mobbdev 0.0.28 → 0.0.30

package/package.json

@@ -1,57 +1,78 @@
 {
-    "name": "mobbdev",
-    "version": "0.0.28",
-    "description": "Automated secure code remediation tool",
-    "repository": "https://github.com/mobb-dev/bugsy",
-    "main": "index.mjs",
-    "scripts": {
-        "lint": "prettier --check . && eslint **/*.mjs",
-        "lint:fix": "prettier --write . && eslint --fix **/*.mjs",
-        "test": "TOKEN=$(../../scripts/login_auth0.sh) NODE_OPTIONS=--experimental-vm-modules jest",
-        "prepack": "dotenv-vault pull production .env"
-    },
-    "bin": {
-        "mobbdev": "bin/cli.mjs"
-    },
-    "author": "",
-    "license": "MIT",
-    "dependencies": {
-        "adm-zip": "0.5.10",
-        "chalk": "5.3.0",
-        "chalk-animation": "2.0.3",
-        "colors": "1.4.0",
-        "configstore": "6.0.0",
-        "debug": "4.3.4",
-        "dotenv": "16.0.3",
-        "extract-zip": "2.0.1",
-        "inquirer": "9.2.7",
-        "globby": "13.2.2",
-        "nanospinner": "1.1.0",
-        "node-fetch": "3.3.1",
-        "open": "8.4.2",
-        "semver": "7.5.0",
-        "snyk": "1.1118.0",
-        "simple-git": "3.19.1",
-        "tmp": "0.2.1",
-        "yargs": "17.7.2",
-        "zod": "3.21.4"
-    },
-    "devDependencies": {
-        "@jest/globals": "29.5.0",
-        "eslint": "8.36.0",
-        "jest": "29.5.0",
-        "prettier": "2.8.4"
-    },
-    "engines": {
-        "node": ">=12.20.0"
-    },
-    "type": "module",
-    "files": [
-        "bin",
-        "src",
-        ".env",
-        "README.md",
-        "LICENSE",
-        "package.json"
-    ]
+  "name": "mobbdev",
+  "version": "0.0.30",
+  "description": "Automated secure code remediation tool",
+  "repository": "https://github.com/mobb-dev/bugsy",
+  "main": "dist/index.js",
+  "module": "dist/index.js",
+  "scripts": {
+    "build": "tsc && tsup-node --env.NODE_ENV production",
+    "build:dev": "tsup-node --env.NODE_ENV development",
+    "test": "TOKEN=$(../../scripts/login_auth0.sh) vitest run",
+    "test:watch": "TOKEN=$(../../scripts/login_auth0.sh) vitest",
+    "lint": "eslint --cache --max-warnings 0 --ignore-path .eslintignore --ext .ts,.tsx,.jsx .",
+    "lint:fix": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx .",
+    "lint:fix:files": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx",
+    "prepack": "pnpm build && dotenv-vault pull production .env"
+  },
+  "bin": {
+    "mobbdev": "bin/cli.mjs"
+  },
+  "author": "",
+  "license": "MIT",
+  "dependencies": {
+    "adm-zip": "0.5.10",
+    "chalk-animation": "2.0.3",
+    "chalk": "5.3.0",
+    "configstore": "6.0.0",
+    "debug": "4.3.4",
+    "dotenv": "16.0.3",
+    "extract-zip": "2.0.1",
+    "globby": "13.2.2",
+    "graphql-request": "5.0.0",
+    "graphql": "16.6.0",
+    "inquirer": "9.2.7",
+    "nanospinner": "1.1.0",
+    "node-fetch": "3.3.1",
+    "octokit": "2.0.14",
+    "open": "8.4.2",
+    "semver": "7.5.0",
+    "simple-git": "3.19.1",
+    "snyk": "1.1118.0",
+    "supports-color": "9.4.0",
+    "tmp": "0.2.1",
+    "yargs": "17.7.2",
+    "zod": "3.21.4"
+  },
+  "devDependencies": {
+    "@octokit/plugin-rest-endpoint-methods": "7.0.1",
+    "@octokit/request-error": "3.0.3",
+    "@types/adm-zip": "0.5.0",
+    "@types/chalk-animation": "1.6.1",
+    "@types/configstore": "6.0.0",
+    "@types/debug": "4.1.8",
+    "@types/inquirer": "9.0.3",
+    "@types/semver": "7.5.0",
+    "@types/tmp": "0.2.3",
+    "@types/yargs": "17.0.24",
+    "@typescript-eslint/eslint-plugin": "5.44.0",
+    "@typescript-eslint/parser": "5.44.0",
+    "eslint-plugin-import": "2.27.5",
+    "eslint-plugin-prettier": "4.2.1",
+    "eslint-plugin-simple-import-sort": "10.0.0",
+    "eslint": "8.36.0",
+    "prettier": "2.8.4",
+    "tsup": "7.2.0",
+    "typescript": "4.9.3",
+    "vitest": "0.26.2"
+  },
+  "engines": {
+    "node": ">=12.20.0"
+  },
+  "type": "module",
+  "files": [
+    "bin",
+    "dist",
+    ".env"
+  ]
 }

package/index.mjs

@@ -1,34 +0,0 @@
-import { analyze, scan, CliError } from './src/commands/index.mjs';
-import { parseArgs } from './src/yargs.mjs';
-import { hideBin } from 'yargs/helpers';
-
-async function run() {
-    const args = await parseArgs(hideBin(process.argv));
-    const [command] = args._;
-    if (command === 'scan') {
-        const { yes, ...restArgs } = args;
-        await scan(restArgs, { skipPrompts: yes });
-    }
-    if (command === 'analyze') {
-        const { yes, ...restArgs } = args;
-        await analyze(restArgs, { skipPrompts: yes });
-    }
-}
-
-(async () => {
-    try {
-        await run();
-        process.exit(0);
-    } catch (err) {
-        if (err instanceof CliError) {
-            console.error(err.message);
-            process.exit(1);
-        }
-        // unexpected error - print stack trace
-        console.error(
-            'Something went wrong, please try again or contact support if issue persists.'
-        );
-        console.error(err);
-        process.exit(1);
-    }
-})();

package/src/commands/index.mjs

@@ -1,101 +0,0 @@
-import { z } from 'zod';
-import fs from 'node:fs';
-import chalk from 'chalk';
-import chalkAnimation from 'chalk-animation';
-import { choseScanner } from '../features/analysis/prompts.mjs';
-import { SCANNERS, mobbAscii } from '../constants.mjs';
-import { runAnalysis } from '../features/analysis/index.mjs';
-import { sleep } from '../utils.mjs';
-import path from 'path';
-
-const GITHUB_REPO_URL_PATTERN = new RegExp(
-    'https://github.com/[\\w-]+/[\\w-]+'
-);
-export class CliError extends Error {}
-
-const UrlZ = z
-    .string({
-        invalid_type_error: 'is not a valid github URL',
-    })
-    .regex(GITHUB_REPO_URL_PATTERN, {
-        message: 'is not a valid github URL',
-    });
-
-function throwRepoUrlErrorMessage({ error, repoUrl, command }) {
-    const errorMessage = error.issues[error.issues.length - 1].message;
-    const formattedErrorMessage = `\nError: ${chalk.bold(
-        repoUrl
-    )} is ${errorMessage}
-Example: \n\tmobbdev ${command} -r ${chalk.bold(
-        'https://github.com/WebGoat/WebGoat'
-    )}`;
-    throw new CliError(formattedErrorMessage);
-}
-
-export async function analyze(
-    { repo, scanFile, ref, apiKey, ci, commitHash, srcPath },
-    { skipPrompts = false } = {}
-) {
-    const { success, error } = UrlZ.safeParse(repo);
-
-    if (!success && !srcPath) {
-        throwRepoUrlErrorMessage({
-            error,
-            repoUrl: repo,
-            command: 'analyze',
-        });
-    }
-
-    if (!fs.existsSync(scanFile)) {
-        throw new CliError(`\nCan't access ${chalk.bold(scanFile)}`);
-    }
-
-    if (path.extname(scanFile) !== '.json') {
-        throw new CliError(`\n${chalk.bold(scanFile)} is not a json file`);
-    }
-
-    !ci && (await showWelcomeMessage(skipPrompts));
-
-    await runAnalysis(
-        {
-            repo,
-            scanFile,
-            ref,
-            apiKey,
-            ci,
-            commitHash,
-            srcPath,
-        },
-        { skipPrompts }
-    );
-}
-
-export async function scan(
-    { repo, scanner, branch, apiKey, ci },
-    { skipPrompts = false } = {}
-) {
-    const { success, error } = UrlZ.safeParse(repo);
-    if (ci && !apiKey) {
-        throw new CliError(
-            '\nError: --ci flag requires --api-key to be provided as well'
-        );
-    }
-
-    if (!success) {
-        throwRepoUrlErrorMessage({ error, repoUrl: repo, command: 'scan' });
-    }
-    !ci && (await showWelcomeMessage(skipPrompts));
-    scanner ??= scanner || (await choseScanner());
-    if (scanner !== SCANNERS.Snyk) {
-        throw new CliError(
-            'Vulnerability scanning via Bugsy is available only with Snyk at the moment. Additional scanners will follow soon.'
-        );
-    }
-    await runAnalysis({ repo, scanner, branch, apiKey }, { skipPrompts });
-}
-async function showWelcomeMessage(skipPrompts = false) {
-    console.log(mobbAscii);
-    const welcome = chalkAnimation.rainbow('\n\t\t\tWelcome to Bugsy\n');
-    skipPrompts ? await sleep(100) : await sleep(2000);
-    welcome.stop();
-}

package/src/constants.mjs

@@ -1,60 +0,0 @@
-import path from 'node:path';
-import { fileURLToPath } from 'node:url';
-import * as dotenv from 'dotenv';
-import { z } from 'zod';
-import Debug from 'debug';
-
-const debug = Debug('mobbdev:constants');
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-dotenv.config({ path: path.join(__dirname, '../.env') });
-
-export const SCANNERS = {
-    Checkmarx: 'checkmarx',
-    Codeql: 'codeql',
-    Fortify: 'fortify',
-    Snyk: 'snyk',
-};
-
-const envVariablesSchema = z
-    .object({
-        WEB_LOGIN_URL: z.string(),
-        WEB_APP_URL: z.string(),
-        API_URL: z.string(),
-    })
-    .required();
-
-const envVariables = envVariablesSchema.parse(process.env);
-debug('config %o', envVariables);
-
-export const mobbAscii = `
-                                   ..                       
-                             ..........                     
-                        .................                   
-               ...........................                  
-              ..............................                
-             ................................               
-             ..................................             
-            ....................................            
-            .....................................           
-            .............................................   
-          ................................................. 
-     ...............................       .................
-  ..................................           ............ 
-..................    .............            ..........   
-......... ........      .........             ......        
-  ...............                          ....             
-         .... ..                                            
-                                                            
-                                      . ...                 
-                              ..............                
-                       ......................               
-                   ...........................              
-               ................................             
-           ......................................           
-                ...............................             
-                       .................                    
-`;
-
-export const WEB_LOGIN_URL = envVariables.WEB_LOGIN_URL;
-export const WEB_APP_URL = envVariables.WEB_APP_URL;
-export const API_URL = envVariables.API_URL;

package/src/features/analysis/callback-server.mjs

@@ -1,61 +0,0 @@
-import Debug from 'debug';
-import { setTimeout, clearTimeout } from 'node:timers';
-import http from 'node:http';
-import querystring from 'node:querystring';
-import open from 'open';
-
-const debug = Debug('mobbdev:web-login');
-
-export async function callbackServer(url, redirectUrl) {
-    debug('web login start');
-
-    let responseResolver;
-    let responseRejecter;
-    const responseAwaiter = new Promise((resolve, reject) => {
-        responseResolver = resolve;
-        responseRejecter = reject;
-    });
-    const timerHandler = setTimeout(() => {
-        debug('timeout happened');
-        responseRejecter(new Error('No login happened in three minutes.'));
-    }, 180000);
-
-    const server = http.createServer((req, res) => {
-        debug('incoming request');
-        let body = '';
-
-        req.on('data', (chunk) => {
-            debug('http server get chunk %s', chunk);
-            body += chunk;
-        });
-
-        req.on('end', () => {
-            debug('http server end %s', body);
-            res.writeHead(301, {
-                Location: redirectUrl,
-            }).end();
-
-            responseResolver(querystring.parse(body));
-        });
-    });
-
-    debug('http server starting');
-    const port = await new Promise((resolve) => {
-        server.listen(0, '127.0.0.1', () => {
-            resolve(server.address().port);
-        });
-    });
-    debug('http server started on port %d', port);
-
-    debug('opening the browser on %s', `${url}?port=${port}`);
-    await open(`${url}?port=${port}`);
-
-    try {
-        debug('waiting for http request');
-        return await responseAwaiter;
-    } finally {
-        debug('http server close');
-        clearTimeout(timerHandler);
-        server.close();
-    }
-}

package/src/features/analysis/git.mjs

@@ -1,50 +0,0 @@
-import { simpleGit } from 'simple-git';
-import Debug from 'debug';
-
-const debug = Debug('mobbdev:git');
-
-export async function getGitInfo(srcDirPath) {
-    debug('getting git info for %s', srcDirPath);
-
-    const git = simpleGit({
-        baseDir: srcDirPath,
-        // binary: 'git123',
-        maxConcurrentProcesses: 1,
-        trimmed: true,
-    });
-
-    let repoUrl = '';
-    let hash = '';
-    let reference = '';
-
-    try {
-        repoUrl = (await git.getConfig('remote.origin.url')).value || '';
-        hash = (await git.revparse(['HEAD'])) || '';
-        reference = (await git.revparse(['--abbrev-ref', 'HEAD'])) || '';
-    } catch (e) {
-        debug('failed to run git %o', e);
-        if (e.message && e.message.includes(' spawn ')) {
-            debug('git cli not installed');
-        } else if (e.message && e.message.includes(' not a git repository ')) {
-            debug('folder is not a git repo');
-        } else {
-            throw e;
-        }
-    }
-
-    // Normalize git URL. We may need more generic code here, but it's not very
-    // important at the moment.
-    if (repoUrl.endsWith('.git')) {
-        repoUrl = repoUrl.slice(0, -'.git'.length);
-    }
-
-    if (repoUrl.startsWith('git@github.com:')) {
-        repoUrl = repoUrl.replace('git@github.com:', 'https://github.com/');
-    }
-
-    return {
-        repoUrl,
-        hash,
-        reference,
-    };
-}

package/src/features/analysis/github.mjs

@@ -1,106 +0,0 @@
-import fs from 'node:fs';
-import chalk from 'chalk';
-import stream from 'node:stream';
-import path from 'node:path';
-import { promisify } from 'node:util';
-import fetch from 'node-fetch';
-import extract from 'extract-zip';
-import Debug from 'debug';
-import { Spinner } from '../../utils.mjs';
-const pipeline = promisify(stream.pipeline);
-const debug = Debug('mobbdev:github');
-
-async function getRepo(slug, { token } = {}) {
-    try {
-        return fetch(`https://api.github.com/repos/${slug}`, {
-            method: 'GET',
-            headers: {
-                Accept: 'application/vnd.github+json',
-                'X-GitHub-Api-Version': '2022-11-28',
-                ...(token && { Authorization: `bearer ${token}` }),
-            },
-        });
-    } catch (e) {
-        debug(`error fetching the repo ${slug}`, e);
-        throw e;
-    }
-}
-
-function extractSlug(repoUrl) {
-    debug('get default branch %s', repoUrl);
-    let slug = repoUrl.replace(/https?:\/\/github\.com\//i, '');
-
-    if (slug.endsWith('/')) {
-        slug = slug.substring(0, slug.length - 1);
-    }
-
-    if (slug.endsWith('.git')) {
-        slug = slug.substring(0, slug.length - '.git'.length);
-    }
-    debug('slug %s', slug);
-    return slug;
-}
-
-export async function canReachRepo(repoUrl, { token } = {}) {
-    const slug = extractSlug(repoUrl);
-    const response = await getRepo(slug, { token });
-    return response.ok;
-}
-
-export async function getDefaultBranch(repoUrl, { token } = {}) {
-    const slug = extractSlug(repoUrl);
-    const response = await getRepo(slug, { token });
-    if (!response.ok) {
-        debug('GH request failed %s %s', response.body, response.status);
-        throw new Error(
-            `Can't get default branch, make sure you have access to : ${repoUrl}.`
-        );
-    }
-
-    const repoInfo = await response.json();
-    debug('GH request ok %o', repoInfo);
-
-    return repoInfo.default_branch;
-}
-
-export async function downloadRepo(
-    { repoUrl, reference, dirname, ci },
-    { token } = {}
-) {
-    const { createSpinner } = Spinner({ ci });
-    const repoSpinner = createSpinner('💾 Downloading Repo').start();
-    debug('download repo %s %s %s', repoUrl, reference, dirname);
-    const zipFilePath = path.join(dirname, 'repo.zip');
-    const response = await fetch(`${repoUrl}/zipball/${reference}`, {
-        method: 'GET',
-        headers: {
-            ...(token && { Authorization: `bearer ${token}` }),
-        },
-    });
-    if (!response.ok) {
-        debug(
-            'GH zipball request failed %s %s',
-            response.body,
-            response.status
-        );
-        repoSpinner.error({ text: '💾 Repo download failed' });
-        throw new Error(
-            `Can't access the the branch ${chalk.bold(
-                reference
-            )} on ${chalk.bold(repoUrl)} make sure it exits.`
-        );
-    }
-
-    const fileWriterStream = fs.createWriteStream(zipFilePath);
-
-    await pipeline(response.body, fileWriterStream);
-    await extract(zipFilePath, { dir: dirname });
-
-    const repoRoot = fs
-        .readdirSync(dirname, { withFileTypes: true })
-        .filter((dirent) => dirent.isDirectory())
-        .map((dirent) => dirent.name)[0];
-    debug('repo root %s', repoRoot);
-    repoSpinner.success({ text: '💾 Repo downloaded successfully' });
-    return path.join(dirname, repoRoot);
-}