@contrast/contrast 1.0.11 → 1.0.12

package/dist/audit/{languageAnalysisEngine/report → report}/commonReportingFunctions.js

@@ -3,23 +3,29 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getNumOfAndSeverityType = exports.buildFormattedHeaderNum = exports.gatherRemediationAdvice = exports.buildBody = exports.buildHeader = exports.printFormattedOutput = exports.printVulnerabilityResponse = exports.getReport = exports.createSummaryMessage = void 0;
-const commonApi_1 = require("../../../utils/commonApi");
+exports.getNumOfAndSeverityType = exports.buildFormattedHeaderNum = exports.gatherRemediationAdvice = exports.buildBody = exports.buildHeader = exports.printFormattedOutput = exports.printVulnerabilityResponse = exports.getReport = exports.createSummaryMessageBottom = exports.createSummaryMessageTop = void 0;
+const commonApi_1 = require("../../utils/commonApi");
 const reportListModel_1 = require("./models/reportListModel");
 const lodash_1 = require("lodash");
 const chalk_1 = __importDefault(require("chalk"));
 const reportUtils_1 = require("./utils/reportUtils");
 const severityCountModel_1 = require("./models/severityCountModel");
 const reportOutputModel_1 = require("./models/reportOutputModel");
-const constants_1 = require("../../../constants/constants");
+const constants_1 = require("../../constants/constants");
 const cli_table3_1 = __importDefault(require("cli-table3"));
 const reportGuidanceModel_1 = require("./models/reportGuidanceModel");
-const createSummaryMessage = (numberOfVulnerableLibraries, numberOfCves) => {
+const createSummaryMessageTop = (numberOfVulnerableLibraries, numberOfCves) => {
     numberOfVulnerableLibraries === 1
         ? console.log(`Found 1 vulnerable library containing ${numberOfCves} CVE`)
         : console.log(`Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs`);
 };
-exports.createSummaryMessage = createSummaryMessage;
+exports.createSummaryMessageTop = createSummaryMessageTop;
+const createSummaryMessageBottom = (numberOfVulnerableLibraries) => {
+    numberOfVulnerableLibraries === 1
+        ? console.log(`Found 1 vulnerable library`)
+        : console.log(`Found ${numberOfVulnerableLibraries} vulnerable libraries`);
+};
+exports.createSummaryMessageBottom = createSummaryMessageBottom;
 const getReport = async (config, reportId) => {
     const client = (0, commonApi_1.getHttpClient)(config);
     return client
@@ -48,7 +54,7 @@ const printVulnerabilityResponse = (config, vulnerableLibraries, numberOfVulnera
 };
 exports.printVulnerabilityResponse = printVulnerabilityResponse;
 const printFormattedOutput = (config, libraries, numberOfVulnerableLibraries, numberOfCves, guidance) => {
-    (0, exports.createSummaryMessage)(numberOfVulnerableLibraries, numberOfCves);
+    (0, exports.createSummaryMessageTop)(numberOfVulnerableLibraries, numberOfCves);
     console.log();
     const report = new reportListModel_1.ReportList();
     for (const library of libraries) {
@@ -100,9 +106,13 @@ const printFormattedOutput = (config, libraries, numberOfVulnerableLibraries, nu
         console.log(reportOutputModel.header.vulnMessage, reportOutputModel.header.introducesMessage);
         console.log(table.toString() + '\n');
     }
-    (0, exports.createSummaryMessage)(numberOfVulnerableLibraries, numberOfCves);
+    (0, exports.createSummaryMessageBottom)(numberOfVulnerableLibraries);
     const { criticalMessage, highMessage, mediumMessage, lowMessage, noteMessage } = buildFooter(outputOrderedByLowestSeverityAndLowestNumOfCvesFirst);
     console.log(`${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`);
+    if (config.host !== constants_1.CE_URL) {
+        console.log('\n' + chalk_1.default.bold('View your full dependency tree in Contrast:'));
+        console.log(`${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
+    }
 };
 exports.printFormattedOutput = printFormattedOutput;
 function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, numOfCVEs) {

package/dist/audit/{languageAnalysisEngine/report → report}/reportingFeature.js

@@ -31,9 +31,9 @@ const commonReportingFunctions_1 = require("./commonReportingFunctions");
 const reportUtils_1 = require("./utils/reportUtils");
 const i18n_1 = __importDefault(require("i18n"));
 const chalk_1 = __importDefault(require("chalk"));
-const constants = __importStar(require("../../../constants/constants"));
+const constants = __importStar(require("../../constants/constants"));
 const severityCountModel_1 = require("./models/severityCountModel");
-const common = __importStar(require("../../../common/fail"));
+const common = __importStar(require("../../common/fail"));
 function convertKeysToStandardFormat(config, guidance) {
     let convertedGuidance = guidance;
     switch (config.language) {

package/dist/audit/{languageAnalysisEngine/report → report}/utils/reportUtils.js

@@ -6,8 +6,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.countVulnerableLibrariesBySeverity = exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraryVulns = exports.findCVESeverity = exports.findCVESeveritiesAndOrderByHighestPriority = exports.findHighestSeverityCVE = void 0;
 const reportLibraryModel_1 = require("../models/reportLibraryModel");
 const reportSeverityModel_1 = require("../models/reportSeverityModel");
-const constants_1 = __importDefault(require("./../../../../constants/constants"));
-const constants_2 = require("../../../../constants/constants");
+const constants_1 = __importDefault(require("../../../constants/constants"));
+const constants_2 = require("../../../constants/constants");
 const lodash_1 = require("lodash");
 const severityCountModel_1 = require("../models/severityCountModel");
 const { supportedLanguages: { GO } } = constants_1.default;

package/dist/commands/audit/help.js

@@ -7,6 +7,7 @@ exports.auditUsageGuide = void 0;
 const command_line_usage_1 = __importDefault(require("command-line-usage"));
 const i18n_1 = __importDefault(require("i18n"));
 const constants_1 = __importDefault(require("../../constants"));
+const commonHelp_1 = require("../../common/commonHelp");
 const auditUsageGuide = (0, command_line_usage_1.default)([
     {
         header: i18n_1.default.__('auditHeader'),
@@ -53,6 +54,7 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
             'app-groups',
             'metadata'
         ]
-    }
+    },
+    (0, commonHelp_1.commonHelpLinks)()
 ]);
 exports.auditUsageGuide = auditUsageGuide;

package/dist/commands/scan/sca/scaAnalysis.js

@@ -12,7 +12,7 @@ const javascriptAnalysis = require('../../../scaAnalysis/javascript');
 const { pollForSnapshotCompletition } = require('../../../audit/languageAnalysisEngine/sendSnapshot');
 const { returnOra, startSpinner, succeedSpinner } = require('../../../utils/oraWrapper');
 const i18n = require('i18n');
-const { vulnerabilityReportV2 } = require('../../../audit/languageAnalysisEngine/report/reportingFeature');
+const { vulnerabilityReportV2 } = require('../../../audit/report/reportingFeature');
 const auditSave = require('../../../audit/save');
 const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet');
 const { auditUsageGuide } = require('../../audit/help');
@@ -54,7 +54,7 @@ const processSca = async (config) => {
                 messageToSend = rubyAnalysis(config, filesFound[0]);
                 config.language = RUBY;
                 break;
-            case 'PHP':
+            case PHP:
                 messageToSend = phpAnalysis.phpAnalysis(config, filesFound[0]);
                 config.language = PHP;
                 break;

package/dist/common/commonHelp.js

@@ -0,0 +1,19 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.commonHelpLinks = void 0;
+const i18n_1 = __importDefault(require("i18n"));
+function commonHelpLinks() {
+    return {
+        header: i18n_1.default.__('commonHelpHeader'),
+        content: [
+            i18n_1.default.__('commonHelpCheckOutHeader') + i18n_1.default.__('commonHelpCheckOutText'),
+            i18n_1.default.__('commonHelpLearnMoreHeader') + i18n_1.default.__('commonHelpLearnMoreText'),
+            i18n_1.default.__('commonHelpJoinDiscussionHeader') +
+                i18n_1.default.__('commonHelpJoinDiscussionText')
+        ]
+    };
+}
+exports.commonHelpLinks = commonHelpLinks;

package/dist/common/versionChecker.js

@@ -23,8 +23,10 @@ const getLatestVersion = async (config) => {
     }
 };
 async function findLatestCLIVersion(config) {
-    const messageHidden = config.get('isCI');
-    if (!messageHidden) {
+    const isCI = process.env.CONTRAST_CODESEC_CI
+        ? JSON.parse(process.env.CONTRAST_CODESEC_CI)
+        : false;
+    if (!isCI) {
         let latestCLIVersion = await getLatestVersion(config);
         latestCLIVersion = latestCLIVersion.substring(8);
         if (semver_1.default.lt(constants_1.APP_VERSION, latestCLIVersion)) {

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.11';
+const APP_VERSION = '1.0.12';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';
@@ -29,7 +29,7 @@ const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com';
 const SARIF_FILE = 'SARIF';
 const SBOM_CYCLONE_DX_FILE = 'cyclonedx';
 const SBOM_SPDX_FILE = 'spdx';
-const CE_URL = 'https://ce.contrastsecurity.com/';
+const CE_URL = 'https://ce.contrastsecurity.com';
 module.exports = {
     supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
     supportedLanguagesScan: { JAVASCRIPT, DOTNET, JAVA },

package/dist/constants/locales.js

@@ -295,6 +295,13 @@ const en_locales = () => {
         auditReportFailureMessage: 'Unable to generate library report',
         auditSCAAnalysisBegins: 'Contrast SCA audit started',
         auditSCAAnalysisComplete: 'Contrast audit complete',
+        commonHelpHeader: 'Need More Help?',
+        commonHelpCheckOutHeader: chalk.hex('#9DC184')('Check out:'),
+        commonHelpCheckOutText: ' https://support.contrastsecurity.com',
+        commonHelpLearnMoreHeader: chalk.hex('#9DC184')('Learn more at:'),
+        commonHelpLearnMoreText: ' https://developer.contrastsecurity.com',
+        commonHelpJoinDiscussionHeader: chalk.hex('#9DC184')('Join the discussion:'),
+        commonHelpJoinDiscussionText: ' https://dev.to/codesec',
         ...lambda
     };
 };

package/dist/constants.js

@@ -3,6 +3,7 @@ const commandLineUsage = require('command-line-usage');
 const i18n = require('i18n');
 const { en_locales } = require('./constants/locales.js');
 const { parseSeverity } = require('./common/fail');
+const { commonHelpLinks } = require('./common/commonHelp');
 i18n.configure({
     staticCatalog: {
         en: en_locales()
@@ -366,15 +367,13 @@ const mainUsageGuide = commandLineUsage([
             { name: i18n.__('helpName'), summary: i18n.__('helpSummary') }
         ]
     },
-    {
-        content: '{underline https://developer.contrastsecurity.com/} \n For technical support head to {underline https://support.contrastsecurity.com}'
-    },
     {
         header: i18n.__('configHeader2'),
         content: [
             { name: i18n.__('clearHeader'), summary: i18n.__('clearContent') }
         ]
-    }
+    },
+    commonHelpLinks()
 ]);
 const mainDefinition = [{ name: 'command', defaultOption: true }];
 module.exports = {

package/dist/lambda/help.js

@@ -6,6 +6,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.lambdaUsageGuide = void 0;
 const command_line_usage_1 = __importDefault(require("command-line-usage"));
 const i18n_1 = __importDefault(require("i18n"));
+const commonHelp_1 = require("../common/commonHelp");
 const lambdaUsageGuide = (0, command_line_usage_1.default)([
     {
         header: i18n_1.default.__('lambdaHeader'),
@@ -80,8 +81,6 @@ const lambdaUsageGuide = (0, command_line_usage_1.default)([
             { name: i18n_1.default.__('lambdaHelpOption'), summary: i18n_1.default.__('helpSummary') }
         ]
     },
-    {
-        content: '{underline https://www.contrastsecurity.com/developer/codesec}'
-    }
+    (0, commonHelp_1.commonHelpLinks)()
 ]);
 exports.lambdaUsageGuide = lambdaUsageGuide;

package/dist/scaAnalysis/php/analysis.js

@@ -5,7 +5,7 @@ const _ = require('lodash');
 const readFile = (config, nameOfFile) => {
     if (config.file) {
         try {
-            return fs.readFileSync(config.file + '/' + nameOfFile);
+            return fs.readFileSync(config.file + '/' + nameOfFile, 'utf8');
         }
         catch (error) {
             console.log('Unable to find file');

package/dist/scaAnalysis/php/index.js

@@ -1,17 +1,23 @@
 "use strict";
 const { readFile, parseProjectFiles } = require('./analysis');
 const { createPhpTSMessage } = require('../common/formatMessage');
-const phpAnalysis = (config, files) => {
-    let analysis = readFiles(config, files.PHP);
-    const phpDep = parseProjectFiles(analysis);
-    return createPhpTSMessage(phpDep);
+const { parsePHPLockFileForScaServices } = require('./phpNewServicesMapper');
+const phpAnalysis = config => {
+    let analysis = readFiles(config);
+    if (config.experimental) {
+        return parsePHPLockFileForScaServices(analysis.rawLockFileContents);
+    }
+    else {
+        const phpDep = parseProjectFiles(analysis);
+        return createPhpTSMessage(phpDep);
+    }
 };
-const readFiles = (config, files) => {
+const readFiles = config => {
     let php = {};
     php.composerJSON = JSON.parse(readFile(config, 'composer.json'));
     php.rawLockFileContents = JSON.parse(readFile(config, 'composer.lock'));
     return php;
 };
 module.exports = {
-    phpAnalysis
+    phpAnalysis: phpAnalysis
 };

package/dist/scaAnalysis/php/phpNewServicesMapper.js

@@ -0,0 +1,62 @@
+"use strict";
+const { keyBy, merge } = require('lodash');
+const parsePHPLockFileForScaServices = phpLockFile => {
+    const packages = keyBy(phpLockFile.packages, 'name');
+    const packagesDev = keyBy(phpLockFile['packages-dev'], 'name');
+    return merge(buildDepTree(packages, true), buildDepTree(packagesDev, false));
+};
+const buildDepTree = (packages, isProduction) => {
+    const dependencyTree = {};
+    for (const packagesKey in packages) {
+        const currentObj = packages[packagesKey];
+        const { group, name } = findGroupAndName(currentObj.name);
+        const key = `${group}/${name}@${currentObj.version}`;
+        dependencyTree[key] = {
+            group: group,
+            name: name,
+            version: currentObj.version,
+            directDependency: true,
+            isProduction: isProduction,
+            dependencies: []
+        };
+        const mergedChildDeps = merge(buildSubDepsIntoFlatStructure(currentObj.require), buildSubDepsIntoFlatStructure(currentObj['require-dev']));
+        for (const childKey in mergedChildDeps) {
+            const { group, name } = findGroupAndName(childKey);
+            const builtKey = `${group}/${name}`;
+            dependencyTree[builtKey] = mergedChildDeps[childKey];
+        }
+    }
+    return dependencyTree;
+};
+const buildSubDepsIntoFlatStructure = childDeps => {
+    const dependencyTree = {};
+    for (const dep in childDeps) {
+        const version = childDeps[dep];
+        const { group, name } = findGroupAndName(dep);
+        const key = `${group}/${name}`;
+        dependencyTree[key] = {
+            group: group,
+            name: name,
+            version: version,
+            directDependency: false,
+            isProduction: false,
+            dependencies: []
+        };
+    }
+    return dependencyTree;
+};
+const findGroupAndName = groupAndName => {
+    if (groupAndName.includes('/')) {
+        const groupName = groupAndName.split('/');
+        return { group: groupName[0], name: groupName[1] };
+    }
+    else {
+        return { group: groupAndName, name: groupAndName };
+    }
+};
+module.exports = {
+    parsePHPLockFileForScaServices,
+    buildDepTree,
+    buildSubDepsIntoFlatStructure,
+    findGroupAndName
+};

package/dist/scan/help.js

@@ -2,6 +2,7 @@
 const commandLineUsage = require('command-line-usage');
 const i18n = require('i18n');
 const constants = require('../constants');
+const { commonHelpLinks } = require('../common/commonHelp');
 const scanUsageGuide = commandLineUsage([
     {
         header: i18n.__('scanHeader')
@@ -35,9 +36,7 @@ const scanUsageGuide = commandLineUsage([
             'application-name'
         ]
     },
-    {
-        content: '{underline https://www.contrastsecurity.com}'
-    }
+    commonHelpLinks()
 ]);
 module.exports = {
     scanUsageGuide

package/dist/scan/scanConfig.js

@@ -1,6 +1,6 @@
 "use strict";
 const paramHandler = require('../utils/paramsUtil/paramHandler');
-const constants = require('../../src/constants.js');
+const constants = require('../constants.js');
 const path = require('path');
 const { supportedLanguagesScan } = require('../constants/constants');
 const i18n = require('i18n');

package/dist/scan/scanResults.js

@@ -65,10 +65,17 @@ const returnScanResults = async (config, codeArtifactId, newProject, timeout, st
             let endTime = new Date() - startTime;
             if (requestUtils.millisToSeconds(endTime) > timeout) {
                 oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan timed out at the specified ' + timeout + ' seconds.');
-                if (!config.isCI) {
+                const isCI = process.env.CONTRAST_CODESEC_CI
+                    ? JSON.parse(process.env.CONTRAST_CODESEC_CI)
+                    : false;
+                if (!isCI) {
                     const retry = await retryScanPrompt();
                     timeout = retry.timeout;
                 }
+                else {
+                    console.log('Please try again, allowing more time');
+                    process.exit(1);
+                }
             }
         }
     }

package/dist/utils/getConfig.js

@@ -5,16 +5,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.setConfigValues = exports.localConfig = void 0;
 const conf_1 = __importDefault(require("conf"));
+const constants_1 = require("../constants/constants");
 const localConfig = (name, version) => {
     const config = new conf_1.default({
         configName: name
     });
     config.set('version', version);
-    if (process.env.CONTRAST_CODSEC_CI) {
-        config.set('isCI', JSON.parse(process.env.CONTRAST_CODSEC_CI.toLowerCase()));
-    }
     if (!config.has('host')) {
-        config.set('host', 'https://ce.contrastsecurity.com/');
+        config.set('host', constants_1.CE_URL);
     }
     return config;
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.11",
+  "version": "1.0.12",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {
@@ -23,7 +23,9 @@
     "test": "jest --testPathIgnorePatterns=./test-integration/",
     "test-int": "jest ./test-integration/",
     "test-int-scan": "jest ./test-integration/scan",
-    "test-int-audit": "jest test-integration/audit/audit-int.spec.js",
+    "test-int-audit": "jest test-integration/audit",
+    "test-int-audit-reports": "jest test-integration/audit/audit-language-reports.spec.js",
+    "test-int-audit-features": "jest test-integration/audit/auditFeatures/",
     "format": "prettier --write \"**/*.{ts,tsx,js,json,md,yml}\" .eslintrc.*",
     "check-format": "prettier --check \"**/*.{ts,tsx,js,json,md,yml}\" .eslintrc.*",
     "coverage-local": "nyc --reporter=text mocha './test/**/*.spec.js'",

package/src/audit/{languageAnalysisEngine/report → report}/commonReportingFunctions.ts

@@ -1,4 +1,4 @@
-import { getHttpClient, handleResponseErrors } from '../../../utils/commonApi'
+import { getHttpClient, handleResponseErrors } from '../../utils/commonApi'
 import {
   ReportCompositeKey,
   ReportList,
@@ -22,16 +22,17 @@ import {
   ReportOutputModel
 } from './models/reportOutputModel'
 import {
+  CE_URL,
   CRITICAL_COLOUR,
   HIGH_COLOUR,
   LOW_COLOUR,
   MEDIUM_COLOUR,
   NOTE_COLOUR
-} from '../../../constants/constants'
+} from '../../constants/constants'
 import Table from 'cli-table3'
 import { ReportGuidanceModel } from './models/reportGuidanceModel'
 
-export const createSummaryMessage = (
+export const createSummaryMessageTop = (
   numberOfVulnerableLibraries: number,
   numberOfCves: number
 ) => {
@@ -42,6 +43,14 @@ export const createSummaryMessage = (
       )
 }
 
+export const createSummaryMessageBottom = (
+  numberOfVulnerableLibraries: number
+) => {
+  numberOfVulnerableLibraries === 1
+    ? console.log(`Found 1 vulnerable library`)
+    : console.log(`Found ${numberOfVulnerableLibraries} vulnerable libraries`)
+}
+
 export const getReport = async (config: any, reportId: string) => {
   const client = getHttpClient(config)
   return client
@@ -87,7 +96,7 @@ export const printFormattedOutput = (
   numberOfCves: number,
   guidance: any
 ) => {
-  createSummaryMessage(numberOfVulnerableLibraries, numberOfCves)
+  createSummaryMessageTop(numberOfVulnerableLibraries, numberOfCves)
   console.log()
   const report = new ReportList()
 
@@ -183,7 +192,7 @@ export const printFormattedOutput = (
     console.log(table.toString() + '\n')
   }
 
-  createSummaryMessage(numberOfVulnerableLibraries, numberOfCves)
+  createSummaryMessageBottom(numberOfVulnerableLibraries)
   const {
     criticalMessage,
     highMessage,
@@ -194,6 +203,15 @@ export const printFormattedOutput = (
   console.log(
     `${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`
   )
+
+  if (config.host !== CE_URL) {
+    console.log(
+      '\n' + chalk.bold('View your full dependency tree in Contrast:')
+    )
+    console.log(
+      `${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`
+    )
+  }
 }
 
 export function buildHeader(

package/src/audit/{languageAnalysisEngine/report → report}/reportingFeature.ts

@@ -8,9 +8,9 @@ import {
 } from './utils/reportUtils'
 import i18n from 'i18n'
 import chalk from 'chalk'
-import * as constants from '../../../constants/constants'
+import * as constants from '../../constants/constants'
 import { SeverityCountModel } from './models/severityCountModel'
-import * as common from '../../../common/fail'
+import * as common from '../../common/fail'
 
 export function convertKeysToStandardFormat(config: any, guidance: any) {
   let convertedGuidance = guidance

package/src/audit/{languageAnalysisEngine/report → report}/utils/reportUtils.ts

@@ -3,7 +3,7 @@ import {
   ReportLibraryModel
 } from '../models/reportLibraryModel'
 import { ReportSeverityModel } from '../models/reportSeverityModel'
-import languageAnalysisEngine from './../../../../constants/constants'
+import languageAnalysisEngine from '../../../constants/constants'
 import {
   CRITICAL_COLOUR,
   CRITICAL_PRIORITY,
@@ -15,7 +15,7 @@ import {
   MEDIUM_PRIORITY,
   NOTE_COLOUR,
   NOTE_PRIORITY
-} from '../../../../constants/constants'
+} from '../../../constants/constants'
 import { orderBy } from 'lodash'
 import { SeverityCountModel } from '../models/severityCountModel'
 import { ReportModelStructure } from '../models/reportListModel'

package/src/commands/audit/help.ts

@@ -1,6 +1,7 @@
 import commandLineUsage from 'command-line-usage'
 import i18n from 'i18n'
 import constants from '../../constants'
+import { commonHelpLinks } from '../../common/commonHelp'
 
 const auditUsageGuide = commandLineUsage([
   {
@@ -48,7 +49,8 @@ const auditUsageGuide = commandLineUsage([
       'app-groups',
       'metadata'
     ]
-  }
+  },
+  commonHelpLinks()
 ])
 
 export { auditUsageGuide }

package/src/commands/scan/sca/scaAnalysis.js

@@ -21,7 +21,7 @@ const {
 const i18n = require('i18n')
 const {
   vulnerabilityReportV2
-} = require('../../../audit/languageAnalysisEngine/report/reportingFeature')
+} = require('../../../audit/report/reportingFeature')
 const auditSave = require('../../../audit/save')
 const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet')
 const { auditUsageGuide } = require('../../audit/help')
@@ -77,7 +77,7 @@ const processSca = async config => {
         messageToSend = rubyAnalysis(config, filesFound[0])
         config.language = RUBY
         break
-      case 'PHP':
+      case PHP:
         messageToSend = phpAnalysis.phpAnalysis(config, filesFound[0])
         config.language = PHP
         break

package/src/common/HTTPClient.js

@@ -212,6 +212,7 @@ HTTPClient.prototype.sendSnapshot = function sendSnapshot(requestBody, config) {
   let url = createSnapshotURL(config)
   options.url = url
   options.body = requestBody
+
   return requestUtils.sendRequest({ method: 'post', options })
 }
 

package/src/common/commonHelp.ts

@@ -0,0 +1,13 @@
+import i18n from 'i18n'
+
+export function commonHelpLinks() {
+  return {
+    header: i18n.__('commonHelpHeader'),
+    content: [
+      i18n.__('commonHelpCheckOutHeader') + i18n.__('commonHelpCheckOutText'),
+      i18n.__('commonHelpLearnMoreHeader') + i18n.__('commonHelpLearnMoreText'),
+      i18n.__('commonHelpJoinDiscussionHeader') +
+        i18n.__('commonHelpJoinDiscussionText')
+    ]
+  }
+}

package/src/common/versionChecker.ts

@@ -18,11 +18,11 @@ const getLatestVersion = async (config: any) => {
   }
 }
 
-// @ts-ignore
 export async function findLatestCLIVersion(config: ContrastConf) {
-  const messageHidden = config.get('isCI') as boolean
-
-  if (!messageHidden) {
+  const isCI = process.env.CONTRAST_CODESEC_CI
+    ? JSON.parse(process.env.CONTRAST_CODESEC_CI)
+    : false
+  if (!isCI) {
     let latestCLIVersion: string = await getLatestVersion(config)
     //strip key
     latestCLIVersion = latestCLIVersion.substring(8)

package/src/constants/constants.js

@@ -14,7 +14,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 // App
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.11'
+const APP_VERSION = '1.0.12'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'
@@ -32,7 +32,7 @@ const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com'
 const SARIF_FILE = 'SARIF'
 const SBOM_CYCLONE_DX_FILE = 'cyclonedx'
 const SBOM_SPDX_FILE = 'spdx'
-const CE_URL = 'https://ce.contrastsecurity.com/'
+const CE_URL = 'https://ce.contrastsecurity.com'
 
 module.exports = {
   supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },

package/src/constants/locales.js

@@ -441,6 +441,15 @@ const en_locales = () => {
     auditReportFailureMessage: 'Unable to generate library report',
     auditSCAAnalysisBegins: 'Contrast SCA audit started',
     auditSCAAnalysisComplete: 'Contrast audit complete',
+    commonHelpHeader: 'Need More Help?',
+    commonHelpCheckOutHeader: chalk.hex('#9DC184')('Check out:'),
+    commonHelpCheckOutText: ' https://support.contrastsecurity.com',
+    commonHelpLearnMoreHeader: chalk.hex('#9DC184')('Learn more at:'),
+    commonHelpLearnMoreText: ' https://developer.contrastsecurity.com',
+    commonHelpJoinDiscussionHeader: chalk.hex('#9DC184')(
+      'Join the discussion:'
+    ),
+    commonHelpJoinDiscussionText: ' https://dev.to/codesec',
     ...lambda
   }
 }

package/src/constants.js

@@ -2,6 +2,7 @@ const commandLineUsage = require('command-line-usage')
 const i18n = require('i18n')
 const { en_locales } = require('./constants/locales.js')
 const { parseSeverity } = require('./common/fail')
+const { commonHelpLinks } = require('./common/commonHelp')
 
 i18n.configure({
   staticCatalog: {
@@ -410,16 +411,13 @@ const mainUsageGuide = commandLineUsage([
       { name: i18n.__('helpName'), summary: i18n.__('helpSummary') }
     ]
   },
-  {
-    content:
-      '{underline https://developer.contrastsecurity.com/} \n For technical support head to {underline https://support.contrastsecurity.com}'
-  },
   {
     header: i18n.__('configHeader2'),
     content: [
       { name: i18n.__('clearHeader'), summary: i18n.__('clearContent') }
     ]
-  }
+  },
+  commonHelpLinks()
 ])
 
 const mainDefinition = [{ name: 'command', defaultOption: true }]

package/src/lambda/help.ts

@@ -1,5 +1,6 @@
 import commandLineUsage from 'command-line-usage'
 import i18n from 'i18n'
+import { commonHelpLinks } from '../common/commonHelp'
 
 const lambdaUsageGuide = commandLineUsage([
   {
@@ -80,9 +81,7 @@ const lambdaUsageGuide = commandLineUsage([
       { name: i18n.__('lambdaHelpOption'), summary: i18n.__('helpSummary') }
     ]
   },
-  {
-    content: '{underline https://www.contrastsecurity.com/developer/codesec}'
-  }
+  commonHelpLinks()
 ])
 
 export { lambdaUsageGuide }

package/src/scaAnalysis/common/treeUpload.js

@@ -10,6 +10,7 @@ const commonSendSnapShot = async (analysis, config) => {
         cliVersion: APP_VERSION,
         snapshot: analysis
       })
+
   const client = commonApi.getHttpClient(config)
   return client
     .sendSnapshot(requestBody, config)

package/src/scaAnalysis/php/analysis.js

@@ -5,7 +5,7 @@ const _ = require('lodash')
 const readFile = (config, nameOfFile) => {
   if (config.file) {
     try {
-      return fs.readFileSync(config.file + '/' + nameOfFile)
+      return fs.readFileSync(config.file + '/' + nameOfFile, 'utf8')
     } catch (error) {
       console.log('Unable to find file')
       console.log(error)

package/src/scaAnalysis/php/index.js

@@ -1,13 +1,19 @@
 const { readFile, parseProjectFiles } = require('./analysis')
 const { createPhpTSMessage } = require('../common/formatMessage')
+const { parsePHPLockFileForScaServices } = require('./phpNewServicesMapper')
 
-const phpAnalysis = (config, files) => {
-  let analysis = readFiles(config, files.PHP)
-  const phpDep = parseProjectFiles(analysis)
-  return createPhpTSMessage(phpDep)
+const phpAnalysis = config => {
+  let analysis = readFiles(config)
+
+  if (config.experimental) {
+    return parsePHPLockFileForScaServices(analysis.rawLockFileContents)
+  } else {
+    const phpDep = parseProjectFiles(analysis)
+    return createPhpTSMessage(phpDep)
+  }
 }
 
-const readFiles = (config, files) => {
+const readFiles = config => {
   let php = {}
 
   php.composerJSON = JSON.parse(readFile(config, 'composer.json'))
@@ -18,5 +24,5 @@ const readFiles = (config, files) => {
 }
 
 module.exports = {
-  phpAnalysis
+  phpAnalysis: phpAnalysis
 }

package/src/scaAnalysis/php/phpNewServicesMapper.js

@@ -0,0 +1,77 @@
+const { keyBy, merge } = require('lodash')
+
+const parsePHPLockFileForScaServices = phpLockFile => {
+  const packages = keyBy(phpLockFile.packages, 'name')
+  const packagesDev = keyBy(phpLockFile['packages-dev'], 'name')
+
+  return merge(buildDepTree(packages, true), buildDepTree(packagesDev, false))
+}
+
+const buildDepTree = (packages, isProduction) => {
+  //builds deps into flat structure
+  const dependencyTree = {}
+
+  for (const packagesKey in packages) {
+    const currentObj = packages[packagesKey]
+    const { group, name } = findGroupAndName(currentObj.name)
+
+    const key = `${group}/${name}@${currentObj.version}`
+    dependencyTree[key] = {
+      group: group,
+      name: name,
+      version: currentObj.version,
+      directDependency: true,
+      isProduction: isProduction,
+      dependencies: []
+    }
+
+    const mergedChildDeps = merge(
+      buildSubDepsIntoFlatStructure(currentObj.require),
+      buildSubDepsIntoFlatStructure(currentObj['require-dev'])
+    )
+
+    for (const childKey in mergedChildDeps) {
+      const { group, name } = findGroupAndName(childKey)
+      const builtKey = `${group}/${name}`
+      dependencyTree[builtKey] = mergedChildDeps[childKey]
+    }
+  }
+  return dependencyTree
+}
+
+// currently sub deps will be built into a flat structure
+// but not ingested via the new services as they do not have concrete versions
+const buildSubDepsIntoFlatStructure = childDeps => {
+  const dependencyTree = {}
+
+  for (const dep in childDeps) {
+    const version = childDeps[dep]
+    const { group, name } = findGroupAndName(dep)
+    const key = `${group}/${name}`
+    dependencyTree[key] = {
+      group: group,
+      name: name,
+      version: version,
+      directDependency: false,
+      isProduction: false,
+      dependencies: []
+    }
+  }
+  return dependencyTree
+}
+
+const findGroupAndName = groupAndName => {
+  if (groupAndName.includes('/')) {
+    const groupName = groupAndName.split('/')
+    return { group: groupName[0], name: groupName[1] }
+  } else {
+    return { group: groupAndName, name: groupAndName }
+  }
+}
+
+module.exports = {
+  parsePHPLockFileForScaServices,
+  buildDepTree,
+  buildSubDepsIntoFlatStructure,
+  findGroupAndName
+}

package/src/scan/help.js

@@ -1,6 +1,7 @@
 const commandLineUsage = require('command-line-usage')
 const i18n = require('i18n')
 const constants = require('../constants')
+const { commonHelpLinks } = require('../common/commonHelp')
 
 const scanUsageGuide = commandLineUsage([
   {
@@ -35,9 +36,7 @@ const scanUsageGuide = commandLineUsage([
       'application-name'
     ]
   },
-  {
-    content: '{underline https://www.contrastsecurity.com}'
-  }
+  commonHelpLinks()
 ])
 
 module.exports = {

package/src/scan/scanConfig.js

@@ -1,5 +1,5 @@
 const paramHandler = require('../utils/paramsUtil/paramHandler')
-const constants = require('../../src/constants.js')
+const constants = require('../constants.js')
 const path = require('path')
 const { supportedLanguagesScan } = require('../constants/constants')
 const i18n = require('i18n')

package/src/scan/scanResults.js

@@ -93,9 +93,15 @@ const returnScanResults = async (
           'Contrast Scan timed out at the specified ' + timeout + ' seconds.'
         )
 
-        if (!config.isCI) {
+        const isCI = process.env.CONTRAST_CODESEC_CI
+          ? JSON.parse(process.env.CONTRAST_CODESEC_CI)
+          : false
+        if (!isCI) {
           const retry = await retryScanPrompt()
           timeout = retry.timeout
+        } else {
+          console.log('Please try again, allowing more time')
+          process.exit(1)
         }
       }
     }

package/src/utils/getConfig.ts

@@ -1,4 +1,5 @@
 import Conf from 'conf'
+import { CE_URL } from '../constants/constants'
 
 type ContrastConfOptions = Partial<{
   version: string
@@ -7,7 +8,6 @@ type ContrastConfOptions = Partial<{
   orgId: string
   authHeader: string
   numOfRuns: number
-  isCI: boolean
 }>
 
 type ContrastConf = Conf<ContrastConfOptions>
@@ -18,15 +18,8 @@ const localConfig = (name: string, version: string) => {
   })
   config.set('version', version)
 
-  if (process.env.CONTRAST_CODSEC_CI) {
-    config.set(
-      'isCI',
-      JSON.parse(process.env.CONTRAST_CODSEC_CI.toLowerCase()) as boolean
-    )
-  }
-
   if (!config.has('host')) {
-    config.set('host', 'https://ce.contrastsecurity.com/')
+    config.set('host', CE_URL)
   }
   return config
 }