mobbdev 0.0.59 → 0.0.61

package/dist/index.mjs

@@ -202,6 +202,7 @@ async function getGitInfo(srcDirPath) {
 // src/features/analysis/graphql/gql.ts
 import Debug3 from "debug";
 import { GraphQLClient } from "graphql-request";
+import { v4 as uuidv4 } from "uuid";
 
 // src/features/analysis/graphql/mutations.ts
 import { gql } from "graphql-request";
@@ -230,17 +231,11 @@ var DIGEST_VULNERABILITY_REPORT = gql`
     $vulnerabilityReportFileName: String!
     $fixReportId: String!
     $projectId: String!
-    $repoUrl: String!
-    $reference: String!
-    $sha: String
   ) {
     digestVulnerabilityReport(
       fixReportId: $fixReportId
       vulnerabilityReportFileName: $vulnerabilityReportFileName
       projectId: $projectId
-      repoUrl: $repoUrl
-      reference: $reference
-      sha: $sha
     ) {
       __typename
       ... on VulnerabilityReport {
@@ -262,29 +257,22 @@ var DIGEST_VULNERABILITY_REPORT = gql`
     }
   }
 `;
-var INITIALIZE_VULNERABILITY_REPORT = gql`
-  mutation InitializeVulnerabilityReport($fixReportId: String!) {
-    initializeVulnerabilityReport(fixReportId: $fixReportId) {
-      __typename
-    }
-  }
-`;
 var SUBMIT_VULNERABILITY_REPORT = gql`
   mutation SubmitVulnerabilityReport(
-    $vulnerabilityReportFileName: String!
     $fixReportId: String!
     $repoUrl: String!
     $reference: String!
     $projectId: String!
     $sha: String
+    $vulnerabilityReportFileName: String
   ) {
     submitVulnerabilityReport(
       fixReportId: $fixReportId
       repoUrl: $repoUrl
       reference: $reference
       sha: $sha
-      vulnerabilityReportFileName: $vulnerabilityReportFileName
       projectId: $projectId
+      vulnerabilityReportFileName: $vulnerabilityReportFileName
     ) {
       __typename
     }
@@ -456,7 +444,20 @@ var GQLClient = class {
     const { apiKey } = args;
     debug3(`init with apiKey ${apiKey}`);
     this._client = new GraphQLClient(API_URL, {
-      headers: { [API_KEY_HEADER_NAME]: apiKey || "" }
+      headers: { [API_KEY_HEADER_NAME]: apiKey || "" },
+      requestMiddleware: (request) => {
+        const requestId = uuidv4();
+        debug3(
+          `sending API request with id: ${requestId} and with request: ${request.body}`
+        );
+        return {
+          ...request,
+          headers: {
+            ...request.headers,
+            "x-hasura-request-id": requestId
+          }
+        };
+      }
     });
   }
   async getUserInfo() {
@@ -526,43 +527,31 @@ var GQLClient = class {
   }
   async digestVulnerabilityReport({
     fixReportId,
-    projectId,
-    repoUrl,
-    reference,
-    sha
+    projectId
   }) {
     const res = await this._client.request(
       DIGEST_VULNERABILITY_REPORT,
       {
         fixReportId,
         vulnerabilityReportFileName: "report.json",
-        projectId,
-        repoUrl,
-        reference,
-        sha
+        projectId
       }
     );
     return DigestVulnerabilityReportZ.parse(res).digestVulnerabilityReport;
   }
-  async initializeVulnerabilityReport({
-    fixReportId
-  }) {
-    await this._client.request(INITIALIZE_VULNERABILITY_REPORT, {
-      fixReportId
-    });
-  }
   async submitVulnerabilityReport({
     fixReportId,
     repoUrl,
     reference,
     projectId,
-    sha
+    sha,
+    vulnerabilityReportFileName
   }) {
     await this._client.request(SUBMIT_VULNERABILITY_REPORT, {
       fixReportId,
       repoUrl,
       reference,
-      vulnerabilityReportFileName: "report.json",
+      vulnerabilityReportFileName,
       projectId,
       sha: sha || ""
     });
@@ -2267,7 +2256,9 @@ async function _scan({
       fixReportId: reportUploadInfo.fixReportId,
       repoUrl: repo,
       reference,
-      projectId
+      projectId,
+      vulnerabilityReportFileName: "report.json",
+      sha
     });
   } catch (e) {
     mobbSpinner.error({ text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed" });
@@ -2430,14 +2421,11 @@ async function _scan({
     });
     const digestSpinner = createSpinner4("\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report").start();
     let vulnFiles = [];
+    const gitInfo = await getGitInfo(srcPath);
     try {
-      const gitInfo = await getGitInfo(srcPath);
       const { vulnerabilityReportId } = await gqlClient.digestVulnerabilityReport({
         fixReportId: reportUploadInfo.fixReportId,
-        projectId,
-        repoUrl: repo || gitInfo.repoUrl,
-        reference: gitInfo.reference,
-        sha: commitHash || gitInfo.hash
+        projectId
       });
       const finalState = await gqlClient.waitFixReportInit(
         reportUploadInfo.fixReportId,
@@ -2474,8 +2462,12 @@ async function _scan({
     uploadRepoSpinner.success({ text: "\u{1F4C1} Uploading Repo successful!" });
     const mobbSpinner2 = createSpinner4("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
     try {
-      await gqlClient.initializeVulnerabilityReport({
-        fixReportId: reportUploadInfo.fixReportId
+      await gqlClient.submitVulnerabilityReport({
+        fixReportId: reportUploadInfo.fixReportId,
+        projectId,
+        repoUrl: repo || gitInfo.repoUrl,
+        reference: gitInfo.reference,
+        sha: commitHash || gitInfo.hash
       });
     } catch (e) {
       mobbSpinner2.error({ text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed" });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "0.0.59",
+  "version": "0.0.61",
   "description": "Automated secure code remediation tool",
   "repository": "https://github.com/mobb-dev/bugsy",
   "main": "dist/index.js",
@@ -49,6 +49,7 @@
     "supports-color": "9.4.0",
     "tar": "6.2.0",
     "tmp": "0.2.1",
+    "uuid": "9.0.0",
     "yargs": "17.7.2",
     "zod": "3.22.3"
   },
@@ -63,6 +64,7 @@
     "@types/semver": "7.5.0",
     "@types/tar": "^6.1.6",
     "@types/tmp": "0.2.3",
+    "@types/uuid": "9.0.1",
     "@types/yargs": "17.0.24",
     "@typescript-eslint/eslint-plugin": "5.44.0",
     "@typescript-eslint/parser": "5.44.0",