@contrast/contrast 1.0.0 → 1.0.3

package/.prettierignore

@@ -0,0 +1,3 @@
+test/commands/**
+dist/**
+test/errorHandling.spec.ts

package/README.md

@@ -1,13 +1,45 @@
-# Contrast Command Line Interface
+# CodeSec by Contrast Security
 
-Install Contrast, authenticate, and then start running a Lambda scan.
-This version supports **Java** and **Python** functions on AWS.
+CodeSec delivers:
 
-## Requirements
+- The fastest and most accurate SAST scanner.
+- Immediate and actionable results — scan code and serverless environments.
+- A frictionless and seamless sign-in process with GitHub or Google Account. From start to finish in minutes.
+- By running a scan on your lambda functions, you can find: Least privilege identity and access management (IAM) vulnerabilities (over permissive policies) and remediation.
 
-- AWS credentials should be **available** on your local configure (usually `~/.aws/credentials`)
-- You have an option run lambda scan with your aws-profile to pass `--profile`
-- You also can export differnt credentials
+## Install
+
+```
+npm install -g @contrast/contrast
+```
+
+## Authenticate
+
+Authenticate by entering contrast auth in the terminal.
+
+In the resulting browser window, log in and authenticate with your GitHub or Google credentials.
+
+## Run a scan
+
+### SAST scan
+
+####Requirements
+Make sure you have the correct file types to scan.
+
+- Upload a .jar or .war file to scan a Java project for analysis
+- Upload a .js or .zip file to scan a JavaScript project for analysis
+- Upload a .exe. or .zip file to scan a .NET c# web forms project
+
+Start scanning
+
+Use the Contrast scan command `contrast scan`
+
+### Lambda function scan
+
+####Requirements
+
+- Currently supports Java and Python functions on AWS.
+  Configure AWS credentials on your local environment by running the commands with your credentials:
 
 ```shell
 export AWS_DEFAULT_REGION=<YOUR_AWS_REGION>
@@ -15,95 +47,100 @@ export AWS_ACCESS_KEY_ID=<YOUR_ACCESS_KEY_ID>
 export AWS_SECRET_ACCESS_KEY=<YOUR_SECRET_ACCESS_KEY>
 ```
 
-These permissions are required to gather all required information on an AWS Lambda to use the `contrast lambda` command:
+- AWS credentials should be available on your local configure (usually **~/.aws/credentials**). You have an option to run a lambda scan with your aws-profile to pass --profile. You also can export different credentials.
 
-- Lambda: [GetFunction](https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunction.html), [GetLayerVersion](https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersion.html)
-- IAM: [GetRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html), [GetPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html), [GetPolicyVersion](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html), [ListRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html), [ListAttachedRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html)
+- These permissions are required to gather all required information on an AWS Lambda to use the `contrast lambda` command:
 
-Policy example:
-```
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "VisualEditor0",
-            "Effect": "Allow",
-            "Action": [
-                "iam:GetPolicyVersion",
-                "iam:GetPolicy",
-                "lambda:GetLayerVersion",
-                "lambda:GetFunction",
-                "iam:ListAttachedRolePolicies",
-                "iam:ListRolePolicies",
-                "iam:GetRolePolicy"
-            ],
-            "Resource": [
-                "arn:aws:lambda:*:YOUR_ACCOUNT:layer:*:*",
-                "arn:aws:lambda:*:YOUR_ACCOUNT:function:*",
-                "arn:aws:iam::YOUR_ACCOUNT:role/*",
-                "arn:aws:iam::YOUR_ACCOUNT:policy/*"
-            ]
-        }
-    ]
-}
-```
+  - Lambda: [GetFunction](https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunction.html) | [GetLayerVersion](https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersion.html)
+  - IAM: [GetRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html) | [GetPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html) | [GetPolicyVersion](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html) | [ListRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html) | [ListAttachedRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html)
 
-## Installation via Homebrew
+### Start scanning
 
-- `brew tap Contrast-Security-OSS/homebrew-contrast`
-- `brew install contrast`
+Use contrast lambda to scan your AWS Lambda functions.
+`contrast lambda --function-name MyFunctionName --region my-aws-region`
 
-### Install NPM / YARN
+## Contrast commands
 
-- `npm i -g @contrast/contrast`
-- `yarn global add @contrast/contrast`
+### auth
 
-### Install with binaries
+Authenticate Contrast using your GitHub or Google account. A new browser window will open for login.
 
-- Go to [https://pkg.contrastsecurity.com/ui/repos/tree/General/cli](https://pkg.contrastsecurity.com/ui/repos/tree/General/cli)
-- Select your operating system and download the package
-- You must allow **execute permissions** on the file depending on your OS
+**Usage:** `contrast auth`
 
-| Architecture | Link                                                                                                                                                                           |
-| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| macOS        | [https://pkg.contrastsecurity.com/ui/repos/tree/General/cli/1.0.0/mac/contrast](https://pkg.contrastsecurity.com/ui/repos/tree/General/cli/1.0.0/mac/contrast)                 |
-| Linux        | [https://pkg.contrastsecurity.com/ui/repos/tree/General/cli/1.0.0/linux/contrast](https://pkg.contrastsecurity.com/ui/repos/tree/General/cli/1.0.0/linux/contrast)             |
-| Windows      | [https://pkg.contrastsecurity.com/ui/repos/tree/General/cli/1.0.0/windows/contrast.exe](https://pkg.contrastsecurity.com/ui/repos/tree/General/cli/1.0.0/windows/contrast.exe) |
+### config
 
-## Usage
+Displays stored credentials.
 
-- `contrast [command] [option]`
-- `contrast lambda --function-name <function> [options]`
+**Usage:** `contrast config`
 
-## Running a scan on a Lambda function
+**Options:**
 
-1. `contrast auth`
-   Authenticate by entering contrast auth in the terminal.
-   In the resulting browser window, log in and authenticate with your GitHub or Google credentials.
-2. `contrast lambda --function-name <YOUR_FUNCTION_NAME> --region <AWS_REGION>`
+- **-c, --clear** - Removes stored credentials.
 
-More infromation
+### scan
 
-- `contrast lambda --help`
+Performs a security SAST scan.
 
-## Commands
+**Usage:** `contrast scan [option]`
 
-- `auth` - Authenticate Contrast using your `Github` or `Google` account
-- `lambda` - Perform scan on AWS Lambda function
-- `version` - Displays version of Contrast CLI
-- `config` - Displays stored credentials (`–c, --clear` - Removes stored credentials)
-- `help` - Displays usage guide
+**Options:**
 
-## Example of Running
+- **contrast scan --file** Path of the file you want to scan. Contrast searches for a .jar, .war .exe or .zip file in the working directory (and 3 folders deep) if a file is not specified.
+  Alias: **--f**
 
-```shell
-contrast lambda --function-name myFunctionName
-contrast lambda -f myFunctionName --region eu-cental-1
-contrast lambda -f myFunctionName --region eu-cental-1 --profile myDevProfile
-contrast lambda -f myFunctionName -v -j -r eu-cental-1 -p myDevProfile
-contrast lambda --function-name myFunctionName --verbose --json-output --region eu-cental-1 --profile myDevProfile
-```
+- **contrast scan --name**
+  Contrast project name. If not specified, Contrast creates a project from the name of the file
+  Alias: **–n**
+- **contrast scan --save**
+  Download the results to a Static Analysis Results Interchange Format (SARIF) file.
+  Alias: **-s**
+
+- **contrast scan --timeout**
+  Time in seconds to wait for the scan to complete. Default value is 300 seconds.
+  Alias: **-t**
+
+### lambda
+
+Name of AWS lambda function to scan.
+
+**Usage:** `contrast lambda --function-name`
+
+**Options:**
+
+- **contrast lambda --function-name --endpoint-url**
+  AWS Endpoint override. Similar to AWS CLI.
+  Alias: **-e**
+
+- **contrast lambda --function-name --region**
+  Region override. Defaults to AWS_DEFAULT_REGION. Similar to AWS CLI.
+  Alias: **-r**
+
+- **contrast lambda --function-name --profile**
+  AWS configuration profile override. Similar to AWS CLI.
+  Alias: **-p**
+
+- **contrast lambda --function-name --json**
+  Return response in JSON (versus default human-readable format).
+  Alias: **-j**
+
+- **contrast lambda -–function-name -–verbose**
+  Returns extended information to the terminal.
+  Alias: **-v**
+
+- **contrast lambda -–function-name --list-functions**
+  Lists all available lambda functions to scan.
+
+- **contrast lambda --function-name -–help**
+  Displays usage guide.
+  Alias: **-h**
+
+### help
+
+Displays usage guide. To list detailed help for any CLI command, add the -h or --help flag to the command.
+**Usage:** `contrast scan --help`
+Alias: **-h**
 
-## Example of Results
+### version
 
-![image](https://user-images.githubusercontent.com/289035/165555050-e9a709c9-f2a9-4edc-a064-8208445238bc.png)
+Displays version of Contrast CLI.
+**Usage:** `contrast version` Alias: **-v**, **--version**

package/dist/audit/AnalysisEngine.js

@@ -0,0 +1,37 @@
+"use strict";
+class AnalysisEngine {
+    constructor(initAnalysis = {}) {
+        this.analyzers = [];
+        this.analysis = { ...initAnalysis };
+    }
+    use(analyzer) {
+        if (Array.isArray(analyzer)) {
+            this.analyzers = [...this.analyzers, ...analyzer];
+            return;
+        }
+        this.analyzers.push(analyzer);
+    }
+    analyze(callback, config) {
+        let i = 0;
+        const next = err => {
+            if (err) {
+                return setImmediate(() => callback(err, this.analysis));
+            }
+            if (i >= this.analyzers.length) {
+                return setImmediate(() => callback(null, this.analysis));
+            }
+            const analyzer = this.analyzers[i];
+            i++;
+            setImmediate(() => {
+                try {
+                    analyzer(this.analysis, next, config);
+                }
+                catch (uncaughtErr) {
+                    next(uncaughtErr);
+                }
+            });
+        };
+        next();
+    }
+}
+module.exports = exports = AnalysisEngine;

package/dist/audit/catalogueApplication/catalogueApplication.js

@@ -0,0 +1,36 @@
+"use strict";
+const i18n = require('i18n');
+const { getHttpClient, handleResponseErrors } = require('../../utils/commonApi');
+const locationOfApp = (config, appId) => {
+    return `${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${appId}`;
+};
+const displaySuccessMessage = (config, appId) => {
+    console.log('\n **************************' +
+        i18n.__('successHeader') +
+        '************************** \n');
+    console.log('\n' + i18n.__('catalogueSuccessCommand') + appId + '\n');
+    console.log(locationOfApp(config, appId));
+    console.log('\n *********************************************************** \n');
+};
+const catalogueApplication = async (config) => {
+    const client = getHttpClient(config);
+    let appId;
+    await client
+        .catalogueCommand(config)
+        .then(res => {
+        if (res.statusCode === 201) {
+            displaySuccessMessage(config, res.body.application.app_id);
+            appId = res.body.application.app_id;
+        }
+        else {
+            handleResponseErrors(res, 'catalogue');
+        }
+    })
+        .catch(err => {
+        console.log(err);
+    });
+    return appId;
+};
+module.exports = {
+    catalogueApplication: catalogueApplication
+};

package/dist/audit/dotnetAnalysisEngine/index.js

@@ -0,0 +1,25 @@
+"use strict";
+const AnalysisEngine = require('../AnalysisEngine');
+const readProjectFileContents = require('./readProjectFileContents');
+const parseProjectFileContents = require('./parseProjectFileContents');
+const readLockFileContents = require('./readLockFileContents');
+const parseLockFileContents = require('./parseLockFileContents');
+const sanitizer = require('./sanitizer');
+const i18n = require('i18n');
+module.exports = exports = (language, config, callback) => {
+    const ae = new AnalysisEngine({ language, config, dotnet: {} });
+    ae.use([
+        readProjectFileContents,
+        parseProjectFileContents,
+        readLockFileContents,
+        parseLockFileContents,
+        sanitizer
+    ]);
+    ae.analyze((err, analysis) => {
+        if (err) {
+            callback(new Error(i18n.__('dotnetAnalysisFailure') + err.message));
+            return;
+        }
+        callback(null, analysis);
+    });
+};

package/dist/audit/dotnetAnalysisEngine/parseLockFileContents.js

@@ -0,0 +1,35 @@
+"use strict";
+const i18n = require('i18n');
+module.exports = exports = ({ language: { lockFilePath }, dotnet }, next) => {
+    const { rawLockFileContents } = dotnet;
+    if (!rawLockFileContents) {
+        next();
+        return;
+    }
+    try {
+        let count = 0;
+        dotnet.lockFile = JSON.parse(rawLockFileContents);
+        for (const dependenciesNode in dotnet.lockFile.dependencies) {
+            for (const innerNode in dotnet.lockFile.dependencies[dependenciesNode]) {
+                const nodeValidation = JSON.stringify(dotnet.lockFile.dependencies[dependenciesNode][innerNode]);
+                if (nodeValidation.includes('"type":"Project"')) {
+                    count += 1;
+                    delete dotnet.lockFile.dependencies[dependenciesNode][innerNode];
+                    dotnet.additionalInfo = 'dependenciesNote';
+                }
+            }
+        }
+        if (count > 0) {
+            const multiLevelProjectWarning = () => {
+                console.log('');
+                console.log(i18n.__('dependenciesNote'));
+            };
+            setTimeout(multiLevelProjectWarning, 7000);
+        }
+    }
+    catch (err) {
+        next(new Error(i18n.__('dotnetParseLockfile', lockFilePath) + `${err.message}`));
+        return;
+    }
+    next();
+};

package/dist/audit/dotnetAnalysisEngine/parseProjectFileContents.js

@@ -0,0 +1,15 @@
+"use strict";
+const xml2js = require('xml2js');
+const i18n = require('i18n');
+module.exports = exports = ({ language: { projectFilePath }, dotnet }, next) => {
+    const { rawProjectFileContents } = dotnet;
+    const parser = new xml2js.Parser({ explicitArray: false, mergeAttrs: true });
+    parser.parseString(rawProjectFileContents, (err, projectFileXML) => {
+        if (err) {
+            next(new Error(i18n.__('dotnetParseProjectFile', projectFilePath) + `${err}`));
+            return;
+        }
+        dotnet.projectFile = projectFileXML;
+        next();
+    });
+};

package/dist/audit/dotnetAnalysisEngine/readLockFileContents.js

@@ -0,0 +1,18 @@
+"use strict";
+const fs = require('fs');
+const i18n = require('i18n');
+module.exports = exports = (analysis, next) => {
+    const { language: { lockFilePath }, dotnet } = analysis;
+    if (!lockFilePath) {
+        next();
+        return;
+    }
+    try {
+        dotnet.rawLockFileContents = fs.readFileSync(lockFilePath);
+    }
+    catch (err) {
+        next(new Error(i18n.__('dotnetReadLockfile', lockFilePath) + `${err.message}`));
+        return;
+    }
+    next();
+};

package/dist/audit/dotnetAnalysisEngine/readProjectFileContents.js

@@ -0,0 +1,14 @@
+"use strict";
+const fs = require('fs');
+const i18n = require('i18n');
+module.exports = exports = (analysis, next) => {
+    const { language: { projectFilePath }, dotnet } = analysis;
+    try {
+        dotnet.rawProjectFileContents = fs.readFileSync(projectFilePath);
+    }
+    catch (err) {
+        next(new Error(i18n.__('dotnetReadProjectFile', projectFilePath) + `${err.message}`));
+        return;
+    }
+    next();
+};

package/dist/audit/dotnetAnalysisEngine/sanitizer.js

@@ -0,0 +1,9 @@
+"use strict";
+module.exports = exports = ({ dotnet }, next) => {
+    delete dotnet.rawProjectFileContents;
+    delete dotnet.parsedProjectFileContents;
+    delete dotnet.projectFileXML;
+    delete dotnet.packageReferences;
+    delete dotnet.rawLockFileContents;
+    next();
+};

package/dist/audit/goAnalysisEngine/index.js

@@ -0,0 +1,17 @@
+"use strict";
+const AnalysisEngine = require('../AnalysisEngine');
+const readProjectFileContents = require('./readProjectFileContents');
+const parseProjectFileContents = require('./parseProjectFileContents');
+const sanitizer = require('./sanitizer');
+const i18n = require('i18n');
+module.exports = exports = (language, config, callback) => {
+    const ae = new AnalysisEngine({ language, config, go: {} });
+    ae.use([readProjectFileContents, parseProjectFileContents, sanitizer]);
+    ae.analyze((err, analysis) => {
+        if (err) {
+            callback(new Error(i18n.__('goAnalysisError') + `${err.message}`));
+            return;
+        }
+        callback(null, analysis);
+    });
+};

package/dist/audit/goAnalysisEngine/parseProjectFileContents.js

@@ -0,0 +1,164 @@
+"use strict";
+const i18n = require('i18n');
+const crypto = require('crypto');
+module.exports = exports = ({ go }, next) => {
+    const { modGraphOutput } = go;
+    try {
+        go.goDependencyTrees = parseGo(modGraphOutput);
+    }
+    catch (err) {
+        next(new Error(i18n.__('goParseProjectFile') + `${err.message}`));
+        return;
+    }
+    next();
+};
+const splitAllLinesIntoArray = modGraphOutput => {
+    return modGraphOutput.split(/\r\n|\r|\n/);
+};
+const parseGo = modGraphOutput => {
+    let splitLines = splitAllLinesIntoArray(modGraphOutput);
+    const directDepNames = getDirectDepNames(splitLines);
+    const uniqueTransitiveDepNames = getAllUniqueTransitiveDepNames(splitLines, directDepNames);
+    let rootNodes = createRootNodes(splitLines);
+    createTransitiveDeps(uniqueTransitiveDepNames, splitLines, rootNodes);
+    return rootNodes;
+};
+const getAllDepsOfADepAsEdge = (dep, deps) => {
+    let edges = {};
+    const depRows = deps.filter(line => {
+        return line.startsWith(dep);
+    });
+    depRows.forEach(dep => {
+        const edgeName = dep.split(' ')[1];
+        edges[edgeName] = edgeName;
+    });
+    return edges;
+};
+const getAllDepsOfADepAsName = (dep, deps) => {
+    let edges = [];
+    const depRows = deps.filter(line => {
+        return line.startsWith(dep);
+    });
+    depRows.forEach(dep => {
+        const edgeName = dep.split(' ')[1];
+        edges.push(edgeName);
+    });
+    return edges;
+};
+const createRootNodes = deps => {
+    let rootDep = {};
+    const rootDeps = getRootDeps(deps);
+    const edges = rootDeps.map(dep => {
+        return dep.split(' ')[1];
+    });
+    rootDep[rootDeps[0].split(' ')[0]] = {};
+    edges.forEach(edge => {
+        const splitEdge = edge.split('@');
+        const splitGroupName = splitEdge[0].split('/');
+        const name = splitGroupName.pop();
+        const lastSlash = splitEdge[0].lastIndexOf('/');
+        let group = splitEdge[0].substring(0, lastSlash);
+        const hash = getHash(splitEdge[0]);
+        group = checkGroupExists(group, name);
+        const edgesOfDep = getAllDepsOfADepAsEdge(edge, deps);
+        rootDep[rootDeps[0].split(' ')[0]][edge] = {
+            artifactID: name,
+            group: group,
+            version: splitEdge[1],
+            scope: '"compile',
+            type: 'direct',
+            hash: hash,
+            edges: edgesOfDep
+        };
+    });
+    return rootDep;
+};
+const getRootDeps = deps => {
+    const rootDeps = deps.filter(dep => {
+        const parentDep = dep.split(' ')[0];
+        if (parentDep.split('@v').length === 1) {
+            return dep;
+        }
+    });
+    return rootDeps;
+};
+const getHash = library => {
+    let shaSum = crypto.createHash('sha1');
+    shaSum.update(library);
+    return shaSum.digest('hex');
+};
+const getDirectDepNames = deps => {
+    const directDepNames = [];
+    deps.forEach(dep => {
+        const parentDep = dep.split(' ')[0];
+        if (parentDep.split('@v').length === 1) {
+            dep.split(' ')[1] !== undefined
+                ? directDepNames.push(dep.split(' ')[1])
+                : null;
+        }
+    });
+    return directDepNames;
+};
+const getAllUniqueTransitiveDepNames = (deps, directDepNames) => {
+    let uniqueDeps = [];
+    deps.forEach(dep => {
+        const parentDep = dep.split(' ')[0];
+        if (parentDep.split('@v').length !== 1) {
+            if (!directDepNames.includes(parentDep)) {
+                if (!uniqueDeps.includes(parentDep)) {
+                    parentDep.length > 1 ? uniqueDeps.push(parentDep) : null;
+                }
+            }
+        }
+    });
+    return uniqueDeps;
+};
+const checkGroupExists = (group, name) => {
+    if (group === null || group === '') {
+        return name;
+    }
+    return group;
+};
+const createTransitiveDeps = (transitiveDeps, splitLines, rootNodes) => {
+    transitiveDeps.forEach(dep => {
+        const splitEdge = dep.split('@');
+        const splitGroupName = splitEdge[0].split('/');
+        const name = splitGroupName.pop();
+        const lastSlash = splitEdge[0].lastIndexOf('/');
+        let group = splitEdge[0].substring(0, lastSlash);
+        const hash = getHash(splitEdge[0]);
+        group = checkGroupExists(group, name);
+        const transitiveDep = {
+            artifactID: name,
+            group: group,
+            version: splitEdge[1],
+            scope: 'compile',
+            type: 'transitive',
+            hash: hash,
+            edges: {}
+        };
+        const edges = getAllDepsOfADepAsEdge(dep, splitLines);
+        transitiveDep.edges = edges;
+        const edgesAsName = getAllDepsOfADepAsName(dep, splitLines);
+        edgesAsName.forEach(dep => {
+            const splitEdge = dep.split('@');
+            const splitGroupName = splitEdge[0].split('/');
+            const name = splitGroupName.pop();
+            const lastSlash = splitEdge[0].lastIndexOf('/');
+            let group = splitEdge[0].substring(0, lastSlash);
+            const hash = getHash(splitEdge[0]);
+            group = checkGroupExists(group, name);
+            const transitiveDep = {
+                artifactID: name,
+                group: group,
+                version: splitEdge[1],
+                scope: 'compile',
+                type: 'transitive',
+                hash: hash,
+                edges: {}
+            };
+            rootNodes[Object.keys(rootNodes)[0]][dep] = transitiveDep;
+        });
+        rootNodes[Object.keys(rootNodes)[0]][dep] = transitiveDep;
+    });
+};

package/dist/audit/goAnalysisEngine/readProjectFileContents.js

@@ -0,0 +1,21 @@
+"use strict";
+const child_process = require('child_process');
+const i18n = require('i18n');
+module.exports = exports = async ({ language: { projectFilePath }, go }, next) => {
+    let cmdStdout;
+    let cwd;
+    try {
+        cwd = projectFilePath.replace('go.mod', '');
+        cmdStdout = child_process.execSync('go mod graph', { cwd });
+        go.modGraphOutput = cmdStdout.toString();
+        next();
+    }
+    catch (err) {
+        if (err.message === 'spawnSync /bin/sh ENOENT') {
+            err.message =
+                '\n\n*************** No transitive dependencies ***************\n\nWe are unable to build a dependency tree view from your repository as there were no transitive dependencies found.';
+        }
+        next(new Error(i18n.__('goReadProjectFile', cwd, `${err.message ? err.message : ''}`)));
+        return;
+    }
+};

package/dist/audit/goAnalysisEngine/sanitizer.js

@@ -0,0 +1,5 @@
+"use strict";
+module.exports = exports = ({ go }, next) => {
+    delete go.modGraphOutput;
+    next();
+};