mobbdev 0.0.28 → 0.0.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.mjs +2 -1
- package/package.json +1 -1
- package/src/commands/index.mjs +1 -7
- package/src/features/analysis/index.mjs +5 -16
- package/src/utils.mjs +2 -0
- package/src/yargs.mjs +23 -4
package/index.mjs
CHANGED
package/package.json
CHANGED
package/src/commands/index.mjs
CHANGED
|
@@ -5,13 +5,11 @@ import chalkAnimation from 'chalk-animation';
|
|
|
5
5
|
import { choseScanner } from '../features/analysis/prompts.mjs';
|
|
6
6
|
import { SCANNERS, mobbAscii } from '../constants.mjs';
|
|
7
7
|
import { runAnalysis } from '../features/analysis/index.mjs';
|
|
8
|
-
import { sleep } from '../utils.mjs';
|
|
9
|
-
import path from 'path';
|
|
8
|
+
import { sleep, CliError } from '../utils.mjs';
|
|
10
9
|
|
|
11
10
|
const GITHUB_REPO_URL_PATTERN = new RegExp(
|
|
12
11
|
'https://github.com/[\\w-]+/[\\w-]+'
|
|
13
12
|
);
|
|
14
|
-
export class CliError extends Error {}
|
|
15
13
|
|
|
16
14
|
const UrlZ = z
|
|
17
15
|
.string({
|
|
@@ -50,10 +48,6 @@ export async function analyze(
|
|
|
50
48
|
throw new CliError(`\nCan't access ${chalk.bold(scanFile)}`);
|
|
51
49
|
}
|
|
52
50
|
|
|
53
|
-
if (path.extname(scanFile) !== '.json') {
|
|
54
|
-
throw new CliError(`\n${chalk.bold(scanFile)} is not a json file`);
|
|
55
|
-
}
|
|
56
|
-
|
|
57
51
|
!ci && (await showWelcomeMessage(skipPrompts));
|
|
58
52
|
|
|
59
53
|
await runAnalysis(
|
|
@@ -8,7 +8,6 @@ import open from 'open';
|
|
|
8
8
|
import semver from 'semver';
|
|
9
9
|
import { callbackServer } from './callback-server.mjs';
|
|
10
10
|
import tmp from 'tmp';
|
|
11
|
-
import { CliError } from '../../commands/index.mjs';
|
|
12
11
|
|
|
13
12
|
import { WEB_APP_URL } from '../../constants.mjs';
|
|
14
13
|
import { canReachRepo, downloadRepo, getDefaultBranch } from './github.mjs';
|
|
@@ -16,7 +15,7 @@ import { GQLClient } from './gql.mjs';
|
|
|
16
15
|
import { githubIntegrationPrompt, mobbAnalysisPrompt } from './prompts.mjs';
|
|
17
16
|
import { getSnykReport } from './snyk.mjs';
|
|
18
17
|
import { uploadFile } from './upload-file.mjs';
|
|
19
|
-
import { keypress, Spinner } from '../../utils.mjs';
|
|
18
|
+
import { keypress, Spinner, CliError } from '../../utils.mjs';
|
|
20
19
|
import { pack } from './pack.mjs';
|
|
21
20
|
import { getGitInfo } from './git.mjs';
|
|
22
21
|
|
|
@@ -126,7 +125,6 @@ export async function _scan(
|
|
|
126
125
|
reportPath = await getReportFromSnyk();
|
|
127
126
|
}
|
|
128
127
|
|
|
129
|
-
const report = JSON.parse(fs.readFileSync(reportPath, 'utf8'));
|
|
130
128
|
await uploadFile(
|
|
131
129
|
reportPath,
|
|
132
130
|
uploadData.url,
|
|
@@ -146,20 +144,11 @@ export async function _scan(
|
|
|
146
144
|
throw e;
|
|
147
145
|
}
|
|
148
146
|
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
if (results.length === 0 && !scanFile) {
|
|
153
|
-
mobbSpinner.success({
|
|
154
|
-
text: '🕵️♂️ Report did not detect any vulnerabilities — nothing to fix.',
|
|
155
|
-
});
|
|
156
|
-
} else {
|
|
157
|
-
mobbSpinner.success({
|
|
158
|
-
text: '🕵️♂️ Generating fixes...',
|
|
159
|
-
});
|
|
147
|
+
mobbSpinner.success({
|
|
148
|
+
text: '🕵️♂️ Generating fixes...',
|
|
149
|
+
});
|
|
160
150
|
|
|
161
|
-
|
|
162
|
-
}
|
|
151
|
+
await askToOpenAnalysis();
|
|
163
152
|
async function getReportFromSnyk() {
|
|
164
153
|
const reportPath = path.join(dirname, 'report.json');
|
|
165
154
|
|
package/src/utils.mjs
CHANGED
package/src/yargs.mjs
CHANGED
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
import yargs from 'yargs/yargs';
|
|
2
2
|
import chalk from 'chalk';
|
|
3
|
+
import path from 'path';
|
|
3
4
|
|
|
4
5
|
import { SCANNERS } from './constants.mjs';
|
|
6
|
+
import { CliError } from './utils.mjs';
|
|
7
|
+
|
|
8
|
+
const supportExtensions = ['.json', '.xml', '.fpr', '.sarif'];
|
|
5
9
|
|
|
6
10
|
const refOption = {
|
|
7
11
|
describe: chalk.bold('reference of the repository (branch, tag, commit)'),
|
|
@@ -73,7 +77,9 @@ export const parseArgs = (args) => {
|
|
|
73
77
|
ref: refOption,
|
|
74
78
|
s: {
|
|
75
79
|
alias: 'scanner',
|
|
76
|
-
choices: Object.values(SCANNERS)
|
|
80
|
+
choices: Object.values(SCANNERS).map((scanner) =>
|
|
81
|
+
scanner.toLowerCase()
|
|
82
|
+
),
|
|
77
83
|
describe: chalk.bold('Select the scanner to use'),
|
|
78
84
|
},
|
|
79
85
|
y: yesOption,
|
|
@@ -93,7 +99,7 @@ export const parseArgs = (args) => {
|
|
|
93
99
|
alias: 'scan-file',
|
|
94
100
|
demandOption: true,
|
|
95
101
|
describe: chalk.bold(
|
|
96
|
-
'Select the vulnerability report to analyze'
|
|
102
|
+
'Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL)'
|
|
97
103
|
),
|
|
98
104
|
},
|
|
99
105
|
r: {
|
|
@@ -109,16 +115,29 @@ export const parseArgs = (args) => {
|
|
|
109
115
|
})
|
|
110
116
|
.check((argv) => {
|
|
111
117
|
if (!argv.srcPath && !argv.repo) {
|
|
112
|
-
throw new
|
|
118
|
+
throw new CliError(
|
|
113
119
|
'You must supply either --src-path or --repo'
|
|
114
120
|
);
|
|
115
121
|
}
|
|
116
122
|
|
|
117
123
|
if (argv.ci && !argv.apiKey) {
|
|
118
|
-
throw new
|
|
124
|
+
throw new CliError(
|
|
119
125
|
'--ci flag requires --api-key to be provided as well'
|
|
120
126
|
);
|
|
121
127
|
}
|
|
128
|
+
if (
|
|
129
|
+
!supportExtensions.includes(
|
|
130
|
+
path.extname(argv.f).toLowerCase()
|
|
131
|
+
)
|
|
132
|
+
) {
|
|
133
|
+
throw new CliError(
|
|
134
|
+
`\n${chalk.bold(
|
|
135
|
+
argv.f
|
|
136
|
+
)} is not a supported file extension. Supported extensions are: ${chalk.bold(
|
|
137
|
+
supportExtensions.join(', ')
|
|
138
|
+
)}\n`
|
|
139
|
+
);
|
|
140
|
+
}
|
|
122
141
|
|
|
123
142
|
return true;
|
|
124
143
|
});
|