@contrast/contrast 1.0.1 → 1.0.4

package/dist/scan/scan.js

@@ -1,43 +1,43 @@
 "use strict";
-const commonApi = require('../utils/commonApi.js');
-const fileUtils = require('../scan/fileUtils');
-const allowedFileTypes = ['.jar', '.war', '.js', '.zip', '.exe'];
-const i18n = require('i18n');
-const oraWrapper = require('../utils/oraWrapper');
-const chalk = require('chalk');
-const isFileAllowed = scanOption => {
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.stripMustacheTags = exports.getMessage = exports.getGroups = exports.formatLinks = exports.formatScanOutput = exports.sendScan = exports.isFileAllowed = exports.allowedFileTypes = void 0;
+const commonApi_js_1 = __importDefault(require("../utils/commonApi.js"));
+const fileUtils_1 = __importDefault(require("../scan/fileUtils"));
+const i18n_1 = __importDefault(require("i18n"));
+const oraWrapper_1 = __importDefault(require("../utils/oraWrapper"));
+const chalk_1 = __importDefault(require("chalk"));
+const groupedResultsModel_1 = require("./models/groupedResultsModel");
+exports.allowedFileTypes = ['.jar', '.war', '.js', '.zip', '.exe'];
+const isFileAllowed = (scanOption) => {
     let valid = false;
-    allowedFileTypes.forEach(fileType => {
+    exports.allowedFileTypes.forEach(fileType => {
         if (scanOption.endsWith(fileType)) {
             valid = true;
         }
     });
     return valid;
 };
-const stripMustacheTags = oldString => {
-    return oldString
-        .replace(/\n/g, ' ')
-        .replace(/{{.*?}}/g, '\n')
-        .replace(/\s+/g, ' ')
-        .trim();
-};
+exports.isFileAllowed = isFileAllowed;
 const sendScan = async (config) => {
-    if (!isFileAllowed(config.file)) {
-        console.log(i18n.__('scanErrorFileMessage'));
+    if (!(0, exports.isFileAllowed)(config.file)) {
+        console.log(i18n_1.default.__('scanErrorFileMessage'));
         process.exit(9);
     }
     else {
-        fileUtils.checkFilePermissions(config.file);
-        const client = commonApi.getHttpClient(config);
-        const startUploadSpinner = oraWrapper.returnOra(i18n.__('uploadingScan'));
-        oraWrapper.startSpinner(startUploadSpinner);
+        fileUtils_1.default.checkFilePermissions(config.file);
+        const client = commonApi_js_1.default.getHttpClient(config);
+        const startUploadSpinner = oraWrapper_1.default.returnOra(i18n_1.default.__('uploadingScan'));
+        oraWrapper_1.default.startSpinner(startUploadSpinner);
         return await client
             .sendArtifact(config)
             .then(res => {
             if (res.statusCode === 201) {
-                oraWrapper.succeedSpinner(startUploadSpinner, i18n.__('uploadingScanSuccessful'));
+                oraWrapper_1.default.succeedSpinner(startUploadSpinner, i18n_1.default.__('uploadingScanSuccessful'));
                 if (config.verbose) {
-                    console.log(i18n.__('responseMessage', res.body));
+                    console.log(i18n_1.default.__('responseMessage', res.body));
                 }
                 return res.body.id;
             }
@@ -46,10 +46,12 @@ const sendScan = async (config) => {
                     console.log(res.statusCode);
                     console.log(config);
                 }
-                oraWrapper.failSpinner(startUploadSpinner, i18n.__('uploadingScanFail'));
+                oraWrapper_1.default.failSpinner(startUploadSpinner, i18n_1.default.__('uploadingScanFail'));
                 if (res.statusCode === 403) {
-                    console.log(i18n.__('permissionsError'));
+                    console.log(i18n_1.default.__('permissionsError'));
+                    process.exit(1);
                 }
+                console.log(i18n_1.default.__('genericServiceError', res.statusCode));
                 process.exit(1);
             }
         })
@@ -58,74 +60,97 @@ const sendScan = async (config) => {
         });
     }
 };
-const formatScanOutput = (overview, results) => {
-    console.log();
-    if (results.content.length === 0) {
-        console.log(i18n.__('scanNoVulnerabilitiesFound'));
+exports.sendScan = sendScan;
+function formatScanOutput(scanResults) {
+    const { projectOverview, scanResultsInstances } = scanResults;
+    if (scanResultsInstances.content.length === 0) {
+        console.log(i18n_1.default.__('scanNoVulnerabilitiesFound'));
     }
     else {
-        console.log(chalk.bold('Here are your top priorities to fix'));
+        const message = projectOverview.critical || projectOverview.high
+            ? 'Here are your top priorities to fix'
+            : "No major issues, here's what we found";
+        console.log(chalk_1.default.bold(message));
         console.log();
-        const groups = getGroups(results.content);
+        const groups = getGroups(scanResultsInstances.content);
         groups.forEach(entry => {
-            console.log(chalk.bold(`${entry.severity} | ${entry.ruleId} (${entry.lineInfoSet.size})`));
+            console.log(chalk_1.default.bold(`[ ${entry.severity} ] | ${entry.ruleId} (${entry.lineInfoSet.size}) - ` +
+                `${entry.message}`));
             let count = 1;
             entry.lineInfoSet.forEach(lineInfo => {
                 console.log(`\t ${count}. ${lineInfo}`);
                 count++;
             });
-            console.log(chalk.bold('How to fix:'));
-            console.log(entry.recommendation);
+            if (entry?.issue) {
+                console.log(chalk_1.default.bold('Issue' + ': ') + entry.issue);
+            }
+            if (entry?.advice) {
+                console.log(chalk_1.default.bold('Advice' + ': ') + entry.advice);
+            }
+            if (entry?.learn && entry?.learn.length > 0) {
+                formatLinks('Learn', entry.learn);
+            }
             console.log();
         });
-        const totalVulnerabilities = overview.critical +
-            overview.high +
-            overview.medium +
-            overview.low +
-            overview.note;
-        console.log(chalk.bold(`Found ${totalVulnerabilities} vulnerabilities`));
-        console.log(i18n.__('foundDetailedVulnerabilities', overview.critical, overview.high, overview.medium, overview.low, overview.note));
+        printVulnInfo(projectOverview);
     }
-};
-const getGroups = content => {
+}
+exports.formatScanOutput = formatScanOutput;
+function printVulnInfo(projectOverview) {
+    const totalVulnerabilities = getTotalVulns(projectOverview);
+    const vulMessage = totalVulnerabilities === 1 ? `vulnerability` : `vulnerabilities`;
+    console.log(chalk_1.default.bold(`Found ${totalVulnerabilities} ${vulMessage}`));
+    console.log(i18n_1.default.__('foundDetailedVulnerabilities', String(projectOverview.critical), String(projectOverview.high), String(projectOverview.medium), String(projectOverview.low), String(projectOverview.note)));
+}
+function getTotalVulns(projectOverview) {
+    return (projectOverview.critical +
+        projectOverview.high +
+        projectOverview.medium +
+        projectOverview.low +
+        projectOverview.note);
+}
+function formatLinks(objName, entry) {
+    console.log(chalk_1.default.bold(objName + ':'));
+    entry.forEach(link => {
+        console.log(link);
+    });
+}
+exports.formatLinks = formatLinks;
+function getGroups(content) {
     const groupTypeSet = new Set(content.map(({ ruleId }) => ruleId));
-    let groupTypeResults = [];
+    const groupTypeResults = [];
     groupTypeSet.forEach(groupName => {
-        let groupResultsObj = {
-            ruleId: groupName,
-            lineInfoSet: new Set(),
-            recommendation: '',
-            severity: ''
-        };
+        const groupResultsObj = new groupedResultsModel_1.GroupedResultsModel(groupName);
         content.forEach(resultEntry => {
             if (resultEntry.ruleId === groupName) {
                 groupResultsObj.severity = resultEntry.severity;
-                groupResultsObj.recommendation = resultEntry.recommendation
-                    ? stripMustacheTags(resultEntry.recommendation)
-                    : '';
-                groupResultsObj.lineInfoSet.add(formattedCodeLine(resultEntry));
+                groupResultsObj.issue = stripMustacheTags(resultEntry.issue);
+                groupResultsObj.advice = resultEntry.advice;
+                groupResultsObj.learn = resultEntry.learn;
+                groupResultsObj.message = resultEntry.message?.text;
+                groupResultsObj.lineInfoSet.add(getMessage(resultEntry.locations));
             }
         });
         groupTypeResults.push(groupResultsObj);
     });
     return groupTypeResults;
-};
-const formattedCodeLine = resultEntry => {
-    let lineUri = resultEntry.locations[0]?.physicalLocation.artifactLocation.uri;
-    return lineUri + ' @ ' + setLineNumber(resultEntry);
-};
-const setLineNumber = resultEntry => {
-    return resultEntry.codeFlows?.[0]?.threadFlows[0]?.locations[0]?.location
-        ?.physicalLocation?.region?.startLine
-        ? resultEntry.codeFlows[0]?.threadFlows[0]?.locations[0]?.location
-            ?.physicalLocation?.region?.startLine
-        : resultEntry.locations[0]?.physicalLocation?.region?.startLine;
-};
-module.exports = {
-    sendScan: sendScan,
-    getGroups: getGroups,
-    allowedFileTypes: allowedFileTypes,
-    isFileAllowed: isFileAllowed,
-    stripMustacheTags: stripMustacheTags,
-    formatScanOutput: formatScanOutput
-};
+}
+exports.getGroups = getGroups;
+function getMessage(locations) {
+    const message = locations[0]?.physicalLocation?.artifactLocation?.uri || '';
+    const lineNumber = locations[0]?.physicalLocation?.region?.startLine || '';
+    if (!lineNumber) {
+        return '@' + message;
+    }
+    return '@' + message + ':' + lineNumber;
+}
+exports.getMessage = getMessage;
+function stripMustacheTags(oldString) {
+    return oldString
+        .replace(/\n/g, ' ')
+        .replace(/{{.*?}}/g, '\n')
+        .replace(/\$\$LINK_DELIM\$\$/g, '\n')
+        .replace(/\s+/g, ' ')
+        .trim();
+}
+exports.stripMustacheTags = stripMustacheTags;

package/dist/scan/scanConfig.js

@@ -3,9 +3,24 @@ const paramHandler = require('../utils/paramsUtil/paramHandler');
 const constants = require('../../src/constants.js');
 const parsedCLIOptions = require('../../src/utils/parsedCLIOptions');
 const path = require('path');
+const { supportedLanguages } = require('../audit/languageAnalysisEngine/constants');
+const i18n = require('i18n');
+const { scanUsageGuide } = require('./help');
 const getScanConfig = argv => {
     let scanParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.scanOptionDefinitions);
+    if (scanParams.help) {
+        printHelpMessage();
+        process.exit(0);
+    }
     const paramsAuth = paramHandler.getAuth(scanParams);
+    if (scanParams.language) {
+        scanParams.language = scanParams.language.toUpperCase();
+        if (!Object.values(supportedLanguages).includes(scanParams.language)) {
+            console.log(`Did not recognise --language ${scanParams.language}`);
+            console.log(i18n.__('constantsHowToRunDev3'));
+            process.exit(1);
+        }
+    }
     if (!scanParams.name && scanParams.file) {
         scanParams.name = getFileName(scanParams.file);
     }
@@ -14,7 +29,11 @@ const getScanConfig = argv => {
 const getFileName = file => {
     return file.split(path.sep).pop();
 };
+const printHelpMessage = () => {
+    console.log(scanUsageGuide);
+};
 module.exports = {
     getScanConfig,
-    getFileName
+    getFileName,
+    printHelpMessage
 };

package/dist/scan/scanController.js

@@ -6,6 +6,7 @@ const scan = require('./scan');
 const scanResults = require('./scanResults');
 const autoDetection = require('./autoDetection');
 const fileFunctions = require('./fileUtils');
+const { performance } = require('perf_hooks');
 const getTimeout = config => {
     if (config.timeout) {
         return config.timeout;
@@ -21,7 +22,7 @@ const fileAndLanguageLogic = async (configToUse) => {
     if (configToUse.file) {
         if (!fileFunctions.fileExists(configToUse.file)) {
             console.log(i18n.__('fileNotExist'));
-            process.exit(0);
+            process.exit(1);
         }
         return configToUse;
     }
@@ -32,17 +33,21 @@ const fileAndLanguageLogic = async (configToUse) => {
     }
 };
 const startScan = async (configToUse) => {
+    const startTime = performance.now();
     await fileAndLanguageLogic(configToUse);
     if (!configToUse.projectId) {
         configToUse.projectId = await populateProjectIdAndProjectName.populateProjectId(configToUse);
     }
     const codeArtifactId = await scan.sendScan(configToUse);
     if (!configToUse.ff) {
-        const startScanSpinner = returnOra('Contrast Scan started');
+        const startScanSpinner = returnOra('🚀 Contrast Scan started');
         startSpinner(startScanSpinner);
         const scanDetail = await scanResults.returnScanResults(configToUse, codeArtifactId, getTimeout(configToUse), startScanSpinner);
         const scanResultsInstances = await scanResults.returnScanResultsInstances(configToUse, scanDetail.id);
+        const endTime = performance.now();
+        const scanDurationMs = endTime - startTime;
         succeedSpinner(startScanSpinner, 'Contrast Scan complete');
+        console.log(`----- Scan completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
         const projectOverview = await scanResults.returnScanProjectById(configToUse);
         return { projectOverview, scanDetail, scanResultsInstances };
     }

package/dist/scan/scanResults.js

@@ -3,6 +3,7 @@ const commonApi = require('../utils/commonApi');
 const requestUtils = require('../../src/utils/requestUtils');
 const oraFunctions = require('../utils/oraWrapper');
 const _ = require('lodash');
+const i18n = require('i18n');
 const getScanId = async (config, codeArtifactId, client) => {
     return client
         .getScanId(config, codeArtifactId)
@@ -40,6 +41,11 @@ const returnScanResults = async (config, codeArtifactId, timeout, startScanSpinn
                 if (result.body.status === 'FAILED') {
                     complete = true;
                     oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan Failed.');
+                    console.log(result.body.errorMessage);
+                    if (result.body.errorMessage ===
+                        'Unable to determine language for code artifact') {
+                        console.log('Try scanning again using --language param. ', i18n.__('scanOptionsLanguageSummary'));
+                    }
                     process.exit(1);
                 }
             }

package/dist/utils/getConfig.js

@@ -10,6 +10,9 @@ const localConfig = (name, version) => {
         configName: name
     });
     config.set('version', version);
+    if (process.env.CONTRAST_CODSEC_DISABLE_UPDATE_MESSAGE) {
+        config.set('updateMessageHidden', JSON.parse(process.env.CONTRAST_CODSEC_DISABLE_UPDATE_MESSAGE.toLowerCase()));
+    }
     if (!config.has('host')) {
         config.set('host', 'https://ce.contrastsecurity.com/');
     }

package/dist/utils/paramsUtil/commandlineParams.js

@@ -1,5 +1,5 @@
 "use strict";
-const getAuth = parsedCLIOptions => {
+const getAuth = (parsedCLIOptions = {}) => {
     let params = {};
     params.apiKey = parsedCLIOptions['apiKey'];
     params.authorization = parsedCLIOptions['authorization'];

package/dist/utils/requestUtils.js

@@ -6,7 +6,7 @@ function sendRequest({ options, method = 'put' }) {
     return request[`${method}Async`](options.url, options);
 }
 const millisToSeconds = millis => {
-    return ((millis % 60000) / 1000).toFixed(0);
+    return (millis / 1000).toFixed(0);
 };
 const sleep = ms => {
     return new Promise(resolve => setTimeout(resolve, ms));

package/dist/utils/saveFile.js

@@ -0,0 +1,19 @@
+"use strict";
+const { SARIF_FILE } = require('../constants/constants');
+const commonApi = require('./commonApi');
+const saveResults = require('../scan/saveResults');
+const i18n = require('i18n');
+const saveScanFile = async (config, scanResults) => {
+    if (config.save === null || config.save.toUpperCase() === SARIF_FILE) {
+        const scanId = scanResults.scanDetail.id;
+        const client = commonApi.getHttpClient(config);
+        const rawResults = await client.getSpecificScanResultSarif(config, scanId);
+        await saveResults.writeResultsToFile(rawResults?.body);
+    }
+    else {
+        console.log(i18n.__('scanNoFiletypeSpecifiedForSave'));
+    }
+};
+module.exports = {
+    saveScanFile: saveScanFile
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.1",
+  "version": "1.0.4",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {
@@ -35,7 +35,7 @@
     "dev": "npx ts-node src/index.ts"
   },
   "engines": {
-    "node": ">=16.13.2 <17"
+    "node": ">=16"
   },
   "dependencies": {
     "@aws-sdk/client-iam": "^3.78.0",

package/src/audit/languageAnalysisEngine/{langugageAnalysisFactory.js → languageAnalysisFactory.js}

@@ -10,9 +10,11 @@ const pythonAE = require('../pythonAnalysisEngine')
 const phpAE = require('../phpAnalysisEngine')
 const goAE = require('../goAnalysisEngine')
 const { vulnerabilityReport } = require('./report/reportingFeature')
-const { vulnReportWithoutDevDep } = require('./report/newReportingFeature')
-const { checkDevDeps } = require('./report/checkIgnoreDevDep')
 const { newSendSnapShot } = require('../languageAnalysisEngine/sendSnapshot')
+const fs = require('fs')
+const chalk = require('chalk')
+const saveFile = require('../../commands/audit/saveFile').default
+const generateSbom = require('../../sbom/generateSbom').default
 
 module.exports = exports = (err, analysis) => {
   const { identifiedLanguageInfo } = analysis.languageAnalysis
@@ -46,19 +48,11 @@ module.exports = exports = (err, analysis) => {
     console.log('\n **************CONTRAST OSS ANALYSIS BEGINS**************')
     const snapshotResponse = await newSendSnapShot(analysis, catalogueAppId)
 
-    if (config.report) {
-      const ignoreDevUrl = await checkDevDeps(config)
-      if (ignoreDevUrl) {
-        await vulnReportWithoutDevDep(
-          analysis,
-          catalogueAppId,
-          snapshotResponse.id,
-          config
-        )
-      } else {
-        await vulnerabilityReport(analysis, catalogueAppId, config)
-      }
-    }
+    await vulnerabilityReport(analysis, catalogueAppId, snapshotResponse.id)
+
+    //should be moved to processAudit.ts once promises implemented
+    await auditSave(config)
+
     console.log(
       '\n ***************CONTRAST OSS ANALYSIS COMPLETE************** \n'
     )
@@ -92,3 +86,27 @@ module.exports = exports = (err, analysis) => {
     goAE(identifiedLanguageInfo, analysis.config, langCallback)
   }
 }
+
+async function auditSave(config) {
+  //should be moved to processAudit.ts once promises implemented
+  if (config.save) {
+    if (config.save.toLowerCase() === 'sbom') {
+      saveFile(config, await generateSbom(config))
+
+      const filename = `${config.applicationId}-sbom-cyclonedx.json`
+      if (fs.existsSync(filename)) {
+        console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`)
+      } else {
+        console.log(
+          chalk.yellow.bold(
+            `\n Unable to save ${filename} Software Bill of Materials (SBOM)`
+          )
+        )
+      }
+    } else {
+      console.log(i18n.__('auditBadFiletypeSpecifiedForSave'))
+    }
+  } else if (config.save === null) {
+    console.log(i18n.__('auditNoFiletypeSpecifiedForSave'))
+  }
+}

package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts

@@ -0,0 +1,127 @@
+import i18n from 'i18n'
+import { getHttpClient, handleResponseErrors } from '../../../utils/commonApi'
+import {
+  ReportCompositeKey,
+  ReportList,
+  ReportModelStructure
+} from './models/reportListModel'
+import { ReportSeverityModel } from './models/reportSeverityModel'
+import { orderBy } from 'lodash'
+import chalk from 'chalk'
+import { ReportLibraryModel } from './models/reportLibraryModel'
+import { findHighestSeverityCVE, findNameAndVersion } from './utils/reportUtils'
+import {
+  failSpinner,
+  returnOra,
+  startSpinner,
+  succeedSpinner
+} from '../../../utils/oraWrapper'
+
+export const createLibraryHeader = (
+  id: string,
+  numberOfVulnerableLibraries: number,
+  numberOfCves: number,
+  name: string
+) => {
+  name
+    ? console.log(`\n Application Name: ${name} | Application ID: ${id}`)
+    : console.log(` Application ID: ${id}`)
+
+  numberOfVulnerableLibraries === 1
+    ? console.log(
+        '\n **************************' +
+          ` Found 1 vulnerable library containing ${numberOfCves} CVE's` +
+          '************************** '
+      )
+    : console.log(
+        '\n **************************' +
+          ` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's ` +
+          '************************** '
+      )
+}
+
+export const getReport = async (config: any, reportId: string) => {
+  const client = getHttpClient(config)
+
+  const reportSpinner = returnOra(i18n.__('auditReportWaiting'))
+  reportSpinner.indent = 1
+  startSpinner(reportSpinner)
+  return client
+    .getReportById(config, reportId)
+    .then((res: { statusCode: number; body: any }) => {
+      if (res.statusCode === 200) {
+        succeedSpinner(reportSpinner, i18n.__('auditReportSuccessMessage'))
+        return res.body
+      } else {
+        failSpinner(reportSpinner, i18n.__('auditReportFail'))
+        console.log('config-------------------')
+        console.log(config)
+        console.log('reportId----------------')
+        console.log(reportId)
+        console.log(JSON.stringify(res))
+        handleResponseErrors(res, 'report')
+      }
+    })
+    .catch((err: any) => {
+      console.log(err)
+    })
+}
+
+export const printVulnerabilityResponse = (
+  vulnerabilities: ReportLibraryModel[],
+  config: any
+) => {
+  let hasSomeVulnerabilitiesReported = false
+  printFormattedOutput(vulnerabilities, config)
+  if (Object.keys(vulnerabilities).length > 0) {
+    hasSomeVulnerabilitiesReported = true
+  }
+  return hasSomeVulnerabilitiesReported
+}
+
+export const printFormattedOutput = (
+  libraries: ReportLibraryModel[],
+  config: any
+) => {
+  const report = new ReportList()
+
+  for (const library of libraries) {
+    const { name, version } = findNameAndVersion(library, config)
+
+    const newOutputModel = new ReportModelStructure(
+      new ReportCompositeKey(
+        name,
+        version,
+        findHighestSeverityCVE(library.cveArray) as ReportSeverityModel
+      ),
+      library.cveArray
+    )
+
+    report.reportOutputList.push(newOutputModel)
+  }
+
+  const orderedOutputList = orderBy(
+    report.reportOutputList,
+    reportListItem => reportListItem.compositeKey.highestSeverity.priority
+  )
+
+  for (const reportModel of orderedOutputList) {
+    const name = reportModel.compositeKey.libraryName
+    const version = reportModel.compositeKey.libraryVersion
+    const highestSeverity = reportModel.compositeKey.highestSeverity.severity
+
+    const numOfCVEs = reportModel.cveArray.length
+
+    const cveNames: string[] = []
+
+    reportModel.cveArray.forEach(cve => cveNames.push(cve.name as string))
+
+    const boldHeader = chalk.bold(`${highestSeverity} | Vulnerable Library`)
+    const cvePluralised = numOfCVEs > 1 ? 'CVEs' : 'CVE'
+    console.log(
+      `\n ${boldHeader} ${name} (${version}) has ${numOfCVEs} known ${cvePluralised}`
+    )
+    console.log(` ${cveNames.join(', ')}`)
+    console.log(chalk.bold(' How to fix: Update to latest version'))
+  }
+}

package/src/audit/languageAnalysisEngine/report/models/reportLibraryModel.ts

@@ -0,0 +1,30 @@
+export class ReportLibraryModel {
+  name: string
+  cveArray: ReportCVEModel[]
+
+  constructor (name: string, cveArray: ReportCVEModel[]){
+    this.name = name
+    this.cveArray = cveArray
+  }
+}
+
+export class ReportCVEModel {
+  name?: string
+  description?: string
+  authentication?: string
+  references?: []
+  severityCode?: string
+  cvss3SeverityCode?: string
+
+  constructor (
+    name: string,
+    description: string,
+    severityCode: string,
+    cvss3SeverityCode: string
+  ){
+    this.name = name
+    this.description = description
+    this.severityCode = severityCode
+    this.cvss3SeverityCode = cvss3SeverityCode
+  }
+}

package/src/audit/languageAnalysisEngine/report/models/reportListModel.ts

@@ -0,0 +1,32 @@
+import {ReportSeverityModel} from "./reportSeverityModel";
+import {ReportCVEModel} from "./reportLibraryModel";
+
+export class ReportList {
+  reportOutputList: ReportModelStructure[]
+
+  constructor (){
+    this.reportOutputList = []
+  }
+}
+
+export class ReportModelStructure {
+  compositeKey: ReportCompositeKey;
+  cveArray: ReportCVEModel[];
+
+  constructor (compositeKey: ReportCompositeKey, cveArray: ReportCVEModel[]){
+    this.compositeKey = compositeKey
+    this.cveArray = cveArray
+  }
+}
+
+export class ReportCompositeKey {
+  libraryName!: string;
+  libraryVersion!: string;
+  highestSeverity!: ReportSeverityModel;
+
+  constructor (libraryName: string, libraryVersion: string, highestSeverity: ReportSeverityModel){
+    this.libraryName = libraryName
+    this.libraryVersion = libraryVersion
+    this.highestSeverity = highestSeverity
+  }
+}

package/src/audit/languageAnalysisEngine/report/models/reportSeverityModel.ts

@@ -0,0 +1,9 @@
+export class ReportSeverityModel {
+  severity!: string
+  priority!: number
+
+  constructor(severity: string, priority: number) {
+    this.severity = severity
+    this.priority = priority
+  }
+}