npm - mobbdev - Versions diffs - 1.0.61 → 1.0.64 - Mend

mobbdev 1.0.61 → 1.0.64

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +97 -78
package/package.json +5 -1

package/dist/index.mjs CHANGED Viewed

@@ -7,6 +7,7 @@ var __export = (target, all) => {
 var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
 // src/index.ts
+import Debug19 from "debug";
 import { hideBin } from "yargs/helpers";
 // src/types.ts
@@ -53,6 +54,7 @@ var Language = /* @__PURE__ */ ((Language2) => {
   Language2["Python"] = "PYTHON";
   Language2["Sql"] = "SQL";
   Language2["Xml"] = "XML";
+  Language2["Yaml"] = "YAML";
   return Language2;
 })(Language || {});
 var ManifestAction = /* @__PURE__ */ ((ManifestAction2) => {
@@ -104,6 +106,7 @@ var IssueLanguage_Enum = /* @__PURE__ */ ((IssueLanguage_Enum2) => {
   IssueLanguage_Enum2["Python"] = "Python";
   IssueLanguage_Enum2["Sql"] = "SQL";
   IssueLanguage_Enum2["Xml"] = "XML";
+  IssueLanguage_Enum2["Yaml"] = "YAML";
   return IssueLanguage_Enum2;
 })(IssueLanguage_Enum || {});
 var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
@@ -124,6 +127,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["ErroneousStringCompare"] = "ERRONEOUS_STRING_COMPARE";
   IssueType_Enum2["ErrorCondtionWithoutAction"] = "ERROR_CONDTION_WITHOUT_ACTION";
   IssueType_Enum2["FrameableLoginPage"] = "FRAMEABLE_LOGIN_PAGE";
+  IssueType_Enum2["GhActionsShellInjection"] = "GH_ACTIONS_SHELL_INJECTION";
   IssueType_Enum2["GraphqlDepthLimit"] = "GRAPHQL_DEPTH_LIMIT";
   IssueType_Enum2["HardcodedDomainInHtml"] = "HARDCODED_DOMAIN_IN_HTML";
   IssueType_Enum2["HardcodedSecrets"] = "HARDCODED_SECRETS";
@@ -232,6 +236,7 @@ var Vulnerability_Report_Vendor_Enum = /* @__PURE__ */ ((Vulnerability_Report_Ve
   Vulnerability_Report_Vendor_Enum3["Checkmarx"] = "checkmarx";
   Vulnerability_Report_Vendor_Enum3["CheckmarxXml"] = "checkmarxXml";
   Vulnerability_Report_Vendor_Enum3["Codeql"] = "codeql";
+  Vulnerability_Report_Vendor_Enum3["Datadog"] = "datadog";
   Vulnerability_Report_Vendor_Enum3["Fortify"] = "fortify";
   Vulnerability_Report_Vendor_Enum3["Opengrep"] = "opengrep";
   Vulnerability_Report_Vendor_Enum3["Semgrep"] = "semgrep";
@@ -1138,7 +1143,8 @@ var issueTypeMap = {
   ["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: "Missing SSL MinVersion",
   ["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: "Missing Websocket Origin Check",
   ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: "String Literals Should not Be Duplicated",
-  ["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: "Insecure UUID Version"
+  ["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: "Insecure UUID Version",
+  ["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: "GitHub Actions Shell Injection"
 };
 var issueTypeZ = z5.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -1590,7 +1596,8 @@ var SCANNERS = {
   Fortify: "fortify",
   Snyk: "snyk",
   Sonarqube: "sonarqube",
-  Semgrep: "semgrep"
+  Semgrep: "semgrep",
+  Datadog: "datadog"
 };
 var scannerToVulnerability_Report_Vendor_Enum = {
   [SCANNERS.Checkmarx]: "checkmarx" /* Checkmarx */,
@@ -1598,14 +1605,17 @@ var scannerToVulnerability_Report_Vendor_Enum = {
   [SCANNERS.Sonarqube]: "sonarqube" /* Sonarqube */,
   [SCANNERS.Codeql]: "codeql" /* Codeql */,
   [SCANNERS.Fortify]: "fortify" /* Fortify */,
-  [SCANNERS.Semgrep]: "semgrep" /* Semgrep */
+  [SCANNERS.Semgrep]: "semgrep" /* Semgrep */,
+  [SCANNERS.Datadog]: "datadog" /* Datadog */
 };
 var SupportedScannersZ = z8.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
 var envVariablesSchema = z8.object({
   WEB_APP_URL: z8.string(),
   API_URL: z8.string(),
   HASURA_ACCESS_KEY: z8.string(),
-  LOCAL_GRAPHQL_ENDPOINT: z8.string()
+  LOCAL_GRAPHQL_ENDPOINT: z8.string(),
+  HTTP_PROXY: z8.string().optional().default(""),
+  HTTPS_PROXY: z8.string().optional().default("")
 }).required();
 var envVariables = envVariablesSchema.parse(process.env);
 debug("config %o", envVariables);
@@ -1642,6 +1652,8 @@ var WEB_APP_URL = envVariables.WEB_APP_URL;
 var API_URL = envVariables.API_URL;
 var HASURA_ACCESS_KEY = envVariables.HASURA_ACCESS_KEY;
 var LOCAL_GRAPHQL_ENDPOINT = envVariables.LOCAL_GRAPHQL_ENDPOINT;
+var HTTPS_PROXY = envVariables.HTTPS_PROXY;
+var HTTP_PROXY = envVariables.HTTP_PROXY;
 var errorMessages = {
   missingCxProjectName: `project name ${chalk.bold(
     "(--cx-project-name)"
@@ -2078,7 +2090,8 @@ var fixDetailsData = {
   ["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: void 0,
   ["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: void 0,
   ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: void 0,
-  ["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: void 0
+  ["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: void 0,
+  ["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: void 0
 };
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -5745,13 +5758,16 @@ async function getGitlabIsUserCollaborator({
   try {
     const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
     const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
-    const res = await api2.Projects.show(projectPath);
-    const groupAccess = res.permissions?.group_access?.access_level || 0;
-    const projectAccess = res.permissions?.project_access?.access_level || 0;
-    if (groupAccess >= AccessLevel.DEVELOPER || projectAccess >= AccessLevel.DEVELOPER) {
-      return true;
-    }
-    return false;
+    const proj = await api2.Projects.show(projectPath);
+    const groupAccess = proj.permissions?.group_access?.access_level || 0;
+    const projectAccess = proj.permissions?.project_access?.access_level || 0;
+    const accessLevelWithWriteAccess = [
+      AccessLevel.DEVELOPER,
+      AccessLevel.MAINTAINER,
+      AccessLevel.OWNER,
+      AccessLevel.ADMIN
+    ];
+    return accessLevelWithWriteAccess.includes(groupAccess) || accessLevelWithWriteAccess.includes(projectAccess);
   } catch (e) {
     return false;
   }
@@ -6108,16 +6124,7 @@ var GitlabSCMLib = class extends SCMLib {
   }
   async getUserHasAccessToRepo() {
     this._validateAccessTokenAndUrl();
-    let username = void 0;
-    try {
-      username = await this.getUsername();
-    } catch (e) {
-      console.warn(
-        "could not get username. this is okay if a project token is used"
-      );
-    }
     return getGitlabIsUserCollaborator({
-      username,
       accessToken: this.accessToken,
       repoUrl: this.url
     });
@@ -7124,7 +7131,8 @@ var scannerToFriendlyString = {
   fortify: "Fortify",
   snyk: "Snyk",
   sonarqube: "Sonarqube",
-  semgrep: "Semgrep"
+  semgrep: "Semgrep",
+  datadog: "Datadog"
 };
 // src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
@@ -7406,32 +7414,6 @@ Refresh the page in order to see the changes.`,
     comment_id: commentId
   });
 }
-function buildAnalysisSummaryComment(params) {
-  const { prVulenrabilities: fixesFromDiff, fixesById } = params;
-  const { vulnerabilityReportIssueCodeNodes, fixablePrVuls } = fixesFromDiff;
-  const title = `# ${MobbIconMarkdown} ${fixablePrVuls} ${fixablePrVuls === 1 ? "fix is" : "fixes are"} ready to be committed`;
-  const summary = Object.entries(
-    // count every issue type
-    vulnerabilityReportIssueCodeNodes.reduce(
-      (result, vulnerabilityReportIssueCodeNode) => {
-        const { vulnerabilityReportIssue } = vulnerabilityReportIssueCodeNode;
-        const fix = fixesById[vulnerabilityReportIssue.fixId];
-        if (!fix) {
-          throw new Error(`fix ${vulnerabilityReportIssue.fixId} not found`);
-        }
-        const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
-        const vulnerabilityReportIssueCount = (result[issueType] || 0) + 1;
-        return {
-          ...result,
-          [issueType]: vulnerabilityReportIssueCount
-        };
-      },
-      {}
-    )
-  ).map(([issueType, issueTypeCount]) => `**${issueType}** - ${issueTypeCount}`);
-  return `${title}
-${summary.join("\n")}`;
-}
 async function getRelevantVulenrabilitiesFromDiff(params) {
   const { gqlClient, diff, vulnerabilityReportId } = params;
   const parsedDiff = parseDiff(diff);
@@ -7460,20 +7442,6 @@ async function getFixesData(params) {
   const { fixes } = await gqlClient.getFixes(fixesId);
   return keyBy(fixes, "id");
 }
-async function postAnalysisSummary(params) {
-  const { prVulenrabilities, fixesById, pullRequest, scm } = params;
-  if (Object.values(fixesById).length === 0) {
-    return;
-  }
-  const analysisSummaryComment = buildAnalysisSummaryComment({
-    fixesById,
-    prVulenrabilities
-  });
-  await scm.postGeneralPrComment({
-    body: analysisSummaryComment,
-    prNumber: pullRequest
-  });
-}
 async function postAnalysisInsightComment(params) {
   const { prVulenrabilities, pullRequest, scanner, scm } = params;
   const scanerString = scannerToFriendlyString[scanner];
@@ -7631,12 +7599,6 @@ async function addFixCommentsForPr({
       pullRequest,
       scanner,
       scm
-    }),
-    postAnalysisSummary({
-      fixesById,
-      prVulenrabilities,
-      pullRequest,
-      scm
     })
   ]);
 }
@@ -7736,21 +7698,32 @@ async function getGitInfo(srcDirPath) {
 }
 // src/features/analysis/graphql/gql.ts
+import fetchOrig from "cross-fetch";
 import Debug11 from "debug";
 import { GraphQLClient } from "graphql-request";
+import { HttpProxyAgent as HttpProxyAgent2 } from "http-proxy-agent";
+import { HttpsProxyAgent as HttpsProxyAgent2 } from "https-proxy-agent";
 import { v4 as uuidv4 } from "uuid";
 // src/features/analysis/graphql/subscribe.ts
 import { createClient } from "graphql-ws";
+import { HttpProxyAgent } from "http-proxy-agent";
+import { HttpsProxyAgent } from "https-proxy-agent";
 import WebSocket from "ws";
 var SUBSCRIPTION_TIMEOUT_MS = 30 * 60 * 1e3;
 function createWSClient(options) {
+  const proxy = options.url.startsWith("https://") && process.env["HTTPS_PROXY"] ? new HttpsProxyAgent(process.env["HTTPS_PROXY"]) : options.url.startsWith("http://") && process.env["HTTP_PROXY"] ? new HttpProxyAgent(process.env["HTTP_PROXY"]) : null;
+  const CustomWebSocket = class extends WebSocket {
+    constructor(address, protocols) {
+      super(address, protocols, proxy ? { agent: proxy } : void 0);
+    }
+  };
   return createClient({
     //this is needed to prevent AWS from killing the connection
     //currently our load balancer has a 29s idle timeout
     keepAlive: 1e4,
     url: options.url,
-    webSocketImpl: options.websocket || WebSocket,
+    webSocketImpl: proxy ? CustomWebSocket : options.websocket || WebSocket,
     connectionParams: () => {
       return {
         headers: options.type === "apiKey" ? {
@@ -7887,6 +7860,25 @@ var GetVulByNodesMetadataZ = z27.object({
 var debug11 = Debug11("mobbdev:gql");
 var API_KEY_HEADER_NAME = "x-mobb-key";
 var REPORT_STATE_CHECK_DELAY = 5 * 1e3;
+var fetchWithProxy = (url, options = {}) => {
+  try {
+    const parsedUrl = new URL(url.toString());
+    const isHttp = parsedUrl.protocol === "http:";
+    const isHttps = parsedUrl.protocol === "https:";
+    const proxy = isHttps ? HTTPS_PROXY : isHttp ? HTTP_PROXY : null;
+    if (proxy) {
+      const agent = isHttps ? new HttpsProxyAgent2(proxy) : new HttpProxyAgent2(proxy);
+      return fetchOrig(url, {
+        ...options,
+        // @ts-expect-error Node-fetch doesn't type 'agent', but it's valid
+        agent
+      });
+    }
+  } catch (err) {
+    debug11(`Skipping proxy for ${url}. Reason: ${err.message}`);
+  }
+  return fetchOrig(url, options);
+};
 var GQLClient = class {
   constructor(args) {
     __publicField(this, "_client");
@@ -7898,6 +7890,7 @@ var GQLClient = class {
       headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME]: args.apiKey || "" } : {
         Authorization: `Bearer ${args.token}`
       },
+      fetch: fetchWithProxy,
       requestMiddleware: (request) => {
         const requestId = uuidv4();
         debug11(
@@ -7925,6 +7918,17 @@ var GQLClient = class {
     });
     return res.insert_cli_login_one?.id || "";
   }
+  async verifyConnection() {
+    try {
+      await this.getUserInfo();
+    } catch (e) {
+      if (e?.toString().startsWith("FetchError")) {
+        debug11("verify connection failed %o", e);
+        return false;
+      }
+    }
+    return true;
+  }
   async verifyToken() {
     await this.createCommunityUser();
     let info;
@@ -8080,7 +8084,7 @@ var GQLClient = class {
       projectId,
       pullRequest,
       sha: sha || "",
-      experimentalEnabled,
+      experimentalEnabled: !!experimentalEnabled,
       scanSource: params.scanSource
     });
   }
@@ -8372,16 +8376,16 @@ function createSpwan({ args, processPath, name }, options) {
   return createChildProcess({ childProcess: child, name }, options);
 }
 function createChildProcess({ childProcess, name }, options) {
-  const debug18 = Debug13(`mobbdev:${name}`);
+  const debug19 = Debug13(`mobbdev:${name}`);
   const { display } = options;
   return new Promise((resolve, reject) => {
     let out = "";
     const onData = (chunk) => {
-      debug18(`chunk received from ${name} std ${chunk}`);
+      debug19(`chunk received from ${name} std ${chunk}`);
       out += chunk;
     };
     if (!childProcess || !childProcess?.stdout || !childProcess?.stderr) {
-      debug18(`unable to fork ${name}`);
+      debug19(`unable to fork ${name}`);
       reject(new Error(`unable to fork ${name}`));
     }
     childProcess.stdout?.on("data", onData);
@@ -8391,11 +8395,11 @@ function createChildProcess({ childProcess, name }, options) {
       childProcess.stderr?.pipe(process2.stderr);
     }
     childProcess.on("exit", (code) => {
-      debug18(`${name} exit code ${code}`);
+      debug19(`${name} exit code ${code}`);
       resolve({ message: out, code });
     });
     childProcess.on("error", (err) => {
-      debug18(`${name} error %o`, err);
+      debug19(`${name} error %o`, err);
       reject(err);
     });
   });
@@ -8950,7 +8954,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
       projectId,
       vulnerabilityReportFileName: "report.json",
       sha,
-      experimentalEnabled,
+      experimentalEnabled: !!experimentalEnabled,
       pullRequest: params.pullRequest,
       scanSource: _getScanSource(command, ci)
     }
@@ -9105,7 +9109,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
           reference: ref || gitInfo.reference || "no-branch",
           sha: commitHash || gitInfo.hash || "0123456789abcdef",
           scanSource: _getScanSource(command, ci),
-          pullRequest: params.pullRequest
+          pullRequest: params.pullRequest,
+          experimentalEnabled: !!experimentalEnabled
         }
       });
       if (command === "review") {
@@ -9367,6 +9372,18 @@ async function handleMobbLogin({
   skipPrompts
 }) {
   const { createSpinner: createSpinner5 } = Spinner({ ci: skipPrompts });
+  const isConnected = await inGqlClient.verifyConnection();
+  if (!isConnected) {
+    createSpinner5().start().error({
+      text: "\u{1F513} Connection to Mobb: failed to connect to the Mobb server"
+    });
+    throw new CliError(
+      "Connection to Mobb: failed to connect to the Mobb server"
+    );
+  }
+  createSpinner5().start().success({
+    text: `\u{1F513} Connection to Mobb: succeeded`
+  });
   const userVerify = await inGqlClient.verifyToken();
   if (userVerify) {
     createSpinner5().start().success({
@@ -9598,7 +9615,7 @@ function analyzeBuilder(yargs2) {
     demandOption: true,
     type: "string",
     describe: chalk8.bold(
-      "Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL, Sonarqube, Semgrep)"
+      "Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL, Sonarqube, Semgrep, Datadog)"
     )
   }).option("repo", repoOption).option("p", {
     alias: "src-path",
@@ -9818,11 +9835,13 @@ var parseArgs = async (args) => {
 };
 // src/index.ts
+var debug18 = Debug19("mobbdev:index");
 async function run() {
   return parseArgs(hideBin(process.argv));
 }
 (async () => {
   try {
+    debug18("Bugsy CLI v%s running...", packageJson.version);
     await run();
     process.exit(0);
   } catch (err) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.61",
+  "version": "1.0.64",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",
@@ -17,6 +17,7 @@
     "test:coverage": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest run --coverage",
     "test:watch": "TOKEN=$(../../scripts/login_auth0.sh) vitest",
     "test:integration": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest watch integration.test",
+    "test:integration:proxy": "GIT_PROXY_HOST=http://tinyproxy:8888 HTTP_PROXY=http://localhost:8888 API_URL=http://app-api:8080/v1/graphql TOKEN=$(../../scripts/login_auth0.sh) vitest run integration.test.ts",
     "lint": "eslint --cache --max-warnings 0 --ignore-path .eslintignore --ext .ts,.tsx,.jsx .",
     "lint:fix": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx .",
     "lint:fix:files": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx",
@@ -45,6 +46,7 @@
     "chalk": "5.4.1",
     "chalk-animation": "2.0.3",
     "configstore": "6.0.0",
+    "cross-fetch": "4.1.0",
     "debug": "4.4.0",
     "dotenv": "16.4.7",
     "extract-zip": "2.0.1",
@@ -53,6 +55,8 @@
     "graphql-request": "6.1.0",
     "graphql-tag": "2.12.6",
     "graphql-ws": "5.16.2",
+    "http-proxy-agent": "7.0.2",
+    "https-proxy-agent": "7.0.6",
     "inquirer": "9.2.23",
     "isomorphic-ws": "5.0.0",
     "istextorbinary": "6.0.0",