@contrast/contrast 1.0.12 → 1.0.13

package/src/scaAnalysis/ruby/analysis.js

@@ -1,6 +1,27 @@
 const fs = require('fs')
 const i18n = require('i18n')
 
+const getRubyDeps = (config, languageFiles) => {
+  try {
+    checkForCorrectFiles(languageFiles)
+    const parsedGem = readAndParseGemfile(config.file)
+    const parsedLock = readAndParseGemLockFile(config.file)
+    if (config.experimental) {
+      const rubyArray = removeRedundantAndPopulateDefinedElements(
+        parsedLock.sources
+      )
+      let rubyTree = createRubyTree(rubyArray)
+      findChildrenDependencies(rubyTree)
+      processRootDependencies(parsedLock.dependencies, rubyTree)
+      return rubyTree
+    } else {
+      return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock }
+    }
+  } catch (err) {
+    throw err
+  }
+}
+
 const readAndParseGemfile = file => {
   const gemFile = fs.readFileSync(file + '/Gemfile', 'utf8')
   const rubyArray = gemFile.split('\n')
@@ -242,16 +263,119 @@ const buildSourceDependencyWithVersion = (
   return dependencies
 }
 
-const getRubyDeps = (config, languageFiles) => {
-  try {
-    checkForCorrectFiles(languageFiles)
-    const parsedGem = readAndParseGemfile(config.file)
-    const parsedLock = readAndParseGemLockFile(config.file)
+const processRootDependencies = (rootDependencies, rubyTree) => {
+  const getParentObjectByName = queryToken =>
+    Object.values(rubyTree).filter(({ name }) => name === queryToken)
 
-    return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock }
-  } catch (err) {
-    throw err
+  for (let parent in rootDependencies) {
+    let parentObject = getParentObjectByName(parent)
+
+    // ignore root dependencies that don't have a resolved version
+    if (parentObject[0]) {
+      let gav =
+        parentObject[0].group +
+        '/' +
+        parentObject[0].name +
+        '@' +
+        parentObject[0].version
+
+      rubyTree[gav] = parentObject[0]
+      rubyTree[gav].directDependency = true
+    }
+  }
+  return rubyTree
+}
+
+const createRubyTree = rubyArray => {
+  let rubyTree = {}
+  for (let x in rubyArray) {
+    let version = rubyArray[x].resolved
+
+    let gav = rubyArray[x].group + '/' + rubyArray[x].name + '@' + version
+    rubyTree[gav] = rubyArray[x]
+    rubyTree[gav].directDependency = false
+    rubyTree[gav].version = version
+
+    // add dependency array if none exists
+    if (!rubyTree[gav].dependencies) {
+      rubyTree[gav].dependencies = []
+    }
+
+    delete rubyTree[gav].resolved
+  }
+  return rubyTree
+}
+
+const findChildrenDependencies = rubyTree => {
+  for (let dep in rubyTree) {
+    let unResolvedChildDepsKey = Object.keys(rubyTree[dep].dependencies)
+    rubyTree[dep].dependencies = resolveVersionOfChildDependencies(
+      unResolvedChildDepsKey,
+      rubyTree
+    )
+  }
+}
+
+const resolveVersionOfChildDependencies = (
+  unResolvedChildDepsKey,
+  rubyObject
+) => {
+  const getParentObjectByName = queryToken =>
+    Object.values(rubyObject).filter(({ name }) => name === queryToken)
+  let resolvedChildrenDependencies = []
+  for (let childDep in unResolvedChildDepsKey) {
+    let childDependencyName = unResolvedChildDepsKey[childDep]
+    let parent = getParentObjectByName(childDependencyName)
+    resolvedChildrenDependencies.push(
+      'null/' + childDependencyName + '@' + parent[0].version
+    )
   }
+  return resolvedChildrenDependencies
+}
+
+const removeRedundantAndPopulateDefinedElements = deps => {
+  return deps.map(element => {
+    if (element.sourceType === 'GIT') {
+      delete element.sourceType
+      delete element.remote
+      delete element.platform
+
+      element.group = null
+      element.isProduction = true
+    }
+
+    if (element.sourceType === 'GEM') {
+      element.group = null
+      element.isProduction = true
+
+      delete element.sourceType
+      delete element.remote
+      delete element.platform
+    }
+
+    if (element.sourceType === 'PATH') {
+      element.group = null
+      element.isProduction = true
+
+      delete element.platform
+      delete element.sourceType
+      delete element.remote
+    }
+
+    if (element.sourceType === 'BUNDLED WITH') {
+      element.group = null
+      element.isProduction = true
+
+      delete element.sourceType
+      delete element.remote
+      delete element.branch
+      delete element.revision
+      delete element.depthLevel
+      delete element.specs
+      delete element.platform
+    }
+    return element
+  })
 }
 
 const checkForCorrectFiles = languageFiles => {
@@ -281,5 +405,9 @@ module.exports = {
   getPatchLevel,
   formatSourceArr,
   getSourceArray,
-  checkForCorrectFiles
+  checkForCorrectFiles,
+  removeRedundantAndPopulateDefinedElements,
+  createRubyTree,
+  findChildrenDependencies,
+  processRootDependencies
 }

package/src/scaAnalysis/ruby/index.js

@@ -3,7 +3,12 @@ const { createRubyTSMessage } = require('../common/formatMessage')
 
 const rubyAnalysis = (config, languageFiles) => {
   const rubyDeps = analysis.getRubyDeps(config, languageFiles.RUBY)
-  return createRubyTSMessage(rubyDeps)
+
+  if (config.experimental) {
+    return rubyDeps
+  } else {
+    return createRubyTSMessage(rubyDeps)
+  }
 }
 
 module.exports = {

package/src/scan/scanResults.js

@@ -94,7 +94,7 @@ const returnScanResults = async (
         )
 
         const isCI = process.env.CONTRAST_CODESEC_CI
-          ? JSON.parse(process.env.CONTRAST_CODESEC_CI)
+          ? JSON.parse(process.env.CONTRAST_CODESEC_CI.toLowerCase())
           : false
         if (!isCI) {
           const retry = await retryScanPrompt()

package/src/{audit/languageAnalysisEngine/util → utils}/generalAPI.js

@@ -1,13 +1,13 @@
 const { featuresTeamServer } = require('./capabilities')
 const semver = require('semver')
-const { handleResponseErrors } = require('../../../common/errorHandling')
-const { getHttpClient } = require('../../../utils/commonApi')
+const { handleResponseErrors } = require('../common/errorHandling')
+const commonApi = require('./commonApi')
+const { isNil } = require('lodash')
 
 const getGlobalProperties = async config => {
-  const client = getHttpClient(config)
-
+  const client = commonApi.getHttpClient(config)
   return client
-    .getGlobalProperties(config)
+    .getGlobalProperties(config.host)
     .then(res => {
       if (res.statusCode === 200) {
         return res.body
@@ -20,6 +20,15 @@ const getGlobalProperties = async config => {
     })
 }
 
+const getMode = async config => {
+  const features = await getGlobalProperties(config)
+
+  if (!isNil(features?.mode)) {
+    return features.mode
+  }
+  return ''
+}
+
 const getFeatures = version => {
   const featuresEnabled = []
 
@@ -39,5 +48,6 @@ const isFeatureEnabled = (features, featureName) => {
 module.exports = {
   getGlobalProperties,
   getFeatures,
-  isFeatureEnabled
+  isFeatureEnabled,
+  getMode
 }