npm - @contrast/contrast - Versions diffs - 1.0.4 → 1.0.5 - Mend

@contrast/contrast 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (62) hide show

package/.prettierignore +2 -0
package/dist/audit/autodetection/autoDetectLanguage.js +32 -0
package/dist/audit/catalogueApplication/catalogueApplication.js +2 -11
package/dist/audit/languageAnalysisEngine/languageAnalysisFactory.js +4 -2
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +25 -0
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +3 -17
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +1 -1
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +2 -16
package/dist/commands/audit/auditConfig.js +8 -2
package/dist/commands/audit/auditController.js +8 -2
package/dist/commands/scan/processScan.js +6 -3
package/dist/commands/scan/sca/scaAnalysis.js +44 -0
package/dist/common/HTTPClient.js +0 -1
package/dist/common/errorHandling.js +7 -17
package/dist/constants/constants.js +14 -2
package/dist/constants/locales.js +28 -35
package/dist/constants.js +20 -0
package/dist/scaAnalysis/common/formatMessage.js +11 -0
package/dist/scaAnalysis/common/treeUpload.js +30 -0
package/dist/scaAnalysis/java/analysis.js +116 -0
package/dist/scaAnalysis/java/index.js +18 -0
package/dist/scaAnalysis/java/javaBuildDepsParser.js +326 -0
package/dist/scan/autoDetection.js +46 -1
package/dist/scan/fileUtils.js +73 -1
package/dist/scan/formatScanOutput.js +212 -0
package/dist/scan/help.js +3 -1
package/dist/scan/models/groupedResultsModel.js +2 -1
package/dist/scan/scan.js +1 -96
package/dist/scan/scanController.js +1 -2
package/dist/scan/scanResults.js +3 -17
package/package.json +2 -1
package/src/audit/autodetection/autoDetectLanguage.ts +40 -0
package/src/audit/catalogueApplication/catalogueApplication.js +4 -16
package/src/audit/languageAnalysisEngine/languageAnalysisFactory.js +9 -5
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +71 -0
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts +3 -25
package/src/audit/languageAnalysisEngine/report/reportingFeature.ts +1 -1
package/src/audit/languageAnalysisEngine/sendSnapshot.js +2 -24
package/src/commands/audit/auditConfig.ts +12 -3
package/src/commands/audit/auditController.ts +9 -2
package/src/commands/audit/processAudit.ts +3 -0
package/src/commands/scan/processScan.js +8 -3
package/src/commands/scan/sca/scaAnalysis.js +73 -0
package/src/common/HTTPClient.js +1 -1
package/src/common/errorHandling.ts +7 -24
package/src/constants/constants.js +14 -2
package/src/constants/locales.js +30 -49
package/src/constants.js +22 -0
package/src/scaAnalysis/common/formatMessage.js +10 -0
package/src/scaAnalysis/common/treeUpload.js +34 -0
package/src/scaAnalysis/java/analysis.js +159 -0
package/src/scaAnalysis/java/index.js +21 -0
package/src/scaAnalysis/java/javaBuildDepsParser.js +391 -0
package/src/scan/autoDetection.js +54 -1
package/src/scan/fileUtils.js +91 -1
package/src/scan/formatScanOutput.ts +241 -0
package/src/scan/help.js +3 -1
package/src/scan/models/groupedResultsModel.ts +7 -5
package/src/scan/models/resultContentModel.ts +2 -2
package/src/scan/scan.ts +0 -130
package/src/scan/scanController.js +1 -2
package/src/scan/scanResults.js +9 -17

package/src/scaAnalysis/java/analysis.js ADDED Viewed

@@ -0,0 +1,159 @@
+const child_process = require('child_process')
+const path = require('path')
+const i18n = require('i18n')
+const fs = require('fs')
+const MAVEN = 'maven'
+const GRADLE = 'gradle'
+const determineProjectTypeAndCwd = (files, projectPath) => {
+  const projectData = {}
+  if (files[0].includes('pom.xml')) {
+    projectData.projectType = MAVEN
+    projectData.cwd = projectPath
+      ? projectPath
+      : files[0].replace('pom.xml', '')
+  } else if (files[0].includes('build.gradle')) {
+    projectData.projectType = GRADLE
+    projectData.cwd = projectPath
+      ? projectPath
+      : files[0].replace('pom.xml', '')
+  }
+  return projectData
+}
+const buildMaven = async (config, projectData, timeout) => {
+  let cmdStdout
+  let mvn_settings = ''
+  try {
+    // Allow users to provide a custom location for their settings.xml
+    if (config.mavenSettingsPath) {
+      mvn_settings = ' -s ' + config.mavenSettingsPath
+    }
+    cmdStdout = child_process.execSync(
+      'mvn dependency:tree -B' + mvn_settings,
+      {
+        cwd: projectData.cwd,
+        timeout
+      }
+    )
+    // output.mvnDependancyTreeOutput = cmdStdout.toString()
+    // console.log(cmdStdout.toString())
+    return cmdStdout.toString()
+  } catch (err) {
+    try {
+      child_process.execSync('mvn --version', {
+        cwd: projectData.cwd,
+        timeout
+      })
+      throw new Error(
+        i18n.__('mavenDependencyTreeNonZero', projectData.cwd, `${err.message}`)
+      )
+    } catch (mvnErr) {
+      throw new Error(
+        i18n.__('mavenNotInstalledError', projectData.cwd, `${mvnErr.message}`)
+      )
+    }
+  }
+}
+const buildGradle = (config, projectData, timeout) => {
+  let cmdStdout
+  let output = {}
+  try {
+    // path.sep is user here to either execute as "./gradlew" for UNIX/Linux/MacOS
+    // & ".\gradlew" for Windows
+    // Check if the user has specified a sub-project
+    if (config.subProject) {
+      cmdStdout = child_process.execSync(
+        '.' +
+          path.sep +
+          'gradlew :' +
+          config.subProject +
+          ':dependencies --configuration runtimeClasspath',
+        {
+          cwd: projectData.cwd,
+          timeout
+        }
+      )
+    } else {
+      cmdStdout = child_process.execSync(
+        '.' +
+          path.sep +
+          'gradlew dependencies --configuration runtimeClasspath',
+        {
+          cwd: projectData.cwd,
+          timeout
+        }
+      )
+    }
+    if (
+      cmdStdout
+        .toString()
+        .includes(
+          "runtimeClasspath - Runtime classpath of source set 'main'.\n" +
+            'No dependencies'
+        )
+    ) {
+      cmdStdout = child_process.execSync(
+        '.' + path.sep + 'gradlew dependencies',
+        {
+          cwd: projectData.cwd,
+          timeout
+        }
+      )
+    }
+    output.mvnDependancyTreeOutput = cmdStdout.toString()
+    return output
+  } catch (err) {
+    if (
+      fs.existsSync(projectData.cwd + 'gradlew') ||
+      fs.existsSync(projectData.cwd + 'gradlew.bat')
+    ) {
+      throw new Error(
+        i18n.__(
+          'gradleDependencyTreeNonZero',
+          projectData.cwd,
+          `${err.message}`
+        )
+      )
+    } else {
+      throw new Error(
+        i18n.__('gradleWrapperUnavailable', projectData.cwd, `${err.message}`)
+      )
+    }
+  }
+}
+const getJavaBuildDeps = async (config, files) => {
+  const timeout = 960000
+  let output = {
+    mvnDependancyTreeOutput: undefined,
+    projectType: undefined
+  }
+  try {
+    const projectData = determineProjectTypeAndCwd(files, config.projectPath)
+    if (projectData.projectType === MAVEN) {
+      output.mvnDependancyTreeOutput = await buildMaven(
+        config,
+        projectData,
+        timeout
+      )
+    } else if (projectData.projectType === GRADLE) {
+      output.mvnDependancyTreeOutput = buildGradle(config, projectData, timeout)
+    }
+    output.projectType = projectData.projectType
+    return output
+  } catch (err) {
+    //
+  }
+}
+module.exports = {
+  getJavaBuildDeps
+}

package/src/scaAnalysis/java/index.js ADDED Viewed

@@ -0,0 +1,21 @@
+const { getJavaBuildDeps } = require('./analysis')
+const { parseBuildDeps } = require('./javaBuildDepsParser')
+const { createJavaTSMessage } = require('../common/formatMessage')
+const javaAnalysis = async (config, languageFiles) => {
+  languageFiles.java.forEach(file => {
+    file.replace('build.gradle.kts', 'build.gradle')
+  })
+  const javaDeps = await buildJavaTree(config, languageFiles.java)
+  return createJavaTSMessage(javaDeps)
+}
+const buildJavaTree = async (config, files) => {
+  const javaBuildDeps = await getJavaBuildDeps(config, files)
+  return parseBuildDeps(config, javaBuildDeps)
+}
+module.exports = {
+  javaAnalysis
+}

package/src/scaAnalysis/java/javaBuildDepsParser.js ADDED Viewed

@@ -0,0 +1,391 @@
+const i18n = require('i18n')
+const StringBuilder = require('string-builder')
+let sb = new StringBuilder()
+const parseBuildDeps = (config, input) => {
+  const { mvnDependancyTreeOutput, projectType } = input
+  // console.log(projectType)
+  try {
+    return parseGradle(mvnDependancyTreeOutput, config, projectType)
+  } catch (err) {
+    throw new Error(i18n.__('javaParseProjectFile') + `${err.message}`)
+  }
+}
+const preParser = shavedOutput => {
+  let obj = []
+  for (let dep in shavedOutput) {
+    obj.push(
+      shavedOutput[dep]
+        .replace('+-', '+---')
+        .replace('[INFO]', '')
+        .replace('\\-', '\\---')
+        .replace(':jar:', ':')
+        .replace(':test', '')
+        .replace(':compile', '')
+        .replace(' +', '+')
+        .replace(' |', '|')
+        .replace(' \\', '\\')
+        .replace(':runtime', '')
+    )
+  }
+  let depTree = []
+  for (let x in obj) {
+    let nodeLevel = computeRelationToLastElement(obj[x])
+    let notLastLevel =
+      obj[x].startsWith('|') ||
+      obj[x].startsWith('+') ||
+      obj[x].startsWith('\\')
+    if (notLastLevel) {
+      if (nodeLevel === 0) {
+        depTree.push(obj[x])
+      } else {
+        let level = computeLevel(nodeLevel)
+        let validatedLevel = addIndentation(nodeLevel === 2 ? 5 : level, obj[x])
+        depTree.push(validatedLevel)
+      }
+    } else {
+      let level = computeLevel(nodeLevel)
+      let validatedLevel = addIndentation(nodeLevel === 3 ? 5 : level, obj[x])
+      depTree.push(validatedLevel)
+    }
+  }
+  return depTree
+}
+const shaveOutput = (gradleDependencyTreeOutput, projectType) => {
+  let shavedOutput = gradleDependencyTreeOutput.split('\n')
+  // console.log(projectType)
+  if (projectType === 'maven') {
+    shavedOutput = preParser(shavedOutput)
+  }
+  let obj = []
+  for (let key in shavedOutput) {
+    if (shavedOutput[key].includes('project :')) {
+      //skip
+    } else if (
+      shavedOutput[key].includes('+---') ||
+      shavedOutput[key].includes('\\---')
+    ) {
+      obj.push(shavedOutput[key])
+    }
+  }
+  return obj
+}
+const computeIndentation = element => {
+  let hasPlus = element.includes('+')
+  let hasSlash = element.includes('\\')
+  if (hasPlus) {
+    return element.substring(element.indexOf('+'))
+  }
+  if (hasSlash) {
+    return element.substring(element.indexOf('\\'))
+  }
+}
+const computeLevel = nodeLevel => {
+  let num = [5, 8, 11, 14, 17, 20]
+  for (let z in num) {
+    if (num[z] === nodeLevel) {
+      let n = parseInt(z)
+      return 5 * (n + 2)
+    }
+  }
+}
+const addIndentation = (number, str) => {
+  str = computeIndentation(str)
+  sb.clear() // need to clear so each dep doesn't append to the string
+  for (let j = 0; j < number; j++) {
+    sb.append(' ')
+  }
+  sb.append(str)
+  return sb.toString()
+}
+const computeRelationToLastElement = element => {
+  let hasPlus = element.includes('+---')
+  let hasSlash = element.includes('\\---')
+  if (hasPlus) {
+    return element.split('+---')[0].length
+  }
+  if (hasSlash) {
+    return element.split('\\---')[0].length
+  }
+}
+const stripElement = element => {
+  return element
+    .replace(/[|]/g, '')
+    .replace('+---', '')
+    .replace('\\---', '')
+    .replace(/[' ']/g, '')
+    .replace('(c)', '')
+    .replace('->', '@')
+    .replace('(*)', '')
+}
+const checkVersion = element => {
+  let version = element.split(':')
+  return version[version.length - 1]
+}
+const createElement = (element, isRoot) => {
+  let tree
+  let cleanElement = stripElement(element)
+  let splitGroupName = cleanElement.split(':')
+  let validateVersion = false
+  if (!element.includes('->')) {
+    validateVersion = true
+  }
+  tree = {
+    artifactID: splitGroupName[1],
+    group: splitGroupName[0],
+    version: validateVersion
+      ? checkVersion(cleanElement)
+      : splitGroupName[splitGroupName.length - 1],
+    scope: 'compile',
+    type: isRoot ? 'direct' : 'transitive',
+    edges: {}
+  }
+  return tree
+}
+const getElementHeader = element => {
+  let elementHeader = stripElement(element)
+  elementHeader = elementHeader.replace(':', '/')
+  elementHeader = elementHeader.replace(':', '@')
+  return elementHeader
+}
+const buildElement = (element, rootElement, parentOfCurrent, tree, isRoot) => {
+  let childElement = createElement(element, isRoot)
+  let elementHeader = getElementHeader(element)
+  let levelsArray = [rootElement, parentOfCurrent]
+  const treeNode = getNestedObject(tree, levelsArray)
+  const rootNode = getNestedObject(tree, [rootElement])
+  // eslint-disable-next-line
+  if (!rootNode.hasOwnProperty(elementHeader)) {
+    tree[rootElement][elementHeader] = childElement
+  }
+  treeNode.edges[elementHeader] = elementHeader
+}
+const hasChildren = (nextNodeLevel, nodeLevel) => {
+  if (nextNodeLevel > nodeLevel) {
+    return true
+  }
+}
+const lastChild = (nextNodeLevel, nodeLevel) => {
+  if (nextNodeLevel < nodeLevel) {
+    return true
+  }
+}
+const calculateLevels = (nextNodeLevel, nodeLevel) => {
+  return (nodeLevel - nextNodeLevel) / 5
+}
+const buildTree = shavedOutput => {
+  let tree = {}
+  let rootElement
+  let levelNodes = []
+  shavedOutput.forEach((element, index) => {
+    if (index === 0) {
+      // console.log(element, index)
+      let cleanElement = stripElement(element)
+      let elementHeader = getElementHeader(cleanElement)
+      let splitElement = element.split(' ')
+      let splitGroupName = splitElement[1].split(':')
+      let validateVersion = false
+      if (!element.includes('->')) {
+        validateVersion = true
+      }
+      tree[splitGroupName[0]] = {}
+      tree[splitGroupName[0]][elementHeader] = {
+        artifactID: splitGroupName[1],
+        group: splitGroupName[0],
+        version: validateVersion
+          ? checkVersion(cleanElement)
+          : splitElement[splitElement.length - 1],
+        scope: 'compile',
+        type: 'direct',
+        edges: {}
+      }
+      rootElement = splitGroupName[0]
+      levelNodes.push(elementHeader)
+    }
+    if (shavedOutput.length - 1 === index) {
+      // console.log(element, index)
+      const parentOfCurrent = levelNodes[levelNodes.length - 1]
+      let nodeLevel = computeRelationToLastElement(element)
+      let validateVersion = false
+      if (!element.includes('->')) {
+        validateVersion = true
+      }
+      if (nodeLevel === 0) {
+        let cleanElement = stripElement(element)
+        let elementHeader = getElementHeader(cleanElement)
+        let splitElement = element.split(' ')
+        let splitGroupName = splitElement[1].split(':')
+        tree[rootElement][elementHeader] = {
+          artifactID: splitGroupName[1],
+          group: splitGroupName[0],
+          version: validateVersion
+            ? checkVersion(cleanElement)
+            : splitElement[splitElement.length - 1],
+          scope: 'compile',
+          type: 'direct',
+          edges: {}
+        }
+      } else {
+        buildElement(element, rootElement, parentOfCurrent, tree)
+      }
+    }
+    if (index >= 1 && index < shavedOutput.length - 1) {
+      let nodeLevel = computeRelationToLastElement(element)
+      let nextNodeLevel = computeRelationToLastElement(shavedOutput[index + 1])
+      const parentOfCurrent = levelNodes[levelNodes.length - 1]
+      let isRoot = false
+      if (nodeLevel === 0) {
+        isRoot = true
+      }
+      // useful for debugging
+      // console.log(
+      //   element,
+      //   index,
+      //   'nodeLevel:',
+      //   nodeLevel,
+      //   'nextNodeLevel:',
+      //   nextNodeLevel,
+      //   'parentofCurrent:',
+      //   parentOfCurrent
+      // )
+      if (isRoot) {
+        let cleanElement = stripElement(element)
+        let elementHeader = getElementHeader(cleanElement)
+        let splitElement = element.split(' ')
+        let splitGroupName = splitElement[1].split(':')
+        let validateVersion = false
+        if (!element.includes('->')) {
+          validateVersion = true
+        }
+        tree[rootElement][elementHeader] = {
+          artifactID: splitGroupName[1],
+          group: splitGroupName[0],
+          version: validateVersion
+            ? checkVersion(cleanElement)
+            : splitElement[splitElement.length - 1],
+          scope: 'compile',
+          type: 'direct',
+          edges: {}
+        }
+        levelNodes.push(elementHeader)
+        return
+      }
+      let elementHeader = getElementHeader(element)
+      buildElement(element, rootElement, parentOfCurrent, tree, isRoot)
+      if (hasChildren(nextNodeLevel, nodeLevel)) {
+        buildElement(element, rootElement, parentOfCurrent, tree, isRoot)
+        levelNodes.push(elementHeader)
+      }
+      if (lastChild(nextNodeLevel, nodeLevel)) {
+        let levelDifference = calculateLevels(nextNodeLevel, nodeLevel)
+        if (levelDifference === 0) {
+          levelNodes.pop()
+        } else {
+          let i
+          for (i = 0; i < levelDifference; i++) {
+            levelNodes.pop()
+          }
+        }
+      }
+    }
+  })
+  return tree
+}
+const getNestedObject = (nestedObj, pathArr) => {
+  return pathArr.reduce(
+    (obj, key) => (obj && obj[key] !== 'undefined' ? obj[key] : undefined),
+    nestedObj
+  )
+}
+// emit any "+--- project :" within the tree
+const parseSubProject = shavedOutput => {
+  let obj = []
+  for (let key in shavedOutput) {
+    if (!shavedOutput[key].includes('project')) {
+      obj.push(shavedOutput[key])
+    }
+  }
+  return obj
+}
+const validateIndentation = shavedOutput => {
+  let validatedTree = []
+  shavedOutput.forEach((element, index) => {
+    let nextNodeLevel
+    let nodeLevel = computeRelationToLastElement(element)
+    if (shavedOutput[index + 1] !== undefined) {
+      nextNodeLevel = computeRelationToLastElement(shavedOutput[index + 1])
+    }
+    if (index === 0) {
+      validatedTree.push(shavedOutput[index])
+      validatedTree.push(shavedOutput[index + 1])
+    } else if (nextNodeLevel > nodeLevel + 5) {
+      return
+    } else {
+      validatedTree.push(shavedOutput[index + 1])
+    }
+  })
+  validatedTree.pop()
+  return validatedTree
+}
+const parseGradle = (gradleDependencyTreeOutput, config, projectType) => {
+  let shavedOutput = shaveOutput(gradleDependencyTreeOutput, projectType)
+  if (config.subProject) {
+    let subProject = parseSubProject(shavedOutput)
+    let validatedOutput = validateIndentation(subProject)
+    return buildTree(validatedOutput)
+  } else {
+    let validatedOutput = validateIndentation(shavedOutput)
+    return buildTree(validatedOutput)
+  }
+}
+module.exports = {
+  parseBuildDeps
+}

package/src/scan/autoDetection.js CHANGED Viewed

@@ -1,5 +1,7 @@
 const i18n = require('i18n')
 const fileFinder = require('./fileUtils')
+const languageResolver = require('../audit/languageAnalysisEngine/reduceIdentifiedLanguages')
+const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames')
 const autoDetectFileAndLanguage = async configToUse => {
   const entries = await fileFinder.findFile()
@@ -21,6 +23,39 @@ const autoDetectFileAndLanguage = async configToUse => {
   }
 }
+const autoDetectAuditFilesAndLanguages = async () => {
+  let languagesFound = []
+  console.log(i18n.__('searchingAuditFileDirectory', process.cwd()))
+  await fileFinder.findFilesJava(languagesFound)
+  await fileFinder.findFilesJavascript(languagesFound)
+  await fileFinder.findFilesPython(languagesFound)
+  await fileFinder.findFilesGo(languagesFound)
+  await fileFinder.findFilesPhp(languagesFound)
+  await fileFinder.findFilesRuby(languagesFound)
+  if (languagesFound.length === 1) {
+    return languagesFound
+  } else {
+    console.log(
+      'found multiple languages, please specify one using --file to run SCA analysis'
+    )
+  }
+}
+const manualDetectAuditFilesAndLanguages = async projectPath => {
+  let projectRootFilenames = await rootFile.getProjectRootFilenames(projectPath)
+  let identifiedLanguages = languageResolver.deduceLanguageScaAnalysis(
+    projectRootFilenames
+  )
+  if (Object.keys(identifiedLanguages).length === 0) {
+    console.log(i18n.__('languageAnalysisNoLanguage', projectPath))
+    return []
+  }
+  return [identifiedLanguages]
+}
 const hasWhiteSpace = s => {
   const filename = s.split('/').pop()
   return filename.indexOf(' ') >= 0
@@ -42,7 +77,25 @@ const errorOnFileDetection = entries => {
   process.exit(1)
 }
+const errorOnAuditFileDetection = entries => {
+  if (entries.length > 1) {
+    console.log(i18n.__('searchingDirectoryScan'))
+    for (let file in entries) {
+      console.log('-', entries[file])
+    }
+    console.log('')
+    console.log(i18n.__('specifyFileAuditNotFound'))
+  } else {
+    console.log(i18n.__('noFileFoundScan'))
+    console.log('')
+    console.log(i18n.__('specifyFileAuditNotFound'))
+  }
+}
 module.exports = {
   autoDetectFileAndLanguage,
-  errorOnFileDetection
+  errorOnFileDetection,
+  autoDetectAuditFilesAndLanguages,
+  errorOnAuditFileDetection,
+  manualDetectAuditFilesAndLanguages
 }