@contrast/contrast 1.0.13 → 1.0.14

package/dist/audit/report/commonReportingFunctions.js

@@ -1,72 +1,64 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getNumOfAndSeverityType = exports.buildFormattedHeaderNum = exports.gatherRemediationAdvice = exports.buildBody = exports.buildHeader = exports.printFormattedOutput = exports.printVulnerabilityResponse = exports.getReport = exports.createSummaryMessageBottom = exports.createSummaryMessageTop = void 0;
-const commonApi_1 = require("../../utils/commonApi");
-const reportListModel_1 = require("./models/reportListModel");
-const lodash_1 = require("lodash");
-const chalk_1 = __importDefault(require("chalk"));
-const reportUtils_1 = require("./utils/reportUtils");
-const severityCountModel_1 = require("./models/severityCountModel");
-const reportOutputModel_1 = require("./models/reportOutputModel");
-const constants_1 = require("../../constants/constants");
-const cli_table3_1 = __importDefault(require("cli-table3"));
-const reportGuidanceModel_1 = require("./models/reportGuidanceModel");
+const commonApi = require('../../utils/commonApi');
+const { ReportCompositeKey, ReportList, ReportModelStructure } = require('./models/reportListModel');
+const { orderBy } = require('lodash');
+const chalk = require('chalk');
+const { countVulnerableLibrariesBySeverity, orderByHighestPriority, findHighestSeverityCVE, findNameAndVersion, severityCountAllCVEs, findCVESeverity } = require('./utils/reportUtils');
+const { SeverityCountModel } = require('./models/severityCountModel');
+const { ReportOutputBodyModel, ReportOutputHeaderModel, ReportOutputModel } = require('./models/reportOutputModel');
+const { CE_URL, CRITICAL_COLOUR, HIGH_COLOUR, LOW_COLOUR, MEDIUM_COLOUR, NOTE_COLOUR } = require('../../constants/constants');
+const Table = require('cli-table3');
+const { ReportGuidanceModel } = require('./models/reportGuidanceModel');
+const i18n = require('i18n');
 const createSummaryMessageTop = (numberOfVulnerableLibraries, numberOfCves) => {
     numberOfVulnerableLibraries === 1
         ? console.log(`Found 1 vulnerable library containing ${numberOfCves} CVE`)
         : console.log(`Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs`);
 };
-exports.createSummaryMessageTop = createSummaryMessageTop;
-const createSummaryMessageBottom = (numberOfVulnerableLibraries) => {
+const createSummaryMessageBottom = numberOfVulnerableLibraries => {
     numberOfVulnerableLibraries === 1
-        ? console.log(`Found 1 vulnerable library`)
-        : console.log(`Found ${numberOfVulnerableLibraries} vulnerable libraries`);
+        ? console.log(`Found 1 vulnerability`)
+        : console.log(`Found ${numberOfVulnerableLibraries} vulnerabilities`);
 };
-exports.createSummaryMessageBottom = createSummaryMessageBottom;
 const getReport = async (config, reportId) => {
-    const client = (0, commonApi_1.getHttpClient)(config);
+    const client = commonApi.getHttpClient(config);
     return client
         .getReportById(config, reportId)
-        .then((res) => {
+        .then(res => {
         if (res.statusCode === 200) {
             return res.body;
         }
         else {
-            console.log(JSON.stringify(res));
-            (0, commonApi_1.handleResponseErrors)(res, 'report');
+            console.log(JSON.stringify(res.statusCode));
+            commonApi.handleResponseErrors(res, 'report');
         }
     })
-        .catch((err) => {
+        .catch(err => {
         console.log(err);
     });
 };
-exports.getReport = getReport;
 const printVulnerabilityResponse = (config, vulnerableLibraries, numberOfVulnerableLibraries, numberOfCves, guidance) => {
     let hasSomeVulnerabilitiesReported = false;
-    (0, exports.printFormattedOutput)(config, vulnerableLibraries, numberOfVulnerableLibraries, numberOfCves, guidance);
+    printFormattedOutput(config, vulnerableLibraries, numberOfVulnerableLibraries, numberOfCves, guidance);
     if (Object.keys(vulnerableLibraries).length > 0) {
         hasSomeVulnerabilitiesReported = true;
     }
     return hasSomeVulnerabilitiesReported;
 };
-exports.printVulnerabilityResponse = printVulnerabilityResponse;
 const printFormattedOutput = (config, libraries, numberOfVulnerableLibraries, numberOfCves, guidance) => {
-    (0, exports.createSummaryMessageTop)(numberOfVulnerableLibraries, numberOfCves);
+    createSummaryMessageTop(numberOfVulnerableLibraries, numberOfCves);
     console.log();
-    const report = new reportListModel_1.ReportList();
+    const report = new ReportList();
     for (const library of libraries) {
-        const { name, version } = (0, reportUtils_1.findNameAndVersion)(library, config);
-        const newOutputModel = new reportListModel_1.ReportModelStructure(new reportListModel_1.ReportCompositeKey(name, version, (0, reportUtils_1.findHighestSeverityCVE)(library.cveArray), (0, reportUtils_1.severityCountAllCVEs)(library.cveArray, new severityCountModel_1.SeverityCountModel()).getTotal), library.cveArray);
+        const { name, version } = findNameAndVersion(library, config);
+        const newOutputModel = new ReportModelStructure(new ReportCompositeKey(name, version, findHighestSeverityCVE(library.cveArray), severityCountAllCVEs(library.cveArray, new SeverityCountModel()).getTotal), library.cveArray);
         report.reportOutputList.push(newOutputModel);
     }
-    const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = (0, lodash_1.orderBy)(report.reportOutputList, [
-        (reportListItem) => {
+    const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(report.reportOutputList, [
+        reportListItem => {
             return reportListItem.compositeKey.highestSeverity.priority;
         },
-        (reportListItem) => {
+        reportListItem => {
             return reportListItem.compositeKey.numberOfSeverities;
         }
     ], ['asc', 'desc']);
@@ -75,83 +67,81 @@ const printFormattedOutput = (config, libraries, numberOfVulnerableLibraries, nu
         contrastHeaderNumCounter++;
         const { libraryName, libraryVersion, highestSeverity } = reportModel.compositeKey;
         const numOfCVEs = reportModel.cveArray.length;
-        const table = new cli_table3_1.default({
-            chars: {
-                top: '',
-                'top-mid': '',
-                'top-left': '',
-                'top-right': '',
-                bottom: '',
-                'bottom-mid': '',
-                'bottom-left': '',
-                'bottom-right': '',
-                left: '',
-                'left-mid': '',
-                mid: '',
-                'mid-mid': '',
-                right: '',
-                'right-mid': '',
-                middle: ' '
-            },
-            style: { 'padding-left': 0, 'padding-right': 0 },
-            colAligns: ['right'],
-            wordWrap: true,
-            colWidths: [12, 1, 100]
-        });
+        const table = getReportTable();
         const header = buildHeader(highestSeverity, contrastHeaderNumCounter, libraryName, libraryVersion, numOfCVEs);
         const advice = gatherRemediationAdvice(guidance, libraryName, libraryVersion);
         const body = buildBody(reportModel.cveArray, advice);
-        const reportOutputModel = new reportOutputModel_1.ReportOutputModel(header, body);
+        const reportOutputModel = new ReportOutputModel(header, body);
         table.push(reportOutputModel.body.issueMessage, reportOutputModel.body.adviceMessage);
         console.log(reportOutputModel.header.vulnMessage, reportOutputModel.header.introducesMessage);
         console.log(table.toString() + '\n');
     }
-    (0, exports.createSummaryMessageBottom)(numberOfVulnerableLibraries);
+    createSummaryMessageBottom(numberOfVulnerableLibraries);
     const { criticalMessage, highMessage, mediumMessage, lowMessage, noteMessage } = buildFooter(outputOrderedByLowestSeverityAndLowestNumOfCvesFirst);
     console.log(`${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`);
-    if (config.host !== constants_1.CE_URL) {
-        console.log('\n' + chalk_1.default.bold('View your full dependency tree in Contrast:'));
+    if (config.host !== CE_URL) {
+        console.log('\n' + chalk.bold('View your full dependency tree in Contrast:'));
         console.log(`${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
     }
 };
-exports.printFormattedOutput = printFormattedOutput;
+function getReportTable() {
+    return new Table({
+        chars: {
+            top: '',
+            'top-mid': '',
+            'top-left': '',
+            'top-right': '',
+            bottom: '',
+            'bottom-mid': '',
+            'bottom-left': '',
+            'bottom-right': '',
+            left: '',
+            'left-mid': '',
+            mid: '',
+            'mid-mid': '',
+            right: '',
+            'right-mid': '',
+            middle: ' '
+        },
+        style: { 'padding-left': 0, 'padding-right': 0 },
+        colAligns: ['right'],
+        wordWrap: true,
+        colWidths: [12, 1, 100]
+    });
+}
 function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, numOfCVEs) {
     const vulnerabilityPluralised = numOfCVEs > 1 ? 'vulnerabilities' : 'vulnerability';
     const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum);
-    const headerColour = chalk_1.default.hex(highestSeverity.outputColour);
+    const headerColour = chalk.hex(highestSeverity.colour);
     const headerNumAndSeverity = headerColour(`${formattedHeaderNum} - [${highestSeverity.severity}]`);
     const libraryNameAndVersion = headerColour.bold(`${libraryName}-${version}`);
     const vulnMessage = `${headerNumAndSeverity} ${libraryNameAndVersion}`;
     const introducesMessage = `introduces ${numOfCVEs} ${vulnerabilityPluralised}`;
-    return new reportOutputModel_1.ReportOutputHeaderModel(vulnMessage, introducesMessage);
+    return new ReportOutputHeaderModel(vulnMessage, introducesMessage);
 }
-exports.buildHeader = buildHeader;
 function buildBody(cveArray, advice) {
-    const cveMessages = [];
-    (0, reportUtils_1.findCVESeveritiesAndOrderByHighestPriority)(cveArray).forEach(reportSeverityModel => {
-        const { outputColour, severity, cveName } = reportSeverityModel;
-        const severityShorthand = chalk_1.default
-            .hex(outputColour)
-            .bold(`[${severity.charAt(0).toUpperCase()}]`);
-        const builtMessage = severityShorthand + cveName;
-        cveMessages.push(builtMessage);
-    });
-    const numAndSeverityType = getNumOfAndSeverityType(cveArray);
-    const issueMessage = [
-        chalk_1.default.bold('Issue'),
-        ':',
-        `${numAndSeverityType} ${cveMessages.join(', ')}`
-    ];
+    let assignPriorityToVulns = cveArray.map(result => findCVESeverity(result));
+    const issueMessage = getIssueRow(assignPriorityToVulns);
     const minOrMax = advice.maximum ? advice.maximum : advice.minimum;
     const displayAdvice = minOrMax
-        ? `Change to version ${chalk_1.default.bold(minOrMax)}`
+        ? `Change to version ${chalk.bold(minOrMax)}`
         : 'No recommendation is available according to our data. Upgrade to the latest stable is the best advice we can give.';
-    const adviceMessage = [chalk_1.default.bold('Advice'), ':', displayAdvice];
-    return new reportOutputModel_1.ReportOutputBodyModel(issueMessage, adviceMessage);
+    const adviceMessage = [chalk.bold('Advice'), ':', displayAdvice];
+    return new ReportOutputBodyModel(issueMessage, adviceMessage);
+}
+function getIssueRow(cveArray) {
+    orderByHighestPriority(cveArray);
+    const cveMessagesList = getIssueCveMsgList(cveArray);
+    const cveNumbers = getSeverityCounts(cveArray);
+    const numAndSeverityTypeDesc = getNumOfAndSeverityType(cveNumbers);
+    return [
+        chalk.bold('Issue'),
+        ':',
+        `${numAndSeverityTypeDesc} ${cveMessagesList.join(', ')}`
+    ];
 }
-exports.buildBody = buildBody;
 function gatherRemediationAdvice(guidance, libraryName, libraryVersion) {
-    const guidanceModel = new reportGuidanceModel_1.ReportGuidanceModel();
+    const guidanceModel = new ReportGuidanceModel();
     const data = guidance[libraryName + '@' + libraryVersion];
     if (data) {
         guidanceModel.minimum = data.minUpgradeVersion;
@@ -159,43 +149,29 @@ function gatherRemediationAdvice(guidance, libraryName, libraryVersion) {
     }
     return guidanceModel;
 }
-exports.gatherRemediationAdvice = gatherRemediationAdvice;
 function buildFormattedHeaderNum(contrastHeaderNum) {
     return `CONTRAST-${contrastHeaderNum.toString().padStart(3, '0')}`;
 }
-exports.buildFormattedHeaderNum = buildFormattedHeaderNum;
-function getNumOfAndSeverityType(cveArray) {
-    const { critical, high, medium, low, note } = (0, reportUtils_1.severityCountAllCVEs)(cveArray, new severityCountModel_1.SeverityCountModel());
-    const criticalNumCheck = critical > 0;
-    const highNumCheck = high > 0;
-    const highDivider = highNumCheck ? '|' : '';
-    const mediumNumCheck = medium > 0;
-    const mediumDivider = mediumNumCheck ? '|' : '';
-    const lowNumCheck = low > 0;
-    const lowDivider = lowNumCheck ? '|' : '';
-    const noteNumCheck = low > 0;
-    const noteDivider = noteNumCheck ? '|' : '';
-    const criticalMessage = criticalNumCheck
-        ? `${critical} Critical ${highDivider}`
-        : '';
-    const highMessage = highNumCheck ? `${high} High ${mediumDivider}` : '';
-    const mediumMessage = mediumNumCheck ? `${medium} Medium ${lowDivider}` : '';
-    const lowMessage = lowNumCheck ? `${low} Low ${noteDivider}` : '';
-    const noteMessage = noteNumCheck ? `${note} Note` : '';
-    return `${criticalMessage} ${highMessage} ${mediumMessage} ${lowMessage} ${noteMessage}`
+function getNumOfAndSeverityType(cveNumbers) {
+    const { critical, high, medium, low, note } = cveNumbers;
+    const criticalMsg = critical > 0 ? `${critical} Critical | ` : '';
+    const highMsg = high > 0 ? `${high} High | ` : '';
+    const mediumMsg = medium > 0 ? `${medium} Medium | ` : '';
+    const lowMsg = low > 0 ? `${low} Low | ` : '';
+    const noteMsg = note > 0 ? `${note} Note` : '';
+    return `${criticalMsg} ${highMsg} ${mediumMsg} ${lowMsg} ${noteMsg}`
         .replace(/\s+/g, ' ')
         .trim();
 }
-exports.getNumOfAndSeverityType = getNumOfAndSeverityType;
-const buildFooter = (reportModelStructure) => {
-    const { critical, high, medium, low, note } = (0, reportUtils_1.countVulnerableLibrariesBySeverity)(reportModelStructure);
-    const criticalMessage = chalk_1.default
-        .hex(constants_1.CRITICAL_COLOUR)
+const buildFooter = reportModelStructure => {
+    const { critical, high, medium, low, note } = countVulnerableLibrariesBySeverity(reportModelStructure);
+    const criticalMessage = chalk
+        .hex(CRITICAL_COLOUR)
         .bold(`${critical} Critical`);
-    const highMessage = chalk_1.default.hex(constants_1.HIGH_COLOUR).bold(`${high} High`);
-    const mediumMessage = chalk_1.default.hex(constants_1.MEDIUM_COLOUR).bold(`${medium} Medium`);
-    const lowMessage = chalk_1.default.hex(constants_1.LOW_COLOUR).bold(`${low} Low`);
-    const noteMessage = chalk_1.default.hex(constants_1.NOTE_COLOUR).bold(`${note} Note`);
+    const highMessage = chalk.hex(HIGH_COLOUR).bold(`${high} High`);
+    const mediumMessage = chalk.hex(MEDIUM_COLOUR).bold(`${medium} Medium`);
+    const lowMessage = chalk.hex(LOW_COLOUR).bold(`${low} Low`);
+    const noteMessage = chalk.hex(NOTE_COLOUR).bold(`${note} Note`);
     return {
         criticalMessage,
         highMessage,
@@ -204,3 +180,86 @@ const buildFooter = (reportModelStructure) => {
         noteMessage
     };
 };
+const getIssueCveMsgList = results => {
+    const cveMessages = [];
+    results.forEach(reportSeverityModel => {
+        const { colour, severity, name } = reportSeverityModel;
+        const severityShorthand = chalk
+            .hex(colour)
+            .bold(`[${severity.charAt(0).toUpperCase()}]`);
+        const builtMessage = severityShorthand + name;
+        cveMessages.push(builtMessage);
+    });
+    return cveMessages;
+};
+const getSeverityCounts = results => {
+    const acc = {
+        critical: 0,
+        high: 0,
+        medium: 0,
+        low: 0,
+        note: 0,
+        total: 0
+    };
+    if (results && results.length > 0) {
+        results.forEach(i => {
+            acc[i.severity.toLowerCase()] += 1;
+            acc.total += 1;
+            return acc;
+        });
+    }
+    return acc;
+};
+const printNoVulnFoundMsg = () => {
+    console.log(i18n.__('scanNoVulnerabilitiesFound'));
+    console.log(i18n.__('scanNoVulnerabilitiesFoundSecureCode'));
+    console.log(i18n.__('scanNoVulnerabilitiesFoundGoodWork'));
+    console.log(chalk.bold(`Found 0 vulnerabilities`));
+    console.log(i18n.__('foundDetailedVulnerabilities', String(0), String(0), String(0), String(0), String(0)));
+};
+const printVulnInfo = projectOverview => {
+    const totalVulnerabilities = projectOverview.total;
+    createSummaryMessageBottom(totalVulnerabilities);
+    const formattedValues = severityFormatted(projectOverview);
+    console.log(i18n.__('foundDetailedVulnerabilities', String(formattedValues.criticalFormatted), String(formattedValues.highFormatted), String(formattedValues.mediumFormatted), String(formattedValues.lowFormatted), String(formattedValues.noteFormatted)));
+};
+const severityFormatted = projectOverview => {
+    const criticalFormatted = chalk
+        .hex(CRITICAL_COLOUR)
+        .bold(`${projectOverview.critical} Critical`);
+    const highFormatted = chalk
+        .hex(HIGH_COLOUR)
+        .bold(`${projectOverview.high} High`);
+    const mediumFormatted = chalk
+        .hex(MEDIUM_COLOUR)
+        .bold(`${projectOverview.medium} Medium`);
+    const lowFormatted = chalk.hex(LOW_COLOUR).bold(`${projectOverview.low} Low`);
+    const noteFormatted = chalk
+        .hex(NOTE_COLOUR)
+        .bold(`${projectOverview.note} Note`);
+    return {
+        criticalFormatted,
+        highFormatted,
+        mediumFormatted,
+        lowFormatted,
+        noteFormatted
+    };
+};
+module.exports = {
+    createSummaryMessageTop,
+    getReport,
+    createSummaryMessageBottom,
+    printVulnerabilityResponse,
+    printFormattedOutput,
+    getReportTable,
+    buildHeader,
+    buildBody,
+    getIssueRow,
+    gatherRemediationAdvice,
+    buildFormattedHeaderNum,
+    getNumOfAndSeverityType,
+    getIssueCveMsgList,
+    getSeverityCounts,
+    printNoVulnFoundMsg,
+    printVulnInfo
+};

package/dist/audit/report/models/reportSeverityModel.js

@@ -2,11 +2,11 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ReportSeverityModel = void 0;
 class ReportSeverityModel {
-    constructor(severity, priority, outputColour, cveName) {
+    constructor(severity, priority, colour, name) {
         this.severity = severity;
         this.priority = priority;
-        this.outputColour = outputColour;
-        this.cveName = cveName;
+        this.colour = colour;
+        this.name = name;
     }
 }
 exports.ReportSeverityModel = ReportSeverityModel;

package/dist/audit/report/reportingFeature.js

@@ -22,15 +22,10 @@ var __importStar = (this && this.__importStar) || function (mod) {
     __setModuleDefault(result, mod);
     return result;
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.vulnerabilityReportV2 = exports.formatVulnerabilityOutput = exports.convertJSDotNetPython = exports.convertKeysToStandardFormat = void 0;
 const commonReportingFunctions_1 = require("./commonReportingFunctions");
 const reportUtils_1 = require("./utils/reportUtils");
-const i18n_1 = __importDefault(require("i18n"));
-const chalk_1 = __importDefault(require("chalk"));
 const constants = __importStar(require("../../constants/constants"));
 const severityCountModel_1 = require("./models/severityCountModel");
 const common = __importStar(require("../../common/fail"));
@@ -67,11 +62,7 @@ function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, config, rem
     const guidance = convertKeysToStandardFormat(config, remediationGuidance);
     const numberOfVulnerableLibraries = vulnerableLibraries.length;
     if (numberOfVulnerableLibraries === 0) {
-        console.log(i18n_1.default.__('scanNoVulnerabilitiesFound'));
-        console.log(i18n_1.default.__('scanNoVulnerabilitiesFoundSecureCode'));
-        console.log(i18n_1.default.__('scanNoVulnerabilitiesFoundGoodWork'));
-        console.log(chalk_1.default.bold(`Found ${numberOfVulnerableLibraries} vulnerabilities`));
-        console.log(i18n_1.default.__('foundDetailedVulnerabilities', String(0), String(0), String(0), String(0), String(0)));
+        (0, commonReportingFunctions_1.printNoVulnFoundMsg)();
         return [false, 0, [new severityCountModel_1.SeverityCountModel()]];
     }
     else {

package/dist/audit/report/utils/reportUtils.js

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.countVulnerableLibrariesBySeverity = exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraryVulns = exports.findCVESeverity = exports.findCVESeveritiesAndOrderByHighestPriority = exports.findHighestSeverityCVE = void 0;
+exports.countVulnerableLibrariesBySeverity = exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraryVulns = exports.findCVESeverity = exports.orderByHighestPriority = exports.findHighestSeverityCVE = void 0;
 const reportLibraryModel_1 = require("../models/reportLibraryModel");
 const reportSeverityModel_1 = require("../models/reportSeverityModel");
 const constants_1 = __importDefault(require("../../../constants/constants"));
@@ -16,10 +16,10 @@ function findHighestSeverityCVE(cveArray) {
     return (0, lodash_1.orderBy)(mappedToReportSeverityModels, cve => cve?.priority)[0];
 }
 exports.findHighestSeverityCVE = findHighestSeverityCVE;
-function findCVESeveritiesAndOrderByHighestPriority(cves) {
-    return (0, lodash_1.orderBy)(cves.map(cve => findCVESeverity(cve)), ['priority'], ['asc']);
+function orderByHighestPriority(cves) {
+    return (0, lodash_1.orderBy)(cves, ['priority'], ['asc']);
 }
-exports.findCVESeveritiesAndOrderByHighestPriority = findCVESeveritiesAndOrderByHighestPriority;
+exports.orderByHighestPriority = orderByHighestPriority;
 function findCVESeverity(cve) {
     const cveName = cve.name;
     if (cve.cvss3SeverityCode === 'CRITICAL' || cve.severityCode === 'CRITICAL') {

package/dist/commands/scan/sca/scaAnalysis.js

@@ -2,7 +2,6 @@
 const autoDetection = require('../../../scan/autoDetection');
 const javaAnalysis = require('../../../scaAnalysis/java');
 const treeUpload = require('../../../scaAnalysis/common/treeUpload');
-const scaUpload = require('../../../scaAnalysis/common/scaServicesUpload');
 const auditController = require('../../audit/auditController');
 const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET } } = require('../../../constants/constants');
 const goAnalysis = require('../../../scaAnalysis/go/goAnalysis');

package/dist/common/errorHandling.js

@@ -47,8 +47,7 @@ const reportFailureError = () => {
     console.log(i18n_1.default.__('auditReportFailureMessage'));
 };
 exports.reportFailureError = reportFailureError;
-const genericError = (missingCliOption) => {
-    console.log(missingCliOption);
+const genericError = () => {
     console.error(i18n_1.default.__('genericErrorMessage'));
     process.exit(1);
 };

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.13';
+const APP_VERSION = '1.0.14';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';

package/dist/constants/locales.js

@@ -80,6 +80,7 @@ const en_locales = () => {
         constantsApplicationName: 'The name of the application cataloged by Contrast UI',
         constantsCatalogueApplication: 'Provide this if you want to catalogue an application',
         failOptionErrorMessage: ' FAIL - CVEs have been detected that match at least the cve_severity option specified.',
+        failOptionMessage: ' Use with contrast scan or contrast audit. Detects failures based on the severity level specified with the --severity command. For example, "contrast scan --fail --severity high". Returns all failures if no severity level is specified.',
         constantsLanguage: 'Valid values are JAVA, DOTNET, NODE, PYTHON and RUBY. If there are multiple project configuration files in the project_path, language is also required.  Also, provide this when cataloguing an application',
         constantsFilePath: `Specify a directory or the file where dependencies are declared. (By default, CodeSec will search for project files in the current directory.)`,
         constantsSilent: 'Silences JSON output.',
@@ -96,7 +97,7 @@ const en_locales = () => {
         constantsFail: 'Set the process to fail if this option is set in combination with --cve_severity.',
         failThresholdOptionErrorMessage: 'More than 0 vulnerabilities found',
         failSeverityOptionErrorMessage: ' FAIL - Results detected vulnerabilities over accepted severity level',
-        constantsSeverity: 'Allows the user to report libraries with vulnerabilities above a chosen severity level. For example, cve_severity medium only reports libraries with vulnerabilities at medium or higher severity. Values for level are high, medium or low.',
+        constantsSeverity: 'Use with "contrast scan --fail --severity high" or "contrast audit --fail --severity high". Set the severity level to detect vulnerabilities or dependencies. Severity levels are critical, high, medium, low or note.',
         constantsCount: 'The number of CVEs that must be exceeded to fail a build',
         constantsHeader: 'CodeSec by Contrast Security',
         configHeader2: 'Config options',
@@ -113,7 +114,7 @@ const en_locales = () => {
         configHeader: 'Config',
         constantsConfigUsageContents: 'view / clear the configuration',
         constantsPrerequisitesContent: 'To scan a Java project you will need a .jar or .war file for analysis\n' +
-            'To scan a Javascript project you will need a .js or.zip file for analysis\n' +
+            'To scan a Javascript project you will need a single .js or a .zip of  multiple .js files\n' +
             'To scan a .NET c# webforms project you will need a .exe or a .zip file for analysis\n',
         constantsUsage: 'Usage',
         constantsUsageCommandExample: 'contrast [command] [options]',
@@ -213,16 +214,23 @@ const en_locales = () => {
         scanOptionsFileNameSummary: 'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .exe or .zip file in the working directory.',
         scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
         authSuccessMessage: 'Authentication successful',
-        runAuthSuccessMessage: "Now you can use CodeSec by Contrast \nRun: \n'contrast scan' to run CodeSec’s industry leading SAST scanner \n'contrast audit' to find vulnerabilities in your open source dependencies \n'contrast lambda' to secure your AWS serverless functions\nor 'contrast help' to learn more about the capabilities.",
+        runAuthSuccessMessage: chalk.bold('CodeSec by Contrast') +
+            '\nScan, secure and ship your code in minutes for FREE. \n' +
+            chalk.bold('\nRun\n') +
+            chalk.bold('\ncontrast scan') +
+            " to run Contrast's industry leading SAST scanner. \nSupports Java, JavaScript and .Net \n" +
+            chalk.bold('\ncontrast audit') +
+            ' to find vulnerabilities in your open source dependencies.\nSupports Java, .NET, Node, Ruby, Python, Go and PHP \n' +
+            chalk.bold('\ncontrast lambda') +
+            ' to secure your AWS serverless functions. \nSupports Java and Python \n' +
+            chalk.bold('\ncontrast help') +
+            ' to learn more about the capabilities.',
         authWaitingMessage: 'Waiting for auth...',
         authTimedOutMessage: 'Auth Timed out, try again',
         zipErrorScan: 'We only support zip files for JAVASCRIPT language, please set the flag --language JAVASCRIPT',
         unknownFileErrorScan: 'Unsupported file selected for Scan.',
         foundScanFile: 'Found: %s',
-        foundDetailedVulnerabilities: chalk.bold('%s Critical') +
-            ' | ' +
-            chalk.bold('%s High') +
-            ' | %s Medium | %s Low | %s Note',
+        foundDetailedVulnerabilities: chalk.bold('%s') + ' | ' + chalk.bold('%s') + ' | %s | %s | %s ',
         requiredParams: 'All required parameters are not present.',
         timeoutScan: 'Timeout set to 5 minutes.',
         searchingScanFileDirectory: 'Searching for file to scan from %s...',

package/dist/constants.js

@@ -101,7 +101,7 @@ const scanOptionDefinitions = [
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('failOptionErrorMessage')
+            i18n.__('failOptionMessage')
     },
     {
         name: 'severity',
@@ -219,7 +219,7 @@ const auditOptionDefinitions = [
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('failOptionErrorMessage')
+            i18n.__('failOptionMessage')
     },
     {
         name: 'severity',

package/dist/index.js

@@ -73,11 +73,13 @@ const start = async () => {
                 const foundCommand = (0, errorHandling_1.findCommandOnError)(mainOptions._unknown);
                 foundCommand
                     ? console.log(`Unknown Command: Did you mean "${foundCommand}"? \nUse "${foundCommand} --help" for the full list of options`)
-                    : console.log(`Unknown Command: ${command} \nUse --help for the full list`);
+                    : console.log(`\nUnknown Command: ${command} \n`);
+                console.log(mainUsageGuide);
                 await (0, telemetry_1.sendTelemetryConfigAsConfObj)(config, command, argvMain, 'FAILURE', 'undefined');
             }
             else {
-                console.log(`Unknown Command: ${command} \nUse --help for the full list`);
+                console.log(`\nUnknown Command: ${command}\n`);
+                console.log(mainUsageGuide);
                 await (0, telemetry_1.sendTelemetryConfigAsConfObj)(config, command, argvMain, 'FAILURE', 'undefined');
             }
             process.exit(9);

package/dist/lambda/lambda.js

@@ -119,7 +119,7 @@ const processLambda = async (argv) => {
 exports.processLambda = processLambda;
 const getAvailableFunctions = async (lambdaOptions) => {
     const lambdas = await (0, lambdaUtils_1.getAllLambdas)(lambdaOptions);
-    (0, lambdaUtils_1.printAvailableLambdas)(lambdas, { runtimes: ['python', 'java'] });
+    (0, lambdaUtils_1.printAvailableLambdas)(lambdas, { runtimes: ['python', 'java', 'node'] });
 };
 exports.getAvailableFunctions = getAvailableFunctions;
 const actualProcessLambda = async (lambdaOptions) => {