mobbdev 0.0.58 → 0.0.60
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +65 -65
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -13,7 +13,7 @@ var __publicField = (obj, key, value) => {
|
|
|
13
13
|
import { hideBin } from "yargs/helpers";
|
|
14
14
|
|
|
15
15
|
// src/args/yargs.ts
|
|
16
|
-
import
|
|
16
|
+
import chalk8 from "chalk";
|
|
17
17
|
import yargs from "yargs/yargs";
|
|
18
18
|
|
|
19
19
|
// src/args/commands/analyze.ts
|
|
@@ -69,6 +69,7 @@ var mobbAscii = `
|
|
|
69
69
|
...............................
|
|
70
70
|
.................
|
|
71
71
|
`;
|
|
72
|
+
var PROJECT_DEFAULT_NAME = "My first project";
|
|
72
73
|
var WEB_APP_URL = envVariables.WEB_APP_URL;
|
|
73
74
|
var API_URL = envVariables.API_URL;
|
|
74
75
|
var errorMessages = {
|
|
@@ -229,17 +230,11 @@ var DIGEST_VULNERABILITY_REPORT = gql`
|
|
|
229
230
|
$vulnerabilityReportFileName: String!
|
|
230
231
|
$fixReportId: String!
|
|
231
232
|
$projectId: String!
|
|
232
|
-
$repoUrl: String!
|
|
233
|
-
$reference: String!
|
|
234
|
-
$sha: String
|
|
235
233
|
) {
|
|
236
234
|
digestVulnerabilityReport(
|
|
237
235
|
fixReportId: $fixReportId
|
|
238
236
|
vulnerabilityReportFileName: $vulnerabilityReportFileName
|
|
239
237
|
projectId: $projectId
|
|
240
|
-
repoUrl: $repoUrl
|
|
241
|
-
reference: $reference
|
|
242
|
-
sha: $sha
|
|
243
238
|
) {
|
|
244
239
|
__typename
|
|
245
240
|
... on VulnerabilityReport {
|
|
@@ -261,29 +256,22 @@ var DIGEST_VULNERABILITY_REPORT = gql`
|
|
|
261
256
|
}
|
|
262
257
|
}
|
|
263
258
|
`;
|
|
264
|
-
var INITIALIZE_VULNERABILITY_REPORT = gql`
|
|
265
|
-
mutation InitializeVulnerabilityReport($fixReportId: String!) {
|
|
266
|
-
initializeVulnerabilityReport(fixReportId: $fixReportId) {
|
|
267
|
-
__typename
|
|
268
|
-
}
|
|
269
|
-
}
|
|
270
|
-
`;
|
|
271
259
|
var SUBMIT_VULNERABILITY_REPORT = gql`
|
|
272
260
|
mutation SubmitVulnerabilityReport(
|
|
273
|
-
$vulnerabilityReportFileName: String!
|
|
274
261
|
$fixReportId: String!
|
|
275
262
|
$repoUrl: String!
|
|
276
263
|
$reference: String!
|
|
277
264
|
$projectId: String!
|
|
278
265
|
$sha: String
|
|
266
|
+
$vulnerabilityReportFileName: String
|
|
279
267
|
) {
|
|
280
268
|
submitVulnerabilityReport(
|
|
281
269
|
fixReportId: $fixReportId
|
|
282
270
|
repoUrl: $repoUrl
|
|
283
271
|
reference: $reference
|
|
284
272
|
sha: $sha
|
|
285
|
-
vulnerabilityReportFileName: $vulnerabilityReportFileName
|
|
286
273
|
projectId: $projectId
|
|
274
|
+
vulnerabilityReportFileName: $vulnerabilityReportFileName
|
|
287
275
|
) {
|
|
288
276
|
__typename
|
|
289
277
|
}
|
|
@@ -333,6 +321,7 @@ var GET_ORG_AND_PROJECT_ID = gql2`
|
|
|
333
321
|
id
|
|
334
322
|
projects(order_by: { updatedAt: desc }) {
|
|
335
323
|
id
|
|
324
|
+
name
|
|
336
325
|
}
|
|
337
326
|
}
|
|
338
327
|
}
|
|
@@ -406,7 +395,8 @@ var GetOrgAndProjectIdQueryZ = z2.object({
|
|
|
406
395
|
id: z2.string(),
|
|
407
396
|
projects: z2.array(
|
|
408
397
|
z2.object({
|
|
409
|
-
id: z2.string()
|
|
398
|
+
id: z2.string(),
|
|
399
|
+
name: z2.string()
|
|
410
400
|
})
|
|
411
401
|
).nonempty()
|
|
412
402
|
})
|
|
@@ -483,7 +473,7 @@ var GQLClient = class {
|
|
|
483
473
|
}
|
|
484
474
|
return true;
|
|
485
475
|
}
|
|
486
|
-
async getOrgAndProjectId() {
|
|
476
|
+
async getOrgAndProjectId(projectName) {
|
|
487
477
|
const getOrgAndProjectIdResult = await this._client.request(
|
|
488
478
|
GET_ORG_AND_PROJECT_ID
|
|
489
479
|
);
|
|
@@ -491,9 +481,10 @@ var GQLClient = class {
|
|
|
491
481
|
getOrgAndProjectIdResult
|
|
492
482
|
).users;
|
|
493
483
|
const org = user.userOrganizationsAndUserOrganizationRoles[0].organization;
|
|
484
|
+
const project = projectName ? org.projects.find((project2) => project2.name === projectName) ?? org.projects[0] : org.projects[0];
|
|
494
485
|
return {
|
|
495
486
|
organizationId: org.id,
|
|
496
|
-
projectId:
|
|
487
|
+
projectId: project.id
|
|
497
488
|
};
|
|
498
489
|
}
|
|
499
490
|
async getEncryptedApiToken(variables) {
|
|
@@ -522,43 +513,31 @@ var GQLClient = class {
|
|
|
522
513
|
}
|
|
523
514
|
async digestVulnerabilityReport({
|
|
524
515
|
fixReportId,
|
|
525
|
-
projectId
|
|
526
|
-
repoUrl,
|
|
527
|
-
reference,
|
|
528
|
-
sha
|
|
516
|
+
projectId
|
|
529
517
|
}) {
|
|
530
518
|
const res = await this._client.request(
|
|
531
519
|
DIGEST_VULNERABILITY_REPORT,
|
|
532
520
|
{
|
|
533
521
|
fixReportId,
|
|
534
522
|
vulnerabilityReportFileName: "report.json",
|
|
535
|
-
projectId
|
|
536
|
-
repoUrl,
|
|
537
|
-
reference,
|
|
538
|
-
sha
|
|
523
|
+
projectId
|
|
539
524
|
}
|
|
540
525
|
);
|
|
541
526
|
return DigestVulnerabilityReportZ.parse(res).digestVulnerabilityReport;
|
|
542
527
|
}
|
|
543
|
-
async initializeVulnerabilityReport({
|
|
544
|
-
fixReportId
|
|
545
|
-
}) {
|
|
546
|
-
await this._client.request(INITIALIZE_VULNERABILITY_REPORT, {
|
|
547
|
-
fixReportId
|
|
548
|
-
});
|
|
549
|
-
}
|
|
550
528
|
async submitVulnerabilityReport({
|
|
551
529
|
fixReportId,
|
|
552
530
|
repoUrl,
|
|
553
531
|
reference,
|
|
554
532
|
projectId,
|
|
555
|
-
sha
|
|
533
|
+
sha,
|
|
534
|
+
vulnerabilityReportFileName
|
|
556
535
|
}) {
|
|
557
536
|
await this._client.request(SUBMIT_VULNERABILITY_REPORT, {
|
|
558
537
|
fixReportId,
|
|
559
538
|
repoUrl,
|
|
560
539
|
reference,
|
|
561
|
-
vulnerabilityReportFileName
|
|
540
|
+
vulnerabilityReportFileName,
|
|
562
541
|
projectId,
|
|
563
542
|
sha: sha || ""
|
|
564
543
|
});
|
|
@@ -2169,7 +2148,8 @@ async function _scan({
|
|
|
2169
2148
|
commitHash,
|
|
2170
2149
|
ref,
|
|
2171
2150
|
scanner,
|
|
2172
|
-
cxProjectName
|
|
2151
|
+
cxProjectName,
|
|
2152
|
+
mobbProjectName
|
|
2173
2153
|
}, { skipPrompts = false } = {}) {
|
|
2174
2154
|
debug8("start %s %s", dirname, repo);
|
|
2175
2155
|
const { createSpinner: createSpinner4 } = Spinner2({ ci });
|
|
@@ -2178,7 +2158,9 @@ async function _scan({
|
|
|
2178
2158
|
apiKey: apiKey || config2.get("apiToken")
|
|
2179
2159
|
});
|
|
2180
2160
|
await handleMobbLogin();
|
|
2181
|
-
const { projectId, organizationId } = await gqlClient.getOrgAndProjectId(
|
|
2161
|
+
const { projectId, organizationId } = await gqlClient.getOrgAndProjectId(
|
|
2162
|
+
mobbProjectName
|
|
2163
|
+
);
|
|
2182
2164
|
const {
|
|
2183
2165
|
uploadS3BucketInfo: { repoUploadInfo, reportUploadInfo }
|
|
2184
2166
|
} = await gqlClient.uploadS3BucketInfo();
|
|
@@ -2260,7 +2242,9 @@ async function _scan({
|
|
|
2260
2242
|
fixReportId: reportUploadInfo.fixReportId,
|
|
2261
2243
|
repoUrl: repo,
|
|
2262
2244
|
reference,
|
|
2263
|
-
projectId
|
|
2245
|
+
projectId,
|
|
2246
|
+
vulnerabilityReportFileName: "report.json",
|
|
2247
|
+
sha
|
|
2264
2248
|
});
|
|
2265
2249
|
} catch (e) {
|
|
2266
2250
|
mobbSpinner.error({ text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed" });
|
|
@@ -2423,14 +2407,11 @@ async function _scan({
|
|
|
2423
2407
|
});
|
|
2424
2408
|
const digestSpinner = createSpinner4("\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report").start();
|
|
2425
2409
|
let vulnFiles = [];
|
|
2410
|
+
const gitInfo = await getGitInfo(srcPath);
|
|
2426
2411
|
try {
|
|
2427
|
-
const gitInfo = await getGitInfo(srcPath);
|
|
2428
2412
|
const { vulnerabilityReportId } = await gqlClient.digestVulnerabilityReport({
|
|
2429
2413
|
fixReportId: reportUploadInfo.fixReportId,
|
|
2430
|
-
projectId
|
|
2431
|
-
repoUrl: repo || gitInfo.repoUrl,
|
|
2432
|
-
reference: gitInfo.reference,
|
|
2433
|
-
sha: commitHash || gitInfo.hash
|
|
2414
|
+
projectId
|
|
2434
2415
|
});
|
|
2435
2416
|
const finalState = await gqlClient.waitFixReportInit(
|
|
2436
2417
|
reportUploadInfo.fixReportId,
|
|
@@ -2467,8 +2448,12 @@ async function _scan({
|
|
|
2467
2448
|
uploadRepoSpinner.success({ text: "\u{1F4C1} Uploading Repo successful!" });
|
|
2468
2449
|
const mobbSpinner2 = createSpinner4("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
|
|
2469
2450
|
try {
|
|
2470
|
-
await gqlClient.
|
|
2471
|
-
fixReportId: reportUploadInfo.fixReportId
|
|
2451
|
+
await gqlClient.submitVulnerabilityReport({
|
|
2452
|
+
fixReportId: reportUploadInfo.fixReportId,
|
|
2453
|
+
projectId,
|
|
2454
|
+
repoUrl: repo || gitInfo.repoUrl,
|
|
2455
|
+
reference: gitInfo.reference,
|
|
2456
|
+
sha: commitHash || gitInfo.hash
|
|
2472
2457
|
});
|
|
2473
2458
|
} catch (e) {
|
|
2474
2459
|
mobbSpinner2.error({ text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed" });
|
|
@@ -2483,7 +2468,16 @@ async function _scan({
|
|
|
2483
2468
|
|
|
2484
2469
|
// src/commands/index.ts
|
|
2485
2470
|
import chalkAnimation from "chalk-animation";
|
|
2486
|
-
async function analyze({
|
|
2471
|
+
async function analyze({
|
|
2472
|
+
repo,
|
|
2473
|
+
f: scanFile,
|
|
2474
|
+
ref,
|
|
2475
|
+
apiKey,
|
|
2476
|
+
ci,
|
|
2477
|
+
commitHash,
|
|
2478
|
+
srcPath,
|
|
2479
|
+
mobbProjectName
|
|
2480
|
+
}, { skipPrompts = false } = {}) {
|
|
2487
2481
|
!ci && await showWelcomeMessage(skipPrompts);
|
|
2488
2482
|
await runAnalysis(
|
|
2489
2483
|
{
|
|
@@ -2493,6 +2487,7 @@ async function analyze({ repo, f: scanFile, ref, apiKey, ci, commitHash, srcPath
|
|
|
2493
2487
|
apiKey,
|
|
2494
2488
|
ci,
|
|
2495
2489
|
commitHash,
|
|
2490
|
+
mobbProjectName,
|
|
2496
2491
|
srcPath
|
|
2497
2492
|
},
|
|
2498
2493
|
{ skipPrompts }
|
|
@@ -2548,6 +2543,16 @@ var refOption = {
|
|
|
2548
2543
|
type: "string",
|
|
2549
2544
|
demandOption: false
|
|
2550
2545
|
};
|
|
2546
|
+
var scannerOptions = {
|
|
2547
|
+
alias: "s",
|
|
2548
|
+
choices: Object.values(SCANNERS),
|
|
2549
|
+
describe: chalk5.bold("Select the scanner to use")
|
|
2550
|
+
};
|
|
2551
|
+
var mobbProjectNameOption = {
|
|
2552
|
+
type: "string",
|
|
2553
|
+
describe: chalk5.bold("Mobb project name"),
|
|
2554
|
+
default: PROJECT_DEFAULT_NAME
|
|
2555
|
+
};
|
|
2551
2556
|
var ciOption = {
|
|
2552
2557
|
describe: chalk5.bold(
|
|
2553
2558
|
"Run in CI mode, prompts and browser will not be opened"
|
|
@@ -2640,7 +2645,7 @@ function analyzeBuilder(yargs2) {
|
|
|
2640
2645
|
alias: "commit-hash",
|
|
2641
2646
|
describe: chalk7.bold("Hash of the commit"),
|
|
2642
2647
|
type: "string"
|
|
2643
|
-
}).option("y", yesOption).option("ci", ciOption).option("api-key", apiKeyOption).option("commit-hash", commitHashOption).example(
|
|
2648
|
+
}).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("api-key", apiKeyOption).option("commit-hash", commitHashOption).example(
|
|
2644
2649
|
"$0 analyze -r https://github.com/WebGoat/WebGoat -f <your_vulirabitliy_report_path>",
|
|
2645
2650
|
"analyze an existing repository"
|
|
2646
2651
|
).help();
|
|
@@ -2667,13 +2672,8 @@ async function analyzeHandler(args) {
|
|
|
2667
2672
|
}
|
|
2668
2673
|
|
|
2669
2674
|
// src/args/commands/scan.ts
|
|
2670
|
-
import chalk8 from "chalk";
|
|
2671
2675
|
function scanBuilder(args) {
|
|
2672
|
-
return args.coerce("scanner", (arg) => arg.toLowerCase()).option("repo", repoOption).option("ref", refOption).option("
|
|
2673
|
-
alias: "scanner",
|
|
2674
|
-
choices: Object.values(SCANNERS),
|
|
2675
|
-
describe: chalk8.bold("Select the scanner to use")
|
|
2676
|
-
}).option("y", yesOption).option("ci", ciOption).option("api-key", apiKeyOption).option("cx-project-name", projectNameOption).example(
|
|
2676
|
+
return args.coerce("scanner", (arg) => arg.toLowerCase()).option("repo", repoOption).option("ref", refOption).option("scanner", scannerOptions).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("api-key", apiKeyOption).option("cx-project-name", projectNameOption).example(
|
|
2677
2677
|
"$0 scan -r https://github.com/WebGoat/WebGoat",
|
|
2678
2678
|
"Scan an existing repository"
|
|
2679
2679
|
).help();
|
|
@@ -2699,28 +2699,28 @@ async function scanHandler(args) {
|
|
|
2699
2699
|
var parseArgs = async (args) => {
|
|
2700
2700
|
const yargsInstance = yargs(args);
|
|
2701
2701
|
return yargsInstance.updateStrings({
|
|
2702
|
-
"Commands:":
|
|
2703
|
-
"Options:":
|
|
2704
|
-
"Examples:":
|
|
2705
|
-
"Show help":
|
|
2702
|
+
"Commands:": chalk8.yellow.underline.bold("Commands:"),
|
|
2703
|
+
"Options:": chalk8.yellow.underline.bold("Options:"),
|
|
2704
|
+
"Examples:": chalk8.yellow.underline.bold("Examples:"),
|
|
2705
|
+
"Show help": chalk8.bold("Show help")
|
|
2706
2706
|
}).usage(
|
|
2707
|
-
`${
|
|
2707
|
+
`${chalk8.bold(
|
|
2708
2708
|
"\n Bugsy - Trusted, Automatic Vulnerability Fixer \u{1F575}\uFE0F\u200D\u2642\uFE0F\n\n"
|
|
2709
|
-
)} ${
|
|
2710
|
-
$0 ${
|
|
2709
|
+
)} ${chalk8.yellow.underline.bold("Usage:")}
|
|
2710
|
+
$0 ${chalk8.green(
|
|
2711
2711
|
"<command>"
|
|
2712
|
-
)} ${
|
|
2712
|
+
)} ${chalk8.dim("[options]")}
|
|
2713
2713
|
`
|
|
2714
2714
|
).version(false).command(
|
|
2715
2715
|
"scan",
|
|
2716
|
-
|
|
2716
|
+
chalk8.bold(
|
|
2717
2717
|
"Scan your code for vulnerabilities, get automated fixes right away."
|
|
2718
2718
|
),
|
|
2719
2719
|
scanBuilder,
|
|
2720
2720
|
scanHandler
|
|
2721
2721
|
).command(
|
|
2722
2722
|
"analyze",
|
|
2723
|
-
|
|
2723
|
+
chalk8.bold(
|
|
2724
2724
|
"Provide a vulnerability report and relevant code repository, get automated fixes right away."
|
|
2725
2725
|
),
|
|
2726
2726
|
analyzeBuilder,
|
|
@@ -2733,7 +2733,7 @@ var parseArgs = async (args) => {
|
|
|
2733
2733
|
handler() {
|
|
2734
2734
|
yargsInstance.showHelp();
|
|
2735
2735
|
}
|
|
2736
|
-
}).strictOptions().help("h").alias("h", "help").epilog(
|
|
2736
|
+
}).strictOptions().help("h").alias("h", "help").epilog(chalk8.bgBlue("Made with \u2764\uFE0F by Mobb")).showHelpOnFail(true).wrap(Math.min(120, yargsInstance.terminalWidth())).parse();
|
|
2737
2737
|
};
|
|
2738
2738
|
|
|
2739
2739
|
// src/index.ts
|