@contrast/contrast 1.0.18 → 1.0.20

package/dist/audit/report/commonReportingFunctions.js

@@ -51,7 +51,7 @@ const printFormattedOutput = (config, libraries, numberOfVulnerableLibraries, nu
     const report = new ReportList();
     for (const library of libraries) {
         const { name, version } = findNameAndVersion(library, config);
-        const newOutputModel = new ReportModelStructure(new ReportCompositeKey(name, version, findHighestSeverityCVE(library.cveArray), severityCountAllCVEs(library.cveArray, new SeverityCountModel()).getTotal), library.cveArray);
+        const newOutputModel = new ReportModelStructure(new ReportCompositeKey(name, version, findHighestSeverityCVE(library.cveArray), severityCountAllCVEs(library.cveArray, new SeverityCountModel()).getTotal), library.cveArray, null);
         report.reportOutputList.push(newOutputModel);
     }
     const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(report.reportOutputList, [
@@ -120,8 +120,8 @@ function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, n
     return new ReportOutputHeaderModel(vulnMessage, introducesMessage);
 }
 function buildBody(cveArray, advice) {
-    let assignPriorityToVulns = cveArray.map(result => findCVESeverity(result));
-    const issueMessage = getIssueRow(assignPriorityToVulns);
+    const orderedCvesWithSeverityAssigned = orderByHighestPriority(cveArray.map(cve => findCVESeverity(cve)));
+    const issueMessage = getIssueRow(orderedCvesWithSeverityAssigned);
     const minOrMax = advice.maximum ? advice.maximum : advice.minimum;
     const displayAdvice = minOrMax
         ? `Change to version ${chalk.bold(minOrMax)}`
@@ -130,7 +130,6 @@ function buildBody(cveArray, advice) {
     return new ReportOutputBodyModel(issueMessage, adviceMessage);
 }
 function getIssueRow(cveArray) {
-    orderByHighestPriority(cveArray);
     const cveMessagesList = getIssueCveMsgList(cveArray);
     return [chalk.bold('Issue'), ':', `${cveMessagesList.join(', ')}`];
 }

package/dist/audit/report/models/reportListModel.js

@@ -8,9 +8,10 @@ class ReportList {
 }
 exports.ReportList = ReportList;
 class ReportModelStructure {
-    constructor(compositeKey, cveArray) {
+    constructor(compositeKey, cveArray, remediationAdvice) {
         this.compositeKey = compositeKey;
         this.cveArray = cveArray;
+        this.remediationAdvice = remediationAdvice;
     }
 }
 exports.ReportModelStructure = ReportModelStructure;

package/dist/audit/report/reportingFeature.js

@@ -80,7 +80,7 @@ async function vulnerabilityReportV2(config, reportId) {
     console.log();
     const reportResponse = await (0, commonReportingFunctions_1.getReport)(config, reportId);
     if (reportResponse !== undefined) {
-        let output = formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config, reportResponse.remediationGuidance
+        const output = formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config, reportResponse.remediationGuidance
             ? reportResponse.remediationGuidance
             : {});
         if (config.fail) {

package/dist/audit/report/utils/reportUtils.js

@@ -1,13 +1,32 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.countVulnerableLibrariesBySeverity = exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraryVulns = exports.findCVESeverity = exports.orderByHighestPriority = exports.findHighestSeverityCVE = void 0;
 const reportLibraryModel_1 = require("../models/reportLibraryModel");
 const reportSeverityModel_1 = require("../models/reportSeverityModel");
-const constants_1 = __importDefault(require("../../../constants/constants"));
-const constants_2 = require("../../../constants/constants");
+const constants_1 = __importStar(require("../../../constants/constants"));
 const lodash_1 = require("lodash");
 const severityCountModel_1 = require("../models/severityCountModel");
 const { supportedLanguages: { GO } } = constants_1.default;
@@ -16,27 +35,27 @@ function findHighestSeverityCVE(cveArray) {
     return (0, lodash_1.orderBy)(mappedToReportSeverityModels, cve => cve?.priority)[0];
 }
 exports.findHighestSeverityCVE = findHighestSeverityCVE;
-function orderByHighestPriority(cves) {
-    return (0, lodash_1.orderBy)(cves, ['priority'], ['asc']);
+function orderByHighestPriority(severityModels) {
+    return (0, lodash_1.orderBy)(severityModels, ['priority'], ['asc']);
 }
 exports.orderByHighestPriority = orderByHighestPriority;
 function findCVESeverity(cve) {
     const cveName = cve.name;
     if (cve.cvss3SeverityCode === 'CRITICAL' || cve.severityCode === 'CRITICAL') {
-        return new reportSeverityModel_1.ReportSeverityModel('CRITICAL', constants_2.CRITICAL_PRIORITY, constants_2.CRITICAL_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('CRITICAL', constants_1.CRITICAL_PRIORITY, constants_1.CRITICAL_COLOUR, cveName);
     }
     else if (cve.cvss3SeverityCode === 'HIGH' || cve.severityCode === 'HIGH') {
-        return new reportSeverityModel_1.ReportSeverityModel('HIGH', constants_2.HIGH_PRIORITY, constants_2.HIGH_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('HIGH', constants_1.HIGH_PRIORITY, constants_1.HIGH_COLOUR, cveName);
     }
     else if (cve.cvss3SeverityCode === 'MEDIUM' ||
         cve.severityCode === 'MEDIUM') {
-        return new reportSeverityModel_1.ReportSeverityModel('MEDIUM', constants_2.MEDIUM_PRIORITY, constants_2.MEDIUM_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('MEDIUM', constants_1.MEDIUM_PRIORITY, constants_1.MEDIUM_COLOUR, cveName);
     }
     else if (cve.cvss3SeverityCode === 'LOW' || cve.severityCode === 'LOW') {
-        return new reportSeverityModel_1.ReportSeverityModel('LOW', constants_2.LOW_PRIORITY, constants_2.LOW_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('LOW', constants_1.LOW_PRIORITY, constants_1.LOW_COLOUR, cveName);
     }
     else if (cve.cvss3SeverityCode === 'NOTE' || cve.severityCode === 'NOTE') {
-        return new reportSeverityModel_1.ReportSeverityModel('NOTE', constants_2.NOTE_PRIORITY, constants_2.NOTE_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('NOTE', constants_1.NOTE_PRIORITY, constants_1.NOTE_COLOUR, cveName);
     }
 }
 exports.findCVESeverity = findCVESeverity;

package/dist/cliConstants.js

@@ -185,6 +185,7 @@ const scanOptionDefinitions = [
     }
 ];
 const authOptionDefinitions = [
+    ...sharedConnectionOptionDefinitions,
     {
         name: 'help',
         alias: 'h',

package/dist/commands/audit/auditConfig.js

@@ -5,8 +5,7 @@ const paramHandler = require('../../utils/paramsUtil/paramHandler');
 const getAuditConfig = async (contrastConf, command, argv) => {
     const auditParameters = await getCommandLineArgsCustom(contrastConf, command, argv, constants.commandLineDefinitions.auditOptionDefinitions);
     const paramsAuth = paramHandler.getAuth(auditParameters);
-    const javaAgreement = paramHandler.getAgreement();
-    return { ...paramsAuth, ...auditParameters, ...javaAgreement };
+    return { ...paramsAuth, ...auditParameters };
 };
 module.exports = {
     getAuditConfig

package/dist/commands/auth/auth.js

@@ -1,21 +1,31 @@
 "use strict";
 const { v4: uuidv4 } = require('uuid');
-const { setConfigValues } = require('../../utils/getConfig');
-const open = require('open');
+const configFunctions = require('../../utils/getConfig');
 const commonApi = require('../../utils/commonApi');
-const { sleep } = require('../../utils/requestUtils');
+const requestUtils = require('../../utils/requestUtils');
 const i18n = require('i18n');
 const { returnOra, startSpinner, failSpinner, succeedSpinner } = require('../../utils/oraWrapper');
 const { TIMEOUT, AUTH_UI_URL } = require('../../constants/constants');
 const parsedCLIOptions = require('../../utils/parsedCLIOptions');
 const constants = require('../../cliConstants');
 const commandLineUsage = require('command-line-usage');
+const { commonMessageFormatter } = require('../../common/errorHandling');
+const open = require('open');
+const messages = require('../../constants/locales').en_locales();
 const processAuth = async (argv, config) => {
     let authParams = await parsedCLIOptions.getCommandLineArgsCustom(config, 'auth', argv, constants.commandLineDefinitions.authOptionDefinitions);
     if (authParams.help) {
         console.log(authUsageGuide);
         process.exit(0);
     }
+    if (checkForCustomCredentials(authParams)) {
+        processCustomCredentials(authParams, config);
+    }
+    else {
+        await startAuthProcess(config);
+    }
+};
+const startAuthProcess = async (config) => {
     const token = uuidv4();
     const url = `${AUTH_UI_URL}/?token=${token}`;
     console.log(i18n.__('redirectAuth', url));
@@ -25,9 +35,8 @@ const processAuth = async (argv, config) => {
         }, 0);
         const result = await isAuthComplete(token, TIMEOUT, config);
         if (result) {
-            setConfigValues(config, result);
+            configFunctions.setConfigValues(config, result);
         }
-        return;
     }
     finally {
     }
@@ -54,7 +63,7 @@ const isAuthComplete = async (token, timeout, config) => {
     }
 };
 const pollAuthResult = async (token, client) => {
-    await sleep(5000);
+    await requestUtils.sleep(5000);
     return client
         .pollForAuth(token)
         .then(res => {
@@ -74,6 +83,33 @@ const authUsageGuide = commandLineUsage([
         content: [i18n.__('constantsAuthUsageContents')]
     }
 ]);
+const checkForCustomCredentials = authParams => {
+    const hasSomeKeys = authParams.apiKey ||
+        authParams.organizationId ||
+        authParams.host ||
+        authParams.authorization;
+    const hasAllKeys = authParams.apiKey &&
+        authParams.organizationId &&
+        authParams.host &&
+        authParams.authorization;
+    if (hasAllKeys) {
+        return true;
+    }
+    if (hasSomeKeys) {
+        commonMessageFormatter(messages.authCommand.credentialsMissing, true);
+    }
+    return false;
+};
+const processCustomCredentials = (authParams, config) => {
+    const valuesToSet = {
+        apiKey: authParams.apiKey,
+        orgId: authParams.organizationId,
+        authHeader: authParams.authorization,
+        host: authParams.host
+    };
+    configFunctions.setConfigValues(config, valuesToSet);
+    commonMessageFormatter(messages.authCommand.credentialsAccepted, false);
+};
 module.exports = {
-    processAuth: processAuth
+    processAuth
 };

package/dist/commands/scan/sca/scaAnalysis.js

@@ -24,6 +24,7 @@ const scaUpload = require('../../../scaAnalysis/common/scaServicesUpload');
 const settingsHelper = require('../../../utils/settingsHelper');
 const chalk = require('chalk');
 const saveResults = require('../../../scan/saveResults');
+const { convertGenericToTypedReportModelSca } = require('../../../scaAnalysis/common/utils/reportUtilsSca');
 const processSca = async (config) => {
     config = await settingsHelper.getSettings(config);
     const startTime = performance.now();
@@ -102,8 +103,9 @@ const processSca = async (config) => {
                 console.log('');
                 const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
                 startSpinner(reportSpinner);
-                const [reports, reportId] = await scaUpload.scaTreeUpload(messageToSend, config);
-                auditReport.processAuditReport(config, reports[0]);
+                const { reportArray, reportId } = await scaUpload.scaTreeUpload(messageToSend, config);
+                const reportModelLibraryList = convertGenericToTypedReportModelSca(reportArray);
+                auditReport.processAuditReport(config, reportModelLibraryList);
                 succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
                 if (config.save !== undefined) {
                     await auditSave.auditSave(config, reportId);

package/dist/common/HTTPClient.js

@@ -332,18 +332,18 @@ function createSnapshotURL(config) {
     return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots`;
 }
 function createScaServiceReportURL(config, reportId) {
-    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/applications/${config.applicationId}/reports/${reportId}`;
+    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/reports/${reportId}`;
     baseUrl = config.ignoreDev ? baseUrl.concat('?nodesToInclude=PROD') : baseUrl;
     return baseUrl;
 }
 function createScaServiceReportStatusURL(config, reportId) {
-    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/${reportId}/status`;
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests/${reportId}/status`;
 }
 function createScaServiceIngestsURL(config) {
-    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests`;
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests`;
 }
 function createScaServiceIngestURL(config) {
-    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/tree`;
+    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests/tree`;
     baseUrl = config.track ? baseUrl.concat('?persist=true') : baseUrl;
     return baseUrl;
 }

package/dist/common/errorHandling.js

@@ -1,5 +1,6 @@
 "use strict";
 const i18n = require('i18n');
+const chalk = require('chalk');
 const libraryAnalysisError = () => {
     console.log(i18n.__('libraryAnalysisError'));
 };
@@ -79,6 +80,16 @@ const findCommandOnError = unknownOptions => {
         return foundCommands[0];
     }
 };
+const commonMessageFormatter = (message, fail) => {
+    console.log(chalk.bold(i18n.__(message.title)));
+    console.log(i18n.__(message.body));
+    if (message.extra) {
+        console.log(i18n.__(message.extra));
+    }
+    if (fail) {
+        process.exit(1);
+    }
+};
 module.exports = {
     genericError,
     unauthenticatedError,
@@ -95,5 +106,6 @@ module.exports = {
     reportFailureError,
     maxAppError,
     parametersError,
-    invalidHostNameError
+    invalidHostNameError,
+    commonMessageFormatter
 };

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.18';
+const APP_VERSION = '1.0.20';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';

package/dist/constants/locales.js

@@ -134,7 +134,10 @@ const en_locales = () => {
             chalk.bold('\ncontrast scan') +
             " to run Contrast's industry leading SAST scanner. \nSupports Java, JavaScript and .Net \n" +
             chalk.bold('\ncontrast audit') +
-            ' to find vulnerabilities in your open source dependencies.\nSupports Java, .NET, Node, Ruby, Python, Go and PHP \n' +
+            ' to find vulnerabilities in your open source dependencies.' +
+            '\nSupports Java, .NET, Node, Ruby, Python, Go and PHP.' +
+            '\nOur CLI runs native build tools to generate a complete dependency tree.' +
+            '\nIf you are running on untrusted code, consider running in a sandbox.\n' +
             chalk.bold('\ncontrast lambda') +
             ' to secure your AWS serverless functions. \nSupports Java and Python \n' +
             chalk.bold('\ncontrast help') +
@@ -181,7 +184,8 @@ const en_locales = () => {
         constantsAuditPrerequisitesContentSupportedLanguages: 'Supported languages and their requirements are:',
         constantsAuditPrerequisitesJavaContentMessage: `
     ${chalk.bold('Java:')} pom.xml ${chalk.bold('and')} Maven build platform including the dependency plugin. 
-    ${chalk.bold('Or')} build.gradle ${chalk.bold('and')} gradle dependencies or ./gradlew dependencies must be supported`,
+    ${chalk.bold('Or')} build.gradle ${chalk.bold('and')} gradle dependencies or ./gradlew dependencies must be supported
+    If you are running on untrusted code, consider running in a sandbox.`,
         constantsAuditPrerequisitesContentDotNetMessage: `
     ${chalk.bold('.NET framework and .NET core:')} MSBuild 15.0 or greater and a packages.lock.json file.
     Note: If the packages.lock.json file is unavailable it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj file and running dotnet build.\n`,
@@ -216,6 +220,18 @@ const en_locales = () => {
         commonHelpLearnMoreEnterpriseText: ' https://docs.contrastsecurity.com/en/run-contrast-cli.html ',
         commonHelpJoinDiscussionHeader: chalk.hex('#9DC184')('Join the discussion:'),
         commonHelpJoinDiscussionText: ' https://dev.to/codesec',
+        authCommand: {
+            credentialsAccepted: {
+                title: 'Credentials accepted',
+                body: 'Now run contrast audit, lambda or scan',
+                extra: 'Or contrast help for full list of commands'
+            },
+            credentialsMissing: {
+                title: 'Credentials missing',
+                body: 'You have not entered the right parameters or enough information',
+                extra: 'Please check and try again e.g. contrast auth --api-key yourApiKey--organization-id yourOrg --authorization yourAuth --host https://yourHost\nOr contrast help for full list of commands'
+            }
+        },
         ...lambda
     };
 };

package/dist/scaAnalysis/common/auditReport.js

@@ -1,77 +1,33 @@
 "use strict";
-const { getSeverityCounts, createSummaryMessageTop, printVulnInfo, getReportTable, getIssueRow, printNoVulnFoundMsg } = require('../../audit/report/commonReportingFunctions');
-const { orderBy } = require('lodash');
-const { assignBySeverity } = require('../../scan/formatScanOutput');
-const chalk = require('chalk');
-const { CE_URL } = require('../../constants/constants');
+const { getSeverityCounts, printNoVulnFoundMsg } = require('../../audit/report/commonReportingFunctions');
 const common = require('../../common/fail');
-const i18n = require('i18n');
-const processAuditReport = (config, results) => {
+const { printFormattedOutputSca } = require('./commonReportingFunctionsSca');
+const processAuditReport = (config, reportModelList) => {
     let severityCounts = {};
-    if (results !== undefined) {
-        severityCounts = formatScaServicesReport(config, results);
+    if (reportModelList !== undefined) {
+        severityCounts = formatScaServicesReport(config, reportModelList);
     }
     if (config.fail) {
         common.processFail(config, severityCounts);
     }
 };
-const formatScaServicesReport = (config, results) => {
-    const projectOverviewCount = getSeverityCounts(results);
+const formatScaServicesReport = (config, reportModelList) => {
+    const projectOverviewCount = getSeverityCounts(reportModelList);
     if (projectOverviewCount.total === 0) {
         printNoVulnFoundMsg();
-        return projectOverviewCount;
     }
     else {
-        let total = 0;
-        const numberOfCves = results.length;
-        const table = getReportTable();
-        let contrastHeaderNumCounter = 0;
-        let assignPriorityToResults = results.map(result => assignBySeverity(result, result));
-        const numberOfVulns = results
-            .map(result => result.vulnerabilities)
-            .reduce((a, b) => {
-            return (total += b.length);
-        }, 0);
-        const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(assignPriorityToResults, [
-            reportListItem => {
-                return reportListItem.priority;
-            },
-            reportListItem => {
-                return reportListItem.vulnerabilities.length;
+        const numberOfVulnerableLibraries = reportModelList.map(library => {
+            let count = 0;
+            if (library.vulnerabilities.length > 0) {
+                count++;
             }
-        ], ['asc', 'desc']);
-        for (const result of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
-            contrastHeaderNumCounter++;
-            const cvesNum = result.vulnerabilities.length;
-            const grammaticallyCorrectVul = result.vulnerabilities.length > 1 ? 'vulnerabilities' : 'vulnerability';
-            const headerColour = chalk.hex(result.colour);
-            const headerRow = [
-                headerColour(`CONTRAST-${contrastHeaderNumCounter.toString().padStart(3, '0')}`),
-                headerColour(`-`),
-                headerColour(`[${result.severity}] `) +
-                    headerColour.bold(`${result.artifactName}`) +
-                    ` introduces ${cvesNum} ${grammaticallyCorrectVul}`
-            ];
-            const adviceRow = [
-                chalk.bold(`Advice`),
-                chalk.bold(`:`),
-                `Change to version ${result.remediationAdvice.latestStableVersion}`
-            ];
-            let assignPriorityToVulns = result.vulnerabilities.map(result => assignBySeverity(result, result));
-            const issueRow = getIssueRow(assignPriorityToVulns);
-            table.push(headerRow, issueRow, adviceRow);
-            console.log();
-        }
-        console.log();
-        createSummaryMessageTop(numberOfCves, numberOfVulns);
-        console.log(table.toString() + '\n');
-        printVulnInfo(projectOverviewCount);
-        if (config.host !== CE_URL) {
-            console.log('\n' + chalk.bold(i18n.__('auditServicesMessageForTS')));
-            console.log(`${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs`);
-        }
-        return projectOverviewCount;
+            return count;
+        }).length;
+        let numberOfCves = reportModelList.reduce((count, current) => count + current.vulnerabilities.length, 0);
+        printFormattedOutputSca(config, reportModelList, numberOfVulnerableLibraries, numberOfCves);
     }
+    return projectOverviewCount;
 };
 module.exports = {
     formatScaServicesReport,

package/dist/scaAnalysis/common/commonReportingFunctionsSca.js

@@ -0,0 +1,154 @@
+"use strict";
+const { ReportList, ReportModelStructure, ReportCompositeKey } = require('../../audit/report/models/reportListModel');
+const { countVulnerableLibrariesBySeverity } = require('../../audit/report/utils/reportUtils');
+const { SeverityCountModel } = require('../../audit/report/models/severityCountModel');
+const { orderBy } = require('lodash');
+const { ReportOutputModel, ReportOutputHeaderModel, ReportOutputBodyModel } = require('../../audit/report/models/reportOutputModel');
+const { CE_URL, CRITICAL_COLOUR, HIGH_COLOUR, MEDIUM_COLOUR, LOW_COLOUR, NOTE_COLOUR } = require('../../constants/constants');
+const chalk = require('chalk');
+const Table = require('cli-table3');
+const { findHighestSeverityCVESca, severityCountAllCVEsSca, findCVESeveritySca, orderByHighestPrioritySca } = require('./utils/reportUtilsSca');
+const { buildFormattedHeaderNum } = require('../../audit/report/commonReportingFunctions');
+const createSummaryMessageTop = (numberOfVulnerableLibraries, numberOfCves) => {
+    numberOfVulnerableLibraries === 1
+        ? console.log(`\n\nFound 1 vulnerable library containing ${numberOfCves} CVE`)
+        : console.log(`\n\nFound ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs`);
+};
+const createSummaryMessageBottom = numberOfVulnerableLibraries => {
+    numberOfVulnerableLibraries === 1
+        ? console.log(`Found 1 vulnerability`)
+        : console.log(`Found ${numberOfVulnerableLibraries} vulnerabilities`);
+};
+const printFormattedOutputSca = (config, reportModelList, numberOfVulnerableLibraries, numberOfCves) => {
+    createSummaryMessageTop(numberOfVulnerableLibraries, numberOfCves);
+    console.log();
+    const report = new ReportList();
+    for (const library of reportModelList) {
+        const { artifactName, version, vulnerabilities, remediationAdvice } = library;
+        const newOutputModel = new ReportModelStructure(new ReportCompositeKey(artifactName, version, findHighestSeverityCVESca(vulnerabilities), severityCountAllCVEsSca(vulnerabilities, new SeverityCountModel()).getTotal), vulnerabilities, remediationAdvice);
+        report.reportOutputList.push(newOutputModel);
+    }
+    const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(report.reportOutputList, [
+        reportListItem => {
+            return reportListItem.compositeKey.highestSeverity.priority;
+        },
+        reportListItem => {
+            return reportListItem.compositeKey.numberOfSeverities;
+        }
+    ], ['asc', 'desc']);
+    let contrastHeaderNumCounter = 0;
+    for (const reportModel of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
+        contrastHeaderNumCounter++;
+        const { libraryName, libraryVersion, highestSeverity } = reportModel.compositeKey;
+        const { cveArray, remediationAdvice } = reportModel;
+        const numOfCVEs = reportModel.cveArray.length;
+        const table = getReportTable();
+        const header = buildHeader(highestSeverity, contrastHeaderNumCounter, libraryName, libraryVersion, numOfCVEs);
+        const body = buildBody(cveArray, remediationAdvice);
+        const reportOutputModel = new ReportOutputModel(header, body);
+        table.push(reportOutputModel.body.issueMessage, reportOutputModel.body.adviceMessage);
+        console.log(reportOutputModel.header.vulnMessage, reportOutputModel.header.introducesMessage);
+        console.log(table.toString() + '\n');
+    }
+    createSummaryMessageBottom(numberOfVulnerableLibraries);
+    const { criticalMessage, highMessage, mediumMessage, lowMessage, noteMessage } = buildFooter(outputOrderedByLowestSeverityAndLowestNumOfCvesFirst);
+    console.log(`${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`);
+    if (config.host !== CE_URL) {
+        console.log('\n' + chalk.bold('View your full dependency tree in Contrast:'));
+        console.log(`${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
+    }
+};
+function getReportTable() {
+    return new Table({
+        chars: {
+            top: '',
+            'top-mid': '',
+            'top-left': '',
+            'top-right': '',
+            bottom: '',
+            'bottom-mid': '',
+            'bottom-left': '',
+            'bottom-right': '',
+            left: '',
+            'left-mid': '',
+            mid: '',
+            'mid-mid': '',
+            right: '',
+            'right-mid': '',
+            middle: ' '
+        },
+        style: { 'padding-left': 0, 'padding-right': 0 },
+        colAligns: ['right'],
+        wordWrap: true,
+        colWidths: [12, 1, 100]
+    });
+}
+function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, numOfCVEs) {
+    const vulnerabilityPluralised = numOfCVEs > 1 ? 'vulnerabilities' : 'vulnerability';
+    const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum);
+    const headerColour = chalk.hex(highestSeverity.colour);
+    const headerNumAndSeverity = headerColour(`${formattedHeaderNum} - [${highestSeverity.severity}]`);
+    const libraryNameAndVersion = headerColour.bold(`${libraryName}-${version}`);
+    const vulnMessage = `${headerNumAndSeverity} ${libraryNameAndVersion}`;
+    const introducesMessage = `introduces ${numOfCVEs} ${vulnerabilityPluralised}`;
+    return new ReportOutputHeaderModel(vulnMessage, introducesMessage);
+}
+function buildBody(cveArray, advice) {
+    const orderedCvesWithSeverityAssigned = orderByHighestPrioritySca(cveArray.map(cve => findCVESeveritySca(cve)));
+    const issueMessage = getIssueRow(orderedCvesWithSeverityAssigned);
+    const adviceMessage = getAdviceRow(advice);
+    return new ReportOutputBodyModel(issueMessage, adviceMessage);
+}
+function getIssueRow(cveArray) {
+    const cveMessagesList = getIssueCveMsgList(cveArray);
+    return [chalk.bold('Issue'), ':', `${cveMessagesList.join(', ')}`];
+}
+function getAdviceRow(advice) {
+    const latestOrClosest = advice.latestStableVersion
+        ? advice.latestStableVersion
+        : advice.closestStableVersion;
+    const displayAdvice = latestOrClosest
+        ? `Change to version ${chalk.bold(latestOrClosest)}`
+        : 'No recommendation is available according to our data. Upgrade to the latest stable is the best advice we can give.';
+    return [chalk.bold(`Advice`), chalk.bold(`:`), `${displayAdvice}`];
+}
+const buildFooter = reportModelStructure => {
+    const { critical, high, medium, low, note } = countVulnerableLibrariesBySeverity(reportModelStructure);
+    const criticalMessage = chalk
+        .hex(CRITICAL_COLOUR)
+        .bold(`${critical} Critical`);
+    const highMessage = chalk.hex(HIGH_COLOUR).bold(`${high} High`);
+    const mediumMessage = chalk.hex(MEDIUM_COLOUR).bold(`${medium} Medium`);
+    const lowMessage = chalk.hex(LOW_COLOUR).bold(`${low} Low`);
+    const noteMessage = chalk.hex(NOTE_COLOUR).bold(`${note} Note`);
+    return {
+        criticalMessage,
+        highMessage,
+        mediumMessage,
+        lowMessage,
+        noteMessage
+    };
+};
+const getIssueCveMsgList = reportSeverityModels => {
+    const cveMessages = [];
+    reportSeverityModels.forEach(reportSeverityModel => {
+        const { colour, severity, name } = reportSeverityModel;
+        const severityShorthand = chalk
+            .hex(colour)
+            .bold(`[${severity.charAt(0).toUpperCase()}]`);
+        const builtMessage = severityShorthand + name;
+        cveMessages.push(builtMessage);
+    });
+    return cveMessages;
+};
+module.exports = {
+    createSummaryMessageTop,
+    createSummaryMessageBottom,
+    printFormattedOutputSca,
+    getReportTable,
+    buildHeader,
+    buildBody,
+    getIssueRow,
+    buildFormattedHeaderNum,
+    getIssueCveMsgList
+};