@contrast/contrast 1.0.2 → 1.0.5

package/src/audit/languageAnalysisEngine/report/reportingFeature.js

@@ -1,190 +0,0 @@
-const i18n = require('i18n')
-const commonApi = require('../commonApi')
-const commonReport = require('./commonReportingFunctions')
-
-function displaySuccessMessageVulnerabilities() {
-  console.log(i18n.__('vulnerabilitiesSuccessMessage'))
-}
-
-const vulnerabilityReport = async (analysis, applicationId, config) => {
-  let depRiskReportCount = {}
-  if (analysis.language === 'NODE') {
-    depRiskReportCount = await commonReport.dependencyRiskReport(
-      analysis.node.packageJSON,
-      config
-    )
-  }
-  if (config['report']) {
-    const reportResponse = await commonReport.getReport(applicationId)
-    if (reportResponse !== undefined) {
-      const libraryVulnerabilityInput = createLibraryVulnerabilityInput(
-        reportResponse.reports
-      )
-      const libraryVulnerabilityResponse = await getLibraryVulnerabilities(
-        libraryVulnerabilityInput,
-        applicationId
-      )
-
-      const severity = config['cve_severity']
-      const id = applicationId
-      const name = config.applicationName
-      const hasSomeVulnerabilitiesReported = formatVulnerabilityOutput(
-        libraryVulnerabilityResponse,
-        severity,
-        id,
-        name,
-        depRiskReportCount,
-        config
-      )
-      commonReport.analyseReportOptions(hasSomeVulnerabilitiesReported)
-    }
-  }
-}
-
-const createLibraryVulnerabilityInput = report => {
-  const language = Object.keys(report[0].report)[0]
-  const reportTree = report[0].report[language].dependencyTree
-  const libraries = reportTree[Object.keys(reportTree)[0]]
-
-  let gav = []
-  // eslint-disable-next-line
-  for (const key of Object.keys(libraries)) {
-    gav.push({
-      name: libraries[key].name,
-      group: libraries[key].group,
-      version: libraries[key].resolved
-    })
-  }
-
-  return {
-    name_group_versions: gav,
-    language: language.toUpperCase()
-  }
-}
-
-const oldCountSeverity = vulnerableLibraries => {
-  const severityCount = {
-    critical: 0,
-    high: 0,
-    medium: 0,
-    low: 0
-  }
-
-  vulnerableLibraries.forEach(lib => {
-    lib.vulns.forEach(vuln => {
-      if (vuln.severity_code === 'HIGH') {
-        severityCount['high'] += 1
-      } else if (vuln.severity_code === 'MEDIUM') {
-        severityCount['medium'] += 1
-      } else if (vuln.severity_code === 'LOW') {
-        severityCount['low'] += 1
-      } else if (vuln.severity_code === 'CRITICAL') {
-        severityCount['critical'] += 1
-      }
-    })
-  })
-  return severityCount
-}
-
-const parseVulnerabilites = libraryVulnerabilityResponse => {
-  let parsedVulnerabilites = {}
-  let vulnName = libraryVulnerabilityResponse.libraries
-  for (let x in vulnName) {
-    let vuln = vulnName[x].vulns
-    if (vuln.length > 0) {
-      let libname =
-        vulnName[x].group +
-        '/' +
-        vulnName[x].file_name +
-        '@' +
-        vulnName[x].file_version
-      parsedVulnerabilites[libname] = vulnName[x].vulns
-    }
-  }
-  return parsedVulnerabilites
-}
-
-const formatVulnerabilityOutput = (
-  libraryVulnerabilityResponse,
-  severity,
-  id,
-  name,
-  depRiskReportCount,
-  config
-) => {
-  let vulnerableLibraries = libraryVulnerabilityResponse.libraries.filter(
-    data => {
-      return data.vulns.length > 0
-    }
-  )
-
-  const numberOfVulnerableLibraries = vulnerableLibraries.length
-  let numberOfCves = 0
-  vulnerableLibraries.forEach(lib => (numberOfCves += lib.vulns.length))
-  commonReport.createLibraryHeader(
-    id,
-    numberOfVulnerableLibraries,
-    numberOfCves,
-    name
-  )
-
-  const severityCount = oldCountSeverity(vulnerableLibraries)
-
-  // parse so filter code will work for both new (ignore dev dep) and current report
-  let vulnerabilities = parseVulnerabilites(libraryVulnerabilityResponse)
-  let filteredVulns = commonReport.filterVulnerabilitiesBySeverity(
-    severity,
-    vulnerabilities
-  )
-  let hasSomeVulnerabilitiesReported
-  hasSomeVulnerabilitiesReported = commonReport.printVulnerabilityResponse(
-    severity,
-    filteredVulns,
-    vulnerabilities
-  )
-
-  console.log(
-    '\n **************************' +
-      ` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's ` +
-      '************************** '
-  )
-
-  if (depRiskReportCount && depRiskReportCount.scopedCount === 0) {
-    console.log(' No private libraries that are not scoped detected')
-  }
-
-  console.log(
-    ' \n Please go to the Contrast UI to view your dependency tree: \n' +
-      ` \n ${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`
-  )
-  return [hasSomeVulnerabilitiesReported, numberOfCves, severityCount]
-}
-
-const getLibraryVulnerabilities = async (input, applicationId) => {
-  const requestBody = input
-  const addParams = agent.getAdditionalParams()
-  const userParams = await util.getParams(applicationId)
-  const protocol = getValidHost(userParams.host)
-  const client = commonApi.getHttpClient(userParams, protocol, addParams)
-
-  return client
-    .getLibraryVulnerabilities(requestBody, userParams)
-    .then(res => {
-      if (res.statusCode === 200) {
-        displaySuccessMessageVulnerabilities()
-        return res.body
-      } else {
-        handleResponseErrors(res, 'vulnerabilities')
-      }
-    })
-    .catch(err => {
-      console.log(err)
-    })
-}
-
-module.exports = {
-  vulnerabilityReport: vulnerabilityReport,
-  getLibraryVulnerabilities: getLibraryVulnerabilities,
-  formatVulnerabilityOutput: formatVulnerabilityOutput,
-  createLibraryVulnerabilityInput: createLibraryVulnerabilityInput
-}

package/src/common/findLatestCLIVersion.ts

@@ -1,27 +0,0 @@
-import latestVersion from 'latest-version'
-import { APP_VERSION } from '../constants/constants'
-import boxen from 'boxen'
-import chalk from 'chalk'
-import semver from 'semver'
-
-export default async function findLatestCLIVersion() {
-  const latestCLIVersion = await latestVersion('@contrast/contrast')
-
-  if (semver.lt(APP_VERSION, latestCLIVersion)) {
-    const updateAvailableMessage = `Update available ${chalk.yellow(
-      APP_VERSION
-    )} → ${chalk.green(latestCLIVersion)}`
-
-    const updateAvailableCommand = `Run ${chalk.cyan(
-      'npm i @contrast/contrast'
-    )} to update`
-
-    console.log(
-      boxen(`${updateAvailableMessage}\n${updateAvailableCommand}`, {
-        margin: 1,
-        padding: 1,
-        align: 'center'
-      })
-    )
-  }
-}

package/src/scan/scan.js

@@ -1,167 +0,0 @@
-const commonApi = require('../utils/commonApi.js')
-const fileUtils = require('../scan/fileUtils')
-const allowedFileTypes = ['.jar', '.war', '.js', '.zip', '.exe']
-const i18n = require('i18n')
-const oraWrapper = require('../utils/oraWrapper')
-const chalk = require('chalk')
-
-const isFileAllowed = scanOption => {
-  let valid = false
-  allowedFileTypes.forEach(fileType => {
-    if (scanOption.endsWith(fileType)) {
-      valid = true
-    }
-  })
-  return valid
-}
-
-const stripMustacheTags = oldString => {
-  return oldString
-    .replace(/\n/g, ' ')
-    .replace(/{{.*?}}/g, '\n')
-    .replace(/\$\$LINK_DELIM\$\$/g, '\n')
-    .replace(/\s+/g, ' ')
-    .trim()
-}
-
-const sendScan = async config => {
-  if (!isFileAllowed(config.file)) {
-    console.log(i18n.__('scanErrorFileMessage'))
-    process.exit(9)
-  } else {
-    fileUtils.checkFilePermissions(config.file)
-    const client = commonApi.getHttpClient(config)
-
-    const startUploadSpinner = oraWrapper.returnOra(i18n.__('uploadingScan'))
-    oraWrapper.startSpinner(startUploadSpinner)
-
-    return await client
-      .sendArtifact(config)
-      .then(res => {
-        if (res.statusCode === 201) {
-          oraWrapper.succeedSpinner(
-            startUploadSpinner,
-            i18n.__('uploadingScanSuccessful')
-          )
-          if (config.verbose) {
-            console.log(i18n.__('responseMessage', res.body))
-          }
-          return res.body.id
-        } else {
-          if (config.debug) {
-            console.log(res.statusCode)
-            console.log(config)
-          }
-          oraWrapper.failSpinner(
-            startUploadSpinner,
-            i18n.__('uploadingScanFail')
-          )
-          if (res.statusCode === 403) {
-            console.log(i18n.__('permissionsError'))
-          }
-          console.log(i18n.__('genericServiceError', res.statusCode))
-          process.exit(1)
-        }
-      })
-      .catch(err => {
-        console.log(err)
-      })
-  }
-}
-
-const formatScanOutput = (overview, results) => {
-  console.log()
-
-  if (results.content.length === 0) {
-    console.log(i18n.__('scanNoVulnerabilitiesFound'))
-  } else {
-    let message =
-      overview.critical || overview.high
-        ? 'Here are your top priorities to fix'
-        : "No major issues, here's what we found"
-    console.log(chalk.bold(message))
-    console.log()
-
-    const groups = getGroups(results.content)
-    groups.forEach(entry => {
-      console.log(
-        chalk.bold(
-          `${entry.severity} | ${entry.ruleId} (${entry.lineInfoSet.size})`
-        )
-      )
-      let count = 1
-      entry.lineInfoSet.forEach(lineInfo => {
-        console.log(`\t ${count}. ${lineInfo}`)
-        count++
-      })
-      console.log(chalk.bold('How to fix:'))
-      console.log(entry.recommendation)
-      console.log()
-    })
-
-    const totalVulnerabilities =
-      overview.critical +
-      overview.high +
-      overview.medium +
-      overview.low +
-      overview.note
-
-    console.log(chalk.bold(`Found ${totalVulnerabilities} vulnerabilities`))
-    console.log(
-      i18n.__(
-        'foundDetailedVulnerabilities',
-        overview.critical,
-        overview.high,
-        overview.medium,
-        overview.low,
-        overview.note
-      )
-    )
-  }
-}
-
-const getGroups = content => {
-  const groupTypeSet = new Set(content.map(({ ruleId }) => ruleId))
-  let groupTypeResults = []
-  groupTypeSet.forEach(groupName => {
-    let groupResultsObj = {
-      ruleId: groupName,
-      lineInfoSet: new Set(),
-      recommendation: '',
-      severity: ''
-    }
-    content.forEach(resultEntry => {
-      if (resultEntry.ruleId === groupName) {
-        groupResultsObj.severity = resultEntry.severity
-        groupResultsObj.recommendation = resultEntry.recommendation
-          ? stripMustacheTags(resultEntry.recommendation)
-          : 'No Recommendations Data Found'
-        groupResultsObj.lineInfoSet.add(formattedCodeLine(resultEntry))
-      }
-    })
-    groupTypeResults.push(groupResultsObj)
-  })
-  return groupTypeResults
-}
-
-const formattedCodeLine = resultEntry => {
-  let lineUri = resultEntry.locations[0]?.physicalLocation.artifactLocation.uri
-  return lineUri + ' @ ' + setLineNumber(resultEntry)
-}
-
-const setLineNumber = resultEntry => {
-  return resultEntry.codeFlows?.[0]?.threadFlows[0]?.locations[0]?.location
-    ?.physicalLocation?.region?.startLine
-    ? resultEntry.codeFlows[0]?.threadFlows[0]?.locations[0]?.location
-        ?.physicalLocation?.region?.startLine
-    : resultEntry.locations[0]?.physicalLocation?.region?.startLine
-}
-
-module.exports = {
-  sendScan: sendScan,
-  getGroups: getGroups,
-  allowedFileTypes: allowedFileTypes,
-  isFileAllowed: isFileAllowed,
-  stripMustacheTags: stripMustacheTags,
-  formatScanOutput: formatScanOutput
-}