@contrast/contrast 1.0.16 → 1.0.18

package/dist/commands/scan/sca/scaAnalysis.js

@@ -11,7 +11,7 @@ const path = require('path');
 const i18n = require('i18n');
 const auditSave = require('../../../audit/save');
 const { auditUsageGuide } = require('../../audit/help');
-const { buildRepo } = require('../../../scaAnalysis/repoMode/index');
+const repoMode = require('../../../scaAnalysis/repoMode/index');
 const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet');
 const { goAnalysis } = require('../../../scaAnalysis/go/goAnalysis');
 const { phpAnalysis } = require('../../../scaAnalysis/php/index');
@@ -23,6 +23,7 @@ const auditReport = require('../../../scaAnalysis/common/auditReport');
 const scaUpload = require('../../../scaAnalysis/common/scaServicesUpload');
 const settingsHelper = require('../../../utils/settingsHelper');
 const chalk = require('chalk');
+const saveResults = require('../../../scan/saveResults');
 const processSca = async (config) => {
     config = await settingsHelper.getSettings(config);
     const startTime = performance.now();
@@ -37,99 +38,115 @@ const processSca = async (config) => {
     config.file = pathWithFile
         ? rootFile.getDirectoryFromPathGiven(config.file).concat('/')
         : config.file;
-    filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
-    if (filesFound.length > 1 && pathWithFile) {
-        filesFound = filesFound.filter(i => Object.values(i)[0].includes(path.basename(config.fileName)));
+    if (config.fingerprint && config.experimental) {
+        let fingerprint = await autoDetection.autoDetectFingerprintInfo(config.file);
+        let idArray = fingerprint.map(x => x.id);
+        await saveResults.writeResultsToFile(fingerprint, 'fingerPrintInfo.json');
+        console.log(idArray);
     }
-    if (config.mode === 'repo') {
-        try {
-            return buildRepo(config, filesFound[0]);
-        }
-        catch (e) {
-            console.log('Unable to build in repository mode. Check your project file');
-            process.exit(0);
-        }
-    }
-    let messageToSend = undefined;
-    if (filesFound.length === 1) {
-        switch (Object.keys(filesFound[0])[0]) {
-            case JAVA:
-                messageToSend = javaAnalysis.javaAnalysis(config, filesFound[0]);
-                config.language = JAVA;
-                break;
-            case JAVASCRIPT:
-                messageToSend = await jsAnalysis.jsAnalysis(config, filesFound[0]);
-                config.language = NODE;
-                break;
-            case PYTHON:
-                messageToSend = pythonAnalysis(config, filesFound[0]);
-                config.language = PYTHON;
-                break;
-            case RUBY:
-                messageToSend = rubyAnalysis(config, filesFound[0]);
-                config.language = RUBY;
-                break;
-            case PHP:
-                messageToSend = phpAnalysis(config, filesFound[0]);
-                config.language = PHP;
-                break;
-            case GO:
-                messageToSend = goAnalysis(config, filesFound[0]);
-                config.language = GO;
-                break;
-            case DOTNET:
-                messageToSend = dotNetAnalysis(config, filesFound[0]);
-                config.language = DOTNET;
-                break;
-            default:
-                console.log('No supported language detected in project path');
-                return;
-        }
-        if (!config.applicationId) {
-            config.applicationId = await auditController.dealWithNoAppId(config);
+    else {
+        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
+        autoDetection.dealWithMultiJava(filesFound);
+        if (filesFound.length > 1 && pathWithFile) {
+            filesFound = filesFound.filter(i => Object.values(i)[0].includes(path.basename(config.fileName)));
         }
-        if (config.experimental) {
-            console.log('');
-            const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
-            startSpinner(reportSpinner);
-            const [reports, reportId] = await scaUpload.scaTreeUpload(messageToSend, config);
-            auditReport.processAuditReport(config, reports[0]);
-            succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
-            if (config.save !== undefined) {
-                await auditSave.auditSave(config, reportId);
+        let messageToSend = undefined;
+        if (filesFound.length === 1) {
+            switch (Object.keys(filesFound[0])[0]) {
+                case JAVA:
+                    config.language = JAVA;
+                    if (config.mode === 'repo') {
+                        try {
+                            return repoMode.buildRepo(config, filesFound[0]);
+                        }
+                        catch (e) {
+                            throw new Error('Unable to build in repository mode. Check your project file');
+                        }
+                    }
+                    else {
+                        messageToSend = await javaAnalysis.javaAnalysis(config, filesFound[0]);
+                    }
+                    break;
+                case JAVASCRIPT:
+                    messageToSend = await jsAnalysis.jsAnalysis(config, filesFound[0]);
+                    config.language = NODE;
+                    break;
+                case PYTHON:
+                    messageToSend = pythonAnalysis(config, filesFound[0]);
+                    config.language = PYTHON;
+                    break;
+                case RUBY:
+                    messageToSend = rubyAnalysis(config, filesFound[0]);
+                    config.language = RUBY;
+                    break;
+                case PHP:
+                    messageToSend = phpAnalysis(config, filesFound[0]);
+                    config.language = PHP;
+                    break;
+                case GO:
+                    messageToSend = goAnalysis(config, filesFound[0]);
+                    config.language = GO;
+                    break;
+                case DOTNET:
+                    messageToSend = dotNetAnalysis(config, filesFound[0]);
+                    config.language = DOTNET;
+                    break;
+                default:
+                    console.log('No supported language detected in project path');
+                    return;
             }
-            const endTime = performance.now() - startTime;
-            const scanDurationMs = endTime - startTime;
-            console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
-        }
-        else {
-            console.log('');
-            const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
-            startSpinner(reportSpinner);
-            const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
-            await pollForSnapshotCompletion(config, snapshotResponse.id, reportSpinner);
-            succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
-            await vulnerabilityReportV2(config, snapshotResponse.id);
-            if (config.save !== undefined) {
-                await auditSave.auditSave(config);
+            if (!config.applicationId) {
+                config.applicationId = await auditController.dealWithNoAppId(config);
+            }
+            if (config.experimental) {
+                console.log('');
+                const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
+                startSpinner(reportSpinner);
+                const [reports, reportId] = await scaUpload.scaTreeUpload(messageToSend, config);
+                auditReport.processAuditReport(config, reports[0]);
+                succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
+                if (config.save !== undefined) {
+                    await auditSave.auditSave(config, reportId);
+                }
+                else {
+                    console.log('Use contrast audit --save to generate an SBOM');
+                }
+                const endTime = performance.now() - startTime;
+                const scanDurationMs = endTime - startTime;
+                console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
+            }
+            else {
+                console.log('');
+                const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
+                startSpinner(reportSpinner);
+                const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
+                await pollForSnapshotCompletion(config, snapshotResponse.id, reportSpinner);
+                succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
+                await vulnerabilityReportV2(config, snapshotResponse.id);
+                if (config.save !== undefined) {
+                    await auditSave.auditSave(config);
+                }
+                else {
+                    console.log('\nUse contrast audit --save to generate an SBOM');
+                }
+                const endTime = performance.now() - startTime;
+                const scanDurationMs = endTime - startTime;
+                console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
             }
-            const endTime = performance.now() - startTime;
-            const scanDurationMs = endTime - startTime;
-            console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
-        }
-    }
-    else {
-        if (filesFound.length === 0) {
-            console.log(i18n.__('languageAnalysisNoLanguage'));
-            console.log(i18n.__('languageAnalysisNoLanguageHelpLine'));
-            throw new Error();
         }
         else {
-            console.log(chalk.bold(`\nMultiple language files detected \n`));
-            filesFound.forEach(file => {
-                console.log(`${Object.keys(file)[0]} : `, Object.values(file)[0]);
-            });
-            throw new Error(`Please use --file to audit one language only. \nExample: contrast audit --file package-lock.json`);
+            if (filesFound.length === 0) {
+                console.log(i18n.__('languageAnalysisNoLanguage'));
+                console.log(i18n.__('languageAnalysisNoLanguageHelpLine'));
+                throw new Error();
+            }
+            else {
+                console.log(chalk.bold(`\nMultiple language files detected \n`));
+                filesFound.forEach(file => {
+                    console.log(`${Object.keys(file)[0]} : `, Object.values(file)[0]);
+                });
+                throw new Error(`Please use --file to audit one language only. \nExample: contrast audit --file package-lock.json`);
+            }
         }
     }
 };

package/dist/common/HTTPClient.js

@@ -6,7 +6,7 @@ const { AUTH_CALLBACK_URL } = require('../constants/constants');
 function HTTPClient(config) {
     const apiKey = config.apiKey;
     const authToken = config.authorization;
-    this.rejectUnauthorized = !config.ignoreCertErrors;
+    this.rejectUnauthorized = !config.certSelfSigned;
     const superApiKey = config.superApiKey;
     const superAuthToken = config.superAuthorization;
     this.requestOptions = {

package/dist/common/commonHelp.js

@@ -1,19 +1,37 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
+const i18n = require('i18n');
+const chalk = require('chalk');
+const commonHelpLinks = () => {
+    return [
+        {
+            header: i18n.__('commonHelpHeader'),
+            content: [
+                i18n.__('commonHelpCheckOutHeader') + i18n.__('commonHelpCheckOutText'),
+                i18n.__('commonHelpLearnMoreHeader') +
+                    i18n.__('commonHelpLearnMoreText'),
+                i18n.__('commonHelpJoinDiscussionHeader') +
+                    i18n.__('commonHelpJoinDiscussionText')
+            ]
+        },
+        {
+            header: i18n.__('commonHelpEnterpriseHeader'),
+            content: [
+                i18n.__('commonHelpLearnMoreEnterpriseHeader') +
+                    i18n.__('commonHelpLearnMoreEnterpriseText')
+            ]
+        }
+    ];
+};
+const postRunMessage = commandName => {
+    console.log('\n' + chalk.underline.bold('Other Features:'));
+    if (commandName !== 'scan')
+        console.log("'contrast scan' to run Contrasts’ industry leading SAST scanner");
+    if (commandName !== 'audit')
+        console.log("'contrast audit' to find vulnerabilities in your open source dependencies");
+    if (commandName !== 'lambda')
+        console.log("'contrast lambda' to secure your AWS serverless functions");
+};
+module.exports = {
+    commonHelpLinks,
+    postRunMessage
 };
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.commonHelpLinks = void 0;
-const i18n_1 = __importDefault(require("i18n"));
-function commonHelpLinks() {
-    return {
-        header: i18n_1.default.__('commonHelpHeader'),
-        content: [
-            i18n_1.default.__('commonHelpCheckOutHeader') + i18n_1.default.__('commonHelpCheckOutText'),
-            i18n_1.default.__('commonHelpLearnMoreHeader') + i18n_1.default.__('commonHelpLearnMoreText'),
-            i18n_1.default.__('commonHelpJoinDiscussionHeader') +
-                i18n_1.default.__('commonHelpJoinDiscussionText')
-        ]
-    };
-}
-exports.commonHelpLinks = commonHelpLinks;

package/dist/common/errorHandling.js

@@ -1,107 +1,71 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.maxAppError = exports.reportFailureError = exports.vulnerabilitiesFailureError = exports.snapshotFailureError = exports.findCommandOnError = exports.libraryAnalysisError = exports.handleResponseErrors = exports.getErrorMessage = exports.generalError = exports.failOptionError = exports.proxyError = exports.forbiddenError = exports.badRequestError = exports.unauthenticatedError = exports.genericError = void 0;
-const i18n_1 = __importDefault(require("i18n"));
-const handleResponseErrors = (res, api) => {
-    if (res.statusCode === 400) {
-        api === 'catalogue' ? badRequestError(true) : badRequestError(false);
-    }
-    else if (res.statusCode === 401) {
-        unauthenticatedError();
-    }
-    else if (res.statusCode === 403) {
-        forbiddenError();
-    }
-    else if (res.statusCode === 407) {
-        proxyError();
-    }
-    else {
-        if (api === 'snapshot' || api === 'catalogue') {
-            snapshotFailureError();
-        }
-        if (api === 'vulnerabilities') {
-            vulnerabilitiesFailureError();
-        }
-        if (api === 'report') {
-            reportFailureError();
-        }
-    }
-};
-exports.handleResponseErrors = handleResponseErrors;
+const i18n = require('i18n');
 const libraryAnalysisError = () => {
-    console.log(i18n_1.default.__('libraryAnalysisError'));
+    console.log(i18n.__('libraryAnalysisError'));
 };
-exports.libraryAnalysisError = libraryAnalysisError;
 const snapshotFailureError = () => {
-    console.log(i18n_1.default.__('snapshotFailureMessage'));
+    console.log(i18n.__('snapshotFailureMessage'));
 };
-exports.snapshotFailureError = snapshotFailureError;
 const vulnerabilitiesFailureError = () => {
-    console.log(i18n_1.default.__('vulnerabilitiesFailureMessage'));
+    console.log(i18n.__('vulnerabilitiesFailureMessage'));
 };
-exports.vulnerabilitiesFailureError = vulnerabilitiesFailureError;
 const reportFailureError = () => {
-    console.log(i18n_1.default.__('auditReportFailureMessage'));
+    console.log(i18n.__('auditReportFailureMessage'));
 };
-exports.reportFailureError = reportFailureError;
 const genericError = () => {
-    console.error(i18n_1.default.__('genericErrorMessage'));
+    console.error(i18n.__('genericErrorMessage'));
     process.exit(1);
 };
-exports.genericError = genericError;
 const unauthenticatedError = () => {
     generalError('unauthenticatedErrorHeader', 'unauthenticatedErrorMessage');
 };
-exports.unauthenticatedError = unauthenticatedError;
-const badRequestError = (catalogue) => {
+const badRequestError = catalogue => {
     catalogue === true
         ? generalError('badRequestErrorHeader', 'badRequestCatalogueErrorMessage')
         : generalError('badRequestErrorHeader', 'badRequestErrorMessage');
 };
-exports.badRequestError = badRequestError;
 const forbiddenError = () => {
     generalError('forbiddenRequestErrorHeader', 'forbiddenRequestErrorMessage');
     process.exit(1);
 };
-exports.forbiddenError = forbiddenError;
 const proxyError = () => {
     generalError('proxyErrorHeader', 'proxyErrorMessage');
 };
-exports.proxyError = proxyError;
 const maxAppError = () => {
     generalError('No applications remaining', 'You have reached the maximum number of application you can create.');
     process.exit(1);
 };
-exports.maxAppError = maxAppError;
+const parametersError = () => {
+    generalError(`Values not recognised`, 'Check your command & keys again for hidden characters.\nFor more information use contrast help.');
+    process.exit(1);
+};
+const invalidHostNameError = () => {
+    generalError(`Invalid host`, 'Check that the host parameter does not include a trailing "/".');
+    process.exit(1);
+};
 const failOptionError = () => {
     console.log('\n ******************************** ' +
-        i18n_1.default.__('snapshotFailureHeader') +
+        i18n.__('snapshotFailureHeader') +
         ' ********************************\n' +
-        i18n_1.default.__('failOptionErrorMessage'));
+        i18n.__('failOptionErrorMessage'));
 };
-exports.failOptionError = failOptionError;
 const getErrorMessage = (header, message) => {
-    const title = `******************************** ${i18n_1.default.__(header)} ********************************`;
+    const title = `******************************** ${i18n.__(header)} ********************************`;
     const multiLine = message?.includes('\n');
     let finalMessage = '';
     if (multiLine) {
         finalMessage = `\n${message}`;
     }
     else if (message) {
-        finalMessage = `\n${i18n_1.default.__(message)}`;
+        finalMessage = `\n${i18n.__(message)}`;
     }
     return `${title}${finalMessage}`;
 };
-exports.getErrorMessage = getErrorMessage;
 const generalError = (header, message) => {
     const finalMessage = getErrorMessage(header, message);
     console.log(finalMessage);
 };
-exports.generalError = generalError;
-const findCommandOnError = (unknownOptions) => {
+const findCommandOnError = unknownOptions => {
     const commandKeywords = {
         auth: 'auth',
         audit: 'audit',
@@ -115,4 +79,21 @@ const findCommandOnError = (unknownOptions) => {
         return foundCommands[0];
     }
 };
-exports.findCommandOnError = findCommandOnError;
+module.exports = {
+    genericError,
+    unauthenticatedError,
+    badRequestError,
+    forbiddenError,
+    proxyError,
+    failOptionError,
+    generalError,
+    getErrorMessage,
+    libraryAnalysisError,
+    findCommandOnError,
+    snapshotFailureError,
+    vulnerabilitiesFailureError,
+    reportFailureError,
+    maxAppError,
+    parametersError,
+    invalidHostNameError
+};

package/dist/common/versionChecker.js

@@ -1,20 +1,15 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.isCorrectNodeVersion = exports.findLatestCLIVersion = exports.getLatestVersion = void 0;
-const constants_1 = require("../constants/constants");
-const boxen_1 = __importDefault(require("boxen"));
-const chalk_1 = __importDefault(require("chalk"));
-const semver_1 = __importDefault(require("semver"));
-const commonApi_1 = __importDefault(require("../utils/commonApi"));
-const http2_1 = require("http2");
+const { APP_VERSION } = require('../constants/constants');
+const boxen = require('boxen');
+const chalk = require('chalk');
+const semver = require('semver');
+const commonApi = require('../utils/commonApi');
+const { constants } = require('http2');
 const getLatestVersion = async (config) => {
-    const client = commonApi_1.default.getHttpClient(config);
+    const client = commonApi.getHttpClient(config);
     try {
         const res = await client.getLatestVersion();
-        if (res.statusCode === http2_1.constants.HTTP_STATUS_OK) {
+        if (res.statusCode === constants.HTTP_STATUS_OK) {
             return res.body;
         }
     }
@@ -22,24 +17,23 @@ const getLatestVersion = async (config) => {
         return undefined;
     }
 };
-exports.getLatestVersion = getLatestVersion;
-async function findLatestCLIVersion(config) {
+const findLatestCLIVersion = async (config) => {
     const isCI = process.env.CONTRAST_CODESEC_CI
         ? JSON.parse(process.env.CONTRAST_CODESEC_CI.toLowerCase())
         : false;
     if (!isCI) {
-        let latestCLIVersion = await (0, exports.getLatestVersion)(config);
+        let latestCLIVersion = await getLatestVersion(config);
         if (latestCLIVersion === undefined) {
             config.set('numOfRuns', 0);
             console.log('Failed to retrieve latest version info. Continuing execution.');
             return;
         }
         latestCLIVersion = latestCLIVersion.substring(8).replace('\n', '');
-        if (semver_1.default.lt(constants_1.APP_VERSION, latestCLIVersion)) {
-            const updateAvailableMessage = `Update available ${chalk_1.default.yellow(constants_1.APP_VERSION)} → ${chalk_1.default.green(latestCLIVersion)}`;
-            const npmUpdateAvailableCommand = `Run ${chalk_1.default.cyan('npm i @contrast/contrast -g')} to update via npm`;
-            const homebrewUpdateAvailableCommand = `Run ${chalk_1.default.cyan('brew install contrastsecurity/tap/contrast')} to update via brew`;
-            console.log((0, boxen_1.default)(`${updateAvailableMessage}\n${npmUpdateAvailableCommand}\n\n${homebrewUpdateAvailableCommand}`, {
+        if (semver.lt(APP_VERSION, latestCLIVersion)) {
+            const updateAvailableMessage = `Update available ${chalk.yellow(APP_VERSION)} → ${chalk.green(latestCLIVersion)}`;
+            const npmUpdateAvailableCommand = `Run ${chalk.cyan('npm i @contrast/contrast -g')} to update via npm`;
+            const homebrewUpdateAvailableCommand = `Run ${chalk.cyan('brew install contrastsecurity/tap/contrast')} to update via brew`;
+            console.log(boxen(`${updateAvailableMessage}\n${npmUpdateAvailableCommand}\n\n${homebrewUpdateAvailableCommand}`, {
                 titleAlignment: 'center',
                 margin: 1,
                 padding: 1,
@@ -47,9 +41,12 @@ async function findLatestCLIVersion(config) {
             }));
         }
     }
-}
-exports.findLatestCLIVersion = findLatestCLIVersion;
-async function isCorrectNodeVersion(currentVersion) {
-    return semver_1.default.satisfies(currentVersion, '>=16');
-}
-exports.isCorrectNodeVersion = isCorrectNodeVersion;
+};
+const isCorrectNodeVersion = async (currentVersion) => {
+    return semver.satisfies(currentVersion, '>=16');
+};
+module.exports = {
+    getLatestVersion,
+    findLatestCLIVersion,
+    isCorrectNodeVersion
+};

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.16';
+const APP_VERSION = '1.0.18';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';