@contrast/contrast 1.0.23 → 2.0.0

package/src/commands/github/projectGroup.js

@@ -0,0 +1,187 @@
+const commonApi = require('../../utils/commonApi')
+const { getAppName } = require('../audit/auditController')
+
+const getProjectIdByOrg = async config => {
+  const client = await commonApi.getHttpClient(config)
+  config.language = config.language === 'NODE' ? 'JAVASCRIPT' : config.language
+  let projectId = ''
+
+  let projectByOrg = await retrieveProjectByOrganization(config, client)
+
+  if (projectByOrg?.length > 0) {
+    projectId = getProjectIdFromArray(config, projectByOrg)
+  }
+
+  return projectId
+}
+
+const registerNewProjectGroup = async config => {
+  let projectId = ''
+  let body = {
+    organizationId: config.organizationId,
+    name: config.name ? config.name : config.file, //has to be unique per project
+    repositoryId: null,
+    type: 'CLI'
+  }
+  const client = await commonApi.getHttpClient(config)
+  body.projects = createProjects([config])
+
+  let projectGroupInfo = await client
+    .registerProjectGroup(config, body)
+    .then(res => {
+      if (config.debug || config.verbose) {
+        console.log('\nRegister ProjectGroup')
+        console.log(res.statusCode)
+        console.log(res.body)
+      }
+      if (res.statusCode === 201 || res.statusCode === 200) {
+        if (config.debug || config.verbose) {
+          console.log('registerProjectGroup - response')
+          console.log('response', res.body)
+        }
+        return res?.body?.projectGroupId
+      }
+
+      if (res.statusCode === 409) {
+        return []
+      }
+    })
+    .catch(err => {
+      console.log('\nError Registering Project Group')
+      console.log(err.statusCode)
+    })
+
+  return projectGroupInfo
+}
+
+const createProjects = params => {
+  let projectsArray = []
+  let projects = {}
+
+  params.forEach(param => {
+    projects = {
+      path: param.file,
+      name: param.name ? param.name : param.file,
+      source: 'SCA',
+      language: param.language,
+      packageManager: 'MAVEN',
+      target: 'SCA',
+      sourceId: '' // this is appID at the moment and scaID in future
+    }
+    projectsArray.push(projects)
+  })
+
+  return projectsArray
+}
+
+const getExistingGroupProjectId = (config, projectGroupsInfoEx) => {
+  let existingGroupProjectId = ''
+  projectGroupsInfoEx.forEach(i => {
+    if (i.name === config.name) {
+      existingGroupProjectId = i.projectGroupId
+    }
+  })
+  return existingGroupProjectId
+}
+
+const getProjectIdFromArray = (config, array) => {
+  let projectId = ''
+  array?.forEach(i => {
+    if (i.name === config.name) {
+      projectId = i.projectId
+    }
+  })
+  return projectId
+}
+
+const registerProjectIdOnCliServices = async (config, projectId) => {
+  const client = commonApi.getHttpClient(config)
+
+  let cliServicesBody = {
+    projectId: projectId,
+    name: config.name
+  }
+
+  let result = await client
+    .registerOnCliServices(config, cliServicesBody)
+    .then(res => {
+      if (config.debug || config.verbose) {
+        console.log('\nregistration on cli services')
+        console.log(res.statusCode)
+      }
+      if (res.statusCode === 201 || res.statusCode === 200) {
+        return res.body
+      } else {
+        return []
+      }
+    })
+
+  return result
+}
+
+const retrieveExistingProjectIdWithProjectGroupId = async (
+  config,
+  client,
+  projectGroupId
+) => {
+  let groups = await client
+    .retrieveExistingProjectIdByProjectGroupId(config, projectGroupId)
+    .then(res => {
+      if (config.debug || config.verbose) {
+        console.log('\nRetrieve Existing ProjectId By ProjectGroupId')
+        console.log(res.statusCode)
+        console.log(res.body)
+      }
+
+      if (res.statusCode === 200) {
+        return res.body
+      } else {
+        return []
+      }
+    })
+
+  return getProjectIdFromArray(config, groups)
+}
+
+const retrieveProjectByOrganization = async (config, client) => {
+  return await client.retrieveProjectByOrganizationId(config).then(res => {
+    if (config.debug || config.verbose) {
+      console.log('\nRetrieve Project By OrganizationId')
+      console.log(res.statusCode)
+      console.log(res.body)
+    }
+
+    if (res.statusCode === 201 || res.statusCode === 200) {
+      return res.body
+    } else {
+      return []
+    }
+  })
+}
+
+const retrieveExistingProjectGroups = async (config, client) => {
+  return await client.retrieveExistingProjectGroupsByOrg(config).then(res => {
+    if (res.statusCode === 201 || res.statusCode === 200) {
+      return res.body
+    } else {
+      return []
+    }
+  })
+}
+
+const dealWithNoName = async config => {
+  try {
+    config.name = getAppName(config.file)
+  } catch (e) {
+    console.log(e.message.toString())
+    process.exit(1)
+  }
+  return config
+}
+
+module.exports = {
+  getProjectIdByOrg,
+  registerProjectIdOnCliServices,
+  dealWithNoName,
+  registerNewProjectGroup
+}

package/src/common/HTTPClient.js

@@ -224,6 +224,24 @@ HTTPClient.prototype.scaServiceIngest = function scaServiceIngest(
   let url = createScaServiceIngestURL(config)
   options.url = url
   options.body = requestBody
+
+  if (config.debug || config.verbose) {
+    console.log('scaServiceIngest')
+    console.log('url', options.url)
+    console.log('body', options.body)
+  }
+
+  return requestUtils.sendRequest({ method: 'post', options })
+}
+
+HTTPClient.prototype.noProjectIdUpload = function scaServiceIngest(
+  requestBody,
+  config
+) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createScaServiceNoProjectIdURL(config)
+  options.url = url
+  options.body = requestBody
   return requestUtils.sendRequest({ method: 'post', options })
 }
 
@@ -237,23 +255,47 @@ HTTPClient.prototype.scaServiceReport = function scaServiceReport(
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
-HTTPClient.prototype.scaServiceReportStatus = function scaServiceReport(
+HTTPClient.prototype.scaServiceReportNoProjectId = function scaServiceReport(
   config,
   reportId
 ) {
   const options = _.cloneDeep(this.requestOptions)
-  let url = createScaServiceReportStatusURL(config, reportId)
-  options.url = url
+  options.url = createScaServiceReportNoProjectIdURL(config, reportId)
+  if (config.debug || config.verbose) {
+    console.log('createScaServiceReportNoProjectIdURL', options.url)
+  }
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
-HTTPClient.prototype.scaServiceIngests = function scaServiceIngests(config) {
+HTTPClient.prototype.scaServiceReportStatus = function scaServiceReport(
+  config,
+  reportId
+) {
   const options = _.cloneDeep(this.requestOptions)
-  let url = createScaServiceIngestsURL(config)
-  options.url = url
+  options.url = createScaServiceReportStatusURL(config, reportId)
+  if (config.debug || config.verbose) {
+    console.log('createScaServiceReportStatusURL', options.url)
+  }
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
+HTTPClient.prototype.scaServiceNoProjectIdReportStatus =
+  function scaServiceReport(config, reportId) {
+    const options = _.cloneDeep(this.requestOptions)
+    options.url = createScaServiceReportStatusURL(config, reportId)
+    if (config.debug || config.verbose) {
+      console.log('createScaServiceReportStatusURL', options.url)
+    }
+    return requestUtils.sendRequest({ method: 'get', options })
+  }
+
+// HTTPClient.prototype.scaServiceIngests = function scaServiceIngests(config) {
+//   const options = _.cloneDeep(this.requestOptions)
+//   let url = createScaServiceIngestsURL(config)
+//   options.url = url
+//   return requestUtils.sendRequest({ method: 'get', options })
+// }
+
 HTTPClient.prototype.scaServiceHealth = function scaServiceIngests(config) {
   const options = _.cloneDeep(this.requestOptions)
   let url = createScaServiceHealthURL(config)
@@ -296,6 +338,100 @@ HTTPClient.prototype.getAppId = function getAppId(config) {
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
+HTTPClient.prototype.registerRepo = function registerRepo(config, requestBody) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createRepositoryUrl(config)
+  options.url = url
+  options.body = requestBody
+  return requestUtils.sendRequest({ method: 'post', options })
+}
+
+HTTPClient.prototype.registerProjectGroup = function (config, requestBody) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = registerProjectGroupUrl(config)
+  options.url = url
+  options.body = requestBody
+
+  if (config.debug || config.verbose) {
+    console.log('registerProjectGroup')
+    console.log('url', options.url)
+    console.log('body', options.body)
+  }
+
+  return requestUtils.sendRequest({ method: 'post', options })
+}
+
+HTTPClient.prototype.registerProject = function (config, projectGroupId) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = registerProjectUrl(config, projectGroupId)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+HTTPClient.prototype.retrieveSourcesViaRepositoryId = function (
+  config,
+  repositoryId
+) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = retrieveSourcesUrl(config, repositoryId)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
+HTTPClient.prototype.retrieveRepoByOrgAndGitURL = function (config) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = retrieveRepoByOrgAndGitURL(config)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
+HTTPClient.prototype.registerOnCliServices = function (config, project) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = retrieveRegisterOnCliServicesUrl(config)
+  options.url = url
+  options.body = project
+
+  if (config.debug || config.verbose) {
+    console.log('registerOnCliServices')
+    console.log('url', options.url)
+    console.log('body', options.body)
+  }
+
+  return requestUtils.sendRequest({ method: 'post', options })
+}
+
+HTTPClient.prototype.retrieveProjectByOrganizationId = function registerRepo(
+  config
+) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = retrieveProjectByOrganizationIdUrl(config)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
+HTTPClient.prototype.retrieveExistingProjectGroupsByOrg = function registerRepo(
+  config
+) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = retrieveExistingGroupProjectsByOrgUrl(config)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
+HTTPClient.prototype.retrieveExistingProjectIdByProjectGroupId =
+  function registerRepo(config, projectGroupId) {
+    const options = _.cloneDeep(this.requestOptions)
+    let url = retrieveExistingGroupProjectsByGroupIdUrl(config, projectGroupId)
+    options.url = url
+    return requestUtils.sendRequest({ method: 'get', options })
+  }
+
+HTTPClient.prototype.retrieveExistingRepo = function registerRepo(config) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = retrieveExistingRepoUrl(config)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
 // HTTPClient.prototype.getDependencyTree = function getReport(
 //   orgUuid,
 //   appId,
@@ -468,26 +604,51 @@ function createSnapshotURL(config) {
 }
 
 function createScaServiceReportURL(config, reportId) {
-  let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/reports/${reportId}`
+  let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/projects/${config.projectId}/libraries/reports/${reportId}`
+  baseUrl = config.ignoreDev ? baseUrl.concat('?nodesToInclude=PROD') : baseUrl
+  return baseUrl
+}
+
+function createScaServiceReportNoProjectIdURL(config, reportId) {
+  let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/reports/${reportId}`
   baseUrl = config.ignoreDev ? baseUrl.concat('?nodesToInclude=PROD') : baseUrl
   return baseUrl
 }
 
 function createScaServiceReportStatusURL(config, reportId) {
-  return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests/${reportId}/status`
+  return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/${reportId}/status`
 }
 
-function createScaServiceIngestsURL(config) {
-  return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests`
+function createScaServiceNoProjectIdURL(config) {
+  return `${config.host}/Contrast/api/sca/organizations/${
+    config.organizationId
+  }/libraries/ingests/tree${config.repo ? '?incomplete=true' : ''}`
 }
 
+// function createScaServiceIngestsURL(config) {
+//   return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests`
+// }
+
 function createScaServiceHealthURL(config) {
   return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/health`
 }
 
 function createScaServiceIngestURL(config) {
-  let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests/tree`
-  baseUrl = config.track ? baseUrl.concat('?persist=true') : baseUrl
+  let optionalParams = []
+  config.repo ? optionalParams.push('incomplete=true') : null
+  config.track ? optionalParams.push('persist=true') : null
+
+  let params = '?'
+  optionalParams.forEach(param => {
+    params = params.concat(param)
+    params = params.concat('&')
+  })
+
+  let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/projects/${config.projectId}/libraries/ingests/tree${params}`
+
+  if (config.debug) {
+    console.log('createScaServiceIngestURL', baseUrl)
+  }
   return baseUrl
 }
 
@@ -499,6 +660,51 @@ const createAppNameUrl = config => {
   return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/name?filterText=${config.applicationName}`
 }
 
+const registerProjectGroupUrl = config => {
+  return `${config.host}/api/v4/organizations/${config.organizationId}/project-groups`
+}
+
+const registerProjectUrl = (config, projectGroupId) => {
+  return `${config.host}/api/v4/organizations/${config.organizationId}/project-groups/${projectGroupId}/projects`
+}
+
+const retrieveRegisterOnCliServicesUrl = config => {
+  return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/projects`
+}
+
+const retrieveSourcesUrl = (config, repositoryId) => {
+  return `${config.host}/projects/v1/repositories/${repositoryId}/sources`
+}
+
+const retrieveRepoByOrgAndGitURL = config => {
+  return `${config.host}/api/v4/organizations/${config.organizationId}/repository`
+}
+
+const retrieveProjectByOrganizationIdUrl = config => {
+  let baseUrl = `${config.host}/api/v4/organizations/${config.organizationId}/projects`
+  baseUrl = config.name ? baseUrl.concat(`?name=${config.name}`) : baseUrl
+  baseUrl = config.language
+    ? baseUrl.concat(`&language=${config.language}`)
+    : baseUrl
+  baseUrl = config.language ? baseUrl.concat(`&source=SCA`) : baseUrl
+  return baseUrl
+}
+
+const retrieveExistingGroupProjectsByOrgUrl = config => {
+  return `${config.host}/api/v4/organizations/${config.organizationId}/project-groups`
+}
+
+const retrieveExistingGroupProjectsByGroupIdUrl = (config, projectGroupId) => {
+  return `${config.host}/api/v4/organizations/${config.organizationId}/projects/${projectGroupId}/projects`
+}
+const retrieveExistingRepoUrl = config => {
+  return `${config.host}/projects/v4/organizations/${config.organizationId}/repositories`
+}
+
+function createRepositoryUrl(config) {
+  return `${config.host}/projects/v1/repositories`
+}
+
 function createLibraryVulnerabilitiesUrl(config) {
   return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`
 }
@@ -526,7 +732,9 @@ function createSbomUrl(config, type) {
 }
 
 function createSCASbomUrl(config, type, reportId) {
-  return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/applications/${config.applicationId}/sbom/${reportId}?toolType=${type}`
+  return config.projectId
+    ? `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/projects/${config.projectId}/libraries/sbom/${reportId}?toolType=${type}`
+    : `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/sbom/${reportId}?toolType=${type}`
 }
 
 function createTelemetryEventUrl(config) {

package/src/constants/constants.js

@@ -14,7 +14,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 // App
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.23'
+const APP_VERSION = '2.0.0'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'
@@ -30,14 +30,13 @@ const NOTE_PRIORITY = 5
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com'
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com'
 const SARIF_FILE = 'SARIF'
-const SBOM_CYCLONE_DX_FILE = 'cyclonedx'
-const SBOM_SPDX_FILE = 'spdx'
+const SBOM_CYCLONE_DX_FILE = 'CYCLONEDX'
+const SBOM_SPDX_FILE = 'SPDX'
 const CE_URL = 'https://ce.contrastsecurity.com'
 
 //configuration
 const SAAS = 'SAAS'
 const EOP = 'EOP'
-const MODE_BUILD = 'BUILD'
 const MODE_REPO = 'REPO'
 
 module.exports = {
@@ -68,6 +67,5 @@ module.exports = {
   SBOM_SPDX_FILE,
   SAAS,
   EOP,
-  MODE_BUILD,
   MODE_REPO
 }

package/src/constants/locales.js

@@ -76,7 +76,7 @@ const en_locales = () => {
     constantsDoNotWaitForScan:
       'Fire and forget. Do not wait for the result of the scan.',
     constantsProjectName:
-      'Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.',
+      'Contrast project name. If not specified, Contrast uses the file / folder name to identify the project or creates a new project.',
     constantsProjectId:
       'The ID associated with a scan project. Replace <ProjectID> with the ID for the scan project. To find the ID, select a scan project in Contrast and locate the last number in the URL.',
     failThresholdOptionErrorMessage: 'More than 0 vulnerabilities found',
@@ -190,9 +190,15 @@ const en_locales = () => {
     scanOptionsFileNameSummary:
       'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .exe or .zip file in the working directory.',
     scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
-    auditOptionsTrackSummary: ' Save the results to the UI.',
+    auditOptionsTrackSummary:
+      ' Send your dependency audit to Contrast to see results in the UI and start automating security checks. For instance when running local SCA checks you may not need or want to track the results.',
     auditOptionsBranchSummary:
       ' Set the branch name to associate the library results to.',
+    auditOptionsLegacySummary:
+      ' Creates an application in Contrast (a legacy workflow) - displays a dependency tree for your piece of code, utilizes metatdata.' +
+      '\n' +
+      '.NET is only supported using --legacy\n',
+    auditOptionsRepoSummary: ' Run in repo mode.',
     authSuccessMessage: 'Authentication successful',
     runAuthSuccessMessage:
       chalk.bold('CodeSec by Contrast') +
@@ -275,7 +281,7 @@ const en_locales = () => {
     ${chalk.bold(
       '.NET framework and .NET core:'
     )} MSBuild 15.0 or greater and a packages.lock.json file.
-    Note: If the packages.lock.json file is unavailable it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj file and running dotnet build.\n`,
+    Note: If the packages.lock.json file is unavailable it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj file and running dotnet build. Only supported with the --legacy flag, an older workflow\n`,
     constantsAuditPrerequisitesContentNodeMessage: `${chalk.bold(
       'Node:'
     )} package.json and a lock file (either .package-lock.json or .yarn.lock.)\n`,

package/src/index.ts

@@ -5,7 +5,6 @@ import { processAudit } from './commands/audit/processAudit'
 import { processAuth } from './commands/auth/auth'
 import { processConfig } from './commands/config/config'
 import { processScan } from './commands/scan/processScan'
-import { processFingerprint } from './commands/fingerprint/processFingerprint'
 import constants from './cliConstants'
 import { APP_NAME, APP_VERSION } from './constants/constants'
 import { processLambda } from './lambda/lambda'
@@ -88,10 +87,6 @@ const start = async () => {
         return processLearn()
       }
 
-      if (command === 'fingerprint') {
-        return await processFingerprint(config, argvMain)
-      }
-
       if (
         command === 'help' ||
         argvMain.includes('--help') ||

package/src/lambda/lambda.ts

@@ -126,7 +126,9 @@ const processLambda = async (argv: string[]) => {
 
 const getAvailableFunctions = async (lambdaOptions: LambdaOptions) => {
   const lambdas = await getAllLambdas(lambdaOptions)
-  printAvailableLambdas(lambdas, { runtimes: ['python', 'java', 'node'] })
+  printAvailableLambdas(lambdas, {
+    runtimes: ['python', 'java', 'node', 'dotnet']
+  })
 }
 
 const actualProcessLambda = async (lambdaOptions: LambdaOptions) => {

package/src/lambda/lambdaUtils.ts

@@ -11,7 +11,7 @@ import ora from '../utils/oraWrapper'
 import { LambdaOptions } from './lambda'
 import { log, getReadableFileSize } from './logUtils'
 
-type RuntimeLanguage = 'java' | 'python' | 'node'
+type RuntimeLanguage = 'java' | 'python' | 'node' | 'dotnet'
 
 type FilterLambdas = {
   runtimes: RuntimeLanguage[]

package/src/scaAnalysis/common/commonReportingFunctionsSca.js

@@ -142,12 +142,12 @@ const printFormattedOutputSca = (
     `${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`
   )
 
-  if (config.host !== CE_URL) {
+  if (config.host !== CE_URL && config.projectId) {
     console.log(
-      '\n' + chalk.bold('View your full dependency tree in Contrast:')
+      '\n' + chalk.bold("Check out your project's results in Contrast")
     )
     console.log(
-      `${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`
+      `${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/libraries?view=static&projects=${config.name}`
     )
   }
 }