@contrast/contrast 1.0.0 → 1.0.3

package/dist/scan/populateProjectIdAndProjectName.js

@@ -19,6 +19,11 @@ const createProjectId = async (config, client) => {
             console.log(i18n.__('foundExistingProjectScan'));
             return;
         }
+        if (res.statusCode === 403) {
+            console.log(i18n.__('permissionsError'));
+            process.exit(1);
+            return;
+        }
         if (res.statusCode === 201) {
             console.log(i18n.__('projectCreatedScan'));
             if (config.verbose) {

package/dist/scan/saveResults.js

@@ -0,0 +1,14 @@
+"use strict";
+const fs = require('fs');
+const writeResultsToFile = async (responseBody, name = 'results.sarif') => {
+    try {
+        fs.writeFileSync(name, JSON.stringify(responseBody, null, 2));
+        console.log(`Scan Results saved to ${name}`);
+    }
+    catch (err) {
+        console.log('Error writing Scan Results to file');
+    }
+};
+module.exports = {
+    writeResultsToFile: writeResultsToFile
+};

package/dist/scan/scan.js

@@ -1,11 +1,10 @@
 "use strict";
 const commonApi = require('../utils/commonApi.js');
 const fileUtils = require('../scan/fileUtils');
-const allowedFileTypes = ['.jar', '.war', '.js', '.zip'];
+const allowedFileTypes = ['.jar', '.war', '.js', '.zip', '.exe'];
 const i18n = require('i18n');
-const AdmZip = require('adm-zip');
 const oraWrapper = require('../utils/oraWrapper');
-const { supportedLanguages } = require('../constants/constants');
+const chalk = require('chalk');
 const isFileAllowed = scanOption => {
     let valid = false;
     allowedFileTypes.forEach(fileType => {
@@ -15,6 +14,14 @@ const isFileAllowed = scanOption => {
     });
     return valid;
 };
+const stripMustacheTags = oldString => {
+    return oldString
+        .replace(/\n/g, ' ')
+        .replace(/{{.*?}}/g, '\n')
+        .replace(/\$\$LINK_DELIM\$\$/g, '\n')
+        .replace(/\s+/g, ' ')
+        .trim();
+};
 const sendScan = async (config) => {
     if (!isFileAllowed(config.file)) {
         console.log(i18n.__('scanErrorFileMessage'));
@@ -36,7 +43,16 @@ const sendScan = async (config) => {
                 return res.body.id;
             }
             else {
+                if (config.debug) {
+                    console.log(res.statusCode);
+                    console.log(config);
+                }
                 oraWrapper.failSpinner(startUploadSpinner, i18n.__('uploadingScanFail'));
+                if (res.statusCode === 403) {
+                    console.log(i18n.__('permissionsError'));
+                    process.exit(1);
+                }
+                console.log(i18n.__('genericServiceError', res.statusCode));
                 process.exit(1);
             }
         })
@@ -45,52 +61,101 @@ const sendScan = async (config) => {
         });
     }
 };
-const zipValidator = configToUse => {
-    if (configToUse.file.endsWith('.zip')) {
-        let zipFileName = configToUse.file.split('/').pop();
-        try {
-            let zip = new AdmZip(configToUse.file);
-            let zipEntries = zip.getEntries();
-            zipEntries.forEach(function (zipEntry) {
-                if (!zipEntry.entryName.includes('._') &&
-                    !zipEntry.entryName.includes('/.')) {
-                    if (!zipEntry.isDirectory) {
-                        if (!zipEntry.entryName.endsWith('.js')) {
-                            console.log(i18n.__('scanZipError', zipFileName));
-                            process.exit(1);
-                        }
-                    }
-                }
+const formatScanOutput = (overview, results) => {
+    console.log();
+    if (results.content.length === 0) {
+        console.log(i18n.__('scanNoVulnerabilitiesFound'));
+    }
+    else {
+        let message = overview.critical || overview.high
+            ? 'Here are your top priorities to fix'
+            : "No major issues, here's what we found";
+        console.log(chalk.bold(message));
+        console.log();
+        const groups = getGroups(results.content);
+        groups.forEach(entry => {
+            console.log(chalk.bold(`${entry.severity} | ${entry.ruleId} (${entry.lineInfoSet.size})`));
+            let count = 1;
+            entry.lineInfoSet.forEach(lineInfo => {
+                console.log(`\t ${count}. ${lineInfo}`);
+                count++;
             });
-            configToUse.language = supportedLanguages.JAVASCRIPT;
-        }
-        catch {
-            console.log(i18n.__('zipFileException'));
-        }
+            if (entry?.cwe && entry?.cwe.length > 0) {
+                formatLinks('cwe', entry.cwe);
+            }
+            if (entry?.reference && entry?.reference.length > 0) {
+                formatLinks('reference', entry.reference);
+            }
+            if (entry?.owasp && entry?.owasp.length > 0) {
+                formatLinks('owasp', entry.owasp);
+            }
+            console.log(chalk.bold('How to fix:'));
+            console.log(entry.recommendation);
+            console.log();
+        });
+        const totalVulnerabilities = overview.critical +
+            overview.high +
+            overview.medium +
+            overview.low +
+            overview.note;
+        let vulMessage = totalVulnerabilities === 1 ? `vulnerability` : `vulnerabilities`;
+        console.log(chalk.bold(`Found ${totalVulnerabilities} ${vulMessage}`));
+        console.log(i18n.__('foundDetailedVulnerabilities', overview.critical, overview.high, overview.medium, overview.low, overview.note));
     }
 };
-const formatScanOutput = (overview, results) => {
-    console.log();
-    console.log('Here are your top priorities to fix');
+const formatLinks = (objName, entry) => {
+    console.log(chalk.bold(objName + ':'));
+    entry.forEach(link => {
+        console.log(link);
+    });
     console.log();
-    results.content.forEach(entry => {
-        console.log(entry.severity, 'ID:', entry.id);
-        console.log(entry.ruleId, 'in', entry.locations[0]?.physicalLocation.artifactLocation.uri, '@', entry.codeFlows[0]?.threadFlows[0]?.locations[0]?.location
-            ?.physicalLocation?.region?.startLine);
-        console.log();
+};
+const getGroups = content => {
+    const groupTypeSet = new Set(content.map(({ ruleId }) => ruleId));
+    let groupTypeResults = [];
+    groupTypeSet.forEach(groupName => {
+        let groupResultsObj = {
+            ruleId: groupName,
+            lineInfoSet: new Set(),
+            cwe: '',
+            owasp: '',
+            reference: '',
+            recommendation: '',
+            severity: ''
+        };
+        content.forEach(resultEntry => {
+            if (resultEntry.ruleId === groupName) {
+                groupResultsObj.severity = resultEntry.severity;
+                groupResultsObj.cwe = resultEntry.cwe;
+                groupResultsObj.owasp = resultEntry.owasp;
+                groupResultsObj.reference = resultEntry.reference;
+                groupResultsObj.recommendation = resultEntry.recommendation
+                    ? stripMustacheTags(resultEntry.recommendation)
+                    : 'No Recommendations Data Found';
+                groupResultsObj.lineInfoSet.add(formattedCodeLine(resultEntry));
+            }
+        });
+        groupTypeResults.push(groupResultsObj);
     });
-    const totalVulnerabilities = overview.critical +
-        overview.high +
-        overview.medium +
-        overview.low +
-        overview.note;
-    console.log(`Found ${totalVulnerabilities} vulnerabilities`);
-    console.log(i18n.__('foundDetailedVulnerabilities', overview.critical, overview.high, overview.medium, overview.low, overview.note));
+    return groupTypeResults;
+};
+const formattedCodeLine = resultEntry => {
+    let lineUri = resultEntry.locations[0]?.physicalLocation.artifactLocation.uri;
+    return lineUri + ' @ ' + setLineNumber(resultEntry);
+};
+const setLineNumber = resultEntry => {
+    return resultEntry.codeFlows?.[0]?.threadFlows[0]?.locations[0]?.location
+        ?.physicalLocation?.region?.startLine
+        ? resultEntry.codeFlows[0]?.threadFlows[0]?.locations[0]?.location
+            ?.physicalLocation?.region?.startLine
+        : resultEntry.locations[0]?.physicalLocation?.region?.startLine;
 };
 module.exports = {
     sendScan: sendScan,
+    getGroups: getGroups,
     allowedFileTypes: allowedFileTypes,
     isFileAllowed: isFileAllowed,
+    stripMustacheTags: stripMustacheTags,
     formatScanOutput: formatScanOutput,
-    zipValidator: zipValidator
+    formatLinks: formatLinks
 };

package/dist/scan/scanConfig.js

@@ -0,0 +1,39 @@
+"use strict";
+const paramHandler = require('../utils/paramsUtil/paramHandler');
+const constants = require('../../src/constants.js');
+const parsedCLIOptions = require('../../src/utils/parsedCLIOptions');
+const path = require('path');
+const { supportedLanguages } = require('../audit/languageAnalysisEngine/constants');
+const i18n = require('i18n');
+const { scanUsageGuide } = require('./help');
+const getScanConfig = argv => {
+    let scanParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.scanOptionDefinitions);
+    if (scanParams.help) {
+        printHelpMessage();
+        process.exit(0);
+    }
+    const paramsAuth = paramHandler.getAuth(scanParams);
+    if (scanParams.language) {
+        scanParams.language = scanParams.language.toUpperCase();
+        if (!Object.values(supportedLanguages).includes(scanParams.language)) {
+            console.log(`Did not recognise --language ${scanParams.language}`);
+            console.log(i18n.__('constantsHowToRunDev3'));
+            process.exit(0);
+        }
+    }
+    if (!scanParams.name && scanParams.file) {
+        scanParams.name = getFileName(scanParams.file);
+    }
+    return { ...paramsAuth, ...scanParams };
+};
+const getFileName = file => {
+    return file.split(path.sep).pop();
+};
+const printHelpMessage = () => {
+    console.log(scanUsageGuide);
+};
+module.exports = {
+    getScanConfig,
+    getFileName,
+    printHelpMessage
+};

package/dist/scan/scanController.js

@@ -5,8 +5,8 @@ const populateProjectIdAndProjectName = require('./populateProjectIdAndProjectNa
 const scan = require('./scan');
 const scanResults = require('./scanResults');
 const autoDetection = require('./autoDetection');
-const paramHandler = require('../utils/paramsUtil/paramHandler');
 const fileFunctions = require('./fileUtils');
+const { performance } = require('perf_hooks');
 const getTimeout = config => {
     if (config.timeout) {
         return config.timeout;
@@ -18,35 +18,38 @@ const getTimeout = config => {
         return 300;
     }
 };
-const startScan = async () => {
-    let paramsAuth = paramHandler.getAuth();
-    let getScanSubCommands = paramHandler.getScanSubCommands();
-    const configToUse = { ...paramsAuth, ...getScanSubCommands };
-    if (configToUse.file === undefined || configToUse.file === null) {
-        await autoDetection.autoDetectFileAndLanguage(configToUse);
+const fileAndLanguageLogic = async (configToUse) => {
+    if (configToUse.file) {
+        if (!fileFunctions.fileExists(configToUse.file)) {
+            console.log(i18n.__('fileNotExist'));
+            process.exit(1);
+        }
+        return configToUse;
     }
     else {
-        if (fileFunctions.fileExists(configToUse.file)) {
-            scan.zipValidator(configToUse);
-            autoDetection.assignLanguage([configToUse.file], configToUse);
-        }
-        else {
-            console.log(i18n.__('fileNotExist'));
-            process.exit(0);
+        if (configToUse.file === undefined || configToUse.file === null) {
+            await autoDetection.autoDetectFileAndLanguage(configToUse);
         }
     }
+};
+const startScan = async (configToUse) => {
+    const startTime = performance.now();
+    await fileAndLanguageLogic(configToUse);
     if (!configToUse.projectId) {
         configToUse.projectId = await populateProjectIdAndProjectName.populateProjectId(configToUse);
     }
     const codeArtifactId = await scan.sendScan(configToUse);
     if (!configToUse.ff) {
-        const startScanSpinner = returnOra('Contrast Scan started');
+        const startScanSpinner = returnOra('🚀 Contrast Scan started');
         startSpinner(startScanSpinner);
         const scanDetail = await scanResults.returnScanResults(configToUse, codeArtifactId, getTimeout(configToUse), startScanSpinner);
         const scanResultsInstances = await scanResults.returnScanResultsInstances(configToUse, scanDetail.id);
+        const endTime = performance.now();
+        const scanDurationMs = endTime - startTime;
         succeedSpinner(startScanSpinner, 'Contrast Scan complete');
+        console.log(`----- Scan completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
         const projectOverview = await scanResults.returnScanProjectById(configToUse);
-        return { projectOverview, scanResultsInstances };
+        return { projectOverview, scanDetail, scanResultsInstances };
     }
 };
 module.exports = {

package/dist/scan/scanResults.js

@@ -1,8 +1,9 @@
 "use strict";
 const commonApi = require('../utils/commonApi');
 const requestUtils = require('../../src/utils/requestUtils');
-const i18n = require('i18n');
 const oraFunctions = require('../utils/oraWrapper');
+const _ = require('lodash');
+const i18n = require('i18n');
 const getScanId = async (config, codeArtifactId, client) => {
     return client
         .getScanId(config, codeArtifactId)
@@ -29,25 +30,32 @@ const returnScanResults = async (config, codeArtifactId, timeout, startScanSpinn
     let scanId = await getScanId(config, codeArtifactId, client);
     let startTime = new Date();
     let complete = false;
-    while (!complete) {
-        let result = await pollScanResults(config, scanId, client);
-        if (JSON.stringify(result.statusCode) == 200) {
-            if (result.body.status === 'COMPLETED') {
-                complete = true;
-                return result.body;
+    if (!_.isNil(scanId)) {
+        while (!complete) {
+            let result = await pollScanResults(config, scanId, client);
+            if (JSON.stringify(result.statusCode) == 200) {
+                if (result.body.status === 'COMPLETED') {
+                    complete = true;
+                    return result.body;
+                }
+                if (result.body.status === 'FAILED') {
+                    complete = true;
+                    oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan Failed.');
+                    console.log(result.body.errorMessage);
+                    if (result.body.errorMessage ===
+                        'Unable to determine language for code artifact') {
+                        console.log('Try scanning again using --language param. ', i18n.__('scanOptionsLanguageSummary'));
+                    }
+                    process.exit(1);
+                }
             }
-            if (result.body.status === 'FAILED') {
-                complete = true;
-                oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan Failed.');
+            let endTime = new Date() - startTime;
+            if (requestUtils.millisToSeconds(endTime) > timeout) {
+                oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan timed out at the specified ' + timeout + ' seconds.');
+                console.log('Please try again, allowing more time.');
                 process.exit(1);
             }
         }
-        let endTime = new Date() - startTime;
-        if (requestUtils.millisToSeconds(endTime) > timeout) {
-            oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan timed out at the specified ' + timeout + ' seconds.');
-            console.log('Please try again, allowing more time.');
-            process.exit(1);
-        }
     }
 };
 const returnScanResultsInstances = async (config, scanId) => {

package/dist/utils/commonApi.js

@@ -1,7 +1,7 @@
 "use strict";
 const HttpClient = require('./../common/HTTPClient');
-const { badRequestError, unauthenticatedError, forbiddenError, proxyError, hostWarningError, genericError } = require('../common/errorHandling');
-const handleResponseErrors = (res, api, hostPresent) => {
+const { badRequestError, unauthenticatedError, forbiddenError, proxyError, genericError } = require('../common/errorHandling');
+const handleResponseErrors = (res, api) => {
     if (res.statusCode === 400) {
         api === 'catalogue' ? badRequestError(true) : badRequestError(false);
     }
@@ -15,7 +15,7 @@ const handleResponseErrors = (res, api, hostPresent) => {
         proxyError();
     }
     else {
-        hostPresent === false ? hostWarningError() : genericError();
+        genericError();
     }
 };
 const getProtocol = host => {

package/dist/utils/paramsUtil/commandlineParams.js

@@ -1,7 +1,5 @@
 "use strict";
-const cliOptions = require('../parsedCLIOptions');
-const parsedCLIOptions = cliOptions.getCommandLineArgs();
-const getAuth = () => {
+const getAuth = (parsedCLIOptions = {}) => {
     let params = {};
     params.apiKey = parsedCLIOptions['apiKey'];
     params.authorization = parsedCLIOptions['authorization'];
@@ -9,23 +7,6 @@ const getAuth = () => {
     params.organizationId = parsedCLIOptions['organizationId'];
     return params;
 };
-const getScanParams = () => {
-    let scanParams = {};
-    scanParams.help = parsedCLIOptions['help'];
-    scanParams.file = parsedCLIOptions['file'];
-    scanParams.language = parsedCLIOptions['language']
-        ? parsedCLIOptions['language'].toUpperCase()
-        : parsedCLIOptions['language'];
-    scanParams.ff = parsedCLIOptions['ff'];
-    scanParams.timeout = parsedCLIOptions['timeout'];
-    scanParams.name = parsedCLIOptions['name'];
-    scanParams.verbose = parsedCLIOptions['verbose'];
-    if (!scanParams.name) {
-        scanParams.name = scanParams.file;
-    }
-    return scanParams;
-};
 module.exports = {
-    getScanParams: getScanParams,
     getAuth: getAuth
 };

package/dist/utils/paramsUtil/paramHandler.js

@@ -4,8 +4,8 @@ const configStoreParams = require('./configStoreParams');
 const envVariableParams = require('./envVariableParams');
 const { validateAuthParams } = require('../validationCheck');
 const i18n = require('i18n');
-const getAuth = () => {
-    let commandLineAuthParamsAuth = commandlineAuth.getAuth();
+const getAuth = params => {
+    let commandLineAuthParamsAuth = commandlineAuth.getAuth(params);
     let envVariableParamsAuth = envVariableParams.getAuth();
     let configStoreParamsAuth = configStoreParams.getAuth();
     if (validateAuthParams(commandLineAuthParamsAuth)) {
@@ -22,7 +22,4 @@ const getAuth = () => {
         process.exit(1);
     }
 };
-const getScanSubCommands = () => {
-    return commandlineAuth.getScanParams();
-};
-module.exports = { getAuth: getAuth, getScanSubCommands: getScanSubCommands };
+module.exports = { getAuth: getAuth };

package/dist/utils/parsedCLIOptions.js

@@ -1,13 +1,19 @@
 "use strict";
-const constants = require('../constants');
 const commandLineArgs = require('command-line-args');
-const getCommandLineArgs = () => {
-    return commandLineArgs(constants.commandLineDefinitions.scanOptionDefinitions, {
-        partial: true,
-        camelCase: true,
-        caseInsensitive: true
-    });
+const getCommandLineArgsCustom = (parameterList, optionDefinitions) => {
+    try {
+        return commandLineArgs(optionDefinitions, {
+            argv: parameterList,
+            partial: false,
+            camelCase: true,
+            caseInsensitive: true
+        });
+    }
+    catch (e) {
+        console.log(e.message.toString());
+        process.exit(1);
+    }
 };
 module.exports = {
-    getCommandLineArgs: getCommandLineArgs
+    getCommandLineArgsCustom
 };

package/dist/utils/requestUtils.js

@@ -6,7 +6,7 @@ function sendRequest({ options, method = 'put' }) {
     return request[`${method}Async`](options.url, options);
 }
 const millisToSeconds = millis => {
-    return ((millis % 60000) / 1000).toFixed(0);
+    return (millis / 1000).toFixed(0);
 };
 const sleep = ms => {
     return new Promise(resolve => setTimeout(resolve, ms));

package/dist/utils/saveFile.js

@@ -0,0 +1,19 @@
+"use strict";
+const { SARIF_FILE } = require('../constants/constants');
+const commonApi = require('./commonApi');
+const saveResults = require('../scan/saveResults');
+const i18n = require('i18n');
+const saveScanFile = async (config, scanResults) => {
+    if (config.save === null || config.save.toUpperCase() === SARIF_FILE) {
+        const scanId = scanResults.scanDetail.id;
+        const client = commonApi.getHttpClient(config);
+        const rawResults = await client.getSpecificScanResultSarif(config, scanId);
+        await saveResults.writeResultsToFile(rawResults?.body);
+    }
+    else {
+        console.log(i18n.__('scanNoFiletypeSpecifiedForSave'));
+    }
+};
+module.exports = {
+    saveScanFile: saveScanFile
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.0",
+  "version": "1.0.3",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {
@@ -21,7 +21,9 @@
   "scripts": {
     "build": "tsc",
     "test": "jest --testPathIgnorePatterns=./test-integration/",
-    "test-int": "jest ./test-integration/scan/",
+    "test-int": "jest ./test-integration/",
+    "test-int-scan": "jest ./test-integration/scan",
+    "test-int-audit": "jest ./test-integration/audit",
     "format": "prettier --write \"**/*.{ts,tsx,js,css,scss,json,md,yml}\" .eslintrc.* .babelrc",
     "check-format": "prettier --check \"**/*.{ts,tsx,js,css,scss,json,md,yml}\" .eslintrc.* .babelrc",
     "coverage-local": "nyc --reporter=text mocha './test/**/*.spec.js'",
@@ -36,26 +38,28 @@
     "node": ">=16.13.2 <17"
   },
   "dependencies": {
-    "@aws-sdk/client-iam": "^3.53.0",
-    "@aws-sdk/client-lambda": "^3.53.0",
+    "@aws-sdk/client-iam": "^3.78.0",
+    "@aws-sdk/client-lambda": "^3.78.0",
+    "@types/semver": "^7.3.9",
     "@yarnpkg/lockfile": "^1.1.0",
-    "adm-zip": "^0.5.9",
     "bluebird": "^3.7.2",
-    "chalk": "^4.1.2",
+    "boxen": "5.1.2",
+    "chalk": "4.1.2",
     "command-line-args": "^5.2.1",
-    "command-line-usage": "^6.1.1",
-    "conf": "^10.1.1",
+    "command-line-usage": "^6.1.3",
+    "conf": "^10.1.2",
     "dotenv": "^16.0.0",
     "fast-glob": "^3.2.11",
-    "i18n": "^0.14.1",
+    "i18n": "^0.14.2",
     "js-yaml": "^4.1.0",
+    "latest-version": "5.1.0",
     "lodash": "^4.17.21",
     "log-symbols": "^4.1.0",
     "open": "^8.4.0",
     "ora": "5.4.1",
     "prettyjson": "^1.2.5",
     "request": "^2.88.2",
-    "semver": "^7.3.5",
+    "semver": "^7.3.7",
     "string-builder": "^0.1.8",
     "string-multiple-replace": "^1.0.5",
     "tmp": "^0.2.1",
@@ -68,24 +72,25 @@
     "@types/command-line-usage": "^5.0.2",
     "@types/i18n": "^0.13.2",
     "@types/jest": "^27.4.1",
-    "@types/lodash": "^4.14.181",
-    "@typescript-eslint/eslint-plugin": "^5.13.0",
-    "@typescript-eslint/parser": "^5.13.0",
+    "@types/lodash": "^4.14.182",
+    "@typescript-eslint/eslint-plugin": "^5.21.0",
+    "@typescript-eslint/parser": "^5.21.0",
     "csv-writer": "^1.6.0",
-    "eslint": "^8.8.0",
-    "eslint-config-prettier": "^8.3.0",
+    "eslint": "^8.14.0",
+    "eslint-config-prettier": "^8.5.0",
     "eslint-plugin-prettier": "^4.0.0",
-    "husky": "^3.0.9",
-    "jest": "^27.4.7",
-    "mocha": "^9.2.1",
+    "husky": "^3.1.0",
+    "jest": "^27.5.1",
+    "jest-junit": "^13.2.0",
+    "mocha": "^9.2.2",
     "npm-license-crawler": "^0.2.1",
     "nyc": "^15.1.0",
-    "pkg": "^5.5.2",
+    "pkg": "^5.6.0",
     "prettier": "^1.19.1",
     "tmp": "^0.2.1",
-    "ts-jest": "^27.1.3",
+    "ts-jest": "^27.1.4",
     "ts-node": "^10.7.0",
-    "typescript": "^4.6.2",
+    "typescript": "^4.6.3",
     "uuid": "^8.3.2"
   },
   "resolutions": {