mobbdev 0.0.68 → 0.0.70

package/dist/index.mjs

@@ -274,6 +274,7 @@ var SUBMIT_VULNERABILITY_REPORT = gql`
     $reference: String!
     $projectId: String!
     $sha: String
+    $experimentalEnabled: Boolean
     $vulnerabilityReportFileName: String
     $pullRequest: Int
   ) {
@@ -282,6 +283,7 @@ var SUBMIT_VULNERABILITY_REPORT = gql`
       repoUrl: $repoUrl
       reference: $reference
       sha: $sha
+      experimentalEnabled: $experimentalEnabled
       pullRequest: $pullRequest
       projectId: $projectId
       vulnerabilityReportFileName: $vulnerabilityReportFileName
@@ -813,6 +815,7 @@ var GQLClient = class {
       reference,
       projectId,
       sha,
+      experimentalEnabled,
       vulnerabilityReportFileName,
       pullRequest
     } = params;
@@ -823,7 +826,8 @@ var GQLClient = class {
       vulnerabilityReportFileName,
       projectId,
       pullRequest,
-      sha: sha || ""
+      sha: sha || "",
+      experimentalEnabled
     });
     return CreateUpdateFixReportMutationZ.parse(res);
   }
@@ -1311,6 +1315,75 @@ async function getGithubBlameRanges({ ref, gitHubUrl, path: path8 }, options) {
     login: range.commit.author.user.login
   }));
 }
+async function createPr({
+  sourceRepoUrl,
+  sourceFilePath,
+  targetFilePath,
+  userRepoUrl,
+  title
+}, options) {
+  const oktoKit = getOktoKit(options);
+  const { owner: sourceOwner, repo: sourceRepo } = parseOwnerAndRepo(sourceRepoUrl);
+  const { owner, repo } = parseOwnerAndRepo(userRepoUrl);
+  const sourceFileContentResponse = await oktoKit.rest.repos.getContent({
+    owner: sourceOwner,
+    repo: sourceRepo,
+    path: "/" + sourceFilePath
+  });
+  const { data: repository } = await oktoKit.rest.repos.get({ owner, repo });
+  const defaultBranch = repository.default_branch;
+  const newBranchName = `mobb/workflow-${Date.now()}`;
+  oktoKit.rest.git.createRef({
+    owner,
+    repo,
+    ref: `refs/heads/${newBranchName}`,
+    sha: await oktoKit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
+  });
+  const decodedContent = Buffer.from(
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    sourceFileContentResponse.data.content,
+    "base64"
+  ).toString("utf-8");
+  const createTreeResponse = await oktoKit.rest.git.createTree({
+    owner,
+    repo,
+    base_tree: await oktoKit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha),
+    tree: [
+      {
+        path: targetFilePath,
+        mode: "100644",
+        type: "blob",
+        content: decodedContent
+      }
+    ]
+  });
+  const createCommitResponse = await oktoKit.rest.git.createCommit({
+    owner,
+    repo,
+    message: "Add new yaml file",
+    tree: createTreeResponse.data.sha,
+    parents: [
+      await oktoKit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
+    ]
+  });
+  await oktoKit.rest.git.updateRef({
+    owner,
+    repo,
+    ref: `heads/${newBranchName}`,
+    sha: createCommitResponse.data.sha
+  });
+  const createPRResponse = await oktoKit.rest.pulls.create({
+    owner,
+    repo,
+    title,
+    head: newBranchName,
+    base: "main"
+  });
+  return {
+    pull_request_url: createPRResponse.data.html_url
+  };
+}
 
 // src/features/analysis/scm/github/consts.ts
 var POST_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments";
@@ -1607,6 +1680,9 @@ var GitlabSCMLib = class extends SCMLib {
     }
     throw new Error("not supported yet");
   }
+  async createPullRequestWithNewFile(_sourceRepoUrl, _sourceFilePath, _targetFilePath, _userRepoUrl, _title) {
+    throw new Error("not implemented");
+  }
   async getRepoList() {
     if (!this.accessToken) {
       console.error("no access token");
@@ -1791,6 +1867,21 @@ var GithubSCMLib = class extends SCMLib {
       repo
     });
   }
+  async createPullRequestWithNewFile(sourceRepoUrl, sourceFilePath, targetFilePath, userRepoUrl, title) {
+    const { pull_request_url } = await createPr(
+      {
+        sourceRepoUrl,
+        sourceFilePath,
+        targetFilePath,
+        userRepoUrl,
+        title
+      },
+      {
+        githubAuthToken: this.accessToken
+      }
+    );
+    return { pull_request_url };
+  }
   async validateParams() {
     return githubValidateParams(this.url, this.accessToken);
   }
@@ -2006,6 +2097,10 @@ var StubSCMLib = class extends SCMLib {
     console.error("forkRepo() not implemented");
     throw new Error("forkRepo() not implemented");
   }
+  async createPullRequestWithNewFile(_sourceRepoUrl, _sourceFilePath, _targetFilePath, _userRepoUrl, _title) {
+    console.error("createPullRequestWithNewFile() not implemented");
+    throw new Error("createPullRequestWithNewFile() not implemented");
+  }
   async getRepoList() {
     console.error("getBranchList() not implemented");
     throw new Error("getBranchList() not implemented");
@@ -3049,6 +3144,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     srcPath,
     commitHash,
     ref,
+    experimentalEnabled,
     scanner,
     cxProjectName,
     mobbProjectName,
@@ -3167,6 +3263,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
         projectId,
         vulnerabilityReportFileName: "report.json",
         sha,
+        experimentalEnabled,
         pullRequest: params.pullRequest
       });
       if (sumbitRes.submitVulnerabilityReport.__typename !== "VulnerabilityReport") {
@@ -3412,6 +3509,7 @@ async function review(params, { skipPrompts = true } = {}) {
       apiKey,
       ci: true,
       commitHash,
+      experimentalEnabled: false,
       mobbProjectName,
       pullRequest,
       githubToken,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "0.0.68",
+  "version": "0.0.70",
   "description": "Automated secure code remediation tool",
   "repository": "https://github.com/mobb-dev/bugsy",
   "main": "dist/index.js",