@contrast/contrast 1.0.0 → 1.0.3

package/src/commands/audit/help.ts

@@ -0,0 +1,48 @@
+import commandLineUsage from 'command-line-usage'
+import i18n from 'i18n'
+import constants from '../../constants'
+
+const auditUsageGuide = commandLineUsage([
+  {
+    header: i18n.__('auditHeader'),
+    content: [i18n.__('auditHeaderMessage')]
+  },
+  {
+    header: i18n.__('constantsPrerequisitesHeader'),
+    content: [
+      '{bold ' +
+        i18n.__('constantsAuditPrerequisitesContentSupportedLanguages') +
+        '}',
+      '{bold ' +
+        i18n.__('constantsAuditPrerequisitesContentJava') +
+        '}' +
+        i18n.__('constantsAuditPrerequisitesContentMessage'),
+      '',
+      '{italic ' + i18n.__('constantsJavaNote') + '}',
+      '{italic ' + i18n.__('constantsJavaNoteGradle') + '}',
+      '',
+      '{bold ' +
+        i18n.__('constantsAuditPrerequisitesContentDotNet') +
+        '}' +
+        i18n.__('constantsAuditPrerequisitesContentDotNetMessage'),
+      '{bold ' +
+        i18n.__('constantsAuditPrerequisitesContentLanguageNode') +
+        '}' +
+        i18n.__('constantsAuditPrerequisitesContentLanguageNodeMessage'),
+      '{bold ' +
+        i18n.__('constantsAuditPrerequisitesContentLanguageRuby') +
+        '}' +
+        i18n.__('constantsAuditPrerequisitesContentLanguageRubyMessage'),
+      '{bold ' +
+        i18n.__('constantsAuditPrerequisitesContentLanguagePython') +
+        '}' +
+        i18n.__('constantsAuditPrerequisitesContentLanguagePythonMessage')
+    ]
+  },
+  {
+    header: i18n.__('constantsAuditOptions'),
+    optionList: constants.commandLineDefinitions.auditOptionDefinitions
+  }
+])
+
+export { auditUsageGuide }

package/src/commands/audit/processAudit.ts

@@ -0,0 +1,18 @@
+import { startAudit } from './auditController'
+import { getAuditConfig } from './auditConfig'
+import { auditUsageGuide } from './help'
+
+export type parameterInput = string[]
+
+export const processAudit = async (argv: parameterInput) => {
+  if (argv.indexOf('--help') != -1) {
+    printHelpMessage()
+    process.exit(1)
+  }
+  const config = getAuditConfig(argv)
+  const auditResults = await startAudit(config)
+}
+
+const printHelpMessage = () => {
+  console.log(auditUsageGuide)
+}

package/src/commands/audit/saveFile.ts

@@ -0,0 +1,6 @@
+import fs from 'fs'
+
+export default function saveFile(config: any, rawResults: any) {
+  const fileName = `${config.applicationId}-sbom-cyclonedx.json`
+  fs.writeFileSync(fileName, JSON.stringify(rawResults))
+}

package/src/commands/auth/auth.js

@@ -11,8 +11,21 @@ const {
   succeedSpinner
 } = require('../../utils/oraWrapper')
 const { TIMEOUT, AUTH_UI_URL } = require('../../constants/constants')
+const parsedCLIOptions = require('../../utils/parsedCLIOptions')
+const constants = require('../../constants')
+const commandLineUsage = require('command-line-usage')
+
+const processAuth = async (argv, config) => {
+  let authParams = parsedCLIOptions.getCommandLineArgsCustom(
+    argv,
+    constants.commandLineDefinitions.authOptionDefinitions
+  )
+
+  if (authParams.help) {
+    console.log(authUsageGuide)
+    process.exit(0)
+  }
 
-const processAuth = async config => {
   const token = uuidv4()
   const url = `${AUTH_UI_URL}/?token=${token}`
 
@@ -44,7 +57,7 @@ const isAuthComplete = async (token, timeout, config) => {
     let result = await pollAuthResult(token, client)
     if (result.statusCode === 200) {
       succeedSpinner(authSpinner, i18n.__('authSuccessMessage'))
-      console.log(i18n.__('runScanMessage'))
+      console.log(i18n.__('runAuthSuccessMessage'))
       return result.body
     }
     let endTime = new Date() - startTime
@@ -68,6 +81,17 @@ const pollAuthResult = async (token, client) => {
     })
 }
 
+const authUsageGuide = commandLineUsage([
+  {
+    header: i18n.__('authHeader'),
+    content: [i18n.__('constantsAuthHeaderContents')]
+  },
+  {
+    header: i18n.__('constantsAuthUsageHeader'),
+    content: [i18n.__('constantsAuthUsageContents')]
+  }
+])
+
 module.exports = {
   processAuth: processAuth
 }

package/src/commands/config/config.js

@@ -1,15 +1,19 @@
-const commandLineArgs = require('command-line-args')
+const parsedCLIOptions = require('../../utils/parsedCLIOptions')
+const constants = require('../../constants')
+const commandLineUsage = require('command-line-usage')
+const i18n = require('i18n')
 
 const processConfig = (argv, config) => {
-  const options = [{ name: 'clear', alias: 'c', type: Boolean }]
-
   try {
-    const configOptions = commandLineArgs(options, {
+    let configParams = parsedCLIOptions.getCommandLineArgsCustom(
       argv,
-      caseInsensitive: true,
-      camelCase: true
-    })
-    if (configOptions.clear) {
+      constants.commandLineDefinitions.configOptionDefinitions
+    )
+    if (configParams.help) {
+      console.log(configUsageGuide)
+      process.exit(0)
+    }
+    if (configParams.clear) {
       config.clear()
     } else {
       console.log(JSON.parse(JSON.stringify(config.store)))
@@ -20,6 +24,16 @@ const processConfig = (argv, config) => {
   }
 }
 
+const configUsageGuide = commandLineUsage([
+  {
+    header: i18n.__('configHeader')
+  },
+  {
+    content: [i18n.__('constantsConfigUsageContents')],
+    optionList: constants.commandLineDefinitions.configOptionDefinitions
+  }
+])
+
 module.exports = {
   processConfig: processConfig
 }

package/src/commands/scan/processScan.js

@@ -1,29 +1,25 @@
 const { startScan } = require('../../scan/scanController')
-const paramHandler = require('../../utils/paramsUtil/paramHandler')
 const { formatScanOutput } = require('../../scan/scan')
 const { scanUsageGuide } = require('../../scan/help')
+const scanConfig = require('../../scan/scanConfig')
+const { saveScanFile } = require('../../utils/saveFile')
 
-const processScan = async () => {
-  let getScanSubCommands = paramHandler.getScanSubCommands()
-  if (getScanSubCommands.help) {
-    printHelpMessage()
-    process.exit(1)
-  }
+const processScan = async argvMain => {
+  let config = scanConfig.getScanConfig(argvMain)
 
-  let scanResults = await startScan()
+  let scanResults = await startScan(config)
   if (scanResults) {
     formatScanOutput(
       scanResults?.projectOverview,
       scanResults?.scanResultsInstances
     )
   }
-}
 
-const printHelpMessage = () => {
-  console.log(scanUsageGuide)
+  if (config.save !== undefined) {
+    await saveScanFile(config, scanResults)
+  }
 }
 
 module.exports = {
-  processScan,
-  printHelpMessage
+  processScan
 }

package/src/common/HTTPClient.js

@@ -6,10 +6,10 @@ const { AUTH_CALLBACK_URL } = require('../constants/constants')
 function HTTPClient(config) {
   const apiKey = config.apiKey
   const authToken = config.authorization
-  // this.rejectUnauthorized = !additionalParams.ignore_cert_errors
+  this.rejectUnauthorized = !config.ignoreCertErrors
 
-  const superApiKey = config.super_api_key
-  const superAuthToken = config.super_authorization
+  const superApiKey = config.superApiKey
+  const superAuthToken = config.superAuthorization
 
   this.requestOptions = {
     forever: true,
@@ -91,6 +91,15 @@ HTTPClient.prototype.getSpecificScanResult = function getSpecificScanResult(
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
+HTTPClient.prototype.getSpecificScanResultSarif = function getSpecificScanResultSarif(
+  config,
+  scanId
+) {
+  const options = _.cloneDeep(this.requestOptions)
+  options.url = createRawOutputURL(config, scanId)
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
 HTTPClient.prototype.getScanId = function getScanId(config, codeArtifactId) {
   const options = _.cloneDeep(this.requestOptions)
   let url = createGetScanIdURL(config)
@@ -119,8 +128,10 @@ HTTPClient.prototype.createProjectId = function createProjectId(config) {
 
   options.body = {
     name: config.name,
-    archived: 'false',
-    language: config.language
+    archived: 'false'
+  }
+  if (config.language) {
+    options.body.language = config.language
   }
   options.url = createHarmonyProjectsUrl(config)
   return requestUtils.sendRequest({ method: 'post', options })
@@ -159,6 +170,80 @@ HTTPClient.prototype.pollForAuth = function pollForAuth(token) {
   return requestUtils.sendRequest({ method: 'post', options })
 }
 
+HTTPClient.prototype.catalogueCommand = function catalogueCommand(config) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createAppCreateURL(config)
+  options.url = url
+
+  let requestBody = {}
+  requestBody.name = config.applicationName
+  requestBody.language = config.language.toUpperCase()
+  requestBody.appGroups = config.appGroups
+  requestBody.metadata = config.metadata
+  requestBody.tags = config.tags
+  requestBody.code = config.code
+  options.body = requestBody
+
+  return requestUtils.sendRequest({ method: 'post', options })
+}
+
+HTTPClient.prototype.sendSnapshot = function sendSnapshot(requestBody, config) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createSnapshotURL(config)
+  options.url = url
+  options.body = requestBody
+  return requestUtils.sendRequest({ method: 'post', options })
+}
+
+HTTPClient.prototype.getReport = function getReport(config) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createReportUrl(config)
+  options.url = url
+
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
+HTTPClient.prototype.getSpecificReport = function getSpecificReport(
+  config,
+  reportId
+) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createSpecificReportUrl(config, reportId)
+  options.url = url
+
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
+HTTPClient.prototype.getLibraryVulnerabilities = function getLibraryVulnerabilities(
+  requestBody,
+  config
+) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createLibraryVulnerabilitiesUrl(config)
+  options.url = url
+  options.body = requestBody
+
+  return requestUtils.sendRequest({ method: 'put', options })
+}
+
+HTTPClient.prototype.getAppId = function getAppId(config) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createAppNameUrl(config)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
+HTTPClient.prototype.getDependencyTree = function getReport(
+  orgUuid,
+  appId,
+  reportId
+) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createGetDependencyTree(options.uri, orgUuid, appId, reportId)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
 // serverless - lambda
 function getServerlessHost(config = {}) {
   const originalHost = config?.host || config?.get('host')
@@ -195,10 +280,10 @@ function createScanResultsGetUrl(config, params, scanId, functionArn) {
 
 HTTPClient.prototype.postFunctionScan = async function postFunctionScan(
   config,
-  parameters,
+  params,
   body
 ) {
-  const url = createScanFunctionPostUrl(config, parameters)
+  const url = createScanFunctionPostUrl(config, params)
   const options = { ...this.requestOptions, body, url }
 
   return requestUtils.sendRequest({ method: 'post', options })
@@ -206,10 +291,10 @@ HTTPClient.prototype.postFunctionScan = async function postFunctionScan(
 
 HTTPClient.prototype.getScanResources = async function getScanResources(
   config,
-  parameters,
+  params,
   scanId
 ) {
-  const url = createScanResourcesGetUrl(config, parameters, scanId)
+  const url = createScanResourcesGetUrl(config, params, scanId)
   const options = { ...this.requestOptions, url }
 
   return requestUtils.sendRequest({ method: 'get', options })
@@ -217,27 +302,41 @@ HTTPClient.prototype.getScanResources = async function getScanResources(
 
 HTTPClient.prototype.getFunctionScanResults = async function getFunctionScanResults(
   config,
-  parameters,
+  params,
   scanId,
   functionArn
 ) {
-  const url = createScanResultsGetUrl(config, parameters, scanId, functionArn)
+  const url = createScanResultsGetUrl(config, params, scanId, functionArn)
   const options = { ...this.requestOptions, url }
 
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
+HTTPClient.prototype.checkLibrary = function checkLibrary(data) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createDataUrl()
+  options.url = url
+  options.body = data
+  return requestUtils.sendRequest({ method: 'post', options })
+}
+
+HTTPClient.prototype.getSbom = function getSbom(config) {
+  const options = _.cloneDeep(this.requestOptions)
+  options.url = createSbomCycloneDXUrl(config)
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
 // scan
 const createGetScanIdURL = config => {
   return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/`
 }
 
 const createScanResultsInstancesURL = (config, scanId) => {
-  return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/result-instances?sort=severity,asc`
+  return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/result-instances/info?size=50&page=0&last=false&sort=severity,asc`
 }
 
-const createRawOutputURL = (config, codeArtifactId) => {
-  return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${codeArtifactId}/raw-output`
+const createRawOutputURL = (config, scanId) => {
+  return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/raw-output`
 }
 
 const createSpecificScanResultURL = (config, scanId) => {
@@ -264,6 +363,42 @@ const pollForAuthUrl = () => {
   return `${AUTH_CALLBACK_URL}/auth/credentials`
 }
 
+function createSnapshotURL(config) {
+  return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots`
+}
+
+const createAppCreateURL = config => {
+  return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/create`
+}
+
+const createAppNameUrl = config => {
+  return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/name?filterText=${config.applicationName}`
+}
+
+function createLibraryVulnerabilitiesUrl(config) {
+  return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`
+}
+
+function createReportUrl(config) {
+  return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports`
+}
+
+function createSpecificReportUrl(config, reportId) {
+  return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}?nodesToInclude=PROD`
+}
+
+function createDataUrl() {
+  return `https://ardy.contrastsecurity.com/production`
+}
+
+const createGetDependencyTree = (protocol, orgUuid, appId, reportId) => {
+  return `${protocol}/Contrast/api/ng/sca/organizations/${orgUuid}/applications/${appId}/reports/${reportId}`
+}
+
+function createSbomCycloneDXUrl(config) {
+  return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/cyclonedx`
+}
+
 module.exports = HTTPClient
 module.exports.pollForAuthUrl = pollForAuthUrl
 module.exports.getServerlessHost = getServerlessHost

package/src/common/errorHandling.ts

@@ -1,4 +1,58 @@
 import i18n from 'i18n'
+import { sortBy } from 'lodash'
+
+const handleResponseErrors = (res: any, api: string) => {
+  if (res.statusCode === 400) {
+    api === 'catalogue' ? badRequestError(true) : badRequestError(false)
+  } else if (res.statusCode === 401) {
+    unauthenticatedError()
+  } else if (res.statusCode === 403) {
+    forbiddenError()
+  } else if (res.statusCode === 407) {
+    proxyError()
+  } else {
+    if (api === 'snapshot' || api === 'catalogue') {
+      snapshotFailureError()
+    }
+    if (api === 'vulnerabilities') {
+      vulnerabilitiesFailureError()
+    }
+    if (api === 'report') {
+      reportFailureError()
+    }
+  }
+}
+
+const libraryAnalysisError = () => {
+  console.log(i18n.__('libraryAnalysisError'))
+}
+
+const snapshotFailureError = () => {
+  console.log(
+    '\n ******************************** ' +
+      i18n.__('snapshotFailureHeader') +
+      ' *********************************\n' +
+      i18n.__('snapshotFailureMessage')
+  )
+}
+
+const vulnerabilitiesFailureError = () => {
+  console.log(
+    '\n ******************************** ' +
+      i18n.__('snapshotFailureHeader') +
+      ' *********************************\n' +
+      i18n.__('vulnerabilitiesFailureMessage')
+  )
+}
+
+const reportFailureError = () => {
+  console.log(
+    '\n ******************************** ' +
+      i18n.__('snapshotFailureHeader') +
+      ' *********************************\n' +
+      i18n.__('reportFailureMessage')
+  )
+}
 
 const genericError = (missingCliOption: string) => {
   // prettier-ignore
@@ -19,6 +73,7 @@ const badRequestError = (catalogue: boolean) => {
 
 const forbiddenError = () => {
   generalError('forbiddenRequestErrorHeader', 'forbiddenRequestErrorMessage')
+  process.exit(1)
 }
 
 const proxyError = () => {
@@ -51,7 +106,7 @@ const getErrorMessage = (header: string, message?: string) => {
   const multiLine = message?.includes('\n')
   let finalMessage = ''
 
-  // i18n split the line if it includes "\n"
+  // i18n split the line if it includes '\n'
   if (multiLine) {
     finalMessage = `\n${message}`
   } else if (message) {
@@ -66,6 +121,31 @@ const generalError = (header: string, message?: string) => {
   console.log(finalMessage)
 }
 
+const findCommandOnError = (unknownOptions: string[]) => {
+  const commandKeywords = {
+    auth: 'auth',
+    audit: 'audit',
+    scan: 'scan',
+    lambda: 'lambda',
+    config: 'config'
+  }
+
+  const containsCommandKeyword = unknownOptions.some(
+    // @ts-ignore
+    command => commandKeywords[command]
+  )
+
+  if (containsCommandKeyword) {
+    const foundCommands = unknownOptions.filter(
+      // @ts-ignore
+      command => commandKeywords[command]
+    )
+
+    //return the first command found
+    return foundCommands[0]
+  }
+}
+
 export {
   genericError,
   unauthenticatedError,
@@ -75,5 +155,8 @@ export {
   failOptionError,
   hostWarningError,
   generalError,
-  getErrorMessage
+  getErrorMessage,
+  handleResponseErrors,
+  libraryAnalysisError,
+  findCommandOnError
 }

package/src/common/versionChecker.ts

@@ -0,0 +1,39 @@
+import latestVersion from 'latest-version'
+import { APP_VERSION } from '../constants/constants'
+import boxen from 'boxen'
+import chalk from 'chalk'
+import semver from 'semver'
+
+export async function findLatestCLIVersion() {
+  const latestCLIVersion = await latestVersion('@contrast/contrast')
+
+  if (semver.lt(APP_VERSION, latestCLIVersion)) {
+    const updateAvailableMessage = `Update available ${chalk.yellow(
+      APP_VERSION
+    )} → ${chalk.green(latestCLIVersion)}`
+
+    const npmUpdateAvailableCommand = `Run ${chalk.cyan(
+      'npm i @contrast/contrast -g'
+    )} to update via npm`
+
+    const homebrewUpdateAvailableCommand = `Run ${chalk.cyan(
+      'brew install contrastsecurity/tap/contrast'
+    )} to update via brew`
+
+    console.log(
+      boxen(
+        `${updateAvailableMessage}\n${npmUpdateAvailableCommand}\n\n${homebrewUpdateAvailableCommand}`,
+        {
+          titleAlignment: 'center',
+          margin: 1,
+          padding: 1,
+          align: 'center'
+        }
+      )
+    )
+  }
+}
+
+export async function isCorrectNodeVersion(currentVersion: string) {
+  return semver.satisfies(currentVersion, '>=16.13.2 <17')
+}

package/src/constants/constants.js

@@ -8,17 +8,17 @@ const GO = 'GO'
 // we set the langauge as Node instead of PHP since we're using the Node engine in TS
 const PHP = 'PHP'
 const JAVASCRIPT = 'JAVASCRIPT'
-
 const LOW = 'LOW'
 const MEDIUM = 'MEDIUM'
 const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
-
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.0'
+const APP_VERSION = '1.0.3'
 const TIMEOUT = 120000
+
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com'
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com'
+const SARIF_FILE = 'SARIF'
 
 module.exports = {
   supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
@@ -30,5 +30,6 @@ module.exports = {
   APP_NAME,
   TIMEOUT,
   AUTH_UI_URL,
-  AUTH_CALLBACK_URL
+  AUTH_CALLBACK_URL,
+  SARIF_FILE
 }