mobbdev 0.0.20 → 0.0.23

package/index.mjs

@@ -6,18 +6,24 @@ async function run() {
     const args = await parseArgs(hideBin(process.argv));
     const [command] = args._;
     if (command === 'scan') {
-        const { repo, branch, yes, scanner } = args;
-        await scan({ repoUrl: repo, branch, scanner }, { skipPrompts: yes });
+        const { yes, ...restArgs } = args;
+        await scan(restArgs, { skipPrompts: yes });
     }
     if (command === 'analyze') {
-        const { repo, scanFile, branch, yes } = args;
-        await analyze(
-            { repoUrl: repo, scanFilePath: scanFile, branch },
-            { skipPrompts: yes }
-        );
+        const { yes, ...restArgs } = args;
+        await analyze(restArgs, { skipPrompts: yes });
     }
 }
 
 (async () => {
-    await run();
+    try {
+        await run();
+        process.exit(0);
+    } catch (err) {
+        console.error(
+            'Something went wrong, please try again or contact support if issue persists.'
+        );
+        console.error(err);
+        process.exit(1);
+    }
 })();

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "mobbdev",
-    "version": "0.0.20",
+    "version": "0.0.23",
     "description": "Automated secure code remediation tool",
     "main": "index.mjs",
     "scripts": {

package/src/commands/index.mjs

@@ -2,9 +2,9 @@ import { z } from 'zod';
 import fs from 'node:fs';
 import chalk from 'chalk';
 import chalkAnimation from 'chalk-animation';
-import { choseScanner } from '../feature/analysis/prompts.mjs';
+import { choseScanner } from '../features/analysis/prompts.mjs';
 import { SCANNERS, mobbAscii } from '../constants.mjs';
-import { runAnalysis } from '../feature/analysis/index.mjs';
+import { runAnalysis } from '../features/analysis/index.mjs';
 import { sleep } from '../utils.mjs';
 import path from 'path';
 
@@ -13,62 +13,79 @@ const GITHUB_REPO_URL_PATTERN = new RegExp(
 );
 
 const UrlZ = z
-    .string({ required_error: 'Please Enter A Github Url' })
+    .string({
+        invalid_type_error: 'is not a valid github URL',
+    })
     .regex(GITHUB_REPO_URL_PATTERN, {
-        message: 'Invalid Github repository URL',
+        message: 'is not a valid github URL',
     });
 
-function handleScanErrorMessage({ error, repoUrl, command }) {
-    console.log('\n');
+function printRepoUrlErrorMessage({ error, repoUrl, command }) {
     const errorMessage = error.issues[error.issues.length - 1].message;
-    if (repoUrl) {
-        console.log(`Error: ${chalk.bold(repoUrl)} is ${errorMessage}`);
-    }
-    console.log(
-        `Example: \n\tmobbdev ${command} ${chalk.bold(
-            '-r https://github.com/WebGoat/WebGoat'
+    console.error(`\nError: ${chalk.bold(repoUrl)} is ${errorMessage}`);
+    console.error(
+        `Example: \n\tmobbdev ${command} -r ${chalk.bold(
+            'https://github.com/WebGoat/WebGoat'
         )}`
     );
 }
 
 export async function analyze(
-    { repoUrl, scanFilePath, branch },
+    { repo, scanFile, branch, apiKey, ci },
     { skipPrompts = false } = {}
 ) {
-    const { success, error } = UrlZ.safeParse(repoUrl);
+    const { success, error } = UrlZ.safeParse(repo);
     if (!success) {
-        return handleScanErrorMessage({ error, repoUrl, command: 'analyze' });
+        printRepoUrlErrorMessage({
+            error,
+            repoUrl: repo,
+            command: 'analyze',
+        });
+        process.exit(1);
+    }
+    if (ci && !apiKey) {
+        console.error(
+            '\nError: --ci flag requires --api-key to be provided as well'
+        );
+        process.exit(1);
     }
-    console.log('scanFilePath', scanFilePath);
-    if (!fs.existsSync(scanFilePath)) {
-        console.log(`\nCan't access ${chalk.bold(scanFilePath)}`);
-        return;
+    if (!fs.existsSync(scanFile)) {
+        console.error(`\nCan't access ${chalk.bold(scanFile)}`);
+        process.exit(1);
     }
-    if (path.extname(scanFilePath) !== '.json') {
-        console.log(`\n${chalk.bold(scanFilePath)} is not a json file`);
-        return;
+    if (path.extname(scanFile) !== '.json') {
+        console.error(`\n${chalk.bold(scanFile)} is not a json file`);
+        process.exit(1);
     }
-    await showWelcomeMessage(skipPrompts);
-    await runAnalysis({ repoUrl, scanFilePath, branch }, { skipPrompts });
+    !ci && (await showWelcomeMessage(skipPrompts));
+    await runAnalysis({ repo, scanFile, branch, apiKey, ci }, { skipPrompts });
 }
 
 export async function scan(
-    { repoUrl, scanner, branch },
+    { repo, scanner, branch, apiKey, ci },
     { skipPrompts = false } = {}
 ) {
-    const { success, error } = UrlZ.safeParse(repoUrl);
+    const { success, error } = UrlZ.safeParse(repo);
+    if (ci && !apiKey) {
+        console.error(
+            '\nError: --ci flag requires --api-key to be provided as well'
+        );
+        process.exit(1);
+    }
+
     if (!success) {
-        return handleScanErrorMessage({ error, repoUrl, command: 'scan' });
+        printRepoUrlErrorMessage({ error, repoUrl: repo, command: 'scan' });
+        process.exit(1);
     }
-    await showWelcomeMessage(skipPrompts);
+    !ci && (await showWelcomeMessage(skipPrompts));
     scanner ??= scanner || (await choseScanner());
     if (scanner !== SCANNERS.Snyk) {
-        console.log(
+        console.error(
             'Vulnerability scanning via Bugsy is available only with Snyk at the moment. Additional scanners will follow soon.'
         );
-        return;
+        process.exit(1);
     }
-    await runAnalysis({ repoUrl, scanner, branch }, { skipPrompts });
+    await runAnalysis({ repo, scanner, branch, apiKey }, { skipPrompts });
 }
 async function showWelcomeMessage(skipPrompts = false) {
     console.log(mobbAscii);

package/src/{feature → features}/analysis/github.mjs

@@ -6,7 +6,7 @@ import { promisify } from 'node:util';
 import fetch from 'node-fetch';
 import extract from 'extract-zip';
 import Debug from 'debug';
-import { createSpinner } from 'nanospinner';
+import { Spinner } from '../../utils.mjs';
 import { GITHUB_CLIENT_ID, WEB_APP_URL } from '../../constants.mjs';
 const pipeline = promisify(stream.pipeline);
 const debug = Debug('mobbdev:github');
@@ -69,9 +69,10 @@ export async function getDefaultBranch(repoUrl, { token } = {}) {
 }
 
 export async function downloadRepo(
-    { repoUrl, reference, dirname },
+    { repoUrl, reference, dirname, ci },
     { token } = {}
 ) {
+    const { createSpinner } = Spinner({ ci });
     const repoSpinner = createSpinner('💾 Downloading Repo').start();
     debug('download repo %s %s %s', repoUrl, reference, dirname);
     const zipFilePath = path.join(dirname, 'repo.zip');

package/src/{feature → features}/analysis/gql.mjs

@@ -68,9 +68,13 @@ mutation SubmitVulnerabilityReport($vulnerabilityReportFileName: String!, $fixRe
 `;
 
 export class GQLClient {
-    constructor(token) {
-        debug('init with token %s', token);
+    constructor(args) {
+        const { token, apiKey } = args;
+        apiKey
+            ? debug('init with apiKey %s', apiKey)
+            : debug('init with token %s', token);
         this._token = token;
+        this._apiKey = apiKey;
     }
     async getUserInfo() {
         const { me } = await this._apiCall(ME);
@@ -79,11 +83,15 @@ export class GQLClient {
 
     async _apiCall(query, variables = {}) {
         debug('api call %o %s', variables, query);
+        const headers = this._apiKey
+            ? { 'x-mobb-key': this._apiKey }
+            : {
+                  authorization: `Bearer ${this._token}`,
+              };
+        debug('headers %o', headers);
         const response = await fetch(API_URL, {
             method: 'POST',
-            headers: {
-                authorization: `Bearer ${this._token}`,
-            },
+            headers,
             body: JSON.stringify({
                 query,
                 variables,

package/src/{feature → features}/analysis/index.mjs

@@ -1,7 +1,6 @@
 import chalk from 'chalk';
 import Configstore from 'configstore';
 import Debug from 'debug';
-import { createSpinner } from 'nanospinner';
 import fs from 'node:fs';
 import path from 'node:path';
 import { fileURLToPath } from 'node:url';
@@ -21,7 +20,7 @@ import { GQLClient } from './gql.mjs';
 import { githubIntegrationPrompt, mobbAnalysisPrompt } from './prompts.mjs';
 import { getSnykReport } from './snyk.mjs';
 import { uploadFile } from './upload-file.mjs';
-import { keypress } from '../../utils.mjs';
+import { keypress, Spinner } from '../../utils.mjs';
 
 const webLoginUrl = `${WEB_APP_URL}/cli-login`;
 const githubSubmitUrl = `${WEB_APP_URL}/gh-callback`;
@@ -51,37 +50,42 @@ const config = new Configstore(packageJson.name, { token: '' });
 debug('config %o', config);
 
 export async function runAnalysis(
-    { repoUrl, scanner, scanFilePath, branch },
-    { skipPrompts }
+    { repo, scanner, scanFile, branch, apiKey, ci },
+    options
 ) {
     try {
         await _scan(
-            { dirname: tmpObj.name, repoUrl, scanner, scanFilePath, branch },
-            { skipPrompts }
+            {
+                dirname: tmpObj.name,
+                repo,
+                scanner,
+                scanFile,
+                branch,
+                apiKey,
+                ci,
+            },
+            options
         );
-    } catch (err) {
-        console.error(
-            'Something went wrong, please try again or contact support if issue persists.'
-        );
-        console.error(err);
     } finally {
         tmpObj.removeCallback();
     }
 }
 
 export async function _scan(
-    { dirname, repoUrl, scanFilePath, branch },
+    { dirname, repo, scanFile, branch, apiKey, ci },
     { skipPrompts = false } = {}
 ) {
-    debug('start %s %s', dirname, repoUrl);
-
+    debug('start %s %s', dirname, repo);
+    const { createSpinner } = Spinner({ ci });
+    skipPrompts = skipPrompts || ci;
     let token = config.get('token');
     debug('token %s', token);
-    let gqlClient = new GQLClient(token);
+    apiKey ?? debug('token %s', apiKey);
+    let gqlClient = new GQLClient(apiKey ? { apiKey } : { token });
     await handleMobbLogin();
     const userInfo = await gqlClient.getUserInfo();
     let { githubToken } = userInfo;
-    const isRepoAvailable = await canReachRepo(repoUrl, {
+    const isRepoAvailable = await canReachRepo(repo, {
         token: userInfo.githubToken,
     });
     if (!isRepoAvailable) {
@@ -90,7 +94,7 @@ export async function _scan(
     }
 
     const reference =
-        branch ?? (await getDefaultBranch(repoUrl, { token: githubToken }));
+        branch ?? (await getDefaultBranch(repo, { token: githubToken }));
     const { projectId, organizationId } = await gqlClient.getOrgAndProjectId();
     debug('org id %s', organizationId);
     debug('project id %s', projectId);
@@ -99,14 +103,15 @@ export async function _scan(
 
     const repositoryRoot = await downloadRepo(
         {
-            repoUrl,
+            repoUrl: repo,
             reference,
             dirname,
+            ci,
         },
         { token: githubToken }
     );
 
-    const reportPath = scanFilePath || (await getReportFromSnyk());
+    const reportPath = scanFile || (await getReportFromSnyk());
 
     const report = JSON.parse(fs.readFileSync(reportPath, 'utf8'));
     await uploadFile(
@@ -119,7 +124,7 @@ export async function _scan(
     try {
         await gqlClient.submitVulnerabilityReport(
             uploadData.fixReportId,
-            repoUrl,
+            repo,
             reference,
             projectId
         );
@@ -131,7 +136,7 @@ export async function _scan(
     debug('report %o', report);
 
     const results = ((report.runs || [])[0] || {}).results || [];
-    if (results.length === 0 && !scanFilePath) {
+    if (results.length === 0 && !scanFile) {
         mobbSpinner.success({
             text: '🕵️‍♂️ Report did not detect any vulnerabilities — nothing to fix.',
         });
@@ -142,7 +147,6 @@ export async function _scan(
 
         await askToOpenAnalysis();
     }
-    process.exit(0);
     async function getReportFromSnyk() {
         const reportPath = path.join(dirname, 'report.json');
 
@@ -155,24 +159,37 @@ export async function _scan(
         return reportPath;
     }
     async function askToOpenAnalysis() {
+        const reportUrl = `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${uploadData.fixReportId}`;
+        !ci && console.log('You can access the report at: \n');
+        console.log(reportUrl);
         !skipPrompts && (await mobbAnalysisPrompt());
-        open(
-            `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${uploadData.fixReportId}`
-        );
-        console.log(
-            chalk.bgBlue(
-                '\n\n  My work here is done for now, see you soon! 🕵️‍♂️  '
-            )
-        );
+
+        !ci && open(reportUrl);
+        !ci &&
+            console.log(
+                chalk.bgBlue(
+                    '\n\n  My work here is done for now, see you soon! 🕵️‍♂️  '
+                )
+            );
     }
 
     async function handleMobbLogin() {
-        if (token && (await gqlClient.verifyToken())) {
+        if (
+            (token && (await gqlClient.verifyToken())) ||
+            (apiKey && (await gqlClient.verifyToken()))
+        ) {
             createSpinner().start().success({
                 text: '🔓 Logged in to Mobb successfully',
             });
+
             return;
         }
+        if (apiKey && !(await gqlClient.verifyToken())) {
+            createSpinner().start().error({
+                text: '🔓 Logged in to Mobb failed - check your api-key',
+            });
+            process.exit(1);
+        }
         const mobbLoginSpinner = createSpinner().start();
         if (!skipPrompts) {
             mobbLoginSpinner.update({ text: MOBB_LOGIN_REQUIRED_MSG });
@@ -189,13 +206,13 @@ export async function _scan(
         );
         token = loginResponse.token;
 
-        gqlClient = new GQLClient(token);
+        gqlClient = new GQLClient({ token });
 
         if (!(await gqlClient.verifyToken())) {
             mobbLoginSpinner.error({
                 text: 'Something went wrong, API token is invalid.',
             });
-            process.exit(0);
+            process.exit(1);
         }
         debug('set token %s', token);
         config.set('token', token);

package/src/utils.mjs

@@ -1,4 +1,6 @@
 import readline from 'node:readline';
+import { createSpinner as _createSpinner } from 'nanospinner';
+import { PassThrough } from 'stream';
 export const sleep = (ms = 2000) => new Promise((r) => setTimeout(r, ms));
 
 export async function keypress() {
@@ -16,3 +18,13 @@ export async function keypress() {
         });
     });
 }
+
+export function Spinner({ ci = false } = {}) {
+    return {
+        createSpinner: (text, options) =>
+            _createSpinner(text, {
+                stream: ci ? new PassThrough() : undefined,
+                ...options,
+            }),
+    };
+}

package/src/yargs.mjs

@@ -21,10 +21,16 @@ const yesOption = {
 };
 
 const apiKeyOption = {
-    alias: 'api-key',
     describe: chalk.bold('Mobb authentication api-key'),
     type: 'string',
 };
+const ciOption = {
+    describe: chalk.bold(
+        'Run in CI mode, prompts and browser will not be opened'
+    ),
+    type: 'boolean',
+    default: false,
+};
 
 export const parseArgs = (args) => {
     const yargsInstance = yargs(args);
@@ -60,7 +66,7 @@ export const parseArgs = (args) => {
                         describe: chalk.bold('Select the scanner to use'),
                     },
                     y: yesOption,
-                    k: apiKeyOption,
+                    ['api-key']: apiKeyOption,
                 });
             },
         })
@@ -79,8 +85,10 @@ export const parseArgs = (args) => {
                         ),
                     },
                     r: repoOption,
+                    b: branchOption,
                     y: yesOption,
-                    k: apiKeyOption,
+                    ['api-key']: apiKeyOption,
+                    ci: ciOption,
                 });
             },
         })
@@ -91,6 +99,7 @@ export const parseArgs = (args) => {
                 yargsInstance.showHelp();
             },
         })
+        .strictOptions()
         .help('h')
         .alias('h', 'help')
         .epilog(chalk.bgBlue('Made with ❤️  by Mobb'))