version 1.0.47

Author: Kirill89

__tests__/integration.test.ts

@@ -140,12 +140,13 @@ describe('Basic Analyze tests', () => {
         command: 'scan',
         autoPr: true,
         commitDirectly: true,
+        pullRequest: 1,
       },
       { skipPrompts: true }
     )
 
     expect(runAnalysisSpy).toHaveBeenCalled()
-    expect(autoPrAnalysisSpy).toHaveBeenCalledWith(expect.any(String), true)
+    expect(autoPrAnalysisSpy).toHaveBeenCalledWith(expect.any(String), true, 1)
     expect(mockedOpen).toHaveBeenCalledTimes(2)
     expect(mockedOpen).toBeCalledWith(expect.stringMatching(PROJECT_PAGE_REGEX))
   }, 30000)
@@ -255,6 +256,7 @@ describe('Basic Analyze tests', () => {
   it('Checks ci flag', async () => {
     const consoleMock = vi.spyOn(console, 'log')
     const autoPrAnalysisSpy = vi.spyOn(GQLClient.prototype, 'autoPrAnalysis')
+    const prNumber = 1
     await analysisExports.runAnalysis(
       {
         repo: 'https://bitbucket.com/a/b',
@@ -266,10 +268,15 @@ describe('Basic Analyze tests', () => {
         command: 'analyze',
         autoPr: true,
         commitDirectly: true,
+        pullRequest: prNumber,
       },
       { skipPrompts: true }
     )
-    expect(autoPrAnalysisSpy).toHaveBeenCalledWith(expect.any(String), true)
+    expect(autoPrAnalysisSpy).toHaveBeenCalledWith(
+      expect.any(String),
+      true,
+      prNumber
+    )
     expect(analysisRegex.test(consoleMock.mock.lastCall?.at(0))).toBe(true)
     consoleMock.mockClear()
   })

package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.46",
+  "version": "1.0.47",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",

src/args/commands/analyze.ts

@@ -58,6 +58,12 @@ export function analyzeBuilder(
     .option('commit-hash', commitHashOption)
     .option('auto-pr', autoPrOption)
     .option('commit-directly', commitDirectlyOption)
+    .option('pull-request', {
+      alias: ['pr', 'pr-number', 'pr-id'],
+      describe: chalk.bold('Number of the pull request'),
+      type: 'number',
+      demandOption: false,
+    })
     .example(
       'npx mobbdev@latest analyze -r https://github.com/WebGoat/WebGoat -f <your_vulnerability_report_path>',
       'analyze an existing repository'
@@ -85,6 +91,11 @@ function validateAnalyzeOptions(argv: AnalyzeOptions) {
       '--commit-directly flag requires --auto-pr to be provided as well'
     )
   }
+  if (argv.pullRequest && !argv['commit-directly']) {
+    throw new CliError(
+      '--pull-request flag requires --commit-directly to be provided as well'
+    )
+  }
   validateReportFileFormat(argv.f)
 }
 

src/args/commands/review.ts

@@ -47,7 +47,7 @@ export function reviewBuilder(
     })
 
     .option('pull-request', {
-      alias: 'pr',
+      alias: ['pr', 'pr-number', 'pr-id'],
       describe: chalk.bold('Number of the pull request'),
       type: 'number',
       demandOption: true,

src/args/types.ts

@@ -24,6 +24,7 @@ export type BaseAnalyzeOptions = {
   'auto-pr': boolean
   'commit-directly'?: boolean
   commitDirectly?: boolean
+  pullRequest?: number
 }
 
 export type ReviewOptions = Yargs.ArgumentsCamelCase<BaseReviewOptions>

src/commands/index.ts

@@ -82,6 +82,7 @@ export async function analyze(
     organizationId,
     autoPr,
     commitDirectly,
+    pullRequest,
   }: AnalyzeOptions,
   { skipPrompts = false }: CommandOptions = {}
 ) {
@@ -101,6 +102,7 @@ export async function analyze(
       command: 'analyze',
       autoPr,
       commitDirectly,
+      pullRequest,
     },
     { skipPrompts }
   )

src/features/analysis/auto_pr_handler.ts

@@ -10,9 +10,10 @@ export async function handleAutoPr(params: {
   gqlClient: GQLClient
   analysisId: string
   commitDirectly?: boolean
+  prId?: number
   createSpinner: CreateSpinner
 }) {
-  const { gqlClient, analysisId, commitDirectly, createSpinner } = params
+  const { gqlClient, analysisId, commitDirectly, prId, createSpinner } = params
   const createAutoPrSpinner = createSpinner(
     '🔄 Waiting for the analysis to finish before initiating automatic pull request creation'
   ).start()
@@ -23,7 +24,8 @@ export async function handleAutoPr(params: {
     callback: async (analysisId) => {
       const autoPrAnalysisRes = await gqlClient.autoPrAnalysis(
         analysisId,
-        commitDirectly
+        commitDirectly,
+        prId
       )
       debug('auto pr analysis res %o', autoPrAnalysisRes)
       if (autoPrAnalysisRes.autoPrAnalysis?.__typename === 'AutoPrError') {

src/features/analysis/graphql/gql.ts

@@ -376,10 +376,15 @@ export class GQLClient {
     }
     return res.analysis
   }
-  async autoPrAnalysis(analysisId: string, commitDirectly?: boolean) {
+  async autoPrAnalysis(
+    analysisId: string,
+    commitDirectly?: boolean,
+    prId?: number
+  ) {
     return this._clientSdk.autoPrAnalysis({
       analysisId,
       commitDirectly,
+      prId,
     })
   }
   async getFixes(fixIds: string[]) {

src/features/analysis/index.ts

@@ -345,6 +345,7 @@ export async function _scan(
     organizationId: userOrganizationId,
     autoPr,
     commitDirectly,
+    pullRequest,
   } = params
   debug('start %s %s', dirname, repo)
   const { createSpinner } = Spinner({ ci })
@@ -513,6 +514,7 @@ export async function _scan(
       gqlClient,
       analysisId: reportUploadInfo.fixReportId,
       commitDirectly,
+      prId: pullRequest,
       createSpinner,
     })
   }
@@ -734,6 +736,7 @@ export async function _scan(
         gqlClient,
         analysisId: reportUploadInfo.fixReportId,
         commitDirectly,
+        prId: pullRequest,
         createSpinner,
       })
     }

src/features/analysis/scm/StubSCMLib.ts

@@ -103,13 +103,13 @@ export class StubSCMLib extends SCMLib {
     return ''
   }
 
-  async getPrUrl(_prNumber: number): Promise<string> {
-    console.warn('getPrUrl() returning empty string')
+  async getSubmitRequestUrl(_submitRequestIdNumber: number): Promise<string> {
+    console.warn('getSubmitRequestUrl() returning empty string')
     return ''
   }
 
-  async getPrId(_prUrl: string): Promise<string> {
-    console.warn('getPrId() returning empty string')
+  async getSubmitRequestId(_submitRequestUrl: string): Promise<string> {
+    console.warn('getSubmitRequestId() returning empty string')
     return ''
   }
 
@@ -122,4 +122,11 @@ export class StubSCMLib extends SCMLib {
     console.warn('_getUsernameForAuthUrl() returning empty string')
     return ''
   }
+
+  async addCommentToSubmitRequest(
+    _submitRequestId: string,
+    _comment: string
+  ): Promise<void> {
+    console.warn('addCommentToSubmitRequest() no-op')
+  }
 }

src/features/analysis/scm/__tests__/ado.test.ts

@@ -361,7 +361,7 @@ describe.each(Object.entries(scmTestParams))(
       expect(signedRepoUrl).toBe(
         `${protocol}//${accessToken}@${hostname}${pathname}`
       )
-      const prUrl = await scmLib.getPrUrl(1)
+      const prUrl = await scmLib.getSubmitRequestUrl(1)
       expect(prUrl).toMatch(`${url}/pullrequest/1`)
     })
   }

src/features/analysis/scm/ado/AdoSCMLib.ts

@@ -209,16 +209,16 @@ export class AdoSCMLib extends SCMLib {
       repoUrl: this.url,
     })
   }
-  async getPrUrl(prNumber: number): Promise<string> {
+  async getSubmitRequestUrl(submitRequestIdNumber: number): Promise<string> {
     this._validateUrl()
     const adoSdk = await this.getAdoSdk()
     return adoSdk.getAdoPrUrl({
       url: this.url,
-      prNumber,
+      prNumber: submitRequestIdNumber,
     })
   }
-  async getPrId(prUrl: string): Promise<string> {
-    const match = prUrl.match(/\/pullrequest\/(\d+)/)
+  async getSubmitRequestId(submitRequestUrl: string): Promise<string> {
+    const match = submitRequestUrl.match(/\/pullrequest\/(\d+)/)
     return match?.[1] || ''
   }
   async getCommitUrl(commitId: string): Promise<string> {
@@ -229,4 +229,16 @@ export class AdoSCMLib extends SCMLib {
       commitId,
     })
   }
+  async addCommentToSubmitRequest(
+    scmSubmitRequestId: string,
+    comment: string
+  ): Promise<void> {
+    this._validateAccessTokenAndUrl()
+    const adoSdk = await this.getAdoSdk()
+    await adoSdk.addCommentToAdoPullRequest({
+      repoUrl: this.url,
+      prNumber: Number(scmSubmitRequestId),
+      markdownComment: comment,
+    })
+  }
 }

src/features/analysis/scm/ado/ado.ts

@@ -50,6 +50,29 @@ export async function getAdoSdk(params: GetAdoApiClientParams) {
       }
       return parsedPullRequestStatus.data
     },
+    async addCommentToAdoPullRequest({
+      repoUrl,
+      prNumber,
+      markdownComment,
+    }: {
+      repoUrl: string
+      prNumber: number
+      markdownComment: string
+    }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl)
+      const git = await api.getGitApi()
+      const comment = {
+        comments: [
+          {
+            parentCommentId: 0, // Root comment
+            content: markdownComment,
+            commentType: 1, // Default type
+          },
+        ],
+      }
+
+      await git.createThread(comment, repo, prNumber, projectName)
+    },
     async getAdoIsRemoteBranch({
       repoUrl,
       branch,

src/features/analysis/scm/bitbucket/BitbucketSCMLib.ts

@@ -261,22 +261,34 @@ export class BitbucketSCMLib extends SCMLib {
     const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url })
     return z.string().parse(repoRes.mainbranch?.name)
   }
-  getPrUrl(prNumber: number): Promise<string> {
+  getSubmitRequestUrl(submitRequestId: number): Promise<string> {
     this._validateUrl()
-    const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(this.url)
+    const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(this.url)
     return Promise.resolve(
-      `https://bitbucket.org/${workspace}/${repoSlug}/pull-requests/${prNumber}`
+      `https://bitbucket.org/${workspace}/${repo_slug}/pull-requests/${submitRequestId}`
     )
   }
-  async getPrId(prUrl: string): Promise<string> {
-    const match = prUrl.match(/\/pull-requests\/(\d+)/)
+  async getSubmitRequestId(submitRequestUrl: string): Promise<string> {
+    const match = submitRequestUrl.match(/\/pull-requests\/(\d+)/)
     return match?.[1] || ''
   }
   getCommitUrl(commitId: string): Promise<string> {
     this._validateUrl()
-    const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(this.url)
+    const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(this.url)
     return Promise.resolve(
-      `https://bitbucket.org/${workspace}/${repoSlug}/commits/${commitId}`
+      `https://bitbucket.org/${workspace}/${repo_slug}/commits/${commitId}`
     )
   }
+
+  async addCommentToSubmitRequest(
+    submitRequestId: string,
+    comment: string
+  ): Promise<void> {
+    this._validateUrl()
+    await this.bitbucketSdk.addCommentToPullRequest({
+      prNumber: Number(submitRequestId),
+      url: this.url,
+      markdownComment: comment,
+    })
+  }
 }