@contrast/contrast 1.0.4 → 1.0.7

package/dist/lambda/lambda.js

@@ -20,6 +20,8 @@ const utils_1 = require("./utils");
 const lambdaUtils_1 = require("./lambdaUtils");
 const requestUtils_1 = require("../utils/requestUtils");
 const oraWrapper_1 = __importDefault(require("../utils/oraWrapper"));
+const analytics_1 = require("./analytics");
+const types_1 = require("./types");
 const failedStates = [
     'UNSUPPORTED',
     'EXCLUDED',
@@ -57,9 +59,19 @@ const getLambdaOptions = (argv) => {
     }
 };
 const processLambda = async (argv) => {
+    let errorMsg;
+    let scanInfo;
+    const commandSessionId = Date.now().toString(36);
     try {
         const lambdaOptions = getLambdaOptions(argv);
         const { help } = lambdaOptions;
+        const startCommandAnalytics = {
+            arguments: lambdaOptions,
+            sessionId: commandSessionId,
+            eventType: types_1.EventType.START
+        };
+        (0, analytics_1.postAnalytics)(startCommandAnalytics).catch((error) => {
+        });
         if (help) {
             return handleLambdaHelp();
         }
@@ -68,17 +80,35 @@ const processLambda = async (argv) => {
             await getAvailableFunctions(lambdaOptions);
         }
         else {
-            await actualProcessLambda(lambdaOptions);
+            scanInfo = await actualProcessLambda(lambdaOptions);
         }
     }
     catch (error) {
         if (error instanceof cliError_1.CliError) {
-            console.error(error.getErrorMessage());
+            errorMsg = error.getErrorMessage();
         }
         else if (error instanceof Error) {
-            console.error(error.message);
+            errorMsg = error.message;
+        }
+    }
+    finally {
+        const endCommandAnalytics = {
+            sessionId: commandSessionId,
+            eventType: types_1.EventType.END,
+            status: errorMsg ? types_1.StatusType.FAILED : types_1.StatusType.SUCCESS
+        };
+        if (errorMsg) {
+            endCommandAnalytics.errorMsg = errorMsg;
+            console.error(errorMsg);
+        }
+        if (scanInfo) {
+            endCommandAnalytics.scanFunctionData = scanInfo;
+        }
+        await (0, analytics_1.postAnalytics)(endCommandAnalytics).catch((error) => {
+        });
+        if (errorMsg) {
+            process.exit(1);
         }
-        process.exit(1);
     }
 };
 exports.processLambda = processLambda;
@@ -127,6 +157,7 @@ const actualProcessLambda = async (lambdaOptions) => {
     if (results?.length) {
         (0, utils_1.printResults)(results);
     }
+    return { functionArn, scanId };
 };
 const validateRequiredLambdaParams = (options) => {
     if (options._unknown?.length) {

package/dist/lambda/types.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EventType = exports.StatusType = void 0;
+var StatusType;
+(function (StatusType) {
+    StatusType["FAILED"] = "failed";
+    StatusType["SUCCESS"] = "success";
+})(StatusType = exports.StatusType || (exports.StatusType = {}));
+var EventType;
+(function (EventType) {
+    EventType["START"] = "start_command_session";
+    EventType["END"] = "end_command_session";
+})(EventType = exports.EventType || (exports.EventType = {}));

package/dist/scaAnalysis/common/formatMessage.js

@@ -0,0 +1,35 @@
+"use strict";
+const createJavaTSMessage = javaTree => {
+    return {
+        java: {
+            mavenDependencyTrees: javaTree
+        }
+    };
+};
+const createGoTSMessage = goTree => {
+    return {
+        go: {
+            goDependencyTrees: goTree
+        }
+    };
+};
+const createRubyTSMessage = rubyTree => {
+    return {
+        ruby: {
+            rubyDependencyTrees: rubyTree
+        }
+    };
+};
+const createPythonTSMessage = pythonTree => {
+    return {
+        python: {
+            pythonDependencyTrees: pythonTree
+        }
+    };
+};
+module.exports = {
+    createJavaTSMessage,
+    createGoTSMessage,
+    createRubyTSMessage,
+    createPythonTSMessage
+};

package/dist/scaAnalysis/common/treeUpload.js

@@ -0,0 +1,29 @@
+"use strict";
+const { getHttpClient } = require('../../utils/commonApi');
+const { APP_VERSION } = require('../../constants/constants');
+const commonSendSnapShot = async (analysis, config) => {
+    const requestBody = {
+        appID: config.applicationId,
+        cliVersion: APP_VERSION,
+        snapshot: analysis
+    };
+    const client = getHttpClient(config);
+    return client
+        .sendSnapshot(requestBody, config)
+        .then(res => {
+        if (res.statusCode === 201) {
+            console.log('dependencies processed successfully');
+            return res.body;
+        }
+        else {
+            console.log(res.statusCode);
+            console.log('error processing dependencies');
+        }
+    })
+        .catch(err => {
+        console.log(err);
+    });
+};
+module.exports = {
+    commonSendSnapShot
+};

package/dist/scaAnalysis/go/goAnalysis.js

@@ -0,0 +1,17 @@
+"use strict";
+const { createGoTSMessage } = require('../common/formatMessage');
+const goReadDepFile = require('./goReadDepFile');
+const goParseDeps = require('./goParseDeps');
+const goAnalysis = (config, languageFiles) => {
+    try {
+        const rawGoDependencies = goReadDepFile.getGoDependencies(config);
+        const parsedGoDependencies = goParseDeps.parseGoDependencies(rawGoDependencies);
+        return createGoTSMessage(parsedGoDependencies);
+    }
+    catch (e) {
+        console.log(e.message.toString());
+    }
+};
+module.exports = {
+    goAnalysis
+};

package/dist/scaAnalysis/go/goParseDeps.js

@@ -0,0 +1,158 @@
+"use strict";
+const crypto = require('crypto');
+const parseGoDependencies = goDeps => {
+    return parseGo(goDeps);
+};
+const parseGo = modGraphOutput => {
+    let splitLines = splitAllLinesIntoArray(modGraphOutput);
+    const directDepNames = getDirectDepNames(splitLines);
+    const uniqueTransitiveDepNames = getAllUniqueTransitiveDepNames(splitLines, directDepNames);
+    let rootNodes = createRootNodes(splitLines);
+    createTransitiveDeps(uniqueTransitiveDepNames, splitLines, rootNodes);
+    return rootNodes;
+};
+const splitAllLinesIntoArray = modGraphOutput => {
+    return modGraphOutput.split(/\r\n|\r|\n/);
+};
+const getAllDepsOfADepAsEdge = (dep, deps) => {
+    let edges = {};
+    const depRows = deps.filter(line => {
+        return line.startsWith(dep);
+    });
+    depRows.forEach(dep => {
+        const edgeName = dep.split(' ')[1];
+        edges[edgeName] = edgeName;
+    });
+    return edges;
+};
+const getAllDepsOfADepAsName = (dep, deps) => {
+    let edges = [];
+    const depRows = deps.filter(line => {
+        return line.startsWith(dep);
+    });
+    depRows.forEach(dep => {
+        const edgeName = dep.split(' ')[1];
+        edges.push(edgeName);
+    });
+    return edges;
+};
+const createRootNodes = deps => {
+    let rootDep = {};
+    const rootDeps = getRootDeps(deps);
+    const edges = rootDeps.map(dep => {
+        return dep.split(' ')[1];
+    });
+    rootDep[rootDeps[0].split(' ')[0]] = {};
+    edges.forEach(edge => {
+        const splitEdge = edge.split('@');
+        const splitGroupName = splitEdge[0].split('/');
+        const name = splitGroupName.pop();
+        const lastSlash = splitEdge[0].lastIndexOf('/');
+        let group = splitEdge[0].substring(0, lastSlash);
+        const hash = getHash(splitEdge[0]);
+        group = checkGroupExists(group, name);
+        const edgesOfDep = getAllDepsOfADepAsEdge(edge, deps);
+        rootDep[rootDeps[0].split(' ')[0]][edge] = {
+            artifactID: name,
+            group: group,
+            version: splitEdge[1],
+            scope: '"compile',
+            type: 'direct',
+            hash: hash,
+            edges: edgesOfDep
+        };
+    });
+    return rootDep;
+};
+const getRootDeps = deps => {
+    const rootDeps = deps.filter(dep => {
+        const parentDep = dep.split(' ')[0];
+        if (parentDep.split('@v').length === 1) {
+            return dep;
+        }
+    });
+    return rootDeps;
+};
+const getHash = library => {
+    let shaSum = crypto.createHash('sha1');
+    shaSum.update(library);
+    return shaSum.digest('hex');
+};
+const getDirectDepNames = deps => {
+    const directDepNames = [];
+    deps.forEach(dep => {
+        const parentDep = dep.split(' ')[0];
+        if (parentDep.split('@v').length === 1) {
+            dep.split(' ')[1] !== undefined
+                ? directDepNames.push(dep.split(' ')[1])
+                : null;
+        }
+    });
+    return directDepNames;
+};
+const getAllUniqueTransitiveDepNames = (deps, directDepNames) => {
+    let uniqueDeps = [];
+    deps.forEach(dep => {
+        const parentDep = dep.split(' ')[0];
+        if (parentDep.split('@v').length !== 1) {
+            if (!directDepNames.includes(parentDep)) {
+                if (!uniqueDeps.includes(parentDep)) {
+                    parentDep.length > 1 ? uniqueDeps.push(parentDep) : null;
+                }
+            }
+        }
+    });
+    return uniqueDeps;
+};
+const checkGroupExists = (group, name) => {
+    if (group === null || group === '') {
+        return name;
+    }
+    return group;
+};
+const createTransitiveDeps = (transitiveDeps, splitLines, rootNodes) => {
+    transitiveDeps.forEach(dep => {
+        const splitEdge = dep.split('@');
+        const splitGroupName = splitEdge[0].split('/');
+        const name = splitGroupName.pop();
+        const lastSlash = splitEdge[0].lastIndexOf('/');
+        let group = splitEdge[0].substring(0, lastSlash);
+        const hash = getHash(splitEdge[0]);
+        group = checkGroupExists(group, name);
+        const transitiveDep = {
+            artifactID: name,
+            group: group,
+            version: splitEdge[1],
+            scope: 'compile',
+            type: 'transitive',
+            hash: hash,
+            edges: {}
+        };
+        const edges = getAllDepsOfADepAsEdge(dep, splitLines);
+        transitiveDep.edges = edges;
+        const edgesAsName = getAllDepsOfADepAsName(dep, splitLines);
+        edgesAsName.forEach(dep => {
+            const splitEdge = dep.split('@');
+            const splitGroupName = splitEdge[0].split('/');
+            const name = splitGroupName.pop();
+            const lastSlash = splitEdge[0].lastIndexOf('/');
+            let group = splitEdge[0].substring(0, lastSlash);
+            const hash = getHash(splitEdge[0]);
+            group = checkGroupExists(group, name);
+            const transitiveDep = {
+                artifactID: name,
+                group: group,
+                version: splitEdge[1],
+                scope: 'compile',
+                type: 'transitive',
+                hash: hash,
+                edges: {}
+            };
+            rootNodes[Object.keys(rootNodes)[0]][dep] = transitiveDep;
+        });
+        rootNodes[Object.keys(rootNodes)[0]][dep] = transitiveDep;
+    });
+};
+module.exports = {
+    parseGoDependencies
+};

package/dist/scaAnalysis/go/goReadDepFile.js

@@ -0,0 +1,23 @@
+"use strict";
+const child_process = require('child_process');
+const i18n = require('i18n');
+const getGoDependencies = config => {
+    let cmdStdout;
+    let cwd = config.projectPath
+        ? config.projectPath.replace('go.mod', '')
+        : process.cwd();
+    try {
+        cmdStdout = child_process.execSync('go mod graph', { cwd });
+        return cmdStdout.toString();
+    }
+    catch (err) {
+        if (err.message === 'spawnSync /bin/sh ENOENT') {
+            err.message =
+                '\n\n*************** No transitive dependencies ***************\n\nWe are unable to build a dependency tree view from your repository as there were no transitive dependencies found.';
+        }
+        console.log(i18n.__('goReadProjectFile', cwd, `${err.message ? err.message : ''}`));
+    }
+};
+module.exports = {
+    getGoDependencies
+};

package/dist/scaAnalysis/java/analysis.js

@@ -0,0 +1,105 @@
+"use strict";
+const child_process = require('child_process');
+const path = require('path');
+const i18n = require('i18n');
+const fs = require('fs');
+const MAVEN = 'maven';
+const GRADLE = 'gradle';
+const determineProjectTypeAndCwd = (files, projectPath) => {
+    const projectData = {};
+    if (files[0].includes('pom.xml')) {
+        projectData.projectType = MAVEN;
+    }
+    else if (files[0].includes('build.gradle')) {
+        projectData.projectType = GRADLE;
+    }
+    projectData.cwd = projectPath
+        ? projectPath.replace('pom.xml', '').replace('build.gradle', '')
+        : projectPath;
+    return projectData;
+};
+const buildMaven = (config, projectData, timeout) => {
+    let cmdStdout;
+    let mvn_settings = '';
+    try {
+        if (config.mavenSettingsPath) {
+            mvn_settings = ' -s ' + config.mavenSettingsPath;
+        }
+        cmdStdout = child_process.execSync('mvn dependency:tree -B' + mvn_settings, {
+            cwd: projectData.cwd,
+            timeout
+        });
+        return cmdStdout.toString();
+    }
+    catch (err) {
+        throw new Error(i18n.__('mavenDependencyTreeNonZero', projectData.cwd, `${err.message}`));
+    }
+};
+const buildGradle = (config, projectData, timeout) => {
+    let cmdStdout;
+    let output = {};
+    try {
+        if (config.subProject) {
+            cmdStdout = child_process.execSync('.' +
+                path.sep +
+                'gradlew :' +
+                config.subProject +
+                ':dependencies --configuration runtimeClasspath', {
+                cwd: projectData.cwd,
+                timeout
+            });
+        }
+        else {
+            cmdStdout = child_process.execSync('.' +
+                path.sep +
+                'gradlew dependencies --configuration runtimeClasspath', {
+                cwd: projectData.cwd,
+                timeout
+            });
+        }
+        if (cmdStdout
+            .toString()
+            .includes("runtimeClasspath - Runtime classpath of source set 'main'.\n" +
+            'No dependencies')) {
+            cmdStdout = child_process.execSync('.' + path.sep + 'gradlew dependencies', {
+                cwd: projectData.cwd,
+                timeout
+            });
+        }
+        output = cmdStdout.toString();
+        return output;
+    }
+    catch (err) {
+        if (fs.existsSync(projectData.cwd + 'gradlew') ||
+            fs.existsSync(projectData.cwd + 'gradlew.bat')) {
+            throw new Error(i18n.__('gradleDependencyTreeNonZero', projectData.cwd, `${err.message}`));
+        }
+        else {
+            throw new Error(i18n.__('gradleWrapperUnavailable', projectData.cwd, `${err.message}`));
+        }
+    }
+};
+const getJavaBuildDeps = (config, files) => {
+    const timeout = 960000;
+    let output = {
+        mvnDependancyTreeOutput: undefined,
+        projectType: undefined
+    };
+    try {
+        const projectData = determineProjectTypeAndCwd(files, config.projectPath);
+        if (projectData.projectType === MAVEN) {
+            output.mvnDependancyTreeOutput = buildMaven(config, projectData, timeout);
+        }
+        else if (projectData.projectType === GRADLE) {
+            output.mvnDependancyTreeOutput = buildGradle(config, projectData, timeout);
+        }
+        output.projectType = projectData.projectType;
+        return output;
+    }
+    catch (err) {
+        console.log(err.message.toString());
+    }
+};
+module.exports = {
+    getJavaBuildDeps
+};

package/dist/scaAnalysis/java/index.js

@@ -0,0 +1,18 @@
+"use strict";
+const analysis = require('./analysis');
+const { parseBuildDeps } = require('./javaBuildDepsParser');
+const { createJavaTSMessage } = require('../common/formatMessage');
+const javaAnalysis = (config, languageFiles) => {
+    languageFiles.JAVA.forEach(file => {
+        file.replace('build.gradle.kts', 'build.gradle');
+    });
+    const javaDeps = buildJavaTree(config, languageFiles.JAVA);
+    return createJavaTSMessage(javaDeps);
+};
+const buildJavaTree = (config, files) => {
+    const javaBuildDeps = analysis.getJavaBuildDeps(config, files);
+    return parseBuildDeps(config, javaBuildDeps);
+};
+module.exports = {
+    javaAnalysis
+};