mobbdev 1.0.44 → 1.0.46

package/dist/index.mjs

@@ -837,16 +837,6 @@ var FixPageFixReportZ = z3.object({
   expirationOn: z3.string(),
   createdOn: z3.string(),
   state: z3.nativeEnum(Fix_Report_State_Enum),
-  fixes_aggregate: z3.object({
-    aggregate: z3.object({
-      count: z3.number()
-    })
-  }),
-  fixableIssuesCount: z3.object({
-    aggregate: z3.object({
-      count: z3.number()
-    })
-  }),
   repo: z3.object({
     name: z3.string().nullable(),
     originalUrl: z3.string(),
@@ -1156,9 +1146,6 @@ var AnalysisReportDigestedZ = z7.object({
 });
 var ReportQueryResultZ = z7.object({
   fixReport_by_pk: z7.object({
-    fixableIssuesCount: z7.object({
-      aggregate: z7.object({ count: z7.number() })
-    }),
     id: z7.string().uuid(),
     analysisUrl: z7.string(),
     fixesCommitted: z7.object({
@@ -1177,11 +1164,6 @@ var ReportQueryResultZ = z7.object({
     createdOn: z7.string(),
     expirationOn: z7.string().nullable(),
     state: z7.nativeEnum(Fix_Report_State_Enum),
-    fixes_aggregate: z7.object({
-      aggregate: z7.object({
-        count: z7.number()
-      })
-    }),
     fixes: z7.array(
       z7.object({
         id: z7.string().uuid(),
@@ -1217,6 +1199,11 @@ var ReportQueryResultZ = z7.object({
       commitSha: z7.string(),
       isKnownBranch: z7.boolean().nullish().default(true)
     }),
+    vulnerabilityReportIssuesFixedCount: z7.object({
+      vulnerabilityReportIssues_aggregate: z7.object({
+        aggregate: z7.object({ count: z7.number() })
+      })
+    }),
     vulnerabilityReport: z7.object({
       id: z7.string().uuid(),
       reportSummaryUrl: z7.string().url().nullish(),
@@ -1369,13 +1356,7 @@ var FixPageQueryZ = z7.object({
 var GetReportFixesQueryZ = z7.object({
   fixReport: z7.array(
     z7.object({
-      fixableIssuesCount: z7.object({
-        aggregate: z7.object({ count: z7.number() })
-      }),
       fixes: z7.array(ReportFixesQueryFixZ),
-      fixes_aggregate: z7.object({
-        aggregate: z7.object({ count: z7.number() })
-      }),
       vulnerabilityReportIssuesTotalCount: z7.object({
         vulnerabilityReportIssues_aggregate: z7.object({
           aggregate: z7.object({ count: z7.number() })
@@ -1406,9 +1387,9 @@ var ProjectVulnerabilityReport = z7.object({
   fixReport: z7.object({
     id: z7.string().uuid(),
     createdOn: z7.string(),
-    fixes_aggregate: z7.object({
-      aggregate: z7.object({
-        count: z7.number()
+    vulnerabilityReportIssuesFixedCount: z7.object({
+      vulnerabilityReportIssues_aggregate: z7.object({
+        aggregate: z7.object({ count: z7.number() })
       })
     }),
     issueTypes: z7.record(z7.string(), z7.number()).nullable(),
@@ -1438,11 +1419,6 @@ var ProjectGetProjectZ = z7.object({
     fixReport: z7.object({
       issueLanguages: z7.record(z7.nativeEnum(IssueLanguage_Enum), z7.number()).nullable(),
       state: z7.nativeEnum(Fix_Report_State_Enum),
-      fixes_aggregate: z7.object({
-        aggregate: z7.object({
-          count: z7.number()
-        })
-      }),
       repo: z7.object({
         originalUrl: z7.string(),
         reference: z7.string()
@@ -1593,6 +1569,7 @@ var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 30;
 
 // src/features/analysis/index.ts
 import fs4 from "node:fs";
+import fsPromises from "node:fs/promises";
 import path7 from "node:path";
 import { env as env2 } from "node:process";
 import { pipeline } from "node:stream/promises";
@@ -1708,7 +1685,7 @@ import { createSpinner as createSpinner4 } from "nanospinner";
 import fetch4 from "node-fetch";
 import open2 from "open";
 import tmp2 from "tmp";
-import { z as z30 } from "zod";
+import { z as z31 } from "zod";
 
 // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
 import Debug8 from "debug";
@@ -7822,15 +7799,29 @@ import Debug12 from "debug";
 import { globby } from "globby";
 import { isBinary } from "istextorbinary";
 import { simpleGit as simpleGit3 } from "simple-git";
+import { parseStringPromise } from "xml2js";
+import { z as z30 } from "zod";
 var debug12 = Debug12("mobbdev:pack");
 var MAX_FILE_SIZE = 1024 * 1024 * 5;
+var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA = z30.object({
+  properties: z30.object({
+    entry: z30.array(
+      z30.object({
+        _: z30.string(),
+        $: z30.object({
+          key: z30.string()
+        })
+      })
+    )
+  })
+});
 function endsWithAny(str, suffixes) {
   return suffixes.some(function(suffix) {
     return str.endsWith(suffix);
   });
 }
 function _get_manifest_files_suffixes() {
-  return ["package.json"];
+  return ["package.json", "pom.xml"];
 }
 async function pack(srcDirPath, vulnFiles) {
   debug12("pack folder %s", srcDirPath);
@@ -7891,6 +7882,25 @@ async function pack(srcDirPath, vulnFiles) {
   debug12("get zip file buffer");
   return zip.toBuffer();
 }
+async function repackFpr(fprPath) {
+  debug12("repack fpr file %s", fprPath);
+  const zipIn = new AdmZip(fprPath);
+  const zipOut = new AdmZip();
+  const mappingXML = zipIn.readAsText("src-archive/index.xml", "utf-8");
+  const filesMapping = FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA.parse(
+    await parseStringPromise(mappingXML)
+  );
+  for (const fileMapping of filesMapping.properties.entry) {
+    const zipPath = fileMapping._;
+    const realPath = fileMapping.$.key;
+    const buf = zipIn.readFile(zipPath);
+    if (buf) {
+      zipOut.addFile(realPath, buf);
+    }
+  }
+  debug12("get repacked zip file buffer");
+  return zipOut.toBuffer();
+}
 
 // src/features/analysis/prompts.ts
 import inquirer from "inquirer";
@@ -8553,7 +8563,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     spinner: mobbSpinner,
     submitVulnerabilityReportVariables: {
       fixReportId: reportUploadInfo.fixReportId,
-      repoUrl: z30.string().parse(repo),
+      repoUrl: z31.string().parse(repo),
       reference,
       projectId,
       vulnerabilityReportFileName: "report.json",
@@ -8666,9 +8676,16 @@ async function _scan(params, { skipPrompts = false } = {}) {
       projectId,
       command
     });
-    const gitInfo = await getGitInfo(srcPath);
+    const srcFileStatus = await fsPromises.lstat(srcPath);
     const zippingSpinner = createSpinner5("\u{1F4E6} Zipping repo").start();
-    const zipBuffer = await pack(srcPath, vulnFiles);
+    let zipBuffer;
+    let gitInfo = { success: false };
+    if (srcFileStatus.isFile() && path7.extname(srcPath).toLowerCase() === ".fpr") {
+      zipBuffer = await repackFpr(srcPath);
+    } else {
+      gitInfo = await getGitInfo(srcPath);
+      zipBuffer = await pack(srcPath, vulnFiles);
+    }
     zippingSpinner.success({ text: "\u{1F4E6} Zipping repo successful!" });
     const uploadRepoSpinner = createSpinner5("\u{1F4C1} Uploading Repo").start();
     try {
@@ -8699,9 +8716,9 @@ async function _scan(params, { skipPrompts = false } = {}) {
         }
       });
       if (command === "review") {
-        const params2 = z30.object({
-          repo: z30.string().url(),
-          githubActionToken: z30.string()
+        const params2 = z31.object({
+          repo: z31.string().url(),
+          githubActionToken: z31.string()
         }).parse({ repo, githubActionToken });
         const scm = await createScmLib(
           {
@@ -8723,7 +8740,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
               analysisId,
               gqlClient,
               scm,
-              scanner: z30.nativeEnum(SCANNERS).parse(scanner)
+              scanner: z31.nativeEnum(SCANNERS).parse(scanner)
             });
           },
           callbackStates: ["Finished" /* Finished */]
@@ -9106,7 +9123,7 @@ var scmTokenOption = {
 // src/args/validation.ts
 import chalk7 from "chalk";
 import path8 from "path";
-import { z as z31 } from "zod";
+import { z as z32 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
   repoUrl,
@@ -9123,11 +9140,11 @@ Example:
   )}`;
   throw new CliError(formattedErrorMessage);
 }
-var UrlZ = z31.string({
+var UrlZ = z32.string({
   invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
 });
 function validateOrganizationId(organizationId) {
-  const orgIdValidation = z31.string().uuid().nullish().safeParse(organizationId);
+  const orgIdValidation = z32.string().uuid().nullish().safeParse(organizationId);
   if (!orgIdValidation.success) {
     throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
   }
@@ -9174,7 +9191,7 @@ function analyzeBuilder(yargs2) {
   }).option("repo", repoOption).option("p", {
     alias: "src-path",
     describe: chalk8.bold(
-      "Path to the repository folder with the source code"
+      "Path to the repository folder with the source code; alternatively, you can specify the Fortify FPR file to extract source code out of it"
     ),
     type: "string"
   }).option("ref", refOption).option("ch", {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.44",
+  "version": "1.0.46",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",
@@ -70,6 +70,7 @@
     "undici": "6.21.1",
     "uuid": "11.1.0",
     "ws": "8.18.0",
+    "xml2js": "0.6.2",
     "yargs": "17.7.2",
     "zod": "3.24.2"
   },
@@ -89,6 +90,7 @@
     "@types/tmp": "0.2.6",
     "@types/uuid": "10.0.0",
     "@types/ws": "8.5.14",
+    "@types/xml2js": "0.4.14",
     "@types/yargs": "17.0.33",
     "@typescript-eslint/eslint-plugin": "7.17.0",
     "@typescript-eslint/parser": "7.17.0",