mobbdev 1.0.60 → 1.0.63

package/dist/index.mjs

@@ -4,12 +4,10 @@ var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
 };
-var __publicField = (obj, key, value) => {
-  __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
-  return value;
-};
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
 
 // src/index.ts
+import Debug19 from "debug";
 import { hideBin } from "yargs/helpers";
 
 // src/types.ts
@@ -235,6 +233,7 @@ var Vulnerability_Report_Vendor_Enum = /* @__PURE__ */ ((Vulnerability_Report_Ve
   Vulnerability_Report_Vendor_Enum3["Checkmarx"] = "checkmarx";
   Vulnerability_Report_Vendor_Enum3["CheckmarxXml"] = "checkmarxXml";
   Vulnerability_Report_Vendor_Enum3["Codeql"] = "codeql";
+  Vulnerability_Report_Vendor_Enum3["Datadog"] = "datadog";
   Vulnerability_Report_Vendor_Enum3["Fortify"] = "fortify";
   Vulnerability_Report_Vendor_Enum3["Opengrep"] = "opengrep";
   Vulnerability_Report_Vendor_Enum3["Semgrep"] = "semgrep";
@@ -1593,7 +1592,8 @@ var SCANNERS = {
   Fortify: "fortify",
   Snyk: "snyk",
   Sonarqube: "sonarqube",
-  Semgrep: "semgrep"
+  Semgrep: "semgrep",
+  Datadog: "datadog"
 };
 var scannerToVulnerability_Report_Vendor_Enum = {
   [SCANNERS.Checkmarx]: "checkmarx" /* Checkmarx */,
@@ -1601,14 +1601,17 @@ var scannerToVulnerability_Report_Vendor_Enum = {
   [SCANNERS.Sonarqube]: "sonarqube" /* Sonarqube */,
   [SCANNERS.Codeql]: "codeql" /* Codeql */,
   [SCANNERS.Fortify]: "fortify" /* Fortify */,
-  [SCANNERS.Semgrep]: "semgrep" /* Semgrep */
+  [SCANNERS.Semgrep]: "semgrep" /* Semgrep */,
+  [SCANNERS.Datadog]: "datadog" /* Datadog */
 };
 var SupportedScannersZ = z8.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
 var envVariablesSchema = z8.object({
   WEB_APP_URL: z8.string(),
   API_URL: z8.string(),
   HASURA_ACCESS_KEY: z8.string(),
-  LOCAL_GRAPHQL_ENDPOINT: z8.string()
+  LOCAL_GRAPHQL_ENDPOINT: z8.string(),
+  HTTP_PROXY: z8.string().optional().default(""),
+  HTTPS_PROXY: z8.string().optional().default("")
 }).required();
 var envVariables = envVariablesSchema.parse(process.env);
 debug("config %o", envVariables);
@@ -1645,6 +1648,8 @@ var WEB_APP_URL = envVariables.WEB_APP_URL;
 var API_URL = envVariables.API_URL;
 var HASURA_ACCESS_KEY = envVariables.HASURA_ACCESS_KEY;
 var LOCAL_GRAPHQL_ENDPOINT = envVariables.LOCAL_GRAPHQL_ENDPOINT;
+var HTTPS_PROXY = envVariables.HTTPS_PROXY;
+var HTTP_PROXY = envVariables.HTTP_PROXY;
 var errorMessages = {
   missingCxProjectName: `project name ${chalk.bold(
     "(--cx-project-name)"
@@ -1717,8 +1722,7 @@ import {
   createSpinner as _createSpinner
 } from "nanospinner";
 function printToStdError(opts) {
-  if (opts?.text)
-    console.error(opts.text);
+  if (opts?.text) console.error(opts.text);
 }
 var mockSpinner = {
   success: (opts) => {
@@ -2090,8 +2094,7 @@ function capitalizeFirstLetter(str) {
   return str?.length ? str[0].toUpperCase() + str.slice(1) : "";
 }
 function lowercaseFirstLetter(str) {
-  if (!str)
-    return str;
+  if (!str) return str;
   return `${str.charAt(0).toLowerCase()}${str.slice(1)}`;
 }
 var severityToEmoji = {
@@ -3839,11 +3842,9 @@ var parseScmURL = (scmURL, scmType) => {
       hostname,
       scmType
     });
-    if (!repo)
-      return null;
+    if (!repo) return null;
     const { organization, repoName } = repo;
-    if (!organization || !repoName)
-      return null;
+    if (!organization || !repoName) return null;
     if (!organization.match(NAME_REGEX) || !repoName.match(NAME_REGEX))
       return null;
     const res = {
@@ -5659,6 +5660,7 @@ import {
   createRequesterFn
 } from "@gitbeaker/requester-utils";
 import {
+  AccessLevel,
   Gitlab
 } from "@gitbeaker/rest";
 import Debug4 from "debug";
@@ -5745,21 +5747,22 @@ async function getGitlabUsername(url, accessToken) {
   return res.username;
 }
 async function getGitlabIsUserCollaborator({
-  username,
   accessToken,
   repoUrl
 }) {
   try {
     const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
     const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
-    const res = await api2.Projects.show(projectPath);
-    const members = await api2.ProjectMembers.all(res.id, {
-      includeInherited: true
-    });
-    if (!username) {
-      return true;
-    }
-    return !!members.find((member) => member.username === username);
+    const proj = await api2.Projects.show(projectPath);
+    const groupAccess = proj.permissions?.group_access?.access_level || 0;
+    const projectAccess = proj.permissions?.project_access?.access_level || 0;
+    const accessLevelWithWriteAccess = [
+      AccessLevel.DEVELOPER,
+      AccessLevel.MAINTAINER,
+      AccessLevel.OWNER,
+      AccessLevel.ADMIN
+    ];
+    return accessLevelWithWriteAccess.includes(groupAccess) || accessLevelWithWriteAccess.includes(projectAccess);
   } catch (e) {
     return false;
   }
@@ -6004,8 +6007,7 @@ async function processBody(response) {
 async function brokerRequestHandler(endpoint, options) {
   const { prefixUrl, searchParams } = options || {};
   let baseUrl;
-  if (prefixUrl)
-    baseUrl = prefixUrl.endsWith("/") ? prefixUrl : `${prefixUrl}/`;
+  if (prefixUrl) baseUrl = prefixUrl.endsWith("/") ? prefixUrl : `${prefixUrl}/`;
   const url = new URL(endpoint, baseUrl);
   url.search = searchParams || "";
   const dispatcher = url && isBrokerUrl(url.href) ? new ProxyAgent({
@@ -6117,16 +6119,7 @@ var GitlabSCMLib = class extends SCMLib {
   }
   async getUserHasAccessToRepo() {
     this._validateAccessTokenAndUrl();
-    let username = void 0;
-    try {
-      username = await this.getUsername();
-    } catch (e) {
-      console.warn(
-        "could not get username. this is okay if a project token is used"
-      );
-    }
     return getGitlabIsUserCollaborator({
-      username,
       accessToken: this.accessToken,
       repoUrl: this.url
     });
@@ -7133,7 +7126,8 @@ var scannerToFriendlyString = {
   fortify: "Fortify",
   snyk: "Snyk",
   sonarqube: "Sonarqube",
-  semgrep: "Semgrep"
+  semgrep: "Semgrep",
+  datadog: "Datadog"
 };
 
 // src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
@@ -7415,32 +7409,6 @@ Refresh the page in order to see the changes.`,
     comment_id: commentId
   });
 }
-function buildAnalysisSummaryComment(params) {
-  const { prVulenrabilities: fixesFromDiff, fixesById } = params;
-  const { vulnerabilityReportIssueCodeNodes, fixablePrVuls } = fixesFromDiff;
-  const title = `# ${MobbIconMarkdown} ${fixablePrVuls} ${fixablePrVuls === 1 ? "fix is" : "fixes are"} ready to be committed`;
-  const summary = Object.entries(
-    // count every issue type
-    vulnerabilityReportIssueCodeNodes.reduce(
-      (result, vulnerabilityReportIssueCodeNode) => {
-        const { vulnerabilityReportIssue } = vulnerabilityReportIssueCodeNode;
-        const fix = fixesById[vulnerabilityReportIssue.fixId];
-        if (!fix) {
-          throw new Error(`fix ${vulnerabilityReportIssue.fixId} not found`);
-        }
-        const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
-        const vulnerabilityReportIssueCount = (result[issueType] || 0) + 1;
-        return {
-          ...result,
-          [issueType]: vulnerabilityReportIssueCount
-        };
-      },
-      {}
-    )
-  ).map(([issueType, issueTypeCount]) => `**${issueType}** - ${issueTypeCount}`);
-  return `${title}
-${summary.join("\n")}`;
-}
 async function getRelevantVulenrabilitiesFromDiff(params) {
   const { gqlClient, diff, vulnerabilityReportId } = params;
   const parsedDiff = parseDiff(diff);
@@ -7469,20 +7437,6 @@ async function getFixesData(params) {
   const { fixes } = await gqlClient.getFixes(fixesId);
   return keyBy(fixes, "id");
 }
-async function postAnalysisSummary(params) {
-  const { prVulenrabilities, fixesById, pullRequest, scm } = params;
-  if (Object.values(fixesById).length === 0) {
-    return;
-  }
-  const analysisSummaryComment = buildAnalysisSummaryComment({
-    fixesById,
-    prVulenrabilities
-  });
-  await scm.postGeneralPrComment({
-    body: analysisSummaryComment,
-    prNumber: pullRequest
-  });
-}
 async function postAnalysisInsightComment(params) {
   const { prVulenrabilities, pullRequest, scanner, scm } = params;
   const scanerString = scannerToFriendlyString[scanner];
@@ -7640,12 +7594,6 @@ async function addFixCommentsForPr({
       pullRequest,
       scanner,
       scm
-    }),
-    postAnalysisSummary({
-      fixesById,
-      prVulenrabilities,
-      pullRequest,
-      scm
     })
   ]);
 }
@@ -7745,21 +7693,32 @@ async function getGitInfo(srcDirPath) {
 }
 
 // src/features/analysis/graphql/gql.ts
+import fetchOrig from "cross-fetch";
 import Debug11 from "debug";
 import { GraphQLClient } from "graphql-request";
+import { HttpProxyAgent as HttpProxyAgent2 } from "http-proxy-agent";
+import { HttpsProxyAgent as HttpsProxyAgent2 } from "https-proxy-agent";
 import { v4 as uuidv4 } from "uuid";
 
 // src/features/analysis/graphql/subscribe.ts
 import { createClient } from "graphql-ws";
+import { HttpProxyAgent } from "http-proxy-agent";
+import { HttpsProxyAgent } from "https-proxy-agent";
 import WebSocket from "ws";
 var SUBSCRIPTION_TIMEOUT_MS = 30 * 60 * 1e3;
 function createWSClient(options) {
+  const proxy = options.url.startsWith("https://") && process.env["HTTPS_PROXY"] ? new HttpsProxyAgent(process.env["HTTPS_PROXY"]) : options.url.startsWith("http://") && process.env["HTTP_PROXY"] ? new HttpProxyAgent(process.env["HTTP_PROXY"]) : null;
+  const CustomWebSocket = class extends WebSocket {
+    constructor(address, protocols) {
+      super(address, protocols, proxy ? { agent: proxy } : void 0);
+    }
+  };
   return createClient({
     //this is needed to prevent AWS from killing the connection
     //currently our load balancer has a 29s idle timeout
     keepAlive: 1e4,
     url: options.url,
-    webSocketImpl: options.websocket || WebSocket,
+    webSocketImpl: proxy ? CustomWebSocket : options.websocket || WebSocket,
     connectionParams: () => {
       return {
         headers: options.type === "apiKey" ? {
@@ -7896,6 +7855,25 @@ var GetVulByNodesMetadataZ = z27.object({
 var debug11 = Debug11("mobbdev:gql");
 var API_KEY_HEADER_NAME = "x-mobb-key";
 var REPORT_STATE_CHECK_DELAY = 5 * 1e3;
+var fetchWithProxy = (url, options = {}) => {
+  try {
+    const parsedUrl = new URL(url.toString());
+    const isHttp = parsedUrl.protocol === "http:";
+    const isHttps = parsedUrl.protocol === "https:";
+    const proxy = isHttps ? HTTPS_PROXY : isHttp ? HTTP_PROXY : null;
+    if (proxy) {
+      const agent = isHttps ? new HttpsProxyAgent2(proxy) : new HttpProxyAgent2(proxy);
+      return fetchOrig(url, {
+        ...options,
+        // @ts-expect-error Node-fetch doesn't type 'agent', but it's valid
+        agent
+      });
+    }
+  } catch (err) {
+    debug11(`Skipping proxy for ${url}. Reason: ${err.message}`);
+  }
+  return fetchOrig(url, options);
+};
 var GQLClient = class {
   constructor(args) {
     __publicField(this, "_client");
@@ -7907,6 +7885,7 @@ var GQLClient = class {
       headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME]: args.apiKey || "" } : {
         Authorization: `Bearer ${args.token}`
       },
+      fetch: fetchWithProxy,
       requestMiddleware: (request) => {
         const requestId = uuidv4();
         debug11(
@@ -7934,6 +7913,17 @@ var GQLClient = class {
     });
     return res.insert_cli_login_one?.id || "";
   }
+  async verifyConnection() {
+    try {
+      await this.getUserInfo();
+    } catch (e) {
+      if (e?.toString().startsWith("FetchError")) {
+        debug11("verify connection failed %o", e);
+        return false;
+      }
+    }
+    return true;
+  }
   async verifyToken() {
     await this.createCommunityUser();
     let info;
@@ -8089,7 +8079,7 @@ var GQLClient = class {
       projectId,
       pullRequest,
       sha: sha || "",
-      experimentalEnabled,
+      experimentalEnabled: !!experimentalEnabled,
       scanSource: params.scanSource
     });
   }
@@ -8381,16 +8371,16 @@ function createSpwan({ args, processPath, name }, options) {
   return createChildProcess({ childProcess: child, name }, options);
 }
 function createChildProcess({ childProcess, name }, options) {
-  const debug18 = Debug13(`mobbdev:${name}`);
+  const debug19 = Debug13(`mobbdev:${name}`);
   const { display } = options;
   return new Promise((resolve, reject) => {
     let out = "";
     const onData = (chunk) => {
-      debug18(`chunk received from ${name} std ${chunk}`);
+      debug19(`chunk received from ${name} std ${chunk}`);
       out += chunk;
     };
     if (!childProcess || !childProcess?.stdout || !childProcess?.stderr) {
-      debug18(`unable to fork ${name}`);
+      debug19(`unable to fork ${name}`);
       reject(new Error(`unable to fork ${name}`));
     }
     childProcess.stdout?.on("data", onData);
@@ -8400,11 +8390,11 @@ function createChildProcess({ childProcess, name }, options) {
       childProcess.stderr?.pipe(process2.stderr);
     }
     childProcess.on("exit", (code) => {
-      debug18(`${name} exit code ${code}`);
+      debug19(`${name} exit code ${code}`);
       resolve({ message: out, code });
     });
     childProcess.on("error", (err) => {
-      debug18(`${name} error %o`, err);
+      debug19(`${name} error %o`, err);
       reject(err);
     });
   });
@@ -8630,8 +8620,7 @@ async function uploadFile({
 // src/features/analysis/index.ts
 var { CliError: CliError2, Spinner: Spinner2 } = utils_exports;
 function _getScanSource(command, ci) {
-  if (command === "review")
-    return "AUTO_FIXER" /* AutoFixer */;
+  if (command === "review") return "AUTO_FIXER" /* AutoFixer */;
   const envToCi = [
     ["GITLAB_CI", "CI_GITLAB" /* CiGitlab */],
     ["GITHUB_ACTIONS", "CI_GITHUB" /* CiGithub */],
@@ -8960,7 +8949,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
       projectId,
       vulnerabilityReportFileName: "report.json",
       sha,
-      experimentalEnabled,
+      experimentalEnabled: !!experimentalEnabled,
       pullRequest: params.pullRequest,
       scanSource: _getScanSource(command, ci)
     }
@@ -9115,7 +9104,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
           reference: ref || gitInfo.reference || "no-branch",
           sha: commitHash || gitInfo.hash || "0123456789abcdef",
           scanSource: _getScanSource(command, ci),
-          pullRequest: params.pullRequest
+          pullRequest: params.pullRequest,
+          experimentalEnabled: !!experimentalEnabled
         }
       });
       if (command === "review") {
@@ -9377,6 +9367,18 @@ async function handleMobbLogin({
   skipPrompts
 }) {
   const { createSpinner: createSpinner5 } = Spinner({ ci: skipPrompts });
+  const isConnected = await inGqlClient.verifyConnection();
+  if (!isConnected) {
+    createSpinner5().start().error({
+      text: "\u{1F513} Connection to Mobb: failed to connect to the Mobb server"
+    });
+    throw new CliError(
+      "Connection to Mobb: failed to connect to the Mobb server"
+    );
+  }
+  createSpinner5().start().success({
+    text: `\u{1F513} Connection to Mobb: succeeded`
+  });
   const userVerify = await inGqlClient.verifyToken();
   if (userVerify) {
     createSpinner5().start().success({
@@ -9608,7 +9610,7 @@ function analyzeBuilder(yargs2) {
     demandOption: true,
     type: "string",
     describe: chalk8.bold(
-      "Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL, Sonarqube, Semgrep)"
+      "Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL, Sonarqube, Semgrep, Datadog)"
     )
   }).option("repo", repoOption).option("p", {
     alias: "src-path",
@@ -9828,11 +9830,13 @@ var parseArgs = async (args) => {
 };
 
 // src/index.ts
+var debug18 = Debug19("mobbdev:index");
 async function run() {
   return parseArgs(hideBin(process.argv));
 }
 (async () => {
   try {
+    debug18("Bugsy CLI v%s running...", packageJson.version);
     await run();
     process.exit(0);
   } catch (err) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.60",
+  "version": "1.0.63",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",
@@ -17,6 +17,7 @@
     "test:coverage": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest run --coverage",
     "test:watch": "TOKEN=$(../../scripts/login_auth0.sh) vitest",
     "test:integration": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest watch integration.test",
+    "test:integration:proxy": "GIT_PROXY_HOST=http://tinyproxy:8888 HTTP_PROXY=http://localhost:8888 API_URL=http://app-api:8080/v1/graphql TOKEN=$(../../scripts/login_auth0.sh) vitest run integration.test.ts",
     "lint": "eslint --cache --max-warnings 0 --ignore-path .eslintignore --ext .ts,.tsx,.jsx .",
     "lint:fix": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx .",
     "lint:fix:files": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx",
@@ -30,21 +31,22 @@
   "author": "",
   "license": "MIT",
   "dependencies": {
-    "@gitbeaker/core": "42.1.0",
-    "@gitbeaker/requester-utils": "42.1.0",
-    "@gitbeaker/rest": "42.1.0",
+    "@gitbeaker/core": "42.2.0",
+    "@gitbeaker/requester-utils": "42.2.0",
+    "@gitbeaker/rest": "42.2.0",
     "@octokit/core": "5.2.0",
     "@octokit/graphql": "5.0.6",
     "@octokit/plugin-rest-endpoint-methods": "7.2.3",
     "@octokit/request-error": "5.1.1",
     "@types/libsodium-wrappers": "0.7.14",
     "adm-zip": "0.5.16",
-    "axios": "1.8.2",
+    "axios": "1.8.4",
     "azure-devops-node-api": "12.1.0",
     "bitbucket": "2.11.0",
     "chalk": "5.4.1",
     "chalk-animation": "2.0.3",
     "configstore": "6.0.0",
+    "cross-fetch": "4.1.0",
     "debug": "4.4.0",
     "dotenv": "16.4.7",
     "extract-zip": "2.0.1",
@@ -53,6 +55,8 @@
     "graphql-request": "6.1.0",
     "graphql-tag": "2.12.6",
     "graphql-ws": "5.16.2",
+    "http-proxy-agent": "7.0.2",
+    "https-proxy-agent": "7.0.6",
     "inquirer": "9.2.23",
     "isomorphic-ws": "5.0.0",
     "istextorbinary": "6.0.0",
@@ -64,48 +68,48 @@
     "parse-diff": "0.11.1",
     "semver": "7.7.1",
     "simple-git": "3.27.0",
-    "snyk": "1.1295.3",
+    "snyk": "1.1296.1",
     "supports-color": "10.0.0",
     "tar": "6.2.1",
     "tmp": "0.2.3",
     "undici": "6.21.1",
     "uuid": "11.1.0",
-    "ws": "8.18.0",
+    "ws": "8.18.1",
     "xml2js": "0.6.2",
     "yargs": "17.7.2",
     "zod": "3.24.2"
   },
   "devDependencies": {
     "@graphql-codegen/cli": "5.0.5",
-    "@graphql-codegen/typescript": "4.1.4",
+    "@graphql-codegen/typescript": "4.1.6",
     "@graphql-codegen/typescript-graphql-request": "6.2.0",
-    "@graphql-codegen/typescript-operations": "4.5.0",
-    "@octokit/types": "13.8.0",
+    "@graphql-codegen/typescript-operations": "4.6.0",
+    "@octokit/types": "13.10.0",
     "@types/adm-zip": "0.5.7",
     "@types/chalk-animation": "1.6.3",
     "@types/configstore": "6.0.2",
     "@types/debug": "4.1.12",
     "@types/inquirer": "9.0.7",
-    "@types/semver": "7.5.8",
+    "@types/semver": "7.7.0",
     "@types/tar": "6.1.13",
     "@types/tmp": "0.2.6",
     "@types/uuid": "10.0.0",
-    "@types/ws": "8.5.14",
+    "@types/ws": "8.18.1",
     "@types/xml2js": "0.4.14",
     "@types/yargs": "17.0.33",
     "@typescript-eslint/eslint-plugin": "7.17.0",
     "@typescript-eslint/parser": "7.17.0",
-    "@vitest/coverage-istanbul": "3.0.6",
-    "@vitest/ui": "3.0.6",
+    "@vitest/coverage-istanbul": "3.1.1",
+    "@vitest/ui": "3.1.1",
     "eslint": "8.57.0",
     "eslint-plugin-import": "2.31.0",
-    "eslint-plugin-prettier": "5.2.3",
+    "eslint-plugin-prettier": "5.2.6",
     "eslint-plugin-simple-import-sort": "10.0.0",
-    "nock": "14.0.1",
-    "prettier": "3.5.1",
-    "tsup": "7.2.0",
+    "nock": "14.0.3",
+    "prettier": "3.5.3",
+    "tsup": "8.4.0",
     "typescript": "4.9.5",
-    "vitest": "3.0.6"
+    "vitest": "3.1.1"
   },
   "engines": {
     "node": ">=18.20.4"