npm - @contrast/contrast - Versions diffs - 1.0.0 → 1.0.3 - Mend

@contrast/contrast 1.0.0 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (213) hide show

package/.prettierignore +3 -0
package/README.md +115 -78
package/dist/audit/AnalysisEngine.js +37 -0
package/dist/audit/catalogueApplication/catalogueApplication.js +36 -0
package/dist/audit/dotnetAnalysisEngine/index.js +25 -0
package/dist/audit/dotnetAnalysisEngine/parseLockFileContents.js +35 -0
package/dist/audit/dotnetAnalysisEngine/parseProjectFileContents.js +15 -0
package/dist/audit/dotnetAnalysisEngine/readLockFileContents.js +18 -0
package/dist/audit/dotnetAnalysisEngine/readProjectFileContents.js +14 -0
package/dist/audit/dotnetAnalysisEngine/sanitizer.js +9 -0
package/dist/audit/goAnalysisEngine/index.js +17 -0
package/dist/audit/goAnalysisEngine/parseProjectFileContents.js +164 -0
package/dist/audit/goAnalysisEngine/readProjectFileContents.js +21 -0
package/dist/audit/goAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/javaAnalysisEngine/index.js +34 -0
package/dist/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +153 -0
package/dist/audit/javaAnalysisEngine/parseProjectFileContents.js +353 -0
package/dist/audit/javaAnalysisEngine/readProjectFileContents.js +98 -0
package/dist/audit/javaAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +24 -0
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +24 -0
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +35 -0
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +23 -0
package/dist/audit/languageAnalysisEngine/commonApi.js +18 -0
package/dist/audit/languageAnalysisEngine/constants.js +20 -0
package/dist/audit/languageAnalysisEngine/filterProjectPath.js +20 -0
package/dist/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +25 -0
package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js +39 -0
package/dist/audit/languageAnalysisEngine/index.js +39 -0
package/dist/audit/languageAnalysisEngine/langugageAnalysisFactory.js +95 -0
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +121 -0
package/dist/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +17 -0
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +257 -0
package/dist/audit/languageAnalysisEngine/report/newReportingFeature.js +81 -0
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +133 -0
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +41 -0
package/dist/audit/languageAnalysisEngine/util/capabilities.js +11 -0
package/dist/audit/languageAnalysisEngine/util/generalAPI.js +39 -0
package/dist/audit/languageAnalysisEngine/util/requestUtils.js +14 -0
package/dist/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +40 -0
package/dist/audit/nodeAnalysisEngine/index.js +31 -0
package/dist/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +18 -0
package/dist/audit/nodeAnalysisEngine/parseYarn2LockFileContents.js +51 -0
package/dist/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +18 -0
package/dist/audit/nodeAnalysisEngine/readNPMLockFileContents.js +17 -0
package/dist/audit/nodeAnalysisEngine/readProjectFileContents.js +14 -0
package/dist/audit/nodeAnalysisEngine/readYarnLockFileContents.js +24 -0
package/dist/audit/nodeAnalysisEngine/sanitizer.js +9 -0
package/dist/audit/phpAnalysisEngine/index.js +23 -0
package/dist/audit/phpAnalysisEngine/parseLockFileContents.js +52 -0
package/dist/audit/phpAnalysisEngine/readLockFileContents.js +13 -0
package/dist/audit/phpAnalysisEngine/readProjectFileContents.js +16 -0
package/dist/audit/phpAnalysisEngine/sanitizer.js +5 -0
package/dist/audit/pythonAnalysisEngine/index.js +25 -0
package/dist/audit/pythonAnalysisEngine/parsePipfileLockContents.js +17 -0
package/dist/audit/pythonAnalysisEngine/parseProjectFileContents.js +21 -0
package/dist/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +13 -0
package/dist/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +14 -0
package/dist/audit/pythonAnalysisEngine/sanitizer.js +7 -0
package/dist/audit/rubyAnalysisEngine/index.js +25 -0
package/dist/audit/rubyAnalysisEngine/parseGemfileLockContents.js +176 -0
package/dist/audit/rubyAnalysisEngine/parsedGemfile.js +22 -0
package/dist/audit/rubyAnalysisEngine/readGemfileContents.js +14 -0
package/dist/audit/rubyAnalysisEngine/readGemfileLockContents.js +14 -0
package/dist/audit/rubyAnalysisEngine/sanitizer.js +6 -0
package/dist/commands/audit/auditConfig.js +25 -0
package/dist/commands/audit/auditController.js +31 -0
package/dist/commands/audit/help.js +52 -0
package/dist/commands/audit/processAudit.js +18 -0
package/dist/commands/audit/saveFile.js +11 -0
package/dist/commands/auth/auth.js +20 -2
package/dist/commands/config/config.js +19 -8
package/dist/commands/scan/processScan.js +9 -13
package/dist/common/HTTPClient.js +112 -13
package/dist/common/errorHandling.js +65 -1
package/dist/common/versionChecker.js +30 -0
package/dist/constants/constants.js +4 -2
package/dist/constants/lambda.js +32 -4
package/dist/constants/locales.js +60 -21
package/dist/constants.js +181 -21
package/dist/index.js +50 -23
package/dist/lambda/aws.js +14 -11
package/dist/lambda/help.js +4 -0
package/dist/lambda/lambda.js +50 -27
package/dist/lambda/lambdaUtils.js +72 -0
package/dist/lambda/logUtils.js +11 -1
package/dist/lambda/scanDetailCompletion.js +4 -4
package/dist/lambda/scanRequest.js +11 -5
package/dist/lambda/utils.js +110 -53
package/dist/sbom/generateSbom.js +20 -0
package/dist/scan/autoDetection.js +0 -32
package/dist/scan/fileUtils.js +1 -1
package/dist/scan/help.js +14 -40
package/dist/scan/populateProjectIdAndProjectName.js +5 -0
package/dist/scan/saveResults.js +14 -0
package/dist/scan/scan.js +105 -40
package/dist/scan/scanConfig.js +39 -0
package/dist/scan/scanController.js +19 -16
package/dist/scan/scanResults.js +24 -16
package/dist/utils/commonApi.js +3 -3
package/dist/utils/paramsUtil/commandlineParams.js +1 -20
package/dist/utils/paramsUtil/paramHandler.js +3 -6
package/dist/utils/parsedCLIOptions.js +14 -8
package/dist/utils/requestUtils.js +1 -1
package/dist/utils/saveFile.js +19 -0
package/package.json +26 -21
package/src/audit/AnalysisEngine.js +103 -0
package/src/audit/catalogueApplication/catalogueApplication.js +42 -0
package/src/audit/dotnetAnalysisEngine/index.js +26 -0
package/src/audit/dotnetAnalysisEngine/parseLockFileContents.js +47 -0
package/src/audit/dotnetAnalysisEngine/parseProjectFileContents.js +29 -0
package/src/audit/dotnetAnalysisEngine/readLockFileContents.js +30 -0
package/src/audit/dotnetAnalysisEngine/readProjectFileContents.js +26 -0
package/src/audit/dotnetAnalysisEngine/sanitizer.js +11 -0
package/src/audit/goAnalysisEngine/index.js +18 -0
package/src/audit/goAnalysisEngine/parseProjectFileContents.js +209 -0
package/src/audit/goAnalysisEngine/readProjectFileContents.js +31 -0
package/src/audit/goAnalysisEngine/sanitizer.js +7 -0
package/src/audit/javaAnalysisEngine/index.js +41 -0
package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +222 -0
package/src/audit/javaAnalysisEngine/parseProjectFileContents.js +420 -0
package/src/audit/javaAnalysisEngine/readProjectFileContents.js +141 -0
package/src/audit/javaAnalysisEngine/sanitizer.js +6 -0
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +35 -0
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +41 -0
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +54 -0
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +32 -0
package/src/audit/languageAnalysisEngine/commonApi.js +20 -0
package/src/audit/languageAnalysisEngine/constants.js +23 -0
package/src/audit/languageAnalysisEngine/filterProjectPath.js +21 -0
package/src/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +41 -0
package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js +72 -0
package/src/audit/languageAnalysisEngine/index.js +45 -0
package/src/audit/languageAnalysisEngine/langugageAnalysisFactory.js +126 -0
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +177 -0
package/src/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +27 -0
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.js +303 -0
package/src/audit/languageAnalysisEngine/report/newReportingFeature.js +124 -0
package/src/audit/languageAnalysisEngine/report/reportingFeature.js +190 -0
package/src/audit/languageAnalysisEngine/sendSnapshot.js +51 -0
package/src/audit/languageAnalysisEngine/util/capabilities.js +12 -0
package/src/audit/languageAnalysisEngine/util/generalAPI.js +43 -0
package/src/audit/languageAnalysisEngine/util/requestUtils.js +17 -0
package/src/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +49 -0
package/src/audit/nodeAnalysisEngine/index.js +35 -0
package/src/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +20 -0
package/src/audit/nodeAnalysisEngine/parseYarn2LockFileContents.js +63 -0
package/src/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +26 -0
package/src/audit/nodeAnalysisEngine/readNPMLockFileContents.js +23 -0
package/src/audit/nodeAnalysisEngine/readProjectFileContents.js +27 -0
package/src/audit/nodeAnalysisEngine/readYarnLockFileContents.js +36 -0
package/src/audit/nodeAnalysisEngine/sanitizer.js +11 -0
package/src/audit/phpAnalysisEngine/index.js +27 -0
package/src/audit/phpAnalysisEngine/parseLockFileContents.js +60 -0
package/src/audit/phpAnalysisEngine/readLockFileContents.js +14 -0
package/src/audit/phpAnalysisEngine/readProjectFileContents.js +25 -0
package/src/audit/phpAnalysisEngine/sanitizer.js +4 -0
package/src/audit/pythonAnalysisEngine/index.js +55 -0
package/src/audit/pythonAnalysisEngine/parsePipfileLockContents.js +23 -0
package/src/audit/pythonAnalysisEngine/parseProjectFileContents.js +33 -0
package/src/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +16 -0
package/src/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +22 -0
package/src/audit/pythonAnalysisEngine/sanitizer.js +9 -0
package/src/audit/rubyAnalysisEngine/index.js +30 -0
package/src/audit/rubyAnalysisEngine/parseGemfileLockContents.js +215 -0
package/src/audit/rubyAnalysisEngine/parsedGemfile.js +39 -0
package/src/audit/rubyAnalysisEngine/readGemfileContents.js +18 -0
package/src/audit/rubyAnalysisEngine/readGemfileLockContents.js +17 -0
package/src/audit/rubyAnalysisEngine/sanitizer.js +8 -0
package/src/commands/audit/auditConfig.ts +30 -0
package/src/commands/audit/auditController.ts +31 -0
package/src/commands/audit/help.ts +48 -0
package/src/commands/audit/processAudit.ts +18 -0
package/src/commands/audit/saveFile.ts +6 -0
package/src/commands/auth/auth.js +26 -2
package/src/commands/config/config.js +22 -8
package/src/commands/scan/processScan.js +9 -13
package/src/common/HTTPClient.js +149 -14
package/src/common/errorHandling.ts +85 -2
package/src/common/versionChecker.ts +39 -0
package/src/constants/constants.js +5 -4
package/src/constants/lambda.js +45 -4
package/src/constants/locales.js +76 -26
package/src/constants.js +204 -23
package/src/index.ts +67 -27
package/src/lambda/aws.ts +13 -12
package/src/lambda/help.ts +4 -0
package/src/lambda/lambda.ts +53 -34
package/src/lambda/lambdaUtils.ts +111 -0
package/src/lambda/logUtils.ts +19 -1
package/src/lambda/scanDetailCompletion.ts +4 -4
package/src/lambda/scanRequest.ts +13 -11
package/src/lambda/utils.ts +149 -81
package/src/sbom/generateSbom.ts +17 -0
package/src/scan/autoDetection.js +0 -29
package/src/scan/fileUtils.js +1 -1
package/src/scan/help.js +14 -45
package/src/scan/populateProjectIdAndProjectName.js +5 -0
package/src/scan/saveResults.js +14 -0
package/src/scan/scan.js +127 -58
package/src/scan/scanConfig.js +54 -0
package/src/scan/scanController.js +22 -15
package/src/scan/scanResults.js +32 -19
package/src/utils/commonApi.js +2 -3
package/src/utils/getConfig.ts +2 -0
package/src/utils/paramsUtil/commandlineParams.js +1 -26
package/src/utils/paramsUtil/paramHandler.js +3 -7
package/src/utils/parsedCLIOptions.js +11 -9
package/src/utils/requestUtils.js +1 -1
package/src/utils/saveFile.js +19 -0
package/dist/lambda/scanDetail.js +0 -30
package/dist/scan/fileFinder.js +0 -15
package/dist/utils/paramsUtil/yamlParams.js +0 -6

package/dist/commands/audit/auditController.js ADDED Viewed

@@ -0,0 +1,31 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startAudit = void 0;
+const catalogueApplication_1 = require("../../audit/catalogueApplication/catalogueApplication");
+const commonApi_1 = __importDefault(require("../../audit/languageAnalysisEngine/commonApi"));
+const identifyLanguageAE = require('./../../audit/languageAnalysisEngine');
+const languageFactory = require('./../../audit/languageAnalysisEngine/langugageAnalysisFactory');
+const dealWithNoAppId = async (config) => {
+    let appID;
+    try {
+        appID = await commonApi_1.default.returnAppId(config);
+        if (!appID && config.applicationName) {
+            return await (0, catalogueApplication_1.catalogueApplication)(config);
+        }
+    }
+    catch (e) {
+        console.log(e);
+    }
+    console.log(appID);
+    return appID;
+};
+const startAudit = async (config) => {
+    if (!config.applicationId) {
+        config.applicationId = await dealWithNoAppId(config);
+    }
+    identifyLanguageAE(config.projectPath, languageFactory, config.applicationId, config);
+};
+exports.startAudit = startAudit;

package/dist/commands/audit/help.js ADDED Viewed

@@ -0,0 +1,52 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.auditUsageGuide = void 0;
+const command_line_usage_1 = __importDefault(require("command-line-usage"));
+const i18n_1 = __importDefault(require("i18n"));
+const constants_1 = __importDefault(require("../../constants"));
+const auditUsageGuide = (0, command_line_usage_1.default)([
+    {
+        header: i18n_1.default.__('auditHeader'),
+        content: [i18n_1.default.__('auditHeaderMessage')]
+    },
+    {
+        header: i18n_1.default.__('constantsPrerequisitesHeader'),
+        content: [
+            '{bold ' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentSupportedLanguages') +
+                '}',
+            '{bold ' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentJava') +
+                '}' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentMessage'),
+            '',
+            '{italic ' + i18n_1.default.__('constantsJavaNote') + '}',
+            '{italic ' + i18n_1.default.__('constantsJavaNoteGradle') + '}',
+            '',
+            '{bold ' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentDotNet') +
+                '}' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentDotNetMessage'),
+            '{bold ' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageNode') +
+                '}' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageNodeMessage'),
+            '{bold ' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageRuby') +
+                '}' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageRubyMessage'),
+            '{bold ' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentLanguagePython') +
+                '}' +
+                i18n_1.default.__('constantsAuditPrerequisitesContentLanguagePythonMessage')
+        ]
+    },
+    {
+        header: i18n_1.default.__('constantsAuditOptions'),
+        optionList: constants_1.default.commandLineDefinitions.auditOptionDefinitions
+    }
+]);
+exports.auditUsageGuide = auditUsageGuide;

package/dist/commands/audit/processAudit.js ADDED Viewed

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.processAudit = void 0;
+const auditController_1 = require("./auditController");
+const auditConfig_1 = require("./auditConfig");
+const help_1 = require("./help");
+const processAudit = async (argv) => {
+    if (argv.indexOf('--help') != -1) {
+        printHelpMessage();
+        process.exit(1);
+    }
+    const config = (0, auditConfig_1.getAuditConfig)(argv);
+    const auditResults = await (0, auditController_1.startAudit)(config);
+};
+exports.processAudit = processAudit;
+const printHelpMessage = () => {
+    console.log(help_1.auditUsageGuide);
+};

package/dist/commands/audit/saveFile.js ADDED Viewed

@@ -0,0 +1,11 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs_1 = __importDefault(require("fs"));
+function saveFile(config, rawResults) {
+    const fileName = `${config.applicationId}-sbom-cyclonedx.json`;
+    fs_1.default.writeFileSync(fileName, JSON.stringify(rawResults));
+}
+exports.default = saveFile;

package/dist/commands/auth/auth.js CHANGED Viewed

@@ -7,7 +7,15 @@ const { sleep } = require('../../utils/requestUtils');
 const i18n = require('i18n');
 const { returnOra, startSpinner, failSpinner, succeedSpinner } = require('../../utils/oraWrapper');
 const { TIMEOUT, AUTH_UI_URL } = require('../../constants/constants');
-const processAuth = async (config) => {
+const parsedCLIOptions = require('../../utils/parsedCLIOptions');
+const constants = require('../../constants');
+const commandLineUsage = require('command-line-usage');
+const processAuth = async (argv, config) => {
+    let authParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.authOptionDefinitions);
+    if (authParams.help) {
+        console.log(authUsageGuide);
+        process.exit(0);
+    }
     const token = uuidv4();
     const url = `${AUTH_UI_URL}/?token=${token}`;
     console.log(i18n.__('redirectAuth', url));
@@ -34,7 +42,7 @@ const isAuthComplete = async (token, timeout, config) => {
         let result = await pollAuthResult(token, client);
         if (result.statusCode === 200) {
             succeedSpinner(authSpinner, i18n.__('authSuccessMessage'));
-            console.log(i18n.__('runScanMessage'));
+            console.log(i18n.__('runAuthSuccessMessage'));
             return result.body;
         }
         let endTime = new Date() - startTime;
@@ -56,6 +64,16 @@ const pollAuthResult = async (token, client) => {
         console.log(err);
     });
 };
+const authUsageGuide = commandLineUsage([
+    {
+        header: i18n.__('authHeader'),
+        content: [i18n.__('constantsAuthHeaderContents')]
+    },
+    {
+        header: i18n.__('constantsAuthUsageHeader'),
+        content: [i18n.__('constantsAuthUsageContents')]
+    }
+]);
 module.exports = {
     processAuth: processAuth
 };

package/dist/commands/config/config.js CHANGED Viewed

@@ -1,14 +1,16 @@
 "use strict";
-const commandLineArgs = require('command-line-args');
+const parsedCLIOptions = require('../../utils/parsedCLIOptions');
+const constants = require('../../constants');
+const commandLineUsage = require('command-line-usage');
+const i18n = require('i18n');
 const processConfig = (argv, config) => {
-    const options = [{ name: 'clear', alias: 'c', type: Boolean }];
     try {
-        const configOptions = commandLineArgs(options, {
-            argv,
-            caseInsensitive: true,
-            camelCase: true
-        });
-        if (configOptions.clear) {
+        let configParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.configOptionDefinitions);
+        if (configParams.help) {
+            console.log(configUsageGuide);
+            process.exit(0);
+        }
+        if (configParams.clear) {
             config.clear();
         }
         else {
@@ -19,6 +21,15 @@ const processConfig = (argv, config) => {
         console.log(e.message.toString());
     }
 };
+const configUsageGuide = commandLineUsage([
+    {
+        header: i18n.__('configHeader')
+    },
+    {
+        content: [i18n.__('constantsConfigUsageContents')],
+        optionList: constants.commandLineDefinitions.configOptionDefinitions
+    }
+]);
 module.exports = {
     processConfig: processConfig
 };

package/dist/commands/scan/processScan.js CHANGED Viewed

@@ -1,23 +1,19 @@
 "use strict";
 const { startScan } = require('../../scan/scanController');
-const paramHandler = require('../../utils/paramsUtil/paramHandler');
 const { formatScanOutput } = require('../../scan/scan');
 const { scanUsageGuide } = require('../../scan/help');
-const processScan = async () => {
-    let getScanSubCommands = paramHandler.getScanSubCommands();
-    if (getScanSubCommands.help) {
-        printHelpMessage();
-        process.exit(1);
-    }
-    let scanResults = await startScan();
+const scanConfig = require('../../scan/scanConfig');
+const { saveScanFile } = require('../../utils/saveFile');
+const processScan = async (argvMain) => {
+    let config = scanConfig.getScanConfig(argvMain);
+    let scanResults = await startScan(config);
     if (scanResults) {
         formatScanOutput(scanResults?.projectOverview, scanResults?.scanResultsInstances);
     }
-};
-const printHelpMessage = () => {
-    console.log(scanUsageGuide);
+    if (config.save !== undefined) {
+        await saveScanFile(config, scanResults);
+    }
 };
 module.exports = {
-    processScan,
-    printHelpMessage
+    processScan
 };

package/dist/common/HTTPClient.js CHANGED Viewed

@@ -6,8 +6,9 @@ const { AUTH_CALLBACK_URL } = require('../constants/constants');
 function HTTPClient(config) {
     const apiKey = config.apiKey;
     const authToken = config.authorization;
-    const superApiKey = config.super_api_key;
-    const superAuthToken = config.super_authorization;
+    this.rejectUnauthorized = !config.ignoreCertErrors;
+    const superApiKey = config.superApiKey;
+    const superAuthToken = config.superAuthorization;
     this.requestOptions = {
         forever: true,
         json: true,
@@ -65,6 +66,11 @@ HTTPClient.prototype.getSpecificScanResult = function getSpecificScanResult(conf
     options.url = url;
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.getSpecificScanResultSarif = function getSpecificScanResultSarif(config, scanId) {
+    const options = _.cloneDeep(this.requestOptions);
+    options.url = createRawOutputURL(config, scanId);
+    return requestUtils.sendRequest({ method: 'get', options });
+};
 HTTPClient.prototype.getScanId = function getScanId(config, codeArtifactId) {
     const options = _.cloneDeep(this.requestOptions);
     let url = createGetScanIdURL(config);
@@ -89,9 +95,11 @@ HTTPClient.prototype.createProjectId = function createProjectId(config) {
     const options = _.cloneDeep(this.requestOptions);
     options.body = {
         name: config.name,
-        archived: 'false',
-        language: config.language
+        archived: 'false'
     };
+    if (config.language) {
+        options.body.language = config.language;
+    }
     options.url = createHarmonyProjectsUrl(config);
     return requestUtils.sendRequest({ method: 'post', options });
 };
@@ -120,6 +128,58 @@ HTTPClient.prototype.pollForAuth = function pollForAuth(token) {
     options.body = requestBody;
     return requestUtils.sendRequest({ method: 'post', options });
 };
+HTTPClient.prototype.catalogueCommand = function catalogueCommand(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createAppCreateURL(config);
+    options.url = url;
+    let requestBody = {};
+    requestBody.name = config.applicationName;
+    requestBody.language = config.language.toUpperCase();
+    requestBody.appGroups = config.appGroups;
+    requestBody.metadata = config.metadata;
+    requestBody.tags = config.tags;
+    requestBody.code = config.code;
+    options.body = requestBody;
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+HTTPClient.prototype.sendSnapshot = function sendSnapshot(requestBody, config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createSnapshotURL(config);
+    options.url = url;
+    options.body = requestBody;
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+HTTPClient.prototype.getReport = function getReport(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createReportUrl(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.getSpecificReport = function getSpecificReport(config, reportId) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createSpecificReportUrl(config, reportId);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.getLibraryVulnerabilities = function getLibraryVulnerabilities(requestBody, config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createLibraryVulnerabilitiesUrl(config);
+    options.url = url;
+    options.body = requestBody;
+    return requestUtils.sendRequest({ method: 'put', options });
+};
+HTTPClient.prototype.getAppId = function getAppId(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createAppNameUrl(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.getDependencyTree = function getReport(orgUuid, appId, reportId) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createGetDependencyTree(options.uri, orgUuid, appId, reportId);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
 function getServerlessHost(config = {}) {
     const originalHost = config?.host || config?.get('host');
     const host = originalHost?.endsWith('/')
@@ -145,29 +205,41 @@ function createScanResultsGetUrl(config, params, scanId, functionArn) {
     const { provider, accountId, organizationId } = params;
     return `${url}/organizations/${organizationId}/providers/${provider}/accounts/${accountId}/scans/${encodedScanId}/resources/${encodedFunctionArn}/results`;
 }
-HTTPClient.prototype.postFunctionScan = async function postFunctionScan(config, parameters, body) {
-    const url = createScanFunctionPostUrl(config, parameters);
+HTTPClient.prototype.postFunctionScan = async function postFunctionScan(config, params, body) {
+    const url = createScanFunctionPostUrl(config, params);
     const options = { ...this.requestOptions, body, url };
     return requestUtils.sendRequest({ method: 'post', options });
 };
-HTTPClient.prototype.getScanResources = async function getScanResources(config, parameters, scanId) {
-    const url = createScanResourcesGetUrl(config, parameters, scanId);
+HTTPClient.prototype.getScanResources = async function getScanResources(config, params, scanId) {
+    const url = createScanResourcesGetUrl(config, params, scanId);
     const options = { ...this.requestOptions, url };
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.getFunctionScanResults = async function getFunctionScanResults(config, parameters, scanId, functionArn) {
-    const url = createScanResultsGetUrl(config, parameters, scanId, functionArn);
+HTTPClient.prototype.getFunctionScanResults = async function getFunctionScanResults(config, params, scanId, functionArn) {
+    const url = createScanResultsGetUrl(config, params, scanId, functionArn);
     const options = { ...this.requestOptions, url };
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.checkLibrary = function checkLibrary(data) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createDataUrl();
+    options.url = url;
+    options.body = data;
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+HTTPClient.prototype.getSbom = function getSbom(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    options.url = createSbomCycloneDXUrl(config);
+    return requestUtils.sendRequest({ method: 'get', options });
+};
 const createGetScanIdURL = config => {
     return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/`;
 };
 const createScanResultsInstancesURL = (config, scanId) => {
-    return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/result-instances?sort=severity,asc`;
+    return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/result-instances/info?size=50&page=0&last=false&sort=severity,asc`;
 };
-const createRawOutputURL = (config, codeArtifactId) => {
-    return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${codeArtifactId}/raw-output`;
+const createRawOutputURL = (config, scanId) => {
+    return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/raw-output`;
 };
 const createSpecificScanResultURL = (config, scanId) => {
     return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}`;
@@ -187,6 +259,33 @@ const createGlobalPropertiesUrl = protocol => {
 const pollForAuthUrl = () => {
     return `${AUTH_CALLBACK_URL}/auth/credentials`;
 };
+function createSnapshotURL(config) {
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots`;
+}
+const createAppCreateURL = config => {
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/create`;
+};
+const createAppNameUrl = config => {
+    return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/name?filterText=${config.applicationName}`;
+};
+function createLibraryVulnerabilitiesUrl(config) {
+    return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`;
+}
+function createReportUrl(config) {
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports`;
+}
+function createSpecificReportUrl(config, reportId) {
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}?nodesToInclude=PROD`;
+}
+function createDataUrl() {
+    return `https://ardy.contrastsecurity.com/production`;
+}
+const createGetDependencyTree = (protocol, orgUuid, appId, reportId) => {
+    return `${protocol}/Contrast/api/ng/sca/organizations/${orgUuid}/applications/${appId}/reports/${reportId}`;
+};
+function createSbomCycloneDXUrl(config) {
+    return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/cyclonedx`;
+}
 module.exports = HTTPClient;
 module.exports.pollForAuthUrl = pollForAuthUrl;
 module.exports.getServerlessHost = getServerlessHost;

package/dist/common/errorHandling.js CHANGED Viewed

@@ -3,8 +3,56 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getErrorMessage = exports.generalError = exports.hostWarningError = exports.failOptionError = exports.proxyError = exports.forbiddenError = exports.badRequestError = exports.unauthenticatedError = exports.genericError = void 0;
+exports.findCommandOnError = exports.libraryAnalysisError = exports.handleResponseErrors = exports.getErrorMessage = exports.generalError = exports.hostWarningError = exports.failOptionError = exports.proxyError = exports.forbiddenError = exports.badRequestError = exports.unauthenticatedError = exports.genericError = void 0;
 const i18n_1 = __importDefault(require("i18n"));
+const handleResponseErrors = (res, api) => {
+    if (res.statusCode === 400) {
+        api === 'catalogue' ? badRequestError(true) : badRequestError(false);
+    }
+    else if (res.statusCode === 401) {
+        unauthenticatedError();
+    }
+    else if (res.statusCode === 403) {
+        forbiddenError();
+    }
+    else if (res.statusCode === 407) {
+        proxyError();
+    }
+    else {
+        if (api === 'snapshot' || api === 'catalogue') {
+            snapshotFailureError();
+        }
+        if (api === 'vulnerabilities') {
+            vulnerabilitiesFailureError();
+        }
+        if (api === 'report') {
+            reportFailureError();
+        }
+    }
+};
+exports.handleResponseErrors = handleResponseErrors;
+const libraryAnalysisError = () => {
+    console.log(i18n_1.default.__('libraryAnalysisError'));
+};
+exports.libraryAnalysisError = libraryAnalysisError;
+const snapshotFailureError = () => {
+    console.log('\n ******************************** ' +
+        i18n_1.default.__('snapshotFailureHeader') +
+        ' *********************************\n' +
+        i18n_1.default.__('snapshotFailureMessage'));
+};
+const vulnerabilitiesFailureError = () => {
+    console.log('\n ******************************** ' +
+        i18n_1.default.__('snapshotFailureHeader') +
+        ' *********************************\n' +
+        i18n_1.default.__('vulnerabilitiesFailureMessage'));
+};
+const reportFailureError = () => {
+    console.log('\n ******************************** ' +
+        i18n_1.default.__('snapshotFailureHeader') +
+        ' *********************************\n' +
+        i18n_1.default.__('reportFailureMessage'));
+};
 const genericError = (missingCliOption) => {
     console.log(`*************************** ${i18n_1.default.__('yamlMissingParametersHeader')} ***************************\n${missingCliOption}`);
     console.error(i18n_1.default.__('yamlMissingParametersMessage'));
@@ -23,6 +71,7 @@ const badRequestError = (catalogue) => {
 exports.badRequestError = badRequestError;
 const forbiddenError = () => {
     generalError('forbiddenRequestErrorHeader', 'forbiddenRequestErrorMessage');
+    process.exit(1);
 };
 exports.forbiddenError = forbiddenError;
 const proxyError = () => {
@@ -58,3 +107,18 @@ const generalError = (header, message) => {
     console.log(finalMessage);
 };
 exports.generalError = generalError;
+const findCommandOnError = (unknownOptions) => {
+    const commandKeywords = {
+        auth: 'auth',
+        audit: 'audit',
+        scan: 'scan',
+        lambda: 'lambda',
+        config: 'config'
+    };
+    const containsCommandKeyword = unknownOptions.some(command => commandKeywords[command]);
+    if (containsCommandKeyword) {
+        const foundCommands = unknownOptions.filter(command => commandKeywords[command]);
+        return foundCommands[0];
+    }
+};
+exports.findCommandOnError = findCommandOnError;

package/dist/common/versionChecker.js ADDED Viewed

@@ -0,0 +1,30 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isCorrectNodeVersion = exports.findLatestCLIVersion = void 0;
+const latest_version_1 = __importDefault(require("latest-version"));
+const constants_1 = require("../constants/constants");
+const boxen_1 = __importDefault(require("boxen"));
+const chalk_1 = __importDefault(require("chalk"));
+const semver_1 = __importDefault(require("semver"));
+async function findLatestCLIVersion() {
+    const latestCLIVersion = await (0, latest_version_1.default)('@contrast/contrast');
+    if (semver_1.default.lt(constants_1.APP_VERSION, latestCLIVersion)) {
+        const updateAvailableMessage = `Update available ${chalk_1.default.yellow(constants_1.APP_VERSION)} → ${chalk_1.default.green(latestCLIVersion)}`;
+        const npmUpdateAvailableCommand = `Run ${chalk_1.default.cyan('npm i @contrast/contrast -g')} to update via npm`;
+        const homebrewUpdateAvailableCommand = `Run ${chalk_1.default.cyan('brew install contrastsecurity/tap/contrast')} to update via brew`;
+        console.log((0, boxen_1.default)(`${updateAvailableMessage}\n${npmUpdateAvailableCommand}\n\n${homebrewUpdateAvailableCommand}`, {
+            titleAlignment: 'center',
+            margin: 1,
+            padding: 1,
+            align: 'center'
+        }));
+    }
+}
+exports.findLatestCLIVersion = findLatestCLIVersion;
+async function isCorrectNodeVersion(currentVersion) {
+    return semver_1.default.satisfies(currentVersion, '>=16.13.2 <17');
+}
+exports.isCorrectNodeVersion = isCorrectNodeVersion;

package/dist/constants/constants.js CHANGED Viewed

@@ -12,10 +12,11 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.0';
+const APP_VERSION = '1.0.3';
 const TIMEOUT = 120000;
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com';
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com';
+const SARIF_FILE = 'SARIF';
 module.exports = {
     supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
     LOW,
@@ -26,5 +27,6 @@ module.exports = {
     APP_NAME,
     TIMEOUT,
     AUTH_UI_URL,
-    AUTH_CALLBACK_URL
+    AUTH_CALLBACK_URL,
+    SARIF_FILE
 };

package/dist/constants/lambda.js CHANGED Viewed

@@ -9,15 +9,43 @@ const lambda = {
     missingFunctionName: 'Required parameter --function-name is missing.\nRun command with --help to see usage',
     failedToGetResults: 'Failed to get results',
     missingResults: 'Missing vulnerabilities',
-    missingParameter: 'Required function parameter is missing',
     awsError: 'AWS error',
-    missingFlagArguments: 'The following flags are missing an arguments:\n%s',
-    notSupportedFlags: 'The following flags are not supported:\n%s\nRun command with --help to see usage',
+    missingFlagArguments: 'The following flags are missing an arguments:\n{{flags}}',
+    notSupportedFlags: 'The following flags are not supported:\n{{flags}}\nRun command with --help to see usage',
+    layerNotFound: 'The layer {{layerArn}} could not be found. The scan will continue without it',
+    noVulnerabilitiesFound: '👏 No vulnerabilities found',
+    scanCompleted: '----- Scan completed {{time}}s -----',
+    sendingScanRequest: '{{icon}} Sending Lambda Function scan request to Contrast',
+    scanRequestedSuccessfully: '{{icon}} Scan requested successfully',
+    fetchingConfiguration: '{{icon}} Fetching configuration and policies for Lambda Function {{functionName}}',
+    fetchedConfiguration: '{{icon}} Fetched configuration from AWS',
+    scanStarted: 'Scan Started',
+    scanFailed: 'Scan Failed',
+    scanTimedOut: 'Scan timed out',
+    loadingFunctionList: 'Loading lambda function list',
+    functionsFound: '{{count}} functions found',
+    noFunctionsFound: 'No functions found',
+    failedToLoadFunctions: 'Faled to load lambda functions',
+    availableForScan: '{{icon}} {{count}} available for scan',
+    runtimeCount: '----- {{runtime}} ({{count}}) -----',
+    whatHappenedTitle: 'What happened:',
+    whatHappenedItem: '{{policy}} have:\n{{comments}}\n',
+    recommendation: 'Recommendation:',
+    vulnerableDependency: 'Vulnerable dependency',
+    dependenciesCount: {
+        one: '1 Dependency',
+        other: '%s Dependencies'
+    },
+    foundVulnerabilities: {
+        one: 'Found 1 vulnerability',
+        other: 'Found %s vulnerabilities'
+    },
+    vulnerableDependencyDescriptions: '{packageName} (v{version}) has {NUM} known {NUM, plural,one{CVE}other{CVEs}}\n {cves}',
     something_went_wrong: 'Something went wrong',
     not_found_404: '404 error - Not found',
     internal_error: 'Internal error',
     inactive_account: 'Scanning a function of an inactive account is not supported',
-    not_supported_runtime: 'Scanning resource of runtime "%s" is not supported.\nSupported runtimes: %s',
+    not_supported_runtime: 'Scanning resource of runtime "{{runtime}}" is not supported.\nSupported runtimes: {{supportedRuntimes}}',
     not_supported_onboard_account: 'Scanning a function of onboard account is not supported',
     scan_lock: 'Other scan is still running. Please wait until the previous scan finishes',
     unsupported: 'unsupported',