@contrast/contrast 1.0.3 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.prettierignore +4 -0
- package/README.md +20 -14
- package/dist/audit/autodetection/autoDetectLanguage.js +32 -0
- package/dist/audit/catalogueApplication/catalogueApplication.js +2 -11
- package/dist/audit/languageAnalysisEngine/{langugageAnalysisFactory.js → languageAnalysisFactory.js} +6 -14
- package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +29 -0
- package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +101 -234
- package/dist/audit/languageAnalysisEngine/report/models/reportLibraryModel.js +19 -0
- package/dist/audit/languageAnalysisEngine/report/models/reportListModel.js +24 -0
- package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js +24 -0
- package/dist/audit/languageAnalysisEngine/report/models/reportSeverityModel.js +12 -0
- package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js +13 -0
- package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +24 -129
- package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js +99 -0
- package/dist/audit/languageAnalysisEngine/sendSnapshot.js +2 -14
- package/dist/commands/audit/auditConfig.js +8 -2
- package/dist/commands/audit/auditController.js +14 -5
- package/dist/commands/scan/processScan.js +10 -6
- package/dist/commands/scan/sca/scaAnalysis.js +49 -0
- package/dist/common/HTTPClient.js +18 -26
- package/dist/common/errorHandling.js +7 -17
- package/dist/common/versionChecker.js +14 -12
- package/dist/constants/constants.js +24 -2
- package/dist/constants/lambda.js +3 -1
- package/dist/constants/locales.js +42 -42
- package/dist/constants.js +25 -1
- package/dist/index.js +2 -2
- package/dist/lambda/help.js +22 -14
- package/dist/lambda/lambda.js +6 -0
- package/dist/scaAnalysis/common/formatMessage.js +19 -0
- package/dist/scaAnalysis/common/treeUpload.js +29 -0
- package/dist/scaAnalysis/go/goAnalysis.js +17 -0
- package/dist/scaAnalysis/go/goParseDeps.js +158 -0
- package/dist/scaAnalysis/go/goReadDepFile.js +23 -0
- package/dist/scaAnalysis/java/analysis.js +108 -0
- package/dist/scaAnalysis/java/index.js +18 -0
- package/dist/scaAnalysis/java/javaBuildDepsParser.js +339 -0
- package/dist/scan/autoDetection.js +46 -1
- package/dist/scan/fileUtils.js +73 -1
- package/dist/scan/formatScanOutput.js +215 -0
- package/dist/scan/help.js +3 -1
- package/dist/scan/models/groupedResultsModel.js +11 -0
- package/dist/scan/models/resultContentModel.js +2 -0
- package/dist/scan/models/scanResultsModel.js +11 -0
- package/dist/scan/scan.js +27 -126
- package/dist/scan/scanConfig.js +1 -1
- package/dist/scan/scanController.js +11 -5
- package/dist/scan/scanResults.js +15 -19
- package/dist/utils/getConfig.js +3 -0
- package/dist/utils/oraWrapper.js +5 -1
- package/package.json +3 -2
- package/src/audit/autodetection/autoDetectLanguage.ts +40 -0
- package/src/audit/catalogueApplication/catalogueApplication.js +4 -16
- package/src/audit/languageAnalysisEngine/{langugageAnalysisFactory.js → languageAnalysisFactory.js} +11 -21
- package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +72 -0
- package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts +204 -0
- package/src/audit/languageAnalysisEngine/report/models/reportLibraryModel.ts +30 -0
- package/src/audit/languageAnalysisEngine/report/models/reportListModel.ts +32 -0
- package/src/audit/languageAnalysisEngine/report/models/reportOutputModel.ts +29 -0
- package/src/audit/languageAnalysisEngine/report/models/reportSeverityModel.ts +13 -0
- package/src/audit/languageAnalysisEngine/report/models/severityCountModel.ts +16 -0
- package/src/audit/languageAnalysisEngine/report/reportingFeature.ts +56 -0
- package/src/audit/languageAnalysisEngine/report/utils/reportUtils.ts +116 -0
- package/src/audit/languageAnalysisEngine/sendSnapshot.js +2 -22
- package/src/commands/audit/auditConfig.ts +12 -3
- package/src/commands/audit/auditController.ts +20 -5
- package/src/commands/audit/processAudit.ts +3 -0
- package/src/commands/scan/processScan.js +13 -9
- package/src/commands/scan/sca/scaAnalysis.js +75 -0
- package/src/common/HTTPClient.js +31 -38
- package/src/common/errorHandling.ts +7 -25
- package/src/common/versionChecker.ts +24 -22
- package/src/constants/constants.js +24 -2
- package/src/constants/lambda.js +3 -1
- package/src/constants/locales.js +47 -56
- package/src/constants.js +29 -1
- package/src/index.ts +2 -3
- package/src/lambda/help.ts +22 -14
- package/src/lambda/lambda.ts +8 -0
- package/src/scaAnalysis/common/formatMessage.js +20 -0
- package/src/scaAnalysis/common/treeUpload.js +30 -0
- package/src/scaAnalysis/go/goAnalysis.js +20 -0
- package/src/scaAnalysis/go/goParseDeps.js +203 -0
- package/src/scaAnalysis/go/goReadDepFile.js +32 -0
- package/src/scaAnalysis/java/analysis.js +143 -0
- package/src/scaAnalysis/java/index.js +21 -0
- package/src/scaAnalysis/java/javaBuildDepsParser.js +404 -0
- package/src/scan/autoDetection.js +54 -1
- package/src/scan/fileUtils.js +91 -1
- package/src/scan/formatScanOutput.ts +250 -0
- package/src/scan/help.js +3 -1
- package/src/scan/models/groupedResultsModel.ts +20 -0
- package/src/scan/models/resultContentModel.ts +86 -0
- package/src/scan/models/scanResultsModel.ts +52 -0
- package/src/scan/scan.ts +63 -0
- package/src/scan/scanConfig.js +1 -1
- package/src/scan/scanController.js +15 -7
- package/src/scan/scanResults.js +21 -18
- package/src/utils/getConfig.ts +10 -0
- package/src/utils/oraWrapper.js +6 -1
- package/dist/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +0 -17
- package/dist/audit/languageAnalysisEngine/report/newReportingFeature.js +0 -81
- package/src/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +0 -27
- package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.js +0 -303
- package/src/audit/languageAnalysisEngine/report/newReportingFeature.js +0 -124
- package/src/audit/languageAnalysisEngine/report/reportingFeature.js +0 -190
- package/src/scan/scan.js +0 -195
|
@@ -1,190 +0,0 @@
|
|
|
1
|
-
const i18n = require('i18n')
|
|
2
|
-
const commonApi = require('../commonApi')
|
|
3
|
-
const commonReport = require('./commonReportingFunctions')
|
|
4
|
-
|
|
5
|
-
function displaySuccessMessageVulnerabilities() {
|
|
6
|
-
console.log(i18n.__('vulnerabilitiesSuccessMessage'))
|
|
7
|
-
}
|
|
8
|
-
|
|
9
|
-
const vulnerabilityReport = async (analysis, applicationId, config) => {
|
|
10
|
-
let depRiskReportCount = {}
|
|
11
|
-
if (analysis.language === 'NODE') {
|
|
12
|
-
depRiskReportCount = await commonReport.dependencyRiskReport(
|
|
13
|
-
analysis.node.packageJSON,
|
|
14
|
-
config
|
|
15
|
-
)
|
|
16
|
-
}
|
|
17
|
-
if (config['report']) {
|
|
18
|
-
const reportResponse = await commonReport.getReport(applicationId)
|
|
19
|
-
if (reportResponse !== undefined) {
|
|
20
|
-
const libraryVulnerabilityInput = createLibraryVulnerabilityInput(
|
|
21
|
-
reportResponse.reports
|
|
22
|
-
)
|
|
23
|
-
const libraryVulnerabilityResponse = await getLibraryVulnerabilities(
|
|
24
|
-
libraryVulnerabilityInput,
|
|
25
|
-
applicationId
|
|
26
|
-
)
|
|
27
|
-
|
|
28
|
-
const severity = config['cve_severity']
|
|
29
|
-
const id = applicationId
|
|
30
|
-
const name = config.applicationName
|
|
31
|
-
const hasSomeVulnerabilitiesReported = formatVulnerabilityOutput(
|
|
32
|
-
libraryVulnerabilityResponse,
|
|
33
|
-
severity,
|
|
34
|
-
id,
|
|
35
|
-
name,
|
|
36
|
-
depRiskReportCount,
|
|
37
|
-
config
|
|
38
|
-
)
|
|
39
|
-
commonReport.analyseReportOptions(hasSomeVulnerabilitiesReported)
|
|
40
|
-
}
|
|
41
|
-
}
|
|
42
|
-
}
|
|
43
|
-
|
|
44
|
-
const createLibraryVulnerabilityInput = report => {
|
|
45
|
-
const language = Object.keys(report[0].report)[0]
|
|
46
|
-
const reportTree = report[0].report[language].dependencyTree
|
|
47
|
-
const libraries = reportTree[Object.keys(reportTree)[0]]
|
|
48
|
-
|
|
49
|
-
let gav = []
|
|
50
|
-
// eslint-disable-next-line
|
|
51
|
-
for (const key of Object.keys(libraries)) {
|
|
52
|
-
gav.push({
|
|
53
|
-
name: libraries[key].name,
|
|
54
|
-
group: libraries[key].group,
|
|
55
|
-
version: libraries[key].resolved
|
|
56
|
-
})
|
|
57
|
-
}
|
|
58
|
-
|
|
59
|
-
return {
|
|
60
|
-
name_group_versions: gav,
|
|
61
|
-
language: language.toUpperCase()
|
|
62
|
-
}
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
const oldCountSeverity = vulnerableLibraries => {
|
|
66
|
-
const severityCount = {
|
|
67
|
-
critical: 0,
|
|
68
|
-
high: 0,
|
|
69
|
-
medium: 0,
|
|
70
|
-
low: 0
|
|
71
|
-
}
|
|
72
|
-
|
|
73
|
-
vulnerableLibraries.forEach(lib => {
|
|
74
|
-
lib.vulns.forEach(vuln => {
|
|
75
|
-
if (vuln.severity_code === 'HIGH') {
|
|
76
|
-
severityCount['high'] += 1
|
|
77
|
-
} else if (vuln.severity_code === 'MEDIUM') {
|
|
78
|
-
severityCount['medium'] += 1
|
|
79
|
-
} else if (vuln.severity_code === 'LOW') {
|
|
80
|
-
severityCount['low'] += 1
|
|
81
|
-
} else if (vuln.severity_code === 'CRITICAL') {
|
|
82
|
-
severityCount['critical'] += 1
|
|
83
|
-
}
|
|
84
|
-
})
|
|
85
|
-
})
|
|
86
|
-
return severityCount
|
|
87
|
-
}
|
|
88
|
-
|
|
89
|
-
const parseVulnerabilites = libraryVulnerabilityResponse => {
|
|
90
|
-
let parsedVulnerabilites = {}
|
|
91
|
-
let vulnName = libraryVulnerabilityResponse.libraries
|
|
92
|
-
for (let x in vulnName) {
|
|
93
|
-
let vuln = vulnName[x].vulns
|
|
94
|
-
if (vuln.length > 0) {
|
|
95
|
-
let libname =
|
|
96
|
-
vulnName[x].group +
|
|
97
|
-
'/' +
|
|
98
|
-
vulnName[x].file_name +
|
|
99
|
-
'@' +
|
|
100
|
-
vulnName[x].file_version
|
|
101
|
-
parsedVulnerabilites[libname] = vulnName[x].vulns
|
|
102
|
-
}
|
|
103
|
-
}
|
|
104
|
-
return parsedVulnerabilites
|
|
105
|
-
}
|
|
106
|
-
|
|
107
|
-
const formatVulnerabilityOutput = (
|
|
108
|
-
libraryVulnerabilityResponse,
|
|
109
|
-
severity,
|
|
110
|
-
id,
|
|
111
|
-
name,
|
|
112
|
-
depRiskReportCount,
|
|
113
|
-
config
|
|
114
|
-
) => {
|
|
115
|
-
let vulnerableLibraries = libraryVulnerabilityResponse.libraries.filter(
|
|
116
|
-
data => {
|
|
117
|
-
return data.vulns.length > 0
|
|
118
|
-
}
|
|
119
|
-
)
|
|
120
|
-
|
|
121
|
-
const numberOfVulnerableLibraries = vulnerableLibraries.length
|
|
122
|
-
let numberOfCves = 0
|
|
123
|
-
vulnerableLibraries.forEach(lib => (numberOfCves += lib.vulns.length))
|
|
124
|
-
commonReport.createLibraryHeader(
|
|
125
|
-
id,
|
|
126
|
-
numberOfVulnerableLibraries,
|
|
127
|
-
numberOfCves,
|
|
128
|
-
name
|
|
129
|
-
)
|
|
130
|
-
|
|
131
|
-
const severityCount = oldCountSeverity(vulnerableLibraries)
|
|
132
|
-
|
|
133
|
-
// parse so filter code will work for both new (ignore dev dep) and current report
|
|
134
|
-
let vulnerabilities = parseVulnerabilites(libraryVulnerabilityResponse)
|
|
135
|
-
let filteredVulns = commonReport.filterVulnerabilitiesBySeverity(
|
|
136
|
-
severity,
|
|
137
|
-
vulnerabilities
|
|
138
|
-
)
|
|
139
|
-
let hasSomeVulnerabilitiesReported
|
|
140
|
-
hasSomeVulnerabilitiesReported = commonReport.printVulnerabilityResponse(
|
|
141
|
-
severity,
|
|
142
|
-
filteredVulns,
|
|
143
|
-
vulnerabilities
|
|
144
|
-
)
|
|
145
|
-
|
|
146
|
-
console.log(
|
|
147
|
-
'\n **************************' +
|
|
148
|
-
` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's ` +
|
|
149
|
-
'************************** '
|
|
150
|
-
)
|
|
151
|
-
|
|
152
|
-
if (depRiskReportCount && depRiskReportCount.scopedCount === 0) {
|
|
153
|
-
console.log(' No private libraries that are not scoped detected')
|
|
154
|
-
}
|
|
155
|
-
|
|
156
|
-
console.log(
|
|
157
|
-
' \n Please go to the Contrast UI to view your dependency tree: \n' +
|
|
158
|
-
` \n ${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`
|
|
159
|
-
)
|
|
160
|
-
return [hasSomeVulnerabilitiesReported, numberOfCves, severityCount]
|
|
161
|
-
}
|
|
162
|
-
|
|
163
|
-
const getLibraryVulnerabilities = async (input, applicationId) => {
|
|
164
|
-
const requestBody = input
|
|
165
|
-
const addParams = agent.getAdditionalParams()
|
|
166
|
-
const userParams = await util.getParams(applicationId)
|
|
167
|
-
const protocol = getValidHost(userParams.host)
|
|
168
|
-
const client = commonApi.getHttpClient(userParams, protocol, addParams)
|
|
169
|
-
|
|
170
|
-
return client
|
|
171
|
-
.getLibraryVulnerabilities(requestBody, userParams)
|
|
172
|
-
.then(res => {
|
|
173
|
-
if (res.statusCode === 200) {
|
|
174
|
-
displaySuccessMessageVulnerabilities()
|
|
175
|
-
return res.body
|
|
176
|
-
} else {
|
|
177
|
-
handleResponseErrors(res, 'vulnerabilities')
|
|
178
|
-
}
|
|
179
|
-
})
|
|
180
|
-
.catch(err => {
|
|
181
|
-
console.log(err)
|
|
182
|
-
})
|
|
183
|
-
}
|
|
184
|
-
|
|
185
|
-
module.exports = {
|
|
186
|
-
vulnerabilityReport: vulnerabilityReport,
|
|
187
|
-
getLibraryVulnerabilities: getLibraryVulnerabilities,
|
|
188
|
-
formatVulnerabilityOutput: formatVulnerabilityOutput,
|
|
189
|
-
createLibraryVulnerabilityInput: createLibraryVulnerabilityInput
|
|
190
|
-
}
|
package/src/scan/scan.js
DELETED
|
@@ -1,195 +0,0 @@
|
|
|
1
|
-
const commonApi = require('../utils/commonApi.js')
|
|
2
|
-
const fileUtils = require('../scan/fileUtils')
|
|
3
|
-
const allowedFileTypes = ['.jar', '.war', '.js', '.zip', '.exe']
|
|
4
|
-
const i18n = require('i18n')
|
|
5
|
-
const oraWrapper = require('../utils/oraWrapper')
|
|
6
|
-
const chalk = require('chalk')
|
|
7
|
-
|
|
8
|
-
const isFileAllowed = scanOption => {
|
|
9
|
-
let valid = false
|
|
10
|
-
allowedFileTypes.forEach(fileType => {
|
|
11
|
-
if (scanOption.endsWith(fileType)) {
|
|
12
|
-
valid = true
|
|
13
|
-
}
|
|
14
|
-
})
|
|
15
|
-
return valid
|
|
16
|
-
}
|
|
17
|
-
|
|
18
|
-
const stripMustacheTags = oldString => {
|
|
19
|
-
return oldString
|
|
20
|
-
.replace(/\n/g, ' ')
|
|
21
|
-
.replace(/{{.*?}}/g, '\n')
|
|
22
|
-
.replace(/\$\$LINK_DELIM\$\$/g, '\n')
|
|
23
|
-
.replace(/\s+/g, ' ')
|
|
24
|
-
.trim()
|
|
25
|
-
}
|
|
26
|
-
|
|
27
|
-
const sendScan = async config => {
|
|
28
|
-
if (!isFileAllowed(config.file)) {
|
|
29
|
-
console.log(i18n.__('scanErrorFileMessage'))
|
|
30
|
-
process.exit(9)
|
|
31
|
-
} else {
|
|
32
|
-
fileUtils.checkFilePermissions(config.file)
|
|
33
|
-
const client = commonApi.getHttpClient(config)
|
|
34
|
-
|
|
35
|
-
const startUploadSpinner = oraWrapper.returnOra(i18n.__('uploadingScan'))
|
|
36
|
-
oraWrapper.startSpinner(startUploadSpinner)
|
|
37
|
-
|
|
38
|
-
return await client
|
|
39
|
-
.sendArtifact(config)
|
|
40
|
-
.then(res => {
|
|
41
|
-
if (res.statusCode === 201) {
|
|
42
|
-
oraWrapper.succeedSpinner(
|
|
43
|
-
startUploadSpinner,
|
|
44
|
-
i18n.__('uploadingScanSuccessful')
|
|
45
|
-
)
|
|
46
|
-
if (config.verbose) {
|
|
47
|
-
console.log(i18n.__('responseMessage', res.body))
|
|
48
|
-
}
|
|
49
|
-
return res.body.id
|
|
50
|
-
} else {
|
|
51
|
-
if (config.debug) {
|
|
52
|
-
console.log(res.statusCode)
|
|
53
|
-
console.log(config)
|
|
54
|
-
}
|
|
55
|
-
oraWrapper.failSpinner(
|
|
56
|
-
startUploadSpinner,
|
|
57
|
-
i18n.__('uploadingScanFail')
|
|
58
|
-
)
|
|
59
|
-
if (res.statusCode === 403) {
|
|
60
|
-
console.log(i18n.__('permissionsError'))
|
|
61
|
-
process.exit(1)
|
|
62
|
-
}
|
|
63
|
-
console.log(i18n.__('genericServiceError', res.statusCode))
|
|
64
|
-
process.exit(1)
|
|
65
|
-
}
|
|
66
|
-
})
|
|
67
|
-
.catch(err => {
|
|
68
|
-
console.log(err)
|
|
69
|
-
})
|
|
70
|
-
}
|
|
71
|
-
}
|
|
72
|
-
|
|
73
|
-
const formatScanOutput = (overview, results) => {
|
|
74
|
-
console.log()
|
|
75
|
-
|
|
76
|
-
if (results.content.length === 0) {
|
|
77
|
-
console.log(i18n.__('scanNoVulnerabilitiesFound'))
|
|
78
|
-
} else {
|
|
79
|
-
let message =
|
|
80
|
-
overview.critical || overview.high
|
|
81
|
-
? 'Here are your top priorities to fix'
|
|
82
|
-
: "No major issues, here's what we found"
|
|
83
|
-
console.log(chalk.bold(message))
|
|
84
|
-
console.log()
|
|
85
|
-
|
|
86
|
-
const groups = getGroups(results.content)
|
|
87
|
-
groups.forEach(entry => {
|
|
88
|
-
console.log(
|
|
89
|
-
chalk.bold(
|
|
90
|
-
`${entry.severity} | ${entry.ruleId} (${entry.lineInfoSet.size})`
|
|
91
|
-
)
|
|
92
|
-
)
|
|
93
|
-
let count = 1
|
|
94
|
-
entry.lineInfoSet.forEach(lineInfo => {
|
|
95
|
-
console.log(`\t ${count}. ${lineInfo}`)
|
|
96
|
-
count++
|
|
97
|
-
})
|
|
98
|
-
|
|
99
|
-
if (entry?.cwe && entry?.cwe.length > 0) {
|
|
100
|
-
formatLinks('cwe', entry.cwe)
|
|
101
|
-
}
|
|
102
|
-
if (entry?.reference && entry?.reference.length > 0) {
|
|
103
|
-
formatLinks('reference', entry.reference)
|
|
104
|
-
}
|
|
105
|
-
if (entry?.owasp && entry?.owasp.length > 0) {
|
|
106
|
-
formatLinks('owasp', entry.owasp)
|
|
107
|
-
}
|
|
108
|
-
console.log(chalk.bold('How to fix:'))
|
|
109
|
-
console.log(entry.recommendation)
|
|
110
|
-
console.log()
|
|
111
|
-
})
|
|
112
|
-
|
|
113
|
-
const totalVulnerabilities =
|
|
114
|
-
overview.critical +
|
|
115
|
-
overview.high +
|
|
116
|
-
overview.medium +
|
|
117
|
-
overview.low +
|
|
118
|
-
overview.note
|
|
119
|
-
|
|
120
|
-
let vulMessage =
|
|
121
|
-
totalVulnerabilities === 1 ? `vulnerability` : `vulnerabilities`
|
|
122
|
-
console.log(chalk.bold(`Found ${totalVulnerabilities} ${vulMessage}`))
|
|
123
|
-
console.log(
|
|
124
|
-
i18n.__(
|
|
125
|
-
'foundDetailedVulnerabilities',
|
|
126
|
-
overview.critical,
|
|
127
|
-
overview.high,
|
|
128
|
-
overview.medium,
|
|
129
|
-
overview.low,
|
|
130
|
-
overview.note
|
|
131
|
-
)
|
|
132
|
-
)
|
|
133
|
-
}
|
|
134
|
-
}
|
|
135
|
-
|
|
136
|
-
const formatLinks = (objName, entry) => {
|
|
137
|
-
console.log(chalk.bold(objName + ':'))
|
|
138
|
-
entry.forEach(link => {
|
|
139
|
-
console.log(link)
|
|
140
|
-
})
|
|
141
|
-
console.log()
|
|
142
|
-
}
|
|
143
|
-
|
|
144
|
-
const getGroups = content => {
|
|
145
|
-
const groupTypeSet = new Set(content.map(({ ruleId }) => ruleId))
|
|
146
|
-
let groupTypeResults = []
|
|
147
|
-
groupTypeSet.forEach(groupName => {
|
|
148
|
-
let groupResultsObj = {
|
|
149
|
-
ruleId: groupName,
|
|
150
|
-
lineInfoSet: new Set(),
|
|
151
|
-
cwe: '',
|
|
152
|
-
owasp: '',
|
|
153
|
-
reference: '',
|
|
154
|
-
recommendation: '',
|
|
155
|
-
severity: ''
|
|
156
|
-
}
|
|
157
|
-
content.forEach(resultEntry => {
|
|
158
|
-
if (resultEntry.ruleId === groupName) {
|
|
159
|
-
groupResultsObj.severity = resultEntry.severity
|
|
160
|
-
groupResultsObj.cwe = resultEntry.cwe
|
|
161
|
-
groupResultsObj.owasp = resultEntry.owasp
|
|
162
|
-
groupResultsObj.reference = resultEntry.reference
|
|
163
|
-
groupResultsObj.recommendation = resultEntry.recommendation
|
|
164
|
-
? stripMustacheTags(resultEntry.recommendation)
|
|
165
|
-
: 'No Recommendations Data Found'
|
|
166
|
-
groupResultsObj.lineInfoSet.add(formattedCodeLine(resultEntry))
|
|
167
|
-
}
|
|
168
|
-
})
|
|
169
|
-
groupTypeResults.push(groupResultsObj)
|
|
170
|
-
})
|
|
171
|
-
return groupTypeResults
|
|
172
|
-
}
|
|
173
|
-
|
|
174
|
-
const formattedCodeLine = resultEntry => {
|
|
175
|
-
let lineUri = resultEntry.locations[0]?.physicalLocation.artifactLocation.uri
|
|
176
|
-
return lineUri + ' @ ' + setLineNumber(resultEntry)
|
|
177
|
-
}
|
|
178
|
-
|
|
179
|
-
const setLineNumber = resultEntry => {
|
|
180
|
-
return resultEntry.codeFlows?.[0]?.threadFlows[0]?.locations[0]?.location
|
|
181
|
-
?.physicalLocation?.region?.startLine
|
|
182
|
-
? resultEntry.codeFlows[0]?.threadFlows[0]?.locations[0]?.location
|
|
183
|
-
?.physicalLocation?.region?.startLine
|
|
184
|
-
: resultEntry.locations[0]?.physicalLocation?.region?.startLine
|
|
185
|
-
}
|
|
186
|
-
|
|
187
|
-
module.exports = {
|
|
188
|
-
sendScan: sendScan,
|
|
189
|
-
getGroups: getGroups,
|
|
190
|
-
allowedFileTypes: allowedFileTypes,
|
|
191
|
-
isFileAllowed: isFileAllowed,
|
|
192
|
-
stripMustacheTags: stripMustacheTags,
|
|
193
|
-
formatScanOutput: formatScanOutput,
|
|
194
|
-
formatLinks: formatLinks
|
|
195
|
-
}
|