@contrast/contrast 1.0.15 → 1.0.17

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.15",
+  "version": "1.0.17",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {
@@ -54,8 +54,10 @@
     "command-line-args": "^5.2.1",
     "command-line-usage": "^6.1.3",
     "conf": "^10.1.2",
+    "cross-spawn": "^7.0.3",
     "dotenv": "^16.0.0",
     "fast-glob": "^3.2.11",
+    "gradle-to-js": "^2.0.1",
     "i18n": "^0.14.2",
     "js-yaml": "^4.1.0",
     "lodash": "^4.17.21",

package/src/audit/catalogueApplication/catalogueApplication.js

@@ -45,7 +45,7 @@ const tryRetrieveAppIdFromMessages = messages => {
 }
 
 module.exports = {
-  catalogueApplication: catalogueApplication,
+  catalogueApplication,
   doesMessagesContainAppId,
   tryRetrieveAppIdFromMessages
 }

package/src/audit/languageAnalysisEngine/sendSnapshot.js

@@ -29,11 +29,7 @@ const getTimeout = config => {
   }
 }
 
-const pollForSnapshotCompletition = async (
-  config,
-  snapshotId,
-  reportSpinner
-) => {
+const pollForSnapshotCompletion = async (config, snapshotId, reportSpinner) => {
   const client = commonApi.getHttpClient(config)
   const startTime = performance.now()
   const timeout = getTimeout(config)
@@ -76,5 +72,5 @@ const pollForSnapshotCompletition = async (
 }
 
 module.exports = {
-  pollForSnapshotCompletition: pollForSnapshotCompletition
+  pollForSnapshotCompletion
 }

package/src/audit/report/commonReportingFunctions.js

@@ -256,13 +256,7 @@ function buildBody(cveArray, advice) {
 function getIssueRow(cveArray) {
   orderByHighestPriority(cveArray)
   const cveMessagesList = getIssueCveMsgList(cveArray)
-  const cveNumbers = getSeverityCounts(cveArray)
-  const numAndSeverityTypeDesc = getNumOfAndSeverityType(cveNumbers)
-  return [
-    chalk.bold('Issue'),
-    ':',
-    `${numAndSeverityTypeDesc} ${cveMessagesList.join(', ')}`
-  ]
+  return [chalk.bold('Issue'), ':', `${cveMessagesList.join(', ')}`]
 }
 
 function gatherRemediationAdvice(guidance, libraryName, libraryVersion) {
@@ -282,21 +276,6 @@ function buildFormattedHeaderNum(contrastHeaderNum) {
   return `CONTRAST-${contrastHeaderNum.toString().padStart(3, '0')}`
 }
 
-function getNumOfAndSeverityType(cveNumbers) {
-  const { critical, high, medium, low, note } = cveNumbers
-
-  const criticalMsg = critical > 0 ? `${critical} Critical | ` : ''
-  const highMsg = high > 0 ? `${high} High | ` : ''
-  const mediumMsg = medium > 0 ? `${medium} Medium | ` : ''
-  const lowMsg = low > 0 ? `${low} Low | ` : ''
-  const noteMsg = note > 0 ? `${note} Note` : ''
-
-  //removes/trims whitespace to single spaces
-  return `${criticalMsg} ${highMsg} ${mediumMsg} ${lowMsg} ${noteMsg}`
-    .replace(/\s+/g, ' ')
-    .trim()
-}
-
 const buildFooter = reportModelStructure => {
   const { critical, high, medium, low, note } =
     countVulnerableLibrariesBySeverity(reportModelStructure)
@@ -424,7 +403,6 @@ module.exports = {
   getIssueRow,
   gatherRemediationAdvice,
   buildFormattedHeaderNum,
-  getNumOfAndSeverityType,
   getIssueCveMsgList,
   getSeverityCounts,
   printNoVulnFoundMsg,

package/src/{constants.js → cliConstants.js}

@@ -11,8 +11,53 @@ i18n.configure({
   defaultLocale: 'en'
 })
 
+const sharedOptionDefinitions = [
+  {
+    name: 'proxy',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProxyServer')
+  },
+  {
+    name: 'key',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProxyKey')
+  },
+  {
+    name: 'cacert',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProxyCaCert')
+  },
+  {
+    name: 'cert',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProxyCert')
+  },
+  {
+    name: 'ignore-cert-errors',
+    type: Boolean,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}:' +
+      i18n.__('constantsIgnoreCertErrors')
+  }
+]
+
 // CLI options that we will allow and handle
 const scanOptionDefinitions = [
+  ...sharedOptionDefinitions,
   {
     name: 'name',
     alias: 'n',
@@ -100,14 +145,6 @@ const scanOptionDefinitions = [
       '}: ' +
       i18n.__('constantsHostId')
   },
-  {
-    name: 'proxy',
-    description:
-      '{bold ' +
-      i18n.__('constantsOptional') +
-      '}: ' +
-      i18n.__('constantsProxyServer')
-  },
   {
     name: 'fail',
     type: Boolean,
@@ -133,16 +170,7 @@ const scanOptionDefinitions = [
       '{bold ' +
       i18n.__('constantsOptional') +
       '}: ' +
-      i18n.__('constantsProxyServer')
-  },
-  {
-    name: 'ignore-cert-errors',
-    type: Boolean,
-    description:
-      '{bold ' +
-      i18n.__('constantsOptional') +
-      '}:' +
-      i18n.__('constantsIgnoreCertErrors')
+      i18n.__('constantsDoNotWaitForScan')
   },
   {
     name: 'verbose',
@@ -214,6 +242,7 @@ const configOptionDefinitions = [
 ]
 
 const auditOptionDefinitions = [
+  ...sharedOptionDefinitions,
   {
     name: 'application-id',
     description:
@@ -305,6 +334,10 @@ const auditOptionDefinitions = [
   {
     name: 'maven-settings-path'
   },
+  {
+    name: 'fingerprint',
+    type: Boolean
+  },
   {
     name: 'organization-id',
     alias: 'o',
@@ -338,23 +371,6 @@ const auditOptionDefinitions = [
       '}: ' +
       i18n.__('constantsHostId')
   },
-  {
-    name: 'proxy',
-    description:
-      '{bold ' +
-      i18n.__('constantsOptional') +
-      '}: ' +
-      i18n.__('constantsProxyServer')
-  },
-  {
-    name: 'ignore-cert-errors',
-    type: Boolean,
-    description:
-      '{bold ' +
-      i18n.__('constantsOptional') +
-      '}:' +
-      i18n.__('constantsIgnoreCertErrors')
-  },
   {
     name: 'save',
     alias: 's',
@@ -449,7 +465,8 @@ const mainUsageGuide = commandLineUsage([
       { name: i18n.__('clearHeader'), summary: i18n.__('clearContent') }
     ]
   },
-  commonHelpLinks()
+  commonHelpLinks()[0],
+  commonHelpLinks()[1]
 ])
 
 const mainDefinition = [{ name: 'command', defaultOption: true }]

package/src/commands/audit/auditConfig.js

@@ -0,0 +1,19 @@
+const { getCommandLineArgsCustom } = require('../../utils/parsedCLIOptions')
+const constants = require('../../cliConstants')
+const paramHandler = require('../../utils/paramsUtil/paramHandler')
+
+const getAuditConfig = async (contrastConf, command, argv) => {
+  const auditParameters = await getCommandLineArgsCustom(
+    contrastConf,
+    command,
+    argv,
+    constants.commandLineDefinitions.auditOptionDefinitions
+  )
+  const paramsAuth = paramHandler.getAuth(auditParameters)
+  const javaAgreement = paramHandler.getAgreement()
+  return { ...paramsAuth, ...auditParameters, ...javaAgreement }
+}
+
+module.exports = {
+  getAuditConfig
+}

package/src/commands/audit/{auditController.ts → auditController.js}

@@ -1,23 +1,24 @@
-import { catalogueApplication } from '../../audit/catalogueApplication/catalogueApplication'
-import commonApi from '../../audit/languageAnalysisEngine/commonApi'
+const catalogue = require('../../audit/catalogueApplication/catalogueApplication')
+const commonApi = require('../../audit/languageAnalysisEngine/commonApi')
 
-export const dealWithNoAppId = async (config: { [x: string]: string }) => {
-  let appID: string
+const dealWithNoAppId = async config => {
+  let appID
   try {
-    // @ts-ignore
     appID = await commonApi.returnAppId(config)
+
     if (!appID && config.applicationName) {
-      return await catalogueApplication(config)
+      return await catalogue.catalogueApplication(config)
     }
+
     if (!appID && !config.applicationName) {
-      config.applicationName = getAppName(config.file) as string
-      // @ts-ignore
+      config.applicationName = getAppName(config.file)
       appID = await commonApi.returnAppId(config)
+
       if (!appID) {
-        return await catalogueApplication(config)
+        return await catalogue.catalogueApplication(config)
       }
     }
-  } catch (e: any) {
+  } catch (e) {
     if (e.toString().includes('tunneling socket could not be established')) {
       console.log(e.message.toString())
       console.log(
@@ -29,7 +30,7 @@ export const dealWithNoAppId = async (config: { [x: string]: string }) => {
   return appID
 }
 
-export const getAppName = (file: string) => {
+const getAppName = file => {
   const last = file.charAt(file.length - 1)
   if (last !== '/') {
     return file.split('/').pop()
@@ -39,6 +40,10 @@ export const getAppName = (file: string) => {
   }
 }
 
-const removeLastChar = (str: string) => {
+const removeLastChar = str => {
   return str.substring(0, str.length - 1)
 }
+
+module.exports = {
+  dealWithNoAppId
+}

package/src/commands/audit/{help.ts → help.js}

@@ -1,7 +1,7 @@
-import commandLineUsage from 'command-line-usage'
-import i18n from 'i18n'
-import constants from '../../constants'
-import { commonHelpLinks } from '../../common/commonHelp'
+const commandLineUsage = require('command-line-usage')
+const i18n = require('i18n')
+const constants = require('../../cliConstants')
+const { commonHelpLinks } = require('../../common/commonHelp')
 
 const auditUsageGuide = commandLineUsage([
   {
@@ -49,10 +49,13 @@ const auditUsageGuide = commandLineUsage([
       'app-groups',
       'metadata',
       'track',
-      'branch'
+      'fingerprint'
     ]
   },
-  commonHelpLinks()
+  commonHelpLinks()[0],
+  commonHelpLinks()[1]
 ])
 
-export { auditUsageGuide }
+module.exports = {
+  auditUsageGuide
+}

package/src/commands/audit/processAudit.js

@@ -0,0 +1,37 @@
+const auditConfig = require('./auditConfig')
+const { auditUsageGuide } = require('./help')
+const scaController = require('../scan/sca/scaAnalysis')
+const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry')
+const { postRunMessage } = require('../../common/commonHelp')
+
+const processAudit = async (contrastConf, argvMain) => {
+  if (argvMain.indexOf('--help') !== -1) {
+    printHelpMessage()
+    process.exit(0)
+  }
+
+  const config = await auditConfig.getAuditConfig(
+    contrastConf,
+    'audit',
+    argvMain
+  )
+  await scaController.processSca(config)
+  if (!config.fingerprint) {
+    postRunMessage('audit')
+    await sendTelemetryConfigAsObject(
+      config,
+      'audit',
+      argvMain,
+      'SUCCESS',
+      config.language
+    )
+  }
+}
+
+const printHelpMessage = () => {
+  console.log(auditUsageGuide)
+}
+
+module.exports = {
+  processAudit
+}

package/src/commands/audit/{saveFile.ts → saveFile.js}

@@ -1,6 +1,6 @@
-import fs from 'fs'
+const fs = require('fs')
 
-export const saveFile = (config: any, type: string, rawResults: any) => {
+const saveFile = (config, type, rawResults) => {
   const fileName = `${config.applicationId}-sbom-${type}.json`
   fs.writeFileSync(fileName, JSON.stringify(rawResults))
 }

package/src/commands/auth/auth.js

@@ -12,7 +12,7 @@ const {
 } = require('../../utils/oraWrapper')
 const { TIMEOUT, AUTH_UI_URL } = require('../../constants/constants')
 const parsedCLIOptions = require('../../utils/parsedCLIOptions')
-const constants = require('../../constants')
+const constants = require('../../cliConstants')
 const commandLineUsage = require('command-line-usage')
 
 const processAuth = async (argv, config) => {

package/src/commands/config/config.js

@@ -1,5 +1,5 @@
 const parsedCLIOptions = require('../../utils/parsedCLIOptions')
-const constants = require('../../constants')
+const constants = require('../../cliConstants')
 const commandLineUsage = require('command-line-usage')
 const i18n = require('i18n')
 

package/src/commands/scan/processScan.js

@@ -5,7 +5,7 @@ const { ScanResultsModel } = require('../../scan/models/scanResultsModel')
 const { formatScanOutput } = require('../../scan/formatScanOutput')
 const common = require('../../common/fail')
 const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry')
-const chalk = require('chalk')
+const { postRunMessage } = require('../../common/commonHelp')
 
 const processScan = async (contrastConf, argv) => {
   let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv)
@@ -26,21 +26,15 @@ const processScan = async (contrastConf, argv) => {
 
   if (config.save !== undefined) {
     await saveScanFile(config, scanResults)
+  } else {
+    console.log('\nUse contrast scan --save to save results as a SARIF')
   }
 
   if (config.fail) {
     common.processFail(config, output)
   }
 
-  postRunMessage()
-}
-
-const postRunMessage = () => {
-  console.log('\n' + chalk.underline.bold('Other Codesec Features:'))
-  console.log(
-    "'contrast audit' to find vulnerabilities in your open source dependencies"
-  )
-  console.log("'contrast lambda' to secure your AWS serverless functions\n")
+  postRunMessage('scan')
 }
 
 module.exports = {