npm - @contrast/contrast - Versions diffs - 1.0.3 → 1.0.6 - Mend

@contrast/contrast 1.0.3 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (107) hide show

package/.prettierignore +4 -0
package/README.md +20 -14
package/dist/audit/autodetection/autoDetectLanguage.js +32 -0
package/dist/audit/catalogueApplication/catalogueApplication.js +2 -11
package/dist/audit/languageAnalysisEngine/{langugageAnalysisFactory.js → languageAnalysisFactory.js} +6 -14
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +29 -0
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +101 -234
package/dist/audit/languageAnalysisEngine/report/models/reportLibraryModel.js +19 -0
package/dist/audit/languageAnalysisEngine/report/models/reportListModel.js +24 -0
package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js +24 -0
package/dist/audit/languageAnalysisEngine/report/models/reportSeverityModel.js +12 -0
package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js +13 -0
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +24 -129
package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js +99 -0
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +2 -14
package/dist/commands/audit/auditConfig.js +8 -2
package/dist/commands/audit/auditController.js +14 -5
package/dist/commands/scan/processScan.js +10 -6
package/dist/commands/scan/sca/scaAnalysis.js +49 -0
package/dist/common/HTTPClient.js +18 -26
package/dist/common/errorHandling.js +7 -17
package/dist/common/versionChecker.js +14 -12
package/dist/constants/constants.js +24 -2
package/dist/constants/lambda.js +3 -1
package/dist/constants/locales.js +42 -42
package/dist/constants.js +25 -1
package/dist/index.js +2 -2
package/dist/lambda/help.js +22 -14
package/dist/lambda/lambda.js +6 -0
package/dist/scaAnalysis/common/formatMessage.js +19 -0
package/dist/scaAnalysis/common/treeUpload.js +29 -0
package/dist/scaAnalysis/go/goAnalysis.js +17 -0
package/dist/scaAnalysis/go/goParseDeps.js +158 -0
package/dist/scaAnalysis/go/goReadDepFile.js +23 -0
package/dist/scaAnalysis/java/analysis.js +108 -0
package/dist/scaAnalysis/java/index.js +18 -0
package/dist/scaAnalysis/java/javaBuildDepsParser.js +339 -0
package/dist/scan/autoDetection.js +46 -1
package/dist/scan/fileUtils.js +73 -1
package/dist/scan/formatScanOutput.js +215 -0
package/dist/scan/help.js +3 -1
package/dist/scan/models/groupedResultsModel.js +11 -0
package/dist/scan/models/resultContentModel.js +2 -0
package/dist/scan/models/scanResultsModel.js +11 -0
package/dist/scan/scan.js +27 -126
package/dist/scan/scanConfig.js +1 -1
package/dist/scan/scanController.js +11 -5
package/dist/scan/scanResults.js +15 -19
package/dist/utils/getConfig.js +3 -0
package/dist/utils/oraWrapper.js +5 -1
package/package.json +3 -2
package/src/audit/autodetection/autoDetectLanguage.ts +40 -0
package/src/audit/catalogueApplication/catalogueApplication.js +4 -16
package/src/audit/languageAnalysisEngine/{langugageAnalysisFactory.js → languageAnalysisFactory.js} +11 -21
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +72 -0
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts +204 -0
package/src/audit/languageAnalysisEngine/report/models/reportLibraryModel.ts +30 -0
package/src/audit/languageAnalysisEngine/report/models/reportListModel.ts +32 -0
package/src/audit/languageAnalysisEngine/report/models/reportOutputModel.ts +29 -0
package/src/audit/languageAnalysisEngine/report/models/reportSeverityModel.ts +13 -0
package/src/audit/languageAnalysisEngine/report/models/severityCountModel.ts +16 -0
package/src/audit/languageAnalysisEngine/report/reportingFeature.ts +56 -0
package/src/audit/languageAnalysisEngine/report/utils/reportUtils.ts +116 -0
package/src/audit/languageAnalysisEngine/sendSnapshot.js +2 -22
package/src/commands/audit/auditConfig.ts +12 -3
package/src/commands/audit/auditController.ts +20 -5
package/src/commands/audit/processAudit.ts +3 -0
package/src/commands/scan/processScan.js +13 -9
package/src/commands/scan/sca/scaAnalysis.js +75 -0
package/src/common/HTTPClient.js +31 -38
package/src/common/errorHandling.ts +7 -25
package/src/common/versionChecker.ts +24 -22
package/src/constants/constants.js +24 -2
package/src/constants/lambda.js +3 -1
package/src/constants/locales.js +47 -56
package/src/constants.js +29 -1
package/src/index.ts +2 -3
package/src/lambda/help.ts +22 -14
package/src/lambda/lambda.ts +8 -0
package/src/scaAnalysis/common/formatMessage.js +20 -0
package/src/scaAnalysis/common/treeUpload.js +30 -0
package/src/scaAnalysis/go/goAnalysis.js +20 -0
package/src/scaAnalysis/go/goParseDeps.js +203 -0
package/src/scaAnalysis/go/goReadDepFile.js +32 -0
package/src/scaAnalysis/java/analysis.js +143 -0
package/src/scaAnalysis/java/index.js +21 -0
package/src/scaAnalysis/java/javaBuildDepsParser.js +404 -0
package/src/scan/autoDetection.js +54 -1
package/src/scan/fileUtils.js +91 -1
package/src/scan/formatScanOutput.ts +250 -0
package/src/scan/help.js +3 -1
package/src/scan/models/groupedResultsModel.ts +20 -0
package/src/scan/models/resultContentModel.ts +86 -0
package/src/scan/models/scanResultsModel.ts +52 -0
package/src/scan/scan.ts +63 -0
package/src/scan/scanConfig.js +1 -1
package/src/scan/scanController.js +15 -7
package/src/scan/scanResults.js +21 -18
package/src/utils/getConfig.ts +10 -0
package/src/utils/oraWrapper.js +6 -1
package/dist/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +0 -17
package/dist/audit/languageAnalysisEngine/report/newReportingFeature.js +0 -81
package/src/audit/languageAnalysisEngine/report/checkIgnoreDevDep.js +0 -27
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.js +0 -303
package/src/audit/languageAnalysisEngine/report/newReportingFeature.js +0 -124
package/src/audit/languageAnalysisEngine/report/reportingFeature.js +0 -190
package/src/scan/scan.js +0 -195

package/dist/scan/scanResults.js CHANGED Viewed

@@ -4,6 +4,7 @@ const requestUtils = require('../../src/utils/requestUtils');
 const oraFunctions = require('../utils/oraWrapper');
 const _ = require('lodash');
 const i18n = require('i18n');
+const oraWrapper = require('../utils/oraWrapper');
 const getScanId = async (config, codeArtifactId, client) => {
     return client
         .getScanId(config, codeArtifactId)
@@ -40,12 +41,16 @@ const returnScanResults = async (config, codeArtifactId, timeout, startScanSpinn
                 }
                 if (result.body.status === 'FAILED') {
                     complete = true;
-                    oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan Failed.');
-                    console.log(result.body.errorMessage);
-                    if (result.body.errorMessage ===
+                    if (config.debug) {
+                        oraFunctions.failSpinner(startScanSpinner, i18n.__('scanNotCompleted', 'https://docs.contrastsecurity.com/en/binary-package-preparation.html'));
+                    }
+                    if (result?.body?.errorMessage ===
                         'Unable to determine language for code artifact') {
+                        console.log(result.body.errorMessage);
                         console.log('Try scanning again using --language param. ', i18n.__('scanOptionsLanguageSummary'));
                     }
+                    oraWrapper.stopSpinner(startScanSpinner);
+                    console.log('Contrast Scan Finished');
                     process.exit(1);
                 }
             }
@@ -64,30 +69,21 @@ const returnScanResultsInstances = async (config, scanId) => {
     try {
         result = await client.getScanResultsInstances(config, scanId);
         if (JSON.stringify(result.statusCode) == 200) {
-            return result.body;
+            return { body: result.body, statusCode: result.statusCode };
         }
-    }
-    catch (e) {
-        console.log(e.message.toString());
-    }
-};
-const returnScanProjectById = async (config) => {
-    const client = commonApi.getHttpClient(config);
-    let result;
-    try {
-        result = await client.getScanProjectById(config);
-        if (JSON.stringify(result.statusCode) == 200) {
-            return result.body;
+        if (JSON.stringify(result.statusCode) == 503) {
+            return { statusCode: result.statusCode };
         }
     }
     catch (e) {
-        console.log(e.message.toString());
+        if (config.debug) {
+            console.log(e.message.toString());
+        }
     }
 };
 module.exports = {
     getScanId: getScanId,
     returnScanResults: returnScanResults,
     pollScanResults: pollScanResults,
-    returnScanResultsInstances: returnScanResultsInstances,
-    returnScanProjectById: returnScanProjectById
+    returnScanResultsInstances: returnScanResultsInstances
 };

package/dist/utils/getConfig.js CHANGED Viewed

@@ -10,6 +10,9 @@ const localConfig = (name, version) => {
         configName: name
     });
     config.set('version', version);
+    if (process.env.CONTRAST_CODSEC_DISABLE_UPDATE_MESSAGE) {
+        config.set('updateMessageHidden', JSON.parse(process.env.CONTRAST_CODSEC_DISABLE_UPDATE_MESSAGE.toLowerCase()));
+    }
     if (!config.has('host')) {
         config.set('host', 'https://ce.contrastsecurity.com/');
     }

package/dist/utils/oraWrapper.js CHANGED Viewed

@@ -6,6 +6,9 @@ const returnOra = text => {
 const startSpinner = spinner => {
     spinner.start();
 };
+const stopSpinner = spinner => {
+    spinner.stop();
+};
 const succeedSpinner = (spinner, text) => {
     spinner.succeed(text);
 };
@@ -16,5 +19,6 @@ module.exports = {
     returnOra,
     startSpinner,
     succeedSpinner,
-    failSpinner
+    failSpinner,
+    stopSpinner
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.3",
+  "version": "1.0.6",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {
@@ -35,7 +35,7 @@
     "dev": "npx ts-node src/index.ts"
   },
   "engines": {
-    "node": ">=16.13.2 <17"
+    "node": ">=16"
   },
   "dependencies": {
     "@aws-sdk/client-iam": "^3.78.0",
@@ -45,6 +45,7 @@
     "bluebird": "^3.7.2",
     "boxen": "5.1.2",
     "chalk": "4.1.2",
+    "cli-table3": "^0.6.2",
     "command-line-args": "^5.2.1",
     "command-line-usage": "^6.1.3",
     "conf": "^10.1.2",

package/src/audit/autodetection/autoDetectLanguage.ts ADDED Viewed

@@ -0,0 +1,40 @@
+/* eslint-disable  @typescript-eslint/no-explicit-any */
+import i18n from 'i18n'
+import {
+  reduceIdentifiedLanguages,
+  deduceLanguage
+} from '../languageAnalysisEngine/reduceIdentifiedLanguages'
+import { getProjectRootFilenames } from '../languageAnalysisEngine/getProjectRootFilenames'
+export function identifyLanguages(config: any) {
+  const { projectPath } = config
+  const projectRootFilenames = getProjectRootFilenames(projectPath)
+  const identifiedLanguages = projectRootFilenames.reduce(
+    (accumulator: any, filename: string) => {
+      const deducedLanguages = deduceLanguage(filename)
+      return [...accumulator, ...deducedLanguages]
+    },
+    []
+  )
+  if (Object.keys(identifiedLanguages).length === 0) {
+    throw new Error(i18n.__('languageAnalysisNoLanguage', projectPath))
+  }
+  return reduceIdentifiedLanguages(identifiedLanguages)
+}
+export function determineProjectLanguage(
+  reducedLanguages: Record<string, string>
+) {
+  const reducedLanguagesKeys = Object.keys(reducedLanguages)
+  if (reducedLanguagesKeys.length === 1) {
+    return reducedLanguagesKeys[0]
+  } else {
+    throw new Error(
+      'Detected multiple languages. Please specify a single language using --language'
+    )
+  }
+}

package/src/audit/catalogueApplication/catalogueApplication.js CHANGED Viewed

@@ -1,21 +1,8 @@
 const i18n = require('i18n')
 const { getHttpClient, handleResponseErrors } = require('../../utils/commonApi')
-const locationOfApp = (config, appId) => {
-  return `${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${appId}`
-}
-const displaySuccessMessage = (config, appId) => {
-  console.log(
-    '\n **************************' +
-      i18n.__('successHeader') +
-      '************************** \n'
-  )
-  console.log('\n' + i18n.__('catalogueSuccessCommand') + appId + '\n')
-  console.log(locationOfApp(config, appId))
-  console.log(
-    '\n *********************************************************** \n'
-  )
+const displaySuccessMessage = () => {
+  console.log(i18n.__('catalogueSuccessCommand'))
 }
 const catalogueApplication = async config => {
@@ -25,9 +12,10 @@ const catalogueApplication = async config => {
     .catalogueCommand(config)
     .then(res => {
       if (res.statusCode === 201) {
-        displaySuccessMessage(config, res.body.application.app_id)
+        //displaySuccessMessage(config, res.body.application.app_id)
         appId = res.body.application.app_id
       } else {
+        // console.log(res.statusCode)
         handleResponseErrors(res, 'catalogue')
       }
     })

package/src/audit/languageAnalysisEngine/{langugageAnalysisFactory.js → languageAnalysisFactory.js} RENAMED Viewed

@@ -10,13 +10,17 @@ const pythonAE = require('../pythonAnalysisEngine')
 const phpAE = require('../phpAnalysisEngine')
 const goAE = require('../goAnalysisEngine')
 const { vulnerabilityReport } = require('./report/reportingFeature')
-const { vulnReportWithoutDevDep } = require('./report/newReportingFeature')
-const { checkDevDeps } = require('./report/checkIgnoreDevDep')
 const { newSendSnapShot } = require('../languageAnalysisEngine/sendSnapshot')
 const fs = require('fs')
 const chalk = require('chalk')
 const saveFile = require('../../commands/audit/saveFile').default
 const generateSbom = require('../../sbom/generateSbom').default
+const {
+  failSpinner,
+  returnOra,
+  startSpinner,
+  succeedSpinner
+} = require('../../utils/oraWrapper')
 module.exports = exports = (err, analysis) => {
   const { identifiedLanguageInfo } = analysis.languageAnalysis
@@ -47,29 +51,15 @@ module.exports = exports = (err, analysis) => {
       return process.exit(5)
     }
-    console.log('\n **************CONTRAST OSS ANALYSIS BEGINS**************')
+    const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
+    startSpinner(reportSpinner)
     const snapshotResponse = await newSendSnapShot(analysis, catalogueAppId)
+    succeedSpinner(reportSpinner, 'Contrast SCA analysis complete')
-    if (config.report) {
-      const ignoreDevUrl = await checkDevDeps(config)
-      if (ignoreDevUrl) {
-        await vulnReportWithoutDevDep(
-          analysis,
-          catalogueAppId,
-          snapshotResponse.id,
-          config
-        )
-      } else {
-        await vulnerabilityReport(analysis, catalogueAppId, config)
-      }
-    }
+    await vulnerabilityReport(analysis, catalogueAppId, snapshotResponse.id)
     //should be moved to processAudit.ts once promises implemented
     await auditSave(config)
-    console.log(
-      '\n ***************CONTRAST OSS ANALYSIS COMPLETE************** \n'
-    )
   }
   if (identifiedLanguageInfo.language === DOTNET) {
@@ -120,7 +110,7 @@ async function auditSave(config) {
     } else {
       console.log(i18n.__('auditBadFiletypeSpecifiedForSave'))
     }
-  } else {
+  } else if (config.save === null) {
     console.log(i18n.__('auditNoFiletypeSpecifiedForSave'))
   }
 }

package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js CHANGED Viewed

@@ -28,6 +28,77 @@ const isRubyLockFilename = filename => filename === 'Gemfile.lock'
 const isPipfileLockLockFilename = filename => filename === 'Pipfile.lock'
 const isGoProjectFilename = filename => filename === 'go.mod'
+const deduceLanguageScaAnalysis = filenames => {
+  const deducedLanguages = []
+  let language = ''
+  filenames.forEach(filename => {
+    // Check for project filenames...
+    if (isJavaMavenProjectFilename(filename)) {
+      deducedLanguages.push(filename)
+      language = JAVA
+    }
+    if (isJavaGradleProjectFilename(filename)) {
+      deducedLanguages.push(filename)
+      language = JAVA
+    }
+    if (isNodeProjectFilename(filename)) {
+      deducedLanguages.push(filename)
+      language = NODE
+    }
+    //
+    // if (isDotNetProjectFilename(filename)) {
+    //   deducedLanguages.push({language: DOTNET, projectFilename: filename})
+    // }
+    //
+    // if (isRubyProjectFilename(filename)) {
+    //   deducedLanguages.push({language: RUBY, projectFilename: filename})
+    // }
+    //
+    // if (isPythonProjectFilename(filename)) {
+    //   deducedLanguages.push({language: PYTHON, projectFilename: filename})
+    // }
+    //
+    // if (isPhpProjectFilename(filename)) {
+    //   deducedLanguages.push({language: PHP, projectFilename: filename})
+    // }
+    //
+    // // Check for lock filenames...
+    // if (isDotNetLockFilename(filename)) {
+    //   deducedLanguages.push({language: DOTNET, lockFilename: filename})
+    // }
+    //
+    if (isNodeLockFilename(filename)) {
+      deducedLanguages.push(filename)
+      language = NODE
+    }
+    //
+    // if (isRubyLockFilename(filename)) {
+    //   deducedLanguages.push({language: RUBY, lockFilename: filename})
+    // }
+    //
+    // // this is pipfileLock rather than python lock as there can be different python locks
+    // if (isPipfileLockLockFilename(filename)) {
+    //   deducedLanguages.push({language: PYTHON, lockFilename: filename})
+    // }
+    //
+    // if (isPhpLockFilename(filename)) {
+    //   deducedLanguages.push({language: PHP, lockFilename: filename})
+    // }
+    //
+    // go does not have a lockfile, it should have a go.mod file containing the modules
+    if (isGoProjectFilename(filename)) {
+      deducedLanguages.push({ language: GO, projectFilename: filename })
+      language = GO
+    }
+  })
+  let identifiedLanguages = { [language]: deducedLanguages }
+  return identifiedLanguages
+}
 const deduceLanguage = filename => {
   const deducedLanguages = []
@@ -175,3 +246,4 @@ exports.isPhpProjectFilename = isPhpProjectFilename
 exports.isPhpLockFilename = isPhpLockFilename
 exports.deduceLanguage = deduceLanguage
 exports.reduceIdentifiedLanguages = reduceIdentifiedLanguages
+exports.deduceLanguageScaAnalysis = deduceLanguageScaAnalysis

package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts ADDED Viewed

@@ -0,0 +1,204 @@
+import { getHttpClient, handleResponseErrors } from '../../../utils/commonApi'
+import {
+  ReportCompositeKey,
+  ReportList,
+  ReportModelStructure
+} from './models/reportListModel'
+import { ReportSeverityModel } from './models/reportSeverityModel'
+import { orderBy } from 'lodash'
+import chalk from 'chalk'
+import { ReportCVEModel, ReportLibraryModel } from './models/reportLibraryModel'
+import {
+  findCVESeveritiesAndOrderByHighestPriority,
+  findHighestSeverityCVE,
+  findNameAndVersion,
+  severityCountAllCVEs
+} from './utils/reportUtils'
+import {SeverityCountModel} from "./models/severityCountModel";
+import {
+  ReportOutputBodyModel,
+  ReportOutputHeaderModel,
+  ReportOutputModel
+} from "./models/reportOutputModel";
+export const createLibraryHeader = (
+  id: string,
+  numberOfVulnerableLibraries: number,
+  numberOfCves: number
+) => {
+  numberOfVulnerableLibraries === 1
+    ? console.log(
+        ` Found 1 vulnerable library containing ${numberOfCves} CVE's`
+      )
+    : console.log(
+        ` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's `
+      )
+}
+export const getReport = async (config: any, reportId: string) => {
+  const client = getHttpClient(config)
+  return client
+    .getReportById(config, reportId)
+    .then((res: { statusCode: number; body: any }) => {
+      if (res.statusCode === 200) {
+        return res.body
+      } else {
+        console.log('config-------------------')
+        console.log(config)
+        console.log('reportId----------------')
+        console.log(reportId)
+        console.log(JSON.stringify(res))
+        handleResponseErrors(res, 'report')
+      }
+    })
+    .catch((err: any) => {
+      console.log(err)
+    })
+}
+export const printVulnerabilityResponse = (
+  vulnerabilities: ReportLibraryModel[],
+  config: any
+) => {
+  let hasSomeVulnerabilitiesReported = false
+  printFormattedOutput(vulnerabilities, config)
+  if (Object.keys(vulnerabilities).length > 0) {
+    hasSomeVulnerabilitiesReported = true
+  }
+  return hasSomeVulnerabilitiesReported
+}
+export const printFormattedOutput = (
+  libraries: ReportLibraryModel[],
+  config: any
+) => {
+  const report = new ReportList()
+  for (const library of libraries) {
+    const { name, version } = findNameAndVersion(library, config)
+    const newOutputModel = new ReportModelStructure(
+      new ReportCompositeKey(
+        name,
+        version,
+        findHighestSeverityCVE(library.cveArray) as ReportSeverityModel
+      ),
+      library.cveArray
+    )
+    report.reportOutputList.push(newOutputModel)
+  }
+  const orderedOutputListLowestFirst = orderBy(
+    report.reportOutputList,
+    reportListItem => reportListItem.compositeKey.highestSeverity.priority,
+    ['desc']
+  )
+  let contrastHeaderNumCounter = 0
+  for (const reportModel of orderedOutputListLowestFirst) {
+    contrastHeaderNumCounter++
+    const {libraryName, libraryVersion, highestSeverity} = reportModel.compositeKey
+    const numOfCVEs = reportModel.cveArray.length
+    const header = buildHeader(
+      highestSeverity,
+      contrastHeaderNumCounter,
+      libraryName,
+      libraryVersion,
+      numOfCVEs
+    )
+    const body = buildBody(
+      reportModel.cveArray
+    )
+    const reportOutputModel = new ReportOutputModel(header, body)
+    console.log(reportOutputModel.header.vulnMessage, reportOutputModel.header.introducesMessage)
+    console.log(reportOutputModel.body.issueMessage)
+    console.log(reportOutputModel.body.adviceMessage)
+  }
+}
+export function buildHeader(
+  highestSeverity: ReportSeverityModel,
+  contrastHeaderNum: number,
+  libraryName: string,
+  version: string,
+  numOfCVEs: number,
+) {
+  const vulnerabilityPluralised = numOfCVEs > 1 ? 'Vulnerabilities' : 'Vulnerability'
+  const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum)
+  const vulnMessage = chalk
+  .hex(highestSeverity.outputColour)
+  .bold(`${formattedHeaderNum} - [${highestSeverity.severity}] ${libraryName}-${version}`)
+  const introducesMessage = chalk.bold(
+    `introduces ${numOfCVEs} ${vulnerabilityPluralised}`
+  )
+  return new ReportOutputHeaderModel(vulnMessage, introducesMessage)
+}
+export function buildBody(cveArray: ReportCVEModel[]) {
+  const cveMessages: string[] = []
+  findCVESeveritiesAndOrderByHighestPriority(cveArray).forEach(reportSeverityModel => {
+      // @ts-ignore
+      const {outputColour, severity, cveName} = reportSeverityModel
+      const severityShorthand = chalk
+      .hex(outputColour)
+      .bold(`[${severity.charAt(0).toUpperCase()}]`)
+      const builtMessage = `${severityShorthand} ${cveName}`
+      cveMessages.push(builtMessage)
+    }
+  )
+  const numAndSeverityType = getNumOfAndSeverityType(cveArray)
+  const issueMessage =
+    ` ${chalk.bold('Issue')}  : ${numAndSeverityType} ${cveMessages.join(', ')}.`
+  const adviceMessage =
+    ` ${chalk.bold('Advice')} : ${chalk.bold('Update to latest version')}.`
+  return new ReportOutputBodyModel(issueMessage, adviceMessage)
+}
+export function buildFormattedHeaderNum(contrastHeaderNum: number) {
+  let formattedHeaderNum
+  if (contrastHeaderNum < 10) {
+    formattedHeaderNum = `00${contrastHeaderNum}`
+  } else if (contrastHeaderNum >= 10 && contrastHeaderNum < 100) {
+    formattedHeaderNum = `0${contrastHeaderNum}`
+  } else if (contrastHeaderNum >= 100) {
+    formattedHeaderNum = contrastHeaderNum
+  }
+  return `CONTRAST-${formattedHeaderNum}`
+}
+export function getNumOfAndSeverityType(cveArray: ReportCVEModel[]) {
+  const {
+    critical,
+    high,
+    medium,
+    low,
+    note
+  } = severityCountAllCVEs(cveArray, new SeverityCountModel())
+  const criticalMessage = critical > 0 ? `${critical} Critical` : ''
+  const highMessage = high > 0 ? `${high} High` : ''
+  const mediumMessage = medium > 0 ? `${medium} Medium` : ''
+  const lowMessage = low > 0 ? `${low} Low` : ''
+  const noteMessage = note > 0 ? `${note} Note` : ''
+  //removes/trims whitespace to single spaces
+  return `${criticalMessage} ${highMessage} ${mediumMessage} ${lowMessage} ${noteMessage}`
+  .replace(/\s+/g, ' ')
+  .trim();
+}

package/src/audit/languageAnalysisEngine/report/models/reportLibraryModel.ts ADDED Viewed

@@ -0,0 +1,30 @@
+export class ReportLibraryModel {
+  name: string
+  cveArray: ReportCVEModel[]
+  constructor (name: string, cveArray: ReportCVEModel[]){
+    this.name = name
+    this.cveArray = cveArray
+  }
+}
+export class ReportCVEModel {
+  name?: string
+  description?: string
+  authentication?: string
+  references?: []
+  severityCode?: string
+  cvss3SeverityCode?: string
+  constructor (
+    name: string,
+    description: string,
+    severityCode: string,
+    cvss3SeverityCode: string
+  ){
+    this.name = name
+    this.description = description
+    this.severityCode = severityCode
+    this.cvss3SeverityCode = cvss3SeverityCode
+  }
+}

package/src/audit/languageAnalysisEngine/report/models/reportListModel.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import {ReportSeverityModel} from "./reportSeverityModel";
+import {ReportCVEModel} from "./reportLibraryModel";
+export class ReportList {
+  reportOutputList: ReportModelStructure[]
+  constructor (){
+    this.reportOutputList = []
+  }
+}
+export class ReportModelStructure {
+  compositeKey: ReportCompositeKey;
+  cveArray: ReportCVEModel[];
+  constructor (compositeKey: ReportCompositeKey, cveArray: ReportCVEModel[]){
+    this.compositeKey = compositeKey
+    this.cveArray = cveArray
+  }
+}
+export class ReportCompositeKey {
+  libraryName!: string;
+  libraryVersion!: string;
+  highestSeverity!: ReportSeverityModel;
+  constructor (libraryName: string, libraryVersion: string, highestSeverity: ReportSeverityModel){
+    this.libraryName = libraryName
+    this.libraryVersion = libraryVersion
+    this.highestSeverity = highestSeverity
+  }
+}

package/src/audit/languageAnalysisEngine/report/models/reportOutputModel.ts ADDED Viewed

@@ -0,0 +1,29 @@
+export class ReportOutputModel {
+  header: ReportOutputHeaderModel
+  body: ReportOutputBodyModel
+  constructor(header: ReportOutputHeaderModel, body: ReportOutputBodyModel) {
+    this.header = header
+    this.body = body
+  }
+}
+export class ReportOutputHeaderModel {
+  vulnMessage: string
+  introducesMessage: string
+  constructor(vulnMessage: string, introducesMessage: string) {
+    this.vulnMessage = vulnMessage
+    this.introducesMessage = introducesMessage
+  }
+}
+export class ReportOutputBodyModel {
+  issueMessage: string
+  adviceMessage: string
+  constructor(bodyIssueMessage: string, bodyAdviceMessage: string) {
+    this.issueMessage = bodyIssueMessage
+    this.adviceMessage = bodyAdviceMessage
+  }
+}

package/src/audit/languageAnalysisEngine/report/models/reportSeverityModel.ts ADDED Viewed

@@ -0,0 +1,13 @@
+export class ReportSeverityModel {
+  severity: string
+  priority: number
+  outputColour: string
+  cveName: string
+  constructor(severity: string, priority: number, outputColour: string, cveName: string) {
+    this.severity = severity
+    this.priority = priority
+    this.outputColour = outputColour
+    this.cveName = cveName
+  }
+}

package/src/audit/languageAnalysisEngine/report/models/severityCountModel.ts ADDED Viewed

@@ -0,0 +1,16 @@
+export class SeverityCountModel {
+  critical!: number
+  high!: number
+  medium!: number
+  low!: number
+  note!: number
+  //needed as default to stop NaN when new object constructed
+  constructor() {
+    this.critical = 0
+    this.high = 0
+    this.medium = 0
+    this.low = 0
+    this.note = 0
+  }
+}