mobbdev 0.0.28 → 0.0.30

package/src/features/analysis/gql.mjs

@@ -1,198 +0,0 @@
-import fetch from 'node-fetch';
-import Debug from 'debug';
-import { API_URL } from '../../constants.mjs';
-
-const debug = Debug('mobbdev:gql');
-
-const ME = `
-query Me {
-  me {
-    id
-    email
-    githubToken
-  }
-}
-`;
-
-const GET_ORG_AND_PROJECT_ID = `
-query getOrgAndProjectId {
-  user {
-    userOrganizationsAndUserOrganizationRoles {
-      organization {
-        id
-        projects(order_by: {updatedAt: desc}) {
-          id
-        }
-      }
-    }
-  }
-}`;
-
-const CREATE_COMMUNITY_USER = `
-mutation CreateCommunityUser {
- initOrganizationAndProject {
-    userId
-    projectId
-    organizationId
-  }
-}
-`;
-
-const UPLOAD_S3_BUCKET_INFO = `
-mutation uploadS3BucketInfo($fileName: String!) {
-  uploadS3BucketInfo(fileName: $fileName) {
-    status
-    error
-    uploadInfo {
-      url
-      fixReportId
-      uploadFieldsJSON
-      uploadKey
-    }
-    repoUploadInfo {
-      url
-      fixReportId
-      uploadFieldsJSON
-      uploadKey
-    }
-  }
-}
-`;
-
-const SUBMIT_VULNERABILITY_REPORT = `
-mutation SubmitVulnerabilityReport($vulnerabilityReportFileName: String!, $fixReportId: String!, $repoUrl: String!, $reference: String!, $projectId: String!, $sha: String) {
-  submitVulnerabilityReport(
-    fixReportId: $fixReportId
-    repoUrl: $repoUrl
-    reference: $reference
-    sha: $sha
-    vulnerabilityReportFileName: $vulnerabilityReportFileName
-    projectId: $projectId
-  ) {
-    __typename
-  }
-}
-`;
-
-export class GQLClient {
-    constructor(args) {
-        const { token, apiKey } = args;
-        apiKey
-            ? debug('init with apiKey %s', apiKey)
-            : debug('init with token %s', token);
-        this._token = token;
-        this._apiKey = apiKey;
-    }
-    async getUserInfo() {
-        const { me } = await this._apiCall(ME);
-        return me;
-    }
-
-    async _apiCall(query, variables = {}) {
-        debug('api call %o %s', variables, query);
-        const headers = this._apiKey
-            ? { 'x-mobb-key': this._apiKey }
-            : {
-                  authorization: `Bearer ${this._token}`,
-              };
-        debug('headers %o', headers);
-        const response = await fetch(API_URL, {
-            method: 'POST',
-            headers,
-            body: JSON.stringify({
-                query,
-                variables,
-            }),
-        });
-
-        if (!response.ok) {
-            debug('API request failed %s %s', response.body, response.status);
-            throw new Error(`API call failed: ${response.status}`);
-        }
-
-        const data = await response.json();
-        debug('API request ok %j', data);
-
-        if (data.errors) {
-            throw new Error(`API error: ${data.errors[0].message}`);
-        }
-
-        if (!data.data) {
-            throw new Error('No data returned for the API query.');
-        }
-
-        return data.data;
-    }
-
-    async verifyToken() {
-        await this.createCommunityUser();
-
-        try {
-            await this._apiCall(ME);
-        } catch (e) {
-            debug('verify token failed %o', e);
-            return false;
-        }
-        return true;
-    }
-
-    async getOrgAndProjectId() {
-        const data = await this._apiCall(GET_ORG_AND_PROJECT_ID);
-        const org =
-            data.user[0].userOrganizationsAndUserOrganizationRoles[0]
-                .organization;
-
-        return {
-            organizationId: org.id,
-            projectId: org.projects[0].id,
-        };
-    }
-
-    async createCommunityUser() {
-        try {
-            await this._apiCall(CREATE_COMMUNITY_USER);
-        } catch (e) {
-            debug('create community user failed %o', e);
-            // Ignore errors
-        }
-    }
-
-    async uploadS3BucketInfo() {
-        const data = await this._apiCall(UPLOAD_S3_BUCKET_INFO, {
-            fileName: 'report.json',
-        });
-
-        return {
-            fixReportId: data.uploadS3BucketInfo.uploadInfo.fixReportId,
-            uploadKey: data.uploadS3BucketInfo.uploadInfo.uploadKey,
-            url: data.uploadS3BucketInfo.uploadInfo.url,
-            uploadFields: JSON.parse(
-                data.uploadS3BucketInfo.uploadInfo.uploadFieldsJSON
-            ),
-
-            repoFixReportId: data.uploadS3BucketInfo.repoUploadInfo.fixReportId,
-            repoUploadKey: data.uploadS3BucketInfo.repoUploadInfo.uploadKey,
-            repoUrl: data.uploadS3BucketInfo.repoUploadInfo.url,
-            repoUploadFields: JSON.parse(
-                data.uploadS3BucketInfo.repoUploadInfo.uploadFieldsJSON
-            ),
-        };
-    }
-
-    async submitVulnerabilityReport(
-        fixReportId,
-        repoUrl,
-        reference,
-        projectId,
-        sha
-    ) {
-        await this._apiCall(SUBMIT_VULNERABILITY_REPORT, {
-            fixReportId,
-            repoUrl,
-            reference,
-            vulnerabilityReportFileName: 'report.json',
-            projectId,
-            sha: sha || '',
-        });
-    }
-}

package/src/features/analysis/index.mjs

@@ -1,292 +0,0 @@
-import chalk from 'chalk';
-import Configstore from 'configstore';
-import Debug from 'debug';
-import fs from 'node:fs';
-import path from 'node:path';
-import { fileURLToPath } from 'node:url';
-import open from 'open';
-import semver from 'semver';
-import { callbackServer } from './callback-server.mjs';
-import tmp from 'tmp';
-import { CliError } from '../../commands/index.mjs';
-
-import { WEB_APP_URL } from '../../constants.mjs';
-import { canReachRepo, downloadRepo, getDefaultBranch } from './github.mjs';
-import { GQLClient } from './gql.mjs';
-import { githubIntegrationPrompt, mobbAnalysisPrompt } from './prompts.mjs';
-import { getSnykReport } from './snyk.mjs';
-import { uploadFile } from './upload-file.mjs';
-import { keypress, Spinner } from '../../utils.mjs';
-import { pack } from './pack.mjs';
-import { getGitInfo } from './git.mjs';
-
-const webLoginUrl = `${WEB_APP_URL}/cli-login`;
-const githubSubmitUrl = `${WEB_APP_URL}/gh-callback`;
-const githubAuthUrl = `${WEB_APP_URL}/github-auth`;
-
-const MOBB_LOGIN_REQUIRED_MSG = `🔓 Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk.bgBlue(
-    'press any key to continue'
-)};`;
-const tmpObj = tmp.dirSync({
-    unsafeCleanup: true,
-});
-
-const debug = Debug('mobbdev:index');
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-
-const packageJson = JSON.parse(
-    fs.readFileSync(path.join(__dirname, '../../../package.json'), 'utf8')
-);
-
-if (!semver.satisfies(process.version, packageJson.engines.node)) {
-    throw new CliError(
-        `${packageJson.name} requires node version ${packageJson.engines.node}, but running ${process.version}.`
-    );
-}
-
-const config = new Configstore(packageJson.name, { token: '' });
-debug('config %o', config);
-
-export async function runAnalysis(
-    { repo, scanner, scanFile, apiKey, ci, commitHash, srcPath, ref },
-    options
-) {
-    try {
-        await _scan(
-            {
-                dirname: tmpObj.name,
-                repo,
-                scanner,
-                scanFile,
-                ref,
-                apiKey,
-                ci,
-                srcPath,
-                commitHash,
-            },
-            options
-        );
-    } finally {
-        tmpObj.removeCallback();
-    }
-}
-
-export async function _scan(
-    { dirname, repo, scanFile, branch, apiKey, ci, srcPath, commitHash, ref },
-    { skipPrompts = false } = {}
-) {
-    debug('start %s %s', dirname, repo);
-    const { createSpinner } = Spinner({ ci });
-    skipPrompts = skipPrompts || ci;
-    let token = config.get('token');
-    debug('token %s', token);
-    apiKey ?? debug('token %s', apiKey);
-    let gqlClient = new GQLClient(apiKey ? { apiKey } : { token });
-    await handleMobbLogin();
-    const { projectId, organizationId } = await gqlClient.getOrgAndProjectId();
-    const uploadData = await gqlClient.uploadS3BucketInfo();
-    let reportPath = scanFile;
-
-    if (srcPath) {
-        return await uploadExistingRepo();
-    }
-
-    const userInfo = await gqlClient.getUserInfo();
-    let { githubToken } = userInfo;
-    const isRepoAvailable = await canReachRepo(repo, {
-        token: userInfo.githubToken,
-    });
-    if (!isRepoAvailable) {
-        if (ci) {
-            throw new Error(
-                `Cannot access repo ${repo} with the provided token, please visit ${githubAuthUrl} to refresh your Github token`
-            );
-        }
-        const { token } = await handleGithubIntegration();
-        githubToken = token;
-    }
-
-    const reference =
-        ref ?? (await getDefaultBranch(repo, { token: githubToken }));
-    debug('org id %s', organizationId);
-    debug('project id %s', projectId);
-    debug('default branch %s', reference);
-
-    const repositoryRoot = await downloadRepo(
-        {
-            repoUrl: repo,
-            reference,
-            dirname,
-            ci,
-        },
-        { token: githubToken }
-    );
-
-    if (!reportPath) {
-        reportPath = await getReportFromSnyk();
-    }
-
-    const report = JSON.parse(fs.readFileSync(reportPath, 'utf8'));
-    await uploadFile(
-        reportPath,
-        uploadData.url,
-        uploadData.uploadKey,
-        uploadData.uploadFields
-    );
-    const mobbSpinner = createSpinner('🕵️‍♂️ Initiating Mobb analysis').start();
-    try {
-        await gqlClient.submitVulnerabilityReport(
-            uploadData.fixReportId,
-            repo,
-            reference,
-            projectId
-        );
-    } catch (e) {
-        mobbSpinner.error({ text: '🕵️‍♂️ Mobb analysis failed' });
-        throw e;
-    }
-
-    debug('report %o', report);
-
-    const results = ((report.runs || [])[0] || {}).results || [];
-    if (results.length === 0 && !scanFile) {
-        mobbSpinner.success({
-            text: '🕵️‍♂️ Report did not detect any vulnerabilities — nothing to fix.',
-        });
-    } else {
-        mobbSpinner.success({
-            text: '🕵️‍♂️ Generating fixes...',
-        });
-
-        await askToOpenAnalysis();
-    }
-    async function getReportFromSnyk() {
-        const reportPath = path.join(dirname, 'report.json');
-
-        if (
-            !(await getSnykReport(reportPath, repositoryRoot, { skipPrompts }))
-        ) {
-            debug('snyk code is not enabled');
-            return;
-        }
-        return reportPath;
-    }
-    async function askToOpenAnalysis() {
-        const reportUrl = `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${uploadData.fixReportId}`;
-        !ci && console.log('You can access the report at: \n');
-        console.log(reportUrl);
-        !skipPrompts && (await mobbAnalysisPrompt());
-
-        !ci && open(reportUrl);
-        !ci &&
-            console.log(
-                chalk.bgBlue(
-                    '\n\n  My work here is done for now, see you soon! 🕵️‍♂️  '
-                )
-            );
-    }
-
-    async function handleMobbLogin() {
-        if (
-            (token && (await gqlClient.verifyToken())) ||
-            (apiKey && (await gqlClient.verifyToken()))
-        ) {
-            createSpinner().start().success({
-                text: '🔓 Logged in to Mobb successfully',
-            });
-
-            return;
-        }
-        if (apiKey && !(await gqlClient.verifyToken())) {
-            createSpinner().start().error({
-                text: '🔓 Logged in to Mobb failed - check your api-key',
-            });
-            throw new CliError();
-        }
-        const mobbLoginSpinner = createSpinner().start();
-        if (!skipPrompts) {
-            mobbLoginSpinner.update({ text: MOBB_LOGIN_REQUIRED_MSG });
-            await keypress();
-        }
-
-        mobbLoginSpinner.update({
-            text: '🔓 Waiting for Mobb login...',
-        });
-
-        const loginResponse = await callbackServer(
-            webLoginUrl,
-            `${webLoginUrl}?done=true`
-        );
-        token = loginResponse.token;
-
-        gqlClient = new GQLClient({ token });
-
-        if (!(await gqlClient.verifyToken())) {
-            mobbLoginSpinner.error({
-                text: 'Something went wrong, API token is invalid.',
-            });
-            throw new CliError();
-        }
-        debug('set token %s', token);
-        config.set('token', token);
-        mobbLoginSpinner.success({ text: '🔓 Login to Mobb successful!' });
-    }
-    async function handleGithubIntegration() {
-        const addGithubIntegration = skipPrompts
-            ? true
-            : await githubIntegrationPrompt();
-
-        const githubSpinner = createSpinner(
-            '🔗 Waiting for github integration...'
-        ).start();
-        if (!addGithubIntegration) {
-            githubSpinner.error();
-            throw Error('Could not reach github repo');
-        }
-        const result = await callbackServer(
-            githubAuthUrl,
-            `${githubSubmitUrl}?done=true`
-        );
-        githubSpinner.success({ text: '🔗 Github integration successful!' });
-        return result;
-    }
-    async function uploadExistingRepo() {
-        const gitInfo = await getGitInfo(srcPath);
-        const zipBuffer = await pack(srcPath);
-
-        await uploadFile(
-            reportPath,
-            uploadData.url,
-            uploadData.uploadKey,
-            uploadData.uploadFields
-        );
-        await uploadFile(
-            zipBuffer,
-            uploadData.repoUrl,
-            uploadData.repoUploadKey,
-            uploadData.repoUploadFields
-        );
-
-        const mobbSpinner = createSpinner(
-            '🕵️‍♂️ Initiating Mobb analysis'
-        ).start();
-
-        try {
-            await gqlClient.submitVulnerabilityReport(
-                uploadData.fixReportId,
-                repo || gitInfo.repoUrl,
-                branch || gitInfo.reference,
-                projectId,
-                commitHash || gitInfo.hash
-            );
-        } catch (e) {
-            mobbSpinner.error({ text: '🕵️‍♂️ Mobb analysis failed' });
-            throw e;
-        }
-
-        mobbSpinner.success({
-            text: '🕵️‍♂️ Generating fixes...',
-        });
-        await askToOpenAnalysis();
-    }
-}

package/src/features/analysis/pack.mjs

@@ -1,31 +0,0 @@
-import fs from 'node:fs';
-import path from 'node:path';
-import { globby } from 'globby';
-import AdmZip from 'adm-zip';
-import Debug from 'debug';
-
-const debug = Debug('mobbdev:pack');
-
-export async function pack(srcDirPath) {
-    debug('pack folder %s', srcDirPath);
-    const filepaths = await globby('**', {
-        gitignore: true,
-        onlyFiles: true,
-        cwd: srcDirPath,
-        followSymbolicLinks: false,
-    });
-    debug('files found %d', filepaths.length);
-
-    const zip = new AdmZip();
-
-    debug('compressing files');
-    for (const filepath of filepaths) {
-        zip.addFile(
-            filepath.toString(),
-            fs.readFileSync(path.join(srcDirPath, filepath.toString()))
-        );
-    }
-
-    debug('get zip file buffer');
-    return zip.toBuffer();
-}

package/src/features/analysis/prompts.mjs

@@ -1,55 +0,0 @@
-import inquirer from 'inquirer';
-import { keypress } from '../../utils.mjs';
-import { SCANNERS } from '../../constants.mjs';
-import { createSpinner } from 'nanospinner';
-
-export async function choseScanner() {
-    const { scanner } = await inquirer.prompt({
-        name: 'scanner',
-        message: 'Choose a scanner you wish to use to scan your code',
-        type: 'list',
-        choices: [
-            { name: 'Snyk', value: SCANNERS.Snyk },
-            { name: 'Checkmarx', value: SCANNERS.Checkmarx },
-            { name: 'Codeql', value: SCANNERS.Codeql },
-            { name: 'Fortify', value: SCANNERS.Fortify },
-        ],
-    });
-    return scanner;
-}
-
-export async function snykLoginPrompt() {
-    const spinner = createSpinner(
-        '🔓 Login to Snyk is required, press any key to continue'
-    ).start();
-    await keypress();
-    return spinner.success();
-}
-
-export async function githubIntegrationPrompt() {
-    const answers = await inquirer.prompt({
-        name: 'githubConfirm',
-        type: 'confirm',
-        message:
-            "It seems we don't have access to the repo, do you want to grant access to your github account",
-        default: true,
-    });
-    return answers.githubConfirm;
-}
-export async function mobbAnalysisPrompt() {
-    const spinner = createSpinner().start();
-    spinner.update({ text: 'Hit any key to view available fixes' });
-    await keypress();
-    return spinner.success();
-}
-
-export async function snykArticlePrompt() {
-    const { snykArticleConfirm } = await inquirer.prompt({
-        name: 'snykArticleConfirm',
-        type: 'confirm',
-        message:
-            "Do you want to be taken to the relevant Snyk's online article?",
-        default: true,
-    });
-    return snykArticleConfirm;
-}

package/src/features/analysis/snyk.mjs

@@ -1,110 +0,0 @@
-import cp from 'node:child_process';
-import { createRequire } from 'node:module';
-import { stdout } from 'colors/lib/system/supports-colors.js';
-import open from 'open';
-import * as process from 'process';
-import Debug from 'debug';
-import chalk from 'chalk';
-import { createSpinner } from 'nanospinner';
-import { snykArticlePrompt } from './prompts.mjs';
-import { keypress } from '../../utils.mjs';
-
-const debug = Debug('mobbdev:snyk');
-const require = createRequire(import.meta.url);
-const SNYK_PATH = require.resolve('snyk/bin/snyk');
-
-const SNYK_ARTICLE_URL =
-    'https://docs.snyk.io/scan-application-code/snyk-code/getting-started-with-snyk-code/activating-snyk-code-using-the-web-ui/step-1-enabling-the-snyk-code-option';
-
-debug('snyk executable path %s', SNYK_PATH);
-
-async function forkSnyk(args, display) {
-    debug('fork snyk with args %o %s', args, display);
-
-    return new Promise((resolve, reject) => {
-        const child = cp.fork(SNYK_PATH, args, {
-            stdio: ['inherit', 'pipe', 'pipe', 'ipc'],
-            env: { FORCE_COLOR: stdout.level },
-        });
-        let out = '';
-        const onData = (chunk) => {
-            debug('chunk received from snyk std %s', chunk);
-            out += chunk;
-        };
-
-        child.stdout.on('data', onData);
-        child.stderr.on('data', onData);
-
-        if (display) {
-            child.stdout.pipe(process.stdout);
-            child.stderr.pipe(process.stderr);
-        }
-
-        child.on('exit', () => {
-            debug('snyk exit');
-            resolve(out);
-        });
-        child.on('error', (err) => {
-            debug('snyk error %o', err);
-            reject(err);
-        });
-    });
-}
-
-export async function getSnykReport(
-    reportPath,
-    repoRoot,
-    { skipPrompts = false }
-) {
-    debug('get snyk report start %s %s', reportPath, repoRoot);
-
-    const config = await forkSnyk(['config'], false);
-    if (!config.includes('api: ')) {
-        const snykLoginSpinner = createSpinner().start();
-        if (!skipPrompts) {
-            snykLoginSpinner.update({
-                text: '🔓 Login to Snyk is required, press any key to continue',
-            });
-            await keypress();
-        }
-        snykLoginSpinner.update({
-            text: '🔓 Waiting for Snyk login to complete',
-        });
-
-        debug('no token in the config %s', config);
-        await forkSnyk(['auth'], true);
-        snykLoginSpinner.success({ text: '🔓 Login to Snyk Successful' });
-    }
-    const snykSpinner = createSpinner(
-        '🔍 Scanning your repo with Snyk '
-    ).start();
-    const out = await forkSnyk(
-        ['code', 'test', `--sarif-file-output=${reportPath}`, repoRoot],
-        true
-    );
-
-    if (
-        out.includes(
-            'Snyk Code is not supported for org: enable in Settings > Snyk Code'
-        )
-    ) {
-        debug('snyk code is not enabled %s', out);
-        snykSpinner.error({ text: '🔍 Snyk configuration needed' });
-        const answer = await snykArticlePrompt();
-        debug('answer %s', answer);
-
-        if (answer) {
-            debug('opening the browser');
-            await open(SNYK_ARTICLE_URL);
-        }
-        console.log(
-            chalk.bgBlue(
-                '\nPlease enable Snyk Code in your Snyk account and try again.'
-            )
-        );
-        return false;
-    }
-
-    snykSpinner.success({ text: '🔍 Snyk code scan completed' });
-    return true;
-}