npm - @contrast/contrast - Versions diffs - 1.0.0 → 1.0.1 - Mend

@contrast/contrast 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (201) hide show

package/.prettierignore +2 -0
package/README.md +120 -47
package/dist/audit/AnalysisEngine.js +37 -0
package/dist/audit/catalogueApplication/catalogueApplication.js +36 -0
package/dist/audit/dotnetAnalysisEngine/index.js +25 -0
package/dist/audit/dotnetAnalysisEngine/parseLockFileContents.js +35 -0
package/dist/audit/dotnetAnalysisEngine/parseProjectFileContents.js +15 -0
package/dist/audit/dotnetAnalysisEngine/readLockFileContents.js +18 -0
package/dist/audit/dotnetAnalysisEngine/readProjectFileContents.js +14 -0
package/dist/audit/dotnetAnalysisEngine/sanitizer.js +9 -0
package/dist/audit/goAnalysisEngine/index.js +17 -0
package/dist/audit/goAnalysisEngine/parseProjectFileContents.js +164 -0
package/dist/audit/goAnalysisEngine/readProjectFileContents.js +21 -0
package/dist/audit/goAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/javaAnalysisEngine/index.js +34 -0
package/dist/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +153 -0
package/dist/audit/javaAnalysisEngine/parseProjectFileContents.js +353 -0
package/dist/audit/javaAnalysisEngine/readProjectFileContents.js +98 -0
package/dist/audit/javaAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +24 -0
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +24 -0
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +35 -0
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +23 -0
package/dist/audit/languageAnalysisEngine/commonApi.js +18 -0
package/dist/audit/languageAnalysisEngine/constants.js +20 -0
package/dist/audit/languageAnalysisEngine/filterProjectPath.js +20 -0
package/dist/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +25 -0
package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js +39 -0
package/dist/audit/languageAnalysisEngine/index.js +39 -0
package/dist/audit/languageAnalysisEngine/langugageAnalysisFactory.js +70 -0
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +121 -0
package/dist/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +17 -0
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +257 -0
package/dist/audit/languageAnalysisEngine/report/newReportingFeature.js +81 -0
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +133 -0
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +41 -0
package/dist/audit/languageAnalysisEngine/util/capabilities.js +11 -0
package/dist/audit/languageAnalysisEngine/util/generalAPI.js +39 -0
package/dist/audit/languageAnalysisEngine/util/requestUtils.js +14 -0
package/dist/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +40 -0
package/dist/audit/nodeAnalysisEngine/index.js +31 -0
package/dist/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +18 -0
package/dist/audit/nodeAnalysisEngine/parseYarn2LockFileContents.js +51 -0
package/dist/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +18 -0
package/dist/audit/nodeAnalysisEngine/readNPMLockFileContents.js +17 -0
package/dist/audit/nodeAnalysisEngine/readProjectFileContents.js +14 -0
package/dist/audit/nodeAnalysisEngine/readYarnLockFileContents.js +24 -0
package/dist/audit/nodeAnalysisEngine/sanitizer.js +9 -0
package/dist/audit/phpAnalysisEngine/index.js +23 -0
package/dist/audit/phpAnalysisEngine/parseLockFileContents.js +52 -0
package/dist/audit/phpAnalysisEngine/readLockFileContents.js +13 -0
package/dist/audit/phpAnalysisEngine/readProjectFileContents.js +16 -0
package/dist/audit/phpAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/pythonAnalysisEngine/index.js +25 -0
package/dist/audit/pythonAnalysisEngine/parsePipfileLockContents.js +17 -0
package/dist/audit/pythonAnalysisEngine/parseProjectFileContents.js +21 -0
package/dist/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +13 -0
package/dist/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +14 -0
package/dist/audit/pythonAnalysisEngine/sanitizer.js +7 -0
package/dist/audit/rubyAnalysisEngine/index.js +25 -0
package/dist/audit/rubyAnalysisEngine/parseGemfileLockContents.js +176 -0
package/dist/audit/rubyAnalysisEngine/parsedGemfile.js +22 -0
package/dist/audit/rubyAnalysisEngine/readGemfileContents.js +14 -0
package/dist/audit/rubyAnalysisEngine/readGemfileLockContents.js +14 -0
package/dist/audit/rubyAnalysisEngine/sanitizer.js +6 -0
package/dist/commands/audit/auditConfig.js +25 -0
package/dist/commands/audit/auditController.js +31 -0
package/dist/commands/audit/help.js +52 -0
package/dist/commands/audit/processAudit.js +18 -0
package/dist/commands/auth/auth.js +1 -1
package/dist/commands/scan/processScan.js +19 -5
package/dist/common/HTTPClient.js +101 -13
package/dist/common/errorHandling.js +49 -1
package/dist/common/findLatestCLIVersion.js +23 -0
package/dist/constants/constants.js +1 -1
package/dist/constants/lambda.js +32 -4
package/dist/constants/locales.js +39 -16
package/dist/constants.js +148 -20
package/dist/index.js +7 -1
package/dist/lambda/aws.js +14 -11
package/dist/lambda/help.js +4 -0
package/dist/lambda/lambda.js +50 -27
package/dist/lambda/lambdaUtils.js +72 -0
package/dist/lambda/logUtils.js +11 -1
package/dist/lambda/scanDetailCompletion.js +4 -4
package/dist/lambda/scanRequest.js +11 -5
package/dist/lambda/utils.js +110 -53
package/dist/scan/autoDetection.js +0 -32
package/dist/scan/fileUtils.js +1 -1
package/dist/scan/help.js +12 -40
package/dist/scan/populateProjectIdAndProjectName.js +4 -0
package/dist/scan/saveResults.js +15 -0
package/dist/scan/scan.js +77 -42
package/dist/scan/scanConfig.js +20 -0
package/dist/scan/scanController.js +13 -15
package/dist/scan/scanResults.js +18 -16
package/dist/utils/commonApi.js +3 -3
package/dist/utils/fileUtils.js +31 -0
package/dist/utils/paramsUtil/commandlineParams.js +1 -20
package/dist/utils/paramsUtil/genericCommandLineParams.js +12 -0
package/dist/utils/paramsUtil/paramHandler.js +3 -6
package/dist/utils/parsedCLIOptions.js +14 -8
package/package.json +26 -21
package/src/audit/AnalysisEngine.js +103 -0
package/src/audit/catalogueApplication/catalogueApplication.js +42 -0
package/src/audit/dotnetAnalysisEngine/index.js +26 -0
package/src/audit/dotnetAnalysisEngine/parseLockFileContents.js +47 -0
package/src/audit/dotnetAnalysisEngine/parseProjectFileContents.js +29 -0
package/src/audit/dotnetAnalysisEngine/readLockFileContents.js +30 -0
package/src/audit/dotnetAnalysisEngine/readProjectFileContents.js +26 -0
package/src/audit/dotnetAnalysisEngine/sanitizer.js +11 -0
package/src/audit/goAnalysisEngine/index.js +18 -0
package/src/audit/goAnalysisEngine/parseProjectFileContents.js +209 -0
package/src/audit/goAnalysisEngine/readProjectFileContents.js +31 -0
package/src/audit/goAnalysisEngine/sanitizer.js +7 -0
package/src/audit/javaAnalysisEngine/index.js +41 -0
package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +222 -0
package/src/audit/javaAnalysisEngine/parseProjectFileContents.js +420 -0
package/src/audit/javaAnalysisEngine/readProjectFileContents.js +141 -0
package/src/audit/javaAnalysisEngine/sanitizer.js +6 -0
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +35 -0
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +41 -0
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +54 -0
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +32 -0
package/src/audit/languageAnalysisEngine/commonApi.js +20 -0
package/src/audit/languageAnalysisEngine/constants.js +23 -0
package/src/audit/languageAnalysisEngine/filterProjectPath.js +21 -0
package/src/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +41 -0
package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js +72 -0
package/src/audit/languageAnalysisEngine/index.js +45 -0
package/src/audit/languageAnalysisEngine/langugageAnalysisFactory.js +94 -0
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +177 -0
package/src/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +27 -0
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.js +303 -0
package/src/audit/languageAnalysisEngine/report/newReportingFeature.js +124 -0
package/src/audit/languageAnalysisEngine/report/reportingFeature.js +190 -0
package/src/audit/languageAnalysisEngine/sendSnapshot.js +51 -0
package/src/audit/languageAnalysisEngine/util/capabilities.js +12 -0
package/src/audit/languageAnalysisEngine/util/generalAPI.js +43 -0
package/src/audit/languageAnalysisEngine/util/requestUtils.js +17 -0
package/src/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +49 -0
package/src/audit/nodeAnalysisEngine/index.js +35 -0
package/src/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +20 -0
package/src/audit/nodeAnalysisEngine/parseYarn2LockFileContents.js +63 -0
package/src/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +26 -0
package/src/audit/nodeAnalysisEngine/readNPMLockFileContents.js +23 -0
package/src/audit/nodeAnalysisEngine/readProjectFileContents.js +27 -0
package/src/audit/nodeAnalysisEngine/readYarnLockFileContents.js +36 -0
package/src/audit/nodeAnalysisEngine/sanitizer.js +11 -0
package/src/audit/phpAnalysisEngine/index.js +27 -0
package/src/audit/phpAnalysisEngine/parseLockFileContents.js +60 -0
package/src/audit/phpAnalysisEngine/readLockFileContents.js +14 -0
package/src/audit/phpAnalysisEngine/readProjectFileContents.js +25 -0
package/src/audit/phpAnalysisEngine/sanitizer.js +4 -0
package/src/audit/pythonAnalysisEngine/index.js +55 -0
package/src/audit/pythonAnalysisEngine/parsePipfileLockContents.js +23 -0
package/src/audit/pythonAnalysisEngine/parseProjectFileContents.js +33 -0
package/src/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +16 -0
package/src/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +22 -0
package/src/audit/pythonAnalysisEngine/sanitizer.js +9 -0
package/src/audit/rubyAnalysisEngine/index.js +30 -0
package/src/audit/rubyAnalysisEngine/parseGemfileLockContents.js +215 -0
package/src/audit/rubyAnalysisEngine/parsedGemfile.js +39 -0
package/src/audit/rubyAnalysisEngine/readGemfileContents.js +18 -0
package/src/audit/rubyAnalysisEngine/readGemfileLockContents.js +17 -0
package/src/audit/rubyAnalysisEngine/sanitizer.js +8 -0
package/src/commands/audit/auditConfig.ts +30 -0
package/src/commands/audit/auditController.ts +31 -0
package/src/commands/audit/help.ts +48 -0
package/src/commands/audit/processAudit.ts +19 -0
package/src/commands/auth/auth.js +1 -1
package/src/commands/scan/processScan.js +20 -5
package/src/common/HTTPClient.js +136 -14
package/src/common/errorHandling.ts +56 -1
package/src/common/findLatestCLIVersion.ts +27 -0
package/src/constants/constants.js +1 -1
package/src/constants/lambda.js +45 -4
package/src/constants/locales.js +48 -20
package/src/constants.js +168 -22
package/src/index.ts +9 -2
package/src/lambda/aws.ts +13 -12
package/src/lambda/help.ts +4 -0
package/src/lambda/lambda.ts +53 -34
package/src/lambda/lambdaUtils.ts +111 -0
package/src/lambda/logUtils.ts +19 -1
package/src/lambda/scanDetailCompletion.ts +4 -4
package/src/lambda/scanRequest.ts +13 -11
package/src/lambda/utils.ts +149 -81
package/src/scan/autoDetection.js +0 -29
package/src/scan/fileUtils.js +1 -1
package/src/scan/help.js +12 -45
package/src/scan/populateProjectIdAndProjectName.js +4 -0
package/src/scan/saveResults.js +15 -0
package/src/scan/scan.js +95 -59
package/src/scan/scanConfig.js +29 -0
package/src/scan/scanController.js +13 -13
package/src/scan/scanResults.js +21 -19
package/src/utils/commonApi.js +2 -3
package/src/utils/paramsUtil/commandlineParams.js +1 -26
package/src/utils/paramsUtil/paramHandler.js +3 -7
package/src/utils/parsedCLIOptions.js +11 -9

package/dist/common/HTTPClient.js CHANGED Viewed

@@ -6,8 +6,9 @@ const { AUTH_CALLBACK_URL } = require('../constants/constants');
 function HTTPClient(config) {
     const apiKey = config.apiKey;
     const authToken = config.authorization;
-    const superApiKey = config.super_api_key;
-    const superAuthToken = config.super_authorization;
+    this.rejectUnauthorized = !config.ignoreCertErrors;
+    const superApiKey = config.superApiKey;
+    const superAuthToken = config.superAuthorization;
     this.requestOptions = {
         forever: true,
         json: true,
@@ -65,6 +66,11 @@ HTTPClient.prototype.getSpecificScanResult = function getSpecificScanResult(conf
     options.url = url;
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.getSpecificScanResultSarif = function getSpecificScanResultSarif(config, scanId) {
+    const options = _.cloneDeep(this.requestOptions);
+    options.url = createRawOutputURL(config, scanId);
+    return requestUtils.sendRequest({ method: 'get', options });
+};
 HTTPClient.prototype.getScanId = function getScanId(config, codeArtifactId) {
     const options = _.cloneDeep(this.requestOptions);
     let url = createGetScanIdURL(config);
@@ -89,8 +95,7 @@ HTTPClient.prototype.createProjectId = function createProjectId(config) {
     const options = _.cloneDeep(this.requestOptions);
     options.body = {
         name: config.name,
-        archived: 'false',
-        language: config.language
+        archived: 'false'
     };
     options.url = createHarmonyProjectsUrl(config);
     return requestUtils.sendRequest({ method: 'post', options });
@@ -120,6 +125,58 @@ HTTPClient.prototype.pollForAuth = function pollForAuth(token) {
     options.body = requestBody;
     return requestUtils.sendRequest({ method: 'post', options });
 };
+HTTPClient.prototype.catalogueCommand = function catalogueCommand(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createAppCreateURL(config);
+    options.url = url;
+    let requestBody = {};
+    requestBody.name = config.applicationName;
+    requestBody.language = config.language.toUpperCase();
+    requestBody.appGroups = config.appGroups;
+    requestBody.metadata = config.metadata;
+    requestBody.tags = config.tags;
+    requestBody.code = config.code;
+    options.body = requestBody;
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+HTTPClient.prototype.sendSnapshot = function sendSnapshot(requestBody, config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createSnapshotURL(config);
+    options.url = url;
+    options.body = requestBody;
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+HTTPClient.prototype.getReport = function getReport(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createReportUrl(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.getSpecificReport = function getSpecificReport(config, reportId) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createSpecificReportUrl(config, reportId);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.getLibraryVulnerabilities = function getLibraryVulnerabilities(requestBody, config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createLibraryVulnerabilitiesUrl(config);
+    options.url = url;
+    options.body = requestBody;
+    return requestUtils.sendRequest({ method: 'put', options });
+};
+HTTPClient.prototype.getAppId = function getAppId(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createAppNameUrl(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.getDependencyTree = function getReport(orgUuid, appId, reportId) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createGetDependencyTree(options.uri, orgUuid, appId, reportId);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
 function getServerlessHost(config = {}) {
     const originalHost = config?.host || config?.get('host');
     const host = originalHost?.endsWith('/')
@@ -145,29 +202,36 @@ function createScanResultsGetUrl(config, params, scanId, functionArn) {
     const { provider, accountId, organizationId } = params;
     return `${url}/organizations/${organizationId}/providers/${provider}/accounts/${accountId}/scans/${encodedScanId}/resources/${encodedFunctionArn}/results`;
 }
-HTTPClient.prototype.postFunctionScan = async function postFunctionScan(config, parameters, body) {
-    const url = createScanFunctionPostUrl(config, parameters);
+HTTPClient.prototype.postFunctionScan = async function postFunctionScan(config, params, body) {
+    const url = createScanFunctionPostUrl(config, params);
     const options = { ...this.requestOptions, body, url };
     return requestUtils.sendRequest({ method: 'post', options });
 };
-HTTPClient.prototype.getScanResources = async function getScanResources(config, parameters, scanId) {
-    const url = createScanResourcesGetUrl(config, parameters, scanId);
+HTTPClient.prototype.getScanResources = async function getScanResources(config, params, scanId) {
+    const url = createScanResourcesGetUrl(config, params, scanId);
     const options = { ...this.requestOptions, url };
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.getFunctionScanResults = async function getFunctionScanResults(config, parameters, scanId, functionArn) {
-    const url = createScanResultsGetUrl(config, parameters, scanId, functionArn);
+HTTPClient.prototype.getFunctionScanResults = async function getFunctionScanResults(config, params, scanId, functionArn) {
+    const url = createScanResultsGetUrl(config, params, scanId, functionArn);
     const options = { ...this.requestOptions, url };
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.checkLibrary = function checkLibrary(data) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createDataUrl();
+    options.url = url;
+    options.body = data;
+    return requestUtils.sendRequest({ method: 'post', options });
+};
 const createGetScanIdURL = config => {
     return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/`;
 };
 const createScanResultsInstancesURL = (config, scanId) => {
-    return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/result-instances?sort=severity,asc`;
+    return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/result-instances/info?size=50&page=0&last=false&sort=severity,asc`;
 };
-const createRawOutputURL = (config, codeArtifactId) => {
-    return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${codeArtifactId}/raw-output`;
+const createRawOutputURL = (config, scanId) => {
+    return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/raw-output`;
 };
 const createSpecificScanResultURL = (config, scanId) => {
     return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}`;
@@ -187,6 +251,30 @@ const createGlobalPropertiesUrl = protocol => {
 const pollForAuthUrl = () => {
     return `${AUTH_CALLBACK_URL}/auth/credentials`;
 };
+function createSnapshotURL(config) {
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots`;
+}
+const createAppCreateURL = config => {
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/create`;
+};
+const createAppNameUrl = config => {
+    return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/name?filterText=${config.applicationName}`;
+};
+function createLibraryVulnerabilitiesUrl(config) {
+    return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`;
+}
+function createReportUrl(config) {
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports`;
+}
+function createSpecificReportUrl(config, reportId) {
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}?nodesToInclude=PROD`;
+}
+function createDataUrl() {
+    return `https://ardy.contrastsecurity.com/production`;
+}
+const createGetDependencyTree = (protocol, orgUuid, appId, reportId) => {
+    return `${protocol}/Contrast/api/ng/sca/organizations/${orgUuid}/applications/${appId}/reports/${reportId}`;
+};
 module.exports = HTTPClient;
 module.exports.pollForAuthUrl = pollForAuthUrl;
 module.exports.getServerlessHost = getServerlessHost;

package/dist/common/errorHandling.js CHANGED Viewed

@@ -3,8 +3,56 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getErrorMessage = exports.generalError = exports.hostWarningError = exports.failOptionError = exports.proxyError = exports.forbiddenError = exports.badRequestError = exports.unauthenticatedError = exports.genericError = void 0;
+exports.libraryAnalysisError = exports.handleResponseErrors = exports.getErrorMessage = exports.generalError = exports.hostWarningError = exports.failOptionError = exports.proxyError = exports.forbiddenError = exports.badRequestError = exports.unauthenticatedError = exports.genericError = void 0;
 const i18n_1 = __importDefault(require("i18n"));
+const handleResponseErrors = (res, api) => {
+    if (res.statusCode === 400) {
+        api === 'catalogue' ? badRequestError(true) : badRequestError(false);
+    }
+    else if (res.statusCode === 401) {
+        unauthenticatedError();
+    }
+    else if (res.statusCode === 403) {
+        forbiddenError();
+    }
+    else if (res.statusCode === 407) {
+        proxyError();
+    }
+    else {
+        if (api === 'snapshot' || api === 'catalogue') {
+            snapshotFailureError();
+        }
+        if (api === 'vulnerabilities') {
+            vulnerabilitiesFailureError();
+        }
+        if (api === 'report') {
+            reportFailureError();
+        }
+    }
+};
+exports.handleResponseErrors = handleResponseErrors;
+const libraryAnalysisError = () => {
+    console.log(i18n_1.default.__('libraryAnalysisError'));
+};
+exports.libraryAnalysisError = libraryAnalysisError;
+const snapshotFailureError = () => {
+    console.log('\n ******************************** ' +
+        i18n_1.default.__('snapshotFailureHeader') +
+        ' *********************************\n' +
+        i18n_1.default.__('snapshotFailureMessage'));
+};
+const vulnerabilitiesFailureError = () => {
+    console.log('\n ******************************** ' +
+        i18n_1.default.__('snapshotFailureHeader') +
+        ' *********************************\n' +
+        i18n_1.default.__('vulnerabilitiesFailureMessage'));
+};
+const reportFailureError = () => {
+    console.log('\n ******************************** ' +
+        i18n_1.default.__('snapshotFailureHeader') +
+        ' *********************************\n' +
+        i18n_1.default.__('reportFailureMessage'));
+};
 const genericError = (missingCliOption) => {
     console.log(`*************************** ${i18n_1.default.__('yamlMissingParametersHeader')} ***************************\n${missingCliOption}`);
     console.error(i18n_1.default.__('yamlMissingParametersMessage'));

package/dist/common/findLatestCLIVersion.js ADDED Viewed

@@ -0,0 +1,23 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const latest_version_1 = __importDefault(require("latest-version"));
+const constants_1 = require("../constants/constants");
+const boxen_1 = __importDefault(require("boxen"));
+const chalk_1 = __importDefault(require("chalk"));
+const semver_1 = __importDefault(require("semver"));
+async function findLatestCLIVersion() {
+    const latestCLIVersion = await (0, latest_version_1.default)('@contrast/contrast');
+    if (semver_1.default.lt(constants_1.APP_VERSION, latestCLIVersion)) {
+        const updateAvailableMessage = `Update available ${chalk_1.default.yellow(constants_1.APP_VERSION)} → ${chalk_1.default.green(latestCLIVersion)}`;
+        const updateAvailableCommand = `Run ${chalk_1.default.cyan('npm i @contrast/contrast')} to update`;
+        console.log((0, boxen_1.default)(`${updateAvailableMessage}\n${updateAvailableCommand}`, {
+            margin: 1,
+            padding: 1,
+            align: 'center'
+        }));
+    }
+}
+exports.default = findLatestCLIVersion;

package/dist/constants/constants.js CHANGED Viewed

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.0';
+const APP_VERSION = '1.0.1';
 const TIMEOUT = 120000;
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com';
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com';

package/dist/constants/lambda.js CHANGED Viewed

@@ -9,15 +9,43 @@ const lambda = {
     missingFunctionName: 'Required parameter --function-name is missing.\nRun command with --help to see usage',
     failedToGetResults: 'Failed to get results',
     missingResults: 'Missing vulnerabilities',
-    missingParameter: 'Required function parameter is missing',
     awsError: 'AWS error',
-    missingFlagArguments: 'The following flags are missing an arguments:\n%s',
-    notSupportedFlags: 'The following flags are not supported:\n%s\nRun command with --help to see usage',
+    missingFlagArguments: 'The following flags are missing an arguments:\n{{flags}}',
+    notSupportedFlags: 'The following flags are not supported:\n{{flags}}\nRun command with --help to see usage',
+    layerNotFound: 'The layer {{layerArn}} could not be found. The scan will continue without it',
+    noVulnerabilitiesFound: '👏 No vulnerabilities found',
+    scanCompleted: '----- Scan completed {{time}}s -----',
+    sendingScanRequest: '{{icon}} Sending Lambda Function scan request to Contrast',
+    scanRequestedSuccessfully: '{{icon}} Scan requested successfully',
+    fetchingConfiguration: '{{icon}} Fetching configuration and policies for Lambda Function {{functionName}}',
+    fetchedConfiguration: '{{icon}} Fetched configuration from AWS',
+    scanStarted: 'Scan Started',
+    scanFailed: 'Scan Failed',
+    scanTimedOut: 'Scan timed out',
+    loadingFunctionList: 'Loading lambda function list',
+    functionsFound: '{{count}} functions found',
+    noFunctionsFound: 'No functions found',
+    failedToLoadFunctions: 'Faled to load lambda functions',
+    availableForScan: '{{icon}} {{count}} available for scan',
+    runtimeCount: '----- {{runtime}} ({{count}}) -----',
+    whatHappenedTitle: 'What happened:',
+    whatHappenedItem: '{{policy}} have:\n{{comments}}\n',
+    recommendation: 'Recommendation:',
+    vulnerableDependency: 'Vulnerable dependency',
+    dependenciesCount: {
+        one: '1 Dependency',
+        other: '%s Dependencies'
+    },
+    foundVulnerabilities: {
+        one: 'Found 1 vulnerability',
+        other: 'Found %s vulnerabilities'
+    },
+    vulnerableDependencyDescriptions: '{packageName} (v{version}) has {NUM} known {NUM, plural,one{CVE}other{CVEs}}\n {cves}',
     something_went_wrong: 'Something went wrong',
     not_found_404: '404 error - Not found',
     internal_error: 'Internal error',
     inactive_account: 'Scanning a function of an inactive account is not supported',
-    not_supported_runtime: 'Scanning resource of runtime "%s" is not supported.\nSupported runtimes: %s',
+    not_supported_runtime: 'Scanning resource of runtime "{{runtime}}" is not supported.\nSupported runtimes: {{supportedRuntimes}}',
     not_supported_onboard_account: 'Scanning a function of onboard account is not supported',
     scan_lock: 'Other scan is still running. Please wait until the previous scan finishes',
     unsupported: 'unsupported',

package/dist/constants/locales.js CHANGED Viewed

@@ -101,10 +101,8 @@ const en_locales = () => {
         constantsGradleMultiProject: 'Specify the sub project within your gradle application.',
         constantsScan: 'Upload java binaries to the static scan service',
         constantsWaitForScan: 'Waits for the result of the scan',
-        constantsProjectName: 'The name of the scan project in Contrast',
-        constantsFileName: 'The name of the file to Scan',
+        constantsProjectName: 'Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.',
         constantsProjectId: 'The ID associated with a scan project. Replace <ProjectID> with the ID for the scan project. To find the ID, select a scan project in Contrast and locate the last number in the URL.',
-        constantsScanTimeout: 'Set a specific time span before the function times out. Default timeout is 300 seconds if scan_timeout is not set. The format of the value of the parameter is "20" seconds or "80" seconds.',
         constantsReport: 'Display vulnerability information for this application',
         constantsFail: 'Set the process to fail if this option is set in combination with the --report and --cve_severity.',
         failOptionErrorMessage: " FAIL - CVE's have been detected that match at least the cve_severity or cve_threshold option specified.",
@@ -116,14 +114,15 @@ const en_locales = () => {
         constantsUsageGuideContentRecommendation: 'Our recommendation is that this is invoked as part of a CI pipeline so that running the cli is automated as part of your build process.',
         constantsPrerequisitesHeader: 'Pre-requisites',
         constantsPrerequisitesContent: 'To scan a Java project you will need a .jar or .war file for analysis\n' +
-            'To scan a Javascript project you will need a .js or.zip file for analysis\n',
+            'To scan a Javascript project you will need a .js or.zip file for analysis\n' +
+            'To scan a .NET c# webforms project you will need a .exe or a .zip file for analysis\n',
         constantsUsage: 'Usage',
         constantsUsageCommandExample: 'contrast [command] [options]',
-        constantsUsageCommandInfo: 'The file argument is optional. If no file is given, Contrast will search for a .jar, .war, .js or .zip file in the working directory.\n',
+        constantsUsageCommandInfo: 'The file argument is optional. If no file is given, Contrast will search for a .jar, .war, .js, .exe or .zip file in the working directory.\n',
         constantsUsageCommandInfo24Hours: 'Submitted files are encrypted during upload and deleted in 24 hours.',
         constantsAnd: 'AND',
         constantsJava: 'AND Maven build platform, including the dependency plugin. For a Gradle project, use build.gradle. A gradle-wrapper.properties file is also required. Kotlin is also supported requiring a build.gradle.kts file.',
-        constantsJavaNote: '*Please Note: Running "mvn dependency:tree" or "./gradlew dependencies" in the project directory locally must be successful.',
+        constantsJavaNote: 'Note: Running "mvn dependency:tree" or "./gradlew dependencies" in the project directory locally must be successful.',
         constantsJavaNoteGradle: 'We currently support v4.8 and upwards on Gradle projects',
         constantsDotNet: 'MSBuild 15.0 or greater and have a packages.lock.json file are supported.',
         constantsDotNetNote: 'Please Note: If the packages.lock.json file is not in place it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj and running dotnet build',
@@ -170,6 +169,7 @@ const en_locales = () => {
         constantsTags: 'Apply labels to an application. Labels must be formatted as a comma-delimited list. Example - label1,label2,label3',
         constantsCode: 'Add the application code this application should use in the Contrast UI',
         constantsIgnoreCertErrors: ' For EOP users with a local Teamserver install, this will bypass the SSL certificate and recognise a self signed certificate.',
+        constantsSave: ' Saves the Scan Results JSON to file.',
         constantsIgnoreDev: 'Combined with the --report command excludes developer dependencies from the vulnerabilities report. By default all dependencies are included in a report.',
         constantsCommands: 'Commands',
         constantsScanOptions: 'Scan Options',
@@ -187,6 +187,7 @@ const en_locales = () => {
         noFileFoundScan: "We could't find a suitable file in your directories (we go 3 deep)",
         specifyFileScanError: 'Java Scan requires a .war or .jar file. Javascript Scan requires a .js or .zip file.\nTo start a Scan enter "contrast scan -f <path-to-file>"',
         populateProjectIdMessage: 'project ID is %s',
+        permissionsError: 'You do not have the correct permissions here. \n Contact support@contrastsecurity.com to get this fixed.',
         scanErrorFileMessage: 'We only accept the following file types: \nJava - .jar, .war \nJavaScript - .js or .zip files',
         helpAuthSummary: 'Authenticate Contrast using your Github or Google account',
         helpScanSummary: 'Searches for a .jar, .war, .js or .zip file in the working directory, uploads for analysis and returns the results',
@@ -200,25 +201,18 @@ const en_locales = () => {
         versionName: 'version',
         configName: 'config',
         helpName: 'help',
-        scanOptionsFileName: '-f, --file',
-        scanOptionsLanguage: '-l, --language',
-        scanOptionsName: '-n, --name',
-        scanOptionsTimeout: '-t, --time-out',
-        scanOptionsVerbose: '-v, --verbose',
-        scanOptionsFileNameSummary: 'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .js. or .zip file in the working directory.',
         scanOptionsLanguageSummaryOptional: 'Language of file to send for analysis. ',
         scanOptionsLanguageSummaryRequired: 'If you scan a .zip file or you use the --file option.',
-        scanOptionsNameSummary: 'Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.',
         scanOptionsTimeoutSummary: 'Time in seconds to wait for scan to complete. Default value is 300 seconds.',
-        scanOptionsVerboseSummary: 'Returns extended information to the terminal.',
+        scanOptionsFileNameSummary: 'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .js, .exe or .zip file in the working directory.',
+        scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
         authSuccessMessage: 'Authentication successful',
-        runScanMessage: 'Now run Contrast Scan',
+        runAuthSuccessMessage: 'Now you can use Contrast CLI',
         authWaitingMessage: 'Waiting for auth...',
         authTimedOutMessage: 'Auth Timed out, try again',
         zipErrorScan: 'We only support zip files for JAVASCRIPT language, please set the flag --language JAVASCRIPT',
         unknownFileErrorScan: 'Unsupported file selected for Scan.',
         foundScanFile: 'found: %s',
-        foundVulnerabilities: 'Found %s vulnerabilities',
         foundDetailedVulnerabilities: '%s Critical %s High %s Medium %s Low %s Note',
         requiredParams: 'All required parameters are not present.',
         timeoutScan: 'Timeout set to 5 minutes.',
@@ -230,6 +224,7 @@ const en_locales = () => {
         lambdaPrerequisitesContent: 'contrast cli',
         scanFileNameOption: ' -f, --file',
         lambdaFunctionNameOption: ' -f, --function-name',
+        lambdaListFunctionsOption: ' -l, --list-functions',
         lambdaEndpointOption: '-e, --endpoint-url',
         lambdaRegionOption: '-r, --region',
         lambdaProfileOption: '-p, --profile',
@@ -237,6 +232,7 @@ const en_locales = () => {
         lambdaVerboseOption: '-v, --verbose',
         lambdaHelpOption: '-h, --help',
         lambdaFunctionNameSummery: 'Name of AWS lambda function to scan.',
+        lambdaListFunctionsSummery: 'List all available lambda functions to scan.',
         lambdaEndpointSummery: 'AWS Endpoint override, works like in AWS CLI.',
         lambdaRegionSummery: 'Region override, default to AWS_DEAFAULT_REGION env var, works like in AWS CLI.',
         lambdaProfileSummery: 'AWS configuration profile override, works like in AWS CLI.',
@@ -251,6 +247,33 @@ const en_locales = () => {
         connectionError: 'An error has occurred when trying to get the Project Id please check your internet connection or provide the Project Id manually',
         internalServerErrorHeader: '500 error - Internal server error',
         resourceLockedErrorHeader: '423 error - Resource is locked',
+        auditHeader: 'Contrast Audit',
+        auditHeaderMessage: `
+    Performs software composition analysis (SCA) on your application/code time to show you the dependencies between open source libraries, including where vulnerabilities were introduced.\n
+    Our recommendation is that this is invoked as part of a CI pipeline so that running the cli is automated as part of your build process.`,
+        constantsAuditPrerequisitesContentSupportedLanguages: 'Supported languages and their requirements are:',
+        constantsAuditPrerequisitesContentJava: 'Java: ',
+        constantsAuditPrerequisitesContentMessage: `
+       pom.xml AND Maven build platform, including the dependency plugin.
+       For a Gradle project (v4.8+) use build.gradle. A gradle-wrapper.properties file is also required.
+       Kotlin is also supported requiring a build.gradle.kts file.`,
+        constantsAuditPrerequisitesContentDotNet: '.NET framework and .NET core: ',
+        constantsAuditPrerequisitesContentDotNetMessage: `
+       MSBuild 15.0 or greater and have a packages.lock.json file are supported.\n
+       Note: If the packages.lock.json file is unavailable it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj file and running dotnet build.\n`,
+        constantsAuditPrerequisitesContentLanguageNode: 'Node: ',
+        constantsAuditPrerequisitesContentLanguageRuby: 'Ruby: ',
+        constantsAuditPrerequisitesContentLanguagePython: 'Python: ',
+        constantsAuditPrerequisitesContentLanguageNodeMessage: '*.package.json AND a lock file either *.package-lock.json or *.yarn.lock',
+        constantsAuditPrerequisitesContentLanguageRubyMessage: 'gemfile AND gemfile.lock',
+        constantsAuditPrerequisitesContentLanguagePythonMessage: 'pipfile AND pipfile.lock',
+        constantsAuditOptions: 'Audit Options',
+        auditOptionsIgnoreDevDependencies: '-igd, --ignore-dev',
+        auditOptionsIgnoreDevDependenciesDescription: 'ignores DevDependencies',
+        auditOptionsSave: '-s, --save',
+        auditOptionsSaveDescription: 'saves the output in specified format Txt text, sbom',
+        scanNoVulnerabilitiesFound: '👏 No vulnerabilities found',
+        scanNoFiletypeSpecifiedForSave: 'Please specify file type to save results to',
         ...lambda
     };
 };

package/dist/constants.js CHANGED Viewed

@@ -23,7 +23,7 @@ const scanOptionDefinitions = [
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('constantsFileName')
+            i18n.__('scanOptionsFileNameSummary')
     },
     {
         name: 'project-id',
@@ -40,15 +40,7 @@ const scanOptionDefinitions = [
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('constantsScanTimeout')
-    },
-    {
-        name: 'language',
-        alias: 'l',
-        description: '{bold ' +
-            i18n.__('constantsRequiredCatalogue') +
-            '}: ' +
-            i18n.__('constantsLanguage')
+            i18n.__('scanOptionsTimeoutSummary')
     },
     {
         name: 'organization-id',
@@ -58,14 +50,6 @@ const scanOptionDefinitions = [
             '}: ' +
             i18n.__('constantsOrganizationId')
     },
-    {
-        name: 'yaml-path',
-        alias: 'y',
-        description: '{bold ' +
-            i18n.__('constantsOptional') +
-            '}: ' +
-            i18n.__('constantsYamlPath')
-    },
     {
         name: 'api-key',
         description: '{bold ' +
@@ -83,7 +67,6 @@ const scanOptionDefinitions = [
     {
         name: 'host',
         alias: 'h',
-        defaultValue: 'app.contrastsecurity.com',
         description: '{bold ' +
             i18n.__('constantsRequired') +
             '}: ' +
@@ -112,9 +95,153 @@ const scanOptionDefinitions = [
             '}:' +
             i18n.__('constantsIgnoreCertErrors')
     },
+    {
+        name: 'verbose',
+        alias: 'v',
+        type: Boolean,
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}:' +
+            i18n.__('scanOptionsVerboseSummary')
+    },
+    {
+        name: 'save',
+        alias: 's',
+        description: '{bold ' + i18n.__('constantsOptional') + '}:' + i18n.__('constantsSave')
+    },
     {
         name: 'help',
         type: Boolean
+    },
+    {
+        name: 'debug',
+        alias: 'd',
+        type: Boolean
+    }
+];
+const auditOptionDefinitions = [
+    {
+        name: 'application-id',
+        description: '{bold ' +
+            i18n.__('constantsRequired') +
+            '}: ' +
+            i18n.__('constantsApplicationId')
+    },
+    {
+        name: 'application-name',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsApplicationName')
+    },
+    {
+        name: 'project-path',
+        defaultValue: process.env.PWD,
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsProjectPath')
+    },
+    {
+        name: 'app-groups',
+        description: '{bold ' +
+            i18n.__('constantsOptionalForCatalogue') +
+            '}: ' +
+            i18n.__('constantsAppGroups')
+    },
+    {
+        name: 'sub-project',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsGradleMultiProject')
+    },
+    {
+        name: 'metadata',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsMetadata')
+    },
+    {
+        name: 'tags',
+        description: '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('constantsTags')
+    },
+    {
+        name: 'code',
+        description: '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('constantsCode')
+    },
+    {
+        name: 'ignore-dev',
+        type: Boolean,
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsIgnoreDev')
+    },
+    {
+        name: 'maven-settings-path'
+    },
+    {
+        name: 'language',
+        alias: 'l',
+        description: '{bold ' +
+            i18n.__('constantsRequiredCatalogue') +
+            '}: ' +
+            i18n.__('constantsLanguage')
+    },
+    {
+        name: 'organization-id',
+        alias: 'o',
+        description: '{bold ' +
+            i18n.__('constantsRequired') +
+            '}: ' +
+            i18n.__('constantsOrganizationId')
+    },
+    {
+        name: 'api-key',
+        description: '{bold ' +
+            i18n.__('constantsRequired') +
+            '}: ' +
+            i18n.__('constantsApiKey')
+    },
+    {
+        name: 'authorization',
+        description: '{bold ' +
+            i18n.__('constantsRequired') +
+            '}: ' +
+            i18n.__('constantsAuthorization')
+    },
+    {
+        name: 'host',
+        alias: 'h',
+        description: '{bold ' +
+            i18n.__('constantsRequired') +
+            '}: ' +
+            i18n.__('constantsHostId')
+    },
+    {
+        name: 'proxy',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsProxyServer')
+    },
+    {
+        name: 'ignore-cert-errors',
+        type: Boolean,
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}:' +
+            i18n.__('constantsIgnoreCertErrors')
+    },
+    {
+        name: 'save',
+        alias: 's',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('auditOptionsSaveDescription')
     }
 ];
 const mainUsageGuide = commandLineUsage([
@@ -145,6 +272,7 @@ module.exports = {
     commandLineDefinitions: {
         mainUsageGuide,
         mainDefinition,
-        scanOptionDefinitions
+        scanOptionDefinitions,
+        auditOptionDefinitions
     }
 };