npm - @contrast/contrast - Versions diffs - 1.0.23 → 2.0.0 - Mend

@contrast/contrast 1.0.23 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

package/README.md +21 -138
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +2 -19
package/dist/audit/save.js +6 -1
package/dist/cliConstants.js +29 -0
package/dist/commands/audit/auditController.js +2 -1
package/dist/commands/audit/help.js +3 -2
package/dist/commands/audit/processAudit.js +2 -0
package/dist/commands/audit/saveFile.js +5 -1
package/dist/commands/github/projectGroup.js +164 -0
package/dist/common/HTTPClient.js +165 -13
package/dist/constants/constants.js +3 -5
package/dist/constants/locales.js +7 -3
package/dist/index.js +0 -4
package/dist/lambda/lambda.js +3 -1
package/dist/scaAnalysis/common/commonReportingFunctionsSca.js +3 -3
package/dist/scaAnalysis/common/scaServicesUpload.js +77 -7
package/dist/scaAnalysis/common/treeUpload.js +19 -5
package/dist/scaAnalysis/go/goAnalysis.js +6 -1
package/dist/scaAnalysis/java/index.js +6 -1
package/dist/scaAnalysis/javascript/index.js +5 -2
package/dist/scaAnalysis/legacy/legacyFlow.js +33 -0
package/dist/scaAnalysis/php/index.js +8 -2
package/dist/scaAnalysis/processServicesFlow.js +21 -0
package/dist/scaAnalysis/python/analysis.js +10 -4
package/dist/scaAnalysis/python/index.js +6 -1
package/dist/scaAnalysis/repoMode/index.js +2 -2
package/dist/scaAnalysis/ruby/analysis.js +10 -1
package/dist/scaAnalysis/ruby/index.js +6 -1
package/dist/scaAnalysis/scaAnalysis.js +47 -25
package/dist/scan/autoDetection.js +41 -2
package/dist/scan/fileUtils.js +5 -4
package/dist/utils/commonApi.js +26 -1
package/dist/utils/settingsHelper.js +14 -0
package/package.json +8 -5
package/src/audit/languageAnalysisEngine/sendSnapshot.js +3 -22
package/src/audit/save.js +10 -1
package/src/cliConstants.js +32 -0
package/src/commands/audit/auditController.js +2 -1
package/src/commands/audit/help.js +3 -2
package/src/commands/audit/processAudit.js +2 -0
package/src/commands/audit/saveFile.js +6 -1
package/src/commands/github/projectGroup.js +187 -0
package/src/common/HTTPClient.js +221 -13
package/src/constants/constants.js +3 -5
package/src/constants/locales.js +9 -3
package/src/index.ts +0 -5
package/src/lambda/lambda.ts +3 -1
package/src/lambda/lambdaUtils.ts +1 -1
package/src/scaAnalysis/common/commonReportingFunctionsSca.js +3 -3
package/src/scaAnalysis/common/scaServicesUpload.js +92 -7
package/src/scaAnalysis/common/treeUpload.js +20 -5
package/src/scaAnalysis/go/goAnalysis.js +6 -1
package/src/scaAnalysis/java/index.js +6 -1
package/src/scaAnalysis/javascript/index.js +6 -4
package/src/scaAnalysis/legacy/legacyFlow.js +48 -0
package/src/scaAnalysis/php/index.js +8 -2
package/src/scaAnalysis/processServicesFlow.js +29 -0
package/src/scaAnalysis/python/analysis.js +10 -4
package/src/scaAnalysis/python/index.js +6 -1
package/src/scaAnalysis/repoMode/index.js +2 -2
package/src/scaAnalysis/ruby/analysis.js +11 -1
package/src/scaAnalysis/ruby/index.js +6 -1
package/src/scaAnalysis/scaAnalysis.js +61 -37
package/src/scan/autoDetection.js +44 -3
package/src/scan/fileUtils.js +5 -4
package/src/utils/commonApi.js +29 -1
package/src/utils/settingsHelper.js +16 -0
package/dist/commands/fingerprint/processFingerprint.js +0 -14
package/src/commands/fingerprint/processFingerprint.js +0 -21
/package/dist/commands/{fingerprint → github}/fingerprintConfig.js +0 -0
/package/src/commands/{fingerprint → github}/fingerprintConfig.js +0 -0

package/dist/common/HTTPClient.js CHANGED Viewed

@@ -171,6 +171,18 @@ HTTPClient.prototype.scaServiceIngest = function scaServiceIngest(requestBody, c
     let url = createScaServiceIngestURL(config);
     options.url = url;
     options.body = requestBody;
+    if (config.debug || config.verbose) {
+        console.log('scaServiceIngest');
+        console.log('url', options.url);
+        console.log('body', options.body);
+    }
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+HTTPClient.prototype.noProjectIdUpload = function scaServiceIngest(requestBody, config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createScaServiceNoProjectIdURL(config);
+    options.url = url;
+    options.body = requestBody;
     return requestUtils.sendRequest({ method: 'post', options });
 };
 HTTPClient.prototype.scaServiceReport = function scaServiceReport(config, reportId) {
@@ -179,18 +191,31 @@ HTTPClient.prototype.scaServiceReport = function scaServiceReport(config, report
     options.url = url;
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.scaServiceReportStatus = function scaServiceReport(config, reportId) {
+HTTPClient.prototype.scaServiceReportNoProjectId = function scaServiceReport(config, reportId) {
     const options = _.cloneDeep(this.requestOptions);
-    let url = createScaServiceReportStatusURL(config, reportId);
-    options.url = url;
+    options.url = createScaServiceReportNoProjectIdURL(config, reportId);
+    if (config.debug || config.verbose) {
+        console.log('createScaServiceReportNoProjectIdURL', options.url);
+    }
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.scaServiceIngests = function scaServiceIngests(config) {
+HTTPClient.prototype.scaServiceReportStatus = function scaServiceReport(config, reportId) {
     const options = _.cloneDeep(this.requestOptions);
-    let url = createScaServiceIngestsURL(config);
-    options.url = url;
+    options.url = createScaServiceReportStatusURL(config, reportId);
+    if (config.debug || config.verbose) {
+        console.log('createScaServiceReportStatusURL', options.url);
+    }
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.scaServiceNoProjectIdReportStatus =
+    function scaServiceReport(config, reportId) {
+        const options = _.cloneDeep(this.requestOptions);
+        options.url = createScaServiceReportStatusURL(config, reportId);
+        if (config.debug || config.verbose) {
+            console.log('createScaServiceReportStatusURL', options.url);
+        }
+        return requestUtils.sendRequest({ method: 'get', options });
+    };
 HTTPClient.prototype.scaServiceHealth = function scaServiceIngests(config) {
     const options = _.cloneDeep(this.requestOptions);
     let url = createScaServiceHealthURL(config);
@@ -225,6 +250,80 @@ HTTPClient.prototype.getAppId = function getAppId(config) {
     options.url = url;
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.registerRepo = function registerRepo(config, requestBody) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createRepositoryUrl(config);
+    options.url = url;
+    options.body = requestBody;
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+HTTPClient.prototype.registerProjectGroup = function (config, requestBody) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = registerProjectGroupUrl(config);
+    options.url = url;
+    options.body = requestBody;
+    if (config.debug || config.verbose) {
+        console.log('registerProjectGroup');
+        console.log('url', options.url);
+        console.log('body', options.body);
+    }
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+HTTPClient.prototype.registerProject = function (config, projectGroupId) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = registerProjectUrl(config, projectGroupId);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.retrieveSourcesViaRepositoryId = function (config, repositoryId) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = retrieveSourcesUrl(config, repositoryId);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.retrieveRepoByOrgAndGitURL = function (config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = retrieveRepoByOrgAndGitURL(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.registerOnCliServices = function (config, project) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = retrieveRegisterOnCliServicesUrl(config);
+    options.url = url;
+    options.body = project;
+    if (config.debug || config.verbose) {
+        console.log('registerOnCliServices');
+        console.log('url', options.url);
+        console.log('body', options.body);
+    }
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+HTTPClient.prototype.retrieveProjectByOrganizationId = function registerRepo(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = retrieveProjectByOrganizationIdUrl(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.retrieveExistingProjectGroupsByOrg = function registerRepo(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = retrieveExistingGroupProjectsByOrgUrl(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.retrieveExistingProjectIdByProjectGroupId =
+    function registerRepo(config, projectGroupId) {
+        const options = _.cloneDeep(this.requestOptions);
+        let url = retrieveExistingGroupProjectsByGroupIdUrl(config, projectGroupId);
+        options.url = url;
+        return requestUtils.sendRequest({ method: 'get', options });
+    };
+HTTPClient.prototype.retrieveExistingRepo = function registerRepo(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = retrieveExistingRepoUrl(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
 function getServerlessHost(config = {}) {
     const originalHost = config?.host || config?.get('host');
     const host = originalHost?.endsWith('/')
@@ -338,22 +437,37 @@ function createSnapshotURL(config) {
     return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots`;
 }
 function createScaServiceReportURL(config, reportId) {
-    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/reports/${reportId}`;
+    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/projects/${config.projectId}/libraries/reports/${reportId}`;
+    baseUrl = config.ignoreDev ? baseUrl.concat('?nodesToInclude=PROD') : baseUrl;
+    return baseUrl;
+}
+function createScaServiceReportNoProjectIdURL(config, reportId) {
+    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/reports/${reportId}`;
     baseUrl = config.ignoreDev ? baseUrl.concat('?nodesToInclude=PROD') : baseUrl;
     return baseUrl;
 }
 function createScaServiceReportStatusURL(config, reportId) {
-    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests/${reportId}/status`;
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/${reportId}/status`;
 }
-function createScaServiceIngestsURL(config) {
-    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests`;
+function createScaServiceNoProjectIdURL(config) {
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/tree${config.repo ? '?incomplete=true' : ''}`;
 }
 function createScaServiceHealthURL(config) {
     return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/health`;
 }
 function createScaServiceIngestURL(config) {
-    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests/tree`;
-    baseUrl = config.track ? baseUrl.concat('?persist=true') : baseUrl;
+    let optionalParams = [];
+    config.repo ? optionalParams.push('incomplete=true') : null;
+    config.track ? optionalParams.push('persist=true') : null;
+    let params = '?';
+    optionalParams.forEach(param => {
+        params = params.concat(param);
+        params = params.concat('&');
+    });
+    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/projects/${config.projectId}/libraries/ingests/tree${params}`;
+    if (config.debug) {
+        console.log('createScaServiceIngestURL', baseUrl);
+    }
     return baseUrl;
 }
 const createAppCreateURL = config => {
@@ -362,6 +476,42 @@ const createAppCreateURL = config => {
 const createAppNameUrl = config => {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/name?filterText=${config.applicationName}`;
 };
+const registerProjectGroupUrl = config => {
+    return `${config.host}/api/v4/organizations/${config.organizationId}/project-groups`;
+};
+const registerProjectUrl = (config, projectGroupId) => {
+    return `${config.host}/api/v4/organizations/${config.organizationId}/project-groups/${projectGroupId}/projects`;
+};
+const retrieveRegisterOnCliServicesUrl = config => {
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/projects`;
+};
+const retrieveSourcesUrl = (config, repositoryId) => {
+    return `${config.host}/projects/v1/repositories/${repositoryId}/sources`;
+};
+const retrieveRepoByOrgAndGitURL = config => {
+    return `${config.host}/api/v4/organizations/${config.organizationId}/repository`;
+};
+const retrieveProjectByOrganizationIdUrl = config => {
+    let baseUrl = `${config.host}/api/v4/organizations/${config.organizationId}/projects`;
+    baseUrl = config.name ? baseUrl.concat(`?name=${config.name}`) : baseUrl;
+    baseUrl = config.language
+        ? baseUrl.concat(`&language=${config.language}`)
+        : baseUrl;
+    baseUrl = config.language ? baseUrl.concat(`&source=SCA`) : baseUrl;
+    return baseUrl;
+};
+const retrieveExistingGroupProjectsByOrgUrl = config => {
+    return `${config.host}/api/v4/organizations/${config.organizationId}/project-groups`;
+};
+const retrieveExistingGroupProjectsByGroupIdUrl = (config, projectGroupId) => {
+    return `${config.host}/api/v4/organizations/${config.organizationId}/projects/${projectGroupId}/projects`;
+};
+const retrieveExistingRepoUrl = config => {
+    return `${config.host}/projects/v4/organizations/${config.organizationId}/repositories`;
+};
+function createRepositoryUrl(config) {
+    return `${config.host}/projects/v1/repositories`;
+}
 function createLibraryVulnerabilitiesUrl(config) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`;
 }
@@ -381,7 +531,9 @@ function createSbomUrl(config, type) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/${type}`;
 }
 function createSCASbomUrl(config, type, reportId) {
-    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/applications/${config.applicationId}/sbom/${reportId}?toolType=${type}`;
+    return config.projectId
+        ? `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/projects/${config.projectId}/libraries/sbom/${reportId}?toolType=${type}`
+        : `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/sbom/${reportId}?toolType=${type}`;
 }
 function createTelemetryEventUrl(config) {
     return `${config.host}/Contrast/api/sast/organizations/${config.organizationId}/cli`;

package/dist/constants/constants.js CHANGED Viewed

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.23';
+const APP_VERSION = '2.0.0';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';
@@ -27,12 +27,11 @@ const NOTE_PRIORITY = 5;
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com';
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com';
 const SARIF_FILE = 'SARIF';
-const SBOM_CYCLONE_DX_FILE = 'cyclonedx';
-const SBOM_SPDX_FILE = 'spdx';
+const SBOM_CYCLONE_DX_FILE = 'CYCLONEDX';
+const SBOM_SPDX_FILE = 'SPDX';
 const CE_URL = 'https://ce.contrastsecurity.com';
 const SAAS = 'SAAS';
 const EOP = 'EOP';
-const MODE_BUILD = 'BUILD';
 const MODE_REPO = 'REPO';
 module.exports = {
     supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
@@ -62,6 +61,5 @@ module.exports = {
     SBOM_SPDX_FILE,
     SAAS,
     EOP,
-    MODE_BUILD,
     MODE_REPO
 };

package/dist/constants/locales.js CHANGED Viewed

@@ -48,7 +48,7 @@ const en_locales = () => {
         constantsProxyServer: 'Allows for connection via a proxy server. If authentication is required please provide the username and password with the protocol, host and port. For instance: "https://username:password@<host>:<port>".',
         constantsGradleMultiProject: 'Specify the sub project within your gradle application.',
         constantsDoNotWaitForScan: 'Fire and forget. Do not wait for the result of the scan.',
-        constantsProjectName: 'Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.',
+        constantsProjectName: 'Contrast project name. If not specified, Contrast uses the file / folder name to identify the project or creates a new project.',
         constantsProjectId: 'The ID associated with a scan project. Replace <ProjectID> with the ID for the scan project. To find the ID, select a scan project in Contrast and locate the last number in the URL.',
         failThresholdOptionErrorMessage: 'More than 0 vulnerabilities found',
         failSeverityOptionErrorMessage: ' FAIL - Results detected vulnerabilities over accepted severity level',
@@ -130,8 +130,12 @@ const en_locales = () => {
         scanOptionsTimeoutSummary: 'Time in seconds to wait for scan to complete. Default value is 300 seconds.',
         scanOptionsFileNameSummary: 'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .exe or .zip file in the working directory.',
         scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
-        auditOptionsTrackSummary: ' Save the results to the UI.',
+        auditOptionsTrackSummary: ' Send your dependency audit to Contrast to see results in the UI and start automating security checks. For instance when running local SCA checks you may not need or want to track the results.',
         auditOptionsBranchSummary: ' Set the branch name to associate the library results to.',
+        auditOptionsLegacySummary: ' Creates an application in Contrast (a legacy workflow) - displays a dependency tree for your piece of code, utilizes metatdata.' +
+            '\n' +
+            '.NET is only supported using --legacy\n',
+        auditOptionsRepoSummary: ' Run in repo mode.',
         authSuccessMessage: 'Authentication successful',
         runAuthSuccessMessage: chalk.bold('CodeSec by Contrast') +
             '\nScan, secure and ship your code in minutes for FREE. \n' +
@@ -193,7 +197,7 @@ const en_locales = () => {
     If you are running on untrusted code, consider running in a sandbox.`,
         constantsAuditPrerequisitesContentDotNetMessage: `
     ${chalk.bold('.NET framework and .NET core:')} MSBuild 15.0 or greater and a packages.lock.json file.
-    Note: If the packages.lock.json file is unavailable it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj file and running dotnet build.\n`,
+    Note: If the packages.lock.json file is unavailable it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj file and running dotnet build. Only supported with the --legacy flag, an older workflow\n`,
         constantsAuditPrerequisitesContentNodeMessage: `${chalk.bold('Node:')} package.json and a lock file (either .package-lock.json or .yarn.lock.)\n`,
         constantsAuditPrerequisitesContentRubyMessage: `${chalk.bold('Ruby:')} gemfile and gemfile.lock\n`,
         constantsAuditPrerequisitesContentPythonMessage: `${chalk.bold('Python:')} pipfile and pipfile.lock\n`,

package/dist/index.js CHANGED Viewed

@@ -9,7 +9,6 @@ const processAudit_1 = require("./commands/audit/processAudit");
 const auth_1 = require("./commands/auth/auth");
 const config_1 = require("./commands/config/config");
 const processScan_1 = require("./commands/scan/processScan");
-const processFingerprint_1 = require("./commands/fingerprint/processFingerprint");
 const cliConstants_1 = __importDefault(require("./cliConstants"));
 const constants_1 = require("./constants/constants");
 const lambda_1 = require("./lambda/lambda");
@@ -69,9 +68,6 @@ const start = async () => {
             if (command === 'learn') {
                 return (0, processLearn_1.processLearn)();
             }
-            if (command === 'fingerprint') {
-                return await (0, processFingerprint_1.processFingerprint)(config, argvMain);
-            }
             if (command === 'help' ||
                 argvMain.includes('--help') ||
                 Object.keys(mainOptions).length === 0) {

package/dist/lambda/lambda.js CHANGED Viewed

@@ -119,7 +119,9 @@ const processLambda = async (argv) => {
 exports.processLambda = processLambda;
 const getAvailableFunctions = async (lambdaOptions) => {
     const lambdas = await (0, lambdaUtils_1.getAllLambdas)(lambdaOptions);
-    (0, lambdaUtils_1.printAvailableLambdas)(lambdas, { runtimes: ['python', 'java', 'node'] });
+    (0, lambdaUtils_1.printAvailableLambdas)(lambdas, {
+        runtimes: ['python', 'java', 'node', 'dotnet']
+    });
 };
 exports.getAvailableFunctions = getAvailableFunctions;
 const actualProcessLambda = async (lambdaOptions) => {

package/dist/scaAnalysis/common/commonReportingFunctionsSca.js CHANGED Viewed

@@ -53,9 +53,9 @@ const printFormattedOutputSca = (config, reportModelList, numberOfVulnerableLibr
     createSummaryMessageBottom(numberOfVulnerableLibraries);
     const { criticalMessage, highMessage, mediumMessage, lowMessage, noteMessage } = buildFooter(outputOrderedByLowestSeverityAndLowestNumOfCvesFirst);
     console.log(`${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`);
-    if (config.host !== CE_URL) {
-        console.log('\n' + chalk.bold('View your full dependency tree in Contrast:'));
-        console.log(`${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
+    if (config.host !== CE_URL && config.projectId) {
+        console.log('\n' + chalk.bold("Check out your project's results in Contrast"));
+        console.log(`${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/libraries?view=static&projects=${config.name}`);
     }
 };
 function getReportTable() {

package/dist/scaAnalysis/common/scaServicesUpload.js CHANGED Viewed

@@ -2,9 +2,16 @@
 const commonApi = require('../../utils/commonApi');
 const { APP_VERSION } = require('../../constants/constants');
 const requestUtils = require('../../utils/requestUtils');
-const scaTreeUpload = async (analysis, config) => {
+const { performance } = require('perf_hooks');
+const scaTreeUpload = async (analysis, config, reportSpinner) => {
+    if (config.projectId === '') {
+        console.log('We were unable to create/locate a project for this manifest, please try again or run with --debug for more information');
+        process.exit(1);
+    }
+    config.language = config.language === 'JAVASCRIPT' ? 'NODE' : config.language;
+    const startTime = performance.now();
+    const timeout = commonApi.getTimeout(config);
     const requestBody = {
-        applicationId: config.applicationId,
         dependencyTree: analysis,
         organizationId: config.organizationId,
         language: config.language,
@@ -20,7 +27,7 @@ const scaTreeUpload = async (analysis, config) => {
     const reportID = await client
         .scaServiceIngest(requestBody, config)
         .then(res => {
-        if (res.statusCode === 201) {
+        if (res.statusCode === 201 || res.statusCode === 200) {
             return res.body.libraryIngestJobId;
         }
         else {
@@ -38,24 +45,87 @@ const scaTreeUpload = async (analysis, config) => {
     while (keepChecking) {
         res = await client.scaServiceReportStatus(config, reportID).then(res => {
             if (config.debug) {
-                console.log(res.statusCode);
+                console.log('scaServiceReportStatus', res.statusCode);
                 console.log(res.body);
             }
             if (res.body.status === 'COMPLETED') {
                 keepChecking = false;
                 return client.scaServiceReport(config, reportID).then(res => {
                     const reportBody = res.body;
-                    return { reportBody, reportID };
+                    return { reportBody, reportId: reportID };
+                });
+            }
+        });
+        if (!keepChecking) {
+            return { reportArray: res.reportBody, reportId: reportID };
+        }
+        commonApi.handleTimeout(startTime, timeout, reportSpinner);
+        await requestUtils.sleep(5000);
+    }
+    return { reportArray: res, reportID };
+};
+const noProjectUpload = async (analysis, config, reportSpinner) => {
+    config.language = config.language === 'JAVASCRIPT' ? 'NODE' : config.language;
+    const startTime = performance.now();
+    const timeout = commonApi.getTimeout(config);
+    const requestBody = {
+        dependencyTree: analysis,
+        language: config.language,
+        tool: {
+            name: 'Contrast Codesec',
+            version: APP_VERSION
+        }
+    };
+    if (config.branch) {
+        requestBody.branchName = config.branch;
+    }
+    const client = commonApi.getHttpClient(config);
+    const reportID = await client
+        .noProjectIdUpload(requestBody, config)
+        .then(res => {
+        if (res.statusCode === 201 || res.statusCode === 200) {
+            return res.body.libraryIngestJobId;
+        }
+        else {
+            throw new Error(res.statusCode + ` error ingesting dependencies with no project id`);
+        }
+    })
+        .catch(err => {
+        throw err;
+    });
+    if (config.debug) {
+        console.log(' polling report no project', reportID);
+    }
+    let keepChecking = true;
+    let res;
+    while (keepChecking) {
+        res = await client
+            .scaServiceNoProjectIdReportStatus(config, reportID)
+            .then(res => {
+            if (config.debug) {
+                console.log('\nscaServiceReportStatus');
+                console.log(res.statusCode);
+                console.log(res.body);
+            }
+            if (res.body.status === 'COMPLETED') {
+                keepChecking = false;
+                return client
+                    .scaServiceReportNoProjectId(config, reportID)
+                    .then(res => {
+                    const reportBody = res.body;
+                    return { reportBody, reportId: reportID };
                 });
             }
         });
         if (!keepChecking) {
-            return { reportArray: res.reportBody, reportID };
+            return { reportArray: res.reportBody, reportId: reportID };
         }
+        commonApi.handleTimeout(startTime, timeout, reportSpinner);
         await requestUtils.sleep(5000);
     }
     return { reportArray: res, reportID };
 };
 module.exports = {
-    scaTreeUpload
+    scaTreeUpload,
+    noProjectUpload
 };

package/dist/scaAnalysis/common/treeUpload.js CHANGED Viewed

@@ -3,11 +3,13 @@ const commonApi = require('../../utils/commonApi');
 const { APP_VERSION } = require('../../constants/constants');
 const commonSendSnapShot = async (analysis, config) => {
     let requestBody = {};
-    requestBody = {
-        appID: config.applicationId,
-        cliVersion: APP_VERSION,
-        snapshot: analysis
-    };
+    config.legacy === false
+        ? (requestBody = sendToSCAServices(config, analysis))
+        : (requestBody = {
+            appID: config.applicationId,
+            cliVersion: APP_VERSION,
+            snapshot: analysis
+        });
     const client = commonApi.getHttpClient(config);
     return client
         .sendSnapshot(requestBody, config)
@@ -26,6 +28,18 @@ const commonSendSnapShot = async (analysis, config) => {
         throw err;
     });
 };
+const sendToSCAServices = (config, analysis) => {
+    return {
+        applicationId: config.applicationId,
+        dependencyTree: analysis,
+        organizationId: config.organizationId,
+        language: config.language,
+        tool: {
+            name: 'Contrast Codesec',
+            version: APP_VERSION
+        }
+    };
+};
 module.exports = {
     commonSendSnapShot
 };

package/dist/scaAnalysis/go/goAnalysis.js CHANGED Viewed

@@ -7,7 +7,12 @@ const goAnalysis = config => {
     try {
         const rawGoDependencies = goReadDepFile.getGoDependencies(config);
         const parsedGoDependencies = goParseDeps.parseGoDependencies(rawGoDependencies);
-        return createGoTSMessage(parsedGoDependencies);
+        if (config.legacy === false) {
+            return parseDependenciesForSCAServices(parsedGoDependencies);
+        }
+        else {
+            return createGoTSMessage(parsedGoDependencies);
+        }
     }
     catch (e) {
         console.log(e.message.toString());

package/dist/scaAnalysis/java/index.js CHANGED Viewed

@@ -8,7 +8,12 @@ const javaAnalysis = async (config, languageFiles) => {
         file.replace('build.gradle.kts', 'build.gradle');
     });
     const javaDeps = buildJavaTree(config, languageFiles.JAVA);
-    return createJavaTSMessage(javaDeps);
+    if (config.legacy === false) {
+        return parseDependenciesForSCAServices(javaDeps);
+    }
+    else {
+        return createJavaTSMessage(javaDeps);
+    }
 };
 const buildJavaTree = (config, files) => {
     const javaBuildDeps = analysis.getJavaBuildDeps(config, files);

package/dist/scaAnalysis/javascript/index.js CHANGED Viewed

@@ -13,6 +13,9 @@ const jsAnalysis = async (config, languageFiles) => {
 const buildNodeTree = async (config, files) => {
     let analysis = await readFiles(config, files);
     const rawNode = await parseFiles(config, files, analysis);
+    if (config.legacy === false) {
+        return scaServiceParser.parseJS(rawNode);
+    }
     return formatMessage.createJavaScriptTSMessage(rawNode);
 };
 const readFiles = async (config, files) => {
@@ -39,8 +42,8 @@ const parseFiles = async (config, files, js) => {
         if (!currentLockFileVersion || !npmLockFile.packages) {
             throw new Error(`package-lock.json needs to be in the NPM v2 or v3 format. \n ${generalRebuildMessage}`);
         }
-        if (currentLockFileVersion === 3) {
-            throw new Error(`NPM lockfileVersion 3 is only supported when using the '-e' flag.`);
+        if (currentLockFileVersion === 3 && config.legacy) {
+            throw new Error(`NPM lockfileVersion 3 is not support with --legacy`);
         }
         js.npmLockFile = await analysis.parseNpmLockFile(npmLockFile);
     }

package/dist/scaAnalysis/legacy/legacyFlow.js ADDED Viewed

@@ -0,0 +1,33 @@
+"use strict";
+const auditController = require('../../commands/audit/auditController');
+const { returnOra, startSpinner, succeedSpinner } = require('../../utils/oraWrapper');
+const i18n = require('i18n');
+const treeUpload = require('../common/treeUpload');
+const { pollForSnapshotCompletion } = require('../../audit/languageAnalysisEngine/sendSnapshot');
+const { vulnerabilityReportV2 } = require('../../audit/report/reportingFeature');
+const { auditSave } = require('../../audit/save');
+const legacyFlow = async (config, messageToSend) => {
+    const startTime = performance.now();
+    if (!config.applicationId) {
+        config.applicationId = await auditController.dealWithNoAppId(config);
+    }
+    console.log('');
+    const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
+    startSpinner(reportSpinner);
+    const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
+    await pollForSnapshotCompletion(config, snapshotResponse.id, reportSpinner);
+    succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
+    await vulnerabilityReportV2(config, snapshotResponse.id);
+    if (config.save !== undefined) {
+        await auditSave(config);
+    }
+    else {
+        console.log('\nUse contrast audit --save to generate an SBOM');
+    }
+    const endTime = performance.now() - startTime;
+    const scanDurationMs = endTime - startTime;
+    console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
+};
+module.exports = {
+    legacyFlow
+};

package/dist/scaAnalysis/php/index.js CHANGED Viewed

@@ -1,10 +1,16 @@
 "use strict";
 const { readFile, parseProjectFiles } = require('./analysis');
 const { createPhpTSMessage } = require('../common/formatMessage');
+const { parsePHPLockFileForScaServices } = require('./phpNewServicesMapper');
 const phpAnalysis = config => {
     let analysis = readFiles(config);
-    const phpDep = parseProjectFiles(analysis);
-    return createPhpTSMessage(phpDep);
+    if (config.legacy === false) {
+        return parsePHPLockFileForScaServices(analysis.rawLockFileContents);
+    }
+    else {
+        const phpDep = parseProjectFiles(analysis);
+        return createPhpTSMessage(phpDep);
+    }
 };
 const readFiles = config => {
     let php = {};

package/dist/scaAnalysis/processServicesFlow.js ADDED Viewed

@@ -0,0 +1,21 @@
+"use strict";
+const projectConfig = require('../commands/github/projectGroup');
+const scaServicesUpload = require('../scaAnalysis/common/scaServicesUpload');
+const processUpload = async (analysis, config, reportSpinner) => {
+    let projectId = await projectConfig.getProjectIdByOrg(config);
+    if (projectId === '') {
+        if (config.track === true) {
+            await projectConfig.registerNewProjectGroup(config);
+            projectId = await projectConfig.getProjectIdByOrg(config);
+        }
+        if (config.track === false || config.track === undefined) {
+            return await scaServicesUpload.noProjectUpload(analysis, config, reportSpinner);
+        }
+    }
+    await projectConfig.registerProjectIdOnCliServices(config, projectId);
+    config.projectId = projectId;
+    return await scaServicesUpload.scaTreeUpload(analysis, config, reportSpinner);
+};
+module.exports = {
+    processUpload
+};

package/dist/scaAnalysis/python/analysis.js CHANGED Viewed

@@ -48,10 +48,16 @@ const checkForCorrectFiles = languageFiles => {
 };
 const getPythonDeps = (config, languageFiles) => {
     try {
-        checkForCorrectFiles(languageFiles);
-        const parseProject = readAndParseProjectFile(config.file);
-        const parsePip = readAndParseLockFile(config.file);
-        return { pipfileLock: parsePip, pipfilDependanceies: parseProject };
+        if (config.legacy === false) {
+            let pythonLockFileContents = readLockFile(config.file);
+            return scaPythonParser(pythonLockFileContents);
+        }
+        else {
+            checkForCorrectFiles(languageFiles);
+            const parseProject = readAndParseProjectFile(config.file);
+            const parsePip = readAndParseLockFile(config.file);
+            return { pipfileLock: parsePip, pipfilDependanceies: parseProject };
+        }
     }
     catch (err) {
         console.log(err.message.toString());