@contrast/contrast 1.0.23 → 2.0.0

package/dist/scaAnalysis/python/index.js

@@ -3,7 +3,12 @@ const { createPythonTSMessage } = require('../common/formatMessage');
 const { getPythonDeps, secondaryParser } = require('./analysis');
 const pythonAnalysis = (config, languageFiles) => {
     const pythonDeps = getPythonDeps(config, languageFiles.PYTHON);
-    return createPythonTSMessage(pythonDeps);
+    if (config.legacy === false) {
+        return pythonDeps;
+    }
+    else {
+        return createPythonTSMessage(pythonDeps);
+    }
 };
 module.exports = {
     pythonAnalysis

package/dist/scaAnalysis/repoMode/index.js

@@ -6,11 +6,11 @@ const buildRepo = async (config, languageFiles) => {
     const project = determineProjectTypeAndCwd(languageFiles.JAVA, config);
     if (project.projectType === 'maven') {
         let jsonPomFile = mavenParser.readPomFile(project);
-        mavenParser.parsePomFile(jsonPomFile);
+        return mavenParser.parsePomFile(jsonPomFile);
     }
     else if (project.projectType === 'gradle') {
         const gradleJson = gradleParser.readBuildGradleFile(project);
-        gradleParser.parseGradleJson(await gradleJson);
+        return gradleParser.parseGradleJson(await gradleJson);
     }
     else {
         console.log('Unable to read project files.');

package/dist/scaAnalysis/ruby/analysis.js

@@ -6,7 +6,16 @@ const getRubyDeps = (config, languageFiles) => {
         checkForCorrectFiles(languageFiles);
         const parsedGem = readAndParseGemfile(config.file);
         const parsedLock = readAndParseGemLockFile(config.file);
-        return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock };
+        if (config.legacy === false) {
+            const rubyArray = removeRedundantAndPopulateDefinedElements(parsedLock.sources);
+            let rubyTree = createRubyTree(rubyArray);
+            findChildrenDependencies(rubyTree);
+            processRootDependencies(parsedLock.dependencies, rubyTree);
+            return rubyTree;
+        }
+        else {
+            return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock };
+        }
     }
     catch (err) {
         throw err;

package/dist/scaAnalysis/ruby/index.js

@@ -3,7 +3,12 @@ const analysis = require('./analysis');
 const { createRubyTSMessage } = require('../common/formatMessage');
 const rubyAnalysis = (config, languageFiles) => {
     const rubyDeps = analysis.getRubyDeps(config, languageFiles.RUBY);
-    return createRubyTSMessage(rubyDeps);
+    if (config.legacy === false) {
+        return rubyDeps;
+    }
+    else {
+        return createRubyTSMessage(rubyDeps);
+    }
 };
 module.exports = {
     rubyAnalysis

package/dist/scaAnalysis/scaAnalysis.js

@@ -1,11 +1,7 @@
 "use strict";
 const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET } } = require('../constants/constants');
-const { pollForSnapshotCompletion } = require('../audit/languageAnalysisEngine/sendSnapshot');
 const { returnOra, startSpinner, succeedSpinner } = require('../utils/oraWrapper');
-const { vulnerabilityReportV2 } = require('../audit/report/reportingFeature');
 const autoDetection = require('../scan/autoDetection');
-const treeUpload = require('./common/treeUpload');
-const auditController = require('../commands/audit/auditController');
 const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames');
 const path = require('path');
 const i18n = require('i18n');
@@ -19,9 +15,13 @@ const { rubyAnalysis } = require('./ruby');
 const { pythonAnalysis } = require('./python');
 const javaAnalysis = require('./java');
 const jsAnalysis = require('./javascript');
+const auditReport = require('./common/auditReport');
+const processServices = require('./processServicesFlow');
 const chalk = require('chalk');
+const { convertGenericToTypedReportModelSca } = require('./common/utils/reportUtilsSca');
+const projectConfig = require('../commands/github/projectGroup');
+const { legacyFlow } = require('./legacy/legacyFlow');
 const processSca = async (config) => {
-    const startTime = performance.now();
     let filesFound;
     if (config.help) {
         console.log(auditUsageGuide);
@@ -43,7 +43,17 @@ const processSca = async (config) => {
         switch (Object.keys(filesFound[0])[0]) {
             case JAVA:
                 config.language = JAVA;
-                messageToSend = await javaAnalysis.javaAnalysis(config, filesFound[0]);
+                if (config.repo && !config.legacy) {
+                    try {
+                        messageToSend = await repoMode.buildRepo(config, filesFound[0]);
+                    }
+                    catch (e) {
+                        throw new Error('Unable to build in repository mode. Check your project file');
+                    }
+                }
+                else {
+                    messageToSend = await javaAnalysis.javaAnalysis(config, filesFound[0]);
+                }
                 break;
             case JAVASCRIPT:
                 messageToSend = await jsAnalysis.jsAnalysis(config, filesFound[0]);
@@ -66,32 +76,44 @@ const processSca = async (config) => {
                 config.language = GO;
                 break;
             case DOTNET:
-                messageToSend = dotNetAnalysis(config, filesFound[0]);
-                config.language = DOTNET;
-                break;
+                if (config.legacy === false) {
+                    console.log(`${chalk.bold('\n.NET project found\n')} Language type is unsupported.`);
+                    return;
+                }
+                else {
+                    messageToSend = dotNetAnalysis(config, filesFound[0]);
+                    config.language = DOTNET;
+                    break;
+                }
             default:
                 console.log('No supported language detected in project path');
                 return;
         }
-        if (!config.applicationId) {
-            config.applicationId = await auditController.dealWithNoAppId(config);
-        }
-        console.log('');
-        const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
-        startSpinner(reportSpinner);
-        const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
-        await pollForSnapshotCompletion(config, snapshotResponse.id, reportSpinner);
-        succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
-        await vulnerabilityReportV2(config, snapshotResponse.id);
-        if (config.save !== undefined) {
-            await auditSave.auditSave(config);
+        if (config.legacy === false) {
+            if (!config.name) {
+                config = await projectConfig.dealWithNoName(config);
+            }
+            const startTime = performance.now();
+            console.log('');
+            const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
+            startSpinner(reportSpinner);
+            let reportResponse = await processServices.processUpload(messageToSend, config, reportSpinner);
+            const reportModelLibraryList = convertGenericToTypedReportModelSca(reportResponse.reportArray);
+            auditReport.processAuditReport(config, reportModelLibraryList);
+            if (config.save !== undefined) {
+                await auditSave.auditSave(config, reportResponse.reportId);
+            }
+            else {
+                console.log('Use contrast audit --save to generate an SBOM');
+            }
+            succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
+            const endTime = performance.now() - startTime;
+            const scanDurationMs = endTime - startTime;
+            console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
         }
         else {
-            console.log('\nUse contrast audit --save to generate an SBOM');
+            await legacyFlow(config, messageToSend);
         }
-        const endTime = performance.now() - startTime;
-        const scanDurationMs = endTime - startTime;
-        console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
     }
     else {
         if (filesFound.length === 0) {

package/dist/scan/autoDetection.js

@@ -1,6 +1,7 @@
 "use strict";
 const i18n = require('i18n');
 const fileFinder = require('./fileUtils');
+const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET } } = require('../constants/constants');
 const autoDetectFingerprintInfo = async (filePath, depth) => {
     let complexObj = await fileFinder.findAllFiles(filePath, depth);
     let result = [];
@@ -11,6 +12,43 @@ const autoDetectFingerprintInfo = async (filePath, depth) => {
     });
     return result;
 };
+const detectPackageManager = async (array) => {
+    array.forEach(i => {
+        if (i.filePath.includes('pom.xml')) {
+            i['language'] = JAVA;
+            i['packageManager'] = 'MAVEN';
+        }
+        if (i.filePath.includes('build.gradle.kts')) {
+            i['language'] = JAVA;
+            i['packageManager'] = 'GRADLE';
+        }
+        if (i.filePath.includes('build.gradle')) {
+            i['language'] = JAVA;
+            i['packageManager'] = 'GRADLE';
+        }
+        if (i.filePath.includes('package.json')) {
+            i['language'] = JAVASCRIPT;
+            i['packageManager'] = 'NPM';
+        }
+        if (i.filePath.includes('yarn.lock')) {
+            i['language'] = JAVASCRIPT;
+            i['packageManager'] = 'YARN';
+        }
+        if (i.filePath.includes('Pipfile')) {
+            i['language'] = PYTHON;
+        }
+        if (i.filePath.includes('csproj')) {
+            i['language'] = DOTNET;
+        }
+        if (i.filePath.includes('Gemfile')) {
+            i['language'] = RUBY;
+        }
+        if (i.filePath.includes('go.mod')) {
+            i['language'] = GO;
+        }
+    });
+    return array;
+};
 const autoDetectFileAndLanguage = async (configToUse) => {
     const entries = await fileFinder.findFile();
     if (entries.length === 1) {
@@ -53,7 +91,7 @@ const hasWhiteSpace = s => {
 };
 const dealWithMultiJava = filesFound => {
     let hasMultiJava = filesFound.filter(data => {
-        return (Object.keys(data)[0] === 'JAVA' &&
+        return (Object.keys(data)[0] === JAVA &&
             Object.values(data)[0].includes('build.gradle') &&
             Object.values(data)[0].includes('pom.xml'));
     }).length > 0;
@@ -101,5 +139,6 @@ module.exports = {
     autoDetectAuditFilesAndLanguages,
     errorOnAuditFileDetection,
     autoDetectFingerprintInfo,
-    dealWithMultiJava
+    dealWithMultiJava,
+    detectPackageManager
 };

package/dist/scan/fileUtils.js

@@ -16,6 +16,7 @@ const findAllFiles = async (filePath, depth = 2) => {
         '**/build.gradle',
         '**/build.gradle.kts',
         '**/package.json',
+        '**/yarn.lock',
         '**/Pipfile',
         '**/*.csproj',
         '**/Gemfile',
@@ -32,15 +33,15 @@ const findAllFiles = async (filePath, depth = 2) => {
     }
     return [];
 };
-const findFilesJava = async (languagesFound, filePath) => {
+const findFilesJava = async (languagesFound, filePath, depth = 1) => {
     const result = await fg(['**/pom.xml', '**/build.gradle', '**/build.gradle.kts'], {
         dot: false,
-        deep: 1,
+        deep: depth,
         onlyFiles: true,
         cwd: filePath ? filePath : process.cwd()
     });
     if (result.length > 0) {
-        return languagesFound.push({ JAVA: result });
+        return languagesFound.push({ JAVA: result, language: 'JAVA' });
     }
     return languagesFound;
 };
@@ -52,7 +53,7 @@ const findFilesJavascript = async (languagesFound, filePath) => {
         cwd: filePath ? filePath : process.cwd()
     });
     if (result.length > 0) {
-        return languagesFound.push({ JAVASCRIPT: result });
+        return languagesFound.push({ JAVASCRIPT: result, language: 'JAVASCRIPT' });
     }
     return languagesFound;
 };

package/dist/utils/commonApi.js

@@ -1,6 +1,29 @@
 "use strict";
 const HttpClient = require('./../common/HTTPClient');
 const { badRequestError, unauthenticatedError, forbiddenError, proxyError, genericError, maxAppError, snapshotFailureError, vulnerabilitiesFailureError, reportFailureError, parametersError, invalidHostNameError } = require('../common/errorHandling');
+const { performance } = require('perf_hooks');
+const requestUtils = require('./requestUtils');
+const oraFunctions = require('./oraWrapper');
+const getTimeout = config => {
+    if (config.timeout) {
+        return config.timeout;
+    }
+    else {
+        if (config.verbose) {
+            console.log('Timeout set to 5 minutes');
+        }
+        return 300;
+    }
+};
+const handleTimeout = (startTime, timeout, reportSpinner) => {
+    const endTime = performance.now() - startTime;
+    if (requestUtils.millisToSeconds(endTime) > timeout) {
+        oraFunctions.failSpinner(reportSpinner, 'Contrast audit timed out at the specified timeout of ' +
+            timeout +
+            ' seconds.');
+        throw new Error('You can update the timeout using --timeout');
+    }
+};
 const handleResponseErrors = (res, api) => {
     if (res.statusCode === 400) {
         api === 'catalogue' ? badRequestError(true) : badRequestError(false);
@@ -60,5 +83,7 @@ module.exports = {
     getValidHost: getValidHost,
     getProtocol: getProtocol,
     handleResponseErrors: handleResponseErrors,
-    getHttpClient: getHttpClient
+    getHttpClient: getHttpClient,
+    handleTimeout: handleTimeout,
+    getTimeout: getTimeout
 };

package/dist/utils/settingsHelper.js

@@ -0,0 +1,14 @@
+"use strict";
+const generalAPI = require('./generalAPI');
+const { SAAS } = require('../constants/constants');
+const getSettings = async (config) => {
+    config.isEOP =
+        (await generalAPI.getMode(config)).toUpperCase() === SAAS ? false : true;
+    if (config.legacy === undefined) {
+        config.legacy = config.isEOP;
+    }
+    return config;
+};
+module.exports = {
+    getSettings
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.23",
+  "version": "2.0.0",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {
@@ -27,9 +27,12 @@
     "test": "jest --testPathIgnorePatterns=./test-integration/",
     "test-int": "jest ./test-integration/",
     "test-int-scan": "jest ./test-integration/scan",
+    "test-int-audit": "jest test-integration/audit",
+    "test-int-audit-reports": "jest test-integration/audit/audit-language-reports-old-services.spec.js",
     "test-int-scan-errors": "jest test-integration/scan/scanLocalErrors.spec.js",
     "test-int-scan-reports": "jest test-integration/scan/scanReport.spec.js",
-    "test-int-audit-features": "jest test-integration/audit/auditFeatures",
+    "test-int-audit-features": "jest test-integration/audit/auditFeatures/",
+    "test-int-audit-projects": "jest test-integration/audit/audit-projects.spec.js",
     "format": "prettier --write \"**/*.{ts,tsx,js,json,md,yml}\" .eslintrc.*",
     "check-format": "prettier --check \"**/*.{ts,tsx,js,json,md,yml}\" .eslintrc.*",
     "coverage-local": "nyc --reporter=text mocha './test/**/*.spec.js'",
@@ -59,7 +62,7 @@
     "dotenv": "^16.0.0",
     "fast-glob": "^3.2.11",
     "gradle-to-js": "^2.0.1",
-    "i18n": "^0.14.2",
+    "i18n": "^0.15.1",
     "js-yaml": "^4.1.0",
     "lodash": "^4.17.21",
     "log-symbols": "^4.1.0",
@@ -91,7 +94,7 @@
     "husky": "^3.1.0",
     "jest": "^27.5.1",
     "jest-junit": "^13.2.0",
-    "mocha": "^9.2.2",
+    "mocha": "^10.2.0",
     "npm-license-crawler": "^0.2.1",
     "nyc": "^15.1.0",
     "pkg": "^5.6.0",
@@ -100,7 +103,7 @@
     "ts-jest": "^27.1.4",
     "ts-node": "^10.7.0",
     "typescript": "^4.6.3",
-    "uuid": "^8.3.2"
+    "uuid": "^9.0.0"
   },
   "resolutions": {
     "faker": "5.5.3",

package/src/audit/languageAnalysisEngine/sendSnapshot.js

@@ -18,21 +18,10 @@ const pollSnapshotResults = async (config, snapshotId, client) => {
     })
 }
 
-const getTimeout = config => {
-  if (config.timeout) {
-    return config.timeout
-  } else {
-    if (config.verbose) {
-      console.log('Timeout set to 5 minutes')
-    }
-    return 300
-  }
-}
-
 const pollForSnapshotCompletion = async (config, snapshotId, reportSpinner) => {
   const client = commonApi.getHttpClient(config)
   const startTime = performance.now()
-  const timeout = getTimeout(config)
+  const timeout = commonApi.getTimeout(config)
 
   let complete = false
   if (!_.isNil(snapshotId)) {
@@ -57,16 +46,8 @@ const pollForSnapshotCompletion = async (config, snapshotId, reportSpinner) => {
           process.exit(1)
         }
       }
-      const endTime = performance.now() - startTime
-      if (requestUtils.millisToSeconds(endTime) > timeout) {
-        oraFunctions.failSpinner(
-          reportSpinner,
-          'Contrast audit timed out at the specified timeout of ' +
-            timeout +
-            ' seconds.'
-        )
-        throw new Error('You can update the timeout using --timeout')
-      }
+
+      commonApi.handleTimeout(startTime, timeout, reportSpinner)
     }
   }
 }

package/src/audit/save.js

@@ -10,6 +10,9 @@ const {
 
 async function auditSave(config, reportId) {
   let fileFormat
+  //validate the config to see if we can uppercase it
+  config.save = config.save ? config.save.toUpperCase() : config.save
+
   switch (config.save) {
     case null:
     case SBOM_CYCLONE_DX_FILE:
@@ -38,7 +41,13 @@ async function auditSave(config, reportId) {
         save.saveFile(config, fileFormat, sbomResponse)
       }
     }
-    const filename = `${config.applicationId}-sbom-${fileFormat}.json`
+
+    let fileStart = config.legacy ? config.applicationId : config.projectId
+    if (fileStart === undefined) {
+      fileStart = 'my'
+    }
+
+    const filename = `${fileStart}-sbom-${fileFormat}.json`
     if (fs.existsSync(filename)) {
       console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`)
     } else {

package/src/cliConstants.js

@@ -254,6 +254,14 @@ const auditAdvancedOptionDefinitionsForHelp = [
       '}: ' +
       i18n.__('constantsApplicationName')
   },
+  {
+    name: 'name',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProjectName')
+  },
   {
     name: 'app-groups',
     description:
@@ -399,6 +407,25 @@ const auditOptionDefinitions = [
       i18n.__('constantsOptional') +
       '}:' +
       i18n.__('auditOptionsBranchSummary')
+  },
+  {
+    name: 'legacy',
+    alias: 'l',
+    type: Boolean,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}:' +
+      i18n.__('auditOptionsLegacySummary')
+  },
+  {
+    name: 'repo',
+    type: Boolean,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}:' +
+      i18n.__('auditOptionsRepoSummary')
   }
 ]
 
@@ -409,6 +436,11 @@ const fingerprintOptionDefinitions = [
     type: Number,
     description:
       '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('depthOption')
+  },
+  {
+    name: 'repoUrl',
+    type: String,
+    description: ''
   }
 ]
 

package/src/commands/audit/auditController.js

@@ -45,5 +45,6 @@ const removeLastChar = str => {
 }
 
 module.exports = {
-  dealWithNoAppId
+  dealWithNoAppId,
+  getAppName
 }

package/src/commands/audit/help.js

@@ -53,9 +53,10 @@ const auditUsageGuide = commandLineUsage([
       'language',
       'app-groups',
       'metadata',
-      'track',
       'fingerprint',
-      'branch'
+      'branch',
+      'repo',
+      'name'
     ]
   },
   {

package/src/commands/audit/processAudit.js

@@ -3,6 +3,7 @@ const { auditUsageGuide } = require('./help')
 const scaController = require('../../scaAnalysis/scaAnalysis')
 const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry')
 const { postRunMessage } = require('../../common/commonHelp')
+const settingsHelper = require('../../utils/settingsHelper')
 
 const processAudit = async (contrastConf, argvMain) => {
   if (argvMain.indexOf('--help') !== -1) {
@@ -11,6 +12,7 @@ const processAudit = async (contrastConf, argvMain) => {
   }
 
   let config = await auditConfig.getAuditConfig(contrastConf, 'audit', argvMain)
+  config = await settingsHelper.getSettings(config)
 
   await scaController.processSca(config)
   if (!config.fingerprint) {

package/src/commands/audit/saveFile.js

@@ -1,7 +1,12 @@
 const fs = require('fs')
 
 const saveFile = (config, type, rawResults) => {
-  const fileName = `${config.applicationId}-sbom-${type}.json`
+  let fileStart = config.legacy ? config.applicationId : config.projectId
+  if (fileStart === undefined) {
+    fileStart = 'my'
+  }
+
+  const fileName = `${fileStart}-sbom-${type}.json`
   fs.writeFileSync(fileName, JSON.stringify(rawResults))
 }