@contrast/contrast 1.0.23 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. package/README.md +21 -138
  2. package/dist/audit/languageAnalysisEngine/sendSnapshot.js +2 -19
  3. package/dist/audit/save.js +6 -1
  4. package/dist/cliConstants.js +49 -0
  5. package/dist/commands/audit/auditController.js +2 -1
  6. package/dist/commands/audit/help.js +2 -3
  7. package/dist/commands/audit/processAudit.js +2 -0
  8. package/dist/commands/audit/saveFile.js +5 -1
  9. package/dist/commands/{fingerprint → github}/processFingerprint.js +6 -2
  10. package/dist/commands/github/projectGroup.js +174 -0
  11. package/dist/commands/github/repoServices.js +70 -0
  12. package/dist/common/HTTPClient.js +165 -13
  13. package/dist/common/errorHandling.js +1 -1
  14. package/dist/constants/constants.js +3 -5
  15. package/dist/constants/locales.js +7 -3
  16. package/dist/index.js +4 -4
  17. package/dist/lambda/lambda.js +3 -1
  18. package/dist/scaAnalysis/common/commonReportingFunctionsSca.js +3 -3
  19. package/dist/scaAnalysis/common/scaServicesUpload.js +77 -7
  20. package/dist/scaAnalysis/common/treeUpload.js +19 -5
  21. package/dist/scaAnalysis/go/goAnalysis.js +6 -1
  22. package/dist/scaAnalysis/java/index.js +6 -1
  23. package/dist/scaAnalysis/javascript/index.js +5 -2
  24. package/dist/scaAnalysis/legacy/legacyFlow.js +33 -0
  25. package/dist/scaAnalysis/php/index.js +8 -2
  26. package/dist/scaAnalysis/processServicesFlow.js +39 -0
  27. package/dist/scaAnalysis/python/analysis.js +10 -4
  28. package/dist/scaAnalysis/python/index.js +6 -1
  29. package/dist/scaAnalysis/repoMode/index.js +2 -2
  30. package/dist/scaAnalysis/ruby/analysis.js +10 -1
  31. package/dist/scaAnalysis/ruby/index.js +6 -1
  32. package/dist/scaAnalysis/scaAnalysis.js +47 -25
  33. package/dist/scan/autoDetection.js +47 -4
  34. package/dist/scan/fileUtils.js +5 -4
  35. package/dist/utils/commonApi.js +26 -1
  36. package/dist/utils/settingsHelper.js +14 -0
  37. package/package.json +8 -5
  38. package/src/audit/languageAnalysisEngine/sendSnapshot.js +3 -22
  39. package/src/audit/save.js +10 -1
  40. package/src/cliConstants.js +52 -0
  41. package/src/commands/audit/auditController.js +2 -1
  42. package/src/commands/audit/help.js +2 -3
  43. package/src/commands/audit/processAudit.js +2 -0
  44. package/src/commands/audit/saveFile.js +6 -1
  45. package/src/commands/{fingerprint → github}/processFingerprint.js +8 -2
  46. package/src/commands/github/projectGroup.js +198 -0
  47. package/src/commands/github/repoServices.js +80 -0
  48. package/src/common/HTTPClient.js +221 -13
  49. package/src/common/errorHandling.js +2 -2
  50. package/src/constants/constants.js +3 -5
  51. package/src/constants/locales.js +9 -3
  52. package/src/index.ts +5 -5
  53. package/src/lambda/lambda.ts +3 -1
  54. package/src/lambda/lambdaUtils.ts +1 -1
  55. package/src/scaAnalysis/common/commonReportingFunctionsSca.js +3 -3
  56. package/src/scaAnalysis/common/scaServicesUpload.js +92 -7
  57. package/src/scaAnalysis/common/treeUpload.js +20 -5
  58. package/src/scaAnalysis/go/goAnalysis.js +6 -1
  59. package/src/scaAnalysis/java/index.js +6 -1
  60. package/src/scaAnalysis/javascript/index.js +6 -4
  61. package/src/scaAnalysis/legacy/legacyFlow.js +48 -0
  62. package/src/scaAnalysis/php/index.js +8 -2
  63. package/src/scaAnalysis/processServicesFlow.js +61 -0
  64. package/src/scaAnalysis/python/analysis.js +10 -4
  65. package/src/scaAnalysis/python/index.js +6 -1
  66. package/src/scaAnalysis/repoMode/index.js +2 -2
  67. package/src/scaAnalysis/ruby/analysis.js +11 -1
  68. package/src/scaAnalysis/ruby/index.js +6 -1
  69. package/src/scaAnalysis/scaAnalysis.js +61 -37
  70. package/src/scan/autoDetection.js +50 -5
  71. package/src/scan/fileUtils.js +5 -4
  72. package/src/utils/commonApi.js +29 -1
  73. package/src/utils/settingsHelper.js +16 -0
  74. /package/dist/commands/{fingerprint → github}/fingerprintConfig.js +0 -0
  75. /package/src/commands/{fingerprint → github}/fingerprintConfig.js +0 -0
package/src/scan/autoDetection.js CHANGED
@@ -1,18 +1,62 @@
1
1
  const i18n = require('i18n')
2
2
  const fileFinder = require('./fileUtils')
3
-
4
- const autoDetectFingerprintInfo = async (filePath, depth) => {
3
+ const {
4
+ supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET }
5
+ } = require('../constants/constants')
6
+ const autoDetectFingerprintInfo = async (filePath, depth, config) => {
5
7
  let complexObj = await fileFinder.findAllFiles(filePath, depth)
6
8
  let result = []
7
9
  let count = 0
8
10
  complexObj.forEach(i => {
9
11
  count++
10
- result.push({ filePath: i, id: count.toString() })
12
+ result.push({
13
+ filePath: i,
14
+ id: count.toString(),
15
+ repositoryId: config.repositoryId
16
+ })
11
17
  })
12
18
 
13
19
  return result
14
20
  }
15
21
 
22
+ const detectPackageManager = async array => {
23
+ array.forEach(i => {
24
+ if (i.filePath.includes('pom.xml')) {
25
+ i['language'] = JAVA
26
+ i['packageManager'] = 'MAVEN'
27
+ }
28
+ if (i.filePath.includes('build.gradle.kts')) {
29
+ i['language'] = JAVA
30
+ i['packageManager'] = 'GRADLE'
31
+ }
32
+ if (i.filePath.includes('build.gradle')) {
33
+ i['language'] = JAVA
34
+ i['packageManager'] = 'GRADLE'
35
+ }
36
+ if (i.filePath.includes('package-lock.json')) {
37
+ i['language'] = JAVASCRIPT
38
+ i['packageManager'] = 'NPM'
39
+ }
40
+ if (i.filePath.includes('yarn.lock')) {
41
+ i['language'] = JAVASCRIPT
42
+ i['packageManager'] = 'YARN'
43
+ }
44
+ if (i.filePath.includes('Pipfile')) {
45
+ i['language'] = PYTHON
46
+ }
47
+ if (i.filePath.includes('csproj')) {
48
+ i['language'] = DOTNET
49
+ }
50
+ if (i.filePath.includes('Gemfile')) {
51
+ i['language'] = RUBY
52
+ }
53
+ if (i.filePath.includes('go.mod')) {
54
+ i['language'] = GO
55
+ }
56
+ })
57
+ return array
58
+ }
59
+
16
60
  const autoDetectFileAndLanguage = async configToUse => {
17
61
  const entries = await fileFinder.findFile()
18
62
 
@@ -67,7 +111,7 @@ const dealWithMultiJava = filesFound => {
67
111
  let hasMultiJava =
68
112
  filesFound.filter(data => {
69
113
  return (
70
- Object.keys(data)[0] === 'JAVA' &&
114
+ Object.keys(data)[0] === JAVA &&
71
115
  Object.values(data)[0].includes('build.gradle') &&
72
116
  Object.values(data)[0].includes('pom.xml')
73
117
  )
@@ -119,5 +163,6 @@ module.exports = {
119
163
  autoDetectAuditFilesAndLanguages,
120
164
  errorOnAuditFileDetection,
121
165
  autoDetectFingerprintInfo,
122
- dealWithMultiJava
166
+ dealWithMultiJava,
167
+ detectPackageManager
123
168
  }
package/src/scan/fileUtils.js CHANGED
@@ -18,6 +18,7 @@ const findAllFiles = async (filePath, depth = 2) => {
18
18
  '**/build.gradle',
19
19
  '**/build.gradle.kts',
20
20
  '**/package.json',
21
+ '**/yarn.lock',
21
22
  '**/Pipfile',
22
23
  '**/*.csproj',
23
24
  '**/Gemfile',
@@ -38,19 +39,19 @@ const findAllFiles = async (filePath, depth = 2) => {
38
39
  return []
39
40
  }
40
41
 
41
- const findFilesJava = async (languagesFound, filePath) => {
42
+ const findFilesJava = async (languagesFound, filePath, depth = 1) => {
42
43
  const result = await fg(
43
44
  ['**/pom.xml', '**/build.gradle', '**/build.gradle.kts'],
44
45
  {
45
46
  dot: false,
46
- deep: 1,
47
+ deep: depth,
47
48
  onlyFiles: true,
48
49
  cwd: filePath ? filePath : process.cwd()
49
50
  }
50
51
  )
51
52
 
52
53
  if (result.length > 0) {
53
- return languagesFound.push({ JAVA: result })
54
+ return languagesFound.push({ JAVA: result, language: 'JAVA' })
54
55
  }
55
56
  return languagesFound
56
57
  }
@@ -67,7 +68,7 @@ const findFilesJavascript = async (languagesFound, filePath) => {
67
68
  )
68
69
 
69
70
  if (result.length > 0) {
70
- return languagesFound.push({ JAVASCRIPT: result })
71
+ return languagesFound.push({ JAVASCRIPT: result, language: 'JAVASCRIPT' })
71
72
  }
72
73
  return languagesFound
73
74
  }
package/src/utils/commonApi.js CHANGED
@@ -12,7 +12,33 @@ const {
12
12
  parametersError,
13
13
  invalidHostNameError
14
14
  } = require('../common/errorHandling')
15
+ const { performance } = require('perf_hooks')
16
+ const requestUtils = require('./requestUtils')
17
+ const oraFunctions = require('./oraWrapper')
15
18
 
19
+ const getTimeout = config => {
20
+ if (config.timeout) {
21
+ return config.timeout
22
+ } else {
23
+ if (config.verbose) {
24
+ console.log('Timeout set to 5 minutes')
25
+ }
26
+ return 300
27
+ }
28
+ }
29
+
30
+ const handleTimeout = (startTime, timeout, reportSpinner) => {
31
+ const endTime = performance.now() - startTime
32
+ if (requestUtils.millisToSeconds(endTime) > timeout) {
33
+ oraFunctions.failSpinner(
34
+ reportSpinner,
35
+ 'Contrast audit timed out at the specified timeout of ' +
36
+ timeout +
37
+ ' seconds.'
38
+ )
39
+ throw new Error('You can update the timeout using --timeout')
40
+ }
41
+ }
16
42
  const handleResponseErrors = (res, api) => {
17
43
  if (res.statusCode === 400) {
18
44
  api === 'catalogue' ? badRequestError(true) : badRequestError(false)
@@ -71,5 +97,7 @@ module.exports = {
71
97
  getValidHost: getValidHost,
72
98
  getProtocol: getProtocol,
73
99
  handleResponseErrors: handleResponseErrors,
74
- getHttpClient: getHttpClient
100
+ getHttpClient: getHttpClient,
101
+ handleTimeout: handleTimeout,
102
+ getTimeout: getTimeout
75
103
  }
package/src/utils/settingsHelper.js ADDED
@@ -0,0 +1,16 @@
1
+ const generalAPI = require('./generalAPI')
2
+ const { SAAS } = require('../constants/constants')
3
+
4
+ const getSettings = async config => {
5
+ config.isEOP =
6
+ (await generalAPI.getMode(config)).toUpperCase() === SAAS ? false : true
7
+
8
+ if (config.legacy === undefined) {
9
+ config.legacy = config.isEOP
10
+ }
11
+ return config
12
+ }
13
+
14
+ module.exports = {
15
+ getSettings
16
+ }