@contrast/contrast 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. package/.prettierignore +1 -0
  2. package/README.md +20 -14
  3. package/dist/audit/languageAnalysisEngine/{langugageAnalysisFactory.js → languageAnalysisFactory.js} +2 -12
  4. package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +62 -234
  5. package/dist/audit/languageAnalysisEngine/report/models/reportLibraryModel.js +19 -0
  6. package/dist/audit/languageAnalysisEngine/report/models/reportListModel.js +24 -0
  7. package/dist/audit/languageAnalysisEngine/report/models/reportSeverityModel.js +10 -0
  8. package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +24 -129
  9. package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js +85 -0
  10. package/dist/audit/languageAnalysisEngine/sendSnapshot.js +3 -1
  11. package/dist/commands/audit/auditController.js +6 -3
  12. package/dist/commands/scan/processScan.js +4 -3
  13. package/dist/common/HTTPClient.js +19 -26
  14. package/dist/common/versionChecker.js +14 -12
  15. package/dist/constants/constants.js +1 -1
  16. package/dist/constants/lambda.js +3 -1
  17. package/dist/constants/locales.js +17 -10
  18. package/dist/constants.js +5 -1
  19. package/dist/index.js +2 -2
  20. package/dist/lambda/help.js +22 -14
  21. package/dist/lambda/lambda.js +6 -0
  22. package/dist/scan/models/groupedResultsModel.js +10 -0
  23. package/dist/scan/models/resultContentModel.js +2 -0
  24. package/dist/scan/models/scanResultsModel.js +11 -0
  25. package/dist/scan/scan.js +90 -95
  26. package/dist/scan/scanConfig.js +1 -1
  27. package/dist/utils/getConfig.js +3 -0
  28. package/package.json +2 -2
  29. package/src/audit/languageAnalysisEngine/{langugageAnalysisFactory.js → languageAnalysisFactory.js} +2 -16
  30. package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts +127 -0
  31. package/src/audit/languageAnalysisEngine/report/models/reportLibraryModel.ts +30 -0
  32. package/src/audit/languageAnalysisEngine/report/models/reportListModel.ts +32 -0
  33. package/src/audit/languageAnalysisEngine/report/models/reportSeverityModel.ts +9 -0
  34. package/src/audit/languageAnalysisEngine/report/reportingFeature.ts +56 -0
  35. package/src/audit/languageAnalysisEngine/report/utils/reportUtils.ts +110 -0
  36. package/src/audit/languageAnalysisEngine/sendSnapshot.js +3 -1
  37. package/src/commands/audit/auditController.ts +12 -3
  38. package/src/commands/scan/processScan.js +4 -6
  39. package/src/common/HTTPClient.js +31 -38
  40. package/src/common/errorHandling.ts +0 -1
  41. package/src/common/versionChecker.ts +24 -22
  42. package/src/constants/constants.js +1 -1
  43. package/src/constants/lambda.js +3 -1
  44. package/src/constants/locales.js +20 -10
  45. package/src/constants.js +7 -1
  46. package/src/index.ts +2 -3
  47. package/src/lambda/help.ts +22 -14
  48. package/src/lambda/lambda.ts +8 -0
  49. package/src/scan/models/groupedResultsModel.ts +18 -0
  50. package/src/scan/models/resultContentModel.ts +86 -0
  51. package/src/scan/models/scanResultsModel.ts +52 -0
  52. package/src/scan/scan.ts +192 -0
  53. package/src/scan/scanConfig.js +1 -1
  54. package/src/scan/scanController.js +2 -0
  55. package/src/utils/getConfig.ts +10 -0
  56. package/dist/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +0 -17
  57. package/dist/audit/languageAnalysisEngine/report/newReportingFeature.js +0 -81
  58. package/src/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +0 -27
  59. package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.js +0 -303
  60. package/src/audit/languageAnalysisEngine/report/newReportingFeature.js +0 -124
  61. package/src/audit/languageAnalysisEngine/report/reportingFeature.js +0 -190
  62. package/src/scan/scan.js +0 -195
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.js DELETED
@@ -1,303 +0,0 @@
1
- const i18n = require('i18n')
2
- const { getHttpClient } = require('../../../utils/commonApi')
3
-
4
- function displaySuccessMessageReport() {
5
- console.log('\n' + i18n.__('reportSuccessMessage'))
6
- }
7
-
8
- function getAllDependenciesArray(packageJson) {
9
- const {
10
- dependencies,
11
- optionalDependencies,
12
- devDependencies,
13
- peerDependencies
14
- } = packageJson
15
-
16
- const allDep = {
17
- ...dependencies,
18
- ...devDependencies,
19
- ...optionalDependencies,
20
- ...peerDependencies
21
- }
22
-
23
- return Object.entries(allDep)
24
- }
25
-
26
- function checkIfDepIsScoped(arrDep) {
27
- let count = 0
28
- arrDep.forEach(([key, value]) => {
29
- if (!key.startsWith('@')) {
30
- console.log(` WARNING not scoped: ${key}:${value}`)
31
- count++
32
- }
33
- })
34
- return count
35
- }
36
-
37
- const dependencyRiskReport = async (packageJson, config) => {
38
- const arrDep = getAllDependenciesArray(packageJson)
39
- const unRegisteredDeps = await checkIfDepIsRegisteredOnNPM(arrDep, config)
40
- let scopedCount = checkIfDepIsScoped(unRegisteredDeps)
41
-
42
- return {
43
- scopedCount: scopedCount,
44
- unRegisteredCount: unRegisteredDeps.length
45
- }
46
- }
47
-
48
- const checkIfDepIsRegisteredOnNPM = async (arrDep, config) => {
49
- let promises = []
50
- let unRegisteredDeps = []
51
- const client = getHttpClient(config)
52
-
53
- for (const [index, element] of arrDep) {
54
- const query = `query artifactByGAV($name: String!, $language: String!, $groupName: String, $version: String!, $nameCheck: Boolean) {
55
- artifact: exactVersion(name: $name, language: $language, groupName: $groupName, version: $version, nameCheck: $nameCheck) {
56
- version
57
- cves {
58
- baseScore
59
- }}}`
60
-
61
- const data = {
62
- query: query,
63
- variables: {
64
- name: index,
65
- version: element,
66
- language: 'node',
67
- nameCheck: true
68
- }
69
- }
70
-
71
- promises.push(client.checkLibrary(data))
72
- }
73
-
74
- await Promise.all(promises).then(response => {
75
- response.forEach(res => {
76
- const libName = JSON.parse(res.request.body)
77
- if (res.statusCode === 200) {
78
- if (res.body.data.artifact == null) {
79
- unRegisteredDeps.push([
80
- libName.variables.name,
81
- libName.variables.version
82
- ])
83
- }
84
- }
85
- })
86
- })
87
-
88
- if (unRegisteredDeps.length !== 0) {
89
- console.log(
90
- '\n Dependencies Risk Report',
91
- '\n\n Private libraries that are not scoped. We recommend these libraries are reviewed and the scope claimed to prevent dependency confusion breaches'
92
- )
93
- }
94
-
95
- return unRegisteredDeps
96
- }
97
-
98
- const createLibraryHeader = (
99
- id,
100
- numberOfVulnerableLibraries,
101
- numberOfCves,
102
- name
103
- ) => {
104
- name
105
- ? console.log(` Application Name: ${name} | Application ID: ${id}`)
106
- : console.log(` Application ID: ${id}`)
107
- console.log(
108
- ` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's`
109
- )
110
- }
111
-
112
- const breakPipeline = () => {
113
- failOptionError()
114
- process.exit(1)
115
- }
116
-
117
- const parameterOptions = hasSomeVulnerabilitiesReported => {
118
- const inputtedCLIOptions = cliOptions.getCommandLineArgs()
119
- let cveSeverityOption = inputtedCLIOptions['cve_severity']
120
- let fail = inputtedCLIOptions['fail']
121
- let cve_threshold = inputtedCLIOptions['cve_threshold']
122
- let expr
123
- if (cveSeverityOption && fail && cve_threshold) {
124
- expr = 'SeverityAndThreshold'
125
- } else if (!cveSeverityOption && fail && cve_threshold) {
126
- expr = 'ThresholdOnly'
127
- } else if (!cve_threshold && fail && hasSomeVulnerabilitiesReported[0]) {
128
- expr = 'FailOnly'
129
- }
130
- return expr
131
- }
132
-
133
- const analyseReportOptions = hasSomeVulnerabilitiesReported => {
134
- const inputtedCLIOptions = cliOptions.getCommandLineArgs()
135
- let cve_threshold = inputtedCLIOptions['cve_threshold']
136
- let cveSeverity
137
- let criticalSeverity
138
- let highSeverity
139
- let mediumSeverity
140
- let lowSeverity
141
-
142
- switch (parameterOptions(hasSomeVulnerabilitiesReported)) {
143
- case 'SeverityAndThreshold':
144
- cveSeverity = inputtedCLIOptions['cve_severity'].severity
145
- criticalSeverity = hasSomeVulnerabilitiesReported[2].critical
146
- highSeverity = hasSomeVulnerabilitiesReported[2].high
147
- mediumSeverity = hasSomeVulnerabilitiesReported[2].medium
148
- lowSeverity = hasSomeVulnerabilitiesReported[2].low
149
-
150
- if (cveSeverity === 'HIGH') {
151
- if (cve_threshold < highSeverity + criticalSeverity) {
152
- breakPipeline()
153
- }
154
- }
155
-
156
- if (cveSeverity === 'MEDIUM') {
157
- if (cve_threshold < mediumSeverity + highSeverity) {
158
- breakPipeline()
159
- }
160
- }
161
-
162
- if (cveSeverity === 'LOW') {
163
- if (cve_threshold < lowSeverity + mediumSeverity + highSeverity) {
164
- breakPipeline()
165
- }
166
- }
167
- break
168
- case 'ThresholdOnly':
169
- if (cve_threshold < hasSomeVulnerabilitiesReported[1]) {
170
- breakPipeline()
171
- }
172
- break
173
- case 'FailOnly':
174
- breakPipeline()
175
- break
176
- }
177
- }
178
-
179
- const getReport = async applicationId => {
180
- const userParams = await util.getParams(applicationId)
181
- const addParams = agent.getAdditionalParams()
182
- const protocol = getValidHost(userParams.host)
183
- const client = commonApi.getHttpClient(userParams, protocol, addParams)
184
- return client
185
- .getReport(userParams)
186
- .then(res => {
187
- if (res.statusCode === 200) {
188
- displaySuccessMessageReport()
189
- return res.body
190
- } else {
191
- handleResponseErrors(res, 'report')
192
- }
193
- })
194
- .catch(err => {
195
- console.log(err)
196
- })
197
- }
198
-
199
- const printVulnerabilityResponse = (
200
- severity,
201
- filteredVulns,
202
- vulnerabilities
203
- ) => {
204
- let hasSomeVulnerabilitiesReported = false
205
- if (severity) {
206
- returnCveData(filteredVulns)
207
- if (Object.keys(filteredVulns).length > 0)
208
- hasSomeVulnerabilitiesReported = true
209
- } else {
210
- returnCveData(vulnerabilities)
211
- if (Object.keys(vulnerabilities).length > 0)
212
- hasSomeVulnerabilitiesReported = true
213
- }
214
- return hasSomeVulnerabilitiesReported
215
- }
216
-
217
- const returnCveData = libraries => {
218
- console.log('\n ************************************************************')
219
-
220
- for (const [key, value] of Object.entries(libraries)) {
221
- const parts = key.split('/')
222
- const nameVersion = parts[1].split('@')
223
- const group = parts[0]
224
- const name = nameVersion[0]
225
- const version = nameVersion[1]
226
-
227
- const libName =
228
- group !== 'null'
229
- ? `${group}/${name}/${version} is vulnerable`
230
- : `${name}/${version} is vulnerable`
231
-
232
- console.log('\n\n ' + libName)
233
- value.forEach(vuln => {
234
- let sevCode = vuln.severityCode || vuln.severity_code
235
- console.log('\n ' + vuln.name + ' ' + sevCode + '\n ' + vuln.description)
236
- })
237
- }
238
- }
239
-
240
- function searchHighCVEs(vuln) {
241
- let sevCode = vuln.severityCode || vuln.severity_code
242
- if (sevCode === 'HIGH') {
243
- return vuln
244
- }
245
- }
246
-
247
- function searchMediumCVEs(vuln) {
248
- let sevCode = vuln.severityCode || vuln.severity_code
249
- if (sevCode === 'HIGH' || sevCode === 'MEDIUM') {
250
- return vuln
251
- }
252
- }
253
-
254
- function searchLowCVEs(vuln) {
255
- let sevCode = vuln.severityCode || vuln.severity_code
256
- if (sevCode === 'HIGH' || sevCode === 'MEDIUM' || sevCode === 'LOW') {
257
- return vuln
258
- }
259
- }
260
-
261
- const filterVulnerabilitiesBySeverity = (severity, vulnerabilities) => {
262
- let filteredVulns = []
263
- if (severity) {
264
- for (let x in vulnerabilities) {
265
- if (severity.severity === 'HIGH') {
266
- let highVulnerability = vulnerabilities[x].filter(searchHighCVEs)
267
- if (highVulnerability.length > 0) {
268
- filteredVulns[x] = highVulnerability
269
- }
270
- } else if (severity.severity === 'MEDIUM') {
271
- let mediumVulnerability = vulnerabilities[x].filter(searchMediumCVEs)
272
- if (mediumVulnerability.length > 0) {
273
- filteredVulns[x] = mediumVulnerability
274
- }
275
- } else if (severity.severity === 'LOW') {
276
- let lowVulnerability = vulnerabilities[x].filter(searchLowCVEs)
277
- if (lowVulnerability.length > 0) {
278
- filteredVulns[x] = lowVulnerability
279
- }
280
- }
281
- }
282
- }
283
- return filteredVulns
284
- }
285
-
286
- module.exports = {
287
- displaySuccessMessageReport: displaySuccessMessageReport,
288
- getAllDependenciesArray: getAllDependenciesArray,
289
- dependencyRiskReport: dependencyRiskReport,
290
- createLibraryHeader: createLibraryHeader,
291
- breakPipeline: breakPipeline,
292
- parameterOptions: parameterOptions,
293
- analyseReportOptions: analyseReportOptions,
294
- getReport: getReport,
295
- checkIfDepIsScoped: checkIfDepIsScoped,
296
- checkIfDepIsRegisteredOnNPM: checkIfDepIsRegisteredOnNPM,
297
- filterVulnerabilitiesBySeverity: filterVulnerabilitiesBySeverity,
298
- searchLowCVEs: searchLowCVEs,
299
- searchMediumCVEs: searchMediumCVEs,
300
- searchHighCVEs: searchHighCVEs,
301
- returnCveData: returnCveData,
302
- printVulnerabilityResponse: printVulnerabilityResponse
303
- }
package/src/audit/languageAnalysisEngine/report/newReportingFeature.js DELETED
@@ -1,124 +0,0 @@
1
- const commonReport = require('./commonReportingFunctions')
2
- const { handleResponseErrors } = require('../commonApi')
3
- const { getHttpClient } = require('../../../utils/commonApi')
4
-
5
- const vulnReportWithoutDevDep = async (
6
- analysis,
7
- applicationId,
8
- snapshotId,
9
- config
10
- ) => {
11
- if (config.report) {
12
- const reportResponse = await getSpecReport(snapshotId, config)
13
- if (reportResponse !== undefined) {
14
- const severity = config.cveSeverity
15
- const id = applicationId
16
- const name = config.applicationName
17
- const hasSomeVulnerabilitiesReported = formatVulnerabilityOutput(
18
- reportResponse.vulnerabilities,
19
- severity,
20
- id,
21
- name,
22
- config
23
- )
24
- commonReport.analyseReportOptions(hasSomeVulnerabilitiesReported)
25
- }
26
- }
27
- }
28
-
29
- const getSpecReport = async (reportId, config) => {
30
- const client = getHttpClient(config)
31
-
32
- return client
33
- .getSpecificReport(config, reportId)
34
- .then(res => {
35
- if (res.statusCode === 200) {
36
- commonReport.displaySuccessMessageReport()
37
- return res.body
38
- } else {
39
- handleResponseErrors(res, 'report')
40
- }
41
- })
42
- .catch(err => {
43
- console.log(err)
44
- })
45
- }
46
-
47
- const countSeverity = vulnerabilities => {
48
- const severityCount = {
49
- critical: 0,
50
- high: 0,
51
- medium: 0,
52
- low: 0
53
- }
54
-
55
- // eslint-disable-next-line
56
- for (const key of Object.keys(vulnerabilities)) {
57
- vulnerabilities[key].forEach(vuln => {
58
- if (vuln.severityCode === 'HIGH') {
59
- severityCount['high'] += 1
60
- } else if (vuln.severityCode === 'MEDIUM') {
61
- severityCount['medium'] += 1
62
- } else if (vuln.severityCode === 'LOW') {
63
- severityCount['low'] += 1
64
- } else if (vuln.severityCode === 'CRITICAL') {
65
- severityCount['critical'] += 1
66
- }
67
- })
68
- }
69
- return severityCount
70
- }
71
-
72
- const formatVulnerabilityOutput = (
73
- vulnerabilities,
74
- severity,
75
- id,
76
- name,
77
- config
78
- ) => {
79
- const numberOfVulnerableLibraries = Object.keys(vulnerabilities).length
80
- let numberOfCves = 0
81
-
82
- // eslint-disable-next-line
83
- for (const key of Object.keys(vulnerabilities)) {
84
- numberOfCves += vulnerabilities[key].length
85
- }
86
-
87
- commonReport.createLibraryHeader(
88
- id,
89
- numberOfVulnerableLibraries,
90
- numberOfCves,
91
- name
92
- )
93
-
94
- const severityCount = countSeverity(vulnerabilities)
95
- const filteredVulns = commonReport.filterVulnerabilitiesBySeverity(
96
- severity,
97
- vulnerabilities
98
- )
99
-
100
- let hasSomeVulnerabilitiesReported
101
- hasSomeVulnerabilitiesReported = commonReport.printVulnerabilityResponse(
102
- severity,
103
- filteredVulns,
104
- vulnerabilities
105
- )
106
-
107
- console.log(
108
- '\n **************************' +
109
- ` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's ` +
110
- '************************** '
111
- )
112
-
113
- console.log(
114
- ' \n Please go to the Contrast UI to view your dependency tree: \n' +
115
- ` \n ${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`
116
- )
117
- return [hasSomeVulnerabilitiesReported, numberOfCves, severityCount]
118
- }
119
-
120
- module.exports = {
121
- vulnReportWithoutDevDep: vulnReportWithoutDevDep,
122
- formatVulnerabilityOutput: formatVulnerabilityOutput,
123
- getSpecReport: getSpecReport
124
- }
package/src/audit/languageAnalysisEngine/report/reportingFeature.js DELETED
@@ -1,190 +0,0 @@
1
- const i18n = require('i18n')
2
- const commonApi = require('../commonApi')
3
- const commonReport = require('./commonReportingFunctions')
4
-
5
- function displaySuccessMessageVulnerabilities() {
6
- console.log(i18n.__('vulnerabilitiesSuccessMessage'))
7
- }
8
-
9
- const vulnerabilityReport = async (analysis, applicationId, config) => {
10
- let depRiskReportCount = {}
11
- if (analysis.language === 'NODE') {
12
- depRiskReportCount = await commonReport.dependencyRiskReport(
13
- analysis.node.packageJSON,
14
- config
15
- )
16
- }
17
- if (config['report']) {
18
- const reportResponse = await commonReport.getReport(applicationId)
19
- if (reportResponse !== undefined) {
20
- const libraryVulnerabilityInput = createLibraryVulnerabilityInput(
21
- reportResponse.reports
22
- )
23
- const libraryVulnerabilityResponse = await getLibraryVulnerabilities(
24
- libraryVulnerabilityInput,
25
- applicationId
26
- )
27
-
28
- const severity = config['cve_severity']
29
- const id = applicationId
30
- const name = config.applicationName
31
- const hasSomeVulnerabilitiesReported = formatVulnerabilityOutput(
32
- libraryVulnerabilityResponse,
33
- severity,
34
- id,
35
- name,
36
- depRiskReportCount,
37
- config
38
- )
39
- commonReport.analyseReportOptions(hasSomeVulnerabilitiesReported)
40
- }
41
- }
42
- }
43
-
44
- const createLibraryVulnerabilityInput = report => {
45
- const language = Object.keys(report[0].report)[0]
46
- const reportTree = report[0].report[language].dependencyTree
47
- const libraries = reportTree[Object.keys(reportTree)[0]]
48
-
49
- let gav = []
50
- // eslint-disable-next-line
51
- for (const key of Object.keys(libraries)) {
52
- gav.push({
53
- name: libraries[key].name,
54
- group: libraries[key].group,
55
- version: libraries[key].resolved
56
- })
57
- }
58
-
59
- return {
60
- name_group_versions: gav,
61
- language: language.toUpperCase()
62
- }
63
- }
64
-
65
- const oldCountSeverity = vulnerableLibraries => {
66
- const severityCount = {
67
- critical: 0,
68
- high: 0,
69
- medium: 0,
70
- low: 0
71
- }
72
-
73
- vulnerableLibraries.forEach(lib => {
74
- lib.vulns.forEach(vuln => {
75
- if (vuln.severity_code === 'HIGH') {
76
- severityCount['high'] += 1
77
- } else if (vuln.severity_code === 'MEDIUM') {
78
- severityCount['medium'] += 1
79
- } else if (vuln.severity_code === 'LOW') {
80
- severityCount['low'] += 1
81
- } else if (vuln.severity_code === 'CRITICAL') {
82
- severityCount['critical'] += 1
83
- }
84
- })
85
- })
86
- return severityCount
87
- }
88
-
89
- const parseVulnerabilites = libraryVulnerabilityResponse => {
90
- let parsedVulnerabilites = {}
91
- let vulnName = libraryVulnerabilityResponse.libraries
92
- for (let x in vulnName) {
93
- let vuln = vulnName[x].vulns
94
- if (vuln.length > 0) {
95
- let libname =
96
- vulnName[x].group +
97
- '/' +
98
- vulnName[x].file_name +
99
- '@' +
100
- vulnName[x].file_version
101
- parsedVulnerabilites[libname] = vulnName[x].vulns
102
- }
103
- }
104
- return parsedVulnerabilites
105
- }
106
-
107
- const formatVulnerabilityOutput = (
108
- libraryVulnerabilityResponse,
109
- severity,
110
- id,
111
- name,
112
- depRiskReportCount,
113
- config
114
- ) => {
115
- let vulnerableLibraries = libraryVulnerabilityResponse.libraries.filter(
116
- data => {
117
- return data.vulns.length > 0
118
- }
119
- )
120
-
121
- const numberOfVulnerableLibraries = vulnerableLibraries.length
122
- let numberOfCves = 0
123
- vulnerableLibraries.forEach(lib => (numberOfCves += lib.vulns.length))
124
- commonReport.createLibraryHeader(
125
- id,
126
- numberOfVulnerableLibraries,
127
- numberOfCves,
128
- name
129
- )
130
-
131
- const severityCount = oldCountSeverity(vulnerableLibraries)
132
-
133
- // parse so filter code will work for both new (ignore dev dep) and current report
134
- let vulnerabilities = parseVulnerabilites(libraryVulnerabilityResponse)
135
- let filteredVulns = commonReport.filterVulnerabilitiesBySeverity(
136
- severity,
137
- vulnerabilities
138
- )
139
- let hasSomeVulnerabilitiesReported
140
- hasSomeVulnerabilitiesReported = commonReport.printVulnerabilityResponse(
141
- severity,
142
- filteredVulns,
143
- vulnerabilities
144
- )
145
-
146
- console.log(
147
- '\n **************************' +
148
- ` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's ` +
149
- '************************** '
150
- )
151
-
152
- if (depRiskReportCount && depRiskReportCount.scopedCount === 0) {
153
- console.log(' No private libraries that are not scoped detected')
154
- }
155
-
156
- console.log(
157
- ' \n Please go to the Contrast UI to view your dependency tree: \n' +
158
- ` \n ${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`
159
- )
160
- return [hasSomeVulnerabilitiesReported, numberOfCves, severityCount]
161
- }
162
-
163
- const getLibraryVulnerabilities = async (input, applicationId) => {
164
- const requestBody = input
165
- const addParams = agent.getAdditionalParams()
166
- const userParams = await util.getParams(applicationId)
167
- const protocol = getValidHost(userParams.host)
168
- const client = commonApi.getHttpClient(userParams, protocol, addParams)
169
-
170
- return client
171
- .getLibraryVulnerabilities(requestBody, userParams)
172
- .then(res => {
173
- if (res.statusCode === 200) {
174
- displaySuccessMessageVulnerabilities()
175
- return res.body
176
- } else {
177
- handleResponseErrors(res, 'vulnerabilities')
178
- }
179
- })
180
- .catch(err => {
181
- console.log(err)
182
- })
183
- }
184
-
185
- module.exports = {
186
- vulnerabilityReport: vulnerabilityReport,
187
- getLibraryVulnerabilities: getLibraryVulnerabilities,
188
- formatVulnerabilityOutput: formatVulnerabilityOutput,
189
- createLibraryVulnerabilityInput: createLibraryVulnerabilityInput
190
- }