mobbdev 0.0.24 → 0.0.29

package/README.md

@@ -2,7 +2,7 @@
 
 Bugsy is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code. It is the community edition version of [Mobb](https://www.mobb.dev), the first vendor-agnostic automated security vulnerability remediation tool. Bugsy is designed to help developers quickly identify and fix security vulnerabilities in their code.
 
-<img width="1888" alt="Screenshot 2023-07-13 at 5 22 11 PM" src="https://github.com/mobb-dev/autofixer/assets/96389636/f1861bfe-c024-4976-aa57-8b6c1e2f4029">
+<img width="1888" alt="Bugsy" src="./img/bugsy.png">
 
 ## What is [Mobb](https://www.mobb.dev)?
 
@@ -42,4 +42,4 @@ Bugsy will automatically generate a fix for each supported vulnerability identif
 
 ## Getting support
 
-If you need support using Bugsy or just want to share your thoughts and learn more, you are more than welcome to join our [discord server](https://discord.gg/Jmpb5QUa)
+If you need support using Bugsy or just want to share your thoughts and learn more, you are more than welcome to join our [discord server](https://bit.ly/Mobb-discord)

package/index.mjs

@@ -1,4 +1,5 @@
 import { analyze, scan } from './src/commands/index.mjs';
+import { CliError } from './src/utils.mjs';
 import { parseArgs } from './src/yargs.mjs';
 import { hideBin } from 'yargs/helpers';
 
@@ -20,6 +21,11 @@ async function run() {
         await run();
         process.exit(0);
     } catch (err) {
+        if (err instanceof CliError) {
+            console.error(err.message);
+            process.exit(1);
+        }
+        // unexpected error - print stack trace
         console.error(
             'Something went wrong, please try again or contact support if issue persists.'
         );

package/package.json

@@ -1,7 +1,8 @@
 {
     "name": "mobbdev",
-    "version": "0.0.24",
+    "version": "0.0.29",
     "description": "Automated secure code remediation tool",
+    "repository": "https://github.com/mobb-dev/bugsy",
     "main": "index.mjs",
     "scripts": {
         "lint": "prettier --check . && eslint **/*.mjs",
@@ -15,6 +16,7 @@
     "author": "",
     "license": "MIT",
     "dependencies": {
+        "adm-zip": "0.5.10",
         "chalk": "5.3.0",
         "chalk-animation": "2.0.3",
         "colors": "1.4.0",
@@ -23,11 +25,13 @@
         "dotenv": "16.0.3",
         "extract-zip": "2.0.1",
         "inquirer": "9.2.7",
+        "globby": "13.2.2",
         "nanospinner": "1.1.0",
         "node-fetch": "3.3.1",
         "open": "8.4.2",
         "semver": "7.5.0",
         "snyk": "1.1118.0",
+        "simple-git": "3.19.1",
         "tmp": "0.2.1",
         "yargs": "17.7.2",
         "zod": "3.21.4"

package/src/commands/index.mjs

@@ -5,8 +5,7 @@ import chalkAnimation from 'chalk-animation';
 import { choseScanner } from '../features/analysis/prompts.mjs';
 import { SCANNERS, mobbAscii } from '../constants.mjs';
 import { runAnalysis } from '../features/analysis/index.mjs';
-import { sleep } from '../utils.mjs';
-import path from 'path';
+import { sleep, CliError } from '../utils.mjs';
 
 const GITHUB_REPO_URL_PATTERN = new RegExp(
     'https://github.com/[\\w-]+/[\\w-]+'
@@ -20,45 +19,49 @@ const UrlZ = z
         message: 'is not a valid github URL',
     });
 
-function printRepoUrlErrorMessage({ error, repoUrl, command }) {
+function throwRepoUrlErrorMessage({ error, repoUrl, command }) {
     const errorMessage = error.issues[error.issues.length - 1].message;
-    console.error(`\nError: ${chalk.bold(repoUrl)} is ${errorMessage}`);
-    console.error(
-        `Example: \n\tmobbdev ${command} -r ${chalk.bold(
-            'https://github.com/WebGoat/WebGoat'
-        )}`
-    );
+    const formattedErrorMessage = `\nError: ${chalk.bold(
+        repoUrl
+    )} is ${errorMessage}
+Example: \n\tmobbdev ${command} -r ${chalk.bold(
+        'https://github.com/WebGoat/WebGoat'
+    )}`;
+    throw new CliError(formattedErrorMessage);
 }
 
 export async function analyze(
-    { repo, scanFile, branch, apiKey, ci },
+    { repo, scanFile, ref, apiKey, ci, commitHash, srcPath },
     { skipPrompts = false } = {}
 ) {
     const { success, error } = UrlZ.safeParse(repo);
-    if (!success) {
-        printRepoUrlErrorMessage({
+
+    if (!success && !srcPath) {
+        throwRepoUrlErrorMessage({
             error,
             repoUrl: repo,
             command: 'analyze',
         });
-        process.exit(1);
-    }
-    if (ci && !apiKey) {
-        console.error(
-            '\nError: --ci flag requires --api-key to be provided as well'
-        );
-        process.exit(1);
     }
+
     if (!fs.existsSync(scanFile)) {
-        console.error(`\nCan't access ${chalk.bold(scanFile)}`);
-        process.exit(1);
-    }
-    if (path.extname(scanFile) !== '.json') {
-        console.error(`\n${chalk.bold(scanFile)} is not a json file`);
-        process.exit(1);
+        throw new CliError(`\nCan't access ${chalk.bold(scanFile)}`);
     }
+
     !ci && (await showWelcomeMessage(skipPrompts));
-    await runAnalysis({ repo, scanFile, branch, apiKey, ci }, { skipPrompts });
+
+    await runAnalysis(
+        {
+            repo,
+            scanFile,
+            ref,
+            apiKey,
+            ci,
+            commitHash,
+            srcPath,
+        },
+        { skipPrompts }
+    );
 }
 
 export async function scan(
@@ -67,23 +70,20 @@ export async function scan(
 ) {
     const { success, error } = UrlZ.safeParse(repo);
     if (ci && !apiKey) {
-        console.error(
+        throw new CliError(
             '\nError: --ci flag requires --api-key to be provided as well'
         );
-        process.exit(1);
     }
 
     if (!success) {
-        printRepoUrlErrorMessage({ error, repoUrl: repo, command: 'scan' });
-        process.exit(1);
+        throwRepoUrlErrorMessage({ error, repoUrl: repo, command: 'scan' });
     }
     !ci && (await showWelcomeMessage(skipPrompts));
     scanner ??= scanner || (await choseScanner());
     if (scanner !== SCANNERS.Snyk) {
-        console.error(
+        throw new CliError(
             'Vulnerability scanning via Bugsy is available only with Snyk at the moment. Additional scanners will follow soon.'
         );
-        process.exit(1);
     }
     await runAnalysis({ repo, scanner, branch, apiKey }, { skipPrompts });
 }

package/src/constants.mjs

@@ -20,7 +20,6 @@ const envVariablesSchema = z
         WEB_LOGIN_URL: z.string(),
         WEB_APP_URL: z.string(),
         API_URL: z.string(),
-        GITHUB_CLIENT_ID: z.string(),
     })
     .required();
 
@@ -59,4 +58,3 @@ export const mobbAscii = `
 export const WEB_LOGIN_URL = envVariables.WEB_LOGIN_URL;
 export const WEB_APP_URL = envVariables.WEB_APP_URL;
 export const API_URL = envVariables.API_URL;
-export const GITHUB_CLIENT_ID = envVariables.GITHUB_CLIENT_ID;

package/src/features/analysis/git.mjs

@@ -0,0 +1,50 @@
+import { simpleGit } from 'simple-git';
+import Debug from 'debug';
+
+const debug = Debug('mobbdev:git');
+
+export async function getGitInfo(srcDirPath) {
+    debug('getting git info for %s', srcDirPath);
+
+    const git = simpleGit({
+        baseDir: srcDirPath,
+        // binary: 'git123',
+        maxConcurrentProcesses: 1,
+        trimmed: true,
+    });
+
+    let repoUrl = '';
+    let hash = '';
+    let reference = '';
+
+    try {
+        repoUrl = (await git.getConfig('remote.origin.url')).value || '';
+        hash = (await git.revparse(['HEAD'])) || '';
+        reference = (await git.revparse(['--abbrev-ref', 'HEAD'])) || '';
+    } catch (e) {
+        debug('failed to run git %o', e);
+        if (e.message && e.message.includes(' spawn ')) {
+            debug('git cli not installed');
+        } else if (e.message && e.message.includes(' not a git repository ')) {
+            debug('folder is not a git repo');
+        } else {
+            throw e;
+        }
+    }
+
+    // Normalize git URL. We may need more generic code here, but it's not very
+    // important at the moment.
+    if (repoUrl.endsWith('.git')) {
+        repoUrl = repoUrl.slice(0, -'.git'.length);
+    }
+
+    if (repoUrl.startsWith('git@github.com:')) {
+        repoUrl = repoUrl.replace('git@github.com:', 'https://github.com/');
+    }
+
+    return {
+        repoUrl,
+        hash,
+        reference,
+    };
+}

package/src/features/analysis/github.mjs

@@ -7,14 +7,9 @@ import fetch from 'node-fetch';
 import extract from 'extract-zip';
 import Debug from 'debug';
 import { Spinner } from '../../utils.mjs';
-import { GITHUB_CLIENT_ID, WEB_APP_URL } from '../../constants.mjs';
 const pipeline = promisify(stream.pipeline);
 const debug = Debug('mobbdev:github');
 
-const githubTokenUrl = `${WEB_APP_URL}/gh-callback`;
-
-export const GITHUB_OAUTH_URL = `https://github.com/login/oauth/authorize?client_id=${GITHUB_CLIENT_ID}&scope=repo&redirect_uri=${githubTokenUrl}`;
-
 async function getRepo(slug, { token } = {}) {
     try {
         return fetch(`https://api.github.com/repos/${slug}`, {

package/src/features/analysis/gql.mjs

@@ -49,16 +49,23 @@ mutation uploadS3BucketInfo($fileName: String!) {
       uploadFieldsJSON
       uploadKey
     }
+    repoUploadInfo {
+      url
+      fixReportId
+      uploadFieldsJSON
+      uploadKey
+    }
   }
 }
 `;
 
 const SUBMIT_VULNERABILITY_REPORT = `
-mutation SubmitVulnerabilityReport($vulnerabilityReportFileName: String!, $fixReportId: String!, $repoUrl: String!, $reference: String!, $projectId: String!) {
+mutation SubmitVulnerabilityReport($vulnerabilityReportFileName: String!, $fixReportId: String!, $repoUrl: String!, $reference: String!, $projectId: String!, $sha: String) {
   submitVulnerabilityReport(
     fixReportId: $fixReportId
     repoUrl: $repoUrl
     reference: $reference
+    sha: $sha
     vulnerabilityReportFileName: $vulnerabilityReportFileName
     projectId: $projectId
   ) {
@@ -162,6 +169,13 @@ export class GQLClient {
             uploadFields: JSON.parse(
                 data.uploadS3BucketInfo.uploadInfo.uploadFieldsJSON
             ),
+
+            repoFixReportId: data.uploadS3BucketInfo.repoUploadInfo.fixReportId,
+            repoUploadKey: data.uploadS3BucketInfo.repoUploadInfo.uploadKey,
+            repoUrl: data.uploadS3BucketInfo.repoUploadInfo.url,
+            repoUploadFields: JSON.parse(
+                data.uploadS3BucketInfo.repoUploadInfo.uploadFieldsJSON
+            ),
         };
     }
 
@@ -169,7 +183,8 @@ export class GQLClient {
         fixReportId,
         repoUrl,
         reference,
-        projectId
+        projectId,
+        sha
     ) {
         await this._apiCall(SUBMIT_VULNERABILITY_REPORT, {
             fixReportId,
@@ -177,6 +192,7 @@ export class GQLClient {
             reference,
             vulnerabilityReportFileName: 'report.json',
             projectId,
+            sha: sha || '',
         });
     }
 }

package/src/features/analysis/index.mjs

@@ -10,20 +10,18 @@ import { callbackServer } from './callback-server.mjs';
 import tmp from 'tmp';
 
 import { WEB_APP_URL } from '../../constants.mjs';
-import {
-    canReachRepo,
-    downloadRepo,
-    getDefaultBranch,
-    GITHUB_OAUTH_URL,
-} from './github.mjs';
+import { canReachRepo, downloadRepo, getDefaultBranch } from './github.mjs';
 import { GQLClient } from './gql.mjs';
 import { githubIntegrationPrompt, mobbAnalysisPrompt } from './prompts.mjs';
 import { getSnykReport } from './snyk.mjs';
 import { uploadFile } from './upload-file.mjs';
-import { keypress, Spinner } from '../../utils.mjs';
+import { keypress, Spinner, CliError } from '../../utils.mjs';
+import { pack } from './pack.mjs';
+import { getGitInfo } from './git.mjs';
 
 const webLoginUrl = `${WEB_APP_URL}/cli-login`;
 const githubSubmitUrl = `${WEB_APP_URL}/gh-callback`;
+const githubAuthUrl = `${WEB_APP_URL}/github-auth`;
 
 const MOBB_LOGIN_REQUIRED_MSG = `🔓 Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk.bgBlue(
     'press any key to continue'
@@ -40,17 +38,16 @@ const packageJson = JSON.parse(
 );
 
 if (!semver.satisfies(process.version, packageJson.engines.node)) {
-    console.error(
+    throw new CliError(
         `${packageJson.name} requires node version ${packageJson.engines.node}, but running ${process.version}.`
     );
-    process.exit(1);
 }
 
 const config = new Configstore(packageJson.name, { token: '' });
 debug('config %o', config);
 
 export async function runAnalysis(
-    { repo, scanner, scanFile, branch, apiKey, ci },
+    { repo, scanner, scanFile, apiKey, ci, commitHash, srcPath, ref },
     options
 ) {
     try {
@@ -60,9 +57,11 @@ export async function runAnalysis(
                 repo,
                 scanner,
                 scanFile,
-                branch,
+                ref,
                 apiKey,
                 ci,
+                srcPath,
+                commitHash,
             },
             options
         );
@@ -72,7 +71,7 @@ export async function runAnalysis(
 }
 
 export async function _scan(
-    { dirname, repo, scanFile, branch, apiKey, ci },
+    { dirname, repo, scanFile, branch, apiKey, ci, srcPath, commitHash, ref },
     { skipPrompts = false } = {}
 ) {
     debug('start %s %s', dirname, repo);
@@ -83,23 +82,34 @@ export async function _scan(
     apiKey ?? debug('token %s', apiKey);
     let gqlClient = new GQLClient(apiKey ? { apiKey } : { token });
     await handleMobbLogin();
+    const { projectId, organizationId } = await gqlClient.getOrgAndProjectId();
+    const uploadData = await gqlClient.uploadS3BucketInfo();
+    let reportPath = scanFile;
+
+    if (srcPath) {
+        return await uploadExistingRepo();
+    }
+
     const userInfo = await gqlClient.getUserInfo();
     let { githubToken } = userInfo;
     const isRepoAvailable = await canReachRepo(repo, {
         token: userInfo.githubToken,
     });
     if (!isRepoAvailable) {
+        if (ci) {
+            throw new Error(
+                `Cannot access repo ${repo} with the provided token, please visit ${githubAuthUrl} to refresh your Github token`
+            );
+        }
         const { token } = await handleGithubIntegration();
         githubToken = token;
     }
 
     const reference =
-        branch ?? (await getDefaultBranch(repo, { token: githubToken }));
-    const { projectId, organizationId } = await gqlClient.getOrgAndProjectId();
+        ref ?? (await getDefaultBranch(repo, { token: githubToken }));
     debug('org id %s', organizationId);
     debug('project id %s', projectId);
     debug('default branch %s', reference);
-    const uploadData = await gqlClient.uploadS3BucketInfo();
 
     const repositoryRoot = await downloadRepo(
         {
@@ -111,9 +121,10 @@ export async function _scan(
         { token: githubToken }
     );
 
-    const reportPath = scanFile || (await getReportFromSnyk());
+    if (!reportPath) {
+        reportPath = await getReportFromSnyk();
+    }
 
-    const report = JSON.parse(fs.readFileSync(reportPath, 'utf8'));
     await uploadFile(
         reportPath,
         uploadData.url,
@@ -133,20 +144,11 @@ export async function _scan(
         throw e;
     }
 
-    debug('report %o', report);
-
-    const results = ((report.runs || [])[0] || {}).results || [];
-    if (results.length === 0 && !scanFile) {
-        mobbSpinner.success({
-            text: '🕵️‍♂️ Report did not detect any vulnerabilities — nothing to fix.',
-        });
-    } else {
-        mobbSpinner.success({
-            text: '🕵️‍♂️ Generating fixes...',
-        });
+    mobbSpinner.success({
+        text: '🕵️‍♂️ Generating fixes...',
+    });
 
-        await askToOpenAnalysis();
-    }
+    await askToOpenAnalysis();
     async function getReportFromSnyk() {
         const reportPath = path.join(dirname, 'report.json');
 
@@ -188,7 +190,7 @@ export async function _scan(
             createSpinner().start().error({
                 text: '🔓 Logged in to Mobb failed - check your api-key',
             });
-            process.exit(1);
+            throw new CliError();
         }
         const mobbLoginSpinner = createSpinner().start();
         if (!skipPrompts) {
@@ -212,7 +214,7 @@ export async function _scan(
             mobbLoginSpinner.error({
                 text: 'Something went wrong, API token is invalid.',
             });
-            process.exit(1);
+            throw new CliError();
         }
         debug('set token %s', token);
         config.set('token', token);
@@ -231,10 +233,49 @@ export async function _scan(
             throw Error('Could not reach github repo');
         }
         const result = await callbackServer(
-            GITHUB_OAUTH_URL,
+            githubAuthUrl,
             `${githubSubmitUrl}?done=true`
         );
         githubSpinner.success({ text: '🔗 Github integration successful!' });
         return result;
     }
+    async function uploadExistingRepo() {
+        const gitInfo = await getGitInfo(srcPath);
+        const zipBuffer = await pack(srcPath);
+
+        await uploadFile(
+            reportPath,
+            uploadData.url,
+            uploadData.uploadKey,
+            uploadData.uploadFields
+        );
+        await uploadFile(
+            zipBuffer,
+            uploadData.repoUrl,
+            uploadData.repoUploadKey,
+            uploadData.repoUploadFields
+        );
+
+        const mobbSpinner = createSpinner(
+            '🕵️‍♂️ Initiating Mobb analysis'
+        ).start();
+
+        try {
+            await gqlClient.submitVulnerabilityReport(
+                uploadData.fixReportId,
+                repo || gitInfo.repoUrl,
+                branch || gitInfo.reference,
+                projectId,
+                commitHash || gitInfo.hash
+            );
+        } catch (e) {
+            mobbSpinner.error({ text: '🕵️‍♂️ Mobb analysis failed' });
+            throw e;
+        }
+
+        mobbSpinner.success({
+            text: '🕵️‍♂️ Generating fixes...',
+        });
+        await askToOpenAnalysis();
+    }
 }

package/src/features/analysis/pack.mjs

@@ -0,0 +1,31 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { globby } from 'globby';
+import AdmZip from 'adm-zip';
+import Debug from 'debug';
+
+const debug = Debug('mobbdev:pack');
+
+export async function pack(srcDirPath) {
+    debug('pack folder %s', srcDirPath);
+    const filepaths = await globby('**', {
+        gitignore: true,
+        onlyFiles: true,
+        cwd: srcDirPath,
+        followSymbolicLinks: false,
+    });
+    debug('files found %d', filepaths.length);
+
+    const zip = new AdmZip();
+
+    debug('compressing files');
+    for (const filepath of filepaths) {
+        zip.addFile(
+            filepath.toString(),
+            fs.readFileSync(path.join(srcDirPath, filepath.toString()))
+        );
+    }
+
+    debug('get zip file buffer');
+    return zip.toBuffer();
+}

package/src/features/analysis/upload-file.mjs

@@ -1,10 +1,11 @@
-import fetch, { FormData, fileFrom } from 'node-fetch';
+import fetch, { FormData, fileFrom, File } from 'node-fetch';
 import Debug from 'debug';
 
 const debug = Debug('mobbdev:upload-file');
 
-export async function uploadFile(reportPath, url, uploadKey, uploadFields) {
-    debug('upload report file start %s %s', reportPath, url);
+// `file` can be string representing absolute path or buffer.
+export async function uploadFile(file, url, uploadKey, uploadFields) {
+    debug('upload file start %s', url);
     debug('upload fields %o', uploadFields);
     debug('upload key %s', uploadKey);
 
@@ -15,7 +16,13 @@ export async function uploadFile(reportPath, url, uploadKey, uploadFields) {
     }
 
     form.append('key', uploadKey);
-    form.append('file', await fileFrom(reportPath));
+    if (typeof file === 'string') {
+        debug('upload file from path %s', file);
+        form.append('file', await fileFrom(file));
+    } else {
+        debug('upload file from buffer');
+        form.append('file', new File([file], 'file'));
+    }
 
     const response = await fetch(url, {
         method: 'POST',
@@ -24,7 +31,7 @@ export async function uploadFile(reportPath, url, uploadKey, uploadFields) {
 
     if (!response.ok) {
         debug('error from S3 %s %s', response.body, response.status);
-        throw new Error(`Failed to upload the report: ${response.status}`);
+        throw new Error(`Failed to upload the file: ${response.status}`);
     }
-    debug('upload report file done');
+    debug('upload file done');
 }

package/src/utils.mjs

@@ -28,3 +28,5 @@ export function Spinner({ ci = false } = {}) {
             }),
     };
 }
+
+export class CliError extends Error {}

package/src/yargs.mjs

@@ -1,11 +1,26 @@
 import yargs from 'yargs/yargs';
 import chalk from 'chalk';
+import path from 'path';
 
 import { SCANNERS } from './constants.mjs';
+import { CliError } from './utils.mjs';
 
-const branchOption = {
-    alias: 'branch',
-    describe: chalk.bold('Branch of the repository'),
+const supportExtensions = ['.json', '.xml', '.fpr', '.sarif'];
+
+const refOption = {
+    describe: chalk.bold('reference of the repository (branch, tag, commit)'),
+    type: 'string',
+};
+
+const srcPathOption = {
+    alias: 'src-path',
+    describe: chalk.bold('Path to the repository folder with the source code'),
+    type: 'string',
+};
+
+const commitHash = {
+    alias: 'commit-hash',
+    describe: chalk.bold('Hash of the commit'),
     type: 'string',
 };
 
@@ -59,10 +74,12 @@ export const parseArgs = (args) => {
             builder: (yargs) => {
                 return yargs.options({
                     r: repoOption,
-                    b: branchOption,
+                    ref: refOption,
                     s: {
                         alias: 'scanner',
-                        choices: Object.values(SCANNERS),
+                        choices: Object.values(SCANNERS).map((scanner) =>
+                            scanner.toLowerCase()
+                        ),
                         describe: chalk.bold('Select the scanner to use'),
                     },
                     y: yesOption,
@@ -76,20 +93,54 @@ export const parseArgs = (args) => {
                 'Provide a vulnerability report and relevant code repository, get automated fixes right away.'
             ),
             builder: (yargs) => {
-                return yargs.options({
-                    f: {
-                        alias: 'scan-file',
-                        demandOption: true,
-                        describe: chalk.bold(
-                            'Select the vulnerability report to analyze'
-                        ),
-                    },
-                    r: repoOption,
-                    b: branchOption,
-                    y: yesOption,
-                    ['api-key']: apiKeyOption,
-                    ci: ciOption,
-                });
+                return yargs
+                    .options({
+                        f: {
+                            alias: 'scan-file',
+                            demandOption: true,
+                            describe: chalk.bold(
+                                'Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL)'
+                            ),
+                        },
+                        r: {
+                            ...repoOption,
+                            demandOption: false,
+                        },
+                        p: srcPathOption,
+                        ref: refOption,
+                        ch: commitHash,
+                        y: yesOption,
+                        ['api-key']: apiKeyOption,
+                        ci: ciOption,
+                    })
+                    .check((argv) => {
+                        if (!argv.srcPath && !argv.repo) {
+                            throw new CliError(
+                                'You must supply either --src-path or --repo'
+                            );
+                        }
+
+                        if (argv.ci && !argv.apiKey) {
+                            throw new CliError(
+                                '--ci flag requires --api-key to be provided as well'
+                            );
+                        }
+                        if (
+                            !supportExtensions.includes(
+                                path.extname(argv.f).toLowerCase()
+                            )
+                        ) {
+                            throw new CliError(
+                                `\n${chalk.bold(
+                                    argv.f
+                                )} is not a supported file extension. Supported extensions are: ${chalk.bold(
+                                    supportExtensions.join(', ')
+                                )}\n`
+                            );
+                        }
+
+                        return true;
+                    });
             },
         })
         .example('$0 scan -r https://github.com/WebGoat/WebGoat')