
const commentId = commentRes.data.id;
|
|
6311
|
-
const
|
|
6312
|
-
|
|
6313
|
-
|
|
6314
|
-
|
|
6315
|
-
|
|
6316
|
-
organizationId,
|
|
6317
|
-
redirectUrl: commentRes.data.html_url,
|
|
6318
|
-
commentId
|
|
6319
|
-
});
|
|
6320
|
-
const fixUrl = getFixUrlWithRedirect({
|
|
6321
|
-
appBaseUrl: WEB_APP_URL,
|
|
6384
|
+
const commentBody = buildCommentBody({
|
|
6385
|
+
fix,
|
|
6386
|
+
commentId,
|
|
6387
|
+
commentUrl: commentRes.data.html_url,
|
|
6388
|
+
scanner,
|
|
6322
6389
|
fixId,
|
|
6323
6390
|
projectId,
|
|
6324
6391
|
analysisId,
|
|
6325
6392
|
organizationId,
|
|
6326
|
-
|
|
6327
|
-
commentId
|
|
6328
|
-
});
|
|
6329
|
-
const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
|
|
6330
|
-
const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
|
|
6331
|
-
const patchAndQuestions = await PatchAndQuestionsZ.parseAsync(
|
|
6332
|
-
fix.patchAndQuestions
|
|
6333
|
-
);
|
|
6334
|
-
const validFixParseRes = z18.object({
|
|
6335
|
-
vulnerabilitySeverity: z18.nativeEnum(Vulnerability_Severity_Enum),
|
|
6336
|
-
issueLanguage: z18.nativeEnum(IssueLanguage_Enum),
|
|
6337
|
-
safeIssueType: z18.nativeEnum(IssueType_Enum)
|
|
6338
|
-
}).safeParse(fix);
|
|
6339
|
-
if (!validFixParseRes.success) {
|
|
6340
|
-
debug5(
|
|
6341
|
-
`fix ${fixId} does not have all the required fields to create a comment`,
|
|
6342
|
-
validFixParseRes.error
|
|
6343
|
-
);
|
|
6344
|
-
return;
|
|
6345
|
-
}
|
|
6346
|
-
const validFix = validFixParseRes.data;
|
|
6347
|
-
const subTitle = getCommitDescription({
|
|
6348
|
-
issueType: validFix.safeIssueType,
|
|
6349
|
-
vendor: scanner,
|
|
6350
|
-
severity: validFix.vulnerabilitySeverity,
|
|
6351
|
-
issueLanguage: validFix.issueLanguage,
|
|
6352
|
-
guidances: getGuidances({
|
|
6353
|
-
questions: patchAndQuestions.questions.map(toQuestion),
|
|
6354
|
-
issueType: validFix.safeIssueType,
|
|
6355
|
-
issueLanguage: validFix.issueLanguage,
|
|
6356
|
-
fixExtraContext: patchAndQuestions.extraContext
|
|
6357
|
-
})
|
|
6393
|
+
patch
|
|
6358
6394
|
});
|
|
6359
|
-
const diff = `\`\`\`diff
|
|
6360
|
-
${patch}
|
|
6361
|
-
\`\`\``;
|
|
6362
|
-
const fixPageLink = `[Learn more and fine tune the fix](${fixUrl})`;
|
|
6363
6395
|
return await scm.updatePrComment({
|
|
6364
|
-
body:
|
|
6365
|
-
${subTitle}
|
|
6366
|
-
${diff}
|
|
6367
|
-
${getCommitFixButton(
|
|
6368
|
-
commitUrl
|
|
6369
|
-
)}
|
|
6370
|
-
${fixPageLink}`,
|
|
6396
|
+
body: commentBody,
|
|
6371
6397
|
comment_id: commentId
|
|
6372
6398
|
});
|
|
6373
6399
|
}
|
|
@@ -6407,7 +6433,7 @@ async function getRelevantVulenrabilitiesFromDiff(params) {
|
|
|
6407
6433
|
});
|
|
6408
6434
|
const lineAddedRanges = calculateRanges(fileNumbers);
|
|
6409
6435
|
const fileFilter = {
|
|
6410
|
-
path:
|
|
6436
|
+
path: z19.string().parse(file.to),
|
|
6411
6437
|
ranges: lineAddedRanges.map(([startLine, endLine]) => ({
|
|
6412
6438
|
endLine,
|
|
6413
6439
|
startLine
|
|
@@ -6448,7 +6474,7 @@ async function postAnalysisInsightComment(params) {
|
|
|
6448
6474
|
fixablePrVuls,
|
|
6449
6475
|
nonFixablePrVuls
|
|
6450
6476
|
} = prVulenrabilities;
|
|
6451
|
-
|
|
6477
|
+
debug6({
|
|
6452
6478
|
fixablePrVuls,
|
|
6453
6479
|
nonFixablePrVuls,
|
|
6454
6480
|
vulnerabilitiesOutsidePr,
|
|
@@ -6503,7 +6529,7 @@ ${contactUsMarkdown}`;
|
|
|
6503
6529
|
}
|
|
6504
6530
|
|
|
6505
6531
|
// src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
|
|
6506
|
-
var
|
|
6532
|
+
var debug7 = Debug7("mobbdev:handle-finished-analysis");
|
|
6507
6533
|
async function addFixCommentsForPr({
|
|
6508
6534
|
analysisId,
|
|
6509
6535
|
scm: _scm,
|
|
@@ -6515,7 +6541,7 @@ async function addFixCommentsForPr({
|
|
|
6515
6541
|
}
|
|
6516
6542
|
const scm = _scm;
|
|
6517
6543
|
const getAnalysisRes = await gqlClient.getAnalysis(analysisId);
|
|
6518
|
-
|
|
6544
|
+
debug7("getAnalysis %o", getAnalysisRes);
|
|
6519
6545
|
const {
|
|
6520
6546
|
vulnerabilityReport: {
|
|
6521
6547
|
projectId,
|
|
@@ -6577,8 +6603,8 @@ async function addFixCommentsForPr({
|
|
|
6577
6603
|
}
|
|
6578
6604
|
|
|
6579
6605
|
// src/features/analysis/auto_pr_handler.ts
|
|
6580
|
-
import
|
|
6581
|
-
var
|
|
6606
|
+
import Debug8 from "debug";
|
|
6607
|
+
var debug8 = Debug8("mobbdev:handleAutoPr");
|
|
6582
6608
|
async function handleAutoPr(params) {
|
|
6583
6609
|
const { gqlClient, analysisId, createSpinner: createSpinner4 } = params;
|
|
6584
6610
|
const createAutoPrSpinner = createSpinner4(
|
|
@@ -6590,7 +6616,7 @@ async function handleAutoPr(params) {
|
|
|
6590
6616
|
},
|
|
6591
6617
|
callback: async (analysisId2) => {
|
|
6592
6618
|
const autoPrAnalysisRes = await gqlClient.autoPrAnalysis(analysisId2);
|
|
6593
|
-
|
|
6619
|
+
debug8("auto pr analysis res %o", autoPrAnalysisRes);
|
|
6594
6620
|
if (autoPrAnalysisRes.autoPrAnalysis?.__typename === "AutoPrError") {
|
|
6595
6621
|
createAutoPrSpinner.error({
|
|
6596
6622
|
text: `\u{1F504} Automatic pull request failed - ${autoPrAnalysisRes.autoPrAnalysis.error}`
|
|
@@ -6615,12 +6641,12 @@ async function handleAutoPr(params) {
|
|
|
6615
6641
|
}
|
|
6616
6642
|
|
|
6617
6643
|
// src/features/analysis/git.ts
|
|
6618
|
-
import
|
|
6644
|
+
import Debug9 from "debug";
|
|
6619
6645
|
import { simpleGit as simpleGit2 } from "simple-git";
|
|
6620
|
-
var
|
|
6646
|
+
var debug9 = Debug9("mobbdev:git");
|
|
6621
6647
|
var GIT_NOT_INITIALIZED_ERROR_MESSAGE = "not a git repository";
|
|
6622
6648
|
async function getGitInfo(srcDirPath) {
|
|
6623
|
-
|
|
6649
|
+
debug9("getting git info for %s", srcDirPath);
|
|
6624
6650
|
const git = simpleGit2({
|
|
6625
6651
|
baseDir: srcDirPath,
|
|
6626
6652
|
maxConcurrentProcesses: 1,
|
|
@@ -6635,11 +6661,11 @@ async function getGitInfo(srcDirPath) {
|
|
|
6635
6661
|
reference = await git.revparse(["--abbrev-ref", "HEAD"]) || "";
|
|
6636
6662
|
} catch (e) {
|
|
6637
6663
|
if (e instanceof Error) {
|
|
6638
|
-
|
|
6664
|
+
debug9("failed to run git %o", e);
|
|
6639
6665
|
if (e.message.includes(" spawn ")) {
|
|
6640
|
-
|
|
6666
|
+
debug9("git cli not installed");
|
|
6641
6667
|
} else if (e.message.includes(GIT_NOT_INITIALIZED_ERROR_MESSAGE)) {
|
|
6642
|
-
|
|
6668
|
+
debug9("folder is not a git repo");
|
|
6643
6669
|
return {
|
|
6644
6670
|
success: false,
|
|
6645
6671
|
hash: void 0,
|
|
@@ -6667,7 +6693,7 @@ async function getGitInfo(srcDirPath) {
|
|
|
6667
6693
|
}
|
|
6668
6694
|
|
|
6669
6695
|
// src/features/analysis/graphql/gql.ts
|
|
6670
|
-
import
|
|
6696
|
+
import Debug10 from "debug";
|
|
6671
6697
|
import { GraphQLClient } from "graphql-request";
|
|
6672
6698
|
import { v4 as uuidv4 } from "uuid";
|
|
6673
6699
|
|
|
@@ -6752,36 +6778,36 @@ function subscribe(query, variables, callback, wsClientOptions) {
|
|
|
6752
6778
|
}
|
|
6753
6779
|
|
|
6754
6780
|
// src/features/analysis/graphql/types.ts
|
|
6755
|
-
import { z as
|
|
6756
|
-
var VulnerabilityReportIssueCodeNodeZ =
|
|
6757
|
-
vulnerabilityReportIssueId:
|
|
6758
|
-
path:
|
|
6759
|
-
startLine:
|
|
6760
|
-
vulnerabilityReportIssue:
|
|
6761
|
-
fixId:
|
|
6781
|
+
import { z as z20 } from "zod";
|
|
6782
|
+
var VulnerabilityReportIssueCodeNodeZ = z20.object({
|
|
6783
|
+
vulnerabilityReportIssueId: z20.string(),
|
|
6784
|
+
path: z20.string(),
|
|
6785
|
+
startLine: z20.number(),
|
|
6786
|
+
vulnerabilityReportIssue: z20.object({
|
|
6787
|
+
fixId: z20.string()
|
|
6762
6788
|
})
|
|
6763
6789
|
});
|
|
6764
|
-
var GetVulByNodesMetadataZ =
|
|
6765
|
-
vulnerabilityReportIssueCodeNodes:
|
|
6766
|
-
nonFixablePrVuls:
|
|
6767
|
-
aggregate:
|
|
6768
|
-
count:
|
|
6790
|
+
var GetVulByNodesMetadataZ = z20.object({
|
|
6791
|
+
vulnerabilityReportIssueCodeNodes: z20.array(VulnerabilityReportIssueCodeNodeZ),
|
|
6792
|
+
nonFixablePrVuls: z20.object({
|
|
6793
|
+
aggregate: z20.object({
|
|
6794
|
+
count: z20.number()
|
|
6769
6795
|
})
|
|
6770
6796
|
}),
|
|
6771
|
-
fixablePrVuls:
|
|
6772
|
-
aggregate:
|
|
6773
|
-
count:
|
|
6797
|
+
fixablePrVuls: z20.object({
|
|
6798
|
+
aggregate: z20.object({
|
|
6799
|
+
count: z20.number()
|
|
6774
6800
|
})
|
|
6775
6801
|
}),
|
|
6776
|
-
totalScanVulnerabilities:
|
|
6777
|
-
aggregate:
|
|
6778
|
-
count:
|
|
6802
|
+
totalScanVulnerabilities: z20.object({
|
|
6803
|
+
aggregate: z20.object({
|
|
6804
|
+
count: z20.number()
|
|
6779
6805
|
})
|
|
6780
6806
|
})
|
|
6781
6807
|
});
|
|
6782
6808
|
|
|
6783
6809
|
// src/features/analysis/graphql/gql.ts
|
|
6784
|
-
var
|
|
6810
|
+
var debug10 = Debug10("mobbdev:gql");
|
|
6785
6811
|
var API_KEY_HEADER_NAME = "x-mobb-key";
|
|
6786
6812
|
var REPORT_STATE_CHECK_DELAY = 5 * 1e3;
|
|
6787
6813
|
var GQLClient = class {
|
|
@@ -6789,7 +6815,7 @@ var GQLClient = class {
|
|
|
6789
6815
|
__publicField(this, "_client");
|
|
6790
6816
|
__publicField(this, "_clientSdk");
|
|
6791
6817
|
__publicField(this, "_auth");
|
|
6792
|
-
|
|
6818
|
+
debug10(`init with ${args}`);
|
|
6793
6819
|
this._auth = args;
|
|
6794
6820
|
this._client = new GraphQLClient(API_URL, {
|
|
6795
6821
|
headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME]: args.apiKey || "" } : {
|
|
@@ -6797,7 +6823,7 @@ var GQLClient = class {
|
|
|
6797
6823
|
},
|
|
6798
6824
|
requestMiddleware: (request) => {
|
|
6799
6825
|
const requestId = uuidv4();
|
|
6800
|
-
|
|
6826
|
+
debug10(
|
|
6801
6827
|
`sending API request with id: ${requestId} and with request: ${request.body}`
|
|
6802
6828
|
);
|
|
6803
6829
|
return {
|
|
@@ -6827,7 +6853,7 @@ var GQLClient = class {
|
|
|
6827
6853
|
try {
|
|
6828
6854
|
await this.getUserInfo();
|
|
6829
6855
|
} catch (e) {
|
|
6830
|
-
|
|
6856
|
+
debug10("verify token failed %o", e);
|
|
6831
6857
|
return false;
|
|
6832
6858
|
}
|
|
6833
6859
|
return true;
|
|
@@ -6871,7 +6897,7 @@ var GQLClient = class {
|
|
|
6871
6897
|
try {
|
|
6872
6898
|
await this._clientSdk.CreateCommunityUser();
|
|
6873
6899
|
} catch (e) {
|
|
6874
|
-
|
|
6900
|
+
debug10("create community user failed %o", e);
|
|
6875
6901
|
}
|
|
6876
6902
|
}
|
|
6877
6903
|
async updateScmToken(args) {
|
|
@@ -7065,11 +7091,11 @@ var GQLClient = class {
|
|
|
7065
7091
|
import fs2 from "node:fs";
|
|
7066
7092
|
import path4 from "node:path";
|
|
7067
7093
|
import AdmZip from "adm-zip";
|
|
7068
|
-
import
|
|
7094
|
+
import Debug11 from "debug";
|
|
7069
7095
|
import { globby } from "globby";
|
|
7070
7096
|
import { isBinary } from "istextorbinary";
|
|
7071
7097
|
import { simpleGit as simpleGit3 } from "simple-git";
|
|
7072
|
-
var
|
|
7098
|
+
var debug11 = Debug11("mobbdev:pack");
|
|
7073
7099
|
var MAX_FILE_SIZE = 1024 * 1024 * 5;
|
|
7074
7100
|
function endsWithAny(str, suffixes) {
|
|
7075
7101
|
return suffixes.some(function(suffix) {
|
|
@@ -7080,7 +7106,7 @@ function _get_manifest_files_suffixes() {
|
|
|
7080
7106
|
return ["package.json"];
|
|
7081
7107
|
}
|
|
7082
7108
|
async function pack(srcDirPath, vulnFiles) {
|
|
7083
|
-
|
|
7109
|
+
debug11("pack folder %s", srcDirPath);
|
|
7084
7110
|
let git = void 0;
|
|
7085
7111
|
try {
|
|
7086
7112
|
git = simpleGit3({
|
|
@@ -7090,13 +7116,13 @@ async function pack(srcDirPath, vulnFiles) {
|
|
|
7090
7116
|
});
|
|
7091
7117
|
await git.status();
|
|
7092
7118
|
} catch (e) {
|
|
7093
|
-
|
|
7119
|
+
debug11("failed to run git %o", e);
|
|
7094
7120
|
git = void 0;
|
|
7095
7121
|
if (e instanceof Error) {
|
|
7096
7122
|
if (e.message.includes(" spawn ")) {
|
|
7097
|
-
|
|
7123
|
+
debug11("git cli not installed");
|
|
7098
7124
|
} else if (e.message.includes("not a git repository")) {
|
|
7099
|
-
|
|
7125
|
+
debug11("folder is not a git repo");
|
|
7100
7126
|
} else {
|
|
7101
7127
|
throw e;
|
|
7102
7128
|
}
|
|
@@ -7111,9 +7137,9 @@ async function pack(srcDirPath, vulnFiles) {
|
|
|
7111
7137
|
followSymbolicLinks: false,
|
|
7112
7138
|
dot: true
|
|
7113
7139
|
});
|
|
7114
|
-
|
|
7140
|
+
debug11("files found %d", filepaths.length);
|
|
7115
7141
|
const zip = new AdmZip();
|
|
7116
|
-
|
|
7142
|
+
debug11("compressing files");
|
|
7117
7143
|
for (const filepath of filepaths) {
|
|
7118
7144
|
const absFilepath = path4.join(srcDirPath, filepath.toString());
|
|
7119
7145
|
vulnFiles = vulnFiles.concat(_get_manifest_files_suffixes());
|
|
@@ -7121,21 +7147,21 @@ async function pack(srcDirPath, vulnFiles) {
|
|
|
7121
7147
|
absFilepath.toString().replaceAll(path4.win32.sep, path4.posix.sep),
|
|
7122
7148
|
vulnFiles
|
|
7123
7149
|
)) {
|
|
7124
|
-
|
|
7150
|
+
debug11("ignoring %s because it is not a vulnerability file", filepath);
|
|
7125
7151
|
continue;
|
|
7126
7152
|
}
|
|
7127
7153
|
if (fs2.lstatSync(absFilepath).size > MAX_FILE_SIZE) {
|
|
7128
|
-
|
|
7154
|
+
debug11("ignoring %s because the size is > 5MB", filepath);
|
|
7129
7155
|
continue;
|
|
7130
7156
|
}
|
|
7131
7157
|
const data = git ? await git.showBuffer([`HEAD:./${filepath}`]) : fs2.readFileSync(absFilepath);
|
|
7132
7158
|
if (isBinary(null, data)) {
|
|
7133
|
-
|
|
7159
|
+
debug11("ignoring %s because is seems to be a binary file", filepath);
|
|
7134
7160
|
continue;
|
|
7135
7161
|
}
|
|
7136
7162
|
zip.addFile(filepath.toString(), data);
|
|
7137
7163
|
}
|
|
7138
|
-
|
|
7164
|
+
debug11("get zip file buffer");
|
|
7139
7165
|
return zip.toBuffer();
|
|
7140
7166
|
}
|
|
7141
7167
|
|
|
@@ -7211,7 +7237,7 @@ var cxOperatingSystemSupportMessage = `Your operating system does not support ch
|
|
|
7211
7237
|
|
|
7212
7238
|
// src/utils/child_process.ts
|
|
7213
7239
|
import cp from "node:child_process";
|
|
7214
|
-
import
|
|
7240
|
+
import Debug12 from "debug";
|
|
7215
7241
|
import * as process2 from "process";
|
|
7216
7242
|
import supportsColor from "supports-color";
|
|
7217
7243
|
var { stdout: stdout2 } = supportsColor;
|
|
@@ -7230,16 +7256,16 @@ function createSpwan({ args, processPath, name }, options) {
|
|
|
7230
7256
|
return createChildProcess({ childProcess: child, name }, options);
|
|
7231
7257
|
}
|
|
7232
7258
|
function createChildProcess({ childProcess, name }, options) {
|
|
7233
|
-
const
|
|
7259
|
+
const debug16 = Debug12(`mobbdev:${name}`);
|
|
7234
7260
|
const { display } = options;
|
|
7235
7261
|
return new Promise((resolve, reject) => {
|
|
7236
7262
|
let out = "";
|
|
7237
7263
|
const onData = (chunk) => {
|
|
7238
|
-
|
|
7264
|
+
debug16(`chunk received from ${name} std ${chunk}`);
|
|
7239
7265
|
out += chunk;
|
|
7240
7266
|
};
|
|
7241
7267
|
if (!childProcess || !childProcess?.stdout || !childProcess?.stderr) {
|
|
7242
|
-
|
|
7268
|
+
debug16(`unable to fork ${name}`);
|
|
7243
7269
|
reject(new Error(`unable to fork ${name}`));
|
|
7244
7270
|
}
|
|
7245
7271
|
childProcess.stdout?.on("data", onData);
|
|
@@ -7249,11 +7275,11 @@ function createChildProcess({ childProcess, name }, options) {
|
|
|
7249
7275
|
childProcess.stderr?.pipe(process2.stderr);
|
|
7250
7276
|
}
|
|
7251
7277
|
childProcess.on("exit", (code) => {
|
|
7252
|
-
|
|
7278
|
+
debug16(`${name} exit code ${code}`);
|
|
7253
7279
|
resolve({ message: out, code });
|
|
7254
7280
|
});
|
|
7255
7281
|
childProcess.on("error", (err) => {
|
|
7256
|
-
|
|
7282
|
+
debug16(`${name} error %o`, err);
|
|
7257
7283
|
reject(err);
|
|
7258
7284
|
});
|
|
7259
7285
|
});
|
|
@@ -7261,12 +7287,12 @@ function createChildProcess({ childProcess, name }, options) {
|
|
|
7261
7287
|
|
|
7262
7288
|
// src/features/analysis/scanners/checkmarx.ts
|
|
7263
7289
|
import chalk2 from "chalk";
|
|
7264
|
-
import
|
|
7290
|
+
import Debug13 from "debug";
|
|
7265
7291
|
import { existsSync } from "fs";
|
|
7266
7292
|
import { createSpinner as createSpinner2 } from "nanospinner";
|
|
7267
7293
|
import { type } from "os";
|
|
7268
7294
|
import path5 from "path";
|
|
7269
|
-
var
|
|
7295
|
+
var debug12 = Debug13("mobbdev:checkmarx");
|
|
7270
7296
|
var require2 = createRequire(import.meta.url);
|
|
7271
7297
|
var getCheckmarxPath = () => {
|
|
7272
7298
|
const os2 = type();
|
|
@@ -7307,14 +7333,14 @@ function validateCheckmarxInstallation() {
|
|
|
7307
7333
|
existsSync(getCheckmarxPath());
|
|
7308
7334
|
}
|
|
7309
7335
|
async function forkCheckmarx(args, { display }) {
|
|
7310
|
-
|
|
7336
|
+
debug12("fork checkmarx with args %o %s", args.join(" "), display);
|
|
7311
7337
|
return createSpwan(
|
|
7312
7338
|
{ args, processPath: getCheckmarxPath(), name: "checkmarx" },
|
|
7313
7339
|
{ display }
|
|
7314
7340
|
);
|
|
7315
7341
|
}
|
|
7316
7342
|
async function getCheckmarxReport({ reportPath, repositoryRoot, branch, projectName }, { skipPrompts = false }) {
|
|
7317
|
-
|
|
7343
|
+
debug12("get checkmarx report start %s %s", reportPath, repositoryRoot);
|
|
7318
7344
|
const { code: loginCode } = await forkCheckmarx(VALIDATE_COMMAND, {
|
|
7319
7345
|
display: false
|
|
7320
7346
|
});
|
|
@@ -7382,20 +7408,20 @@ async function validateCheckamxCredentials() {
|
|
|
7382
7408
|
// src/features/analysis/scanners/snyk.ts
|
|
7383
7409
|
import { createRequire as createRequire2 } from "node:module";
|
|
7384
7410
|
import chalk3 from "chalk";
|
|
7385
|
-
import
|
|
7411
|
+
import Debug14 from "debug";
|
|
7386
7412
|
import { createSpinner as createSpinner3 } from "nanospinner";
|
|
7387
7413
|
import open from "open";
|
|
7388
|
-
var
|
|
7414
|
+
var debug13 = Debug14("mobbdev:snyk");
|
|
7389
7415
|
var require3 = createRequire2(import.meta.url);
|
|
7390
7416
|
var SNYK_PATH = require3.resolve("snyk/bin/snyk");
|
|
7391
7417
|
var SNYK_ARTICLE_URL = "https://docs.snyk.io/scan-using-snyk/snyk-code/configure-snyk-code#enable-snyk-code";
|
|
7392
|
-
|
|
7418
|
+
debug13("snyk executable path %s", SNYK_PATH);
|
|
7393
7419
|
async function forkSnyk(args, { display }) {
|
|
7394
|
-
|
|
7420
|
+
debug13("fork snyk with args %o %s", args, display);
|
|
7395
7421
|
return createFork({ args, processPath: SNYK_PATH, name: "snyk" }, { display });
|
|
7396
7422
|
}
|
|
7397
7423
|
async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
|
|
7398
|
-
|
|
7424
|
+
debug13("get snyk report start %s %s", reportPath, repoRoot);
|
|
7399
7425
|
const config4 = await forkSnyk(["config"], { display: false });
|
|
7400
7426
|
const { message: configMessage } = config4;
|
|
7401
7427
|
if (!configMessage.includes("api: ")) {
|
|
@@ -7409,7 +7435,7 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
|
|
|
7409
7435
|
snykLoginSpinner.update({
|
|
7410
7436
|
text: "\u{1F513} Waiting for Snyk login to complete"
|
|
7411
7437
|
});
|
|
7412
|
-
|
|
7438
|
+
debug13("no token in the config %s", config4);
|
|
7413
7439
|
await forkSnyk(["auth"], { display: true });
|
|
7414
7440
|
snykLoginSpinner.success({ text: "\u{1F513} Login to Snyk Successful" });
|
|
7415
7441
|
}
|
|
@@ -7419,12 +7445,12 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
|
|
|
7419
7445
|
{ display: true }
|
|
7420
7446
|
);
|
|
7421
7447
|
if (scanOutput.includes("Snyk Code is not supported for org")) {
|
|
7422
|
-
|
|
7448
|
+
debug13("snyk code is not enabled %s", scanOutput);
|
|
7423
7449
|
snykSpinner.error({ text: "\u{1F50D} Snyk configuration needed" });
|
|
7424
7450
|
const answer = await snykArticlePrompt();
|
|
7425
|
-
|
|
7451
|
+
debug13("answer %s", answer);
|
|
7426
7452
|
if (answer) {
|
|
7427
|
-
|
|
7453
|
+
debug13("opening the browser");
|
|
7428
7454
|
await open(SNYK_ARTICLE_URL);
|
|
7429
7455
|
}
|
|
7430
7456
|
console.log(
|
|
@@ -7439,18 +7465,18 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
|
|
|
7439
7465
|
}
|
|
7440
7466
|
|
|
7441
7467
|
// src/features/analysis/upload-file.ts
|
|
7442
|
-
import
|
|
7468
|
+
import Debug15 from "debug";
|
|
7443
7469
|
import fetch3, { File, fileFrom, FormData } from "node-fetch";
|
|
7444
|
-
var
|
|
7470
|
+
var debug14 = Debug15("mobbdev:upload-file");
|
|
7445
7471
|
async function uploadFile({
|
|
7446
7472
|
file,
|
|
7447
7473
|
url,
|
|
7448
7474
|
uploadKey,
|
|
7449
7475
|
uploadFields
|
|
7450
7476
|
}) {
|
|
7451
|
-
|
|
7452
|
-
|
|
7453
|
-
|
|
7477
|
+
debug14("upload file start %s", url);
|
|
7478
|
+
debug14("upload fields %o", uploadFields);
|
|
7479
|
+
debug14("upload key %s", uploadKey);
|
|
7454
7480
|
const form = new FormData();
|
|
7455
7481
|
Object.entries(uploadFields).forEach(([key, value]) => {
|
|
7456
7482
|
form.append(key, value);
|
|
@@ -7459,10 +7485,10 @@ async function uploadFile({
|
|
|
7459
7485
|
form.append("key", uploadKey);
|
|
7460
7486
|
}
|
|
7461
7487
|
if (typeof file === "string") {
|
|
7462
|
-
|
|
7488
|
+
debug14("upload file from path %s", file);
|
|
7463
7489
|
form.append("file", await fileFrom(file));
|
|
7464
7490
|
} else {
|
|
7465
|
-
|
|
7491
|
+
debug14("upload file from buffer");
|
|
7466
7492
|
form.append("file", new File([file], "file"));
|
|
7467
7493
|
}
|
|
7468
7494
|
const response = await fetch3(url, {
|
|
@@ -7470,10 +7496,10 @@ async function uploadFile({
|
|
|
7470
7496
|
body: form
|
|
7471
7497
|
});
|
|
7472
7498
|
if (!response.ok) {
|
|
7473
|
-
|
|
7499
|
+
debug14("error from S3 %s %s", response.body, response.status);
|
|
7474
7500
|
throw new Error(`Failed to upload the file: ${response.status}`);
|
|
7475
7501
|
}
|
|
7476
|
-
|
|
7502
|
+
debug14("upload file done");
|
|
7477
7503
|
}
|
|
7478
7504
|
|
|
7479
7505
|
// src/features/analysis/index.ts
|
|
@@ -7493,9 +7519,9 @@ async function downloadRepo({
|
|
|
7493
7519
|
}) {
|
|
7494
7520
|
const { createSpinner: createSpinner4 } = Spinner2({ ci });
|
|
7495
7521
|
const repoSpinner = createSpinner4("\u{1F4BE} Downloading Repo").start();
|
|
7496
|
-
|
|
7522
|
+
debug15("download repo %s %s %s", repoUrl, dirname);
|
|
7497
7523
|
const zipFilePath = path6.join(dirname, "repo.zip");
|
|
7498
|
-
|
|
7524
|
+
debug15("download URL: %s auth headers: %o", downloadUrl, authHeaders);
|
|
7499
7525
|
const response = await fetch4(downloadUrl, {
|
|
7500
7526
|
method: "GET",
|
|
7501
7527
|
headers: {
|
|
@@ -7503,7 +7529,7 @@ async function downloadRepo({
|
|
|
7503
7529
|
}
|
|
7504
7530
|
});
|
|
7505
7531
|
if (!response.ok) {
|
|
7506
|
-
|
|
7532
|
+
debug15("SCM zipball request failed %s %s", response.body, response.status);
|
|
7507
7533
|
repoSpinner.error({ text: "\u{1F4BE} Repo download failed" });
|
|
7508
7534
|
throw new Error(`Can't access ${chalk4.bold(repoUrl)}`);
|
|
7509
7535
|
}
|
|
@@ -7517,7 +7543,7 @@ async function downloadRepo({
|
|
|
7517
7543
|
if (!repoRoot) {
|
|
7518
7544
|
throw new Error("Repo root not found");
|
|
7519
7545
|
}
|
|
7520
|
-
|
|
7546
|
+
debug15("repo root %s", repoRoot);
|
|
7521
7547
|
repoSpinner.success({ text: "\u{1F4BE} Repo downloaded successfully" });
|
|
7522
7548
|
return path6.join(dirname, repoRoot);
|
|
7523
7549
|
}
|
|
@@ -7531,7 +7557,7 @@ var getReportUrl = ({
|
|
|
7531
7557
|
projectId,
|
|
7532
7558
|
fixReportId
|
|
7533
7559
|
}) => `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${fixReportId}`;
|
|
7534
|
-
var
|
|
7560
|
+
var debug15 = Debug16("mobbdev:index");
|
|
7535
7561
|
var packageJson = JSON.parse(
|
|
7536
7562
|
fs3.readFileSync(path6.join(getDirName(), "../package.json"), "utf8")
|
|
7537
7563
|
);
|
|
@@ -7541,7 +7567,7 @@ if (!semver.satisfies(process.version, packageJson.engines.node)) {
|
|
|
7541
7567
|
);
|
|
7542
7568
|
}
|
|
7543
7569
|
var config2 = new Configstore(packageJson.name, { apiToken: "" });
|
|
7544
|
-
|
|
7570
|
+
debug15("config %o", config2);
|
|
7545
7571
|
async function runAnalysis(params, options) {
|
|
7546
7572
|
const tmpObj = tmp2.dirSync({
|
|
7547
7573
|
unsafeCleanup: true
|
|
@@ -7683,7 +7709,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
7683
7709
|
organizationId: userOrganizationId,
|
|
7684
7710
|
autoPr
|
|
7685
7711
|
} = params;
|
|
7686
|
-
|
|
7712
|
+
debug15("start %s %s", dirname, repo);
|
|
7687
7713
|
const { createSpinner: createSpinner4 } = Spinner2({ ci });
|
|
7688
7714
|
skipPrompts = skipPrompts || ci;
|
|
7689
7715
|
let gqlClient = new GQLClient({
|
|
@@ -7750,8 +7776,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
7750
7776
|
);
|
|
7751
7777
|
}
|
|
7752
7778
|
const { sha } = getReferenceDataRes.gitReference;
|
|
7753
|
-
|
|
7754
|
-
|
|
7779
|
+
debug15("project id %s", projectId);
|
|
7780
|
+
debug15("default branch %s", reference);
|
|
7755
7781
|
if (command === "scan") {
|
|
7756
7782
|
reportPath = await getReport(
|
|
7757
7783
|
{
|
|
@@ -7789,7 +7815,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
7789
7815
|
spinner: mobbSpinner,
|
|
7790
7816
|
submitVulnerabilityReportVariables: {
|
|
7791
7817
|
fixReportId: reportUploadInfo.fixReportId,
|
|
7792
|
-
repoUrl:
|
|
7818
|
+
repoUrl: z21.string().parse(repo),
|
|
7793
7819
|
reference,
|
|
7794
7820
|
projectId,
|
|
7795
7821
|
vulnerabilityReportFileName: "report.json",
|
|
@@ -7870,9 +7896,9 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
7870
7896
|
});
|
|
7871
7897
|
loginSpinner.spin();
|
|
7872
7898
|
if (encryptedApiToken) {
|
|
7873
|
-
|
|
7899
|
+
debug15("encrypted API token received %s", encryptedApiToken);
|
|
7874
7900
|
newApiToken = crypto.privateDecrypt(privateKey, Buffer.from(encryptedApiToken, "base64")).toString("utf-8");
|
|
7875
|
-
|
|
7901
|
+
debug15("API token decrypted");
|
|
7876
7902
|
break;
|
|
7877
7903
|
}
|
|
7878
7904
|
await sleep(LOGIN_CHECK_DELAY);
|
|
@@ -7885,7 +7911,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
7885
7911
|
}
|
|
7886
7912
|
gqlClient = new GQLClient({ apiKey: newApiToken, type: "apiKey" });
|
|
7887
7913
|
if (await gqlClient.verifyToken()) {
|
|
7888
|
-
|
|
7914
|
+
debug15("set api token %s", newApiToken);
|
|
7889
7915
|
config2.set("apiToken", newApiToken);
|
|
7890
7916
|
loginSpinner.success({ text: "\u{1F513} Login to Mobb successful!" });
|
|
7891
7917
|
} else {
|
|
@@ -8028,9 +8054,9 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
8028
8054
|
}
|
|
8029
8055
|
});
|
|
8030
8056
|
if (command === "review") {
|
|
8031
|
-
const params2 =
|
|
8032
|
-
repo:
|
|
8033
|
-
githubActionToken:
|
|
8057
|
+
const params2 = z21.object({
|
|
8058
|
+
repo: z21.string().url(),
|
|
8059
|
+
githubActionToken: z21.string()
|
|
8034
8060
|
}).parse({ repo, githubActionToken });
|
|
8035
8061
|
const scm = await SCMLib.init(
|
|
8036
8062
|
{
|
|
@@ -8052,7 +8078,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
|
|
|
8052
8078
|
analysisId,
|
|
8053
8079
|
gqlClient,
|
|
8054
8080
|
scm,
|
|
8055
|
-
scanner:
|
|
8081
|
+
scanner: z21.nativeEnum(SCANNERS).parse(scanner)
|
|
8056
8082
|
});
|
|
8057
8083
|
},
|
|
8058
8084
|
callbackStates: ["Finished" /* Finished */]
|
|
@@ -8279,7 +8305,7 @@ var scmTokenOption = {
|
|
|
8279
8305
|
// src/args/validation.ts
|
|
8280
8306
|
import chalk6 from "chalk";
|
|
8281
8307
|
import path8 from "path";
|
|
8282
|
-
import { z as
|
|
8308
|
+
import { z as z22 } from "zod";
|
|
8283
8309
|
function throwRepoUrlErrorMessage({
|
|
8284
8310
|
error,
|
|
8285
8311
|
repoUrl,
|
|
@@ -8296,13 +8322,13 @@ Example:
|
|
|
8296
8322
|
)}`;
|
|
8297
8323
|
throw new CliError(formattedErrorMessage);
|
|
8298
8324
|
}
|
|
8299
|
-
var UrlZ =
|
|
8325
|
+
var UrlZ = z22.string({
|
|
8300
8326
|
invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
|
|
8301
8327
|
}).refine((data) => !!sanityRepoURL(data), {
|
|
8302
8328
|
message: `is not a valid ${Object.values(ScmType).join(" / ")} URL`
|
|
8303
8329
|
});
|
|
8304
8330
|
function validateOrganizationId(organizationId) {
|
|
8305
|
-
const orgIdValidation =
|
|
8331
|
+
const orgIdValidation = z22.string().uuid().nullish().safeParse(organizationId);
|
|
8306
8332
|
if (!orgIdValidation.success) {
|
|
8307
8333
|
throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
|
|
8308
8334
|
}
|