npm - @contrast/contrast - Versions diffs - 1.0.4 → 1.0.7 - Mend

@contrast/contrast 1.0.4 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (115) hide show

package/.prettierignore +0 -3
package/dist/audit/autodetection/autoDetectLanguage.js +32 -0
package/dist/audit/catalogueApplication/catalogueApplication.js +2 -11
package/dist/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +4 -2
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +2 -1
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +2 -1
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +2 -1
package/dist/audit/languageAnalysisEngine/languageAnalysisFactory.js +6 -2
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +39 -1
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +69 -30
package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js +24 -0
package/dist/audit/languageAnalysisEngine/report/models/reportSeverityModel.js +3 -1
package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js +13 -0
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +2 -2
package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js +56 -45
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +65 -17
package/dist/commands/audit/auditConfig.js +8 -2
package/dist/commands/audit/auditController.js +9 -3
package/dist/commands/audit/processAudit.js +1 -1
package/dist/commands/scan/processScan.js +7 -4
package/dist/commands/scan/sca/scaAnalysis.js +60 -0
package/dist/common/HTTPClient.js +50 -16
package/dist/common/errorHandling.js +11 -16
package/dist/common/versionChecker.js +1 -1
package/dist/constants/constants.js +24 -2
package/dist/constants/locales.js +31 -36
package/dist/constants.js +20 -0
package/dist/lambda/analytics.js +11 -0
package/dist/lambda/lambda.js +35 -4
package/dist/lambda/types.js +13 -0
package/dist/scaAnalysis/common/formatMessage.js +35 -0
package/dist/scaAnalysis/common/treeUpload.js +29 -0
package/dist/scaAnalysis/go/goAnalysis.js +17 -0
package/dist/scaAnalysis/go/goParseDeps.js +158 -0
package/dist/scaAnalysis/go/goReadDepFile.js +23 -0
package/dist/scaAnalysis/java/analysis.js +105 -0
package/dist/scaAnalysis/java/index.js +18 -0
package/dist/scaAnalysis/java/javaBuildDepsParser.js +339 -0
package/dist/scaAnalysis/python/analysis.js +41 -0
package/dist/scaAnalysis/python/index.js +10 -0
package/dist/scaAnalysis/ruby/analysis.js +226 -0
package/dist/scaAnalysis/ruby/index.js +10 -0
package/dist/scan/autoDetection.js +50 -1
package/dist/scan/fileUtils.js +80 -1
package/dist/scan/formatScanOutput.js +213 -0
package/dist/scan/help.js +3 -1
package/dist/scan/models/groupedResultsModel.js +2 -1
package/dist/scan/models/scanResultsModel.js +3 -1
package/dist/scan/populateProjectIdAndProjectName.js +2 -1
package/dist/scan/scan.js +6 -99
package/dist/scan/scanConfig.js +6 -1
package/dist/scan/scanController.js +26 -7
package/dist/scan/scanResults.js +20 -20
package/dist/utils/commonApi.js +4 -1
package/dist/utils/oraWrapper.js +5 -1
package/package.json +12 -7
package/src/audit/autodetection/autoDetectLanguage.ts +40 -0
package/src/audit/catalogueApplication/catalogueApplication.js +3 -16
package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +11 -8
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +2 -1
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +2 -1
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +2 -1
package/src/audit/languageAnalysisEngine/languageAnalysisFactory.js +17 -5
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +76 -3
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts +122 -40
package/src/audit/languageAnalysisEngine/report/models/reportLibraryModel.ts +3 -3
package/src/audit/languageAnalysisEngine/report/models/reportListModel.ts +15 -11
package/src/audit/languageAnalysisEngine/report/models/reportOutputModel.ts +29 -0
package/src/audit/languageAnalysisEngine/report/models/reportSeverityModel.ts +12 -3
package/src/audit/languageAnalysisEngine/report/models/severityCountModel.ts +16 -0
package/src/audit/languageAnalysisEngine/report/reportingFeature.ts +3 -3
package/src/audit/languageAnalysisEngine/report/utils/reportUtils.ts +87 -65
package/src/audit/languageAnalysisEngine/sendSnapshot.js +78 -25
package/src/commands/audit/auditConfig.ts +12 -3
package/src/commands/audit/auditController.ts +9 -3
package/src/commands/audit/processAudit.ts +4 -1
package/src/commands/scan/processScan.js +10 -4
package/src/commands/scan/sca/scaAnalysis.js +83 -0
package/src/common/HTTPClient.js +65 -25
package/src/common/errorHandling.ts +14 -22
package/src/common/versionChecker.ts +1 -1
package/src/constants/constants.js +24 -2
package/src/constants/locales.js +33 -50
package/src/constants.js +22 -0
package/src/lambda/analytics.ts +9 -0
package/src/lambda/arn.ts +2 -1
package/src/lambda/lambda.ts +37 -17
package/src/lambda/types.ts +35 -0
package/src/lambda/utils.ts +2 -7
package/src/scaAnalysis/common/formatMessage.js +38 -0
package/src/scaAnalysis/common/treeUpload.js +30 -0
package/src/scaAnalysis/go/goAnalysis.js +19 -0
package/src/scaAnalysis/go/goParseDeps.js +203 -0
package/src/scaAnalysis/go/goReadDepFile.js +32 -0
package/src/scaAnalysis/java/analysis.js +142 -0
package/src/scaAnalysis/java/index.js +21 -0
package/src/scaAnalysis/java/javaBuildDepsParser.js +404 -0
package/src/scaAnalysis/python/analysis.js +48 -0
package/src/scaAnalysis/python/index.js +11 -0
package/src/scaAnalysis/ruby/analysis.js +282 -0
package/src/scaAnalysis/ruby/index.js +11 -0
package/src/scan/autoDetection.js +58 -1
package/src/scan/fileUtils.js +99 -1
package/src/scan/formatScanOutput.ts +249 -0
package/src/scan/help.js +3 -1
package/src/scan/models/groupedResultsModel.ts +7 -5
package/src/scan/models/resultContentModel.ts +2 -2
package/src/scan/models/scanResultsModel.ts +5 -2
package/src/scan/populateProjectIdAndProjectName.js +3 -1
package/src/scan/scan.ts +8 -136
package/src/scan/scanConfig.js +5 -1
package/src/scan/scanController.js +30 -10
package/src/scan/scanResults.js +31 -18
package/src/utils/commonApi.js +4 -1
package/src/utils/oraWrapper.js +6 -1

package/src/scaAnalysis/ruby/analysis.js ADDED Viewed

@@ -0,0 +1,282 @@
+const fs = require('fs')
+const readAndParseGemfile = projectPath => {
+  const fileName = filePathForWindows(projectPath + '/Gemfile')
+  const gemFile = fs.readFileSync(fileName, 'utf8')
+  const rubyArray = gemFile.split('\n')
+  let filteredRubyDep = rubyArray.filter(element => {
+    return (
+      !element.includes('#') &&
+      element.includes('gem') &&
+      !element.includes('source')
+    )
+  })
+  for (let i = 0; i < filteredRubyDep.length; i++) {
+    filteredRubyDep[i] = filteredRubyDep[i].trim()
+  }
+  return filteredRubyDep
+}
+const readAndParseGemLockFile = projectPath => {
+  const fileName = filePathForWindows(projectPath + '/Gemfile.lock')
+  const lockFile = fs.readFileSync(fileName, 'utf8')
+  const dependencyRegEx = /^\s*([A-Za-z0-9.!@#$%\-^&*_+]*)\s*(\((.*?)\))/
+  const lines = lockFile.split('\n')
+  return {
+    dependencies: getDirectDependencies(lines, dependencyRegEx),
+    runtimeDetails: getLockFileRuntimeInfo(lines),
+    sources: getSourceArray(lines, dependencyRegEx)
+  }
+}
+const nonDependencyKeys = (line, sourceObject) => {
+  const GEMFILE_KEY_VALUE = /^\s*([^:(]*)\s*\s*(.*)/
+  let parts = GEMFILE_KEY_VALUE.exec(line)
+  let key = parts[1].trim()
+  let value = parts[2] || ''
+  sourceObject[key] = value
+  return sourceObject
+}
+const populateResolveAndPlatform = (version, sourceObject) => {
+  const depArr = version.split('-')
+  sourceObject.resolved = depArr[0]
+  sourceObject.platform = depArr.length > 1 ? depArr[1] : 'UNSPECIFIED'
+  return sourceObject
+}
+const isUpperCase = str => {
+  return str === str.toUpperCase()
+}
+const getDirectDependencies = (lines, dependencyRegEx) => {
+  const dependencies = {}
+  let depIndex = 0
+  for (let i = 0; i < lines.length; i++) {
+    if (lines[i] === 'DEPENDENCIES') {
+      depIndex = i
+    }
+  }
+  const getDepArray = lines.slice(depIndex)
+  for (let j = 1; j < getDepArray.length; j++) {
+    const element = getDepArray[j]
+    if (!isUpperCase(element)) {
+      const isDependencyWithVersion = dependencyRegEx.test(element)
+      if (isDependencyWithVersion) {
+        const dependency = dependencyRegEx.exec(element)
+        let name = dependency[1]
+        name = name.replace('!', '')
+        dependencies[name.trim()] = dependency[3]
+      } else {
+        let name = element
+        name = name.replace('!', ' ')
+        dependencies[name.trim()] = 'UNSPECIFIED'
+      }
+    }
+  }
+  return dependencies
+}
+const getLockFileRuntimeInfo = lines => {
+  let rubVersionIndex = 0
+  for (let i = 0; i < lines.length; i++) {
+    if (lines[i] === 'RUBY VERSION') {
+      rubVersionIndex = i
+      break
+    }
+  }
+  const runtimeDetails = {}
+  if (rubVersionIndex !== 0) {
+    const getRubyVersionArray = lines.slice(rubVersionIndex)
+    for (let element of getRubyVersionArray) {
+      if (!isUpperCase(element)) {
+        runtimeDetails['version'] = getVersion(element)
+        runtimeDetails['patchLevel'] = getPatchLevel(element)
+        if (element.includes('engine')) {
+          let splitElement = element.split(' ')
+          runtimeDetails[splitElement[0]] = splitElement[1]
+        }
+      }
+    }
+  }
+  return runtimeDetails
+}
+const getVersion = element => {
+  const versionRegex = /^([ruby\s0-9.*]+)/
+  if (versionRegex.test(element)) {
+    let version = versionRegex.exec(element)[0]
+    if (version.includes('ruby')) {
+      return trimWhiteSpace(version.replace('ruby', ''))
+    }
+  }
+}
+const getPatchLevel = element => {
+  const patchLevelRegex = /(p\d+)/
+  if (patchLevelRegex.test(element)) {
+    return patchLevelRegex.exec(element)[0]
+  }
+}
+const formatSourceArr = sourceArr => {
+  return sourceArr.map(element => {
+    if (element.sourceType === 'GIT') {
+      delete element.specs
+    }
+    if (element.sourceType === 'GEM') {
+      delete element.branch
+      delete element.revision
+      delete element.depthLevel
+      delete element.specs
+    }
+    if (element.sourceType === 'PATH') {
+      delete element.branch
+      delete element.revision
+      delete element.depthLevel
+      delete element.specs
+      delete element.platform
+    }
+    return element
+  })
+}
+const getSourceArray = (lines, dependencyRegEx) => {
+  const sourceObject = {
+    dependencies: {}
+  }
+  const whitespaceRegx = /^(\s*)/
+  let index = 0
+  let line = 0
+  const sources = []
+  while ((line = lines[index++]) !== undefined) {
+    let currentWS = whitespaceRegx.exec(line)[1].length
+    if (!line.includes(' bundler (')) {
+      if (currentWS === 0 && !line.includes(':') && line !== '') {
+        sourceObject.sourceType = line
+      }
+      if (currentWS !== 0 && line.includes(':')) {
+        nonDependencyKeys(line, sourceObject)
+      }
+      if (currentWS > 2) {
+        let nexlineWS = whitespaceRegx.exec(lines[index])[1].length
+        sourceObject.dependencies = buildSourceDependencyWithVersion(
+          whitespaceRegx,
+          dependencyRegEx,
+          line,
+          currentWS,
+          sourceObject.name,
+          sourceObject.dependencies
+        )
+        if (currentWS === 4 && sourceObject.depthLevel === undefined) {
+          const dependency = dependencyRegEx.exec(line)
+          sourceObject.name = dependency[1]
+          sourceObject.depthLevel = currentWS
+          populateResolveAndPlatform(dependency[3], sourceObject)
+        }
+        if (currentWS === 4 && sourceObject.depthLevel) {
+          // create new Parent
+          const dependency = dependencyRegEx.exec(line)
+          sourceObject.name = dependency[1]
+          sourceObject.depthLevel = currentWS
+          populateResolveAndPlatform(dependency[3], sourceObject)
+        }
+        if (
+          (currentWS === 4 && nexlineWS === 4) ||
+          (currentWS === 6 && nexlineWS === 4) ||
+          nexlineWS === ''
+        ) {
+          let newObj = {}
+          newObj = JSON.parse(JSON.stringify(sourceObject))
+          sources.push(newObj)
+          sourceObject.dependencies = {}
+        }
+      }
+    }
+  }
+  return formatSourceArr(sources)
+}
+const buildSourceDependencyWithVersion = (
+  whitespaceRegx,
+  dependencyRegEx,
+  line,
+  currentWhiteSpace,
+  name,
+  dependencies
+) => {
+  const isDependencyWithVersion = dependencyRegEx.test(line)
+  if (currentWhiteSpace === 6) {
+    const dependency = dependencyRegEx.exec(line)
+    if (isDependencyWithVersion) {
+      if (name !== dependency[1]) {
+        dependencies[dependency[1]] = dependency[3]
+      }
+    } else {
+      dependencies[line.trim()] = 'UNSPECIFIED'
+    }
+  }
+  return dependencies
+}
+const getRubyDeps = config => {
+  try {
+    const parsedGem = readAndParseGemfile(config.projectPath)
+    const parsedLock = readAndParseGemLockFile(config.projectPath)
+    return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock }
+  } catch (err) {
+    console.log(err.message)
+    process.exit(1)
+  }
+}
+const trimWhiteSpace = string => {
+  return string.replace(/\s+/g, '')
+}
+const filePathForWindows = path => {
+  if (process.platform === 'win32') {
+    path = path.replace(/\//g, '\\')
+  }
+  return path
+}
+module.exports = {
+  getRubyDeps,
+  readAndParseGemfile,
+  readAndParseGemLockFile,
+  nonDependencyKeys,
+  populateResolveAndPlatform,
+  isUpperCase,
+  getDirectDependencies,
+  getLockFileRuntimeInfo,
+  getVersion,
+  getPatchLevel,
+  formatSourceArr,
+  getSourceArray
+}

package/src/scaAnalysis/ruby/index.js ADDED Viewed

@@ -0,0 +1,11 @@
+const { getRubyDeps } = require('./analysis')
+const { createRubyTSMessage } = require('../common/formatMessage')
+const rubyAnalysis = (config, languageFiles) => {
+  const rubyDeps = getRubyDeps(config, languageFiles.RUBY)
+  return createRubyTSMessage(rubyDeps)
+}
+module.exports = {
+  rubyAnalysis
+}

package/src/scan/autoDetection.js CHANGED Viewed

@@ -1,5 +1,7 @@
 const i18n = require('i18n')
 const fileFinder = require('./fileUtils')
+const languageResolver = require('../audit/languageAnalysisEngine/reduceIdentifiedLanguages')
+const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames')
 const autoDetectFileAndLanguage = async configToUse => {
   const entries = await fileFinder.findFile()
@@ -12,6 +14,11 @@ const autoDetectFileAndLanguage = async configToUse => {
       process.exit(1)
     }
+    if (fileFinder.fileIsEmpty(entries[0])) {
+      console.log(i18n.__('scanFileIsEmpty'))
+      process.exit(1)
+    }
     configToUse.file = entries[0]
     if (configToUse.name === undefined) {
       configToUse.name = entries[0]
@@ -21,6 +28,38 @@ const autoDetectFileAndLanguage = async configToUse => {
   }
 }
+const autoDetectAuditFilesAndLanguages = async () => {
+  let languagesFound = []
+  console.log(i18n.__('searchingAuditFileDirectory', process.cwd()))
+  await fileFinder.findFilesJava(languagesFound)
+  await fileFinder.findFilesJavascript(languagesFound)
+  await fileFinder.findFilesPython(languagesFound)
+  await fileFinder.findFilesGo(languagesFound)
+  await fileFinder.findFilesPhp(languagesFound)
+  await fileFinder.findFilesRuby(languagesFound)
+  if (languagesFound.length === 1) {
+    return languagesFound
+  } else {
+    console.log(
+      'found multiple languages, please specify one using --file to run SCA analysis'
+    )
+  }
+}
+const manualDetectAuditFilesAndLanguages = projectPath => {
+  let projectRootFilenames = rootFile.getProjectRootFilenames(projectPath)
+  let identifiedLanguages =
+    languageResolver.deduceLanguageScaAnalysis(projectRootFilenames)
+  if (Object.keys(identifiedLanguages).length === 0) {
+    console.log(i18n.__('languageAnalysisNoLanguage', projectPath))
+    return []
+  }
+  return [identifiedLanguages]
+}
 const hasWhiteSpace = s => {
   const filename = s.split('/').pop()
   return filename.indexOf(' ') >= 0
@@ -42,7 +81,25 @@ const errorOnFileDetection = entries => {
   process.exit(1)
 }
+const errorOnAuditFileDetection = entries => {
+  if (entries.length > 1) {
+    console.log(i18n.__('searchingDirectoryScan'))
+    for (let file in entries) {
+      console.log('-', entries[file])
+    }
+    console.log('')
+    console.log(i18n.__('specifyFileAuditNotFound'))
+  } else {
+    console.log(i18n.__('noFileFoundScan'))
+    console.log('')
+    console.log(i18n.__('specifyFileAuditNotFound'))
+  }
+}
 module.exports = {
   autoDetectFileAndLanguage,
-  errorOnFileDetection
+  errorOnFileDetection,
+  autoDetectAuditFilesAndLanguages,
+  errorOnAuditFileDetection,
+  manualDetectAuditFilesAndLanguages
 }

package/src/scan/fileUtils.js CHANGED Viewed

@@ -11,6 +11,90 @@ const findFile = async () => {
   })
 }
+const findFilesJava = async languagesFound => {
+  const result = await fg(
+    ['**/pom.xml', '**/build.gradle', '**/build.gradle.kts'],
+    {
+      dot: false,
+      deep: 1,
+      onlyFiles: true
+    }
+  )
+  if (result.length > 0) {
+    return languagesFound.push({ JAVA: result })
+  }
+  return languagesFound
+}
+const findFilesJavascript = async languagesFound => {
+  const result = await fg(
+    ['**/package.json', '**/yarn.lock', '**/package.lock.json'],
+    {
+      dot: false,
+      deep: 1,
+      onlyFiles: true
+    }
+  )
+  if (result.length > 0) {
+    return languagesFound.push({ JAVASCRIPT: result })
+  }
+  return languagesFound
+}
+const findFilesPython = async languagesFound => {
+  const result = await fg(['**/Pipfile.lock', '**/Pipfile'], {
+    dot: false,
+    deep: 3,
+    onlyFiles: true
+  })
+  if (result.length > 0) {
+    return languagesFound.push({ PYTHON: result })
+  }
+  return languagesFound
+}
+const findFilesGo = async languagesFound => {
+  const result = await fg(['**/go.mod'], {
+    dot: false,
+    deep: 3,
+    onlyFiles: true
+  })
+  if (result.length > 0) {
+    return languagesFound.push({ GO: result })
+  }
+  return languagesFound
+}
+const findFilesRuby = async languagesFound => {
+  const result = await fg(['**/Gemfile', '**/Gemfile.lock'], {
+    dot: false,
+    deep: 3,
+    onlyFiles: true
+  })
+  if (result.length > 0) {
+    return languagesFound.push({ RUBY: result })
+  }
+  return languagesFound
+}
+const findFilesPhp = async languagesFound => {
+  const result = await fg(['**/composer.json', '**/composer.lock'], {
+    dot: false,
+    deep: 3,
+    onlyFiles: true
+  })
+  if (result.length > 0) {
+    return languagesFound.push({ PHP: result })
+  }
+  return languagesFound
+}
 const checkFilePermissions = file => {
   let readableFile = false
   try {
@@ -26,8 +110,22 @@ const fileExists = path => {
   return fs.existsSync(path)
 }
+const fileIsEmpty = path => {
+  if (fileExists(path) && checkFilePermissions(path)) {
+    return fs.readFileSync(path).length === 0
+  }
+  return false
+}
 module.exports = {
   findFile,
   fileExists,
-  checkFilePermissions
+  checkFilePermissions,
+  findFilesJava,
+  findFilesJavascript,
+  findFilesPython,
+  findFilesGo,
+  findFilesPhp,
+  findFilesRuby,
+  fileIsEmpty
 }