@contrast/contrast 1.0.0 → 1.0.3

package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js

@@ -0,0 +1,257 @@
+"use strict";
+const i18n = require('i18n');
+const { getHttpClient } = require('../../../utils/commonApi');
+function displaySuccessMessageReport() {
+    console.log('\n' + i18n.__('reportSuccessMessage'));
+}
+function getAllDependenciesArray(packageJson) {
+    const { dependencies, optionalDependencies, devDependencies, peerDependencies } = packageJson;
+    const allDep = {
+        ...dependencies,
+        ...devDependencies,
+        ...optionalDependencies,
+        ...peerDependencies
+    };
+    return Object.entries(allDep);
+}
+function checkIfDepIsScoped(arrDep) {
+    let count = 0;
+    arrDep.forEach(([key, value]) => {
+        if (!key.startsWith('@')) {
+            console.log(` WARNING not scoped: ${key}:${value}`);
+            count++;
+        }
+    });
+    return count;
+}
+const dependencyRiskReport = async (packageJson, config) => {
+    const arrDep = getAllDependenciesArray(packageJson);
+    const unRegisteredDeps = await checkIfDepIsRegisteredOnNPM(arrDep, config);
+    let scopedCount = checkIfDepIsScoped(unRegisteredDeps);
+    return {
+        scopedCount: scopedCount,
+        unRegisteredCount: unRegisteredDeps.length
+    };
+};
+const checkIfDepIsRegisteredOnNPM = async (arrDep, config) => {
+    let promises = [];
+    let unRegisteredDeps = [];
+    const client = getHttpClient(config);
+    for (const [index, element] of arrDep) {
+        const query = `query artifactByGAV($name: String!, $language: String!, $groupName: String, $version: String!, $nameCheck: Boolean) {
+    artifact: exactVersion(name: $name, language: $language, groupName: $groupName, version: $version, nameCheck: $nameCheck) {
+        version
+        cves {
+            baseScore
+        }}}`;
+        const data = {
+            query: query,
+            variables: {
+                name: index,
+                version: element,
+                language: 'node',
+                nameCheck: true
+            }
+        };
+        promises.push(client.checkLibrary(data));
+    }
+    await Promise.all(promises).then(response => {
+        response.forEach(res => {
+            const libName = JSON.parse(res.request.body);
+            if (res.statusCode === 200) {
+                if (res.body.data.artifact == null) {
+                    unRegisteredDeps.push([
+                        libName.variables.name,
+                        libName.variables.version
+                    ]);
+                }
+            }
+        });
+    });
+    if (unRegisteredDeps.length !== 0) {
+        console.log('\n Dependencies Risk Report', '\n\n Private libraries that are not scoped. We recommend these libraries are reviewed and the scope claimed to prevent dependency confusion breaches');
+    }
+    return unRegisteredDeps;
+};
+const createLibraryHeader = (id, numberOfVulnerableLibraries, numberOfCves, name) => {
+    name
+        ? console.log(` Application Name: ${name} | Application ID: ${id}`)
+        : console.log(` Application ID: ${id}`);
+    console.log(` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's`);
+};
+const breakPipeline = () => {
+    failOptionError();
+    process.exit(1);
+};
+const parameterOptions = hasSomeVulnerabilitiesReported => {
+    const inputtedCLIOptions = cliOptions.getCommandLineArgs();
+    let cveSeverityOption = inputtedCLIOptions['cve_severity'];
+    let fail = inputtedCLIOptions['fail'];
+    let cve_threshold = inputtedCLIOptions['cve_threshold'];
+    let expr;
+    if (cveSeverityOption && fail && cve_threshold) {
+        expr = 'SeverityAndThreshold';
+    }
+    else if (!cveSeverityOption && fail && cve_threshold) {
+        expr = 'ThresholdOnly';
+    }
+    else if (!cve_threshold && fail && hasSomeVulnerabilitiesReported[0]) {
+        expr = 'FailOnly';
+    }
+    return expr;
+};
+const analyseReportOptions = hasSomeVulnerabilitiesReported => {
+    const inputtedCLIOptions = cliOptions.getCommandLineArgs();
+    let cve_threshold = inputtedCLIOptions['cve_threshold'];
+    let cveSeverity;
+    let criticalSeverity;
+    let highSeverity;
+    let mediumSeverity;
+    let lowSeverity;
+    switch (parameterOptions(hasSomeVulnerabilitiesReported)) {
+        case 'SeverityAndThreshold':
+            cveSeverity = inputtedCLIOptions['cve_severity'].severity;
+            criticalSeverity = hasSomeVulnerabilitiesReported[2].critical;
+            highSeverity = hasSomeVulnerabilitiesReported[2].high;
+            mediumSeverity = hasSomeVulnerabilitiesReported[2].medium;
+            lowSeverity = hasSomeVulnerabilitiesReported[2].low;
+            if (cveSeverity === 'HIGH') {
+                if (cve_threshold < highSeverity + criticalSeverity) {
+                    breakPipeline();
+                }
+            }
+            if (cveSeverity === 'MEDIUM') {
+                if (cve_threshold < mediumSeverity + highSeverity) {
+                    breakPipeline();
+                }
+            }
+            if (cveSeverity === 'LOW') {
+                if (cve_threshold < lowSeverity + mediumSeverity + highSeverity) {
+                    breakPipeline();
+                }
+            }
+            break;
+        case 'ThresholdOnly':
+            if (cve_threshold < hasSomeVulnerabilitiesReported[1]) {
+                breakPipeline();
+            }
+            break;
+        case 'FailOnly':
+            breakPipeline();
+            break;
+    }
+};
+const getReport = async (applicationId) => {
+    const userParams = await util.getParams(applicationId);
+    const addParams = agent.getAdditionalParams();
+    const protocol = getValidHost(userParams.host);
+    const client = commonApi.getHttpClient(userParams, protocol, addParams);
+    return client
+        .getReport(userParams)
+        .then(res => {
+        if (res.statusCode === 200) {
+            displaySuccessMessageReport();
+            return res.body;
+        }
+        else {
+            handleResponseErrors(res, 'report');
+        }
+    })
+        .catch(err => {
+        console.log(err);
+    });
+};
+const printVulnerabilityResponse = (severity, filteredVulns, vulnerabilities) => {
+    let hasSomeVulnerabilitiesReported = false;
+    if (severity) {
+        returnCveData(filteredVulns);
+        if (Object.keys(filteredVulns).length > 0)
+            hasSomeVulnerabilitiesReported = true;
+    }
+    else {
+        returnCveData(vulnerabilities);
+        if (Object.keys(vulnerabilities).length > 0)
+            hasSomeVulnerabilitiesReported = true;
+    }
+    return hasSomeVulnerabilitiesReported;
+};
+const returnCveData = libraries => {
+    console.log('\n ************************************************************');
+    for (const [key, value] of Object.entries(libraries)) {
+        const parts = key.split('/');
+        const nameVersion = parts[1].split('@');
+        const group = parts[0];
+        const name = nameVersion[0];
+        const version = nameVersion[1];
+        const libName = group !== 'null'
+            ? `${group}/${name}/${version} is vulnerable`
+            : `${name}/${version} is vulnerable`;
+        console.log('\n\n ' + libName);
+        value.forEach(vuln => {
+            let sevCode = vuln.severityCode || vuln.severity_code;
+            console.log('\n ' + vuln.name + ' ' + sevCode + '\n ' + vuln.description);
+        });
+    }
+};
+function searchHighCVEs(vuln) {
+    let sevCode = vuln.severityCode || vuln.severity_code;
+    if (sevCode === 'HIGH') {
+        return vuln;
+    }
+}
+function searchMediumCVEs(vuln) {
+    let sevCode = vuln.severityCode || vuln.severity_code;
+    if (sevCode === 'HIGH' || sevCode === 'MEDIUM') {
+        return vuln;
+    }
+}
+function searchLowCVEs(vuln) {
+    let sevCode = vuln.severityCode || vuln.severity_code;
+    if (sevCode === 'HIGH' || sevCode === 'MEDIUM' || sevCode === 'LOW') {
+        return vuln;
+    }
+}
+const filterVulnerabilitiesBySeverity = (severity, vulnerabilities) => {
+    let filteredVulns = [];
+    if (severity) {
+        for (let x in vulnerabilities) {
+            if (severity.severity === 'HIGH') {
+                let highVulnerability = vulnerabilities[x].filter(searchHighCVEs);
+                if (highVulnerability.length > 0) {
+                    filteredVulns[x] = highVulnerability;
+                }
+            }
+            else if (severity.severity === 'MEDIUM') {
+                let mediumVulnerability = vulnerabilities[x].filter(searchMediumCVEs);
+                if (mediumVulnerability.length > 0) {
+                    filteredVulns[x] = mediumVulnerability;
+                }
+            }
+            else if (severity.severity === 'LOW') {
+                let lowVulnerability = vulnerabilities[x].filter(searchLowCVEs);
+                if (lowVulnerability.length > 0) {
+                    filteredVulns[x] = lowVulnerability;
+                }
+            }
+        }
+    }
+    return filteredVulns;
+};
+module.exports = {
+    displaySuccessMessageReport: displaySuccessMessageReport,
+    getAllDependenciesArray: getAllDependenciesArray,
+    dependencyRiskReport: dependencyRiskReport,
+    createLibraryHeader: createLibraryHeader,
+    breakPipeline: breakPipeline,
+    parameterOptions: parameterOptions,
+    analyseReportOptions: analyseReportOptions,
+    getReport: getReport,
+    checkIfDepIsScoped: checkIfDepIsScoped,
+    checkIfDepIsRegisteredOnNPM: checkIfDepIsRegisteredOnNPM,
+    filterVulnerabilitiesBySeverity: filterVulnerabilitiesBySeverity,
+    searchLowCVEs: searchLowCVEs,
+    searchMediumCVEs: searchMediumCVEs,
+    searchHighCVEs: searchHighCVEs,
+    returnCveData: returnCveData,
+    printVulnerabilityResponse: printVulnerabilityResponse
+};

package/dist/audit/languageAnalysisEngine/report/newReportingFeature.js

@@ -0,0 +1,81 @@
+"use strict";
+const commonReport = require('./commonReportingFunctions');
+const { handleResponseErrors } = require('../commonApi');
+const { getHttpClient } = require('../../../utils/commonApi');
+const vulnReportWithoutDevDep = async (analysis, applicationId, snapshotId, config) => {
+    if (config.report) {
+        const reportResponse = await getSpecReport(snapshotId, config);
+        if (reportResponse !== undefined) {
+            const severity = config.cveSeverity;
+            const id = applicationId;
+            const name = config.applicationName;
+            const hasSomeVulnerabilitiesReported = formatVulnerabilityOutput(reportResponse.vulnerabilities, severity, id, name, config);
+            commonReport.analyseReportOptions(hasSomeVulnerabilitiesReported);
+        }
+    }
+};
+const getSpecReport = async (reportId, config) => {
+    const client = getHttpClient(config);
+    return client
+        .getSpecificReport(config, reportId)
+        .then(res => {
+        if (res.statusCode === 200) {
+            commonReport.displaySuccessMessageReport();
+            return res.body;
+        }
+        else {
+            handleResponseErrors(res, 'report');
+        }
+    })
+        .catch(err => {
+        console.log(err);
+    });
+};
+const countSeverity = vulnerabilities => {
+    const severityCount = {
+        critical: 0,
+        high: 0,
+        medium: 0,
+        low: 0
+    };
+    for (const key of Object.keys(vulnerabilities)) {
+        vulnerabilities[key].forEach(vuln => {
+            if (vuln.severityCode === 'HIGH') {
+                severityCount['high'] += 1;
+            }
+            else if (vuln.severityCode === 'MEDIUM') {
+                severityCount['medium'] += 1;
+            }
+            else if (vuln.severityCode === 'LOW') {
+                severityCount['low'] += 1;
+            }
+            else if (vuln.severityCode === 'CRITICAL') {
+                severityCount['critical'] += 1;
+            }
+        });
+    }
+    return severityCount;
+};
+const formatVulnerabilityOutput = (vulnerabilities, severity, id, name, config) => {
+    const numberOfVulnerableLibraries = Object.keys(vulnerabilities).length;
+    let numberOfCves = 0;
+    for (const key of Object.keys(vulnerabilities)) {
+        numberOfCves += vulnerabilities[key].length;
+    }
+    commonReport.createLibraryHeader(id, numberOfVulnerableLibraries, numberOfCves, name);
+    const severityCount = countSeverity(vulnerabilities);
+    const filteredVulns = commonReport.filterVulnerabilitiesBySeverity(severity, vulnerabilities);
+    let hasSomeVulnerabilitiesReported;
+    hasSomeVulnerabilitiesReported = commonReport.printVulnerabilityResponse(severity, filteredVulns, vulnerabilities);
+    console.log('\n **************************' +
+        ` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's ` +
+        '************************** ');
+    console.log(' \n Please go to the Contrast UI to view your dependency tree: \n' +
+        ` \n ${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
+    return [hasSomeVulnerabilitiesReported, numberOfCves, severityCount];
+};
+module.exports = {
+    vulnReportWithoutDevDep: vulnReportWithoutDevDep,
+    formatVulnerabilityOutput: formatVulnerabilityOutput,
+    getSpecReport: getSpecReport
+};

package/dist/audit/languageAnalysisEngine/report/reportingFeature.js

@@ -0,0 +1,133 @@
+"use strict";
+const i18n = require('i18n');
+const commonApi = require('../commonApi');
+const commonReport = require('./commonReportingFunctions');
+function displaySuccessMessageVulnerabilities() {
+    console.log(i18n.__('vulnerabilitiesSuccessMessage'));
+}
+const vulnerabilityReport = async (analysis, applicationId, config) => {
+    let depRiskReportCount = {};
+    if (analysis.language === 'NODE') {
+        depRiskReportCount = await commonReport.dependencyRiskReport(analysis.node.packageJSON, config);
+    }
+    if (config['report']) {
+        const reportResponse = await commonReport.getReport(applicationId);
+        if (reportResponse !== undefined) {
+            const libraryVulnerabilityInput = createLibraryVulnerabilityInput(reportResponse.reports);
+            const libraryVulnerabilityResponse = await getLibraryVulnerabilities(libraryVulnerabilityInput, applicationId);
+            const severity = config['cve_severity'];
+            const id = applicationId;
+            const name = config.applicationName;
+            const hasSomeVulnerabilitiesReported = formatVulnerabilityOutput(libraryVulnerabilityResponse, severity, id, name, depRiskReportCount, config);
+            commonReport.analyseReportOptions(hasSomeVulnerabilitiesReported);
+        }
+    }
+};
+const createLibraryVulnerabilityInput = report => {
+    const language = Object.keys(report[0].report)[0];
+    const reportTree = report[0].report[language].dependencyTree;
+    const libraries = reportTree[Object.keys(reportTree)[0]];
+    let gav = [];
+    for (const key of Object.keys(libraries)) {
+        gav.push({
+            name: libraries[key].name,
+            group: libraries[key].group,
+            version: libraries[key].resolved
+        });
+    }
+    return {
+        name_group_versions: gav,
+        language: language.toUpperCase()
+    };
+};
+const oldCountSeverity = vulnerableLibraries => {
+    const severityCount = {
+        critical: 0,
+        high: 0,
+        medium: 0,
+        low: 0
+    };
+    vulnerableLibraries.forEach(lib => {
+        lib.vulns.forEach(vuln => {
+            if (vuln.severity_code === 'HIGH') {
+                severityCount['high'] += 1;
+            }
+            else if (vuln.severity_code === 'MEDIUM') {
+                severityCount['medium'] += 1;
+            }
+            else if (vuln.severity_code === 'LOW') {
+                severityCount['low'] += 1;
+            }
+            else if (vuln.severity_code === 'CRITICAL') {
+                severityCount['critical'] += 1;
+            }
+        });
+    });
+    return severityCount;
+};
+const parseVulnerabilites = libraryVulnerabilityResponse => {
+    let parsedVulnerabilites = {};
+    let vulnName = libraryVulnerabilityResponse.libraries;
+    for (let x in vulnName) {
+        let vuln = vulnName[x].vulns;
+        if (vuln.length > 0) {
+            let libname = vulnName[x].group +
+                '/' +
+                vulnName[x].file_name +
+                '@' +
+                vulnName[x].file_version;
+            parsedVulnerabilites[libname] = vulnName[x].vulns;
+        }
+    }
+    return parsedVulnerabilites;
+};
+const formatVulnerabilityOutput = (libraryVulnerabilityResponse, severity, id, name, depRiskReportCount, config) => {
+    let vulnerableLibraries = libraryVulnerabilityResponse.libraries.filter(data => {
+        return data.vulns.length > 0;
+    });
+    const numberOfVulnerableLibraries = vulnerableLibraries.length;
+    let numberOfCves = 0;
+    vulnerableLibraries.forEach(lib => (numberOfCves += lib.vulns.length));
+    commonReport.createLibraryHeader(id, numberOfVulnerableLibraries, numberOfCves, name);
+    const severityCount = oldCountSeverity(vulnerableLibraries);
+    let vulnerabilities = parseVulnerabilites(libraryVulnerabilityResponse);
+    let filteredVulns = commonReport.filterVulnerabilitiesBySeverity(severity, vulnerabilities);
+    let hasSomeVulnerabilitiesReported;
+    hasSomeVulnerabilitiesReported = commonReport.printVulnerabilityResponse(severity, filteredVulns, vulnerabilities);
+    console.log('\n **************************' +
+        ` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's ` +
+        '************************** ');
+    if (depRiskReportCount && depRiskReportCount.scopedCount === 0) {
+        console.log(' No private libraries that are not scoped detected');
+    }
+    console.log(' \n Please go to the Contrast UI to view your dependency tree: \n' +
+        ` \n ${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
+    return [hasSomeVulnerabilitiesReported, numberOfCves, severityCount];
+};
+const getLibraryVulnerabilities = async (input, applicationId) => {
+    const requestBody = input;
+    const addParams = agent.getAdditionalParams();
+    const userParams = await util.getParams(applicationId);
+    const protocol = getValidHost(userParams.host);
+    const client = commonApi.getHttpClient(userParams, protocol, addParams);
+    return client
+        .getLibraryVulnerabilities(requestBody, userParams)
+        .then(res => {
+        if (res.statusCode === 200) {
+            displaySuccessMessageVulnerabilities();
+            return res.body;
+        }
+        else {
+            handleResponseErrors(res, 'vulnerabilities');
+        }
+    })
+        .catch(err => {
+        console.log(err);
+    });
+};
+module.exports = {
+    vulnerabilityReport: vulnerabilityReport,
+    getLibraryVulnerabilities: getLibraryVulnerabilities,
+    formatVulnerabilityOutput: formatVulnerabilityOutput,
+    createLibraryVulnerabilityInput: createLibraryVulnerabilityInput
+};

package/dist/audit/languageAnalysisEngine/sendSnapshot.js

@@ -0,0 +1,41 @@
+"use strict";
+const prettyjson = require('prettyjson');
+const i18n = require('i18n');
+const { getHttpClient } = require('../../utils/commonApi');
+const { handleResponseErrors } = require('../../common/errorHandling');
+const { APP_VERSION } = require('../../constants/constants');
+function displaySnapshotSuccessMessage(config) {
+    console.log('\n **************************' +
+        i18n.__('successHeader') +
+        '************************** ');
+    console.log('\n' + i18n.__('snapshotSuccessMessage') + '\n');
+    console.log(` ${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
+    console.log('\n ***********************************************************');
+}
+const newSendSnapShot = async (analysis, applicationId) => {
+    const analysisLanguage = analysis.config.language.toLowerCase();
+    const requestBody = {
+        appID: analysis.config.applicationId,
+        cliVersion: APP_VERSION,
+        snapshot: { [analysisLanguage]: analysis[analysisLanguage] }
+    };
+    const client = getHttpClient(analysis.config);
+    return client
+        .sendSnapshot(requestBody, analysis.config)
+        .then(res => {
+        if (res.statusCode === 201) {
+            displaySnapshotSuccessMessage(analysis.config);
+            return res.body;
+        }
+        else {
+            handleResponseErrors(res, 'snapshot');
+        }
+    })
+        .catch(err => {
+        console.log(err);
+    });
+};
+module.exports = {
+    newSendSnapShot: newSendSnapShot,
+    displaySnapshotSuccessMessage: displaySnapshotSuccessMessage
+};

package/dist/audit/languageAnalysisEngine/util/capabilities.js

@@ -0,0 +1,11 @@
+"use strict";
+const CLI_IGNORE_DEV_DEPS = 'CLI_IGNORE_DEV_DEPS';
+const featuresTeamServer = [
+    {
+        CLI_IGNORE_DEV_DEPS: '3.9.0'
+    }
+];
+module.exports = {
+    featuresTeamServer,
+    CLI_IGNORE_DEV_DEPS
+};

package/dist/audit/languageAnalysisEngine/util/generalAPI.js

@@ -0,0 +1,39 @@
+"use strict";
+const { featuresTeamServer } = require('./capabilities');
+const semver = require('semver');
+const { handleResponseErrors } = require('../../../common/errorHandling');
+const { getHttpClient } = require('../../../utils/commonApi');
+const getGlobalProperties = async (config) => {
+    const client = getHttpClient(config);
+    return client
+        .getGlobalProperties(config)
+        .then(res => {
+        if (res.statusCode === 200) {
+            return res.body;
+        }
+        else {
+            handleResponseErrors(res, 'globalProperties');
+        }
+    })
+        .catch(err => {
+        console.log(err);
+    });
+};
+const getFeatures = version => {
+    const featuresEnabled = [];
+    featuresTeamServer.forEach(feature => {
+        const versionFrom = Object.values(feature)[0];
+        return semver.gte(version, versionFrom)
+            ? featuresEnabled.push(Object.keys(feature)[0])
+            : null;
+    });
+    return featuresEnabled;
+};
+const isFeatureEnabled = (features, featureName) => {
+    return features.includes(featureName);
+};
+module.exports = {
+    getGlobalProperties,
+    getFeatures,
+    isFeatureEnabled
+};

package/dist/audit/languageAnalysisEngine/util/requestUtils.js

@@ -0,0 +1,14 @@
+"use strict";
+const request = require('request');
+const Promise = require('bluebird');
+Promise.promisifyAll(request);
+function sendRequest({ options, method = 'put' }) {
+    return request[`${method}Async`](options.url, options);
+}
+const sleep = ms => {
+    return new Promise(resolve => setTimeout(resolve, ms));
+};
+module.exports = {
+    sendRequest: sendRequest,
+    sleep: sleep
+};

package/dist/audit/nodeAnalysisEngine/handleNPMLockFileV2.js

@@ -0,0 +1,40 @@
+"use strict";
+const i18n = require('i18n');
+module.exports = exports = (analysis, next) => {
+    const { language: { lockFilePath }, node } = analysis;
+    try {
+        if (node.npmLockFile && node.npmLockFile.lockfileVersion > 1) {
+            const listOfTopDep = Object.keys(node.npmLockFile.dependencies);
+            Object.entries(node.npmLockFile.dependencies).forEach(([key, value]) => {
+                if (value.requires) {
+                    const listOfRequiresDep = Object.keys(value.requires);
+                    listOfRequiresDep.forEach(dep => {
+                        if (!listOfTopDep.includes(dep)) {
+                            addDepToLockFile(value['requires'], dep);
+                        }
+                    });
+                }
+                if (value.dependencies) {
+                    Object.entries(value.dependencies).forEach(([childKey, childValue]) => {
+                        if (childValue.requires) {
+                            const listOfRequiresDep = Object.keys(childValue.requires);
+                            listOfRequiresDep.forEach(dep => {
+                                if (!listOfTopDep.includes(dep)) {
+                                    addDepToLockFile(childValue['requires'], dep);
+                                }
+                            });
+                        }
+                    });
+                }
+            });
+        }
+    }
+    catch (err) {
+        next(next(new Error(i18n.__('NodeParseNPM', lockFilePath) + `${err.message}`)));
+        return;
+    }
+    function addDepToLockFile(depObj, key) {
+        node.npmLockFile.dependencies[key] = { version: depObj[key] };
+    }
+    next();
+};

package/dist/audit/nodeAnalysisEngine/index.js

@@ -0,0 +1,31 @@
+"use strict";
+const AnalysisEngine = require('../AnalysisEngine');
+const readProjectFileContents = require('./readProjectFileContents');
+const readNPMLockFileContents = require('./readNPMLockFileContents');
+const parseNPMLockFileContents = require('./parseNPMLockFileContents');
+const readYarnLockFileContents = require('./readYarnLockFileContents');
+const parseYarnLockFileContents = require('./parseYarnLockFileContents');
+const parseYarn2LockFileContents = require('./parseYarn2LockFileContents');
+const handleNPMLockFileV2 = require('./handleNPMLockFileV2');
+const sanitizer = require('./sanitizer');
+const i18n = require('i18n');
+module.exports = exports = (language, config, callback) => {
+    const ae = new AnalysisEngine({ language, config, node: {} });
+    ae.use([
+        readProjectFileContents,
+        readNPMLockFileContents,
+        parseNPMLockFileContents,
+        readYarnLockFileContents,
+        parseYarnLockFileContents,
+        parseYarn2LockFileContents,
+        handleNPMLockFileV2,
+        sanitizer
+    ]);
+    ae.analyze((err, analysis) => {
+        if (err) {
+            callback(new Error(i18n.__('NodeAnalysisFailure') + `${err.message}`));
+            return;
+        }
+        callback(null, analysis);
+    });
+};

package/dist/audit/nodeAnalysisEngine/parseNPMLockFileContents.js

@@ -0,0 +1,18 @@
+"use strict";
+const i18n = require('i18n');
+module.exports = exports = ({ language: { lockFilePath }, node }, next) => {
+    if (node.rawLockFileContents === undefined) {
+        next();
+    }
+    else {
+        try {
+            node.npmLockFile = JSON.parse(node.rawLockFileContents);
+        }
+        catch (err) {
+            next(new Error(i18n.__('NodeParseNPM', lockFilePath ? lockFilePath : 'undefined') +
+                `${err.message}`));
+            return;
+        }
+        next();
+    }
+};