@contrast/contrast 1.0.0 → 1.0.3

package/src/scan/scanConfig.js

@@ -0,0 +1,54 @@
+const paramHandler = require('../utils/paramsUtil/paramHandler')
+const constants = require('../../src/constants.js')
+const parsedCLIOptions = require('../../src/utils/parsedCLIOptions')
+const path = require('path')
+const {
+  supportedLanguages
+} = require('../audit/languageAnalysisEngine/constants')
+const i18n = require('i18n')
+const { scanUsageGuide } = require('./help')
+
+const getScanConfig = argv => {
+  let scanParams = parsedCLIOptions.getCommandLineArgsCustom(
+    argv,
+    constants.commandLineDefinitions.scanOptionDefinitions
+  )
+
+  if (scanParams.help) {
+    printHelpMessage()
+    process.exit(0)
+  }
+
+  const paramsAuth = paramHandler.getAuth(scanParams)
+
+  if (scanParams.language) {
+    scanParams.language = scanParams.language.toUpperCase()
+    if (!Object.values(supportedLanguages).includes(scanParams.language)) {
+      console.log(`Did not recognise --language ${scanParams.language}`)
+      console.log(i18n.__('constantsHowToRunDev3'))
+      process.exit(0)
+    }
+  }
+
+  // if no name, take the full file path and use it as the project name
+  if (!scanParams.name && scanParams.file) {
+    scanParams.name = getFileName(scanParams.file)
+  }
+
+  return { ...paramsAuth, ...scanParams }
+}
+
+const getFileName = file => {
+  // from '/Users/x/y/spring-async.war' to 'spring-async.war'
+  return file.split(path.sep).pop()
+}
+
+const printHelpMessage = () => {
+  console.log(scanUsageGuide)
+}
+
+module.exports = {
+  getScanConfig,
+  getFileName,
+  printHelpMessage
+}

package/src/scan/scanController.js

@@ -8,8 +8,8 @@ const populateProjectIdAndProjectName = require('./populateProjectIdAndProjectNa
 const scan = require('./scan')
 const scanResults = require('./scanResults')
 const autoDetection = require('./autoDetection')
-const paramHandler = require('../utils/paramsUtil/paramHandler')
 const fileFunctions = require('./fileUtils')
+const { performance } = require('perf_hooks')
 
 const getTimeout = config => {
   if (config.timeout) {
@@ -22,21 +22,23 @@ const getTimeout = config => {
   }
 }
 
-const startScan = async () => {
-  let paramsAuth = paramHandler.getAuth()
-  let getScanSubCommands = paramHandler.getScanSubCommands()
-  const configToUse = { ...paramsAuth, ...getScanSubCommands }
-  if (configToUse.file === undefined || configToUse.file === null) {
-    await autoDetection.autoDetectFileAndLanguage(configToUse)
-  } else {
-    if (fileFunctions.fileExists(configToUse.file)) {
-      scan.zipValidator(configToUse)
-      autoDetection.assignLanguage([configToUse.file], configToUse)
-    } else {
+const fileAndLanguageLogic = async configToUse => {
+  if (configToUse.file) {
+    if (!fileFunctions.fileExists(configToUse.file)) {
       console.log(i18n.__('fileNotExist'))
-      process.exit(0)
+      process.exit(1)
+    }
+    return configToUse
+  } else {
+    if (configToUse.file === undefined || configToUse.file === null) {
+      await autoDetection.autoDetectFileAndLanguage(configToUse)
     }
   }
+}
+
+const startScan = async configToUse => {
+  const startTime = performance.now()
+  await fileAndLanguageLogic(configToUse)
 
   if (!configToUse.projectId) {
     configToUse.projectId = await populateProjectIdAndProjectName.populateProjectId(
@@ -46,7 +48,7 @@ const startScan = async () => {
   const codeArtifactId = await scan.sendScan(configToUse)
 
   if (!configToUse.ff) {
-    const startScanSpinner = returnOra('Contrast Scan started')
+    const startScanSpinner = returnOra('🚀 Contrast Scan started')
     startSpinner(startScanSpinner)
     const scanDetail = await scanResults.returnScanResults(
       configToUse,
@@ -58,9 +60,14 @@ const startScan = async () => {
       configToUse,
       scanDetail.id
     )
+    const endTime = performance.now()
+    const scanDurationMs = endTime - startTime
     succeedSpinner(startScanSpinner, 'Contrast Scan complete')
+    console.log(
+      `----- Scan completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
+    )
     const projectOverview = await scanResults.returnScanProjectById(configToUse)
-    return { projectOverview, scanResultsInstances }
+    return { projectOverview, scanDetail, scanResultsInstances }
   }
 }
 

package/src/scan/scanResults.js

@@ -1,7 +1,8 @@
 const commonApi = require('../utils/commonApi')
 const requestUtils = require('../../src/utils/requestUtils')
-const i18n = require('i18n')
 const oraFunctions = require('../utils/oraWrapper')
+const _ = require('lodash')
+const i18n = require('i18n')
 
 const getScanId = async (config, codeArtifactId, client) => {
   return client
@@ -36,28 +37,40 @@ const returnScanResults = async (
   let scanId = await getScanId(config, codeArtifactId, client)
   let startTime = new Date()
   let complete = false
-  while (!complete) {
-    let result = await pollScanResults(config, scanId, client)
-    if (JSON.stringify(result.statusCode) == 200) {
-      if (result.body.status === 'COMPLETED') {
-        complete = true
-        return result.body
+  if (!_.isNil(scanId)) {
+    while (!complete) {
+      let result = await pollScanResults(config, scanId, client)
+      if (JSON.stringify(result.statusCode) == 200) {
+        if (result.body.status === 'COMPLETED') {
+          complete = true
+          return result.body
+        }
+        if (result.body.status === 'FAILED') {
+          complete = true
+          oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan Failed.')
+          console.log(result.body.errorMessage)
+          if (
+            result.body.errorMessage ===
+            'Unable to determine language for code artifact'
+          ) {
+            console.log(
+              'Try scanning again using --language param. ',
+              i18n.__('scanOptionsLanguageSummary')
+            )
+          }
+          process.exit(1)
+        }
       }
-      if (result.body.status === 'FAILED') {
-        complete = true
-        oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan Failed.')
+      let endTime = new Date() - startTime
+      if (requestUtils.millisToSeconds(endTime) > timeout) {
+        oraFunctions.failSpinner(
+          startScanSpinner,
+          'Contrast Scan timed out at the specified ' + timeout + ' seconds.'
+        )
+        console.log('Please try again, allowing more time.')
         process.exit(1)
       }
     }
-    let endTime = new Date() - startTime
-    if (requestUtils.millisToSeconds(endTime) > timeout) {
-      oraFunctions.failSpinner(
-        startScanSpinner,
-        'Contrast Scan timed out at the specified ' + timeout + ' seconds.'
-      )
-      console.log('Please try again, allowing more time.')
-      process.exit(1)
-    }
   }
 }
 

package/src/utils/commonApi.js

@@ -4,11 +4,10 @@ const {
   unauthenticatedError,
   forbiddenError,
   proxyError,
-  hostWarningError,
   genericError
 } = require('../common/errorHandling')
 
-const handleResponseErrors = (res, api, hostPresent) => {
+const handleResponseErrors = (res, api) => {
   if (res.statusCode === 400) {
     api === 'catalogue' ? badRequestError(true) : badRequestError(false)
   } else if (res.statusCode === 401) {
@@ -18,7 +17,7 @@ const handleResponseErrors = (res, api, hostPresent) => {
   } else if (res.statusCode === 407) {
     proxyError()
   } else {
-    hostPresent === false ? hostWarningError() : genericError()
+    genericError()
   }
 }
 

package/src/utils/getConfig.ts

@@ -6,6 +6,7 @@ type ContrastConfOptions = Partial<{
   apiKey: string
   orgId: string
   authHeader: string
+  numOfRuns: number
 }>
 
 type ContrastConf = Conf<ContrastConfOptions>
@@ -15,6 +16,7 @@ const localConfig = (name: string, version: string) => {
     configName: name
   })
   config.set('version', version)
+
   if (!config.has('host')) {
     config.set('host', 'https://ce.contrastsecurity.com/')
   }

package/src/utils/paramsUtil/commandlineParams.js

@@ -1,9 +1,5 @@
-const cliOptions = require('../parsedCLIOptions')
-const parsedCLIOptions = cliOptions.getCommandLineArgs()
-
-const getAuth = () => {
+const getAuth = (parsedCLIOptions = {}) => {
   let params = {}
-
   params.apiKey = parsedCLIOptions['apiKey']
   params.authorization = parsedCLIOptions['authorization']
   params.host = parsedCLIOptions['host']
@@ -11,27 +7,6 @@ const getAuth = () => {
   return params
 }
 
-const getScanParams = () => {
-  let scanParams = {}
-  scanParams.help = parsedCLIOptions['help']
-  scanParams.file = parsedCLIOptions['file']
-  scanParams.language = parsedCLIOptions['language']
-    ? parsedCLIOptions['language'].toUpperCase()
-    : parsedCLIOptions['language']
-  scanParams.ff = parsedCLIOptions['ff']
-  scanParams.timeout = parsedCLIOptions['timeout']
-  scanParams.name = parsedCLIOptions['name']
-  scanParams.verbose = parsedCLIOptions['verbose']
-
-  // if no name, take the full file path and use it as the project name
-  if (!scanParams.name) {
-    scanParams.name = scanParams.file
-  }
-
-  return scanParams
-}
-
 module.exports = {
-  getScanParams: getScanParams,
   getAuth: getAuth
 }

package/src/utils/paramsUtil/paramHandler.js

@@ -4,8 +4,8 @@ const envVariableParams = require('./envVariableParams')
 const { validateAuthParams } = require('../validationCheck')
 const i18n = require('i18n')
 
-const getAuth = () => {
-  let commandLineAuthParamsAuth = commandlineAuth.getAuth()
+const getAuth = params => {
+  let commandLineAuthParamsAuth = commandlineAuth.getAuth(params)
   let envVariableParamsAuth = envVariableParams.getAuth()
   let configStoreParamsAuth = configStoreParams.getAuth()
 
@@ -21,8 +21,4 @@ const getAuth = () => {
   }
 }
 
-const getScanSubCommands = () => {
-  return commandlineAuth.getScanParams()
-}
-
-module.exports = { getAuth: getAuth, getScanSubCommands: getScanSubCommands }
+module.exports = { getAuth: getAuth }

package/src/utils/parsedCLIOptions.js

@@ -1,17 +1,19 @@
-const constants = require('../constants')
 const commandLineArgs = require('command-line-args')
 
-const getCommandLineArgs = () => {
-  return commandLineArgs(
-    constants.commandLineDefinitions.scanOptionDefinitions,
-    {
-      partial: true,
+const getCommandLineArgsCustom = (parameterList, optionDefinitions) => {
+  try {
+    return commandLineArgs(optionDefinitions, {
+      argv: parameterList,
+      partial: false,
       camelCase: true,
       caseInsensitive: true
-    }
-  )
+    })
+  } catch (e) {
+    console.log(e.message.toString())
+    process.exit(1)
+  }
 }
 
 module.exports = {
-  getCommandLineArgs: getCommandLineArgs
+  getCommandLineArgsCustom
 }

package/src/utils/requestUtils.js

@@ -8,7 +8,7 @@ function sendRequest({ options, method = 'put' }) {
 }
 
 const millisToSeconds = millis => {
-  return ((millis % 60000) / 1000).toFixed(0)
+  return (millis / 1000).toFixed(0)
 }
 
 const sleep = ms => {

package/src/utils/saveFile.js

@@ -0,0 +1,19 @@
+const { SARIF_FILE } = require('../constants/constants')
+const commonApi = require('./commonApi')
+const saveResults = require('../scan/saveResults')
+const i18n = require('i18n')
+
+const saveScanFile = async (config, scanResults) => {
+  if (config.save === null || config.save.toUpperCase() === SARIF_FILE) {
+    const scanId = scanResults.scanDetail.id
+    const client = commonApi.getHttpClient(config)
+    const rawResults = await client.getSpecificScanResultSarif(config, scanId)
+    await saveResults.writeResultsToFile(rawResults?.body)
+  } else {
+    console.log(i18n.__('scanNoFiletypeSpecifiedForSave'))
+  }
+}
+
+module.exports = {
+  saveScanFile: saveScanFile
+}

package/dist/lambda/scanDetail.js

@@ -1,30 +0,0 @@
-'use strict'
-Object.defineProperty(exports, '__esModule', { value: true })
-exports.pollScanDetail = void 0
-const requestUtils_1 = require('../utils/requestUtils')
-const pollScanDetail = async (
-  config,
-  params,
-  scanId,
-  httpClient,
-  pollCount,
-  showProgress = false
-) => {
-  await (0, requestUtils_1.sleep)(5000)
-  return httpClient.getFunctionScan(config, params, scanId).then(res => {
-    const { resultsCount = 0 } = res?.body?.data?.scan || {}
-    if (showProgress) {
-      process.stdout.write(
-        `\rScanning (${resultsCount} results found so far)${'.'.repeat(
-          pollCount
-        )}`
-      )
-    }
-    if (res.statusCode === 200) {
-      return res
-    } else {
-      throw Error(`Failed to get scan detail: ${res.statusCode} ${res.body}`)
-    }
-  })
-}
-exports.pollScanDetail = pollScanDetail

package/dist/scan/fileFinder.js

@@ -1,15 +0,0 @@
-'use strict'
-const fg = require('fast-glob')
-const i18n = require('i18n')
-const findFile = async () => {
-  console.log(i18n.__('searchingScanFileDirectory', process.cwd()))
-  const entries = fg(['**/*.jar', '**/*.war', '**/*.zip', '**/*.dll'], {
-    dot: false,
-    deep: 3,
-    onlyFiles: true
-  })
-  return entries
-}
-module.exports = {
-  findFile
-}

package/dist/utils/paramsUtil/yamlParams.js

@@ -1,6 +0,0 @@
-'use strict'
-const fs = require('fs')
-const yaml = require('js-yaml')
-const getAuth = yamlPath => {
-  const yamlParams = yaml.load(fs.readFileSync(yamlPath, 'utf8'))
-}