@contrast/contrast 1.0.0 → 1.0.1

package/dist/audit/pythonAnalysisEngine/index.js

@@ -0,0 +1,25 @@
+"use strict";
+const AnalysisEngine = require('./../AnalysisEngine');
+const readPythonProjectFileContents = require('./readPythonProjectFileContents');
+const readPipfileLockFileContents = require('./readPipfileLockFileContents');
+const parseProjectFileContents = require('./parseProjectFileContents');
+const parsePipfileLockContents = require('./parsePipfileLockContents');
+const sanitizer = require('./sanitizer');
+const i18n = require('i18n');
+module.exports = exports = (language, config, callback) => {
+    const ae = new AnalysisEngine({ language, config, python: {} });
+    ae.use([
+        readPythonProjectFileContents,
+        parseProjectFileContents,
+        readPipfileLockFileContents,
+        parsePipfileLockContents,
+        sanitizer
+    ]);
+    ae.analyze((err, analysis) => {
+        if (err) {
+            callback(new Error(i18n.__('pythonAnalysisEngineError') + `${err.message}`));
+            return;
+        }
+        callback(null, analysis);
+    });
+};

package/dist/audit/pythonAnalysisEngine/parsePipfileLockContents.js

@@ -0,0 +1,17 @@
+"use strict";
+const i18n = require('i18n');
+module.exports = exports = ({ language: { lockFilePath }, python }, next) => {
+    if (python.rawLockFileContents === undefined) {
+        return next();
+    }
+    try {
+        let parsedPipLock = JSON.parse(python.rawLockFileContents);
+        parsedPipLock['defaults'] = parsedPipLock['default'];
+        python.pipfileLock = parsedPipLock;
+    }
+    catch (err) {
+        next(new Error(i18n.__('pythonAnalysisEnginePipError', lockFilePath ? lockFilePath : 'undefined') + `${err.message}`));
+        return;
+    }
+    next();
+};

package/dist/audit/pythonAnalysisEngine/parseProjectFileContents.js

@@ -0,0 +1,21 @@
+"use strict";
+const multiReplace = require('string-multiple-replace');
+const i18n = require('i18n');
+module.exports = exports = ({ python }, next) => {
+    const { rawProjectFileContents } = python;
+    try {
+        const matcherObj = { '"': '' };
+        const sequencer = ['"'];
+        const parsedPipfile = multiReplace(rawProjectFileContents, matcherObj, sequencer);
+        const pythonArray = parsedPipfile.split('\n');
+        python.pipfilDependanceies = pythonArray.filter(element => {
+            return element != '' && !element.includes('#');
+        });
+        next();
+    }
+    catch (err) {
+        next(new Error(i18n.__('pythonAnalysisParseProjectFileError', rawProjectFileContents) +
+            `${err.message}`));
+        return;
+    }
+};

package/dist/audit/pythonAnalysisEngine/readPipfileLockFileContents.js

@@ -0,0 +1,13 @@
+"use strict";
+const fs = require('fs');
+const i18n = require('i18n');
+module.exports = exports = ({ language: { lockFilePath }, python }, next) => {
+    try {
+        python.rawLockFileContents = fs.readFileSync(lockFilePath);
+    }
+    catch (err) {
+        next(new Error(i18n.__('pythonAnalysisReadPipFileError', lockFilePath) +
+            `${err.message}`));
+    }
+    next();
+};

package/dist/audit/pythonAnalysisEngine/readPythonProjectFileContents.js

@@ -0,0 +1,14 @@
+"use strict";
+const fs = require('fs');
+const i18n = require('i18n');
+module.exports = exports = ({ language: { projectFilePath }, python }, next) => {
+    try {
+        python.rawProjectFileContents = fs.readFileSync(projectFilePath, 'utf8');
+        next();
+    }
+    catch (err) {
+        next(new Error(i18n.__('pythonAnalysisReadPythonProjectFileError', projectFilePath) +
+            `${err.message}`));
+        return;
+    }
+};

package/dist/audit/pythonAnalysisEngine/sanitizer.js

@@ -0,0 +1,7 @@
+"use strict";
+module.exports = exports = ({ python }, next) => {
+    delete python.rawProjectFileContents;
+    delete python.rawLockFileContents;
+    delete python.pipfileLock.default;
+    next();
+};

package/dist/audit/rubyAnalysisEngine/index.js

@@ -0,0 +1,25 @@
+"use strict";
+const AnalysisEngine = require('./../AnalysisEngine');
+const readGemfileContents = require('./readGemfileContents');
+const readGemfileLockContents = require('./readGemfileLockContents');
+const parsedGemfile = require('./parsedGemfile');
+const parseGemfileLockFileContents = require('./parseGemfileLockContents');
+const sanitizer = require('./sanitizer');
+const i18n = require('i18n');
+module.exports = exports = (language, config, callback) => {
+    const ae = new AnalysisEngine({ language, config, ruby: {} });
+    ae.use([
+        readGemfileContents,
+        parsedGemfile,
+        readGemfileLockContents,
+        parseGemfileLockFileContents,
+        sanitizer
+    ]);
+    ae.analyze((err, analysis) => {
+        if (err) {
+            callback(new Error(i18n.__('rubyAnalysisEngineError') + `${err.message}`));
+            return;
+        }
+        callback(null, analysis);
+    });
+};

package/dist/audit/rubyAnalysisEngine/parseGemfileLockContents.js

@@ -0,0 +1,176 @@
+"use strict";
+const whitespaceRegx = /^(\s*)/;
+let index = 0;
+const depReg = /^\s*([A-Za-z0-9.!@#$%\-^&*_+]*)\s*(\((.*?)\))/;
+const i18n = require('i18n');
+const GEMFILE_KEY_VALUE = /^\s*([^:(]*)\s*\:*\s*(.*)/;
+let rubyObj = {};
+rubyObj.dependencies = {};
+module.exports = exports = ({ ruby }, next) => {
+    const { rawLockFileContents } = ruby;
+    let lines = rawLockFileContents.split('\n');
+    try {
+        ruby.gemfileLock = {};
+        getDirectDepencies(lines, ruby.gemfileLock);
+        getRubyVersion(lines, ruby.gemfileLock);
+        getSourceArr(lines, ruby.gemfileLock);
+        next();
+    }
+    catch (err) {
+        next(new Error(i18n.__('rubyAnalysisEngineParsedGemLockFileError') + `${err.message}`));
+    }
+};
+const populateSourceType = (line, rubyObj) => {
+    return (rubyObj.sourceType = line);
+};
+const nonDependencyKeys = (line, rubyObj) => {
+    let parts = GEMFILE_KEY_VALUE.exec(line);
+    let key = parts[1].trim();
+    let value = parts[2] || '';
+    return (rubyObj[key] = value);
+};
+const populateResolveAndPlatform = (dependency, rubyObj) => {
+    const depArr = dependency.split('-');
+    rubyObj.resolved = depArr[0];
+    rubyObj.platform = depArr.length > 1 ? depArr[1] : 'UNSPECIFIED';
+    return rubyObj;
+};
+const isUpperCase = str => {
+    return str === str.toUpperCase();
+};
+const getDirectDepencies = (lines, ruby) => {
+    let depIndex = 0;
+    for (let i = 0; i < lines.length; i++) {
+        if (lines[i] == 'DEPENDENCIES') {
+            depIndex = i;
+        }
+    }
+    const getDepArray = lines.slice(depIndex);
+    ruby.dependencies = {};
+    for (let j = 1; j < getDepArray.length; j++) {
+        const element = getDepArray[j];
+        if (!isUpperCase(element)) {
+            const isDependencyWithVersion = depReg.test(element);
+            if (isDependencyWithVersion) {
+                const dependency = depReg.exec(element);
+                let name = dependency[1];
+                name = name.replace('!', '');
+                ruby.dependencies[name.trim()] = dependency[3];
+            }
+            else {
+                let name = element;
+                name = name.replace('!', ' ');
+                ruby.dependencies[name.trim()] = 'UNSPECIFIED';
+            }
+        }
+        else {
+            return;
+        }
+    }
+};
+const getRubyVersion = (lines, ruby) => {
+    let rubVersionIndex = 0;
+    for (let i = 0; i < lines.length; i++) {
+        if (lines[i] == 'RUBY VERSION') {
+            rubVersionIndex = i;
+            break;
+        }
+    }
+    if (rubVersionIndex !== 0) {
+        const getRubyVersionArray = lines.slice(rubVersionIndex);
+        ruby.runtimeDetails = {};
+        for (let j = 1; j < getRubyVersionArray.length; j++) {
+            let element = getRubyVersionArray[j];
+            if (!isUpperCase(element)) {
+                element = element.trim();
+                if (/^([ruby\s0-9.*]+)/.test(element)) {
+                    let splitElement = element.split(' ');
+                    ruby.runtimeDetails['version'] = splitElement[1];
+                }
+                if (/^([p0-9]+)/.test(element)) {
+                    ruby.runtimeDetails['patchLevel'] = element.substring(1);
+                }
+                if (element.includes('engine')) {
+                    let splitElement = element.split(' ');
+                    ruby.runtimeDetails[splitElement[0]] = splitElement[1];
+                }
+            }
+            else {
+                return;
+            }
+        }
+    }
+};
+const formatSourceArr = sourceArr => {
+    return sourceArr.map(element => {
+        if (element.sourceType === 'GIT') {
+            delete element.specs;
+        }
+        if (element.sourceType === 'GEM') {
+            delete element.branch;
+            delete element.revision;
+            delete element.depthLevel;
+            delete element.specs;
+        }
+        if (element.sourceType === 'PATH') {
+            delete element.branch;
+            delete element.revision;
+            delete element.depthLevel;
+            delete element.specs;
+            delete element.platform;
+        }
+        return element;
+    });
+};
+const getSourceArr = (lines, ruby) => {
+    let line = 0;
+    let source = [];
+    while ((line = lines[index++]) !== undefined) {
+        let currentWS = whitespaceRegx.exec(line)[1].length;
+        if (!line.includes(' bundler (')) {
+            if (currentWS === 0 && !line.includes(':') && line != '') {
+                populateSourceType(line, rubyObj);
+            }
+            if (currentWS !== 0 && line.includes(':')) {
+                nonDependencyKeys(line, rubyObj);
+            }
+            if (currentWS > 2) {
+                const isDependencyWithVersion = depReg.test(line);
+                let nexlineWS = whitespaceRegx.exec(lines[index])[1].length;
+                if (currentWS === 6) {
+                    const dependency = depReg.exec(line);
+                    if (isDependencyWithVersion) {
+                        if (rubyObj.name !== dependency[1]) {
+                            rubyObj.dependencies[dependency[1]] = dependency[3];
+                        }
+                    }
+                    else {
+                        rubyObj.dependencies[line.trim()] = 'UNSPECIFIED';
+                    }
+                }
+                if (currentWS === 4 && rubyObj.depthLevel === undefined) {
+                    const dependency = depReg.exec(line);
+                    rubyObj.name = dependency[1];
+                    rubyObj.depthLevel = currentWS;
+                    populateResolveAndPlatform(dependency[3], rubyObj);
+                }
+                if (currentWS === 4 && rubyObj.depthLevel) {
+                    const dependency = depReg.exec(line);
+                    rubyObj.name = dependency[1];
+                    rubyObj.depthLevel = currentWS;
+                    populateResolveAndPlatform(dependency[3], rubyObj);
+                }
+                if ((currentWS === 4 && nexlineWS === 4) ||
+                    (currentWS === 6 && nexlineWS === 4) ||
+                    nexlineWS == '') {
+                    let newObj = {};
+                    newObj = JSON.parse(JSON.stringify(rubyObj));
+                    source.push(newObj);
+                    rubyObj.dependencies = {};
+                }
+            }
+        }
+    }
+    ruby.sources = formatSourceArr(source);
+};
+exports.getSourceArr = getSourceArr;

package/dist/audit/rubyAnalysisEngine/parsedGemfile.js

@@ -0,0 +1,22 @@
+"use strict";
+const i18n = require('i18n');
+module.exports = exports = ({ ruby }, next) => {
+    const { rawProjectFileContents } = ruby;
+    try {
+        const rubyArray = rawProjectFileContents.split('\n');
+        let filteredRubyDep = rubyArray.filter(element => {
+            return (!element.includes('#') &&
+                element.includes('gem') &&
+                !element.includes('source'));
+        });
+        for (let i = 0; i < filteredRubyDep.length; i++) {
+            filteredRubyDep[i] = filteredRubyDep[i].trim();
+        }
+        ruby.gemfilesDependanceies = filteredRubyDep;
+        next();
+    }
+    catch (err) {
+        next(new Error(i18n.__('rubyAnalysisEngineParsedGemFileError', rawProjectFileContents) + `${err.message}`));
+        return;
+    }
+};

package/dist/audit/rubyAnalysisEngine/readGemfileContents.js

@@ -0,0 +1,14 @@
+"use strict";
+const fs = require('fs');
+const i18n = require('i18n');
+module.exports = exports = ({ language: { projectFilePath }, ruby }, next) => {
+    try {
+        ruby.rawProjectFileContents = fs.readFileSync(projectFilePath, 'utf8');
+        next();
+    }
+    catch (err) {
+        next(new Error(i18n.__('rubyAnalysisEngineReadGemFileError', projectFilePath) +
+            `${err.message}`));
+        return;
+    }
+};

package/dist/audit/rubyAnalysisEngine/readGemfileLockContents.js

@@ -0,0 +1,14 @@
+"use strict";
+const fs = require('fs');
+const i18n = require('i18n');
+module.exports = exports = ({ language: { lockFilePath }, ruby }, next) => {
+    try {
+        ruby.rawLockFileContents = fs.readFileSync(lockFilePath, 'utf8');
+        next();
+    }
+    catch (err) {
+        next(new Error(i18n.__('rubyAnalysisEngineReadGemLockFileError', lockFilePath) +
+            `${err.message}`));
+        return;
+    }
+};

package/dist/audit/rubyAnalysisEngine/sanitizer.js

@@ -0,0 +1,6 @@
+"use strict";
+module.exports = exports = ({ ruby }, next) => {
+    delete ruby.rawProjectFileContents;
+    delete ruby.rawLockFileContents;
+    next();
+};

package/dist/commands/audit/auditConfig.js

@@ -0,0 +1,25 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAuditConfig = void 0;
+const paramHandler_1 = __importDefault(require("../../utils/paramsUtil/paramHandler"));
+const constants_1 = __importDefault(require("../../constants"));
+const parsedCLIOptions_1 = __importDefault(require("../../utils/parsedCLIOptions"));
+const constants_2 = __importDefault(require("../../audit/languageAnalysisEngine/constants"));
+const { supportedLanguages: { NODE, JAVASCRIPT } } = constants_2.default;
+const getAuditConfig = (argv) => {
+    const auditParameters = parsedCLIOptions_1.default.getCommandLineArgsCustom(argv, constants_1.default.commandLineDefinitions.auditOptionDefinitions);
+    const paramsAuth = paramHandler_1.default.getAuth(auditParameters);
+    if (auditParameters.language === undefined ||
+        auditParameters.language === null) {
+        console.log('error, --language parameter is required');
+        process.exit(1);
+    }
+    else if (auditParameters.language.toUpperCase() === JAVASCRIPT) {
+        auditParameters.language = NODE.toLowerCase();
+    }
+    return { ...paramsAuth, ...auditParameters };
+};
+exports.getAuditConfig = getAuditConfig;

package/dist/commands/audit/auditController.js

@@ -0,0 +1,31 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startAudit = void 0;
+const catalogueApplication_1 = require("../../audit/catalogueApplication/catalogueApplication");
+const commonApi_1 = __importDefault(require("../../audit/languageAnalysisEngine/commonApi"));
+const identifyLanguageAE = require('./../../audit/languageAnalysisEngine');
+const languageFactory = require('./../../audit/languageAnalysisEngine/langugageAnalysisFactory');
+const dealWithNoAppId = async (config) => {
+    let appID;
+    try {
+        appID = await commonApi_1.default.returnAppId(config);
+        if (!appID && config.applicationName) {
+            return await (0, catalogueApplication_1.catalogueApplication)(config);
+        }
+    }
+    catch (e) {
+        console.log(e);
+    }
+    console.log(appID);
+    return appID;
+};
+const startAudit = async (config) => {
+    if (!config.applicationId) {
+        config.applicationId = await dealWithNoAppId(config);
+    }
+    identifyLanguageAE(config.projectPath, languageFactory, config.applicationId, config);
+};
+exports.startAudit = startAudit;

package/dist/commands/audit/help.js

@@ -0,0 +1,52 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.auditUsageGuide = void 0;
+const command_line_usage_1 = __importDefault(require("command-line-usage"));
+const i18n_1 = __importDefault(require("i18n"));
+const constants_1 = __importDefault(require("../../constants"));
+const auditUsageGuide = (0, command_line_usage_1.default)([
+    {
+        header: i18n_1.default.__('auditHeader'),
+        content: [i18n_1.default.__('auditHeaderMessage')]
+    },
+    {
+        header: i18n_1.default.__('constantsPrerequisitesHeader'),
+        content: [
+            '{bold ' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentSupportedLanguages') +
+                '}',
+            '{bold ' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentJava') +
+                '}' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentMessage'),
+            '',
+            '{italic ' + i18n_1.default.__('constantsJavaNote') + '}',
+            '{italic ' + i18n_1.default.__('constantsJavaNoteGradle') + '}',
+            '',
+            '{bold ' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentDotNet') +
+                '}' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentDotNetMessage'),
+            '{bold ' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageNode') +
+                '}' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageNodeMessage'),
+            '{bold ' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageRuby') +
+                '}' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageRubyMessage'),
+            '{bold ' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentLanguagePython') +
+                '}' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentLanguagePythonMessage')
+        ]
+    },
+    {
+        header: i18n_1.default.__('constantsAuditOptions'),
+        optionList: constants_1.default.commandLineDefinitions.auditOptionDefinitions
+    }
+]);
+exports.auditUsageGuide = auditUsageGuide;

package/dist/commands/audit/processAudit.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.processAudit = void 0;
+const auditController_1 = require("./auditController");
+const auditConfig_1 = require("./auditConfig");
+const help_1 = require("./help");
+const processAudit = async (argv) => {
+    if (argv.indexOf('--help') != -1) {
+        printHelpMessage();
+        process.exit(1);
+    }
+    const config = (0, auditConfig_1.getAuditConfig)(argv);
+    const auditResults = await (0, auditController_1.startAudit)(config);
+};
+exports.processAudit = processAudit;
+const printHelpMessage = () => {
+    console.log(help_1.auditUsageGuide);
+};

package/dist/commands/auth/auth.js

@@ -34,7 +34,7 @@ const isAuthComplete = async (token, timeout, config) => {
         let result = await pollAuthResult(token, client);
         if (result.statusCode === 200) {
             succeedSpinner(authSpinner, i18n.__('authSuccessMessage'));
-            console.log(i18n.__('runScanMessage'));
+            console.log(i18n.__('runAuthSuccessMessage'));
             return result.body;
         }
         let endTime = new Date() - startTime;

package/dist/commands/scan/processScan.js

@@ -1,18 +1,32 @@
 "use strict";
 const { startScan } = require('../../scan/scanController');
-const paramHandler = require('../../utils/paramsUtil/paramHandler');
 const { formatScanOutput } = require('../../scan/scan');
 const { scanUsageGuide } = require('../../scan/help');
-const processScan = async () => {
-    let getScanSubCommands = paramHandler.getScanSubCommands();
-    if (getScanSubCommands.help) {
+const scanConfig = require('../../scan/scanConfig');
+const saveResults = require('../../scan/saveResults');
+const commonApi = require('../../utils/commonApi');
+const i18n = require('i18n');
+const processScan = async (argvMain) => {
+    if (argvMain.indexOf('--help') !== -1) {
         printHelpMessage();
         process.exit(1);
     }
-    let scanResults = await startScan();
+    let config = scanConfig.getScanConfig(argvMain);
+    let scanResults = await startScan(config);
     if (scanResults) {
         formatScanOutput(scanResults?.projectOverview, scanResults?.scanResultsInstances);
     }
+    if (config.save) {
+        if (config.save.toLowerCase() === 'sarif') {
+            const scanId = scanResults.scanDetail.id;
+            const client = commonApi.getHttpClient(config);
+            const rawResults = await client.getSpecificScanResultSarif(config, scanId);
+            saveResults.writeResultsToFile(rawResults?.body);
+        }
+        else {
+            console.log(i18n.__('scanNoFiletypeSpecifiedForSave'));
+        }
+    }
 };
 const printHelpMessage = () => {
     console.log(scanUsageGuide);