@contrast/contrast 1.0.10 → 1.0.11

package/src/constants.js

@@ -1,6 +1,7 @@
 const commandLineUsage = require('command-line-usage')
 const i18n = require('i18n')
 const { en_locales } = require('./constants/locales.js')
+const { parseSeverity } = require('./common/fail')
 
 i18n.configure({
   staticCatalog: {
@@ -106,6 +107,24 @@ const scanOptionDefinitions = [
       '}: ' +
       i18n.__('constantsProxyServer')
   },
+  {
+    name: 'fail',
+    type: Boolean,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('failOptionErrorMessage')
+  },
+  {
+    name: 'severity',
+    type: severity => parseSeverity(severity),
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsSeverity')
+  },
   {
     name: 'ff',
     type: Boolean,
@@ -220,6 +239,24 @@ const auditOptionDefinitions = [
       '}: ' +
       i18n.__('constantsFilePath')
   },
+  {
+    name: 'fail',
+    type: Boolean,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('failOptionErrorMessage')
+  },
+  {
+    name: 'severity',
+    type: severity => parseSeverity(severity),
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsSeverity')
+  },
   {
     name: 'app-groups',
     description:
@@ -257,6 +294,7 @@ const auditOptionDefinitions = [
   {
     name: 'ignore-dev',
     type: Boolean,
+    alias: 'i',
     description:
       '{bold ' +
       i18n.__('constantsOptional') +
@@ -293,7 +331,6 @@ const auditOptionDefinitions = [
   },
   {
     name: 'host',
-    alias: 'h',
     description:
       '{bold ' +
       i18n.__('constantsRequired') +
@@ -341,6 +378,11 @@ const auditOptionDefinitions = [
       i18n.__('constantsOptional') +
       '}: ' +
       i18n.__('scanOptionsTimeoutSummary')
+  },
+  {
+    name: 'help',
+    alias: 'h',
+    type: Boolean
   }
 ]
 

package/src/index.ts

@@ -14,6 +14,7 @@ import {
   isCorrectNodeVersion
 } from './common/versionChecker'
 import { findCommandOnError } from './common/errorHandling'
+import { sendTelemetryConfigAsConfObj } from './telemetry/telemetry'
 
 const {
   commandLineDefinitions: { mainUsageGuide, mainDefinition }
@@ -75,11 +76,11 @@ const start = async () => {
       }
 
       if (command === 'scan') {
-        return await processScan(argvMain)
+        return await processScan(config, argvMain)
       }
 
       if (command === 'audit') {
-        return await processAudit(argvMain)
+        return await processAudit(config, argvMain)
       }
 
       if (
@@ -98,10 +99,24 @@ const start = async () => {
           : console.log(
               `Unknown Command: ${command} \nUse --help for the full list`
             )
+        await sendTelemetryConfigAsConfObj(
+          config,
+          command,
+          argvMain,
+          'FAILURE',
+          'undefined'
+        )
       } else {
         console.log(
           `Unknown Command: ${command} \nUse --help for the full list`
         )
+        await sendTelemetryConfigAsConfObj(
+          config,
+          command,
+          argvMain,
+          'FAILURE',
+          'undefined'
+        )
       }
       process.exit(9)
     } else {

package/src/scaAnalysis/common/scaParserForGoAndJava.js

@@ -0,0 +1,41 @@
+const parseDependenciesForSCAServices = dependencyTreeObject => {
+  let parsedDependencyTree = {}
+  let subDeps
+
+  for (let tree in dependencyTreeObject) {
+    let unParsedDependencyTree = dependencyTreeObject[tree]
+    for (let dependency in unParsedDependencyTree) {
+      subDeps = parseSubDependencies(unParsedDependencyTree[dependency].edges)
+
+      let parsedDependency = {
+        name: unParsedDependencyTree[dependency].artifactID,
+        group: unParsedDependencyTree[dependency].group,
+        version: unParsedDependencyTree[dependency].version,
+        directDependency: unParsedDependencyTree[dependency].type === 'direct',
+        isProduction: true,
+        dependencies: subDeps
+      }
+      parsedDependencyTree[dependency] = parsedDependency
+    }
+  }
+  return parsedDependencyTree
+}
+
+const parseSubDependencies = dependencies => {
+  // converting:
+  // dependencies: {
+  //   'gopkg.in/check.v1@v0.0.0-2': 'gopkg.in/check.v1@v0.0.0-2'
+  // }
+  // to:
+  // dependencies: [ 'gopkg.in/check.v1@v0.0.0-2' ]
+  let subDeps = []
+  for (let x in dependencies) {
+    subDeps.push(dependencies[x])
+  }
+  return subDeps
+}
+
+module.exports = {
+  parseDependenciesForSCAServices,
+  parseSubDependencies
+}

package/src/scaAnalysis/common/treeUpload.js

@@ -2,12 +2,14 @@ const commonApi = require('../../utils/commonApi')
 const { APP_VERSION } = require('../../constants/constants')
 
 const commonSendSnapShot = async (analysis, config) => {
-  const requestBody = {
-    appID: config.applicationId,
-    cliVersion: APP_VERSION,
-    snapshot: analysis
-  }
-
+  let requestBody = {}
+  config.experimental === true
+    ? (requestBody = sendToSCAServices(config, analysis))
+    : (requestBody = {
+        appID: config.applicationId,
+        cliVersion: APP_VERSION,
+        snapshot: analysis
+      })
   const client = commonApi.getHttpClient(config)
   return client
     .sendSnapshot(requestBody, config)
@@ -23,6 +25,19 @@ const commonSendSnapShot = async (analysis, config) => {
     })
 }
 
+const sendToSCAServices = (config, analysis) => {
+  return {
+    applicationId: config.applicationId,
+    dependencyTree: analysis,
+    organizationId: config.organizationId,
+    language: config.language,
+    tool: {
+      name: 'Contrast Codesec',
+      version: APP_VERSION
+    }
+  }
+}
+
 module.exports = {
   commonSendSnapShot
 }

package/src/scaAnalysis/dotnet/analysis.js

@@ -40,9 +40,26 @@ const readAndParseLockFile = lockFilePath => {
   return lockFile
 }
 
+const checkForCorrectFiles = languageFiles => {
+  if (!languageFiles.includes('packages.lock.json')) {
+    throw new Error(i18n.__('languageAnalysisHasNoLockFile', '.NET'))
+  }
+
+  if (!languageFiles.some(i => i.includes('.csproj'))) {
+    throw new Error(i18n.__('languageAnalysisProjectFileError', '.NET'))
+  }
+}
+
 const getDotNetDeps = (filePath, languageFiles) => {
-  const projectFile = readAndParseProjectFile(filePath + `/${languageFiles[0]}`)
-  const lockFile = readAndParseLockFile(filePath + `/${languageFiles[1]}`)
+  checkForCorrectFiles(languageFiles)
+  const projectFileName = languageFiles.find(fileName =>
+    fileName.includes('.csproj')
+  )
+  const lockFileName = languageFiles.find(fileName =>
+    fileName.includes('.json')
+  )
+  const projectFile = readAndParseProjectFile(filePath + `/${projectFileName}`)
+  const lockFile = readAndParseLockFile(filePath + `/${lockFileName}`)
 
   return { projectFile, lockFile }
 }
@@ -50,5 +67,6 @@ const getDotNetDeps = (filePath, languageFiles) => {
 module.exports = {
   getDotNetDeps,
   readAndParseProjectFile,
-  readAndParseLockFile
+  readAndParseLockFile,
+  checkForCorrectFiles
 }

package/src/scaAnalysis/go/goAnalysis.js

@@ -1,14 +1,21 @@
 const { createGoTSMessage } = require('../common/formatMessage')
+const {
+  parseDependenciesForSCAServices
+} = require('../common/scaParserForGoAndJava')
 const goReadDepFile = require('./goReadDepFile')
 const goParseDeps = require('./goParseDeps')
 
-const goAnalysis = (config, languageFiles) => {
+const goAnalysis = config => {
   try {
     const rawGoDependencies = goReadDepFile.getGoDependencies(config)
     const parsedGoDependencies =
       goParseDeps.parseGoDependencies(rawGoDependencies)
 
-    return createGoTSMessage(parsedGoDependencies)
+    if (config.experimental) {
+      return parseDependenciesForSCAServices(parsedGoDependencies)
+    } else {
+      return createGoTSMessage(parsedGoDependencies)
+    }
   } catch (e) {
     console.log(e.message.toString())
   }

package/src/scaAnalysis/java/analysis.js

@@ -6,9 +6,13 @@ const fs = require('fs')
 const MAVEN = 'maven'
 const GRADLE = 'gradle'
 
-const determineProjectTypeAndCwd = (files, file) => {
+const determineProjectTypeAndCwd = (files, config) => {
   const projectData = {}
 
+  if (files.length > 1) {
+    files = files.filter(i => config.fileName.includes(i))
+  }
+
   if (files[0].includes('pom.xml')) {
     projectData.projectType = MAVEN
   } else if (files[0].includes('build.gradle')) {
@@ -16,9 +20,9 @@ const determineProjectTypeAndCwd = (files, file) => {
   }
 
   //clean up the path to be a folder not a file
-  projectData.cwd = file
-    ? file.replace('pom.xml', '').replace('build.gradle', '')
-    : file
+  projectData.cwd = config.file
+    ? config.file.replace('pom.xml', '').replace('build.gradle', '')
+    : config.file
 
   return projectData
 }
@@ -124,7 +128,7 @@ const getJavaBuildDeps = (config, files) => {
   }
 
   try {
-    const projectData = determineProjectTypeAndCwd(files, config.file)
+    const projectData = determineProjectTypeAndCwd(files, config)
     if (projectData.projectType === MAVEN) {
       output.mvnDependancyTreeOutput = buildMaven(config, projectData, timeout)
     } else if (projectData.projectType === GRADLE) {
@@ -138,5 +142,6 @@ const getJavaBuildDeps = (config, files) => {
 }
 
 module.exports = {
-  getJavaBuildDeps
+  getJavaBuildDeps,
+  determineProjectTypeAndCwd
 }

package/src/scaAnalysis/java/index.js

@@ -1,6 +1,9 @@
 const analysis = require('./analysis')
 const { parseBuildDeps } = require('./javaBuildDepsParser')
 const { createJavaTSMessage } = require('../common/formatMessage')
+const {
+  parseDependenciesForSCAServices
+} = require('../common/scaParserForGoAndJava')
 
 const javaAnalysis = (config, languageFiles) => {
   languageFiles.JAVA.forEach(file => {
@@ -8,7 +11,12 @@ const javaAnalysis = (config, languageFiles) => {
   })
 
   const javaDeps = buildJavaTree(config, languageFiles.JAVA)
-  return createJavaTSMessage(javaDeps)
+
+  if (config.experimental) {
+    return parseDependenciesForSCAServices(javaDeps)
+  } else {
+    return createJavaTSMessage(javaDeps)
+  }
 }
 
 const buildJavaTree = (config, files) => {

package/src/scaAnalysis/java/javaBuildDepsParser.js

@@ -14,14 +14,14 @@ const parseBuildDeps = (config, input) => {
 const preParser = shavedOutput => {
   let obj = []
   for (let dep in shavedOutput) {
+    shavedOutput[dep] = shaveDependencyType(shavedOutput[dep])
+
     obj.push(
       shavedOutput[dep]
         .replace('+-', '+---')
         .replace('[INFO]', '')
         .replace('\\-', '\\---')
         .replace(':jar:', ':')
-        .replace(':test', '')
-        .replace(':compile', '')
         .replace(' +', '+')
         .replace(' |', '|')
         .replace(' \\', '\\')
@@ -56,11 +56,29 @@ const preParser = shavedOutput => {
   return depTree
 }
 
+const shaveDependencyType = dep => {
+  if (dep.endsWith('\r')) {
+    dep = dep.slice(0, -1)
+  }
+
+  if (dep.endsWith(':test')) {
+    dep = dep.slice(0, -5)
+  }
+
+  if (dep.endsWith(':compile')) {
+    dep = dep.slice(0, -8)
+  }
+
+  if (dep.endsWith(':provided')) {
+    dep = dep.slice(0, -9)
+  }
+
+  return dep
+}
+
 const shaveOutput = (gradleDependencyTreeOutput, projectType) => {
   let shavedOutput = gradleDependencyTreeOutput.split('\n')
 
-  // console.log(projectType)
-
   if (projectType === 'maven') {
     shavedOutput = preParser(shavedOutput)
   }
@@ -375,7 +393,6 @@ const validateIndentation = shavedOutput => {
 
 const parseGradle = (gradleDependencyTreeOutput, config, projectType) => {
   let shavedOutput = shaveOutput(gradleDependencyTreeOutput, projectType)
-
   if (config.subProject) {
     let subProject = parseSubProject(shavedOutput)
     let validatedOutput = validateIndentation(subProject)
@@ -400,5 +417,7 @@ module.exports = {
   computeRelationToLastElement,
   addIndentation,
   computeLevel,
-  computeIndentation
+  computeIndentation,
+  shaveDependencyType,
+  preParser
 }

package/src/scaAnalysis/python/analysis.js

@@ -1,5 +1,6 @@
 const multiReplace = require('string-multiple-replace')
 const fs = require('fs')
+const i18n = require('i18n')
 
 const readAndParseProjectFile = file => {
   const filePath = filePathForWindows(file + '/Pipfile')
@@ -23,12 +24,52 @@ const readAndParseLockFile = file => {
   return parsedPipLock
 }
 
-const getPythonDeps = config => {
+const readLockFile = file => {
+  const filePath = filePathForWindows(file + '/Pipfile.lock')
+  const lockFile = fs.readFileSync(filePath, 'utf8')
+  let parsedPipLock = JSON.parse(lockFile)
+  return parsedPipLock['default']
+}
+
+const scaPythonParser = pythonDependencies => {
+  let pythonParsedDeps = {}
+  for (let key in pythonDependencies) {
+    pythonParsedDeps[key] = {}
+    pythonParsedDeps[key].version = pythonDependencies[key].version.replace(
+      '==',
+      ''
+    )
+    pythonParsedDeps[key].group = null
+    pythonParsedDeps[key].name = key
+    pythonParsedDeps[key].isProduction = true
+    pythonParsedDeps[key].dependencies = []
+    pythonParsedDeps[key].directDependency = true
+  }
+  return pythonParsedDeps
+}
+
+const checkForCorrectFiles = languageFiles => {
+  if (!languageFiles.includes('Pipfile.lock')) {
+    throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'python'))
+  }
+
+  if (!languageFiles.includes('Pipfile')) {
+    throw new Error(i18n.__('languageAnalysisProjectFileError', 'python'))
+  }
+}
+
+const getPythonDeps = (config, languageFiles) => {
   try {
-    const parseProject = readAndParseProjectFile(config.file)
-    const parsePip = readAndParseLockFile(config.file)
+    if (config.experimental) {
+      let pythonLockFileContents = readLockFile(config.file)
+      return scaPythonParser(pythonLockFileContents)
+    } else {
+      checkForCorrectFiles(languageFiles)
+      const parseProject = readAndParseProjectFile(config.file)
+      const parsePip = readAndParseLockFile(config.file)
 
-    return { pipfileLock: parsePip, pipfilDependanceies: parseProject }
+      return { pipfileLock: parsePip, pipfilDependanceies: parseProject }
+    }
   } catch (err) {
     console.log(err.message.toString())
     process.exit(1)
@@ -44,6 +85,9 @@ const filePathForWindows = path => {
 
 module.exports = {
   getPythonDeps,
+  scaPythonParser,
+  readAndParseLockFile,
   readAndParseProjectFile,
-  readAndParseLockFile
+  checkForCorrectFiles,
+  readLockFile
 }

package/src/scaAnalysis/python/index.js

@@ -1,9 +1,14 @@
 const { createPythonTSMessage } = require('../common/formatMessage')
-const { getPythonDeps } = require('./analysis')
+const { getPythonDeps, secondaryParser } = require('./analysis')
 
 const pythonAnalysis = (config, languageFiles) => {
   const pythonDeps = getPythonDeps(config, languageFiles.PYTHON)
-  return createPythonTSMessage(pythonDeps)
+
+  if (config.experimental) {
+    return pythonDeps
+  } else {
+    return createPythonTSMessage(pythonDeps)
+  }
 }
 
 module.exports = {

package/src/scaAnalysis/ruby/analysis.js

@@ -1,4 +1,5 @@
 const fs = require('fs')
+const i18n = require('i18n')
 
 const readAndParseGemfile = file => {
   const gemFile = fs.readFileSync(file + '/Gemfile', 'utf8')
@@ -241,15 +242,25 @@ const buildSourceDependencyWithVersion = (
   return dependencies
 }
 
-const getRubyDeps = config => {
+const getRubyDeps = (config, languageFiles) => {
   try {
+    checkForCorrectFiles(languageFiles)
     const parsedGem = readAndParseGemfile(config.file)
     const parsedLock = readAndParseGemLockFile(config.file)
 
     return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock }
   } catch (err) {
-    console.log(err.message)
-    process.exit(1)
+    throw err
+  }
+}
+
+const checkForCorrectFiles = languageFiles => {
+  if (!languageFiles.includes('Gemfile.lock')) {
+    throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'ruby'))
+  }
+
+  if (!languageFiles.includes('Gemfile')) {
+    throw new Error(i18n.__('languageAnalysisProjectFileError', 'ruby'))
   }
 }
 
@@ -269,5 +280,6 @@ module.exports = {
   getVersion,
   getPatchLevel,
   formatSourceArr,
-  getSourceArray
+  getSourceArray,
+  checkForCorrectFiles
 }

package/src/scan/formatScanOutput.ts

@@ -62,12 +62,12 @@ export function formatScanOutput(scanResults: ScanResultsModel) {
       })
       let learnRow: string[] = []
       let adviceRow = []
+      const headerColour = chalk.hex(entry.colour)
       const headerRow = [
-        chalk
-          .hex(entry.colour)
-          .bold(`CONTRAST-${count.toString().padStart(3, '0')}`),
-        chalk.hex(entry.colour).bold('-'),
-        chalk.hex(entry.colour).bold(`[${entry.severity}] ${entry.ruleId}`) +
+        headerColour(`CONTRAST-${count.toString().padStart(3, '0')}`),
+        headerColour(`-`),
+        headerColour(`[${entry.severity}] `) +
+          headerColour.bold(`${entry.ruleId}`) +
           entry.message
       ]
 
@@ -104,6 +104,8 @@ export function formatScanOutput(scanResults: ScanResultsModel) {
     })
   }
   printVulnInfo(projectOverview)
+
+  return projectOverview
 }
 
 function printVulnInfo(projectOverview: any) {

package/src/scan/populateProjectIdAndProjectName.js

@@ -28,7 +28,11 @@ const createProjectId = async (config, client) => {
         process.exit(1)
         return
       }
-
+      if (res.statusCode === 429) {
+        console.log(i18n.__('exceededFreeTier'))
+        process.exit(1)
+        return
+      }
       if (res.statusCode === 201) {
         console.log(i18n.__('projectCreatedScan'))
         if (config.verbose) {

package/src/scan/scan.ts

@@ -47,6 +47,10 @@ export const sendScan = async (config: any) => {
             )
             console.log(i18n.__('genericServiceError', res.statusCode))
           }
+          if (res.statusCode === 429) {
+            console.log(i18n.__('exceededFreeTier'))
+            process.exit(1)
+          }
           if (res.statusCode === 403) {
             console.log(i18n.__('permissionsError'))
             process.exit(1)

package/src/scan/scanConfig.js

@@ -1,13 +1,15 @@
 const paramHandler = require('../utils/paramsUtil/paramHandler')
 const constants = require('../../src/constants.js')
-const parsedCLIOptions = require('../../src/utils/parsedCLIOptions')
 const path = require('path')
 const { supportedLanguagesScan } = require('../constants/constants')
 const i18n = require('i18n')
 const { scanUsageGuide } = require('./help')
+const parsedCLIOptions = require('../utils/parsedCLIOptions')
 
-const getScanConfig = argv => {
-  let scanParams = parsedCLIOptions.getCommandLineArgsCustom(
+const getScanConfig = async (contrastConf, command, argv) => {
+  let scanParams = await parsedCLIOptions.getCommandLineArgsCustom(
+    contrastConf,
+    command,
     argv,
     constants.commandLineDefinitions.scanOptionDefinitions
   )