npm - @contrast/contrast - Versions diffs - 1.0.0 → 1.0.1 - Mend

@contrast/contrast 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (201) hide show

package/.prettierignore +2 -0
package/README.md +120 -47
package/dist/audit/AnalysisEngine.js +37 -0
package/dist/audit/catalogueApplication/catalogueApplication.js +36 -0
package/dist/audit/dotnetAnalysisEngine/index.js +25 -0
package/dist/audit/dotnetAnalysisEngine/parseLockFileContents.js +35 -0
package/dist/audit/dotnetAnalysisEngine/parseProjectFileContents.js +15 -0
package/dist/audit/dotnetAnalysisEngine/readLockFileContents.js +18 -0
package/dist/audit/dotnetAnalysisEngine/readProjectFileContents.js +14 -0
package/dist/audit/dotnetAnalysisEngine/sanitizer.js +9 -0
package/dist/audit/goAnalysisEngine/index.js +17 -0
package/dist/audit/goAnalysisEngine/parseProjectFileContents.js +164 -0
package/dist/audit/goAnalysisEngine/readProjectFileContents.js +21 -0
package/dist/audit/goAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/javaAnalysisEngine/index.js +34 -0
package/dist/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +153 -0
package/dist/audit/javaAnalysisEngine/parseProjectFileContents.js +353 -0
package/dist/audit/javaAnalysisEngine/readProjectFileContents.js +98 -0
package/dist/audit/javaAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +24 -0
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +24 -0
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +35 -0
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +23 -0
package/dist/audit/languageAnalysisEngine/commonApi.js +18 -0
package/dist/audit/languageAnalysisEngine/constants.js +20 -0
package/dist/audit/languageAnalysisEngine/filterProjectPath.js +20 -0
package/dist/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +25 -0
package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js +39 -0
package/dist/audit/languageAnalysisEngine/index.js +39 -0
package/dist/audit/languageAnalysisEngine/langugageAnalysisFactory.js +70 -0
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +121 -0
package/dist/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +17 -0
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +257 -0
package/dist/audit/languageAnalysisEngine/report/newReportingFeature.js +81 -0
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +133 -0
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +41 -0
package/dist/audit/languageAnalysisEngine/util/capabilities.js +11 -0
package/dist/audit/languageAnalysisEngine/util/generalAPI.js +39 -0
package/dist/audit/languageAnalysisEngine/util/requestUtils.js +14 -0
package/dist/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +40 -0
package/dist/audit/nodeAnalysisEngine/index.js +31 -0
package/dist/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +18 -0
package/dist/audit/nodeAnalysisEngine/parseYarn2LockFileContents.js +51 -0
package/dist/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +18 -0
package/dist/audit/nodeAnalysisEngine/readNPMLockFileContents.js +17 -0
package/dist/audit/nodeAnalysisEngine/readProjectFileContents.js +14 -0
package/dist/audit/nodeAnalysisEngine/readYarnLockFileContents.js +24 -0
package/dist/audit/nodeAnalysisEngine/sanitizer.js +9 -0
package/dist/audit/phpAnalysisEngine/index.js +23 -0
package/dist/audit/phpAnalysisEngine/parseLockFileContents.js +52 -0
package/dist/audit/phpAnalysisEngine/readLockFileContents.js +13 -0
package/dist/audit/phpAnalysisEngine/readProjectFileContents.js +16 -0
package/dist/audit/phpAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/pythonAnalysisEngine/index.js +25 -0
package/dist/audit/pythonAnalysisEngine/parsePipfileLockContents.js +17 -0
package/dist/audit/pythonAnalysisEngine/parseProjectFileContents.js +21 -0
package/dist/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +13 -0
package/dist/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +14 -0
package/dist/audit/pythonAnalysisEngine/sanitizer.js +7 -0
package/dist/audit/rubyAnalysisEngine/index.js +25 -0
package/dist/audit/rubyAnalysisEngine/parseGemfileLockContents.js +176 -0
package/dist/audit/rubyAnalysisEngine/parsedGemfile.js +22 -0
package/dist/audit/rubyAnalysisEngine/readGemfileContents.js +14 -0
package/dist/audit/rubyAnalysisEngine/readGemfileLockContents.js +14 -0
package/dist/audit/rubyAnalysisEngine/sanitizer.js +6 -0
package/dist/commands/audit/auditConfig.js +25 -0
package/dist/commands/audit/auditController.js +31 -0
package/dist/commands/audit/help.js +52 -0
package/dist/commands/audit/processAudit.js +18 -0
package/dist/commands/auth/auth.js +1 -1
package/dist/commands/scan/processScan.js +19 -5
package/dist/common/HTTPClient.js +101 -13
package/dist/common/errorHandling.js +49 -1
package/dist/common/findLatestCLIVersion.js +23 -0
package/dist/constants/constants.js +1 -1
package/dist/constants/lambda.js +32 -4
package/dist/constants/locales.js +39 -16
package/dist/constants.js +148 -20
package/dist/index.js +7 -1
package/dist/lambda/aws.js +14 -11
package/dist/lambda/help.js +4 -0
package/dist/lambda/lambda.js +50 -27
package/dist/lambda/lambdaUtils.js +72 -0
package/dist/lambda/logUtils.js +11 -1
package/dist/lambda/scanDetailCompletion.js +4 -4
package/dist/lambda/scanRequest.js +11 -5
package/dist/lambda/utils.js +110 -53
package/dist/scan/autoDetection.js +0 -32
package/dist/scan/fileUtils.js +1 -1
package/dist/scan/help.js +12 -40
package/dist/scan/populateProjectIdAndProjectName.js +4 -0
package/dist/scan/saveResults.js +15 -0
package/dist/scan/scan.js +77 -42
package/dist/scan/scanConfig.js +20 -0
package/dist/scan/scanController.js +13 -15
package/dist/scan/scanResults.js +18 -16
package/dist/utils/commonApi.js +3 -3
package/dist/utils/fileUtils.js +31 -0
package/dist/utils/paramsUtil/commandlineParams.js +1 -20
package/dist/utils/paramsUtil/genericCommandLineParams.js +12 -0
package/dist/utils/paramsUtil/paramHandler.js +3 -6
package/dist/utils/parsedCLIOptions.js +14 -8
package/package.json +26 -21
package/src/audit/AnalysisEngine.js +103 -0
package/src/audit/catalogueApplication/catalogueApplication.js +42 -0
package/src/audit/dotnetAnalysisEngine/index.js +26 -0
package/src/audit/dotnetAnalysisEngine/parseLockFileContents.js +47 -0
package/src/audit/dotnetAnalysisEngine/parseProjectFileContents.js +29 -0
package/src/audit/dotnetAnalysisEngine/readLockFileContents.js +30 -0
package/src/audit/dotnetAnalysisEngine/readProjectFileContents.js +26 -0
package/src/audit/dotnetAnalysisEngine/sanitizer.js +11 -0
package/src/audit/goAnalysisEngine/index.js +18 -0
package/src/audit/goAnalysisEngine/parseProjectFileContents.js +209 -0
package/src/audit/goAnalysisEngine/readProjectFileContents.js +31 -0
package/src/audit/goAnalysisEngine/sanitizer.js +7 -0
package/src/audit/javaAnalysisEngine/index.js +41 -0
package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +222 -0
package/src/audit/javaAnalysisEngine/parseProjectFileContents.js +420 -0
package/src/audit/javaAnalysisEngine/readProjectFileContents.js +141 -0
package/src/audit/javaAnalysisEngine/sanitizer.js +6 -0
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +35 -0
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +41 -0
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +54 -0
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +32 -0
package/src/audit/languageAnalysisEngine/commonApi.js +20 -0
package/src/audit/languageAnalysisEngine/constants.js +23 -0
package/src/audit/languageAnalysisEngine/filterProjectPath.js +21 -0
package/src/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +41 -0
package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js +72 -0
package/src/audit/languageAnalysisEngine/index.js +45 -0
package/src/audit/languageAnalysisEngine/langugageAnalysisFactory.js +94 -0
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +177 -0
package/src/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +27 -0
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.js +303 -0
package/src/audit/languageAnalysisEngine/report/newReportingFeature.js +124 -0
package/src/audit/languageAnalysisEngine/report/reportingFeature.js +190 -0
package/src/audit/languageAnalysisEngine/sendSnapshot.js +51 -0
package/src/audit/languageAnalysisEngine/util/capabilities.js +12 -0
package/src/audit/languageAnalysisEngine/util/generalAPI.js +43 -0
package/src/audit/languageAnalysisEngine/util/requestUtils.js +17 -0
package/src/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +49 -0
package/src/audit/nodeAnalysisEngine/index.js +35 -0
package/src/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +20 -0
package/src/audit/nodeAnalysisEngine/parseYarn2LockFileContents.js +63 -0
package/src/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +26 -0
package/src/audit/nodeAnalysisEngine/readNPMLockFileContents.js +23 -0
package/src/audit/nodeAnalysisEngine/readProjectFileContents.js +27 -0
package/src/audit/nodeAnalysisEngine/readYarnLockFileContents.js +36 -0
package/src/audit/nodeAnalysisEngine/sanitizer.js +11 -0
package/src/audit/phpAnalysisEngine/index.js +27 -0
package/src/audit/phpAnalysisEngine/parseLockFileContents.js +60 -0
package/src/audit/phpAnalysisEngine/readLockFileContents.js +14 -0
package/src/audit/phpAnalysisEngine/readProjectFileContents.js +25 -0
package/src/audit/phpAnalysisEngine/sanitizer.js +4 -0
package/src/audit/pythonAnalysisEngine/index.js +55 -0
package/src/audit/pythonAnalysisEngine/parsePipfileLockContents.js +23 -0
package/src/audit/pythonAnalysisEngine/parseProjectFileContents.js +33 -0
package/src/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +16 -0
package/src/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +22 -0
package/src/audit/pythonAnalysisEngine/sanitizer.js +9 -0
package/src/audit/rubyAnalysisEngine/index.js +30 -0
package/src/audit/rubyAnalysisEngine/parseGemfileLockContents.js +215 -0
package/src/audit/rubyAnalysisEngine/parsedGemfile.js +39 -0
package/src/audit/rubyAnalysisEngine/readGemfileContents.js +18 -0
package/src/audit/rubyAnalysisEngine/readGemfileLockContents.js +17 -0
package/src/audit/rubyAnalysisEngine/sanitizer.js +8 -0
package/src/commands/audit/auditConfig.ts +30 -0
package/src/commands/audit/auditController.ts +31 -0
package/src/commands/audit/help.ts +48 -0
package/src/commands/audit/processAudit.ts +19 -0
package/src/commands/auth/auth.js +1 -1
package/src/commands/scan/processScan.js +20 -5
package/src/common/HTTPClient.js +136 -14
package/src/common/errorHandling.ts +56 -1
package/src/common/findLatestCLIVersion.ts +27 -0
package/src/constants/constants.js +1 -1
package/src/constants/lambda.js +45 -4
package/src/constants/locales.js +48 -20
package/src/constants.js +168 -22
package/src/index.ts +9 -2
package/src/lambda/aws.ts +13 -12
package/src/lambda/help.ts +4 -0
package/src/lambda/lambda.ts +53 -34
package/src/lambda/lambdaUtils.ts +111 -0
package/src/lambda/logUtils.ts +19 -1
package/src/lambda/scanDetailCompletion.ts +4 -4
package/src/lambda/scanRequest.ts +13 -11
package/src/lambda/utils.ts +149 -81
package/src/scan/autoDetection.js +0 -29
package/src/scan/fileUtils.js +1 -1
package/src/scan/help.js +12 -45
package/src/scan/populateProjectIdAndProjectName.js +4 -0
package/src/scan/saveResults.js +15 -0
package/src/scan/scan.js +95 -59
package/src/scan/scanConfig.js +29 -0
package/src/scan/scanController.js +13 -13
package/src/scan/scanResults.js +21 -19
package/src/utils/commonApi.js +2 -3
package/src/utils/paramsUtil/commandlineParams.js +1 -26
package/src/utils/paramsUtil/paramHandler.js +3 -7
package/src/utils/parsedCLIOptions.js +11 -9

package/src/scan/scanConfig.js ADDED Viewed

@@ -0,0 +1,29 @@
+const paramHandler = require('../utils/paramsUtil/paramHandler')
+const constants = require('../../src/constants.js')
+const parsedCLIOptions = require('../../src/utils/parsedCLIOptions')
+const path = require('path')
+const getScanConfig = argv => {
+  let scanParams = parsedCLIOptions.getCommandLineArgsCustom(
+    argv,
+    constants.commandLineDefinitions.scanOptionDefinitions
+  )
+  const paramsAuth = paramHandler.getAuth(scanParams)
+  // if no name, take the full file path and use it as the project name
+  if (!scanParams.name && scanParams.file) {
+    scanParams.name = getFileName(scanParams.file)
+  }
+  return { ...paramsAuth, ...scanParams }
+}
+const getFileName = file => {
+  // from '/Users/x/y/spring-async.war' to 'spring-async.war'
+  return file.split(path.sep).pop()
+}
+module.exports = {
+  getScanConfig,
+  getFileName
+}

package/src/scan/scanController.js CHANGED Viewed

@@ -8,7 +8,6 @@ const populateProjectIdAndProjectName = require('./populateProjectIdAndProjectNa
 const scan = require('./scan')
 const scanResults = require('./scanResults')
 const autoDetection = require('./autoDetection')
-const paramHandler = require('../utils/paramsUtil/paramHandler')
 const fileFunctions = require('./fileUtils')
 const getTimeout = config => {
@@ -22,21 +21,22 @@ const getTimeout = config => {
   }
 }
-const startScan = async () => {
-  let paramsAuth = paramHandler.getAuth()
-  let getScanSubCommands = paramHandler.getScanSubCommands()
-  const configToUse = { ...paramsAuth, ...getScanSubCommands }
-  if (configToUse.file === undefined || configToUse.file === null) {
-    await autoDetection.autoDetectFileAndLanguage(configToUse)
-  } else {
-    if (fileFunctions.fileExists(configToUse.file)) {
-      scan.zipValidator(configToUse)
-      autoDetection.assignLanguage([configToUse.file], configToUse)
-    } else {
+const fileAndLanguageLogic = async configToUse => {
+  if (configToUse.file) {
+    if (!fileFunctions.fileExists(configToUse.file)) {
       console.log(i18n.__('fileNotExist'))
       process.exit(0)
     }
+    return configToUse
+  } else {
+    if (configToUse.file === undefined || configToUse.file === null) {
+      await autoDetection.autoDetectFileAndLanguage(configToUse)
+    }
   }
+}
+const startScan = async configToUse => {
+  await fileAndLanguageLogic(configToUse)
   if (!configToUse.projectId) {
     configToUse.projectId = await populateProjectIdAndProjectName.populateProjectId(
@@ -60,7 +60,7 @@ const startScan = async () => {
     )
     succeedSpinner(startScanSpinner, 'Contrast Scan complete')
     const projectOverview = await scanResults.returnScanProjectById(configToUse)
-    return { projectOverview, scanResultsInstances }
+    return { projectOverview, scanDetail, scanResultsInstances }
   }
 }

package/src/scan/scanResults.js CHANGED Viewed

@@ -1,7 +1,7 @@
 const commonApi = require('../utils/commonApi')
 const requestUtils = require('../../src/utils/requestUtils')
-const i18n = require('i18n')
 const oraFunctions = require('../utils/oraWrapper')
+const _ = require('lodash')
 const getScanId = async (config, codeArtifactId, client) => {
   return client
@@ -36,28 +36,30 @@ const returnScanResults = async (
   let scanId = await getScanId(config, codeArtifactId, client)
   let startTime = new Date()
   let complete = false
-  while (!complete) {
-    let result = await pollScanResults(config, scanId, client)
-    if (JSON.stringify(result.statusCode) == 200) {
-      if (result.body.status === 'COMPLETED') {
-        complete = true
-        return result.body
+  if (!_.isNil(scanId)) {
+    while (!complete) {
+      let result = await pollScanResults(config, scanId, client)
+      if (JSON.stringify(result.statusCode) == 200) {
+        if (result.body.status === 'COMPLETED') {
+          complete = true
+          return result.body
+        }
+        if (result.body.status === 'FAILED') {
+          complete = true
+          oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan Failed.')
+          process.exit(1)
+        }
       }
-      if (result.body.status === 'FAILED') {
-        complete = true
-        oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan Failed.')
+      let endTime = new Date() - startTime
+      if (requestUtils.millisToSeconds(endTime) > timeout) {
+        oraFunctions.failSpinner(
+          startScanSpinner,
+          'Contrast Scan timed out at the specified ' + timeout + ' seconds.'
+        )
+        console.log('Please try again, allowing more time.')
         process.exit(1)
       }
     }
-    let endTime = new Date() - startTime
-    if (requestUtils.millisToSeconds(endTime) > timeout) {
-      oraFunctions.failSpinner(
-        startScanSpinner,
-        'Contrast Scan timed out at the specified ' + timeout + ' seconds.'
-      )
-      console.log('Please try again, allowing more time.')
-      process.exit(1)
-    }
   }
 }

package/src/utils/commonApi.js CHANGED Viewed

@@ -4,11 +4,10 @@ const {
   unauthenticatedError,
   forbiddenError,
   proxyError,
-  hostWarningError,
   genericError
 } = require('../common/errorHandling')
-const handleResponseErrors = (res, api, hostPresent) => {
+const handleResponseErrors = (res, api) => {
   if (res.statusCode === 400) {
     api === 'catalogue' ? badRequestError(true) : badRequestError(false)
   } else if (res.statusCode === 401) {
@@ -18,7 +17,7 @@ const handleResponseErrors = (res, api, hostPresent) => {
   } else if (res.statusCode === 407) {
     proxyError()
   } else {
-    hostPresent === false ? hostWarningError() : genericError()
+    genericError()
   }
 }

package/src/utils/paramsUtil/commandlineParams.js CHANGED Viewed

@@ -1,9 +1,5 @@
-const cliOptions = require('../parsedCLIOptions')
-const parsedCLIOptions = cliOptions.getCommandLineArgs()
-const getAuth = () => {
+const getAuth = parsedCLIOptions => {
   let params = {}
   params.apiKey = parsedCLIOptions['apiKey']
   params.authorization = parsedCLIOptions['authorization']
   params.host = parsedCLIOptions['host']
@@ -11,27 +7,6 @@ const getAuth = () => {
   return params
 }
-const getScanParams = () => {
-  let scanParams = {}
-  scanParams.help = parsedCLIOptions['help']
-  scanParams.file = parsedCLIOptions['file']
-  scanParams.language = parsedCLIOptions['language']
-    ? parsedCLIOptions['language'].toUpperCase()
-    : parsedCLIOptions['language']
-  scanParams.ff = parsedCLIOptions['ff']
-  scanParams.timeout = parsedCLIOptions['timeout']
-  scanParams.name = parsedCLIOptions['name']
-  scanParams.verbose = parsedCLIOptions['verbose']
-  // if no name, take the full file path and use it as the project name
-  if (!scanParams.name) {
-    scanParams.name = scanParams.file
-  }
-  return scanParams
-}
 module.exports = {
-  getScanParams: getScanParams,
   getAuth: getAuth
 }

package/src/utils/paramsUtil/paramHandler.js CHANGED Viewed

@@ -4,8 +4,8 @@ const envVariableParams = require('./envVariableParams')
 const { validateAuthParams } = require('../validationCheck')
 const i18n = require('i18n')
-const getAuth = () => {
-  let commandLineAuthParamsAuth = commandlineAuth.getAuth()
+const getAuth = params => {
+  let commandLineAuthParamsAuth = commandlineAuth.getAuth(params)
   let envVariableParamsAuth = envVariableParams.getAuth()
   let configStoreParamsAuth = configStoreParams.getAuth()
@@ -21,8 +21,4 @@ const getAuth = () => {
   }
 }
-const getScanSubCommands = () => {
-  return commandlineAuth.getScanParams()
-}
-module.exports = { getAuth: getAuth, getScanSubCommands: getScanSubCommands }
+module.exports = { getAuth: getAuth }

package/src/utils/parsedCLIOptions.js CHANGED Viewed

@@ -1,17 +1,19 @@
-const constants = require('../constants')
 const commandLineArgs = require('command-line-args')
-const getCommandLineArgs = () => {
-  return commandLineArgs(
-    constants.commandLineDefinitions.scanOptionDefinitions,
-    {
-      partial: true,
+const getCommandLineArgsCustom = (parameterList, optionDefinitions) => {
+  try {
+    return commandLineArgs(optionDefinitions, {
+      argv: parameterList,
+      partial: false,
       camelCase: true,
       caseInsensitive: true
-    }
-  )
+    })
+  } catch (e) {
+    console.log(e.message.toString())
+    process.exit(1)
+  }
 }
 module.exports = {
-  getCommandLineArgs: getCommandLineArgs
+  getCommandLineArgsCustom
 }