@contrast/contrast 1.0.17 → 1.0.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cliConstants.js +89 -112
- package/dist/commands/audit/help.js +10 -2
- package/dist/commands/scan/sca/scaAnalysis.js +1 -0
- package/dist/common/HTTPClient.js +1 -1
- package/dist/common/errorHandling.js +11 -1
- package/dist/constants/constants.js +1 -1
- package/dist/constants/locales.js +15 -89
- package/dist/scaAnalysis/java/index.js +1 -2
- package/dist/scan/autoDetection.js +15 -1
- package/dist/scan/help.js +9 -3
- package/dist/utils/commonApi.js +7 -1
- package/package.json +1 -1
- package/src/cliConstants.js +94 -119
- package/src/commands/audit/help.js +11 -2
- package/src/commands/scan/sca/scaAnalysis.js +2 -0
- package/src/common/HTTPClient.js +1 -1
- package/src/common/errorHandling.js +19 -1
- package/src/constants/constants.js +1 -1
- package/src/constants/locales.js +17 -127
- package/src/scaAnalysis/java/index.js +2 -2
- package/src/scan/autoDetection.js +21 -1
- package/src/scan/help.js +10 -3
- package/src/utils/commonApi.js +7 -1
package/dist/cliConstants.js
CHANGED
|
@@ -10,7 +10,7 @@ i18n.configure({
|
|
|
10
10
|
},
|
|
11
11
|
defaultLocale: 'en'
|
|
12
12
|
});
|
|
13
|
-
const
|
|
13
|
+
const sharedCertOptionDefinitions = [
|
|
14
14
|
{
|
|
15
15
|
name: 'proxy',
|
|
16
16
|
description: '{bold ' +
|
|
@@ -40,40 +40,48 @@ const sharedOptionDefinitions = [
|
|
|
40
40
|
i18n.__('constantsProxyCert')
|
|
41
41
|
},
|
|
42
42
|
{
|
|
43
|
-
name: '
|
|
43
|
+
name: 'cert-self-signed',
|
|
44
44
|
type: Boolean,
|
|
45
45
|
description: '{bold ' +
|
|
46
46
|
i18n.__('constantsOptional') +
|
|
47
47
|
'}:' +
|
|
48
|
-
i18n.__('
|
|
48
|
+
i18n.__('constantsCertSelfSigned')
|
|
49
49
|
}
|
|
50
50
|
];
|
|
51
|
-
const
|
|
52
|
-
...sharedOptionDefinitions,
|
|
51
|
+
const sharedConnectionOptionDefinitions = [
|
|
53
52
|
{
|
|
54
|
-
name: '
|
|
55
|
-
alias: '
|
|
53
|
+
name: 'organization-id',
|
|
54
|
+
alias: 'o',
|
|
56
55
|
description: '{bold ' +
|
|
57
|
-
i18n.__('
|
|
56
|
+
i18n.__('constantsRequiredEnterprise') +
|
|
58
57
|
'}: ' +
|
|
59
|
-
i18n.__('
|
|
58
|
+
i18n.__('constantsOrganizationId')
|
|
60
59
|
},
|
|
61
60
|
{
|
|
62
|
-
name: '
|
|
63
|
-
alias: 'l',
|
|
61
|
+
name: 'api-key',
|
|
64
62
|
description: '{bold ' +
|
|
65
|
-
i18n.__('
|
|
63
|
+
i18n.__('constantsRequiredEnterprise') +
|
|
66
64
|
'}: ' +
|
|
67
|
-
i18n.__('
|
|
65
|
+
i18n.__('constantsApiKey')
|
|
68
66
|
},
|
|
69
67
|
{
|
|
70
|
-
name: '
|
|
71
|
-
alias: 'f',
|
|
68
|
+
name: 'authorization',
|
|
72
69
|
description: '{bold ' +
|
|
73
|
-
i18n.__('
|
|
70
|
+
i18n.__('constantsRequiredEnterprise') +
|
|
74
71
|
'}: ' +
|
|
75
|
-
i18n.__('
|
|
72
|
+
i18n.__('constantsAuthorization')
|
|
76
73
|
},
|
|
74
|
+
{
|
|
75
|
+
name: 'host',
|
|
76
|
+
description: '{bold ' +
|
|
77
|
+
i18n.__('constantsRequiredEnterprise') +
|
|
78
|
+
'}: ' +
|
|
79
|
+
i18n.__('constantsHostId')
|
|
80
|
+
}
|
|
81
|
+
];
|
|
82
|
+
const scanAdvancedOptionDefinitionsForHelp = [
|
|
83
|
+
...sharedConnectionOptionDefinitions,
|
|
84
|
+
...sharedCertOptionDefinitions,
|
|
77
85
|
{
|
|
78
86
|
name: 'project-id',
|
|
79
87
|
alias: 'p',
|
|
@@ -83,49 +91,52 @@ const scanOptionDefinitions = [
|
|
|
83
91
|
i18n.__('constantsProjectId')
|
|
84
92
|
},
|
|
85
93
|
{
|
|
86
|
-
name: '
|
|
94
|
+
name: 'language',
|
|
95
|
+
alias: 'l',
|
|
87
96
|
description: '{bold ' +
|
|
88
97
|
i18n.__('constantsOptional') +
|
|
89
98
|
'}: ' +
|
|
90
|
-
i18n.__('
|
|
99
|
+
i18n.__('scanOptionsLanguageSummary')
|
|
91
100
|
},
|
|
92
101
|
{
|
|
93
|
-
name: '
|
|
94
|
-
|
|
95
|
-
type: Number,
|
|
102
|
+
name: 'ff',
|
|
103
|
+
type: Boolean,
|
|
96
104
|
description: '{bold ' +
|
|
97
105
|
i18n.__('constantsOptional') +
|
|
98
106
|
'}: ' +
|
|
99
|
-
i18n.__('
|
|
107
|
+
i18n.__('constantsDoNotWaitForScan')
|
|
100
108
|
},
|
|
101
109
|
{
|
|
102
|
-
name: '
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
},
|
|
110
|
+
name: 'label',
|
|
111
|
+
description: '{bold ' + i18n.__('constantsOptional') + '}:' + i18n.__('scanLabel')
|
|
112
|
+
}
|
|
113
|
+
];
|
|
114
|
+
const scanOptionDefinitions = [
|
|
115
|
+
...scanAdvancedOptionDefinitionsForHelp,
|
|
109
116
|
{
|
|
110
|
-
name: '
|
|
117
|
+
name: 'name',
|
|
118
|
+
alias: 'n',
|
|
111
119
|
description: '{bold ' +
|
|
112
|
-
i18n.__('
|
|
120
|
+
i18n.__('constantsOptional') +
|
|
113
121
|
'}: ' +
|
|
114
|
-
i18n.__('
|
|
122
|
+
i18n.__('constantsProjectName')
|
|
115
123
|
},
|
|
116
124
|
{
|
|
117
|
-
name: '
|
|
125
|
+
name: 'file',
|
|
126
|
+
alias: 'f',
|
|
118
127
|
description: '{bold ' +
|
|
119
|
-
i18n.__('
|
|
128
|
+
i18n.__('constantsOptional') +
|
|
120
129
|
'}: ' +
|
|
121
|
-
i18n.__('
|
|
130
|
+
i18n.__('scanOptionsFileNameSummary')
|
|
122
131
|
},
|
|
123
132
|
{
|
|
124
|
-
name: '
|
|
133
|
+
name: 'timeout',
|
|
134
|
+
alias: 't',
|
|
135
|
+
type: Number,
|
|
125
136
|
description: '{bold ' +
|
|
126
|
-
i18n.__('
|
|
137
|
+
i18n.__('constantsOptional') +
|
|
127
138
|
'}: ' +
|
|
128
|
-
i18n.__('
|
|
139
|
+
i18n.__('scanOptionsTimeoutSummary')
|
|
129
140
|
},
|
|
130
141
|
{
|
|
131
142
|
name: 'fail',
|
|
@@ -143,14 +154,6 @@ const scanOptionDefinitions = [
|
|
|
143
154
|
'}: ' +
|
|
144
155
|
i18n.__('constantsSeverity')
|
|
145
156
|
},
|
|
146
|
-
{
|
|
147
|
-
name: 'ff',
|
|
148
|
-
type: Boolean,
|
|
149
|
-
description: '{bold ' +
|
|
150
|
-
i18n.__('constantsOptional') +
|
|
151
|
-
'}: ' +
|
|
152
|
-
i18n.__('constantsDoNotWaitForScan')
|
|
153
|
-
},
|
|
154
157
|
{
|
|
155
158
|
name: 'verbose',
|
|
156
159
|
alias: 'v',
|
|
@@ -165,10 +168,6 @@ const scanOptionDefinitions = [
|
|
|
165
168
|
alias: 's',
|
|
166
169
|
description: '{bold ' + i18n.__('constantsOptional') + '}:' + i18n.__('constantsSave')
|
|
167
170
|
},
|
|
168
|
-
{
|
|
169
|
-
name: 'label',
|
|
170
|
-
description: '{bold ' + i18n.__('constantsOptional') + '}:' + i18n.__('scanLabel')
|
|
171
|
-
},
|
|
172
171
|
{
|
|
173
172
|
name: 'help',
|
|
174
173
|
alias: 'h',
|
|
@@ -183,13 +182,6 @@ const scanOptionDefinitions = [
|
|
|
183
182
|
name: 'experimental',
|
|
184
183
|
alias: 'e',
|
|
185
184
|
type: Boolean
|
|
186
|
-
},
|
|
187
|
-
{
|
|
188
|
-
name: 'application-name',
|
|
189
|
-
description: '{bold ' +
|
|
190
|
-
i18n.__('constantsOptional') +
|
|
191
|
-
'}: ' +
|
|
192
|
-
i18n.__('constantsApplicationName')
|
|
193
185
|
}
|
|
194
186
|
];
|
|
195
187
|
const authOptionDefinitions = [
|
|
@@ -213,8 +205,9 @@ const configOptionDefinitions = [
|
|
|
213
205
|
description: 'Clear the currently stored config'
|
|
214
206
|
}
|
|
215
207
|
];
|
|
216
|
-
const
|
|
217
|
-
...
|
|
208
|
+
const auditAdvancedOptionDefinitionsForHelp = [
|
|
209
|
+
...sharedConnectionOptionDefinitions,
|
|
210
|
+
...sharedCertOptionDefinitions,
|
|
218
211
|
{
|
|
219
212
|
name: 'application-id',
|
|
220
213
|
description: '{bold ' +
|
|
@@ -229,35 +222,10 @@ const auditOptionDefinitions = [
|
|
|
229
222
|
'}: ' +
|
|
230
223
|
i18n.__('constantsApplicationName')
|
|
231
224
|
},
|
|
232
|
-
{
|
|
233
|
-
name: 'file',
|
|
234
|
-
alias: 'f',
|
|
235
|
-
defaultValue: process.cwd().concat('/'),
|
|
236
|
-
description: '{bold ' +
|
|
237
|
-
i18n.__('constantsOptional') +
|
|
238
|
-
'}: ' +
|
|
239
|
-
i18n.__('constantsFilePath')
|
|
240
|
-
},
|
|
241
|
-
{
|
|
242
|
-
name: 'fail',
|
|
243
|
-
type: Boolean,
|
|
244
|
-
description: '{bold ' +
|
|
245
|
-
i18n.__('constantsOptional') +
|
|
246
|
-
'}: ' +
|
|
247
|
-
i18n.__('failOptionMessage')
|
|
248
|
-
},
|
|
249
|
-
{
|
|
250
|
-
name: 'severity',
|
|
251
|
-
type: severity => parseSeverity(severity),
|
|
252
|
-
description: '{bold ' +
|
|
253
|
-
i18n.__('constantsOptional') +
|
|
254
|
-
'}: ' +
|
|
255
|
-
i18n.__('constantsSeverity')
|
|
256
|
-
},
|
|
257
225
|
{
|
|
258
226
|
name: 'app-groups',
|
|
259
227
|
description: '{bold ' +
|
|
260
|
-
i18n.__('
|
|
228
|
+
i18n.__('constantsOptional') +
|
|
261
229
|
'}: ' +
|
|
262
230
|
i18n.__('constantsAppGroups')
|
|
263
231
|
},
|
|
@@ -284,49 +252,52 @@ const auditOptionDefinitions = [
|
|
|
284
252
|
description: '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('constantsCode')
|
|
285
253
|
},
|
|
286
254
|
{
|
|
287
|
-
name: '
|
|
288
|
-
type: Boolean,
|
|
289
|
-
alias: 'i',
|
|
255
|
+
name: 'maven-settings-path',
|
|
290
256
|
description: '{bold ' +
|
|
291
257
|
i18n.__('constantsOptional') +
|
|
292
258
|
'}: ' +
|
|
293
|
-
i18n.__('
|
|
294
|
-
}
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
{
|
|
299
|
-
name: 'fingerprint',
|
|
300
|
-
type: Boolean
|
|
301
|
-
},
|
|
259
|
+
i18n.__('constantsMavenSettingsPath')
|
|
260
|
+
}
|
|
261
|
+
];
|
|
262
|
+
const auditOptionDefinitions = [
|
|
263
|
+
...auditAdvancedOptionDefinitionsForHelp,
|
|
302
264
|
{
|
|
303
|
-
name: '
|
|
304
|
-
alias: '
|
|
265
|
+
name: 'file',
|
|
266
|
+
alias: 'f',
|
|
267
|
+
defaultValue: process.cwd().concat('/'),
|
|
305
268
|
description: '{bold ' +
|
|
306
|
-
i18n.__('
|
|
269
|
+
i18n.__('constantsOptional') +
|
|
307
270
|
'}: ' +
|
|
308
|
-
i18n.__('
|
|
271
|
+
i18n.__('constantsFilePath')
|
|
309
272
|
},
|
|
310
273
|
{
|
|
311
|
-
name: '
|
|
274
|
+
name: 'fail',
|
|
275
|
+
type: Boolean,
|
|
312
276
|
description: '{bold ' +
|
|
313
|
-
i18n.__('
|
|
277
|
+
i18n.__('constantsOptional') +
|
|
314
278
|
'}: ' +
|
|
315
|
-
i18n.__('
|
|
279
|
+
i18n.__('failOptionMessage')
|
|
316
280
|
},
|
|
317
281
|
{
|
|
318
|
-
name: '
|
|
282
|
+
name: 'severity',
|
|
283
|
+
type: severity => parseSeverity(severity),
|
|
319
284
|
description: '{bold ' +
|
|
320
|
-
i18n.__('
|
|
285
|
+
i18n.__('constantsOptional') +
|
|
321
286
|
'}: ' +
|
|
322
|
-
i18n.__('
|
|
287
|
+
i18n.__('constantsSeverity')
|
|
323
288
|
},
|
|
324
289
|
{
|
|
325
|
-
name: '
|
|
290
|
+
name: 'ignore-dev',
|
|
291
|
+
type: Boolean,
|
|
292
|
+
alias: 'i',
|
|
326
293
|
description: '{bold ' +
|
|
327
|
-
i18n.__('
|
|
294
|
+
i18n.__('constantsOptional') +
|
|
328
295
|
'}: ' +
|
|
329
|
-
i18n.__('
|
|
296
|
+
i18n.__('constantsIgnoreDev')
|
|
297
|
+
},
|
|
298
|
+
{
|
|
299
|
+
name: 'fingerprint',
|
|
300
|
+
type: Boolean
|
|
330
301
|
},
|
|
331
302
|
{
|
|
332
303
|
name: 'save',
|
|
@@ -410,6 +381,10 @@ const mainUsageGuide = commandLineUsage([
|
|
|
410
381
|
{ name: i18n.__('helpName'), summary: i18n.__('helpSummary') }
|
|
411
382
|
]
|
|
412
383
|
},
|
|
384
|
+
{
|
|
385
|
+
header: i18n.__('constantsAdvancedOptions'),
|
|
386
|
+
optionList: sharedCertOptionDefinitions
|
|
387
|
+
},
|
|
413
388
|
{
|
|
414
389
|
header: i18n.__('configHeader2'),
|
|
415
390
|
content: [
|
|
@@ -427,6 +402,8 @@ module.exports = {
|
|
|
427
402
|
scanOptionDefinitions,
|
|
428
403
|
auditOptionDefinitions,
|
|
429
404
|
authOptionDefinitions,
|
|
430
|
-
configOptionDefinitions
|
|
405
|
+
configOptionDefinitions,
|
|
406
|
+
scanAdvancedOptionDefinitionsForHelp,
|
|
407
|
+
auditAdvancedOptionDefinitionsForHelp
|
|
431
408
|
}
|
|
432
409
|
};
|
|
@@ -34,9 +34,12 @@ const auditUsageGuide = commandLineUsage([
|
|
|
34
34
|
'authorization',
|
|
35
35
|
'host',
|
|
36
36
|
'proxy',
|
|
37
|
+
'cert',
|
|
38
|
+
'cacert',
|
|
39
|
+
'key',
|
|
37
40
|
'help',
|
|
38
41
|
'ff',
|
|
39
|
-
'
|
|
42
|
+
'cert-self-signed',
|
|
40
43
|
'verbose',
|
|
41
44
|
'debug',
|
|
42
45
|
'experimental',
|
|
@@ -49,9 +52,14 @@ const auditUsageGuide = commandLineUsage([
|
|
|
49
52
|
'app-groups',
|
|
50
53
|
'metadata',
|
|
51
54
|
'track',
|
|
52
|
-
'fingerprint'
|
|
55
|
+
'fingerprint',
|
|
56
|
+
'branch'
|
|
53
57
|
]
|
|
54
58
|
},
|
|
59
|
+
{
|
|
60
|
+
header: i18n.__('constantsAdvancedOptions'),
|
|
61
|
+
optionList: constants.commandLineDefinitions.auditAdvancedOptionDefinitionsForHelp
|
|
62
|
+
},
|
|
55
63
|
commonHelpLinks()[0],
|
|
56
64
|
commonHelpLinks()[1]
|
|
57
65
|
]);
|
|
@@ -46,6 +46,7 @@ const processSca = async (config) => {
|
|
|
46
46
|
}
|
|
47
47
|
else {
|
|
48
48
|
filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
|
|
49
|
+
autoDetection.dealWithMultiJava(filesFound);
|
|
49
50
|
if (filesFound.length > 1 && pathWithFile) {
|
|
50
51
|
filesFound = filesFound.filter(i => Object.values(i)[0].includes(path.basename(config.fileName)));
|
|
51
52
|
}
|
|
@@ -6,7 +6,7 @@ const { AUTH_CALLBACK_URL } = require('../constants/constants');
|
|
|
6
6
|
function HTTPClient(config) {
|
|
7
7
|
const apiKey = config.apiKey;
|
|
8
8
|
const authToken = config.authorization;
|
|
9
|
-
this.rejectUnauthorized = !config.
|
|
9
|
+
this.rejectUnauthorized = !config.certSelfSigned;
|
|
10
10
|
const superApiKey = config.superApiKey;
|
|
11
11
|
const superAuthToken = config.superAuthorization;
|
|
12
12
|
this.requestOptions = {
|
|
@@ -35,6 +35,14 @@ const maxAppError = () => {
|
|
|
35
35
|
generalError('No applications remaining', 'You have reached the maximum number of application you can create.');
|
|
36
36
|
process.exit(1);
|
|
37
37
|
};
|
|
38
|
+
const parametersError = () => {
|
|
39
|
+
generalError(`Values not recognised`, 'Check your command & keys again for hidden characters.\nFor more information use contrast help.');
|
|
40
|
+
process.exit(1);
|
|
41
|
+
};
|
|
42
|
+
const invalidHostNameError = () => {
|
|
43
|
+
generalError(`Invalid host`, 'Check that the host parameter does not include a trailing "/".');
|
|
44
|
+
process.exit(1);
|
|
45
|
+
};
|
|
38
46
|
const failOptionError = () => {
|
|
39
47
|
console.log('\n ******************************** ' +
|
|
40
48
|
i18n.__('snapshotFailureHeader') +
|
|
@@ -85,5 +93,7 @@ module.exports = {
|
|
|
85
93
|
snapshotFailureError,
|
|
86
94
|
vulnerabilitiesFailureError,
|
|
87
95
|
reportFailureError,
|
|
88
|
-
maxAppError
|
|
96
|
+
maxAppError,
|
|
97
|
+
parametersError,
|
|
98
|
+
invalidHostNameError
|
|
89
99
|
};
|
|
@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
|
|
|
12
12
|
const HIGH = 'HIGH';
|
|
13
13
|
const CRITICAL = 'CRITICAL';
|
|
14
14
|
const APP_NAME = 'contrast';
|
|
15
|
-
const APP_VERSION = '1.0.
|
|
15
|
+
const APP_VERSION = '1.0.18';
|
|
16
16
|
const TIMEOUT = 120000;
|
|
17
17
|
const HIGH_COLOUR = '#ff9900';
|
|
18
18
|
const CRITICAL_COLOUR = '#e35858';
|
|
@@ -3,19 +3,11 @@ const { lambda } = require('./lambda');
|
|
|
3
3
|
const chalk = require('chalk');
|
|
4
4
|
const en_locales = () => {
|
|
5
5
|
return {
|
|
6
|
-
successHeader: 'SUCCESS',
|
|
7
|
-
snapshotSuccessMessage: 'Please go to the Contrast UI to view your dependency tree.',
|
|
8
6
|
snapshotFailureHeader: 'FAIL',
|
|
9
7
|
snapshotFailureMessage: 'Library analysis failed',
|
|
10
|
-
snapshotHostMessage: "No host supplied. Using default host 'app.contrastsecurity.com'. Please ensure this is correct.",
|
|
11
|
-
vulnerabilitiesSuccessMessage: 'Vulnerability data successfully retrieved',
|
|
12
8
|
vulnerabilitiesFailureMessage: 'Unable to retrieve library vulnerabilities',
|
|
13
|
-
catchErrorMessage: 'Contrast UI error: ',
|
|
14
9
|
dependenciesNote: 'Please Note: We currently only support projects with one .csproj AND *.package.lock.json',
|
|
15
|
-
languageAnalysisFailureMessage: 'SCA audit Failure',
|
|
16
|
-
languageAnalysisFactoryFailureHeader: 'FAIL',
|
|
17
10
|
libraryAnalysisError: 'Please ensure the language parameter is set in accordance to the language specified on the project path.\nContrast CLI must be run in the same directory as the project manifest file OR the project_path parameter must be used to identify the directory containing the project manifest file.\n\nFor further information please read our usage guide, which can be accessed with the following command:\n\ncontrast-cli --help',
|
|
18
|
-
yamlMissingParametersHeader: 'Missing Parameters',
|
|
19
11
|
genericErrorMessage: 'An error has occur please check your command again. For more information use the --help commands.',
|
|
20
12
|
unauthenticatedErrorHeader: '401 error - Unauthenticated',
|
|
21
13
|
unauthenticatedErrorMessage: 'Please check the following keys are correct:\n--organization-id, --api-key or --authorization',
|
|
@@ -26,87 +18,47 @@ const en_locales = () => {
|
|
|
26
18
|
forbiddenRequestErrorMessage: 'You do not have permission to access this server.',
|
|
27
19
|
proxyErrorHeader: '407 error - Proxy Authentication Required',
|
|
28
20
|
proxyErrorMessage: 'Please provide valid authentication credentials for the proxy server.',
|
|
29
|
-
catalogueSuccessCommand: 'Application Created',
|
|
30
|
-
dotnetAnalysisFailure: '.NET analysis failed because: ',
|
|
31
|
-
dotnetReadLockfile: 'Failed to read the lock file @ %s because: ',
|
|
32
|
-
dotnetParseLockfile: "Failed to parse .NET lock file @ '%s' because: ",
|
|
33
|
-
dotnetParseProjectFile: "Failed to parse MSBuild project file @ '%s' because: ",
|
|
34
|
-
dotnetReadProjectFile: 'Failed to read the project file @ "%s" because: ',
|
|
35
|
-
javaAnalysisError: 'JAVA analysis failed because: ',
|
|
36
21
|
javaParseProjectFile: 'Failed to parse mvn output because: ',
|
|
37
|
-
languageAnalysisMultipleLanguages1: 'Identified multiple languages for the project\n',
|
|
38
|
-
languageAnalysisMultipleLanguages2: 'Please specify which project file you would like analyzed with the %s CLI option.',
|
|
39
|
-
languageAnalysisProjectFiles: "Identified project language as '%s' but found multiple project files: %s. Please specify which project file you would like analyzed with the %s CLI option.",
|
|
40
22
|
languageAnalysisHasNoLockFile: "Identified project language as '%s' but no project lock file was found.",
|
|
41
23
|
languageAnalysisHasNoPackageJsonFile: 'Identified project language as javascript but no package.json file was found.',
|
|
42
24
|
languageAnalysisHasMultipleLockFiles: "Identified project language as '%s' but multiple project lock files were found.",
|
|
43
25
|
languageAnalysisProjectFileError: "Identified project language as '%s' but no project file was found.",
|
|
44
|
-
languageAnalysisProjectRootFileNameReadError: 'Failed to read the contents of the directory @ %s because: ',
|
|
45
|
-
languageAnalysisProjectRootFileNameMissingError: "%s isn't a file or directory",
|
|
46
26
|
languageAnalysisProjectRootFileNameFailure: 'Failed to get information about the file or directory @ %s because: ',
|
|
47
|
-
languageAnalysisFailure: ' analysis failed because: ',
|
|
48
27
|
languageAnalysisNoLanguage: 'We cannot detect a project, use -f <path> to specify a file or folder to analyze.',
|
|
49
28
|
languageAnalysisNoLanguageHelpLine: `${chalk.bold('contrast audit --help')} for more information.`,
|
|
50
|
-
NodeAnalysisFailure: 'NODE analysis failed because: ',
|
|
51
|
-
phpAnalysisFailure: 'PHP analysis failed because: ',
|
|
52
29
|
NodeParseNPM: 'Failed to parse NODE package-lock.json file because: ',
|
|
53
30
|
phpParseComposerLock: "Failed to parse PHP composer.lock file @ '%s' because: ",
|
|
54
|
-
NodeReadNpmError: 'Failed to read the package-lock.json file @ "%s" because: ',
|
|
55
|
-
phpReadError: 'Failed to read the composer.lock file @ "%s" because: ',
|
|
56
31
|
NodeParseYarn: 'Failed to parse yarn.lock version %s because: ',
|
|
57
32
|
NodeParseYarn2: "Failed to parse Node yarn.lock version 2 @ '%s' because: ",
|
|
58
|
-
nodeReadProjectFileError: 'Failed to read the NODE project file @ "%s" because: ',
|
|
59
|
-
phpReadProjectFileError: 'Failed to read the PHP project file @ "%s" because: ',
|
|
60
33
|
nodeReadYarnLockFileError: 'Failed to read the yarn.lock file @ "%s" because: ',
|
|
61
|
-
pythonAnalysisEngineError: 'Python analysis failed because: ',
|
|
62
|
-
pythonAnalysisEnginePipError: "Failed to parse python Pipfile.lock file @ '%s' because: ",
|
|
63
|
-
pythonAnalysisParseProjectFileError: 'Failed to parse python output "%s" because: ',
|
|
64
|
-
pythonAnalysisReadPipFileError: 'Failed to read the python Pipfile.lock file @ "%s" because: ',
|
|
65
|
-
pythonAnalysisReadPythonProjectFileError: 'Failed to read the python pipfile @ "%s" because: ',
|
|
66
|
-
rubyAnalysisEngineError: 'Ruby analysis failed because: ',
|
|
67
|
-
rubyAnalysisEngineParsedGemFileError: 'Failed to parse ruby output "%s" because: ',
|
|
68
|
-
rubyAnalysisEngineParsedGemLockFileError: 'Failed to parse ruby Gemfile.lock output because: ',
|
|
69
|
-
rubyAnalysisEngineReadGemFileError: 'Failed to read the ruby project file @ "%s" because: ',
|
|
70
|
-
rubyAnalysisEngineReadGemLockFileError: 'Failed to read the ruby Gemfile.lock @ "%s" because: ',
|
|
71
34
|
constantsOptional: '(optional)',
|
|
72
|
-
constantsOptionalForCatalogue: '(optional for catalogue)',
|
|
73
35
|
constantsRequired: '(required)',
|
|
74
|
-
|
|
36
|
+
constantsRequiredEnterprise: '(required for Contrast Enterprise)',
|
|
75
37
|
constantsApiKey: 'An agent API key as provided by Contrast UI',
|
|
76
|
-
constantsAuthorization: '
|
|
77
|
-
constantsOrganizationId: 'The ID of your organization',
|
|
78
|
-
constantsApplicationId: 'The ID of the application
|
|
79
|
-
constantsHostId: '
|
|
80
|
-
constantsApplicationName: 'The name of the application
|
|
81
|
-
constantsCatalogueApplication: 'Provide this if you want to catalogue an application',
|
|
38
|
+
constantsAuthorization: 'An authorization header as provided by Contrast UI',
|
|
39
|
+
constantsOrganizationId: 'The ID of your organization as provided by Contrast UI',
|
|
40
|
+
constantsApplicationId: 'The ID of the application as provided by Contrast UI',
|
|
41
|
+
constantsHostId: 'host name e.g. https://app.contrastsecurity.com',
|
|
42
|
+
constantsApplicationName: 'The name of the application as provided by Contrast UI',
|
|
82
43
|
failOptionErrorMessage: ' FAIL - CVEs have been detected that match at least the cve_severity option specified.',
|
|
83
44
|
failOptionMessage: ' Use with contrast scan or contrast audit. Detects failures based on the severity level specified with the --severity command. For example, "contrast scan --fail --severity high". Returns all failures if no severity level is specified.',
|
|
84
|
-
constantsLanguage: 'Valid values are JAVA, DOTNET, NODE, PYTHON and RUBY. If there are multiple project configuration files in the project_path, language is also required. Also, provide this when cataloguing an application',
|
|
85
45
|
constantsFilePath: `Specify a directory or the file where dependencies are declared. (By default, CodeSec will search for project files in the current directory.)`,
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
constantsVersion: 'Displays CLI Version you are currently on.',
|
|
89
|
-
constantsProxyServer: 'Allows for connection via a proxy server. If authentication is required please provide the username and password with the protocol, host and port. For instance: "http://username:password@<host>:<port>".',
|
|
90
|
-
constantsHelp: 'Display this usage guide.',
|
|
46
|
+
constantsAppGroups: 'Assign your application to one or more pre-existing groups when on boarding an application. Group lists should be comma separated.',
|
|
47
|
+
constantsProxyServer: 'Allows for connection via a proxy server. If authentication is required please provide the username and password with the protocol, host and port. For instance: "https://username:password@<host>:<port>".',
|
|
91
48
|
constantsGradleMultiProject: 'Specify the sub project within your gradle application.',
|
|
92
|
-
|
|
93
|
-
constantsDoNotWaitForScan: 'Do not wait for the result of the scan',
|
|
49
|
+
constantsDoNotWaitForScan: 'Fire and forget. Do not wait for the result of the scan.',
|
|
94
50
|
constantsProjectName: 'Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.',
|
|
95
51
|
constantsProjectId: 'The ID associated with a scan project. Replace <ProjectID> with the ID for the scan project. To find the ID, select a scan project in Contrast and locate the last number in the URL.',
|
|
96
|
-
constantsReport: 'Display vulnerability information for this application',
|
|
97
|
-
constantsFail: 'Set the process to fail if this option is set in combination with --cve_severity.',
|
|
98
52
|
failThresholdOptionErrorMessage: 'More than 0 vulnerabilities found',
|
|
99
53
|
failSeverityOptionErrorMessage: ' FAIL - Results detected vulnerabilities over accepted severity level',
|
|
100
54
|
constantsSeverity: 'Use with "contrast scan --fail --severity high" or "contrast audit --fail --severity high". Set the severity level to detect vulnerabilities or dependencies. Severity levels are critical, high, medium, low or note.',
|
|
101
|
-
|
|
102
|
-
constantsHeader: 'CodeSec by Contrast Security',
|
|
55
|
+
constantsHeader: 'Contrast CLI',
|
|
103
56
|
configHeader2: 'Config options',
|
|
104
57
|
clearHeader: '-c, --clear',
|
|
105
58
|
clearContent: 'Removes stored credentials',
|
|
106
59
|
constantsPrerequisitesContentScanLanguages: 'Java, Javascript and .NET supported',
|
|
107
60
|
constantsContrastContent: 'Use the ‘contrast’ command for fast and accurate security analysis of your applications, APIs, serverless functions, and libraries.',
|
|
108
61
|
constantsContrastCategories: '\n Code: Java, .NET, .NET Core, JavaScript\n Serverless: AWS Lambda - Java, Python\n Libraries: Java, .NET, Node, Ruby, Python, Go, PHP\n',
|
|
109
|
-
constantsUsageGuideContentRecommendation: 'Our recommendation is that this is invoked as part of a CI pipeline so that running the cli is automated as part of your build process.',
|
|
110
62
|
constantsPrerequisitesHeader: 'Pre-requisites',
|
|
111
63
|
constantsAuthUsageHeader: 'Usage',
|
|
112
64
|
constantsAuthUsageContents: 'contrast auth',
|
|
@@ -120,21 +72,8 @@ const en_locales = () => {
|
|
|
120
72
|
constantsUsageCommandExample: 'contrast [command] [options]',
|
|
121
73
|
constantsUsageCommandInfo: 'The file argument is optional. If no file is given, Contrast will search for a .jar, .war, .exe or .zip file in the working directory.\n',
|
|
122
74
|
constantsUsageCommandInfo24Hours: 'Submitted files are encrypted during upload and deleted in 24 hours.',
|
|
123
|
-
constantsAnd: 'AND',
|
|
124
|
-
constantsJava: 'AND Maven build platform, including the dependency plugin. For a Gradle project, use build.gradle. A gradle-wrapper.properties file is also required. Kotlin is also supported requiring a build.gradle.kts file.',
|
|
125
|
-
constantsJavaNote: 'Note: Running "mvn dependency:tree" or "./gradlew dependencies" in the project directory locally must be successful.',
|
|
126
|
-
constantsJavaNoteGradle: 'We currently support v4.8 and upwards on Gradle projects',
|
|
127
|
-
constantsDotNet: 'MSBuild 15.0 or greater and have a packages.lock.json file are supported.',
|
|
128
|
-
constantsDotNetNote: 'Please Note: If the packages.lock.json file is not in place it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj and running dotnet build',
|
|
129
|
-
constantsNode: '%s AND a lock file either %s or %s',
|
|
130
|
-
constantsRuby: 'gemfile AND gemfile.lock',
|
|
131
|
-
constantsPython: 'pipfile AND pipfile.lock',
|
|
132
|
-
constantsHowToRunHeader: 'How to run:',
|
|
133
|
-
constantsHowToRunDev1: 'Begin with contrast auth to authenticate the CLI to perform actions',
|
|
134
|
-
constantsHowToRunDev2: 'After successful auth try the following command: contrast scan -f "<file>"',
|
|
135
75
|
constantsHowToRunDev3: 'Allowable languages are java (.jar and .war) and javascript (.js or .zip), if the language is not autodetected please use --language to specify',
|
|
136
76
|
constantsOptions: 'Options',
|
|
137
|
-
constantsSpecialCharacterWarning: 'Please Note: Parameters may need to be quoted to avoid issues with special characters.',
|
|
138
77
|
constantsProxyKey: 'Path to the Certificate Key',
|
|
139
78
|
constantsProxyCert: 'Path to the Cert file',
|
|
140
79
|
constantsProxyCaCert: 'Path to the CaCert file',
|
|
@@ -145,13 +84,14 @@ const en_locales = () => {
|
|
|
145
84
|
constantsMetadata: 'Define a set of key=value pairs (which conforms to RFC 2253) for specifying user-defined metadata associated with the application.',
|
|
146
85
|
constantsTags: 'Apply labels to an application. Labels must be formatted as a comma-delimited list. Example - label1,label2,label3',
|
|
147
86
|
constantsCode: 'Add the application code this application should use in the Contrast UI',
|
|
148
|
-
|
|
87
|
+
constantsMavenSettingsPath: 'Path to maven settings',
|
|
88
|
+
constantsCertSelfSigned: 'For EOP users with a local Teamserver install, this will bypass the SSL certificate and recognise a self signed certificate.',
|
|
149
89
|
constantsSave: 'Saves the Scan Results SARIF to file.',
|
|
150
90
|
scanLabel: "adds a label to the scan - defaults to 'Started by CLI tool at current date'",
|
|
151
91
|
constantsIgnoreDev: 'Excludes developer dependencies from the results. All dependencies are included by default.',
|
|
152
92
|
constantsCommands: 'Commands',
|
|
153
93
|
constantsScanOptions: 'Scan Options',
|
|
154
|
-
|
|
94
|
+
constantsAdvancedOptions: 'Advanced',
|
|
155
95
|
foundExistingProjectScan: 'Found existing project...',
|
|
156
96
|
projectCreatedScan: 'Project created',
|
|
157
97
|
uploadingScan: 'Uploading file to scan.',
|
|
@@ -182,8 +122,6 @@ const en_locales = () => {
|
|
|
182
122
|
configName: 'config',
|
|
183
123
|
helpName: 'help',
|
|
184
124
|
scanOptionsLanguageSummary: 'Valid values are JAVA, JAVASCRIPT and DOTNET',
|
|
185
|
-
scanOptionsLanguageSummaryOptional: 'Language of file to send for analysis. ',
|
|
186
|
-
scanOptionsLanguageSummaryRequired: 'If you scan a .zip file or you use the --file option.',
|
|
187
125
|
scanOptionsTimeoutSummary: 'Time in seconds to wait for scan to complete. Default value is 300 seconds.',
|
|
188
126
|
scanOptionsFileNameSummary: 'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .exe or .zip file in the working directory.',
|
|
189
127
|
scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
|
|
@@ -203,12 +141,8 @@ const en_locales = () => {
|
|
|
203
141
|
' to learn more about the capabilities.',
|
|
204
142
|
authWaitingMessage: 'Waiting for auth...',
|
|
205
143
|
authTimedOutMessage: 'Auth Timed out, try again',
|
|
206
|
-
zipErrorScan: 'We only support zip files for JAVASCRIPT language, please set the flag --language JAVASCRIPT',
|
|
207
|
-
unknownFileErrorScan: 'Unsupported file selected for Scan.',
|
|
208
144
|
foundScanFile: 'Found: %s',
|
|
209
145
|
foundDetailedVulnerabilities: chalk.bold('%s') + ' | ' + chalk.bold('%s') + ' | %s | %s | %s ',
|
|
210
|
-
requiredParams: 'All required parameters are not present.',
|
|
211
|
-
timeoutScan: 'Timeout set to 5 minutes.',
|
|
212
146
|
searchingScanFileDirectory: 'Searching for file to scan from %s...',
|
|
213
147
|
searchingAuditFileDirectory: 'Searching for package manager files from %s...',
|
|
214
148
|
scanHeader: 'Contrast Scan CLI',
|
|
@@ -216,11 +150,9 @@ const en_locales = () => {
|
|
|
216
150
|
lambdaHeader: 'Contrast Lambda CLI',
|
|
217
151
|
lambdaSummary: 'Performs static security scan on an AWS Lambda Function.\nProduces CVE (Vulnerable Dependencies) and Least Privilege violations/remediation results.',
|
|
218
152
|
lambdaUsage: 'contrast lambda --function-name <function> [options]',
|
|
219
|
-
lambdaPrerequisitesContent: '',
|
|
220
153
|
lambdaPrerequisitesContentLambdaLanguages: 'Supported runtimes: Java & Python',
|
|
221
154
|
lambdaPrerequisitesContentLambdaDescriptionTitle: 'AWS Requirements\n',
|
|
222
155
|
lambdaPrerequisitesContentLambdaDescription: 'Make sure you have the AWS credentials configured on your local environment. \nYou need the following AWS permissions configured on your IAM user:\n - Lambda: GetFunction, GetLayerVersion, ListFunctions\n - IAM: GetRolePolicy, GetPolicy, GetPolicyVersion, ListRolePolicies, ListAttachedRolePolicies',
|
|
223
|
-
scanFileNameOption: '-f, --file',
|
|
224
156
|
lambdaFunctionNameOption: '-f, --function-name',
|
|
225
157
|
lambdaListFunctionsOption: '-l, --list-functions',
|
|
226
158
|
lambdaEndpointOption: '-e, --endpoint-url',
|
|
@@ -238,11 +170,9 @@ const en_locales = () => {
|
|
|
238
170
|
lambdaVerbosSummery: 'Returns extended information to the terminal.',
|
|
239
171
|
configNotFound: 'Configuration details not found. Try authenticating by using ‘contrast auth’.',
|
|
240
172
|
redirectAuth: '\nOpening the authentication page in your web browser.\nSign in and complete the steps.\nReturn here to start using Contrast.\n\nIf your browser has trouble loading, try this:\n%s \n',
|
|
241
|
-
scanZipError: 'A .zip archive can be used for Javascript Scan. Archive found %s does not contain .JS files for Scan.',
|
|
242
173
|
fileNotExist: 'File specified does not exist, please check and try again.',
|
|
243
174
|
scanFileIsEmpty: 'File specified is empty. Please choose another.',
|
|
244
175
|
fileHasWhiteSpacesError: 'File cannot have spaces, please rename or choose another file to Scan.',
|
|
245
|
-
zipFileException: 'Error reading zip file',
|
|
246
176
|
connectionError: 'An error has occurred when trying to get the Project Id please check your internet connection or provide the Project Id manually',
|
|
247
177
|
internalServerErrorHeader: '500 error - Internal server error',
|
|
248
178
|
resourceLockedErrorHeader: '423 error - Resource is locked',
|
|
@@ -271,17 +201,13 @@ const en_locales = () => {
|
|
|
271
201
|
scanNoVulnerabilitiesFoundGoodWork: ' Keep up the good work.',
|
|
272
202
|
scanNoFiletypeSpecifiedForSave: 'Please specify file type to save results to, accepted value is SARIF',
|
|
273
203
|
auditSBOMSaveSuccess: '\n Software Bill of Materials (SBOM) saved successfully',
|
|
274
|
-
auditNoFiletypeSpecifiedForSave: `\n ${chalk.yellow.bold('No file type specified for --save option to save audit results to. Use audit --help to see valid --save options.')}`,
|
|
275
204
|
auditBadFiletypeSpecifiedForSave: `\n ${chalk.yellow.bold('Bad file type specified for --save option. Use audit --help to see valid --save options.')}`,
|
|
276
205
|
auditServicesMessageForTS: 'View your vulnerable library list or full dependency tree in Contrast:',
|
|
277
|
-
auditReportWaiting: 'Waiting for report...',
|
|
278
|
-
auditReportFail: 'Report Retrieval Failed, please try again',
|
|
279
|
-
auditReportSuccessMessage: 'Report successfully retrieved',
|
|
280
206
|
auditReportFailureMessage: 'Unable to generate library report',
|
|
281
207
|
auditSCAAnalysisBegins: 'Contrast SCA audit started',
|
|
282
208
|
auditSCAAnalysisComplete: 'Contrast audit complete',
|
|
283
|
-
commonHelpHeader: 'Need More Help?',
|
|
284
|
-
commonHelpEnterpriseHeader: 'Existing Contrast user?',
|
|
209
|
+
commonHelpHeader: 'Need More Help? NEW users',
|
|
210
|
+
commonHelpEnterpriseHeader: 'Existing Contrast Licensed user?',
|
|
285
211
|
commonHelpCheckOutHeader: chalk.hex('#9DC184')('Check out:'),
|
|
286
212
|
commonHelpCheckOutText: ' https://support.contrastsecurity.com',
|
|
287
213
|
commonHelpLearnMoreHeader: chalk.hex('#9DC184')('Learn more at:'),
|