@contrast/contrast 1.0.19 → 1.0.21

package/src/audit/report/utils/reportUtils.ts

@@ -3,8 +3,7 @@ import {
   ReportLibraryModel
 } from '../models/reportLibraryModel'
 import { ReportSeverityModel } from '../models/reportSeverityModel'
-import languageAnalysisEngine from '../../../constants/constants'
-import {
+import languageAnalysisEngine, {
   CRITICAL_COLOUR,
   CRITICAL_PRIORITY,
   HIGH_COLOUR,
@@ -19,6 +18,7 @@ import {
 import { orderBy } from 'lodash'
 import { SeverityCountModel } from '../models/severityCountModel'
 import { ReportModelStructure } from '../models/reportListModel'
+
 const {
   supportedLanguages: { GO }
 } = languageAnalysisEngine
@@ -30,8 +30,8 @@ export function findHighestSeverityCVE(cveArray: ReportCVEModel[]) {
   return orderBy(mappedToReportSeverityModels, cve => cve?.priority)[0]
 }
 
-export function orderByHighestPriority(cves: ReportCVEModel[]) {
-  return orderBy(cves, ['priority'], ['asc'])
+export function orderByHighestPriority(severityModels: ReportSeverityModel[]) {
+  return orderBy(severityModels, ['priority'], ['asc'])
 }
 
 export function findCVESeverity(cve: ReportCVEModel) {

package/src/cliConstants.js

@@ -337,10 +337,6 @@ const auditOptionDefinitions = [
       '}: ' +
       i18n.__('constantsIgnoreDev')
   },
-  {
-    name: 'fingerprint',
-    type: Boolean
-  },
   {
     name: 'save',
     alias: 's',
@@ -405,6 +401,16 @@ const auditOptionDefinitions = [
   }
 ]
 
+const fingerprintOptionDefinitions = [
+  ...auditOptionDefinitions,
+  {
+    name: 'depth',
+    type: Number,
+    description:
+      '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('depthOption')
+  }
+]
+
 const mainUsageGuide = commandLineUsage([
   {
     header: i18n.__('constantsHeader'),
@@ -426,7 +432,8 @@ const mainUsageGuide = commandLineUsage([
       { name: i18n.__('auditName'), summary: i18n.__('helpAuditSummary') },
       { name: i18n.__('versionName'), summary: i18n.__('helpVersionSummary') },
       { name: i18n.__('configName'), summary: i18n.__('helpConfigSummary') },
-      { name: i18n.__('helpName'), summary: i18n.__('helpSummary') }
+      { name: i18n.__('helpName'), summary: i18n.__('helpSummary') },
+      { name: i18n.__('learnName'), summary: i18n.__('helpLearnSummary') }
     ]
   },
   {
@@ -440,7 +447,8 @@ const mainUsageGuide = commandLineUsage([
     ]
   },
   commonHelpLinks()[0],
-  commonHelpLinks()[1]
+  commonHelpLinks()[1],
+  commonHelpLinks()[2]
 ])
 
 const mainDefinition = [{ name: 'command', defaultOption: true }]
@@ -450,6 +458,7 @@ module.exports = {
     mainUsageGuide,
     mainDefinition,
     scanOptionDefinitions,
+    fingerprintOptionDefinitions,
     auditOptionDefinitions,
     authOptionDefinitions,
     configOptionDefinitions,

package/src/commands/audit/auditConfig.js

@@ -10,8 +10,7 @@ const getAuditConfig = async (contrastConf, command, argv) => {
     constants.commandLineDefinitions.auditOptionDefinitions
   )
   const paramsAuth = paramHandler.getAuth(auditParameters)
-  const javaAgreement = paramHandler.getAgreement()
-  return { ...paramsAuth, ...auditParameters, ...javaAgreement }
+  return { ...paramsAuth, ...auditParameters }
 }
 
 module.exports = {

package/src/commands/audit/help.js

@@ -62,7 +62,8 @@ const auditUsageGuide = commandLineUsage([
       constants.commandLineDefinitions.auditAdvancedOptionDefinitionsForHelp
   },
   commonHelpLinks()[0],
-  commonHelpLinks()[1]
+  commonHelpLinks()[1],
+  commonHelpLinks()[2]
 ])
 
 module.exports = {

package/src/commands/audit/processAudit.js

@@ -1,6 +1,6 @@
 const auditConfig = require('./auditConfig')
 const { auditUsageGuide } = require('./help')
-const scaController = require('../scan/sca/scaAnalysis')
+const scaController = require('../../scaAnalysis/scaAnalysis')
 const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry')
 const { postRunMessage } = require('../../common/commonHelp')
 

package/src/commands/fingerprint/fingerprintConfig.js

@@ -0,0 +1,19 @@
+const parsedCLIOptions = require('../../utils/parsedCLIOptions')
+const constants = require('../../cliConstants')
+const paramHandler = require('../../utils/paramsUtil/paramHandler')
+
+const getFingerprintConfig = async (contrastConf, command, argv) => {
+  const fingerprintParameters = await parsedCLIOptions.getCommandLineArgsCustom(
+    contrastConf,
+    command,
+    argv,
+    constants.commandLineDefinitions.fingerprintOptionDefinitions
+  )
+  const paramsAuth = paramHandler.getAuth(fingerprintParameters)
+
+  return { ...paramsAuth, ...fingerprintParameters }
+}
+
+module.exports = {
+  getFingerprintConfig
+}

package/src/commands/fingerprint/processFingerprint.js

@@ -0,0 +1,21 @@
+const fingerprintConfig = require('./fingerprintConfig')
+const autoDetection = require('../../scan/autoDetection')
+const saveResults = require('../../scan/saveResults')
+const processFingerprint = async (contrastConf, argvMain) => {
+  const config = await fingerprintConfig.getFingerprintConfig(
+    contrastConf,
+    'fingerprint',
+    argvMain
+  )
+  let fingerprint = await autoDetection.autoDetectFingerprintInfo(
+    config.file,
+    config.depth
+  )
+  let idArray = fingerprint.map(x => x.id)
+  await saveResults.writeResultsToFile(fingerprint, 'fingerPrintInfo.json')
+  return console.log(idArray)
+}
+
+module.exports = {
+  processFingerprint
+}

package/src/commands/learn/learn.js

@@ -0,0 +1,10 @@
+const open = require('open')
+
+async function openLearnPage() {
+  const url = 'https://www.contrastsecurity.com/developer/learn'
+  return open(url)
+}
+
+module.exports = {
+  openLearnPage
+}

package/src/commands/learn/processLearn.js

@@ -0,0 +1,13 @@
+const { openLearnPage } = require('./learn')
+
+async function processLearn() {
+  console.log('Opening develop central...')
+  console.log(
+    'If the page does not open you can open it directly via https://www.contrastsecurity.com/developer/learn'
+  )
+  return openLearnPage()
+}
+
+module.exports = {
+  processLearn
+}

package/src/common/commonHelp.js

@@ -19,6 +19,11 @@ const commonHelpLinks = () => {
         i18n.__('commonHelpLearnMoreEnterpriseHeader') +
           i18n.__('commonHelpLearnMoreEnterpriseText')
       ]
+    },
+    {
+      content: [
+        i18n.__('commonHelpLearnHeader') + i18n.__('commonHelpLearnText')
+      ]
     }
   ]
 }
@@ -27,7 +32,7 @@ const postRunMessage = commandName => {
   console.log('\n' + chalk.underline.bold('Other Features:'))
   if (commandName !== 'scan')
     console.log(
-      "'contrast scan' to run Contrasts’ industry leading SAST scanner"
+      "'contrast scan' to run Contrast's industry leading SAST scanner"
     )
   if (commandName !== 'audit')
     console.log(
@@ -35,6 +40,11 @@ const postRunMessage = commandName => {
     )
   if (commandName !== 'lambda')
     console.log("'contrast lambda' to secure your AWS serverless functions")
+
+  if (commandName !== 'learn')
+    console.log(
+      "'contrast learn' launches Contrast's Secure Code Learning Hub."
+    )
 }
 
 module.exports = {

package/src/constants/constants.js

@@ -14,7 +14,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 // App
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.19'
+const APP_VERSION = '1.0.21'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'

package/src/constants/locales.js

@@ -177,6 +177,12 @@ const en_locales = () => {
     versionName: 'version',
     configName: 'config',
     helpName: 'help',
+    learnName: 'learn',
+    helpLearnSummary: 'launches Contrast’s Secure Code Learning Hub.',
+    fingerprintName:
+      'assess repo to see how many languages it can detect. For use in pipeline only.',
+    depthOption:
+      'can set how deep in the file system the cli looks for language files',
     scanOptionsLanguageSummary: 'Valid values are JAVA, JAVASCRIPT and DOTNET',
     scanOptionsTimeoutSummary:
       'Time in seconds to wait for scan to complete. Default value is 300 seconds.',
@@ -194,7 +200,10 @@ const en_locales = () => {
       chalk.bold('\ncontrast scan') +
       " to run Contrast's industry leading SAST scanner. \nSupports Java, JavaScript and .Net \n" +
       chalk.bold('\ncontrast audit') +
-      ' to find vulnerabilities in your open source dependencies.\nSupports Java, .NET, Node, Ruby, Python, Go and PHP \n' +
+      ' to find vulnerabilities in your open source dependencies.' +
+      '\nSupports Java, .NET, Node, Ruby, Python, Go and PHP.' +
+      '\nOur CLI runs native build tools to generate a complete dependency tree.' +
+      '\nIf you are running on untrusted code, consider running in a sandbox.\n' +
       chalk.bold('\ncontrast lambda') +
       ' to secure your AWS serverless functions. \nSupports Java and Python \n' +
       chalk.bold('\ncontrast help') +
@@ -259,7 +268,8 @@ const en_locales = () => {
     )} Maven build platform including the dependency plugin. 
     ${chalk.bold('Or')} build.gradle ${chalk.bold(
       'and'
-    )} gradle dependencies or ./gradlew dependencies must be supported`,
+    )} gradle dependencies or ./gradlew dependencies must be supported
+    If you are running on untrusted code, consider running in a sandbox.`,
     constantsAuditPrerequisitesContentDotNetMessage: `
     ${chalk.bold(
       '.NET framework and .NET core:'
@@ -316,7 +326,16 @@ const en_locales = () => {
     commonHelpJoinDiscussionHeader: chalk.hex('#9DC184')(
       'Join the discussion:'
     ),
-    commonHelpJoinDiscussionText: ' https://dev.to/codesec',
+    commonHelpJoinDiscussionText:
+      ' https://www.contrastsecurity.com/developer/community',
+    commonHelpLearnHeader:
+      chalk.hex('#ffe599')('\rWant to UP your game?') +
+      " type 'contrast learn'",
+    commonHelpLearnText: `\n🎓 Advance your security knowledge and become an ${chalk.hex(
+      '#ffd966'
+    )('All-star coder')} ⭐  with ${chalk.bold(
+      'Contrast Secure Code Learning Hub.'
+    )} 😺`,
     authCommand: {
       credentialsAccepted: {
         title: 'Credentials accepted',

package/src/index.ts

@@ -5,6 +5,7 @@ import { processAudit } from './commands/audit/processAudit'
 import { processAuth } from './commands/auth/auth'
 import { processConfig } from './commands/config/config'
 import { processScan } from './commands/scan/processScan'
+import { processFingerprint } from './commands/fingerprint/processFingerprint'
 import constants from './cliConstants'
 import { APP_NAME, APP_VERSION } from './constants/constants'
 import { processLambda } from './lambda/lambda'
@@ -15,6 +16,8 @@ import {
 } from './common/versionChecker'
 import { findCommandOnError } from './common/errorHandling'
 import { sendTelemetryConfigAsConfObj } from './telemetry/telemetry'
+import { openLearnPage } from './commands/learn/learn'
+import { processLearn } from './commands/learn/processLearn'
 const {
   commandLineDefinitions: { mainUsageGuide, mainDefinition }
 } = constants
@@ -82,6 +85,14 @@ const start = async () => {
         return await processAudit(config, argvMain)
       }
 
+      if (command === 'learn') {
+        return processLearn()
+      }
+
+      if (command === 'fingerprint') {
+        return await processFingerprint(config, argvMain)
+      }
+
       if (
         command === 'help' ||
         argvMain.includes('--help') ||

package/src/lambda/help.ts

@@ -82,7 +82,8 @@ const lambdaUsageGuide = commandLineUsage([
     ]
   },
   commonHelpLinks()[0],
-  commonHelpLinks()[1]
+  commonHelpLinks()[1],
+  commonHelpLinks()[2]
 ])
 
 export { lambdaUsageGuide }

package/src/scaAnalysis/common/auditReport.js

@@ -1,105 +1,50 @@
 const {
   getSeverityCounts,
-  createSummaryMessageTop,
-  printVulnInfo,
-  getReportTable,
-  getIssueRow,
   printNoVulnFoundMsg
 } = require('../../audit/report/commonReportingFunctions')
-const { orderBy } = require('lodash')
-const { assignBySeverity } = require('../../scan/formatScanOutput')
-const chalk = require('chalk')
-const { CE_URL } = require('../../constants/constants')
 const common = require('../../common/fail')
-const i18n = require('i18n')
+const { printFormattedOutputSca } = require('./commonReportingFunctionsSca')
 
-const processAuditReport = (config, results) => {
+const processAuditReport = (config, reportModelList) => {
   let severityCounts = {}
-  if (results !== undefined) {
-    severityCounts = formatScaServicesReport(config, results)
+  if (reportModelList !== undefined) {
+    severityCounts = formatScaServicesReport(config, reportModelList)
   }
 
   if (config.fail) {
     common.processFail(config, severityCounts)
   }
 }
-const formatScaServicesReport = (config, results) => {
-  const projectOverviewCount = getSeverityCounts(results)
+const formatScaServicesReport = (config, reportModelList) => {
+  const projectOverviewCount = getSeverityCounts(reportModelList)
 
   if (projectOverviewCount.total === 0) {
     printNoVulnFoundMsg()
-    return projectOverviewCount
   } else {
-    let total = 0
-    const numberOfCves = results.length
-    const table = getReportTable()
-    let contrastHeaderNumCounter = 0
-    let assignPriorityToResults = results.map(result =>
-      assignBySeverity(result, result)
-    )
-    const numberOfVulns = results
-      .map(result => result.vulnerabilities)
-      .reduce((a, b) => {
-        return (total += b.length)
-      }, 0)
-    const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(
-      assignPriorityToResults,
-      [
-        reportListItem => {
-          return reportListItem.priority
-        },
-        reportListItem => {
-          return reportListItem.vulnerabilities.length
-        }
-      ],
-      ['asc', 'desc']
-    )
-
-    for (const result of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
-      contrastHeaderNumCounter++
-      const cvesNum = result.vulnerabilities.length
-      const grammaticallyCorrectVul =
-        result.vulnerabilities.length > 1 ? 'vulnerabilities' : 'vulnerability'
-
-      const headerColour = chalk.hex(result.colour)
-      const headerRow = [
-        headerColour(
-          `CONTRAST-${contrastHeaderNumCounter.toString().padStart(3, '0')}`
-        ),
-        headerColour(`-`),
-        headerColour(`[${result.severity}] `) +
-          headerColour.bold(`${result.artifactName}`) +
-          ` introduces ${cvesNum} ${grammaticallyCorrectVul}`
-      ]
+    const numberOfVulnerableLibraries = reportModelList.map(library => {
+      let count = 0
 
-      const adviceRow = [
-        chalk.bold(`Advice`),
-        chalk.bold(`:`),
-        `Change to version ${result.remediationAdvice.latestStableVersion}`
-      ]
+      if (library.vulnerabilities.length > 0) {
+        count++
+      }
 
-      let assignPriorityToVulns = result.vulnerabilities.map(result =>
-        assignBySeverity(result, result)
-      )
-      const issueRow = getIssueRow(assignPriorityToVulns)
+      return count
+    }).length
 
-      table.push(headerRow, issueRow, adviceRow)
-      console.log()
-    }
-
-    console.log()
-    createSummaryMessageTop(numberOfCves, numberOfVulns)
-    console.log(table.toString() + '\n')
-    printVulnInfo(projectOverviewCount)
+    let numberOfCves = reportModelList.reduce(
+      (count, current) => count + current.vulnerabilities.length,
+      0
+    )
 
-    if (config.host !== CE_URL) {
-      console.log('\n' + chalk.bold(i18n.__('auditServicesMessageForTS')))
-      console.log(
-        `${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs`
-      )
-    }
-    return projectOverviewCount
+    printFormattedOutputSca(
+      config,
+      reportModelList,
+      numberOfVulnerableLibraries,
+      numberOfCves
+    )
   }
+
+  return projectOverviewCount
 }
 module.exports = {
   formatScaServicesReport,