@contrast/contrast 1.0.4 → 1.0.7

package/src/common/HTTPClient.js

@@ -22,7 +22,8 @@ function HTTPClient(config) {
       Authorization: authToken,
       'API-Key': apiKey,
       SuperAuthorization: superAuthToken,
-      'Super-API-Key': superApiKey
+      'Super-API-Key': superApiKey,
+      'User-Agent': 'contrast-cli-v2'
     }
   }
 
@@ -33,7 +34,7 @@ function HTTPClient(config) {
   this.maybeAddCertsToRequest(config)
 }
 
-HTTPClient.prototype.maybeAddCertsToRequest = function(config) {
+HTTPClient.prototype.maybeAddCertsToRequest = function (config) {
   // cacert
   const caCertFilePath = config.cacert
   if (caCertFilePath) {
@@ -91,13 +92,30 @@ HTTPClient.prototype.getSpecificScanResult = function getSpecificScanResult(
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
-HTTPClient.prototype.getSpecificScanResultSarif = function getSpecificScanResultSarif(
+HTTPClient.prototype.getSpecificScanResultSarif =
+  function getSpecificScanResultSarif(config, scanId) {
+    const options = _.cloneDeep(this.requestOptions)
+    options.url = createRawOutputURL(config, scanId)
+    return requestUtils.sendRequest({ method: 'get', options })
+  }
+
+HTTPClient.prototype.createNewEvent = function createNewEvent(
   config,
-  scanId
+  scanId,
+  newProject
 ) {
   const options = _.cloneDeep(this.requestOptions)
-  options.url = createRawOutputURL(config, scanId)
-  return requestUtils.sendRequest({ method: 'get', options })
+  options.url = createEventCollectorURL(config, scanId)
+
+  options.body = {
+    eventSource: process.env.CODESEC_INVOCATION_ENVIRONMENT,
+    trackingProperties: {
+      projectNameSource: config.projectNameSource,
+      waitedForResults: !config.ff,
+      newProject
+    }
+  }
+  return requestUtils.sendRequest({ method: 'post', options })
 }
 
 HTTPClient.prototype.getScanId = function getScanId(config, codeArtifactId) {
@@ -190,9 +208,6 @@ HTTPClient.prototype.catalogueCommand = function catalogueCommand(config) {
 }
 
 HTTPClient.prototype.sendSnapshot = function sendSnapshot(requestBody, config) {
-  if (config.language.toUpperCase() === 'RUBY') {
-    console.log('sendSnapshot requestBody', requestBody.snapshot.ruby)
-  }
   const options = _.cloneDeep(this.requestOptions)
   let url = createSnapshotURL(config)
   options.url = url
@@ -210,17 +225,24 @@ HTTPClient.prototype.getReportById = function getReportById(config, reportId) {
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
-HTTPClient.prototype.getLibraryVulnerabilities = function getLibraryVulnerabilities(
+HTTPClient.prototype.getReportStatusById = function getReportStatusById(
   config,
-  requestBody
+  snapshotId
 ) {
   const options = _.cloneDeep(this.requestOptions)
-  options.url = createLibraryVulnerabilitiesUrl(config)
-  options.body = requestBody
-
-  return requestUtils.sendRequest({ method: 'put', options })
+  options.url = createSpecificReportStatusURL(config, snapshotId)
+  return requestUtils.sendRequest({ method: 'get', options })
 }
 
+HTTPClient.prototype.getLibraryVulnerabilities =
+  function getLibraryVulnerabilities(config, requestBody) {
+    const options = _.cloneDeep(this.requestOptions)
+    options.url = createLibraryVulnerabilitiesUrl(config)
+    options.body = requestBody
+
+    return requestUtils.sendRequest({ method: 'put', options })
+  }
+
 HTTPClient.prototype.getAppId = function getAppId(config) {
   const options = _.cloneDeep(this.requestOptions)
   let url = createAppNameUrl(config)
@@ -295,17 +317,13 @@ HTTPClient.prototype.getScanResources = async function getScanResources(
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
-HTTPClient.prototype.getFunctionScanResults = async function getFunctionScanResults(
-  config,
-  params,
-  scanId,
-  functionArn
-) {
-  const url = createScanResultsGetUrl(config, params, scanId, functionArn)
-  const options = { ...this.requestOptions, url }
+HTTPClient.prototype.getFunctionScanResults =
+  async function getFunctionScanResults(config, params, scanId, functionArn) {
+    const url = createScanResultsGetUrl(config, params, scanId, functionArn)
+    const options = { ...this.requestOptions, url }
 
-  return requestUtils.sendRequest({ method: 'get', options })
-}
+    return requestUtils.sendRequest({ method: 'get', options })
+  }
 
 HTTPClient.prototype.checkLibrary = function checkLibrary(data) {
   const options = _.cloneDeep(this.requestOptions)
@@ -321,6 +339,20 @@ HTTPClient.prototype.getSbom = function getSbom(config) {
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
+// analytics
+
+HTTPClient.prototype.postAnalyticsFunction = function (config, provider, body) {
+  const url = createAnalyticsFunctionPostUrl(config, provider)
+  const options = { ...this.requestOptions, body, url }
+
+  return requestUtils.sendRequest({ method: 'post', options })
+}
+
+const createAnalyticsFunctionPostUrl = (config, provider) => {
+  const url = getServerlessHost(config)
+  return `${url}/organizations/${config.organizationId}/providers/${provider}/analytics`
+}
+
 // scan
 const createGetScanIdURL = config => {
   return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/`
@@ -350,6 +382,10 @@ function createScanProjectUrl(config) {
   return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}`
 }
 
+const createEventCollectorURL = (config, scanId) => {
+  return `${config.host}/Contrast/api/sast/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/events`
+}
+
 const createGlobalPropertiesUrl = protocol => {
   return `${protocol}/Contrast/api/ng/global/properties`
 }
@@ -384,6 +420,10 @@ function createSpecificReportWithProdUrl(config, reportId) {
   )
 }
 
+function createSpecificReportStatusURL(config, reportId) {
+  return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots/${reportId}/status`
+}
+
 function createDataUrl() {
   return `https://ardy.contrastsecurity.com/production`
 }

package/src/common/errorHandling.ts

@@ -27,30 +27,15 @@ const libraryAnalysisError = () => {
 }
 
 const snapshotFailureError = () => {
-  console.log(
-    '\n ******************************** ' +
-      i18n.__('snapshotFailureHeader') +
-      ' *********************************\n' +
-      i18n.__('snapshotFailureMessage')
-  )
+  console.log(i18n.__('snapshotFailureMessage'))
 }
 
 const vulnerabilitiesFailureError = () => {
-  console.log(
-    '\n ******************************** ' +
-      i18n.__('snapshotFailureHeader') +
-      ' *********************************\n' +
-      i18n.__('vulnerabilitiesFailureMessage')
-  )
+  console.log(i18n.__('vulnerabilitiesFailureMessage'))
 }
 
 const reportFailureError = () => {
-  console.log(
-    '\n ******************************** ' +
-      i18n.__('snapshotFailureHeader') +
-      ' *********************************\n' +
-      i18n.__('reportFailureMessage')
-  )
+  console.log(i18n.__('auditReportFailureMessage'))
 }
 
 const genericError = (missingCliOption: string) => {
@@ -79,8 +64,12 @@ const proxyError = () => {
   generalError('proxyErrorHeader', 'proxyErrorMessage')
 }
 
-const hostWarningError = () => {
-  console.log(i18n.__('snapshotHostMessage'))
+const maxAppError = () => {
+  generalError(
+    'No applications remaining',
+    'You have reached the maximum number of application you can create.'
+  )
+  process.exit(1)
 }
 
 const failOptionError = () => {
@@ -152,10 +141,13 @@ export {
   forbiddenError,
   proxyError,
   failOptionError,
-  hostWarningError,
   generalError,
   getErrorMessage,
   handleResponseErrors,
   libraryAnalysisError,
-  findCommandOnError
+  findCommandOnError,
+  snapshotFailureError,
+  vulnerabilitiesFailureError,
+  reportFailureError,
+  maxAppError
 }

package/src/common/versionChecker.ts

@@ -37,5 +37,5 @@ export async function findLatestCLIVersion(updateMessageHidden: boolean) {
 }
 
 export async function isCorrectNodeVersion(currentVersion: string) {
-  return semver.satisfies(currentVersion, '>=16.13.2 <17')
+  return semver.satisfies(currentVersion, '>=16')
 }

package/src/constants/constants.js

@@ -13,12 +13,23 @@ const MEDIUM = 'MEDIUM'
 const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.4'
+const APP_VERSION = '1.0.7'
 const TIMEOUT = 120000
+const HIGH_COLOUR = '#ff9900'
+const CRITICAL_COLOUR = '#e35858'
+const MEDIUM_COLOUR = '#f1c232'
+const LOW_COLOUR = '#b7b7b7'
+const NOTE_COLOUR = '#999999'
+const CRITICAL_PRIORITY = 1
+const HIGH_PRIORITY = 2
+const MEDIUM_PRIORITY = 3
+const LOW_PRIORITY = 4
+const NOTE_PRIORITY = 5
 
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com'
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com'
 const SARIF_FILE = 'SARIF'
+const CE_URL = 'https://ce.contrastsecurity.com/'
 
 module.exports = {
   supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
@@ -31,5 +42,16 @@ module.exports = {
   TIMEOUT,
   AUTH_UI_URL,
   AUTH_CALLBACK_URL,
-  SARIF_FILE
+  SARIF_FILE,
+  HIGH_COLOUR,
+  CRITICAL_COLOUR,
+  MEDIUM_COLOUR,
+  LOW_COLOUR,
+  NOTE_COLOUR,
+  CE_URL,
+  CRITICAL_PRIORITY,
+  HIGH_PRIORITY,
+  MEDIUM_PRIORITY,
+  LOW_PRIORITY,
+  NOTE_PRIORITY
 }

package/src/constants/locales.js

@@ -5,46 +5,29 @@ const en_locales = () => {
   return {
     successHeader: 'SUCCESS',
     snapshotSuccessMessage:
-      ' Please go to the Contrast UI to view your dependency tree.',
+      'Please go to the Contrast UI to view your dependency tree.',
     snapshotFailureHeader: 'FAIL',
-    snapshotFailureMessage:
-      ' Unable to send library analysis to your Contrast UI.',
+    snapshotFailureMessage: 'Library analysis failed',
     snapshotHostMessage:
-      " No host supplied. Using default host 'app.contrastsecurity.com'. Please ensure this is correct.",
-    vulnerabilitiesSuccessMessage: ' Vulnerability data successfully retrieved',
-    vulnerabilitiesFailureMessage:
-      ' Unable to retrieve library vulnerabilities from Team Server.',
+      "No host supplied. Using default host 'app.contrastsecurity.com'. Please ensure this is correct.",
+    vulnerabilitiesSuccessMessage: 'Vulnerability data successfully retrieved',
+    vulnerabilitiesFailureMessage: 'Unable to retrieve library vulnerabilities',
     catchErrorMessage: 'Contrast UI error: ',
     dependenciesNote:
       'Please Note: We currently only support projects with one .csproj AND *.package.lock.json',
-    languageAnalysisFailureMessage: 'LANGUAGE ANALYSIS FAILED',
+    languageAnalysisFailureMessage: 'SCA Analysis Failure',
     languageAnalysisFactoryFailureHeader: 'FAIL',
-    projectPathParameter:
-      'Please set the %s to locate the source code for the project',
-    apiKeyParameter: 'Please set the %s to connect to the Contrast UI',
-    applicationNameParameter:
-      'Please provide a value for %s, to appear in the Contrast UI',
-    languageParameter:
-      'Please set the %s to the language of the source project. Allowable values are JAVA, DOTNET, NODE, PYTHON and RUBY.',
-    hostParameter:
-      'Please set the %s to the hostname and (optionally) the port expressed as <host>:<port> of the Contrast UI',
-    organizationIdParameter:
-      'Please set the %s to correctly identify your organization within the Contrast UI',
-    authorizationParameter:
-      'Please set the %s to your authorization header, found in the Contrast UI',
-    applicationIdParameter:
-      'Please set the %s to the value provided within the Contrast UI for the target application',
     libraryAnalysisError:
-      'Please ensure the language parameter is set in accordance to the language specified on the project path.\nThe Contrast-CLI must be run in the same directory as the project manifest file OR the project_path parameter must be used to identify the directory containing the project manifest file.\n\nFor further information please read our usage guide, which can be accessed with the following command:\n\ncontrast-cli --help',
+      'Please ensure the language parameter is set in accordance to the language specified on the project path.\nContrast CLI must be run in the same directory as the project manifest file OR the project_path parameter must be used to identify the directory containing the project manifest file.\n\nFor further information please read our usage guide, which can be accessed with the following command:\n\ncontrast-cli --help',
     yamlMissingParametersHeader: 'Missing Parameters',
     yamlMissingParametersMessage:
-      'The following parameters are required: \n \norganization_id \napi_key \nauthorization \nhost \napplication_name or application_id \nlanguage \n \nThey must be specified as a command line argument or within the yaml file. \nFor further information please read our usage guide, which can be accessed with the following command:\ncontrast-cli --help',
+      'The following parameters are required: \n \norganization-id \napi-key \nauthorization \nhost \nlanguage \n \nThey must be specified as a command line argument. \nFor further information please read our usage guide, which can be accessed with the following command:\ncontrast audit --help',
     unauthenticatedErrorHeader: '401 error - Unauthenticated',
     unauthenticatedErrorMessage:
-      'Please check the following keys are correct:\n--organization_id, --api_key or --authorization',
+      'Please check the following keys are correct:\n--organization-id, --api-key or --authorization',
     badRequestErrorHeader: '400 error - Bad Request',
     badRequestErrorMessage:
-      'Please check the following key is correct: \n--application_id',
+      'Please check the following key is correct: \n--application-id',
     badRequestCatalogueErrorMessage:
       'The application name already exists, please use a unique name',
     forbiddenRequestErrorHeader: '403 error - Forbidden',
@@ -53,15 +36,7 @@ const en_locales = () => {
     proxyErrorHeader: '407 error - Proxy Authentication Required',
     proxyErrorMessage:
       'Please provide valid authentication credentials for the proxy server.',
-    downgradeHttpsHttp:
-      'Connection to ContrastUI using https failed.  Attempting to connect using http...',
-    setSpecifiedParameter: 'Please set the %s ',
-    catalogueFailureCommand:
-      'Failed to catalogue a new application for reason: ',
-    catalogueFailureHostCommand:
-      'Failed to catalogue a new application, please ensure you have the correct host and authentication. Error: ',
-    catalogueSuccessCommand:
-      'This application ID can now be used to send dependency data to Contrast: ',
+    catalogueSuccessCommand: 'Application Created',
     dotnetAnalysisFailure: '.NET analysis failed because: ',
     dotnetReadLockfile: 'Failed to read the lock file @ %s because: ',
     dotnetParseLockfile: "Failed to parse .NET lock file @ '%s' because: ",
@@ -129,12 +104,10 @@ const en_locales = () => {
     constantsOptionalForCatalogue: '(optional for catalogue)',
     constantsRequired: '(required)',
     constantsRequiredCatalogue: '(required for catalogue)',
-    constantsYamlPath:
-      'If you want to read params from the yaml file then enter the path to the file',
     constantsApiKey: 'An agent API key as provided by Contrast UI',
     constantsAuthorization:
-      'An agent Authorization credentials as provided by Contrast UI',
-    constantsOrganizationId: 'The ID of your organization in Contrast UI',
+      'Authorization credentials as provided by Contrast UI',
+    constantsOrganizationId: 'The ID of your organization',
     constantsApplicationId:
       'The ID of the application cataloged by Contrast UI',
     constantsHostId:
@@ -173,7 +146,7 @@ const en_locales = () => {
     constantsHeader: 'CodeSec by Contrast Security',
     constantsPrerequisitesContentScanLanguages: 'Java & JavaScript supported',
     constantsContrastContent:
-      'Use the Contrast CLI to run a scan (Java, JavaScript and .NET ) or lambda command (Java and Python) to find your vulnerabilities and start securing your code.',
+      "Use the 'contrast' command for fast and accurate security analysis of your applications and APIs (Java, JavaScript and .NET ) as well as serverless functions (AWS lambda, Java and Python).",
     constantsUsageGuideContentRecommendation:
       'Our recommendation is that this is invoked as part of a CI pipeline so that running the cli is automated as part of your build process.',
     constantsPrerequisitesHeader: 'Pre-requisites',
@@ -253,17 +226,17 @@ const en_locales = () => {
     goAnalysisError: 'GO analysis failed because: ',
     goParseProjectFile: 'Failed to parse go mod graph output because: ',
     mavenNotInstalledError:
-      " 'mvn' is not available. Please ensure you have Maven installed and available on your path.",
+      "'mvn' is not available. Please ensure you have Maven installed and available on your path.",
     mavenDependencyTreeNonZero:
       'Building maven dependancy tree failed with a non 0 exit code',
     gradleWrapperUnavailable:
-      ' Gradle wrapper not found in root of project. Please ensure gradlew or gradlew.bat is in root of the project.',
+      'Gradle wrapper not found in root of project. Please ensure gradlew or gradlew.bat is in root of the project.',
     gradleDependencyTreeNonZero:
       "Building gradle dependancy tree failed with a non 0 exit code. \n Please check you have the correct version of Java installed to compile your project? \n If running against a muti module project ensure you are using the '--sub-project' flag",
     yamlPathCamelCaseError:
-      ' Warning: The "yamlPath" parameter will be deprecated in a future release. Please look at our documentation for further guidance.',
+      'Warning: The "yamlPath" parameter will be deprecated in a future release. Please look at our documentation for further guidance.',
     constantsSbom:
-      ' Generate the Software Bill of Materials (SBOM) for the given application',
+      'Generate the Software Bill of Materials (SBOM) for the given application',
     constantsMetadata:
       'Define a set of key=value pairs (which conforms to RFC 2253) for specifying user-defined metadata associated with the application.',
     constantsTags:
@@ -271,8 +244,8 @@ const en_locales = () => {
     constantsCode:
       'Add the application code this application should use in the Contrast UI',
     constantsIgnoreCertErrors:
-      ' For EOP users with a local Teamserver install, this will bypass the SSL certificate and recognise a self signed certificate.',
-    constantsSave: ' Saves the Scan Results SARIF to file.',
+      'For EOP users with a local Teamserver install, this will bypass the SSL certificate and recognise a self signed certificate.',
+    constantsSave: 'Saves the Scan Results SARIF to file.',
     scanLabel:
       "adds a label to the scan - defaults to 'Started by CLI tool at current date'",
     constantsIgnoreDev:
@@ -291,9 +264,10 @@ const en_locales = () => {
     responseMessage: 'Response: %s',
     searchingDirectoryScan: 'Searched 3 directory levels & found: ',
     noFileFoundScan:
-      "We could't find a suitable file in your directories (we go 3 deep)",
+      "We couldn't find a suitable file in your directories (we go 3 deep)",
     specifyFileScanError:
       'Java Scan requires a .war or .jar file. Javascript Scan requires a .js or .zip file.\nTo start a Scan enter "contrast scan -f <path-to-file>"',
+    specifyFileAuditNotFound: 'No files found for library analysis',
     populateProjectIdMessage: 'project ID is %s',
     genericServiceError: 'returned with status code %s',
     projectIdError: 'Your project ID is %s please check this is correct',
@@ -342,6 +316,8 @@ const en_locales = () => {
     requiredParams: 'All required parameters are not present.',
     timeoutScan: 'Timeout set to 5 minutes.',
     searchingScanFileDirectory: 'Searching for file to scan from %s...',
+    searchingAuditFileDirectory:
+      'Searching for package manager files from %s...',
     scanHeader: 'Contrast Scan CLI',
     authHeader: 'Auth',
     lambdaHeader: 'Contrast Lambda CLI',
@@ -380,6 +356,7 @@ const en_locales = () => {
     scanZipError:
       'A .zip archive can be used for Javascript Scan. Archive found %s does not contain .JS files for Scan.',
     fileNotExist: 'File specified does not exist, please check and try again.',
+    scanFileIsEmpty: 'File specified is empty. Please choose another.',
     fileHasWhiteSpacesError:
       'File cannot have spaces, please rename or choose another file to Scan.',
     zipFileException: 'Error reading zip file',
@@ -417,7 +394,12 @@ const en_locales = () => {
     auditOptionsSave: '-s, --save',
     auditOptionsSaveDescription:
       'saves the output in specified format Txt text, sbom',
+    scanNotCompleted:
+      'Scan not completed. Check for framework and language support here: %s',
+    auditNotCompleted: 'audit not completed.  Please try again',
     scanNoVulnerabilitiesFound: '👏 No vulnerabilities found',
+    scanNoVulnerabilitiesFoundSecureCode: '👍 Your code looks secure.',
+    scanNoVulnerabilitiesFoundGoodWork: '👏 Keep up the good work.',
     scanNoFiletypeSpecifiedForSave:
       'Please specify file type to save results to, accepted value is SARIF',
     auditSBOMSaveSuccess:
@@ -430,8 +412,9 @@ const en_locales = () => {
     )}`,
     auditReportWaiting: 'Waiting for report...',
     auditReportFail: 'Report Retrieval Failed, please try again',
-    auditReportSuccessMessage: ' Report successfully retrieved',
-    auditReportFailureMessage: ' Unable to generate library report.',
+    auditReportSuccessMessage: 'Report successfully retrieved',
+    auditReportFailureMessage: 'Unable to generate library report',
+    auditSCAAnalysisBegins: 'Contrast SCA analysis begins',
     ...lambda
   }
 }

package/src/constants.js

@@ -47,6 +47,15 @@ const scanOptionDefinitions = [
       '}: ' +
       i18n.__('constantsProjectId')
   },
+  {
+    name: 'project-path',
+    alias: 'i',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProjectPath')
+  },
   {
     name: 'timeout',
     alias: 't',
@@ -146,6 +155,19 @@ const scanOptionDefinitions = [
     name: 'debug',
     alias: 'd',
     type: Boolean
+  },
+  {
+    name: 'experimental',
+    alias: 'e',
+    type: Boolean
+  },
+  {
+    name: 'application-name',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsApplicationName')
   }
 ]
 

package/src/lambda/analytics.ts

@@ -0,0 +1,9 @@
+import { getHttpClient } from '../utils/commonApi'
+import { getAuth } from '../utils/paramsUtil/paramHandler'
+import { AnalyticsOption } from './types'
+
+export const postAnalytics = (data: AnalyticsOption, provider = 'aws') => {
+  const config = getAuth()
+  const client = getHttpClient(config)
+  return client.postAnalyticsFunction(config, provider, data)
+}

package/src/lambda/arn.ts

@@ -10,7 +10,8 @@ type ARN = {
   resourceId?: string
 }
 
-const ARN_REGEX = /arn:(?<partition>[^:\n]*):(?<service>[^:\n]*):(?<region>[^:\n]*):(?<accountId>[^:\n]*):(?<ignore>(?<resource>[^:/\n]*)[:/])?(?<resourceId>.*)/
+const ARN_REGEX =
+  /arn:(?<partition>[^:\n]*):(?<service>[^:\n]*):(?<region>[^:\n]*):(?<accountId>[^:\n]*):(?<ignore>(?<resource>[^:/\n]*)[:/])?(?<resourceId>.*)/
 
 const parseARN = (arn: string | undefined) => {
   if (!arn) {

package/src/lambda/lambda.ts

@@ -14,18 +14,8 @@ import { printResults } from './utils'
 import { getAllLambdas, printAvailableLambdas } from './lambdaUtils'
 import { sleep } from '../utils/requestUtils'
 import ora from '../utils/oraWrapper'
-
-type LambdaOptions = {
-  functionName?: string
-  listFunctions?: boolean
-  region?: string
-  endpointUrl?: string
-  profile?: string
-  help?: boolean
-  verbose?: boolean
-  jsonOutput?: boolean
-  _unknown?: string[]
-}
+import { postAnalytics } from './analytics'
+import { LambdaOptions, AnalyticsOption, StatusType, EventType } from './types'
 
 type ApiParams = {
   organizationId: string
@@ -74,10 +64,20 @@ const getLambdaOptions = (argv: string[]) => {
 }
 
 const processLambda = async (argv: string[]) => {
+  let errorMsg
+  let scanInfo: { functionArn: string; scanId: string } | undefined
+  const commandSessionId = Date.now().toString(36)
   try {
     const lambdaOptions = getLambdaOptions(argv)
     const { help } = lambdaOptions
-
+    const startCommandAnalytics: AnalyticsOption = {
+      arguments: lambdaOptions,
+      sessionId: commandSessionId,
+      eventType: EventType.START
+    }
+    postAnalytics(startCommandAnalytics).catch((error: Error) => {
+      /* ignore */
+    })
     if (help) {
       return handleLambdaHelp()
     }
@@ -87,15 +87,33 @@ const processLambda = async (argv: string[]) => {
     if (lambdaOptions.listFunctions) {
       await getAvailableFunctions(lambdaOptions)
     } else {
-      await actualProcessLambda(lambdaOptions)
+      scanInfo = await actualProcessLambda(lambdaOptions)
     }
   } catch (error) {
     if (error instanceof CliError) {
-      console.error(error.getErrorMessage())
+      errorMsg = error.getErrorMessage()
     } else if (error instanceof Error) {
-      console.error(error.message)
+      errorMsg = error.message
+    }
+  } finally {
+    const endCommandAnalytics: AnalyticsOption = {
+      sessionId: commandSessionId,
+      eventType: EventType.END,
+      status: errorMsg ? StatusType.FAILED : StatusType.SUCCESS
+    }
+    if (errorMsg) {
+      endCommandAnalytics.errorMsg = errorMsg
+      console.error(errorMsg)
+    }
+    if (scanInfo) {
+      endCommandAnalytics.scanFunctionData = scanInfo
+    }
+    await postAnalytics(endCommandAnalytics).catch((error: Error) => {
+      /* ignore */
+    })
+    if (errorMsg) {
+      process.exit(1)
     }
-    process.exit(1)
   }
 }
 
@@ -162,6 +180,8 @@ const actualProcessLambda = async (lambdaOptions: LambdaOptions) => {
   if (results?.length) {
     printResults(results)
   }
+
+  return { functionArn, scanId }
 }
 
 const validateRequiredLambdaParams = (options: LambdaOptions) => {

package/src/lambda/types.ts

@@ -0,0 +1,35 @@
+export enum StatusType {
+  FAILED = 'failed',
+  SUCCESS = 'success'
+}
+
+export enum EventType {
+  START = 'start_command_session',
+  END = 'end_command_session'
+}
+
+export type LambdaOptions = {
+  functionName?: string
+  listFunctions?: boolean
+  region?: string
+  endpointUrl?: string
+  profile?: string
+  help?: boolean
+  verbose?: boolean
+  jsonOutput?: boolean
+  _unknown?: string[]
+}
+
+type ScanFunctionData = {
+  functionArn: string
+  scanId: string
+}
+
+export type AnalyticsOption = {
+  sessionId: string
+  eventType: EventType
+  arguments?: LambdaOptions
+  scanFunctionData?: ScanFunctionData
+  status?: StatusType
+  errorMsg?: string
+}

package/src/lambda/utils.ts

@@ -19,13 +19,8 @@ class PrintVulnerability {
   whatHappened: string
 
   constructor(index: number, vulnerability: any, group?: any[]) {
-    const {
-      severityText,
-      title,
-      description,
-      remediation,
-      categoryText
-    } = vulnerability
+    const { severityText, title, description, remediation, categoryText } =
+      vulnerability
 
     this.group = group
     this.vulnerability = vulnerability