npm - @contrast/contrast - Versions diffs - 1.0.5 → 1.0.8 - Mend

@contrast/contrast 1.0.5 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (138) hide show

package/.prettierignore +0 -5
package/dist/audit/autodetection/autoDetectLanguage.js +3 -3
package/dist/audit/catalogueApplication/catalogueApplication.js +23 -5
package/dist/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +4 -2
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +2 -1
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +2 -1
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +2 -1
package/dist/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +5 -5
package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js +9 -9
package/dist/audit/languageAnalysisEngine/index.js +2 -2
package/dist/audit/languageAnalysisEngine/languageAnalysisFactory.js +6 -27
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +25 -5
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +99 -20
package/dist/audit/languageAnalysisEngine/report/models/reportListModel.js +2 -1
package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js +24 -0
package/dist/audit/languageAnalysisEngine/report/models/reportSeverityModel.js +3 -1
package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js +16 -0
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +35 -14
package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js +58 -47
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +65 -3
package/dist/audit/save.js +29 -0
package/dist/commands/audit/auditController.js +22 -6
package/dist/commands/audit/help.js +24 -1
package/dist/commands/audit/processAudit.js +8 -2
package/dist/commands/audit/saveFile.js +7 -3
package/dist/commands/scan/processScan.js +1 -1
package/dist/commands/scan/sca/scaAnalysis.js +48 -11
package/dist/common/HTTPClient.js +56 -15
package/dist/common/errorHandling.js +6 -1
package/dist/common/versionChecker.js +20 -5
package/dist/constants/constants.js +13 -3
package/dist/constants/locales.js +15 -12
package/dist/constants.js +9 -4
package/dist/index.js +4 -3
package/dist/lambda/analytics.js +11 -0
package/dist/lambda/lambda.js +35 -4
package/dist/lambda/types.js +13 -0
package/dist/sbom/generateSbom.js +4 -3
package/dist/scaAnalysis/common/formatMessage.js +46 -1
package/dist/scaAnalysis/common/treeUpload.js +1 -3
package/dist/scaAnalysis/go/goAnalysis.js +17 -0
package/dist/scaAnalysis/go/goParseDeps.js +158 -0
package/dist/scaAnalysis/go/goReadDepFile.js +21 -0
package/dist/scaAnalysis/java/analysis.js +11 -22
package/dist/scaAnalysis/java/index.js +6 -6
package/dist/scaAnalysis/java/javaBuildDepsParser.js +14 -1
package/dist/scaAnalysis/javascript/analysis.js +110 -0
package/dist/scaAnalysis/javascript/index.js +41 -0
package/dist/scaAnalysis/php/analysis.js +89 -0
package/dist/scaAnalysis/php/index.js +10 -0
package/dist/scaAnalysis/python/analysis.js +42 -0
package/dist/scaAnalysis/python/index.js +10 -0
package/dist/scaAnalysis/ruby/analysis.js +226 -0
package/dist/scaAnalysis/ruby/index.js +10 -0
package/dist/scan/autoDetection.js +8 -4
package/dist/scan/fileUtils.js +26 -8
package/dist/scan/formatScanOutput.js +18 -17
package/dist/scan/models/groupedResultsModel.js +1 -1
package/dist/scan/models/scanResultsModel.js +3 -1
package/dist/scan/populateProjectIdAndProjectName.js +2 -1
package/dist/scan/scan.js +5 -3
package/dist/scan/scanConfig.js +6 -1
package/dist/scan/scanController.js +26 -6
package/dist/scan/scanResults.js +20 -6
package/dist/utils/commonApi.js +4 -1
package/dist/utils/filterProjectPath.js +7 -2
package/dist/utils/oraWrapper.js +5 -1
package/package.json +13 -9
package/src/audit/autodetection/autoDetectLanguage.ts +3 -3
package/src/audit/catalogueApplication/catalogueApplication.js +28 -7
package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +11 -8
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +2 -1
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +2 -1
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +2 -1
package/src/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +5 -5
package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js +11 -11
package/src/audit/languageAnalysisEngine/index.js +2 -2
package/src/audit/languageAnalysisEngine/languageAnalysisFactory.js +11 -31
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +35 -32
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts +179 -25
package/src/audit/languageAnalysisEngine/report/models/reportLibraryModel.ts +3 -3
package/src/audit/languageAnalysisEngine/report/models/reportListModel.ts +18 -11
package/src/audit/languageAnalysisEngine/report/models/reportOutputModel.ts +29 -0
package/src/audit/languageAnalysisEngine/report/models/reportSeverityModel.ts +12 -3
package/src/audit/languageAnalysisEngine/report/models/severityCountModel.ts +20 -0
package/src/audit/languageAnalysisEngine/report/reportingFeature.ts +50 -18
package/src/audit/languageAnalysisEngine/report/utils/reportUtils.ts +88 -66
package/src/audit/languageAnalysisEngine/sendSnapshot.js +78 -3
package/src/audit/save.js +32 -0
package/src/commands/audit/auditController.ts +23 -15
package/src/commands/audit/help.ts +24 -1
package/src/commands/audit/processAudit.ts +7 -4
package/src/commands/audit/saveFile.ts +5 -1
package/src/commands/scan/processScan.js +2 -1
package/src/commands/scan/sca/scaAnalysis.js +70 -29
package/src/common/HTTPClient.js +72 -25
package/src/common/errorHandling.ts +10 -1
package/src/common/versionChecker.ts +24 -5
package/src/constants/constants.js +13 -3
package/src/constants/locales.js +15 -12
package/src/constants.js +9 -4
package/src/index.ts +5 -3
package/src/lambda/analytics.ts +9 -0
package/src/lambda/arn.ts +2 -1
package/src/lambda/lambda.ts +37 -17
package/src/lambda/types.ts +35 -0
package/src/lambda/utils.ts +2 -7
package/src/sbom/generateSbom.ts +1 -1
package/src/scaAnalysis/common/formatMessage.js +51 -1
package/src/scaAnalysis/common/treeUpload.js +1 -6
package/src/scaAnalysis/go/goAnalysis.js +19 -0
package/src/scaAnalysis/go/goParseDeps.js +203 -0
package/src/scaAnalysis/go/goReadDepFile.js +30 -0
package/src/scaAnalysis/java/analysis.js +15 -32
package/src/scaAnalysis/java/index.js +6 -6
package/src/scaAnalysis/java/javaBuildDepsParser.js +15 -2
package/src/scaAnalysis/javascript/analysis.js +127 -0
package/src/scaAnalysis/javascript/index.js +56 -0
package/src/scaAnalysis/php/analysis.js +98 -0
package/src/scaAnalysis/php/index.js +11 -0
package/src/scaAnalysis/python/analysis.js +49 -0
package/src/scaAnalysis/python/index.js +11 -0
package/src/scaAnalysis/ruby/analysis.js +282 -0
package/src/scaAnalysis/ruby/index.js +11 -0
package/src/scan/autoDetection.js +11 -7
package/src/scan/fileUtils.js +27 -8
package/src/scan/formatScanOutput.ts +26 -18
package/src/scan/models/groupedResultsModel.ts +3 -3
package/src/scan/models/resultContentModel.ts +1 -1
package/src/scan/models/scanResultsModel.ts +5 -2
package/src/scan/populateProjectIdAndProjectName.js +3 -1
package/src/scan/scan.ts +8 -6
package/src/scan/scanConfig.js +5 -1
package/src/scan/scanController.js +30 -9
package/src/scan/scanResults.js +31 -10
package/src/utils/commonApi.js +4 -1
package/src/utils/filterProjectPath.js +6 -2
package/src/utils/oraWrapper.js +6 -1

package/src/scaAnalysis/javascript/index.js ADDED Viewed

@@ -0,0 +1,56 @@
+const analysis = require('./analysis')
+const i18n = require('i18n')
+const formatMessage = require('../common/formatMessage')
+const jsAnalysis = async (config, languageFiles) => {
+  if (
+    languageFiles.JAVASCRIPT.includes('package-lock.json') &&
+    languageFiles.JAVASCRIPT.includes('yarn.lock')
+  ) {
+    console.log(i18n.__('languageAnalysisMultipleLanguages1'))
+    return
+  }
+  return buildNodeTree(config, languageFiles.JAVASCRIPT)
+}
+const buildNodeTree = async (config, files) => {
+  let analysis = await readFiles(config, files)
+  const rawNode = await parseFiles(config, files, analysis)
+  return formatMessage.createJavaScriptTSMessage(rawNode)
+}
+const readFiles = async (config, files) => {
+  let js = {}
+  js.packageJSON = JSON.parse(
+    await analysis.readFile(config, files, 'package.json')
+  )
+  if (files.includes('package-lock.json')) {
+    js.rawLockFileContents = await analysis.readFile(
+      config,
+      files,
+      'package-lock.json'
+    )
+  }
+  if (files.includes('yarn.lock')) {
+    js.yarn = {}
+    js.yarn = await analysis.readYarn(config, files, 'yarn.lock')
+  }
+  return js
+}
+const parseFiles = async (config, files, js) => {
+  if (files.includes('package-lock.json')) {
+    js.npmLockFile = await analysis.parseNpmLockFile(js)
+  }
+  if (files.includes('yarn.lock')) {
+    js = await analysis.parseYarnLockFile(js)
+  }
+  return js
+}
+module.exports = {
+  jsAnalysis
+}

package/src/scaAnalysis/php/analysis.js ADDED Viewed

@@ -0,0 +1,98 @@
+const fs = require('fs')
+const i18n = require('i18n')
+const _ = require('lodash')
+let php = {}
+const readProjectFile = (projectPath, customFile) => {
+  const filePath = filePathForWindows(projectPath + customFile)
+  try {
+    php.composerJSON = JSON.parse(fs.readFileSync(filePath, 'utf8')) //wrong here
+    php.composerJSON.dependencies = php.composerJSON.require
+    php.composerJSON.devDependencies = php.composerJSON['require-dev']
+    return php
+  } catch (err) {
+    console.log(err.message.toString())
+  }
+}
+const readAndParseLockFile = (projectPath, customFile) => {
+  const filePath = filePathForWindows(projectPath + customFile)
+  try {
+    php.rawLockFileContents = JSON.parse(fs.readFileSync(filePath, 'utf8'))
+    php.lockFile = php.rawLockFileContents
+    let packages = _.keyBy(php.lockFile.packages, 'name')
+    let packagesDev = _.keyBy(php.lockFile['packages-dev'], 'name')
+    php.lockFile.dependencies = _.merge(packages, packagesDev)
+    const listOfTopDep = Object.keys(php.lockFile.dependencies)
+    Object.entries(php.lockFile.dependencies).forEach(([key, value]) => {
+      if (value.require) {
+        const listOfRequiresDep = Object.keys(value.require)
+        listOfRequiresDep.forEach(dep => {
+          if (!listOfTopDep.includes(dep)) {
+            addChildDepToLockFileAsOwnObj(php, value['require'], dep)
+          }
+        })
+      }
+      if (value['require-dev']) {
+        const listOfRequiresDep = Object.keys(value['require-dev'])
+        listOfRequiresDep.forEach(dep => {
+          if (!listOfTopDep.includes(dep)) {
+            addChildDepToLockFileAsOwnObj(php, value['require-dev'], dep)
+          }
+        })
+      }
+    })
+    formatParentDepToLockFile(php)
+    delete php.rawLockFileContents
+    return php
+  } catch (err) {
+    return console.log(i18n.__('phpParseComposerLock', php) + `${err.message}`) // not sure on this
+  }
+}
+const getPhpDeps = (config, files) => {
+  try {
+    return (
+      readProjectFile(config.file, files[0].projectFilename),
+      readAndParseLockFile(config.file, files[1].lockFilename)
+    )
+  } catch (err) {
+    console.log(err.message.toString())
+    process.exit(1)
+  }
+}
+const filePathForWindows = path => {
+  if (process.platform === 'win32') {
+    path = path.replace(/\//g, '\\')
+  }
+  return path
+}
+function addChildDepToLockFileAsOwnObj(php, depObj, key) {
+  php.lockFile.dependencies[key] = { version: depObj[key] }
+}
+function formatParentDepToLockFile(php) {
+  for (const [key, value] of Object.entries(php.lockFile.dependencies)) {
+    let requires = {}
+    for (const [childKey, childValue] of Object.entries(value)) {
+      if (childKey === 'require' || childKey === 'require-dev') {
+        requires = _.merge(requires, childValue)
+        php.lockFile.dependencies[key].requires = requires
+        delete php.lockFile.dependencies[key].require
+        delete php.lockFile.dependencies[key]['require-dev']
+      }
+    }
+  }
+}
+module.exports = {
+  getPhpDeps,
+  readAndParseLockFile,
+  readProjectFile
+}

package/src/scaAnalysis/php/index.js ADDED Viewed

@@ -0,0 +1,11 @@
+const { getPhpDeps } = require('./analysis')
+const { createPhpTSMessage } = require('../common/formatMessage')
+const phpAnalysis = (config, languageFiles) => {
+  const phpDeps = getPhpDeps(config, languageFiles.PHP)
+  return createPhpTSMessage(phpDeps)
+}
+module.exports = {
+  phpAnalysis
+}

package/src/scaAnalysis/python/analysis.js ADDED Viewed

@@ -0,0 +1,49 @@
+const multiReplace = require('string-multiple-replace')
+const fs = require('fs')
+const readAndParseProjectFile = file => {
+  const filePath = filePathForWindows(file + '/Pipfile')
+  const pipFile = fs.readFileSync(filePath, 'utf8')
+  const matcherObj = { '"': '' }
+  const sequencer = ['"']
+  const parsedPipfile = multiReplace(pipFile, matcherObj, sequencer)
+  const pythonArray = parsedPipfile.split('\n')
+  return pythonArray.filter(element => element !== '' && !element.includes('#'))
+}
+const readAndParseLockFile = file => {
+  const filePath = filePathForWindows(file + '/Pipfile.lock')
+  const lockFile = fs.readFileSync(filePath, 'utf8')
+  let parsedPipLock = JSON.parse(lockFile)
+  parsedPipLock['defaults'] = parsedPipLock['default']
+  delete parsedPipLock['default']
+  return parsedPipLock
+}
+const getPythonDeps = config => {
+  try {
+    const parseProject = readAndParseProjectFile(config.file)
+    const parsePip = readAndParseLockFile(config.file)
+    return { pipfileLock: parsePip, pipfilDependanceies: parseProject }
+  } catch (err) {
+    console.log(err.message.toString())
+    process.exit(1)
+  }
+}
+const filePathForWindows = path => {
+  if (process.platform === 'win32') {
+    path = path.replace(/\//g, '\\')
+  }
+  return path
+}
+module.exports = {
+  getPythonDeps,
+  readAndParseProjectFile,
+  readAndParseLockFile
+}

package/src/scaAnalysis/python/index.js ADDED Viewed

@@ -0,0 +1,11 @@
+const { createPythonTSMessage } = require('../common/formatMessage')
+const { getPythonDeps } = require('./analysis')
+const pythonAnalysis = (config, languageFiles) => {
+  const pythonDeps = getPythonDeps(config, languageFiles.PYTHON)
+  return createPythonTSMessage(pythonDeps)
+}
+module.exports = {
+  pythonAnalysis
+}

package/src/scaAnalysis/ruby/analysis.js ADDED Viewed

@@ -0,0 +1,282 @@
+const fs = require('fs')
+const readAndParseGemfile = file => {
+  const fileName = filePathForWindows(file + '/Gemfile')
+  const gemFile = fs.readFileSync(fileName, 'utf8')
+  const rubyArray = gemFile.split('\n')
+  let filteredRubyDep = rubyArray.filter(element => {
+    return (
+      !element.includes('#') &&
+      element.includes('gem') &&
+      !element.includes('source')
+    )
+  })
+  for (let i = 0; i < filteredRubyDep.length; i++) {
+    filteredRubyDep[i] = filteredRubyDep[i].trim()
+  }
+  return filteredRubyDep
+}
+const readAndParseGemLockFile = file => {
+  const fileName = filePathForWindows(file + '/Gemfile.lock')
+  const lockFile = fs.readFileSync(fileName, 'utf8')
+  const dependencyRegEx = /^\s*([A-Za-z0-9.!@#$%\-^&*_+]*)\s*(\((.*?)\))/
+  const lines = lockFile.split('\n')
+  return {
+    dependencies: getDirectDependencies(lines, dependencyRegEx),
+    runtimeDetails: getLockFileRuntimeInfo(lines),
+    sources: getSourceArray(lines, dependencyRegEx)
+  }
+}
+const nonDependencyKeys = (line, sourceObject) => {
+  const GEMFILE_KEY_VALUE = /^\s*([^:(]*)\s*\:*\s*(.*)/
+  let parts = GEMFILE_KEY_VALUE.exec(line)
+  let key = parts[1].trim()
+  let value = parts[2] || ''
+  sourceObject[key] = value
+  return sourceObject
+}
+const populateResolveAndPlatform = (version, sourceObject) => {
+  const depArr = version.split('-')
+  sourceObject.resolved = depArr[0]
+  sourceObject.platform = depArr.length > 1 ? depArr[1] : 'UNSPECIFIED'
+  return sourceObject
+}
+const isUpperCase = str => {
+  return str === str.toUpperCase()
+}
+const getDirectDependencies = (lines, dependencyRegEx) => {
+  const dependencies = {}
+  let depIndex = 0
+  for (let i = 0; i < lines.length; i++) {
+    if (lines[i] === 'DEPENDENCIES') {
+      depIndex = i
+    }
+  }
+  const getDepArray = lines.slice(depIndex)
+  for (let j = 1; j < getDepArray.length; j++) {
+    const element = getDepArray[j]
+    if (!isUpperCase(element)) {
+      const isDependencyWithVersion = dependencyRegEx.test(element)
+      if (isDependencyWithVersion) {
+        const dependency = dependencyRegEx.exec(element)
+        let name = dependency[1]
+        name = name.replace('!', '')
+        dependencies[name.trim()] = dependency[3]
+      } else {
+        let name = element
+        name = name.replace('!', ' ')
+        dependencies[name.trim()] = 'UNSPECIFIED'
+      }
+    }
+  }
+  return dependencies
+}
+const getLockFileRuntimeInfo = lines => {
+  let rubVersionIndex = 0
+  for (let i = 0; i < lines.length; i++) {
+    if (lines[i] === 'RUBY VERSION') {
+      rubVersionIndex = i
+      break
+    }
+  }
+  const runtimeDetails = {}
+  if (rubVersionIndex !== 0) {
+    const getRubyVersionArray = lines.slice(rubVersionIndex)
+    for (let element of getRubyVersionArray) {
+      if (!isUpperCase(element)) {
+        runtimeDetails['version'] = getVersion(element)
+        runtimeDetails['patchLevel'] = getPatchLevel(element)
+        if (element.includes('engine')) {
+          let splitElement = element.split(' ')
+          runtimeDetails[splitElement[0]] = splitElement[1]
+        }
+      }
+    }
+  }
+  return runtimeDetails
+}
+const getVersion = element => {
+  const versionRegex = /^([ruby\s0-9.*]+)/
+  if (versionRegex.test(element)) {
+    let version = versionRegex.exec(element)[0]
+    if (version.includes('ruby')) {
+      return trimWhiteSpace(version.replace('ruby', ''))
+    }
+  }
+}
+const getPatchLevel = element => {
+  const patchLevelRegex = /(p\d+)/
+  if (patchLevelRegex.test(element)) {
+    return patchLevelRegex.exec(element)[0]
+  }
+}
+const formatSourceArr = sourceArr => {
+  return sourceArr.map(element => {
+    if (element.sourceType === 'GIT') {
+      delete element.specs
+    }
+    if (element.sourceType === 'GEM') {
+      delete element.branch
+      delete element.revision
+      delete element.depthLevel
+      delete element.specs
+    }
+    if (element.sourceType === 'PATH') {
+      delete element.branch
+      delete element.revision
+      delete element.depthLevel
+      delete element.specs
+      delete element.platform
+    }
+    return element
+  })
+}
+const getSourceArray = (lines, dependencyRegEx) => {
+  const sourceObject = {
+    dependencies: {}
+  }
+  const whitespaceRegx = /^(\s*)/
+  let index = 0
+  let line = 0
+  const sources = []
+  while ((line = lines[index++]) !== undefined) {
+    let currentWS = whitespaceRegx.exec(line)[1].length
+    if (!line.includes(' bundler (')) {
+      if (currentWS === 0 && !line.includes(':') && line !== '') {
+        sourceObject.sourceType = line
+      }
+      if (currentWS !== 0 && line.includes(':')) {
+        nonDependencyKeys(line, sourceObject)
+      }
+      if (currentWS > 2) {
+        let nexlineWS = whitespaceRegx.exec(lines[index])[1].length
+        sourceObject.dependencies = buildSourceDependencyWithVersion(
+          whitespaceRegx,
+          dependencyRegEx,
+          line,
+          currentWS,
+          sourceObject.name,
+          sourceObject.dependencies
+        )
+        if (currentWS === 4 && sourceObject.depthLevel === undefined) {
+          const dependency = dependencyRegEx.exec(line)
+          sourceObject.name = dependency[1]
+          sourceObject.depthLevel = currentWS
+          populateResolveAndPlatform(dependency[3], sourceObject)
+        }
+        if (currentWS === 4 && sourceObject.depthLevel) {
+          // create new Parent
+          const dependency = dependencyRegEx.exec(line)
+          sourceObject.name = dependency[1]
+          sourceObject.depthLevel = currentWS
+          populateResolveAndPlatform(dependency[3], sourceObject)
+        }
+        if (
+          (currentWS === 4 && nexlineWS === 4) ||
+          (currentWS === 6 && nexlineWS === 4) ||
+          nexlineWS == ''
+        ) {
+          let newObj = {}
+          newObj = JSON.parse(JSON.stringify(sourceObject))
+          sources.push(newObj)
+          sourceObject.dependencies = {}
+        }
+      }
+    }
+  }
+  return formatSourceArr(sources)
+}
+const buildSourceDependencyWithVersion = (
+  whitespaceRegx,
+  dependencyRegEx,
+  line,
+  currentWhiteSpace,
+  name,
+  dependencies
+) => {
+  const isDependencyWithVersion = dependencyRegEx.test(line)
+  if (currentWhiteSpace === 6) {
+    const dependency = dependencyRegEx.exec(line)
+    if (isDependencyWithVersion) {
+      if (name !== dependency[1]) {
+        dependencies[dependency[1]] = dependency[3]
+      }
+    } else {
+      dependencies[line.trim()] = 'UNSPECIFIED'
+    }
+  }
+  return dependencies
+}
+const getRubyDeps = config => {
+  try {
+    const parsedGem = readAndParseGemfile(config.file)
+    const parsedLock = readAndParseGemLockFile(config.file)
+    return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock }
+  } catch (err) {
+    console.log(err.message)
+    process.exit(1)
+  }
+}
+const trimWhiteSpace = string => {
+  return string.replace(/\s+/g, '')
+}
+const filePathForWindows = path => {
+  if (process.platform === 'win32') {
+    path = path.replace(/\//g, '\\')
+  }
+  return path
+}
+module.exports = {
+  getRubyDeps,
+  readAndParseGemfile,
+  readAndParseGemLockFile,
+  nonDependencyKeys,
+  populateResolveAndPlatform,
+  isUpperCase,
+  getDirectDependencies,
+  getLockFileRuntimeInfo,
+  getVersion,
+  getPatchLevel,
+  formatSourceArr,
+  getSourceArray
+}

package/src/scaAnalysis/ruby/index.js ADDED Viewed

@@ -0,0 +1,11 @@
+const analysis = require('./analysis')
+const { createRubyTSMessage } = require('../common/formatMessage')
+const rubyAnalysis = (config, languageFiles) => {
+  const rubyDeps = analysis.getRubyDeps(config, languageFiles.RUBY)
+  return createRubyTSMessage(rubyDeps)
+}
+module.exports = {
+  rubyAnalysis
+}

package/src/scan/autoDetection.js CHANGED Viewed

@@ -14,6 +14,11 @@ const autoDetectFileAndLanguage = async configToUse => {
       process.exit(1)
     }
+    if (fileFinder.fileIsEmpty(entries[0])) {
+      console.log(i18n.__('scanFileIsEmpty'))
+      process.exit(1)
+    }
     configToUse.file = entries[0]
     if (configToUse.name === undefined) {
       configToUse.name = entries[0]
@@ -38,19 +43,18 @@ const autoDetectAuditFilesAndLanguages = async () => {
     return languagesFound
   } else {
     console.log(
-      'found multiple languages, please specify one using --file to run SCA analysis'
+      'found multiple languages, please specify one using --file to run SCA audit'
     )
   }
 }
-const manualDetectAuditFilesAndLanguages = async projectPath => {
-  let projectRootFilenames = await rootFile.getProjectRootFilenames(projectPath)
-  let identifiedLanguages = languageResolver.deduceLanguageScaAnalysis(
-    projectRootFilenames
-  )
+const manualDetectAuditFilesAndLanguages = file => {
+  let projectRootFilenames = rootFile.getProjectRootFilenames(file)
+  let identifiedLanguages =
+    languageResolver.deduceLanguageScaAnalysis(projectRootFilenames)
   if (Object.keys(identifiedLanguages).length === 0) {
-    console.log(i18n.__('languageAnalysisNoLanguage', projectPath))
+    console.log(i18n.__('languageAnalysisNoLanguage', file))
     return []
   }
   return [identifiedLanguages]

package/src/scan/fileUtils.js CHANGED Viewed

@@ -22,14 +22,14 @@ const findFilesJava = async languagesFound => {
   )
   if (result.length > 0) {
-    return languagesFound.push({ java: result })
+    return languagesFound.push({ JAVA: result })
   }
   return languagesFound
 }
 const findFilesJavascript = async languagesFound => {
   const result = await fg(
-    ['**/package.json', '**/yarn.lock', '**/package.lock.json'],
+    ['**/package.json', '**/yarn.lock', '**/package-lock.json'],
     {
       dot: false,
       deep: 1,
@@ -38,7 +38,7 @@ const findFilesJavascript = async languagesFound => {
   )
   if (result.length > 0) {
-    return languagesFound.push({ javascript: result })
+    return languagesFound.push({ JAVASCRIPT: result })
   }
   return languagesFound
 }
@@ -51,7 +51,7 @@ const findFilesPython = async languagesFound => {
   })
   if (result.length > 0) {
-    return languagesFound.push({ python: result })
+    return languagesFound.push({ PYTHON: result })
   }
   return languagesFound
 }
@@ -64,7 +64,7 @@ const findFilesGo = async languagesFound => {
   })
   if (result.length > 0) {
-    return languagesFound.push({ go: result })
+    return languagesFound.push({ GO: result })
   }
   return languagesFound
 }
@@ -77,7 +77,7 @@ const findFilesRuby = async languagesFound => {
   })
   if (result.length > 0) {
-    return languagesFound.push({ ruby: result })
+    return languagesFound.push({ RUBY: result })
   }
   return languagesFound
 }
@@ -90,7 +90,7 @@ const findFilesPhp = async languagesFound => {
   })
   if (result.length > 0) {
-    return languagesFound.push({ php: result })
+    return languagesFound.push({ PHP: result })
   }
   return languagesFound
 }
@@ -110,6 +110,24 @@ const fileExists = path => {
   return fs.existsSync(path)
 }
+const fileIsEmpty = path => {
+  if (fileExists(path) && checkFilePermissions(path)) {
+    try {
+      return fs.readFileSync(path).length === 0
+    } catch (e) {
+      if (
+        e.message.toString().includes('illegal operation on a directory, read')
+      ) {
+        console.log('file provided cannot be a directory')
+      } else {
+        console.log(e.message.toString())
+      }
+      process.exit(0)
+    }
+  }
+  return false
+}
 module.exports = {
   findFile,
   fileExists,
@@ -119,5 +137,6 @@ module.exports = {
   findFilesPython,
   findFilesGo,
   findFilesPhp,
-  findFilesRuby
+  findFilesRuby,
+  fileIsEmpty
 }