@contrast/contrast 1.0.1 → 1.0.4

package/src/scan/populateProjectIdAndProjectName.js

@@ -23,6 +23,7 @@ const createProjectId = async (config, client) => {
       }
       if (res.statusCode === 403) {
         console.log(i18n.__('permissionsError'))
+        process.exit(1)
         return
       }
 

package/src/scan/saveResults.js

@@ -1,15 +1,14 @@
 const fs = require('fs')
 
-const writeResultsToFile = (responseBody, name = 'results.sarif') => {
-  fs.writeFile(name, JSON.stringify(responseBody, null, 2), err => {
-    if (err) {
-      console.log('Error writing Scan Results to file')
-    } else {
-      console.log(`Scan Results saved to ${name}`)
-    }
-  })
+const writeResultsToFile = async (responseBody, name = 'results.sarif') => {
+  try {
+    fs.writeFileSync(name, JSON.stringify(responseBody, null, 2))
+    console.log(`Scan Results saved to ${name}`)
+  } catch (err) {
+    console.log('Error writing Scan Results to file')
+  }
 }
 
 module.exports = {
-  writeResultsToFile
+  writeResultsToFile: writeResultsToFile
 }

package/src/scan/scan.ts

@@ -0,0 +1,192 @@
+import commonApi from '../utils/commonApi.js'
+import fileUtils from '../scan/fileUtils'
+import i18n from 'i18n'
+import oraWrapper from '../utils/oraWrapper'
+import chalk from 'chalk'
+import { ProjectOverview, ScanResultsModel } from './models/scanResultsModel'
+import { Location, ResultContent } from './models/resultContentModel'
+import { GroupedResultsModel } from './models/groupedResultsModel'
+
+export const allowedFileTypes = ['.jar', '.war', '.js', '.zip', '.exe']
+
+export const isFileAllowed = (scanOption: string) => {
+  let valid = false
+  allowedFileTypes.forEach(fileType => {
+    if (scanOption.endsWith(fileType)) {
+      valid = true
+    }
+  })
+  return valid
+}
+
+export const sendScan = async (config: any) => {
+  if (!isFileAllowed(config.file)) {
+    console.log(i18n.__('scanErrorFileMessage'))
+    process.exit(9)
+  } else {
+    fileUtils.checkFilePermissions(config.file)
+    const client = commonApi.getHttpClient(config)
+
+    const startUploadSpinner = oraWrapper.returnOra(i18n.__('uploadingScan'))
+    oraWrapper.startSpinner(startUploadSpinner)
+
+    return await client
+      .sendArtifact(config)
+      .then(res => {
+        if (res.statusCode === 201) {
+          oraWrapper.succeedSpinner(
+            startUploadSpinner,
+            i18n.__('uploadingScanSuccessful')
+          )
+          if (config.verbose) {
+            console.log(i18n.__('responseMessage', res.body))
+          }
+          return res.body.id
+        } else {
+          if (config.debug) {
+            console.log(res.statusCode)
+            console.log(config)
+          }
+          oraWrapper.failSpinner(
+            startUploadSpinner,
+            i18n.__('uploadingScanFail')
+          )
+          if (res.statusCode === 403) {
+            console.log(i18n.__('permissionsError'))
+            process.exit(1)
+          }
+          console.log(i18n.__('genericServiceError', res.statusCode))
+          process.exit(1)
+        }
+      })
+      .catch(err => {
+        console.log(err)
+      })
+  }
+}
+
+export function formatScanOutput(scanResults: ScanResultsModel) {
+  const { projectOverview, scanResultsInstances } = scanResults
+
+  if (scanResultsInstances.content.length === 0) {
+    console.log(i18n.__('scanNoVulnerabilitiesFound'))
+  } else {
+    const message =
+      projectOverview.critical || projectOverview.high
+        ? 'Here are your top priorities to fix'
+        : "No major issues, here's what we found"
+    console.log(chalk.bold(message))
+    console.log()
+
+    const groups = getGroups(scanResultsInstances.content)
+
+    groups.forEach(entry => {
+      console.log(
+        chalk.bold(
+          `[ ${entry.severity} ] | ${entry.ruleId} (${entry.lineInfoSet.size}) - ` +
+            `${entry.message}`
+        )
+      )
+
+      let count = 1
+      entry.lineInfoSet.forEach(lineInfo => {
+        console.log(`\t ${count}. ${lineInfo}`)
+        count++
+      })
+
+      if (entry?.issue) {
+        console.log(chalk.bold('Issue' + ': ') + entry.issue)
+      }
+
+      if (entry?.advice) {
+        console.log(chalk.bold('Advice' + ': ') + entry.advice)
+      }
+
+      if (entry?.learn && entry?.learn.length > 0) {
+        formatLinks('Learn', entry.learn)
+      }
+      console.log()
+    })
+
+    printVulnInfo(projectOverview)
+  }
+}
+
+function printVulnInfo(projectOverview: ProjectOverview) {
+  const totalVulnerabilities = getTotalVulns(projectOverview)
+
+  const vulMessage =
+    totalVulnerabilities === 1 ? `vulnerability` : `vulnerabilities`
+  console.log(chalk.bold(`Found ${totalVulnerabilities} ${vulMessage}`))
+  console.log(
+    i18n.__(
+      'foundDetailedVulnerabilities',
+      String(projectOverview.critical),
+      String(projectOverview.high),
+      String(projectOverview.medium),
+      String(projectOverview.low),
+      String(projectOverview.note)
+    )
+  )
+}
+
+function getTotalVulns(projectOverview: ProjectOverview) {
+  return (
+    projectOverview.critical +
+    projectOverview.high +
+    projectOverview.medium +
+    projectOverview.low +
+    projectOverview.note
+  )
+}
+
+export function formatLinks(objName: string, entry: any[]) {
+  console.log(chalk.bold(objName + ':'))
+  entry.forEach(link => {
+    console.log(link)
+  })
+}
+
+export function getGroups(content: ResultContent[]) {
+  const groupTypeSet = new Set(content.map(({ ruleId }) => ruleId))
+  const groupTypeResults = [] as GroupedResultsModel[]
+
+  groupTypeSet.forEach(groupName => {
+    const groupResultsObj = new GroupedResultsModel(groupName)
+
+    content.forEach(resultEntry => {
+      if (resultEntry.ruleId === groupName) {
+        groupResultsObj.severity = resultEntry.severity
+        groupResultsObj.issue = stripMustacheTags(resultEntry.issue)
+        groupResultsObj.advice = resultEntry.advice
+        groupResultsObj.learn = resultEntry.learn
+        groupResultsObj.message = resultEntry.message?.text
+
+        groupResultsObj.lineInfoSet.add(getMessage(resultEntry.locations))
+      }
+    })
+    groupTypeResults.push(groupResultsObj)
+  })
+
+  return groupTypeResults
+}
+
+export function getMessage(locations: Location[]) {
+  const message = locations[0]?.physicalLocation?.artifactLocation?.uri || ''
+  const lineNumber = locations[0]?.physicalLocation?.region?.startLine || ''
+
+  if (!lineNumber) {
+    return '@' + message
+  }
+
+  return '@' + message + ':' + lineNumber
+}
+
+export function stripMustacheTags(oldString: string) {
+  return oldString
+    .replace(/\n/g, ' ')
+    .replace(/{{.*?}}/g, '\n')
+    .replace(/\$\$LINK_DELIM\$\$/g, '\n')
+    .replace(/\s+/g, ' ')
+    .trim()
+}

package/src/scan/scanConfig.js

@@ -2,14 +2,34 @@ const paramHandler = require('../utils/paramsUtil/paramHandler')
 const constants = require('../../src/constants.js')
 const parsedCLIOptions = require('../../src/utils/parsedCLIOptions')
 const path = require('path')
+const {
+  supportedLanguages
+} = require('../audit/languageAnalysisEngine/constants')
+const i18n = require('i18n')
+const { scanUsageGuide } = require('./help')
 
 const getScanConfig = argv => {
   let scanParams = parsedCLIOptions.getCommandLineArgsCustom(
     argv,
     constants.commandLineDefinitions.scanOptionDefinitions
   )
+
+  if (scanParams.help) {
+    printHelpMessage()
+    process.exit(0)
+  }
+
   const paramsAuth = paramHandler.getAuth(scanParams)
 
+  if (scanParams.language) {
+    scanParams.language = scanParams.language.toUpperCase()
+    if (!Object.values(supportedLanguages).includes(scanParams.language)) {
+      console.log(`Did not recognise --language ${scanParams.language}`)
+      console.log(i18n.__('constantsHowToRunDev3'))
+      process.exit(1)
+    }
+  }
+
   // if no name, take the full file path and use it as the project name
   if (!scanParams.name && scanParams.file) {
     scanParams.name = getFileName(scanParams.file)
@@ -23,7 +43,12 @@ const getFileName = file => {
   return file.split(path.sep).pop()
 }
 
+const printHelpMessage = () => {
+  console.log(scanUsageGuide)
+}
+
 module.exports = {
   getScanConfig,
-  getFileName
+  getFileName,
+  printHelpMessage
 }

package/src/scan/scanController.js

@@ -9,6 +9,7 @@ const scan = require('./scan')
 const scanResults = require('./scanResults')
 const autoDetection = require('./autoDetection')
 const fileFunctions = require('./fileUtils')
+const { performance } = require('perf_hooks')
 
 const getTimeout = config => {
   if (config.timeout) {
@@ -25,7 +26,7 @@ const fileAndLanguageLogic = async configToUse => {
   if (configToUse.file) {
     if (!fileFunctions.fileExists(configToUse.file)) {
       console.log(i18n.__('fileNotExist'))
-      process.exit(0)
+      process.exit(1)
     }
     return configToUse
   } else {
@@ -36,6 +37,7 @@ const fileAndLanguageLogic = async configToUse => {
 }
 
 const startScan = async configToUse => {
+  const startTime = performance.now()
   await fileAndLanguageLogic(configToUse)
 
   if (!configToUse.projectId) {
@@ -46,7 +48,7 @@ const startScan = async configToUse => {
   const codeArtifactId = await scan.sendScan(configToUse)
 
   if (!configToUse.ff) {
-    const startScanSpinner = returnOra('Contrast Scan started')
+    const startScanSpinner = returnOra('🚀 Contrast Scan started')
     startSpinner(startScanSpinner)
     const scanDetail = await scanResults.returnScanResults(
       configToUse,
@@ -54,11 +56,18 @@ const startScan = async configToUse => {
       getTimeout(configToUse),
       startScanSpinner
     )
+
     const scanResultsInstances = await scanResults.returnScanResultsInstances(
       configToUse,
       scanDetail.id
     )
+
+    const endTime = performance.now()
+    const scanDurationMs = endTime - startTime
     succeedSpinner(startScanSpinner, 'Contrast Scan complete')
+    console.log(
+      `----- Scan completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
+    )
     const projectOverview = await scanResults.returnScanProjectById(configToUse)
     return { projectOverview, scanDetail, scanResultsInstances }
   }

package/src/scan/scanResults.js

@@ -2,6 +2,7 @@ const commonApi = require('../utils/commonApi')
 const requestUtils = require('../../src/utils/requestUtils')
 const oraFunctions = require('../utils/oraWrapper')
 const _ = require('lodash')
+const i18n = require('i18n')
 
 const getScanId = async (config, codeArtifactId, client) => {
   return client
@@ -47,6 +48,16 @@ const returnScanResults = async (
         if (result.body.status === 'FAILED') {
           complete = true
           oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan Failed.')
+          console.log(result.body.errorMessage)
+          if (
+            result.body.errorMessage ===
+            'Unable to determine language for code artifact'
+          ) {
+            console.log(
+              'Try scanning again using --language param. ',
+              i18n.__('scanOptionsLanguageSummary')
+            )
+          }
           process.exit(1)
         }
       }

package/src/utils/getConfig.ts

@@ -6,6 +6,8 @@ type ContrastConfOptions = Partial<{
   apiKey: string
   orgId: string
   authHeader: string
+  numOfRuns: number
+  updateMessageHidden: boolean
 }>
 
 type ContrastConf = Conf<ContrastConfOptions>
@@ -15,6 +17,16 @@ const localConfig = (name: string, version: string) => {
     configName: name
   })
   config.set('version', version)
+
+  if (process.env.CONTRAST_CODSEC_DISABLE_UPDATE_MESSAGE) {
+    config.set(
+      'updateMessageHidden',
+      JSON.parse(
+        process.env.CONTRAST_CODSEC_DISABLE_UPDATE_MESSAGE.toLowerCase()
+      )
+    )
+  }
+
   if (!config.has('host')) {
     config.set('host', 'https://ce.contrastsecurity.com/')
   }

package/src/utils/paramsUtil/commandlineParams.js

@@ -1,4 +1,4 @@
-const getAuth = parsedCLIOptions => {
+const getAuth = (parsedCLIOptions = {}) => {
   let params = {}
   params.apiKey = parsedCLIOptions['apiKey']
   params.authorization = parsedCLIOptions['authorization']

package/src/utils/requestUtils.js

@@ -8,7 +8,7 @@ function sendRequest({ options, method = 'put' }) {
 }
 
 const millisToSeconds = millis => {
-  return ((millis % 60000) / 1000).toFixed(0)
+  return (millis / 1000).toFixed(0)
 }
 
 const sleep = ms => {

package/src/utils/saveFile.js

@@ -0,0 +1,19 @@
+const { SARIF_FILE } = require('../constants/constants')
+const commonApi = require('./commonApi')
+const saveResults = require('../scan/saveResults')
+const i18n = require('i18n')
+
+const saveScanFile = async (config, scanResults) => {
+  if (config.save === null || config.save.toUpperCase() === SARIF_FILE) {
+    const scanId = scanResults.scanDetail.id
+    const client = commonApi.getHttpClient(config)
+    const rawResults = await client.getSpecificScanResultSarif(config, scanId)
+    await saveResults.writeResultsToFile(rawResults?.body)
+  } else {
+    console.log(i18n.__('scanNoFiletypeSpecifiedForSave'))
+  }
+}
+
+module.exports = {
+  saveScanFile: saveScanFile
+}

package/dist/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js

@@ -1,17 +0,0 @@
-"use strict";
-const { getGlobalProperties, getFeatures, isFeatureEnabled } = require('../util/generalAPI');
-const { CLI_IGNORE_DEV_DEPS } = require('../util/capabilities');
-const checkDevDeps = async (config) => {
-    const shouldIgnoreDev = config.ignoreDev;
-    const globalProperties = await getGlobalProperties();
-    const features = getFeatures(globalProperties.internal_version);
-    const isfeatureEnabled = isFeatureEnabled(features, CLI_IGNORE_DEV_DEPS);
-    let ignoreDevUrl = false;
-    if (shouldIgnoreDev) {
-        ignoreDevUrl = isfeatureEnabled;
-    }
-    return ignoreDevUrl;
-};
-module.exports = {
-    checkDevDeps
-};

package/dist/audit/languageAnalysisEngine/report/newReportingFeature.js

@@ -1,81 +0,0 @@
-"use strict";
-const commonReport = require('./commonReportingFunctions');
-const { handleResponseErrors } = require('../commonApi');
-const { getHttpClient } = require('../../../utils/commonApi');
-const vulnReportWithoutDevDep = async (analysis, applicationId, snapshotId, config) => {
-    if (config.report) {
-        const reportResponse = await getSpecReport(snapshotId, config);
-        if (reportResponse !== undefined) {
-            const severity = config.cveSeverity;
-            const id = applicationId;
-            const name = config.applicationName;
-            const hasSomeVulnerabilitiesReported = formatVulnerabilityOutput(reportResponse.vulnerabilities, severity, id, name, config);
-            commonReport.analyseReportOptions(hasSomeVulnerabilitiesReported);
-        }
-    }
-};
-const getSpecReport = async (reportId, config) => {
-    const client = getHttpClient(config);
-    return client
-        .getSpecificReport(config, reportId)
-        .then(res => {
-        if (res.statusCode === 200) {
-            commonReport.displaySuccessMessageReport();
-            return res.body;
-        }
-        else {
-            handleResponseErrors(res, 'report');
-        }
-    })
-        .catch(err => {
-        console.log(err);
-    });
-};
-const countSeverity = vulnerabilities => {
-    const severityCount = {
-        critical: 0,
-        high: 0,
-        medium: 0,
-        low: 0
-    };
-    for (const key of Object.keys(vulnerabilities)) {
-        vulnerabilities[key].forEach(vuln => {
-            if (vuln.severityCode === 'HIGH') {
-                severityCount['high'] += 1;
-            }
-            else if (vuln.severityCode === 'MEDIUM') {
-                severityCount['medium'] += 1;
-            }
-            else if (vuln.severityCode === 'LOW') {
-                severityCount['low'] += 1;
-            }
-            else if (vuln.severityCode === 'CRITICAL') {
-                severityCount['critical'] += 1;
-            }
-        });
-    }
-    return severityCount;
-};
-const formatVulnerabilityOutput = (vulnerabilities, severity, id, name, config) => {
-    const numberOfVulnerableLibraries = Object.keys(vulnerabilities).length;
-    let numberOfCves = 0;
-    for (const key of Object.keys(vulnerabilities)) {
-        numberOfCves += vulnerabilities[key].length;
-    }
-    commonReport.createLibraryHeader(id, numberOfVulnerableLibraries, numberOfCves, name);
-    const severityCount = countSeverity(vulnerabilities);
-    const filteredVulns = commonReport.filterVulnerabilitiesBySeverity(severity, vulnerabilities);
-    let hasSomeVulnerabilitiesReported;
-    hasSomeVulnerabilitiesReported = commonReport.printVulnerabilityResponse(severity, filteredVulns, vulnerabilities);
-    console.log('\n **************************' +
-        ` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's ` +
-        '************************** ');
-    console.log(' \n Please go to the Contrast UI to view your dependency tree: \n' +
-        ` \n ${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
-    return [hasSomeVulnerabilitiesReported, numberOfCves, severityCount];
-};
-module.exports = {
-    vulnReportWithoutDevDep: vulnReportWithoutDevDep,
-    formatVulnerabilityOutput: formatVulnerabilityOutput,
-    getSpecReport: getSpecReport
-};

package/dist/common/findLatestCLIVersion.js

@@ -1,23 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const latest_version_1 = __importDefault(require("latest-version"));
-const constants_1 = require("../constants/constants");
-const boxen_1 = __importDefault(require("boxen"));
-const chalk_1 = __importDefault(require("chalk"));
-const semver_1 = __importDefault(require("semver"));
-async function findLatestCLIVersion() {
-    const latestCLIVersion = await (0, latest_version_1.default)('@contrast/contrast');
-    if (semver_1.default.lt(constants_1.APP_VERSION, latestCLIVersion)) {
-        const updateAvailableMessage = `Update available ${chalk_1.default.yellow(constants_1.APP_VERSION)} → ${chalk_1.default.green(latestCLIVersion)}`;
-        const updateAvailableCommand = `Run ${chalk_1.default.cyan('npm i @contrast/contrast')} to update`;
-        console.log((0, boxen_1.default)(`${updateAvailableMessage}\n${updateAvailableCommand}`, {
-            margin: 1,
-            padding: 1,
-            align: 'center'
-        }));
-    }
-}
-exports.default = findLatestCLIVersion;

package/dist/lambda/scanDetail.js

@@ -1,30 +0,0 @@
-'use strict'
-Object.defineProperty(exports, '__esModule', { value: true })
-exports.pollScanDetail = void 0
-const requestUtils_1 = require('../utils/requestUtils')
-const pollScanDetail = async (
-  config,
-  params,
-  scanId,
-  httpClient,
-  pollCount,
-  showProgress = false
-) => {
-  await (0, requestUtils_1.sleep)(5000)
-  return httpClient.getFunctionScan(config, params, scanId).then(res => {
-    const { resultsCount = 0 } = res?.body?.data?.scan || {}
-    if (showProgress) {
-      process.stdout.write(
-        `\rScanning (${resultsCount} results found so far)${'.'.repeat(
-          pollCount
-        )}`
-      )
-    }
-    if (res.statusCode === 200) {
-      return res
-    } else {
-      throw Error(`Failed to get scan detail: ${res.statusCode} ${res.body}`)
-    }
-  })
-}
-exports.pollScanDetail = pollScanDetail

package/dist/scan/fileFinder.js

@@ -1,15 +0,0 @@
-'use strict'
-const fg = require('fast-glob')
-const i18n = require('i18n')
-const findFile = async () => {
-  console.log(i18n.__('searchingScanFileDirectory', process.cwd()))
-  const entries = fg(['**/*.jar', '**/*.war', '**/*.zip', '**/*.dll'], {
-    dot: false,
-    deep: 3,
-    onlyFiles: true
-  })
-  return entries
-}
-module.exports = {
-  findFile
-}

package/dist/utils/fileUtils.js

@@ -1,31 +0,0 @@
-"use strict";
-const fg = require('fast-glob');
-const fs = require('fs');
-const i18n = require('i18n');
-const findFile = async () => {
-    console.log(i18n.__('searchingScanFileDirectory', process.cwd()));
-    return fg(['**/*.jar', '**/*.war', '**/*.zip', '**/*.dll'], {
-        dot: false,
-        deep: 3,
-        onlyFiles: true
-    });
-};
-const checkFilePermissions = file => {
-    let readableFile = false;
-    try {
-        fs.accessSync(file, fs.constants.R_OK);
-        return (readableFile = true);
-    }
-    catch (err) {
-        console.log('Invalid permissions found on ', file);
-        process.exit(0);
-    }
-};
-const fileExists = path => {
-    return fs.existsSync(path);
-};
-module.exports = {
-    findFile,
-    fileExists,
-    checkFilePermissions
-};

package/dist/utils/paramsUtil/genericCommandLineParams.js

@@ -1,12 +0,0 @@
-"use strict";
-const cliOptions = require('../parsedCLIOptions');
-const getGenericCommandLineParams = () => {
-    return cliOptions.getCommandLineArgsGeneric();
-};
-const getSpecificCommandLineParams = (parameterList, optionDefinition) => {
-    return cliOptions.getCommandLineArgsCustom(parameterList, optionDefinition);
-};
-module.exports = {
-    getSpecificCommandLineParams,
-    getGenericCommandLineParams
-};

package/dist/utils/paramsUtil/yamlParams.js

@@ -1,6 +0,0 @@
-'use strict'
-const fs = require('fs')
-const yaml = require('js-yaml')
-const getAuth = yamlPath => {
-  const yamlParams = yaml.load(fs.readFileSync(yamlPath, 'utf8'))
-}

package/src/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js

@@ -1,27 +0,0 @@
-const {
-  getGlobalProperties,
-  getFeatures,
-  isFeatureEnabled
-} = require('../util/generalAPI')
-const { CLI_IGNORE_DEV_DEPS } = require('../util/capabilities')
-
-const checkDevDeps = async config => {
-  const shouldIgnoreDev = config.ignoreDev
-  const globalProperties = await getGlobalProperties()
-
-  // returns [ 'CLI_IGNORE_DEV_DEPS' ] if teamserver version is above 3.8.1
-  const features = getFeatures(globalProperties.internal_version)
-
-  // providing user is on version >= 3.8.1, isfeatureEnabled will always return true,
-  // therefore shouldIgnoreDev flag (from params) is needed to disable ignore dev deps
-  const isfeatureEnabled = isFeatureEnabled(features, CLI_IGNORE_DEV_DEPS)
-  let ignoreDevUrl = false
-  if (shouldIgnoreDev) {
-    ignoreDevUrl = isfeatureEnabled
-  }
-  return ignoreDevUrl
-}
-
-module.exports = {
-  checkDevDeps
-}