mobbdev 0.0.20 → 0.0.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.mjs +7 -4
- package/package.json +1 -1
- package/src/commands/index.mjs +7 -4
- package/src/feature/analysis/gql.mjs +13 -5
- package/src/feature/analysis/index.mjs +25 -6
- package/src/yargs.mjs +3 -3
package/index.mjs
CHANGED
|
@@ -6,13 +6,16 @@ async function run() {
|
|
|
6
6
|
const args = await parseArgs(hideBin(process.argv));
|
|
7
7
|
const [command] = args._;
|
|
8
8
|
if (command === 'scan') {
|
|
9
|
-
const { repo, branch, yes, scanner } = args;
|
|
10
|
-
await scan(
|
|
9
|
+
const { repo, branch, yes, scanner, apiKey } = args;
|
|
10
|
+
await scan(
|
|
11
|
+
{ repoUrl: repo, branch, scanner, apiKey },
|
|
12
|
+
{ skipPrompts: yes }
|
|
13
|
+
);
|
|
11
14
|
}
|
|
12
15
|
if (command === 'analyze') {
|
|
13
|
-
const { repo, scanFile, branch, yes } = args;
|
|
16
|
+
const { repo, scanFile, branch, yes, apiKey } = args;
|
|
14
17
|
await analyze(
|
|
15
|
-
{ repoUrl: repo, scanFilePath: scanFile, branch },
|
|
18
|
+
{ repoUrl: repo, scanFilePath: scanFile, branch, apiKey },
|
|
16
19
|
{ skipPrompts: yes }
|
|
17
20
|
);
|
|
18
21
|
}
|
package/package.json
CHANGED
package/src/commands/index.mjs
CHANGED
|
@@ -32,7 +32,7 @@ function handleScanErrorMessage({ error, repoUrl, command }) {
|
|
|
32
32
|
}
|
|
33
33
|
|
|
34
34
|
export async function analyze(
|
|
35
|
-
{ repoUrl, scanFilePath, branch },
|
|
35
|
+
{ repoUrl, scanFilePath, branch, apiKey },
|
|
36
36
|
{ skipPrompts = false } = {}
|
|
37
37
|
) {
|
|
38
38
|
const { success, error } = UrlZ.safeParse(repoUrl);
|
|
@@ -49,11 +49,14 @@ export async function analyze(
|
|
|
49
49
|
return;
|
|
50
50
|
}
|
|
51
51
|
await showWelcomeMessage(skipPrompts);
|
|
52
|
-
await runAnalysis(
|
|
52
|
+
await runAnalysis(
|
|
53
|
+
{ repoUrl, scanFilePath, branch, apiKey },
|
|
54
|
+
{ skipPrompts }
|
|
55
|
+
);
|
|
53
56
|
}
|
|
54
57
|
|
|
55
58
|
export async function scan(
|
|
56
|
-
{ repoUrl, scanner, branch },
|
|
59
|
+
{ repoUrl, scanner, branch, apiKey },
|
|
57
60
|
{ skipPrompts = false } = {}
|
|
58
61
|
) {
|
|
59
62
|
const { success, error } = UrlZ.safeParse(repoUrl);
|
|
@@ -68,7 +71,7 @@ export async function scan(
|
|
|
68
71
|
);
|
|
69
72
|
return;
|
|
70
73
|
}
|
|
71
|
-
await runAnalysis({ repoUrl, scanner, branch }, { skipPrompts });
|
|
74
|
+
await runAnalysis({ repoUrl, scanner, branch, apiKey }, { skipPrompts });
|
|
72
75
|
}
|
|
73
76
|
async function showWelcomeMessage(skipPrompts = false) {
|
|
74
77
|
console.log(mobbAscii);
|
|
@@ -68,9 +68,13 @@ mutation SubmitVulnerabilityReport($vulnerabilityReportFileName: String!, $fixRe
|
|
|
68
68
|
`;
|
|
69
69
|
|
|
70
70
|
export class GQLClient {
|
|
71
|
-
constructor(
|
|
72
|
-
|
|
71
|
+
constructor(args) {
|
|
72
|
+
const { token, apiKey } = args;
|
|
73
|
+
apiKey
|
|
74
|
+
? debug('init with apiKey %s', apiKey)
|
|
75
|
+
: debug('init with token %s', token);
|
|
73
76
|
this._token = token;
|
|
77
|
+
this._apiKey = apiKey;
|
|
74
78
|
}
|
|
75
79
|
async getUserInfo() {
|
|
76
80
|
const { me } = await this._apiCall(ME);
|
|
@@ -79,11 +83,15 @@ export class GQLClient {
|
|
|
79
83
|
|
|
80
84
|
async _apiCall(query, variables = {}) {
|
|
81
85
|
debug('api call %o %s', variables, query);
|
|
86
|
+
const headers = this._apiKey
|
|
87
|
+
? { 'x-mobb-key': this._apiKey }
|
|
88
|
+
: {
|
|
89
|
+
authorization: `Bearer ${this._token}`,
|
|
90
|
+
};
|
|
91
|
+
debug('headers %o', headers);
|
|
82
92
|
const response = await fetch(API_URL, {
|
|
83
93
|
method: 'POST',
|
|
84
|
-
headers
|
|
85
|
-
authorization: `Bearer ${this._token}`,
|
|
86
|
-
},
|
|
94
|
+
headers,
|
|
87
95
|
body: JSON.stringify({
|
|
88
96
|
query,
|
|
89
97
|
variables,
|
|
@@ -51,12 +51,19 @@ const config = new Configstore(packageJson.name, { token: '' });
|
|
|
51
51
|
debug('config %o', config);
|
|
52
52
|
|
|
53
53
|
export async function runAnalysis(
|
|
54
|
-
{ repoUrl, scanner, scanFilePath, branch },
|
|
54
|
+
{ repoUrl, scanner, scanFilePath, branch, apiKey },
|
|
55
55
|
{ skipPrompts }
|
|
56
56
|
) {
|
|
57
57
|
try {
|
|
58
58
|
await _scan(
|
|
59
|
-
{
|
|
59
|
+
{
|
|
60
|
+
dirname: tmpObj.name,
|
|
61
|
+
repoUrl,
|
|
62
|
+
scanner,
|
|
63
|
+
scanFilePath,
|
|
64
|
+
branch,
|
|
65
|
+
apiKey,
|
|
66
|
+
},
|
|
60
67
|
{ skipPrompts }
|
|
61
68
|
);
|
|
62
69
|
} catch (err) {
|
|
@@ -70,14 +77,15 @@ export async function runAnalysis(
|
|
|
70
77
|
}
|
|
71
78
|
|
|
72
79
|
export async function _scan(
|
|
73
|
-
{ dirname, repoUrl, scanFilePath, branch },
|
|
80
|
+
{ dirname, repoUrl, scanFilePath, branch, apiKey },
|
|
74
81
|
{ skipPrompts = false } = {}
|
|
75
82
|
) {
|
|
76
83
|
debug('start %s %s', dirname, repoUrl);
|
|
77
84
|
|
|
78
85
|
let token = config.get('token');
|
|
79
86
|
debug('token %s', token);
|
|
80
|
-
|
|
87
|
+
apiKey ?? debug('token %s', apiKey);
|
|
88
|
+
let gqlClient = new GQLClient(apiKey ? { apiKey } : { token });
|
|
81
89
|
await handleMobbLogin();
|
|
82
90
|
const userInfo = await gqlClient.getUserInfo();
|
|
83
91
|
let { githubToken } = userInfo;
|
|
@@ -167,10 +175,21 @@ export async function _scan(
|
|
|
167
175
|
}
|
|
168
176
|
|
|
169
177
|
async function handleMobbLogin() {
|
|
170
|
-
if (
|
|
178
|
+
if (
|
|
179
|
+
(token && (await gqlClient.verifyToken())) ||
|
|
180
|
+
(apiKey && (await gqlClient.verifyToken()))
|
|
181
|
+
) {
|
|
171
182
|
createSpinner().start().success({
|
|
172
183
|
text: '🔓 Logged in to Mobb successfully',
|
|
173
184
|
});
|
|
185
|
+
|
|
186
|
+
return;
|
|
187
|
+
}
|
|
188
|
+
if (apiKey && !(await gqlClient.verifyToken())) {
|
|
189
|
+
createSpinner().start().error({
|
|
190
|
+
text: '🔓 Logged in to Mobb failed - check your api-key',
|
|
191
|
+
});
|
|
192
|
+
process.exit(1);
|
|
174
193
|
return;
|
|
175
194
|
}
|
|
176
195
|
const mobbLoginSpinner = createSpinner().start();
|
|
@@ -189,7 +208,7 @@ export async function _scan(
|
|
|
189
208
|
);
|
|
190
209
|
token = loginResponse.token;
|
|
191
210
|
|
|
192
|
-
gqlClient = new GQLClient(token);
|
|
211
|
+
gqlClient = new GQLClient({ token });
|
|
193
212
|
|
|
194
213
|
if (!(await gqlClient.verifyToken())) {
|
|
195
214
|
mobbLoginSpinner.error({
|
package/src/yargs.mjs
CHANGED
|
@@ -21,7 +21,6 @@ const yesOption = {
|
|
|
21
21
|
};
|
|
22
22
|
|
|
23
23
|
const apiKeyOption = {
|
|
24
|
-
alias: 'api-key',
|
|
25
24
|
describe: chalk.bold('Mobb authentication api-key'),
|
|
26
25
|
type: 'string',
|
|
27
26
|
};
|
|
@@ -60,7 +59,7 @@ export const parseArgs = (args) => {
|
|
|
60
59
|
describe: chalk.bold('Select the scanner to use'),
|
|
61
60
|
},
|
|
62
61
|
y: yesOption,
|
|
63
|
-
|
|
62
|
+
['api-key']: apiKeyOption,
|
|
64
63
|
});
|
|
65
64
|
},
|
|
66
65
|
})
|
|
@@ -79,8 +78,9 @@ export const parseArgs = (args) => {
|
|
|
79
78
|
),
|
|
80
79
|
},
|
|
81
80
|
r: repoOption,
|
|
81
|
+
b: branchOption,
|
|
82
82
|
y: yesOption,
|
|
83
|
-
|
|
83
|
+
['api-key']: apiKeyOption,
|
|
84
84
|
});
|
|
85
85
|
},
|
|
86
86
|
})
|