mobbdev 0.0.90 → 0.0.92

package/dist/index.mjs

@@ -118,6 +118,7 @@ __export(utils_exports, {
   CliError: () => CliError,
   Spinner: () => Spinner,
   getDirName: () => getDirName,
+  getTopLevelDirName: () => getTopLevelDirName,
   keypress: () => keypress,
   sleep: () => sleep
 });
@@ -128,6 +129,9 @@ import { fileURLToPath as fileURLToPath2 } from "node:url";
 function getDirName() {
   return path2.dirname(fileURLToPath2(import.meta.url));
 }
+function getTopLevelDirName(fullPath) {
+  return path2.parse(fullPath).name;
+}
 
 // src/utils/keypress.ts
 import readline from "node:readline";
@@ -181,12 +185,13 @@ import fetch3 from "node-fetch";
 import open2 from "open";
 import semver from "semver";
 import tmp2 from "tmp";
-import { z as z10 } from "zod";
+import { z as z11 } from "zod";
 
 // src/features/analysis/git.ts
 import Debug2 from "debug";
 import { simpleGit } from "simple-git";
 var debug2 = Debug2("mobbdev:git");
+var GIT_NOT_INITIALIZED_ERROR_MESSAGE = "not a git repository";
 async function getGitInfo(srcDirPath) {
   debug2("getting git info for %s", srcDirPath);
   const git = simpleGit({
@@ -206,8 +211,14 @@ async function getGitInfo(srcDirPath) {
       debug2("failed to run git %o", e);
       if (e.message.includes(" spawn ")) {
         debug2("git cli not installed");
-      } else if (e.message.includes(" not a git repository ")) {
+      } else if (e.message.includes(GIT_NOT_INITIALIZED_ERROR_MESSAGE)) {
         debug2("folder is not a git repo");
+        return {
+          success: false,
+          hash: void 0,
+          reference: void 0,
+          repoUrl: void 0
+        };
       } else {
         throw e;
       }
@@ -221,6 +232,7 @@ async function getGitInfo(srcDirPath) {
     repoUrl = repoUrl.replace("git@github.com:", "https://github.com/");
   }
   return {
+    success: true,
     repoUrl,
     hash,
     reference
@@ -1081,16 +1093,16 @@ var GQLClient = class {
 import { Octokit as Octokit3 } from "@octokit/core";
 import Debug4 from "debug";
 import parseDiff from "parse-diff";
-import { z as z9 } from "zod";
+import { z as z10 } from "zod";
 
 // src/features/analysis/scm/ado.ts
 import querystring2 from "node:querystring";
 import * as api from "azure-devops-node-api";
-import { z as z8 } from "zod";
+import { z as z9 } from "zod";
 
 // src/features/analysis/scm/scm.ts
 import { Octokit as Octokit2 } from "@octokit/core";
-import { z as z7 } from "zod";
+import { z as z8 } from "zod";
 
 // src/features/analysis/scm/github/encryptSecret.ts
 import sodium from "libsodium-wrappers";
@@ -1686,18 +1698,30 @@ function deleteGeneralPrComment(client, params) {
   return client.request(DELETE_GENERAL_PR_COMMENT, params);
 }
 
-// src/features/analysis/scm/gitlab.ts
+// src/features/analysis/scm/gitlab/gitlab.ts
 import querystring from "node:querystring";
-import { Gitlab } from "@gitbeaker/rest";
+import {
+  Gitlab
+} from "@gitbeaker/rest";
 import { ProxyAgent } from "undici";
+import { z as z5 } from "zod";
+
+// src/features/analysis/scm/gitlab/types.ts
 import { z as z4 } from "zod";
+var GitlabAuthResultZ = z4.object({
+  access_token: z4.string(),
+  token_type: z4.string(),
+  refresh_token: z4.string()
+});
+
+// src/features/analysis/scm/gitlab/gitlab.ts
+var EnvVariablesZod2 = z5.object({
+  GITLAB_API_TOKEN: z5.string().optional()
+});
+var { GITLAB_API_TOKEN } = EnvVariablesZod2.parse(process.env);
 function removeTrailingSlash2(str) {
   return str.trim().replace(/\/+$/, "");
 }
-var EnvVariablesZod2 = z4.object({
-  GITLAB_API_TOKEN: z4.string().optional()
-});
-var { GITLAB_API_TOKEN } = EnvVariablesZod2.parse(process.env);
 function getGitBeaker(options) {
   const token = options?.gitlabAuthToken ?? GITLAB_API_TOKEN ?? "";
   const url = options.url;
@@ -1850,6 +1874,18 @@ async function createMergeRequest(options) {
   );
   return res.iid;
 }
+async function getGitlabMergeRequest({
+  url,
+  prNumber,
+  accessToken
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(url);
+  const api2 = getGitBeaker({
+    url,
+    gitlabAuthToken: accessToken
+  });
+  return await api2.MergeRequests.show(projectPath, prNumber);
+}
 async function getGitlabRepoDefaultBranch(repoUrl, options) {
   const api2 = getGitBeaker({
     url: repoUrl,
@@ -1938,11 +1974,6 @@ async function getGitlabBlameRanges({ ref, gitlabUrl, path: path9 }, options) {
     };
   });
 }
-var GitlabAuthResultZ = z4.object({
-  access_token: z4.string(),
-  token_type: z4.string(),
-  refresh_token: z4.string()
-});
 function initGitlabFetchMock() {
   const globalFetch = global.fetch;
   function myFetch(input, init) {
@@ -1968,77 +1999,77 @@ import os from "os";
 import path3 from "path";
 import { simpleGit as simpleGit2 } from "simple-git";
 import tmp from "tmp";
-import { z as z6 } from "zod";
+import { z as z7 } from "zod";
 
 // src/features/analysis/scm/scmSubmit/types.ts
-import { z as z5 } from "zod";
-var BaseSubmitToScmMessageZ = z5.object({
-  submitFixRequestId: z5.string().uuid(),
-  fixes: z5.array(
-    z5.object({
-      fixId: z5.string().uuid(),
-      diff: z5.string()
+import { z as z6 } from "zod";
+var BaseSubmitToScmMessageZ = z6.object({
+  submitFixRequestId: z6.string().uuid(),
+  fixes: z6.array(
+    z6.object({
+      fixId: z6.string().uuid(),
+      diff: z6.string()
     })
   ),
-  commitHash: z5.string(),
-  repoUrl: z5.string()
+  commitHash: z6.string(),
+  repoUrl: z6.string()
 });
 var submitToScmMessageType = {
   commitToSameBranch: "commitToSameBranch",
   submitFixesForDifferentBranch: "submitFixesForDifferentBranch"
 };
 var CommitToSameBranchParamsZ = BaseSubmitToScmMessageZ.merge(
-  z5.object({
-    type: z5.literal(submitToScmMessageType.commitToSameBranch),
-    branch: z5.string(),
-    commitMessage: z5.string(),
-    commitDescription: z5.string().nullish(),
-    githubCommentId: z5.number().nullish()
+  z6.object({
+    type: z6.literal(submitToScmMessageType.commitToSameBranch),
+    branch: z6.string(),
+    commitMessage: z6.string(),
+    commitDescription: z6.string().nullish(),
+    githubCommentId: z6.number().nullish()
   })
 );
-var SubmitFixesToDifferentBranchParamsZ = z5.object({
-  type: z5.literal(submitToScmMessageType.submitFixesForDifferentBranch),
-  submitBranch: z5.string(),
-  baseBranch: z5.string()
+var SubmitFixesToDifferentBranchParamsZ = z6.object({
+  type: z6.literal(submitToScmMessageType.submitFixesForDifferentBranch),
+  submitBranch: z6.string(),
+  baseBranch: z6.string()
 }).merge(BaseSubmitToScmMessageZ);
-var SubmitFixesMessageZ = z5.union([
+var SubmitFixesMessageZ = z6.union([
   CommitToSameBranchParamsZ,
   SubmitFixesToDifferentBranchParamsZ
 ]);
-var FixResponseArrayZ = z5.array(
-  z5.object({
-    fixId: z5.string().uuid()
+var FixResponseArrayZ = z6.array(
+  z6.object({
+    fixId: z6.string().uuid()
   })
 );
-var SubmitFixesBaseResponseMessageZ = z5.object({
-  submitFixRequestId: z5.string().uuid(),
-  submitBranches: z5.array(
-    z5.object({
-      branchName: z5.string(),
+var SubmitFixesBaseResponseMessageZ = z6.object({
+  submitFixRequestId: z6.string().uuid(),
+  submitBranches: z6.array(
+    z6.object({
+      branchName: z6.string(),
       fixes: FixResponseArrayZ
     })
   ),
-  error: z5.object({
-    type: z5.enum([
+  error: z6.object({
+    type: z6.enum([
       "InitialRepoAccessError",
       "PushBranchError",
       "UnknownError"
     ]),
-    info: z5.object({
-      message: z5.string(),
-      pushBranchName: z5.string().optional()
+    info: z6.object({
+      message: z6.string(),
+      pushBranchName: z6.string().optional()
     })
   }).optional()
 });
-var SubmitFixesToSameBranchResponseMessageZ = z5.object({
-  type: z5.literal(submitToScmMessageType.commitToSameBranch),
-  githubCommentId: z5.number().nullish()
+var SubmitFixesToSameBranchResponseMessageZ = z6.object({
+  type: z6.literal(submitToScmMessageType.commitToSameBranch),
+  githubCommentId: z6.number().nullish()
 }).merge(SubmitFixesBaseResponseMessageZ);
-var SubmitFixesToDifferentBranchResponseMessageZ = z5.object({
-  type: z5.literal(submitToScmMessageType.submitFixesForDifferentBranch),
-  githubCommentId: z5.number().optional()
+var SubmitFixesToDifferentBranchResponseMessageZ = z6.object({
+  type: z6.literal(submitToScmMessageType.submitFixesForDifferentBranch),
+  githubCommentId: z6.number().optional()
 }).merge(SubmitFixesBaseResponseMessageZ);
-var SubmitFixesResponseMessageZ = z5.discriminatedUnion("type", [
+var SubmitFixesResponseMessageZ = z6.discriminatedUnion("type", [
   SubmitFixesToSameBranchResponseMessageZ,
   SubmitFixesToDifferentBranchResponseMessageZ
 ]);
@@ -2056,7 +2087,7 @@ var isValidBranchName = async (branchName) => {
     return false;
   }
 };
-var FixesZ = z6.array(z6.object({ fixId: z6.string(), diff: z6.string() })).nonempty();
+var FixesZ = z7.array(z7.object({ fixId: z7.string(), diff: z7.string() })).nonempty();
 
 // src/features/analysis/scm/scm.ts
 function getCloudScmLibTypeFromUrl(url) {
@@ -2276,6 +2307,14 @@ var SCMLib = class {
     }
     return new StubSCMLib(trimmedUrl, void 0, void 0);
   }
+  _validateAccessTokenAndUrl() {
+    if (!this.accessToken) {
+      throw new InvalidAccessTokenError("no access token");
+    }
+    if (!this.url) {
+      throw new InvalidRepoUrlError("no url");
+    }
+  }
 };
 var AdoSCMLib = class extends SCMLib {
   updatePrComment(_params, _oktokit) {
@@ -2442,8 +2481,9 @@ var AdoSCMLib = class extends SCMLib {
       accessToken: this.accessToken
     });
   }
-  getPr() {
-    throw new Error("Method not implemented.");
+  getPrUrl(prNumber) {
+    this._validateAccessTokenAndUrl();
+    return Promise.resolve(getAdoPrUrl({ prNumber, url: this.url }));
   }
   postGeneralPrComment() {
     throw new Error("Method not implemented.");
@@ -2628,8 +2668,14 @@ var GitlabSCMLib = class extends SCMLib {
   updatePrComment(_params, _oktokit) {
     throw new Error("updatePrComment not implemented.");
   }
-  getPr() {
-    throw new Error("Method not implemented.");
+  async getPrUrl(prNumber) {
+    this._validateAccessTokenAndUrl();
+    const res = await getGitlabMergeRequest({
+      url: this.url,
+      prNumber,
+      accessToken: this.accessToken
+    });
+    return res.web_url;
   }
   postGeneralPrComment() {
     throw new Error("Method not implemented.");
@@ -2774,7 +2820,7 @@ var GithubSCMLib = class extends SCMLib {
       owner,
       repo
     });
-    return z7.string().parse(prRes.data);
+    return z8.string().parse(prRes.data);
   }
   async getRepoList(_scmOrg) {
     if (!this.accessToken) {
@@ -2896,17 +2942,18 @@ var GithubSCMLib = class extends SCMLib {
       githubAuthToken: this.accessToken
     });
   }
-  async getPr(prNumber) {
+  async getPrUrl(prNumber) {
     if (!this.url || !this.oktokit) {
       console.error("no url");
       throw new Error("no url");
     }
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return getPr(this.oktokit, {
+    const getPrRes = await getPr(this.oktokit, {
       owner,
       repo,
       pull_number: prNumber
     });
+    return getPrRes.data.html_url;
   }
   async postGeneralPrComment(params, auth) {
     const { prNumber, body } = params;
@@ -3032,7 +3079,7 @@ var StubSCMLib = class extends SCMLib {
     console.error("updatePrComment() not implemented");
     throw new Error("updatePrComment() not implemented");
   }
-  async getPr() {
+  async getPrUrl(_prNumber) {
     console.error("getPr() not implemented");
     throw new Error("getPr() not implemented");
   }
@@ -3052,22 +3099,22 @@ function removeTrailingSlash3(str) {
   return str.trim().replace(/\/+$/, "");
 }
 async function _getOrgsForOauthToken({ oauthToken }) {
-  const profileZ = z8.object({
-    displayName: z8.string(),
-    publicAlias: z8.string().min(1),
-    emailAddress: z8.string(),
-    coreRevision: z8.number(),
-    timeStamp: z8.string(),
-    id: z8.string(),
-    revision: z8.number()
+  const profileZ = z9.object({
+    displayName: z9.string(),
+    publicAlias: z9.string().min(1),
+    emailAddress: z9.string(),
+    coreRevision: z9.number(),
+    timeStamp: z9.string(),
+    id: z9.string(),
+    revision: z9.number()
   });
-  const accountsZ = z8.object({
-    count: z8.number(),
-    value: z8.array(
-      z8.object({
-        accountId: z8.string(),
-        accountUri: z8.string(),
-        accountName: z8.string()
+  const accountsZ = z9.object({
+    count: z9.number(),
+    value: z9.array(
+      z9.object({
+        accountId: z9.string(),
+        accountUri: z9.string(),
+        accountName: z9.string()
       })
     )
   });
@@ -3298,6 +3345,12 @@ async function getAdoRepoList({
   }, []);
   return repos;
 }
+function getAdoPrUrl({
+  url,
+  prNumber
+}) {
+  return `${url}/pullrequest/${prNumber}`;
+}
 function getAdoDownloadUrl({
   repoUrl,
   branch
@@ -3491,10 +3544,10 @@ function parseAdoOwnerAndRepo(adoUrl) {
 async function getAdoBlameRanges() {
   return [];
 }
-var AdoAuthResultZ = z8.object({
-  access_token: z8.string().min(1),
-  token_type: z8.string().min(1),
-  refresh_token: z8.string().min(1)
+var AdoAuthResultZ = z9.object({
+  access_token: z9.string().min(1),
+  token_type: z9.string().min(1),
+  refresh_token: z9.string().min(1)
 });
 
 // src/features/analysis/scm/constants.ts
@@ -3675,7 +3728,7 @@ async function getRelevantVulenrabilitiesFromDiff(params) {
     });
     const lineAddedRanges = calculateRanges(fileNumbers);
     const fileFilter = {
-      path: z9.string().parse(file.to),
+      path: z10.string().parse(file.to),
       ranges: lineAddedRanges.map(([startLine, endLine]) => ({
         endLine,
         startLine
@@ -4566,8 +4619,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
         analysisId,
         gqlClient,
         scm,
-        githubActionToken: z10.string().parse(githubActionToken),
-        scanner: z10.nativeEnum(SCANNERS).parse(scanner)
+        githubActionToken: z11.string().parse(githubActionToken),
+        scanner: z11.nativeEnum(SCANNERS).parse(scanner)
       })
     );
   }
@@ -4579,7 +4632,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     try {
       const sumbitRes = await gqlClient.submitVulnerabilityReport({
         fixReportId: reportUploadInfo.fixReportId,
-        repoUrl: z10.string().parse(repo),
+        repoUrl: z11.string().parse(repo),
         reference,
         projectId,
         vulnerabilityReportFileName: "report.json",
@@ -4795,9 +4848,9 @@ async function _scan(params, { skipPrompts = false } = {}) {
       await gqlClient.submitVulnerabilityReport({
         fixReportId: reportUploadInfo.fixReportId,
         projectId,
-        repoUrl: repo || gitInfo.repoUrl,
-        reference: gitInfo.reference,
-        sha: commitHash || gitInfo.hash
+        repoUrl: repo || gitInfo.repoUrl || getTopLevelDirName(srcPath),
+        reference: gitInfo.reference || "no-branch",
+        sha: commitHash || gitInfo.hash || "0123456789abcdef"
       });
     } catch (e) {
       mobbSpinner2.error({ text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed" });
@@ -4998,7 +5051,7 @@ var scmTokenOption = {
 // src/args/validation.ts
 import chalk6 from "chalk";
 import path8 from "path";
-import { z as z11 } from "zod";
+import { z as z12 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
   repoUrl,
@@ -5015,7 +5068,7 @@ Example:
   )}`;
   throw new CliError(formattedErrorMessage);
 }
-var UrlZ = z11.string({
+var UrlZ = z12.string({
   invalid_type_error: "is not a valid GitHub / GitLab / ADO URL"
 }).refine((data) => !!sanityRepoURL(data), {
   message: "is not a valid GitHub / GitLab / ADO URL"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "0.0.90",
+  "version": "0.0.92",
   "description": "Automated secure code remediation tool",
   "repository": "https://github.com/mobb-dev/bugsy",
   "main": "dist/index.js",