@contrast/contrast 1.0.5 → 1.0.8

package/src/scan/formatScanOutput.ts

@@ -1,4 +1,7 @@
-import { ProjectOverview, ScanResultsModel } from './models/scanResultsModel'
+import {
+  ScanResultsInstances,
+  ScanResultsModel
+} from './models/scanResultsModel'
 import i18n from 'i18n'
 import chalk from 'chalk'
 import { ResultContent } from './models/resultContentModel'
@@ -16,7 +19,7 @@ import {
 export function formatScanOutput(scanResults: ScanResultsModel) {
   const { scanResultsInstances } = scanResults
 
-  let projectOverview = getProjectOverview(scanResultsInstances.content)
+  const projectOverview = getProjectOverview(scanResultsInstances)
   if (scanResultsInstances.content.length === 0) {
     console.log(i18n.__('scanNoVulnerabilitiesFound'))
     console.log(i18n.__('scanNoVulnerabilitiesFoundSecureCode'))
@@ -58,7 +61,7 @@ export function formatScanOutput(scanResults: ScanResultsModel) {
       })
       let learnRow: string[] = []
       let adviceRow = []
-      let headerRow = [
+      const headerRow = [
         chalk
           .hex(entry.colour)
           .bold(`CONTRAST-${count.toString().padStart(3, '0')}`),
@@ -66,12 +69,15 @@ export function formatScanOutput(scanResults: ScanResultsModel) {
         chalk.hex(entry.colour).bold(`[${entry.severity}] ${entry.ruleId}`) +
           entry.message
       ]
-      let codeRow = [
+
+      const codePath = entry.codePath?.replace(/^@/, '')
+
+      const codeRow = [
         chalk.hex('#F6F5F5').bold(`Code`),
         chalk.hex('#F6F5F5').bold(`:`),
-        chalk.hex('#F6F5F5').bold(`${entry.codePath}`)
+        chalk.hex('#F6F5F5').bold(`${codePath}`)
       ]
-      let issueRow = [chalk.bold(`Issue`), chalk.bold(`:`), `${entry.issue}`]
+      const issueRow = [chalk.bold(`Issue`), chalk.bold(`:`), `${entry.issue}`]
 
       table.push(headerRow, codeRow, issueRow)
 
@@ -118,8 +124,8 @@ function printVulnInfo(projectOverview: any) {
   )
 }
 
-export function getProjectOverview(content: ResultContent[]) {
-  let acc: any = {
+export function getProjectOverview(scanResultsInstances: ScanResultsInstances) {
+  const acc: any = {
     critical: 0,
     high: 0,
     medium: 0,
@@ -127,17 +133,22 @@ export function getProjectOverview(content: ResultContent[]) {
     note: 0,
     total: 0
   }
-  content.forEach((i: ResultContent) => {
-    acc[i.severity.toLowerCase()] += 1
-    acc.total += 1
-    return acc
-  })
+  if (
+    scanResultsInstances?.content &&
+    scanResultsInstances.content.length > 0
+  ) {
+    scanResultsInstances.content.forEach((i: ResultContent) => {
+      acc[i.severity.toLowerCase()] += 1
+      acc.total += 1
+      return acc
+    })
+  }
 
   return acc
 }
 
 export function formatLinks(objName: string, entry: any[]) {
-  let line = chalk.bold(objName + '  : ')
+  const line = chalk.bold(objName + '  : ')
   if (entry.length === 1) {
     console.log(line + chalk.hex('#97DCF7').bold.underline(entry[0]))
   } else {
@@ -207,10 +218,7 @@ export function getCodeFlowInfo(resultEntry: ResultContent) {
 }
 
 export function stripTags(oldString: string) {
-  return oldString
-    .replace(/\n/g, ' ')
-    .replace(/\s+/g, ' ')
-    .trim()
+  return oldString.replace(/\n/g, ' ').replace(/\s+/g, ' ').trim()
 }
 
 export function assignBySeverity(

package/src/scan/models/groupedResultsModel.ts

@@ -9,12 +9,12 @@ export class GroupedResultsModel {
   issue?: string
   priority?: number
   message?: string | undefined
-  colour: string;
-  codePath?: string;
+  colour: string
+  codePath?: string
 
   constructor(ruleId: string) {
     this.ruleId = ruleId
     this.colour = '#999999'
-    this.codePathSet = new Set<string>
+    this.codePathSet = new Set<string>()
   }
 }

package/src/scan/models/resultContentModel.ts

@@ -52,7 +52,7 @@ export interface CodeFlow {
 }
 
 export interface ResultContent {
-  message?: {text :string};
+  message?: { text: string }
   id: string
   organizationId: string
   projectId: string

package/src/scan/models/scanResultsModel.ts

@@ -4,11 +4,14 @@ export class ScanResultsModel {
   projectOverview: ProjectOverview
   scanDetail: ScanDetail
   scanResultsInstances: ScanResultsInstances
+  newProject: boolean
 
   constructor(scan: any) {
     this.projectOverview = scan.projectOverview as ProjectOverview
     this.scanDetail = scan.scanDetail as ScanDetail
-    this.scanResultsInstances = scan.scanResultsInstances as ScanResultsInstances
+    this.scanResultsInstances =
+      scan.scanResultsInstances as ScanResultsInstances
+    this.newProject = scan.newProject
   }
 }
 
@@ -49,4 +52,4 @@ export interface ScanDetail {
 
 export interface ScanResultsInstances {
   content: ResultContent[]
-}
+}

package/src/scan/populateProjectIdAndProjectName.js

@@ -8,9 +8,11 @@ const populateProjectId = async config => {
     proj = await getExistingProjectIdByName(config, client).then(res => {
       return res
     })
+
+    return { projectId: proj, isNewProject: false }
   }
 
-  return proj
+  return { projectId: proj, isNewProject: true }
 }
 
 const createProjectId = async (config, client) => {

package/src/scan/scan.ts

@@ -40,22 +40,24 @@ export const sendScan = async (config: any) => {
           return res.body.id
         } else {
           if (config.debug) {
-            console.log(res.statusCode)
             console.log(config)
+            oraWrapper.failSpinner(
+              startUploadSpinner,
+              i18n.__('uploadingScanFail')
+            )
+            console.log(i18n.__('genericServiceError', res.statusCode))
           }
-          oraWrapper.failSpinner(
-            startUploadSpinner,
-            i18n.__('uploadingScanFail')
-          )
           if (res.statusCode === 403) {
             console.log(i18n.__('permissionsError'))
             process.exit(1)
           }
-          console.log(i18n.__('genericServiceError', res.statusCode))
+          oraWrapper.stopSpinner(startUploadSpinner)
+          console.log('Contrast Scan Finished')
           process.exit(1)
         }
       })
       .catch(err => {
+        oraWrapper.stopSpinner(startUploadSpinner)
         console.log(err)
       })
   }

package/src/scan/scanConfig.js

@@ -31,11 +31,15 @@ const getScanConfig = argv => {
   }
 
   // if no name, take the full file path and use it as the project name
+  let projectNameSource
   if (!scanParams.name && scanParams.file) {
     scanParams.name = getFileName(scanParams.file)
+    projectNameSource = 'AUTO'
+  } else {
+    projectNameSource = 'USER'
   }
 
-  return { ...paramsAuth, ...scanParams }
+  return { ...paramsAuth, ...scanParams, projectNameSource }
 }
 
 const getFileName = file => {

package/src/scan/scanController.js

@@ -2,7 +2,8 @@ const i18n = require('i18n')
 const {
   returnOra,
   startSpinner,
-  succeedSpinner
+  succeedSpinner,
+  stopSpinner
 } = require('../utils/oraWrapper')
 const populateProjectIdAndProjectName = require('./populateProjectIdAndProjectName')
 const scan = require('./scan')
@@ -28,6 +29,11 @@ const fileAndLanguageLogic = async configToUse => {
       console.log(i18n.__('fileNotExist'))
       process.exit(1)
     }
+
+    if (fileFunctions.fileIsEmpty(configToUse.file)) {
+      console.log(i18n.__('scanFileIsEmpty'))
+      process.exit(1)
+    }
     return configToUse
   } else {
     if (configToUse.file === undefined || configToUse.file === null) {
@@ -40,10 +46,15 @@ const startScan = async configToUse => {
   const startTime = performance.now()
   await fileAndLanguageLogic(configToUse)
 
+  let newProject
+
   if (!configToUse.projectId) {
-    configToUse.projectId = await populateProjectIdAndProjectName.populateProjectId(
-      configToUse
-    )
+    const { projectId, isNewProject } =
+      await populateProjectIdAndProjectName.populateProjectId(configToUse)
+    configToUse.projectId = projectId
+    newProject = isNewProject
+  } else {
+    newProject = false
   }
   const codeArtifactId = await scan.sendScan(configToUse)
 
@@ -53,6 +64,7 @@ const startScan = async configToUse => {
     const scanDetail = await scanResults.returnScanResults(
       configToUse,
       codeArtifactId,
+      newProject,
       getTimeout(configToUse),
       startScanSpinner
     )
@@ -64,11 +76,20 @@ const startScan = async configToUse => {
 
     const endTime = performance.now()
     const scanDurationMs = endTime - startTime
-    succeedSpinner(startScanSpinner, 'Contrast Scan complete')
-    console.log(
-      `----- Scan completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
-    )
-    return { scanDetail, scanResultsInstances }
+    if (scanResultsInstances.statusCode !== 200) {
+      stopSpinner(startScanSpinner)
+      console.log('Result Service is unavailable, please try again later')
+      process.exit(1)
+    } else {
+      succeedSpinner(startScanSpinner, 'Contrast Scan complete')
+      console.log(
+        `----- Scan completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
+      )
+      return {
+        scanDetail,
+        scanResultsInstances: scanResultsInstances.body
+      }
+    }
   }
 }
 

package/src/scan/scanResults.js

@@ -3,6 +3,7 @@ const requestUtils = require('../../src/utils/requestUtils')
 const oraFunctions = require('../utils/oraWrapper')
 const _ = require('lodash')
 const i18n = require('i18n')
+const oraWrapper = require('../utils/oraWrapper')
 
 const getScanId = async (config, codeArtifactId, client) => {
   return client
@@ -30,11 +31,21 @@ const pollScanResults = async (config, scanId, client) => {
 const returnScanResults = async (
   config,
   codeArtifactId,
+  newProject,
   timeout,
   startScanSpinner
 ) => {
   const client = commonApi.getHttpClient(config)
   let scanId = await getScanId(config, codeArtifactId, client)
+
+  // send metrics event to sast-event-collector
+  if (
+    process.env.CODESEC_INVOCATION_ENVIRONMENT &&
+    process.env.CODESEC_INVOCATION_ENVIRONMENT.toUpperCase() === 'GITHUB'
+  ) {
+    await client.createNewEvent(config, scanId, newProject)
+  }
+
   let startTime = new Date()
   let complete = false
   if (!_.isNil(scanId)) {
@@ -47,23 +58,27 @@ const returnScanResults = async (
         }
         if (result.body.status === 'FAILED') {
           complete = true
-          oraFunctions.failSpinner(
-            startScanSpinner,
-            i18n.__(
-              'scanNotCompleted',
-              'https://docs.contrastsecurity.com/en/binary-package-preparation.html'
+          if (config.debug) {
+            oraFunctions.failSpinner(
+              startScanSpinner,
+              i18n.__(
+                'scanNotCompleted',
+                'https://docs.contrastsecurity.com/en/binary-package-preparation.html'
+              )
             )
-          )
-          result.body.errorMessage ? console.log(result.body.errorMessage) : ''
+          }
           if (
-            result.body.errorMessage ===
+            result?.body?.errorMessage ===
             'Unable to determine language for code artifact'
           ) {
+            console.log(result.body.errorMessage)
             console.log(
               'Try scanning again using --language param. ',
               i18n.__('scanOptionsLanguageSummary')
             )
           }
+          oraWrapper.stopSpinner(startScanSpinner)
+          console.log('Contrast Scan Finished')
           process.exit(1)
         }
       }
@@ -86,10 +101,16 @@ const returnScanResultsInstances = async (config, scanId) => {
   try {
     result = await client.getScanResultsInstances(config, scanId)
     if (JSON.stringify(result.statusCode) == 200) {
-      return result.body
+      return { body: result.body, statusCode: result.statusCode }
+    }
+
+    if (JSON.stringify(result.statusCode) == 503) {
+      return { statusCode: result.statusCode }
     }
   } catch (e) {
-    console.log(e.message.toString())
+    if (config.debug) {
+      console.log(e.message.toString())
+    }
   }
 }
 

package/src/utils/commonApi.js

@@ -4,7 +4,8 @@ const {
   unauthenticatedError,
   forbiddenError,
   proxyError,
-  genericError
+  genericError,
+  maxAppError
 } = require('../common/errorHandling')
 
 const handleResponseErrors = (res, api) => {
@@ -16,6 +17,8 @@ const handleResponseErrors = (res, api) => {
     forbiddenError()
   } else if (res.statusCode === 407) {
     proxyError()
+  } else if (res.statusCode === 412) {
+    maxAppError()
   } else {
     genericError()
   }

package/src/utils/filterProjectPath.js

@@ -1,4 +1,5 @@
 const path = require('path')
+const child_process = require('child_process')
 
 function resolveFilePath(filepath) {
   if (filepath[0] === '~') {
@@ -8,10 +9,13 @@ function resolveFilePath(filepath) {
 }
 
 const returnProjectPath = () => {
-  if (process.env.PWD !== (undefined || null || 'undefined')) {
+  if (process.platform == 'win32') {
+    let winPath = child_process.execSync('cd').toString()
+    return winPath.replace(/\//g, '\\').trim()
+  } else if (process.env.PWD !== (undefined || null || 'undefined')) {
     return process.env.PWD
   } else {
-    return process.argv[process.argv.indexOf('--project_path') + 1]
+    return process.argv[process.argv.indexOf('--file') + 1]
   }
 }
 

package/src/utils/oraWrapper.js

@@ -8,6 +8,10 @@ const startSpinner = spinner => {
   spinner.start()
 }
 
+const stopSpinner = spinner => {
+  spinner.stop()
+}
+
 const succeedSpinner = (spinner, text) => {
   spinner.succeed(text)
 }
@@ -20,5 +24,6 @@ module.exports = {
   returnOra,
   startSpinner,
   succeedSpinner,
-  failSpinner
+  failSpinner,
+  stopSpinner
 }