@contrast/contrast 1.0.0 → 1.0.3

package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js

@@ -0,0 +1,222 @@
+const i18n = require('i18n')
+
+module.exports = exports = ({ language: { projectFilePath }, java }, next) => {
+  const { mvnDependancyTreeOutput } = java
+
+  if (projectFilePath.endsWith('pom.xml')) {
+    try {
+      java.mavenDependencyTrees = parseMvn(mvnDependancyTreeOutput)
+      next()
+    } catch (err) {
+      next(new Error(i18n.__('javaParseProjectFile') + `${err.message}`))
+      return
+    }
+  } else {
+    // Go to gradle project
+    next()
+  }
+}
+
+const hasVersion = key => {
+  var regex = RegExp('[0-9].[0-9]')
+  return regex.test(key)
+}
+
+const formatKeyName = value => {
+  let tempArr = value.split(':')
+  let versionIndex = undefined
+  for (let i = 0; i < tempArr.length; i++) {
+    if (hasVersion(tempArr[i])) {
+      versionIndex = i
+    }
+  }
+
+  return tempArr[0] + '/' + tempArr[1] + '@' + tempArr[versionIndex]
+}
+
+const shaveConsoleOutputUntilItFindsFirsDigraphMention = mvnDependancyTreeOutput => {
+  //shaves of the console output until it reaches the first digraph
+  return mvnDependancyTreeOutput.substring(
+    mvnDependancyTreeOutput.indexOf('digraph')
+  )
+}
+
+const getDigraphObjInfo = editedOutput => {
+  //turns the output into an array of digraph information
+  // which looks like
+  // ' "com.contrastsecurity:teamserver-model:jar:local" {\n
+  // \n [INFO]  "com.contrastsecurity:teamserver-model:jar:local" -> "junit:junit:jar:4.12:test" ;\n
+  // \n [INFO]  "junit:junit:jar:4.12:test" -> "org.hamcrest:hamcrest-core:jar:1.3:test" ;\n
+  //  [INFO]  }' ]
+  let digraphObj = editedOutput.split('digraph')
+
+  return digraphObj.filter(v => v != '')
+}
+
+const createDigraphObjKey = element => {
+  // parse the digraph to turn into an object key
+  let formatObjKey = element.substring(0, element.indexOf('{'))
+  formatObjKey = formatObjKey.replace(/"/g, '')
+  formatObjKey = formatObjKey.replace('{', '')
+  formatObjKey = formatObjKey.trim()
+
+  return formatObjKey
+}
+
+const turnDigraphDependanciesIntoArrOfInnerDep = digraphObj => {
+  // takes:
+  // "com.contrastsecurity:teamserver-model:jar:local" {
+  //   [INFO]  "com.contrastsecurity:teamserver-model:jar:local" -> "org.springframework:spring-core:jar:5.1.9.RELEASE:compile" ;
+  //   [INFO]  "com.contrastsecurity:teamserver-model:jar:local" -> "junit:junit:jar:4.12:test" ;
+  //   [INFO]  "org.springframework:spring-core:jar:5.1.9.RELEASE:compile" -> "org.springframework:spring-jcl:jar:5.1.9.RELEASE:compile" ;
+  //   [INFO]  "junit:junit:jar:4.12:test" -> "org.hamcrest:hamcrest-core:jar:1.3:test" ;
+  //   [INFO]  }
+
+  // and turns it into
+  // [ '"com.contrastsecurity:teamserver-model:jar:local" -> "org.springframework:spring-core:jar:5.1.9.RELEASE:compile"',
+  // '"com.contrastsecurity:teamserver-model:jar:local" -> "junit:junit:jar:4.12:test"',
+  // '"org.springframework:spring-core:jar:5.1.9.RELEASE:compile" -> "org.springframework:spring-jcl:jar:5.1.9.RELEASE:compile"',
+  // '"junit:junit:jar:4.12:test" -> "org.hamcrest:hamcrest-core:jar:1.3:test"',
+  // '' ]
+
+  let depRow = digraphObj.substring(
+    digraphObj.indexOf('{'),
+    digraphObj.indexOf('}') + 1
+  )
+  depRow = depRow.replace(/\[INFO\]/g, '')
+  depRow = depRow.replace(/\n/g, '')
+  depRow = depRow.replace(/\{/g, '')
+  depRow = depRow.replace(/\}/g, '')
+  depRow = depRow.replace(/\"/g, '') // eslint-disable-line
+
+  return depRow.split(';').map(s => s.trim())
+}
+
+const createOuterDependanciesAndType = (digraphObjKey, arrOfInnerDep) => {
+  let leftKey
+  let rightKey
+  let newDepNode
+  const list = []
+
+  arrOfInnerDep.forEach(element => {
+    leftKey = element.substring(0, element.indexOf(' -'))
+    rightKey = element.substring(element.indexOf('>') + 2)
+
+    // if the digraph and the leftKey are the same and the left has a version
+    // then “edgeType” is direct
+    if (leftKey === digraphObjKey) {
+      if (hasVersion(rightKey)) {
+        let rightKeyArr = rightKey.split(':')
+        newDepNode = {
+          [rightKey]: {
+            group: rightKeyArr[0],
+            artifactID: rightKeyArr[1],
+            packaging: rightKeyArr[2],
+            version: rightKeyArr[3],
+            scope: rightKeyArr[4],
+            type: 'direct',
+            parent: leftKey,
+            edges: {}
+          }
+        }
+        list.push(newDepNode)
+      }
+    }
+    // if right and left both have versions and left doesn't match digraph name
+    // then “type” is transitive
+    if (
+      hasVersion(leftKey) &&
+      hasVersion(rightKey) &&
+      !(leftKey === digraphObjKey)
+    ) {
+      let rightKeyArr = rightKey.split(':')
+      newDepNode = {
+        [rightKey]: {
+          group: rightKeyArr[0],
+          artifactID: rightKeyArr[1],
+          packaging: rightKeyArr[2],
+          version: rightKeyArr[3],
+          scope: rightKeyArr[4],
+          type: 'transitive',
+          parent: leftKey,
+          edges: {}
+        }
+      }
+      list.push(newDepNode)
+    }
+  })
+
+  return list
+}
+
+const createEdges = (digraphObjKey, listOuterDep) => {
+  listOuterDep.forEach(element => {
+    const key = Object.keys(element).toString()
+
+    const childParentRef = element[key].parent
+
+    if (childParentRef !== digraphObjKey) {
+      listOuterDep.forEach(i => {
+        let parentKey = Object.keys(i).toString()
+        if (childParentRef === parentKey) {
+          i[parentKey].edges[formatKeyName(key)] = formatKeyName(key)
+        }
+      })
+    }
+  })
+  return listOuterDep
+}
+
+const extractFromArrAndFinalParse = listWithEdges => {
+  let finalObj = {}
+  listWithEdges.forEach(element => {
+    const key = Object.keys(element).toString()
+
+    const parsedKey = formatKeyName(key)
+
+    delete element[key].parent
+
+    finalObj[parsedKey] = element[key]
+  })
+  return finalObj
+}
+
+const dependancyValueCreationOrganiser = (digraphObjKey, digraph) => {
+  const arrOfInnerDep = turnDigraphDependanciesIntoArrOfInnerDep(digraph)
+  const listOuterDep = createOuterDependanciesAndType(
+    digraphObjKey,
+    arrOfInnerDep
+  )
+  const listWithEdges = createEdges(digraphObjKey, listOuterDep)
+  const finishDepObj = extractFromArrAndFinalParse(listWithEdges)
+
+  return finishDepObj
+}
+
+const parseMvn = mvnDependancyTreeOutput => {
+  let parsedDepObj = {}
+  let editedOutput = shaveConsoleOutputUntilItFindsFirsDigraphMention(
+    mvnDependancyTreeOutput
+  )
+  let digraphObjArray = getDigraphObjInfo(editedOutput)
+
+  digraphObjArray.forEach(digraph => {
+    const digraphObjKey = createDigraphObjKey(digraph)
+    parsedDepObj[digraphObjKey] = dependancyValueCreationOrganiser(
+      digraphObjKey,
+      digraph
+    )
+  })
+  return parsedDepObj
+}
+
+// testing purposes
+exports.shaveConsoleOutputUntilItFindsFirsDigraphMention = shaveConsoleOutputUntilItFindsFirsDigraphMention
+exports.getDigraphObjInfo = getDigraphObjInfo
+exports.createDigraphObjKey = createDigraphObjKey
+exports.turnDigraphDependanciesIntoArrOfInnerDep = turnDigraphDependanciesIntoArrOfInnerDep
+exports.hasVersion = hasVersion
+exports.formatKeyName = formatKeyName
+exports.createOuterDependanciesAndType = createOuterDependanciesAndType
+exports.extractFromArrAndFinalParse = extractFromArrAndFinalParse
+exports.createEdges = createEdges

package/src/audit/javaAnalysisEngine/parseProjectFileContents.js

@@ -0,0 +1,420 @@
+const i18n = require('i18n')
+let projectType = ''
+const StringBuilder = require('string-builder')
+let sb = new StringBuilder()
+
+module.exports = exports = (
+  { language: { projectFilePath }, java },
+  next,
+  config
+) => {
+  const { mvnDependancyTreeOutput } = java
+  if (
+    projectFilePath.endsWith('build.gradle') ||
+    projectFilePath.endsWith('pom.xml')
+  ) {
+    if (projectFilePath.endsWith('build.gradle')) {
+      projectType = 'Gradle'
+    } else {
+      projectType = 'Maven'
+    }
+    try {
+      java.mavenDependencyTrees = parseGradle(mvnDependancyTreeOutput, config)
+      next()
+    } catch (err) {
+      next(new Error(i18n.__('javaParseProjectFile') + `${err.message}`))
+      return
+    }
+  } else {
+    next()
+  }
+}
+
+const preParser = shavedOutput => {
+  let obj = []
+  for (let dep in shavedOutput) {
+    obj.push(
+      shavedOutput[dep]
+        .replace('+-', '+---')
+        .replace('[INFO]', '')
+        .replace('\\-', '\\---')
+        .replace(':jar:', ':')
+        .replace(':test', '')
+        .replace(':compile', '')
+        .replace(' +', '+')
+        .replace(' |', '|')
+        .replace(' \\', '\\')
+        .replace(':runtime', '')
+    )
+  }
+
+  let depTree = []
+  for (let x in obj) {
+    let nodeLevel = computeRelationToLastElement(obj[x])
+
+    let notLastLevel =
+      obj[x].startsWith('|') ||
+      obj[x].startsWith('+') ||
+      obj[x].startsWith('\\')
+
+    if (notLastLevel) {
+      if (nodeLevel === 0) {
+        depTree.push(obj[x])
+      } else {
+        let level = computeLevel(nodeLevel)
+        let validatedLevel = addIndentation(nodeLevel === 2 ? 5 : level, obj[x])
+        depTree.push(validatedLevel)
+      }
+    } else {
+      let level = computeLevel(nodeLevel)
+      let validatedLevel = addIndentation(nodeLevel === 3 ? 5 : level, obj[x])
+      depTree.push(validatedLevel)
+    }
+  }
+
+  return depTree
+}
+
+const shaveOutput = gradleDependencyTreeOutput => {
+  let shavedOutput = gradleDependencyTreeOutput.split('\n')
+
+  if (projectType === 'Maven') {
+    shavedOutput = preParser(shavedOutput)
+  }
+
+  let obj = []
+  for (let key in shavedOutput) {
+    if (shavedOutput[key].includes('project :')) {
+      //skip
+    } else if (
+      shavedOutput[key].includes('+---') ||
+      shavedOutput[key].includes('\\---')
+    ) {
+      obj.push(shavedOutput[key])
+    }
+  }
+  return obj
+}
+
+const computeIndentation = element => {
+  let hasPlus = element.includes('+')
+  let hasSlash = element.includes('\\')
+  if (hasPlus) {
+    return element.substring(element.indexOf('+'))
+  }
+  if (hasSlash) {
+    return element.substring(element.indexOf('\\'))
+  }
+}
+
+const computeLevel = nodeLevel => {
+  let num = [5, 8, 11, 14, 17, 20]
+  for (let z in num) {
+    if (num[z] === nodeLevel) {
+      let n = parseInt(z)
+      return 5 * (n + 2)
+    }
+  }
+}
+
+const addIndentation = (number, str) => {
+  str = computeIndentation(str)
+  sb.clear() // need to clear so each dep doesn't append to the string
+  for (let j = 0; j < number; j++) {
+    sb.append(' ')
+  }
+  sb.append(str)
+  return sb.toString()
+}
+
+const computeRelationToLastElement = element => {
+  let hasPlus = element.includes('+---')
+  let hasSlash = element.includes('\\---')
+  if (hasPlus) {
+    return element.split('+---')[0].length
+  }
+  if (hasSlash) {
+    return element.split('\\---')[0].length
+  }
+}
+
+const stripElement = element => {
+  return element
+    .replace(/[|]/g, '')
+    .replace('+---', '')
+    .replace('\\---', '')
+    .replace(/[' ']/g, '')
+    .replace('(c)', '')
+    .replace('->', '@')
+    .replace('(*)', '')
+}
+
+const checkVersion = element => {
+  let version = element.split(':')
+  return version[version.length - 1]
+}
+
+const createElement = (element, isRoot) => {
+  let tree
+  let cleanElement = stripElement(element)
+  let splitGroupName = cleanElement.split(':')
+
+  let validateVersion = false
+  if (!element.includes('->')) {
+    validateVersion = true
+  }
+
+  tree = {
+    artifactID: splitGroupName[1],
+    group: splitGroupName[0],
+    version: validateVersion
+      ? checkVersion(cleanElement)
+      : splitGroupName[splitGroupName.length - 1],
+    scope: 'compile',
+    type: isRoot ? 'direct' : 'transitive',
+    edges: {}
+  }
+  return tree
+}
+
+const getElementHeader = element => {
+  let elementHeader = stripElement(element)
+  elementHeader = elementHeader.replace(':', '/')
+  elementHeader = elementHeader.replace(':', '@')
+
+  return elementHeader
+}
+
+const buildElement = (element, rootElement, parentOfCurrent, tree, isRoot) => {
+  let childElement = createElement(element, isRoot)
+  let elementHeader = getElementHeader(element)
+  let levelsArray = [rootElement, parentOfCurrent]
+  const treeNode = getNestedObject(tree, levelsArray)
+  const rootNode = getNestedObject(tree, [rootElement])
+
+  // eslint-disable-next-line
+  if (!rootNode.hasOwnProperty(elementHeader)) {
+    tree[rootElement][elementHeader] = childElement
+  }
+  treeNode.edges[elementHeader] = elementHeader
+}
+
+const hasChildren = (nextNodeLevel, nodeLevel) => {
+  if (nextNodeLevel > nodeLevel) {
+    return true
+  }
+}
+
+const lastChild = (nextNodeLevel, nodeLevel) => {
+  if (nextNodeLevel < nodeLevel) {
+    return true
+  }
+}
+
+const calculateLevels = (nextNodeLevel, nodeLevel) => {
+  return (nodeLevel - nextNodeLevel) / 5
+}
+
+const buildTree = shavedOutput => {
+  let tree = {}
+  let rootElement
+  let levelNodes = []
+
+  shavedOutput.forEach((element, index) => {
+    if (index === 0) {
+      // console.log(element, index)
+      let cleanElement = stripElement(element)
+      let elementHeader = getElementHeader(cleanElement)
+      let splitElement = element.split(' ')
+      let splitGroupName = splitElement[1].split(':')
+
+      let validateVersion = false
+      if (!element.includes('->')) {
+        validateVersion = true
+      }
+
+      tree[splitGroupName[0]] = {}
+      tree[splitGroupName[0]][elementHeader] = {
+        artifactID: splitGroupName[1],
+        group: splitGroupName[0],
+        version: validateVersion
+          ? checkVersion(cleanElement)
+          : splitElement[splitElement.length - 1],
+        scope: 'compile',
+        type: 'direct',
+        edges: {}
+      }
+
+      rootElement = splitGroupName[0]
+      levelNodes.push(elementHeader)
+    }
+
+    if (shavedOutput.length - 1 === index) {
+      // console.log(element, index)
+      const parentOfCurrent = levelNodes[levelNodes.length - 1]
+      let nodeLevel = computeRelationToLastElement(element)
+
+      let validateVersion = false
+      if (!element.includes('->')) {
+        validateVersion = true
+      }
+
+      if (nodeLevel === 0) {
+        let cleanElement = stripElement(element)
+        let elementHeader = getElementHeader(cleanElement)
+        let splitElement = element.split(' ')
+        let splitGroupName = splitElement[1].split(':')
+        tree[rootElement][elementHeader] = {
+          artifactID: splitGroupName[1],
+          group: splitGroupName[0],
+          version: validateVersion
+            ? checkVersion(cleanElement)
+            : splitElement[splitElement.length - 1],
+          scope: 'compile',
+          type: 'direct',
+          edges: {}
+        }
+      } else {
+        buildElement(element, rootElement, parentOfCurrent, tree)
+      }
+    }
+
+    if (index >= 1 && index < shavedOutput.length - 1) {
+      let nodeLevel = computeRelationToLastElement(element)
+      let nextNodeLevel = computeRelationToLastElement(shavedOutput[index + 1])
+      const parentOfCurrent = levelNodes[levelNodes.length - 1]
+
+      let isRoot = false
+      if (nodeLevel === 0) {
+        isRoot = true
+      }
+
+      // useful for debugging
+      // console.log(
+      //   element,
+      //   index,
+      //   'nodeLevel:',
+      //   nodeLevel,
+      //   'nextNodeLevel:',
+      //   nextNodeLevel,
+      //   'parentofCurrent:',
+      //   parentOfCurrent
+      // )
+
+      if (isRoot) {
+        let cleanElement = stripElement(element)
+        let elementHeader = getElementHeader(cleanElement)
+        let splitElement = element.split(' ')
+        let splitGroupName = splitElement[1].split(':')
+
+        let validateVersion = false
+        if (!element.includes('->')) {
+          validateVersion = true
+        }
+
+        tree[rootElement][elementHeader] = {
+          artifactID: splitGroupName[1],
+          group: splitGroupName[0],
+          version: validateVersion
+            ? checkVersion(cleanElement)
+            : splitElement[splitElement.length - 1],
+          scope: 'compile',
+          type: 'direct',
+          edges: {}
+        }
+        levelNodes.push(elementHeader)
+        return
+      }
+
+      let elementHeader = getElementHeader(element)
+      buildElement(element, rootElement, parentOfCurrent, tree, isRoot)
+
+      if (hasChildren(nextNodeLevel, nodeLevel)) {
+        buildElement(element, rootElement, parentOfCurrent, tree, isRoot)
+        levelNodes.push(elementHeader)
+      }
+
+      if (lastChild(nextNodeLevel, nodeLevel)) {
+        let levelDifference = calculateLevels(nextNodeLevel, nodeLevel)
+        if (levelDifference === 0) {
+          levelNodes.pop()
+        } else {
+          let i
+          for (i = 0; i < levelDifference; i++) {
+            levelNodes.pop()
+          }
+        }
+      }
+    }
+  })
+
+  return tree
+}
+
+const getNestedObject = (nestedObj, pathArr) => {
+  return pathArr.reduce(
+    (obj, key) => (obj && obj[key] !== 'undefined' ? obj[key] : undefined),
+    nestedObj
+  )
+}
+
+// emit any "+--- project :" within the tree
+const parseSubProject = shavedOutput => {
+  let obj = []
+  for (let key in shavedOutput) {
+    if (!shavedOutput[key].includes('project')) {
+      obj.push(shavedOutput[key])
+    }
+  }
+  return obj
+}
+
+const validateIndentation = shavedOutput => {
+  let validatedTree = []
+  shavedOutput.forEach((element, index) => {
+    let nextNodeLevel
+    let nodeLevel = computeRelationToLastElement(element)
+    if (shavedOutput[index + 1] !== undefined) {
+      nextNodeLevel = computeRelationToLastElement(shavedOutput[index + 1])
+    }
+    if (index === 0) {
+      validatedTree.push(shavedOutput[index])
+      validatedTree.push(shavedOutput[index + 1])
+    } else if (nextNodeLevel > nodeLevel + 5) {
+      return
+    } else {
+      validatedTree.push(shavedOutput[index + 1])
+    }
+  })
+  validatedTree.pop()
+  return validatedTree
+}
+
+const parseGradle = (gradleDependencyTreeOutput, config) => {
+  let shavedOutput = shaveOutput(gradleDependencyTreeOutput)
+
+  if (config.subProject) {
+    let subProject = parseSubProject(shavedOutput)
+    let validatedOutput = validateIndentation(subProject)
+    return buildTree(validatedOutput)
+  } else {
+    let validatedOutput = validateIndentation(shavedOutput)
+    return buildTree(validatedOutput)
+  }
+}
+
+exports.shaveOutput = shaveOutput
+exports.validateIndentation = validateIndentation
+exports.stripElement = stripElement
+exports.getElementHeader = getElementHeader
+exports.createElement = createElement
+exports.parseGradle = parseGradle
+exports.computeRelationToLastElement = computeRelationToLastElement
+exports.hasChildren = hasChildren
+exports.lastChild = lastChild
+exports.calculateLevels = calculateLevels
+exports.buildElement = buildElement
+exports.checkVersion = checkVersion
+exports.computeIndentation = computeIndentation
+exports.computeLevel = computeLevel
+exports.addIndentation = addIndentation