@contrast/contrast 1.0.0 → 1.0.1

package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js

@@ -0,0 +1,23 @@
+"use strict";
+const i18n = require('i18n');
+module.exports = exports = (analysis, next) => {
+    const { languageAnalysis } = analysis;
+    try {
+        checkIdentifiedLanguageHasProjectFile(languageAnalysis.identifiedLanguages);
+    }
+    catch (err) {
+        next(err);
+        return;
+    }
+    next();
+};
+const checkIdentifiedLanguageHasProjectFile = identifiedLanguages => {
+    if (Object.keys(identifiedLanguages).length == 1) {
+        let { projectFilenames } = Object.values(identifiedLanguages)[0];
+        if (projectFilenames.length == 0) {
+            const [language] = Object.keys(identifiedLanguages);
+            throw new Error(i18n.__('languageAnalysisProjectFileError', language));
+        }
+    }
+};
+exports.checkIdentifiedLanguageHasProjectFile = checkIdentifiedLanguageHasProjectFile;

package/dist/audit/languageAnalysisEngine/commonApi.js

@@ -0,0 +1,18 @@
+"use strict";
+const { getHttpClient } = require('../../utils/commonApi');
+const returnAppId = async (config) => {
+    const client = getHttpClient(config);
+    let appId;
+    await client.getAppId(config).then(res => {
+        if (res.body) {
+            let obj = res.body['applications'];
+            if (obj) {
+                appId = obj.length === 0 ? '' : obj[0].app_id;
+            }
+        }
+    });
+    return appId;
+};
+module.exports = {
+    returnAppId: returnAppId
+};

package/dist/audit/languageAnalysisEngine/constants.js

@@ -0,0 +1,20 @@
+"use strict";
+const NODE = 'NODE';
+const JAVASCRIPT = 'JAVASCRIPT';
+const DOTNET = 'DOTNET';
+const JAVA = 'JAVA';
+const RUBY = 'RUBY';
+const PYTHON = 'PYTHON';
+const GO = 'GO';
+const PHP = 'PHP';
+const LOW = 'LOW';
+const MEDIUM = 'MEDIUM';
+const HIGH = 'HIGH';
+const CRITICAL = 'CRITICAL';
+module.exports = {
+    supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
+    LOW: LOW,
+    MEDIUM: MEDIUM,
+    HIGH: HIGH,
+    CRITICAL: CRITICAL
+};

package/dist/audit/languageAnalysisEngine/filterProjectPath.js

@@ -0,0 +1,20 @@
+"use strict";
+const path = require('path');
+function resolveFilePath(filepath) {
+    if (filepath[0] === '~') {
+        return path.join(process.env.HOME, filepath.slice(1));
+    }
+    return filepath;
+}
+const returnProjectPath = () => {
+    if (process.env.PWD !== (undefined || null || 'undefined')) {
+        return process.env.PWD;
+    }
+    else {
+        return process.argv[process.argv.indexOf('--project_path') + 1];
+    }
+};
+module.exports = {
+    returnProjectPath: returnProjectPath,
+    resolveFilePath: resolveFilePath
+};

package/dist/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js

@@ -0,0 +1,25 @@
+"use strict";
+const path = require('path');
+module.exports = exports = (analysis, next) => {
+    const { projectPath, languageAnalysis } = analysis;
+    languageAnalysis.identifiedLanguageInfo = getIdentifiedLanguageInfo(projectPath, languageAnalysis.identifiedLanguages);
+    next();
+};
+const getIdentifiedLanguageInfo = (projectPath, identifiedLanguages) => {
+    const [language] = Object.keys(identifiedLanguages);
+    const { projectFilenames: [projectFilename], lockFilenames: [lockFilename] } = Object.values(identifiedLanguages)[0];
+    let identifiedLanguageInfo = {
+        language,
+        projectFilename,
+        projectFilePath: path.join(projectPath, projectFilename)
+    };
+    if (lockFilename) {
+        identifiedLanguageInfo = {
+            ...identifiedLanguageInfo,
+            lockFilename,
+            lockFilePath: path.join(projectPath, lockFilename)
+        };
+    }
+    return identifiedLanguageInfo;
+};
+exports.getIdentifiedLanguageInfo = getIdentifiedLanguageInfo;

package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js

@@ -0,0 +1,39 @@
+"use strict";
+const fs = require('fs');
+const path = require('path');
+const i18n = require('i18n');
+module.exports = exports = (analysis, next) => {
+    const { projectPath, languageAnalysis } = analysis;
+    try {
+        languageAnalysis.projectRootFilenames = getProjectRootFilenames(projectPath);
+    }
+    catch (err) {
+        next(err);
+        return;
+    }
+    next();
+};
+const getProjectRootFilenames = projectPath => {
+    let projectStats = null;
+    try {
+        projectStats = fs.statSync(projectPath);
+    }
+    catch (err) {
+        throw new Error(i18n.__('languageAnalysisProjectRootFileNameFailure', projectPath) +
+            `${err.message}`);
+    }
+    if (projectStats.isDirectory()) {
+        try {
+            return fs.readdirSync(projectPath);
+        }
+        catch (err) {
+            throw new Error(i18n.__('languageAnalysisProjectRootFileNameReadError', projectPath) +
+                `${err.message}`);
+        }
+    }
+    if (projectStats.isFile()) {
+        return [path.basename(projectPath)];
+    }
+    throw new Error(i18n.__('languageAnalysisProjectRootFileNameMissingError'), projectPath);
+};
+exports.getProjectRootFilenames = getProjectRootFilenames;

package/dist/audit/languageAnalysisEngine/index.js

@@ -0,0 +1,39 @@
+"use strict";
+const AnalysisEngine = require('./../AnalysisEngine');
+const i18n = require('i18n');
+const getProjectRootFilenames = require('./getProjectRootFilenames');
+const reduceIdentifiedLanguages = require('./reduceIdentifiedLanguages');
+const checkForMultipleIdentifiedLanguages = require('./checkForMultipleIdentifiedLanguages');
+const checkForMultipleIdentifiedProjectFiles = require('./checkForMultipleIdentifiedProjectFiles');
+const checkIdentifiedLanguageHasProjectFile = require('./checkIdentifiedLanguageHasProjectFile');
+const checkIdentifiedLanguageHasLockFile = require('./checkIdentifiedLanguageHasLockFile');
+const getIdentifiedLanguageInfo = require('./getIdentifiedLanguageInfo');
+const { libraryAnalysisError } = require('../../common/errorHandling');
+module.exports = exports = (projectPath, callback, appId, config) => {
+    const ae = new AnalysisEngine({
+        projectPath,
+        appId,
+        languageAnalysis: { appId: appId },
+        config
+    });
+    ae.use([
+        getProjectRootFilenames,
+        reduceIdentifiedLanguages,
+        checkForMultipleIdentifiedLanguages,
+        checkForMultipleIdentifiedProjectFiles,
+        checkIdentifiedLanguageHasProjectFile,
+        checkIdentifiedLanguageHasLockFile,
+        getIdentifiedLanguageInfo
+    ]);
+    ae.analyze((err, analysis) => {
+        if (err) {
+            console.log('*******************' +
+                i18n.__('languageAnalysisFailureMessage') +
+                '****************');
+            console.error(`${err.message}`);
+            libraryAnalysisError();
+            process.exit(1);
+        }
+        callback(null, analysis);
+    });
+};

package/dist/audit/languageAnalysisEngine/langugageAnalysisFactory.js

@@ -0,0 +1,70 @@
+"use strict";
+const { supportedLanguages: { DOTNET, NODE, JAVA, RUBY, PYTHON, GO, PHP } } = require('../languageAnalysisEngine/constants');
+const i18n = require('i18n');
+const dotnetAE = require('../dotnetAnalysisEngine');
+const nodeAE = require('../nodeAnalysisEngine');
+const javaAE = require('../javaAnalysisEngine');
+const rubyAE = require('../rubyAnalysisEngine');
+const pythonAE = require('../pythonAnalysisEngine');
+const phpAE = require('../phpAnalysisEngine');
+const goAE = require('../goAnalysisEngine');
+const { vulnerabilityReport } = require('./report/reportingFeature');
+const { vulnReportWithoutDevDep } = require('./report/newReportingFeature');
+const { checkDevDeps } = require('./report/checkIgnoreDevDep');
+const { newSendSnapShot } = require('../languageAnalysisEngine/sendSnapshot');
+module.exports = exports = (err, analysis) => {
+    const { identifiedLanguageInfo } = analysis.languageAnalysis;
+    const catalogueAppId = analysis.languageAnalysis.appId;
+    if (err) {
+        console.error(err);
+        return;
+    }
+    const langCallback = async (err, analysis) => {
+        const config = analysis.config;
+        if (err) {
+            console.log();
+            console.log('***********' +
+                i18n.__('languageAnalysisFactoryFailureHeader') +
+                '****************');
+            console.log(identifiedLanguageInfo.language);
+            console.log();
+            console.error(`${identifiedLanguageInfo.language}` +
+                i18n.__('languageAnalysisFailure') +
+                err);
+            return process.exit(5);
+        }
+        console.log('\n **************CONTRAST OSS ANALYSIS BEGINS**************');
+        const snapshotResponse = await newSendSnapShot(analysis, catalogueAppId);
+        if (config.report) {
+            const ignoreDevUrl = await checkDevDeps(config);
+            if (ignoreDevUrl) {
+                await vulnReportWithoutDevDep(analysis, catalogueAppId, snapshotResponse.id, config);
+            }
+            else {
+                await vulnerabilityReport(analysis, catalogueAppId, config);
+            }
+        }
+        console.log('\n ***************CONTRAST OSS ANALYSIS COMPLETE************** \n');
+    };
+    if (identifiedLanguageInfo.language === DOTNET) {
+        dotnetAE(identifiedLanguageInfo, analysis.config, langCallback);
+    }
+    if (identifiedLanguageInfo.language === NODE) {
+        nodeAE(identifiedLanguageInfo, analysis.config, langCallback);
+    }
+    if (identifiedLanguageInfo.language === JAVA) {
+        javaAE(identifiedLanguageInfo, analysis.config, langCallback);
+    }
+    if (identifiedLanguageInfo.language === RUBY) {
+        rubyAE(identifiedLanguageInfo, analysis.config, langCallback);
+    }
+    if (identifiedLanguageInfo.language === PYTHON) {
+        pythonAE(identifiedLanguageInfo, analysis.config, langCallback);
+    }
+    if (identifiedLanguageInfo.language === PHP) {
+        phpAE(identifiedLanguageInfo, analysis.config, langCallback);
+    }
+    if (identifiedLanguageInfo.language === GO) {
+        goAE(identifiedLanguageInfo, analysis.config, langCallback);
+    }
+};

package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js

@@ -0,0 +1,121 @@
+"use strict";
+const { supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT } } = require('./constants');
+const i18n = require('i18n');
+const DOT_NET_PROJECT_FILE_REGEX = /.+\.csproj$/;
+const DOT_NET_LOCK_FILENAME = 'packages.lock.json';
+const isDotNetProjectFilename = filename => filename.search(DOT_NET_PROJECT_FILE_REGEX) !== -1;
+const isDotNetLockFilename = filename => filename === DOT_NET_LOCK_FILENAME;
+function isJavaMavenProjectFilename(filename) {
+    return filename === 'pom.xml';
+}
+function isJavaGradleProjectFilename(filename) {
+    return filename === 'build.gradle' || filename === 'build.gradle.kts';
+}
+const isRubyProjectFilename = filename => filename === 'Gemfile';
+const isNodeProjectFilename = filename => filename === 'package.json';
+const isPythonProjectFilename = filename => filename === 'requirements.txt' || filename === 'Pipfile';
+const isPhpProjectFilename = filename => filename === 'composer.json';
+const isPhpLockFilename = filename => filename === 'composer.lock';
+function isNodeLockFilename(filename) {
+    return filename === 'package-lock.json' || filename === 'yarn.lock';
+}
+const isRubyLockFilename = filename => filename === 'Gemfile.lock';
+const isPipfileLockLockFilename = filename => filename === 'Pipfile.lock';
+const isGoProjectFilename = filename => filename === 'go.mod';
+const deduceLanguage = filename => {
+    const deducedLanguages = [];
+    if (isJavaMavenProjectFilename(filename)) {
+        deducedLanguages.push({ language: JAVA, projectFilename: filename });
+    }
+    if (isJavaGradleProjectFilename(filename)) {
+        deducedLanguages.push({ language: JAVA, projectFilename: filename });
+    }
+    if (isNodeProjectFilename(filename)) {
+        deducedLanguages.push({ language: NODE, projectFilename: filename });
+    }
+    if (isDotNetProjectFilename(filename)) {
+        deducedLanguages.push({ language: DOTNET, projectFilename: filename });
+    }
+    if (isRubyProjectFilename(filename)) {
+        deducedLanguages.push({ language: RUBY, projectFilename: filename });
+    }
+    if (isPythonProjectFilename(filename)) {
+        deducedLanguages.push({ language: PYTHON, projectFilename: filename });
+    }
+    if (isPhpProjectFilename(filename)) {
+        deducedLanguages.push({ language: PHP, projectFilename: filename });
+    }
+    if (isDotNetLockFilename(filename)) {
+        deducedLanguages.push({ language: DOTNET, lockFilename: filename });
+    }
+    if (isNodeLockFilename(filename)) {
+        deducedLanguages.push({ language: NODE, lockFilename: filename });
+    }
+    if (isRubyLockFilename(filename)) {
+        deducedLanguages.push({ language: RUBY, lockFilename: filename });
+    }
+    if (isPipfileLockLockFilename(filename)) {
+        deducedLanguages.push({ language: PYTHON, lockFilename: filename });
+    }
+    if (isPhpLockFilename(filename)) {
+        deducedLanguages.push({ language: PHP, lockFilename: filename });
+    }
+    if (isGoProjectFilename(filename)) {
+        deducedLanguages.push({ language: GO, projectFilename: filename });
+    }
+    return deducedLanguages;
+};
+const reduceIdentifiedLanguages = identifiedLanguages => identifiedLanguages.reduce((accumulator, identifiedLanguageInfo) => {
+    const { language, projectFilename, lockFilename } = identifiedLanguageInfo;
+    if (!(language in accumulator)) {
+        accumulator[language] = { projectFilenames: [], lockFilenames: [] };
+    }
+    if (projectFilename) {
+        accumulator[language].projectFilenames.push(projectFilename);
+    }
+    else {
+        accumulator[language].lockFilenames.push(lockFilename);
+    }
+    return accumulator;
+}, {});
+module.exports = exports = (analysis, next) => {
+    const { projectPath, languageAnalysis, config } = analysis;
+    let identifiedLanguages = languageAnalysis.projectRootFilenames.reduce((accumulator, filename) => {
+        const deducedLanguages = deduceLanguage(filename);
+        return [...accumulator, ...deducedLanguages];
+    }, []);
+    if (Object.keys(identifiedLanguages).length === 0) {
+        next(new Error(i18n.__('languageAnalysisNoLanguage', projectPath)));
+        return;
+    }
+    let language = config.language;
+    if (language === undefined) {
+        languageAnalysis.identifiedLanguages = reduceIdentifiedLanguages(identifiedLanguages);
+    }
+    else {
+        let refinedIdentifiedLanguages = [];
+        for (let x in identifiedLanguages) {
+            if (identifiedLanguages[x].language === language.toUpperCase() ||
+                (identifiedLanguages[x].language === NODE &&
+                    language.toUpperCase() === JAVASCRIPT)) {
+                refinedIdentifiedLanguages.push(identifiedLanguages[x]);
+            }
+        }
+        if (refinedIdentifiedLanguages.length === 0) {
+            console.log(`Could not detect language as specified: ${config.language}`);
+            process.exit(1);
+        }
+        languageAnalysis.identifiedLanguages = reduceIdentifiedLanguages(refinedIdentifiedLanguages);
+    }
+    next();
+};
+exports.isJavaMavenProjectFilename = isJavaMavenProjectFilename;
+exports.isJavaGradleProjectFilename = isJavaGradleProjectFilename;
+exports.isNodeProjectFilename = isNodeProjectFilename;
+exports.isDotNetProjectFilename = isDotNetProjectFilename;
+exports.isDotNetLockFilename = isDotNetLockFilename;
+exports.isGoProjectFilename = isGoProjectFilename;
+exports.isPhpProjectFilename = isPhpProjectFilename;
+exports.isPhpLockFilename = isPhpLockFilename;
+exports.deduceLanguage = deduceLanguage;
+exports.reduceIdentifiedLanguages = reduceIdentifiedLanguages;

package/dist/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js

@@ -0,0 +1,17 @@
+"use strict";
+const { getGlobalProperties, getFeatures, isFeatureEnabled } = require('../util/generalAPI');
+const { CLI_IGNORE_DEV_DEPS } = require('../util/capabilities');
+const checkDevDeps = async (config) => {
+    const shouldIgnoreDev = config.ignoreDev;
+    const globalProperties = await getGlobalProperties();
+    const features = getFeatures(globalProperties.internal_version);
+    const isfeatureEnabled = isFeatureEnabled(features, CLI_IGNORE_DEV_DEPS);
+    let ignoreDevUrl = false;
+    if (shouldIgnoreDev) {
+        ignoreDevUrl = isfeatureEnabled;
+    }
+    return ignoreDevUrl;
+};
+module.exports = {
+    checkDevDeps
+};

package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js

@@ -0,0 +1,257 @@
+"use strict";
+const i18n = require('i18n');
+const { getHttpClient } = require('../../../utils/commonApi');
+function displaySuccessMessageReport() {
+    console.log('\n' + i18n.__('reportSuccessMessage'));
+}
+function getAllDependenciesArray(packageJson) {
+    const { dependencies, optionalDependencies, devDependencies, peerDependencies } = packageJson;
+    const allDep = {
+        ...dependencies,
+        ...devDependencies,
+        ...optionalDependencies,
+        ...peerDependencies
+    };
+    return Object.entries(allDep);
+}
+function checkIfDepIsScoped(arrDep) {
+    let count = 0;
+    arrDep.forEach(([key, value]) => {
+        if (!key.startsWith('@')) {
+            console.log(` WARNING not scoped: ${key}:${value}`);
+            count++;
+        }
+    });
+    return count;
+}
+const dependencyRiskReport = async (packageJson, config) => {
+    const arrDep = getAllDependenciesArray(packageJson);
+    const unRegisteredDeps = await checkIfDepIsRegisteredOnNPM(arrDep, config);
+    let scopedCount = checkIfDepIsScoped(unRegisteredDeps);
+    return {
+        scopedCount: scopedCount,
+        unRegisteredCount: unRegisteredDeps.length
+    };
+};
+const checkIfDepIsRegisteredOnNPM = async (arrDep, config) => {
+    let promises = [];
+    let unRegisteredDeps = [];
+    const client = getHttpClient(config);
+    for (const [index, element] of arrDep) {
+        const query = `query artifactByGAV($name: String!, $language: String!, $groupName: String, $version: String!, $nameCheck: Boolean) {
+    artifact: exactVersion(name: $name, language: $language, groupName: $groupName, version: $version, nameCheck: $nameCheck) {
+        version
+        cves {
+            baseScore
+        }}}`;
+        const data = {
+            query: query,
+            variables: {
+                name: index,
+                version: element,
+                language: 'node',
+                nameCheck: true
+            }
+        };
+        promises.push(client.checkLibrary(data));
+    }
+    await Promise.all(promises).then(response => {
+        response.forEach(res => {
+            const libName = JSON.parse(res.request.body);
+            if (res.statusCode === 200) {
+                if (res.body.data.artifact == null) {
+                    unRegisteredDeps.push([
+                        libName.variables.name,
+                        libName.variables.version
+                    ]);
+                }
+            }
+        });
+    });
+    if (unRegisteredDeps.length !== 0) {
+        console.log('\n Dependencies Risk Report', '\n\n Private libraries that are not scoped. We recommend these libraries are reviewed and the scope claimed to prevent dependency confusion breaches');
+    }
+    return unRegisteredDeps;
+};
+const createLibraryHeader = (id, numberOfVulnerableLibraries, numberOfCves, name) => {
+    name
+        ? console.log(` Application Name: ${name} | Application ID: ${id}`)
+        : console.log(` Application ID: ${id}`);
+    console.log(` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's`);
+};
+const breakPipeline = () => {
+    failOptionError();
+    process.exit(1);
+};
+const parameterOptions = hasSomeVulnerabilitiesReported => {
+    const inputtedCLIOptions = cliOptions.getCommandLineArgs();
+    let cveSeverityOption = inputtedCLIOptions['cve_severity'];
+    let fail = inputtedCLIOptions['fail'];
+    let cve_threshold = inputtedCLIOptions['cve_threshold'];
+    let expr;
+    if (cveSeverityOption && fail && cve_threshold) {
+        expr = 'SeverityAndThreshold';
+    }
+    else if (!cveSeverityOption && fail && cve_threshold) {
+        expr = 'ThresholdOnly';
+    }
+    else if (!cve_threshold && fail && hasSomeVulnerabilitiesReported[0]) {
+        expr = 'FailOnly';
+    }
+    return expr;
+};
+const analyseReportOptions = hasSomeVulnerabilitiesReported => {
+    const inputtedCLIOptions = cliOptions.getCommandLineArgs();
+    let cve_threshold = inputtedCLIOptions['cve_threshold'];
+    let cveSeverity;
+    let criticalSeverity;
+    let highSeverity;
+    let mediumSeverity;
+    let lowSeverity;
+    switch (parameterOptions(hasSomeVulnerabilitiesReported)) {
+        case 'SeverityAndThreshold':
+            cveSeverity = inputtedCLIOptions['cve_severity'].severity;
+            criticalSeverity = hasSomeVulnerabilitiesReported[2].critical;
+            highSeverity = hasSomeVulnerabilitiesReported[2].high;
+            mediumSeverity = hasSomeVulnerabilitiesReported[2].medium;
+            lowSeverity = hasSomeVulnerabilitiesReported[2].low;
+            if (cveSeverity === 'HIGH') {
+                if (cve_threshold < highSeverity + criticalSeverity) {
+                    breakPipeline();
+                }
+            }
+            if (cveSeverity === 'MEDIUM') {
+                if (cve_threshold < mediumSeverity + highSeverity) {
+                    breakPipeline();
+                }
+            }
+            if (cveSeverity === 'LOW') {
+                if (cve_threshold < lowSeverity + mediumSeverity + highSeverity) {
+                    breakPipeline();
+                }
+            }
+            break;
+        case 'ThresholdOnly':
+            if (cve_threshold < hasSomeVulnerabilitiesReported[1]) {
+                breakPipeline();
+            }
+            break;
+        case 'FailOnly':
+            breakPipeline();
+            break;
+    }
+};
+const getReport = async (applicationId) => {
+    const userParams = await util.getParams(applicationId);
+    const addParams = agent.getAdditionalParams();
+    const protocol = getValidHost(userParams.host);
+    const client = commonApi.getHttpClient(userParams, protocol, addParams);
+    return client
+        .getReport(userParams)
+        .then(res => {
+        if (res.statusCode === 200) {
+            displaySuccessMessageReport();
+            return res.body;
+        }
+        else {
+            handleResponseErrors(res, 'report');
+        }
+    })
+        .catch(err => {
+        console.log(err);
+    });
+};
+const printVulnerabilityResponse = (severity, filteredVulns, vulnerabilities) => {
+    let hasSomeVulnerabilitiesReported = false;
+    if (severity) {
+        returnCveData(filteredVulns);
+        if (Object.keys(filteredVulns).length > 0)
+            hasSomeVulnerabilitiesReported = true;
+    }
+    else {
+        returnCveData(vulnerabilities);
+        if (Object.keys(vulnerabilities).length > 0)
+            hasSomeVulnerabilitiesReported = true;
+    }
+    return hasSomeVulnerabilitiesReported;
+};
+const returnCveData = libraries => {
+    console.log('\n ************************************************************');
+    for (const [key, value] of Object.entries(libraries)) {
+        const parts = key.split('/');
+        const nameVersion = parts[1].split('@');
+        const group = parts[0];
+        const name = nameVersion[0];
+        const version = nameVersion[1];
+        const libName = group !== 'null'
+            ? `${group}/${name}/${version} is vulnerable`
+            : `${name}/${version} is vulnerable`;
+        console.log('\n\n ' + libName);
+        value.forEach(vuln => {
+            let sevCode = vuln.severityCode || vuln.severity_code;
+            console.log('\n ' + vuln.name + ' ' + sevCode + '\n ' + vuln.description);
+        });
+    }
+};
+function searchHighCVEs(vuln) {
+    let sevCode = vuln.severityCode || vuln.severity_code;
+    if (sevCode === 'HIGH') {
+        return vuln;
+    }
+}
+function searchMediumCVEs(vuln) {
+    let sevCode = vuln.severityCode || vuln.severity_code;
+    if (sevCode === 'HIGH' || sevCode === 'MEDIUM') {
+        return vuln;
+    }
+}
+function searchLowCVEs(vuln) {
+    let sevCode = vuln.severityCode || vuln.severity_code;
+    if (sevCode === 'HIGH' || sevCode === 'MEDIUM' || sevCode === 'LOW') {
+        return vuln;
+    }
+}
+const filterVulnerabilitiesBySeverity = (severity, vulnerabilities) => {
+    let filteredVulns = [];
+    if (severity) {
+        for (let x in vulnerabilities) {
+            if (severity.severity === 'HIGH') {
+                let highVulnerability = vulnerabilities[x].filter(searchHighCVEs);
+                if (highVulnerability.length > 0) {
+                    filteredVulns[x] = highVulnerability;
+                }
+            }
+            else if (severity.severity === 'MEDIUM') {
+                let mediumVulnerability = vulnerabilities[x].filter(searchMediumCVEs);
+                if (mediumVulnerability.length > 0) {
+                    filteredVulns[x] = mediumVulnerability;
+                }
+            }
+            else if (severity.severity === 'LOW') {
+                let lowVulnerability = vulnerabilities[x].filter(searchLowCVEs);
+                if (lowVulnerability.length > 0) {
+                    filteredVulns[x] = lowVulnerability;
+                }
+            }
+        }
+    }
+    return filteredVulns;
+};
+module.exports = {
+    displaySuccessMessageReport: displaySuccessMessageReport,
+    getAllDependenciesArray: getAllDependenciesArray,
+    dependencyRiskReport: dependencyRiskReport,
+    createLibraryHeader: createLibraryHeader,
+    breakPipeline: breakPipeline,
+    parameterOptions: parameterOptions,
+    analyseReportOptions: analyseReportOptions,
+    getReport: getReport,
+    checkIfDepIsScoped: checkIfDepIsScoped,
+    checkIfDepIsRegisteredOnNPM: checkIfDepIsRegisteredOnNPM,
+    filterVulnerabilitiesBySeverity: filterVulnerabilitiesBySeverity,
+    searchLowCVEs: searchLowCVEs,
+    searchMediumCVEs: searchMediumCVEs,
+    searchHighCVEs: searchHighCVEs,
+    returnCveData: returnCveData,
+    printVulnerabilityResponse: printVulnerabilityResponse
+};