mobbdev 1.0.45 → 1.0.47

package/dist/index.mjs

@@ -614,8 +614,12 @@ var GitReferenceDocument = `
 }
     `;
 var AutoPrAnalysisDocument = `
-    mutation autoPrAnalysis($analysisId: String!, $commitDirectly: Boolean) {
-  autoPrAnalysis(analysisId: $analysisId, sameBranchCommit: $commitDirectly) {
+    mutation autoPrAnalysis($analysisId: String!, $commitDirectly: Boolean, $prId: Int) {
+  autoPrAnalysis(
+    analysisId: $analysisId
+    sameBranchCommit: $commitDirectly
+    prId: $prId
+  ) {
     __typename
     ... on AutoPrSuccess {
       status
@@ -1569,6 +1573,7 @@ var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 30;
 
 // src/features/analysis/index.ts
 import fs4 from "node:fs";
+import fsPromises from "node:fs/promises";
 import path7 from "node:path";
 import { env as env2 } from "node:process";
 import { pipeline } from "node:stream/promises";
@@ -1684,7 +1689,7 @@ import { createSpinner as createSpinner4 } from "nanospinner";
 import fetch4 from "node-fetch";
 import open2 from "open";
 import tmp2 from "tmp";
-import { z as z30 } from "zod";
+import { z as z31 } from "zod";
 
 // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
 import Debug8 from "debug";
@@ -4302,6 +4307,26 @@ async function getAdoSdk(params) {
       }
       return parsedPullRequestStatus.data;
     },
+    async addCommentToAdoPullRequest({
+      repoUrl,
+      prNumber,
+      markdownComment
+    }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+      const git = await api2.getGitApi();
+      const comment = {
+        comments: [
+          {
+            parentCommentId: 0,
+            // Root comment
+            content: markdownComment,
+            commentType: 1
+            // Default type
+          }
+        ]
+      };
+      await git.createThread(comment, repo, prNumber, projectName);
+    },
     async getAdoIsRemoteBranch({
       repoUrl,
       branch
@@ -4617,7 +4642,8 @@ var CommitToSameBranchParamsZ = BaseSubmitToScmMessageZ.merge(
     branch: z19.string(),
     commitMessages: z19.array(z19.string()),
     commitDescriptions: z19.array(z19.string().nullish()),
-    githubCommentId: z19.number().nullish()
+    githubCommentId: z19.number().nullish(),
+    prId: z19.number().nullish()
   })
 );
 var SubmitFixesToDifferentBranchParamsZ = z19.object({
@@ -4676,7 +4702,8 @@ var GitCommitZ = z19.object({
 var SubmitFixesToSameBranchResponseMessageZ = z19.object({
   type: z19.literal(submitToScmMessageType.commitToSameBranch),
   githubCommentId: z19.number().nullish(),
-  commits: z19.array(GitCommitZ)
+  commits: z19.array(GitCommitZ),
+  prId: z19.number().nullish()
 }).merge(SubmitFixesBaseResponseMessageZ);
 var SubmitFixesToDifferentBranchResponseMessageZ = z19.object({
   type: z19.literal(submitToScmMessageType.submitFixesForDifferentBranch),
@@ -4931,16 +4958,16 @@ var AdoSCMLib = class extends SCMLib {
       repoUrl: this.url
     });
   }
-  async getPrUrl(prNumber) {
+  async getSubmitRequestUrl(submitRequestIdNumber) {
     this._validateUrl();
     const adoSdk = await this.getAdoSdk();
     return adoSdk.getAdoPrUrl({
       url: this.url,
-      prNumber
+      prNumber: submitRequestIdNumber
     });
   }
-  async getPrId(prUrl) {
-    const match = prUrl.match(/\/pullrequest\/(\d+)/);
+  async getSubmitRequestId(submitRequestUrl) {
+    const match = submitRequestUrl.match(/\/pullrequest\/(\d+)/);
     return match?.[1] || "";
   }
   async getCommitUrl(commitId) {
@@ -4951,6 +4978,15 @@ var AdoSCMLib = class extends SCMLib {
       commitId
     });
   }
+  async addCommentToSubmitRequest(scmSubmitRequestId, comment) {
+    this._validateAccessTokenAndUrl();
+    const adoSdk = await this.getAdoSdk();
+    await adoSdk.addCommentToAdoPullRequest({
+      repoUrl: this.url,
+      prNumber: Number(scmSubmitRequestId),
+      markdownComment: comment
+    });
+  }
 };
 
 // src/features/analysis/scm/bitbucket/bitbucket.ts
@@ -4992,7 +5028,7 @@ function parseBitbucketOrganizationAndRepo(bitbucketUrl) {
   const validatedBitbucketResult = BitbucketParseResultZ.parse(parsingResult);
   return {
     workspace: validatedBitbucketResult.organization,
-    repoSlug: validatedBitbucketResult.repoName
+    repo_slug: validatedBitbucketResult.repoName
   };
 }
 function getBitbucketIntance(params) {
@@ -5032,11 +5068,11 @@ function getBitbucketSdk(params) {
       }));
     },
     async getBranchList(params2) {
-      const { workspace, repoSlug } = parseBitbucketOrganizationAndRepo(
+      const { workspace, repo_slug } = parseBitbucketOrganizationAndRepo(
         params2.repoUrl
       );
       const res = await bitbucketClient.refs.listBranches({
-        repo_slug: repoSlug,
+        repo_slug,
         workspace,
         pagelen: 100,
         //It seems to not work with very large numbers like 1000 (MAX_BRANCHES_FETCH) and returns a bad request response
@@ -5049,8 +5085,8 @@ function getBitbucketSdk(params) {
     },
     async getIsUserCollaborator(params2) {
       const { repoUrl } = params2;
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(repoUrl);
-      const fullRepoName = `${workspace}/${repoSlug}`;
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(repoUrl);
+      const fullRepoName = `${workspace}/${repo_slug}`;
       const res = await bitbucketClient.user.listPermissionsForRepos({
         q: `repository.full_name~"${fullRepoName}"`
       });
@@ -5059,11 +5095,11 @@ function getBitbucketSdk(params) {
       ) ?? false;
     },
     async createPullRequest(params2) {
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(
         params2.repoUrl
       );
       const res = await bitbucketClient.pullrequests.create({
-        repo_slug: repoSlug,
+        repo_slug,
         workspace,
         _body: {
           type: "pullrequest",
@@ -5086,43 +5122,43 @@ function getBitbucketSdk(params) {
       return res.data;
     },
     async getDownloadlink(params2) {
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(
         params2.repoUrl
       );
       const res = await bitbucketClient.downloads.list({
-        repo_slug: repoSlug,
+        repo_slug,
         workspace
       });
       return res.data;
     },
     async getBranch(params2) {
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(
         params2.repoUrl
       );
       const res = await bitbucketClient.refs.getBranch({
         name: params2.branchName,
-        repo_slug: repoSlug,
+        repo_slug,
         workspace
       });
       return res.data;
     },
     async getRepo(params2) {
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(
         params2.repoUrl
       );
       const res = await bitbucketClient.repositories.get({
-        repo_slug: repoSlug,
+        repo_slug,
         workspace
       });
       return res.data;
     },
     async getCommit(params2) {
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(
         params2.repoUrl
       );
       const res = await bitbucketClient.commits.get({
         commit: params2.commitSha,
-        repo_slug: repoSlug,
+        repo_slug,
         workspace
       });
       return res.data;
@@ -5151,9 +5187,9 @@ function getBitbucketSdk(params) {
     },
     async getTagRef(params2) {
       const { tagName, repoUrl } = params2;
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(repoUrl);
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(repoUrl);
       const tagRes = await bitbucketClient.refs.getTag({
-        repo_slug: repoSlug,
+        repo_slug,
         workspace,
         name: tagName
       });
@@ -5186,12 +5222,31 @@ function getBitbucketSdk(params) {
       return `${parsedRepoUrl}/get/${sha}.zip`;
     },
     async getPullRequest(params2) {
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(
         params2.url
       );
       const res = await bitbucketClient.pullrequests.get({
         pull_request_id: params2.prNumber,
-        repo_slug: repoSlug,
+        repo_slug,
+        workspace
+      });
+      return res.data;
+    },
+    async addCommentToPullRequest({
+      url,
+      prNumber,
+      markdownComment
+    }) {
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(url);
+      const res = await bitbucketClient.pullrequests.createComment({
+        //@ts-expect-error tyep requires _body.type, but it its uses api fails
+        _body: {
+          content: {
+            raw: markdownComment
+          }
+        },
+        pull_request_id: prNumber,
+        repo_slug,
         workspace
       });
       return res.data;
@@ -5461,24 +5516,32 @@ var BitbucketSCMLib = class extends SCMLib {
     const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
     return z23.string().parse(repoRes.mainbranch?.name);
   }
-  getPrUrl(prNumber) {
+  getSubmitRequestUrl(submitRequestId) {
     this._validateUrl();
-    const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
+    const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
     return Promise.resolve(
-      `https://bitbucket.org/${workspace}/${repoSlug}/pull-requests/${prNumber}`
+      `https://bitbucket.org/${workspace}/${repo_slug}/pull-requests/${submitRequestId}`
     );
   }
-  async getPrId(prUrl) {
-    const match = prUrl.match(/\/pull-requests\/(\d+)/);
+  async getSubmitRequestId(submitRequestUrl) {
+    const match = submitRequestUrl.match(/\/pull-requests\/(\d+)/);
     return match?.[1] || "";
   }
   getCommitUrl(commitId) {
     this._validateUrl();
-    const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
+    const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
     return Promise.resolve(
-      `https://bitbucket.org/${workspace}/${repoSlug}/commits/${commitId}`
+      `https://bitbucket.org/${workspace}/${repo_slug}/commits/${commitId}`
     );
   }
+  async addCommentToSubmitRequest(submitRequestId, comment) {
+    this._validateUrl();
+    await this.bitbucketSdk.addCommentToPullRequest({
+      prNumber: Number(submitRequestId),
+      url: this.url,
+      markdownComment: comment
+    });
+  }
 };
 
 // src/features/analysis/scm/github/GithubSCMLib.ts
@@ -5639,6 +5702,14 @@ var GithubSCMLib = class extends SCMLib {
       prNumber: Number(scmSubmitRequestId)
     });
   }
+  async addCommentToSubmitRequest(submitRequestId, comment) {
+    this._validateAccessTokenAndUrl();
+    await this.githubSdk.createMarkdownCommentOnPullRequest({
+      repoUrl: this.url,
+      prNumber: Number(submitRequestId),
+      markdownComment: comment
+    });
+  }
   async getRepoBlameRanges(ref, path9) {
     this._validateUrl();
     return await this.githubSdk.getGithubBlameRanges({
@@ -5664,18 +5735,18 @@ var GithubSCMLib = class extends SCMLib {
     this._validateUrl();
     return await this.githubSdk.getGithubRepoDefaultBranch(this.url);
   }
-  async getPrUrl(prNumber) {
+  async getSubmitRequestUrl(submitRequestUrl) {
     this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
     const getPrRes = await this.githubSdk.getPr({
       owner,
       repo,
-      pull_number: prNumber
+      pull_number: submitRequestUrl
     });
     return getPrRes.data.html_url;
   }
-  async getPrId(prUrl) {
-    const match = prUrl.match(/\/pull\/(\d+)/);
+  async getSubmitRequestId(submitRequestUrl) {
+    const match = submitRequestUrl.match(/\/pull\/(\d+)/);
     return match?.[1] || "";
   }
   async getCommitUrl(commitId) {
@@ -5852,6 +5923,16 @@ async function getGitlabMergeRequestStatus({
       throw new Error(`unknown merge request state ${res.state}`);
   }
 }
+async function createMarkdownCommentOnPullRequest({
+  markdownComment,
+  accessToken,
+  repoUrl,
+  mrNumber
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
+  return api2.MergeRequestNotes.create(projectPath, mrNumber, markdownComment);
+}
 async function getGitlabIsRemoteBranch({
   accessToken,
   repoUrl,
@@ -6202,6 +6283,15 @@ var GitlabSCMLib = class extends SCMLib {
         throw new Error(`unknown state ${state}`);
     }
   }
+  async addCommentToSubmitRequest(submitRequestId, comment) {
+    this._validateAccessTokenAndUrl();
+    await createMarkdownCommentOnPullRequest({
+      accessToken: this.accessToken,
+      repoUrl: this.url,
+      mrNumber: Number(submitRequestId),
+      markdownComment: comment
+    });
+  }
   async getRepoBlameRanges(ref, path9) {
     this._validateUrl();
     return await getGitlabBlameRanges(
@@ -6229,17 +6319,17 @@ var GitlabSCMLib = class extends SCMLib {
       gitlabAuthToken: this.accessToken
     });
   }
-  async getPrUrl(prNumber) {
+  async getSubmitRequestUrl(submitRequestUrl) {
     this._validateAccessTokenAndUrl();
     const res = await getGitlabMergeRequest({
       url: this.url,
-      prNumber,
+      prNumber: submitRequestUrl,
       accessToken: this.accessToken
     });
     return res.web_url;
   }
-  async getPrId(prUrl) {
-    const match = prUrl.match(/\/merge_requests\/(\d+)/);
+  async getSubmitRequestId(submitRequestUrl) {
+    const match = submitRequestUrl.match(/\/merge_requests\/(\d+)/);
     return match?.[1] || "";
   }
   async getCommitUrl(commitId) {
@@ -6324,12 +6414,12 @@ var StubSCMLib = class extends SCMLib {
     console.warn("getRepoDefaultBranch() returning empty string");
     return "";
   }
-  async getPrUrl(_prNumber) {
-    console.warn("getPrUrl() returning empty string");
+  async getSubmitRequestUrl(_submitRequestIdNumber) {
+    console.warn("getSubmitRequestUrl() returning empty string");
     return "";
   }
-  async getPrId(_prUrl) {
-    console.warn("getPrId() returning empty string");
+  async getSubmitRequestId(_submitRequestUrl) {
+    console.warn("getSubmitRequestId() returning empty string");
     return "";
   }
   async getCommitUrl(_commitId) {
@@ -6340,6 +6430,9 @@ var StubSCMLib = class extends SCMLib {
     console.warn("_getUsernameForAuthUrl() returning empty string");
     return "";
   }
+  async addCommentToSubmitRequest(_submitRequestId, _comment) {
+    console.warn("addCommentToSubmitRequest() no-op");
+  }
 };
 
 // src/features/analysis/scm/scmFactory.ts
@@ -6565,6 +6658,16 @@ function getGithubSdk(params = {}) {
       }
       return res.data.state;
     },
+    async createMarkdownCommentOnPullRequest(params2) {
+      const { repoUrl, prNumber, markdownComment } = params2;
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      return octokit.rest.issues.createComment({
+        owner,
+        repo,
+        issue_number: prNumber,
+        body: markdownComment
+      });
+    },
     async getGithubIsRemoteBranch(params2) {
       const { repoUrl, branch } = params2;
       const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
@@ -7301,7 +7404,7 @@ async function addFixCommentsForPr({
 import Debug9 from "debug";
 var debug9 = Debug9("mobbdev:handleAutoPr");
 async function handleAutoPr(params) {
-  const { gqlClient, analysisId, commitDirectly, createSpinner: createSpinner5 } = params;
+  const { gqlClient, analysisId, commitDirectly, prId, createSpinner: createSpinner5 } = params;
   const createAutoPrSpinner = createSpinner5(
     "\u{1F504} Waiting for the analysis to finish before initiating automatic pull request creation"
   ).start();
@@ -7312,7 +7415,8 @@ async function handleAutoPr(params) {
     callback: async (analysisId2) => {
       const autoPrAnalysisRes = await gqlClient.autoPrAnalysis(
         analysisId2,
-        commitDirectly
+        commitDirectly,
+        prId
       );
       debug9("auto pr analysis res %o", autoPrAnalysisRes);
       if (autoPrAnalysisRes.autoPrAnalysis?.__typename === "AutoPrError") {
@@ -7770,10 +7874,11 @@ var GQLClient = class {
     }
     return res.analysis;
   }
-  async autoPrAnalysis(analysisId, commitDirectly) {
+  async autoPrAnalysis(analysisId, commitDirectly, prId) {
     return this._clientSdk.autoPrAnalysis({
       analysisId,
-      commitDirectly
+      commitDirectly,
+      prId
     });
   }
   async getFixes(fixIds) {
@@ -7798,15 +7903,29 @@ import Debug12 from "debug";
 import { globby } from "globby";
 import { isBinary } from "istextorbinary";
 import { simpleGit as simpleGit3 } from "simple-git";
+import { parseStringPromise } from "xml2js";
+import { z as z30 } from "zod";
 var debug12 = Debug12("mobbdev:pack");
 var MAX_FILE_SIZE = 1024 * 1024 * 5;
+var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA = z30.object({
+  properties: z30.object({
+    entry: z30.array(
+      z30.object({
+        _: z30.string(),
+        $: z30.object({
+          key: z30.string()
+        })
+      })
+    )
+  })
+});
 function endsWithAny(str, suffixes) {
   return suffixes.some(function(suffix) {
     return str.endsWith(suffix);
   });
 }
 function _get_manifest_files_suffixes() {
-  return ["package.json"];
+  return ["package.json", "pom.xml"];
 }
 async function pack(srcDirPath, vulnFiles) {
   debug12("pack folder %s", srcDirPath);
@@ -7867,6 +7986,25 @@ async function pack(srcDirPath, vulnFiles) {
   debug12("get zip file buffer");
   return zip.toBuffer();
 }
+async function repackFpr(fprPath) {
+  debug12("repack fpr file %s", fprPath);
+  const zipIn = new AdmZip(fprPath);
+  const zipOut = new AdmZip();
+  const mappingXML = zipIn.readAsText("src-archive/index.xml", "utf-8");
+  const filesMapping = FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA.parse(
+    await parseStringPromise(mappingXML)
+  );
+  for (const fileMapping of filesMapping.properties.entry) {
+    const zipPath = fileMapping._;
+    const realPath = fileMapping.$.key;
+    const buf = zipIn.readFile(zipPath);
+    if (buf) {
+      zipOut.addFile(realPath, buf);
+    }
+  }
+  debug12("get repacked zip file buffer");
+  return zipOut.toBuffer();
+}
 
 // src/features/analysis/prompts.ts
 import inquirer from "inquirer";
@@ -8411,7 +8549,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
     command,
     organizationId: userOrganizationId,
     autoPr,
-    commitDirectly
+    commitDirectly,
+    pullRequest
   } = params;
   debug16("start %s %s", dirname, repo);
   const { createSpinner: createSpinner5 } = Spinner2({ ci });
@@ -8529,7 +8668,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     spinner: mobbSpinner,
     submitVulnerabilityReportVariables: {
       fixReportId: reportUploadInfo.fixReportId,
-      repoUrl: z30.string().parse(repo),
+      repoUrl: z31.string().parse(repo),
       reference,
       projectId,
       vulnerabilityReportFileName: "report.json",
@@ -8551,6 +8690,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
       gqlClient,
       analysisId: reportUploadInfo.fixReportId,
       commitDirectly,
+      prId: pullRequest,
       createSpinner: createSpinner5
     });
   }
@@ -8642,9 +8782,16 @@ async function _scan(params, { skipPrompts = false } = {}) {
       projectId,
       command
     });
-    const gitInfo = await getGitInfo(srcPath);
+    const srcFileStatus = await fsPromises.lstat(srcPath);
     const zippingSpinner = createSpinner5("\u{1F4E6} Zipping repo").start();
-    const zipBuffer = await pack(srcPath, vulnFiles);
+    let zipBuffer;
+    let gitInfo = { success: false };
+    if (srcFileStatus.isFile() && path7.extname(srcPath).toLowerCase() === ".fpr") {
+      zipBuffer = await repackFpr(srcPath);
+    } else {
+      gitInfo = await getGitInfo(srcPath);
+      zipBuffer = await pack(srcPath, vulnFiles);
+    }
     zippingSpinner.success({ text: "\u{1F4E6} Zipping repo successful!" });
     const uploadRepoSpinner = createSpinner5("\u{1F4C1} Uploading Repo").start();
     try {
@@ -8675,9 +8822,9 @@ async function _scan(params, { skipPrompts = false } = {}) {
         }
       });
       if (command === "review") {
-        const params2 = z30.object({
-          repo: z30.string().url(),
-          githubActionToken: z30.string()
+        const params2 = z31.object({
+          repo: z31.string().url(),
+          githubActionToken: z31.string()
         }).parse({ repo, githubActionToken });
         const scm = await createScmLib(
           {
@@ -8699,7 +8846,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
               analysisId,
               gqlClient,
               scm,
-              scanner: z30.nativeEnum(SCANNERS).parse(scanner)
+              scanner: z31.nativeEnum(SCANNERS).parse(scanner)
             });
           },
           callbackStates: ["Finished" /* Finished */]
@@ -8717,6 +8864,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
         gqlClient,
         analysisId: reportUploadInfo.fixReportId,
         commitDirectly,
+        prId: pullRequest,
         createSpinner: createSpinner5
       });
     }
@@ -8823,7 +8971,8 @@ async function analyze({
   mobbProjectName,
   organizationId,
   autoPr,
-  commitDirectly
+  commitDirectly,
+  pullRequest
 }, { skipPrompts = false } = {}) {
   !ci && await showWelcomeMessage(skipPrompts);
   await runAnalysis(
@@ -8839,7 +8988,8 @@ async function analyze({
       organizationId,
       command: "analyze",
       autoPr,
-      commitDirectly
+      commitDirectly,
+      pullRequest
     },
     { skipPrompts }
   );
@@ -9082,7 +9232,7 @@ var scmTokenOption = {
 // src/args/validation.ts
 import chalk7 from "chalk";
 import path8 from "path";
-import { z as z31 } from "zod";
+import { z as z32 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
   repoUrl,
@@ -9099,11 +9249,11 @@ Example:
   )}`;
   throw new CliError(formattedErrorMessage);
 }
-var UrlZ = z31.string({
+var UrlZ = z32.string({
   invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
 });
 function validateOrganizationId(organizationId) {
-  const orgIdValidation = z31.string().uuid().nullish().safeParse(organizationId);
+  const orgIdValidation = z32.string().uuid().nullish().safeParse(organizationId);
   if (!orgIdValidation.success) {
     throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
   }
@@ -9150,14 +9300,19 @@ function analyzeBuilder(yargs2) {
   }).option("repo", repoOption).option("p", {
     alias: "src-path",
     describe: chalk8.bold(
-      "Path to the repository folder with the source code"
+      "Path to the repository folder with the source code; alternatively, you can specify the Fortify FPR file to extract source code out of it"
     ),
     type: "string"
   }).option("ref", refOption).option("ch", {
     alias: "commit-hash",
     describe: chalk8.bold("Hash of the commit"),
     type: "string"
-  }).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("org", organizationIdOptions).option("api-key", apiKeyOption).option("commit-hash", commitHashOption).option("auto-pr", autoPrOption).option("commit-directly", commitDirectlyOption).example(
+  }).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("org", organizationIdOptions).option("api-key", apiKeyOption).option("commit-hash", commitHashOption).option("auto-pr", autoPrOption).option("commit-directly", commitDirectlyOption).option("pull-request", {
+    alias: ["pr", "pr-number", "pr-id"],
+    describe: chalk8.bold("Number of the pull request"),
+    type: "number",
+    demandOption: false
+  }).example(
     "npx mobbdev@latest analyze -r https://github.com/WebGoat/WebGoat -f <your_vulnerability_report_path>",
     "analyze an existing repository"
   ).help();
@@ -9182,6 +9337,11 @@ Can't access ${chalk8.bold(argv.f)}`);
       "--commit-directly flag requires --auto-pr to be provided as well"
     );
   }
+  if (argv.pullRequest && !argv["commit-directly"]) {
+    throw new CliError(
+      "--pull-request flag requires --commit-directly to be provided as well"
+    );
+  }
   validateReportFileFormat(argv.f);
 }
 async function analyzeHandler(args) {
@@ -9210,7 +9370,7 @@ function reviewBuilder(yargs2) {
     type: "string",
     demandOption: true
   }).option("pull-request", {
-    alias: "pr",
+    alias: ["pr", "pr-number", "pr-id"],
     describe: chalk9.bold("Number of the pull request"),
     type: "number",
     demandOption: true

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.45",
+  "version": "1.0.47",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",
@@ -70,6 +70,7 @@
     "undici": "6.21.1",
     "uuid": "11.1.0",
     "ws": "8.18.0",
+    "xml2js": "0.6.2",
     "yargs": "17.7.2",
     "zod": "3.24.2"
   },
@@ -89,6 +90,7 @@
     "@types/tmp": "0.2.6",
     "@types/uuid": "10.0.0",
     "@types/ws": "8.5.14",
+    "@types/xml2js": "0.4.14",
     "@types/yargs": "17.0.33",
     "@typescript-eslint/eslint-plugin": "7.17.0",
     "@typescript-eslint/parser": "7.17.0",