mobbdev 1.0.45 → 1.0.46

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.mjs +54 -13
  2. package/package.json +3 -1
package/dist/index.mjs CHANGED
@@ -1569,6 +1569,7 @@ var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 30;
1569
1569
 
1570
1570
  // src/features/analysis/index.ts
1571
1571
  import fs4 from "node:fs";
1572
+ import fsPromises from "node:fs/promises";
1572
1573
  import path7 from "node:path";
1573
1574
  import { env as env2 } from "node:process";
1574
1575
  import { pipeline } from "node:stream/promises";
@@ -1684,7 +1685,7 @@ import { createSpinner as createSpinner4 } from "nanospinner";
1684
1685
  import fetch4 from "node-fetch";
1685
1686
  import open2 from "open";
1686
1687
  import tmp2 from "tmp";
1687
- import { z as z30 } from "zod";
1688
+ import { z as z31 } from "zod";
1688
1689
 
1689
1690
  // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
1690
1691
  import Debug8 from "debug";
@@ -7798,15 +7799,29 @@ import Debug12 from "debug";
7798
7799
  import { globby } from "globby";
7799
7800
  import { isBinary } from "istextorbinary";
7800
7801
  import { simpleGit as simpleGit3 } from "simple-git";
7802
+ import { parseStringPromise } from "xml2js";
7803
+ import { z as z30 } from "zod";
7801
7804
  var debug12 = Debug12("mobbdev:pack");
7802
7805
  var MAX_FILE_SIZE = 1024 * 1024 * 5;
7806
+ var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA = z30.object({
7807
+ properties: z30.object({
7808
+ entry: z30.array(
7809
+ z30.object({
7810
+ _: z30.string(),
7811
+ $: z30.object({
7812
+ key: z30.string()
7813
+ })
7814
+ })
7815
+ )
7816
+ })
7817
+ });
7803
7818
  function endsWithAny(str, suffixes) {
7804
7819
  return suffixes.some(function(suffix) {
7805
7820
  return str.endsWith(suffix);
7806
7821
  });
7807
7822
  }
7808
7823
  function _get_manifest_files_suffixes() {
7809
- return ["package.json"];
7824
+ return ["package.json", "pom.xml"];
7810
7825
  }
7811
7826
  async function pack(srcDirPath, vulnFiles) {
7812
7827
  debug12("pack folder %s", srcDirPath);
@@ -7867,6 +7882,25 @@ async function pack(srcDirPath, vulnFiles) {
7867
7882
  debug12("get zip file buffer");
7868
7883
  return zip.toBuffer();
7869
7884
  }
7885
+ async function repackFpr(fprPath) {
7886
+ debug12("repack fpr file %s", fprPath);
7887
+ const zipIn = new AdmZip(fprPath);
7888
+ const zipOut = new AdmZip();
7889
+ const mappingXML = zipIn.readAsText("src-archive/index.xml", "utf-8");
7890
+ const filesMapping = FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA.parse(
7891
+ await parseStringPromise(mappingXML)
7892
+ );
7893
+ for (const fileMapping of filesMapping.properties.entry) {
7894
+ const zipPath = fileMapping._;
7895
+ const realPath = fileMapping.$.key;
7896
+ const buf = zipIn.readFile(zipPath);
7897
+ if (buf) {
7898
+ zipOut.addFile(realPath, buf);
7899
+ }
7900
+ }
7901
+ debug12("get repacked zip file buffer");
7902
+ return zipOut.toBuffer();
7903
+ }
7870
7904
 
7871
7905
  // src/features/analysis/prompts.ts
7872
7906
  import inquirer from "inquirer";
@@ -8529,7 +8563,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
8529
8563
  spinner: mobbSpinner,
8530
8564
  submitVulnerabilityReportVariables: {
8531
8565
  fixReportId: reportUploadInfo.fixReportId,
8532
- repoUrl: z30.string().parse(repo),
8566
+ repoUrl: z31.string().parse(repo),
8533
8567
  reference,
8534
8568
  projectId,
8535
8569
  vulnerabilityReportFileName: "report.json",
@@ -8642,9 +8676,16 @@ async function _scan(params, { skipPrompts = false } = {}) {
8642
8676
  projectId,
8643
8677
  command
8644
8678
  });
8645
- const gitInfo = await getGitInfo(srcPath);
8679
+ const srcFileStatus = await fsPromises.lstat(srcPath);
8646
8680
  const zippingSpinner = createSpinner5("\u{1F4E6} Zipping repo").start();
8647
- const zipBuffer = await pack(srcPath, vulnFiles);
8681
+ let zipBuffer;
8682
+ let gitInfo = { success: false };
8683
+ if (srcFileStatus.isFile() && path7.extname(srcPath).toLowerCase() === ".fpr") {
8684
+ zipBuffer = await repackFpr(srcPath);
8685
+ } else {
8686
+ gitInfo = await getGitInfo(srcPath);
8687
+ zipBuffer = await pack(srcPath, vulnFiles);
8688
+ }
8648
8689
  zippingSpinner.success({ text: "\u{1F4E6} Zipping repo successful!" });
8649
8690
  const uploadRepoSpinner = createSpinner5("\u{1F4C1} Uploading Repo").start();
8650
8691
  try {
@@ -8675,9 +8716,9 @@ async function _scan(params, { skipPrompts = false } = {}) {
8675
8716
  }
8676
8717
  });
8677
8718
  if (command === "review") {
8678
- const params2 = z30.object({
8679
- repo: z30.string().url(),
8680
- githubActionToken: z30.string()
8719
+ const params2 = z31.object({
8720
+ repo: z31.string().url(),
8721
+ githubActionToken: z31.string()
8681
8722
  }).parse({ repo, githubActionToken });
8682
8723
  const scm = await createScmLib(
8683
8724
  {
@@ -8699,7 +8740,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
8699
8740
  analysisId,
8700
8741
  gqlClient,
8701
8742
  scm,
8702
- scanner: z30.nativeEnum(SCANNERS).parse(scanner)
8743
+ scanner: z31.nativeEnum(SCANNERS).parse(scanner)
8703
8744
  });
8704
8745
  },
8705
8746
  callbackStates: ["Finished" /* Finished */]
@@ -9082,7 +9123,7 @@ var scmTokenOption = {
9082
9123
  // src/args/validation.ts
9083
9124
  import chalk7 from "chalk";
9084
9125
  import path8 from "path";
9085
- import { z as z31 } from "zod";
9126
+ import { z as z32 } from "zod";
9086
9127
  function throwRepoUrlErrorMessage({
9087
9128
  error,
9088
9129
  repoUrl,
@@ -9099,11 +9140,11 @@ Example:
9099
9140
  )}`;
9100
9141
  throw new CliError(formattedErrorMessage);
9101
9142
  }
9102
- var UrlZ = z31.string({
9143
+ var UrlZ = z32.string({
9103
9144
  invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
9104
9145
  });
9105
9146
  function validateOrganizationId(organizationId) {
9106
- const orgIdValidation = z31.string().uuid().nullish().safeParse(organizationId);
9147
+ const orgIdValidation = z32.string().uuid().nullish().safeParse(organizationId);
9107
9148
  if (!orgIdValidation.success) {
9108
9149
  throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
9109
9150
  }
@@ -9150,7 +9191,7 @@ function analyzeBuilder(yargs2) {
9150
9191
  }).option("repo", repoOption).option("p", {
9151
9192
  alias: "src-path",
9152
9193
  describe: chalk8.bold(
9153
- "Path to the repository folder with the source code"
9194
+ "Path to the repository folder with the source code; alternatively, you can specify the Fortify FPR file to extract source code out of it"
9154
9195
  ),
9155
9196
  type: "string"
9156
9197
  }).option("ref", refOption).option("ch", {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mobbdev",
3
- "version": "1.0.45",
3
+ "version": "1.0.46",
4
4
  "description": "Automated secure code remediation tool",
5
5
  "repository": "git+https://github.com/mobb-dev/bugsy.git",
6
6
  "main": "dist/index.js",
@@ -70,6 +70,7 @@
70
70
  "undici": "6.21.1",
71
71
  "uuid": "11.1.0",
72
72
  "ws": "8.18.0",
73
+ "xml2js": "0.6.2",
73
74
  "yargs": "17.7.2",
74
75
  "zod": "3.24.2"
75
76
  },
@@ -89,6 +90,7 @@
89
90
  "@types/tmp": "0.2.6",
90
91
  "@types/uuid": "10.0.0",
91
92
  "@types/ws": "8.5.14",
93
+ "@types/xml2js": "0.4.14",
92
94
  "@types/yargs": "17.0.33",
93
95
  "@typescript-eslint/eslint-plugin": "7.17.0",
94
96
  "@typescript-eslint/parser": "7.17.0",