npm - @contrast/contrast - Versions diffs - 1.0.5 → 1.0.8 - Mend

@contrast/contrast 1.0.5 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (138) hide show

package/.prettierignore +0 -5
package/dist/audit/autodetection/autoDetectLanguage.js +3 -3
package/dist/audit/catalogueApplication/catalogueApplication.js +23 -5
package/dist/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +4 -2
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +2 -1
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +2 -1
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +2 -1
package/dist/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +5 -5
package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js +9 -9
package/dist/audit/languageAnalysisEngine/index.js +2 -2
package/dist/audit/languageAnalysisEngine/languageAnalysisFactory.js +6 -27
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +25 -5
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +99 -20
package/dist/audit/languageAnalysisEngine/report/models/reportListModel.js +2 -1
package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js +24 -0
package/dist/audit/languageAnalysisEngine/report/models/reportSeverityModel.js +3 -1
package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js +16 -0
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +35 -14
package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js +58 -47
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +65 -3
package/dist/audit/save.js +29 -0
package/dist/commands/audit/auditController.js +22 -6
package/dist/commands/audit/help.js +24 -1
package/dist/commands/audit/processAudit.js +8 -2
package/dist/commands/audit/saveFile.js +7 -3
package/dist/commands/scan/processScan.js +1 -1
package/dist/commands/scan/sca/scaAnalysis.js +48 -11
package/dist/common/HTTPClient.js +56 -15
package/dist/common/errorHandling.js +6 -1
package/dist/common/versionChecker.js +20 -5
package/dist/constants/constants.js +13 -3
package/dist/constants/locales.js +15 -12
package/dist/constants.js +9 -4
package/dist/index.js +4 -3
package/dist/lambda/analytics.js +11 -0
package/dist/lambda/lambda.js +35 -4
package/dist/lambda/types.js +13 -0
package/dist/sbom/generateSbom.js +4 -3
package/dist/scaAnalysis/common/formatMessage.js +46 -1
package/dist/scaAnalysis/common/treeUpload.js +1 -3
package/dist/scaAnalysis/go/goAnalysis.js +17 -0
package/dist/scaAnalysis/go/goParseDeps.js +158 -0
package/dist/scaAnalysis/go/goReadDepFile.js +21 -0
package/dist/scaAnalysis/java/analysis.js +11 -22
package/dist/scaAnalysis/java/index.js +6 -6
package/dist/scaAnalysis/java/javaBuildDepsParser.js +14 -1
package/dist/scaAnalysis/javascript/analysis.js +110 -0
package/dist/scaAnalysis/javascript/index.js +41 -0
package/dist/scaAnalysis/php/analysis.js +89 -0
package/dist/scaAnalysis/php/index.js +10 -0
package/dist/scaAnalysis/python/analysis.js +42 -0
package/dist/scaAnalysis/python/index.js +10 -0
package/dist/scaAnalysis/ruby/analysis.js +226 -0
package/dist/scaAnalysis/ruby/index.js +10 -0
package/dist/scan/autoDetection.js +8 -4
package/dist/scan/fileUtils.js +26 -8
package/dist/scan/formatScanOutput.js +18 -17
package/dist/scan/models/groupedResultsModel.js +1 -1
package/dist/scan/models/scanResultsModel.js +3 -1
package/dist/scan/populateProjectIdAndProjectName.js +2 -1
package/dist/scan/scan.js +5 -3
package/dist/scan/scanConfig.js +6 -1
package/dist/scan/scanController.js +26 -6
package/dist/scan/scanResults.js +20 -6
package/dist/utils/commonApi.js +4 -1
package/dist/utils/filterProjectPath.js +7 -2
package/dist/utils/oraWrapper.js +5 -1
package/package.json +13 -9
package/src/audit/autodetection/autoDetectLanguage.ts +3 -3
package/src/audit/catalogueApplication/catalogueApplication.js +28 -7
package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +11 -8
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +2 -1
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +2 -1
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +2 -1
package/src/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +5 -5
package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js +11 -11
package/src/audit/languageAnalysisEngine/index.js +2 -2
package/src/audit/languageAnalysisEngine/languageAnalysisFactory.js +11 -31
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +35 -32
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts +179 -25
package/src/audit/languageAnalysisEngine/report/models/reportLibraryModel.ts +3 -3
package/src/audit/languageAnalysisEngine/report/models/reportListModel.ts +18 -11
package/src/audit/languageAnalysisEngine/report/models/reportOutputModel.ts +29 -0
package/src/audit/languageAnalysisEngine/report/models/reportSeverityModel.ts +12 -3
package/src/audit/languageAnalysisEngine/report/models/severityCountModel.ts +20 -0
package/src/audit/languageAnalysisEngine/report/reportingFeature.ts +50 -18
package/src/audit/languageAnalysisEngine/report/utils/reportUtils.ts +88 -66
package/src/audit/languageAnalysisEngine/sendSnapshot.js +78 -3
package/src/audit/save.js +32 -0
package/src/commands/audit/auditController.ts +23 -15
package/src/commands/audit/help.ts +24 -1
package/src/commands/audit/processAudit.ts +7 -4
package/src/commands/audit/saveFile.ts +5 -1
package/src/commands/scan/processScan.js +2 -1
package/src/commands/scan/sca/scaAnalysis.js +70 -29
package/src/common/HTTPClient.js +72 -25
package/src/common/errorHandling.ts +10 -1
package/src/common/versionChecker.ts +24 -5
package/src/constants/constants.js +13 -3
package/src/constants/locales.js +15 -12
package/src/constants.js +9 -4
package/src/index.ts +5 -3
package/src/lambda/analytics.ts +9 -0
package/src/lambda/arn.ts +2 -1
package/src/lambda/lambda.ts +37 -17
package/src/lambda/types.ts +35 -0
package/src/lambda/utils.ts +2 -7
package/src/sbom/generateSbom.ts +1 -1
package/src/scaAnalysis/common/formatMessage.js +51 -1
package/src/scaAnalysis/common/treeUpload.js +1 -6
package/src/scaAnalysis/go/goAnalysis.js +19 -0
package/src/scaAnalysis/go/goParseDeps.js +203 -0
package/src/scaAnalysis/go/goReadDepFile.js +30 -0
package/src/scaAnalysis/java/analysis.js +15 -32
package/src/scaAnalysis/java/index.js +6 -6
package/src/scaAnalysis/java/javaBuildDepsParser.js +15 -2
package/src/scaAnalysis/javascript/analysis.js +127 -0
package/src/scaAnalysis/javascript/index.js +56 -0
package/src/scaAnalysis/php/analysis.js +98 -0
package/src/scaAnalysis/php/index.js +11 -0
package/src/scaAnalysis/python/analysis.js +49 -0
package/src/scaAnalysis/python/index.js +11 -0
package/src/scaAnalysis/ruby/analysis.js +282 -0
package/src/scaAnalysis/ruby/index.js +11 -0
package/src/scan/autoDetection.js +11 -7
package/src/scan/fileUtils.js +27 -8
package/src/scan/formatScanOutput.ts +26 -18
package/src/scan/models/groupedResultsModel.ts +3 -3
package/src/scan/models/resultContentModel.ts +1 -1
package/src/scan/models/scanResultsModel.ts +5 -2
package/src/scan/populateProjectIdAndProjectName.js +3 -1
package/src/scan/scan.ts +8 -6
package/src/scan/scanConfig.js +5 -1
package/src/scan/scanController.js +30 -9
package/src/scan/scanResults.js +31 -10
package/src/utils/commonApi.js +4 -1
package/src/utils/filterProjectPath.js +6 -2
package/src/utils/oraWrapper.js +6 -1

package/src/commands/scan/sca/scaAnalysis.js CHANGED Viewed

@@ -1,20 +1,40 @@
 const autoDetection = require('../../../scan/autoDetection')
-const { javaAnalysis } = require('../../../scaAnalysis/java')
-const { commonSendSnapShot } = require('../../../scaAnalysis/common/treeUpload')
+const javaAnalysis = require('../../../scaAnalysis/java')
+const treeUpload = require('../../../scaAnalysis/common/treeUpload')
 const {
   manualDetectAuditFilesAndLanguages
 } = require('../../../scan/autoDetection')
-const { dealWithNoAppId } = require('../../audit/auditController')
+const auditController = require('../../audit/auditController')
 const {
-  supportedLanguages: { JAVA }
+  supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP }
 } = require('../../../audit/languageAnalysisEngine/constants')
+const goAnalysis = require('../../../scaAnalysis/go/goAnalysis')
+const phpAnalysis = require('../../../scaAnalysis/php/index')
+const { rubyAnalysis } = require('../../../scaAnalysis/ruby')
+const { pythonAnalysis } = require('../../../scaAnalysis/python')
+const javascriptAnalysis = require('../../../scaAnalysis/javascript')
+const {
+  pollForSnapshotCompletition
+} = require('../../../audit/languageAnalysisEngine/sendSnapshot')
+const {
+  returnOra,
+  startSpinner,
+  succeedSpinner
+} = require('../../../utils/oraWrapper')
+const i18n = require('i18n')
+const {
+  vulnerabilityReportV2
+} = require('../../../audit/languageAnalysisEngine/report/reportingFeature')
+const auditSave = require('../../../audit/save')
 const processSca = async config => {
   let filesFound
-  if (config.projectPath) {
-    filesFound = await manualDetectAuditFilesAndLanguages(config.projectPath)
+  if (config.file) {
+    config.file = config.file.concat('/')
+    filesFound = await manualDetectAuditFilesAndLanguages(config.file)
   } else {
     filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config)
+    config.file = process.cwd().concat('/')
   }
   // files found looks like [ { javascript: [ Array ] } ]
@@ -24,27 +44,32 @@ const processSca = async config => {
   if (filesFound.length === 1) {
     switch (Object.keys(filesFound[0])[0]) {
       case JAVA:
-        messageToSend = await javaAnalysis(config, filesFound[0])
+        messageToSend = javaAnalysis.javaAnalysis(config, filesFound[0])
         config.language = JAVA
         break
-      // case 'javascript':
-      //     // code block
-      //     break;
-      // case 'dotnet':
-      //     // code block
-      //     break;
-      // case 'python':
-      //     // code block
-      //     break;
-      // case 'ruby':
-      //     // code block
-      //     break;
-      // case 'php':
-      //     // code block
-      //     break;
-      // case 'go':
-      //     // code block
-      //     break;
+      case JAVASCRIPT:
+        messageToSend = await javascriptAnalysis.jsAnalysis(
+          config,
+          filesFound[0]
+        )
+        config.language = NODE
+        break
+      case PYTHON:
+        messageToSend = pythonAnalysis(config, filesFound[0])
+        config.language = PYTHON
+        break
+      case RUBY:
+        messageToSend = rubyAnalysis(config, filesFound[0])
+        config.language = RUBY
+        break
+      case 'PHP':
+        messageToSend = phpAnalysis.phpAnalysis(config, filesFound[0])
+        config.language = PHP
+        break
+      case GO:
+        messageToSend = goAnalysis.goAnalysis(config, filesFound[0])
+        config.language = GO
+        break
       default:
         //something is wrong
         console.log('language detected not supported')
@@ -52,17 +77,33 @@ const processSca = async config => {
     }
     if (!config.applicationId) {
-      config.applicationId = await dealWithNoAppId(config)
+      config.applicationId = await auditController.dealWithNoAppId(config)
     }
     //send message to TS
-    console.log('processing dependencies')
-    const response = await commonSendSnapShot(messageToSend, config)
+    const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
+    startSpinner(reportSpinner)
+    const snapshotResponse = await treeUpload.commonSendSnapShot(
+      messageToSend,
+      config
+    )
+    //poll for completion
+    await pollForSnapshotCompletition(
+      config,
+      snapshotResponse.id,
+      reportSpinner
+    )
+    succeedSpinner(reportSpinner, 'Contrast SCA audit complete')
+    await vulnerabilityReportV2(config, snapshotResponse.id)
+    await auditSave.auditSave(config)
   } else {
     if (filesFound.length === 0) {
       console.log('no compatible dependency files detected. Continuing...')
     } else {
       console.log(
-        'multiple language files detected, please use --project-path to specify a directory or the file where dependencies are declared'
+        'multiple language files detected, please use --file to specify a directory or the file where dependencies are declared'
       )
     }
   }

package/src/common/HTTPClient.js CHANGED Viewed

@@ -22,7 +22,8 @@ function HTTPClient(config) {
       Authorization: authToken,
       'API-Key': apiKey,
       SuperAuthorization: superAuthToken,
-      'Super-API-Key': superApiKey
+      'Super-API-Key': superApiKey,
+      'User-Agent': 'contrast-cli-v2'
     }
   }
@@ -33,7 +34,7 @@ function HTTPClient(config) {
   this.maybeAddCertsToRequest(config)
 }
-HTTPClient.prototype.maybeAddCertsToRequest = function(config) {
+HTTPClient.prototype.maybeAddCertsToRequest = function (config) {
   // cacert
   const caCertFilePath = config.cacert
   if (caCertFilePath) {
@@ -91,13 +92,30 @@ HTTPClient.prototype.getSpecificScanResult = function getSpecificScanResult(
   return requestUtils.sendRequest({ method: 'get', options })
 }
-HTTPClient.prototype.getSpecificScanResultSarif = function getSpecificScanResultSarif(
+HTTPClient.prototype.getSpecificScanResultSarif =
+  function getSpecificScanResultSarif(config, scanId) {
+    const options = _.cloneDeep(this.requestOptions)
+    options.url = createRawOutputURL(config, scanId)
+    return requestUtils.sendRequest({ method: 'get', options })
+  }
+HTTPClient.prototype.createNewEvent = function createNewEvent(
   config,
-  scanId
+  scanId,
+  newProject
 ) {
   const options = _.cloneDeep(this.requestOptions)
-  options.url = createRawOutputURL(config, scanId)
-  return requestUtils.sendRequest({ method: 'get', options })
+  options.url = createEventCollectorURL(config, scanId)
+  options.body = {
+    eventSource: process.env.CODESEC_INVOCATION_ENVIRONMENT,
+    trackingProperties: {
+      projectNameSource: config.projectNameSource,
+      waitedForResults: !config.ff,
+      newProject
+    }
+  }
+  return requestUtils.sendRequest({ method: 'post', options })
 }
 HTTPClient.prototype.getScanId = function getScanId(config, codeArtifactId) {
@@ -190,9 +208,6 @@ HTTPClient.prototype.catalogueCommand = function catalogueCommand(config) {
 }
 HTTPClient.prototype.sendSnapshot = function sendSnapshot(requestBody, config) {
-  if (config.language.toUpperCase() === 'RUBY') {
-    //console.log('sendSnapshot requestBody', requestBody.snapshot.ruby)
-  }
   const options = _.cloneDeep(this.requestOptions)
   let url = createSnapshotURL(config)
   options.url = url
@@ -210,17 +225,24 @@ HTTPClient.prototype.getReportById = function getReportById(config, reportId) {
   return requestUtils.sendRequest({ method: 'get', options })
 }
-HTTPClient.prototype.getLibraryVulnerabilities = function getLibraryVulnerabilities(
+HTTPClient.prototype.getReportStatusById = function getReportStatusById(
   config,
-  requestBody
+  snapshotId
 ) {
   const options = _.cloneDeep(this.requestOptions)
-  options.url = createLibraryVulnerabilitiesUrl(config)
-  options.body = requestBody
-  return requestUtils.sendRequest({ method: 'put', options })
+  options.url = createSpecificReportStatusURL(config, snapshotId)
+  return requestUtils.sendRequest({ method: 'get', options })
 }
+HTTPClient.prototype.getLibraryVulnerabilities =
+  function getLibraryVulnerabilities(config, requestBody) {
+    const options = _.cloneDeep(this.requestOptions)
+    options.url = createLibraryVulnerabilitiesUrl(config)
+    options.body = requestBody
+    return requestUtils.sendRequest({ method: 'put', options })
+  }
 HTTPClient.prototype.getAppId = function getAppId(config) {
   const options = _.cloneDeep(this.requestOptions)
   let url = createAppNameUrl(config)
@@ -295,17 +317,13 @@ HTTPClient.prototype.getScanResources = async function getScanResources(
   return requestUtils.sendRequest({ method: 'get', options })
 }
-HTTPClient.prototype.getFunctionScanResults = async function getFunctionScanResults(
-  config,
-  params,
-  scanId,
-  functionArn
-) {
-  const url = createScanResultsGetUrl(config, params, scanId, functionArn)
-  const options = { ...this.requestOptions, url }
+HTTPClient.prototype.getFunctionScanResults =
+  async function getFunctionScanResults(config, params, scanId, functionArn) {
+    const url = createScanResultsGetUrl(config, params, scanId, functionArn)
+    const options = { ...this.requestOptions, url }
-  return requestUtils.sendRequest({ method: 'get', options })
-}
+    return requestUtils.sendRequest({ method: 'get', options })
+  }
 HTTPClient.prototype.checkLibrary = function checkLibrary(data) {
   const options = _.cloneDeep(this.requestOptions)
@@ -321,6 +339,27 @@ HTTPClient.prototype.getSbom = function getSbom(config) {
   return requestUtils.sendRequest({ method: 'get', options })
 }
+HTTPClient.prototype.getLatestVersion = function getLatestVersion() {
+  const options = _.cloneDeep(this.requestOptions)
+  options.url =
+    'https://pkg.contrastsecurity.com/artifactory/cli/latest-version.txt'
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+// analytics
+HTTPClient.prototype.postAnalyticsFunction = function (config, provider, body) {
+  const url = createAnalyticsFunctionPostUrl(config, provider)
+  const options = { ...this.requestOptions, body, url }
+  return requestUtils.sendRequest({ method: 'post', options })
+}
+const createAnalyticsFunctionPostUrl = (config, provider) => {
+  const url = getServerlessHost(config)
+  return `${url}/organizations/${config.organizationId}/providers/${provider}/analytics`
+}
 // scan
 const createGetScanIdURL = config => {
   return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/`
@@ -350,6 +389,10 @@ function createScanProjectUrl(config) {
   return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}`
 }
+const createEventCollectorURL = (config, scanId) => {
+  return `${config.host}/Contrast/api/sast/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/events`
+}
 const createGlobalPropertiesUrl = protocol => {
   return `${protocol}/Contrast/api/ng/global/properties`
 }
@@ -384,6 +427,10 @@ function createSpecificReportWithProdUrl(config, reportId) {
   )
 }
+function createSpecificReportStatusURL(config, reportId) {
+  return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots/${reportId}/status`
+}
 function createDataUrl() {
   return `https://ardy.contrastsecurity.com/production`
 }

package/src/common/errorHandling.ts CHANGED Viewed

@@ -64,6 +64,14 @@ const proxyError = () => {
   generalError('proxyErrorHeader', 'proxyErrorMessage')
 }
+const maxAppError = () => {
+  generalError(
+    'No applications remaining',
+    'You have reached the maximum number of application you can create.'
+  )
+  process.exit(1)
+}
 const failOptionError = () => {
   console.log(
     '\n ******************************** ' +
@@ -140,5 +148,6 @@ export {
   findCommandOnError,
   snapshotFailureError,
   vulnerabilitiesFailureError,
-  reportFailureError
+  reportFailureError,
+  maxAppError
 }

package/src/common/versionChecker.ts CHANGED Viewed

@@ -1,12 +1,31 @@
-import latestVersion from 'latest-version'
 import { APP_VERSION } from '../constants/constants'
 import boxen from 'boxen'
 import chalk from 'chalk'
 import semver from 'semver'
+import commonApi from '../utils/commonApi'
+import { constants } from 'http2'
+import { ContrastConf } from '../utils/getConfig'
-export async function findLatestCLIVersion(updateMessageHidden: boolean) {
-  if (!updateMessageHidden) {
-    const latestCLIVersion = await latestVersion('@contrast/contrast')
+const getLatestVersion = async (config: any) => {
+  const client = commonApi.getHttpClient(config)
+  try {
+    const res = await client.getLatestVersion()
+    if (res.statusCode === constants.HTTP_STATUS_OK) {
+      return res.body
+    }
+  } catch (e) {
+    return
+  }
+}
+// @ts-ignore
+export async function findLatestCLIVersion(config: ContrastConf) {
+  const messageHidden = config.get('updateMessageHidden') as boolean
+  if (!messageHidden) {
+    let latestCLIVersion: string = await getLatestVersion(config)
+    //strip key
+    latestCLIVersion = latestCLIVersion.substring(8)
     if (semver.lt(APP_VERSION, latestCLIVersion)) {
       const updateAvailableMessage = `Update available ${chalk.yellow(
@@ -37,5 +56,5 @@ export async function findLatestCLIVersion(updateMessageHidden: boolean) {
 }
 export async function isCorrectNodeVersion(currentVersion: string) {
-  return semver.satisfies(currentVersion, '>=16.13.2 <17')
+  return semver.satisfies(currentVersion, '>=16')
 }

package/src/constants/constants.js CHANGED Viewed

@@ -13,13 +13,18 @@ const MEDIUM = 'MEDIUM'
 const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.5'
+const APP_VERSION = '1.0.8'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'
 const MEDIUM_COLOUR = '#f1c232'
-const LOW_COLOUR = '#ff9900'
+const LOW_COLOUR = '#b7b7b7'
 const NOTE_COLOUR = '#999999'
+const CRITICAL_PRIORITY = 1
+const HIGH_PRIORITY = 2
+const MEDIUM_PRIORITY = 3
+const LOW_PRIORITY = 4
+const NOTE_PRIORITY = 5
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com'
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com'
@@ -43,5 +48,10 @@ module.exports = {
   MEDIUM_COLOUR,
   LOW_COLOUR,
   NOTE_COLOUR,
-  CE_URL
+  CE_URL,
+  CRITICAL_PRIORITY,
+  HIGH_PRIORITY,
+  MEDIUM_PRIORITY,
+  LOW_PRIORITY,
+  NOTE_PRIORITY
 }

package/src/constants/locales.js CHANGED Viewed

@@ -15,7 +15,7 @@ const en_locales = () => {
     catchErrorMessage: 'Contrast UI error: ',
     dependenciesNote:
       'Please Note: We currently only support projects with one .csproj AND *.package.lock.json',
-    languageAnalysisFailureMessage: 'SCA Analysis Failure',
+    languageAnalysisFailureMessage: 'SCA audit Failure',
     languageAnalysisFactoryFailureHeader: 'FAIL',
     libraryAnalysisError:
       'Please ensure the language parameter is set in accordance to the language specified on the project path.\nContrast CLI must be run in the same directory as the project manifest file OR the project_path parameter must be used to identify the directory containing the project manifest file.\n\nFor further information please read our usage guide, which can be accessed with the following command:\n\ncontrast-cli --help',
@@ -118,7 +118,7 @@ const en_locales = () => {
       'Provide this if you want to catalogue an application',
     constantsLanguage:
       'Valid values are JAVA, DOTNET, NODE, PYTHON and RUBY. If there are multiple project configuration files in the project_path, language is also required.  Also, provide this when cataloguing an application',
-    constantsProjectPath:
+    constantsFilePath:
       'The directory root of a project/application that you would like analyzed. Defaults to current directory.',
     constantsSilent: 'Silences JSON output.',
     constantsAppGroups:
@@ -137,16 +137,16 @@ const en_locales = () => {
       'The ID associated with a scan project. Replace <ProjectID> with the ID for the scan project. To find the ID, select a scan project in Contrast and locate the last number in the URL.',
     constantsReport: 'Display vulnerability information for this application',
     constantsFail:
-      'Set the process to fail if this option is set in combination with the --report and --cve_severity.',
+      'Set the process to fail if this option is set in combination with --cve_severity.',
     failOptionErrorMessage:
-      " FAIL - CVE's have been detected that match at least the cve_severity or cve_threshold option specified.",
+      ' FAIL - CVEs have been detected that match at least the cve_severity or cve_threshold option specified.',
     constantsSeverity:
-      'Combined with the --report command, allows the user to report libraries with vulnerabilities above a chosen severity level. For example, cve_severity medium only reports libraries with vulnerabilities at medium or higher severity. Values for level are high, medium or low.',
-    constantsCount: "The number of CVE's that must be exceeded to fail a build",
+      'Allows the user to report libraries with vulnerabilities above a chosen severity level. For example, cve_severity medium only reports libraries with vulnerabilities at medium or higher severity. Values for level are high, medium or low.',
+    constantsCount: 'The number of CVEs that must be exceeded to fail a build',
     constantsHeader: 'CodeSec by Contrast Security',
     constantsPrerequisitesContentScanLanguages: 'Java & JavaScript supported',
     constantsContrastContent:
-      'Use the Contrast CLI to run a scan (Java, JavaScript and .NET ) or lambda command (Java and Python) to find your vulnerabilities and start securing your code.',
+      "Use the 'contrast' command for fast and accurate security analysis of your applications and APIs (Java, JavaScript and .NET ) as well as serverless functions (AWS lambda, Java and Python).",
     constantsUsageGuideContentRecommendation:
       'Our recommendation is that this is invoked as part of a CI pipeline so that running the cli is automated as part of your build process.',
     constantsPrerequisitesHeader: 'Pre-requisites',
@@ -249,7 +249,7 @@ const en_locales = () => {
     scanLabel:
       "adds a label to the scan - defaults to 'Started by CLI tool at current date'",
     constantsIgnoreDev:
-      'Combined with the --report command excludes developer dependencies from the vulnerabilities report. By default all dependencies are included in a report.',
+      'Excludes developer dependencies from the output. By default all dependencies are included.',
     constantsCommands: 'Commands',
     constantsScanOptions: 'Scan Options',
     sbomError: 'All required parameters are not present.',
@@ -356,6 +356,7 @@ const en_locales = () => {
     scanZipError:
       'A .zip archive can be used for Javascript Scan. Archive found %s does not contain .JS files for Scan.',
     fileNotExist: 'File specified does not exist, please check and try again.',
+    scanFileIsEmpty: 'File specified is empty. Please choose another.',
     fileHasWhiteSpacesError:
       'File cannot have spaces, please rename or choose another file to Scan.',
     zipFileException: 'Error reading zip file',
@@ -392,12 +393,13 @@ const en_locales = () => {
     auditOptionsIgnoreDevDependenciesDescription: 'ignores DevDependencies',
     auditOptionsSave: '-s, --save',
     auditOptionsSaveDescription:
-      'saves the output in specified format Txt text, sbom',
+      'saves the output in specified format, options: sbom',
     scanNotCompleted:
       'Scan not completed. Check for framework and language support here: %s',
-    scanNoVulnerabilitiesFound: '👏 No vulnerabilities found',
+    auditNotCompleted: 'audit not completed.  Please try again',
+    scanNoVulnerabilitiesFound: '🎉 No vulnerabilities found.',
     scanNoVulnerabilitiesFoundSecureCode: '👍 Your code looks secure.',
-    scanNoVulnerabilitiesFoundGoodWork: '👏 Keep up the good work.',
+    scanNoVulnerabilitiesFoundGoodWork: '   Keep up the good work.',
     scanNoFiletypeSpecifiedForSave:
       'Please specify file type to save results to, accepted value is SARIF',
     auditSBOMSaveSuccess:
@@ -412,7 +414,8 @@ const en_locales = () => {
     auditReportFail: 'Report Retrieval Failed, please try again',
     auditReportSuccessMessage: 'Report successfully retrieved',
     auditReportFailureMessage: 'Unable to generate library report',
-    auditSCAAnalysisBegins: 'Contrast SCA analysis begins',
+    auditSCAAnalysisBegins: 'Contrast SCA audit started',
+    auditSCAAnalysisComplete: 'Contrast SCA audit complete',
     ...lambda
   }
 }

package/src/constants.js CHANGED Viewed

@@ -49,7 +49,6 @@ const scanOptionDefinitions = [
   },
   {
     name: 'project-path',
-    alias: 'i',
     description:
       '{bold ' +
       i18n.__('constantsOptional') +
@@ -212,13 +211,14 @@ const auditOptionDefinitions = [
       i18n.__('constantsApplicationName')
   },
   {
-    name: 'project-path',
-    defaultValue: process.env.PWD,
+    name: 'file',
+    alias: 'f',
+    defaultValue: process.cwd(),
     description:
       '{bold ' +
       i18n.__('constantsOptional') +
       '}: ' +
-      i18n.__('constantsProjectPath')
+      i18n.__('constantsFilePath')
   },
   {
     name: 'app-groups',
@@ -334,6 +334,11 @@ const auditOptionDefinitions = [
       i18n.__('constantsOptional') +
       '}: ' +
       i18n.__('auditOptionsSaveDescription')
+  },
+  {
+    name: 'experimental',
+    alias: 'e',
+    type: Boolean
   }
 ]

package/src/index.ts CHANGED Viewed

@@ -1,3 +1,5 @@
+#!/usr/bin/env node
 import commandLineArgs from 'command-line-args'
 import { processAudit } from './commands/audit/processAudit'
 import { processAuth } from './commands/auth/auth'
@@ -44,7 +46,7 @@ const start = async () => {
       argvMain.includes('--version')
     ) {
       console.log(APP_VERSION)
-      await findLatestCLIVersion(config.get('updateMessageHidden') as boolean)
+      await findLatestCLIVersion(config)
       return
     }
@@ -52,8 +54,8 @@ const start = async () => {
     config.set('numOfRuns', config.get('numOfRuns') + 1)
     // @ts-ignore
-    if (config.get('numOfRuns') >= 5) {
-      await findLatestCLIVersion(config.get('updateMessageHidden') as boolean)
+    if (config.get('numOfRuns') >= 1) {
+      await findLatestCLIVersion(config)
       config.set('numOfRuns', 0)
     }

package/src/lambda/analytics.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import { getHttpClient } from '../utils/commonApi'
+import { getAuth } from '../utils/paramsUtil/paramHandler'
+import { AnalyticsOption } from './types'
+export const postAnalytics = (data: AnalyticsOption, provider = 'aws') => {
+  const config = getAuth()
+  const client = getHttpClient(config)
+  return client.postAnalyticsFunction(config, provider, data)
+}

package/src/lambda/arn.ts CHANGED Viewed

@@ -10,7 +10,8 @@ type ARN = {
   resourceId?: string
 }
-const ARN_REGEX = /arn:(?<partition>[^:\n]*):(?<service>[^:\n]*):(?<region>[^:\n]*):(?<accountId>[^:\n]*):(?<ignore>(?<resource>[^:/\n]*)[:/])?(?<resourceId>.*)/
+const ARN_REGEX =
+  /arn:(?<partition>[^:\n]*):(?<service>[^:\n]*):(?<region>[^:\n]*):(?<accountId>[^:\n]*):(?<ignore>(?<resource>[^:/\n]*)[:/])?(?<resourceId>.*)/
 const parseARN = (arn: string | undefined) => {
   if (!arn) {

package/src/lambda/lambda.ts CHANGED Viewed

@@ -14,18 +14,8 @@ import { printResults } from './utils'
 import { getAllLambdas, printAvailableLambdas } from './lambdaUtils'
 import { sleep } from '../utils/requestUtils'
 import ora from '../utils/oraWrapper'
-type LambdaOptions = {
-  functionName?: string
-  listFunctions?: boolean
-  region?: string
-  endpointUrl?: string
-  profile?: string
-  help?: boolean
-  verbose?: boolean
-  jsonOutput?: boolean
-  _unknown?: string[]
-}
+import { postAnalytics } from './analytics'
+import { LambdaOptions, AnalyticsOption, StatusType, EventType } from './types'
 type ApiParams = {
   organizationId: string
@@ -74,10 +64,20 @@ const getLambdaOptions = (argv: string[]) => {
 }
 const processLambda = async (argv: string[]) => {
+  let errorMsg
+  let scanInfo: { functionArn: string; scanId: string } | undefined
+  const commandSessionId = Date.now().toString(36)
   try {
     const lambdaOptions = getLambdaOptions(argv)
     const { help } = lambdaOptions
+    const startCommandAnalytics: AnalyticsOption = {
+      arguments: lambdaOptions,
+      sessionId: commandSessionId,
+      eventType: EventType.START
+    }
+    postAnalytics(startCommandAnalytics).catch((error: Error) => {
+      /* ignore */
+    })
     if (help) {
       return handleLambdaHelp()
     }
@@ -87,15 +87,33 @@ const processLambda = async (argv: string[]) => {
     if (lambdaOptions.listFunctions) {
       await getAvailableFunctions(lambdaOptions)
     } else {
-      await actualProcessLambda(lambdaOptions)
+      scanInfo = await actualProcessLambda(lambdaOptions)
     }
   } catch (error) {
     if (error instanceof CliError) {
-      console.error(error.getErrorMessage())
+      errorMsg = error.getErrorMessage()
     } else if (error instanceof Error) {
-      console.error(error.message)
+      errorMsg = error.message
+    }
+  } finally {
+    const endCommandAnalytics: AnalyticsOption = {
+      sessionId: commandSessionId,
+      eventType: EventType.END,
+      status: errorMsg ? StatusType.FAILED : StatusType.SUCCESS
+    }
+    if (errorMsg) {
+      endCommandAnalytics.errorMsg = errorMsg
+      console.error(errorMsg)
+    }
+    if (scanInfo) {
+      endCommandAnalytics.scanFunctionData = scanInfo
+    }
+    await postAnalytics(endCommandAnalytics).catch((error: Error) => {
+      /* ignore */
+    })
+    if (errorMsg) {
+      process.exit(1)
     }
-    process.exit(1)
   }
 }
@@ -162,6 +180,8 @@ const actualProcessLambda = async (lambdaOptions: LambdaOptions) => {
   if (results?.length) {
     printResults(results)
   }
+  return { functionArn, scanId }
 }
 const validateRequiredLambdaParams = (options: LambdaOptions) => {