npm - mobbdev - Versions diffs - 1.0.1 → 1.0.4 - Mend

mobbdev 1.0.1 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +266 -189
package/package.json +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -21,12 +21,16 @@ var mobbCliCommand = {
 };
 // src/args/yargs.ts
-import chalk9 from "chalk";
+import chalk10 from "chalk";
 import yargs from "yargs/yargs";
 // src/args/commands/analyze.ts
 import fs5 from "node:fs";
+// src/commands/index.ts
+import crypto from "node:crypto";
+import os from "node:os";
 // src/constants.ts
 import path from "node:path";
 import { fileURLToPath } from "node:url";
@@ -144,6 +148,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
   IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
   IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
+  IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
   IssueType_Enum2["NoEquivalenceMethod"] = "NO_EQUIVALENCE_METHOD";
   IssueType_Enum2["NoLimitsOrThrottling"] = "NO_LIMITS_OR_THROTTLING";
   IssueType_Enum2["NullDereference"] = "NULL_DEREFERENCE";
@@ -159,6 +164,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["RegexInjection"] = "REGEX_INJECTION";
   IssueType_Enum2["SqlInjection"] = "SQL_Injection";
   IssueType_Enum2["Ssrf"] = "SSRF";
+  IssueType_Enum2["StringFormatMisuse"] = "STRING_FORMAT_MISUSE";
   IssueType_Enum2["SystemInformationLeak"] = "SYSTEM_INFORMATION_LEAK";
   IssueType_Enum2["SystemInformationLeakExternal"] = "SYSTEM_INFORMATION_LEAK_EXTERNAL";
   IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
@@ -414,6 +420,9 @@ var UpdateScmTokenDocument = `
       status
       error
     }
+    ... on RepoUnreachableError {
+      status
+    }
   }
 }
     `;
@@ -731,7 +740,9 @@ var issueTypeMap = {
   ["MISSING_CSP_HEADER" /* MissingCspHeader */]: "Missing CSP Header",
   ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML",
   ["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection",
-  ["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: "Client Code Injection"
+  ["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: "Client Code Injection",
+  ["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: "String Format Misuse",
+  ["NON_READONLY_FIELD" /* NonReadonlyField */]: "Non Readonly Field"
 };
 var issueTypeZ = z.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -1337,9 +1348,7 @@ var progressMassages = {
 var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 30;
 // src/features/analysis/index.ts
-import crypto from "node:crypto";
 import fs4 from "node:fs";
-import os from "node:os";
 import path7 from "node:path";
 import { pipeline } from "node:stream/promises";
@@ -1428,6 +1437,7 @@ import chalk4 from "chalk";
 import Configstore from "configstore";
 import Debug16 from "debug";
 import extract from "extract-zip";
+import { createSpinner as createSpinner4 } from "nanospinner";
 import fetch4 from "node-fetch";
 import open2 from "open";
 import tmp2 from "tmp";
@@ -1460,8 +1470,8 @@ import { z as z16 } from "zod";
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 import querystring from "node:querystring";
-import bitbucketPkg from "bitbucket";
 import * as bitbucketPkgNode from "bitbucket";
+import bitbucketPkg from "bitbucket";
 import Debug2 from "debug";
 import { z as z12 } from "zod";
@@ -1698,7 +1708,9 @@ var fixDetailsData = {
   ["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: {
     issueDescription: "Client DOM Stored Code Injection is a client-side security vulnerability where malicious JavaScript code gets stored in the DOM and later executed when retrieved by legitimate scripts.",
     fixInstructions: "Update the code to avoid the possibility for malicious JavaScript code to get stored in the DOM."
-  }
+  },
+  ["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: void 0,
+  ["NON_READONLY_FIELD" /* NonReadonlyField */]: void 0
 };
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -3643,7 +3655,10 @@ async function validateBitbucketParams(params) {
           throw new InvalidRepoUrlError(safeParseError.data.error.error.message);
       }
     }
-    throw e;
+    console.log("validateBitbucketParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access BB repo URL: ${params.url} with the provided access token`
+    );
   }
 }
 async function getUsersworkspacesSlugs(bitbucketClient) {
@@ -3816,7 +3831,10 @@ async function githubValidateParams(url, accessToken) {
     if (code === 404) {
       throw new InvalidRepoUrlError(`invalid github repo Url ${url}`);
     }
-    throw e;
+    console.log("githubValidateParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access GH repo URL: ${url} with the provided access token`
+    );
   }
 }
@@ -4252,7 +4270,10 @@ async function gitlabValidateParams({
     if (code === 404 || description.includes("404") || description.includes("Not Found")) {
       throw new InvalidRepoUrlError(`invalid gitlab repo URL: ${url}`);
     }
-    throw e;
+    console.log("gitlabValidateParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access gitlab repo URL: ${url} with the provided access token`
+    );
   }
 }
 async function getGitlabUsername(url, accessToken) {
@@ -5989,7 +6010,10 @@ async function adoValidateParams({
     if (code === 404 || description.includes("404") || description.includes("Not Found")) {
       throw new InvalidRepoUrlError(`invalid ADO repo URL ${url}`);
     }
-    throw e;
+    console.log("adoValidateParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access ADO repo URL: ${url} with the provided access token`
+    );
   }
 }
 async function getOrgsForOauthToken({
@@ -6794,8 +6818,8 @@ async function addFixCommentsForPr({
 import Debug8 from "debug";
 var debug8 = Debug8("mobbdev:handleAutoPr");
 async function handleAutoPr(params) {
-  const { gqlClient, analysisId, createSpinner: createSpinner4 } = params;
-  const createAutoPrSpinner = createSpinner4(
+  const { gqlClient, analysisId, createSpinner: createSpinner5 } = params;
+  const createAutoPrSpinner = createSpinner5(
     "\u{1F504} Waiting for the analysis to finish before initiating automatic pull request creation"
   ).start();
   return await gqlClient.subscribeToAnalysis({
@@ -7444,16 +7468,16 @@ function createSpwan({ args, processPath, name }, options) {
   return createChildProcess({ childProcess: child, name }, options);
 }
 function createChildProcess({ childProcess, name }, options) {
-  const debug16 = Debug12(`mobbdev:${name}`);
+  const debug17 = Debug12(`mobbdev:${name}`);
   const { display } = options;
   return new Promise((resolve, reject) => {
     let out = "";
     const onData = (chunk) => {
-      debug16(`chunk received from ${name} std ${chunk}`);
+      debug17(`chunk received from ${name} std ${chunk}`);
       out += chunk;
     };
     if (!childProcess || !childProcess?.stdout || !childProcess?.stderr) {
-      debug16(`unable to fork ${name}`);
+      debug17(`unable to fork ${name}`);
       reject(new Error(`unable to fork ${name}`));
     }
     childProcess.stdout?.on("data", onData);
@@ -7463,11 +7487,11 @@ function createChildProcess({ childProcess, name }, options) {
       childProcess.stderr?.pipe(process2.stderr);
     }
     childProcess.on("exit", (code) => {
-      debug16(`${name} exit code ${code}`);
+      debug17(`${name} exit code ${code}`);
       resolve({ message: out, code });
     });
     childProcess.on("error", (err) => {
-      debug16(`${name} error %o`, err);
+      debug17(`${name} error %o`, err);
       reject(err);
     });
   });
@@ -7691,8 +7715,7 @@ async function uploadFile({
 }
 // src/features/analysis/index.ts
-var { CliError: CliError2, Spinner: Spinner2, keypress: keypress2 } = utils_exports;
-var webLoginUrl = `${WEB_APP_URL}/cli-login`;
+var { CliError: CliError2, Spinner: Spinner2 } = utils_exports;
 function _getScanSource(command) {
   if (command === "review")
     return "AUTO_FIXER" /* AutoFixer */;
@@ -7705,8 +7728,8 @@ async function downloadRepo({
   dirname,
   ci
 }) {
-  const { createSpinner: createSpinner4 } = Spinner2({ ci });
-  const repoSpinner = createSpinner4("\u{1F4BE} Downloading Repo").start();
+  const { createSpinner: createSpinner5 } = Spinner2({ ci });
+  const repoSpinner = createSpinner5("\u{1F4BE} Downloading Repo").start();
   debug15("download repo %s %s %s", repoUrl, dirname);
   const zipFilePath = path7.join(dirname, "repo.zip");
   debug15("download URL: %s auth headers: %o", downloadUrl, authHeaders);
@@ -7735,11 +7758,6 @@ async function downloadRepo({
   repoSpinner.success({ text: "\u{1F4BE} Repo downloaded successfully" });
   return path7.join(dirname, repoRoot);
 }
-var LOGIN_MAX_WAIT = 10 * 60 * 1e3;
-var LOGIN_CHECK_DELAY = 5 * 1e3;
-var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk4.bgBlue(
-  "press any key to continue"
-)};`;
 var getReportUrl = ({
   organizationId,
   projectId,
@@ -7890,13 +7908,17 @@ async function _scan(params, { skipPrompts = false } = {}) {
     autoPr
   } = params;
   debug15("start %s %s", dirname, repo);
-  const { createSpinner: createSpinner4 } = Spinner2({ ci });
+  const { createSpinner: createSpinner5 } = Spinner2({ ci });
   skipPrompts = skipPrompts || ci;
   let gqlClient = new GQLClient({
     apiKey: apiKey || config2.get("apiToken"),
     type: "apiKey"
   });
-  await handleMobbLogin();
+  gqlClient = await handleMobbLogin({
+    inGqlClient: gqlClient,
+    skipPrompts,
+    apiKey
+  });
   const { projectId, organizationId } = await gqlClient.getOrgAndProjectId({
     projectName: mobbProjectName,
     userDefinedOrganizationId: userOrganizationId
@@ -7923,7 +7945,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
   });
   if (!isRepoAvailable) {
     if (ci || !cloudScmLibType || !scmAuthUrl) {
-      const errorMessage = scmAuthUrl ? `Cannot access repo ${repo}` : `Cannot access repo ${repo} with the provided token, please visit ${scmAuthUrl} to refresh your source control management system token`;
+      const errorMessage = scmAuthUrl ? `Cannot access repo ${repo}. Make sure that the repo is accessible and the SCM token configured on Mobb is correct.` : `Cannot access repo ${repo} with the provided token, please visit ${scmAuthUrl} to refresh your source control management system token`;
       throw new Error(errorMessage);
     }
     if (cloudScmLibType && scmAuthUrl) {
@@ -7976,7 +7998,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
   if (!reportPath) {
     throw new Error("reportPath is null");
   }
-  const uploadReportSpinner = createSpinner4("\u{1F4C1} Uploading Report").start();
+  const uploadReportSpinner = createSpinner5("\u{1F4C1} Uploading Report").start();
   try {
     await uploadFile({
       file: reportPath,
@@ -7988,8 +8010,14 @@ async function _scan(params, { skipPrompts = false } = {}) {
     uploadReportSpinner.error({ text: "\u{1F4C1} Report upload failed" });
     throw e;
   }
+  await _digestReport({
+    gqlClient,
+    fixReportId: reportUploadInfo.fixReportId,
+    projectId,
+    command
+  });
   uploadReportSpinner.success({ text: "\u{1F4C1} Report uploaded successfully" });
-  const mobbSpinner = createSpinner4("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
+  const mobbSpinner = createSpinner5("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
   const sendReportRes = await sendReport({
     gqlClient,
     spinner: mobbSpinner,
@@ -8016,7 +8044,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     await handleAutoPr({
       gqlClient,
       analysisId: reportUploadInfo.fixReportId,
-      createSpinner: createSpinner4
+      createSpinner: createSpinner5
     });
   }
   await askToOpenAnalysis();
@@ -8038,74 +8066,11 @@ async function _scan(params, { skipPrompts = false } = {}) {
       chalk4.bgBlue("\n\n  My work here is done for now, see you soon! \u{1F575}\uFE0F\u200D\u2642\uFE0F  ")
     );
   }
-  async function handleMobbLogin() {
-    if (await gqlClient.verifyToken()) {
-      createSpinner4().start().success({
-        text: "\u{1F513} Logged in to Mobb successfully"
-      });
-      return;
-    } else if (apiKey) {
-      createSpinner4().start().error({
-        text: "\u{1F513} Logged in to Mobb failed - check your api-key"
-      });
-      throw new CliError2();
-    }
-    const loginSpinner = createSpinner4().start();
-    if (!skipPrompts) {
-      loginSpinner.update({ text: MOBB_LOGIN_REQUIRED_MSG });
-      await keypress2();
-    }
-    loginSpinner.update({
-      text: "\u{1F513} Waiting for Mobb login..."
-    });
-    const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", {
-      modulusLength: 2048
-    });
-    const loginId = await gqlClient.createCliLogin({
-      publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
-    });
-    const browserUrl = `${webLoginUrl}/${loginId}?hostname=${os.hostname()}`;
-    !ci && console.log(
-      `If the page does not open automatically, kindly access it through ${browserUrl}.`
-    );
-    await open2(browserUrl);
-    let newApiToken = null;
-    for (let i = 0; i < LOGIN_MAX_WAIT / LOGIN_CHECK_DELAY; i++) {
-      const encryptedApiToken = await gqlClient.getEncryptedApiToken({
-        loginId
-      });
-      loginSpinner.spin();
-      if (encryptedApiToken) {
-        debug15("encrypted API token received %s", encryptedApiToken);
-        newApiToken = crypto.privateDecrypt(privateKey, Buffer.from(encryptedApiToken, "base64")).toString("utf-8");
-        debug15("API token decrypted");
-        break;
-      }
-      await sleep(LOGIN_CHECK_DELAY);
-    }
-    if (!newApiToken) {
-      loginSpinner.error({
-        text: "Login timeout error"
-      });
-      throw new CliError2();
-    }
-    gqlClient = new GQLClient({ apiKey: newApiToken, type: "apiKey" });
-    if (await gqlClient.verifyToken()) {
-      debug15("set api token %s", newApiToken);
-      config2.set("apiToken", newApiToken);
-      loginSpinner.success({ text: "\u{1F513} Login to Mobb successful!" });
-    } else {
-      loginSpinner.error({
-        text: "Something went wrong, API token is invalid."
-      });
-      throw new CliError2();
-    }
-  }
   async function handleScmIntegration(oldToken, scmAuthUrl2, repoUrl) {
     const scmLibType = getCloudScmLibTypeFromUrl(repoUrl);
     const scmName = scmLibType === "GITHUB" /* GITHUB */ ? "Github" : scmLibType === "GITLAB" /* GITLAB */ ? "Gitlab" : scmLibType === "ADO" /* ADO */ ? "Azure DevOps" : "";
     const addScmIntegration = skipPrompts ? true : await scmIntegrationPrompt(scmName);
-    const scmSpinner = createSpinner4(
+    const scmSpinner = createSpinner5(
       `\u{1F517} Waiting for ${scmName} integration...`
     ).start();
     if (!addScmIntegration) {
@@ -8149,7 +8114,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     if (!srcPath || !reportPath) {
       throw new Error("src path and reportPath is required");
     }
-    const uploadReportSpinner2 = createSpinner4("\u{1F4C1} Uploading Report").start();
+    const uploadReportSpinner2 = createSpinner5("\u{1F4C1} Uploading Report").start();
     try {
       await uploadFile({
         file: reportPath,
@@ -8164,48 +8129,17 @@ async function _scan(params, { skipPrompts = false } = {}) {
     uploadReportSpinner2.success({
       text: "\u{1F4C1} Uploading Report successful!"
     });
-    const digestSpinner = createSpinner4(
-      progressMassages.processingVulnerabilityReport
-    ).start();
-    let vulnFiles = [];
-    const gitInfo = await getGitInfo(srcPath);
-    try {
-      const { vulnerabilityReportId } = await gqlClient.digestVulnerabilityReport({
-        fixReportId: reportUploadInfo.fixReportId,
-        projectId,
-        scanSource: _getScanSource(command)
-      });
-      try {
-        await gqlClient.subscribeToAnalysis({
-          subscribeToAnalysisParams: {
-            analysisId: reportUploadInfo.fixReportId
-          },
-          callback: () => digestSpinner.update({
-            text: progressMassages.processingVulnerabilityReportSuccess
-          }),
-          callbackStates: [
-            "Digested" /* Digested */,
-            "Finished" /* Finished */
-          ],
-          timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
-        });
-      } catch (e) {
-        throw new Error(progressMassages.processingVulnerabilityReportFailed);
-      }
-      vulnFiles = await gqlClient.getVulnerabilityReportPaths(
-        vulnerabilityReportId
-      );
-    } catch (e) {
-      digestSpinner.error({ text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report failed" });
-      throw e;
-    }
-    digestSpinner.success({
-      text: progressMassages.processingVulnerabilityReportSuccess
+    const vulnFiles = await _digestReport({
+      gqlClient,
+      fixReportId: reportUploadInfo.fixReportId,
+      projectId,
+      command
     });
-    const zippingSpinner = createSpinner4("\u{1F4E6} Zipping repo").start();
+    const gitInfo = await getGitInfo(srcPath);
+    const zippingSpinner = createSpinner5("\u{1F4E6} Zipping repo").start();
     const zipBuffer = await pack(srcPath, vulnFiles);
     zippingSpinner.success({ text: "\u{1F4E6} Zipping repo successful!" });
-    const uploadRepoSpinner = createSpinner4("\u{1F4C1} Uploading Repo").start();
+    const uploadRepoSpinner = createSpinner5("\u{1F4C1} Uploading Repo").start();
     try {
       await uploadFile({
         file: zipBuffer,
@@ -8218,7 +8152,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
       throw e;
     }
     uploadRepoSpinner.success({ text: "\u{1F4C1} Uploading Repo successful!" });
-    const mobbSpinner2 = createSpinner4("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
+    const mobbSpinner2 = createSpinner5("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
     try {
       await sendReport({
         gqlClient,
@@ -8275,17 +8209,69 @@ async function _scan(params, { skipPrompts = false } = {}) {
       await handleAutoPr({
         gqlClient,
         analysisId: reportUploadInfo.fixReportId,
-        createSpinner: createSpinner4
+        createSpinner: createSpinner5
       });
     }
     await askToOpenAnalysis();
     return reportUploadInfo.fixReportId;
   }
 }
+async function _digestReport({
+  gqlClient,
+  fixReportId,
+  projectId,
+  command
+}) {
+  const digestSpinner = createSpinner4(
+    progressMassages.processingVulnerabilityReport
+  ).start();
+  try {
+    const { vulnerabilityReportId } = await gqlClient.digestVulnerabilityReport(
+      {
+        fixReportId,
+        projectId,
+        scanSource: _getScanSource(command)
+      }
+    );
+    try {
+      await gqlClient.subscribeToAnalysis({
+        subscribeToAnalysisParams: {
+          analysisId: fixReportId
+        },
+        callback: () => digestSpinner.update({
+          text: progressMassages.processingVulnerabilityReportSuccess
+        }),
+        callbackStates: [
+          "Digested" /* Digested */,
+          "Finished" /* Finished */
+        ],
+        timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
+      });
+    } catch (e) {
+      throw new Error(progressMassages.processingVulnerabilityReportFailed);
+    }
+    const vulnFiles = await gqlClient.getVulnerabilityReportPaths(
+      vulnerabilityReportId
+    );
+    digestSpinner.success({
+      text: progressMassages.processingVulnerabilityReportSuccess
+    });
+    return vulnFiles;
+  } catch (e) {
+    digestSpinner.error({
+      text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report failed. Please verify that the file provided is of a valid supported report format."
+    });
+    throw e;
+  }
+}
 // src/commands/index.ts
+import chalk5 from "chalk";
 import chalkAnimation from "chalk-animation";
 import Configstore2 from "configstore";
+import Debug17 from "debug";
+import open3 from "open";
+var debug16 = Debug17("mobbdev:commands");
 async function review(params, { skipPrompts = true } = {}) {
   const {
     repo,
@@ -8350,21 +8336,37 @@ async function analyze({
 }
 var config3 = new Configstore2(packageJson.name, { apiToken: "" });
 async function addScmToken(addScmTokenOptions) {
-  const { apiKey, token, organization, scmType, url, refreshToken } = addScmTokenOptions;
-  const gqlClient = new GQLClient({
+  const { apiKey, token, organization, scmType, url, refreshToken, ci } = addScmTokenOptions;
+  let gqlClient = new GQLClient({
     apiKey: apiKey || config3.get("apiToken"),
     type: "apiKey"
   });
+  gqlClient = await handleMobbLogin({
+    inGqlClient: gqlClient,
+    skipPrompts: ci,
+    apiKey
+  });
   if (!scmType) {
     throw new CliError(errorMessages.invalidScmType);
   }
-  await gqlClient.updateScmToken({
+  const resp = await gqlClient.updateScmToken({
     scmType,
     url,
     token,
     org: organization,
     refreshToken
   });
+  if (resp.updateScmToken?.__typename === "RepoUnreachableError") {
+    throw new CliError(
+      "Mobb could not reach the repository. Please try again. If Mobb is connected through a broker, please make sure the broker is connected."
+    );
+  } else if (resp.updateScmToken?.__typename === "BadScmCredentials") {
+    throw new CliError("Invalid SCM credentials. Please try again.");
+  } else if (resp.updateScmToken?.__typename === "ScmAccessTokenUpdateSuccess") {
+    console.log("Token added successfully");
+  } else {
+    throw new CliError("Unexpected error, failed to add token");
+  }
 }
 async function scan(scanOptions, { skipPrompts = false } = {}) {
   const { scanner, ci } = scanOptions;
@@ -8390,34 +8392,109 @@ async function showWelcomeMessage(skipPrompts = false) {
   skipPrompts ? await sleep(100) : await sleep(2e3);
   welcome.stop();
 }
+var LOGIN_MAX_WAIT = 10 * 60 * 1e3;
+var LOGIN_CHECK_DELAY = 5 * 1e3;
+var webLoginUrl = `${WEB_APP_URL}/cli-login`;
+var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk5.bgBlue(
+  "press any key to continue"
+)};`;
+async function handleMobbLogin({
+  inGqlClient,
+  apiKey,
+  skipPrompts
+}) {
+  const { createSpinner: createSpinner5 } = Spinner({ ci: skipPrompts });
+  if (await inGqlClient.verifyToken()) {
+    createSpinner5().start().success({
+      text: "\u{1F513} Logged in to Mobb successfully"
+    });
+    return inGqlClient;
+  } else if (apiKey) {
+    createSpinner5().start().error({
+      text: "\u{1F513} Logged in to Mobb failed - check your api-key"
+    });
+    throw new CliError();
+  }
+  const loginSpinner = createSpinner5().start();
+  if (!skipPrompts) {
+    loginSpinner.update({ text: MOBB_LOGIN_REQUIRED_MSG });
+    await keypress();
+  }
+  loginSpinner.update({
+    text: "\u{1F513} Waiting for Mobb login..."
+  });
+  const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", {
+    modulusLength: 2048
+  });
+  const loginId = await inGqlClient.createCliLogin({
+    publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
+  });
+  const browserUrl = `${webLoginUrl}/${loginId}?hostname=${os.hostname()}`;
+  !skipPrompts && console.log(
+    `If the page does not open automatically, kindly access it through ${browserUrl}.`
+  );
+  await open3(browserUrl);
+  let newApiToken = null;
+  for (let i = 0; i < LOGIN_MAX_WAIT / LOGIN_CHECK_DELAY; i++) {
+    const encryptedApiToken = await inGqlClient.getEncryptedApiToken({
+      loginId
+    });
+    loginSpinner.spin();
+    if (encryptedApiToken) {
+      debug16("encrypted API token received %s", encryptedApiToken);
+      newApiToken = crypto.privateDecrypt(privateKey, Buffer.from(encryptedApiToken, "base64")).toString("utf-8");
+      debug16("API token decrypted");
+      break;
+    }
+    await sleep(LOGIN_CHECK_DELAY);
+  }
+  if (!newApiToken) {
+    loginSpinner.error({
+      text: "Login timeout error"
+    });
+    throw new CliError();
+  }
+  const newGqlClient = new GQLClient({ apiKey: newApiToken, type: "apiKey" });
+  if (await newGqlClient.verifyToken()) {
+    debug16("set api token %s", newApiToken);
+    config3.set("apiToken", newApiToken);
+    loginSpinner.success({ text: "\u{1F513} Login to Mobb successful!" });
+  } else {
+    loginSpinner.error({
+      text: "Something went wrong, API token is invalid."
+    });
+    throw new CliError();
+  }
+  return newGqlClient;
+}
 // src/args/commands/analyze.ts
-import chalk7 from "chalk";
+import chalk8 from "chalk";
 // src/args/options.ts
-import chalk5 from "chalk";
+import chalk6 from "chalk";
 var repoOption = {
   alias: "r",
   demandOption: true,
   type: "string",
-  describe: chalk5.bold("Github / GitLab / Azure DevOps repository URL")
+  describe: chalk6.bold("Github / GitLab / Azure DevOps repository URL")
 };
 var projectNameOption = {
   type: "string",
-  describe: chalk5.bold("Checkmarx project name (when scanning with Checkmarx)")
+  describe: chalk6.bold("Checkmarx project name (when scanning with Checkmarx)")
 };
 var yesOption = {
   alias: "yes",
   type: "boolean",
-  describe: chalk5.bold("Skip prompts and use default values")
+  describe: chalk6.bold("Skip prompts and use default values")
 };
 var refOption = {
-  describe: chalk5.bold("reference of the repository (branch, tag, commit)"),
+  describe: chalk6.bold("reference of the repository (branch, tag, commit)"),
   type: "string",
   demandOption: false
 };
 var organizationIdOptions = {
-  describe: chalk5.bold("Organization id"),
+  describe: chalk6.bold("Organization id"),
   alias: "organization-id",
   type: "string",
   demandOption: false
@@ -8425,15 +8502,15 @@ var organizationIdOptions = {
 var scannerOptions = {
   alias: "s",
   choices: Object.values(SCANNERS),
-  describe: chalk5.bold("Select the scanner to use")
+  describe: chalk6.bold("Select the scanner to use")
 };
 var mobbProjectNameOption = {
   type: "string",
-  describe: chalk5.bold("Mobb project name"),
+  describe: chalk6.bold("Mobb project name"),
   default: PROJECT_DEFAULT_NAME
 };
 var ciOption = {
-  describe: chalk5.bold(
+  describe: chalk6.bold(
     "Run in CI mode, prompts and browser will not be opened"
   ),
   type: "boolean",
@@ -8441,46 +8518,46 @@ var ciOption = {
 };
 var apiKeyOption = {
   type: "string",
-  describe: chalk5.bold("Mobb authentication api-key")
+  describe: chalk6.bold("Mobb authentication api-key")
 };
 var commitHashOption = {
   alias: "ch",
-  describe: chalk5.bold("Hash of the commit"),
+  describe: chalk6.bold("Hash of the commit"),
   type: "string"
 };
 var autoPrOption = {
-  describe: chalk5.bold("Enable automatic pull requests for new fixes"),
+  describe: chalk6.bold("Enable automatic pull requests for new fixes"),
   type: "boolean",
   default: false
 };
 var scmTypeOption = {
   demandOption: true,
-  describe: chalk5.bold("SCM type"),
+  describe: chalk6.bold("SCM type"),
   choices: Object.values(ScmType)
 };
 var urlOption = {
-  describe: chalk5.bold(
+  describe: chalk6.bold(
     `URL of the repository (used in ${Object.values(ScmType).join(", ")})`
   ),
   type: "string",
   demandOption: true
 };
 var scmOrgOption = {
-  describe: chalk5.bold("Organization name in SCM (used in Azure DevOps)"),
+  describe: chalk6.bold("Organization name in SCM (used in Azure DevOps)"),
   type: "string"
 };
 var scmRefreshTokenOption = {
-  describe: chalk5.bold("SCM refresh token (used in GitLab)"),
+  describe: chalk6.bold("SCM refresh token (used in GitLab)"),
   type: "string"
 };
 var scmTokenOption = {
-  describe: chalk5.bold("SCM API token"),
+  describe: chalk6.bold("SCM API token"),
   type: "string",
   demandOption: true
 };
 // src/args/validation.ts
-import chalk6 from "chalk";
+import chalk7 from "chalk";
 import path8 from "path";
 import { z as z23 } from "zod";
 function throwRepoUrlErrorMessage({
@@ -8490,11 +8567,11 @@ function throwRepoUrlErrorMessage({
 }) {
   const errorMessage = error.issues[error.issues.length - 1]?.message;
   const formattedErrorMessage = `
-Error: ${chalk6.bold(
+Error: ${chalk7.bold(
     repoUrl
   )} is ${errorMessage}
 Example:
-	mobbdev ${command} -r ${chalk6.bold(
+	mobbdev ${command} -r ${chalk7.bold(
     "https://github.com/WebGoat/WebGoat"
   )}`;
   throw new CliError(formattedErrorMessage);
@@ -8528,9 +8605,9 @@ function validateReportFileFormat(reportFile) {
   if (!supportExtensions.includes(path8.extname(reportFile))) {
     throw new CliError(
       `
-${chalk6.bold(
+${chalk7.bold(
         reportFile
-      )} is not a supported file extension. Supported extensions are: ${chalk6.bold(
+      )} is not a supported file extension. Supported extensions are: ${chalk7.bold(
         supportExtensions.join(", ")
       )}
 `
@@ -8544,18 +8621,18 @@ function analyzeBuilder(yargs2) {
     alias: "scan-file",
     demandOption: true,
     type: "string",
-    describe: chalk7.bold(
+    describe: chalk8.bold(
       "Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL, Sonarqube)"
     )
   }).option("repo", repoOption).option("p", {
     alias: "src-path",
-    describe: chalk7.bold(
+    describe: chalk8.bold(
       "Path to the repository folder with the source code"
     ),
     type: "string"
   }).option("ref", refOption).option("ch", {
     alias: "commit-hash",
-    describe: chalk7.bold("Hash of the commit"),
+    describe: chalk8.bold("Hash of the commit"),
     type: "string"
   }).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("org", organizationIdOptions).option("api-key", apiKeyOption).option("commit-hash", commitHashOption).option("auto-pr", autoPrOption).example(
     "$0 analyze -r https://github.com/WebGoat/WebGoat -f <your_vulirabitliy_report_path>",
@@ -8565,7 +8642,7 @@ function analyzeBuilder(yargs2) {
 function validateAnalyzeOptions(argv) {
   if (!fs5.existsSync(argv.f)) {
     throw new CliError(`
-Can't access ${chalk7.bold(argv.f)}`);
+Can't access ${chalk8.bold(argv.f)}`);
   }
   validateOrganizationId(argv.organizationId);
   if (!argv.srcPath && !argv.repo) {
@@ -8586,32 +8663,32 @@ async function analyzeHandler(args) {
 // src/args/commands/review.ts
 import fs6 from "node:fs";
-import chalk8 from "chalk";
+import chalk9 from "chalk";
 function reviewBuilder(yargs2) {
   return yargs2.option("f", {
     alias: "scan-file",
     demandOption: true,
     type: "string",
-    describe: chalk8.bold(
+    describe: chalk9.bold(
       "Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL, Sonarqube)"
     )
   }).option("repo", { ...repoOption, demandOption: true }).option("scanner", { ...scannerOptions, demandOption: true }).option("ref", { ...refOption, demandOption: true }).option("ch", {
     alias: "commit-hash",
-    describe: chalk8.bold("Hash of the commit"),
+    describe: chalk9.bold("Hash of the commit"),
     type: "string",
     demandOption: true
   }).option("mobb-project-name", mobbProjectNameOption).option("api-key", { ...apiKeyOption, demandOption: true }).option("commit-hash", { ...commitHashOption, demandOption: true }).option("github-token", {
-    describe: chalk8.bold("Github action token"),
+    describe: chalk9.bold("Github action token"),
     type: "string",
     demandOption: true
   }).option("pull-request", {
     alias: "pr",
-    describe: chalk8.bold("Number of the pull request"),
+    describe: chalk9.bold("Number of the pull request"),
     type: "number",
     demandOption: true
   }).option("p", {
     alias: "src-path",
-    describe: chalk8.bold(
+    describe: chalk9.bold(
       "Path to the repository folder with the source code"
     ),
     type: "string",
@@ -8624,7 +8701,7 @@ function reviewBuilder(yargs2) {
 function validateReviewOptions(argv) {
   if (!fs6.existsSync(argv.f)) {
     throw new CliError(`
-Can't access ${chalk8.bold(argv.f)}`);
+Can't access ${chalk9.bold(argv.f)}`);
   }
   validateRepoUrl(argv);
   validateReportFileFormat(argv.f);
@@ -8661,7 +8738,7 @@ async function scanHandler(args) {
 // src/args/commands/token.ts
 function addScmTokenBuilder(args) {
-  return args.option("scm-type", scmTypeOption).option("url", urlOption).option("token", scmTokenOption).option("organization", scmOrgOption).option("refresh-token", scmRefreshTokenOption).option("api-key", apiKeyOption).example(
+  return args.option("scm-type", scmTypeOption).option("url", urlOption).option("token", scmTokenOption).option("organization", scmOrgOption).option("refresh-token", scmRefreshTokenOption).option("api-key", apiKeyOption).option("ci", ciOption).example(
     "$0 add-scm-token --scm-type Ado --url https://dev.azure.com/adoorg/test/_git/repo --token abcdef0123456 --organization myOrg",
     `Add your SCM (${Object.values(scmFriendlyText).join(", ")}) token to Mobb to enable automated fixes.`
   ).help().demandOption(["url", "token"]);
@@ -8698,42 +8775,42 @@ async function addScmTokenHandler(args) {
 var parseArgs = async (args) => {
   const yargsInstance = yargs(args);
   return yargsInstance.updateStrings({
-    "Commands:": chalk9.yellow.underline.bold("Commands:"),
-    "Options:": chalk9.yellow.underline.bold("Options:"),
-    "Examples:": chalk9.yellow.underline.bold("Examples:"),
-    "Show help": chalk9.bold("Show help")
+    "Commands:": chalk10.yellow.underline.bold("Commands:"),
+    "Options:": chalk10.yellow.underline.bold("Options:"),
+    "Examples:": chalk10.yellow.underline.bold("Examples:"),
+    "Show help": chalk10.bold("Show help")
   }).usage(
-    `${chalk9.bold(
+    `${chalk10.bold(
       "\n Bugsy - Trusted, Automatic Vulnerability Fixer \u{1F575}\uFE0F\u200D\u2642\uFE0F\n\n"
-    )} ${chalk9.yellow.underline.bold("Usage:")}
-  $0 ${chalk9.green(
+    )} ${chalk10.yellow.underline.bold("Usage:")}
+  $0 ${chalk10.green(
       "<command>"
-    )} ${chalk9.dim("[options]")}
+    )} ${chalk10.dim("[options]")}
             `
   ).version(false).command(
     mobbCliCommand.scan,
-    chalk9.bold(
+    chalk10.bold(
       "Scan your code for vulnerabilities, get automated fixes right away."
     ),
     scanBuilder,
     scanHandler
   ).command(
     mobbCliCommand.analyze,
-    chalk9.bold(
+    chalk10.bold(
       "Provide a vulnerability report and relevant code repository, get automated fixes right away."
     ),
     analyzeBuilder,
     analyzeHandler
   ).command(
     mobbCliCommand.review,
-    chalk9.bold(
+    chalk10.bold(
       "Mobb will review your github pull requests and provide comments with fixes "
     ),
     reviewBuilder,
     reviewHandler
   ).command(
     mobbCliCommand.addScmToken,
-    chalk9.bold(
+    chalk10.bold(
       "Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes."
     ),
     addScmTokenBuilder,
@@ -8746,7 +8823,7 @@ var parseArgs = async (args) => {
     handler() {
       yargsInstance.showHelp();
     }
-  }).strictOptions().help("h").alias("h", "help").epilog(chalk9.bgBlue("Made with \u2764\uFE0F by Mobb")).showHelpOnFail(true).wrap(Math.min(120, yargsInstance.terminalWidth())).parse();
+  }).strictOptions().help("h").alias("h", "help").epilog(chalk10.bgBlue("Made with \u2764\uFE0F by Mobb")).showHelpOnFail(true).wrap(Math.min(120, yargsInstance.terminalWidth())).parse();
 };
 // src/index.ts

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.1",
+  "version": "1.0.4",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",