@contrast/contrast 1.0.16 → 1.0.18

package/dist/audit/catalogueApplication/catalogueApplication.js

@@ -39,7 +39,7 @@ const tryRetrieveAppIdFromMessages = messages => {
     return appId;
 };
 module.exports = {
-    catalogueApplication: catalogueApplication,
+    catalogueApplication,
     doesMessagesContainAppId,
     tryRetrieveAppIdFromMessages
 };

package/dist/cliConstants.js

@@ -10,7 +10,7 @@ i18n.configure({
     },
     defaultLocale: 'en'
 });
-const sharedOptionDefinitions = [
+const sharedCertOptionDefinitions = [
     {
         name: 'proxy',
         description: '{bold ' +
@@ -40,40 +40,48 @@ const sharedOptionDefinitions = [
             i18n.__('constantsProxyCert')
     },
     {
-        name: 'ignore-cert-errors',
+        name: 'cert-self-signed',
         type: Boolean,
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}:' +
-            i18n.__('constantsIgnoreCertErrors')
+            i18n.__('constantsCertSelfSigned')
     }
 ];
-const scanOptionDefinitions = [
-    ...sharedOptionDefinitions,
+const sharedConnectionOptionDefinitions = [
     {
-        name: 'name',
-        alias: 'n',
+        name: 'organization-id',
+        alias: 'o',
         description: '{bold ' +
-            i18n.__('constantsOptional') +
+            i18n.__('constantsRequiredEnterprise') +
             '}: ' +
-            i18n.__('constantsProjectName')
+            i18n.__('constantsOrganizationId')
     },
     {
-        name: 'language',
-        alias: 'l',
+        name: 'api-key',
         description: '{bold ' +
-            i18n.__('constantsOptional') +
+            i18n.__('constantsRequiredEnterprise') +
             '}: ' +
-            i18n.__('scanOptionsLanguageSummary')
+            i18n.__('constantsApiKey')
     },
     {
-        name: 'file',
-        alias: 'f',
+        name: 'authorization',
         description: '{bold ' +
-            i18n.__('constantsOptional') +
+            i18n.__('constantsRequiredEnterprise') +
             '}: ' +
-            i18n.__('scanOptionsFileNameSummary')
+            i18n.__('constantsAuthorization')
     },
+    {
+        name: 'host',
+        description: '{bold ' +
+            i18n.__('constantsRequiredEnterprise') +
+            '}: ' +
+            i18n.__('constantsHostId')
+    }
+];
+const scanAdvancedOptionDefinitionsForHelp = [
+    ...sharedConnectionOptionDefinitions,
+    ...sharedCertOptionDefinitions,
     {
         name: 'project-id',
         alias: 'p',
@@ -83,49 +91,52 @@ const scanOptionDefinitions = [
             i18n.__('constantsProjectId')
     },
     {
-        name: 'project-path',
+        name: 'language',
+        alias: 'l',
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('constantsProjectPath')
+            i18n.__('scanOptionsLanguageSummary')
     },
     {
-        name: 'timeout',
-        alias: 't',
-        type: Number,
+        name: 'ff',
+        type: Boolean,
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('scanOptionsTimeoutSummary')
+            i18n.__('constantsDoNotWaitForScan')
     },
     {
-        name: 'organization-id',
-        alias: 'o',
-        description: '{bold ' +
-            i18n.__('constantsRequired') +
-            '}: ' +
-            i18n.__('constantsOrganizationId')
-    },
+        name: 'label',
+        description: '{bold ' + i18n.__('constantsOptional') + '}:' + i18n.__('scanLabel')
+    }
+];
+const scanOptionDefinitions = [
+    ...scanAdvancedOptionDefinitionsForHelp,
     {
-        name: 'api-key',
+        name: 'name',
+        alias: 'n',
         description: '{bold ' +
-            i18n.__('constantsRequired') +
+            i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('constantsApiKey')
+            i18n.__('constantsProjectName')
     },
     {
-        name: 'authorization',
+        name: 'file',
+        alias: 'f',
         description: '{bold ' +
-            i18n.__('constantsRequired') +
+            i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('constantsAuthorization')
+            i18n.__('scanOptionsFileNameSummary')
     },
     {
-        name: 'host',
+        name: 'timeout',
+        alias: 't',
+        type: Number,
         description: '{bold ' +
-            i18n.__('constantsRequired') +
+            i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('constantsHostId')
+            i18n.__('scanOptionsTimeoutSummary')
     },
     {
         name: 'fail',
@@ -143,14 +154,6 @@ const scanOptionDefinitions = [
             '}: ' +
             i18n.__('constantsSeverity')
     },
-    {
-        name: 'ff',
-        type: Boolean,
-        description: '{bold ' +
-            i18n.__('constantsOptional') +
-            '}: ' +
-            i18n.__('constantsDoNotWaitForScan')
-    },
     {
         name: 'verbose',
         alias: 'v',
@@ -165,10 +168,6 @@ const scanOptionDefinitions = [
         alias: 's',
         description: '{bold ' + i18n.__('constantsOptional') + '}:' + i18n.__('constantsSave')
     },
-    {
-        name: 'label',
-        description: '{bold ' + i18n.__('constantsOptional') + '}:' + i18n.__('scanLabel')
-    },
     {
         name: 'help',
         alias: 'h',
@@ -183,13 +182,6 @@ const scanOptionDefinitions = [
         name: 'experimental',
         alias: 'e',
         type: Boolean
-    },
-    {
-        name: 'application-name',
-        description: '{bold ' +
-            i18n.__('constantsOptional') +
-            '}: ' +
-            i18n.__('constantsApplicationName')
     }
 ];
 const authOptionDefinitions = [
@@ -213,8 +205,9 @@ const configOptionDefinitions = [
         description: 'Clear the currently stored config'
     }
 ];
-const auditOptionDefinitions = [
-    ...sharedOptionDefinitions,
+const auditAdvancedOptionDefinitionsForHelp = [
+    ...sharedConnectionOptionDefinitions,
+    ...sharedCertOptionDefinitions,
     {
         name: 'application-id',
         description: '{bold ' +
@@ -229,35 +222,10 @@ const auditOptionDefinitions = [
             '}: ' +
             i18n.__('constantsApplicationName')
     },
-    {
-        name: 'file',
-        alias: 'f',
-        defaultValue: process.cwd().concat('/'),
-        description: '{bold ' +
-            i18n.__('constantsOptional') +
-            '}: ' +
-            i18n.__('constantsFilePath')
-    },
-    {
-        name: 'fail',
-        type: Boolean,
-        description: '{bold ' +
-            i18n.__('constantsOptional') +
-            '}: ' +
-            i18n.__('failOptionMessage')
-    },
-    {
-        name: 'severity',
-        type: severity => parseSeverity(severity),
-        description: '{bold ' +
-            i18n.__('constantsOptional') +
-            '}: ' +
-            i18n.__('constantsSeverity')
-    },
     {
         name: 'app-groups',
         description: '{bold ' +
-            i18n.__('constantsOptionalForCatalogue') +
+            i18n.__('constantsOptional') +
             '}: ' +
             i18n.__('constantsAppGroups')
     },
@@ -284,45 +252,52 @@ const auditOptionDefinitions = [
         description: '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('constantsCode')
     },
     {
-        name: 'ignore-dev',
-        type: Boolean,
-        alias: 'i',
+        name: 'maven-settings-path',
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('constantsIgnoreDev')
-    },
-    {
-        name: 'maven-settings-path'
-    },
+            i18n.__('constantsMavenSettingsPath')
+    }
+];
+const auditOptionDefinitions = [
+    ...auditAdvancedOptionDefinitionsForHelp,
     {
-        name: 'organization-id',
-        alias: 'o',
+        name: 'file',
+        alias: 'f',
+        defaultValue: process.cwd().concat('/'),
         description: '{bold ' +
-            i18n.__('constantsRequired') +
+            i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('constantsOrganizationId')
+            i18n.__('constantsFilePath')
     },
     {
-        name: 'api-key',
+        name: 'fail',
+        type: Boolean,
         description: '{bold ' +
-            i18n.__('constantsRequired') +
+            i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('constantsApiKey')
+            i18n.__('failOptionMessage')
     },
     {
-        name: 'authorization',
+        name: 'severity',
+        type: severity => parseSeverity(severity),
         description: '{bold ' +
-            i18n.__('constantsRequired') +
+            i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('constantsAuthorization')
+            i18n.__('constantsSeverity')
     },
     {
-        name: 'host',
+        name: 'ignore-dev',
+        type: Boolean,
+        alias: 'i',
         description: '{bold ' +
-            i18n.__('constantsRequired') +
+            i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('constantsHostId')
+            i18n.__('constantsIgnoreDev')
+    },
+    {
+        name: 'fingerprint',
+        type: Boolean
     },
     {
         name: 'save',
@@ -406,13 +381,18 @@ const mainUsageGuide = commandLineUsage([
             { name: i18n.__('helpName'), summary: i18n.__('helpSummary') }
         ]
     },
+    {
+        header: i18n.__('constantsAdvancedOptions'),
+        optionList: sharedCertOptionDefinitions
+    },
     {
         header: i18n.__('configHeader2'),
         content: [
             { name: i18n.__('clearHeader'), summary: i18n.__('clearContent') }
         ]
     },
-    commonHelpLinks()
+    commonHelpLinks()[0],
+    commonHelpLinks()[1]
 ]);
 const mainDefinition = [{ name: 'command', defaultOption: true }];
 module.exports = {
@@ -422,6 +402,8 @@ module.exports = {
         scanOptionDefinitions,
         auditOptionDefinitions,
         authOptionDefinitions,
-        configOptionDefinitions
+        configOptionDefinitions,
+        scanAdvancedOptionDefinitionsForHelp,
+        auditAdvancedOptionDefinitionsForHelp
     }
 };

package/dist/commands/audit/auditConfig.js

@@ -1,15 +1,13 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAuditConfig = void 0;
-const paramHandler_1 = __importDefault(require("../../utils/paramsUtil/paramHandler"));
-const cliConstants_1 = __importDefault(require("../../cliConstants"));
-const parsedCLIOptions_1 = require("../../utils/parsedCLIOptions");
+const { getCommandLineArgsCustom } = require('../../utils/parsedCLIOptions');
+const constants = require('../../cliConstants');
+const paramHandler = require('../../utils/paramsUtil/paramHandler');
 const getAuditConfig = async (contrastConf, command, argv) => {
-    const auditParameters = await (0, parsedCLIOptions_1.getCommandLineArgsCustom)(contrastConf, command, argv, cliConstants_1.default.commandLineDefinitions.auditOptionDefinitions);
-    const paramsAuth = paramHandler_1.default.getAuth(auditParameters);
-    return { ...paramsAuth, ...auditParameters };
+    const auditParameters = await getCommandLineArgsCustom(contrastConf, command, argv, constants.commandLineDefinitions.auditOptionDefinitions);
+    const paramsAuth = paramHandler.getAuth(auditParameters);
+    const javaAgreement = paramHandler.getAgreement();
+    return { ...paramsAuth, ...auditParameters, ...javaAgreement };
+};
+module.exports = {
+    getAuditConfig
 };
-exports.getAuditConfig = getAuditConfig;

package/dist/commands/audit/auditController.js

@@ -1,23 +1,18 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAppName = exports.dealWithNoAppId = void 0;
-const catalogueApplication_1 = require("../../audit/catalogueApplication/catalogueApplication");
-const commonApi_1 = __importDefault(require("../../audit/languageAnalysisEngine/commonApi"));
+const catalogue = require('../../audit/catalogueApplication/catalogueApplication');
+const commonApi = require('../../audit/languageAnalysisEngine/commonApi');
 const dealWithNoAppId = async (config) => {
     let appID;
     try {
-        appID = await commonApi_1.default.returnAppId(config);
+        appID = await commonApi.returnAppId(config);
         if (!appID && config.applicationName) {
-            return await (0, catalogueApplication_1.catalogueApplication)(config);
+            return await catalogue.catalogueApplication(config);
         }
         if (!appID && !config.applicationName) {
-            config.applicationName = (0, exports.getAppName)(config.file);
-            appID = await commonApi_1.default.returnAppId(config);
+            config.applicationName = getAppName(config.file);
+            appID = await commonApi.returnAppId(config);
             if (!appID) {
-                return await (0, catalogueApplication_1.catalogueApplication)(config);
+                return await catalogue.catalogueApplication(config);
             }
         }
     }
@@ -30,8 +25,7 @@ const dealWithNoAppId = async (config) => {
     }
     return appID;
 };
-exports.dealWithNoAppId = dealWithNoAppId;
-const getAppName = (file) => {
+const getAppName = file => {
     const last = file.charAt(file.length - 1);
     if (last !== '/') {
         return file.split('/').pop();
@@ -41,7 +35,9 @@ const getAppName = (file) => {
         return str.split('/').pop();
     }
 };
-exports.getAppName = getAppName;
-const removeLastChar = (str) => {
+const removeLastChar = str => {
     return str.substring(0, str.length - 1);
 };
+module.exports = {
+    dealWithNoAppId
+};

package/dist/commands/audit/help.js

@@ -1,36 +1,31 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.auditUsageGuide = void 0;
-const command_line_usage_1 = __importDefault(require("command-line-usage"));
-const i18n_1 = __importDefault(require("i18n"));
-const cliConstants_1 = __importDefault(require("../../cliConstants"));
-const commonHelp_1 = require("../../common/commonHelp");
-const auditUsageGuide = (0, command_line_usage_1.default)([
+const commandLineUsage = require('command-line-usage');
+const i18n = require('i18n');
+const constants = require('../../cliConstants');
+const { commonHelpLinks } = require('../../common/commonHelp');
+const auditUsageGuide = commandLineUsage([
     {
-        header: i18n_1.default.__('auditHeader'),
-        content: [i18n_1.default.__('auditHeaderMessage')]
+        header: i18n.__('auditHeader'),
+        content: [i18n.__('auditHeaderMessage')]
     },
     {
-        header: i18n_1.default.__('constantsPrerequisitesHeader'),
+        header: i18n.__('constantsPrerequisitesHeader'),
         content: [
             '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentSupportedLanguages') +
+                i18n.__('constantsAuditPrerequisitesContentSupportedLanguages') +
                 '}',
-            i18n_1.default.__('constantsAuditPrerequisitesJavaContentMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentDotNetMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentNodeMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentRubyMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentPythonMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentGoMessage'),
-            i18n_1.default.__('constantsAuditPrerequisitesContentPHPMessage')
+            i18n.__('constantsAuditPrerequisitesJavaContentMessage'),
+            i18n.__('constantsAuditPrerequisitesContentDotNetMessage'),
+            i18n.__('constantsAuditPrerequisitesContentNodeMessage'),
+            i18n.__('constantsAuditPrerequisitesContentRubyMessage'),
+            i18n.__('constantsAuditPrerequisitesContentPythonMessage'),
+            i18n.__('constantsAuditPrerequisitesContentGoMessage'),
+            i18n.__('constantsAuditPrerequisitesContentPHPMessage')
         ]
     },
     {
-        header: i18n_1.default.__('constantsAuditOptions'),
-        optionList: cliConstants_1.default.commandLineDefinitions.auditOptionDefinitions,
+        header: i18n.__('constantsAuditOptions'),
+        optionList: constants.commandLineDefinitions.auditOptionDefinitions,
         hide: [
             'application-id',
             'application-name',
@@ -39,9 +34,12 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
             'authorization',
             'host',
             'proxy',
+            'cert',
+            'cacert',
+            'key',
             'help',
             'ff',
-            'ignore-cert-errors',
+            'cert-self-signed',
             'verbose',
             'debug',
             'experimental',
@@ -54,9 +52,17 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
             'app-groups',
             'metadata',
             'track',
+            'fingerprint',
             'branch'
         ]
     },
-    (0, commonHelp_1.commonHelpLinks)()
+    {
+        header: i18n.__('constantsAdvancedOptions'),
+        optionList: constants.commandLineDefinitions.auditAdvancedOptionDefinitionsForHelp
+    },
+    commonHelpLinks()[0],
+    commonHelpLinks()[1]
 ]);
-exports.auditUsageGuide = auditUsageGuide;
+module.exports = {
+    auditUsageGuide
+};

package/dist/commands/audit/processAudit.js

@@ -1,30 +1,24 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.processAudit = void 0;
-const auditConfig_1 = require("./auditConfig");
-const help_1 = require("./help");
-const scaAnalysis_1 = require("../scan/sca/scaAnalysis");
-const telemetry_1 = require("../../telemetry/telemetry");
-const chalk_1 = __importDefault(require("chalk"));
-const processAudit = async (contrastConf, argv) => {
-    if (argv.indexOf('--help') != -1) {
+const auditConfig = require('./auditConfig');
+const { auditUsageGuide } = require('./help');
+const scaController = require('../scan/sca/scaAnalysis');
+const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry');
+const { postRunMessage } = require('../../common/commonHelp');
+const processAudit = async (contrastConf, argvMain) => {
+    if (argvMain.indexOf('--help') !== -1) {
         printHelpMessage();
         process.exit(0);
     }
-    const config = await (0, auditConfig_1.getAuditConfig)(contrastConf, 'audit', argv);
-    await (0, scaAnalysis_1.processSca)(config);
-    postRunMessage();
-    await (0, telemetry_1.sendTelemetryConfigAsObject)(config, 'audit', argv, 'SUCCESS', config.language);
+    const config = await auditConfig.getAuditConfig(contrastConf, 'audit', argvMain);
+    await scaController.processSca(config);
+    if (!config.fingerprint) {
+        postRunMessage('audit');
+        await sendTelemetryConfigAsObject(config, 'audit', argvMain, 'SUCCESS', config.language);
+    }
 };
-exports.processAudit = processAudit;
 const printHelpMessage = () => {
-    console.log(help_1.auditUsageGuide);
+    console.log(auditUsageGuide);
 };
-const postRunMessage = () => {
-    console.log('\n' + chalk_1.default.underline.bold('Other Codesec Features:'));
-    console.log("'contrast scan' to run CodeSec’s industry leading SAST scanner");
-    console.log("'contrast lambda' to secure your AWS serverless functions\n");
+module.exports = {
+    processAudit
 };

package/dist/commands/audit/saveFile.js

@@ -1,15 +1,9 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.saveFile = void 0;
-const fs_1 = __importDefault(require("fs"));
+const fs = require('fs');
 const saveFile = (config, type, rawResults) => {
     const fileName = `${config.applicationId}-sbom-${type}.json`;
-    fs_1.default.writeFileSync(fileName, JSON.stringify(rawResults));
+    fs.writeFileSync(fileName, JSON.stringify(rawResults));
 };
-exports.saveFile = saveFile;
 module.exports = {
-    saveFile: exports.saveFile
+    saveFile
 };

package/dist/commands/scan/processScan.js

@@ -6,7 +6,7 @@ const { ScanResultsModel } = require('../../scan/models/scanResultsModel');
 const { formatScanOutput } = require('../../scan/formatScanOutput');
 const common = require('../../common/fail');
 const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry');
-const chalk = require('chalk');
+const { postRunMessage } = require('../../common/commonHelp');
 const processScan = async (contrastConf, argv) => {
     let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv);
     let output = undefined;
@@ -18,15 +18,13 @@ const processScan = async (contrastConf, argv) => {
     if (config.save !== undefined) {
         await saveScanFile(config, scanResults);
     }
+    else {
+        console.log('\nUse contrast scan --save to save results as a SARIF');
+    }
     if (config.fail) {
         common.processFail(config, output);
     }
-    postRunMessage();
-};
-const postRunMessage = () => {
-    console.log('\n' + chalk.underline.bold('Other Codesec Features:'));
-    console.log("'contrast audit' to find vulnerabilities in your open source dependencies");
-    console.log("'contrast lambda' to secure your AWS serverless functions\n");
+    postRunMessage('scan');
 };
 module.exports = {
     processScan