@contrast/contrast 1.0.2 → 1.0.3

package/dist/scan/saveResults.js

@@ -1,15 +1,14 @@
 "use strict";
 const fs = require('fs');
-const writeResultsToFile = (responseBody, name = 'results.sarif') => {
-    fs.writeFile(name, JSON.stringify(responseBody, null, 2), err => {
-        if (err) {
-            console.log('Error writing Scan Results to file');
-        }
-        else {
-            console.log(`Scan Results saved to ${name}`);
-        }
-    });
+const writeResultsToFile = async (responseBody, name = 'results.sarif') => {
+    try {
+        fs.writeFileSync(name, JSON.stringify(responseBody, null, 2));
+        console.log(`Scan Results saved to ${name}`);
+    }
+    catch (err) {
+        console.log('Error writing Scan Results to file');
+    }
 };
 module.exports = {
-    writeResultsToFile
+    writeResultsToFile: writeResultsToFile
 };

package/dist/scan/scan.js

@@ -50,6 +50,7 @@ const sendScan = async (config) => {
                 oraWrapper.failSpinner(startUploadSpinner, i18n.__('uploadingScanFail'));
                 if (res.statusCode === 403) {
                     console.log(i18n.__('permissionsError'));
+                    process.exit(1);
                 }
                 console.log(i18n.__('genericServiceError', res.statusCode));
                 process.exit(1);
@@ -79,6 +80,15 @@ const formatScanOutput = (overview, results) => {
                 console.log(`\t ${count}. ${lineInfo}`);
                 count++;
             });
+            if (entry?.cwe && entry?.cwe.length > 0) {
+                formatLinks('cwe', entry.cwe);
+            }
+            if (entry?.reference && entry?.reference.length > 0) {
+                formatLinks('reference', entry.reference);
+            }
+            if (entry?.owasp && entry?.owasp.length > 0) {
+                formatLinks('owasp', entry.owasp);
+            }
             console.log(chalk.bold('How to fix:'));
             console.log(entry.recommendation);
             console.log();
@@ -88,10 +98,18 @@ const formatScanOutput = (overview, results) => {
             overview.medium +
             overview.low +
             overview.note;
-        console.log(chalk.bold(`Found ${totalVulnerabilities} vulnerabilities`));
+        let vulMessage = totalVulnerabilities === 1 ? `vulnerability` : `vulnerabilities`;
+        console.log(chalk.bold(`Found ${totalVulnerabilities} ${vulMessage}`));
         console.log(i18n.__('foundDetailedVulnerabilities', overview.critical, overview.high, overview.medium, overview.low, overview.note));
     }
 };
+const formatLinks = (objName, entry) => {
+    console.log(chalk.bold(objName + ':'));
+    entry.forEach(link => {
+        console.log(link);
+    });
+    console.log();
+};
 const getGroups = content => {
     const groupTypeSet = new Set(content.map(({ ruleId }) => ruleId));
     let groupTypeResults = [];
@@ -99,12 +117,18 @@ const getGroups = content => {
         let groupResultsObj = {
             ruleId: groupName,
             lineInfoSet: new Set(),
+            cwe: '',
+            owasp: '',
+            reference: '',
             recommendation: '',
             severity: ''
         };
         content.forEach(resultEntry => {
             if (resultEntry.ruleId === groupName) {
                 groupResultsObj.severity = resultEntry.severity;
+                groupResultsObj.cwe = resultEntry.cwe;
+                groupResultsObj.owasp = resultEntry.owasp;
+                groupResultsObj.reference = resultEntry.reference;
                 groupResultsObj.recommendation = resultEntry.recommendation
                     ? stripMustacheTags(resultEntry.recommendation)
                     : 'No Recommendations Data Found';
@@ -132,5 +156,6 @@ module.exports = {
     allowedFileTypes: allowedFileTypes,
     isFileAllowed: isFileAllowed,
     stripMustacheTags: stripMustacheTags,
-    formatScanOutput: formatScanOutput
+    formatScanOutput: formatScanOutput,
+    formatLinks: formatLinks
 };

package/dist/scan/scanConfig.js

@@ -3,9 +3,24 @@ const paramHandler = require('../utils/paramsUtil/paramHandler');
 const constants = require('../../src/constants.js');
 const parsedCLIOptions = require('../../src/utils/parsedCLIOptions');
 const path = require('path');
+const { supportedLanguages } = require('../audit/languageAnalysisEngine/constants');
+const i18n = require('i18n');
+const { scanUsageGuide } = require('./help');
 const getScanConfig = argv => {
     let scanParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.scanOptionDefinitions);
+    if (scanParams.help) {
+        printHelpMessage();
+        process.exit(0);
+    }
     const paramsAuth = paramHandler.getAuth(scanParams);
+    if (scanParams.language) {
+        scanParams.language = scanParams.language.toUpperCase();
+        if (!Object.values(supportedLanguages).includes(scanParams.language)) {
+            console.log(`Did not recognise --language ${scanParams.language}`);
+            console.log(i18n.__('constantsHowToRunDev3'));
+            process.exit(0);
+        }
+    }
     if (!scanParams.name && scanParams.file) {
         scanParams.name = getFileName(scanParams.file);
     }
@@ -14,7 +29,11 @@ const getScanConfig = argv => {
 const getFileName = file => {
     return file.split(path.sep).pop();
 };
+const printHelpMessage = () => {
+    console.log(scanUsageGuide);
+};
 module.exports = {
     getScanConfig,
-    getFileName
+    getFileName,
+    printHelpMessage
 };

package/dist/scan/scanController.js

@@ -6,6 +6,7 @@ const scan = require('./scan');
 const scanResults = require('./scanResults');
 const autoDetection = require('./autoDetection');
 const fileFunctions = require('./fileUtils');
+const { performance } = require('perf_hooks');
 const getTimeout = config => {
     if (config.timeout) {
         return config.timeout;
@@ -21,7 +22,7 @@ const fileAndLanguageLogic = async (configToUse) => {
     if (configToUse.file) {
         if (!fileFunctions.fileExists(configToUse.file)) {
             console.log(i18n.__('fileNotExist'));
-            process.exit(0);
+            process.exit(1);
         }
         return configToUse;
     }
@@ -32,17 +33,21 @@ const fileAndLanguageLogic = async (configToUse) => {
     }
 };
 const startScan = async (configToUse) => {
+    const startTime = performance.now();
     await fileAndLanguageLogic(configToUse);
     if (!configToUse.projectId) {
         configToUse.projectId = await populateProjectIdAndProjectName.populateProjectId(configToUse);
     }
     const codeArtifactId = await scan.sendScan(configToUse);
     if (!configToUse.ff) {
-        const startScanSpinner = returnOra('Contrast Scan started');
+        const startScanSpinner = returnOra('🚀 Contrast Scan started');
         startSpinner(startScanSpinner);
         const scanDetail = await scanResults.returnScanResults(configToUse, codeArtifactId, getTimeout(configToUse), startScanSpinner);
         const scanResultsInstances = await scanResults.returnScanResultsInstances(configToUse, scanDetail.id);
+        const endTime = performance.now();
+        const scanDurationMs = endTime - startTime;
         succeedSpinner(startScanSpinner, 'Contrast Scan complete');
+        console.log(`----- Scan completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
         const projectOverview = await scanResults.returnScanProjectById(configToUse);
         return { projectOverview, scanDetail, scanResultsInstances };
     }

package/dist/scan/scanResults.js

@@ -3,6 +3,7 @@ const commonApi = require('../utils/commonApi');
 const requestUtils = require('../../src/utils/requestUtils');
 const oraFunctions = require('../utils/oraWrapper');
 const _ = require('lodash');
+const i18n = require('i18n');
 const getScanId = async (config, codeArtifactId, client) => {
     return client
         .getScanId(config, codeArtifactId)
@@ -41,6 +42,10 @@ const returnScanResults = async (config, codeArtifactId, timeout, startScanSpinn
                     complete = true;
                     oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan Failed.');
                     console.log(result.body.errorMessage);
+                    if (result.body.errorMessage ===
+                        'Unable to determine language for code artifact') {
+                        console.log('Try scanning again using --language param. ', i18n.__('scanOptionsLanguageSummary'));
+                    }
                     process.exit(1);
                 }
             }

package/dist/utils/requestUtils.js

@@ -6,7 +6,7 @@ function sendRequest({ options, method = 'put' }) {
     return request[`${method}Async`](options.url, options);
 }
 const millisToSeconds = millis => {
-    return ((millis % 60000) / 1000).toFixed(0);
+    return (millis / 1000).toFixed(0);
 };
 const sleep = ms => {
     return new Promise(resolve => setTimeout(resolve, ms));

package/dist/utils/saveFile.js

@@ -0,0 +1,19 @@
+"use strict";
+const { SARIF_FILE } = require('../constants/constants');
+const commonApi = require('./commonApi');
+const saveResults = require('../scan/saveResults');
+const i18n = require('i18n');
+const saveScanFile = async (config, scanResults) => {
+    if (config.save === null || config.save.toUpperCase() === SARIF_FILE) {
+        const scanId = scanResults.scanDetail.id;
+        const client = commonApi.getHttpClient(config);
+        const rawResults = await client.getSpecificScanResultSarif(config, scanId);
+        await saveResults.writeResultsToFile(rawResults?.body);
+    }
+    else {
+        console.log(i18n.__('scanNoFiletypeSpecifiedForSave'));
+    }
+};
+module.exports = {
+    saveScanFile: saveScanFile
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {

package/src/audit/languageAnalysisEngine/langugageAnalysisFactory.js

@@ -13,6 +13,10 @@ const { vulnerabilityReport } = require('./report/reportingFeature')
 const { vulnReportWithoutDevDep } = require('./report/newReportingFeature')
 const { checkDevDeps } = require('./report/checkIgnoreDevDep')
 const { newSendSnapShot } = require('../languageAnalysisEngine/sendSnapshot')
+const fs = require('fs')
+const chalk = require('chalk')
+const saveFile = require('../../commands/audit/saveFile').default
+const generateSbom = require('../../sbom/generateSbom').default
 
 module.exports = exports = (err, analysis) => {
   const { identifiedLanguageInfo } = analysis.languageAnalysis
@@ -59,6 +63,10 @@ module.exports = exports = (err, analysis) => {
         await vulnerabilityReport(analysis, catalogueAppId, config)
       }
     }
+
+    //should be moved to processAudit.ts once promises implemented
+    await auditSave(config)
+
     console.log(
       '\n ***************CONTRAST OSS ANALYSIS COMPLETE************** \n'
     )
@@ -92,3 +100,27 @@ module.exports = exports = (err, analysis) => {
     goAE(identifiedLanguageInfo, analysis.config, langCallback)
   }
 }
+
+async function auditSave(config) {
+  //should be moved to processAudit.ts once promises implemented
+  if (config.save) {
+    if (config.save.toLowerCase() === 'sbom') {
+      saveFile(config, await generateSbom(config))
+
+      const filename = `${config.applicationId}-sbom-cyclonedx.json`
+      if (fs.existsSync(filename)) {
+        console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`)
+      } else {
+        console.log(
+          chalk.yellow.bold(
+            `\n Unable to save ${filename} Software Bill of Materials (SBOM)`
+          )
+        )
+      }
+    } else {
+      console.log(i18n.__('auditBadFiletypeSpecifiedForSave'))
+    }
+  } else {
+    console.log(i18n.__('auditNoFiletypeSpecifiedForSave'))
+  }
+}

package/src/commands/audit/processAudit.ts

@@ -11,7 +11,6 @@ export const processAudit = async (argv: parameterInput) => {
   }
   const config = getAuditConfig(argv)
   const auditResults = await startAudit(config)
-  //report here
 }
 
 const printHelpMessage = () => {

package/src/commands/audit/saveFile.ts

@@ -0,0 +1,6 @@
+import fs from 'fs'
+
+export default function saveFile(config: any, rawResults: any) {
+  const fileName = `${config.applicationId}-sbom-cyclonedx.json`
+  fs.writeFileSync(fileName, JSON.stringify(rawResults))
+}

package/src/commands/auth/auth.js

@@ -11,8 +11,21 @@ const {
   succeedSpinner
 } = require('../../utils/oraWrapper')
 const { TIMEOUT, AUTH_UI_URL } = require('../../constants/constants')
+const parsedCLIOptions = require('../../utils/parsedCLIOptions')
+const constants = require('../../constants')
+const commandLineUsage = require('command-line-usage')
+
+const processAuth = async (argv, config) => {
+  let authParams = parsedCLIOptions.getCommandLineArgsCustom(
+    argv,
+    constants.commandLineDefinitions.authOptionDefinitions
+  )
+
+  if (authParams.help) {
+    console.log(authUsageGuide)
+    process.exit(0)
+  }
 
-const processAuth = async config => {
   const token = uuidv4()
   const url = `${AUTH_UI_URL}/?token=${token}`
 
@@ -68,6 +81,17 @@ const pollAuthResult = async (token, client) => {
     })
 }
 
+const authUsageGuide = commandLineUsage([
+  {
+    header: i18n.__('authHeader'),
+    content: [i18n.__('constantsAuthHeaderContents')]
+  },
+  {
+    header: i18n.__('constantsAuthUsageHeader'),
+    content: [i18n.__('constantsAuthUsageContents')]
+  }
+])
+
 module.exports = {
   processAuth: processAuth
 }

package/src/commands/config/config.js

@@ -1,15 +1,19 @@
-const commandLineArgs = require('command-line-args')
+const parsedCLIOptions = require('../../utils/parsedCLIOptions')
+const constants = require('../../constants')
+const commandLineUsage = require('command-line-usage')
+const i18n = require('i18n')
 
 const processConfig = (argv, config) => {
-  const options = [{ name: 'clear', alias: 'c', type: Boolean }]
-
   try {
-    const configOptions = commandLineArgs(options, {
+    let configParams = parsedCLIOptions.getCommandLineArgsCustom(
       argv,
-      caseInsensitive: true,
-      camelCase: true
-    })
-    if (configOptions.clear) {
+      constants.commandLineDefinitions.configOptionDefinitions
+    )
+    if (configParams.help) {
+      console.log(configUsageGuide)
+      process.exit(0)
+    }
+    if (configParams.clear) {
       config.clear()
     } else {
       console.log(JSON.parse(JSON.stringify(config.store)))
@@ -20,6 +24,16 @@ const processConfig = (argv, config) => {
   }
 }
 
+const configUsageGuide = commandLineUsage([
+  {
+    header: i18n.__('configHeader')
+  },
+  {
+    content: [i18n.__('constantsConfigUsageContents')],
+    optionList: constants.commandLineDefinitions.configOptionDefinitions
+  }
+])
+
 module.exports = {
   processConfig: processConfig
 }

package/src/commands/scan/processScan.js

@@ -2,16 +2,9 @@ const { startScan } = require('../../scan/scanController')
 const { formatScanOutput } = require('../../scan/scan')
 const { scanUsageGuide } = require('../../scan/help')
 const scanConfig = require('../../scan/scanConfig')
-const saveResults = require('../../scan/saveResults')
-const commonApi = require('../../utils/commonApi')
-const i18n = require('i18n')
+const { saveScanFile } = require('../../utils/saveFile')
 
 const processScan = async argvMain => {
-  if (argvMain.indexOf('--help') !== -1) {
-    printHelpMessage()
-    process.exit(1)
-  }
-
   let config = scanConfig.getScanConfig(argvMain)
 
   let scanResults = await startScan(config)
@@ -22,23 +15,11 @@ const processScan = async argvMain => {
     )
   }
 
-  if (config.save) {
-    if (config.save.toLowerCase() === 'sarif') {
-      const scanId = scanResults.scanDetail.id
-      const client = commonApi.getHttpClient(config)
-      const rawResults = await client.getSpecificScanResultSarif(config, scanId)
-      saveResults.writeResultsToFile(rawResults?.body)
-    } else {
-      console.log(i18n.__('scanNoFiletypeSpecifiedForSave'))
-    }
+  if (config.save !== undefined) {
+    await saveScanFile(config, scanResults)
   }
 }
 
-const printHelpMessage = () => {
-  console.log(scanUsageGuide)
-}
-
 module.exports = {
-  processScan,
-  printHelpMessage
+  processScan
 }

package/src/common/HTTPClient.js

@@ -130,6 +130,9 @@ HTTPClient.prototype.createProjectId = function createProjectId(config) {
     name: config.name,
     archived: 'false'
   }
+  if (config.language) {
+    options.body.language = config.language
+  }
   options.url = createHarmonyProjectsUrl(config)
   return requestUtils.sendRequest({ method: 'post', options })
 }
@@ -317,6 +320,12 @@ HTTPClient.prototype.checkLibrary = function checkLibrary(data) {
   return requestUtils.sendRequest({ method: 'post', options })
 }
 
+HTTPClient.prototype.getSbom = function getSbom(config) {
+  const options = _.cloneDeep(this.requestOptions)
+  options.url = createSbomCycloneDXUrl(config)
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
 // scan
 const createGetScanIdURL = config => {
   return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/`
@@ -386,6 +395,10 @@ const createGetDependencyTree = (protocol, orgUuid, appId, reportId) => {
   return `${protocol}/Contrast/api/ng/sca/organizations/${orgUuid}/applications/${appId}/reports/${reportId}`
 }
 
+function createSbomCycloneDXUrl(config) {
+  return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/cyclonedx`
+}
+
 module.exports = HTTPClient
 module.exports.pollForAuthUrl = pollForAuthUrl
 module.exports.getServerlessHost = getServerlessHost

package/src/common/errorHandling.ts

@@ -73,6 +73,7 @@ const badRequestError = (catalogue: boolean) => {
 
 const forbiddenError = () => {
   generalError('forbiddenRequestErrorHeader', 'forbiddenRequestErrorMessage')
+  process.exit(1)
 }
 
 const proxyError = () => {
@@ -120,7 +121,7 @@ const generalError = (header: string, message?: string) => {
   console.log(finalMessage)
 }
 
-const approximateCommandOnError = (unknownOptions: string[]) => {
+const findCommandOnError = (unknownOptions: string[]) => {
   const commandKeywords = {
     auth: 'auth',
     audit: 'audit',
@@ -128,34 +129,20 @@ const approximateCommandOnError = (unknownOptions: string[]) => {
     lambda: 'lambda',
     config: 'config'
   }
-  const sortedUnknownOptions = sortBy(unknownOptions, param =>
-    param === 'auth' ||
-    param === 'audit' ||
-    param === 'scan' ||
-    param === 'lambda' ||
-    param === 'config'
-      ? 0
-      : 1
-  )
 
-  const foundCommands = sortedUnknownOptions.filter(
+  const containsCommandKeyword = unknownOptions.some(
     // @ts-ignore
     command => commandKeywords[command]
   )
 
-  const parsedUnknownOptions = sortedUnknownOptions
-    .toString()
-    .replace(/,/g, ' ')
-
-  const approximateParams = parsedUnknownOptions
-    .replace(new RegExp(foundCommands.join('|'), 'g'), '')
-    .trim()
-
-  const approximateCommand = `${foundCommands[0]} ${approximateParams}`
+  if (containsCommandKeyword) {
+    const foundCommands = unknownOptions.filter(
+      // @ts-ignore
+      command => commandKeywords[command]
+    )
 
-  return {
-    approximateCommand,
-    approximateCommandKeyword: foundCommands[0]
+    //return the first command found
+    return foundCommands[0]
   }
 }
 
@@ -171,5 +158,5 @@ export {
   getErrorMessage,
   handleResponseErrors,
   libraryAnalysisError,
-  approximateCommandOnError
+  findCommandOnError
 }

package/src/common/versionChecker.ts

@@ -0,0 +1,39 @@
+import latestVersion from 'latest-version'
+import { APP_VERSION } from '../constants/constants'
+import boxen from 'boxen'
+import chalk from 'chalk'
+import semver from 'semver'
+
+export async function findLatestCLIVersion() {
+  const latestCLIVersion = await latestVersion('@contrast/contrast')
+
+  if (semver.lt(APP_VERSION, latestCLIVersion)) {
+    const updateAvailableMessage = `Update available ${chalk.yellow(
+      APP_VERSION
+    )} → ${chalk.green(latestCLIVersion)}`
+
+    const npmUpdateAvailableCommand = `Run ${chalk.cyan(
+      'npm i @contrast/contrast -g'
+    )} to update via npm`
+
+    const homebrewUpdateAvailableCommand = `Run ${chalk.cyan(
+      'brew install contrastsecurity/tap/contrast'
+    )} to update via brew`
+
+    console.log(
+      boxen(
+        `${updateAvailableMessage}\n${npmUpdateAvailableCommand}\n\n${homebrewUpdateAvailableCommand}`,
+        {
+          titleAlignment: 'center',
+          margin: 1,
+          padding: 1,
+          align: 'center'
+        }
+      )
+    )
+  }
+}
+
+export async function isCorrectNodeVersion(currentVersion: string) {
+  return semver.satisfies(currentVersion, '>=16.13.2 <17')
+}

package/src/constants/constants.js

@@ -8,17 +8,17 @@ const GO = 'GO'
 // we set the langauge as Node instead of PHP since we're using the Node engine in TS
 const PHP = 'PHP'
 const JAVASCRIPT = 'JAVASCRIPT'
-
 const LOW = 'LOW'
 const MEDIUM = 'MEDIUM'
 const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
-
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.2'
+const APP_VERSION = '1.0.3'
 const TIMEOUT = 120000
+
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com'
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com'
+const SARIF_FILE = 'SARIF'
 
 module.exports = {
   supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
@@ -30,5 +30,6 @@ module.exports = {
   APP_NAME,
   TIMEOUT,
   AUTH_UI_URL,
-  AUTH_CALLBACK_URL
+  AUTH_CALLBACK_URL,
+  SARIF_FILE
 }