@contrast/contrast 1.0.16 → 1.0.18

package/src/commands/scan/sca/scaAnalysis.js

@@ -20,7 +20,7 @@ const path = require('path')
 const i18n = require('i18n')
 const auditSave = require('../../../audit/save')
 const { auditUsageGuide } = require('../../audit/help')
-const { buildRepo } = require('../../../scaAnalysis/repoMode/index')
+const repoMode = require('../../../scaAnalysis/repoMode/index')
 const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet')
 const { goAnalysis } = require('../../../scaAnalysis/go/goAnalysis')
 const { phpAnalysis } = require('../../../scaAnalysis/php/index')
@@ -32,6 +32,7 @@ const auditReport = require('../../../scaAnalysis/common/auditReport')
 const scaUpload = require('../../../scaAnalysis/common/scaServicesUpload')
 const settingsHelper = require('../../../utils/settingsHelper')
 const chalk = require('chalk')
+const saveResults = require('../../../scan/saveResults')
 
 const processSca = async config => {
   //checks to see whether to use old TS / new SCA path
@@ -53,130 +54,149 @@ const processSca = async config => {
     ? rootFile.getDirectoryFromPathGiven(config.file).concat('/')
     : config.file
 
-  filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file)
-
-  if (filesFound.length > 1 && pathWithFile) {
-    filesFound = filesFound.filter(i =>
-      Object.values(i)[0].includes(path.basename(config.fileName))
+  if (config.fingerprint && config.experimental) {
+    let fingerprint = await autoDetection.autoDetectFingerprintInfo(config.file)
+    let idArray = fingerprint.map(x => x.id)
+    await saveResults.writeResultsToFile(fingerprint, 'fingerPrintInfo.json')
+    console.log(idArray)
+  } else {
+    filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(
+      config.file
     )
-  }
-
-  // files found looks like [ { javascript: [ Array ] } ]
-  //check we have the language and call the right analyser
-  //refactor new analyser and see if we can clean it up
-  if (config.mode === 'repo') {
-    try {
-      return buildRepo(config, filesFound[0])
-    } catch (e) {
-      console.log('Unable to build in repository mode. Check your project file')
-      process.exit(0)
-    }
-  }
 
-  let messageToSend = undefined
-  if (filesFound.length === 1) {
-    switch (Object.keys(filesFound[0])[0]) {
-      case JAVA:
-        messageToSend = javaAnalysis.javaAnalysis(config, filesFound[0])
-        config.language = JAVA
-        break
-      case JAVASCRIPT:
-        messageToSend = await jsAnalysis.jsAnalysis(config, filesFound[0])
-        config.language = NODE
-        break
-      case PYTHON:
-        messageToSend = pythonAnalysis(config, filesFound[0])
-        config.language = PYTHON
-        break
-      case RUBY:
-        messageToSend = rubyAnalysis(config, filesFound[0])
-        config.language = RUBY
-        break
-      case PHP:
-        messageToSend = phpAnalysis(config, filesFound[0])
-        config.language = PHP
-        break
-      case GO:
-        messageToSend = goAnalysis(config, filesFound[0])
-        config.language = GO
-        break
-      case DOTNET:
-        messageToSend = dotNetAnalysis(config, filesFound[0])
-        config.language = DOTNET
-        break
-      default:
-        //something is wrong
-        console.log('No supported language detected in project path')
-        return
-    }
-
-    if (!config.applicationId) {
-      config.applicationId = await auditController.dealWithNoAppId(config)
-    }
+    autoDetection.dealWithMultiJava(filesFound)
 
-    if (config.experimental) {
-      console.log('') //empty log for space before spinner
-      const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
-      startSpinner(reportSpinner)
-      const [reports, reportId] = await scaUpload.scaTreeUpload(
-        messageToSend,
-        config
+    if (filesFound.length > 1 && pathWithFile) {
+      filesFound = filesFound.filter(i =>
+        Object.values(i)[0].includes(path.basename(config.fileName))
       )
+    }
 
-      auditReport.processAuditReport(config, reports[0])
-      succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
-
-      if (config.save !== undefined) {
-        await auditSave.auditSave(config, reportId)
+    // files found looks like [ { javascript: [ Array ] } ]
+    //check we have the language and call the right analyser
+    let messageToSend = undefined
+    if (filesFound.length === 1) {
+      switch (Object.keys(filesFound[0])[0]) {
+        case JAVA:
+          config.language = JAVA
+
+          if (config.mode === 'repo') {
+            try {
+              return repoMode.buildRepo(config, filesFound[0])
+            } catch (e) {
+              throw new Error(
+                'Unable to build in repository mode. Check your project file'
+              )
+            }
+          } else {
+            messageToSend = await javaAnalysis.javaAnalysis(
+              config,
+              filesFound[0]
+            )
+          }
+          break
+        case JAVASCRIPT:
+          messageToSend = await jsAnalysis.jsAnalysis(config, filesFound[0])
+          config.language = NODE
+          break
+        case PYTHON:
+          messageToSend = pythonAnalysis(config, filesFound[0])
+          config.language = PYTHON
+          break
+        case RUBY:
+          messageToSend = rubyAnalysis(config, filesFound[0])
+          config.language = RUBY
+          break
+        case PHP:
+          messageToSend = phpAnalysis(config, filesFound[0])
+          config.language = PHP
+          break
+        case GO:
+          messageToSend = goAnalysis(config, filesFound[0])
+          config.language = GO
+          break
+        case DOTNET:
+          messageToSend = dotNetAnalysis(config, filesFound[0])
+          config.language = DOTNET
+          break
+        default:
+          //something is wrong
+          console.log('No supported language detected in project path')
+          return
       }
 
-      const endTime = performance.now() - startTime
-      const scanDurationMs = endTime - startTime
-      console.log(
-        `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
-      )
-    } else {
-      console.log('') //empty log for space before spinner
-      //send message to TS
-      const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
-      startSpinner(reportSpinner)
-      const snapshotResponse = await treeUpload.commonSendSnapShot(
-        messageToSend,
-        config
-      )
-
-      // poll for completion
-      await pollForSnapshotCompletion(
-        config,
-        snapshotResponse.id,
-        reportSpinner
-      )
-      succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
-
-      await vulnerabilityReportV2(config, snapshotResponse.id)
-      if (config.save !== undefined) {
-        await auditSave.auditSave(config)
+      if (!config.applicationId) {
+        config.applicationId = await auditController.dealWithNoAppId(config)
       }
-      const endTime = performance.now() - startTime
-      const scanDurationMs = endTime - startTime
 
-      console.log(
-        `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
-      )
-    }
-  } else {
-    if (filesFound.length === 0) {
-      console.log(i18n.__('languageAnalysisNoLanguage'))
-      console.log(i18n.__('languageAnalysisNoLanguageHelpLine'))
-      throw new Error()
+      if (config.experimental) {
+        console.log('') //empty log for space before spinner
+        const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
+        startSpinner(reportSpinner)
+        const [reports, reportId] = await scaUpload.scaTreeUpload(
+          messageToSend,
+          config
+        )
+
+        auditReport.processAuditReport(config, reports[0])
+        succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
+
+        if (config.save !== undefined) {
+          await auditSave.auditSave(config, reportId)
+        } else {
+          console.log('Use contrast audit --save to generate an SBOM')
+        }
+
+        const endTime = performance.now() - startTime
+        const scanDurationMs = endTime - startTime
+        console.log(
+          `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
+        )
+      } else {
+        console.log('') //empty log for space before spinner
+        //send message to TS
+        const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
+        startSpinner(reportSpinner)
+        const snapshotResponse = await treeUpload.commonSendSnapShot(
+          messageToSend,
+          config
+        )
+
+        // poll for completion
+        await pollForSnapshotCompletion(
+          config,
+          snapshotResponse.id,
+          reportSpinner
+        )
+        succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
+
+        await vulnerabilityReportV2(config, snapshotResponse.id)
+        if (config.save !== undefined) {
+          await auditSave.auditSave(config)
+        } else {
+          console.log('\nUse contrast audit --save to generate an SBOM')
+        }
+        const endTime = performance.now() - startTime
+        const scanDurationMs = endTime - startTime
+
+        console.log(
+          `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
+        )
+      }
     } else {
-      console.log(chalk.bold(`\nMultiple language files detected \n`))
-      filesFound.forEach(file => {
-        console.log(`${Object.keys(file)[0]} : `, Object.values(file)[0])
-      })
-      throw new Error(
-        `Please use --file to audit one language only. \nExample: contrast audit --file package-lock.json`
-      )
+      if (filesFound.length === 0) {
+        console.log(i18n.__('languageAnalysisNoLanguage'))
+        console.log(i18n.__('languageAnalysisNoLanguageHelpLine'))
+        throw new Error()
+      } else {
+        console.log(chalk.bold(`\nMultiple language files detected \n`))
+        filesFound.forEach(file => {
+          console.log(`${Object.keys(file)[0]} : `, Object.values(file)[0])
+        })
+        throw new Error(
+          `Please use --file to audit one language only. \nExample: contrast audit --file package-lock.json`
+        )
+      }
     }
   }
 }

package/src/common/HTTPClient.js

@@ -6,7 +6,7 @@ const { AUTH_CALLBACK_URL } = require('../constants/constants')
 function HTTPClient(config) {
   const apiKey = config.apiKey
   const authToken = config.authorization
-  this.rejectUnauthorized = !config.ignoreCertErrors
+  this.rejectUnauthorized = !config.certSelfSigned
 
   const superApiKey = config.superApiKey
   const superAuthToken = config.superAuthorization

package/src/common/commonHelp.js

@@ -0,0 +1,43 @@
+const i18n = require('i18n')
+const chalk = require('chalk')
+
+const commonHelpLinks = () => {
+  return [
+    {
+      header: i18n.__('commonHelpHeader'),
+      content: [
+        i18n.__('commonHelpCheckOutHeader') + i18n.__('commonHelpCheckOutText'),
+        i18n.__('commonHelpLearnMoreHeader') +
+          i18n.__('commonHelpLearnMoreText'),
+        i18n.__('commonHelpJoinDiscussionHeader') +
+          i18n.__('commonHelpJoinDiscussionText')
+      ]
+    },
+    {
+      header: i18n.__('commonHelpEnterpriseHeader'),
+      content: [
+        i18n.__('commonHelpLearnMoreEnterpriseHeader') +
+          i18n.__('commonHelpLearnMoreEnterpriseText')
+      ]
+    }
+  ]
+}
+
+const postRunMessage = commandName => {
+  console.log('\n' + chalk.underline.bold('Other Features:'))
+  if (commandName !== 'scan')
+    console.log(
+      "'contrast scan' to run Contrasts’ industry leading SAST scanner"
+    )
+  if (commandName !== 'audit')
+    console.log(
+      "'contrast audit' to find vulnerabilities in your open source dependencies"
+    )
+  if (commandName !== 'lambda')
+    console.log("'contrast lambda' to secure your AWS serverless functions")
+}
+
+module.exports = {
+  commonHelpLinks,
+  postRunMessage
+}

package/src/common/{errorHandling.ts → errorHandling.js}

@@ -1,26 +1,4 @@
-import i18n from 'i18n'
-
-const handleResponseErrors = (res: any, api: string) => {
-  if (res.statusCode === 400) {
-    api === 'catalogue' ? badRequestError(true) : badRequestError(false)
-  } else if (res.statusCode === 401) {
-    unauthenticatedError()
-  } else if (res.statusCode === 403) {
-    forbiddenError()
-  } else if (res.statusCode === 407) {
-    proxyError()
-  } else {
-    if (api === 'snapshot' || api === 'catalogue') {
-      snapshotFailureError()
-    }
-    if (api === 'vulnerabilities') {
-      vulnerabilitiesFailureError()
-    }
-    if (api === 'report') {
-      reportFailureError()
-    }
-  }
-}
+const i18n = require('i18n')
 
 const libraryAnalysisError = () => {
   console.log(i18n.__('libraryAnalysisError'))
@@ -47,7 +25,7 @@ const unauthenticatedError = () => {
   generalError('unauthenticatedErrorHeader', 'unauthenticatedErrorMessage')
 }
 
-const badRequestError = (catalogue: boolean) => {
+const badRequestError = catalogue => {
   catalogue === true
     ? generalError('badRequestErrorHeader', 'badRequestCatalogueErrorMessage')
     : generalError('badRequestErrorHeader', 'badRequestErrorMessage')
@@ -70,6 +48,22 @@ const maxAppError = () => {
   process.exit(1)
 }
 
+const parametersError = () => {
+  generalError(
+    `Values not recognised`,
+    'Check your command & keys again for hidden characters.\nFor more information use contrast help.'
+  )
+  process.exit(1)
+}
+
+const invalidHostNameError = () => {
+  generalError(
+    `Invalid host`,
+    'Check that the host parameter does not include a trailing "/".'
+  )
+  process.exit(1)
+}
+
 const failOptionError = () => {
   console.log(
     '\n ******************************** ' +
@@ -86,7 +80,7 @@ const failOptionError = () => {
  * @param message message for the error
  * @returns error in general format
  */
-const getErrorMessage = (header: string, message?: string) => {
+const getErrorMessage = (header, message) => {
   // prettier-ignore
   const title = `******************************** ${i18n.__(header)} ********************************`
   const multiLine = message?.includes('\n')
@@ -102,12 +96,12 @@ const getErrorMessage = (header: string, message?: string) => {
   return `${title}${finalMessage}`
 }
 
-const generalError = (header: string, message?: string) => {
+const generalError = (header, message) => {
   const finalMessage = getErrorMessage(header, message)
   console.log(finalMessage)
 }
 
-const findCommandOnError = (unknownOptions: string[]) => {
+const findCommandOnError = unknownOptions => {
   const commandKeywords = {
     auth: 'auth',
     audit: 'audit',
@@ -117,13 +111,11 @@ const findCommandOnError = (unknownOptions: string[]) => {
   }
 
   const containsCommandKeyword = unknownOptions.some(
-    // @ts-ignore
     command => commandKeywords[command]
   )
 
   if (containsCommandKeyword) {
     const foundCommands = unknownOptions.filter(
-      // @ts-ignore
       command => commandKeywords[command]
     )
 
@@ -132,7 +124,7 @@ const findCommandOnError = (unknownOptions: string[]) => {
   }
 }
 
-export {
+module.exports = {
   genericError,
   unauthenticatedError,
   badRequestError,
@@ -141,11 +133,12 @@ export {
   failOptionError,
   generalError,
   getErrorMessage,
-  handleResponseErrors,
   libraryAnalysisError,
   findCommandOnError,
   snapshotFailureError,
   vulnerabilitiesFailureError,
   reportFailureError,
-  maxAppError
+  maxAppError,
+  parametersError,
+  invalidHostNameError
 }

package/src/common/{versionChecker.ts → versionChecker.js}

@@ -1,12 +1,11 @@
-import { APP_VERSION } from '../constants/constants'
-import boxen from 'boxen'
-import chalk from 'chalk'
-import semver from 'semver'
-import commonApi from '../utils/commonApi'
-import { constants } from 'http2'
-import { ContrastConf } from '../utils/getConfig'
+const { APP_VERSION } = require('../constants/constants')
+const boxen = require('boxen')
+const chalk = require('chalk')
+const semver = require('semver')
+const commonApi = require('../utils/commonApi')
+const { constants } = require('http2')
 
-export const getLatestVersion = async (config: ContrastConf) => {
+const getLatestVersion = async config => {
   const client = commonApi.getHttpClient(config)
   try {
     const res = await client.getLatestVersion()
@@ -18,7 +17,7 @@ export const getLatestVersion = async (config: ContrastConf) => {
   }
 }
 
-export async function findLatestCLIVersion(config: ContrastConf) {
+const findLatestCLIVersion = async config => {
   const isCI = process.env.CONTRAST_CODESEC_CI
     ? JSON.parse(process.env.CONTRAST_CODESEC_CI.toLowerCase())
     : false
@@ -65,6 +64,12 @@ export async function findLatestCLIVersion(config: ContrastConf) {
   }
 }
 
-export async function isCorrectNodeVersion(currentVersion: string) {
+const isCorrectNodeVersion = async currentVersion => {
   return semver.satisfies(currentVersion, '>=16')
 }
+
+module.exports = {
+  getLatestVersion,
+  findLatestCLIVersion,
+  isCorrectNodeVersion
+}

package/src/constants/constants.js

@@ -14,7 +14,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 // App
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.16'
+const APP_VERSION = '1.0.18'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'