npm - mobbdev - Versions diffs - 1.0.83 → 1.0.84 - Mend

mobbdev 1.0.83 → 1.0.84

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +150 -82
package/package.json +1 -2

package/dist/index.mjs CHANGED Viewed

@@ -761,12 +761,15 @@ var UploadS3BucketInfoDocument = `
 }
     `;
 var DigestVulnerabilityReportDocument = `
-    mutation DigestVulnerabilityReport($vulnerabilityReportFileName: String!, $fixReportId: String!, $projectId: String!, $scanSource: String!) {
+    mutation DigestVulnerabilityReport($vulnerabilityReportFileName: String, $fixReportId: String!, $projectId: String!, $scanSource: String!, $repoUrl: String, $reference: String, $sha: String) {
   digestVulnerabilityReport(
     fixReportId: $fixReportId
     vulnerabilityReportFileName: $vulnerabilityReportFileName
     projectId: $projectId
     scanSource: $scanSource
+    repoUrl: $repoUrl
+    reference: $reference
+    sha: $sha
   ) {
     __typename
     ... on VulnerabilityReport {
@@ -1188,6 +1191,10 @@ var ValidCategoriesZ = z4.union([
   z4.literal(CATEGORY.FalsePositive),
   z4.literal(CATEGORY.Fixable)
 ]);
+var VulnerabilityReportIssueSharedStateZ = z4.object({
+  id: z4.string().uuid(),
+  isArchived: z4.boolean()
+}).nullish();
 var BaseIssuePartsZ = z4.object({
   id: z4.string().uuid(),
   safeIssueType: z4.string(),
@@ -1239,7 +1246,8 @@ var BaseIssuePartsZ = z4.object({
       const codeDiff = await fetch(url).then((res) => res.text());
       return { codeDiff };
     })
-  }).nullish()
+  }).nullish(),
+  sharedState: VulnerabilityReportIssueSharedStateZ
 });
 var FalsePositivePartsZ = z4.object({
   extraContext: z4.array(z4.object({ key: z4.string(), value: z4.string() })),
@@ -1695,7 +1703,8 @@ var VulnerabilityReportIssueZ = z7.object({
     z7.object({
       vulnerability_report_issue_tag_value: z7.string()
     })
-  )
+  ),
+  sharedState: VulnerabilityReportIssueSharedStateZ
 });
 var GetReportIssuesQueryZ = z7.object({
   fixReport: z7.object({
@@ -5664,6 +5673,7 @@ var BitbucketSCMLib = class extends SCMLib {
 // src/features/analysis/scm/constants.ts
 var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
 var MAX_BRANCHES_FETCH = 1e3;
+var REPORT_DEFAULT_FILE_NAME = "report.json";
 // src/features/analysis/scm/github/GithubSCMLib.ts
 import { z as z21 } from "zod";
@@ -8664,7 +8674,7 @@ var GQLClient = class {
   }
   async uploadS3BucketInfo() {
     const uploadS3BucketInfoResult = await this._clientSdk.uploadS3BucketInfo({
-      fileName: "report.json"
+      fileName: REPORT_DEFAULT_FILE_NAME
     });
     return uploadS3BucketInfoResult;
   }
@@ -8721,13 +8731,20 @@ var GQLClient = class {
   async digestVulnerabilityReport({
     fixReportId,
     projectId,
-    scanSource
+    scanSource,
+    repoUrl,
+    reference,
+    sha,
+    shouldScan
   }) {
     const res = await this._clientSdk.DigestVulnerabilityReport({
       fixReportId,
-      vulnerabilityReportFileName: "report.json",
+      vulnerabilityReportFileName: shouldScan ? void 0 : REPORT_DEFAULT_FILE_NAME,
       projectId,
-      scanSource
+      scanSource,
+      repoUrl,
+      reference,
+      sha
     });
     if (res.digestVulnerabilityReport.__typename !== "VulnerabilityReport") {
       throw new Error("Digesting vulnerability report failed");
@@ -8883,7 +8900,7 @@ function endsWithAny(str, suffixes) {
 function _get_manifest_files_suffixes() {
   return ["package.json", "pom.xml"];
 }
-async function pack(srcDirPath, vulnFiles) {
+async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
   debug13("pack folder %s", srcDirPath);
   let git = void 0;
   try {
@@ -8920,13 +8937,15 @@ async function pack(srcDirPath, vulnFiles) {
   debug13("compressing files");
   for (const filepath of filepaths) {
     const absFilepath = path5.join(srcDirPath, filepath.toString());
-    vulnFiles = vulnFiles.concat(_get_manifest_files_suffixes());
-    if (!endsWithAny(
-      absFilepath.toString().replaceAll(path5.win32.sep, path5.posix.sep),
-      vulnFiles
-    )) {
-      debug13("ignoring %s because it is not a vulnerability file", filepath);
-      continue;
+    if (!isIncludeAllFiles) {
+      vulnFiles = vulnFiles.concat(_get_manifest_files_suffixes());
+      if (!endsWithAny(
+        absFilepath.toString().replaceAll(path5.win32.sep, path5.posix.sep),
+        vulnFiles
+      )) {
+        debug13("ignoring %s because it is not a vulnerability file", filepath);
+        continue;
+      }
     }
     if (fs5.lstatSync(absFilepath).size > MAX_FILE_SIZE) {
       debug13("ignoring %s because the size is > 5MB", filepath);
@@ -9037,19 +9056,18 @@ var cxOperatingSystemSupportMessage = `Your operating system does not support ch
 import cp from "node:child_process";
 import Debug14 from "debug";
 import * as process2 from "process";
-import supportsColor from "supports-color";
-var { stdout: stdout2 } = supportsColor;
 function createFork({ args, processPath, name }, options) {
   const child = cp.fork(processPath, args, {
     stdio: ["inherit", "pipe", "pipe", "ipc"],
-    env: { ...process2.env, FORCE_COLOR: stdout2 ? "1" : "0" }
+    env: { ...process2.env }
   });
   return createChildProcess({ childProcess: child, name }, options);
 }
-function createSpwan({ args, processPath, name }, options) {
+function createSpawn({ args, processPath, name, cwd }, options) {
   const child = cp.spawn(processPath, args, {
     stdio: ["inherit", "pipe", "pipe", "ipc"],
-    env: { ...process2.env, FORCE_COLOR: stdout2 ? "1" : "0" }
+    env: { ...process2.env },
+    cwd
   });
   return createChildProcess({ childProcess: child, name }, options);
 }
@@ -9132,7 +9150,7 @@ function validateCheckmarxInstallation() {
 }
 async function forkCheckmarx(args, { display }) {
   debug14("fork checkmarx with args %o %s", args.join(" "), display);
-  return createSpwan(
+  return createSpawn(
     { args, processPath: getCheckmarxPath(), name: "checkmarx" },
     { display }
   );
@@ -9469,7 +9487,7 @@ async function getReport(params, { skipPrompts }) {
     authHeaders: scm.getAuthHeaders(),
     downloadUrl
   });
-  const reportPath = path7.join(dirname, "report.json");
+  const reportPath = path7.join(dirname, REPORT_DEFAULT_FILE_NAME);
   switch (scanner) {
     case "snyk":
       await getSnykReport(reportPath, repositoryRoot, { skipPrompts });
@@ -9601,17 +9619,17 @@ async function _scan(params, { skipPrompts = false } = {}) {
       { skipPrompts }
     );
   }
-  if (!reportPath) {
-    throw new Error("reportPath is null");
-  }
+  const shouldScan = !reportPath;
   const uploadReportSpinner = createSpinner5("\u{1F4C1} Uploading Report").start();
   try {
-    await uploadFile({
-      file: reportPath,
-      url: reportUploadInfo.url,
-      uploadFields: JSON.parse(reportUploadInfo.uploadFieldsJSON),
-      uploadKey: reportUploadInfo.uploadKey
-    });
+    if (reportPath) {
+      await uploadFile({
+        file: reportPath,
+        url: reportUploadInfo.url,
+        uploadFields: JSON.parse(reportUploadInfo.uploadFieldsJSON),
+        uploadKey: reportUploadInfo.uploadKey
+      });
+    }
   } catch (e) {
     uploadReportSpinner.error({ text: "\u{1F4C1} Report upload failed" });
     throw e;
@@ -9621,7 +9639,11 @@ async function _scan(params, { skipPrompts = false } = {}) {
     fixReportId: reportUploadInfo.fixReportId,
     projectId,
     command,
-    ci
+    ci,
+    repoUrl: repo,
+    sha,
+    reference,
+    shouldScan
   });
   uploadReportSpinner.success({ text: "\u{1F4C1} Report uploaded successfully" });
   const mobbSpinner = createSpinner5("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
@@ -9633,7 +9655,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
       repoUrl: z29.string().parse(repo),
       reference,
       projectId,
-      vulnerabilityReportFileName: "report.json",
+      vulnerabilityReportFileName: shouldScan ? void 0 : REPORT_DEFAULT_FILE_NAME,
       sha,
       experimentalEnabled: !!experimentalEnabled,
       pullRequest: params.pullRequest,
@@ -9730,55 +9752,61 @@ async function _scan(params, { skipPrompts = false } = {}) {
     if (!repoUploadInfo || !reportUploadInfo) {
       throw new Error("uploadS3BucketInfo is null");
     }
-    if (!srcPath || !reportPath) {
-      throw new Error("src path and reportPath is required");
+    if (!srcPath) {
+      throw new Error("src path is required");
     }
-    const uploadReportSpinner2 = createSpinner5("\u{1F4C1} Uploading Report").start();
-    try {
-      await uploadFile({
-        file: reportPath,
-        url: reportUploadInfo.url,
-        uploadFields: JSON.parse(reportUploadInfo.uploadFieldsJSON),
-        uploadKey: reportUploadInfo.uploadKey
+    const shouldScan2 = !reportPath;
+    if (reportPath) {
+      const uploadReportSpinner2 = createSpinner5("\u{1F4C1} Uploading Report").start();
+      try {
+        await uploadFile({
+          file: reportPath,
+          url: reportUploadInfo.url,
+          uploadFields: JSON.parse(reportUploadInfo.uploadFieldsJSON),
+          uploadKey: reportUploadInfo.uploadKey
+        });
+      } catch (e) {
+        uploadReportSpinner2.error({ text: "\u{1F4C1} Report upload failed" });
+        throw e;
+      }
+      uploadReportSpinner2.success({
+        text: "\u{1F4C1} Uploading Report successful!"
       });
-    } catch (e) {
-      uploadReportSpinner2.error({ text: "\u{1F4C1} Report upload failed" });
-      throw e;
     }
-    uploadReportSpinner2.success({
-      text: "\u{1F4C1} Uploading Report successful!"
-    });
-    const vulnFiles = await _digestReport({
-      gqlClient,
-      fixReportId: reportUploadInfo.fixReportId,
-      projectId,
-      command,
-      ci
-    });
-    const srcFileStatus = await fsPromises.lstat(srcPath);
-    const zippingSpinner = createSpinner5("\u{1F4E6} Zipping repo").start();
-    let zipBuffer;
     let gitInfo = { success: false };
-    if (srcFileStatus.isFile() && path7.extname(srcPath).toLowerCase() === ".fpr") {
-      zipBuffer = await repackFpr(srcPath);
+    if (reportPath) {
+      const vulnFiles = await _digestReport({
+        gqlClient,
+        fixReportId: reportUploadInfo.fixReportId,
+        projectId,
+        command,
+        ci,
+        shouldScan: shouldScan2
+      });
+      const res = await _zipAndUploadRepo({
+        srcPath,
+        vulnFiles,
+        repoUploadInfo,
+        isIncludeAllFiles: false
+      });
+      gitInfo = res.gitInfo;
     } else {
-      gitInfo = await getGitInfo(srcPath);
-      zipBuffer = await pack(srcPath, vulnFiles);
-    }
-    zippingSpinner.success({ text: "\u{1F4E6} Zipping repo successful!" });
-    const uploadRepoSpinner = createSpinner5("\u{1F4C1} Uploading Repo").start();
-    try {
-      await uploadFile({
-        file: zipBuffer,
-        url: repoUploadInfo.url,
-        uploadFields: JSON.parse(repoUploadInfo.uploadFieldsJSON),
-        uploadKey: repoUploadInfo.uploadKey
+      const res = await _zipAndUploadRepo({
+        srcPath,
+        vulnFiles: [],
+        repoUploadInfo,
+        isIncludeAllFiles: true
+      });
+      gitInfo = res.gitInfo;
+      await _digestReport({
+        gqlClient,
+        fixReportId: reportUploadInfo.fixReportId,
+        projectId,
+        command,
+        ci,
+        shouldScan: shouldScan2
       });
-    } catch (e) {
-      uploadRepoSpinner.error({ text: "\u{1F4C1} Repo upload failed" });
-      throw e;
     }
-    uploadRepoSpinner.success({ text: "\u{1F4C1} Uploading Repo successful!" });
     const mobbSpinner2 = createSpinner5("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
     try {
       await sendReport({
@@ -9825,12 +9853,48 @@ async function _scan(params, { skipPrompts = false } = {}) {
     return reportUploadInfo.fixReportId;
   }
 }
+async function _zipAndUploadRepo({
+  srcPath,
+  vulnFiles,
+  repoUploadInfo,
+  isIncludeAllFiles
+}) {
+  const srcFileStatus = await fsPromises.lstat(srcPath);
+  const zippingSpinner = createSpinner4("\u{1F4E6} Zipping repo").start();
+  let zipBuffer;
+  let gitInfo = { success: false };
+  if (srcFileStatus.isFile() && path7.extname(srcPath).toLowerCase() === ".fpr") {
+    zipBuffer = await repackFpr(srcPath);
+  } else {
+    gitInfo = await getGitInfo(srcPath);
+    zipBuffer = await pack(srcPath, vulnFiles, isIncludeAllFiles);
+  }
+  zippingSpinner.success({ text: "\u{1F4E6} Zipping repo successful!" });
+  const uploadRepoSpinner = createSpinner4("\u{1F4C1} Uploading Repo").start();
+  try {
+    await uploadFile({
+      file: zipBuffer,
+      url: repoUploadInfo.url,
+      uploadFields: JSON.parse(repoUploadInfo.uploadFieldsJSON),
+      uploadKey: repoUploadInfo.uploadKey
+    });
+  } catch (e) {
+    uploadRepoSpinner.error({ text: "\u{1F4C1} Repo upload failed" });
+    throw e;
+  }
+  uploadRepoSpinner.success({ text: "\u{1F4C1} Uploading Repo successful!" });
+  return { gitInfo };
+}
 async function _digestReport({
   gqlClient,
   fixReportId,
   projectId,
   command,
-  ci
+  ci,
+  repoUrl,
+  sha,
+  reference,
+  shouldScan
 }) {
   const digestSpinner = createSpinner4(
     progressMassages.processingVulnerabilityReport
@@ -9840,7 +9904,11 @@ async function _digestReport({
       {
         fixReportId,
         projectId,
-        scanSource: _getScanSource(command, ci)
+        scanSource: _getScanSource(command, ci),
+        repoUrl,
+        sha,
+        reference,
+        shouldScan
       }
     );
     try {
@@ -10203,7 +10271,6 @@ ${chalk7.bold(
 function analyzeBuilder(yargs2) {
   return yargs2.option("f", {
     alias: "scan-file",
-    demandOption: true,
     type: "string",
     describe: chalk8.bold(
       "Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL, Sonarqube, Semgrep, Datadog)"
@@ -10229,8 +10296,7 @@ function analyzeBuilder(yargs2) {
   ).help();
 }
 function validateAnalyzeOptions(argv) {
-  console.log("argv", argv);
-  if (!fs7.existsSync(argv.f)) {
+  if (argv.f && !fs7.existsSync(argv.f)) {
     throw new CliError(`
 Can't access ${chalk8.bold(argv.f)}`);
   }
@@ -10264,7 +10330,9 @@ Can't access ${chalk8.bold(argv.f)}`);
       "--pull-request flag requires --commit-directly to be provided as well"
     );
   }
-  validateReportFileFormat(argv.f);
+  if (argv.f) {
+    validateReportFileFormat(argv.f);
+  }
 }
 async function analyzeHandler(args) {
   validateAnalyzeOptions(args);
@@ -10407,7 +10475,7 @@ var parseArgs = async (args) => {
   ).command(
     mobbCliCommand.analyze,
     chalk10.bold(
-      "Provide a vulnerability report and relevant code repository, get automated fixes right away."
+      "Provide a code repository, get automated fixes right away. You can also provide a vulnerability report to analyze or have Mobb scan the code for you."
     ),
     analyzeBuilder,
     analyzeHandler

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.83",
+  "version": "1.0.84",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",
@@ -71,7 +71,6 @@
     "semver": "7.7.1",
     "simple-git": "3.27.0",
     "snyk": "1.1296.2",
-    "supports-color": "10.0.0",
     "tar": "6.2.1",
     "tmp": "0.2.3",
     "undici": "6.21.1",