mobbdev 1.0.2 → 1.0.5

package/dist/index.mjs

@@ -148,6 +148,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
   IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
   IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
+  IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
   IssueType_Enum2["NoEquivalenceMethod"] = "NO_EQUIVALENCE_METHOD";
   IssueType_Enum2["NoLimitsOrThrottling"] = "NO_LIMITS_OR_THROTTLING";
   IssueType_Enum2["NullDereference"] = "NULL_DEREFERENCE";
@@ -740,7 +741,8 @@ var issueTypeMap = {
   ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML",
   ["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection",
   ["CLIENT_DOM_STORED_CODE_INJECTION" /* ClientDomStoredCodeInjection */]: "Client Code Injection",
-  ["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: "String Format Misuse"
+  ["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: "String Format Misuse",
+  ["NON_READONLY_FIELD" /* NonReadonlyField */]: "Non Readonly Field"
 };
 var issueTypeZ = z.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -1435,6 +1437,7 @@ import chalk4 from "chalk";
 import Configstore from "configstore";
 import Debug16 from "debug";
 import extract from "extract-zip";
+import { createSpinner as createSpinner4 } from "nanospinner";
 import fetch4 from "node-fetch";
 import open2 from "open";
 import tmp2 from "tmp";
@@ -1467,8 +1470,8 @@ import { z as z16 } from "zod";
 
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 import querystring from "node:querystring";
-import bitbucketPkg from "bitbucket";
 import * as bitbucketPkgNode from "bitbucket";
+import bitbucketPkg from "bitbucket";
 import Debug2 from "debug";
 import { z as z12 } from "zod";
 
@@ -1706,7 +1709,8 @@ var fixDetailsData = {
     issueDescription: "Client DOM Stored Code Injection is a client-side security vulnerability where malicious JavaScript code gets stored in the DOM and later executed when retrieved by legitimate scripts.",
     fixInstructions: "Update the code to avoid the possibility for malicious JavaScript code to get stored in the DOM."
   },
-  ["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: void 0
+  ["STRING_FORMAT_MISUSE" /* StringFormatMisuse */]: void 0,
+  ["NON_READONLY_FIELD" /* NonReadonlyField */]: void 0
 };
 
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -3651,7 +3655,10 @@ async function validateBitbucketParams(params) {
           throw new InvalidRepoUrlError(safeParseError.data.error.error.message);
       }
     }
-    throw e;
+    console.log("validateBitbucketParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access BB repo URL: ${params.url} with the provided access token`
+    );
   }
 }
 async function getUsersworkspacesSlugs(bitbucketClient) {
@@ -3824,7 +3831,10 @@ async function githubValidateParams(url, accessToken) {
     if (code === 404) {
       throw new InvalidRepoUrlError(`invalid github repo Url ${url}`);
     }
-    throw e;
+    console.log("githubValidateParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access GH repo URL: ${url} with the provided access token`
+    );
   }
 }
 
@@ -4260,7 +4270,10 @@ async function gitlabValidateParams({
     if (code === 404 || description.includes("404") || description.includes("Not Found")) {
       throw new InvalidRepoUrlError(`invalid gitlab repo URL: ${url}`);
     }
-    throw e;
+    console.log("gitlabValidateParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access gitlab repo URL: ${url} with the provided access token`
+    );
   }
 }
 async function getGitlabUsername(url, accessToken) {
@@ -5997,7 +6010,10 @@ async function adoValidateParams({
     if (code === 404 || description.includes("404") || description.includes("Not Found")) {
       throw new InvalidRepoUrlError(`invalid ADO repo URL ${url}`);
     }
-    throw e;
+    console.log("adoValidateParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access ADO repo URL: ${url} with the provided access token`
+    );
   }
 }
 async function getOrgsForOauthToken({
@@ -6802,8 +6818,8 @@ async function addFixCommentsForPr({
 import Debug8 from "debug";
 var debug8 = Debug8("mobbdev:handleAutoPr");
 async function handleAutoPr(params) {
-  const { gqlClient, analysisId, createSpinner: createSpinner4 } = params;
-  const createAutoPrSpinner = createSpinner4(
+  const { gqlClient, analysisId, createSpinner: createSpinner5 } = params;
+  const createAutoPrSpinner = createSpinner5(
     "\u{1F504} Waiting for the analysis to finish before initiating automatic pull request creation"
   ).start();
   return await gqlClient.subscribeToAnalysis({
@@ -6899,6 +6915,9 @@ import WebSocket from "ws";
 var SUBSCRIPTION_TIMEOUT_MS = 30 * 60 * 1e3;
 function createWSClient(options) {
   return createClient({
+    //this is needed to prevent AWS from killing the connection
+    //currently our load balancer has a 29s idle timeout
+    keepAlive: 1e4,
     url: options.url,
     webSocketImpl: options.websocket || WebSocket,
     connectionParams: () => {
@@ -7712,8 +7731,8 @@ async function downloadRepo({
   dirname,
   ci
 }) {
-  const { createSpinner: createSpinner4 } = Spinner2({ ci });
-  const repoSpinner = createSpinner4("\u{1F4BE} Downloading Repo").start();
+  const { createSpinner: createSpinner5 } = Spinner2({ ci });
+  const repoSpinner = createSpinner5("\u{1F4BE} Downloading Repo").start();
   debug15("download repo %s %s %s", repoUrl, dirname);
   const zipFilePath = path7.join(dirname, "repo.zip");
   debug15("download URL: %s auth headers: %o", downloadUrl, authHeaders);
@@ -7892,7 +7911,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     autoPr
   } = params;
   debug15("start %s %s", dirname, repo);
-  const { createSpinner: createSpinner4 } = Spinner2({ ci });
+  const { createSpinner: createSpinner5 } = Spinner2({ ci });
   skipPrompts = skipPrompts || ci;
   let gqlClient = new GQLClient({
     apiKey: apiKey || config2.get("apiToken"),
@@ -7929,7 +7948,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
   });
   if (!isRepoAvailable) {
     if (ci || !cloudScmLibType || !scmAuthUrl) {
-      const errorMessage = scmAuthUrl ? `Cannot access repo ${repo}` : `Cannot access repo ${repo} with the provided token, please visit ${scmAuthUrl} to refresh your source control management system token`;
+      const errorMessage = scmAuthUrl ? `Cannot access repo ${repo}. Make sure that the repo is accessible and the SCM token configured on Mobb is correct.` : `Cannot access repo ${repo} with the provided token, please visit ${scmAuthUrl} to refresh your source control management system token`;
       throw new Error(errorMessage);
     }
     if (cloudScmLibType && scmAuthUrl) {
@@ -7982,7 +8001,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
   if (!reportPath) {
     throw new Error("reportPath is null");
   }
-  const uploadReportSpinner = createSpinner4("\u{1F4C1} Uploading Report").start();
+  const uploadReportSpinner = createSpinner5("\u{1F4C1} Uploading Report").start();
   try {
     await uploadFile({
       file: reportPath,
@@ -7994,8 +8013,14 @@ async function _scan(params, { skipPrompts = false } = {}) {
     uploadReportSpinner.error({ text: "\u{1F4C1} Report upload failed" });
     throw e;
   }
+  await _digestReport({
+    gqlClient,
+    fixReportId: reportUploadInfo.fixReportId,
+    projectId,
+    command
+  });
   uploadReportSpinner.success({ text: "\u{1F4C1} Report uploaded successfully" });
-  const mobbSpinner = createSpinner4("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
+  const mobbSpinner = createSpinner5("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
   const sendReportRes = await sendReport({
     gqlClient,
     spinner: mobbSpinner,
@@ -8022,7 +8047,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     await handleAutoPr({
       gqlClient,
       analysisId: reportUploadInfo.fixReportId,
-      createSpinner: createSpinner4
+      createSpinner: createSpinner5
     });
   }
   await askToOpenAnalysis();
@@ -8048,7 +8073,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     const scmLibType = getCloudScmLibTypeFromUrl(repoUrl);
     const scmName = scmLibType === "GITHUB" /* GITHUB */ ? "Github" : scmLibType === "GITLAB" /* GITLAB */ ? "Gitlab" : scmLibType === "ADO" /* ADO */ ? "Azure DevOps" : "";
     const addScmIntegration = skipPrompts ? true : await scmIntegrationPrompt(scmName);
-    const scmSpinner = createSpinner4(
+    const scmSpinner = createSpinner5(
       `\u{1F517} Waiting for ${scmName} integration...`
     ).start();
     if (!addScmIntegration) {
@@ -8092,7 +8117,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     if (!srcPath || !reportPath) {
       throw new Error("src path and reportPath is required");
     }
-    const uploadReportSpinner2 = createSpinner4("\u{1F4C1} Uploading Report").start();
+    const uploadReportSpinner2 = createSpinner5("\u{1F4C1} Uploading Report").start();
     try {
       await uploadFile({
         file: reportPath,
@@ -8107,48 +8132,17 @@ async function _scan(params, { skipPrompts = false } = {}) {
     uploadReportSpinner2.success({
       text: "\u{1F4C1} Uploading Report successful!"
     });
-    const digestSpinner = createSpinner4(
-      progressMassages.processingVulnerabilityReport
-    ).start();
-    let vulnFiles = [];
-    const gitInfo = await getGitInfo(srcPath);
-    try {
-      const { vulnerabilityReportId } = await gqlClient.digestVulnerabilityReport({
-        fixReportId: reportUploadInfo.fixReportId,
-        projectId,
-        scanSource: _getScanSource(command)
-      });
-      try {
-        await gqlClient.subscribeToAnalysis({
-          subscribeToAnalysisParams: {
-            analysisId: reportUploadInfo.fixReportId
-          },
-          callback: () => digestSpinner.update({
-            text: progressMassages.processingVulnerabilityReportSuccess
-          }),
-          callbackStates: [
-            "Digested" /* Digested */,
-            "Finished" /* Finished */
-          ],
-          timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
-        });
-      } catch (e) {
-        throw new Error(progressMassages.processingVulnerabilityReportFailed);
-      }
-      vulnFiles = await gqlClient.getVulnerabilityReportPaths(
-        vulnerabilityReportId
-      );
-    } catch (e) {
-      digestSpinner.error({ text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report failed" });
-      throw e;
-    }
-    digestSpinner.success({
-      text: progressMassages.processingVulnerabilityReportSuccess
+    const vulnFiles = await _digestReport({
+      gqlClient,
+      fixReportId: reportUploadInfo.fixReportId,
+      projectId,
+      command
     });
-    const zippingSpinner = createSpinner4("\u{1F4E6} Zipping repo").start();
+    const gitInfo = await getGitInfo(srcPath);
+    const zippingSpinner = createSpinner5("\u{1F4E6} Zipping repo").start();
     const zipBuffer = await pack(srcPath, vulnFiles);
     zippingSpinner.success({ text: "\u{1F4E6} Zipping repo successful!" });
-    const uploadRepoSpinner = createSpinner4("\u{1F4C1} Uploading Repo").start();
+    const uploadRepoSpinner = createSpinner5("\u{1F4C1} Uploading Repo").start();
     try {
       await uploadFile({
         file: zipBuffer,
@@ -8161,7 +8155,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
       throw e;
     }
     uploadRepoSpinner.success({ text: "\u{1F4C1} Uploading Repo successful!" });
-    const mobbSpinner2 = createSpinner4("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
+    const mobbSpinner2 = createSpinner5("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
     try {
       await sendReport({
         gqlClient,
@@ -8218,13 +8212,61 @@ async function _scan(params, { skipPrompts = false } = {}) {
       await handleAutoPr({
         gqlClient,
         analysisId: reportUploadInfo.fixReportId,
-        createSpinner: createSpinner4
+        createSpinner: createSpinner5
       });
     }
     await askToOpenAnalysis();
     return reportUploadInfo.fixReportId;
   }
 }
+async function _digestReport({
+  gqlClient,
+  fixReportId,
+  projectId,
+  command
+}) {
+  const digestSpinner = createSpinner4(
+    progressMassages.processingVulnerabilityReport
+  ).start();
+  try {
+    const { vulnerabilityReportId } = await gqlClient.digestVulnerabilityReport(
+      {
+        fixReportId,
+        projectId,
+        scanSource: _getScanSource(command)
+      }
+    );
+    try {
+      await gqlClient.subscribeToAnalysis({
+        subscribeToAnalysisParams: {
+          analysisId: fixReportId
+        },
+        callback: () => digestSpinner.update({
+          text: progressMassages.processingVulnerabilityReportSuccess
+        }),
+        callbackStates: [
+          "Digested" /* Digested */,
+          "Finished" /* Finished */
+        ],
+        timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
+      });
+    } catch (e) {
+      throw new Error(progressMassages.processingVulnerabilityReportFailed);
+    }
+    const vulnFiles = await gqlClient.getVulnerabilityReportPaths(
+      vulnerabilityReportId
+    );
+    digestSpinner.success({
+      text: progressMassages.processingVulnerabilityReportSuccess
+    });
+    return vulnFiles;
+  } catch (e) {
+    digestSpinner.error({
+      text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report failed. Please verify that the file provided is of a valid supported report format."
+    });
+    throw e;
+  }
+}
 
 // src/commands/index.ts
 import chalk5 from "chalk";
@@ -8364,19 +8406,19 @@ async function handleMobbLogin({
   apiKey,
   skipPrompts
 }) {
-  const { createSpinner: createSpinner4 } = Spinner({ ci: skipPrompts });
+  const { createSpinner: createSpinner5 } = Spinner({ ci: skipPrompts });
   if (await inGqlClient.verifyToken()) {
-    createSpinner4().start().success({
+    createSpinner5().start().success({
       text: "\u{1F513} Logged in to Mobb successfully"
     });
     return inGqlClient;
   } else if (apiKey) {
-    createSpinner4().start().error({
+    createSpinner5().start().error({
       text: "\u{1F513} Logged in to Mobb failed - check your api-key"
     });
     throw new CliError();
   }
-  const loginSpinner = createSpinner4().start();
+  const loginSpinner = createSpinner5().start();
   if (!skipPrompts) {
     loginSpinner.update({ text: MOBB_LOGIN_REQUIRED_MSG });
     await keypress();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.2",
+  "version": "1.0.5",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",