npm - @contrast/contrast - Versions diffs - 1.0.7 → 1.0.10 - Mend

@contrast/contrast 1.0.7 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (196) hide show

package/README.md CHANGED Viewed

@@ -52,7 +52,7 @@ export AWS_SECRET_ACCESS_KEY=<YOUR_SECRET_ACCESS_KEY>
 - These permissions are required to gather all required information on an AWS Lambda to use the `contrast lambda` command:
-  - Lambda: [GetFunction](https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunction.html) | [GetLayerVersion](https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersion.html)
+  - Lambda: [GetFunction](https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunction.html) | [GetLayerVersion](https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersion.html) | [ListFunctions](https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctions.html)
   - IAM: [GetRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html) | [GetPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html) | [GetPolicyVersion](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html) | [ListRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html) | [ListAttachedRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html)
 ### Start scanning

package/dist/audit/catalogueApplication/catalogueApplication.js CHANGED Viewed

@@ -1,9 +1,5 @@
 "use strict";
-const i18n = require('i18n');
 const { getHttpClient, handleResponseErrors } = require('../../utils/commonApi');
-const displaySuccessMessage = () => {
-    console.log(i18n.__('catalogueSuccessCommand'));
-};
 const catalogueApplication = async (config) => {
     const client = getHttpClient(config);
     let appId;
@@ -13,6 +9,9 @@ const catalogueApplication = async (config) => {
         if (res.statusCode === 201) {
             appId = res.body.application.app_id;
         }
+        else if (doesMessagesContainAppId(res)) {
+            appId = tryRetrieveAppIdFromMessages(res.body.messages);
+        }
         else {
             handleResponseErrors(res, 'catalogue');
         }
@@ -22,6 +21,25 @@ const catalogueApplication = async (config) => {
     });
     return appId;
 };
+const doesMessagesContainAppId = res => {
+    const regex = /(Application ID =)/;
+    if (res.statusCode === 400 &&
+        res.body.messages.filter(message => regex.exec(message))[0]) {
+        return true;
+    }
+    return false;
+};
+const tryRetrieveAppIdFromMessages = messages => {
+    let appId;
+    messages.forEach(message => {
+        if (message.includes('Application ID')) {
+            appId = message.split('=')[1].replace(/\s+/g, '');
+        }
+    });
+    return appId;
+};
 module.exports = {
-    catalogueApplication: catalogueApplication
+    catalogueApplication: catalogueApplication,
+    doesMessagesContainAppId,
+    tryRetrieveAppIdFromMessages
 };

package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js CHANGED Viewed

@@ -2,38 +2,29 @@
 const fs = require('fs');
 const path = require('path');
 const i18n = require('i18n');
-module.exports = exports = (analysis, next) => {
-    const { projectPath, languageAnalysis } = analysis;
-    try {
-        languageAnalysis.projectRootFilenames = getProjectRootFilenames(projectPath);
+const getDirectoryFromPathGiven = file => {
+    let projectStats = getProjectStats(file);
+    if (projectStats.isFile()) {
+        let newPath = path.resolve(file);
+        return path.dirname(newPath);
     }
-    catch (err) {
-        next(err);
-        return;
+    if (projectStats.isDirectory()) {
+        return file;
     }
-    next();
 };
-const getProjectRootFilenames = projectPath => {
-    let projectStats = null;
+const getProjectStats = file => {
     try {
-        projectStats = fs.statSync(projectPath);
+        if (file.endsWith('/')) {
+            file = file.slice(0, -1);
+        }
+        return fs.statSync(file);
     }
     catch (err) {
-        throw new Error(i18n.__('languageAnalysisProjectRootFileNameFailure', projectPath) +
+        throw new Error(i18n.__('languageAnalysisProjectRootFileNameFailure', file) +
             `${err.message}`);
     }
-    if (projectStats.isDirectory()) {
-        try {
-            return fs.readdirSync(projectPath);
-        }
-        catch (err) {
-            throw new Error(i18n.__('languageAnalysisProjectRootFileNameReadError', projectPath) +
-                `${err.message}`);
-        }
-    }
-    if (projectStats.isFile()) {
-        return [path.basename(projectPath)];
-    }
-    throw new Error(i18n.__('languageAnalysisProjectRootFileNameMissingError'), projectPath);
 };
-exports.getProjectRootFilenames = getProjectRootFilenames;
+module.exports = {
+    getProjectStats,
+    getDirectoryFromPathGiven: getDirectoryFromPathGiven
+};

package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js CHANGED Viewed

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getNumOfAndSeverityType = exports.buildFormattedHeaderNum = exports.buildBody = exports.buildHeader = exports.printFormattedOutput = exports.printVulnerabilityResponse = exports.getReport = exports.createLibraryHeader = void 0;
+exports.getNumOfAndSeverityType = exports.buildFormattedHeaderNum = exports.gatherRemediationAdvice = exports.buildBody = exports.buildHeader = exports.printFormattedOutput = exports.printVulnerabilityResponse = exports.getReport = exports.createSummaryMessage = void 0;
 const commonApi_1 = require("../../../utils/commonApi");
 const reportListModel_1 = require("./models/reportListModel");
 const lodash_1 = require("lodash");
@@ -11,12 +11,14 @@ const chalk_1 = __importDefault(require("chalk"));
 const reportUtils_1 = require("./utils/reportUtils");
 const severityCountModel_1 = require("./models/severityCountModel");
 const reportOutputModel_1 = require("./models/reportOutputModel");
-const createLibraryHeader = (id, numberOfVulnerableLibraries, numberOfCves) => {
+const constants_1 = require("../../../constants/constants");
+const cli_table3_1 = __importDefault(require("cli-table3"));
+const createSummaryMessage = (numberOfVulnerableLibraries, numberOfCves) => {
     numberOfVulnerableLibraries === 1
-        ? console.log(` Found 1 vulnerable library containing ${numberOfCves} CVE's`)
-        : console.log(` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's `);
+        ? console.log(`Found 1 vulnerable library containing ${numberOfCves} CVE`)
+        : console.log(`Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs`);
 };
-exports.createLibraryHeader = createLibraryHeader;
+exports.createSummaryMessage = createSummaryMessage;
 const getReport = async (config, reportId) => {
     const client = (0, commonApi_1.getHttpClient)(config);
     return client
@@ -26,10 +28,6 @@ const getReport = async (config, reportId) => {
             return res.body;
         }
         else {
-            console.log('config-------------------');
-            console.log(config);
-            console.log('reportId----------------');
-            console.log(reportId);
             console.log(JSON.stringify(res));
             (0, commonApi_1.handleResponseErrors)(res, 'report');
         }
@@ -39,75 +37,121 @@ const getReport = async (config, reportId) => {
     });
 };
 exports.getReport = getReport;
-const printVulnerabilityResponse = (vulnerabilities, config) => {
+const printVulnerabilityResponse = (config, vulnerableLibraries, numberOfVulnerableLibraries, numberOfCves, guidance) => {
     let hasSomeVulnerabilitiesReported = false;
-    (0, exports.printFormattedOutput)(vulnerabilities, config);
-    if (Object.keys(vulnerabilities).length > 0) {
+    (0, exports.printFormattedOutput)(config, vulnerableLibraries, numberOfVulnerableLibraries, numberOfCves, guidance);
+    if (Object.keys(vulnerableLibraries).length > 0) {
         hasSomeVulnerabilitiesReported = true;
     }
     return hasSomeVulnerabilitiesReported;
 };
 exports.printVulnerabilityResponse = printVulnerabilityResponse;
-const printFormattedOutput = (libraries, config) => {
+const printFormattedOutput = (config, libraries, numberOfVulnerableLibraries, numberOfCves, guidance) => {
+    (0, exports.createSummaryMessage)(numberOfVulnerableLibraries, numberOfCves);
+    console.log();
     const report = new reportListModel_1.ReportList();
     for (const library of libraries) {
         const { name, version } = (0, reportUtils_1.findNameAndVersion)(library, config);
-        const newOutputModel = new reportListModel_1.ReportModelStructure(new reportListModel_1.ReportCompositeKey(name, version, (0, reportUtils_1.findHighestSeverityCVE)(library.cveArray)), library.cveArray);
+        const newOutputModel = new reportListModel_1.ReportModelStructure(new reportListModel_1.ReportCompositeKey(name, version, (0, reportUtils_1.findHighestSeverityCVE)(library.cveArray), (0, reportUtils_1.severityCountAllCVEs)(library.cveArray, new severityCountModel_1.SeverityCountModel()).getTotal), library.cveArray);
         report.reportOutputList.push(newOutputModel);
     }
-    const orderedOutputListLowestFirst = (0, lodash_1.orderBy)(report.reportOutputList, reportListItem => reportListItem.compositeKey.highestSeverity.priority, ['desc']);
+    const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = (0, lodash_1.orderBy)(report.reportOutputList, [
+        (reportListItem) => {
+            return reportListItem.compositeKey.highestSeverity.priority;
+        },
+        (reportListItem) => {
+            return reportListItem.compositeKey.numberOfSeverities;
+        }
+    ], ['asc', 'desc']);
     let contrastHeaderNumCounter = 0;
-    for (const reportModel of orderedOutputListLowestFirst) {
+    for (const reportModel of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
         contrastHeaderNumCounter++;
         const { libraryName, libraryVersion, highestSeverity } = reportModel.compositeKey;
         const numOfCVEs = reportModel.cveArray.length;
+        const table = new cli_table3_1.default({
+            chars: {
+                top: '',
+                'top-mid': '',
+                'top-left': '',
+                'top-right': '',
+                bottom: '',
+                'bottom-mid': '',
+                'bottom-left': '',
+                'bottom-right': '',
+                left: '',
+                'left-mid': '',
+                mid: '',
+                'mid-mid': '',
+                right: '',
+                'right-mid': '',
+                middle: ' '
+            },
+            style: { 'padding-left': 0, 'padding-right': 0 },
+            colAligns: ['right'],
+            wordWrap: true,
+            colWidths: [12, 1, 100]
+        });
         const header = buildHeader(highestSeverity, contrastHeaderNumCounter, libraryName, libraryVersion, numOfCVEs);
-        const body = buildBody(reportModel.cveArray);
+        const advice = gatherRemediationAdvice(guidance, reportModel);
+        const body = buildBody(reportModel.cveArray, advice);
         const reportOutputModel = new reportOutputModel_1.ReportOutputModel(header, body);
+        table.push(reportOutputModel.body.issueMessage, reportOutputModel.body.issueMessageCves, reportOutputModel.body.adviceMessage);
         console.log(reportOutputModel.header.vulnMessage, reportOutputModel.header.introducesMessage);
-        console.log(reportOutputModel.body.issueMessage);
-        console.log(reportOutputModel.body.adviceMessage);
+        console.log(table.toString() + '\n');
     }
+    (0, exports.createSummaryMessage)(numberOfVulnerableLibraries, numberOfCves);
+    const { criticalMessage, highMessage, mediumMessage, lowMessage, noteMessage } = buildFooter(outputOrderedByLowestSeverityAndLowestNumOfCvesFirst);
+    console.log(`${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`);
 };
 exports.printFormattedOutput = printFormattedOutput;
 function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, numOfCVEs) {
-    const vulnerabilityPluralised = numOfCVEs > 1 ? 'Vulnerabilities' : 'Vulnerability';
+    const vulnerabilityPluralised = numOfCVEs > 1 ? 'vulnerabilities' : 'vulnerability';
     const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum);
     const vulnMessage = chalk_1.default
         .hex(highestSeverity.outputColour)
         .bold(`${formattedHeaderNum} - [${highestSeverity.severity}] ${libraryName}-${version}`);
-    const introducesMessage = chalk_1.default.bold(`introduces ${numOfCVEs} ${vulnerabilityPluralised}`);
+    const introducesMessage = `introduces ${numOfCVEs} ${vulnerabilityPluralised}`;
     return new reportOutputModel_1.ReportOutputHeaderModel(vulnMessage, introducesMessage);
 }
 exports.buildHeader = buildHeader;
-function buildBody(cveArray) {
+function buildBody(cveArray, advice) {
     const cveMessages = [];
     (0, reportUtils_1.findCVESeveritiesAndOrderByHighestPriority)(cveArray).forEach(reportSeverityModel => {
         const { outputColour, severity, cveName } = reportSeverityModel;
         const severityShorthand = chalk_1.default
             .hex(outputColour)
             .bold(`[${severity.charAt(0).toUpperCase()}]`);
-        const builtMessage = `${severityShorthand} ${cveName}`;
+        const builtMessage = severityShorthand + cveName;
         cveMessages.push(builtMessage);
     });
     const numAndSeverityType = getNumOfAndSeverityType(cveArray);
-    const issueMessage = ` ${chalk_1.default.bold('Issue')}  : ${numAndSeverityType} ${cveMessages.join(', ')}.`;
-    const adviceMessage = ` ${chalk_1.default.bold('Advice')} : ${chalk_1.default.bold('Update to latest version')}.`;
-    return new reportOutputModel_1.ReportOutputBodyModel(issueMessage, adviceMessage);
+    const issueMessage = [chalk_1.default.bold('Issue'), ':', `${numAndSeverityType}`];
+    const issueMessageCves = ['', '', cveMessages.join(', ')];
+    const displayAdvice = advice?.minimum
+        ? `Update to version ${chalk_1.default.bold(advice.minimum)}`
+        : `Update to latest version`;
+    const adviceMessage = [chalk_1.default.bold('Advice'), ':', displayAdvice];
+    return new reportOutputModel_1.ReportOutputBodyModel(issueMessage, issueMessageCves, adviceMessage);
 }
 exports.buildBody = buildBody;
-function buildFormattedHeaderNum(contrastHeaderNum) {
-    let formattedHeaderNum;
-    if (contrastHeaderNum < 10) {
-        formattedHeaderNum = `00${contrastHeaderNum}`;
-    }
-    else if (contrastHeaderNum >= 10 && contrastHeaderNum < 100) {
-        formattedHeaderNum = `0${contrastHeaderNum}`;
-    }
-    else if (contrastHeaderNum >= 100) {
-        formattedHeaderNum = contrastHeaderNum;
+function gatherRemediationAdvice(guidance, reportModel) {
+    const guidanceData = {
+        minimum: undefined,
+        maximum: undefined,
+        latest: undefined
+    };
+    const data = guidance[reportModel.compositeKey.libraryName +
+        '@' +
+        reportModel.compositeKey.libraryVersion];
+    if (data) {
+        guidanceData.minimum = data.minUpgradeVersion;
+        guidanceData.maximum = data.maxUpgradeVersion;
     }
-    return `CONTRAST-${formattedHeaderNum}`;
+    return guidanceData;
+}
+exports.gatherRemediationAdvice = gatherRemediationAdvice;
+function buildFormattedHeaderNum(contrastHeaderNum) {
+    return `CONTRAST-${contrastHeaderNum.toString().padStart(3, '0')}`;
 }
 exports.buildFormattedHeaderNum = buildFormattedHeaderNum;
 function getNumOfAndSeverityType(cveArray) {
@@ -122,3 +166,20 @@ function getNumOfAndSeverityType(cveArray) {
         .trim();
 }
 exports.getNumOfAndSeverityType = getNumOfAndSeverityType;
+const buildFooter = (reportModelStructure) => {
+    const { critical, high, medium, low, note } = (0, reportUtils_1.countVulnerableLibrariesBySeverity)(reportModelStructure);
+    const criticalMessage = chalk_1.default
+        .hex(constants_1.CRITICAL_COLOUR)
+        .bold(`${critical} Critical`);
+    const highMessage = chalk_1.default.hex(constants_1.HIGH_COLOUR).bold(`${high} High`);
+    const mediumMessage = chalk_1.default.hex(constants_1.MEDIUM_COLOUR).bold(`${medium} Medium`);
+    const lowMessage = chalk_1.default.hex(constants_1.LOW_COLOUR).bold(`${low} Low`);
+    const noteMessage = chalk_1.default.hex(constants_1.NOTE_COLOUR).bold(`${note} Note`);
+    return {
+        criticalMessage,
+        highMessage,
+        mediumMessage,
+        lowMessage,
+        noteMessage
+    };
+};

package/dist/audit/languageAnalysisEngine/report/models/reportListModel.js CHANGED Viewed

@@ -15,10 +15,11 @@ class ReportModelStructure {
 }
 exports.ReportModelStructure = ReportModelStructure;
 class ReportCompositeKey {
-    constructor(libraryName, libraryVersion, highestSeverity) {
+    constructor(libraryName, libraryVersion, highestSeverity, numberOfSeverities) {
         this.libraryName = libraryName;
         this.libraryVersion = libraryVersion;
         this.highestSeverity = highestSeverity;
+        this.numberOfSeverities = numberOfSeverities;
     }
 }
 exports.ReportCompositeKey = ReportCompositeKey;

package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js CHANGED Viewed

@@ -16,9 +16,10 @@ class ReportOutputHeaderModel {
 }
 exports.ReportOutputHeaderModel = ReportOutputHeaderModel;
 class ReportOutputBodyModel {
-    constructor(bodyIssueMessage, bodyAdviceMessage) {
-        this.issueMessage = bodyIssueMessage;
-        this.adviceMessage = bodyAdviceMessage;
+    constructor(issueMessage, issueMessageCves, adviceMessage) {
+        this.issueMessage = issueMessage;
+        this.issueMessageCves = issueMessageCves;
+        this.adviceMessage = adviceMessage;
     }
 }
 exports.ReportOutputBodyModel = ReportOutputBodyModel;

package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js CHANGED Viewed

@@ -9,5 +9,8 @@ class SeverityCountModel {
         this.low = 0;
         this.note = 0;
     }
+    get getTotal() {
+        return this.critical + this.high + this.medium + this.low + this.note;
+    }
 }
 exports.SeverityCountModel = SeverityCountModel;

package/dist/audit/languageAnalysisEngine/report/reportingFeature.js CHANGED Viewed

@@ -1,28 +1,96 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.formatVulnerabilityOutput = exports.vulnerabilityReport = void 0;
+exports.vulnerabilityReportV2 = exports.formatVulnerabilityOutput = exports.convertJSDotNetPython = exports.convertKeysToStandardFormat = void 0;
 const commonReportingFunctions_1 = require("./commonReportingFunctions");
 const reportUtils_1 = require("./utils/reportUtils");
-async function vulnerabilityReport(analysis, applicationId, reportId) {
-    const reportResponse = await (0, commonReportingFunctions_1.getReport)(analysis.config, reportId);
-    if (reportResponse !== undefined) {
-        const id = applicationId;
-        const name = analysis.config.applicationName;
-        formatVulnerabilityOutput(reportResponse.vulnerabilities, id, name, analysis.config);
+const i18n_1 = __importDefault(require("i18n"));
+const chalk_1 = __importDefault(require("chalk"));
+const constants = __importStar(require("../../../constants/constants"));
+function convertKeysToStandardFormat(config, guidance) {
+    let convertedGuidance = guidance;
+    switch (config.language) {
+        case constants.supportedLanguages.JAVA:
+        case constants.supportedLanguages.GO:
+        case constants.supportedLanguages.PHP:
+            break;
+        case constants.supportedLanguages.NODE:
+        case constants.supportedLanguages.DOTNET:
+        case constants.supportedLanguages.PYTHON:
+        case constants.supportedLanguages.RUBY:
+            convertedGuidance = convertJSDotNetPython(guidance);
+            break;
     }
+    return convertedGuidance;
 }
-exports.vulnerabilityReport = vulnerabilityReport;
-function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, name, config) {
-    const vulnerableLibraries = (0, reportUtils_1.convertGenericToTypedLibraries)(libraryVulnerabilityResponse);
+exports.convertKeysToStandardFormat = convertKeysToStandardFormat;
+function convertJSDotNetPython(guidance) {
+    const returnObject = {};
+    Object.entries(guidance).forEach(([key, value]) => {
+        const splitKey = key.split('/');
+        if (splitKey.length === 2) {
+            returnObject[splitKey[1]] = value;
+        }
+    });
+    return returnObject;
+}
+exports.convertJSDotNetPython = convertJSDotNetPython;
+function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, config, remediationGuidance) {
+    const vulnerableLibraries = (0, reportUtils_1.convertGenericToTypedLibraryVulns)(libraryVulnerabilityResponse);
+    const guidance = convertKeysToStandardFormat(config, remediationGuidance);
     const numberOfVulnerableLibraries = vulnerableLibraries.length;
-    let numberOfCves = 0;
-    vulnerableLibraries.forEach(lib => (numberOfCves += lib.cveArray.length));
-    (0, commonReportingFunctions_1.createLibraryHeader)(id, numberOfVulnerableLibraries, numberOfCves);
-    const hasSomeVulnerabilitiesReported = (0, commonReportingFunctions_1.printVulnerabilityResponse)(vulnerableLibraries, config);
-    return [
-        hasSomeVulnerabilitiesReported,
-        numberOfCves,
-        (0, reportUtils_1.severityCountAllLibraries)(vulnerableLibraries)
-    ];
+    if (numberOfVulnerableLibraries === 0) {
+        console.log(i18n_1.default.__('scanNoVulnerabilitiesFound'));
+        console.log(i18n_1.default.__('scanNoVulnerabilitiesFoundSecureCode'));
+        console.log(i18n_1.default.__('scanNoVulnerabilitiesFoundGoodWork'));
+        console.log(chalk_1.default.bold(`Found ${numberOfVulnerableLibraries} vulnerabilities`));
+        console.log(i18n_1.default.__('foundDetailedVulnerabilities', String(0), String(0), String(0), String(0), String(0)));
+    }
+    else {
+        let numberOfCves = 0;
+        vulnerableLibraries.forEach(lib => (numberOfCves += lib.cveArray.length));
+        const hasSomeVulnerabilitiesReported = (0, commonReportingFunctions_1.printVulnerabilityResponse)(config, vulnerableLibraries, numberOfVulnerableLibraries, numberOfCves, guidance);
+        return [
+            hasSomeVulnerabilitiesReported,
+            numberOfCves,
+            (0, reportUtils_1.severityCountAllLibraries)(vulnerableLibraries)
+        ];
+    }
 }
 exports.formatVulnerabilityOutput = formatVulnerabilityOutput;
+async function vulnerabilityReportV2(config, reportId) {
+    console.log();
+    const reportResponse = await (0, commonReportingFunctions_1.getReport)(config, reportId);
+    if (reportResponse !== undefined) {
+        const name = config.applicationName;
+        formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config, reportResponse.remediationGuidance
+            ? reportResponse.remediationGuidance
+            : {});
+    }
+}
+exports.vulnerabilityReportV2 = vulnerabilityReportV2;

package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js CHANGED Viewed

@@ -3,10 +3,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraries = exports.findCVESeverity = exports.findCVESeveritiesAndOrderByHighestPriority = exports.findHighestSeverityCVE = void 0;
+exports.countVulnerableLibrariesBySeverity = exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraryVulns = exports.findCVESeverity = exports.findCVESeveritiesAndOrderByHighestPriority = exports.findHighestSeverityCVE = void 0;
 const reportLibraryModel_1 = require("../models/reportLibraryModel");
 const reportSeverityModel_1 = require("../models/reportSeverityModel");
-const constants_1 = __importDefault(require("../../../languageAnalysisEngine/constants"));
+const constants_1 = __importDefault(require("./../../../../constants/constants"));
 const constants_2 = require("../../../../constants/constants");
 const lodash_1 = require("lodash");
 const severityCountModel_1 = require("../models/severityCountModel");
@@ -40,12 +40,12 @@ function findCVESeverity(cve) {
     }
 }
 exports.findCVESeverity = findCVESeverity;
-function convertGenericToTypedLibraries(libraries) {
+function convertGenericToTypedLibraryVulns(libraries) {
     return Object.entries(libraries).map(([name, cveArray]) => {
         return new reportLibraryModel_1.ReportLibraryModel(name, cveArray);
     });
 }
-exports.convertGenericToTypedLibraries = convertGenericToTypedLibraries;
+exports.convertGenericToTypedLibraryVulns = convertGenericToTypedLibraryVulns;
 function severityCountAllLibraries(vulnerableLibraries) {
     const severityCount = new severityCountModel_1.SeverityCountModel();
     vulnerableLibraries.forEach(lib => severityCountAllCVEs(lib.cveArray, severityCount));
@@ -86,11 +86,44 @@ function findNameAndVersion(library, config) {
         return { name, version };
     }
     else {
-        const splitLibraryName = library.name.split('/');
-        const nameVersion = splitLibraryName[1].split('@');
-        const name = nameVersion[0];
+        const uniqueSplitLibraryName = [...new Set(library.name.split('/'))];
+        const nameVersion = uniqueSplitLibraryName[1].split('@');
+        let parentLibrary;
+        let name;
+        if (uniqueSplitLibraryName[0] !== 'null' &&
+            uniqueSplitLibraryName[0] !== '' &&
+            !uniqueSplitLibraryName[1].includes(uniqueSplitLibraryName[0])) {
+            parentLibrary = uniqueSplitLibraryName[0];
+            name = `${parentLibrary}/${nameVersion[0]}`;
+        }
+        else {
+            name = nameVersion[0];
+        }
         const version = nameVersion[1];
         return { name, version };
     }
 }
 exports.findNameAndVersion = findNameAndVersion;
+function countVulnerableLibrariesBySeverity(reportModelStructure) {
+    const severityCount = new severityCountModel_1.SeverityCountModel();
+    reportModelStructure.forEach(vuln => {
+        const currentSeverity = vuln.compositeKey.highestSeverity.severity;
+        if (currentSeverity === 'CRITICAL') {
+            severityCount.critical += 1;
+        }
+        else if (currentSeverity === 'HIGH') {
+            severityCount.high += 1;
+        }
+        else if (currentSeverity === 'MEDIUM') {
+            severityCount.medium += 1;
+        }
+        else if (currentSeverity === 'LOW') {
+            severityCount.low += 1;
+        }
+        else if (currentSeverity === 'NOTE') {
+            severityCount.note += 1;
+        }
+    });
+    return severityCount;
+}
+exports.countVulnerableLibrariesBySeverity = countVulnerableLibrariesBySeverity;

package/dist/audit/languageAnalysisEngine/sendSnapshot.js CHANGED Viewed

@@ -1,6 +1,4 @@
 "use strict";
-const { handleResponseErrors } = require('../../common/errorHandling');
-const { APP_VERSION } = require('../../constants/constants');
 const commonApi = require('../../utils/commonApi');
 const _ = require('lodash');
 const oraFunctions = require('../../utils/oraWrapper');
@@ -8,28 +6,6 @@ const i18n = require('i18n');
 const oraWrapper = require('../../utils/oraWrapper');
 const requestUtils = require('../../utils/requestUtils');
 const { performance } = require('perf_hooks');
-const newSendSnapShot = async (analysis) => {
-    const analysisLanguage = analysis.config.language.toLowerCase();
-    const requestBody = {
-        appID: analysis.config.applicationId,
-        cliVersion: APP_VERSION,
-        snapshot: { [analysisLanguage]: analysis[analysisLanguage] }
-    };
-    const client = commonApi.getHttpClient(analysis.config);
-    return client
-        .sendSnapshot(requestBody, analysis.config)
-        .then(res => {
-        if (res.statusCode === 201) {
-            return res.body;
-        }
-        else {
-            handleResponseErrors(res, 'snapshot');
-        }
-    })
-        .catch(err => {
-        console.log(err);
-    });
-};
 const pollSnapshotResults = async (config, snapshotId, client) => {
     await requestUtils.sleep(5000);
     return client
@@ -47,9 +23,9 @@ const getTimeout = config => {
     }
     else {
         if (config.verbose) {
-            console.log('Timeout set to 2 minutes');
+            console.log('Timeout set to 5 minutes');
         }
-        return 120;
+        return 300;
     }
 };
 const pollForSnapshotCompletition = async (config, snapshotId, reportSpinner) => {
@@ -78,14 +54,14 @@ const pollForSnapshotCompletition = async (config, snapshotId, reportSpinner) =>
             }
             const endTime = performance.now() - startTime;
             if (requestUtils.millisToSeconds(endTime) > timeout) {
-                oraFunctions.failSpinner(reportSpinner, 'Contrast audit timed out at the specified ' + timeout + ' seconds.');
-                console.log('Please try again, allowing more time.');
-                process.exit(1);
+                oraFunctions.failSpinner(reportSpinner, 'Contrast audit timed out at the specified timeout of ' +
+                    timeout +
+                    ' seconds.');
+                throw new Error('You can update the timeout using --timeout');
             }
         }
     }
 };
 module.exports = {
-    newSendSnapShot: newSendSnapShot,
     pollForSnapshotCompletition: pollForSnapshotCompletition
 };