@contrast/contrast 1.0.15 → 1.0.16

package/src/scaAnalysis/javascript/scaServiceParser.js

@@ -38,7 +38,10 @@ const npmCreateDepTree = (
       name: key,
       version: getResolvedVersion(key, packageLock),
       group: null,
-      isProduction: checkIfInPackageJSON(rawNode.packageJSON.dependencies, key),
+      productionDependency: checkIfInPackageJSON(
+        rawNode.packageJSON.dependencies,
+        key
+      ),
       directDependency: checkIfInPackageJSON(combinedPackageJSONDep, key),
       dependencies: createNPMChildDependencies(packageLock, key)
     }
@@ -59,7 +62,10 @@ const yarnCreateDepTree = (
       name: gav,
       version: getResolvedVersion(key, packageLock),
       group: null,
-      isProduction: checkIfInPackageJSON(rawNode.packageJSON.dependencies, nag),
+      productionDependency: checkIfInPackageJSON(
+        rawNode.packageJSON.dependencies,
+        nag
+      ),
       directDependency: checkIfInPackageJSON(combinedPackageJSONDep, nag),
       dependencies: createChildDependencies(packageLock, key)
     }

package/src/scaAnalysis/php/phpNewServicesMapper.js

@@ -7,7 +7,7 @@ const parsePHPLockFileForScaServices = phpLockFile => {
   return merge(buildDepTree(packages, true), buildDepTree(packagesDev, false))
 }
 
-const buildDepTree = (packages, isProduction) => {
+const buildDepTree = (packages, productionDependency) => {
   //builds deps into flat structure
   const dependencyTree = {}
 
@@ -21,7 +21,7 @@ const buildDepTree = (packages, isProduction) => {
       name: name,
       version: currentObj.version,
       directDependency: true,
-      isProduction: isProduction,
+      productionDependency: productionDependency,
       dependencies: []
     }
 
@@ -53,7 +53,7 @@ const buildSubDepsIntoFlatStructure = childDeps => {
       name: name,
       version: version,
       directDependency: false,
-      isProduction: false,
+      productionDependency: false,
       dependencies: []
     }
   }

package/src/scaAnalysis/python/analysis.js

@@ -41,7 +41,7 @@ const scaPythonParser = pythonDependencies => {
     )
     pythonParsedDeps[key].group = null
     pythonParsedDeps[key].name = key
-    pythonParsedDeps[key].isProduction = true
+    pythonParsedDeps[key].productionDependency = true
     pythonParsedDeps[key].dependencies = []
     pythonParsedDeps[key].directDependency = true
   }

package/src/scaAnalysis/repoMode/gradleParser.js

@@ -0,0 +1,88 @@
+const g2js = require('gradle-to-js/lib/parser')
+
+const readBuildGradleFile = async project => {
+  const gradleFilePath = project.cwd + '/build.gradle'
+  return await g2js.parseFile(gradleFilePath)
+}
+
+const filterGav = (groupId, artifactId, version, gradleJson) => {
+  if (groupId === '') {
+    if (artifactId.includes(':')) {
+      groupId = artifactId.split(':')[0].replace("'", '')
+    }
+  }
+
+  if (version === '') {
+    if (artifactId.includes(':')) {
+      artifactId.split(':').length > 2
+        ? (version = artifactId.split(':')[2].replace("'", ''))
+        : (version = null)
+    }
+  }
+
+  if (artifactId.split(':').length > 1) {
+    artifactId = artifactId.split(':')[1].replace("'", '')
+  }
+
+  if (version === null) {
+    version = getVersion(gradleJson, groupId)
+  }
+  return { groupId, artifactId, version }
+}
+
+const parseGradleJson = gradleJson => {
+  let deps = gradleJson.dependencies
+  let dependencyTree = {}
+
+  if (deps === undefined) {
+    console.log('Unable to find any dependencies in your project file.')
+    process.exit(0)
+  }
+
+  for (let a in deps) {
+    let dependencyType = deps[a].type
+
+    if (dependencyType === 'implementation') {
+      let groupId = deps[a].group
+      let artifactId = deps[a].name
+      let version = deps[a].version
+
+      let filteredGav = filterGav(groupId, artifactId, version, gradleJson)
+
+      let depName =
+        filteredGav.groupId +
+        '/' +
+        filteredGav.artifactId +
+        '@' +
+        filteredGav.version
+
+      let parsedDependency = {
+        name: filteredGav.artifactId,
+        group: filteredGav.groupId,
+        version: filteredGav.version,
+        directDependency: true,
+        isProduction: true,
+        dependencies: []
+      }
+      dependencyTree[depName] = parsedDependency
+    }
+  }
+  return dependencyTree
+}
+
+const getVersion = (gradleJson, dependencyWithoutVersion) => {
+  let parentVersion = gradleJson.plugins[0].version
+  let parentGroupName = gradleJson.plugins[0].id
+  if (parentGroupName === dependencyWithoutVersion) {
+    return parentVersion
+  } else {
+    return null
+  }
+}
+
+module.exports = {
+  readBuildGradleFile,
+  parseGradleJson,
+  getVersion,
+  filterGav
+}

package/src/scaAnalysis/repoMode/index.js

@@ -0,0 +1,21 @@
+const mavenParser = require('./mavenParser')
+const gradleParser = require('./gradleParser')
+const { determineProjectTypeAndCwd } = require('../java/analysis')
+
+const buildRepo = async (config, languageFiles) => {
+  const project = determineProjectTypeAndCwd(languageFiles.JAVA, config)
+
+  if (project.projectType === 'maven') {
+    let jsonPomFile = mavenParser.readPomFile(project)
+    mavenParser.parsePomFile(jsonPomFile)
+  } else if (project.projectType === 'gradle') {
+    const gradleJson = gradleParser.readBuildGradleFile(project)
+    gradleParser.parseGradleJson(await gradleJson)
+  } else {
+    console.log('Unable to read project files.')
+  }
+}
+
+module.exports = {
+  buildRepo
+}

package/src/scaAnalysis/repoMode/mavenParser.js

@@ -0,0 +1,89 @@
+const fs = require('fs')
+const xml2js = require('xml2js')
+
+const readPomFile = project => {
+  const mavenFilePath = project.cwd + '/pom.xml'
+  const projectFile = fs.readFileSync(mavenFilePath)
+  let jsonPomFile
+  xml2js.parseString(projectFile, (err, result) => {
+    if (err) {
+      throw err
+    }
+    const json = JSON.stringify(result, null)
+    jsonPomFile = JSON.parse(json)
+  })
+  return jsonPomFile
+}
+
+const getFromVersionsTag = (dependencyName, versionIdentifier, jsonPomFile) => {
+  // reading:
+  // <!-- DEPENDENCY VERSIONS -->
+  // <versions.animal-sniffer>1.16</versions.animal-sniffer>
+  let formattedVersion = versionIdentifier.replace(/[{}]/g, '').replace('$', '')
+
+  if (jsonPomFile.project.properties[0].hasOwnProperty([formattedVersion])) {
+    return jsonPomFile.project.properties[0][formattedVersion][0]
+  } else {
+    return null
+  }
+}
+
+const parsePomFile = jsonPomFile => {
+  let dependencyTree = {}
+  let parsedVersion
+  let dependencies
+  jsonPomFile.project.hasOwnProperty('dependencies')
+    ? (dependencies = jsonPomFile.project.dependencies[0].dependency)
+    : (dependencies =
+        jsonPomFile.project.dependencyManagement[0].dependencies[0].dependency)
+
+  for (let x in dependencies) {
+    let dependencyObject = dependencies[x]
+    if (!dependencyObject.hasOwnProperty('version')) {
+      parsedVersion = getVersion(jsonPomFile, dependencyObject)
+    } else {
+      dependencyObject.version[0].includes('${versions.')
+        ? (parsedVersion = getFromVersionsTag(
+            dependencyObject.artifactId[0],
+            dependencyObject.version[0],
+            jsonPomFile
+          ))
+        : (parsedVersion = dependencyObject.version[0])
+    }
+
+    let depName =
+      dependencyObject.groupId +
+      '/' +
+      dependencyObject.artifactId +
+      '@' +
+      parsedVersion
+
+    let parsedDependency = {
+      name: dependencyObject.artifactId[0],
+      group: dependencyObject.groupId[0],
+      version: parsedVersion,
+      directDependency: true,
+      productionDependency: true,
+      dependencies: []
+    }
+    dependencyTree[depName] = parsedDependency
+  }
+  return dependencyTree
+}
+
+const getVersion = (pomFile, dependencyWithoutVersion) => {
+  let parentVersion = pomFile.project.parent[0].version[0]
+  let parentGroupName = pomFile.project.parent[0].groupId[0]
+  if (parentGroupName === dependencyWithoutVersion.groupId[0]) {
+    return parentVersion
+  } else {
+    return null
+  }
+}
+
+module.exports = {
+  readPomFile,
+  getVersion,
+  parsePomFile,
+  getFromVersionsTag
+}

package/src/scaAnalysis/ruby/analysis.js

@@ -341,12 +341,12 @@ const removeRedundantAndPopulateDefinedElements = deps => {
       delete element.platform
 
       element.group = null
-      element.isProduction = true
+      element.productionDependency = true
     }
 
     if (element.sourceType === 'GEM') {
       element.group = null
-      element.isProduction = true
+      element.productionDependency = true
 
       delete element.sourceType
       delete element.remote
@@ -355,7 +355,7 @@ const removeRedundantAndPopulateDefinedElements = deps => {
 
     if (element.sourceType === 'PATH') {
       element.group = null
-      element.isProduction = true
+      element.productionDependency = true
 
       delete element.platform
       delete element.sourceType
@@ -364,7 +364,7 @@ const removeRedundantAndPopulateDefinedElements = deps => {
 
     if (element.sourceType === 'BUNDLED WITH') {
       element.group = null
-      element.isProduction = true
+      element.productionDependency = true
 
       delete element.sourceType
       delete element.remote

package/src/scan/help.js

@@ -1,6 +1,6 @@
 const commandLineUsage = require('command-line-usage')
 const i18n = require('i18n')
-const constants = require('../constants')
+const constants = require('../cliConstants')
 const { commonHelpLinks } = require('../common/commonHelp')
 
 const scanUsageGuide = commandLineUsage([

package/src/scan/scanConfig.js

@@ -1,5 +1,5 @@
 const paramHandler = require('../utils/paramsUtil/paramHandler')
-const constants = require('../constants.js')
+const constants = require('../cliConstants.js')
 const path = require('path')
 const { supportedLanguagesScan } = require('../constants/constants')
 const i18n = require('i18n')