@contrast/contrast 1.0.3 → 1.0.6

package/.prettierignore

@@ -1,3 +1,7 @@
 test/commands/**
 dist/**
 test/errorHandling.spec.ts
+**/models
+**/audit/autodetection/autoDetectLanguage.ts
+**/commands/audit/auditConfig.ts
+**/audit/languageAnalysisEngine/report

package/README.md

@@ -9,7 +9,7 @@ CodeSec delivers:
 
 ## Install
 
-```
+```shell
 npm install -g @contrast/contrast
 ```
 
@@ -23,7 +23,8 @@ In the resulting browser window, log in and authenticate with your GitHub or Goo
 
 ### SAST scan
 
-####Requirements
+#### Scan Requirements
+
 Make sure you have the correct file types to scan.
 
 - Upload a .jar or .war file to scan a Java project for analysis
@@ -36,7 +37,7 @@ Use the Contrast scan command `contrast scan`
 
 ### Lambda function scan
 
-####Requirements
+#### Lambda Requirements
 
 - Currently supports Java and Python functions on AWS.
   Configure AWS credentials on your local environment by running the commands with your credentials:
@@ -85,19 +86,24 @@ Performs a security SAST scan.
 
 **Options:**
 
-- **contrast scan --file** Path of the file you want to scan. Contrast searches for a .jar, .war .exe or .zip file in the working directory (and 3 folders deep) if a file is not specified.
-  Alias: **--f**
+- **contrast scan --file**
+
+  - Path of the file you want to scan. Contrast searches for a .jar, .war, .js. or .zip file in the working directory if a file is not specified.
+  - Alias: **--f**
 
 - **contrast scan --name**
-  Contrast project name. If not specified, Contrast creates a project from the name of the file
-  Alias: **–n**
+
+  - Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.
+  - Alias: **–n**
+
 - **contrast scan --save**
-  Download the results to a Static Analysis Results Interchange Format (SARIF) file.
-  Alias: **-s**
+
+  - Download the results to a Static Analysis Results Interchange Format (SARIF) file. The file is downloaded to the current working directory with a default name of results.sarif. You can view the file with any text editor.
+  - Alias: **-s**
 
 - **contrast scan --timeout**
-  Time in seconds to wait for the scan to complete. Default value is 300 seconds.
-  Alias: **-t**
+  - Time in seconds to wait for the scan to complete. Default value is 300 seconds.
+  - Alias: **-t**
 
 ### lambda
 
@@ -107,6 +113,9 @@ Name of AWS lambda function to scan.
 
 **Options:**
 
+- **contrast lambda --list-functions**
+  Lists all available lambda functions to scan.
+
 - **contrast lambda --function-name --endpoint-url**
   AWS Endpoint override. Similar to AWS CLI.
   Alias: **-e**
@@ -127,9 +136,6 @@ Name of AWS lambda function to scan.
   Returns extended information to the terminal.
   Alias: **-v**
 
-- **contrast lambda -–function-name --list-functions**
-  Lists all available lambda functions to scan.
-
 - **contrast lambda --function-name -–help**
   Displays usage guide.
   Alias: **-h**

package/dist/audit/autodetection/autoDetectLanguage.js

@@ -0,0 +1,32 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.determineProjectLanguage = exports.identifyLanguages = void 0;
+const i18n_1 = __importDefault(require("i18n"));
+const reduceIdentifiedLanguages_1 = require("../languageAnalysisEngine/reduceIdentifiedLanguages");
+const getProjectRootFilenames_1 = require("../languageAnalysisEngine/getProjectRootFilenames");
+function identifyLanguages(config) {
+    const { projectPath } = config;
+    const projectRootFilenames = (0, getProjectRootFilenames_1.getProjectRootFilenames)(projectPath);
+    const identifiedLanguages = projectRootFilenames.reduce((accumulator, filename) => {
+        const deducedLanguages = (0, reduceIdentifiedLanguages_1.deduceLanguage)(filename);
+        return [...accumulator, ...deducedLanguages];
+    }, []);
+    if (Object.keys(identifiedLanguages).length === 0) {
+        throw new Error(i18n_1.default.__('languageAnalysisNoLanguage', projectPath));
+    }
+    return (0, reduceIdentifiedLanguages_1.reduceIdentifiedLanguages)(identifiedLanguages);
+}
+exports.identifyLanguages = identifyLanguages;
+function determineProjectLanguage(reducedLanguages) {
+    const reducedLanguagesKeys = Object.keys(reducedLanguages);
+    if (reducedLanguagesKeys.length === 1) {
+        return reducedLanguagesKeys[0];
+    }
+    else {
+        throw new Error('Detected multiple languages. Please specify a single language using --language');
+    }
+}
+exports.determineProjectLanguage = determineProjectLanguage;

package/dist/audit/catalogueApplication/catalogueApplication.js

@@ -1,16 +1,8 @@
 "use strict";
 const i18n = require('i18n');
 const { getHttpClient, handleResponseErrors } = require('../../utils/commonApi');
-const locationOfApp = (config, appId) => {
-    return `${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${appId}`;
-};
-const displaySuccessMessage = (config, appId) => {
-    console.log('\n **************************' +
-        i18n.__('successHeader') +
-        '************************** \n');
-    console.log('\n' + i18n.__('catalogueSuccessCommand') + appId + '\n');
-    console.log(locationOfApp(config, appId));
-    console.log('\n *********************************************************** \n');
+const displaySuccessMessage = () => {
+    console.log(i18n.__('catalogueSuccessCommand'));
 };
 const catalogueApplication = async (config) => {
     const client = getHttpClient(config);
@@ -19,7 +11,6 @@ const catalogueApplication = async (config) => {
         .catalogueCommand(config)
         .then(res => {
         if (res.statusCode === 201) {
-            displaySuccessMessage(config, res.body.application.app_id);
             appId = res.body.application.app_id;
         }
         else {

package/dist/audit/languageAnalysisEngine/{langugageAnalysisFactory.js → languageAnalysisFactory.js}

@@ -9,13 +9,12 @@ const pythonAE = require('../pythonAnalysisEngine');
 const phpAE = require('../phpAnalysisEngine');
 const goAE = require('../goAnalysisEngine');
 const { vulnerabilityReport } = require('./report/reportingFeature');
-const { vulnReportWithoutDevDep } = require('./report/newReportingFeature');
-const { checkDevDeps } = require('./report/checkIgnoreDevDep');
 const { newSendSnapShot } = require('../languageAnalysisEngine/sendSnapshot');
 const fs = require('fs');
 const chalk = require('chalk');
 const saveFile = require('../../commands/audit/saveFile').default;
 const generateSbom = require('../../sbom/generateSbom').default;
+const { failSpinner, returnOra, startSpinner, succeedSpinner } = require('../../utils/oraWrapper');
 module.exports = exports = (err, analysis) => {
     const { identifiedLanguageInfo } = analysis.languageAnalysis;
     const catalogueAppId = analysis.languageAnalysis.appId;
@@ -37,19 +36,12 @@ module.exports = exports = (err, analysis) => {
                 err);
             return process.exit(5);
         }
-        console.log('\n **************CONTRAST OSS ANALYSIS BEGINS**************');
+        const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
+        startSpinner(reportSpinner);
         const snapshotResponse = await newSendSnapShot(analysis, catalogueAppId);
-        if (config.report) {
-            const ignoreDevUrl = await checkDevDeps(config);
-            if (ignoreDevUrl) {
-                await vulnReportWithoutDevDep(analysis, catalogueAppId, snapshotResponse.id, config);
-            }
-            else {
-                await vulnerabilityReport(analysis, catalogueAppId, config);
-            }
-        }
+        succeedSpinner(reportSpinner, 'Contrast SCA analysis complete');
+        await vulnerabilityReport(analysis, catalogueAppId, snapshotResponse.id);
         await auditSave(config);
-        console.log('\n ***************CONTRAST OSS ANALYSIS COMPLETE************** \n');
     };
     if (identifiedLanguageInfo.language === DOTNET) {
         dotnetAE(identifiedLanguageInfo, analysis.config, langCallback);
@@ -89,7 +81,7 @@ async function auditSave(config) {
             console.log(i18n.__('auditBadFiletypeSpecifiedForSave'));
         }
     }
-    else {
+    else if (config.save === null) {
         console.log(i18n.__('auditNoFiletypeSpecifiedForSave'));
     }
 }

package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js

@@ -22,6 +22,34 @@ function isNodeLockFilename(filename) {
 const isRubyLockFilename = filename => filename === 'Gemfile.lock';
 const isPipfileLockLockFilename = filename => filename === 'Pipfile.lock';
 const isGoProjectFilename = filename => filename === 'go.mod';
+const deduceLanguageScaAnalysis = filenames => {
+    const deducedLanguages = [];
+    let language = '';
+    filenames.forEach(filename => {
+        if (isJavaMavenProjectFilename(filename)) {
+            deducedLanguages.push(filename);
+            language = JAVA;
+        }
+        if (isJavaGradleProjectFilename(filename)) {
+            deducedLanguages.push(filename);
+            language = JAVA;
+        }
+        if (isNodeProjectFilename(filename)) {
+            deducedLanguages.push(filename);
+            language = NODE;
+        }
+        if (isNodeLockFilename(filename)) {
+            deducedLanguages.push(filename);
+            language = NODE;
+        }
+        if (isGoProjectFilename(filename)) {
+            deducedLanguages.push({ language: GO, projectFilename: filename });
+            language = GO;
+        }
+    });
+    let identifiedLanguages = { [language]: deducedLanguages };
+    return identifiedLanguages;
+};
 const deduceLanguage = filename => {
     const deducedLanguages = [];
     if (isJavaMavenProjectFilename(filename)) {
@@ -119,3 +147,4 @@ exports.isPhpProjectFilename = isPhpProjectFilename;
 exports.isPhpLockFilename = isPhpLockFilename;
 exports.deduceLanguage = deduceLanguage;
 exports.reduceIdentifiedLanguages = reduceIdentifiedLanguages;
+exports.deduceLanguageScaAnalysis = deduceLanguageScaAnalysis;

package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js

@@ -1,257 +1,124 @@
 "use strict";
-const i18n = require('i18n');
-const { getHttpClient } = require('../../../utils/commonApi');
-function displaySuccessMessageReport() {
-    console.log('\n' + i18n.__('reportSuccessMessage'));
-}
-function getAllDependenciesArray(packageJson) {
-    const { dependencies, optionalDependencies, devDependencies, peerDependencies } = packageJson;
-    const allDep = {
-        ...dependencies,
-        ...devDependencies,
-        ...optionalDependencies,
-        ...peerDependencies
-    };
-    return Object.entries(allDep);
-}
-function checkIfDepIsScoped(arrDep) {
-    let count = 0;
-    arrDep.forEach(([key, value]) => {
-        if (!key.startsWith('@')) {
-            console.log(` WARNING not scoped: ${key}:${value}`);
-            count++;
-        }
-    });
-    return count;
-}
-const dependencyRiskReport = async (packageJson, config) => {
-    const arrDep = getAllDependenciesArray(packageJson);
-    const unRegisteredDeps = await checkIfDepIsRegisteredOnNPM(arrDep, config);
-    let scopedCount = checkIfDepIsScoped(unRegisteredDeps);
-    return {
-        scopedCount: scopedCount,
-        unRegisteredCount: unRegisteredDeps.length
-    };
-};
-const checkIfDepIsRegisteredOnNPM = async (arrDep, config) => {
-    let promises = [];
-    let unRegisteredDeps = [];
-    const client = getHttpClient(config);
-    for (const [index, element] of arrDep) {
-        const query = `query artifactByGAV($name: String!, $language: String!, $groupName: String, $version: String!, $nameCheck: Boolean) {
-    artifact: exactVersion(name: $name, language: $language, groupName: $groupName, version: $version, nameCheck: $nameCheck) {
-        version
-        cves {
-            baseScore
-        }}}`;
-        const data = {
-            query: query,
-            variables: {
-                name: index,
-                version: element,
-                language: 'node',
-                nameCheck: true
-            }
-        };
-        promises.push(client.checkLibrary(data));
-    }
-    await Promise.all(promises).then(response => {
-        response.forEach(res => {
-            const libName = JSON.parse(res.request.body);
-            if (res.statusCode === 200) {
-                if (res.body.data.artifact == null) {
-                    unRegisteredDeps.push([
-                        libName.variables.name,
-                        libName.variables.version
-                    ]);
-                }
-            }
-        });
-    });
-    if (unRegisteredDeps.length !== 0) {
-        console.log('\n Dependencies Risk Report', '\n\n Private libraries that are not scoped. We recommend these libraries are reviewed and the scope claimed to prevent dependency confusion breaches');
-    }
-    return unRegisteredDeps;
-};
-const createLibraryHeader = (id, numberOfVulnerableLibraries, numberOfCves, name) => {
-    name
-        ? console.log(` Application Name: ${name} | Application ID: ${id}`)
-        : console.log(` Application ID: ${id}`);
-    console.log(` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's`);
-};
-const breakPipeline = () => {
-    failOptionError();
-    process.exit(1);
-};
-const parameterOptions = hasSomeVulnerabilitiesReported => {
-    const inputtedCLIOptions = cliOptions.getCommandLineArgs();
-    let cveSeverityOption = inputtedCLIOptions['cve_severity'];
-    let fail = inputtedCLIOptions['fail'];
-    let cve_threshold = inputtedCLIOptions['cve_threshold'];
-    let expr;
-    if (cveSeverityOption && fail && cve_threshold) {
-        expr = 'SeverityAndThreshold';
-    }
-    else if (!cveSeverityOption && fail && cve_threshold) {
-        expr = 'ThresholdOnly';
-    }
-    else if (!cve_threshold && fail && hasSomeVulnerabilitiesReported[0]) {
-        expr = 'FailOnly';
-    }
-    return expr;
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
-const analyseReportOptions = hasSomeVulnerabilitiesReported => {
-    const inputtedCLIOptions = cliOptions.getCommandLineArgs();
-    let cve_threshold = inputtedCLIOptions['cve_threshold'];
-    let cveSeverity;
-    let criticalSeverity;
-    let highSeverity;
-    let mediumSeverity;
-    let lowSeverity;
-    switch (parameterOptions(hasSomeVulnerabilitiesReported)) {
-        case 'SeverityAndThreshold':
-            cveSeverity = inputtedCLIOptions['cve_severity'].severity;
-            criticalSeverity = hasSomeVulnerabilitiesReported[2].critical;
-            highSeverity = hasSomeVulnerabilitiesReported[2].high;
-            mediumSeverity = hasSomeVulnerabilitiesReported[2].medium;
-            lowSeverity = hasSomeVulnerabilitiesReported[2].low;
-            if (cveSeverity === 'HIGH') {
-                if (cve_threshold < highSeverity + criticalSeverity) {
-                    breakPipeline();
-                }
-            }
-            if (cveSeverity === 'MEDIUM') {
-                if (cve_threshold < mediumSeverity + highSeverity) {
-                    breakPipeline();
-                }
-            }
-            if (cveSeverity === 'LOW') {
-                if (cve_threshold < lowSeverity + mediumSeverity + highSeverity) {
-                    breakPipeline();
-                }
-            }
-            break;
-        case 'ThresholdOnly':
-            if (cve_threshold < hasSomeVulnerabilitiesReported[1]) {
-                breakPipeline();
-            }
-            break;
-        case 'FailOnly':
-            breakPipeline();
-            break;
-    }
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getNumOfAndSeverityType = exports.buildFormattedHeaderNum = exports.buildBody = exports.buildHeader = exports.printFormattedOutput = exports.printVulnerabilityResponse = exports.getReport = exports.createLibraryHeader = void 0;
+const commonApi_1 = require("../../../utils/commonApi");
+const reportListModel_1 = require("./models/reportListModel");
+const lodash_1 = require("lodash");
+const chalk_1 = __importDefault(require("chalk"));
+const reportUtils_1 = require("./utils/reportUtils");
+const severityCountModel_1 = require("./models/severityCountModel");
+const reportOutputModel_1 = require("./models/reportOutputModel");
+const createLibraryHeader = (id, numberOfVulnerableLibraries, numberOfCves) => {
+    numberOfVulnerableLibraries === 1
+        ? console.log(` Found 1 vulnerable library containing ${numberOfCves} CVE's`)
+        : console.log(` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's `);
 };
-const getReport = async (applicationId) => {
-    const userParams = await util.getParams(applicationId);
-    const addParams = agent.getAdditionalParams();
-    const protocol = getValidHost(userParams.host);
-    const client = commonApi.getHttpClient(userParams, protocol, addParams);
+exports.createLibraryHeader = createLibraryHeader;
+const getReport = async (config, reportId) => {
+    const client = (0, commonApi_1.getHttpClient)(config);
     return client
-        .getReport(userParams)
-        .then(res => {
+        .getReportById(config, reportId)
+        .then((res) => {
         if (res.statusCode === 200) {
-            displaySuccessMessageReport();
             return res.body;
         }
         else {
-            handleResponseErrors(res, 'report');
+            console.log('config-------------------');
+            console.log(config);
+            console.log('reportId----------------');
+            console.log(reportId);
+            console.log(JSON.stringify(res));
+            (0, commonApi_1.handleResponseErrors)(res, 'report');
         }
     })
-        .catch(err => {
+        .catch((err) => {
         console.log(err);
     });
 };
-const printVulnerabilityResponse = (severity, filteredVulns, vulnerabilities) => {
+exports.getReport = getReport;
+const printVulnerabilityResponse = (vulnerabilities, config) => {
     let hasSomeVulnerabilitiesReported = false;
-    if (severity) {
-        returnCveData(filteredVulns);
-        if (Object.keys(filteredVulns).length > 0)
-            hasSomeVulnerabilitiesReported = true;
-    }
-    else {
-        returnCveData(vulnerabilities);
-        if (Object.keys(vulnerabilities).length > 0)
-            hasSomeVulnerabilitiesReported = true;
+    (0, exports.printFormattedOutput)(vulnerabilities, config);
+    if (Object.keys(vulnerabilities).length > 0) {
+        hasSomeVulnerabilitiesReported = true;
     }
     return hasSomeVulnerabilitiesReported;
 };
-const returnCveData = libraries => {
-    console.log('\n ************************************************************');
-    for (const [key, value] of Object.entries(libraries)) {
-        const parts = key.split('/');
-        const nameVersion = parts[1].split('@');
-        const group = parts[0];
-        const name = nameVersion[0];
-        const version = nameVersion[1];
-        const libName = group !== 'null'
-            ? `${group}/${name}/${version} is vulnerable`
-            : `${name}/${version} is vulnerable`;
-        console.log('\n\n ' + libName);
-        value.forEach(vuln => {
-            let sevCode = vuln.severityCode || vuln.severity_code;
-            console.log('\n ' + vuln.name + ' ' + sevCode + '\n ' + vuln.description);
-        });
+exports.printVulnerabilityResponse = printVulnerabilityResponse;
+const printFormattedOutput = (libraries, config) => {
+    const report = new reportListModel_1.ReportList();
+    for (const library of libraries) {
+        const { name, version } = (0, reportUtils_1.findNameAndVersion)(library, config);
+        const newOutputModel = new reportListModel_1.ReportModelStructure(new reportListModel_1.ReportCompositeKey(name, version, (0, reportUtils_1.findHighestSeverityCVE)(library.cveArray)), library.cveArray);
+        report.reportOutputList.push(newOutputModel);
     }
-};
-function searchHighCVEs(vuln) {
-    let sevCode = vuln.severityCode || vuln.severity_code;
-    if (sevCode === 'HIGH') {
-        return vuln;
+    const orderedOutputListLowestFirst = (0, lodash_1.orderBy)(report.reportOutputList, reportListItem => reportListItem.compositeKey.highestSeverity.priority, ['desc']);
+    let contrastHeaderNumCounter = 0;
+    for (const reportModel of orderedOutputListLowestFirst) {
+        contrastHeaderNumCounter++;
+        const { libraryName, libraryVersion, highestSeverity } = reportModel.compositeKey;
+        const numOfCVEs = reportModel.cveArray.length;
+        const header = buildHeader(highestSeverity, contrastHeaderNumCounter, libraryName, libraryVersion, numOfCVEs);
+        const body = buildBody(reportModel.cveArray);
+        const reportOutputModel = new reportOutputModel_1.ReportOutputModel(header, body);
+        console.log(reportOutputModel.header.vulnMessage, reportOutputModel.header.introducesMessage);
+        console.log(reportOutputModel.body.issueMessage);
+        console.log(reportOutputModel.body.adviceMessage);
     }
+};
+exports.printFormattedOutput = printFormattedOutput;
+function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, numOfCVEs) {
+    const vulnerabilityPluralised = numOfCVEs > 1 ? 'Vulnerabilities' : 'Vulnerability';
+    const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum);
+    const vulnMessage = chalk_1.default
+        .hex(highestSeverity.outputColour)
+        .bold(`${formattedHeaderNum} - [${highestSeverity.severity}] ${libraryName}-${version}`);
+    const introducesMessage = chalk_1.default.bold(`introduces ${numOfCVEs} ${vulnerabilityPluralised}`);
+    return new reportOutputModel_1.ReportOutputHeaderModel(vulnMessage, introducesMessage);
 }
-function searchMediumCVEs(vuln) {
-    let sevCode = vuln.severityCode || vuln.severity_code;
-    if (sevCode === 'HIGH' || sevCode === 'MEDIUM') {
-        return vuln;
-    }
+exports.buildHeader = buildHeader;
+function buildBody(cveArray) {
+    const cveMessages = [];
+    (0, reportUtils_1.findCVESeveritiesAndOrderByHighestPriority)(cveArray).forEach(reportSeverityModel => {
+        const { outputColour, severity, cveName } = reportSeverityModel;
+        const severityShorthand = chalk_1.default
+            .hex(outputColour)
+            .bold(`[${severity.charAt(0).toUpperCase()}]`);
+        const builtMessage = `${severityShorthand} ${cveName}`;
+        cveMessages.push(builtMessage);
+    });
+    const numAndSeverityType = getNumOfAndSeverityType(cveArray);
+    const issueMessage = ` ${chalk_1.default.bold('Issue')}  : ${numAndSeverityType} ${cveMessages.join(', ')}.`;
+    const adviceMessage = ` ${chalk_1.default.bold('Advice')} : ${chalk_1.default.bold('Update to latest version')}.`;
+    return new reportOutputModel_1.ReportOutputBodyModel(issueMessage, adviceMessage);
 }
-function searchLowCVEs(vuln) {
-    let sevCode = vuln.severityCode || vuln.severity_code;
-    if (sevCode === 'HIGH' || sevCode === 'MEDIUM' || sevCode === 'LOW') {
-        return vuln;
+exports.buildBody = buildBody;
+function buildFormattedHeaderNum(contrastHeaderNum) {
+    let formattedHeaderNum;
+    if (contrastHeaderNum < 10) {
+        formattedHeaderNum = `00${contrastHeaderNum}`;
     }
-}
-const filterVulnerabilitiesBySeverity = (severity, vulnerabilities) => {
-    let filteredVulns = [];
-    if (severity) {
-        for (let x in vulnerabilities) {
-            if (severity.severity === 'HIGH') {
-                let highVulnerability = vulnerabilities[x].filter(searchHighCVEs);
-                if (highVulnerability.length > 0) {
-                    filteredVulns[x] = highVulnerability;
-                }
-            }
-            else if (severity.severity === 'MEDIUM') {
-                let mediumVulnerability = vulnerabilities[x].filter(searchMediumCVEs);
-                if (mediumVulnerability.length > 0) {
-                    filteredVulns[x] = mediumVulnerability;
-                }
-            }
-            else if (severity.severity === 'LOW') {
-                let lowVulnerability = vulnerabilities[x].filter(searchLowCVEs);
-                if (lowVulnerability.length > 0) {
-                    filteredVulns[x] = lowVulnerability;
-                }
-            }
-        }
+    else if (contrastHeaderNum >= 10 && contrastHeaderNum < 100) {
+        formattedHeaderNum = `0${contrastHeaderNum}`;
     }
-    return filteredVulns;
-};
-module.exports = {
-    displaySuccessMessageReport: displaySuccessMessageReport,
-    getAllDependenciesArray: getAllDependenciesArray,
-    dependencyRiskReport: dependencyRiskReport,
-    createLibraryHeader: createLibraryHeader,
-    breakPipeline: breakPipeline,
-    parameterOptions: parameterOptions,
-    analyseReportOptions: analyseReportOptions,
-    getReport: getReport,
-    checkIfDepIsScoped: checkIfDepIsScoped,
-    checkIfDepIsRegisteredOnNPM: checkIfDepIsRegisteredOnNPM,
-    filterVulnerabilitiesBySeverity: filterVulnerabilitiesBySeverity,
-    searchLowCVEs: searchLowCVEs,
-    searchMediumCVEs: searchMediumCVEs,
-    searchHighCVEs: searchHighCVEs,
-    returnCveData: returnCveData,
-    printVulnerabilityResponse: printVulnerabilityResponse
-};
+    else if (contrastHeaderNum >= 100) {
+        formattedHeaderNum = contrastHeaderNum;
+    }
+    return `CONTRAST-${formattedHeaderNum}`;
+}
+exports.buildFormattedHeaderNum = buildFormattedHeaderNum;
+function getNumOfAndSeverityType(cveArray) {
+    const { critical, high, medium, low, note } = (0, reportUtils_1.severityCountAllCVEs)(cveArray, new severityCountModel_1.SeverityCountModel());
+    const criticalMessage = critical > 0 ? `${critical} Critical` : '';
+    const highMessage = high > 0 ? `${high} High` : '';
+    const mediumMessage = medium > 0 ? `${medium} Medium` : '';
+    const lowMessage = low > 0 ? `${low} Low` : '';
+    const noteMessage = note > 0 ? `${note} Note` : '';
+    return `${criticalMessage} ${highMessage} ${mediumMessage} ${lowMessage} ${noteMessage}`
+        .replace(/\s+/g, ' ')
+        .trim();
+}
+exports.getNumOfAndSeverityType = getNumOfAndSeverityType;

package/dist/audit/languageAnalysisEngine/report/models/reportLibraryModel.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReportCVEModel = exports.ReportLibraryModel = void 0;
+class ReportLibraryModel {
+    constructor(name, cveArray) {
+        this.name = name;
+        this.cveArray = cveArray;
+    }
+}
+exports.ReportLibraryModel = ReportLibraryModel;
+class ReportCVEModel {
+    constructor(name, description, severityCode, cvss3SeverityCode) {
+        this.name = name;
+        this.description = description;
+        this.severityCode = severityCode;
+        this.cvss3SeverityCode = cvss3SeverityCode;
+    }
+}
+exports.ReportCVEModel = ReportCVEModel;

package/dist/audit/languageAnalysisEngine/report/models/reportListModel.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReportCompositeKey = exports.ReportModelStructure = exports.ReportList = void 0;
+class ReportList {
+    constructor() {
+        this.reportOutputList = [];
+    }
+}
+exports.ReportList = ReportList;
+class ReportModelStructure {
+    constructor(compositeKey, cveArray) {
+        this.compositeKey = compositeKey;
+        this.cveArray = cveArray;
+    }
+}
+exports.ReportModelStructure = ReportModelStructure;
+class ReportCompositeKey {
+    constructor(libraryName, libraryVersion, highestSeverity) {
+        this.libraryName = libraryName;
+        this.libraryVersion = libraryVersion;
+        this.highestSeverity = highestSeverity;
+    }
+}
+exports.ReportCompositeKey = ReportCompositeKey;