npm - @contrast/contrast - Versions diffs - 1.0.4 → 1.0.7 - Mend

@contrast/contrast 1.0.4 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (115) hide show

package/.prettierignore +0 -3
package/dist/audit/autodetection/autoDetectLanguage.js +32 -0
package/dist/audit/catalogueApplication/catalogueApplication.js +2 -11
package/dist/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +4 -2
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +2 -1
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +2 -1
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +2 -1
package/dist/audit/languageAnalysisEngine/languageAnalysisFactory.js +6 -2
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +39 -1
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +69 -30
package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js +24 -0
package/dist/audit/languageAnalysisEngine/report/models/reportSeverityModel.js +3 -1
package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js +13 -0
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +2 -2
package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js +56 -45
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +65 -17
package/dist/commands/audit/auditConfig.js +8 -2
package/dist/commands/audit/auditController.js +9 -3
package/dist/commands/audit/processAudit.js +1 -1
package/dist/commands/scan/processScan.js +7 -4
package/dist/commands/scan/sca/scaAnalysis.js +60 -0
package/dist/common/HTTPClient.js +50 -16
package/dist/common/errorHandling.js +11 -16
package/dist/common/versionChecker.js +1 -1
package/dist/constants/constants.js +24 -2
package/dist/constants/locales.js +31 -36
package/dist/constants.js +20 -0
package/dist/lambda/analytics.js +11 -0
package/dist/lambda/lambda.js +35 -4
package/dist/lambda/types.js +13 -0
package/dist/scaAnalysis/common/formatMessage.js +35 -0
package/dist/scaAnalysis/common/treeUpload.js +29 -0
package/dist/scaAnalysis/go/goAnalysis.js +17 -0
package/dist/scaAnalysis/go/goParseDeps.js +158 -0
package/dist/scaAnalysis/go/goReadDepFile.js +23 -0
package/dist/scaAnalysis/java/analysis.js +105 -0
package/dist/scaAnalysis/java/index.js +18 -0
package/dist/scaAnalysis/java/javaBuildDepsParser.js +339 -0
package/dist/scaAnalysis/python/analysis.js +41 -0
package/dist/scaAnalysis/python/index.js +10 -0
package/dist/scaAnalysis/ruby/analysis.js +226 -0
package/dist/scaAnalysis/ruby/index.js +10 -0
package/dist/scan/autoDetection.js +50 -1
package/dist/scan/fileUtils.js +80 -1
package/dist/scan/formatScanOutput.js +213 -0
package/dist/scan/help.js +3 -1
package/dist/scan/models/groupedResultsModel.js +2 -1
package/dist/scan/models/scanResultsModel.js +3 -1
package/dist/scan/populateProjectIdAndProjectName.js +2 -1
package/dist/scan/scan.js +6 -99
package/dist/scan/scanConfig.js +6 -1
package/dist/scan/scanController.js +26 -7
package/dist/scan/scanResults.js +20 -20
package/dist/utils/commonApi.js +4 -1
package/dist/utils/oraWrapper.js +5 -1
package/package.json +12 -7
package/src/audit/autodetection/autoDetectLanguage.ts +40 -0
package/src/audit/catalogueApplication/catalogueApplication.js +3 -16
package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +11 -8
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +2 -1
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +2 -1
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +2 -1
package/src/audit/languageAnalysisEngine/languageAnalysisFactory.js +17 -5
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +76 -3
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts +122 -40
package/src/audit/languageAnalysisEngine/report/models/reportLibraryModel.ts +3 -3
package/src/audit/languageAnalysisEngine/report/models/reportListModel.ts +15 -11
package/src/audit/languageAnalysisEngine/report/models/reportOutputModel.ts +29 -0
package/src/audit/languageAnalysisEngine/report/models/reportSeverityModel.ts +12 -3
package/src/audit/languageAnalysisEngine/report/models/severityCountModel.ts +16 -0
package/src/audit/languageAnalysisEngine/report/reportingFeature.ts +3 -3
package/src/audit/languageAnalysisEngine/report/utils/reportUtils.ts +87 -65
package/src/audit/languageAnalysisEngine/sendSnapshot.js +78 -25
package/src/commands/audit/auditConfig.ts +12 -3
package/src/commands/audit/auditController.ts +9 -3
package/src/commands/audit/processAudit.ts +4 -1
package/src/commands/scan/processScan.js +10 -4
package/src/commands/scan/sca/scaAnalysis.js +83 -0
package/src/common/HTTPClient.js +65 -25
package/src/common/errorHandling.ts +14 -22
package/src/common/versionChecker.ts +1 -1
package/src/constants/constants.js +24 -2
package/src/constants/locales.js +33 -50
package/src/constants.js +22 -0
package/src/lambda/analytics.ts +9 -0
package/src/lambda/arn.ts +2 -1
package/src/lambda/lambda.ts +37 -17
package/src/lambda/types.ts +35 -0
package/src/lambda/utils.ts +2 -7
package/src/scaAnalysis/common/formatMessage.js +38 -0
package/src/scaAnalysis/common/treeUpload.js +30 -0
package/src/scaAnalysis/go/goAnalysis.js +19 -0
package/src/scaAnalysis/go/goParseDeps.js +203 -0
package/src/scaAnalysis/go/goReadDepFile.js +32 -0
package/src/scaAnalysis/java/analysis.js +142 -0
package/src/scaAnalysis/java/index.js +21 -0
package/src/scaAnalysis/java/javaBuildDepsParser.js +404 -0
package/src/scaAnalysis/python/analysis.js +48 -0
package/src/scaAnalysis/python/index.js +11 -0
package/src/scaAnalysis/ruby/analysis.js +282 -0
package/src/scaAnalysis/ruby/index.js +11 -0
package/src/scan/autoDetection.js +58 -1
package/src/scan/fileUtils.js +99 -1
package/src/scan/formatScanOutput.ts +249 -0
package/src/scan/help.js +3 -1
package/src/scan/models/groupedResultsModel.ts +7 -5
package/src/scan/models/resultContentModel.ts +2 -2
package/src/scan/models/scanResultsModel.ts +5 -2
package/src/scan/populateProjectIdAndProjectName.js +3 -1
package/src/scan/scan.ts +8 -136
package/src/scan/scanConfig.js +5 -1
package/src/scan/scanController.js +30 -10
package/src/scan/scanResults.js +31 -18
package/src/utils/commonApi.js +4 -1
package/src/utils/oraWrapper.js +6 -1

package/src/scan/formatScanOutput.ts ADDED Viewed

@@ -0,0 +1,249 @@
+import {
+  ScanResultsInstances,
+  ScanResultsModel
+} from './models/scanResultsModel'
+import i18n from 'i18n'
+import chalk from 'chalk'
+import { ResultContent } from './models/resultContentModel'
+import { GroupedResultsModel } from './models/groupedResultsModel'
+import { sortBy } from 'lodash'
+import Table from 'cli-table3'
+import {
+  CRITICAL_COLOUR,
+  HIGH_COLOUR,
+  LOW_COLOUR,
+  MEDIUM_COLOUR,
+  NOTE_COLOUR
+} from '../constants/constants'
+export function formatScanOutput(scanResults: ScanResultsModel) {
+  const { scanResultsInstances } = scanResults
+  const projectOverview = getProjectOverview(scanResultsInstances)
+  if (scanResultsInstances.content.length === 0) {
+    console.log(i18n.__('scanNoVulnerabilitiesFound'))
+    console.log(i18n.__('scanNoVulnerabilitiesFoundSecureCode'))
+    console.log(i18n.__('scanNoVulnerabilitiesFoundGoodWork'))
+  } else {
+    const message =
+      projectOverview.critical || projectOverview.high
+        ? 'Here are your top priorities to fix'
+        : "No major issues, here's what we found"
+    console.log(chalk.bold(message))
+    console.log()
+    let defaultView = getDefaultView(scanResultsInstances.content)
+    let count = defaultView.length
+    defaultView.forEach(entry => {
+      let table = new Table({
+        chars: {
+          top: '',
+          'top-mid': '',
+          'top-left': '',
+          'top-right': '',
+          bottom: '',
+          'bottom-mid': '',
+          'bottom-left': '',
+          'bottom-right': '',
+          left: '',
+          'left-mid': '',
+          mid: '',
+          'mid-mid': '',
+          right: '',
+          'right-mid': '',
+          middle: ' '
+        },
+        style: { 'padding-left': 0, 'padding-right': 0 },
+        colAligns: ['right'],
+        wordWrap: true,
+        colWidths: [12, 1, 100]
+      })
+      let learnRow: string[] = []
+      let adviceRow = []
+      const headerRow = [
+        chalk
+          .hex(entry.colour)
+          .bold(`CONTRAST-${count.toString().padStart(3, '0')}`),
+        chalk.hex(entry.colour).bold('-'),
+        chalk.hex(entry.colour).bold(`[${entry.severity}] ${entry.ruleId}`) +
+          entry.message
+      ]
+      const codePath = entry.codePath?.replace(/^@/, '')
+      const codeRow = [
+        chalk.hex('#F6F5F5').bold(`Code`),
+        chalk.hex('#F6F5F5').bold(`:`),
+        chalk.hex('#F6F5F5').bold(`${codePath}`)
+      ]
+      const issueRow = [chalk.bold(`Issue`), chalk.bold(`:`), `${entry.issue}`]
+      table.push(headerRow, codeRow, issueRow)
+      if (entry?.advice) {
+        adviceRow = [
+          chalk.bold('Advice'),
+          chalk.bold(`:`),
+          stripTags(entry.advice)
+        ]
+        table.push(adviceRow)
+      }
+      if (entry?.learn && entry?.learn.length > 0) {
+        learnRow = [
+          chalk.bold('Learn'),
+          chalk.bold(`:`),
+          chalk.hex('#97f7f7').bold.underline(entry.learn[0])
+        ]
+        table.push(learnRow)
+      }
+      count--
+      console.log(table.toString())
+      console.log()
+    })
+  }
+  printVulnInfo(projectOverview)
+}
+function printVulnInfo(projectOverview: any) {
+  const totalVulnerabilities = projectOverview.total
+  const vulMessage =
+    totalVulnerabilities === 1 ? `vulnerability` : `vulnerabilities`
+  console.log(chalk.bold(`Found ${totalVulnerabilities} ${vulMessage}`))
+  console.log(
+    i18n.__(
+      'foundDetailedVulnerabilities',
+      String(projectOverview.critical),
+      String(projectOverview.high),
+      String(projectOverview.medium),
+      String(projectOverview.low),
+      String(projectOverview.note)
+    )
+  )
+}
+export function getProjectOverview(scanResultsInstances: ScanResultsInstances) {
+  const acc: any = {
+    critical: 0,
+    high: 0,
+    medium: 0,
+    low: 0,
+    note: 0,
+    total: 0
+  }
+  if (
+    scanResultsInstances?.content &&
+    scanResultsInstances.content.length > 0
+  ) {
+    scanResultsInstances.content.forEach((i: ResultContent) => {
+      acc[i.severity.toLowerCase()] += 1
+      acc.total += 1
+      return acc
+    })
+  }
+  return acc
+}
+export function formatLinks(objName: string, entry: any[]) {
+  const line = chalk.bold(objName + '  : ')
+  if (entry.length === 1) {
+    console.log(line + chalk.hex('#97DCF7').bold.underline(entry[0]))
+  } else {
+    console.log(line)
+    entry.forEach(link => {
+      console.log(chalk.hex('#97DCF7').bold.underline(link))
+    })
+  }
+}
+export function getDefaultView(content: ResultContent[]) {
+  const groupTypeResults = [] as GroupedResultsModel[]
+  content.forEach(resultEntry => {
+    const groupResultsObj = new GroupedResultsModel(resultEntry.ruleId)
+    groupResultsObj.severity = resultEntry.severity
+    groupResultsObj.ruleId = resultEntry.ruleId
+    groupResultsObj.issue = stripTags(resultEntry.issue)
+    groupResultsObj.advice = resultEntry.advice
+    groupResultsObj.learn = resultEntry.learn
+    groupResultsObj.message = resultEntry.message?.text
+      ? editVulName(resultEntry.message.text) +
+        ':' +
+        getSourceLineNumber(resultEntry)
+      : ''
+    groupResultsObj.codePath = getLocationsSyncInfo(resultEntry)
+    groupTypeResults.push(groupResultsObj)
+    assignBySeverity(resultEntry, groupResultsObj)
+  })
+  return sortBy(groupTypeResults, ['priority']).reverse()
+}
+export function editVulName(message: string) {
+  return message.substring(message.indexOf(' in '))
+}
+export function getLocationsSyncInfo(resultEntry: ResultContent) {
+  const locationsMessage =
+    resultEntry.locations[0]?.physicalLocation?.artifactLocation?.uri || ''
+  const locationsLineNumber =
+    resultEntry.locations[0]?.physicalLocation?.region?.startLine || ''
+  if (!locationsLineNumber) {
+    return '@' + locationsMessage
+  }
+  return '@' + locationsMessage + ':' + locationsLineNumber
+}
+export function getSourceLineNumber(resultEntry: ResultContent) {
+  const locationsLineNumber =
+    resultEntry.locations[0]?.physicalLocation?.region?.startLine || ''
+  let codeFlowLineNumber = getCodeFlowInfo(resultEntry)
+  return codeFlowLineNumber ? codeFlowLineNumber : locationsLineNumber
+}
+export function getCodeFlowInfo(resultEntry: ResultContent) {
+  let result: any
+  resultEntry.codeFlows[0]?.threadFlows.forEach((i: { locations: any[] }) => {
+    return (result = i.locations.find(
+      (locations: { importance: string }) =>
+        locations.importance === 'essential'
+    ))
+  })
+  return result?.location?.physicalLocation?.region?.startLine
+}
+export function stripTags(oldString: string) {
+  return oldString.replace(/\n/g, ' ').replace(/\s+/g, ' ').trim()
+}
+export function assignBySeverity(
+  entry: ResultContent,
+  assignedObj: GroupedResultsModel
+) {
+  if (entry.severity.toUpperCase() === 'CRITICAL') {
+    assignedObj.priority = 1
+    assignedObj.colour = CRITICAL_COLOUR
+    return assignedObj
+  } else if (entry.severity.toUpperCase() === 'HIGH') {
+    assignedObj.priority = 2
+    assignedObj.colour = HIGH_COLOUR
+    return assignedObj
+  } else if (entry.severity.toUpperCase() === 'MEDIUM') {
+    assignedObj.priority = 3
+    assignedObj.colour = MEDIUM_COLOUR
+    return assignedObj
+  } else if (entry.severity.toUpperCase() === 'LOW') {
+    assignedObj.priority = 4
+    assignedObj.colour = LOW_COLOUR
+    return assignedObj
+  } else if (entry.severity.toUpperCase() === 'NOTE') {
+    assignedObj.priority = 5
+    assignedObj.colour = NOTE_COLOUR
+    return assignedObj
+  }
+}

package/src/scan/help.js CHANGED Viewed

@@ -30,7 +30,9 @@ const scanUsageGuide = commandLineUsage([
       'ff',
       'ignore-cert-errors',
       'verbose',
-      'debug'
+      'debug',
+      'experimental',
+      'application-name'
     ]
   },
   {

package/src/scan/models/groupedResultsModel.ts CHANGED Viewed

@@ -1,18 +1,20 @@
 export class GroupedResultsModel {
   ruleId: string
-  lineInfoSet: Set<string>
+  codePathSet: Set<string>
   cwe?: string[]
-  owasp?: string[]
   reference?: string[]
-  recommendation?: string
   severity?: string
   advice?: string
   learn?: string[]
   issue?: string
-  message?: string
+  priority?: number
+  message?: string | undefined
+  colour: string
+  codePath?: string
   constructor(ruleId: string) {
     this.ruleId = ruleId
-    this.lineInfoSet = new Set<string>
+    this.colour = '#999999'
+    this.codePathSet = new Set<string>()
   }
 }

package/src/scan/models/resultContentModel.ts CHANGED Viewed

@@ -5,7 +5,7 @@ interface ArtifactLocation {
 }
 interface Region {
-  startLine: number
+  startLine: string
   snippet: Snippet
 }
@@ -52,7 +52,7 @@ export interface CodeFlow {
 }
 export interface ResultContent {
-  message: {text: string};
+  message?: { text: string }
   id: string
   organizationId: string
   projectId: string

package/src/scan/models/scanResultsModel.ts CHANGED Viewed

@@ -4,11 +4,14 @@ export class ScanResultsModel {
   projectOverview: ProjectOverview
   scanDetail: ScanDetail
   scanResultsInstances: ScanResultsInstances
+  newProject: boolean
   constructor(scan: any) {
     this.projectOverview = scan.projectOverview as ProjectOverview
     this.scanDetail = scan.scanDetail as ScanDetail
-    this.scanResultsInstances = scan.scanResultsInstances as ScanResultsInstances
+    this.scanResultsInstances =
+      scan.scanResultsInstances as ScanResultsInstances
+    this.newProject = scan.newProject
   }
 }
@@ -49,4 +52,4 @@ export interface ScanDetail {
 export interface ScanResultsInstances {
   content: ResultContent[]
-}
+}

package/src/scan/populateProjectIdAndProjectName.js CHANGED Viewed

@@ -8,9 +8,11 @@ const populateProjectId = async config => {
     proj = await getExistingProjectIdByName(config, client).then(res => {
       return res
     })
+    return { projectId: proj, isNewProject: false }
   }
-  return proj
+  return { projectId: proj, isNewProject: true }
 }
 const createProjectId = async (config, client) => {

package/src/scan/scan.ts CHANGED Viewed

@@ -2,10 +2,6 @@ import commonApi from '../utils/commonApi.js'
 import fileUtils from '../scan/fileUtils'
 import i18n from 'i18n'
 import oraWrapper from '../utils/oraWrapper'
-import chalk from 'chalk'
-import { ProjectOverview, ScanResultsModel } from './models/scanResultsModel'
-import { Location, ResultContent } from './models/resultContentModel'
-import { GroupedResultsModel } from './models/groupedResultsModel'
 export const allowedFileTypes = ['.jar', '.war', '.js', '.zip', '.exe']
@@ -44,149 +40,25 @@ export const sendScan = async (config: any) => {
           return res.body.id
         } else {
           if (config.debug) {
-            console.log(res.statusCode)
             console.log(config)
+            oraWrapper.failSpinner(
+              startUploadSpinner,
+              i18n.__('uploadingScanFail')
+            )
+            console.log(i18n.__('genericServiceError', res.statusCode))
           }
-          oraWrapper.failSpinner(
-            startUploadSpinner,
-            i18n.__('uploadingScanFail')
-          )
           if (res.statusCode === 403) {
             console.log(i18n.__('permissionsError'))
             process.exit(1)
           }
-          console.log(i18n.__('genericServiceError', res.statusCode))
+          oraWrapper.stopSpinner(startUploadSpinner)
+          console.log('Contrast Scan Finished')
           process.exit(1)
         }
       })
       .catch(err => {
+        oraWrapper.stopSpinner(startUploadSpinner)
         console.log(err)
       })
   }
 }
-export function formatScanOutput(scanResults: ScanResultsModel) {
-  const { projectOverview, scanResultsInstances } = scanResults
-  if (scanResultsInstances.content.length === 0) {
-    console.log(i18n.__('scanNoVulnerabilitiesFound'))
-  } else {
-    const message =
-      projectOverview.critical || projectOverview.high
-        ? 'Here are your top priorities to fix'
-        : "No major issues, here's what we found"
-    console.log(chalk.bold(message))
-    console.log()
-    const groups = getGroups(scanResultsInstances.content)
-    groups.forEach(entry => {
-      console.log(
-        chalk.bold(
-          `[ ${entry.severity} ] | ${entry.ruleId} (${entry.lineInfoSet.size}) - ` +
-            `${entry.message}`
-        )
-      )
-      let count = 1
-      entry.lineInfoSet.forEach(lineInfo => {
-        console.log(`\t ${count}. ${lineInfo}`)
-        count++
-      })
-      if (entry?.issue) {
-        console.log(chalk.bold('Issue' + ': ') + entry.issue)
-      }
-      if (entry?.advice) {
-        console.log(chalk.bold('Advice' + ': ') + entry.advice)
-      }
-      if (entry?.learn && entry?.learn.length > 0) {
-        formatLinks('Learn', entry.learn)
-      }
-      console.log()
-    })
-    printVulnInfo(projectOverview)
-  }
-}
-function printVulnInfo(projectOverview: ProjectOverview) {
-  const totalVulnerabilities = getTotalVulns(projectOverview)
-  const vulMessage =
-    totalVulnerabilities === 1 ? `vulnerability` : `vulnerabilities`
-  console.log(chalk.bold(`Found ${totalVulnerabilities} ${vulMessage}`))
-  console.log(
-    i18n.__(
-      'foundDetailedVulnerabilities',
-      String(projectOverview.critical),
-      String(projectOverview.high),
-      String(projectOverview.medium),
-      String(projectOverview.low),
-      String(projectOverview.note)
-    )
-  )
-}
-function getTotalVulns(projectOverview: ProjectOverview) {
-  return (
-    projectOverview.critical +
-    projectOverview.high +
-    projectOverview.medium +
-    projectOverview.low +
-    projectOverview.note
-  )
-}
-export function formatLinks(objName: string, entry: any[]) {
-  console.log(chalk.bold(objName + ':'))
-  entry.forEach(link => {
-    console.log(link)
-  })
-}
-export function getGroups(content: ResultContent[]) {
-  const groupTypeSet = new Set(content.map(({ ruleId }) => ruleId))
-  const groupTypeResults = [] as GroupedResultsModel[]
-  groupTypeSet.forEach(groupName => {
-    const groupResultsObj = new GroupedResultsModel(groupName)
-    content.forEach(resultEntry => {
-      if (resultEntry.ruleId === groupName) {
-        groupResultsObj.severity = resultEntry.severity
-        groupResultsObj.issue = stripMustacheTags(resultEntry.issue)
-        groupResultsObj.advice = resultEntry.advice
-        groupResultsObj.learn = resultEntry.learn
-        groupResultsObj.message = resultEntry.message?.text
-        groupResultsObj.lineInfoSet.add(getMessage(resultEntry.locations))
-      }
-    })
-    groupTypeResults.push(groupResultsObj)
-  })
-  return groupTypeResults
-}
-export function getMessage(locations: Location[]) {
-  const message = locations[0]?.physicalLocation?.artifactLocation?.uri || ''
-  const lineNumber = locations[0]?.physicalLocation?.region?.startLine || ''
-  if (!lineNumber) {
-    return '@' + message
-  }
-  return '@' + message + ':' + lineNumber
-}
-export function stripMustacheTags(oldString: string) {
-  return oldString
-    .replace(/\n/g, ' ')
-    .replace(/{{.*?}}/g, '\n')
-    .replace(/\$\$LINK_DELIM\$\$/g, '\n')
-    .replace(/\s+/g, ' ')
-    .trim()
-}

package/src/scan/scanConfig.js CHANGED Viewed

@@ -31,11 +31,15 @@ const getScanConfig = argv => {
   }
   // if no name, take the full file path and use it as the project name
+  let projectNameSource
   if (!scanParams.name && scanParams.file) {
     scanParams.name = getFileName(scanParams.file)
+    projectNameSource = 'AUTO'
+  } else {
+    projectNameSource = 'USER'
   }
-  return { ...paramsAuth, ...scanParams }
+  return { ...paramsAuth, ...scanParams, projectNameSource }
 }
 const getFileName = file => {

package/src/scan/scanController.js CHANGED Viewed

@@ -2,7 +2,8 @@ const i18n = require('i18n')
 const {
   returnOra,
   startSpinner,
-  succeedSpinner
+  succeedSpinner,
+  stopSpinner
 } = require('../utils/oraWrapper')
 const populateProjectIdAndProjectName = require('./populateProjectIdAndProjectName')
 const scan = require('./scan')
@@ -28,6 +29,11 @@ const fileAndLanguageLogic = async configToUse => {
       console.log(i18n.__('fileNotExist'))
       process.exit(1)
     }
+    if (fileFunctions.fileIsEmpty(configToUse.file)) {
+      console.log(i18n.__('scanFileIsEmpty'))
+      process.exit(1)
+    }
     return configToUse
   } else {
     if (configToUse.file === undefined || configToUse.file === null) {
@@ -40,10 +46,15 @@ const startScan = async configToUse => {
   const startTime = performance.now()
   await fileAndLanguageLogic(configToUse)
+  let newProject
   if (!configToUse.projectId) {
-    configToUse.projectId = await populateProjectIdAndProjectName.populateProjectId(
-      configToUse
-    )
+    const { projectId, isNewProject } =
+      await populateProjectIdAndProjectName.populateProjectId(configToUse)
+    configToUse.projectId = projectId
+    newProject = isNewProject
+  } else {
+    newProject = false
   }
   const codeArtifactId = await scan.sendScan(configToUse)
@@ -53,6 +64,7 @@ const startScan = async configToUse => {
     const scanDetail = await scanResults.returnScanResults(
       configToUse,
       codeArtifactId,
+      newProject,
       getTimeout(configToUse),
       startScanSpinner
     )
@@ -64,12 +76,20 @@ const startScan = async configToUse => {
     const endTime = performance.now()
     const scanDurationMs = endTime - startTime
-    succeedSpinner(startScanSpinner, 'Contrast Scan complete')
-    console.log(
-      `----- Scan completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
-    )
-    const projectOverview = await scanResults.returnScanProjectById(configToUse)
-    return { projectOverview, scanDetail, scanResultsInstances }
+    if (scanResultsInstances.statusCode !== 200) {
+      stopSpinner(startScanSpinner)
+      console.log('Result Service is unavailable, please try again later')
+      process.exit(1)
+    } else {
+      succeedSpinner(startScanSpinner, 'Contrast Scan complete')
+      console.log(
+        `----- Scan completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
+      )
+      return {
+        scanDetail,
+        scanResultsInstances: scanResultsInstances.body
+      }
+    }
   }
 }

package/src/scan/scanResults.js CHANGED Viewed

@@ -3,6 +3,7 @@ const requestUtils = require('../../src/utils/requestUtils')
 const oraFunctions = require('../utils/oraWrapper')
 const _ = require('lodash')
 const i18n = require('i18n')
+const oraWrapper = require('../utils/oraWrapper')
 const getScanId = async (config, codeArtifactId, client) => {
   return client
@@ -30,11 +31,21 @@ const pollScanResults = async (config, scanId, client) => {
 const returnScanResults = async (
   config,
   codeArtifactId,
+  newProject,
   timeout,
   startScanSpinner
 ) => {
   const client = commonApi.getHttpClient(config)
   let scanId = await getScanId(config, codeArtifactId, client)
+  // send metrics event to sast-event-collector
+  if (
+    process.env.CODESEC_INVOCATION_ENVIRONMENT &&
+    process.env.CODESEC_INVOCATION_ENVIRONMENT.toUpperCase() === 'GITHUB'
+  ) {
+    await client.createNewEvent(config, scanId, newProject)
+  }
   let startTime = new Date()
   let complete = false
   if (!_.isNil(scanId)) {
@@ -47,17 +58,27 @@ const returnScanResults = async (
         }
         if (result.body.status === 'FAILED') {
           complete = true
-          oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan Failed.')
-          console.log(result.body.errorMessage)
+          if (config.debug) {
+            oraFunctions.failSpinner(
+              startScanSpinner,
+              i18n.__(
+                'scanNotCompleted',
+                'https://docs.contrastsecurity.com/en/binary-package-preparation.html'
+              )
+            )
+          }
           if (
-            result.body.errorMessage ===
+            result?.body?.errorMessage ===
             'Unable to determine language for code artifact'
           ) {
+            console.log(result.body.errorMessage)
             console.log(
               'Try scanning again using --language param. ',
               i18n.__('scanOptionsLanguageSummary')
             )
           }
+          oraWrapper.stopSpinner(startScanSpinner)
+          console.log('Contrast Scan Finished')
           process.exit(1)
         }
       }
@@ -80,23 +101,16 @@ const returnScanResultsInstances = async (config, scanId) => {
   try {
     result = await client.getScanResultsInstances(config, scanId)
     if (JSON.stringify(result.statusCode) == 200) {
-      return result.body
+      return { body: result.body, statusCode: result.statusCode }
     }
-  } catch (e) {
-    console.log(e.message.toString())
-  }
-}
-const returnScanProjectById = async config => {
-  const client = commonApi.getHttpClient(config)
-  let result
-  try {
-    result = await client.getScanProjectById(config)
-    if (JSON.stringify(result.statusCode) == 200) {
-      return result.body
+    if (JSON.stringify(result.statusCode) == 503) {
+      return { statusCode: result.statusCode }
     }
   } catch (e) {
-    console.log(e.message.toString())
+    if (config.debug) {
+      console.log(e.message.toString())
+    }
   }
 }
@@ -104,6 +118,5 @@ module.exports = {
   getScanId: getScanId,
   returnScanResults: returnScanResults,
   pollScanResults: pollScanResults,
-  returnScanResultsInstances: returnScanResultsInstances,
-  returnScanProjectById: returnScanProjectById
+  returnScanResultsInstances: returnScanResultsInstances
 }