@contrast/contrast 1.0.10 → 1.0.13

package/dist/scaAnalysis/javascript/scaServiceParser.js

@@ -0,0 +1,109 @@
+"use strict";
+const parseJS = rawNode => {
+    let dependencyTree = {};
+    let combinedPackageJSONDep = {
+        ...rawNode.packageJSON?.dependencies,
+        ...rawNode.packageJSON?.devDependencies
+    };
+    let analyseLock = chooseLockFile(rawNode);
+    if (analyseLock.type === 'yarn') {
+        dependencyTree = yarnCreateDepTree(dependencyTree, combinedPackageJSONDep, analyseLock.lockFile, rawNode);
+    }
+    if (analyseLock.type === 'npm') {
+        dependencyTree = npmCreateDepTree(dependencyTree, combinedPackageJSONDep, analyseLock.lockFile, rawNode);
+    }
+    return dependencyTree;
+};
+const npmCreateDepTree = (dependencyTree, combinedPackageJSONDep, packageLock, rawNode) => {
+    for (const [key, value] of Object.entries(packageLock)) {
+        dependencyTree[key] = {
+            name: key,
+            version: getResolvedVersion(key, packageLock),
+            group: null,
+            isProduction: checkIfInPackageJSON(rawNode.packageJSON.dependencies, key),
+            directDependency: checkIfInPackageJSON(combinedPackageJSONDep, key),
+            dependencies: createNPMChildDependencies(packageLock, key)
+        };
+    }
+    return dependencyTree;
+};
+const yarnCreateDepTree = (dependencyTree, combinedPackageJSONDep, packageLock, rawNode) => {
+    for (const [key, value] of Object.entries(packageLock)) {
+        let gav = getNameFromGAV(key);
+        let nag = getDepNameWithoutVersion(key);
+        dependencyTree[key] = {
+            name: gav,
+            version: getResolvedVersion(key, packageLock),
+            group: null,
+            isProduction: checkIfInPackageJSON(rawNode.packageJSON.dependencies, nag),
+            directDependency: checkIfInPackageJSON(combinedPackageJSONDep, nag),
+            dependencies: createChildDependencies(packageLock, key)
+        };
+    }
+    return dependencyTree;
+};
+const chooseLockFile = rawNode => {
+    if (rawNode?.yarn?.yarnLockFile !== undefined) {
+        return { lockFile: rawNode?.yarn?.yarnLockFile?.object, type: 'yarn' };
+    }
+    else if (rawNode.npmLockFile !== undefined) {
+        return { lockFile: rawNode?.npmLockFile?.dependencies, type: 'npm' };
+    }
+    else {
+        return undefined;
+    }
+};
+const createKeyName = (dep, version) => {
+    return dep + '@' + version;
+};
+const checkIfInPackageJSON = (list, dep) => {
+    return Object.keys(list).includes(dep);
+};
+const createChildDependencies = (lockFileDep, currentDep) => {
+    let depArray = [];
+    if (lockFileDep[currentDep]?.dependencies) {
+        for (const [key, value] of Object.entries(lockFileDep[currentDep]?.dependencies)) {
+            depArray.push(createKeyName(key, value));
+        }
+    }
+    return depArray;
+};
+const createNPMChildDependencies = (lockFileDep, currentDep) => {
+    let depArray = [];
+    if (lockFileDep[currentDep]?.requires) {
+        for (const [key, value] of Object.entries(lockFileDep[currentDep]?.requires)) {
+            depArray.push(key);
+        }
+    }
+    return depArray;
+};
+const getDepNameWithoutVersion = depKey => {
+    let dependency = depKey.split('@');
+    if (dependency.length - 1 > 1) {
+        return '@' + dependency[1];
+    }
+    return dependency[0];
+};
+const getNameFromGAV = depKey => {
+    let dependency = depKey.split('/');
+    if (dependency.length == 2) {
+        dependency = getDepNameWithoutVersion(dependency[1]);
+        return dependency;
+    }
+    if (dependency.length == 1) {
+        dependency = getDepNameWithoutVersion(depKey);
+        return dependency;
+    }
+    return depKey;
+};
+const getResolvedVersion = (depKey, packageLock) => {
+    return packageLock[depKey]?.version;
+};
+module.exports = {
+    parseJS,
+    checkIfInPackageJSON,
+    getNameFromGAV,
+    getResolvedVersion,
+    chooseLockFile,
+    createNPMChildDependencies
+};

package/dist/scaAnalysis/php/analysis.js

@@ -5,7 +5,7 @@ const _ = require('lodash');
 const readFile = (config, nameOfFile) => {
     if (config.file) {
         try {
-            return fs.readFileSync(config.file + '/' + nameOfFile);
+            return fs.readFileSync(config.file + '/' + nameOfFile, 'utf8');
         }
         catch (error) {
             console.log('Unable to find file');

package/dist/scaAnalysis/php/index.js

@@ -1,17 +1,23 @@
 "use strict";
 const { readFile, parseProjectFiles } = require('./analysis');
 const { createPhpTSMessage } = require('../common/formatMessage');
-const phpAnalysis = (config, files) => {
-    let analysis = readFiles(config, files.PHP);
-    const phpDep = parseProjectFiles(analysis);
-    return createPhpTSMessage(phpDep);
+const { parsePHPLockFileForScaServices } = require('./phpNewServicesMapper');
+const phpAnalysis = config => {
+    let analysis = readFiles(config);
+    if (config.experimental) {
+        return parsePHPLockFileForScaServices(analysis.rawLockFileContents);
+    }
+    else {
+        const phpDep = parseProjectFiles(analysis);
+        return createPhpTSMessage(phpDep);
+    }
 };
-const readFiles = (config, files) => {
+const readFiles = config => {
     let php = {};
     php.composerJSON = JSON.parse(readFile(config, 'composer.json'));
     php.rawLockFileContents = JSON.parse(readFile(config, 'composer.lock'));
     return php;
 };
 module.exports = {
-    phpAnalysis
+    phpAnalysis: phpAnalysis
 };

package/dist/scaAnalysis/php/phpNewServicesMapper.js

@@ -0,0 +1,62 @@
+"use strict";
+const { keyBy, merge } = require('lodash');
+const parsePHPLockFileForScaServices = phpLockFile => {
+    const packages = keyBy(phpLockFile.packages, 'name');
+    const packagesDev = keyBy(phpLockFile['packages-dev'], 'name');
+    return merge(buildDepTree(packages, true), buildDepTree(packagesDev, false));
+};
+const buildDepTree = (packages, isProduction) => {
+    const dependencyTree = {};
+    for (const packagesKey in packages) {
+        const currentObj = packages[packagesKey];
+        const { group, name } = findGroupAndName(currentObj.name);
+        const key = `${group}/${name}@${currentObj.version}`;
+        dependencyTree[key] = {
+            group: group,
+            name: name,
+            version: currentObj.version,
+            directDependency: true,
+            isProduction: isProduction,
+            dependencies: []
+        };
+        const mergedChildDeps = merge(buildSubDepsIntoFlatStructure(currentObj.require), buildSubDepsIntoFlatStructure(currentObj['require-dev']));
+        for (const childKey in mergedChildDeps) {
+            const { group, name } = findGroupAndName(childKey);
+            const builtKey = `${group}/${name}`;
+            dependencyTree[builtKey] = mergedChildDeps[childKey];
+        }
+    }
+    return dependencyTree;
+};
+const buildSubDepsIntoFlatStructure = childDeps => {
+    const dependencyTree = {};
+    for (const dep in childDeps) {
+        const version = childDeps[dep];
+        const { group, name } = findGroupAndName(dep);
+        const key = `${group}/${name}`;
+        dependencyTree[key] = {
+            group: group,
+            name: name,
+            version: version,
+            directDependency: false,
+            isProduction: false,
+            dependencies: []
+        };
+    }
+    return dependencyTree;
+};
+const findGroupAndName = groupAndName => {
+    if (groupAndName.includes('/')) {
+        const groupName = groupAndName.split('/');
+        return { group: groupName[0], name: groupName[1] };
+    }
+    else {
+        return { group: groupAndName, name: groupAndName };
+    }
+};
+module.exports = {
+    parsePHPLockFileForScaServices,
+    buildDepTree,
+    buildSubDepsIntoFlatStructure,
+    findGroupAndName
+};

package/dist/scaAnalysis/python/analysis.js

@@ -1,6 +1,7 @@
 "use strict";
 const multiReplace = require('string-multiple-replace');
 const fs = require('fs');
+const i18n = require('i18n');
 const readAndParseProjectFile = file => {
     const filePath = filePathForWindows(file + '/Pipfile');
     const pipFile = fs.readFileSync(filePath, 'utf8');
@@ -18,11 +19,45 @@ const readAndParseLockFile = file => {
     delete parsedPipLock['default'];
     return parsedPipLock;
 };
-const getPythonDeps = config => {
+const readLockFile = file => {
+    const filePath = filePathForWindows(file + '/Pipfile.lock');
+    const lockFile = fs.readFileSync(filePath, 'utf8');
+    let parsedPipLock = JSON.parse(lockFile);
+    return parsedPipLock['default'];
+};
+const scaPythonParser = pythonDependencies => {
+    let pythonParsedDeps = {};
+    for (let key in pythonDependencies) {
+        pythonParsedDeps[key] = {};
+        pythonParsedDeps[key].version = pythonDependencies[key].version.replace('==', '');
+        pythonParsedDeps[key].group = null;
+        pythonParsedDeps[key].name = key;
+        pythonParsedDeps[key].isProduction = true;
+        pythonParsedDeps[key].dependencies = [];
+        pythonParsedDeps[key].directDependency = true;
+    }
+    return pythonParsedDeps;
+};
+const checkForCorrectFiles = languageFiles => {
+    if (!languageFiles.includes('Pipfile.lock')) {
+        throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'python'));
+    }
+    if (!languageFiles.includes('Pipfile')) {
+        throw new Error(i18n.__('languageAnalysisProjectFileError', 'python'));
+    }
+};
+const getPythonDeps = (config, languageFiles) => {
     try {
-        const parseProject = readAndParseProjectFile(config.file);
-        const parsePip = readAndParseLockFile(config.file);
-        return { pipfileLock: parsePip, pipfilDependanceies: parseProject };
+        if (config.experimental) {
+            let pythonLockFileContents = readLockFile(config.file);
+            return scaPythonParser(pythonLockFileContents);
+        }
+        else {
+            checkForCorrectFiles(languageFiles);
+            const parseProject = readAndParseProjectFile(config.file);
+            const parsePip = readAndParseLockFile(config.file);
+            return { pipfileLock: parsePip, pipfilDependanceies: parseProject };
+        }
     }
     catch (err) {
         console.log(err.message.toString());
@@ -37,6 +72,9 @@ const filePathForWindows = path => {
 };
 module.exports = {
     getPythonDeps,
+    scaPythonParser,
+    readAndParseLockFile,
     readAndParseProjectFile,
-    readAndParseLockFile
+    checkForCorrectFiles,
+    readLockFile
 };

package/dist/scaAnalysis/python/index.js

@@ -1,9 +1,14 @@
 "use strict";
 const { createPythonTSMessage } = require('../common/formatMessage');
-const { getPythonDeps } = require('./analysis');
+const { getPythonDeps, secondaryParser } = require('./analysis');
 const pythonAnalysis = (config, languageFiles) => {
     const pythonDeps = getPythonDeps(config, languageFiles.PYTHON);
-    return createPythonTSMessage(pythonDeps);
+    if (config.experimental) {
+        return pythonDeps;
+    }
+    else {
+        return createPythonTSMessage(pythonDeps);
+    }
 };
 module.exports = {
     pythonAnalysis

package/dist/scaAnalysis/ruby/analysis.js

@@ -1,5 +1,26 @@
 "use strict";
 const fs = require('fs');
+const i18n = require('i18n');
+const getRubyDeps = (config, languageFiles) => {
+    try {
+        checkForCorrectFiles(languageFiles);
+        const parsedGem = readAndParseGemfile(config.file);
+        const parsedLock = readAndParseGemLockFile(config.file);
+        if (config.experimental) {
+            const rubyArray = removeRedundantAndPopulateDefinedElements(parsedLock.sources);
+            let rubyTree = createRubyTree(rubyArray);
+            findChildrenDependencies(rubyTree);
+            processRootDependencies(parsedLock.dependencies, rubyTree);
+            return rubyTree;
+        }
+        else {
+            return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock };
+        }
+    }
+    catch (err) {
+        throw err;
+    }
+};
 const readAndParseGemfile = file => {
     const gemFile = fs.readFileSync(file + '/Gemfile', 'utf8');
     const rubyArray = gemFile.split('\n');
@@ -188,15 +209,96 @@ const buildSourceDependencyWithVersion = (whitespaceRegx, dependencyRegEx, line,
     }
     return dependencies;
 };
-const getRubyDeps = config => {
-    try {
-        const parsedGem = readAndParseGemfile(config.file);
-        const parsedLock = readAndParseGemLockFile(config.file);
-        return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock };
+const processRootDependencies = (rootDependencies, rubyTree) => {
+    const getParentObjectByName = queryToken => Object.values(rubyTree).filter(({ name }) => name === queryToken);
+    for (let parent in rootDependencies) {
+        let parentObject = getParentObjectByName(parent);
+        if (parentObject[0]) {
+            let gav = parentObject[0].group +
+                '/' +
+                parentObject[0].name +
+                '@' +
+                parentObject[0].version;
+            rubyTree[gav] = parentObject[0];
+            rubyTree[gav].directDependency = true;
+        }
     }
-    catch (err) {
-        console.log(err.message);
-        process.exit(1);
+    return rubyTree;
+};
+const createRubyTree = rubyArray => {
+    let rubyTree = {};
+    for (let x in rubyArray) {
+        let version = rubyArray[x].resolved;
+        let gav = rubyArray[x].group + '/' + rubyArray[x].name + '@' + version;
+        rubyTree[gav] = rubyArray[x];
+        rubyTree[gav].directDependency = false;
+        rubyTree[gav].version = version;
+        if (!rubyTree[gav].dependencies) {
+            rubyTree[gav].dependencies = [];
+        }
+        delete rubyTree[gav].resolved;
+    }
+    return rubyTree;
+};
+const findChildrenDependencies = rubyTree => {
+    for (let dep in rubyTree) {
+        let unResolvedChildDepsKey = Object.keys(rubyTree[dep].dependencies);
+        rubyTree[dep].dependencies = resolveVersionOfChildDependencies(unResolvedChildDepsKey, rubyTree);
+    }
+};
+const resolveVersionOfChildDependencies = (unResolvedChildDepsKey, rubyObject) => {
+    const getParentObjectByName = queryToken => Object.values(rubyObject).filter(({ name }) => name === queryToken);
+    let resolvedChildrenDependencies = [];
+    for (let childDep in unResolvedChildDepsKey) {
+        let childDependencyName = unResolvedChildDepsKey[childDep];
+        let parent = getParentObjectByName(childDependencyName);
+        resolvedChildrenDependencies.push('null/' + childDependencyName + '@' + parent[0].version);
+    }
+    return resolvedChildrenDependencies;
+};
+const removeRedundantAndPopulateDefinedElements = deps => {
+    return deps.map(element => {
+        if (element.sourceType === 'GIT') {
+            delete element.sourceType;
+            delete element.remote;
+            delete element.platform;
+            element.group = null;
+            element.isProduction = true;
+        }
+        if (element.sourceType === 'GEM') {
+            element.group = null;
+            element.isProduction = true;
+            delete element.sourceType;
+            delete element.remote;
+            delete element.platform;
+        }
+        if (element.sourceType === 'PATH') {
+            element.group = null;
+            element.isProduction = true;
+            delete element.platform;
+            delete element.sourceType;
+            delete element.remote;
+        }
+        if (element.sourceType === 'BUNDLED WITH') {
+            element.group = null;
+            element.isProduction = true;
+            delete element.sourceType;
+            delete element.remote;
+            delete element.branch;
+            delete element.revision;
+            delete element.depthLevel;
+            delete element.specs;
+            delete element.platform;
+        }
+        return element;
+    });
+};
+const checkForCorrectFiles = languageFiles => {
+    if (!languageFiles.includes('Gemfile.lock')) {
+        throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'ruby'));
+    }
+    if (!languageFiles.includes('Gemfile')) {
+        throw new Error(i18n.__('languageAnalysisProjectFileError', 'ruby'));
     }
 };
 const trimWhiteSpace = string => {
@@ -214,5 +316,10 @@ module.exports = {
     getVersion,
     getPatchLevel,
     formatSourceArr,
-    getSourceArray
+    getSourceArray,
+    checkForCorrectFiles,
+    removeRedundantAndPopulateDefinedElements,
+    createRubyTree,
+    findChildrenDependencies,
+    processRootDependencies
 };

package/dist/scaAnalysis/ruby/index.js

@@ -3,7 +3,12 @@ const analysis = require('./analysis');
 const { createRubyTSMessage } = require('../common/formatMessage');
 const rubyAnalysis = (config, languageFiles) => {
     const rubyDeps = analysis.getRubyDeps(config, languageFiles.RUBY);
-    return createRubyTSMessage(rubyDeps);
+    if (config.experimental) {
+        return rubyDeps;
+    }
+    else {
+        return createRubyTSMessage(rubyDeps);
+    }
 };
 module.exports = {
     rubyAnalysis

package/dist/scan/formatScanOutput.js

@@ -53,12 +53,12 @@ function formatScanOutput(scanResults) {
             });
             let learnRow = [];
             let adviceRow = [];
+            const headerColour = chalk_1.default.hex(entry.colour);
             const headerRow = [
-                chalk_1.default
-                    .hex(entry.colour)
-                    .bold(`CONTRAST-${count.toString().padStart(3, '0')}`),
-                chalk_1.default.hex(entry.colour).bold('-'),
-                chalk_1.default.hex(entry.colour).bold(`[${entry.severity}] ${entry.ruleId}`) +
+                headerColour(`CONTRAST-${count.toString().padStart(3, '0')}`),
+                headerColour(`-`),
+                headerColour(`[${entry.severity}] `) +
+                    headerColour.bold(`${entry.ruleId}`) +
                     entry.message
             ];
             const codePath = entry.codePath?.replace(/^@/, '');
@@ -90,6 +90,7 @@ function formatScanOutput(scanResults) {
         });
     }
     printVulnInfo(projectOverview);
+    return projectOverview;
 }
 exports.formatScanOutput = formatScanOutput;
 function printVulnInfo(projectOverview) {

package/dist/scan/help.js

@@ -2,6 +2,7 @@
 const commandLineUsage = require('command-line-usage');
 const i18n = require('i18n');
 const constants = require('../constants');
+const { commonHelpLinks } = require('../common/commonHelp');
 const scanUsageGuide = commandLineUsage([
     {
         header: i18n.__('scanHeader')
@@ -35,9 +36,7 @@ const scanUsageGuide = commandLineUsage([
             'application-name'
         ]
     },
-    {
-        content: '{underline https://www.contrastsecurity.com}'
-    }
+    commonHelpLinks()
 ]);
 module.exports = {
     scanUsageGuide

package/dist/scan/populateProjectIdAndProjectName.js

@@ -25,6 +25,11 @@ const createProjectId = async (config, client) => {
             process.exit(1);
             return;
         }
+        if (res.statusCode === 429) {
+            console.log(i18n.__('exceededFreeTier'));
+            process.exit(1);
+            return;
+        }
         if (res.statusCode === 201) {
             console.log(i18n.__('projectCreatedScan'));
             if (config.verbose) {

package/dist/scan/scan.js

@@ -45,6 +45,10 @@ const sendScan = async (config) => {
                     oraWrapper_1.default.failSpinner(startUploadSpinner, i18n_1.default.__('uploadingScanFail'));
                     console.log(i18n_1.default.__('genericServiceError', res.statusCode));
                 }
+                if (res.statusCode === 429) {
+                    console.log(i18n_1.default.__('exceededFreeTier'));
+                    process.exit(1);
+                }
                 if (res.statusCode === 403) {
                     console.log(i18n_1.default.__('permissionsError'));
                     process.exit(1);

package/dist/scan/scanConfig.js

@@ -1,13 +1,13 @@
 "use strict";
 const paramHandler = require('../utils/paramsUtil/paramHandler');
-const constants = require('../../src/constants.js');
-const parsedCLIOptions = require('../../src/utils/parsedCLIOptions');
+const constants = require('../constants.js');
 const path = require('path');
 const { supportedLanguagesScan } = require('../constants/constants');
 const i18n = require('i18n');
 const { scanUsageGuide } = require('./help');
-const getScanConfig = argv => {
-    let scanParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.scanOptionDefinitions);
+const parsedCLIOptions = require('../utils/parsedCLIOptions');
+const getScanConfig = async (contrastConf, command, argv) => {
+    let scanParams = await parsedCLIOptions.getCommandLineArgsCustom(contrastConf, command, argv, constants.commandLineDefinitions.scanOptionDefinitions);
     if (scanParams.help) {
         printHelpMessage();
         process.exit(0);

package/dist/scan/scanResults.js

@@ -5,10 +5,14 @@ const oraFunctions = require('../utils/oraWrapper');
 const _ = require('lodash');
 const i18n = require('i18n');
 const oraWrapper = require('../utils/oraWrapper');
+const readLine = require('readline');
 const getScanId = async (config, codeArtifactId, client) => {
     return client
         .getScanId(config, codeArtifactId)
         .then(res => {
+        if (res.statusCode == 429) {
+            throw new Error(i18n.__('exceededFreeTier'));
+        }
         return res.body.id;
     })
         .catch(err => {
@@ -61,12 +65,50 @@ const returnScanResults = async (config, codeArtifactId, newProject, timeout, st
             let endTime = new Date() - startTime;
             if (requestUtils.millisToSeconds(endTime) > timeout) {
                 oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan timed out at the specified ' + timeout + ' seconds.');
-                console.log('Please try again, allowing more time.');
-                process.exit(1);
+                const isCI = process.env.CONTRAST_CODESEC_CI
+                    ? JSON.parse(process.env.CONTRAST_CODESEC_CI.toLowerCase())
+                    : false;
+                if (!isCI) {
+                    const retry = await retryScanPrompt();
+                    timeout = retry.timeout;
+                }
+                else {
+                    console.log('Please try again, allowing more time');
+                    process.exit(1);
+                }
             }
         }
     }
 };
+const retryScanPrompt = async () => {
+    const rl = readLine.createInterface({
+        input: process.stdin,
+        output: process.stdout
+    });
+    return new Promise((resolve, reject) => {
+        requestUtils.timeOutError(30000, reject);
+        rl.question('🔁 Do you want to continue waiting on Scan? [Y/N]\n', async (input) => {
+            if (input.toLowerCase() === 'yes' || input.toLowerCase() === 'y') {
+                console.log('Continuing wait for Scan');
+                rl.close();
+                resolve({ timeout: 300 });
+            }
+            else if (input.toLowerCase() === 'no' ||
+                input.toLowerCase() === 'n') {
+                rl.close();
+                console.log('Contrast Scan Retry Cancelled: Exiting');
+                resolve(process.exit(1));
+            }
+            else {
+                rl.close();
+                console.log('Invalid Input: Exiting');
+                resolve(process.exit(1));
+            }
+        });
+    }).catch(e => {
+        throw e;
+    });
+};
 const returnScanResultsInstances = async (config, scanId) => {
     const client = commonApi.getHttpClient(config);
     let result;
@@ -89,5 +131,6 @@ module.exports = {
     getScanId: getScanId,
     returnScanResults: returnScanResults,
     pollScanResults: pollScanResults,
-    returnScanResultsInstances: returnScanResultsInstances
+    returnScanResultsInstances: returnScanResultsInstances,
+    retryScanPrompt
 };