@contrast/contrast 1.0.10 → 1.0.11

package/src/scan/scanResults.js

@@ -4,11 +4,15 @@ const oraFunctions = require('../utils/oraWrapper')
 const _ = require('lodash')
 const i18n = require('i18n')
 const oraWrapper = require('../utils/oraWrapper')
+const readLine = require('readline')
 
 const getScanId = async (config, codeArtifactId, client) => {
   return client
     .getScanId(config, codeArtifactId)
     .then(res => {
+      if (res.statusCode == 429) {
+        throw new Error(i18n.__('exceededFreeTier'))
+      }
       return res.body.id
     })
     .catch(err => {
@@ -88,13 +92,51 @@ const returnScanResults = async (
           startScanSpinner,
           'Contrast Scan timed out at the specified ' + timeout + ' seconds.'
         )
-        console.log('Please try again, allowing more time.')
-        process.exit(1)
+
+        if (!config.isCI) {
+          const retry = await retryScanPrompt()
+          timeout = retry.timeout
+        }
       }
     }
   }
 }
 
+const retryScanPrompt = async () => {
+  const rl = readLine.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  })
+
+  return new Promise((resolve, reject) => {
+    requestUtils.timeOutError(30000, reject)
+
+    rl.question(
+      '🔁 Do you want to continue waiting on Scan? [Y/N]\n',
+      async input => {
+        if (input.toLowerCase() === 'yes' || input.toLowerCase() === 'y') {
+          console.log('Continuing wait for Scan')
+          rl.close()
+          resolve({ timeout: 300 })
+        } else if (
+          input.toLowerCase() === 'no' ||
+          input.toLowerCase() === 'n'
+        ) {
+          rl.close()
+          console.log('Contrast Scan Retry Cancelled: Exiting')
+          resolve(process.exit(1))
+        } else {
+          rl.close()
+          console.log('Invalid Input: Exiting')
+          resolve(process.exit(1))
+        }
+      }
+    )
+  }).catch(e => {
+    throw e
+  })
+}
+
 const returnScanResultsInstances = async (config, scanId) => {
   const client = commonApi.getHttpClient(config)
   let result
@@ -118,5 +160,6 @@ module.exports = {
   getScanId: getScanId,
   returnScanResults: returnScanResults,
   pollScanResults: pollScanResults,
-  returnScanResultsInstances: returnScanResultsInstances
+  returnScanResultsInstances: returnScanResultsInstances,
+  retryScanPrompt
 }

package/src/telemetry/telemetry.ts

@@ -0,0 +1,154 @@
+import { getHttpClient } from '../utils/commonApi'
+import * as crypto from 'crypto'
+import { ContrastConf } from '../utils/getConfig'
+
+export const TELEMETRY_CLI_COMMANDS_EVENT = 'CLI_COMMANDS'
+export const TELEMETRY_CLI_TIME_TO_AUTH_EVENT = 'CLI_TIME_TO_AUTH'
+
+export const sendTelemetryConfigAsConfObj = async (
+  config: ContrastConf,
+  command: string,
+  argv: string[],
+  result: string,
+  language: string
+) => {
+  const hostParam = '--host'
+  const hostParamAlias = '-h'
+  const orgIdParam = '--organization-id'
+  const orgIdParamAlias = '-o'
+  const authParam = '--authorization'
+  const apiKeyParam = '--api-key'
+
+  let configToUse
+
+  if (
+    paramExists(argv, hostParam, hostParamAlias) &&
+    paramExists(argv, orgIdParam, orgIdParamAlias) &&
+    paramExists(argv, authParam, null) &&
+    paramExists(argv, apiKeyParam, null)
+  ) {
+    //if the user has passed the values as params
+    configToUse = {
+      host: findParamValueFromArgs(argv, hostParam, hostParamAlias),
+      organizationId: findParamValueFromArgs(argv, orgIdParam, orgIdParamAlias),
+      authorization: findParamValueFromArgs(argv, authParam, null),
+      apiKey: findParamValueFromArgs(argv, apiKeyParam, null)
+    }
+  } else if (
+    config &&
+    config.get('host') &&
+    config.get('organizationId') &&
+    config.get('authorization') &&
+    config.get('apiKey')
+  ) {
+    configToUse = {
+      host: config.get('host')?.slice(0, -1), //slice off extra / in url, will 404 on teamserver if we don't
+      organizationId: config.get('organizationId'),
+      authorization: config.get('authorization'),
+      apiKey: config.get('apiKey')
+    }
+  } else {
+    //return when unable to get config
+    return
+  }
+
+  return await sendTelemetryConfigAsObject(
+    configToUse,
+    command,
+    argv,
+    result,
+    language
+  )
+}
+
+export const sendTelemetryConfigAsObject = async (
+  config: any,
+  command: string,
+  argv: string[],
+  result: string,
+  language: string
+) => {
+  const obfuscatedParams = obfuscateParams(argv)
+
+  const requestBody = {
+    event: TELEMETRY_CLI_COMMANDS_EVENT,
+    details: {
+      ip_address: '',
+      account_name: '',
+      account_host: '',
+      company_domain: '',
+      command: `contrast ${command} ${obfuscatedParams}`,
+      app_id:
+        config && config.applicationId
+          ? sha1Base64Value(config.applicationId)
+          : 'undefined',
+      project_id:
+        config && config.projectId
+          ? sha1Base64Value(config.projectId)
+          : 'undefined',
+      language: language,
+      result: result,
+      additional_info: '',
+      timestamp: new Date().toUTCString()
+    }
+  }
+
+  return await sendTelemetryRequest(config, requestBody)
+}
+
+export const sendTelemetryRequest = async (config: any, requestBody: any) => {
+  const client = getHttpClient(config)
+  return client
+    .postTelemetry(config, requestBody)
+    .then((res: any) => {
+      if (res.statusCode !== 200 && config.debug === true) {
+        console.log('Telemetry failed to send with status', res.statusCode)
+      }
+      return { statusCode: res.statusCode, statusMessage: res.statusMessage }
+    })
+    .catch((err: any) => {
+      return
+    })
+}
+
+export const obfuscateParams = (argv: string[]) => {
+  return argv
+    .join(' ')
+    .replace(/--(authorization [A-Z0-9]+)/gi, '--authorization *****')
+    .replace(/-(o [A-Z0-9-]+)/gi, '-o *****')
+    .replace(/--(organization-id [A-Z0-9-]+)/gi, '--organization-id *****')
+    .replace(/--(api-key [A-Z0-9]+)/gi, '--api-key *****')
+}
+
+export const paramExists = (
+  argv: string[],
+  param: string,
+  paramAlias: string | null
+) => {
+  return argv.find((arg: string) => arg === param || arg === paramAlias)
+}
+
+export const findParamValueFromArgs = (
+  argv: string[],
+  param: string,
+  paramAlias: string | null
+) => {
+  let paramAsValue
+
+  argv.forEach((arg: string, index: number) => {
+    if (
+      arg === param ||
+      (arg === paramAlias &&
+        argv[index + 1] !== undefined &&
+        argv[index + 1] !== null)
+    ) {
+      paramAsValue = argv[index + 1]
+    }
+  })
+
+  return paramAsValue
+}
+
+export const sha1Base64Value = (value: any) => {
+  return crypto.createHash('sha1').update(value).digest('base64')
+}

package/src/utils/getConfig.ts

@@ -7,7 +7,7 @@ type ContrastConfOptions = Partial<{
   orgId: string
   authHeader: string
   numOfRuns: number
-  updateMessageHidden: boolean
+  isCI: boolean
 }>
 
 type ContrastConf = Conf<ContrastConfOptions>
@@ -18,12 +18,10 @@ const localConfig = (name: string, version: string) => {
   })
   config.set('version', version)
 
-  if (process.env.CONTRAST_CODSEC_DISABLE_UPDATE_MESSAGE) {
+  if (process.env.CONTRAST_CODSEC_CI) {
     config.set(
-      'updateMessageHidden',
-      JSON.parse(
-        process.env.CONTRAST_CODSEC_DISABLE_UPDATE_MESSAGE.toLowerCase()
-      )
+      'isCI',
+      JSON.parse(process.env.CONTRAST_CODSEC_CI.toLowerCase()) as boolean
     )
   }
 

package/src/utils/parsedCLIOptions.js

@@ -1,6 +1,12 @@
 const commandLineArgs = require('command-line-args')
+const { sendTelemetryConfigAsConfObj } = require('../telemetry/telemetry')
 
-const getCommandLineArgsCustom = (parameterList, optionDefinitions) => {
+const getCommandLineArgsCustom = async (
+  contrastConf,
+  command,
+  parameterList,
+  optionDefinitions
+) => {
   try {
     return commandLineArgs(optionDefinitions, {
       argv: parameterList,
@@ -9,6 +15,13 @@ const getCommandLineArgsCustom = (parameterList, optionDefinitions) => {
       caseInsensitive: true
     })
   } catch (e) {
+    await sendTelemetryConfigAsConfObj(
+      contrastConf,
+      command,
+      parameterList,
+      'FAILURE',
+      'undefined'
+    )
     console.log(e.message.toString())
     process.exit(1)
   }

package/src/utils/requestUtils.js

@@ -15,8 +15,15 @@ const sleep = ms => {
   return new Promise(resolve => setTimeout(resolve, ms))
 }
 
+const timeOutError = (ms, reject) => {
+  return setTimeout(() => {
+    reject(new Error(`No input detected after 30s`))
+  }, ms)
+}
+
 module.exports = {
   sendRequest: sendRequest,
   sleep: sleep,
-  millisToSeconds: millisToSeconds
+  millisToSeconds: millisToSeconds,
+  timeOutError: timeOutError
 }