npm - @contrast/contrast - Versions diffs - 1.0.2 → 1.0.5 - Mend

@contrast/contrast 1.0.2 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

package/.prettierignore +4 -0
package/README.md +24 -16
package/dist/audit/autodetection/autoDetectLanguage.js +32 -0
package/dist/audit/catalogueApplication/catalogueApplication.js +2 -11
package/dist/audit/languageAnalysisEngine/{langugageAnalysisFactory.js → languageAnalysisFactory.js} +30 -13
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +25 -0
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +51 -237
package/dist/audit/languageAnalysisEngine/report/models/reportLibraryModel.js +19 -0
package/dist/audit/languageAnalysisEngine/report/models/reportListModel.js +24 -0
package/dist/audit/languageAnalysisEngine/report/models/reportSeverityModel.js +10 -0
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +24 -129
package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js +85 -0
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +2 -14
package/dist/commands/audit/auditConfig.js +8 -2
package/dist/commands/audit/auditController.js +14 -5
package/dist/commands/audit/saveFile.js +11 -0
package/dist/commands/auth/auth.js +19 -1
package/dist/commands/config/config.js +19 -8
package/dist/commands/scan/processScan.js +13 -27
package/dist/commands/scan/sca/scaAnalysis.js +44 -0
package/dist/common/HTTPClient.js +29 -26
package/dist/common/errorHandling.js +15 -39
package/dist/common/versionChecker.js +32 -0
package/dist/constants/constants.js +16 -2
package/dist/constants/lambda.js +3 -1
package/dist/constants/locales.js +58 -48
package/dist/constants.js +59 -3
package/dist/index.js +48 -30
package/dist/lambda/help.js +22 -14
package/dist/lambda/lambda.js +6 -0
package/dist/sbom/generateSbom.js +20 -0
package/dist/scaAnalysis/common/formatMessage.js +11 -0
package/dist/scaAnalysis/common/treeUpload.js +30 -0
package/dist/scaAnalysis/java/analysis.js +116 -0
package/dist/scaAnalysis/java/index.js +18 -0
package/dist/scaAnalysis/java/javaBuildDepsParser.js +326 -0
package/dist/scan/autoDetection.js +46 -1
package/dist/scan/fileUtils.js +73 -1
package/dist/scan/formatScanOutput.js +212 -0
package/dist/scan/help.js +6 -2
package/dist/scan/models/groupedResultsModel.js +11 -0
package/dist/scan/models/resultContentModel.js +2 -0
package/dist/scan/models/scanResultsModel.js +11 -0
package/dist/scan/populateProjectIdAndProjectName.js +1 -0
package/dist/scan/saveResults.js +9 -10
package/dist/scan/scan.js +26 -101
package/dist/scan/scanConfig.js +20 -1
package/dist/scan/scanController.js +8 -4
package/dist/scan/scanResults.js +8 -17
package/dist/utils/getConfig.js +3 -0
package/dist/utils/requestUtils.js +1 -1
package/dist/utils/saveFile.js +19 -0
package/package.json +3 -2
package/src/audit/autodetection/autoDetectLanguage.ts +40 -0
package/src/audit/catalogueApplication/catalogueApplication.js +4 -16
package/src/audit/languageAnalysisEngine/{langugageAnalysisFactory.js → languageAnalysisFactory.js} +41 -19
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +71 -0
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts +105 -0
package/src/audit/languageAnalysisEngine/report/models/reportLibraryModel.ts +30 -0
package/src/audit/languageAnalysisEngine/report/models/reportListModel.ts +32 -0
package/src/audit/languageAnalysisEngine/report/models/reportSeverityModel.ts +9 -0
package/src/audit/languageAnalysisEngine/report/reportingFeature.ts +56 -0
package/src/audit/languageAnalysisEngine/report/utils/reportUtils.ts +110 -0
package/src/audit/languageAnalysisEngine/sendSnapshot.js +2 -22
package/src/commands/audit/auditConfig.ts +12 -3
package/src/commands/audit/auditController.ts +21 -5
package/src/commands/audit/processAudit.ts +3 -1
package/src/commands/audit/saveFile.ts +6 -0
package/src/commands/auth/auth.js +25 -1
package/src/commands/config/config.js +22 -8
package/src/commands/scan/processScan.js +15 -31
package/src/commands/scan/sca/scaAnalysis.js +73 -0
package/src/common/HTTPClient.js +42 -36
package/src/common/errorHandling.ts +17 -48
package/src/common/versionChecker.ts +41 -0
package/src/constants/constants.js +17 -4
package/src/constants/lambda.js +3 -1
package/src/constants/locales.js +69 -63
package/src/constants.js +66 -3
package/src/index.ts +62 -36
package/src/lambda/help.ts +22 -14
package/src/lambda/lambda.ts +8 -0
package/src/sbom/generateSbom.ts +17 -0
package/src/scaAnalysis/common/formatMessage.js +10 -0
package/src/scaAnalysis/common/treeUpload.js +34 -0
package/src/scaAnalysis/java/analysis.js +159 -0
package/src/scaAnalysis/java/index.js +21 -0
package/src/scaAnalysis/java/javaBuildDepsParser.js +391 -0
package/src/scan/autoDetection.js +54 -1
package/src/scan/fileUtils.js +91 -1
package/src/scan/formatScanOutput.ts +241 -0
package/src/scan/help.js +6 -2
package/src/scan/models/groupedResultsModel.ts +20 -0
package/src/scan/models/resultContentModel.ts +86 -0
package/src/scan/models/scanResultsModel.ts +52 -0
package/src/scan/populateProjectIdAndProjectName.js +1 -0
package/src/scan/saveResults.js +8 -9
package/src/scan/scan.ts +62 -0
package/src/scan/scanConfig.js +26 -1
package/src/scan/scanController.js +12 -4
package/src/scan/scanResults.js +19 -17
package/src/utils/getConfig.ts +12 -0
package/src/utils/requestUtils.js +1 -1
package/src/utils/saveFile.js +19 -0
package/dist/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +0 -17
package/dist/audit/languageAnalysisEngine/report/newReportingFeature.js +0 -81
package/dist/common/findLatestCLIVersion.js +0 -23
package/src/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +0 -27
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.js +0 -303
package/src/audit/languageAnalysisEngine/report/newReportingFeature.js +0 -124
package/src/audit/languageAnalysisEngine/report/reportingFeature.js +0 -190
package/src/common/findLatestCLIVersion.ts +0 -27
package/src/scan/scan.js +0 -167

package/src/scaAnalysis/java/javaBuildDepsParser.js ADDED Viewed

@@ -0,0 +1,391 @@
+const i18n = require('i18n')
+const StringBuilder = require('string-builder')
+let sb = new StringBuilder()
+const parseBuildDeps = (config, input) => {
+  const { mvnDependancyTreeOutput, projectType } = input
+  // console.log(projectType)
+  try {
+    return parseGradle(mvnDependancyTreeOutput, config, projectType)
+  } catch (err) {
+    throw new Error(i18n.__('javaParseProjectFile') + `${err.message}`)
+  }
+}
+const preParser = shavedOutput => {
+  let obj = []
+  for (let dep in shavedOutput) {
+    obj.push(
+      shavedOutput[dep]
+        .replace('+-', '+---')
+        .replace('[INFO]', '')
+        .replace('\\-', '\\---')
+        .replace(':jar:', ':')
+        .replace(':test', '')
+        .replace(':compile', '')
+        .replace(' +', '+')
+        .replace(' |', '|')
+        .replace(' \\', '\\')
+        .replace(':runtime', '')
+    )
+  }
+  let depTree = []
+  for (let x in obj) {
+    let nodeLevel = computeRelationToLastElement(obj[x])
+    let notLastLevel =
+      obj[x].startsWith('|') ||
+      obj[x].startsWith('+') ||
+      obj[x].startsWith('\\')
+    if (notLastLevel) {
+      if (nodeLevel === 0) {
+        depTree.push(obj[x])
+      } else {
+        let level = computeLevel(nodeLevel)
+        let validatedLevel = addIndentation(nodeLevel === 2 ? 5 : level, obj[x])
+        depTree.push(validatedLevel)
+      }
+    } else {
+      let level = computeLevel(nodeLevel)
+      let validatedLevel = addIndentation(nodeLevel === 3 ? 5 : level, obj[x])
+      depTree.push(validatedLevel)
+    }
+  }
+  return depTree
+}
+const shaveOutput = (gradleDependencyTreeOutput, projectType) => {
+  let shavedOutput = gradleDependencyTreeOutput.split('\n')
+  // console.log(projectType)
+  if (projectType === 'maven') {
+    shavedOutput = preParser(shavedOutput)
+  }
+  let obj = []
+  for (let key in shavedOutput) {
+    if (shavedOutput[key].includes('project :')) {
+      //skip
+    } else if (
+      shavedOutput[key].includes('+---') ||
+      shavedOutput[key].includes('\\---')
+    ) {
+      obj.push(shavedOutput[key])
+    }
+  }
+  return obj
+}
+const computeIndentation = element => {
+  let hasPlus = element.includes('+')
+  let hasSlash = element.includes('\\')
+  if (hasPlus) {
+    return element.substring(element.indexOf('+'))
+  }
+  if (hasSlash) {
+    return element.substring(element.indexOf('\\'))
+  }
+}
+const computeLevel = nodeLevel => {
+  let num = [5, 8, 11, 14, 17, 20]
+  for (let z in num) {
+    if (num[z] === nodeLevel) {
+      let n = parseInt(z)
+      return 5 * (n + 2)
+    }
+  }
+}
+const addIndentation = (number, str) => {
+  str = computeIndentation(str)
+  sb.clear() // need to clear so each dep doesn't append to the string
+  for (let j = 0; j < number; j++) {
+    sb.append(' ')
+  }
+  sb.append(str)
+  return sb.toString()
+}
+const computeRelationToLastElement = element => {
+  let hasPlus = element.includes('+---')
+  let hasSlash = element.includes('\\---')
+  if (hasPlus) {
+    return element.split('+---')[0].length
+  }
+  if (hasSlash) {
+    return element.split('\\---')[0].length
+  }
+}
+const stripElement = element => {
+  return element
+    .replace(/[|]/g, '')
+    .replace('+---', '')
+    .replace('\\---', '')
+    .replace(/[' ']/g, '')
+    .replace('(c)', '')
+    .replace('->', '@')
+    .replace('(*)', '')
+}
+const checkVersion = element => {
+  let version = element.split(':')
+  return version[version.length - 1]
+}
+const createElement = (element, isRoot) => {
+  let tree
+  let cleanElement = stripElement(element)
+  let splitGroupName = cleanElement.split(':')
+  let validateVersion = false
+  if (!element.includes('->')) {
+    validateVersion = true
+  }
+  tree = {
+    artifactID: splitGroupName[1],
+    group: splitGroupName[0],
+    version: validateVersion
+      ? checkVersion(cleanElement)
+      : splitGroupName[splitGroupName.length - 1],
+    scope: 'compile',
+    type: isRoot ? 'direct' : 'transitive',
+    edges: {}
+  }
+  return tree
+}
+const getElementHeader = element => {
+  let elementHeader = stripElement(element)
+  elementHeader = elementHeader.replace(':', '/')
+  elementHeader = elementHeader.replace(':', '@')
+  return elementHeader
+}
+const buildElement = (element, rootElement, parentOfCurrent, tree, isRoot) => {
+  let childElement = createElement(element, isRoot)
+  let elementHeader = getElementHeader(element)
+  let levelsArray = [rootElement, parentOfCurrent]
+  const treeNode = getNestedObject(tree, levelsArray)
+  const rootNode = getNestedObject(tree, [rootElement])
+  // eslint-disable-next-line
+  if (!rootNode.hasOwnProperty(elementHeader)) {
+    tree[rootElement][elementHeader] = childElement
+  }
+  treeNode.edges[elementHeader] = elementHeader
+}
+const hasChildren = (nextNodeLevel, nodeLevel) => {
+  if (nextNodeLevel > nodeLevel) {
+    return true
+  }
+}
+const lastChild = (nextNodeLevel, nodeLevel) => {
+  if (nextNodeLevel < nodeLevel) {
+    return true
+  }
+}
+const calculateLevels = (nextNodeLevel, nodeLevel) => {
+  return (nodeLevel - nextNodeLevel) / 5
+}
+const buildTree = shavedOutput => {
+  let tree = {}
+  let rootElement
+  let levelNodes = []
+  shavedOutput.forEach((element, index) => {
+    if (index === 0) {
+      // console.log(element, index)
+      let cleanElement = stripElement(element)
+      let elementHeader = getElementHeader(cleanElement)
+      let splitElement = element.split(' ')
+      let splitGroupName = splitElement[1].split(':')
+      let validateVersion = false
+      if (!element.includes('->')) {
+        validateVersion = true
+      }
+      tree[splitGroupName[0]] = {}
+      tree[splitGroupName[0]][elementHeader] = {
+        artifactID: splitGroupName[1],
+        group: splitGroupName[0],
+        version: validateVersion
+          ? checkVersion(cleanElement)
+          : splitElement[splitElement.length - 1],
+        scope: 'compile',
+        type: 'direct',
+        edges: {}
+      }
+      rootElement = splitGroupName[0]
+      levelNodes.push(elementHeader)
+    }
+    if (shavedOutput.length - 1 === index) {
+      // console.log(element, index)
+      const parentOfCurrent = levelNodes[levelNodes.length - 1]
+      let nodeLevel = computeRelationToLastElement(element)
+      let validateVersion = false
+      if (!element.includes('->')) {
+        validateVersion = true
+      }
+      if (nodeLevel === 0) {
+        let cleanElement = stripElement(element)
+        let elementHeader = getElementHeader(cleanElement)
+        let splitElement = element.split(' ')
+        let splitGroupName = splitElement[1].split(':')
+        tree[rootElement][elementHeader] = {
+          artifactID: splitGroupName[1],
+          group: splitGroupName[0],
+          version: validateVersion
+            ? checkVersion(cleanElement)
+            : splitElement[splitElement.length - 1],
+          scope: 'compile',
+          type: 'direct',
+          edges: {}
+        }
+      } else {
+        buildElement(element, rootElement, parentOfCurrent, tree)
+      }
+    }
+    if (index >= 1 && index < shavedOutput.length - 1) {
+      let nodeLevel = computeRelationToLastElement(element)
+      let nextNodeLevel = computeRelationToLastElement(shavedOutput[index + 1])
+      const parentOfCurrent = levelNodes[levelNodes.length - 1]
+      let isRoot = false
+      if (nodeLevel === 0) {
+        isRoot = true
+      }
+      // useful for debugging
+      // console.log(
+      //   element,
+      //   index,
+      //   'nodeLevel:',
+      //   nodeLevel,
+      //   'nextNodeLevel:',
+      //   nextNodeLevel,
+      //   'parentofCurrent:',
+      //   parentOfCurrent
+      // )
+      if (isRoot) {
+        let cleanElement = stripElement(element)
+        let elementHeader = getElementHeader(cleanElement)
+        let splitElement = element.split(' ')
+        let splitGroupName = splitElement[1].split(':')
+        let validateVersion = false
+        if (!element.includes('->')) {
+          validateVersion = true
+        }
+        tree[rootElement][elementHeader] = {
+          artifactID: splitGroupName[1],
+          group: splitGroupName[0],
+          version: validateVersion
+            ? checkVersion(cleanElement)
+            : splitElement[splitElement.length - 1],
+          scope: 'compile',
+          type: 'direct',
+          edges: {}
+        }
+        levelNodes.push(elementHeader)
+        return
+      }
+      let elementHeader = getElementHeader(element)
+      buildElement(element, rootElement, parentOfCurrent, tree, isRoot)
+      if (hasChildren(nextNodeLevel, nodeLevel)) {
+        buildElement(element, rootElement, parentOfCurrent, tree, isRoot)
+        levelNodes.push(elementHeader)
+      }
+      if (lastChild(nextNodeLevel, nodeLevel)) {
+        let levelDifference = calculateLevels(nextNodeLevel, nodeLevel)
+        if (levelDifference === 0) {
+          levelNodes.pop()
+        } else {
+          let i
+          for (i = 0; i < levelDifference; i++) {
+            levelNodes.pop()
+          }
+        }
+      }
+    }
+  })
+  return tree
+}
+const getNestedObject = (nestedObj, pathArr) => {
+  return pathArr.reduce(
+    (obj, key) => (obj && obj[key] !== 'undefined' ? obj[key] : undefined),
+    nestedObj
+  )
+}
+// emit any "+--- project :" within the tree
+const parseSubProject = shavedOutput => {
+  let obj = []
+  for (let key in shavedOutput) {
+    if (!shavedOutput[key].includes('project')) {
+      obj.push(shavedOutput[key])
+    }
+  }
+  return obj
+}
+const validateIndentation = shavedOutput => {
+  let validatedTree = []
+  shavedOutput.forEach((element, index) => {
+    let nextNodeLevel
+    let nodeLevel = computeRelationToLastElement(element)
+    if (shavedOutput[index + 1] !== undefined) {
+      nextNodeLevel = computeRelationToLastElement(shavedOutput[index + 1])
+    }
+    if (index === 0) {
+      validatedTree.push(shavedOutput[index])
+      validatedTree.push(shavedOutput[index + 1])
+    } else if (nextNodeLevel > nodeLevel + 5) {
+      return
+    } else {
+      validatedTree.push(shavedOutput[index + 1])
+    }
+  })
+  validatedTree.pop()
+  return validatedTree
+}
+const parseGradle = (gradleDependencyTreeOutput, config, projectType) => {
+  let shavedOutput = shaveOutput(gradleDependencyTreeOutput, projectType)
+  if (config.subProject) {
+    let subProject = parseSubProject(shavedOutput)
+    let validatedOutput = validateIndentation(subProject)
+    return buildTree(validatedOutput)
+  } else {
+    let validatedOutput = validateIndentation(shavedOutput)
+    return buildTree(validatedOutput)
+  }
+}
+module.exports = {
+  parseBuildDeps
+}

package/src/scan/autoDetection.js CHANGED Viewed

@@ -1,5 +1,7 @@
 const i18n = require('i18n')
 const fileFinder = require('./fileUtils')
+const languageResolver = require('../audit/languageAnalysisEngine/reduceIdentifiedLanguages')
+const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames')
 const autoDetectFileAndLanguage = async configToUse => {
   const entries = await fileFinder.findFile()
@@ -21,6 +23,39 @@ const autoDetectFileAndLanguage = async configToUse => {
   }
 }
+const autoDetectAuditFilesAndLanguages = async () => {
+  let languagesFound = []
+  console.log(i18n.__('searchingAuditFileDirectory', process.cwd()))
+  await fileFinder.findFilesJava(languagesFound)
+  await fileFinder.findFilesJavascript(languagesFound)
+  await fileFinder.findFilesPython(languagesFound)
+  await fileFinder.findFilesGo(languagesFound)
+  await fileFinder.findFilesPhp(languagesFound)
+  await fileFinder.findFilesRuby(languagesFound)
+  if (languagesFound.length === 1) {
+    return languagesFound
+  } else {
+    console.log(
+      'found multiple languages, please specify one using --file to run SCA analysis'
+    )
+  }
+}
+const manualDetectAuditFilesAndLanguages = async projectPath => {
+  let projectRootFilenames = await rootFile.getProjectRootFilenames(projectPath)
+  let identifiedLanguages = languageResolver.deduceLanguageScaAnalysis(
+    projectRootFilenames
+  )
+  if (Object.keys(identifiedLanguages).length === 0) {
+    console.log(i18n.__('languageAnalysisNoLanguage', projectPath))
+    return []
+  }
+  return [identifiedLanguages]
+}
 const hasWhiteSpace = s => {
   const filename = s.split('/').pop()
   return filename.indexOf(' ') >= 0
@@ -42,7 +77,25 @@ const errorOnFileDetection = entries => {
   process.exit(1)
 }
+const errorOnAuditFileDetection = entries => {
+  if (entries.length > 1) {
+    console.log(i18n.__('searchingDirectoryScan'))
+    for (let file in entries) {
+      console.log('-', entries[file])
+    }
+    console.log('')
+    console.log(i18n.__('specifyFileAuditNotFound'))
+  } else {
+    console.log(i18n.__('noFileFoundScan'))
+    console.log('')
+    console.log(i18n.__('specifyFileAuditNotFound'))
+  }
+}
 module.exports = {
   autoDetectFileAndLanguage,
-  errorOnFileDetection
+  errorOnFileDetection,
+  autoDetectAuditFilesAndLanguages,
+  errorOnAuditFileDetection,
+  manualDetectAuditFilesAndLanguages
 }

package/src/scan/fileUtils.js CHANGED Viewed

@@ -11,6 +11,90 @@ const findFile = async () => {
   })
 }
+const findFilesJava = async languagesFound => {
+  const result = await fg(
+    ['**/pom.xml', '**/build.gradle', '**/build.gradle.kts'],
+    {
+      dot: false,
+      deep: 1,
+      onlyFiles: true
+    }
+  )
+  if (result.length > 0) {
+    return languagesFound.push({ java: result })
+  }
+  return languagesFound
+}
+const findFilesJavascript = async languagesFound => {
+  const result = await fg(
+    ['**/package.json', '**/yarn.lock', '**/package.lock.json'],
+    {
+      dot: false,
+      deep: 1,
+      onlyFiles: true
+    }
+  )
+  if (result.length > 0) {
+    return languagesFound.push({ javascript: result })
+  }
+  return languagesFound
+}
+const findFilesPython = async languagesFound => {
+  const result = await fg(['**/Pipfile.lock', '**/Pipfile'], {
+    dot: false,
+    deep: 3,
+    onlyFiles: true
+  })
+  if (result.length > 0) {
+    return languagesFound.push({ python: result })
+  }
+  return languagesFound
+}
+const findFilesGo = async languagesFound => {
+  const result = await fg(['**/go.mod'], {
+    dot: false,
+    deep: 3,
+    onlyFiles: true
+  })
+  if (result.length > 0) {
+    return languagesFound.push({ go: result })
+  }
+  return languagesFound
+}
+const findFilesRuby = async languagesFound => {
+  const result = await fg(['**/Gemfile', '**/Gemfile.lock'], {
+    dot: false,
+    deep: 3,
+    onlyFiles: true
+  })
+  if (result.length > 0) {
+    return languagesFound.push({ ruby: result })
+  }
+  return languagesFound
+}
+const findFilesPhp = async languagesFound => {
+  const result = await fg(['**/composer.json', '**/composer.lock'], {
+    dot: false,
+    deep: 3,
+    onlyFiles: true
+  })
+  if (result.length > 0) {
+    return languagesFound.push({ php: result })
+  }
+  return languagesFound
+}
 const checkFilePermissions = file => {
   let readableFile = false
   try {
@@ -29,5 +113,11 @@ const fileExists = path => {
 module.exports = {
   findFile,
   fileExists,
-  checkFilePermissions
+  checkFilePermissions,
+  findFilesJava,
+  findFilesJavascript,
+  findFilesPython,
+  findFilesGo,
+  findFilesPhp,
+  findFilesRuby
 }