@contrast/contrast 1.0.16 → 1.0.17

package/dist/audit/catalogueApplication/catalogueApplication.js

@@ -39,7 +39,7 @@ const tryRetrieveAppIdFromMessages = messages => {
     return appId;
 };
 module.exports = {
-    catalogueApplication: catalogueApplication,
+    catalogueApplication,
     doesMessagesContainAppId,
     tryRetrieveAppIdFromMessages
 };

package/dist/cliConstants.js

@@ -295,6 +295,10 @@ const auditOptionDefinitions = [
     {
         name: 'maven-settings-path'
     },
+    {
+        name: 'fingerprint',
+        type: Boolean
+    },
     {
         name: 'organization-id',
         alias: 'o',
@@ -412,7 +416,8 @@ const mainUsageGuide = commandLineUsage([
             { name: i18n.__('clearHeader'), summary: i18n.__('clearContent') }
         ]
     },
-    commonHelpLinks()
+    commonHelpLinks()[0],
+    commonHelpLinks()[1]
 ]);
 const mainDefinition = [{ name: 'command', defaultOption: true }];
 module.exports = {

package/dist/commands/audit/auditConfig.js

@@ -1,15 +1,13 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAuditConfig = void 0;
-const paramHandler_1 = __importDefault(require("../../utils/paramsUtil/paramHandler"));
-const cliConstants_1 = __importDefault(require("../../cliConstants"));
-const parsedCLIOptions_1 = require("../../utils/parsedCLIOptions");
+const { getCommandLineArgsCustom } = require('../../utils/parsedCLIOptions');
+const constants = require('../../cliConstants');
+const paramHandler = require('../../utils/paramsUtil/paramHandler');
 const getAuditConfig = async (contrastConf, command, argv) => {
-    const auditParameters = await (0, parsedCLIOptions_1.getCommandLineArgsCustom)(contrastConf, command, argv, cliConstants_1.default.commandLineDefinitions.auditOptionDefinitions);
-    const paramsAuth = paramHandler_1.default.getAuth(auditParameters);
-    return { ...paramsAuth, ...auditParameters };
+    const auditParameters = await getCommandLineArgsCustom(contrastConf, command, argv, constants.commandLineDefinitions.auditOptionDefinitions);
+    const paramsAuth = paramHandler.getAuth(auditParameters);
+    const javaAgreement = paramHandler.getAgreement();
+    return { ...paramsAuth, ...auditParameters, ...javaAgreement };
+};
+module.exports = {
+    getAuditConfig
 };
-exports.getAuditConfig = getAuditConfig;

package/dist/commands/audit/auditController.js

@@ -1,23 +1,18 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAppName = exports.dealWithNoAppId = void 0;
-const catalogueApplication_1 = require("../../audit/catalogueApplication/catalogueApplication");
-const commonApi_1 = __importDefault(require("../../audit/languageAnalysisEngine/commonApi"));
+const catalogue = require('../../audit/catalogueApplication/catalogueApplication');
+const commonApi = require('../../audit/languageAnalysisEngine/commonApi');
 const dealWithNoAppId = async (config) => {
     let appID;
     try {
-        appID = await commonApi_1.default.returnAppId(config);
+        appID = await commonApi.returnAppId(config);
         if (!appID && config.applicationName) {
-            return await (0, catalogueApplication_1.catalogueApplication)(config);
+            return await catalogue.catalogueApplication(config);
         }
         if (!appID && !config.applicationName) {
-            config.applicationName = (0, exports.getAppName)(config.file);
-            appID = await commonApi_1.default.returnAppId(config);
+            config.applicationName = getAppName(config.file);
+            appID = await commonApi.returnAppId(config);
             if (!appID) {
-                return await (0, catalogueApplication_1.catalogueApplication)(config);
+                return await catalogue.catalogueApplication(config);
             }
         }
     }
@@ -30,8 +25,7 @@ const dealWithNoAppId = async (config) => {
     }
     return appID;
 };
-exports.dealWithNoAppId = dealWithNoAppId;
-const getAppName = (file) => {
+const getAppName = file => {
     const last = file.charAt(file.length - 1);
     if (last !== '/') {
         return file.split('/').pop();
@@ -41,7 +35,9 @@ const getAppName = (file) => {
         return str.split('/').pop();
     }
 };
-exports.getAppName = getAppName;
-const removeLastChar = (str) => {
+const removeLastChar = str => {
     return str.substring(0, str.length - 1);
 };
+module.exports = {
+    dealWithNoAppId
+};

package/dist/commands/audit/help.js

@@ -1,36 +1,31 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.auditUsageGuide = void 0;
-const command_line_usage_1 = __importDefault(require("command-line-usage"));
-const i18n_1 = __importDefault(require("i18n"));
-const cliConstants_1 = __importDefault(require("../../cliConstants"));
-const commonHelp_1 = require("../../common/commonHelp");
-const auditUsageGuide = (0, command_line_usage_1.default)([
+const commandLineUsage = require('command-line-usage');
+const i18n = require('i18n');
+const constants = require('../../cliConstants');
+const { commonHelpLinks } = require('../../common/commonHelp');
+const auditUsageGuide = commandLineUsage([
     {
-        header: i18n_1.default.__('auditHeader'),
-        content: [i18n_1.default.__('auditHeaderMessage')]
+        header: i18n.__('auditHeader'),
+        content: [i18n.__('auditHeaderMessage')]
     },
     {
-        header: i18n_1.default.__('constantsPrerequisitesHeader'),
+        header: i18n.__('constantsPrerequisitesHeader'),
         content: [
             '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentSupportedLanguages') +
+                i18n.__('constantsAuditPrerequisitesContentSupportedLanguages') +
                 '}',
-            i18n_1.default.__('constantsAuditPrerequisitesJavaContentMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentDotNetMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentNodeMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentRubyMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentPythonMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentGoMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentPHPMessage')
+            i18n.__('constantsAuditPrerequisitesJavaContentMessage'),
+            i18n.__('constantsAuditPrerequisitesContentDotNetMessage'),
+            i18n.__('constantsAuditPrerequisitesContentNodeMessage'),
+            i18n.__('constantsAuditPrerequisitesContentRubyMessage'),
+            i18n.__('constantsAuditPrerequisitesContentPythonMessage'),
+            i18n.__('constantsAuditPrerequisitesContentGoMessage'),
+            i18n.__('constantsAuditPrerequisitesContentPHPMessage')
         ]
     },
     {
-        header: i18n_1.default.__('constantsAuditOptions'),
-        optionList: cliConstants_1.default.commandLineDefinitions.auditOptionDefinitions,
+        header: i18n.__('constantsAuditOptions'),
+        optionList: constants.commandLineDefinitions.auditOptionDefinitions,
         hide: [
             'application-id',
             'application-name',
@@ -54,9 +49,12 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
             'app-groups',
             'metadata',
             'track',
-            'branch'
+            'fingerprint'
         ]
     },
-    (0, commonHelp_1.commonHelpLinks)()
+    commonHelpLinks()[0],
+    commonHelpLinks()[1]
 ]);
-exports.auditUsageGuide = auditUsageGuide;
+module.exports = {
+    auditUsageGuide
+};

package/dist/commands/audit/processAudit.js

@@ -1,30 +1,24 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.processAudit = void 0;
-const auditConfig_1 = require("./auditConfig");
-const help_1 = require("./help");
-const scaAnalysis_1 = require("../scan/sca/scaAnalysis");
-const telemetry_1 = require("../../telemetry/telemetry");
-const chalk_1 = __importDefault(require("chalk"));
-const processAudit = async (contrastConf, argv) => {
-    if (argv.indexOf('--help') != -1) {
+const auditConfig = require('./auditConfig');
+const { auditUsageGuide } = require('./help');
+const scaController = require('../scan/sca/scaAnalysis');
+const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry');
+const { postRunMessage } = require('../../common/commonHelp');
+const processAudit = async (contrastConf, argvMain) => {
+    if (argvMain.indexOf('--help') !== -1) {
         printHelpMessage();
         process.exit(0);
     }
-    const config = await (0, auditConfig_1.getAuditConfig)(contrastConf, 'audit', argv);
-    await (0, scaAnalysis_1.processSca)(config);
-    postRunMessage();
-    await (0, telemetry_1.sendTelemetryConfigAsObject)(config, 'audit', argv, 'SUCCESS', config.language);
+    const config = await auditConfig.getAuditConfig(contrastConf, 'audit', argvMain);
+    await scaController.processSca(config);
+    if (!config.fingerprint) {
+        postRunMessage('audit');
+        await sendTelemetryConfigAsObject(config, 'audit', argvMain, 'SUCCESS', config.language);
+    }
 };
-exports.processAudit = processAudit;
 const printHelpMessage = () => {
-    console.log(help_1.auditUsageGuide);
+    console.log(auditUsageGuide);
 };
-const postRunMessage = () => {
-    console.log('\n' + chalk_1.default.underline.bold('Other Codesec Features:'));
-    console.log("'contrast scan' to run CodeSec’s industry leading SAST scanner");
-    console.log("'contrast lambda' to secure your AWS serverless functions\n");
+module.exports = {
+    processAudit
 };

package/dist/commands/audit/saveFile.js

@@ -1,15 +1,9 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.saveFile = void 0;
-const fs_1 = __importDefault(require("fs"));
+const fs = require('fs');
 const saveFile = (config, type, rawResults) => {
     const fileName = `${config.applicationId}-sbom-${type}.json`;
-    fs_1.default.writeFileSync(fileName, JSON.stringify(rawResults));
+    fs.writeFileSync(fileName, JSON.stringify(rawResults));
 };
-exports.saveFile = saveFile;
 module.exports = {
-    saveFile: exports.saveFile
+    saveFile
 };

package/dist/commands/scan/processScan.js

@@ -6,7 +6,7 @@ const { ScanResultsModel } = require('../../scan/models/scanResultsModel');
 const { formatScanOutput } = require('../../scan/formatScanOutput');
 const common = require('../../common/fail');
 const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry');
-const chalk = require('chalk');
+const { postRunMessage } = require('../../common/commonHelp');
 const processScan = async (contrastConf, argv) => {
     let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv);
     let output = undefined;
@@ -18,15 +18,13 @@ const processScan = async (contrastConf, argv) => {
     if (config.save !== undefined) {
         await saveScanFile(config, scanResults);
     }
+    else {
+        console.log('\nUse contrast scan --save to save results as a SARIF');
+    }
     if (config.fail) {
         common.processFail(config, output);
     }
-    postRunMessage();
-};
-const postRunMessage = () => {
-    console.log('\n' + chalk.underline.bold('Other Codesec Features:'));
-    console.log("'contrast audit' to find vulnerabilities in your open source dependencies");
-    console.log("'contrast lambda' to secure your AWS serverless functions\n");
+    postRunMessage('scan');
 };
 module.exports = {
     processScan

package/dist/commands/scan/sca/scaAnalysis.js

@@ -11,7 +11,7 @@ const path = require('path');
 const i18n = require('i18n');
 const auditSave = require('../../../audit/save');
 const { auditUsageGuide } = require('../../audit/help');
-const { buildRepo } = require('../../../scaAnalysis/repoMode/index');
+const repoMode = require('../../../scaAnalysis/repoMode/index');
 const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet');
 const { goAnalysis } = require('../../../scaAnalysis/go/goAnalysis');
 const { phpAnalysis } = require('../../../scaAnalysis/php/index');
@@ -23,6 +23,7 @@ const auditReport = require('../../../scaAnalysis/common/auditReport');
 const scaUpload = require('../../../scaAnalysis/common/scaServicesUpload');
 const settingsHelper = require('../../../utils/settingsHelper');
 const chalk = require('chalk');
+const saveResults = require('../../../scan/saveResults');
 const processSca = async (config) => {
     config = await settingsHelper.getSettings(config);
     const startTime = performance.now();
@@ -37,99 +38,114 @@ const processSca = async (config) => {
     config.file = pathWithFile
         ? rootFile.getDirectoryFromPathGiven(config.file).concat('/')
         : config.file;
-    filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
-    if (filesFound.length > 1 && pathWithFile) {
-        filesFound = filesFound.filter(i => Object.values(i)[0].includes(path.basename(config.fileName)));
+    if (config.fingerprint && config.experimental) {
+        let fingerprint = await autoDetection.autoDetectFingerprintInfo(config.file);
+        let idArray = fingerprint.map(x => x.id);
+        await saveResults.writeResultsToFile(fingerprint, 'fingerPrintInfo.json');
+        console.log(idArray);
     }
-    if (config.mode === 'repo') {
-        try {
-            return buildRepo(config, filesFound[0]);
-        }
-        catch (e) {
-            console.log('Unable to build in repository mode. Check your project file');
-            process.exit(0);
-        }
-    }
-    let messageToSend = undefined;
-    if (filesFound.length === 1) {
-        switch (Object.keys(filesFound[0])[0]) {
-            case JAVA:
-                messageToSend = javaAnalysis.javaAnalysis(config, filesFound[0]);
-                config.language = JAVA;
-                break;
-            case JAVASCRIPT:
-                messageToSend = await jsAnalysis.jsAnalysis(config, filesFound[0]);
-                config.language = NODE;
-                break;
-            case PYTHON:
-                messageToSend = pythonAnalysis(config, filesFound[0]);
-                config.language = PYTHON;
-                break;
-            case RUBY:
-                messageToSend = rubyAnalysis(config, filesFound[0]);
-                config.language = RUBY;
-                break;
-            case PHP:
-                messageToSend = phpAnalysis(config, filesFound[0]);
-                config.language = PHP;
-                break;
-            case GO:
-                messageToSend = goAnalysis(config, filesFound[0]);
-                config.language = GO;
-                break;
-            case DOTNET:
-                messageToSend = dotNetAnalysis(config, filesFound[0]);
-                config.language = DOTNET;
-                break;
-            default:
-                console.log('No supported language detected in project path');
-                return;
-        }
-        if (!config.applicationId) {
-            config.applicationId = await auditController.dealWithNoAppId(config);
+    else {
+        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
+        if (filesFound.length > 1 && pathWithFile) {
+            filesFound = filesFound.filter(i => Object.values(i)[0].includes(path.basename(config.fileName)));
         }
-        if (config.experimental) {
-            console.log('');
-            const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
-            startSpinner(reportSpinner);
-            const [reports, reportId] = await scaUpload.scaTreeUpload(messageToSend, config);
-            auditReport.processAuditReport(config, reports[0]);
-            succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
-            if (config.save !== undefined) {
-                await auditSave.auditSave(config, reportId);
+        let messageToSend = undefined;
+        if (filesFound.length === 1) {
+            switch (Object.keys(filesFound[0])[0]) {
+                case JAVA:
+                    config.language = JAVA;
+                    if (config.mode === 'repo') {
+                        try {
+                            return repoMode.buildRepo(config, filesFound[0]);
+                        }
+                        catch (e) {
+                            throw new Error('Unable to build in repository mode. Check your project file');
+                        }
+                    }
+                    else {
+                        messageToSend = await javaAnalysis.javaAnalysis(config, filesFound[0]);
+                    }
+                    break;
+                case JAVASCRIPT:
+                    messageToSend = await jsAnalysis.jsAnalysis(config, filesFound[0]);
+                    config.language = NODE;
+                    break;
+                case PYTHON:
+                    messageToSend = pythonAnalysis(config, filesFound[0]);
+                    config.language = PYTHON;
+                    break;
+                case RUBY:
+                    messageToSend = rubyAnalysis(config, filesFound[0]);
+                    config.language = RUBY;
+                    break;
+                case PHP:
+                    messageToSend = phpAnalysis(config, filesFound[0]);
+                    config.language = PHP;
+                    break;
+                case GO:
+                    messageToSend = goAnalysis(config, filesFound[0]);
+                    config.language = GO;
+                    break;
+                case DOTNET:
+                    messageToSend = dotNetAnalysis(config, filesFound[0]);
+                    config.language = DOTNET;
+                    break;
+                default:
+                    console.log('No supported language detected in project path');
+                    return;
             }
-            const endTime = performance.now() - startTime;
-            const scanDurationMs = endTime - startTime;
-            console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
-        }
-        else {
-            console.log('');
-            const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
-            startSpinner(reportSpinner);
-            const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
-            await pollForSnapshotCompletion(config, snapshotResponse.id, reportSpinner);
-            succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
-            await vulnerabilityReportV2(config, snapshotResponse.id);
-            if (config.save !== undefined) {
-                await auditSave.auditSave(config);
+            if (!config.applicationId) {
+                config.applicationId = await auditController.dealWithNoAppId(config);
+            }
+            if (config.experimental) {
+                console.log('');
+                const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
+                startSpinner(reportSpinner);
+                const [reports, reportId] = await scaUpload.scaTreeUpload(messageToSend, config);
+                auditReport.processAuditReport(config, reports[0]);
+                succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
+                if (config.save !== undefined) {
+                    await auditSave.auditSave(config, reportId);
+                }
+                else {
+                    console.log('Use contrast audit --save to generate an SBOM');
+                }
+                const endTime = performance.now() - startTime;
+                const scanDurationMs = endTime - startTime;
+                console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
+            }
+            else {
+                console.log('');
+                const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
+                startSpinner(reportSpinner);
+                const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
+                await pollForSnapshotCompletion(config, snapshotResponse.id, reportSpinner);
+                succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
+                await vulnerabilityReportV2(config, snapshotResponse.id);
+                if (config.save !== undefined) {
+                    await auditSave.auditSave(config);
+                }
+                else {
+                    console.log('\nUse contrast audit --save to generate an SBOM');
+                }
+                const endTime = performance.now() - startTime;
+                const scanDurationMs = endTime - startTime;
+                console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
             }
-            const endTime = performance.now() - startTime;
-            const scanDurationMs = endTime - startTime;
-            console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
-        }
-    }
-    else {
-        if (filesFound.length === 0) {
-            console.log(i18n.__('languageAnalysisNoLanguage'));
-            console.log(i18n.__('languageAnalysisNoLanguageHelpLine'));
-            throw new Error();
         }
         else {
-            console.log(chalk.bold(`\nMultiple language files detected \n`));
-            filesFound.forEach(file => {
-                console.log(`${Object.keys(file)[0]} : `, Object.values(file)[0]);
-            });
-            throw new Error(`Please use --file to audit one language only. \nExample: contrast audit --file package-lock.json`);
+            if (filesFound.length === 0) {
+                console.log(i18n.__('languageAnalysisNoLanguage'));
+                console.log(i18n.__('languageAnalysisNoLanguageHelpLine'));
+                throw new Error();
+            }
+            else {
+                console.log(chalk.bold(`\nMultiple language files detected \n`));
+                filesFound.forEach(file => {
+                    console.log(`${Object.keys(file)[0]} : `, Object.values(file)[0]);
+                });
+                throw new Error(`Please use --file to audit one language only. \nExample: contrast audit --file package-lock.json`);
+            }
         }
     }
 };

package/dist/common/commonHelp.js

@@ -1,19 +1,37 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
+const i18n = require('i18n');
+const chalk = require('chalk');
+const commonHelpLinks = () => {
+    return [
+        {
+            header: i18n.__('commonHelpHeader'),
+            content: [
+                i18n.__('commonHelpCheckOutHeader') + i18n.__('commonHelpCheckOutText'),
+                i18n.__('commonHelpLearnMoreHeader') +
+                    i18n.__('commonHelpLearnMoreText'),
+                i18n.__('commonHelpJoinDiscussionHeader') +
+                    i18n.__('commonHelpJoinDiscussionText')
+            ]
+        },
+        {
+            header: i18n.__('commonHelpEnterpriseHeader'),
+            content: [
+                i18n.__('commonHelpLearnMoreEnterpriseHeader') +
+                    i18n.__('commonHelpLearnMoreEnterpriseText')
+            ]
+        }
+    ];
+};
+const postRunMessage = commandName => {
+    console.log('\n' + chalk.underline.bold('Other Features:'));
+    if (commandName !== 'scan')
+        console.log("'contrast scan' to run Contrasts’ industry leading SAST scanner");
+    if (commandName !== 'audit')
+        console.log("'contrast audit' to find vulnerabilities in your open source dependencies");
+    if (commandName !== 'lambda')
+        console.log("'contrast lambda' to secure your AWS serverless functions");
+};
+module.exports = {
+    commonHelpLinks,
+    postRunMessage
 };
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.commonHelpLinks = void 0;
-const i18n_1 = __importDefault(require("i18n"));
-function commonHelpLinks() {
-    return {
-        header: i18n_1.default.__('commonHelpHeader'),
-        content: [
-            i18n_1.default.__('commonHelpCheckOutHeader') + i18n_1.default.__('commonHelpCheckOutText'),
-            i18n_1.default.__('commonHelpLearnMoreHeader') + i18n_1.default.__('commonHelpLearnMoreText'),
-            i18n_1.default.__('commonHelpJoinDiscussionHeader') +
-                i18n_1.default.__('commonHelpJoinDiscussionText')
-        ]
-    };
-}
-exports.commonHelpLinks = commonHelpLinks;