npm - @contrast/contrast - Versions diffs - 1.0.0 → 1.0.3 - Mend

@contrast/contrast 1.0.0 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (213) hide show

package/.prettierignore +3 -0
package/README.md +115 -78
package/dist/audit/AnalysisEngine.js +37 -0
package/dist/audit/catalogueApplication/catalogueApplication.js +36 -0
package/dist/audit/dotnetAnalysisEngine/index.js +25 -0
package/dist/audit/dotnetAnalysisEngine/parseLockFileContents.js +35 -0
package/dist/audit/dotnetAnalysisEngine/parseProjectFileContents.js +15 -0
package/dist/audit/dotnetAnalysisEngine/readLockFileContents.js +18 -0
package/dist/audit/dotnetAnalysisEngine/readProjectFileContents.js +14 -0
package/dist/audit/dotnetAnalysisEngine/sanitizer.js +9 -0
package/dist/audit/goAnalysisEngine/index.js +17 -0
package/dist/audit/goAnalysisEngine/parseProjectFileContents.js +164 -0
package/dist/audit/goAnalysisEngine/readProjectFileContents.js +21 -0
package/dist/audit/goAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/javaAnalysisEngine/index.js +34 -0
package/dist/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +153 -0
package/dist/audit/javaAnalysisEngine/parseProjectFileContents.js +353 -0
package/dist/audit/javaAnalysisEngine/readProjectFileContents.js +98 -0
package/dist/audit/javaAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +24 -0
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +24 -0
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +35 -0
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +23 -0
package/dist/audit/languageAnalysisEngine/commonApi.js +18 -0
package/dist/audit/languageAnalysisEngine/constants.js +20 -0
package/dist/audit/languageAnalysisEngine/filterProjectPath.js +20 -0
package/dist/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +25 -0
package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js +39 -0
package/dist/audit/languageAnalysisEngine/index.js +39 -0
package/dist/audit/languageAnalysisEngine/langugageAnalysisFactory.js +95 -0
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +121 -0
package/dist/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +17 -0
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +257 -0
package/dist/audit/languageAnalysisEngine/report/newReportingFeature.js +81 -0
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +133 -0
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +41 -0
package/dist/audit/languageAnalysisEngine/util/capabilities.js +11 -0
package/dist/audit/languageAnalysisEngine/util/generalAPI.js +39 -0
package/dist/audit/languageAnalysisEngine/util/requestUtils.js +14 -0
package/dist/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +40 -0
package/dist/audit/nodeAnalysisEngine/index.js +31 -0
package/dist/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +18 -0
package/dist/audit/nodeAnalysisEngine/parseYarn2LockFileContents.js +51 -0
package/dist/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +18 -0
package/dist/audit/nodeAnalysisEngine/readNPMLockFileContents.js +17 -0
package/dist/audit/nodeAnalysisEngine/readProjectFileContents.js +14 -0
package/dist/audit/nodeAnalysisEngine/readYarnLockFileContents.js +24 -0
package/dist/audit/nodeAnalysisEngine/sanitizer.js +9 -0
package/dist/audit/phpAnalysisEngine/index.js +23 -0
package/dist/audit/phpAnalysisEngine/parseLockFileContents.js +52 -0
package/dist/audit/phpAnalysisEngine/readLockFileContents.js +13 -0
package/dist/audit/phpAnalysisEngine/readProjectFileContents.js +16 -0
package/dist/audit/phpAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/pythonAnalysisEngine/index.js +25 -0
package/dist/audit/pythonAnalysisEngine/parsePipfileLockContents.js +17 -0
package/dist/audit/pythonAnalysisEngine/parseProjectFileContents.js +21 -0
package/dist/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +13 -0
package/dist/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +14 -0
package/dist/audit/pythonAnalysisEngine/sanitizer.js +7 -0
package/dist/audit/rubyAnalysisEngine/index.js +25 -0
package/dist/audit/rubyAnalysisEngine/parseGemfileLockContents.js +176 -0
package/dist/audit/rubyAnalysisEngine/parsedGemfile.js +22 -0
package/dist/audit/rubyAnalysisEngine/readGemfileContents.js +14 -0
package/dist/audit/rubyAnalysisEngine/readGemfileLockContents.js +14 -0
package/dist/audit/rubyAnalysisEngine/sanitizer.js +6 -0
package/dist/commands/audit/auditConfig.js +25 -0
package/dist/commands/audit/auditController.js +31 -0
package/dist/commands/audit/help.js +52 -0
package/dist/commands/audit/processAudit.js +18 -0
package/dist/commands/audit/saveFile.js +11 -0
package/dist/commands/auth/auth.js +20 -2
package/dist/commands/config/config.js +19 -8
package/dist/commands/scan/processScan.js +9 -13
package/dist/common/HTTPClient.js +112 -13
package/dist/common/errorHandling.js +65 -1
package/dist/common/versionChecker.js +30 -0
package/dist/constants/constants.js +4 -2
package/dist/constants/lambda.js +32 -4
package/dist/constants/locales.js +60 -21
package/dist/constants.js +181 -21
package/dist/index.js +50 -23
package/dist/lambda/aws.js +14 -11
package/dist/lambda/help.js +4 -0
package/dist/lambda/lambda.js +50 -27
package/dist/lambda/lambdaUtils.js +72 -0
package/dist/lambda/logUtils.js +11 -1
package/dist/lambda/scanDetailCompletion.js +4 -4
package/dist/lambda/scanRequest.js +11 -5
package/dist/lambda/utils.js +110 -53
package/dist/sbom/generateSbom.js +20 -0
package/dist/scan/autoDetection.js +0 -32
package/dist/scan/fileUtils.js +1 -1
package/dist/scan/help.js +14 -40
package/dist/scan/populateProjectIdAndProjectName.js +5 -0
package/dist/scan/saveResults.js +14 -0
package/dist/scan/scan.js +105 -40
package/dist/scan/scanConfig.js +39 -0
package/dist/scan/scanController.js +19 -16
package/dist/scan/scanResults.js +24 -16
package/dist/utils/commonApi.js +3 -3
package/dist/utils/paramsUtil/commandlineParams.js +1 -20
package/dist/utils/paramsUtil/paramHandler.js +3 -6
package/dist/utils/parsedCLIOptions.js +14 -8
package/dist/utils/requestUtils.js +1 -1
package/dist/utils/saveFile.js +19 -0
package/package.json +26 -21
package/src/audit/AnalysisEngine.js +103 -0
package/src/audit/catalogueApplication/catalogueApplication.js +42 -0
package/src/audit/dotnetAnalysisEngine/index.js +26 -0
package/src/audit/dotnetAnalysisEngine/parseLockFileContents.js +47 -0
package/src/audit/dotnetAnalysisEngine/parseProjectFileContents.js +29 -0
package/src/audit/dotnetAnalysisEngine/readLockFileContents.js +30 -0
package/src/audit/dotnetAnalysisEngine/readProjectFileContents.js +26 -0
package/src/audit/dotnetAnalysisEngine/sanitizer.js +11 -0
package/src/audit/goAnalysisEngine/index.js +18 -0
package/src/audit/goAnalysisEngine/parseProjectFileContents.js +209 -0
package/src/audit/goAnalysisEngine/readProjectFileContents.js +31 -0
package/src/audit/goAnalysisEngine/sanitizer.js +7 -0
package/src/audit/javaAnalysisEngine/index.js +41 -0
package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +222 -0
package/src/audit/javaAnalysisEngine/parseProjectFileContents.js +420 -0
package/src/audit/javaAnalysisEngine/readProjectFileContents.js +141 -0
package/src/audit/javaAnalysisEngine/sanitizer.js +6 -0
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +35 -0
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +41 -0
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +54 -0
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +32 -0
package/src/audit/languageAnalysisEngine/commonApi.js +20 -0
package/src/audit/languageAnalysisEngine/constants.js +23 -0
package/src/audit/languageAnalysisEngine/filterProjectPath.js +21 -0
package/src/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +41 -0
package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js +72 -0
package/src/audit/languageAnalysisEngine/index.js +45 -0
package/src/audit/languageAnalysisEngine/langugageAnalysisFactory.js +126 -0
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +177 -0
package/src/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +27 -0
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.js +303 -0
package/src/audit/languageAnalysisEngine/report/newReportingFeature.js +124 -0
package/src/audit/languageAnalysisEngine/report/reportingFeature.js +190 -0
package/src/audit/languageAnalysisEngine/sendSnapshot.js +51 -0
package/src/audit/languageAnalysisEngine/util/capabilities.js +12 -0
package/src/audit/languageAnalysisEngine/util/generalAPI.js +43 -0
package/src/audit/languageAnalysisEngine/util/requestUtils.js +17 -0
package/src/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +49 -0
package/src/audit/nodeAnalysisEngine/index.js +35 -0
package/src/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +20 -0
package/src/audit/nodeAnalysisEngine/parseYarn2LockFileContents.js +63 -0
package/src/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +26 -0
package/src/audit/nodeAnalysisEngine/readNPMLockFileContents.js +23 -0
package/src/audit/nodeAnalysisEngine/readProjectFileContents.js +27 -0
package/src/audit/nodeAnalysisEngine/readYarnLockFileContents.js +36 -0
package/src/audit/nodeAnalysisEngine/sanitizer.js +11 -0
package/src/audit/phpAnalysisEngine/index.js +27 -0
package/src/audit/phpAnalysisEngine/parseLockFileContents.js +60 -0
package/src/audit/phpAnalysisEngine/readLockFileContents.js +14 -0
package/src/audit/phpAnalysisEngine/readProjectFileContents.js +25 -0
package/src/audit/phpAnalysisEngine/sanitizer.js +4 -0
package/src/audit/pythonAnalysisEngine/index.js +55 -0
package/src/audit/pythonAnalysisEngine/parsePipfileLockContents.js +23 -0
package/src/audit/pythonAnalysisEngine/parseProjectFileContents.js +33 -0
package/src/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +16 -0
package/src/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +22 -0
package/src/audit/pythonAnalysisEngine/sanitizer.js +9 -0
package/src/audit/rubyAnalysisEngine/index.js +30 -0
package/src/audit/rubyAnalysisEngine/parseGemfileLockContents.js +215 -0
package/src/audit/rubyAnalysisEngine/parsedGemfile.js +39 -0
package/src/audit/rubyAnalysisEngine/readGemfileContents.js +18 -0
package/src/audit/rubyAnalysisEngine/readGemfileLockContents.js +17 -0
package/src/audit/rubyAnalysisEngine/sanitizer.js +8 -0
package/src/commands/audit/auditConfig.ts +30 -0
package/src/commands/audit/auditController.ts +31 -0
package/src/commands/audit/help.ts +48 -0
package/src/commands/audit/processAudit.ts +18 -0
package/src/commands/audit/saveFile.ts +6 -0
package/src/commands/auth/auth.js +26 -2
package/src/commands/config/config.js +22 -8
package/src/commands/scan/processScan.js +9 -13
package/src/common/HTTPClient.js +149 -14
package/src/common/errorHandling.ts +85 -2
package/src/common/versionChecker.ts +39 -0
package/src/constants/constants.js +5 -4
package/src/constants/lambda.js +45 -4
package/src/constants/locales.js +76 -26
package/src/constants.js +204 -23
package/src/index.ts +67 -27
package/src/lambda/aws.ts +13 -12
package/src/lambda/help.ts +4 -0
package/src/lambda/lambda.ts +53 -34
package/src/lambda/lambdaUtils.ts +111 -0
package/src/lambda/logUtils.ts +19 -1
package/src/lambda/scanDetailCompletion.ts +4 -4
package/src/lambda/scanRequest.ts +13 -11
package/src/lambda/utils.ts +149 -81
package/src/sbom/generateSbom.ts +17 -0
package/src/scan/autoDetection.js +0 -29
package/src/scan/fileUtils.js +1 -1
package/src/scan/help.js +14 -45
package/src/scan/populateProjectIdAndProjectName.js +5 -0
package/src/scan/saveResults.js +14 -0
package/src/scan/scan.js +127 -58
package/src/scan/scanConfig.js +54 -0
package/src/scan/scanController.js +22 -15
package/src/scan/scanResults.js +32 -19
package/src/utils/commonApi.js +2 -3
package/src/utils/getConfig.ts +2 -0
package/src/utils/paramsUtil/commandlineParams.js +1 -26
package/src/utils/paramsUtil/paramHandler.js +3 -7
package/src/utils/parsedCLIOptions.js +11 -9
package/src/utils/requestUtils.js +1 -1
package/src/utils/saveFile.js +19 -0
package/dist/lambda/scanDetail.js +0 -30
package/dist/scan/fileFinder.js +0 -15
package/dist/utils/paramsUtil/yamlParams.js +0 -6

package/src/audit/javaAnalysisEngine/readProjectFileContents.js ADDED Viewed

@@ -0,0 +1,141 @@
+const child_process = require('child_process')
+const fs = require('fs')
+const i18n = require('i18n')
+const path = require('path')
+module.exports = exports = (
+  { language: { projectFilePath }, java },
+  next,
+  config
+) => {
+  let cmdStdout
+  let cwd
+  let timeout
+  let javaProject = ''
+  let mvn_settings = ''
+  const maven = 'Maven'
+  const gradle = 'Gradle'
+  try {
+    if (projectFilePath.includes('pom.xml')) {
+      javaProject = maven
+      cwd = projectFilePath.replace('pom.xml', '')
+    } else if (projectFilePath.includes('build.gradle')) {
+      javaProject = gradle
+      cwd = projectFilePath.replace('build.gradle', '')
+    }
+    // timeout is in milliseconds and 2.30 mintues was choses as when tested against
+    // Spring-boot (https://github.com/spring-projects/spring-boot) a complex project that was the
+    // average time for a first run when it had to download projects then build tree
+    timeout = 960000
+    // A sample of this output can be found
+    // in the java test data/mvnCmdResults.text
+    if (javaProject === maven) {
+      // Allow users to provide a custom location for their settings.xml
+      if (config.mavenSettingsPath) {
+        mvn_settings = ' -s ' + config.mavenSettingsPath
+      }
+      if (config.betaUnifiedJavaParser) {
+        cmdStdout = child_process.execSync(
+          'mvn dependency:tree -B' + mvn_settings,
+          {
+            cwd,
+            timeout
+          }
+        )
+      } else {
+        cmdStdout = child_process.execSync(
+          'mvn dependency:tree -DoutputType=dot -B' + mvn_settings,
+          {
+            cwd,
+            timeout
+          }
+        )
+      }
+      java.mvnDependancyTreeOutput = cmdStdout.toString()
+    } else if (javaProject === gradle) {
+      // path.sep is user here to either execute as "./gradlew" for UNIX/Linux/MacOS
+      // & ".\gradlew" for Windows
+      // Check if the user has specified a sub-project
+      if (config.subProject) {
+        cmdStdout = child_process.execSync(
+          '.' +
+            path.sep +
+            'gradlew :' +
+            config.subProject +
+            ':dependencies --configuration runtimeClasspath',
+          {
+            cwd,
+            timeout
+          }
+        )
+      } else {
+        cmdStdout = child_process.execSync(
+          '.' +
+            path.sep +
+            'gradlew dependencies --configuration runtimeClasspath',
+          {
+            cwd,
+            timeout
+          }
+        )
+      }
+      if (
+        cmdStdout
+          .toString()
+          .includes(
+            "runtimeClasspath - Runtime classpath of source set 'main'.\n" +
+              'No dependencies'
+          )
+      ) {
+        cmdStdout = child_process.execSync(
+          '.' + path.sep + 'gradlew dependencies',
+          {
+            cwd,
+            timeout
+          }
+        )
+      }
+      java.mvnDependancyTreeOutput = cmdStdout.toString()
+    }
+    next()
+  } catch (err) {
+    if (javaProject === maven) {
+      try {
+        child_process.execSync('mvn --version', {
+          cwd,
+          timeout
+        })
+        next(
+          new Error(
+            i18n.__('mavenDependencyTreeNonZero', cwd, `${err.message}`)
+          )
+        )
+      } catch (mvnErr) {
+        next(
+          new Error(i18n.__('mavenNotInstalledError', cwd, `${mvnErr.message}`))
+        )
+      }
+    } else if (javaProject === gradle) {
+      if (
+        fs.existsSync(cwd + 'gradlew') ||
+        fs.existsSync(cwd + 'gradlew.bat')
+      ) {
+        next(
+          new Error(
+            i18n.__('gradleDependencyTreeNonZero', cwd, `${err.message}`)
+          )
+        )
+      } else {
+        next(
+          new Error(i18n.__('gradleWrapperUnavailable', cwd, `${err.message}`))
+        )
+      }
+    }
+    return
+  }
+}

package/src/audit/javaAnalysisEngine/sanitizer.js ADDED Viewed

@@ -0,0 +1,6 @@
+module.exports = exports = ({ java }, next) => {
+  // Remove anything sensitive or unnecessary from being sent to the backend as
+  // a result of our Java project analysis
+  delete java.mvnDependancyTreeOutput
+  next()
+}

package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js ADDED Viewed

@@ -0,0 +1,35 @@
+const i18n = require('i18n')
+/**
+ * Checks that the list of languages and files that has been reduced doesn't
+ * contain more than one identified language.
+ */
+module.exports = exports = (analysis, next) => {
+  const { languageAnalysis } = analysis
+  try {
+    checkForMultipleIdentifiedLanguages(languageAnalysis.identifiedLanguages)
+  } catch (err) {
+    next(err)
+    return
+  }
+  next()
+}
+const checkForMultipleIdentifiedLanguages = identifiedLanguages => {
+  if (Object.keys(identifiedLanguages).length > 1) {
+    // Handle the error case where multiple languages have been identified
+    let errMsg = i18n.__('languageAnalysisMultipleLanguages1')
+    for (const [language, { projectFilenames }] of Object.entries(
+      identifiedLanguages
+    )) {
+      errMsg += `\t${language}: ${projectFilenames.join(', ')}\n`
+    }
+    errMsg += i18n.__('languageAnalysisMultipleLanguages2', "'project_path'")
+    throw new Error(errMsg)
+  }
+}
+//For testing purposes
+exports.checkForMultipleIdentifiedLanguages = checkForMultipleIdentifiedLanguages

package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js ADDED Viewed

@@ -0,0 +1,41 @@
+const i18n = require('i18n')
+/**
+ * Checks that the list of languages and files that has been reduced doesn't
+ * contain more than one project file for any identified language.
+ */
+module.exports = exports = (analysis, next) => {
+  const { languageAnalysis } = analysis
+  try {
+    checkForMultipleIdentifiedProjectFiles(languageAnalysis.identifiedLanguages)
+  } catch (err) {
+    next(err)
+    return
+  }
+  next()
+}
+const checkForMultipleIdentifiedProjectFiles = identifiedLanguages => {
+  // Handle the error case where only a single language has been identified...
+  if (Object.keys(identifiedLanguages).length == 1) {
+    let { projectFilenames } = Object.values(identifiedLanguages)[0]
+    // ...but multiple project files for that language have been found
+    if (projectFilenames.length > 1) {
+      const [language] = Object.keys(identifiedLanguages)
+      projectFilenames = projectFilenames.join(', ')
+      // NOTE : Quotation marks for language needs to be added back in (this includes tests)
+      throw new Error(
+        i18n.__(
+          'languageAnalysisProjectFiles',
+          language,
+          projectFilenames,
+          "'project_path'"
+        )
+      )
+    }
+  }
+}
+//For testing purposes
+exports.checkForMultipleIdentifiedProjectFiles = checkForMultipleIdentifiedProjectFiles

package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js ADDED Viewed

@@ -0,0 +1,54 @@
+const i18n = require('i18n')
+/**
+ * Checks that a project has a lock file
+ */
+module.exports = exports = (analysis, next) => {
+  try {
+    const { languageAnalysis } = analysis
+    //.NET and NODE both need lock files. currently JAVA and GO do not
+    // need a lock file so if lang is JAVA / GO just go to next
+    if (
+      Object.getOwnPropertyNames(languageAnalysis.identifiedLanguages)[0] ===
+        'JAVA' ||
+      Object.getOwnPropertyNames(languageAnalysis.identifiedLanguages)[0] ===
+        'GO'
+    ) {
+      next()
+      return
+    }
+    checkForLockFile(languageAnalysis.identifiedLanguages)
+  } catch (err) {
+    next(err)
+    return
+  }
+  next()
+  return
+}
+const checkForLockFile = identifiedLanguages => {
+  // Handle the error case where only a single language has been identified...
+  if (Object.keys(identifiedLanguages).length == 1) {
+    let { lockFilenames } = Object.values(identifiedLanguages)[0]
+    // ...but no lock files for that language have been found
+    if (lockFilenames.length == 0) {
+      const [language] = Object.keys(identifiedLanguages)
+      throw new Error(i18n.__('languageAnalysisHasNoLockFile', language))
+    }
+    if (lockFilenames.length > 1) {
+      const [language] = Object.keys(identifiedLanguages)
+      throw new Error(
+        i18n.__(
+          'languageAnalysisHasMultipleLockFiles',
+          language,
+          String(lockFilenames)
+        )
+      )
+    }
+  }
+}
+//For testing purposes
+exports.checkForLockFile = checkForLockFile

package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js ADDED Viewed

@@ -0,0 +1,32 @@
+const i18n = require('i18n')
+/**
+ * Checks that a single identified language in the list of languages and files
+ * that has been reduced has a single project file. This is important in the
+ * (uncommon) case that a project has a lock file without a project file.
+ */
+module.exports = exports = (analysis, next) => {
+  const { languageAnalysis } = analysis
+  try {
+    checkIdentifiedLanguageHasProjectFile(languageAnalysis.identifiedLanguages)
+  } catch (err) {
+    next(err)
+    return
+  }
+  next()
+}
+const checkIdentifiedLanguageHasProjectFile = identifiedLanguages => {
+  // Handle the error case where only a single language has been identified...
+  if (Object.keys(identifiedLanguages).length == 1) {
+    let { projectFilenames } = Object.values(identifiedLanguages)[0]
+    // ...but no project files for that language have been found
+    if (projectFilenames.length == 0) {
+      const [language] = Object.keys(identifiedLanguages)
+      throw new Error(i18n.__('languageAnalysisProjectFileError', language))
+    }
+  }
+}
+//For testing purposes
+exports.checkIdentifiedLanguageHasProjectFile = checkIdentifiedLanguageHasProjectFile

package/src/audit/languageAnalysisEngine/commonApi.js ADDED Viewed

@@ -0,0 +1,20 @@
+const { getHttpClient } = require('../../utils/commonApi')
+const returnAppId = async config => {
+  const client = getHttpClient(config)
+  let appId
+  await client.getAppId(config).then(res => {
+    if (res.body) {
+      let obj = res.body['applications']
+      if (obj) {
+        appId = obj.length === 0 ? '' : obj[0].app_id
+      }
+    }
+  })
+  return appId
+}
+module.exports = {
+  returnAppId: returnAppId
+}

package/src/audit/languageAnalysisEngine/constants.js ADDED Viewed

@@ -0,0 +1,23 @@
+// Language identifiers
+const NODE = 'NODE'
+const JAVASCRIPT = 'JAVASCRIPT'
+const DOTNET = 'DOTNET'
+const JAVA = 'JAVA'
+const RUBY = 'RUBY'
+const PYTHON = 'PYTHON'
+const GO = 'GO'
+// we set the langauge as Node instead of PHP since we're using the Node engine in TS
+const PHP = 'PHP'
+const LOW = 'LOW'
+const MEDIUM = 'MEDIUM'
+const HIGH = 'HIGH'
+const CRITICAL = 'CRITICAL'
+module.exports = {
+  supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
+  LOW: LOW,
+  MEDIUM: MEDIUM,
+  HIGH: HIGH,
+  CRITICAL: CRITICAL
+}

package/src/audit/languageAnalysisEngine/filterProjectPath.js ADDED Viewed

@@ -0,0 +1,21 @@
+const path = require('path')
+function resolveFilePath(filepath) {
+  if (filepath[0] === '~') {
+    return path.join(process.env.HOME, filepath.slice(1))
+  }
+  return filepath
+}
+const returnProjectPath = () => {
+  if (process.env.PWD !== (undefined || null || 'undefined')) {
+    return process.env.PWD
+  } else {
+    return process.argv[process.argv.indexOf('--project_path') + 1]
+  }
+}
+module.exports = {
+  returnProjectPath: returnProjectPath,
+  resolveFilePath: resolveFilePath
+}

package/src/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js ADDED Viewed

@@ -0,0 +1,41 @@
+const path = require('path')
+/**
+ * Assemble analysis results into a common object to provide
+ * language, project file name and paths
+ */
+module.exports = exports = (analysis, next) => {
+  const { projectPath, languageAnalysis } = analysis
+  languageAnalysis.identifiedLanguageInfo = getIdentifiedLanguageInfo(
+    projectPath,
+    languageAnalysis.identifiedLanguages
+  )
+  next()
+}
+const getIdentifiedLanguageInfo = (projectPath, identifiedLanguages) => {
+  const [language] = Object.keys(identifiedLanguages)
+  const {
+    projectFilenames: [projectFilename],
+    lockFilenames: [lockFilename]
+  } = Object.values(identifiedLanguages)[0]
+  let identifiedLanguageInfo = {
+    language,
+    projectFilename,
+    projectFilePath: path.join(projectPath, projectFilename)
+  }
+  if (lockFilename) {
+    identifiedLanguageInfo = {
+      ...identifiedLanguageInfo,
+      lockFilename,
+      lockFilePath: path.join(projectPath, lockFilename)
+    }
+  }
+  return identifiedLanguageInfo
+}
+//For testing purposes
+exports.getIdentifiedLanguageInfo = getIdentifiedLanguageInfo

package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js ADDED Viewed

@@ -0,0 +1,72 @@
+const fs = require('fs')
+const path = require('path')
+const i18n = require('i18n')
+/**
+ * Will get the filenames from the project path provided to the SCA CLI tool. If
+ * the project path points to a file and not a directory will return the
+ * filename in the same fashion as if a directory had been read.
+ *
+ * Will fail and throw for a manner of reasons when doing file/directory
+ * inspection.
+ *
+ * @param {string} projectPath - The path to a projects root directory or a
+ * specific project file
+ *
+ * @return {string[]} List of filenames associated with a projects root
+ * directory or the name of the specific project file if that was provided to
+ * the 'projectPath' parameter
+ *
+ * @throws {Error} If the project path doesn't exist
+ * @throws {Error} If the project path information can't be collected
+ * @throws {Error} If a non-file or non-directory inspected
+ */
+module.exports = exports = (analysis, next) => {
+  const { projectPath, languageAnalysis } = analysis
+  try {
+    languageAnalysis.projectRootFilenames = getProjectRootFilenames(projectPath)
+  } catch (err) {
+    next(err)
+    return
+  }
+  next()
+}
+const getProjectRootFilenames = projectPath => {
+  let projectStats = null
+  try {
+    projectStats = fs.statSync(projectPath)
+  } catch (err) {
+    throw new Error(
+      i18n.__('languageAnalysisProjectRootFileNameFailure', projectPath) +
+        `${err.message}`
+    )
+  }
+  // Return the contents of a directory...
+  if (projectStats.isDirectory()) {
+    try {
+      return fs.readdirSync(projectPath)
+    } catch (err) {
+      throw new Error(
+        i18n.__('languageAnalysisProjectRootFileNameReadError', projectPath) +
+          `${err.message}`
+      )
+    }
+  }
+  // If we are working with a file return it in a list as we do when we work
+  // with a directory...
+  if (projectStats.isFile()) {
+    return [path.basename(projectPath)]
+  }
+  // Error out if we are working with something like a socket file or some
+  // other craziness...
+  throw new Error(
+    i18n.__('languageAnalysisProjectRootFileNameMissingError'),
+    projectPath
+  )
+}
+//For testing purposes
+exports.getProjectRootFilenames = getProjectRootFilenames

package/src/audit/languageAnalysisEngine/index.js ADDED Viewed

@@ -0,0 +1,45 @@
+const AnalysisEngine = require('./../AnalysisEngine')
+const i18n = require('i18n')
+const getProjectRootFilenames = require('./getProjectRootFilenames')
+const reduceIdentifiedLanguages = require('./reduceIdentifiedLanguages')
+const checkForMultipleIdentifiedLanguages = require('./checkForMultipleIdentifiedLanguages')
+const checkForMultipleIdentifiedProjectFiles = require('./checkForMultipleIdentifiedProjectFiles')
+const checkIdentifiedLanguageHasProjectFile = require('./checkIdentifiedLanguageHasProjectFile')
+const checkIdentifiedLanguageHasLockFile = require('./checkIdentifiedLanguageHasLockFile')
+const getIdentifiedLanguageInfo = require('./getIdentifiedLanguageInfo')
+const { libraryAnalysisError } = require('../../common/errorHandling')
+module.exports = exports = (projectPath, callback, appId, config) => {
+  // Create an analysis engine to identify the project language
+  const ae = new AnalysisEngine({
+    projectPath,
+    appId,
+    languageAnalysis: { appId: appId },
+    config
+  })
+  ae.use([
+    getProjectRootFilenames,
+    reduceIdentifiedLanguages,
+    checkForMultipleIdentifiedLanguages,
+    checkForMultipleIdentifiedProjectFiles,
+    checkIdentifiedLanguageHasProjectFile,
+    checkIdentifiedLanguageHasLockFile,
+    getIdentifiedLanguageInfo
+  ])
+  ae.analyze((err, analysis) => {
+    if (err) {
+      console.log(
+        '*******************' +
+          i18n.__('languageAnalysisFailureMessage') +
+          '****************'
+      )
+      console.error(`${err.message}`)
+      libraryAnalysisError()
+      process.exit(1)
+    }
+    callback(null, analysis)
+  })
+}

package/src/audit/languageAnalysisEngine/langugageAnalysisFactory.js ADDED Viewed

@@ -0,0 +1,126 @@
+const {
+  supportedLanguages: { DOTNET, NODE, JAVA, RUBY, PYTHON, GO, PHP }
+} = require('../languageAnalysisEngine/constants')
+const i18n = require('i18n')
+const dotnetAE = require('../dotnetAnalysisEngine')
+const nodeAE = require('../nodeAnalysisEngine')
+const javaAE = require('../javaAnalysisEngine')
+const rubyAE = require('../rubyAnalysisEngine')
+const pythonAE = require('../pythonAnalysisEngine')
+const phpAE = require('../phpAnalysisEngine')
+const goAE = require('../goAnalysisEngine')
+const { vulnerabilityReport } = require('./report/reportingFeature')
+const { vulnReportWithoutDevDep } = require('./report/newReportingFeature')
+const { checkDevDeps } = require('./report/checkIgnoreDevDep')
+const { newSendSnapShot } = require('../languageAnalysisEngine/sendSnapshot')
+const fs = require('fs')
+const chalk = require('chalk')
+const saveFile = require('../../commands/audit/saveFile').default
+const generateSbom = require('../../sbom/generateSbom').default
+module.exports = exports = (err, analysis) => {
+  const { identifiedLanguageInfo } = analysis.languageAnalysis
+  const catalogueAppId = analysis.languageAnalysis.appId
+  if (err) {
+    console.error(err)
+    return
+  }
+  // this callback is the end of the chain
+  const langCallback = async (err, analysis) => {
+    const config = analysis.config
+    if (err) {
+      console.log()
+      console.log(
+        '***********' +
+          i18n.__('languageAnalysisFactoryFailureHeader') +
+          '****************'
+      )
+      console.log(identifiedLanguageInfo.language)
+      console.log()
+      console.error(
+        `${identifiedLanguageInfo.language}` +
+          i18n.__('languageAnalysisFailure') +
+          err
+      )
+      return process.exit(5)
+    }
+    console.log('\n **************CONTRAST OSS ANALYSIS BEGINS**************')
+    const snapshotResponse = await newSendSnapShot(analysis, catalogueAppId)
+    if (config.report) {
+      const ignoreDevUrl = await checkDevDeps(config)
+      if (ignoreDevUrl) {
+        await vulnReportWithoutDevDep(
+          analysis,
+          catalogueAppId,
+          snapshotResponse.id,
+          config
+        )
+      } else {
+        await vulnerabilityReport(analysis, catalogueAppId, config)
+      }
+    }
+    //should be moved to processAudit.ts once promises implemented
+    await auditSave(config)
+    console.log(
+      '\n ***************CONTRAST OSS ANALYSIS COMPLETE************** \n'
+    )
+  }
+  if (identifiedLanguageInfo.language === DOTNET) {
+    dotnetAE(identifiedLanguageInfo, analysis.config, langCallback)
+  }
+  if (identifiedLanguageInfo.language === NODE) {
+    nodeAE(identifiedLanguageInfo, analysis.config, langCallback)
+  }
+  if (identifiedLanguageInfo.language === JAVA) {
+    javaAE(identifiedLanguageInfo, analysis.config, langCallback)
+  }
+  if (identifiedLanguageInfo.language === RUBY) {
+    rubyAE(identifiedLanguageInfo, analysis.config, langCallback)
+  }
+  if (identifiedLanguageInfo.language === PYTHON) {
+    pythonAE(identifiedLanguageInfo, analysis.config, langCallback)
+  }
+  if (identifiedLanguageInfo.language === PHP) {
+    phpAE(identifiedLanguageInfo, analysis.config, langCallback)
+  }
+  if (identifiedLanguageInfo.language === GO) {
+    goAE(identifiedLanguageInfo, analysis.config, langCallback)
+  }
+}
+async function auditSave(config) {
+  //should be moved to processAudit.ts once promises implemented
+  if (config.save) {
+    if (config.save.toLowerCase() === 'sbom') {
+      saveFile(config, await generateSbom(config))
+      const filename = `${config.applicationId}-sbom-cyclonedx.json`
+      if (fs.existsSync(filename)) {
+        console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`)
+      } else {
+        console.log(
+          chalk.yellow.bold(
+            `\n Unable to save ${filename} Software Bill of Materials (SBOM)`
+          )
+        )
+      }
+    } else {
+      console.log(i18n.__('auditBadFiletypeSpecifiedForSave'))
+    }
+  } else {
+    console.log(i18n.__('auditNoFiletypeSpecifiedForSave'))
+  }
+}