npm - @contrast/contrast - Versions diffs - 1.0.4 → 1.0.7 - Mend

@contrast/contrast 1.0.4 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (115) hide show

package/.prettierignore +0 -3
package/dist/audit/autodetection/autoDetectLanguage.js +32 -0
package/dist/audit/catalogueApplication/catalogueApplication.js +2 -11
package/dist/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +4 -2
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +2 -1
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +2 -1
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +2 -1
package/dist/audit/languageAnalysisEngine/languageAnalysisFactory.js +6 -2
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +39 -1
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +69 -30
package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js +24 -0
package/dist/audit/languageAnalysisEngine/report/models/reportSeverityModel.js +3 -1
package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js +13 -0
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +2 -2
package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js +56 -45
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +65 -17
package/dist/commands/audit/auditConfig.js +8 -2
package/dist/commands/audit/auditController.js +9 -3
package/dist/commands/audit/processAudit.js +1 -1
package/dist/commands/scan/processScan.js +7 -4
package/dist/commands/scan/sca/scaAnalysis.js +60 -0
package/dist/common/HTTPClient.js +50 -16
package/dist/common/errorHandling.js +11 -16
package/dist/common/versionChecker.js +1 -1
package/dist/constants/constants.js +24 -2
package/dist/constants/locales.js +31 -36
package/dist/constants.js +20 -0
package/dist/lambda/analytics.js +11 -0
package/dist/lambda/lambda.js +35 -4
package/dist/lambda/types.js +13 -0
package/dist/scaAnalysis/common/formatMessage.js +35 -0
package/dist/scaAnalysis/common/treeUpload.js +29 -0
package/dist/scaAnalysis/go/goAnalysis.js +17 -0
package/dist/scaAnalysis/go/goParseDeps.js +158 -0
package/dist/scaAnalysis/go/goReadDepFile.js +23 -0
package/dist/scaAnalysis/java/analysis.js +105 -0
package/dist/scaAnalysis/java/index.js +18 -0
package/dist/scaAnalysis/java/javaBuildDepsParser.js +339 -0
package/dist/scaAnalysis/python/analysis.js +41 -0
package/dist/scaAnalysis/python/index.js +10 -0
package/dist/scaAnalysis/ruby/analysis.js +226 -0
package/dist/scaAnalysis/ruby/index.js +10 -0
package/dist/scan/autoDetection.js +50 -1
package/dist/scan/fileUtils.js +80 -1
package/dist/scan/formatScanOutput.js +213 -0
package/dist/scan/help.js +3 -1
package/dist/scan/models/groupedResultsModel.js +2 -1
package/dist/scan/models/scanResultsModel.js +3 -1
package/dist/scan/populateProjectIdAndProjectName.js +2 -1
package/dist/scan/scan.js +6 -99
package/dist/scan/scanConfig.js +6 -1
package/dist/scan/scanController.js +26 -7
package/dist/scan/scanResults.js +20 -20
package/dist/utils/commonApi.js +4 -1
package/dist/utils/oraWrapper.js +5 -1
package/package.json +12 -7
package/src/audit/autodetection/autoDetectLanguage.ts +40 -0
package/src/audit/catalogueApplication/catalogueApplication.js +3 -16
package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +11 -8
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +2 -1
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +2 -1
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +2 -1
package/src/audit/languageAnalysisEngine/languageAnalysisFactory.js +17 -5
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +76 -3
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts +122 -40
package/src/audit/languageAnalysisEngine/report/models/reportLibraryModel.ts +3 -3
package/src/audit/languageAnalysisEngine/report/models/reportListModel.ts +15 -11
package/src/audit/languageAnalysisEngine/report/models/reportOutputModel.ts +29 -0
package/src/audit/languageAnalysisEngine/report/models/reportSeverityModel.ts +12 -3
package/src/audit/languageAnalysisEngine/report/models/severityCountModel.ts +16 -0
package/src/audit/languageAnalysisEngine/report/reportingFeature.ts +3 -3
package/src/audit/languageAnalysisEngine/report/utils/reportUtils.ts +87 -65
package/src/audit/languageAnalysisEngine/sendSnapshot.js +78 -25
package/src/commands/audit/auditConfig.ts +12 -3
package/src/commands/audit/auditController.ts +9 -3
package/src/commands/audit/processAudit.ts +4 -1
package/src/commands/scan/processScan.js +10 -4
package/src/commands/scan/sca/scaAnalysis.js +83 -0
package/src/common/HTTPClient.js +65 -25
package/src/common/errorHandling.ts +14 -22
package/src/common/versionChecker.ts +1 -1
package/src/constants/constants.js +24 -2
package/src/constants/locales.js +33 -50
package/src/constants.js +22 -0
package/src/lambda/analytics.ts +9 -0
package/src/lambda/arn.ts +2 -1
package/src/lambda/lambda.ts +37 -17
package/src/lambda/types.ts +35 -0
package/src/lambda/utils.ts +2 -7
package/src/scaAnalysis/common/formatMessage.js +38 -0
package/src/scaAnalysis/common/treeUpload.js +30 -0
package/src/scaAnalysis/go/goAnalysis.js +19 -0
package/src/scaAnalysis/go/goParseDeps.js +203 -0
package/src/scaAnalysis/go/goReadDepFile.js +32 -0
package/src/scaAnalysis/java/analysis.js +142 -0
package/src/scaAnalysis/java/index.js +21 -0
package/src/scaAnalysis/java/javaBuildDepsParser.js +404 -0
package/src/scaAnalysis/python/analysis.js +48 -0
package/src/scaAnalysis/python/index.js +11 -0
package/src/scaAnalysis/ruby/analysis.js +282 -0
package/src/scaAnalysis/ruby/index.js +11 -0
package/src/scan/autoDetection.js +58 -1
package/src/scan/fileUtils.js +99 -1
package/src/scan/formatScanOutput.ts +249 -0
package/src/scan/help.js +3 -1
package/src/scan/models/groupedResultsModel.ts +7 -5
package/src/scan/models/resultContentModel.ts +2 -2
package/src/scan/models/scanResultsModel.ts +5 -2
package/src/scan/populateProjectIdAndProjectName.js +3 -1
package/src/scan/scan.ts +8 -136
package/src/scan/scanConfig.js +5 -1
package/src/scan/scanController.js +30 -10
package/src/scan/scanResults.js +31 -18
package/src/utils/commonApi.js +4 -1
package/src/utils/oraWrapper.js +6 -1

package/dist/scan/scanResults.js CHANGED Viewed

@@ -4,6 +4,7 @@ const requestUtils = require('../../src/utils/requestUtils');
 const oraFunctions = require('../utils/oraWrapper');
 const _ = require('lodash');
 const i18n = require('i18n');
+const oraWrapper = require('../utils/oraWrapper');
 const getScanId = async (config, codeArtifactId, client) => {
     return client
         .getScanId(config, codeArtifactId)
@@ -25,9 +26,13 @@ const pollScanResults = async (config, scanId, client) => {
         console.log(err);
     });
 };
-const returnScanResults = async (config, codeArtifactId, timeout, startScanSpinner) => {
+const returnScanResults = async (config, codeArtifactId, newProject, timeout, startScanSpinner) => {
     const client = commonApi.getHttpClient(config);
     let scanId = await getScanId(config, codeArtifactId, client);
+    if (process.env.CODESEC_INVOCATION_ENVIRONMENT &&
+        process.env.CODESEC_INVOCATION_ENVIRONMENT.toUpperCase() === 'GITHUB') {
+        await client.createNewEvent(config, scanId, newProject);
+    }
     let startTime = new Date();
     let complete = false;
     if (!_.isNil(scanId)) {
@@ -40,12 +45,16 @@ const returnScanResults = async (config, codeArtifactId, timeout, startScanSpinn
                 }
                 if (result.body.status === 'FAILED') {
                     complete = true;
-                    oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan Failed.');
-                    console.log(result.body.errorMessage);
-                    if (result.body.errorMessage ===
+                    if (config.debug) {
+                        oraFunctions.failSpinner(startScanSpinner, i18n.__('scanNotCompleted', 'https://docs.contrastsecurity.com/en/binary-package-preparation.html'));
+                    }
+                    if (result?.body?.errorMessage ===
                         'Unable to determine language for code artifact') {
+                        console.log(result.body.errorMessage);
                         console.log('Try scanning again using --language param. ', i18n.__('scanOptionsLanguageSummary'));
                     }
+                    oraWrapper.stopSpinner(startScanSpinner);
+                    console.log('Contrast Scan Finished');
                     process.exit(1);
                 }
             }
@@ -64,30 +73,21 @@ const returnScanResultsInstances = async (config, scanId) => {
     try {
         result = await client.getScanResultsInstances(config, scanId);
         if (JSON.stringify(result.statusCode) == 200) {
-            return result.body;
+            return { body: result.body, statusCode: result.statusCode };
         }
-    }
-    catch (e) {
-        console.log(e.message.toString());
-    }
-};
-const returnScanProjectById = async (config) => {
-    const client = commonApi.getHttpClient(config);
-    let result;
-    try {
-        result = await client.getScanProjectById(config);
-        if (JSON.stringify(result.statusCode) == 200) {
-            return result.body;
+        if (JSON.stringify(result.statusCode) == 503) {
+            return { statusCode: result.statusCode };
         }
     }
     catch (e) {
-        console.log(e.message.toString());
+        if (config.debug) {
+            console.log(e.message.toString());
+        }
     }
 };
 module.exports = {
     getScanId: getScanId,
     returnScanResults: returnScanResults,
     pollScanResults: pollScanResults,
-    returnScanResultsInstances: returnScanResultsInstances,
-    returnScanProjectById: returnScanProjectById
+    returnScanResultsInstances: returnScanResultsInstances
 };

package/dist/utils/commonApi.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 const HttpClient = require('./../common/HTTPClient');
-const { badRequestError, unauthenticatedError, forbiddenError, proxyError, genericError } = require('../common/errorHandling');
+const { badRequestError, unauthenticatedError, forbiddenError, proxyError, genericError, maxAppError } = require('../common/errorHandling');
 const handleResponseErrors = (res, api) => {
     if (res.statusCode === 400) {
         api === 'catalogue' ? badRequestError(true) : badRequestError(false);
@@ -14,6 +14,9 @@ const handleResponseErrors = (res, api) => {
     else if (res.statusCode === 407) {
         proxyError();
     }
+    else if (res.statusCode === 412) {
+        maxAppError();
+    }
     else {
         genericError();
     }

package/dist/utils/oraWrapper.js CHANGED Viewed

@@ -6,6 +6,9 @@ const returnOra = text => {
 const startSpinner = spinner => {
     spinner.start();
 };
+const stopSpinner = spinner => {
+    spinner.stop();
+};
 const succeedSpinner = (spinner, text) => {
     spinner.succeed(text);
 };
@@ -16,5 +19,6 @@ module.exports = {
     returnOra,
     startSpinner,
     succeedSpinner,
-    failSpinner
+    failSpinner,
+    stopSpinner
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.4",
+  "version": "1.0.7",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {
@@ -24,8 +24,8 @@
     "test-int": "jest ./test-integration/",
     "test-int-scan": "jest ./test-integration/scan",
     "test-int-audit": "jest ./test-integration/audit",
-    "format": "prettier --write \"**/*.{ts,tsx,js,css,scss,json,md,yml}\" .eslintrc.* .babelrc",
-    "check-format": "prettier --check \"**/*.{ts,tsx,js,css,scss,json,md,yml}\" .eslintrc.* .babelrc",
+    "format": "prettier --write \"**/*.{ts,tsx,js,json,md,yml}\" .eslintrc.*",
+    "check-format": "prettier --check \"**/*.{ts,tsx,js,json,md,yml}\" .eslintrc.*",
     "coverage-local": "nyc --reporter=text mocha './test/**/*.spec.js'",
     "coverage": "yarn test --coverage",
     "lint": "eslint --config .eslintrc.json . --ext .ts",
@@ -45,6 +45,7 @@
     "bluebird": "^3.7.2",
     "boxen": "5.1.2",
     "chalk": "4.1.2",
+    "cli-table3": "^0.6.2",
     "command-line-args": "^5.2.1",
     "command-line-usage": "^6.1.3",
     "conf": "^10.1.2",
@@ -73,12 +74,13 @@
     "@types/i18n": "^0.13.2",
     "@types/jest": "^27.4.1",
     "@types/lodash": "^4.14.182",
+    "@types/node": "*",
     "@typescript-eslint/eslint-plugin": "^5.21.0",
     "@typescript-eslint/parser": "^5.21.0",
     "csv-writer": "^1.6.0",
     "eslint": "^8.14.0",
     "eslint-config-prettier": "^8.5.0",
-    "eslint-plugin-prettier": "^4.0.0",
+    "eslint-plugin-prettier": "^4.2.1",
     "husky": "^3.1.0",
     "jest": "^27.5.1",
     "jest-junit": "^13.2.0",
@@ -86,7 +88,7 @@
     "npm-license-crawler": "^0.2.1",
     "nyc": "^15.1.0",
     "pkg": "^5.6.0",
-    "prettier": "^1.19.1",
+    "prettier": "^2.7.1",
     "tmp": "^0.2.1",
     "ts-jest": "^27.1.4",
     "ts-node": "^10.7.0",
@@ -102,12 +104,15 @@
   ],
   "prettier": {
     "semi": false,
+    "trailingComma": "none",
+    "arrowParens": "avoid",
+    "bracketSpacing": true,
     "singleQuote": true,
+    "bracketSameLine": true,
     "overrides": [
       {
         "files": [
-          ".eslintrc.ng",
-          ".babelrc"
+          ".eslintrc"
         ],
         "options": {
           "parser": "json"

package/src/audit/autodetection/autoDetectLanguage.ts ADDED Viewed

@@ -0,0 +1,40 @@
+/* eslint-disable  @typescript-eslint/no-explicit-any */
+import i18n from 'i18n'
+import {
+  reduceIdentifiedLanguages,
+  deduceLanguage
+} from '../languageAnalysisEngine/reduceIdentifiedLanguages'
+import { getProjectRootFilenames } from '../languageAnalysisEngine/getProjectRootFilenames'
+export function identifyLanguages(config: any) {
+  const { projectPath } = config
+  const projectRootFilenames = getProjectRootFilenames(projectPath)
+  const identifiedLanguages = projectRootFilenames.reduce(
+    (accumulator: any, filename: string) => {
+      const deducedLanguages = deduceLanguage(filename)
+      return [...accumulator, ...deducedLanguages]
+    },
+    []
+  )
+  if (Object.keys(identifiedLanguages).length === 0) {
+    throw new Error(i18n.__('languageAnalysisNoLanguage', projectPath))
+  }
+  return reduceIdentifiedLanguages(identifiedLanguages)
+}
+export function determineProjectLanguage(
+  reducedLanguages: Record<string, string>
+) {
+  const reducedLanguagesKeys = Object.keys(reducedLanguages)
+  if (reducedLanguagesKeys.length === 1) {
+    return reducedLanguagesKeys[0]
+  } else {
+    throw new Error(
+      'Detected multiple languages. Please specify a single language using --language'
+    )
+  }
+}

package/src/audit/catalogueApplication/catalogueApplication.js CHANGED Viewed

@@ -1,21 +1,8 @@
 const i18n = require('i18n')
 const { getHttpClient, handleResponseErrors } = require('../../utils/commonApi')
-const locationOfApp = (config, appId) => {
-  return `${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${appId}`
-}
-const displaySuccessMessage = (config, appId) => {
-  console.log(
-    '\n **************************' +
-      i18n.__('successHeader') +
-      '************************** \n'
-  )
-  console.log('\n' + i18n.__('catalogueSuccessCommand') + appId + '\n')
-  console.log(locationOfApp(config, appId))
-  console.log(
-    '\n *********************************************************** \n'
-  )
+const displaySuccessMessage = () => {
+  console.log(i18n.__('catalogueSuccessCommand'))
 }
 const catalogueApplication = async config => {
@@ -25,7 +12,7 @@ const catalogueApplication = async config => {
     .catalogueCommand(config)
     .then(res => {
       if (res.statusCode === 201) {
-        displaySuccessMessage(config, res.body.application.app_id)
+        //displaySuccessMessage(config, res.body.application.app_id)
         appId = res.body.application.app_id
       } else {
         handleResponseErrors(res, 'catalogue')

package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js CHANGED Viewed

@@ -34,12 +34,13 @@ const formatKeyName = value => {
   return tempArr[0] + '/' + tempArr[1] + '@' + tempArr[versionIndex]
 }
-const shaveConsoleOutputUntilItFindsFirsDigraphMention = mvnDependancyTreeOutput => {
-  //shaves of the console output until it reaches the first digraph
-  return mvnDependancyTreeOutput.substring(
-    mvnDependancyTreeOutput.indexOf('digraph')
-  )
-}
+const shaveConsoleOutputUntilItFindsFirsDigraphMention =
+  mvnDependancyTreeOutput => {
+    //shaves of the console output until it reaches the first digraph
+    return mvnDependancyTreeOutput.substring(
+      mvnDependancyTreeOutput.indexOf('digraph')
+    )
+  }
 const getDigraphObjInfo = editedOutput => {
   //turns the output into an array of digraph information
@@ -211,10 +212,12 @@ const parseMvn = mvnDependancyTreeOutput => {
 }
 // testing purposes
-exports.shaveConsoleOutputUntilItFindsFirsDigraphMention = shaveConsoleOutputUntilItFindsFirsDigraphMention
+exports.shaveConsoleOutputUntilItFindsFirsDigraphMention =
+  shaveConsoleOutputUntilItFindsFirsDigraphMention
 exports.getDigraphObjInfo = getDigraphObjInfo
 exports.createDigraphObjKey = createDigraphObjKey
-exports.turnDigraphDependanciesIntoArrOfInnerDep = turnDigraphDependanciesIntoArrOfInnerDep
+exports.turnDigraphDependanciesIntoArrOfInnerDep =
+  turnDigraphDependanciesIntoArrOfInnerDep
 exports.hasVersion = hasVersion
 exports.formatKeyName = formatKeyName
 exports.createOuterDependanciesAndType = createOuterDependanciesAndType

package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js CHANGED Viewed

@@ -32,4 +32,5 @@ const checkForMultipleIdentifiedLanguages = identifiedLanguages => {
 }
 //For testing purposes
-exports.checkForMultipleIdentifiedLanguages = checkForMultipleIdentifiedLanguages
+exports.checkForMultipleIdentifiedLanguages =
+  checkForMultipleIdentifiedLanguages

package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js CHANGED Viewed

@@ -38,4 +38,5 @@ const checkForMultipleIdentifiedProjectFiles = identifiedLanguages => {
 }
 //For testing purposes
-exports.checkForMultipleIdentifiedProjectFiles = checkForMultipleIdentifiedProjectFiles
+exports.checkForMultipleIdentifiedProjectFiles =
+  checkForMultipleIdentifiedProjectFiles

package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js CHANGED Viewed

@@ -29,4 +29,5 @@ const checkIdentifiedLanguageHasProjectFile = identifiedLanguages => {
 }
 //For testing purposes
-exports.checkIdentifiedLanguageHasProjectFile = checkIdentifiedLanguageHasProjectFile
+exports.checkIdentifiedLanguageHasProjectFile =
+  checkIdentifiedLanguageHasProjectFile

package/src/audit/languageAnalysisEngine/languageAnalysisFactory.js CHANGED Viewed

@@ -15,6 +15,13 @@ const fs = require('fs')
 const chalk = require('chalk')
 const saveFile = require('../../commands/audit/saveFile').default
 const generateSbom = require('../../sbom/generateSbom').default
+const {
+  failSpinner,
+  returnOra,
+  startSpinner,
+  succeedSpinner
+} = require('../../utils/oraWrapper')
+const { pollForSnapshotCompletition } = require('./sendSnapshot')
 module.exports = exports = (err, analysis) => {
   const { identifiedLanguageInfo } = analysis.languageAnalysis
@@ -45,17 +52,22 @@ module.exports = exports = (err, analysis) => {
       return process.exit(5)
     }
-    console.log('\n **************CONTRAST OSS ANALYSIS BEGINS**************')
+    const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
+    startSpinner(reportSpinner)
     const snapshotResponse = await newSendSnapShot(analysis, catalogueAppId)
+    //poll for completion
+    const pollResult = await pollForSnapshotCompletition(
+      analysis.config,
+      snapshotResponse.id,
+      reportSpinner
+    )
+    succeedSpinner(reportSpinner, 'Contrast SCA analysis complete')
     await vulnerabilityReport(analysis, catalogueAppId, snapshotResponse.id)
     //should be moved to processAudit.ts once promises implemented
     await auditSave(config)
-    console.log(
-      '\n ***************CONTRAST OSS ANALYSIS COMPLETE************** \n'
-    )
   }
   if (identifiedLanguageInfo.language === DOTNET) {

package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js CHANGED Viewed

@@ -28,6 +28,79 @@ const isRubyLockFilename = filename => filename === 'Gemfile.lock'
 const isPipfileLockLockFilename = filename => filename === 'Pipfile.lock'
 const isGoProjectFilename = filename => filename === 'go.mod'
+const deduceLanguageScaAnalysis = filenames => {
+  const deducedLanguages = []
+  let language = ''
+  filenames.forEach(filename => {
+    // Check for project filenames...
+    if (isJavaMavenProjectFilename(filename)) {
+      deducedLanguages.push(filename)
+      language = JAVA
+    }
+    if (isJavaGradleProjectFilename(filename)) {
+      deducedLanguages.push(filename)
+      language = JAVA
+    }
+    if (isNodeProjectFilename(filename)) {
+      deducedLanguages.push(filename)
+      language = NODE
+    }
+    //
+    // if (isDotNetProjectFilename(filename)) {
+    //   deducedLanguages.push({language: DOTNET, projectFilename: filename})
+    // }
+    //
+    if (isRubyProjectFilename(filename)) {
+      deducedLanguages.push(filename)
+      language = RUBY
+    }
+    //
+    if (isPythonProjectFilename(filename)) {
+      deducedLanguages.push(filename)
+      language = PYTHON
+    }
+    //
+    // if (isPhpProjectFilename(filename)) {
+    //   deducedLanguages.push({language: PHP, projectFilename: filename})
+    // }
+    //
+    // // Check for lock filenames...
+    // if (isDotNetLockFilename(filename)) {
+    //   deducedLanguages.push({language: DOTNET, lockFilename: filename})
+    // }
+    //
+    if (isNodeLockFilename(filename)) {
+      deducedLanguages.push(filename)
+      language = NODE
+    }
+    //
+    // if (isRubyLockFilename(filename)) {
+    //   deducedLanguages.push({language: RUBY, lockFilename: filename})
+    // }
+    //
+    // // this is pipfileLock rather than python lock as there can be different python locks
+    // if (isPipfileLockLockFilename(filename)) {
+    //   deducedLanguages.push({language: PYTHON, lockFilename: filename})
+    // }
+    //
+    // if (isPhpLockFilename(filename)) {
+    //   deducedLanguages.push({language: PHP, lockFilename: filename})
+    // }
+    //
+    // go does not have a lockfile, it should have a go.mod file containing the modules
+    if (isGoProjectFilename(filename)) {
+      deducedLanguages.push({ language: GO, projectFilename: filename })
+      language = GO
+    }
+  })
+  let identifiedLanguages = { [language]: deducedLanguages }
+  return identifiedLanguages
+}
 const deduceLanguage = filename => {
   const deducedLanguages = []
@@ -136,9 +209,8 @@ module.exports = exports = (analysis, next) => {
   let language = config.language
   if (language === undefined) {
-    languageAnalysis.identifiedLanguages = reduceIdentifiedLanguages(
-      identifiedLanguages
-    )
+    languageAnalysis.identifiedLanguages =
+      reduceIdentifiedLanguages(identifiedLanguages)
   } else {
     let refinedIdentifiedLanguages = []
     for (let x in identifiedLanguages) {
@@ -175,3 +247,4 @@ exports.isPhpProjectFilename = isPhpProjectFilename
 exports.isPhpLockFilename = isPhpLockFilename
 exports.deduceLanguage = deduceLanguage
 exports.reduceIdentifiedLanguages = reduceIdentifiedLanguages
+exports.deduceLanguageScaAnalysis = deduceLanguageScaAnalysis

package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-import i18n from 'i18n'
 import { getHttpClient, handleResponseErrors } from '../../../utils/commonApi'
 import {
   ReportCompositeKey,
@@ -8,52 +7,42 @@ import {
 import { ReportSeverityModel } from './models/reportSeverityModel'
 import { orderBy } from 'lodash'
 import chalk from 'chalk'
-import { ReportLibraryModel } from './models/reportLibraryModel'
-import { findHighestSeverityCVE, findNameAndVersion } from './utils/reportUtils'
+import { ReportCVEModel, ReportLibraryModel } from './models/reportLibraryModel'
 import {
-  failSpinner,
-  returnOra,
-  startSpinner,
-  succeedSpinner
-} from '../../../utils/oraWrapper'
+  findCVESeveritiesAndOrderByHighestPriority,
+  findHighestSeverityCVE,
+  findNameAndVersion,
+  severityCountAllCVEs
+} from './utils/reportUtils'
+import { SeverityCountModel } from './models/severityCountModel'
+import {
+  ReportOutputBodyModel,
+  ReportOutputHeaderModel,
+  ReportOutputModel
+} from './models/reportOutputModel'
 export const createLibraryHeader = (
   id: string,
   numberOfVulnerableLibraries: number,
-  numberOfCves: number,
-  name: string
+  numberOfCves: number
 ) => {
-  name
-    ? console.log(`\n Application Name: ${name} | Application ID: ${id}`)
-    : console.log(` Application ID: ${id}`)
   numberOfVulnerableLibraries === 1
     ? console.log(
-        '\n **************************' +
-          ` Found 1 vulnerable library containing ${numberOfCves} CVE's` +
-          '************************** '
+        ` Found 1 vulnerable library containing ${numberOfCves} CVE's`
       )
     : console.log(
-        '\n **************************' +
-          ` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's ` +
-          '************************** '
+        ` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's `
       )
 }
 export const getReport = async (config: any, reportId: string) => {
   const client = getHttpClient(config)
-  const reportSpinner = returnOra(i18n.__('auditReportWaiting'))
-  reportSpinner.indent = 1
-  startSpinner(reportSpinner)
   return client
     .getReportById(config, reportId)
     .then((res: { statusCode: number; body: any }) => {
       if (res.statusCode === 200) {
-        succeedSpinner(reportSpinner, i18n.__('auditReportSuccessMessage'))
         return res.body
       } else {
-        failSpinner(reportSpinner, i18n.__('auditReportFail'))
         console.log('config-------------------')
         console.log(config)
         console.log('reportId----------------')
@@ -100,28 +89,121 @@ export const printFormattedOutput = (
     report.reportOutputList.push(newOutputModel)
   }
-  const orderedOutputList = orderBy(
+  const orderedOutputListLowestFirst = orderBy(
     report.reportOutputList,
-    reportListItem => reportListItem.compositeKey.highestSeverity.priority
+    reportListItem => reportListItem.compositeKey.highestSeverity.priority,
+    ['desc']
   )
-  for (const reportModel of orderedOutputList) {
-    const name = reportModel.compositeKey.libraryName
-    const version = reportModel.compositeKey.libraryVersion
-    const highestSeverity = reportModel.compositeKey.highestSeverity.severity
+  let contrastHeaderNumCounter = 0
+  for (const reportModel of orderedOutputListLowestFirst) {
+    contrastHeaderNumCounter++
+    const { libraryName, libraryVersion, highestSeverity } =
+      reportModel.compositeKey
     const numOfCVEs = reportModel.cveArray.length
-    const cveNames: string[] = []
+    const header = buildHeader(
+      highestSeverity,
+      contrastHeaderNumCounter,
+      libraryName,
+      libraryVersion,
+      numOfCVEs
+    )
-    reportModel.cveArray.forEach(cve => cveNames.push(cve.name as string))
+    const body = buildBody(reportModel.cveArray)
-    const boldHeader = chalk.bold(`${highestSeverity} | Vulnerable Library`)
-    const cvePluralised = numOfCVEs > 1 ? 'CVEs' : 'CVE'
+    const reportOutputModel = new ReportOutputModel(header, body)
     console.log(
-      `\n ${boldHeader} ${name} (${version}) has ${numOfCVEs} known ${cvePluralised}`
+      reportOutputModel.header.vulnMessage,
+      reportOutputModel.header.introducesMessage
+    )
+    console.log(reportOutputModel.body.issueMessage)
+    console.log(reportOutputModel.body.adviceMessage)
+  }
+}
+export function buildHeader(
+  highestSeverity: ReportSeverityModel,
+  contrastHeaderNum: number,
+  libraryName: string,
+  version: string,
+  numOfCVEs: number
+) {
+  const vulnerabilityPluralised =
+    numOfCVEs > 1 ? 'Vulnerabilities' : 'Vulnerability'
+  const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum)
+  const vulnMessage = chalk
+    .hex(highestSeverity.outputColour)
+    .bold(
+      `${formattedHeaderNum} - [${highestSeverity.severity}] ${libraryName}-${version}`
     )
-    console.log(` ${cveNames.join(', ')}`)
-    console.log(chalk.bold(' How to fix: Update to latest version'))
+  const introducesMessage = chalk.bold(
+    `introduces ${numOfCVEs} ${vulnerabilityPluralised}`
+  )
+  return new ReportOutputHeaderModel(vulnMessage, introducesMessage)
+}
+export function buildBody(cveArray: ReportCVEModel[]) {
+  const cveMessages: string[] = []
+  findCVESeveritiesAndOrderByHighestPriority(cveArray).forEach(
+    reportSeverityModel => {
+      // @ts-ignore
+      const { outputColour, severity, cveName } = reportSeverityModel
+      const severityShorthand = chalk
+        .hex(outputColour)
+        .bold(`[${severity.charAt(0).toUpperCase()}]`)
+      const builtMessage = `${severityShorthand} ${cveName}`
+      cveMessages.push(builtMessage)
+    }
+  )
+  const numAndSeverityType = getNumOfAndSeverityType(cveArray)
+  const issueMessage = ` ${chalk.bold(
+    'Issue'
+  )}  : ${numAndSeverityType} ${cveMessages.join(', ')}.`
+  const adviceMessage = ` ${chalk.bold('Advice')} : ${chalk.bold(
+    'Update to latest version'
+  )}.`
+  return new ReportOutputBodyModel(issueMessage, adviceMessage)
+}
+export function buildFormattedHeaderNum(contrastHeaderNum: number) {
+  let formattedHeaderNum
+  if (contrastHeaderNum < 10) {
+    formattedHeaderNum = `00${contrastHeaderNum}`
+  } else if (contrastHeaderNum >= 10 && contrastHeaderNum < 100) {
+    formattedHeaderNum = `0${contrastHeaderNum}`
+  } else if (contrastHeaderNum >= 100) {
+    formattedHeaderNum = contrastHeaderNum
   }
+  return `CONTRAST-${formattedHeaderNum}`
+}
+export function getNumOfAndSeverityType(cveArray: ReportCVEModel[]) {
+  const { critical, high, medium, low, note } = severityCountAllCVEs(
+    cveArray,
+    new SeverityCountModel()
+  )
+  const criticalMessage = critical > 0 ? `${critical} Critical` : ''
+  const highMessage = high > 0 ? `${high} High` : ''
+  const mediumMessage = medium > 0 ? `${medium} Medium` : ''
+  const lowMessage = low > 0 ? `${low} Low` : ''
+  const noteMessage = note > 0 ? `${note} Note` : ''
+  //removes/trims whitespace to single spaces
+  return `${criticalMessage} ${highMessage} ${mediumMessage} ${lowMessage} ${noteMessage}`
+    .replace(/\s+/g, ' ')
+    .trim()
 }