npm - mobbdev - Versions diffs - 1.0.2 → 1.0.4 - Mend

mobbdev 1.0.2 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +102 -63
package/package.json +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -148,6 +148,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
   IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
   IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
+  IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
   IssueType_Enum2["NoEquivalenceMethod"] = "NO_EQUIVALENCE_METHOD";
   IssueType_Enum2["NoLimitsOrThrottling"] = "NO_LIMITS_OR_THROTTLING";
   IssueType_Enum2["NullDereference"] = "NULL_DEREFERENCE";
@@ -740,7 +741,8 @@ var issueTypeMap = {
   ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML",
   ["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection",
   ["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: "Client Code Injection",
-  ["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: "String Format Misuse"
+  ["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: "String Format Misuse",
+  ["NON_READONLY_FIELD" /* NonReadonlyField */]: "Non Readonly Field"
 };
 var issueTypeZ = z.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -1435,6 +1437,7 @@ import chalk4 from "chalk";
 import Configstore from "configstore";
 import Debug16 from "debug";
 import extract from "extract-zip";
+import { createSpinner as createSpinner4 } from "nanospinner";
 import fetch4 from "node-fetch";
 import open2 from "open";
 import tmp2 from "tmp";
@@ -1467,8 +1470,8 @@ import { z as z16 } from "zod";
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 import querystring from "node:querystring";
-import bitbucketPkg from "bitbucket";
 import * as bitbucketPkgNode from "bitbucket";
+import bitbucketPkg from "bitbucket";
 import Debug2 from "debug";
 import { z as z12 } from "zod";
@@ -1706,7 +1709,8 @@ var fixDetailsData = {
     issueDescription: "Client DOM Stored Code Injection is a client-side security vulnerability where malicious JavaScript code gets stored in the DOM and later executed when retrieved by legitimate scripts.",
     fixInstructions: "Update the code to avoid the possibility for malicious JavaScript code to get stored in the DOM."
   },
-  ["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: void 0
+  ["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: void 0,
+  ["NON_READONLY_FIELD" /* NonReadonlyField */]: void 0
 };
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -3651,7 +3655,10 @@ async function validateBitbucketParams(params) {
           throw new InvalidRepoUrlError(safeParseError.data.error.error.message);
       }
     }
-    throw e;
+    console.log("validateBitbucketParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access BB repo URL: ${params.url} with the provided access token`
+    );
   }
 }
 async function getUsersworkspacesSlugs(bitbucketClient) {
@@ -3824,7 +3831,10 @@ async function githubValidateParams(url, accessToken) {
     if (code === 404) {
       throw new InvalidRepoUrlError(`invalid github repo Url ${url}`);
     }
-    throw e;
+    console.log("githubValidateParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access GH repo URL: ${url} with the provided access token`
+    );
   }
 }
@@ -4260,7 +4270,10 @@ async function gitlabValidateParams({
     if (code === 404 || description.includes("404") || description.includes("Not Found")) {
       throw new InvalidRepoUrlError(`invalid gitlab repo URL: ${url}`);
     }
-    throw e;
+    console.log("gitlabValidateParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access gitlab repo URL: ${url} with the provided access token`
+    );
   }
 }
 async function getGitlabUsername(url, accessToken) {
@@ -5997,7 +6010,10 @@ async function adoValidateParams({
     if (code === 404 || description.includes("404") || description.includes("Not Found")) {
       throw new InvalidRepoUrlError(`invalid ADO repo URL ${url}`);
     }
-    throw e;
+    console.log("adoValidateParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access ADO repo URL: ${url} with the provided access token`
+    );
   }
 }
 async function getOrgsForOauthToken({
@@ -6802,8 +6818,8 @@ async function addFixCommentsForPr({
 import Debug8 from "debug";
 var debug8 = Debug8("mobbdev:handleAutoPr");
 async function handleAutoPr(params) {
-  const { gqlClient, analysisId, createSpinner: createSpinner4 } = params;
-  const createAutoPrSpinner = createSpinner4(
+  const { gqlClient, analysisId, createSpinner: createSpinner5 } = params;
+  const createAutoPrSpinner = createSpinner5(
     "\u{1F504} Waiting for the analysis to finish before initiating automatic pull request creation"
   ).start();
   return await gqlClient.subscribeToAnalysis({
@@ -7712,8 +7728,8 @@ async function downloadRepo({
   dirname,
   ci
 }) {
-  const { createSpinner: createSpinner4 } = Spinner2({ ci });
-  const repoSpinner = createSpinner4("\u{1F4BE} Downloading Repo").start();
+  const { createSpinner: createSpinner5 } = Spinner2({ ci });
+  const repoSpinner = createSpinner5("\u{1F4BE} Downloading Repo").start();
   debug15("download repo %s %s %s", repoUrl, dirname);
   const zipFilePath = path7.join(dirname, "repo.zip");
   debug15("download URL: %s auth headers: %o", downloadUrl, authHeaders);
@@ -7892,7 +7908,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     autoPr
   } = params;
   debug15("start %s %s", dirname, repo);
-  const { createSpinner: createSpinner4 } = Spinner2({ ci });
+  const { createSpinner: createSpinner5 } = Spinner2({ ci });
   skipPrompts = skipPrompts || ci;
   let gqlClient = new GQLClient({
     apiKey: apiKey || config2.get("apiToken"),
@@ -7929,7 +7945,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
   });
   if (!isRepoAvailable) {
     if (ci || !cloudScmLibType || !scmAuthUrl) {
-      const errorMessage = scmAuthUrl ? `Cannot access repo ${repo}` : `Cannot access repo ${repo} with the provided token, please visit ${scmAuthUrl} to refresh your source control management system token`;
+      const errorMessage = scmAuthUrl ? `Cannot access repo ${repo}. Make sure that the repo is accessible and the SCM token configured on Mobb is correct.` : `Cannot access repo ${repo} with the provided token, please visit ${scmAuthUrl} to refresh your source control management system token`;
       throw new Error(errorMessage);
     }
     if (cloudScmLibType && scmAuthUrl) {
@@ -7982,7 +7998,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
   if (!reportPath) {
     throw new Error("reportPath is null");
   }
-  const uploadReportSpinner = createSpinner4("\u{1F4C1} Uploading Report").start();
+  const uploadReportSpinner = createSpinner5("\u{1F4C1} Uploading Report").start();
   try {
     await uploadFile({
       file: reportPath,
@@ -7994,8 +8010,14 @@ async function _scan(params, { skipPrompts = false } = {}) {
     uploadReportSpinner.error({ text: "\u{1F4C1} Report upload failed" });
     throw e;
   }
+  await _digestReport({
+    gqlClient,
+    fixReportId: reportUploadInfo.fixReportId,
+    projectId,
+    command
+  });
   uploadReportSpinner.success({ text: "\u{1F4C1} Report uploaded successfully" });
-  const mobbSpinner = createSpinner4("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
+  const mobbSpinner = createSpinner5("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
   const sendReportRes = await sendReport({
     gqlClient,
     spinner: mobbSpinner,
@@ -8022,7 +8044,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     await handleAutoPr({
       gqlClient,
       analysisId: reportUploadInfo.fixReportId,
-      createSpinner: createSpinner4
+      createSpinner: createSpinner5
     });
   }
   await askToOpenAnalysis();
@@ -8048,7 +8070,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     const scmLibType = getCloudScmLibTypeFromUrl(repoUrl);
     const scmName = scmLibType === "GITHUB" /* GITHUB */ ? "Github" : scmLibType === "GITLAB" /* GITLAB */ ? "Gitlab" : scmLibType === "ADO" /* ADO */ ? "Azure DevOps" : "";
     const addScmIntegration = skipPrompts ? true : await scmIntegrationPrompt(scmName);
-    const scmSpinner = createSpinner4(
+    const scmSpinner = createSpinner5(
       `\u{1F517} Waiting for ${scmName} integration...`
     ).start();
     if (!addScmIntegration) {
@@ -8092,7 +8114,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     if (!srcPath || !reportPath) {
       throw new Error("src path and reportPath is required");
     }
-    const uploadReportSpinner2 = createSpinner4("\u{1F4C1} Uploading Report").start();
+    const uploadReportSpinner2 = createSpinner5("\u{1F4C1} Uploading Report").start();
     try {
       await uploadFile({
         file: reportPath,
@@ -8107,48 +8129,17 @@ async function _scan(params, { skipPrompts = false } = {}) {
     uploadReportSpinner2.success({
       text: "\u{1F4C1} Uploading Report successful!"
     });
-    const digestSpinner = createSpinner4(
-      progressMassages.processingVulnerabilityReport
-    ).start();
-    let vulnFiles = [];
-    const gitInfo = await getGitInfo(srcPath);
-    try {
-      const { vulnerabilityReportId } = await gqlClient.digestVulnerabilityReport({
-        fixReportId: reportUploadInfo.fixReportId,
-        projectId,
-        scanSource: _getScanSource(command)
-      });
-      try {
-        await gqlClient.subscribeToAnalysis({
-          subscribeToAnalysisParams: {
-            analysisId: reportUploadInfo.fixReportId
-          },
-          callback: () => digestSpinner.update({
-            text: progressMassages.processingVulnerabilityReportSuccess
-          }),
-          callbackStates: [
-            "Digested" /* Digested */,
-            "Finished" /* Finished */
-          ],
-          timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
-        });
-      } catch (e) {
-        throw new Error(progressMassages.processingVulnerabilityReportFailed);
-      }
-      vulnFiles = await gqlClient.getVulnerabilityReportPaths(
-        vulnerabilityReportId
-      );
-    } catch (e) {
-      digestSpinner.error({ text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report failed" });
-      throw e;
-    }
-    digestSpinner.success({
-      text: progressMassages.processingVulnerabilityReportSuccess
+    const vulnFiles = await _digestReport({
+      gqlClient,
+      fixReportId: reportUploadInfo.fixReportId,
+      projectId,
+      command
     });
-    const zippingSpinner = createSpinner4("\u{1F4E6} Zipping repo").start();
+    const gitInfo = await getGitInfo(srcPath);
+    const zippingSpinner = createSpinner5("\u{1F4E6} Zipping repo").start();
     const zipBuffer = await pack(srcPath, vulnFiles);
     zippingSpinner.success({ text: "\u{1F4E6} Zipping repo successful!" });
-    const uploadRepoSpinner = createSpinner4("\u{1F4C1} Uploading Repo").start();
+    const uploadRepoSpinner = createSpinner5("\u{1F4C1} Uploading Repo").start();
     try {
       await uploadFile({
         file: zipBuffer,
@@ -8161,7 +8152,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
       throw e;
     }
     uploadRepoSpinner.success({ text: "\u{1F4C1} Uploading Repo successful!" });
-    const mobbSpinner2 = createSpinner4("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
+    const mobbSpinner2 = createSpinner5("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
     try {
       await sendReport({
         gqlClient,
@@ -8218,13 +8209,61 @@ async function _scan(params, { skipPrompts = false } = {}) {
       await handleAutoPr({
         gqlClient,
         analysisId: reportUploadInfo.fixReportId,
-        createSpinner: createSpinner4
+        createSpinner: createSpinner5
       });
     }
     await askToOpenAnalysis();
     return reportUploadInfo.fixReportId;
   }
 }
+async function _digestReport({
+  gqlClient,
+  fixReportId,
+  projectId,
+  command
+}) {
+  const digestSpinner = createSpinner4(
+    progressMassages.processingVulnerabilityReport
+  ).start();
+  try {
+    const { vulnerabilityReportId } = await gqlClient.digestVulnerabilityReport(
+      {
+        fixReportId,
+        projectId,
+        scanSource: _getScanSource(command)
+      }
+    );
+    try {
+      await gqlClient.subscribeToAnalysis({
+        subscribeToAnalysisParams: {
+          analysisId: fixReportId
+        },
+        callback: () => digestSpinner.update({
+          text: progressMassages.processingVulnerabilityReportSuccess
+        }),
+        callbackStates: [
+          "Digested" /* Digested */,
+          "Finished" /* Finished */
+        ],
+        timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
+      });
+    } catch (e) {
+      throw new Error(progressMassages.processingVulnerabilityReportFailed);
+    }
+    const vulnFiles = await gqlClient.getVulnerabilityReportPaths(
+      vulnerabilityReportId
+    );
+    digestSpinner.success({
+      text: progressMassages.processingVulnerabilityReportSuccess
+    });
+    return vulnFiles;
+  } catch (e) {
+    digestSpinner.error({
+      text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report failed. Please verify that the file provided is of a valid supported report format."
+    });
+    throw e;
+  }
+}
 // src/commands/index.ts
 import chalk5 from "chalk";
@@ -8364,19 +8403,19 @@ async function handleMobbLogin({
   apiKey,
   skipPrompts
 }) {
-  const { createSpinner: createSpinner4 } = Spinner({ ci: skipPrompts });
+  const { createSpinner: createSpinner5 } = Spinner({ ci: skipPrompts });
   if (await inGqlClient.verifyToken()) {
-    createSpinner4().start().success({
+    createSpinner5().start().success({
       text: "\u{1F513} Logged in to Mobb successfully"
     });
     return inGqlClient;
   } else if (apiKey) {
-    createSpinner4().start().error({
+    createSpinner5().start().error({
       text: "\u{1F513} Logged in to Mobb failed - check your api-key"
     });
     throw new CliError();
   }
-  const loginSpinner = createSpinner4().start();
+  const loginSpinner = createSpinner5().start();
   if (!skipPrompts) {
     loginSpinner.update({ text: MOBB_LOGIN_REQUIRED_MSG });
     await keypress();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",