[MH-16215] Add run_number flag to CLI. (#171)

* Upgrade deps.

* Update version to 1.0.9.

* Update linting settings.

* More version updates.

* Fixes for linting errors.

* Add jest to the dev dependencies; fixes lint error where it couldn't be detected.

* Rebuild the distribution.

* Consolidate the config into a Config type.

* Rename fields.

* Add run_number to mayhem download.

Author: dbargatz

.eslintrc.json

@@ -1,18 +1,54 @@
 {
+    "parser": "@typescript-eslint/parser",
+    "plugins": [
+        "@typescript-eslint",
+        "jest",
+        "prettier"
+    ],
+    "extends": [
+        "eslint:recommended",
+        "plugin:@typescript-eslint/eslint-recommended",
+        "plugin:@typescript-eslint/recommended",
+        "plugin:github/recommended",
+        "plugin:jest/recommended"
+    ],
     "env": {
         "browser": true,
-        "es2021": true
+        "es6": true,
+        "node": true,
+        "jest": true
     },
-    "extends": [
-        "google", "prettier"
-    ],
-    "parser": "@typescript-eslint/parser",
     "parserOptions": {
-        "ecmaVersion": 13,
-        "sourceType": "module"
+        "ecmaVersion": 2023,
+        "sourceType": "module",
+        "project": "./tsconfig.json"
     },
-    "plugins": ["@typescript-eslint", "prettier"],
     "rules": {
-        "prettier/prettier": "error"
+        // Error for any prettier formatting issues.
+        "prettier/prettier": "error",
+        // Error for any if blocks without curly braces.
+        "curly": "error",
+        // Error if unused vars or args are present that dont begin with an underscore.
+        "@typescript-eslint/no-unused-vars": [
+            "error",
+            {
+                "argsIgnorePattern": "^_",
+                "varsIgnorePattern": "^_"
+            }
+        ],
+        "no-unused-vars": [
+            "error",
+            {
+                "argsIgnorePattern": "^_",
+                "varsIgnorePattern": "^_"
+            }
+        ],
+        // Error if any unused expressions are present.
+        "no-unused-expressions": "error",
+        // Be explicit about parsing numbers.
+        "radix": "error",
+        // Disable broken eslint no-shadow rule for TypeScript enums.
+        "no-shadow": "off",
+        "@typescript-eslint/no-shadow": "error"
     }
-}
+}

dist/index.js

@@ -6,29 +6,6 @@ require('./sourcemap-register.js');/******/ (() => { // webpackBootstrap
 
 "use strict";
 
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
 var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -39,116 +16,133 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-const core = __importStar(__nccwpck_require__(2186));
-const exec = __importStar(__nccwpck_require__(1514));
-const tc = __importStar(__nccwpck_require__(7784));
+const core_1 = __nccwpck_require__(2186);
+const exec_1 = __nccwpck_require__(1514);
+const tool_cache_1 = __nccwpck_require__(7784);
 const fs_1 = __nccwpck_require__(7147);
-const mayhemUrl = core.getInput("mayhem-url") || "https://app.mayhem.security";
-/** Return local path to donwloaded or cached CLI */
-function mcodeCLI() {
+const mayhemUrl = (0, core_1.getInput)("mayhem-url") || "https://app.mayhem.security";
+/**
+ * Operating systems that an mCode CLI is available for, mapped to the URL path it can be
+ * downloaded from on a recent Mayhem cluster.
+ */
+var CliOsPath;
+(function (CliOsPath) {
+    CliOsPath["Linux"] = "Linux/mayhem";
+    CliOsPath["MacOS"] = "Darwin/mayhem.pkg";
+    CliOsPath["Windows"] = "Windows/mayhem.exe";
+})(CliOsPath || (CliOsPath = {}));
+function getConfig() {
+    var _a;
+    const githubToken = (0, core_1.getInput)("github-token", {
+        required: true,
+    });
+    const repo = process.env["GITHUB_REPOSITORY"];
+    if (repo === undefined) {
+        throw Error("Missing GITHUB_REPOSITORY environment variable. " +
+            "Are you not running this in a Github Action environment?");
+    }
+    const ghRepo = `${process.env["GITHUB_SERVER_URL"]}:443/${repo}/`;
+    const eventPath = process.env["GITHUB_EVENT_PATH"] || "event.json";
+    const event = JSON.parse((0, fs_1.readFileSync)(eventPath, "utf-8")) || {};
+    const eventPullRequest = event.pull_request;
+    return {
+        githubToken,
+        mayhemToken: (0, core_1.getInput)("mayhem-token") || githubToken,
+        packagePath: (0, core_1.getInput)("package") || ".",
+        sarifOutputDir: (0, core_1.getInput)("sarif-output") || "",
+        junitOutputDir: (0, core_1.getInput)("junit-output") || "",
+        coverageOutputDir: (0, core_1.getInput)("coverage-output") || "",
+        failOnDefects: (0, core_1.getBooleanInput)("fail-on-defects") || false,
+        verbosity: (0, core_1.getInput)("verbosity") || "info",
+        owner: (0, core_1.getInput)("owner").toLowerCase(),
+        project: ((0, core_1.getInput)("project") || repo).toLowerCase(),
+        repo,
+        ciUrl: `${ghRepo}/actions/runs/${process.env["GITHUB_RUN_ID"]}`,
+        branchName: eventPullRequest
+            ? eventPullRequest.head.ref
+            : ((_a = process.env["GITHUB_REF_NAME"]) === null || _a === void 0 ? void 0 : _a.slice("refs/heads/".length)) || "main",
+        revision: eventPullRequest
+            ? eventPullRequest.head.sha
+            : process.env["GITHUB_SHA"] || "unknown",
+        mergeBaseBranchName: eventPullRequest ? eventPullRequest.base.ref : "main",
+    };
+}
+/**
+ * Downloads the mCode CLI from the given Mayhem cluster, marks it as executable, and returns the
+ * path to the downloaded CLI.
+ * @param url the base URL of the Mayhem cluster, such as "https://app.mayhem.security".
+ * @param os the operating system to download the CLI for.
+ * @return Path to the downloaded mCode CLI; resolves when the CLI download is complete.
+ */
+function downloadCli(url, os) {
     return __awaiter(this, void 0, void 0, function* () {
-        // Get latest version from API
-        const os = "Linux";
-        const bin = "mayhem";
-        // Download the CLI and cache it if version is set
-        const mcodePath = yield tc.downloadTool(`${mayhemUrl}/cli/${os}/${bin}`);
+        // Download the CLI and mark it as executable.
+        const mcodePath = yield (0, tool_cache_1.downloadTool)(`${url}/cli/${os}`);
         (0, fs_1.chmodSync)(mcodePath, 0o755);
-        // const folder = await tc.cacheFile(mcodePath, bin, bin, cliVersion, os);
-        // return `${folder}/${bin}`;
         return mcodePath;
     });
 }
 /** Mapping action arguments to CLI arguments and completing a run */
 function run() {
     return __awaiter(this, void 0, void 0, function* () {
-        var _a;
         try {
-            const cli = yield mcodeCLI();
-            // Load inputs
-            const githubToken = core.getInput("github-token", {
-                required: true,
-            });
-            const mayhemToken = core.getInput("mayhem-token") || githubToken;
-            const packagePath = core.getInput("package") || ".";
-            const sarifOutput = core.getInput("sarif-output") || "";
-            const junitOutput = core.getInput("junit-output") || "";
-            const coverageOutput = core.getInput("coverage-output") || "";
-            const failOnDefects = core.getBooleanInput("fail-on-defects") || false;
-            const verbosity = core.getInput("verbosity") || "info";
-            const owner = core.getInput("owner").toLowerCase();
-            const args = (core.getInput("args") || "").split(" ");
+            // Validate the action inputs and create a Config object from them.
+            const config = getConfig();
+            // Download the mCode CLI for Linux.
+            const cli = yield downloadCli(mayhemUrl, CliOsPath.Linux);
+            const args = ((0, core_1.getInput)("args") || "").split(" ");
             // defaults next
             if (!args.includes("--duration")) {
                 args.push("--duration", "60");
             }
             if (!args.includes("--image")) {
                 args.push("--image", "forallsecure/debian-buster:latest");
             }
-            const repo = process.env["GITHUB_REPOSITORY"];
-            if (repo === undefined) {
-                throw Error("Missing GITHUB_REPOSITORY environment variable. " +
-                    "Are you not running this in a Github Action environment?");
-            }
-            const project = (core.getInput("project") || repo).toLowerCase();
-            const eventPath = process.env["GITHUB_EVENT_PATH"] || "event.json";
-            const event = JSON.parse((0, fs_1.readFileSync)(eventPath, "utf-8")) || {};
-            const eventPullRequest = event.pull_request;
-            const ghRepo = `${process.env["GITHUB_SERVER_URL"]}:443/${repo}/`;
-            const ciUrl = `${ghRepo}/actions/runs/${process.env["GITHUB_RUN_ID"]}`;
-            const branchName = eventPullRequest
-                ? eventPullRequest.head.ref
-                : ((_a = process.env["GITHUB_REF_NAME"]) === null || _a === void 0 ? void 0 : _a.slice("refs/heads/".length)) || "main";
-            const revision = eventPullRequest
-                ? eventPullRequest.head.sha
-                : process.env["GITHUB_SHA"] || "unknown";
-            const mergeBaseBranchName = eventPullRequest
-                ? eventPullRequest.base.ref
-                : "main";
-            args.push("--ci-url", ciUrl);
-            args.push("--merge-base-branch-name", mergeBaseBranchName);
-            args.push("--branch-name", branchName);
-            args.push("--revision", revision);
+            args.push("--ci-url", config.ciUrl);
+            args.push("--merge-base-branch-name", config.mergeBaseBranchName);
+            args.push("--branch-name", config.branchName);
+            args.push("--revision", config.revision);
             const argsString = args.join(" ");
             // Generate arguments for wait command
             // sarif, junit, coverage
             const waitArgs = [];
-            if (sarifOutput) {
+            if (config.sarifOutputDir) {
                 // $runName is a variable that is set in the bash script
-                waitArgs.push("--sarif", `${sarifOutput}/\${runName}.sarif`);
+                waitArgs.push("--sarif", `${config.sarifOutputDir}/\${runName}.sarif`);
             }
-            if (junitOutput) {
+            if (config.junitOutputDir) {
                 // $runName is a variable that is set in the bash script
-                waitArgs.push("--junit", `${junitOutput}/\${runName}.xml`);
+                waitArgs.push("--junit", `${config.junitOutputDir}/\${runName}.xml`);
             }
-            if (coverageOutput) {
+            if (config.coverageOutputDir) {
                 waitArgs.push("--coverage");
             }
-            if (failOnDefects) {
+            if (config.failOnDefects) {
                 waitArgs.push("--fail-on-defects");
             }
             // create wait args string
             const waitArgsString = waitArgs.join(" ");
             const script = `
     set -xe
     # create sarif output directory
-    if [ -n "${sarifOutput}" ]; then
-      mkdir -p ${sarifOutput};
+    if [ -n "${config.sarifOutputDir}" ]; then
+      mkdir -p ${config.sarifOutputDir};
     fi
 
     # create junit output directory
-    if [ -n "${junitOutput}" ]; then
-      mkdir -p ${junitOutput};
+    if [ -n "${config.junitOutputDir}" ]; then
+      mkdir -p ${config.junitOutputDir};
     fi
 
     # create coverage output directory
-    if [ -n "${coverageOutput}" ]; then
-      mkdir -p ${coverageOutput};
+    if [ -n "${config.coverageOutputDir}" ]; then
+      mkdir -p ${config.coverageOutputDir};
     fi
 
     # Run mayhem
-    run=$(${cli} --verbosity ${verbosity} run ${packagePath} \
-                 --project ${project} \
-                 --owner ${owner} ${argsString});
+    run=$(${cli} --verbosity ${config.verbosity} run ${config.packagePath} \
+                 --project ${config.project} \
+                 --owner ${config.owner} ${argsString});
 
     # Persist the run id to the GitHub output
     echo "runId=$run" >> $GITHUB_OUTPUT;
@@ -161,10 +155,10 @@ function run() {
     fi
 
     # if the user didn't specify requiring any output, don't wait for the result.
-    if [ -z "${coverageOutput}" ] && \
-        [ -z "${junitOutput}" ] && \
-        [ -z "${sarifOutput}" ] && \
-        [ "${failOnDefects.toString().toLowerCase()}" != "true" ]; then
+    if [ -z "${config.coverageOutputDir}" ] && \
+        [ -z "${config.junitOutputDir}" ] && \
+        [ -z "${config.sarifOutputDir}" ] && \
+        [ "${config.failOnDefects.toString().toLowerCase()}" != "true" ]; then
       echo "No coverage, junit or sarif output requested, not waiting for job result.";
       exit 0;
     fi
@@ -173,55 +167,56 @@ function run() {
     runName="$(echo $run | awk -F / '{ print $(NF-1) }')";
 
     # wait for run to finish
-    if ! ${cli} --verbosity ${verbosity} wait $run \
-            --owner ${owner} \
+    if ! ${cli} --verbosity ${config.verbosity} wait $run \
+            --owner ${config.owner} \
             ${waitArgsString}; then
       exit 3;
     fi
 
 
     # check status, exit with non-zero status if failed or stopped
-    status=$(${cli} --verbosity ${verbosity} show \
-                    --owner ${owner} \
+    status=$(${cli} --verbosity ${config.verbosity} show \
+                    --owner ${config.owner} \
                     --format json $run | jq '.[0].status');
     if [[ $status == *"stopped"* || $status == *"failed"* ]]; then
       exit 2;
     fi
 
-    # Strip the run number from the full run path to get the project/target.
+    # Strip the run number from the full run path to get the project/target,
+    # and save the run number separately.
     target=$(echo $run | sed 's:/[^/]*$::')
+    run_number=$(echo $run | sed 's:.*/::')
 
-    if [ -n "${coverageOutput}" ]; then
-      ${cli} --verbosity ${verbosity} download --owner ${owner} $target -o ${coverageOutput};
+    if [ -n "${config.coverageOutputDir}" ]; then
+      ${cli} --verbosity ${config.verbosity} download --owner ${config.owner} --output ${config.coverageOutputDir} --run_number $run_number $target;
     fi
     `;
-            process.env["MAYHEM_TOKEN"] = mayhemToken;
+            process.env["MAYHEM_TOKEN"] = config.mayhemToken;
             process.env["MAYHEM_URL"] = mayhemUrl;
-            process.env["MAYHEM_PROJECT"] = repo;
+            process.env["MAYHEM_PROJECT"] = config.repo;
             // Start fuzzing
-            const cliRunning = exec.exec("bash", ["-c", script], {
+            const cliRunning = (0, exec_1.exec)("bash", ["-c", script], {
                 ignoreReturnCode: true,
             });
             const res = yield cliRunning;
-            if (res == 1) {
-                /* eslint-disable max-len */
+            if (res === 1) {
                 throw new Error(`The Mayhem for Code scan was unable to execute the Mayhem run for your target.
       Check your configuration. For package visibility/permissions issues, see
       https://docs.github.com/en/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility
       on how to set your package to 'Public'.`);
             }
-            else if (res == 2) {
+            else if (res === 2) {
                 throw new Error("The Mayhem for Code scan detected the Mayhem run for your " +
                     "target was unsuccessful.");
             }
-            else if (res == 3) {
+            else if (res === 3) {
                 throw new Error("The Mayhem for Code scan found defects in your target.");
             }
         }
         catch (err) {
             if (err instanceof Error) {
-                core.info(`mcode action failed with: ${err.message}`);
-                core.setFailed(err.message);
+                (0, core_1.info)(`mcode action failed with: ${err.message}`);
+                (0, core_1.setFailed)(err.message);
             }
         }
     });