@contrast/contrast 1.0.6 → 1.0.9

package/src/constants.js

@@ -49,7 +49,6 @@ const scanOptionDefinitions = [
   },
   {
     name: 'project-path',
-    alias: 'i',
     description:
       '{bold ' +
       i18n.__('constantsOptional') +
@@ -212,13 +211,14 @@ const auditOptionDefinitions = [
       i18n.__('constantsApplicationName')
   },
   {
-    name: 'project-path',
-    defaultValue: process.env.PWD,
+    name: 'file',
+    alias: 'f',
+    defaultValue: process.cwd(),
     description:
       '{bold ' +
       i18n.__('constantsOptional') +
       '}: ' +
-      i18n.__('constantsProjectPath')
+      i18n.__('constantsFilePath')
   },
   {
     name: 'app-groups',
@@ -266,15 +266,6 @@ const auditOptionDefinitions = [
   {
     name: 'maven-settings-path'
   },
-  {
-    name: 'language',
-    alias: 'l',
-    description:
-      '{bold ' +
-      i18n.__('constantsRequiredCatalogue') +
-      '}: ' +
-      i18n.__('constantsLanguage')
-  },
   {
     name: 'organization-id',
     alias: 'o',
@@ -333,7 +324,23 @@ const auditOptionDefinitions = [
       '{bold ' +
       i18n.__('constantsOptional') +
       '}: ' +
-      i18n.__('auditOptionsSaveDescription')
+      i18n.__('auditOptionsSaveDescription') +
+      i18n.__('auditOptionsSaveOptionsDescription')
+  },
+  {
+    name: 'experimental',
+    alias: 'e',
+    type: Boolean
+  },
+  {
+    name: 'timeout',
+    alias: 't',
+    type: Number,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('scanOptionsTimeoutSummary')
   }
 ]
 

package/src/index.ts

@@ -1,3 +1,5 @@
+#!/usr/bin/env node
+
 import commandLineArgs from 'command-line-args'
 import { processAudit } from './commands/audit/processAudit'
 import { processAuth } from './commands/auth/auth'
@@ -34,74 +36,84 @@ const getMainOption = () => {
 }
 
 const start = async () => {
-  if (await isCorrectNodeVersion(process.version)) {
-    const { mainOptions, argv: argvMain } = getMainOption()
-    const command =
-      mainOptions.command != undefined ? mainOptions.command.toLowerCase() : ''
-    if (
-      command === 'version' ||
-      argvMain.includes('--v') ||
-      argvMain.includes('--version')
-    ) {
-      console.log(APP_VERSION)
-      await findLatestCLIVersion(config.get('updateMessageHidden') as boolean)
-      return
-    }
+  try {
+    if (await isCorrectNodeVersion(process.version)) {
+      const { mainOptions, argv: argvMain } = getMainOption()
+      const command =
+        mainOptions.command != undefined
+          ? mainOptions.command.toLowerCase()
+          : ''
+      if (
+        command === 'version' ||
+        argvMain.includes('--v') ||
+        argvMain.includes('--version')
+      ) {
+        console.log(APP_VERSION)
+        await findLatestCLIVersion(config)
+        return
+      }
 
-    // @ts-ignore
-    config.set('numOfRuns', config.get('numOfRuns') + 1)
+      // @ts-ignore
+      config.set('numOfRuns', config.get('numOfRuns') + 1)
 
-    // @ts-ignore
-    if (config.get('numOfRuns') >= 5) {
-      await findLatestCLIVersion(config.get('updateMessageHidden') as boolean)
-      config.set('numOfRuns', 0)
-    }
+      // @ts-ignore
+      if (config.get('numOfRuns') >= 1) {
+        await findLatestCLIVersion(config)
+        config.set('numOfRuns', 0)
+      }
 
-    if (command === 'config') {
-      return processConfig(argvMain, config)
-    }
+      if (command === 'config') {
+        return processConfig(argvMain, config)
+      }
 
-    if (command === 'auth') {
-      return await processAuth(argvMain, config)
-    }
+      if (command === 'auth') {
+        return await processAuth(argvMain, config)
+      }
 
-    if (command === 'lambda') {
-      return await processLambda(argvMain)
-    }
+      if (command === 'lambda') {
+        return await processLambda(argvMain)
+      }
 
-    if (command === 'scan') {
-      return await processScan(argvMain)
-    }
+      if (command === 'scan') {
+        return await processScan(argvMain)
+      }
 
-    if (command === 'audit') {
-      return await processAudit(argvMain)
-    }
+      if (command === 'audit') {
+        return await processAudit(argvMain)
+      }
+
+      if (
+        command === 'help' ||
+        argvMain.includes('--help') ||
+        Object.keys(mainOptions).length === 0
+      ) {
+        console.log(mainUsageGuide)
+      } else if (mainOptions._unknown !== undefined) {
+        const foundCommand = findCommandOnError(mainOptions._unknown)
 
-    if (
-      command === 'help' ||
-      argvMain.includes('--help') ||
-      Object.keys(mainOptions).length === 0
-    ) {
-      console.log(mainUsageGuide)
-    } else if (mainOptions._unknown !== undefined) {
-      const foundCommand = findCommandOnError(mainOptions._unknown)
-
-      foundCommand
-        ? console.log(
-            `Unknown Command: Did you mean "${foundCommand}"? \nUse "${foundCommand} --help" for the full list of options`
-          )
-        : console.log(
-            `Unknown Command: ${command} \nUse --help for the full list`
-          )
+        foundCommand
+          ? console.log(
+              `Unknown Command: Did you mean "${foundCommand}"? \nUse "${foundCommand} --help" for the full list of options`
+            )
+          : console.log(
+              `Unknown Command: ${command} \nUse --help for the full list`
+            )
+      } else {
+        console.log(
+          `Unknown Command: ${command} \nUse --help for the full list`
+        )
+      }
+      process.exit(9)
     } else {
-      console.log(`Unknown Command: ${command} \nUse --help for the full list`)
+      console.log(
+        'Contrast supports Node versions >=16.13.2 <17. Please use one of those versions.'
+      )
+      process.exit(9)
     }
-    process.exit(9)
-  } else {
-    console.log(
-      'Contrast supports Node versions >=16.13.2 <17. Please use one of those versions.'
-    )
-    process.exit(9)
+  } catch (err: any) {
+    console.log()
+    console.log(err.message.toString())
+    process.exit(1)
   }
 }
 

package/src/lambda/analytics.ts

@@ -0,0 +1,9 @@
+import { getHttpClient } from '../utils/commonApi'
+import { getAuth } from '../utils/paramsUtil/paramHandler'
+import { AnalyticsOption } from './types'
+
+export const postAnalytics = (data: AnalyticsOption, provider = 'aws') => {
+  const config = getAuth()
+  const client = getHttpClient(config)
+  return client.postAnalyticsFunction(config, provider, data)
+}

package/src/lambda/arn.ts

@@ -10,7 +10,8 @@ type ARN = {
   resourceId?: string
 }
 
-const ARN_REGEX = /arn:(?<partition>[^:\n]*):(?<service>[^:\n]*):(?<region>[^:\n]*):(?<accountId>[^:\n]*):(?<ignore>(?<resource>[^:/\n]*)[:/])?(?<resourceId>.*)/
+const ARN_REGEX =
+  /arn:(?<partition>[^:\n]*):(?<service>[^:\n]*):(?<region>[^:\n]*):(?<accountId>[^:\n]*):(?<ignore>(?<resource>[^:/\n]*)[:/])?(?<resourceId>.*)/
 
 const parseARN = (arn: string | undefined) => {
   if (!arn) {

package/src/lambda/lambda.ts

@@ -14,18 +14,9 @@ import { printResults } from './utils'
 import { getAllLambdas, printAvailableLambdas } from './lambdaUtils'
 import { sleep } from '../utils/requestUtils'
 import ora from '../utils/oraWrapper'
-
-type LambdaOptions = {
-  functionName?: string
-  listFunctions?: boolean
-  region?: string
-  endpointUrl?: string
-  profile?: string
-  help?: boolean
-  verbose?: boolean
-  jsonOutput?: boolean
-  _unknown?: string[]
-}
+import { postAnalytics } from './analytics'
+import { LambdaOptions, AnalyticsOption, StatusType, EventType } from './types'
+import { APP_VERSION } from '../constants/constants'
 
 type ApiParams = {
   organizationId: string
@@ -74,10 +65,21 @@ const getLambdaOptions = (argv: string[]) => {
 }
 
 const processLambda = async (argv: string[]) => {
+  let errorMsg
+  let scanInfo: { functionArn: string; scanId: string } | undefined
+  const commandSessionId = Date.now().toString(36)
   try {
     const lambdaOptions = getLambdaOptions(argv)
     const { help } = lambdaOptions
-
+    const startCommandAnalytics: AnalyticsOption = {
+      arguments: lambdaOptions,
+      sessionId: commandSessionId,
+      eventType: EventType.START,
+      packageVersion: APP_VERSION
+    }
+    postAnalytics(startCommandAnalytics).catch((error: Error) => {
+      /* ignore */
+    })
     if (help) {
       return handleLambdaHelp()
     }
@@ -87,15 +89,34 @@ const processLambda = async (argv: string[]) => {
     if (lambdaOptions.listFunctions) {
       await getAvailableFunctions(lambdaOptions)
     } else {
-      await actualProcessLambda(lambdaOptions)
+      scanInfo = await actualProcessLambda(lambdaOptions)
     }
   } catch (error) {
     if (error instanceof CliError) {
-      console.error(error.getErrorMessage())
+      errorMsg = error.getErrorMessage()
     } else if (error instanceof Error) {
-      console.error(error.message)
+      errorMsg = error.message
+    }
+  } finally {
+    const endCommandAnalytics: AnalyticsOption = {
+      sessionId: commandSessionId,
+      eventType: EventType.END,
+      status: errorMsg ? StatusType.FAILED : StatusType.SUCCESS,
+      packageVersion: APP_VERSION
+    }
+    if (errorMsg) {
+      endCommandAnalytics.errorMsg = errorMsg
+      console.error(errorMsg)
+    }
+    if (scanInfo) {
+      endCommandAnalytics.scanFunctionData = scanInfo
+    }
+    await postAnalytics(endCommandAnalytics).catch((error: Error) => {
+      /* ignore */
+    })
+    if (errorMsg) {
+      process.exit(1)
     }
-    process.exit(1)
   }
 }
 
@@ -162,6 +183,8 @@ const actualProcessLambda = async (lambdaOptions: LambdaOptions) => {
   if (results?.length) {
     printResults(results)
   }
+
+  return { functionArn, scanId }
 }
 
 const validateRequiredLambdaParams = (options: LambdaOptions) => {

package/src/lambda/types.ts

@@ -0,0 +1,36 @@
+export enum StatusType {
+  FAILED = 'failed',
+  SUCCESS = 'success'
+}
+
+export enum EventType {
+  START = 'start_command_session',
+  END = 'end_command_session'
+}
+
+export type LambdaOptions = {
+  functionName?: string
+  listFunctions?: boolean
+  region?: string
+  endpointUrl?: string
+  profile?: string
+  help?: boolean
+  verbose?: boolean
+  jsonOutput?: boolean
+  _unknown?: string[]
+}
+
+type ScanFunctionData = {
+  functionArn: string
+  scanId: string
+}
+
+export type AnalyticsOption = {
+  sessionId: string
+  eventType: EventType
+  packageVersion: string
+  arguments?: LambdaOptions
+  scanFunctionData?: ScanFunctionData
+  status?: StatusType
+  errorMsg?: string
+}

package/src/lambda/utils.ts

@@ -19,13 +19,8 @@ class PrintVulnerability {
   whatHappened: string
 
   constructor(index: number, vulnerability: any, group?: any[]) {
-    const {
-      severityText,
-      title,
-      description,
-      remediation,
-      categoryText
-    } = vulnerability
+    const { severityText, title, description, remediation, categoryText } =
+      vulnerability
 
     this.group = group
     this.vulnerability = vulnerability

package/src/sbom/generateSbom.ts

@@ -1,9 +1,9 @@
 import { getHttpClient } from '../utils/commonApi'
 
-export default function generateSbom(config: any) {
+export const generateSbom = (config: any, type: string) => {
   const client = getHttpClient(config)
   return client
-    .getSbom(config)
+    .getSbom(config, type)
     .then((res: { statusCode: number; body: any }) => {
       if (res.statusCode === 200) {
         return res.body

package/src/scaAnalysis/common/formatMessage.js

@@ -6,6 +6,21 @@ const createJavaTSMessage = javaTree => {
   }
 }
 
+const createJavaScriptTSMessage = js => {
+  let message = {
+    node: {
+      packageJSON: js.packageJSON
+    }
+  }
+  if (js.yarn !== undefined) {
+    message.node.yarnLockFile = js.yarn.yarnLockFile
+    message.node.yarnVersion = js.yarn.yarnVersion
+  } else {
+    message.node.npmLockFile = js.npmLockFile
+  }
+  return message
+}
+
 const createGoTSMessage = goTree => {
   return {
     go: {
@@ -14,7 +29,39 @@ const createGoTSMessage = goTree => {
   }
 }
 
+const createRubyTSMessage = rubyTree => {
+  return {
+    ruby: rubyTree
+  }
+}
+
+const createPythonTSMessage = pythonTree => {
+  return {
+    python: pythonTree
+  }
+}
+
+const createPhpTSMessage = phpTree => {
+  return {
+    php: {
+      composerJSON: phpTree.composerJSON,
+      lockFile: phpTree.lockFile
+    }
+  }
+}
+
+const createDotNetTSMessage = dotnetTree => {
+  return {
+    dotnet: dotnetTree
+  }
+}
+
 module.exports = {
+  createJavaScriptTSMessage,
   createJavaTSMessage,
-  createGoTSMessage
+  createGoTSMessage,
+  createPhpTSMessage,
+  createRubyTSMessage,
+  createPythonTSMessage,
+  createDotNetTSMessage
 }

package/src/scaAnalysis/common/treeUpload.js

@@ -1,4 +1,4 @@
-const { getHttpClient } = require('../../utils/commonApi')
+const commonApi = require('../../utils/commonApi')
 const { APP_VERSION } = require('../../constants/constants')
 
 const commonSendSnapShot = async (analysis, config) => {
@@ -8,20 +8,18 @@ const commonSendSnapShot = async (analysis, config) => {
     snapshot: analysis
   }
 
-  const client = getHttpClient(config)
+  const client = commonApi.getHttpClient(config)
   return client
     .sendSnapshot(requestBody, config)
     .then(res => {
       if (res.statusCode === 201) {
-        console.log('dependencies processed successfully')
         return res.body
       } else {
-        console.log(res.statusCode)
-        console.log('error processing dependencies')
+        throw new Error(res.statusCode + ` error processing dependencies`)
       }
     })
     .catch(err => {
-      console.log(err)
+      throw err
     })
 }
 

package/src/scaAnalysis/dotnet/analysis.js

@@ -0,0 +1,54 @@
+const fs = require('fs')
+const xml2js = require('xml2js')
+const i18n = require('i18n')
+
+const readAndParseProjectFile = projectFilePath => {
+  const projectFile = fs.readFileSync(projectFilePath)
+
+  return new xml2js.Parser({
+    explicitArray: false,
+    mergeAttrs: true
+  }).parseString(projectFile)
+}
+
+const readAndParseLockFile = lockFilePath => {
+  const lockFile = JSON.parse(fs.readFileSync(lockFilePath).toString())
+
+  let count = 0 // Used to test if some nodes are deleted
+
+  for (const dependenciesNode in lockFile.dependencies) {
+    for (const innerNode in lockFile.dependencies[dependenciesNode]) {
+      const nodeValidation = JSON.stringify(
+        lockFile.dependencies[dependenciesNode][innerNode]
+      )
+      if (nodeValidation.includes('"type":"Project"')) {
+        count += 1
+        delete lockFile.dependencies[dependenciesNode][innerNode]
+        lockFile.additionalInfo = 'dependenciesNote'
+      }
+    }
+  }
+
+  if (count > 0) {
+    const multiLevelProjectWarning = () => {
+      console.log('')
+      console.log(i18n.__('dependenciesNote'))
+    }
+    setTimeout(multiLevelProjectWarning, 7000)
+  }
+
+  return lockFile
+}
+
+const getDotNetDeps = (filePath, languageFiles) => {
+  const projectFile = readAndParseProjectFile(filePath + `/${languageFiles[0]}`)
+  const lockFile = readAndParseLockFile(filePath + `/${languageFiles[1]}`)
+
+  return { projectFile, lockFile }
+}
+
+module.exports = {
+  getDotNetDeps,
+  readAndParseProjectFile,
+  readAndParseLockFile
+}

package/src/scaAnalysis/dotnet/index.js

@@ -0,0 +1,11 @@
+const { getDotNetDeps } = require('./analysis')
+const { createDotNetTSMessage } = require('../common/formatMessage')
+
+const dotNetAnalysis = (config, languageFiles) => {
+  const dotNetDeps = getDotNetDeps(config.file, languageFiles.DOTNET)
+  return createDotNetTSMessage(dotNetDeps)
+}
+
+module.exports = {
+  dotNetAnalysis
+}

package/src/scaAnalysis/go/goAnalysis.js

@@ -5,9 +5,8 @@ const goParseDeps = require('./goParseDeps')
 const goAnalysis = (config, languageFiles) => {
   try {
     const rawGoDependencies = goReadDepFile.getGoDependencies(config)
-    const parsedGoDependencies = goParseDeps.parseGoDependencies(
-      rawGoDependencies
-    )
+    const parsedGoDependencies =
+      goParseDeps.parseGoDependencies(rawGoDependencies)
 
     return createGoTSMessage(parsedGoDependencies)
   } catch (e) {

package/src/scaAnalysis/go/goReadDepFile.js

@@ -3,9 +3,7 @@ const i18n = require('i18n')
 
 const getGoDependencies = config => {
   let cmdStdout
-  let cwd = config.projectPath
-    ? config.projectPath.replace('go.mod', '')
-    : process.cwd()
+  let cwd = config.file ? config.file.replace('go.mod', '') : process.cwd()
 
   try {
     // A sample of this output can be found

package/src/scaAnalysis/java/analysis.js

@@ -6,21 +6,20 @@ const fs = require('fs')
 const MAVEN = 'maven'
 const GRADLE = 'gradle'
 
-const determineProjectTypeAndCwd = (files, projectPath) => {
+const determineProjectTypeAndCwd = (files, file) => {
   const projectData = {}
 
   if (files[0].includes('pom.xml')) {
     projectData.projectType = MAVEN
-    projectData.cwd = projectPath
-      ? projectPath
-      : files[0].replace('pom.xml', '')
   } else if (files[0].includes('build.gradle')) {
     projectData.projectType = GRADLE
-    projectData.cwd = projectPath
-      ? projectPath
-      : files[0].replace('pom.xml', '')
   }
 
+  //clean up the path to be a folder not a file
+  projectData.cwd = file
+    ? file.replace('pom.xml', '').replace('build.gradle', '')
+    : file
+
   return projectData
 }
 
@@ -125,7 +124,7 @@ const getJavaBuildDeps = (config, files) => {
   }
 
   try {
-    const projectData = determineProjectTypeAndCwd(files, config.projectPath)
+    const projectData = determineProjectTypeAndCwd(files, config.file)
     if (projectData.projectType === MAVEN) {
       output.mvnDependancyTreeOutput = buildMaven(config, projectData, timeout)
     } else if (projectData.projectType === GRADLE) {

package/src/scaAnalysis/java/index.js

@@ -3,11 +3,11 @@ const { parseBuildDeps } = require('./javaBuildDepsParser')
 const { createJavaTSMessage } = require('../common/formatMessage')
 
 const javaAnalysis = (config, languageFiles) => {
-  languageFiles.java.forEach(file => {
+  languageFiles.JAVA.forEach(file => {
     file.replace('build.gradle.kts', 'build.gradle')
   })
 
-  const javaDeps = buildJavaTree(config, languageFiles.java)
+  const javaDeps = buildJavaTree(config, languageFiles.JAVA)
   return createJavaTSMessage(javaDeps)
 }