@contrast/contrast 1.0.15 → 1.0.17

package/dist/audit/catalogueApplication/catalogueApplication.js

@@ -39,7 +39,7 @@ const tryRetrieveAppIdFromMessages = messages => {
     return appId;
 };
 module.exports = {
-    catalogueApplication: catalogueApplication,
+    catalogueApplication,
     doesMessagesContainAppId,
     tryRetrieveAppIdFromMessages
 };

package/dist/audit/languageAnalysisEngine/sendSnapshot.js

@@ -28,7 +28,7 @@ const getTimeout = config => {
         return 300;
     }
 };
-const pollForSnapshotCompletition = async (config, snapshotId, reportSpinner) => {
+const pollForSnapshotCompletion = async (config, snapshotId, reportSpinner) => {
     const client = commonApi.getHttpClient(config);
     const startTime = performance.now();
     const timeout = getTimeout(config);
@@ -63,5 +63,5 @@ const pollForSnapshotCompletition = async (config, snapshotId, reportSpinner) =>
     }
 };
 module.exports = {
-    pollForSnapshotCompletition: pollForSnapshotCompletition
+    pollForSnapshotCompletion
 };

package/dist/audit/report/commonReportingFunctions.js

@@ -132,13 +132,7 @@ function buildBody(cveArray, advice) {
 function getIssueRow(cveArray) {
     orderByHighestPriority(cveArray);
     const cveMessagesList = getIssueCveMsgList(cveArray);
-    const cveNumbers = getSeverityCounts(cveArray);
-    const numAndSeverityTypeDesc = getNumOfAndSeverityType(cveNumbers);
-    return [
-        chalk.bold('Issue'),
-        ':',
-        `${numAndSeverityTypeDesc} ${cveMessagesList.join(', ')}`
-    ];
+    return [chalk.bold('Issue'), ':', `${cveMessagesList.join(', ')}`];
 }
 function gatherRemediationAdvice(guidance, libraryName, libraryVersion) {
     const guidanceModel = new ReportGuidanceModel();
@@ -152,17 +146,6 @@ function gatherRemediationAdvice(guidance, libraryName, libraryVersion) {
 function buildFormattedHeaderNum(contrastHeaderNum) {
     return `CONTRAST-${contrastHeaderNum.toString().padStart(3, '0')}`;
 }
-function getNumOfAndSeverityType(cveNumbers) {
-    const { critical, high, medium, low, note } = cveNumbers;
-    const criticalMsg = critical > 0 ? `${critical} Critical | ` : '';
-    const highMsg = high > 0 ? `${high} High | ` : '';
-    const mediumMsg = medium > 0 ? `${medium} Medium | ` : '';
-    const lowMsg = low > 0 ? `${low} Low | ` : '';
-    const noteMsg = note > 0 ? `${note} Note` : '';
-    return `${criticalMsg} ${highMsg} ${mediumMsg} ${lowMsg} ${noteMsg}`
-        .replace(/\s+/g, ' ')
-        .trim();
-}
 const buildFooter = reportModelStructure => {
     const { critical, high, medium, low, note } = countVulnerableLibrariesBySeverity(reportModelStructure);
     const criticalMessage = chalk
@@ -257,7 +240,6 @@ module.exports = {
     getIssueRow,
     gatherRemediationAdvice,
     buildFormattedHeaderNum,
-    getNumOfAndSeverityType,
     getIssueCveMsgList,
     getSeverityCounts,
     printNoVulnFoundMsg,

package/dist/{constants.js → cliConstants.js}

@@ -10,7 +10,46 @@ i18n.configure({
     },
     defaultLocale: 'en'
 });
+const sharedOptionDefinitions = [
+    {
+        name: 'proxy',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsProxyServer')
+    },
+    {
+        name: 'key',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsProxyKey')
+    },
+    {
+        name: 'cacert',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsProxyCaCert')
+    },
+    {
+        name: 'cert',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsProxyCert')
+    },
+    {
+        name: 'ignore-cert-errors',
+        type: Boolean,
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}:' +
+            i18n.__('constantsIgnoreCertErrors')
+    }
+];
 const scanOptionDefinitions = [
+    ...sharedOptionDefinitions,
     {
         name: 'name',
         alias: 'n',
@@ -88,13 +127,6 @@ const scanOptionDefinitions = [
             '}: ' +
             i18n.__('constantsHostId')
     },
-    {
-        name: 'proxy',
-        description: '{bold ' +
-            i18n.__('constantsOptional') +
-            '}: ' +
-            i18n.__('constantsProxyServer')
-    },
     {
         name: 'fail',
         type: Boolean,
@@ -117,15 +149,7 @@ const scanOptionDefinitions = [
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('constantsProxyServer')
-    },
-    {
-        name: 'ignore-cert-errors',
-        type: Boolean,
-        description: '{bold ' +
-            i18n.__('constantsOptional') +
-            '}:' +
-            i18n.__('constantsIgnoreCertErrors')
+            i18n.__('constantsDoNotWaitForScan')
     },
     {
         name: 'verbose',
@@ -190,6 +214,7 @@ const configOptionDefinitions = [
     }
 ];
 const auditOptionDefinitions = [
+    ...sharedOptionDefinitions,
     {
         name: 'application-id',
         description: '{bold ' +
@@ -270,6 +295,10 @@ const auditOptionDefinitions = [
     {
         name: 'maven-settings-path'
     },
+    {
+        name: 'fingerprint',
+        type: Boolean
+    },
     {
         name: 'organization-id',
         alias: 'o',
@@ -299,21 +328,6 @@ const auditOptionDefinitions = [
             '}: ' +
             i18n.__('constantsHostId')
     },
-    {
-        name: 'proxy',
-        description: '{bold ' +
-            i18n.__('constantsOptional') +
-            '}: ' +
-            i18n.__('constantsProxyServer')
-    },
-    {
-        name: 'ignore-cert-errors',
-        type: Boolean,
-        description: '{bold ' +
-            i18n.__('constantsOptional') +
-            '}:' +
-            i18n.__('constantsIgnoreCertErrors')
-    },
     {
         name: 'save',
         alias: 's',
@@ -402,7 +416,8 @@ const mainUsageGuide = commandLineUsage([
             { name: i18n.__('clearHeader'), summary: i18n.__('clearContent') }
         ]
     },
-    commonHelpLinks()
+    commonHelpLinks()[0],
+    commonHelpLinks()[1]
 ]);
 const mainDefinition = [{ name: 'command', defaultOption: true }];
 module.exports = {

package/dist/commands/audit/auditConfig.js

@@ -1,15 +1,13 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAuditConfig = void 0;
-const paramHandler_1 = __importDefault(require("../../utils/paramsUtil/paramHandler"));
-const constants_1 = __importDefault(require("../../constants"));
-const parsedCLIOptions_1 = require("../../utils/parsedCLIOptions");
+const { getCommandLineArgsCustom } = require('../../utils/parsedCLIOptions');
+const constants = require('../../cliConstants');
+const paramHandler = require('../../utils/paramsUtil/paramHandler');
 const getAuditConfig = async (contrastConf, command, argv) => {
-    const auditParameters = await (0, parsedCLIOptions_1.getCommandLineArgsCustom)(contrastConf, command, argv, constants_1.default.commandLineDefinitions.auditOptionDefinitions);
-    const paramsAuth = paramHandler_1.default.getAuth(auditParameters);
-    return { ...paramsAuth, ...auditParameters };
+    const auditParameters = await getCommandLineArgsCustom(contrastConf, command, argv, constants.commandLineDefinitions.auditOptionDefinitions);
+    const paramsAuth = paramHandler.getAuth(auditParameters);
+    const javaAgreement = paramHandler.getAgreement();
+    return { ...paramsAuth, ...auditParameters, ...javaAgreement };
+};
+module.exports = {
+    getAuditConfig
 };
-exports.getAuditConfig = getAuditConfig;

package/dist/commands/audit/auditController.js

@@ -1,23 +1,18 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAppName = exports.dealWithNoAppId = void 0;
-const catalogueApplication_1 = require("../../audit/catalogueApplication/catalogueApplication");
-const commonApi_1 = __importDefault(require("../../audit/languageAnalysisEngine/commonApi"));
+const catalogue = require('../../audit/catalogueApplication/catalogueApplication');
+const commonApi = require('../../audit/languageAnalysisEngine/commonApi');
 const dealWithNoAppId = async (config) => {
     let appID;
     try {
-        appID = await commonApi_1.default.returnAppId(config);
+        appID = await commonApi.returnAppId(config);
         if (!appID && config.applicationName) {
-            return await (0, catalogueApplication_1.catalogueApplication)(config);
+            return await catalogue.catalogueApplication(config);
         }
         if (!appID && !config.applicationName) {
-            config.applicationName = (0, exports.getAppName)(config.file);
-            appID = await commonApi_1.default.returnAppId(config);
+            config.applicationName = getAppName(config.file);
+            appID = await commonApi.returnAppId(config);
             if (!appID) {
-                return await (0, catalogueApplication_1.catalogueApplication)(config);
+                return await catalogue.catalogueApplication(config);
             }
         }
     }
@@ -30,8 +25,7 @@ const dealWithNoAppId = async (config) => {
     }
     return appID;
 };
-exports.dealWithNoAppId = dealWithNoAppId;
-const getAppName = (file) => {
+const getAppName = file => {
     const last = file.charAt(file.length - 1);
     if (last !== '/') {
         return file.split('/').pop();
@@ -41,7 +35,9 @@ const getAppName = (file) => {
         return str.split('/').pop();
     }
 };
-exports.getAppName = getAppName;
-const removeLastChar = (str) => {
+const removeLastChar = str => {
     return str.substring(0, str.length - 1);
 };
+module.exports = {
+    dealWithNoAppId
+};

package/dist/commands/audit/help.js

@@ -1,36 +1,31 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.auditUsageGuide = void 0;
-const command_line_usage_1 = __importDefault(require("command-line-usage"));
-const i18n_1 = __importDefault(require("i18n"));
-const constants_1 = __importDefault(require("../../constants"));
-const commonHelp_1 = require("../../common/commonHelp");
-const auditUsageGuide = (0, command_line_usage_1.default)([
+const commandLineUsage = require('command-line-usage');
+const i18n = require('i18n');
+const constants = require('../../cliConstants');
+const { commonHelpLinks } = require('../../common/commonHelp');
+const auditUsageGuide = commandLineUsage([
     {
-        header: i18n_1.default.__('auditHeader'),
-        content: [i18n_1.default.__('auditHeaderMessage')]
+        header: i18n.__('auditHeader'),
+        content: [i18n.__('auditHeaderMessage')]
     },
     {
-        header: i18n_1.default.__('constantsPrerequisitesHeader'),
+        header: i18n.__('constantsPrerequisitesHeader'),
         content: [
             '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentSupportedLanguages') +
+                i18n.__('constantsAuditPrerequisitesContentSupportedLanguages') +
                 '}',
-            i18n_1.default.__('constantsAuditPrerequisitesJavaContentMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentDotNetMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentNodeMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentRubyMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentPythonMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentGoMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentPHPMessage')
+            i18n.__('constantsAuditPrerequisitesJavaContentMessage'),
+            i18n.__('constantsAuditPrerequisitesContentDotNetMessage'),
+            i18n.__('constantsAuditPrerequisitesContentNodeMessage'),
+            i18n.__('constantsAuditPrerequisitesContentRubyMessage'),
+            i18n.__('constantsAuditPrerequisitesContentPythonMessage'),
+            i18n.__('constantsAuditPrerequisitesContentGoMessage'),
+            i18n.__('constantsAuditPrerequisitesContentPHPMessage')
         ]
     },
     {
-        header: i18n_1.default.__('constantsAuditOptions'),
-        optionList: constants_1.default.commandLineDefinitions.auditOptionDefinitions,
+        header: i18n.__('constantsAuditOptions'),
+        optionList: constants.commandLineDefinitions.auditOptionDefinitions,
         hide: [
             'application-id',
             'application-name',
@@ -54,9 +49,12 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
             'app-groups',
             'metadata',
             'track',
-            'branch'
+            'fingerprint'
         ]
     },
-    (0, commonHelp_1.commonHelpLinks)()
+    commonHelpLinks()[0],
+    commonHelpLinks()[1]
 ]);
-exports.auditUsageGuide = auditUsageGuide;
+module.exports = {
+    auditUsageGuide
+};

package/dist/commands/audit/processAudit.js

@@ -1,30 +1,24 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.processAudit = void 0;
-const auditConfig_1 = require("./auditConfig");
-const help_1 = require("./help");
-const scaAnalysis_1 = require("../scan/sca/scaAnalysis");
-const telemetry_1 = require("../../telemetry/telemetry");
-const chalk_1 = __importDefault(require("chalk"));
-const processAudit = async (contrastConf, argv) => {
-    if (argv.indexOf('--help') != -1) {
+const auditConfig = require('./auditConfig');
+const { auditUsageGuide } = require('./help');
+const scaController = require('../scan/sca/scaAnalysis');
+const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry');
+const { postRunMessage } = require('../../common/commonHelp');
+const processAudit = async (contrastConf, argvMain) => {
+    if (argvMain.indexOf('--help') !== -1) {
         printHelpMessage();
         process.exit(0);
     }
-    const config = await (0, auditConfig_1.getAuditConfig)(contrastConf, 'audit', argv);
-    await (0, scaAnalysis_1.processSca)(config);
-    postRunMessage();
-    await (0, telemetry_1.sendTelemetryConfigAsObject)(config, 'audit', argv, 'SUCCESS', config.language);
+    const config = await auditConfig.getAuditConfig(contrastConf, 'audit', argvMain);
+    await scaController.processSca(config);
+    if (!config.fingerprint) {
+        postRunMessage('audit');
+        await sendTelemetryConfigAsObject(config, 'audit', argvMain, 'SUCCESS', config.language);
+    }
 };
-exports.processAudit = processAudit;
 const printHelpMessage = () => {
-    console.log(help_1.auditUsageGuide);
+    console.log(auditUsageGuide);
 };
-const postRunMessage = () => {
-    console.log('\n' + chalk_1.default.underline.bold('Other Codesec Features:'));
-    console.log("'contrast scan' to run CodeSec’s industry leading SAST scanner");
-    console.log("'contrast lambda' to secure your AWS serverless functions\n");
+module.exports = {
+    processAudit
 };

package/dist/commands/audit/saveFile.js

@@ -1,15 +1,9 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.saveFile = void 0;
-const fs_1 = __importDefault(require("fs"));
+const fs = require('fs');
 const saveFile = (config, type, rawResults) => {
     const fileName = `${config.applicationId}-sbom-${type}.json`;
-    fs_1.default.writeFileSync(fileName, JSON.stringify(rawResults));
+    fs.writeFileSync(fileName, JSON.stringify(rawResults));
 };
-exports.saveFile = saveFile;
 module.exports = {
-    saveFile: exports.saveFile
+    saveFile
 };

package/dist/commands/auth/auth.js

@@ -8,7 +8,7 @@ const i18n = require('i18n');
 const { returnOra, startSpinner, failSpinner, succeedSpinner } = require('../../utils/oraWrapper');
 const { TIMEOUT, AUTH_UI_URL } = require('../../constants/constants');
 const parsedCLIOptions = require('../../utils/parsedCLIOptions');
-const constants = require('../../constants');
+const constants = require('../../cliConstants');
 const commandLineUsage = require('command-line-usage');
 const processAuth = async (argv, config) => {
     let authParams = await parsedCLIOptions.getCommandLineArgsCustom(config, 'auth', argv, constants.commandLineDefinitions.authOptionDefinitions);

package/dist/commands/config/config.js

@@ -1,6 +1,6 @@
 "use strict";
 const parsedCLIOptions = require('../../utils/parsedCLIOptions');
-const constants = require('../../constants');
+const constants = require('../../cliConstants');
 const commandLineUsage = require('command-line-usage');
 const i18n = require('i18n');
 const processConfig = async (argv, config) => {

package/dist/commands/scan/processScan.js

@@ -6,7 +6,7 @@ const { ScanResultsModel } = require('../../scan/models/scanResultsModel');
 const { formatScanOutput } = require('../../scan/formatScanOutput');
 const common = require('../../common/fail');
 const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry');
-const chalk = require('chalk');
+const { postRunMessage } = require('../../common/commonHelp');
 const processScan = async (contrastConf, argv) => {
     let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv);
     let output = undefined;
@@ -18,15 +18,13 @@ const processScan = async (contrastConf, argv) => {
     if (config.save !== undefined) {
         await saveScanFile(config, scanResults);
     }
+    else {
+        console.log('\nUse contrast scan --save to save results as a SARIF');
+    }
     if (config.fail) {
         common.processFail(config, output);
     }
-    postRunMessage();
-};
-const postRunMessage = () => {
-    console.log('\n' + chalk.underline.bold('Other Codesec Features:'));
-    console.log("'contrast audit' to find vulnerabilities in your open source dependencies");
-    console.log("'contrast lambda' to secure your AWS serverless functions\n");
+    postRunMessage('scan');
 };
 module.exports = {
     processScan