npm - @contrast/contrast - Versions diffs - 1.0.0 → 1.0.1 - Mend

@contrast/contrast 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (201) hide show

package/.prettierignore +2 -0
package/README.md +120 -47
package/dist/audit/AnalysisEngine.js +37 -0
package/dist/audit/catalogueApplication/catalogueApplication.js +36 -0
package/dist/audit/dotnetAnalysisEngine/index.js +25 -0
package/dist/audit/dotnetAnalysisEngine/parseLockFileContents.js +35 -0
package/dist/audit/dotnetAnalysisEngine/parseProjectFileContents.js +15 -0
package/dist/audit/dotnetAnalysisEngine/readLockFileContents.js +18 -0
package/dist/audit/dotnetAnalysisEngine/readProjectFileContents.js +14 -0
package/dist/audit/dotnetAnalysisEngine/sanitizer.js +9 -0
package/dist/audit/goAnalysisEngine/index.js +17 -0
package/dist/audit/goAnalysisEngine/parseProjectFileContents.js +164 -0
package/dist/audit/goAnalysisEngine/readProjectFileContents.js +21 -0
package/dist/audit/goAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/javaAnalysisEngine/index.js +34 -0
package/dist/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +153 -0
package/dist/audit/javaAnalysisEngine/parseProjectFileContents.js +353 -0
package/dist/audit/javaAnalysisEngine/readProjectFileContents.js +98 -0
package/dist/audit/javaAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +24 -0
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +24 -0
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +35 -0
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +23 -0
package/dist/audit/languageAnalysisEngine/commonApi.js +18 -0
package/dist/audit/languageAnalysisEngine/constants.js +20 -0
package/dist/audit/languageAnalysisEngine/filterProjectPath.js +20 -0
package/dist/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +25 -0
package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js +39 -0
package/dist/audit/languageAnalysisEngine/index.js +39 -0
package/dist/audit/languageAnalysisEngine/langugageAnalysisFactory.js +70 -0
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +121 -0
package/dist/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +17 -0
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +257 -0
package/dist/audit/languageAnalysisEngine/report/newReportingFeature.js +81 -0
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +133 -0
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +41 -0
package/dist/audit/languageAnalysisEngine/util/capabilities.js +11 -0
package/dist/audit/languageAnalysisEngine/util/generalAPI.js +39 -0
package/dist/audit/languageAnalysisEngine/util/requestUtils.js +14 -0
package/dist/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +40 -0
package/dist/audit/nodeAnalysisEngine/index.js +31 -0
package/dist/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +18 -0
package/dist/audit/nodeAnalysisEngine/parseYarn2LockFileContents.js +51 -0
package/dist/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +18 -0
package/dist/audit/nodeAnalysisEngine/readNPMLockFileContents.js +17 -0
package/dist/audit/nodeAnalysisEngine/readProjectFileContents.js +14 -0
package/dist/audit/nodeAnalysisEngine/readYarnLockFileContents.js +24 -0
package/dist/audit/nodeAnalysisEngine/sanitizer.js +9 -0
package/dist/audit/phpAnalysisEngine/index.js +23 -0
package/dist/audit/phpAnalysisEngine/parseLockFileContents.js +52 -0
package/dist/audit/phpAnalysisEngine/readLockFileContents.js +13 -0
package/dist/audit/phpAnalysisEngine/readProjectFileContents.js +16 -0
package/dist/audit/phpAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/pythonAnalysisEngine/index.js +25 -0
package/dist/audit/pythonAnalysisEngine/parsePipfileLockContents.js +17 -0
package/dist/audit/pythonAnalysisEngine/parseProjectFileContents.js +21 -0
package/dist/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +13 -0
package/dist/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +14 -0
package/dist/audit/pythonAnalysisEngine/sanitizer.js +7 -0
package/dist/audit/rubyAnalysisEngine/index.js +25 -0
package/dist/audit/rubyAnalysisEngine/parseGemfileLockContents.js +176 -0
package/dist/audit/rubyAnalysisEngine/parsedGemfile.js +22 -0
package/dist/audit/rubyAnalysisEngine/readGemfileContents.js +14 -0
package/dist/audit/rubyAnalysisEngine/readGemfileLockContents.js +14 -0
package/dist/audit/rubyAnalysisEngine/sanitizer.js +6 -0
package/dist/commands/audit/auditConfig.js +25 -0
package/dist/commands/audit/auditController.js +31 -0
package/dist/commands/audit/help.js +52 -0
package/dist/commands/audit/processAudit.js +18 -0
package/dist/commands/auth/auth.js +1 -1
package/dist/commands/scan/processScan.js +19 -5
package/dist/common/HTTPClient.js +101 -13
package/dist/common/errorHandling.js +49 -1
package/dist/common/findLatestCLIVersion.js +23 -0
package/dist/constants/constants.js +1 -1
package/dist/constants/lambda.js +32 -4
package/dist/constants/locales.js +39 -16
package/dist/constants.js +148 -20
package/dist/index.js +7 -1
package/dist/lambda/aws.js +14 -11
package/dist/lambda/help.js +4 -0
package/dist/lambda/lambda.js +50 -27
package/dist/lambda/lambdaUtils.js +72 -0
package/dist/lambda/logUtils.js +11 -1
package/dist/lambda/scanDetailCompletion.js +4 -4
package/dist/lambda/scanRequest.js +11 -5
package/dist/lambda/utils.js +110 -53
package/dist/scan/autoDetection.js +0 -32
package/dist/scan/fileUtils.js +1 -1
package/dist/scan/help.js +12 -40
package/dist/scan/populateProjectIdAndProjectName.js +4 -0
package/dist/scan/saveResults.js +15 -0
package/dist/scan/scan.js +77 -42
package/dist/scan/scanConfig.js +20 -0
package/dist/scan/scanController.js +13 -15
package/dist/scan/scanResults.js +18 -16
package/dist/utils/commonApi.js +3 -3
package/dist/utils/fileUtils.js +31 -0
package/dist/utils/paramsUtil/commandlineParams.js +1 -20
package/dist/utils/paramsUtil/genericCommandLineParams.js +12 -0
package/dist/utils/paramsUtil/paramHandler.js +3 -6
package/dist/utils/parsedCLIOptions.js +14 -8
package/package.json +26 -21
package/src/audit/AnalysisEngine.js +103 -0
package/src/audit/catalogueApplication/catalogueApplication.js +42 -0
package/src/audit/dotnetAnalysisEngine/index.js +26 -0
package/src/audit/dotnetAnalysisEngine/parseLockFileContents.js +47 -0
package/src/audit/dotnetAnalysisEngine/parseProjectFileContents.js +29 -0
package/src/audit/dotnetAnalysisEngine/readLockFileContents.js +30 -0
package/src/audit/dotnetAnalysisEngine/readProjectFileContents.js +26 -0
package/src/audit/dotnetAnalysisEngine/sanitizer.js +11 -0
package/src/audit/goAnalysisEngine/index.js +18 -0
package/src/audit/goAnalysisEngine/parseProjectFileContents.js +209 -0
package/src/audit/goAnalysisEngine/readProjectFileContents.js +31 -0
package/src/audit/goAnalysisEngine/sanitizer.js +7 -0
package/src/audit/javaAnalysisEngine/index.js +41 -0
package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +222 -0
package/src/audit/javaAnalysisEngine/parseProjectFileContents.js +420 -0
package/src/audit/javaAnalysisEngine/readProjectFileContents.js +141 -0
package/src/audit/javaAnalysisEngine/sanitizer.js +6 -0
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +35 -0
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +41 -0
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +54 -0
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +32 -0
package/src/audit/languageAnalysisEngine/commonApi.js +20 -0
package/src/audit/languageAnalysisEngine/constants.js +23 -0
package/src/audit/languageAnalysisEngine/filterProjectPath.js +21 -0
package/src/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +41 -0
package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js +72 -0
package/src/audit/languageAnalysisEngine/index.js +45 -0
package/src/audit/languageAnalysisEngine/langugageAnalysisFactory.js +94 -0
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +177 -0
package/src/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +27 -0
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.js +303 -0
package/src/audit/languageAnalysisEngine/report/newReportingFeature.js +124 -0
package/src/audit/languageAnalysisEngine/report/reportingFeature.js +190 -0
package/src/audit/languageAnalysisEngine/sendSnapshot.js +51 -0
package/src/audit/languageAnalysisEngine/util/capabilities.js +12 -0
package/src/audit/languageAnalysisEngine/util/generalAPI.js +43 -0
package/src/audit/languageAnalysisEngine/util/requestUtils.js +17 -0
package/src/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +49 -0
package/src/audit/nodeAnalysisEngine/index.js +35 -0
package/src/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +20 -0
package/src/audit/nodeAnalysisEngine/parseYarn2LockFileContents.js +63 -0
package/src/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +26 -0
package/src/audit/nodeAnalysisEngine/readNPMLockFileContents.js +23 -0
package/src/audit/nodeAnalysisEngine/readProjectFileContents.js +27 -0
package/src/audit/nodeAnalysisEngine/readYarnLockFileContents.js +36 -0
package/src/audit/nodeAnalysisEngine/sanitizer.js +11 -0
package/src/audit/phpAnalysisEngine/index.js +27 -0
package/src/audit/phpAnalysisEngine/parseLockFileContents.js +60 -0
package/src/audit/phpAnalysisEngine/readLockFileContents.js +14 -0
package/src/audit/phpAnalysisEngine/readProjectFileContents.js +25 -0
package/src/audit/phpAnalysisEngine/sanitizer.js +4 -0
package/src/audit/pythonAnalysisEngine/index.js +55 -0
package/src/audit/pythonAnalysisEngine/parsePipfileLockContents.js +23 -0
package/src/audit/pythonAnalysisEngine/parseProjectFileContents.js +33 -0
package/src/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +16 -0
package/src/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +22 -0
package/src/audit/pythonAnalysisEngine/sanitizer.js +9 -0
package/src/audit/rubyAnalysisEngine/index.js +30 -0
package/src/audit/rubyAnalysisEngine/parseGemfileLockContents.js +215 -0
package/src/audit/rubyAnalysisEngine/parsedGemfile.js +39 -0
package/src/audit/rubyAnalysisEngine/readGemfileContents.js +18 -0
package/src/audit/rubyAnalysisEngine/readGemfileLockContents.js +17 -0
package/src/audit/rubyAnalysisEngine/sanitizer.js +8 -0
package/src/commands/audit/auditConfig.ts +30 -0
package/src/commands/audit/auditController.ts +31 -0
package/src/commands/audit/help.ts +48 -0
package/src/commands/audit/processAudit.ts +19 -0
package/src/commands/auth/auth.js +1 -1
package/src/commands/scan/processScan.js +20 -5
package/src/common/HTTPClient.js +136 -14
package/src/common/errorHandling.ts +56 -1
package/src/common/findLatestCLIVersion.ts +27 -0
package/src/constants/constants.js +1 -1
package/src/constants/lambda.js +45 -4
package/src/constants/locales.js +48 -20
package/src/constants.js +168 -22
package/src/index.ts +9 -2
package/src/lambda/aws.ts +13 -12
package/src/lambda/help.ts +4 -0
package/src/lambda/lambda.ts +53 -34
package/src/lambda/lambdaUtils.ts +111 -0
package/src/lambda/logUtils.ts +19 -1
package/src/lambda/scanDetailCompletion.ts +4 -4
package/src/lambda/scanRequest.ts +13 -11
package/src/lambda/utils.ts +149 -81
package/src/scan/autoDetection.js +0 -29
package/src/scan/fileUtils.js +1 -1
package/src/scan/help.js +12 -45
package/src/scan/populateProjectIdAndProjectName.js +4 -0
package/src/scan/saveResults.js +15 -0
package/src/scan/scan.js +95 -59
package/src/scan/scanConfig.js +29 -0
package/src/scan/scanController.js +13 -13
package/src/scan/scanResults.js +21 -19
package/src/utils/commonApi.js +2 -3
package/src/utils/paramsUtil/commandlineParams.js +1 -26
package/src/utils/paramsUtil/paramHandler.js +3 -7
package/src/utils/parsedCLIOptions.js +11 -9

package/src/commands/audit/help.ts ADDED Viewed

@@ -0,0 +1,48 @@
+import commandLineUsage from 'command-line-usage'
+import i18n from 'i18n'
+import constants from '../../constants'
+const auditUsageGuide = commandLineUsage([
+  {
+    header: i18n.__('auditHeader'),
+    content: [i18n.__('auditHeaderMessage')]
+  },
+  {
+    header: i18n.__('constantsPrerequisitesHeader'),
+    content: [
+      '{bold ' +
+        i18n.__('constantsAuditPrerequisitesContentSupportedLanguages') +
+        '}',
+      '{bold ' +
+        i18n.__('constantsAuditPrerequisitesContentJava') +
+        '}' +
+        i18n.__('constantsAuditPrerequisitesContentMessage'),
+      '',
+      '{italic ' + i18n.__('constantsJavaNote') + '}',
+      '{italic ' + i18n.__('constantsJavaNoteGradle') + '}',
+      '',
+      '{bold ' +
+        i18n.__('constantsAuditPrerequisitesContentDotNet') +
+        '}' +
+        i18n.__('constantsAuditPrerequisitesContentDotNetMessage'),
+      '{bold ' +
+        i18n.__('constantsAuditPrerequisitesContentLanguageNode') +
+        '}' +
+        i18n.__('constantsAuditPrerequisitesContentLanguageNodeMessage'),
+      '{bold ' +
+        i18n.__('constantsAuditPrerequisitesContentLanguageRuby') +
+        '}' +
+        i18n.__('constantsAuditPrerequisitesContentLanguageRubyMessage'),
+      '{bold ' +
+        i18n.__('constantsAuditPrerequisitesContentLanguagePython') +
+        '}' +
+        i18n.__('constantsAuditPrerequisitesContentLanguagePythonMessage')
+    ]
+  },
+  {
+    header: i18n.__('constantsAuditOptions'),
+    optionList: constants.commandLineDefinitions.auditOptionDefinitions
+  }
+])
+export { auditUsageGuide }

package/src/commands/audit/processAudit.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { startAudit } from './auditController'
+import { getAuditConfig } from './auditConfig'
+import { auditUsageGuide } from './help'
+export type parameterInput = string[]
+export const processAudit = async (argv: parameterInput) => {
+  if (argv.indexOf('--help') != -1) {
+    printHelpMessage()
+    process.exit(1)
+  }
+  const config = getAuditConfig(argv)
+  const auditResults = await startAudit(config)
+  //report here
+}
+const printHelpMessage = () => {
+  console.log(auditUsageGuide)
+}

package/src/commands/auth/auth.js CHANGED Viewed

@@ -44,7 +44,7 @@ const isAuthComplete = async (token, timeout, config) => {
     let result = await pollAuthResult(token, client)
     if (result.statusCode === 200) {
       succeedSpinner(authSpinner, i18n.__('authSuccessMessage'))
-      console.log(i18n.__('runScanMessage'))
+      console.log(i18n.__('runAuthSuccessMessage'))
       return result.body
     }
     let endTime = new Date() - startTime

package/src/commands/scan/processScan.js CHANGED Viewed

@@ -1,22 +1,37 @@
 const { startScan } = require('../../scan/scanController')
-const paramHandler = require('../../utils/paramsUtil/paramHandler')
 const { formatScanOutput } = require('../../scan/scan')
 const { scanUsageGuide } = require('../../scan/help')
+const scanConfig = require('../../scan/scanConfig')
+const saveResults = require('../../scan/saveResults')
+const commonApi = require('../../utils/commonApi')
+const i18n = require('i18n')
-const processScan = async () => {
-  let getScanSubCommands = paramHandler.getScanSubCommands()
-  if (getScanSubCommands.help) {
+const processScan = async argvMain => {
+  if (argvMain.indexOf('--help') !== -1) {
     printHelpMessage()
     process.exit(1)
   }
-  let scanResults = await startScan()
+  let config = scanConfig.getScanConfig(argvMain)
+  let scanResults = await startScan(config)
   if (scanResults) {
     formatScanOutput(
       scanResults?.projectOverview,
       scanResults?.scanResultsInstances
     )
   }
+  if (config.save) {
+    if (config.save.toLowerCase() === 'sarif') {
+      const scanId = scanResults.scanDetail.id
+      const client = commonApi.getHttpClient(config)
+      const rawResults = await client.getSpecificScanResultSarif(config, scanId)
+      saveResults.writeResultsToFile(rawResults?.body)
+    } else {
+      console.log(i18n.__('scanNoFiletypeSpecifiedForSave'))
+    }
+  }
 }
 const printHelpMessage = () => {

package/src/common/HTTPClient.js CHANGED Viewed

@@ -6,10 +6,10 @@ const { AUTH_CALLBACK_URL } = require('../constants/constants')
 function HTTPClient(config) {
   const apiKey = config.apiKey
   const authToken = config.authorization
-  // this.rejectUnauthorized = !additionalParams.ignore_cert_errors
+  this.rejectUnauthorized = !config.ignoreCertErrors
-  const superApiKey = config.super_api_key
-  const superAuthToken = config.super_authorization
+  const superApiKey = config.superApiKey
+  const superAuthToken = config.superAuthorization
   this.requestOptions = {
     forever: true,
@@ -91,6 +91,15 @@ HTTPClient.prototype.getSpecificScanResult = function getSpecificScanResult(
   return requestUtils.sendRequest({ method: 'get', options })
 }
+HTTPClient.prototype.getSpecificScanResultSarif = function getSpecificScanResultSarif(
+  config,
+  scanId
+) {
+  const options = _.cloneDeep(this.requestOptions)
+  options.url = createRawOutputURL(config, scanId)
+  return requestUtils.sendRequest({ method: 'get', options })
+}
 HTTPClient.prototype.getScanId = function getScanId(config, codeArtifactId) {
   const options = _.cloneDeep(this.requestOptions)
   let url = createGetScanIdURL(config)
@@ -119,8 +128,7 @@ HTTPClient.prototype.createProjectId = function createProjectId(config) {
   options.body = {
     name: config.name,
-    archived: 'false',
-    language: config.language
+    archived: 'false'
   }
   options.url = createHarmonyProjectsUrl(config)
   return requestUtils.sendRequest({ method: 'post', options })
@@ -159,6 +167,80 @@ HTTPClient.prototype.pollForAuth = function pollForAuth(token) {
   return requestUtils.sendRequest({ method: 'post', options })
 }
+HTTPClient.prototype.catalogueCommand = function catalogueCommand(config) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createAppCreateURL(config)
+  options.url = url
+  let requestBody = {}
+  requestBody.name = config.applicationName
+  requestBody.language = config.language.toUpperCase()
+  requestBody.appGroups = config.appGroups
+  requestBody.metadata = config.metadata
+  requestBody.tags = config.tags
+  requestBody.code = config.code
+  options.body = requestBody
+  return requestUtils.sendRequest({ method: 'post', options })
+}
+HTTPClient.prototype.sendSnapshot = function sendSnapshot(requestBody, config) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createSnapshotURL(config)
+  options.url = url
+  options.body = requestBody
+  return requestUtils.sendRequest({ method: 'post', options })
+}
+HTTPClient.prototype.getReport = function getReport(config) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createReportUrl(config)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+HTTPClient.prototype.getSpecificReport = function getSpecificReport(
+  config,
+  reportId
+) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createSpecificReportUrl(config, reportId)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+HTTPClient.prototype.getLibraryVulnerabilities = function getLibraryVulnerabilities(
+  requestBody,
+  config
+) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createLibraryVulnerabilitiesUrl(config)
+  options.url = url
+  options.body = requestBody
+  return requestUtils.sendRequest({ method: 'put', options })
+}
+HTTPClient.prototype.getAppId = function getAppId(config) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createAppNameUrl(config)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+HTTPClient.prototype.getDependencyTree = function getReport(
+  orgUuid,
+  appId,
+  reportId
+) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createGetDependencyTree(options.uri, orgUuid, appId, reportId)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
 // serverless - lambda
 function getServerlessHost(config = {}) {
   const originalHost = config?.host || config?.get('host')
@@ -195,10 +277,10 @@ function createScanResultsGetUrl(config, params, scanId, functionArn) {
 HTTPClient.prototype.postFunctionScan = async function postFunctionScan(
   config,
-  parameters,
+  params,
   body
 ) {
-  const url = createScanFunctionPostUrl(config, parameters)
+  const url = createScanFunctionPostUrl(config, params)
   const options = { ...this.requestOptions, body, url }
   return requestUtils.sendRequest({ method: 'post', options })
@@ -206,10 +288,10 @@ HTTPClient.prototype.postFunctionScan = async function postFunctionScan(
 HTTPClient.prototype.getScanResources = async function getScanResources(
   config,
-  parameters,
+  params,
   scanId
 ) {
-  const url = createScanResourcesGetUrl(config, parameters, scanId)
+  const url = createScanResourcesGetUrl(config, params, scanId)
   const options = { ...this.requestOptions, url }
   return requestUtils.sendRequest({ method: 'get', options })
@@ -217,27 +299,35 @@ HTTPClient.prototype.getScanResources = async function getScanResources(
 HTTPClient.prototype.getFunctionScanResults = async function getFunctionScanResults(
   config,
-  parameters,
+  params,
   scanId,
   functionArn
 ) {
-  const url = createScanResultsGetUrl(config, parameters, scanId, functionArn)
+  const url = createScanResultsGetUrl(config, params, scanId, functionArn)
   const options = { ...this.requestOptions, url }
   return requestUtils.sendRequest({ method: 'get', options })
 }
+HTTPClient.prototype.checkLibrary = function checkLibrary(data) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createDataUrl()
+  options.url = url
+  options.body = data
+  return requestUtils.sendRequest({ method: 'post', options })
+}
 // scan
 const createGetScanIdURL = config => {
   return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/`
 }
 const createScanResultsInstancesURL = (config, scanId) => {
-  return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/result-instances?sort=severity,asc`
+  return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/result-instances/info?size=50&page=0&last=false&sort=severity,asc`
 }
-const createRawOutputURL = (config, codeArtifactId) => {
-  return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${codeArtifactId}/raw-output`
+const createRawOutputURL = (config, scanId) => {
+  return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/raw-output`
 }
 const createSpecificScanResultURL = (config, scanId) => {
@@ -264,6 +354,38 @@ const pollForAuthUrl = () => {
   return `${AUTH_CALLBACK_URL}/auth/credentials`
 }
+function createSnapshotURL(config) {
+  return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots`
+}
+const createAppCreateURL = config => {
+  return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/create`
+}
+const createAppNameUrl = config => {
+  return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/name?filterText=${config.applicationName}`
+}
+function createLibraryVulnerabilitiesUrl(config) {
+  return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`
+}
+function createReportUrl(config) {
+  return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports`
+}
+function createSpecificReportUrl(config, reportId) {
+  return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}?nodesToInclude=PROD`
+}
+function createDataUrl() {
+  return `https://ardy.contrastsecurity.com/production`
+}
+const createGetDependencyTree = (protocol, orgUuid, appId, reportId) => {
+  return `${protocol}/Contrast/api/ng/sca/organizations/${orgUuid}/applications/${appId}/reports/${reportId}`
+}
 module.exports = HTTPClient
 module.exports.pollForAuthUrl = pollForAuthUrl
 module.exports.getServerlessHost = getServerlessHost

package/src/common/errorHandling.ts CHANGED Viewed

@@ -1,5 +1,58 @@
 import i18n from 'i18n'
+const handleResponseErrors = (res: any, api: string) => {
+  if (res.statusCode === 400) {
+    api === 'catalogue' ? badRequestError(true) : badRequestError(false)
+  } else if (res.statusCode === 401) {
+    unauthenticatedError()
+  } else if (res.statusCode === 403) {
+    forbiddenError()
+  } else if (res.statusCode === 407) {
+    proxyError()
+  } else {
+    if (api === 'snapshot' || api === 'catalogue') {
+      snapshotFailureError()
+    }
+    if (api === 'vulnerabilities') {
+      vulnerabilitiesFailureError()
+    }
+    if (api === 'report') {
+      reportFailureError()
+    }
+  }
+}
+const libraryAnalysisError = () => {
+  console.log(i18n.__('libraryAnalysisError'))
+}
+const snapshotFailureError = () => {
+  console.log(
+    '\n ******************************** ' +
+      i18n.__('snapshotFailureHeader') +
+      ' *********************************\n' +
+      i18n.__('snapshotFailureMessage')
+  )
+}
+const vulnerabilitiesFailureError = () => {
+  console.log(
+    '\n ******************************** ' +
+      i18n.__('snapshotFailureHeader') +
+      ' *********************************\n' +
+      i18n.__('vulnerabilitiesFailureMessage')
+  )
+}
+const reportFailureError = () => {
+  console.log(
+    '\n ******************************** ' +
+      i18n.__('snapshotFailureHeader') +
+      ' *********************************\n' +
+      i18n.__('reportFailureMessage')
+  )
+}
 const genericError = (missingCliOption: string) => {
   // prettier-ignore
   console.log(`*************************** ${i18n.__('yamlMissingParametersHeader')} ***************************\n${missingCliOption}`)
@@ -75,5 +128,7 @@ export {
   failOptionError,
   hostWarningError,
   generalError,
-  getErrorMessage
+  getErrorMessage,
+  handleResponseErrors,
+  libraryAnalysisError
 }

package/src/common/findLatestCLIVersion.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import latestVersion from 'latest-version'
+import { APP_VERSION } from '../constants/constants'
+import boxen from 'boxen'
+import chalk from 'chalk'
+import semver from 'semver'
+export default async function findLatestCLIVersion() {
+  const latestCLIVersion = await latestVersion('@contrast/contrast')
+  if (semver.lt(APP_VERSION, latestCLIVersion)) {
+    const updateAvailableMessage = `Update available ${chalk.yellow(
+      APP_VERSION
+    )} → ${chalk.green(latestCLIVersion)}`
+    const updateAvailableCommand = `Run ${chalk.cyan(
+      'npm i @contrast/contrast'
+    )} to update`
+    console.log(
+      boxen(`${updateAvailableMessage}\n${updateAvailableCommand}`, {
+        margin: 1,
+        padding: 1,
+        align: 'center'
+      })
+    )
+  }
+}

package/src/constants/constants.js CHANGED Viewed

@@ -15,7 +15,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.0'
+const APP_VERSION = '1.0.1'
 const TIMEOUT = 120000
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com'
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com'

package/src/constants/lambda.js CHANGED Viewed

@@ -9,11 +9,52 @@ const lambda = {
     'Required parameter --function-name is missing.\nRun command with --help to see usage',
   failedToGetResults: 'Failed to get results',
   missingResults: 'Missing vulnerabilities',
-  missingParameter: 'Required function parameter is missing', // should use it again
   awsError: 'AWS error',
-  missingFlagArguments: 'The following flags are missing an arguments:\n%s',
+  missingFlagArguments:
+    'The following flags are missing an arguments:\n{{flags}}',
   notSupportedFlags:
-    'The following flags are not supported:\n%s\nRun command with --help to see usage',
+    'The following flags are not supported:\n{{flags}}\nRun command with --help to see usage',
+  layerNotFound:
+    'The layer {{layerArn}} could not be found. The scan will continue without it',
+  // ====== general ===== //
+  noVulnerabilitiesFound: '👏 No vulnerabilities found',
+  scanCompleted: '----- Scan completed {{time}}s -----',
+  sendingScanRequest:
+    '{{icon}} Sending Lambda Function scan request to Contrast',
+  scanRequestedSuccessfully: '{{icon}} Scan requested successfully',
+  fetchingConfiguration:
+    '{{icon}} Fetching configuration and policies for Lambda Function {{functionName}}',
+  fetchedConfiguration: '{{icon}} Fetched configuration from AWS',
+  // ====== scan polling ===== //
+  scanStarted: 'Scan Started',
+  scanFailed: 'Scan Failed',
+  scanTimedOut: 'Scan timed out',
+  // ====== lambda utils ===== //
+  loadingFunctionList: 'Loading lambda function list',
+  functionsFound: '{{count}} functions found',
+  noFunctionsFound: 'No functions found',
+  failedToLoadFunctions: 'Faled to load lambda functions',
+  availableForScan: '{{icon}} {{count}} available for scan',
+  runtimeCount: '----- {{runtime}} ({{count}}) -----',
+  // ====== print vulnerabilities ===== //
+  whatHappenedTitle: 'What happened:',
+  whatHappenedItem: '{{policy}} have:\n{{comments}}\n',
+  recommendation: 'Recommendation:',
+  vulnerableDependency: 'Vulnerable dependency',
+  dependenciesCount: {
+    one: '1 Dependency',
+    other: '%s Dependencies'
+  },
+  foundVulnerabilities: {
+    one: 'Found 1 vulnerability',
+    other: 'Found %s vulnerabilities'
+  },
+  vulnerableDependencyDescriptions:
+    '{packageName} (v{version}) has {NUM} known {NUM, plural,one{CVE}other{CVEs}}\n {cves}',
   // ====== errorCodes ===== //
   something_went_wrong: 'Something went wrong',
@@ -22,7 +63,7 @@ const lambda = {
   inactive_account:
     'Scanning a function of an inactive account is not supported',
   not_supported_runtime:
-    'Scanning resource of runtime "%s" is not supported.\nSupported runtimes: %s',
+    'Scanning resource of runtime "{{runtime}}" is not supported.\nSupported runtimes: {{supportedRuntimes}}',
   not_supported_onboard_account:
     'Scanning a function of onboard account is not supported',
   scan_lock:

package/src/constants/locales.js CHANGED Viewed

@@ -159,12 +159,10 @@ const en_locales = () => {
       'Specify the sub project within your gradle application.',
     constantsScan: 'Upload java binaries to the static scan service',
     constantsWaitForScan: 'Waits for the result of the scan',
-    constantsProjectName: 'The name of the scan project in Contrast',
-    constantsFileName: 'The name of the file to Scan',
+    constantsProjectName:
+      'Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.',
     constantsProjectId:
       'The ID associated with a scan project. Replace <ProjectID> with the ID for the scan project. To find the ID, select a scan project in Contrast and locate the last number in the URL.',
-    constantsScanTimeout:
-      'Set a specific time span before the function times out. Default timeout is 300 seconds if scan_timeout is not set. The format of the value of the parameter is "20" seconds or "80" seconds.',
     constantsReport: 'Display vulnerability information for this application',
     constantsFail:
       'Set the process to fail if this option is set in combination with the --report and --cve_severity.',
@@ -182,18 +180,19 @@ const en_locales = () => {
     constantsPrerequisitesHeader: 'Pre-requisites',
     constantsPrerequisitesContent:
       'To scan a Java project you will need a .jar or .war file for analysis\n' +
-      'To scan a Javascript project you will need a .js or.zip file for analysis\n',
+      'To scan a Javascript project you will need a .js or.zip file for analysis\n' +
+      'To scan a .NET c# webforms project you will need a .exe or a .zip file for analysis\n',
     constantsUsage: 'Usage',
     constantsUsageCommandExample: 'contrast [command] [options]',
     constantsUsageCommandInfo:
-      'The file argument is optional. If no file is given, Contrast will search for a .jar, .war, .js or .zip file in the working directory.\n',
+      'The file argument is optional. If no file is given, Contrast will search for a .jar, .war, .js, .exe or .zip file in the working directory.\n',
     constantsUsageCommandInfo24Hours:
       'Submitted files are encrypted during upload and deleted in 24 hours.',
     constantsAnd: 'AND',
     constantsJava:
       'AND Maven build platform, including the dependency plugin. For a Gradle project, use build.gradle. A gradle-wrapper.properties file is also required. Kotlin is also supported requiring a build.gradle.kts file.',
     constantsJavaNote:
-      '*Please Note: Running "mvn dependency:tree" or "./gradlew dependencies" in the project directory locally must be successful.',
+      'Note: Running "mvn dependency:tree" or "./gradlew dependencies" in the project directory locally must be successful.',
     constantsJavaNoteGradle:
       'We currently support v4.8 and upwards on Gradle projects',
     constantsDotNet:
@@ -268,6 +267,7 @@ const en_locales = () => {
       'Add the application code this application should use in the Contrast UI',
     constantsIgnoreCertErrors:
       ' For EOP users with a local Teamserver install, this will bypass the SSL certificate and recognise a self signed certificate.',
+    constantsSave: ' Saves the Scan Results JSON to file.',
     constantsIgnoreDev:
       'Combined with the --report command excludes developer dependencies from the vulnerabilities report. By default all dependencies are included in a report.',
     constantsCommands: 'Commands',
@@ -288,6 +288,8 @@ const en_locales = () => {
     specifyFileScanError:
       'Java Scan requires a .war or .jar file. Javascript Scan requires a .js or .zip file.\nTo start a Scan enter "contrast scan -f <path-to-file>"',
     populateProjectIdMessage: 'project ID is %s',
+    permissionsError:
+      'You do not have the correct permissions here. \n Contact support@contrastsecurity.com to get this fixed.',
     scanErrorFileMessage:
       'We only accept the following file types: \nJava - .jar, .war \nJavaScript - .js or .zip files',
     helpAuthSummary:
@@ -304,31 +306,23 @@ const en_locales = () => {
     versionName: 'version',
     configName: 'config',
     helpName: 'help',
-    scanOptionsFileName: '-f, --file',
-    scanOptionsLanguage: '-l, --language',
-    scanOptionsName: '-n, --name',
-    scanOptionsTimeout: '-t, --time-out',
-    scanOptionsVerbose: '-v, --verbose',
-    scanOptionsFileNameSummary:
-      'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .js. or .zip file in the working directory.',
     scanOptionsLanguageSummaryOptional:
       'Language of file to send for analysis. ',
     scanOptionsLanguageSummaryRequired:
       'If you scan a .zip file or you use the --file option.',
-    scanOptionsNameSummary:
-      'Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.',
     scanOptionsTimeoutSummary:
       'Time in seconds to wait for scan to complete. Default value is 300 seconds.',
-    scanOptionsVerboseSummary: 'Returns extended information to the terminal.',
+    scanOptionsFileNameSummary:
+      'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .js, .exe or .zip file in the working directory.',
+    scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
     authSuccessMessage: 'Authentication successful',
-    runScanMessage: 'Now run Contrast Scan',
+    runAuthSuccessMessage: 'Now you can use Contrast CLI',
     authWaitingMessage: 'Waiting for auth...',
     authTimedOutMessage: 'Auth Timed out, try again',
     zipErrorScan:
       'We only support zip files for JAVASCRIPT language, please set the flag --language JAVASCRIPT',
     unknownFileErrorScan: 'Unsupported file selected for Scan.',
     foundScanFile: 'found: %s',
-    foundVulnerabilities: 'Found %s vulnerabilities',
     foundDetailedVulnerabilities:
       '%s Critical %s High %s Medium %s Low %s Note',
     requiredParams: 'All required parameters are not present.',
@@ -342,6 +336,7 @@ const en_locales = () => {
     lambdaPrerequisitesContent: 'contrast cli',
     scanFileNameOption: ' -f, --file',
     lambdaFunctionNameOption: ' -f, --function-name',
+    lambdaListFunctionsOption: ' -l, --list-functions',
     lambdaEndpointOption: '-e, --endpoint-url',
     lambdaRegionOption: '-r, --region',
     lambdaProfileOption: '-p, --profile',
@@ -349,6 +344,7 @@ const en_locales = () => {
     lambdaVerboseOption: '-v, --verbose',
     lambdaHelpOption: '-h, --help',
     lambdaFunctionNameSummery: 'Name of AWS lambda function to scan.',
+    lambdaListFunctionsSummery: 'List all available lambda functions to scan.',
     lambdaEndpointSummery: 'AWS Endpoint override, works like in AWS CLI.',
     lambdaRegionSummery:
       'Region override, default to AWS_DEAFAULT_REGION env var, works like in AWS CLI.',
@@ -371,7 +367,39 @@ const en_locales = () => {
       'An error has occurred when trying to get the Project Id please check your internet connection or provide the Project Id manually',
     internalServerErrorHeader: '500 error - Internal server error',
     resourceLockedErrorHeader: '423 error - Resource is locked',
+    auditHeader: 'Contrast Audit',
+    auditHeaderMessage: `
+    Performs software composition analysis (SCA) on your application/code time to show you the dependencies between open source libraries, including where vulnerabilities were introduced.\n
+    Our recommendation is that this is invoked as part of a CI pipeline so that running the cli is automated as part of your build process.`,
+    constantsAuditPrerequisitesContentSupportedLanguages:
+      'Supported languages and their requirements are:',
+    constantsAuditPrerequisitesContentJava: 'Java: ',
+    constantsAuditPrerequisitesContentMessage: `
+       pom.xml AND Maven build platform, including the dependency plugin.
+       For a Gradle project (v4.8+) use build.gradle. A gradle-wrapper.properties file is also required.
+       Kotlin is also supported requiring a build.gradle.kts file.`,
+    constantsAuditPrerequisitesContentDotNet: '.NET framework and .NET core: ',
+    constantsAuditPrerequisitesContentDotNetMessage: `
+       MSBuild 15.0 or greater and have a packages.lock.json file are supported.\n
+       Note: If the packages.lock.json file is unavailable it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj file and running dotnet build.\n`,
+    constantsAuditPrerequisitesContentLanguageNode: 'Node: ',
+    constantsAuditPrerequisitesContentLanguageRuby: 'Ruby: ',
+    constantsAuditPrerequisitesContentLanguagePython: 'Python: ',
+    constantsAuditPrerequisitesContentLanguageNodeMessage:
+      '*.package.json AND a lock file either *.package-lock.json or *.yarn.lock',
+    constantsAuditPrerequisitesContentLanguageRubyMessage:
+      'gemfile AND gemfile.lock',
+    constantsAuditPrerequisitesContentLanguagePythonMessage:
+      'pipfile AND pipfile.lock',
+    constantsAuditOptions: 'Audit Options',
+    auditOptionsIgnoreDevDependencies: '-igd, --ignore-dev',
+    auditOptionsIgnoreDevDependenciesDescription: 'ignores DevDependencies',
+    auditOptionsSave: '-s, --save',
+    auditOptionsSaveDescription:
+      'saves the output in specified format Txt text, sbom',
+    scanNoVulnerabilitiesFound: '👏 No vulnerabilities found',
+    scanNoFiletypeSpecifiedForSave:
+      'Please specify file type to save results to',
     ...lambda
   }
 }