@contrast/contrast 1.0.19 → 1.0.20

package/dist/audit/report/commonReportingFunctions.js

@@ -51,7 +51,7 @@ const printFormattedOutput = (config, libraries, numberOfVulnerableLibraries, nu
     const report = new ReportList();
     for (const library of libraries) {
         const { name, version } = findNameAndVersion(library, config);
-        const newOutputModel = new ReportModelStructure(new ReportCompositeKey(name, version, findHighestSeverityCVE(library.cveArray), severityCountAllCVEs(library.cveArray, new SeverityCountModel()).getTotal), library.cveArray);
+        const newOutputModel = new ReportModelStructure(new ReportCompositeKey(name, version, findHighestSeverityCVE(library.cveArray), severityCountAllCVEs(library.cveArray, new SeverityCountModel()).getTotal), library.cveArray, null);
         report.reportOutputList.push(newOutputModel);
     }
     const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(report.reportOutputList, [
@@ -120,8 +120,8 @@ function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, n
     return new ReportOutputHeaderModel(vulnMessage, introducesMessage);
 }
 function buildBody(cveArray, advice) {
-    let assignPriorityToVulns = cveArray.map(result => findCVESeverity(result));
-    const issueMessage = getIssueRow(assignPriorityToVulns);
+    const orderedCvesWithSeverityAssigned = orderByHighestPriority(cveArray.map(cve => findCVESeverity(cve)));
+    const issueMessage = getIssueRow(orderedCvesWithSeverityAssigned);
     const minOrMax = advice.maximum ? advice.maximum : advice.minimum;
     const displayAdvice = minOrMax
         ? `Change to version ${chalk.bold(minOrMax)}`
@@ -130,7 +130,6 @@ function buildBody(cveArray, advice) {
     return new ReportOutputBodyModel(issueMessage, adviceMessage);
 }
 function getIssueRow(cveArray) {
-    orderByHighestPriority(cveArray);
     const cveMessagesList = getIssueCveMsgList(cveArray);
     return [chalk.bold('Issue'), ':', `${cveMessagesList.join(', ')}`];
 }

package/dist/audit/report/models/reportListModel.js

@@ -8,9 +8,10 @@ class ReportList {
 }
 exports.ReportList = ReportList;
 class ReportModelStructure {
-    constructor(compositeKey, cveArray) {
+    constructor(compositeKey, cveArray, remediationAdvice) {
         this.compositeKey = compositeKey;
         this.cveArray = cveArray;
+        this.remediationAdvice = remediationAdvice;
     }
 }
 exports.ReportModelStructure = ReportModelStructure;

package/dist/audit/report/reportingFeature.js

@@ -80,7 +80,7 @@ async function vulnerabilityReportV2(config, reportId) {
     console.log();
     const reportResponse = await (0, commonReportingFunctions_1.getReport)(config, reportId);
     if (reportResponse !== undefined) {
-        let output = formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config, reportResponse.remediationGuidance
+        const output = formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config, reportResponse.remediationGuidance
             ? reportResponse.remediationGuidance
             : {});
         if (config.fail) {

package/dist/audit/report/utils/reportUtils.js

@@ -1,13 +1,32 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.countVulnerableLibrariesBySeverity = exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraryVulns = exports.findCVESeverity = exports.orderByHighestPriority = exports.findHighestSeverityCVE = void 0;
 const reportLibraryModel_1 = require("../models/reportLibraryModel");
 const reportSeverityModel_1 = require("../models/reportSeverityModel");
-const constants_1 = __importDefault(require("../../../constants/constants"));
-const constants_2 = require("../../../constants/constants");
+const constants_1 = __importStar(require("../../../constants/constants"));
 const lodash_1 = require("lodash");
 const severityCountModel_1 = require("../models/severityCountModel");
 const { supportedLanguages: { GO } } = constants_1.default;
@@ -16,27 +35,27 @@ function findHighestSeverityCVE(cveArray) {
     return (0, lodash_1.orderBy)(mappedToReportSeverityModels, cve => cve?.priority)[0];
 }
 exports.findHighestSeverityCVE = findHighestSeverityCVE;
-function orderByHighestPriority(cves) {
-    return (0, lodash_1.orderBy)(cves, ['priority'], ['asc']);
+function orderByHighestPriority(severityModels) {
+    return (0, lodash_1.orderBy)(severityModels, ['priority'], ['asc']);
 }
 exports.orderByHighestPriority = orderByHighestPriority;
 function findCVESeverity(cve) {
     const cveName = cve.name;
     if (cve.cvss3SeverityCode === 'CRITICAL' || cve.severityCode === 'CRITICAL') {
-        return new reportSeverityModel_1.ReportSeverityModel('CRITICAL', constants_2.CRITICAL_PRIORITY, constants_2.CRITICAL_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('CRITICAL', constants_1.CRITICAL_PRIORITY, constants_1.CRITICAL_COLOUR, cveName);
     }
     else if (cve.cvss3SeverityCode === 'HIGH' || cve.severityCode === 'HIGH') {
-        return new reportSeverityModel_1.ReportSeverityModel('HIGH', constants_2.HIGH_PRIORITY, constants_2.HIGH_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('HIGH', constants_1.HIGH_PRIORITY, constants_1.HIGH_COLOUR, cveName);
     }
     else if (cve.cvss3SeverityCode === 'MEDIUM' ||
         cve.severityCode === 'MEDIUM') {
-        return new reportSeverityModel_1.ReportSeverityModel('MEDIUM', constants_2.MEDIUM_PRIORITY, constants_2.MEDIUM_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('MEDIUM', constants_1.MEDIUM_PRIORITY, constants_1.MEDIUM_COLOUR, cveName);
     }
     else if (cve.cvss3SeverityCode === 'LOW' || cve.severityCode === 'LOW') {
-        return new reportSeverityModel_1.ReportSeverityModel('LOW', constants_2.LOW_PRIORITY, constants_2.LOW_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('LOW', constants_1.LOW_PRIORITY, constants_1.LOW_COLOUR, cveName);
     }
     else if (cve.cvss3SeverityCode === 'NOTE' || cve.severityCode === 'NOTE') {
-        return new reportSeverityModel_1.ReportSeverityModel('NOTE', constants_2.NOTE_PRIORITY, constants_2.NOTE_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('NOTE', constants_1.NOTE_PRIORITY, constants_1.NOTE_COLOUR, cveName);
     }
 }
 exports.findCVESeverity = findCVESeverity;

package/dist/commands/audit/auditConfig.js

@@ -5,8 +5,7 @@ const paramHandler = require('../../utils/paramsUtil/paramHandler');
 const getAuditConfig = async (contrastConf, command, argv) => {
     const auditParameters = await getCommandLineArgsCustom(contrastConf, command, argv, constants.commandLineDefinitions.auditOptionDefinitions);
     const paramsAuth = paramHandler.getAuth(auditParameters);
-    const javaAgreement = paramHandler.getAgreement();
-    return { ...paramsAuth, ...auditParameters, ...javaAgreement };
+    return { ...paramsAuth, ...auditParameters };
 };
 module.exports = {
     getAuditConfig

package/dist/commands/scan/sca/scaAnalysis.js

@@ -24,6 +24,7 @@ const scaUpload = require('../../../scaAnalysis/common/scaServicesUpload');
 const settingsHelper = require('../../../utils/settingsHelper');
 const chalk = require('chalk');
 const saveResults = require('../../../scan/saveResults');
+const { convertGenericToTypedReportModelSca } = require('../../../scaAnalysis/common/utils/reportUtilsSca');
 const processSca = async (config) => {
     config = await settingsHelper.getSettings(config);
     const startTime = performance.now();
@@ -102,8 +103,9 @@ const processSca = async (config) => {
                 console.log('');
                 const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
                 startSpinner(reportSpinner);
-                const [reports, reportId] = await scaUpload.scaTreeUpload(messageToSend, config);
-                auditReport.processAuditReport(config, reports[0]);
+                const { reportArray, reportId } = await scaUpload.scaTreeUpload(messageToSend, config);
+                const reportModelLibraryList = convertGenericToTypedReportModelSca(reportArray);
+                auditReport.processAuditReport(config, reportModelLibraryList);
                 succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
                 if (config.save !== undefined) {
                     await auditSave.auditSave(config, reportId);

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.19';
+const APP_VERSION = '1.0.20';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';

package/dist/constants/locales.js

@@ -134,7 +134,10 @@ const en_locales = () => {
             chalk.bold('\ncontrast scan') +
             " to run Contrast's industry leading SAST scanner. \nSupports Java, JavaScript and .Net \n" +
             chalk.bold('\ncontrast audit') +
-            ' to find vulnerabilities in your open source dependencies.\nSupports Java, .NET, Node, Ruby, Python, Go and PHP \n' +
+            ' to find vulnerabilities in your open source dependencies.' +
+            '\nSupports Java, .NET, Node, Ruby, Python, Go and PHP.' +
+            '\nOur CLI runs native build tools to generate a complete dependency tree.' +
+            '\nIf you are running on untrusted code, consider running in a sandbox.\n' +
             chalk.bold('\ncontrast lambda') +
             ' to secure your AWS serverless functions. \nSupports Java and Python \n' +
             chalk.bold('\ncontrast help') +
@@ -181,7 +184,8 @@ const en_locales = () => {
         constantsAuditPrerequisitesContentSupportedLanguages: 'Supported languages and their requirements are:',
         constantsAuditPrerequisitesJavaContentMessage: `
     ${chalk.bold('Java:')} pom.xml ${chalk.bold('and')} Maven build platform including the dependency plugin. 
-    ${chalk.bold('Or')} build.gradle ${chalk.bold('and')} gradle dependencies or ./gradlew dependencies must be supported`,
+    ${chalk.bold('Or')} build.gradle ${chalk.bold('and')} gradle dependencies or ./gradlew dependencies must be supported
+    If you are running on untrusted code, consider running in a sandbox.`,
         constantsAuditPrerequisitesContentDotNetMessage: `
     ${chalk.bold('.NET framework and .NET core:')} MSBuild 15.0 or greater and a packages.lock.json file.
     Note: If the packages.lock.json file is unavailable it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj file and running dotnet build.\n`,

package/dist/scaAnalysis/common/auditReport.js

@@ -1,77 +1,33 @@
 "use strict";
-const { getSeverityCounts, createSummaryMessageTop, printVulnInfo, getReportTable, getIssueRow, printNoVulnFoundMsg } = require('../../audit/report/commonReportingFunctions');
-const { orderBy } = require('lodash');
-const { assignBySeverity } = require('../../scan/formatScanOutput');
-const chalk = require('chalk');
-const { CE_URL } = require('../../constants/constants');
+const { getSeverityCounts, printNoVulnFoundMsg } = require('../../audit/report/commonReportingFunctions');
 const common = require('../../common/fail');
-const i18n = require('i18n');
-const processAuditReport = (config, results) => {
+const { printFormattedOutputSca } = require('./commonReportingFunctionsSca');
+const processAuditReport = (config, reportModelList) => {
     let severityCounts = {};
-    if (results !== undefined) {
-        severityCounts = formatScaServicesReport(config, results);
+    if (reportModelList !== undefined) {
+        severityCounts = formatScaServicesReport(config, reportModelList);
     }
     if (config.fail) {
         common.processFail(config, severityCounts);
     }
 };
-const formatScaServicesReport = (config, results) => {
-    const projectOverviewCount = getSeverityCounts(results);
+const formatScaServicesReport = (config, reportModelList) => {
+    const projectOverviewCount = getSeverityCounts(reportModelList);
     if (projectOverviewCount.total === 0) {
         printNoVulnFoundMsg();
-        return projectOverviewCount;
     }
     else {
-        let total = 0;
-        const numberOfCves = results.length;
-        const table = getReportTable();
-        let contrastHeaderNumCounter = 0;
-        let assignPriorityToResults = results.map(result => assignBySeverity(result, result));
-        const numberOfVulns = results
-            .map(result => result.vulnerabilities)
-            .reduce((a, b) => {
-            return (total += b.length);
-        }, 0);
-        const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(assignPriorityToResults, [
-            reportListItem => {
-                return reportListItem.priority;
-            },
-            reportListItem => {
-                return reportListItem.vulnerabilities.length;
+        const numberOfVulnerableLibraries = reportModelList.map(library => {
+            let count = 0;
+            if (library.vulnerabilities.length > 0) {
+                count++;
             }
-        ], ['asc', 'desc']);
-        for (const result of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
-            contrastHeaderNumCounter++;
-            const cvesNum = result.vulnerabilities.length;
-            const grammaticallyCorrectVul = result.vulnerabilities.length > 1 ? 'vulnerabilities' : 'vulnerability';
-            const headerColour = chalk.hex(result.colour);
-            const headerRow = [
-                headerColour(`CONTRAST-${contrastHeaderNumCounter.toString().padStart(3, '0')}`),
-                headerColour(`-`),
-                headerColour(`[${result.severity}] `) +
-                    headerColour.bold(`${result.artifactName}`) +
-                    ` introduces ${cvesNum} ${grammaticallyCorrectVul}`
-            ];
-            const adviceRow = [
-                chalk.bold(`Advice`),
-                chalk.bold(`:`),
-                `Change to version ${result.remediationAdvice.latestStableVersion}`
-            ];
-            let assignPriorityToVulns = result.vulnerabilities.map(result => assignBySeverity(result, result));
-            const issueRow = getIssueRow(assignPriorityToVulns);
-            table.push(headerRow, issueRow, adviceRow);
-            console.log();
-        }
-        console.log();
-        createSummaryMessageTop(numberOfCves, numberOfVulns);
-        console.log(table.toString() + '\n');
-        printVulnInfo(projectOverviewCount);
-        if (config.host !== CE_URL) {
-            console.log('\n' + chalk.bold(i18n.__('auditServicesMessageForTS')));
-            console.log(`${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs`);
-        }
-        return projectOverviewCount;
+            return count;
+        }).length;
+        let numberOfCves = reportModelList.reduce((count, current) => count + current.vulnerabilities.length, 0);
+        printFormattedOutputSca(config, reportModelList, numberOfVulnerableLibraries, numberOfCves);
     }
+    return projectOverviewCount;
 };
 module.exports = {
     formatScaServicesReport,

package/dist/scaAnalysis/common/commonReportingFunctionsSca.js

@@ -0,0 +1,154 @@
+"use strict";
+const { ReportList, ReportModelStructure, ReportCompositeKey } = require('../../audit/report/models/reportListModel');
+const { countVulnerableLibrariesBySeverity } = require('../../audit/report/utils/reportUtils');
+const { SeverityCountModel } = require('../../audit/report/models/severityCountModel');
+const { orderBy } = require('lodash');
+const { ReportOutputModel, ReportOutputHeaderModel, ReportOutputBodyModel } = require('../../audit/report/models/reportOutputModel');
+const { CE_URL, CRITICAL_COLOUR, HIGH_COLOUR, MEDIUM_COLOUR, LOW_COLOUR, NOTE_COLOUR } = require('../../constants/constants');
+const chalk = require('chalk');
+const Table = require('cli-table3');
+const { findHighestSeverityCVESca, severityCountAllCVEsSca, findCVESeveritySca, orderByHighestPrioritySca } = require('./utils/reportUtilsSca');
+const { buildFormattedHeaderNum } = require('../../audit/report/commonReportingFunctions');
+const createSummaryMessageTop = (numberOfVulnerableLibraries, numberOfCves) => {
+    numberOfVulnerableLibraries === 1
+        ? console.log(`\n\nFound 1 vulnerable library containing ${numberOfCves} CVE`)
+        : console.log(`\n\nFound ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs`);
+};
+const createSummaryMessageBottom = numberOfVulnerableLibraries => {
+    numberOfVulnerableLibraries === 1
+        ? console.log(`Found 1 vulnerability`)
+        : console.log(`Found ${numberOfVulnerableLibraries} vulnerabilities`);
+};
+const printFormattedOutputSca = (config, reportModelList, numberOfVulnerableLibraries, numberOfCves) => {
+    createSummaryMessageTop(numberOfVulnerableLibraries, numberOfCves);
+    console.log();
+    const report = new ReportList();
+    for (const library of reportModelList) {
+        const { artifactName, version, vulnerabilities, remediationAdvice } = library;
+        const newOutputModel = new ReportModelStructure(new ReportCompositeKey(artifactName, version, findHighestSeverityCVESca(vulnerabilities), severityCountAllCVEsSca(vulnerabilities, new SeverityCountModel()).getTotal), vulnerabilities, remediationAdvice);
+        report.reportOutputList.push(newOutputModel);
+    }
+    const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(report.reportOutputList, [
+        reportListItem => {
+            return reportListItem.compositeKey.highestSeverity.priority;
+        },
+        reportListItem => {
+            return reportListItem.compositeKey.numberOfSeverities;
+        }
+    ], ['asc', 'desc']);
+    let contrastHeaderNumCounter = 0;
+    for (const reportModel of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
+        contrastHeaderNumCounter++;
+        const { libraryName, libraryVersion, highestSeverity } = reportModel.compositeKey;
+        const { cveArray, remediationAdvice } = reportModel;
+        const numOfCVEs = reportModel.cveArray.length;
+        const table = getReportTable();
+        const header = buildHeader(highestSeverity, contrastHeaderNumCounter, libraryName, libraryVersion, numOfCVEs);
+        const body = buildBody(cveArray, remediationAdvice);
+        const reportOutputModel = new ReportOutputModel(header, body);
+        table.push(reportOutputModel.body.issueMessage, reportOutputModel.body.adviceMessage);
+        console.log(reportOutputModel.header.vulnMessage, reportOutputModel.header.introducesMessage);
+        console.log(table.toString() + '\n');
+    }
+    createSummaryMessageBottom(numberOfVulnerableLibraries);
+    const { criticalMessage, highMessage, mediumMessage, lowMessage, noteMessage } = buildFooter(outputOrderedByLowestSeverityAndLowestNumOfCvesFirst);
+    console.log(`${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`);
+    if (config.host !== CE_URL) {
+        console.log('\n' + chalk.bold('View your full dependency tree in Contrast:'));
+        console.log(`${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
+    }
+};
+function getReportTable() {
+    return new Table({
+        chars: {
+            top: '',
+            'top-mid': '',
+            'top-left': '',
+            'top-right': '',
+            bottom: '',
+            'bottom-mid': '',
+            'bottom-left': '',
+            'bottom-right': '',
+            left: '',
+            'left-mid': '',
+            mid: '',
+            'mid-mid': '',
+            right: '',
+            'right-mid': '',
+            middle: ' '
+        },
+        style: { 'padding-left': 0, 'padding-right': 0 },
+        colAligns: ['right'],
+        wordWrap: true,
+        colWidths: [12, 1, 100]
+    });
+}
+function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, numOfCVEs) {
+    const vulnerabilityPluralised = numOfCVEs > 1 ? 'vulnerabilities' : 'vulnerability';
+    const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum);
+    const headerColour = chalk.hex(highestSeverity.colour);
+    const headerNumAndSeverity = headerColour(`${formattedHeaderNum} - [${highestSeverity.severity}]`);
+    const libraryNameAndVersion = headerColour.bold(`${libraryName}-${version}`);
+    const vulnMessage = `${headerNumAndSeverity} ${libraryNameAndVersion}`;
+    const introducesMessage = `introduces ${numOfCVEs} ${vulnerabilityPluralised}`;
+    return new ReportOutputHeaderModel(vulnMessage, introducesMessage);
+}
+function buildBody(cveArray, advice) {
+    const orderedCvesWithSeverityAssigned = orderByHighestPrioritySca(cveArray.map(cve => findCVESeveritySca(cve)));
+    const issueMessage = getIssueRow(orderedCvesWithSeverityAssigned);
+    const adviceMessage = getAdviceRow(advice);
+    return new ReportOutputBodyModel(issueMessage, adviceMessage);
+}
+function getIssueRow(cveArray) {
+    const cveMessagesList = getIssueCveMsgList(cveArray);
+    return [chalk.bold('Issue'), ':', `${cveMessagesList.join(', ')}`];
+}
+function getAdviceRow(advice) {
+    const latestOrClosest = advice.latestStableVersion
+        ? advice.latestStableVersion
+        : advice.closestStableVersion;
+    const displayAdvice = latestOrClosest
+        ? `Change to version ${chalk.bold(latestOrClosest)}`
+        : 'No recommendation is available according to our data. Upgrade to the latest stable is the best advice we can give.';
+    return [chalk.bold(`Advice`), chalk.bold(`:`), `${displayAdvice}`];
+}
+const buildFooter = reportModelStructure => {
+    const { critical, high, medium, low, note } = countVulnerableLibrariesBySeverity(reportModelStructure);
+    const criticalMessage = chalk
+        .hex(CRITICAL_COLOUR)
+        .bold(`${critical} Critical`);
+    const highMessage = chalk.hex(HIGH_COLOUR).bold(`${high} High`);
+    const mediumMessage = chalk.hex(MEDIUM_COLOUR).bold(`${medium} Medium`);
+    const lowMessage = chalk.hex(LOW_COLOUR).bold(`${low} Low`);
+    const noteMessage = chalk.hex(NOTE_COLOUR).bold(`${note} Note`);
+    return {
+        criticalMessage,
+        highMessage,
+        mediumMessage,
+        lowMessage,
+        noteMessage
+    };
+};
+const getIssueCveMsgList = reportSeverityModels => {
+    const cveMessages = [];
+    reportSeverityModels.forEach(reportSeverityModel => {
+        const { colour, severity, name } = reportSeverityModel;
+        const severityShorthand = chalk
+            .hex(colour)
+            .bold(`[${severity.charAt(0).toUpperCase()}]`);
+        const builtMessage = severityShorthand + name;
+        cveMessages.push(builtMessage);
+    });
+    return cveMessages;
+};
+module.exports = {
+    createSummaryMessageTop,
+    createSummaryMessageBottom,
+    printFormattedOutputSca,
+    getReportTable,
+    buildHeader,
+    buildBody,
+    getIssueRow,
+    buildFormattedHeaderNum,
+    getIssueCveMsgList
+};

package/dist/scaAnalysis/common/models/ScaReportModel.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ScaReportRemediationAdviceModel = exports.ScaReportVulnerabilityModel = exports.ScaReportModel = void 0;
+class ScaReportModel {
+    constructor(library) {
+        this.uuid = library.uuid;
+        this.groupName = library.groupName;
+        this.artifactName = library.artifactName;
+        this.version = library.version;
+        this.hash = library.hash;
+        this.fileName = library.fileName;
+        this.libraryLanguage = library.libraryLanguage;
+        this.vulnerable = library.vulnerable;
+        this.privateLibrary = library.privateLibrary;
+        this.severity = library.severity;
+        this.releaseDate = library.releaseDate;
+        this.latestVersionReleaseDate = library.latestVersionReleaseDate;
+        this.latestVersion = library.latestVersion;
+        this.versionsBehind = library.versionsBehind;
+        this.vulnerabilities = library.vulnerabilities;
+        this.remediationAdvice = library.remediationAdvice;
+    }
+}
+exports.ScaReportModel = ScaReportModel;
+class ScaReportVulnerabilityModel {
+    constructor(name, description, cvss2Vector, severityValue, severity, cvss3Vector, cvss3SeverityValue, cvss3Severity, hasCvss3) {
+        this.name = name;
+        this.description = description;
+        this.cvss2Vector = cvss2Vector;
+        this.severityValue = severityValue;
+        this.severity = severity;
+        this.cvss3Vector = cvss3Vector;
+        this.cvss3SeverityValue = cvss3SeverityValue;
+        this.cvss3Severity = cvss3Severity;
+        this.hasCvss3 = hasCvss3;
+    }
+}
+exports.ScaReportVulnerabilityModel = ScaReportVulnerabilityModel;
+class ScaReportRemediationAdviceModel {
+    constructor(closestStableVersion, latestStableVersion) {
+        this.closestStableVersion = closestStableVersion;
+        this.latestStableVersion = latestStableVersion;
+    }
+}
+exports.ScaReportRemediationAdviceModel = ScaReportRemediationAdviceModel;

package/dist/scaAnalysis/common/scaServicesUpload.js

@@ -44,16 +44,17 @@ const scaTreeUpload = async (analysis, config) => {
             if (res.body.status === 'COMPLETED') {
                 keepChecking = false;
                 return client.scaServiceReport(config, reportID).then(res => {
-                    return [res.body, reportID];
+                    const reportBody = res.body;
+                    return { reportBody, reportID };
                 });
             }
         });
         if (!keepChecking) {
-            return [res, reportID];
+            return { reportArray: res.reportBody, reportID };
         }
         await requestUtils.sleep(5000);
     }
-    return [res, reportID];
+    return { reportArray: res, reportID };
 };
 module.exports = {
     scaTreeUpload

package/dist/scaAnalysis/common/utils/reportUtilsSca.js

@@ -0,0 +1,76 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.severityCountSingleCVESca = exports.severityCountAllCVEsSca = exports.severityCountAllLibrariesSca = exports.convertGenericToTypedReportModelSca = exports.findCVESeveritySca = exports.orderByHighestPrioritySca = exports.findHighestSeverityCVESca = void 0;
+const lodash_1 = require("lodash");
+const constants_1 = require("../../../constants/constants");
+const reportSeverityModel_1 = require("../../../audit/report/models/reportSeverityModel");
+const ScaReportModel_1 = require("../models/ScaReportModel");
+function findHighestSeverityCVESca(cveArray) {
+    const mappedToReportSeverityModels = cveArray.map(cve => findCVESeveritySca(cve));
+    return (0, lodash_1.orderBy)(mappedToReportSeverityModels, cve => cve?.priority)[0];
+}
+exports.findHighestSeverityCVESca = findHighestSeverityCVESca;
+function orderByHighestPrioritySca(reportSeverityModel) {
+    return (0, lodash_1.orderBy)(reportSeverityModel, ['priority'], ['asc']);
+}
+exports.orderByHighestPrioritySca = orderByHighestPrioritySca;
+function findCVESeveritySca(vulnerabilityModel) {
+    const { name } = vulnerabilityModel;
+    if (vulnerabilityModel.cvss3Severity === 'CRITICAL' ||
+        vulnerabilityModel.severity === 'CRITICAL') {
+        return new reportSeverityModel_1.ReportSeverityModel('CRITICAL', constants_1.CRITICAL_PRIORITY, constants_1.CRITICAL_COLOUR, name);
+    }
+    else if (vulnerabilityModel.cvss3Severity === 'HIGH' ||
+        vulnerabilityModel.severity === 'HIGH') {
+        return new reportSeverityModel_1.ReportSeverityModel('HIGH', constants_1.HIGH_PRIORITY, constants_1.HIGH_COLOUR, name);
+    }
+    else if (vulnerabilityModel.cvss3Severity === 'MEDIUM' ||
+        vulnerabilityModel.severity === 'MEDIUM') {
+        return new reportSeverityModel_1.ReportSeverityModel('MEDIUM', constants_1.MEDIUM_PRIORITY, constants_1.MEDIUM_COLOUR, name);
+    }
+    else if (vulnerabilityModel.cvss3Severity === 'LOW' ||
+        vulnerabilityModel.severity === 'LOW') {
+        return new reportSeverityModel_1.ReportSeverityModel('LOW', constants_1.LOW_PRIORITY, constants_1.LOW_COLOUR, name);
+    }
+    else if (vulnerabilityModel.cvss3Severity === 'NOTE' ||
+        vulnerabilityModel.severity === 'NOTE') {
+        return new reportSeverityModel_1.ReportSeverityModel('NOTE', constants_1.NOTE_PRIORITY, constants_1.NOTE_COLOUR, name);
+    }
+}
+exports.findCVESeveritySca = findCVESeveritySca;
+function convertGenericToTypedReportModelSca(reportArray) {
+    return reportArray.map((library) => {
+        return new ScaReportModel_1.ScaReportModel(library);
+    });
+}
+exports.convertGenericToTypedReportModelSca = convertGenericToTypedReportModelSca;
+function severityCountAllLibrariesSca(vulnerableLibraries, severityCount) {
+    vulnerableLibraries.forEach(lib => severityCountAllCVEsSca(lib.vulnerabilities, severityCount));
+    return severityCount;
+}
+exports.severityCountAllLibrariesSca = severityCountAllLibrariesSca;
+function severityCountAllCVEsSca(cveArray, severityCount) {
+    const severityCountInner = severityCount;
+    cveArray.forEach(cve => severityCountSingleCVESca(cve, severityCountInner));
+    return severityCountInner;
+}
+exports.severityCountAllCVEsSca = severityCountAllCVEsSca;
+function severityCountSingleCVESca(cve, severityCount) {
+    if (cve.cvss3Severity === 'CRITICAL' || cve.severity === 'CRITICAL') {
+        severityCount.critical += 1;
+    }
+    else if (cve.cvss3Severity === 'HIGH' || cve.severity === 'HIGH') {
+        severityCount.high += 1;
+    }
+    else if (cve.cvss3Severity === 'MEDIUM' || cve.severity === 'MEDIUM') {
+        severityCount.medium += 1;
+    }
+    else if (cve.cvss3Severity === 'LOW' || cve.severity === 'LOW') {
+        severityCount.low += 1;
+    }
+    else if (cve.cvss3Severity === 'NOTE' || cve.severity === 'NOTE') {
+        severityCount.note += 1;
+    }
+    return severityCount;
+}
+exports.severityCountSingleCVESca = severityCountSingleCVESca;

package/dist/scaAnalysis/java/analysis.js

@@ -111,34 +111,7 @@ const getJavaBuildDeps = (config, files) => {
         console.log(err.message.toString());
     }
 };
-const agreementPrompt = async (config) => {
-    const rl = readLine.createInterface({
-        input: process.stdin,
-        output: process.stdout
-    });
-    return new Promise((resolve, reject) => {
-        rl.question('❔ Do you want to continue? Type Y or N', async (input) => {
-            if (input.toLowerCase() === 'yes' || input.toLowerCase() === 'y') {
-                config.javaAgreement = paramHandler.setAgreement(true);
-                rl.close();
-                resolve(config);
-            }
-            else if (input.toLowerCase() === 'no' || input.toLowerCase() === 'n') {
-                rl.close();
-                resolve(process.exit(1));
-            }
-            else {
-                rl.close();
-                console.log('Invalid Input: Exiting');
-                resolve(process.exit(1));
-            }
-        });
-    }).catch(e => {
-        throw e;
-    });
-};
 module.exports = {
     getJavaBuildDeps,
-    determineProjectTypeAndCwd,
-    agreementPrompt
+    determineProjectTypeAndCwd
 };