@contrast/contrast 1.0.7 → 1.0.10

package/dist/audit/save.js

@@ -0,0 +1,37 @@
+"use strict";
+const fs = require('fs');
+const i18n = require('i18n');
+const chalk = require('chalk');
+const save = require('../commands/audit/saveFile');
+const sbom = require('../sbom/generateSbom');
+const { SBOM_CYCLONE_DX_FILE, SBOM_SPDX_FILE } = require('../constants/constants');
+async function auditSave(config) {
+    let fileFormat;
+    switch (config.save) {
+        case null:
+        case SBOM_CYCLONE_DX_FILE:
+            fileFormat = SBOM_CYCLONE_DX_FILE;
+            break;
+        case SBOM_SPDX_FILE:
+            fileFormat = SBOM_SPDX_FILE;
+            break;
+        default:
+            break;
+    }
+    if (fileFormat) {
+        save.saveFile(config, fileFormat, await sbom.generateSbom(config, fileFormat));
+        const filename = `${config.applicationId}-sbom-${fileFormat}.json`;
+        if (fs.existsSync(filename)) {
+            console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`);
+        }
+        else {
+            console.log(chalk.yellow.bold(`\n Unable to save ${filename} Software Bill of Materials (SBOM)`));
+        }
+    }
+    else {
+        console.log(i18n.__('auditBadFiletypeSpecifiedForSave'));
+    }
+}
+module.exports = {
+    auditSave
+};

package/dist/commands/audit/auditConfig.js

@@ -7,25 +7,9 @@ exports.getAuditConfig = void 0;
 const paramHandler_1 = __importDefault(require("../../utils/paramsUtil/paramHandler"));
 const constants_1 = __importDefault(require("../../constants"));
 const parsedCLIOptions_1 = __importDefault(require("../../utils/parsedCLIOptions"));
-const constants_2 = __importDefault(require("../../audit/languageAnalysisEngine/constants"));
-const autoDetectLanguage_1 = require("../../audit/autodetection/autoDetectLanguage");
-const { supportedLanguages: { NODE, JAVASCRIPT } } = constants_2.default;
 const getAuditConfig = (argv) => {
     const auditParameters = parsedCLIOptions_1.default.getCommandLineArgsCustom(argv, constants_1.default.commandLineDefinitions.auditOptionDefinitions);
     const paramsAuth = paramHandler_1.default.getAuth(auditParameters);
-    if (auditParameters.language === undefined ||
-        auditParameters.language === null) {
-        try {
-            auditParameters.language = (0, autoDetectLanguage_1.determineProjectLanguage)((0, autoDetectLanguage_1.identifyLanguages)(auditParameters));
-        }
-        catch (err) {
-            console.log(err.message);
-            process.exit(1);
-        }
-    }
-    else if (auditParameters.language.toUpperCase() === JAVASCRIPT) {
-        auditParameters.language = NODE.toLowerCase();
-    }
     return { ...paramsAuth, ...auditParameters };
 };
 exports.getAuditConfig = getAuditConfig;

package/dist/commands/audit/auditController.js

@@ -3,12 +3,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.startAudit = exports.dealWithNoAppId = void 0;
+exports.getAppName = exports.dealWithNoAppId = void 0;
 const catalogueApplication_1 = require("../../audit/catalogueApplication/catalogueApplication");
 const commonApi_1 = __importDefault(require("../../audit/languageAnalysisEngine/commonApi"));
-const identifyLanguageAE = require('./../../audit/languageAnalysisEngine');
-const languageFactory = require('../../audit/languageAnalysisEngine/languageAnalysisFactory');
-const { v4: uuidv4 } = require('uuid');
 const dealWithNoAppId = async (config) => {
     let appID;
     try {
@@ -17,8 +14,11 @@ const dealWithNoAppId = async (config) => {
             return await (0, catalogueApplication_1.catalogueApplication)(config);
         }
         if (!appID && !config.applicationName) {
-            config.applicationName = uuidv4();
-            return await (0, catalogueApplication_1.catalogueApplication)(config);
+            config.applicationName = (0, exports.getAppName)(config.file);
+            appID = await commonApi_1.default.returnAppId(config);
+            if (!appID) {
+                return await (0, catalogueApplication_1.catalogueApplication)(config);
+            }
         }
     }
     catch (e) {
@@ -31,10 +31,17 @@ const dealWithNoAppId = async (config) => {
     return appID;
 };
 exports.dealWithNoAppId = dealWithNoAppId;
-const startAudit = async (config) => {
-    if (!config.applicationId) {
-        config.applicationId = await (0, exports.dealWithNoAppId)(config);
+const getAppName = (file) => {
+    const last = file.charAt(file.length - 1);
+    if (last !== '/') {
+        return file.split('/').pop();
+    }
+    else {
+        const str = removeLastChar(file);
+        return str.split('/').pop();
     }
-    identifyLanguageAE(config.projectPath, languageFactory, config.applicationId, config);
 };
-exports.startAudit = startAudit;
+exports.getAppName = getAppName;
+const removeLastChar = (str) => {
+    return str.substring(0, str.length - 1);
+};

package/dist/commands/audit/help.js

@@ -18,35 +18,41 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
             '{bold ' +
                 i18n_1.default.__('constantsAuditPrerequisitesContentSupportedLanguages') +
                 '}',
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentJava') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentMessage'),
-            '',
-            '{italic ' + i18n_1.default.__('constantsJavaNote') + '}',
-            '{italic ' + i18n_1.default.__('constantsJavaNoteGradle') + '}',
-            '',
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentDotNet') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentDotNetMessage'),
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageNode') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageNodeMessage'),
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageRuby') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageRubyMessage'),
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguagePython') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguagePythonMessage')
+            i18n_1.default.__('constantsAuditPrerequisitesJavaContentMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentDotNetMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentNodeMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentRubyMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentPythonMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentGoMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentPHPMessage')
         ]
     },
     {
         header: i18n_1.default.__('constantsAuditOptions'),
-        optionList: constants_1.default.commandLineDefinitions.auditOptionDefinitions
+        optionList: constants_1.default.commandLineDefinitions.auditOptionDefinitions,
+        hide: [
+            'application-id',
+            'application-name',
+            'organization-id',
+            'api-key',
+            'authorization',
+            'host',
+            'proxy',
+            'help',
+            'ff',
+            'ignore-cert-errors',
+            'verbose',
+            'debug',
+            'experimental',
+            'tags',
+            'sub-project',
+            'code',
+            'maven-settings-path',
+            'language',
+            'experimental',
+            'app-groups',
+            'metadata'
+        ]
     }
 ]);
 exports.auditUsageGuide = auditUsageGuide;

package/dist/commands/audit/processAudit.js

@@ -1,16 +1,16 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.processAudit = void 0;
-const auditController_1 = require("./auditController");
 const auditConfig_1 = require("./auditConfig");
 const help_1 = require("./help");
+const scaAnalysis_1 = require("../scan/sca/scaAnalysis");
 const processAudit = async (argv) => {
     if (argv.indexOf('--help') != -1) {
         printHelpMessage();
         process.exit(0);
     }
     const config = (0, auditConfig_1.getAuditConfig)(argv);
-    const auditResults = await (0, auditController_1.startAudit)(config);
+    await (0, scaAnalysis_1.processSca)(config);
 };
 exports.processAudit = processAudit;
 const printHelpMessage = () => {

package/dist/commands/audit/saveFile.js

@@ -3,9 +3,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.saveFile = void 0;
 const fs_1 = __importDefault(require("fs"));
-function saveFile(config, rawResults) {
-    const fileName = `${config.applicationId}-sbom-cyclonedx.json`;
+const saveFile = (config, type, rawResults) => {
+    const fileName = `${config.applicationId}-sbom-${type}.json`;
     fs_1.default.writeFileSync(fileName, JSON.stringify(rawResults));
-}
-exports.default = saveFile;
+};
+exports.saveFile = saveFile;
+module.exports = {
+    saveFile: exports.saveFile
+};

package/dist/commands/scan/sca/scaAnalysis.js

@@ -2,20 +2,33 @@
 const autoDetection = require('../../../scan/autoDetection');
 const javaAnalysis = require('../../../scaAnalysis/java');
 const treeUpload = require('../../../scaAnalysis/common/treeUpload');
-const { manualDetectAuditFilesAndLanguages } = require('../../../scan/autoDetection');
 const auditController = require('../../audit/auditController');
-const { supportedLanguages: { JAVA, GO, RUBY, PYTHON } } = require('../../../audit/languageAnalysisEngine/constants');
+const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET } } = require('../../../constants/constants');
 const goAnalysis = require('../../../scaAnalysis/go/goAnalysis');
+const phpAnalysis = require('../../../scaAnalysis/php/index');
 const { rubyAnalysis } = require('../../../scaAnalysis/ruby');
 const { pythonAnalysis } = require('../../../scaAnalysis/python');
+const javascriptAnalysis = require('../../../scaAnalysis/javascript');
+const { pollForSnapshotCompletition } = require('../../../audit/languageAnalysisEngine/sendSnapshot');
+const { returnOra, startSpinner, succeedSpinner } = require('../../../utils/oraWrapper');
+const i18n = require('i18n');
+const { vulnerabilityReportV2 } = require('../../../audit/languageAnalysisEngine/report/reportingFeature');
+const auditSave = require('../../../audit/save');
+const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet');
+const rootFile = require('../../../audit/languageAnalysisEngine/getProjectRootFilenames');
+const path = require('path');
 const processSca = async (config) => {
+    const startTime = performance.now();
     let filesFound;
-    if (config.projectPath) {
-        filesFound = manualDetectAuditFilesAndLanguages(config.projectPath);
-    }
-    else {
-        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config);
-        config.projectPath = process.cwd();
+    const projectStats = await rootFile.getProjectStats(config.file);
+    let pathWithFile = projectStats.isFile();
+    let fileName = config.file;
+    config.file = pathWithFile
+        ? rootFile.getDirectoryFromPathGiven(config.file).concat('/')
+        : config.file;
+    filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
+    if (filesFound.length > 1 && pathWithFile) {
+        filesFound = filesFound.filter(i => Object.values(i)[0].includes(path.basename(fileName)));
     }
     let messageToSend = undefined;
     if (filesFound.length === 1) {
@@ -24,34 +37,59 @@ const processSca = async (config) => {
                 messageToSend = javaAnalysis.javaAnalysis(config, filesFound[0]);
                 config.language = JAVA;
                 break;
-            case RUBY:
-                messageToSend = rubyAnalysis(config, filesFound[0]);
-                config.language = RUBY;
+            case JAVASCRIPT:
+                messageToSend = await javascriptAnalysis.jsAnalysis(config, filesFound[0]);
+                config.language = NODE;
                 break;
             case PYTHON:
                 messageToSend = pythonAnalysis(config, filesFound[0]);
                 config.language = PYTHON;
                 break;
+            case RUBY:
+                messageToSend = rubyAnalysis(config, filesFound[0]);
+                config.language = RUBY;
+                break;
+            case 'PHP':
+                messageToSend = phpAnalysis.phpAnalysis(config, filesFound[0]);
+                config.language = PHP;
+                break;
             case GO:
                 messageToSend = goAnalysis.goAnalysis(config, filesFound[0]);
                 config.language = GO;
                 break;
+            case DOTNET:
+                messageToSend = dotNetAnalysis(config, filesFound[0]);
+                config.language = DOTNET;
+                break;
             default:
-                console.log('language detected not supported');
+                console.log('No supported language detected in project path');
                 return;
         }
         if (!config.applicationId) {
             config.applicationId = await auditController.dealWithNoAppId(config);
         }
-        console.log('processing dependencies');
-        const response = await treeUpload.commonSendSnapShot(messageToSend, config);
+        console.log('');
+        const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
+        startSpinner(reportSpinner);
+        const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
+        await pollForSnapshotCompletition(config, snapshotResponse.id, reportSpinner);
+        succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
+        await vulnerabilityReportV2(config, snapshotResponse.id);
+        if (config.save !== undefined) {
+            await auditSave.auditSave(config);
+        }
+        const endTime = performance.now() - startTime;
+        const scanDurationMs = endTime - startTime;
+        console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
     }
     else {
         if (filesFound.length === 0) {
-            console.log('no compatible dependency files detected. Continuing...');
+            console.log(i18n.__('languageAnalysisNoLanguage'));
+            console.log(i18n.__('languageAnalysisNoLanguageHelpLine'));
+            throw new Error();
         }
         else {
-            console.log('multiple language files detected, please use --project-path to specify a directory or the file where dependencies are declared');
+            throw new Error('multiple language files detected, please use --file to specify a directory or the file where dependencies are declared');
         }
     }
 };

package/dist/common/HTTPClient.js

@@ -242,9 +242,15 @@ HTTPClient.prototype.checkLibrary = function checkLibrary(data) {
     options.body = data;
     return requestUtils.sendRequest({ method: 'post', options });
 };
-HTTPClient.prototype.getSbom = function getSbom(config) {
+HTTPClient.prototype.getSbom = function getSbom(config, type) {
     const options = _.cloneDeep(this.requestOptions);
-    options.url = createSbomCycloneDXUrl(config);
+    options.url = createSbomUrl(config, type);
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.getLatestVersion = function getLatestVersion() {
+    const options = _.cloneDeep(this.requestOptions);
+    options.url =
+        'https://pkg.contrastsecurity.com/artifactory/cli/latest-version.txt';
     return requestUtils.sendRequest({ method: 'get', options });
 };
 HTTPClient.prototype.postAnalyticsFunction = function (config, provider, body) {
@@ -298,11 +304,11 @@ const createAppNameUrl = config => {
 function createLibraryVulnerabilitiesUrl(config) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`;
 }
-function createSpecificReportUrl(config, reportId) {
-    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}`;
+function createSpecificReportUrl(config, reportId, includeTree = false) {
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}?&includeTree=${includeTree}`;
 }
-function createSpecificReportWithProdUrl(config, reportId) {
-    return createSpecificReportUrl(config, reportId).concat(`?nodesToInclude=PROD`);
+function createSpecificReportWithProdUrl(config, reportId, includeTree) {
+    return createSpecificReportUrl(config, reportId, includeTree).concat(`&nodesToInclude=PROD`);
 }
 function createSpecificReportStatusURL(config, reportId) {
     return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots/${reportId}/status`;
@@ -310,8 +316,8 @@ function createSpecificReportStatusURL(config, reportId) {
 function createDataUrl() {
     return `https://ardy.contrastsecurity.com/production`;
 }
-function createSbomCycloneDXUrl(config) {
-    return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/cyclonedx`;
+function createSbomUrl(config, type) {
+    return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/${type}`;
 }
 module.exports = HTTPClient;
 module.exports.pollForAuthUrl = pollForAuthUrl;

package/dist/common/errorHandling.js

@@ -48,8 +48,8 @@ const reportFailureError = () => {
 };
 exports.reportFailureError = reportFailureError;
 const genericError = (missingCliOption) => {
-    console.log(`*************************** ${i18n_1.default.__('yamlMissingParametersHeader')} ***************************\n${missingCliOption}`);
-    console.error(i18n_1.default.__('yamlMissingParametersMessage'));
+    console.log(missingCliOption);
+    console.error(i18n_1.default.__('genericErrorMessage'));
     process.exit(1);
 };
 exports.genericError = genericError;

package/dist/common/versionChecker.js

@@ -4,14 +4,29 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.isCorrectNodeVersion = exports.findLatestCLIVersion = void 0;
-const latest_version_1 = __importDefault(require("latest-version"));
 const constants_1 = require("../constants/constants");
 const boxen_1 = __importDefault(require("boxen"));
 const chalk_1 = __importDefault(require("chalk"));
 const semver_1 = __importDefault(require("semver"));
-async function findLatestCLIVersion(updateMessageHidden) {
-    if (!updateMessageHidden) {
-        const latestCLIVersion = await (0, latest_version_1.default)('@contrast/contrast');
+const commonApi_1 = __importDefault(require("../utils/commonApi"));
+const http2_1 = require("http2");
+const getLatestVersion = async (config) => {
+    const client = commonApi_1.default.getHttpClient(config);
+    try {
+        const res = await client.getLatestVersion();
+        if (res.statusCode === http2_1.constants.HTTP_STATUS_OK) {
+            return res.body;
+        }
+    }
+    catch (e) {
+        return;
+    }
+};
+async function findLatestCLIVersion(config) {
+    const messageHidden = config.get('updateMessageHidden');
+    if (!messageHidden) {
+        let latestCLIVersion = await getLatestVersion(config);
+        latestCLIVersion = latestCLIVersion.substring(8);
         if (semver_1.default.lt(constants_1.APP_VERSION, latestCLIVersion)) {
             const updateAvailableMessage = `Update available ${chalk_1.default.yellow(constants_1.APP_VERSION)} → ${chalk_1.default.green(latestCLIVersion)}`;
             const npmUpdateAvailableCommand = `Run ${chalk_1.default.cyan('npm i @contrast/contrast -g')} to update via npm`;

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.7';
+const APP_VERSION = '1.0.10';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';
@@ -27,9 +27,12 @@ const NOTE_PRIORITY = 5;
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com';
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com';
 const SARIF_FILE = 'SARIF';
+const SBOM_CYCLONE_DX_FILE = 'cyclonedx';
+const SBOM_SPDX_FILE = 'spdx';
 const CE_URL = 'https://ce.contrastsecurity.com/';
 module.exports = {
     supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
+    supportedLanguagesScan: { JAVASCRIPT, DOTNET, JAVA },
     LOW,
     MEDIUM,
     HIGH,
@@ -50,5 +53,7 @@ module.exports = {
     HIGH_PRIORITY,
     MEDIUM_PRIORITY,
     LOW_PRIORITY,
-    NOTE_PRIORITY
+    NOTE_PRIORITY,
+    SBOM_CYCLONE_DX_FILE,
+    SBOM_SPDX_FILE
 };