@contrast/contrast 1.0.5 → 1.0.8

package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js

@@ -29,4 +29,5 @@ const checkIdentifiedLanguageHasProjectFile = identifiedLanguages => {
 }
 
 //For testing purposes
-exports.checkIdentifiedLanguageHasProjectFile = checkIdentifiedLanguageHasProjectFile
+exports.checkIdentifiedLanguageHasProjectFile =
+  checkIdentifiedLanguageHasProjectFile

package/src/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js

@@ -5,15 +5,15 @@ const path = require('path')
  * language, project file name and paths
  */
 module.exports = exports = (analysis, next) => {
-  const { projectPath, languageAnalysis } = analysis
+  const { file, languageAnalysis } = analysis
   languageAnalysis.identifiedLanguageInfo = getIdentifiedLanguageInfo(
-    projectPath,
+    file,
     languageAnalysis.identifiedLanguages
   )
   next()
 }
 
-const getIdentifiedLanguageInfo = (projectPath, identifiedLanguages) => {
+const getIdentifiedLanguageInfo = (file, identifiedLanguages) => {
   const [language] = Object.keys(identifiedLanguages)
   const {
     projectFilenames: [projectFilename],
@@ -23,14 +23,14 @@ const getIdentifiedLanguageInfo = (projectPath, identifiedLanguages) => {
   let identifiedLanguageInfo = {
     language,
     projectFilename,
-    projectFilePath: path.join(projectPath, projectFilename)
+    projectFilePath: path.join(file, projectFilename)
   }
 
   if (lockFilename) {
     identifiedLanguageInfo = {
       ...identifiedLanguageInfo,
       lockFilename,
-      lockFilePath: path.join(projectPath, lockFilename)
+      lockFilePath: path.join(file, lockFilename)
     }
   }
 

package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js

@@ -9,21 +9,21 @@ const i18n = require('i18n')
  * Will fail and throw for a manner of reasons when doing file/directory
  * inspection.
  *
- * @param {string} projectPath - The path to a projects root directory or a
+ * @param {string} file - The path to a projects root directory or a
  * specific project file
  *
  * @return {string[]} List of filenames associated with a projects root
  * directory or the name of the specific project file if that was provided to
- * the 'projectPath' parameter
+ * the 'file' parameter
  *
  * @throws {Error} If the project path doesn't exist
  * @throws {Error} If the project path information can't be collected
  * @throws {Error} If a non-file or non-directory inspected
  */
 module.exports = exports = (analysis, next) => {
-  const { projectPath, languageAnalysis } = analysis
+  const { file, languageAnalysis } = analysis
   try {
-    languageAnalysis.projectRootFilenames = getProjectRootFilenames(projectPath)
+    languageAnalysis.projectRootFilenames = getProjectRootFilenames(file)
   } catch (err) {
     next(err)
     return
@@ -31,13 +31,13 @@ module.exports = exports = (analysis, next) => {
   next()
 }
 
-const getProjectRootFilenames = projectPath => {
+const getProjectRootFilenames = file => {
   let projectStats = null
   try {
-    projectStats = fs.statSync(projectPath)
+    projectStats = fs.statSync(file)
   } catch (err) {
     throw new Error(
-      i18n.__('languageAnalysisProjectRootFileNameFailure', projectPath) +
+      i18n.__('languageAnalysisProjectRootFileNameFailure', file) +
         `${err.message}`
     )
   }
@@ -45,10 +45,10 @@ const getProjectRootFilenames = projectPath => {
   // Return the contents of a directory...
   if (projectStats.isDirectory()) {
     try {
-      return fs.readdirSync(projectPath)
+      return fs.readdirSync(file)
     } catch (err) {
       throw new Error(
-        i18n.__('languageAnalysisProjectRootFileNameReadError', projectPath) +
+        i18n.__('languageAnalysisProjectRootFileNameReadError', file) +
           `${err.message}`
       )
     }
@@ -57,14 +57,14 @@ const getProjectRootFilenames = projectPath => {
   // If we are working with a file return it in a list as we do when we work
   // with a directory...
   if (projectStats.isFile()) {
-    return [path.basename(projectPath)]
+    return [path.basename(file)]
   }
 
   // Error out if we are working with something like a socket file or some
   // other craziness...
   throw new Error(
     i18n.__('languageAnalysisProjectRootFileNameMissingError'),
-    projectPath
+    file
   )
 }
 

package/src/audit/languageAnalysisEngine/index.js

@@ -10,10 +10,10 @@ const checkIdentifiedLanguageHasLockFile = require('./checkIdentifiedLanguageHas
 const getIdentifiedLanguageInfo = require('./getIdentifiedLanguageInfo')
 const { libraryAnalysisError } = require('../../common/errorHandling')
 
-module.exports = exports = (projectPath, callback, appId, config) => {
+module.exports = exports = (file, callback, appId, config) => {
   // Create an analysis engine to identify the project language
   const ae = new AnalysisEngine({
-    projectPath,
+    file,
     appId,
     languageAnalysis: { appId: appId },
     config

package/src/audit/languageAnalysisEngine/languageAnalysisFactory.js

@@ -11,16 +11,13 @@ const phpAE = require('../phpAnalysisEngine')
 const goAE = require('../goAnalysisEngine')
 const { vulnerabilityReport } = require('./report/reportingFeature')
 const { newSendSnapShot } = require('../languageAnalysisEngine/sendSnapshot')
-const fs = require('fs')
-const chalk = require('chalk')
-const saveFile = require('../../commands/audit/saveFile').default
-const generateSbom = require('../../sbom/generateSbom').default
 const {
-  failSpinner,
   returnOra,
   startSpinner,
   succeedSpinner
 } = require('../../utils/oraWrapper')
+const { pollForSnapshotCompletition } = require('./sendSnapshot')
+const auditSave = require('../save')
 
 module.exports = exports = (err, analysis) => {
   const { identifiedLanguageInfo } = analysis.languageAnalysis
@@ -54,12 +51,19 @@ module.exports = exports = (err, analysis) => {
     const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
     startSpinner(reportSpinner)
     const snapshotResponse = await newSendSnapShot(analysis, catalogueAppId)
-    succeedSpinner(reportSpinner, 'Contrast SCA analysis complete')
+
+    //poll for completion
+    await pollForSnapshotCompletition(
+      analysis.config,
+      snapshotResponse.id,
+      reportSpinner
+    )
+    succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
 
     await vulnerabilityReport(analysis, catalogueAppId, snapshotResponse.id)
 
     //should be moved to processAudit.ts once promises implemented
-    await auditSave(config)
+    await auditSave.auditSave(config)
   }
 
   if (identifiedLanguageInfo.language === DOTNET) {
@@ -90,27 +94,3 @@ module.exports = exports = (err, analysis) => {
     goAE(identifiedLanguageInfo, analysis.config, langCallback)
   }
 }
-
-async function auditSave(config) {
-  //should be moved to processAudit.ts once promises implemented
-  if (config.save) {
-    if (config.save.toLowerCase() === 'sbom') {
-      saveFile(config, await generateSbom(config))
-
-      const filename = `${config.applicationId}-sbom-cyclonedx.json`
-      if (fs.existsSync(filename)) {
-        console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`)
-      } else {
-        console.log(
-          chalk.yellow.bold(
-            `\n Unable to save ${filename} Software Bill of Materials (SBOM)`
-          )
-        )
-      }
-    } else {
-      console.log(i18n.__('auditBadFiletypeSpecifiedForSave'))
-    }
-  } else if (config.save === null) {
-    console.log(i18n.__('auditNoFiletypeSpecifiedForSave'))
-  }
-}

package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js

@@ -46,35 +46,38 @@ const deduceLanguageScaAnalysis = filenames => {
 
     if (isNodeProjectFilename(filename)) {
       deducedLanguages.push(filename)
-      language = NODE
+      language = JAVASCRIPT
     }
-    //
+
     // if (isDotNetProjectFilename(filename)) {
     //   deducedLanguages.push({language: DOTNET, projectFilename: filename})
     // }
-    //
-    // if (isRubyProjectFilename(filename)) {
-    //   deducedLanguages.push({language: RUBY, projectFilename: filename})
-    // }
-    //
-    // if (isPythonProjectFilename(filename)) {
-    //   deducedLanguages.push({language: PYTHON, projectFilename: filename})
-    // }
-    //
-    // if (isPhpProjectFilename(filename)) {
-    //   deducedLanguages.push({language: PHP, projectFilename: filename})
-    // }
-    //
+
+    if (isRubyProjectFilename(filename)) {
+      deducedLanguages.push(filename)
+      language = RUBY
+    }
+
+    if (isPythonProjectFilename(filename)) {
+      deducedLanguages.push(filename)
+      language = PYTHON
+    }
+
+    if (isPhpProjectFilename(filename)) {
+      deducedLanguages.push({ language: PHP, projectFilename: filename })
+      language = PHP
+    }
+
     // // Check for lock filenames...
     // if (isDotNetLockFilename(filename)) {
     //   deducedLanguages.push({language: DOTNET, lockFilename: filename})
     // }
-    //
+
     if (isNodeLockFilename(filename)) {
       deducedLanguages.push(filename)
-      language = node
+      language = JAVASCRIPT
     }
-    //
+
     // if (isRubyLockFilename(filename)) {
     //   deducedLanguages.push({language: RUBY, lockFilename: filename})
     // }
@@ -83,15 +86,16 @@ const deduceLanguageScaAnalysis = filenames => {
     // if (isPipfileLockLockFilename(filename)) {
     //   deducedLanguages.push({language: PYTHON, lockFilename: filename})
     // }
-    //
-    // if (isPhpLockFilename(filename)) {
-    //   deducedLanguages.push({language: PHP, lockFilename: filename})
-    // }
-    //
-    // // go does not have a lockfile, it should have a go.mod file containing the modules
-    // if (isGoProjectFilename(filename)) {
-    //   deducedLanguages.push({language: GO, projectFilename: filename})
-    // }
+
+    if (isPhpLockFilename(filename)) {
+      deducedLanguages.push({ language: PHP, lockFilename: filename })
+    }
+
+    // go does not have a lockfile, it should have a go.mod file containing the modules
+    if (isGoProjectFilename(filename)) {
+      deducedLanguages.push({ language: GO, projectFilename: filename })
+      language = GO
+    }
   })
   let identifiedLanguages = { [language]: deducedLanguages }
 
@@ -189,7 +193,7 @@ const reduceIdentifiedLanguages = identifiedLanguages =>
  * specifies a specific language
  */
 module.exports = exports = (analysis, next) => {
-  const { projectPath, languageAnalysis, config } = analysis
+  const { file, languageAnalysis, config } = analysis
 
   let identifiedLanguages = languageAnalysis.projectRootFilenames.reduce(
     (accumulator, filename) => {
@@ -200,15 +204,14 @@ module.exports = exports = (analysis, next) => {
   )
 
   if (Object.keys(identifiedLanguages).length === 0) {
-    next(new Error(i18n.__('languageAnalysisNoLanguage', projectPath)))
+    next(new Error(i18n.__('languageAnalysisNoLanguage', file)))
     return
   }
 
   let language = config.language
   if (language === undefined) {
-    languageAnalysis.identifiedLanguages = reduceIdentifiedLanguages(
-      identifiedLanguages
-    )
+    languageAnalysis.identifiedLanguages =
+      reduceIdentifiedLanguages(identifiedLanguages)
   } else {
     let refinedIdentifiedLanguages = []
     for (let x in identifiedLanguages) {

package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts

@@ -7,8 +7,27 @@ import {
 import { ReportSeverityModel } from './models/reportSeverityModel'
 import { orderBy } from 'lodash'
 import chalk from 'chalk'
-import { ReportLibraryModel } from './models/reportLibraryModel'
-import { findHighestSeverityCVE, findNameAndVersion } from './utils/reportUtils'
+import { ReportCVEModel, ReportLibraryModel } from './models/reportLibraryModel'
+import {
+  findCVESeveritiesAndOrderByHighestPriority,
+  findHighestSeverityCVE,
+  findNameAndVersion,
+  severityCountAllCVEs,
+  severityCountAllLibraries
+} from './utils/reportUtils'
+import { SeverityCountModel } from './models/severityCountModel'
+import {
+  ReportOutputBodyModel,
+  ReportOutputHeaderModel,
+  ReportOutputModel
+} from './models/reportOutputModel'
+import {
+  CRITICAL_COLOUR,
+  HIGH_COLOUR,
+  LOW_COLOUR,
+  MEDIUM_COLOUR,
+  NOTE_COLOUR
+} from '../../../constants/constants'
 
 export const createLibraryHeader = (
   id: string,
@@ -16,11 +35,9 @@ export const createLibraryHeader = (
   numberOfCves: number
 ) => {
   numberOfVulnerableLibraries === 1
-    ? console.log(
-        ` Found 1 vulnerable library containing ${numberOfCves} CVE's`
-      )
+    ? console.log(`Found 1 vulnerable library containing ${numberOfCves} CVEs`)
     : console.log(
-        ` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's `
+        `Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs `
       )
 }
 
@@ -32,10 +49,6 @@ export const getReport = async (config: any, reportId: string) => {
       if (res.statusCode === 200) {
         return res.body
       } else {
-        console.log('config-------------------')
-        console.log(config)
-        console.log('reportId----------------')
-        console.log(reportId)
         console.log(JSON.stringify(res))
         handleResponseErrors(res, 'report')
       }
@@ -70,7 +83,11 @@ export const printFormattedOutput = (
       new ReportCompositeKey(
         name,
         version,
-        findHighestSeverityCVE(library.cveArray) as ReportSeverityModel
+        findHighestSeverityCVE(library.cveArray) as ReportSeverityModel,
+        severityCountAllCVEs(
+          library.cveArray,
+          new SeverityCountModel()
+        ).getTotal
       ),
       library.cveArray
     )
@@ -78,28 +95,165 @@ export const printFormattedOutput = (
     report.reportOutputList.push(newOutputModel)
   }
 
-  const orderedOutputList = orderBy(
+  const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(
     report.reportOutputList,
-    reportListItem => reportListItem.compositeKey.highestSeverity.priority
+    [
+      (reportListItem: ReportModelStructure) => {
+        return reportListItem.compositeKey.highestSeverity.priority
+      },
+      (reportListItem: ReportModelStructure) => {
+        return reportListItem.compositeKey.numberOfSeverities
+      }
+    ],
+    ['desc']
   )
 
-  for (const reportModel of orderedOutputList) {
-    const name = reportModel.compositeKey.libraryName
-    const version = reportModel.compositeKey.libraryVersion
-    const highestSeverity = reportModel.compositeKey.highestSeverity.severity
-
+  let contrastHeaderNumCounter =
+    outputOrderedByLowestSeverityAndLowestNumOfCvesFirst.length + 1
+  for (const reportModel of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
+    contrastHeaderNumCounter--
+    const { libraryName, libraryVersion, highestSeverity } =
+      reportModel.compositeKey
     const numOfCVEs = reportModel.cveArray.length
 
-    const cveNames: string[] = []
+    const header = buildHeader(
+      highestSeverity,
+      contrastHeaderNumCounter,
+      libraryName,
+      libraryVersion,
+      numOfCVEs
+    )
+
+    const body = buildBody(reportModel.cveArray)
+
+    const reportOutputModel = new ReportOutputModel(header, body)
+    console.log(
+      reportOutputModel.header.vulnMessage,
+      reportOutputModel.header.introducesMessage
+    )
+    console.log(reportOutputModel.body.issueMessage)
+    console.log(reportOutputModel.body.adviceMessage + '\n')
+  }
 
-    reportModel.cveArray.forEach(cve => cveNames.push(cve.name as string))
+  const {
+    criticalMessage,
+    highMessage,
+    mediumMessage,
+    lowMessage,
+    noteMessage,
+    total
+  } = buildFooter(libraries)
 
-    const boldHeader = chalk.bold(`${highestSeverity} | Vulnerable Library`)
-    const cvePluralised = numOfCVEs > 1 ? 'CVEs' : 'CVE'
+  if (total > 1) {
     console.log(
-      `\n ${boldHeader} ${name} (${version}) has ${numOfCVEs} known ${cvePluralised}`
+      `${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`
     )
-    console.log(` ${cveNames.join(', ')}`)
-    console.log(chalk.bold(' How to fix: Update to latest version'))
   }
 }
+
+export function buildHeader(
+  highestSeverity: ReportSeverityModel,
+  contrastHeaderNum: number,
+  libraryName: string,
+  version: string,
+  numOfCVEs: number
+) {
+  const vulnerabilityPluralised =
+    numOfCVEs > 1 ? 'vulnerabilities' : 'vulnerability'
+  const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum)
+
+  const vulnMessage = chalk
+    .hex(highestSeverity.outputColour)
+    .bold(
+      `${formattedHeaderNum} - [${highestSeverity.severity}] ${libraryName}-${version}`
+    )
+
+  const introducesMessage = chalk.bold(
+    `introduces ${numOfCVEs} ${vulnerabilityPluralised}`
+  )
+
+  return new ReportOutputHeaderModel(vulnMessage, introducesMessage)
+}
+
+export function buildBody(cveArray: ReportCVEModel[]) {
+  const cveMessages: string[] = []
+
+  findCVESeveritiesAndOrderByHighestPriority(cveArray).forEach(
+    reportSeverityModel => {
+      // @ts-ignore
+      const { outputColour, severity, cveName } = reportSeverityModel
+
+      const severityShorthand = chalk
+        .hex(outputColour)
+        .bold(`[${severity.charAt(0).toUpperCase()}]`)
+
+      const builtMessage = `${severityShorthand} ${cveName}`
+      cveMessages.push(builtMessage)
+    }
+  )
+
+  const numAndSeverityType = getNumOfAndSeverityType(cveArray)
+
+  const issueMessage = ` ${chalk.bold(
+    'Issue'
+  )}  : ${numAndSeverityType} ${cveMessages.join(', ')}.`
+
+  const adviceMessage = ` ${chalk.bold('Advice')} : ${chalk.bold(
+    'Update to latest version'
+  )}.`
+
+  return new ReportOutputBodyModel(issueMessage, adviceMessage)
+}
+
+const buildFooter = (libraries: ReportLibraryModel[]) => {
+  const { critical, high, medium, low, note, getTotal } =
+    severityCountAllLibraries(libraries)
+  const criticalMessage = chalk
+    .hex(CRITICAL_COLOUR)
+    .bold(`${critical} Critical`)
+  const highMessage = chalk.hex(HIGH_COLOUR).bold(`${high} High`)
+  const mediumMessage = chalk.hex(MEDIUM_COLOUR).bold(`${medium} Medium`)
+  const lowMessage = chalk.hex(LOW_COLOUR).bold(`${low} Low`)
+  const noteMessage = chalk.hex(NOTE_COLOUR).bold(`${note} Note`)
+
+  return {
+    criticalMessage,
+    highMessage,
+    mediumMessage,
+    lowMessage,
+    noteMessage,
+    total: getTotal
+  }
+}
+
+export function buildFormattedHeaderNum(contrastHeaderNum: number) {
+  let formattedHeaderNum
+
+  if (contrastHeaderNum < 10) {
+    formattedHeaderNum = `00${contrastHeaderNum}`
+  } else if (contrastHeaderNum >= 10 && contrastHeaderNum < 100) {
+    formattedHeaderNum = `0${contrastHeaderNum}`
+  } else if (contrastHeaderNum >= 100) {
+    formattedHeaderNum = contrastHeaderNum
+  }
+
+  return `CONTRAST-${formattedHeaderNum}`
+}
+
+export function getNumOfAndSeverityType(cveArray: ReportCVEModel[]) {
+  const { critical, high, medium, low, note } = severityCountAllCVEs(
+    cveArray,
+    new SeverityCountModel()
+  )
+
+  const criticalMessage = critical > 0 ? `${critical} Critical` : ''
+  const highMessage = high > 0 ? `${high} High` : ''
+  const mediumMessage = medium > 0 ? `${medium} Medium` : ''
+  const lowMessage = low > 0 ? `${low} Low` : ''
+  const noteMessage = note > 0 ? `${note} Note` : ''
+
+  //removes/trims whitespace to single spaces
+  return `${criticalMessage} ${highMessage} ${mediumMessage} ${lowMessage} ${noteMessage}`
+    .replace(/\s+/g, ' ')
+    .trim()
+}

package/src/audit/languageAnalysisEngine/report/models/reportLibraryModel.ts

@@ -2,7 +2,7 @@ export class ReportLibraryModel {
   name: string
   cveArray: ReportCVEModel[]
 
-  constructor (name: string, cveArray: ReportCVEModel[]){
+  constructor(name: string, cveArray: ReportCVEModel[]) {
     this.name = name
     this.cveArray = cveArray
   }
@@ -16,12 +16,12 @@ export class ReportCVEModel {
   severityCode?: string
   cvss3SeverityCode?: string
 
-  constructor (
+  constructor(
     name: string,
     description: string,
     severityCode: string,
     cvss3SeverityCode: string
-  ){
+  ) {
     this.name = name
     this.description = description
     this.severityCode = severityCode

package/src/audit/languageAnalysisEngine/report/models/reportListModel.ts

@@ -1,32 +1,39 @@
-import {ReportSeverityModel} from "./reportSeverityModel";
-import {ReportCVEModel} from "./reportLibraryModel";
+import { ReportSeverityModel } from './reportSeverityModel'
+import { ReportCVEModel } from './reportLibraryModel'
 
 export class ReportList {
   reportOutputList: ReportModelStructure[]
 
-  constructor (){
+  constructor() {
     this.reportOutputList = []
   }
 }
 
 export class ReportModelStructure {
-  compositeKey: ReportCompositeKey;
-  cveArray: ReportCVEModel[];
+  compositeKey: ReportCompositeKey
+  cveArray: ReportCVEModel[]
 
-  constructor (compositeKey: ReportCompositeKey, cveArray: ReportCVEModel[]){
+  constructor(compositeKey: ReportCompositeKey, cveArray: ReportCVEModel[]) {
     this.compositeKey = compositeKey
     this.cveArray = cveArray
   }
 }
 
 export class ReportCompositeKey {
-  libraryName!: string;
-  libraryVersion!: string;
-  highestSeverity!: ReportSeverityModel;
+  libraryName!: string
+  libraryVersion!: string
+  highestSeverity!: ReportSeverityModel
+  numberOfSeverities!: number
 
-  constructor (libraryName: string, libraryVersion: string, highestSeverity: ReportSeverityModel){
+  constructor(
+    libraryName: string,
+    libraryVersion: string,
+    highestSeverity: ReportSeverityModel,
+    numberOfSeverities: number
+  ) {
     this.libraryName = libraryName
     this.libraryVersion = libraryVersion
     this.highestSeverity = highestSeverity
+    this.numberOfSeverities = numberOfSeverities
   }
-}
+}

package/src/audit/languageAnalysisEngine/report/models/reportOutputModel.ts

@@ -0,0 +1,29 @@
+export class ReportOutputModel {
+  header: ReportOutputHeaderModel
+  body: ReportOutputBodyModel
+
+  constructor(header: ReportOutputHeaderModel, body: ReportOutputBodyModel) {
+    this.header = header
+    this.body = body
+  }
+}
+
+export class ReportOutputHeaderModel {
+  vulnMessage: string
+  introducesMessage: string
+
+  constructor(vulnMessage: string, introducesMessage: string) {
+    this.vulnMessage = vulnMessage
+    this.introducesMessage = introducesMessage
+  }
+}
+
+export class ReportOutputBodyModel {
+  issueMessage: string
+  adviceMessage: string
+
+  constructor(bodyIssueMessage: string, bodyAdviceMessage: string) {
+    this.issueMessage = bodyIssueMessage
+    this.adviceMessage = bodyAdviceMessage
+  }
+}

package/src/audit/languageAnalysisEngine/report/models/reportSeverityModel.ts

@@ -1,9 +1,18 @@
 export class ReportSeverityModel {
-  severity!: string
-  priority!: number
+  severity: string
+  priority: number
+  outputColour: string
+  cveName: string
 
-  constructor(severity: string, priority: number) {
+  constructor(
+    severity: string,
+    priority: number,
+    outputColour: string,
+    cveName: string
+  ) {
     this.severity = severity
     this.priority = priority
+    this.outputColour = outputColour
+    this.cveName = cveName
   }
 }