@contrast/contrast 1.0.16 → 1.0.17

package/src/commands/audit/{auditController.ts → auditController.js}

@@ -1,23 +1,24 @@
-import { catalogueApplication } from '../../audit/catalogueApplication/catalogueApplication'
-import commonApi from '../../audit/languageAnalysisEngine/commonApi'
+const catalogue = require('../../audit/catalogueApplication/catalogueApplication')
+const commonApi = require('../../audit/languageAnalysisEngine/commonApi')
 
-export const dealWithNoAppId = async (config: { [x: string]: string }) => {
-  let appID: string
+const dealWithNoAppId = async config => {
+  let appID
   try {
-    // @ts-ignore
     appID = await commonApi.returnAppId(config)
+
     if (!appID && config.applicationName) {
-      return await catalogueApplication(config)
+      return await catalogue.catalogueApplication(config)
     }
+
     if (!appID && !config.applicationName) {
-      config.applicationName = getAppName(config.file) as string
-      // @ts-ignore
+      config.applicationName = getAppName(config.file)
       appID = await commonApi.returnAppId(config)
+
       if (!appID) {
-        return await catalogueApplication(config)
+        return await catalogue.catalogueApplication(config)
       }
     }
-  } catch (e: any) {
+  } catch (e) {
     if (e.toString().includes('tunneling socket could not be established')) {
       console.log(e.message.toString())
       console.log(
@@ -29,7 +30,7 @@ export const dealWithNoAppId = async (config: { [x: string]: string }) => {
   return appID
 }
 
-export const getAppName = (file: string) => {
+const getAppName = file => {
   const last = file.charAt(file.length - 1)
   if (last !== '/') {
     return file.split('/').pop()
@@ -39,6 +40,10 @@ export const getAppName = (file: string) => {
   }
 }
 
-const removeLastChar = (str: string) => {
+const removeLastChar = str => {
   return str.substring(0, str.length - 1)
 }
+
+module.exports = {
+  dealWithNoAppId
+}

package/src/commands/audit/{help.ts → help.js}

@@ -1,7 +1,7 @@
-import commandLineUsage from 'command-line-usage'
-import i18n from 'i18n'
-import constants from '../../cliConstants'
-import { commonHelpLinks } from '../../common/commonHelp'
+const commandLineUsage = require('command-line-usage')
+const i18n = require('i18n')
+const constants = require('../../cliConstants')
+const { commonHelpLinks } = require('../../common/commonHelp')
 
 const auditUsageGuide = commandLineUsage([
   {
@@ -49,10 +49,13 @@ const auditUsageGuide = commandLineUsage([
       'app-groups',
       'metadata',
       'track',
-      'branch'
+      'fingerprint'
     ]
   },
-  commonHelpLinks()
+  commonHelpLinks()[0],
+  commonHelpLinks()[1]
 ])
 
-export { auditUsageGuide }
+module.exports = {
+  auditUsageGuide
+}

package/src/commands/audit/processAudit.js

@@ -0,0 +1,37 @@
+const auditConfig = require('./auditConfig')
+const { auditUsageGuide } = require('./help')
+const scaController = require('../scan/sca/scaAnalysis')
+const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry')
+const { postRunMessage } = require('../../common/commonHelp')
+
+const processAudit = async (contrastConf, argvMain) => {
+  if (argvMain.indexOf('--help') !== -1) {
+    printHelpMessage()
+    process.exit(0)
+  }
+
+  const config = await auditConfig.getAuditConfig(
+    contrastConf,
+    'audit',
+    argvMain
+  )
+  await scaController.processSca(config)
+  if (!config.fingerprint) {
+    postRunMessage('audit')
+    await sendTelemetryConfigAsObject(
+      config,
+      'audit',
+      argvMain,
+      'SUCCESS',
+      config.language
+    )
+  }
+}
+
+const printHelpMessage = () => {
+  console.log(auditUsageGuide)
+}
+
+module.exports = {
+  processAudit
+}

package/src/commands/audit/{saveFile.ts → saveFile.js}

@@ -1,6 +1,6 @@
-import fs from 'fs'
+const fs = require('fs')
 
-export const saveFile = (config: any, type: string, rawResults: any) => {
+const saveFile = (config, type, rawResults) => {
   const fileName = `${config.applicationId}-sbom-${type}.json`
   fs.writeFileSync(fileName, JSON.stringify(rawResults))
 }

package/src/commands/scan/processScan.js

@@ -5,7 +5,7 @@ const { ScanResultsModel } = require('../../scan/models/scanResultsModel')
 const { formatScanOutput } = require('../../scan/formatScanOutput')
 const common = require('../../common/fail')
 const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry')
-const chalk = require('chalk')
+const { postRunMessage } = require('../../common/commonHelp')
 
 const processScan = async (contrastConf, argv) => {
   let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv)
@@ -26,21 +26,15 @@ const processScan = async (contrastConf, argv) => {
 
   if (config.save !== undefined) {
     await saveScanFile(config, scanResults)
+  } else {
+    console.log('\nUse contrast scan --save to save results as a SARIF')
   }
 
   if (config.fail) {
     common.processFail(config, output)
   }
 
-  postRunMessage()
-}
-
-const postRunMessage = () => {
-  console.log('\n' + chalk.underline.bold('Other Codesec Features:'))
-  console.log(
-    "'contrast audit' to find vulnerabilities in your open source dependencies"
-  )
-  console.log("'contrast lambda' to secure your AWS serverless functions\n")
+  postRunMessage('scan')
 }
 
 module.exports = {

package/src/commands/scan/sca/scaAnalysis.js

@@ -20,7 +20,7 @@ const path = require('path')
 const i18n = require('i18n')
 const auditSave = require('../../../audit/save')
 const { auditUsageGuide } = require('../../audit/help')
-const { buildRepo } = require('../../../scaAnalysis/repoMode/index')
+const repoMode = require('../../../scaAnalysis/repoMode/index')
 const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet')
 const { goAnalysis } = require('../../../scaAnalysis/go/goAnalysis')
 const { phpAnalysis } = require('../../../scaAnalysis/php/index')
@@ -32,6 +32,7 @@ const auditReport = require('../../../scaAnalysis/common/auditReport')
 const scaUpload = require('../../../scaAnalysis/common/scaServicesUpload')
 const settingsHelper = require('../../../utils/settingsHelper')
 const chalk = require('chalk')
+const saveResults = require('../../../scan/saveResults')
 
 const processSca = async config => {
   //checks to see whether to use old TS / new SCA path
@@ -53,130 +54,147 @@ const processSca = async config => {
     ? rootFile.getDirectoryFromPathGiven(config.file).concat('/')
     : config.file
 
-  filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file)
-
-  if (filesFound.length > 1 && pathWithFile) {
-    filesFound = filesFound.filter(i =>
-      Object.values(i)[0].includes(path.basename(config.fileName))
+  if (config.fingerprint && config.experimental) {
+    let fingerprint = await autoDetection.autoDetectFingerprintInfo(config.file)
+    let idArray = fingerprint.map(x => x.id)
+    await saveResults.writeResultsToFile(fingerprint, 'fingerPrintInfo.json')
+    console.log(idArray)
+  } else {
+    filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(
+      config.file
     )
-  }
-
-  // files found looks like [ { javascript: [ Array ] } ]
-  //check we have the language and call the right analyser
-  //refactor new analyser and see if we can clean it up
-  if (config.mode === 'repo') {
-    try {
-      return buildRepo(config, filesFound[0])
-    } catch (e) {
-      console.log('Unable to build in repository mode. Check your project file')
-      process.exit(0)
-    }
-  }
 
-  let messageToSend = undefined
-  if (filesFound.length === 1) {
-    switch (Object.keys(filesFound[0])[0]) {
-      case JAVA:
-        messageToSend = javaAnalysis.javaAnalysis(config, filesFound[0])
-        config.language = JAVA
-        break
-      case JAVASCRIPT:
-        messageToSend = await jsAnalysis.jsAnalysis(config, filesFound[0])
-        config.language = NODE
-        break
-      case PYTHON:
-        messageToSend = pythonAnalysis(config, filesFound[0])
-        config.language = PYTHON
-        break
-      case RUBY:
-        messageToSend = rubyAnalysis(config, filesFound[0])
-        config.language = RUBY
-        break
-      case PHP:
-        messageToSend = phpAnalysis(config, filesFound[0])
-        config.language = PHP
-        break
-      case GO:
-        messageToSend = goAnalysis(config, filesFound[0])
-        config.language = GO
-        break
-      case DOTNET:
-        messageToSend = dotNetAnalysis(config, filesFound[0])
-        config.language = DOTNET
-        break
-      default:
-        //something is wrong
-        console.log('No supported language detected in project path')
-        return
-    }
-
-    if (!config.applicationId) {
-      config.applicationId = await auditController.dealWithNoAppId(config)
-    }
-
-    if (config.experimental) {
-      console.log('') //empty log for space before spinner
-      const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
-      startSpinner(reportSpinner)
-      const [reports, reportId] = await scaUpload.scaTreeUpload(
-        messageToSend,
-        config
+    if (filesFound.length > 1 && pathWithFile) {
+      filesFound = filesFound.filter(i =>
+        Object.values(i)[0].includes(path.basename(config.fileName))
       )
+    }
 
-      auditReport.processAuditReport(config, reports[0])
-      succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
-
-      if (config.save !== undefined) {
-        await auditSave.auditSave(config, reportId)
+    // files found looks like [ { javascript: [ Array ] } ]
+    //check we have the language and call the right analyser
+    let messageToSend = undefined
+    if (filesFound.length === 1) {
+      switch (Object.keys(filesFound[0])[0]) {
+        case JAVA:
+          config.language = JAVA
+
+          if (config.mode === 'repo') {
+            try {
+              return repoMode.buildRepo(config, filesFound[0])
+            } catch (e) {
+              throw new Error(
+                'Unable to build in repository mode. Check your project file'
+              )
+            }
+          } else {
+            messageToSend = await javaAnalysis.javaAnalysis(
+              config,
+              filesFound[0]
+            )
+          }
+          break
+        case JAVASCRIPT:
+          messageToSend = await jsAnalysis.jsAnalysis(config, filesFound[0])
+          config.language = NODE
+          break
+        case PYTHON:
+          messageToSend = pythonAnalysis(config, filesFound[0])
+          config.language = PYTHON
+          break
+        case RUBY:
+          messageToSend = rubyAnalysis(config, filesFound[0])
+          config.language = RUBY
+          break
+        case PHP:
+          messageToSend = phpAnalysis(config, filesFound[0])
+          config.language = PHP
+          break
+        case GO:
+          messageToSend = goAnalysis(config, filesFound[0])
+          config.language = GO
+          break
+        case DOTNET:
+          messageToSend = dotNetAnalysis(config, filesFound[0])
+          config.language = DOTNET
+          break
+        default:
+          //something is wrong
+          console.log('No supported language detected in project path')
+          return
       }
 
-      const endTime = performance.now() - startTime
-      const scanDurationMs = endTime - startTime
-      console.log(
-        `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
-      )
-    } else {
-      console.log('') //empty log for space before spinner
-      //send message to TS
-      const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
-      startSpinner(reportSpinner)
-      const snapshotResponse = await treeUpload.commonSendSnapShot(
-        messageToSend,
-        config
-      )
-
-      // poll for completion
-      await pollForSnapshotCompletion(
-        config,
-        snapshotResponse.id,
-        reportSpinner
-      )
-      succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
-
-      await vulnerabilityReportV2(config, snapshotResponse.id)
-      if (config.save !== undefined) {
-        await auditSave.auditSave(config)
+      if (!config.applicationId) {
+        config.applicationId = await auditController.dealWithNoAppId(config)
       }
-      const endTime = performance.now() - startTime
-      const scanDurationMs = endTime - startTime
 
-      console.log(
-        `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
-      )
-    }
-  } else {
-    if (filesFound.length === 0) {
-      console.log(i18n.__('languageAnalysisNoLanguage'))
-      console.log(i18n.__('languageAnalysisNoLanguageHelpLine'))
-      throw new Error()
+      if (config.experimental) {
+        console.log('') //empty log for space before spinner
+        const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
+        startSpinner(reportSpinner)
+        const [reports, reportId] = await scaUpload.scaTreeUpload(
+          messageToSend,
+          config
+        )
+
+        auditReport.processAuditReport(config, reports[0])
+        succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
+
+        if (config.save !== undefined) {
+          await auditSave.auditSave(config, reportId)
+        } else {
+          console.log('Use contrast audit --save to generate an SBOM')
+        }
+
+        const endTime = performance.now() - startTime
+        const scanDurationMs = endTime - startTime
+        console.log(
+          `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
+        )
+      } else {
+        console.log('') //empty log for space before spinner
+        //send message to TS
+        const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
+        startSpinner(reportSpinner)
+        const snapshotResponse = await treeUpload.commonSendSnapShot(
+          messageToSend,
+          config
+        )
+
+        // poll for completion
+        await pollForSnapshotCompletion(
+          config,
+          snapshotResponse.id,
+          reportSpinner
+        )
+        succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
+
+        await vulnerabilityReportV2(config, snapshotResponse.id)
+        if (config.save !== undefined) {
+          await auditSave.auditSave(config)
+        } else {
+          console.log('\nUse contrast audit --save to generate an SBOM')
+        }
+        const endTime = performance.now() - startTime
+        const scanDurationMs = endTime - startTime
+
+        console.log(
+          `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
+        )
+      }
     } else {
-      console.log(chalk.bold(`\nMultiple language files detected \n`))
-      filesFound.forEach(file => {
-        console.log(`${Object.keys(file)[0]} : `, Object.values(file)[0])
-      })
-      throw new Error(
-        `Please use --file to audit one language only. \nExample: contrast audit --file package-lock.json`
-      )
+      if (filesFound.length === 0) {
+        console.log(i18n.__('languageAnalysisNoLanguage'))
+        console.log(i18n.__('languageAnalysisNoLanguageHelpLine'))
+        throw new Error()
+      } else {
+        console.log(chalk.bold(`\nMultiple language files detected \n`))
+        filesFound.forEach(file => {
+          console.log(`${Object.keys(file)[0]} : `, Object.values(file)[0])
+        })
+        throw new Error(
+          `Please use --file to audit one language only. \nExample: contrast audit --file package-lock.json`
+        )
+      }
     }
   }
 }

package/src/common/commonHelp.js

@@ -0,0 +1,43 @@
+const i18n = require('i18n')
+const chalk = require('chalk')
+
+const commonHelpLinks = () => {
+  return [
+    {
+      header: i18n.__('commonHelpHeader'),
+      content: [
+        i18n.__('commonHelpCheckOutHeader') + i18n.__('commonHelpCheckOutText'),
+        i18n.__('commonHelpLearnMoreHeader') +
+          i18n.__('commonHelpLearnMoreText'),
+        i18n.__('commonHelpJoinDiscussionHeader') +
+          i18n.__('commonHelpJoinDiscussionText')
+      ]
+    },
+    {
+      header: i18n.__('commonHelpEnterpriseHeader'),
+      content: [
+        i18n.__('commonHelpLearnMoreEnterpriseHeader') +
+          i18n.__('commonHelpLearnMoreEnterpriseText')
+      ]
+    }
+  ]
+}
+
+const postRunMessage = commandName => {
+  console.log('\n' + chalk.underline.bold('Other Features:'))
+  if (commandName !== 'scan')
+    console.log(
+      "'contrast scan' to run Contrasts’ industry leading SAST scanner"
+    )
+  if (commandName !== 'audit')
+    console.log(
+      "'contrast audit' to find vulnerabilities in your open source dependencies"
+    )
+  if (commandName !== 'lambda')
+    console.log("'contrast lambda' to secure your AWS serverless functions")
+}
+
+module.exports = {
+  commonHelpLinks,
+  postRunMessage
+}

package/src/common/{errorHandling.ts → errorHandling.js}

@@ -1,26 +1,4 @@
-import i18n from 'i18n'
-
-const handleResponseErrors = (res: any, api: string) => {
-  if (res.statusCode === 400) {
-    api === 'catalogue' ? badRequestError(true) : badRequestError(false)
-  } else if (res.statusCode === 401) {
-    unauthenticatedError()
-  } else if (res.statusCode === 403) {
-    forbiddenError()
-  } else if (res.statusCode === 407) {
-    proxyError()
-  } else {
-    if (api === 'snapshot' || api === 'catalogue') {
-      snapshotFailureError()
-    }
-    if (api === 'vulnerabilities') {
-      vulnerabilitiesFailureError()
-    }
-    if (api === 'report') {
-      reportFailureError()
-    }
-  }
-}
+const i18n = require('i18n')
 
 const libraryAnalysisError = () => {
   console.log(i18n.__('libraryAnalysisError'))
@@ -47,7 +25,7 @@ const unauthenticatedError = () => {
   generalError('unauthenticatedErrorHeader', 'unauthenticatedErrorMessage')
 }
 
-const badRequestError = (catalogue: boolean) => {
+const badRequestError = catalogue => {
   catalogue === true
     ? generalError('badRequestErrorHeader', 'badRequestCatalogueErrorMessage')
     : generalError('badRequestErrorHeader', 'badRequestErrorMessage')
@@ -86,7 +64,7 @@ const failOptionError = () => {
  * @param message message for the error
  * @returns error in general format
  */
-const getErrorMessage = (header: string, message?: string) => {
+const getErrorMessage = (header, message) => {
   // prettier-ignore
   const title = `******************************** ${i18n.__(header)} ********************************`
   const multiLine = message?.includes('\n')
@@ -102,12 +80,12 @@ const getErrorMessage = (header: string, message?: string) => {
   return `${title}${finalMessage}`
 }
 
-const generalError = (header: string, message?: string) => {
+const generalError = (header, message) => {
   const finalMessage = getErrorMessage(header, message)
   console.log(finalMessage)
 }
 
-const findCommandOnError = (unknownOptions: string[]) => {
+const findCommandOnError = unknownOptions => {
   const commandKeywords = {
     auth: 'auth',
     audit: 'audit',
@@ -117,13 +95,11 @@ const findCommandOnError = (unknownOptions: string[]) => {
   }
 
   const containsCommandKeyword = unknownOptions.some(
-    // @ts-ignore
     command => commandKeywords[command]
   )
 
   if (containsCommandKeyword) {
     const foundCommands = unknownOptions.filter(
-      // @ts-ignore
       command => commandKeywords[command]
     )
 
@@ -132,7 +108,7 @@ const findCommandOnError = (unknownOptions: string[]) => {
   }
 }
 
-export {
+module.exports = {
   genericError,
   unauthenticatedError,
   badRequestError,
@@ -141,7 +117,6 @@ export {
   failOptionError,
   generalError,
   getErrorMessage,
-  handleResponseErrors,
   libraryAnalysisError,
   findCommandOnError,
   snapshotFailureError,

package/src/common/{versionChecker.ts → versionChecker.js}

@@ -1,12 +1,11 @@
-import { APP_VERSION } from '../constants/constants'
-import boxen from 'boxen'
-import chalk from 'chalk'
-import semver from 'semver'
-import commonApi from '../utils/commonApi'
-import { constants } from 'http2'
-import { ContrastConf } from '../utils/getConfig'
+const { APP_VERSION } = require('../constants/constants')
+const boxen = require('boxen')
+const chalk = require('chalk')
+const semver = require('semver')
+const commonApi = require('../utils/commonApi')
+const { constants } = require('http2')
 
-export const getLatestVersion = async (config: ContrastConf) => {
+const getLatestVersion = async config => {
   const client = commonApi.getHttpClient(config)
   try {
     const res = await client.getLatestVersion()
@@ -18,7 +17,7 @@ export const getLatestVersion = async (config: ContrastConf) => {
   }
 }
 
-export async function findLatestCLIVersion(config: ContrastConf) {
+const findLatestCLIVersion = async config => {
   const isCI = process.env.CONTRAST_CODESEC_CI
     ? JSON.parse(process.env.CONTRAST_CODESEC_CI.toLowerCase())
     : false
@@ -65,6 +64,12 @@ export async function findLatestCLIVersion(config: ContrastConf) {
   }
 }
 
-export async function isCorrectNodeVersion(currentVersion: string) {
+const isCorrectNodeVersion = async currentVersion => {
   return semver.satisfies(currentVersion, '>=16')
 }
+
+module.exports = {
+  getLatestVersion,
+  findLatestCLIVersion,
+  isCorrectNodeVersion
+}

package/src/constants/constants.js

@@ -14,7 +14,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 // App
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.16'
+const APP_VERSION = '1.0.17'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'

package/src/constants/locales.js

@@ -209,11 +209,11 @@ const en_locales = () => {
     constantsProxyCaCert: 'Path to the CaCert file',
     goReadProjectFile: 'Failed to read the project file @ "%s" because: "%s"',
     mavenDependencyTreeNonZero:
-      'Building maven dependancy tree failed with a non 0 exit code',
+      'Building maven dependency tree failed with a non 0 exit code',
     gradleWrapperUnavailable:
       'Gradle wrapper not found in root of project. Please ensure gradlew or gradlew.bat is in root of the project.',
     gradleDependencyTreeNonZero:
-      "Building gradle dependancy tree failed with a non 0 exit code. \n Please check you have the correct version of Java installed to compile your project? \n If running against a muti module project ensure you are using the '--sub-project' flag",
+      "Building gradle dependency tree failed with a non 0 exit code. \n Please check you have the correct version of Java installed to compile your project? \n If running against a muti module project ensure you are using the '--sub-project' flag",
     constantsMetadata:
       'Define a set of key=value pairs (which conforms to RFC 2253) for specifying user-defined metadata associated with the application.',
     constantsTags:
@@ -415,10 +415,14 @@ const en_locales = () => {
     auditSCAAnalysisBegins: 'Contrast SCA audit started',
     auditSCAAnalysisComplete: 'Contrast audit complete',
     commonHelpHeader: 'Need More Help?',
+    commonHelpEnterpriseHeader: 'Existing Contrast user?',
     commonHelpCheckOutHeader: chalk.hex('#9DC184')('Check out:'),
     commonHelpCheckOutText: ' https://support.contrastsecurity.com',
     commonHelpLearnMoreHeader: chalk.hex('#9DC184')('Learn more at:'),
-    commonHelpLearnMoreText: ' https://developer.contrastsecurity.com',
+    commonHelpLearnMoreEnterpriseHeader: chalk.hex('#9DC184')('Read our docs:'),
+    commonHelpLearnMoreText: ' https://www.contrastsecurity.com/developer ',
+    commonHelpLearnMoreEnterpriseText:
+      ' https://docs.contrastsecurity.com/en/run-contrast-cli.html ',
     commonHelpJoinDiscussionHeader: chalk.hex('#9DC184')(
       'Join the discussion:'
     ),

package/src/lambda/help.ts

@@ -81,7 +81,8 @@ const lambdaUsageGuide = commandLineUsage([
       { name: i18n.__('lambdaHelpOption'), summary: i18n.__('helpSummary') }
     ]
   },
-  commonHelpLinks()
+  commonHelpLinks()[0],
+  commonHelpLinks()[1]
 ])
 
 export { lambdaUsageGuide }