mobbdev 0.0.85 → 0.0.87

package/dist/index.mjs

@@ -1085,7 +1085,7 @@ import { Octokit } from "octokit";
 import { z as z3 } from "zod";
 
 // src/features/analysis/scm/urlParser.ts
-function getRepoInfo(pathname, hostname) {
+function getRepoInfo(pathname, hostname, scmType) {
   const hostnameParts = hostname.split(".");
   if (hostnameParts.length === 3 && hostnameParts[1] === "visualstudio" && hostnameParts[2] === "com") {
     if (pathname.length === 2 && pathname[0] === "_git") {
@@ -1103,7 +1103,7 @@ function getRepoInfo(pathname, hostname) {
       };
     }
   }
-  if (hostname === "dev.azure.com") {
+  if (hostname === "dev.azure.com" || scmType === "Ado" /* Ado */) {
     if (pathname.length === 3 && pathname[1] === "_git") {
       return {
         organization: pathname[0],
@@ -1119,7 +1119,7 @@ function getRepoInfo(pathname, hostname) {
       };
     }
   }
-  if (hostname === "github.com") {
+  if (hostname === "github.com" || scmType === "GitHub" /* GitHub */) {
     if (pathname.length === 2) {
       return {
         organization: pathname[0],
@@ -1128,7 +1128,7 @@ function getRepoInfo(pathname, hostname) {
       };
     }
   }
-  if (hostname === "gitlab.com") {
+  if (hostname === "gitlab.com" || scmType === "GitLab" /* GitLab */) {
     if (pathname.length >= 2) {
       return {
         organization: pathname[0],
@@ -1140,12 +1140,12 @@ function getRepoInfo(pathname, hostname) {
   return null;
 }
 var NAME_REGEX = /[a-z0-9\-_.+]+/i;
-var parseScmURL = (scmURL) => {
+var parseScmURL = (scmURL, scmType) => {
   try {
     const url = new URL(scmURL);
     const hostname = url.hostname.toLowerCase();
     const projectPath = url.pathname.substring(1).replace(/.git$/i, "");
-    const repo = getRepoInfo(projectPath.split("/"), hostname);
+    const repo = getRepoInfo(projectPath.split("/"), hostname, scmType);
     if (!repo)
       return null;
     const { organization, repoName, projectName } = repo;
@@ -1165,6 +1165,22 @@ var parseScmURL = (scmURL) => {
     return null;
   }
 };
+var sanityRepoURL = (scmURL) => {
+  try {
+    const url = new URL(scmURL);
+    const projectPath = url.pathname.substring(1).replace(/.git$/i, "");
+    const pathParts = projectPath.split("/");
+    if (pathParts.length < 2)
+      return false;
+    if (pathParts.length > 4)
+      return false;
+    if (pathParts.some((part) => !part.match(NAME_REGEX)))
+      return false;
+    return true;
+  } catch (e) {
+    return null;
+  }
+};
 
 // src/features/analysis/scm/github/github.ts
 function removeTrailingSlash(str) {
@@ -1445,7 +1461,7 @@ async function getCommit({
 }
 function parseGithubOwnerAndRepo(gitHubUrl) {
   gitHubUrl = removeTrailingSlash(gitHubUrl);
-  const parsingResult = parseScmURL(gitHubUrl);
+  const parsingResult = parseScmURL(gitHubUrl, "GitHub" /* GitHub */);
   if (!parsingResult || parsingResult.hostname !== "github.com") {
     throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
   }
@@ -1650,6 +1666,7 @@ function deleteGeneralPrComment(client, params) {
 // src/features/analysis/scm/gitlab.ts
 import querystring from "node:querystring";
 import { Gitlab } from "@gitbeaker/rest";
+import { ProxyAgent } from "undici";
 import { z as z4 } from "zod";
 function removeTrailingSlash2(str) {
   return str.trim().replace(/\/+$/, "");
@@ -1660,17 +1677,19 @@ var EnvVariablesZod2 = z4.object({
 var { GITLAB_API_TOKEN } = EnvVariablesZod2.parse(process.env);
 function getGitBeaker(options) {
   const token = options?.gitlabAuthToken ?? GITLAB_API_TOKEN ?? "";
+  const url = options.url;
+  const host = url ? new URL(url).origin : "https://gitlab.com";
   if (token?.startsWith("glpat-") || token === "") {
-    return new Gitlab({ token });
+    return new Gitlab({ token, host });
   }
-  return new Gitlab({ oauthToken: token });
+  return new Gitlab({ oauthToken: token, host });
 }
 async function gitlabValidateParams({
   url,
   accessToken
 }) {
   try {
-    const api2 = getGitBeaker({ gitlabAuthToken: accessToken });
+    const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
     if (accessToken) {
       await api2.Users.showCurrentUser();
     }
@@ -1691,8 +1710,8 @@ async function gitlabValidateParams({
     throw e;
   }
 }
-async function getGitlabUsername(accessToken) {
-  const api2 = getGitBeaker({ gitlabAuthToken: accessToken });
+async function getGitlabUsername(url, accessToken) {
+  const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
   const res = await api2.Users.showCurrentUser();
   return res.username;
 }
@@ -1703,7 +1722,7 @@ async function getGitlabIsUserCollaborator({
 }) {
   try {
     const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-    const api2 = getGitBeaker({ gitlabAuthToken: accessToken });
+    const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
     const res = await api2.Projects.show(projectPath);
     const members = await api2.ProjectMembers.all(res.id, {
       includeInherited: true
@@ -1719,7 +1738,7 @@ async function getGitlabMergeRequestStatus({
   mrNumber
 }) {
   const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const api2 = getGitBeaker({ gitlabAuthToken: accessToken });
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
   const res = await api2.MergeRequests.show(projectPath, mrNumber);
   switch (res.state) {
     case "merged" /* merged */:
@@ -1736,7 +1755,7 @@ async function getGitlabIsRemoteBranch({
   branch
 }) {
   const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const api2 = getGitBeaker({ gitlabAuthToken: accessToken });
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
   try {
     const res = await api2.Branches.show(projectPath, branch);
     return res.name === branch;
@@ -1744,8 +1763,8 @@ async function getGitlabIsRemoteBranch({
     return false;
   }
 }
-async function getGitlabRepoList(accessToken) {
-  const api2 = getGitBeaker({ gitlabAuthToken: accessToken });
+async function getGitlabRepoList(url, accessToken) {
+  const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
   const res = await api2.Projects.all({
     membership: true,
     //TODO: a bug in the sorting mechanism of this api call
@@ -1778,7 +1797,7 @@ async function getGitlabBranchList({
   repoUrl
 }) {
   const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const api2 = getGitBeaker({ gitlabAuthToken: accessToken });
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
   try {
     const res = await api2.Branches.all(projectPath, {
       perPage: 100,
@@ -1793,7 +1812,10 @@ async function getGitlabBranchList({
 }
 async function createMergeRequest(options) {
   const { projectPath } = parseGitlabOwnerAndRepo(options.repoUrl);
-  const api2 = getGitBeaker({ gitlabAuthToken: options.accessToken });
+  const api2 = getGitBeaker({
+    url: options.repoUrl,
+    gitlabAuthToken: options.accessToken
+  });
   const res = await api2.MergeRequests.create(
     projectPath,
     options.sourceBranchName,
@@ -1806,7 +1828,10 @@ async function createMergeRequest(options) {
   return res.iid;
 }
 async function getGitlabRepoDefaultBranch(repoUrl, options) {
-  const api2 = getGitBeaker({ gitlabAuthToken: options?.gitlabAuthToken });
+  const api2 = getGitBeaker({
+    url: repoUrl,
+    gitlabAuthToken: options?.gitlabAuthToken
+  });
   const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
   const project = await api2.Projects.show(projectPath);
   if (!project.default_branch) {
@@ -1816,7 +1841,10 @@ async function getGitlabRepoDefaultBranch(repoUrl, options) {
 }
 async function getGitlabReferenceData({ ref, gitlabUrl }, options) {
   const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
-  const api2 = getGitBeaker({ gitlabAuthToken: options?.gitlabAuthToken });
+  const api2 = getGitBeaker({
+    url: gitlabUrl,
+    gitlabAuthToken: options?.gitlabAuthToken
+  });
   const results = await Promise.allSettled([
     (async () => {
       const res = await api2.Branches.show(projectPath, ref);
@@ -1857,8 +1885,8 @@ async function getGitlabReferenceData({ ref, gitlabUrl }, options) {
 }
 function parseGitlabOwnerAndRepo(gitlabUrl) {
   gitlabUrl = removeTrailingSlash2(gitlabUrl);
-  const parsingResult = parseScmURL(gitlabUrl);
-  if (!parsingResult || parsingResult.hostname !== "gitlab.com") {
+  const parsingResult = parseScmURL(gitlabUrl, "GitLab" /* GitLab */);
+  if (!parsingResult || !parsingResult.repoName) {
     throw new InvalidUrlPatternError(`invalid gitlab repo Url ${gitlabUrl}`);
   }
   const { organization, repoName, projectPath } = parsingResult;
@@ -1866,7 +1894,10 @@ function parseGitlabOwnerAndRepo(gitlabUrl) {
 }
 async function getGitlabBlameRanges({ ref, gitlabUrl, path: path9 }, options) {
   const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
-  const api2 = getGitBeaker({ gitlabAuthToken: options?.gitlabAuthToken });
+  const api2 = getGitBeaker({
+    url: gitlabUrl,
+    gitlabAuthToken: options?.gitlabAuthToken
+  });
   const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path9, ref);
   let lineNumber = 1;
   return resp.filter((range) => range.lines).map((range) => {
@@ -1889,6 +1920,24 @@ var GitlabAuthResultZ = z4.object({
   token_type: z4.string(),
   refresh_token: z4.string()
 });
+function initGitlabFetchMock() {
+  const globalFetch = global.fetch;
+  function myFetch(input, init) {
+    const stack = new Error().stack;
+    const parts = stack?.split("at ");
+    if (parts?.length && parts?.length >= 3 && parts[2]?.startsWith("defaultRequestHandler (") && parts[2]?.includes("/@gitbeaker/rest/dist/index.js") && (/^https?:\/\/[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}\//i.test(
+      input?.url
+    ) || "GITLAB_INTERNAL_DEV_HOST" in process.env && process.env["GITLAB_INTERNAL_DEV_HOST"] && input?.url?.startsWith(process.env["GITLAB_INTERNAL_DEV_HOST"]))) {
+      const dispatcher = new ProxyAgent(
+        process.env["GIT_PROXY_HOST"] || "http://tinyproxy:8888"
+      );
+      return globalFetch(input, { dispatcher });
+    }
+    return globalFetch(input, init);
+  }
+  global.fetch = myFetch;
+}
+initGitlabFetchMock();
 
 // src/features/analysis/scm/scmSubmit/index.ts
 import fs from "node:fs/promises";
@@ -1992,7 +2041,7 @@ function getCloudScmLibTypeFromUrl(url) {
     return void 0;
   }
   const urlObject = new URL(url);
-  const hostname = urlObject.hostname;
+  const hostname = urlObject.hostname.toLowerCase();
   if (hostname === "gitlab.com") {
     return "GITLAB" /* GITLAB */;
   }
@@ -2040,7 +2089,7 @@ function getScmConfig({
       //if we the user does an ADO oauth flow then the token is saved for dev.azure.com but
       //sometimes the user uses the url dev.azure.com and sometimes the url visualstudio.com
       //so we need to check both
-      (urlObject.hostname === configUrl.hostname || urlObject.hostname.endsWith(".visualstudio.com") && configUrl.hostname === "dev.azure.com") && urlObject.protocol === configUrl.protocol && urlObject.port === configUrl.port
+      (urlObject.hostname.toLowerCase() === configUrl.hostname.toLowerCase() || urlObject.hostname.toLowerCase().endsWith(".visualstudio.com") && configUrl.hostname.toLowerCase() === "dev.azure.com") && urlObject.protocol === configUrl.protocol && urlObject.port === configUrl.port
     );
   });
   const scmOrgConfig = filteredScmConfigs.find((scm) => scm.orgId && scm.token);
@@ -2428,7 +2477,7 @@ var GitlabSCMLib = class extends SCMLib {
       console.error("no access token");
       throw new Error("no access token");
     }
-    return getGitlabRepoList(this.accessToken);
+    return getGitlabRepoList(this.url, this.accessToken);
   }
   async getBranchList() {
     if (!this.accessToken || !this.url) {
@@ -2491,7 +2540,7 @@ var GitlabSCMLib = class extends SCMLib {
       console.error("no access token");
       throw new Error("no access token");
     }
-    return getGitlabUsername(this.accessToken);
+    return getGitlabUsername(this.url, this.accessToken);
   }
   async getSubmitRequestStatus(scmSubmitRequestId) {
     if (!this.accessToken || !this.url) {
@@ -2522,6 +2571,7 @@ var GitlabSCMLib = class extends SCMLib {
     return await getGitlabBlameRanges(
       { ref, path: path9, gitlabUrl: this.url },
       {
+        url: this.url,
         gitlabAuthToken: this.accessToken
       }
     );
@@ -2534,6 +2584,7 @@ var GitlabSCMLib = class extends SCMLib {
     return await getGitlabReferenceData(
       { ref, gitlabUrl: this.url },
       {
+        url: this.url,
         gitlabAuthToken: this.accessToken
       }
     );
@@ -2544,6 +2595,7 @@ var GitlabSCMLib = class extends SCMLib {
       throw new Error("no url");
     }
     return await getGitlabRepoDefaultBranch(this.url, {
+      url: this.url,
       gitlabAuthToken: this.accessToken
     });
   }
@@ -3228,7 +3280,9 @@ function getAdoDownloadUrl({
   branch
 }) {
   const { owner, repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-  return `https://dev.azure.com/${owner}/${projectName}/_apis/git/repositories/${repo}/items/items?path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
+  const url = new URL(repoUrl);
+  const origin = url.origin.toLowerCase().endsWith(".visualstudio.com") ? "https://dev.azure.com" : url.origin.toLowerCase();
+  return `${origin}/${owner}/${projectName}/_apis/git/repositories/${repo}/items/items?path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
 }
 async function getAdoBranchList({
   accessToken,
@@ -3398,7 +3452,7 @@ async function getAdoReferenceData({
 }
 function parseAdoOwnerAndRepo(adoUrl) {
   adoUrl = removeTrailingSlash3(adoUrl);
-  const parsingResult = parseScmURL(adoUrl);
+  const parsingResult = parseScmURL(adoUrl, "Ado" /* Ado */);
   if (!parsingResult || parsingResult.hostname !== "dev.azure.com" && !parsingResult.hostname.endsWith(".visualstudio.com")) {
     throw new InvalidUrlPatternError(`invalid ADO repo URL: ${adoUrl}`);
   }
@@ -4938,7 +4992,7 @@ Example:
 }
 var UrlZ = z11.string({
   invalid_type_error: "is not a valid GitHub / GitLab / ADO URL"
-}).refine((data) => !!parseScmURL(data), {
+}).refine((data) => !!sanityRepoURL(data), {
   message: "is not a valid GitHub / GitLab / ADO URL"
 });
 function validateRepoUrl(args) {
@@ -5103,10 +5157,10 @@ function validateAddScmTokenOptions(argv) {
     );
   }
   const urlObj = new URL(argv.url);
-  if (urlObj.hostname === "github.com" && !argv.username) {
+  if (urlObj.hostname.toLowerCase() === "github.com" && !argv.username) {
     throw new CliError("\nError: --username flag is required for GitHub");
   }
-  if ((urlObj.hostname === "dev.azure.com" || urlObj.hostname.endsWith(".visualstudio.com")) && !argv.organization) {
+  if ((urlObj.hostname.toLowerCase() === "dev.azure.com" || urlObj.hostname.toLowerCase().endsWith(".visualstudio.com")) && !argv.organization) {
     throw new CliError(
       "\nError: --organization flag is required for Azure DevOps"
     );

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "0.0.85",
+  "version": "0.0.87",
   "description": "Automated secure code remediation tool",
   "repository": "https://github.com/mobb-dev/bugsy",
   "main": "dist/index.js",
@@ -58,6 +58,7 @@
     "supports-color": "9.4.0",
     "tar": "6.2.0",
     "tmp": "0.2.1",
+    "undici": "6.7.0",
     "uuid": "9.0.1",
     "ws": "8.10.0",
     "yargs": "17.7.2",