@contrast/contrast 1.0.8 → 1.0.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js +16 -25
- package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +103 -57
- package/dist/audit/languageAnalysisEngine/report/models/reportGuidanceModel.js +6 -0
- package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js +3 -3
- package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js +1 -0
- package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +68 -17
- package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js +39 -7
- package/dist/audit/languageAnalysisEngine/sendSnapshot.js +6 -30
- package/dist/audit/save.js +21 -13
- package/dist/commands/audit/auditConfig.js +3 -19
- package/dist/commands/audit/auditController.js +1 -10
- package/dist/commands/audit/help.js +7 -24
- package/dist/commands/audit/processAudit.js +5 -9
- package/dist/commands/audit/saveFile.js +2 -2
- package/dist/commands/auth/auth.js +1 -1
- package/dist/commands/config/config.js +2 -2
- package/dist/commands/scan/processScan.js +11 -4
- package/dist/commands/scan/sca/scaAnalysis.js +37 -13
- package/dist/common/HTTPClient.js +17 -8
- package/dist/common/errorHandling.js +2 -2
- package/dist/common/fail.js +66 -0
- package/dist/common/versionChecker.js +1 -1
- package/dist/constants/constants.js +7 -2
- package/dist/constants/locales.js +40 -38
- package/dist/constants.js +62 -12
- package/dist/index.js +57 -45
- package/dist/lambda/lambda.js +5 -2
- package/dist/sbom/generateSbom.js +2 -2
- package/dist/scaAnalysis/common/formatMessage.js +7 -1
- package/dist/scaAnalysis/common/scaParserForGoAndJava.js +32 -0
- package/dist/scaAnalysis/common/treeUpload.js +24 -10
- package/dist/scaAnalysis/dotnet/analysis.js +55 -0
- package/dist/scaAnalysis/dotnet/index.js +10 -0
- package/dist/scaAnalysis/go/goAnalysis.js +8 -2
- package/dist/scaAnalysis/java/analysis.js +10 -6
- package/dist/scaAnalysis/java/index.js +7 -1
- package/dist/scaAnalysis/java/javaBuildDepsParser.js +19 -3
- package/dist/scaAnalysis/javascript/analysis.js +4 -7
- package/dist/scaAnalysis/javascript/index.js +16 -4
- package/dist/scaAnalysis/php/analysis.js +14 -33
- package/dist/scaAnalysis/php/index.js +11 -4
- package/dist/scaAnalysis/python/analysis.js +43 -5
- package/dist/scaAnalysis/python/index.js +7 -2
- package/dist/scaAnalysis/ruby/analysis.js +16 -14
- package/dist/scan/autoDetection.js +13 -24
- package/dist/scan/fileUtils.js +31 -12
- package/dist/scan/formatScanOutput.js +9 -8
- package/dist/scan/populateProjectIdAndProjectName.js +5 -0
- package/dist/scan/scan.js +4 -0
- package/dist/scan/scanConfig.js +5 -5
- package/dist/scan/scanResults.js +39 -3
- package/dist/telemetry/telemetry.js +137 -0
- package/dist/utils/commonApi.js +1 -1
- package/dist/utils/getConfig.js +3 -8
- package/dist/utils/parsedCLIOptions.js +3 -1
- package/dist/utils/requestUtils.js +7 -1
- package/package.json +2 -3
- package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js +21 -57
- package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts +155 -77
- package/src/audit/languageAnalysisEngine/report/models/reportGuidanceModel.ts +5 -0
- package/src/audit/languageAnalysisEngine/report/models/reportOutputModel.ts +5 -5
- package/src/audit/languageAnalysisEngine/report/models/severityCountModel.ts +2 -0
- package/src/audit/languageAnalysisEngine/report/reportingFeature.ts +56 -27
- package/src/audit/languageAnalysisEngine/report/utils/reportUtils.ts +45 -6
- package/src/audit/languageAnalysisEngine/sendSnapshot.js +6 -32
- package/src/audit/save.js +32 -16
- package/src/commands/audit/auditConfig.ts +10 -28
- package/src/commands/audit/auditController.ts +0 -11
- package/src/commands/audit/help.ts +7 -24
- package/src/commands/audit/processAudit.ts +16 -8
- package/src/commands/audit/saveFile.ts +2 -2
- package/src/commands/auth/auth.js +3 -1
- package/src/commands/config/config.js +4 -2
- package/src/commands/scan/processScan.js +18 -5
- package/src/commands/scan/sca/scaAnalysis.js +50 -18
- package/src/common/HTTPClient.js +23 -9
- package/src/common/errorHandling.ts +2 -3
- package/src/common/fail.js +75 -0
- package/src/common/versionChecker.ts +1 -1
- package/src/constants/constants.js +9 -3
- package/src/constants/locales.js +70 -45
- package/src/constants.js +67 -13
- package/src/index.ts +91 -66
- package/src/lambda/lambda.ts +5 -2
- package/src/lambda/types.ts +1 -0
- package/src/sbom/generateSbom.ts +2 -2
- package/src/scaAnalysis/common/formatMessage.js +8 -1
- package/src/scaAnalysis/common/scaParserForGoAndJava.js +41 -0
- package/src/scaAnalysis/common/treeUpload.js +25 -11
- package/src/scaAnalysis/dotnet/analysis.js +72 -0
- package/src/scaAnalysis/dotnet/index.js +11 -0
- package/src/scaAnalysis/go/goAnalysis.js +9 -2
- package/src/scaAnalysis/java/analysis.js +11 -6
- package/src/scaAnalysis/java/index.js +9 -1
- package/src/scaAnalysis/java/javaBuildDepsParser.js +25 -6
- package/src/scaAnalysis/javascript/analysis.js +6 -7
- package/src/scaAnalysis/javascript/index.js +25 -6
- package/src/scaAnalysis/php/analysis.js +15 -35
- package/src/scaAnalysis/php/index.js +15 -4
- package/src/scaAnalysis/python/analysis.js +49 -5
- package/src/scaAnalysis/python/index.js +7 -2
- package/src/scaAnalysis/ruby/analysis.js +18 -15
- package/src/scan/autoDetection.js +14 -27
- package/src/scan/fileUtils.js +33 -12
- package/src/scan/formatScanOutput.ts +10 -8
- package/src/scan/populateProjectIdAndProjectName.js +5 -1
- package/src/scan/scan.ts +4 -0
- package/src/scan/scanConfig.js +7 -7
- package/src/scan/scanResults.js +46 -3
- package/src/telemetry/telemetry.ts +154 -0
- package/src/utils/commonApi.js +1 -1
- package/src/utils/getConfig.ts +5 -18
- package/src/utils/parsedCLIOptions.js +14 -1
- package/src/utils/requestUtils.js +8 -1
- package/dist/audit/AnalysisEngine.js +0 -37
- package/dist/audit/autodetection/autoDetectLanguage.js +0 -32
- package/dist/audit/dotnetAnalysisEngine/index.js +0 -25
- package/dist/audit/dotnetAnalysisEngine/parseLockFileContents.js +0 -35
- package/dist/audit/dotnetAnalysisEngine/parseProjectFileContents.js +0 -15
- package/dist/audit/dotnetAnalysisEngine/readLockFileContents.js +0 -18
- package/dist/audit/dotnetAnalysisEngine/readProjectFileContents.js +0 -14
- package/dist/audit/dotnetAnalysisEngine/sanitizer.js +0 -9
- package/dist/audit/goAnalysisEngine/index.js +0 -17
- package/dist/audit/goAnalysisEngine/parseProjectFileContents.js +0 -164
- package/dist/audit/goAnalysisEngine/readProjectFileContents.js +0 -21
- package/dist/audit/goAnalysisEngine/sanitizer.js +0 -5
- package/dist/audit/javaAnalysisEngine/index.js +0 -34
- package/dist/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +0 -155
- package/dist/audit/javaAnalysisEngine/parseProjectFileContents.js +0 -353
- package/dist/audit/javaAnalysisEngine/readProjectFileContents.js +0 -98
- package/dist/audit/javaAnalysisEngine/sanitizer.js +0 -5
- package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +0 -25
- package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +0 -25
- package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +0 -35
- package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +0 -24
- package/dist/audit/languageAnalysisEngine/constants.js +0 -20
- package/dist/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +0 -25
- package/dist/audit/languageAnalysisEngine/index.js +0 -39
- package/dist/audit/languageAnalysisEngine/languageAnalysisFactory.js +0 -66
- package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +0 -166
- package/dist/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +0 -40
- package/dist/audit/nodeAnalysisEngine/index.js +0 -31
- package/dist/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +0 -18
- package/dist/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +0 -18
- package/dist/audit/nodeAnalysisEngine/readNPMLockFileContents.js +0 -17
- package/dist/audit/nodeAnalysisEngine/readProjectFileContents.js +0 -14
- package/dist/audit/nodeAnalysisEngine/readYarnLockFileContents.js +0 -24
- package/dist/audit/nodeAnalysisEngine/sanitizer.js +0 -9
- package/dist/audit/phpAnalysisEngine/index.js +0 -23
- package/dist/audit/phpAnalysisEngine/parseLockFileContents.js +0 -52
- package/dist/audit/phpAnalysisEngine/readLockFileContents.js +0 -13
- package/dist/audit/phpAnalysisEngine/readProjectFileContents.js +0 -16
- package/dist/audit/phpAnalysisEngine/sanitizer.js +0 -5
- package/dist/audit/pythonAnalysisEngine/index.js +0 -25
- package/dist/audit/pythonAnalysisEngine/parsePipfileLockContents.js +0 -17
- package/dist/audit/pythonAnalysisEngine/parseProjectFileContents.js +0 -21
- package/dist/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +0 -13
- package/dist/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +0 -14
- package/dist/audit/pythonAnalysisEngine/sanitizer.js +0 -7
- package/dist/audit/rubyAnalysisEngine/index.js +0 -25
- package/dist/audit/rubyAnalysisEngine/parseGemfileLockContents.js +0 -176
- package/dist/audit/rubyAnalysisEngine/parsedGemfile.js +0 -22
- package/dist/audit/rubyAnalysisEngine/readGemfileContents.js +0 -14
- package/dist/audit/rubyAnalysisEngine/readGemfileLockContents.js +0 -14
- package/dist/audit/rubyAnalysisEngine/sanitizer.js +0 -6
- package/src/audit/AnalysisEngine.js +0 -103
- package/src/audit/autodetection/autoDetectLanguage.ts +0 -40
- package/src/audit/dotnetAnalysisEngine/index.js +0 -26
- package/src/audit/dotnetAnalysisEngine/parseLockFileContents.js +0 -47
- package/src/audit/dotnetAnalysisEngine/parseProjectFileContents.js +0 -29
- package/src/audit/dotnetAnalysisEngine/readLockFileContents.js +0 -30
- package/src/audit/dotnetAnalysisEngine/readProjectFileContents.js +0 -26
- package/src/audit/dotnetAnalysisEngine/sanitizer.js +0 -11
- package/src/audit/goAnalysisEngine/index.js +0 -18
- package/src/audit/goAnalysisEngine/parseProjectFileContents.js +0 -209
- package/src/audit/goAnalysisEngine/readProjectFileContents.js +0 -31
- package/src/audit/goAnalysisEngine/sanitizer.js +0 -7
- package/src/audit/javaAnalysisEngine/index.js +0 -41
- package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +0 -225
- package/src/audit/javaAnalysisEngine/parseProjectFileContents.js +0 -420
- package/src/audit/javaAnalysisEngine/readProjectFileContents.js +0 -141
- package/src/audit/javaAnalysisEngine/sanitizer.js +0 -6
- package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +0 -36
- package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +0 -42
- package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +0 -54
- package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +0 -33
- package/src/audit/languageAnalysisEngine/constants.js +0 -23
- package/src/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +0 -41
- package/src/audit/languageAnalysisEngine/index.js +0 -45
- package/src/audit/languageAnalysisEngine/languageAnalysisFactory.js +0 -96
- package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +0 -251
- package/src/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +0 -49
- package/src/audit/nodeAnalysisEngine/index.js +0 -35
- package/src/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +0 -20
- package/src/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +0 -26
- package/src/audit/nodeAnalysisEngine/readNPMLockFileContents.js +0 -23
- package/src/audit/nodeAnalysisEngine/readProjectFileContents.js +0 -27
- package/src/audit/nodeAnalysisEngine/readYarnLockFileContents.js +0 -36
- package/src/audit/nodeAnalysisEngine/sanitizer.js +0 -11
- package/src/audit/phpAnalysisEngine/index.js +0 -27
- package/src/audit/phpAnalysisEngine/parseLockFileContents.js +0 -60
- package/src/audit/phpAnalysisEngine/readLockFileContents.js +0 -14
- package/src/audit/phpAnalysisEngine/readProjectFileContents.js +0 -25
- package/src/audit/phpAnalysisEngine/sanitizer.js +0 -4
- package/src/audit/pythonAnalysisEngine/index.js +0 -55
- package/src/audit/pythonAnalysisEngine/parsePipfileLockContents.js +0 -23
- package/src/audit/pythonAnalysisEngine/parseProjectFileContents.js +0 -33
- package/src/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +0 -16
- package/src/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +0 -22
- package/src/audit/pythonAnalysisEngine/sanitizer.js +0 -9
- package/src/audit/rubyAnalysisEngine/index.js +0 -30
- package/src/audit/rubyAnalysisEngine/parseGemfileLockContents.js +0 -215
- package/src/audit/rubyAnalysisEngine/parsedGemfile.js +0 -39
- package/src/audit/rubyAnalysisEngine/readGemfileContents.js +0 -18
- package/src/audit/rubyAnalysisEngine/readGemfileLockContents.js +0 -17
- package/src/audit/rubyAnalysisEngine/sanitizer.js +0 -8
package/README.md
CHANGED
|
@@ -10,7 +10,7 @@ CodeSec delivers:
|
|
|
10
10
|
## Install
|
|
11
11
|
|
|
12
12
|
```shell
|
|
13
|
-
npm install
|
|
13
|
+
npm install --location=global @contrast/contrast
|
|
14
14
|
```
|
|
15
15
|
|
|
16
16
|
## Authenticate
|
|
@@ -52,7 +52,7 @@ export AWS_SECRET_ACCESS_KEY=<YOUR_SECRET_ACCESS_KEY>
|
|
|
52
52
|
|
|
53
53
|
- These permissions are required to gather all required information on an AWS Lambda to use the `contrast lambda` command:
|
|
54
54
|
|
|
55
|
-
- Lambda: [GetFunction](https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunction.html) | [GetLayerVersion](https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersion.html)
|
|
55
|
+
- Lambda: [GetFunction](https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunction.html) | [GetLayerVersion](https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersion.html) | [ListFunctions](https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctions.html)
|
|
56
56
|
- IAM: [GetRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html) | [GetPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html) | [GetPolicyVersion](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html) | [ListRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html) | [ListAttachedRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html)
|
|
57
57
|
|
|
58
58
|
### Start scanning
|
|
@@ -2,38 +2,29 @@
|
|
|
2
2
|
const fs = require('fs');
|
|
3
3
|
const path = require('path');
|
|
4
4
|
const i18n = require('i18n');
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
const getDirectoryFromPathGiven = file => {
|
|
6
|
+
let projectStats = getProjectStats(file);
|
|
7
|
+
if (projectStats.isFile()) {
|
|
8
|
+
let newPath = path.resolve(file);
|
|
9
|
+
return path.dirname(newPath);
|
|
9
10
|
}
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
return;
|
|
11
|
+
if (projectStats.isDirectory()) {
|
|
12
|
+
return file;
|
|
13
13
|
}
|
|
14
|
-
next();
|
|
15
14
|
};
|
|
16
|
-
const
|
|
17
|
-
let projectStats = null;
|
|
15
|
+
const getProjectStats = file => {
|
|
18
16
|
try {
|
|
19
|
-
|
|
17
|
+
if (file.endsWith('/')) {
|
|
18
|
+
file = file.slice(0, -1);
|
|
19
|
+
}
|
|
20
|
+
return fs.statSync(file);
|
|
20
21
|
}
|
|
21
22
|
catch (err) {
|
|
22
23
|
throw new Error(i18n.__('languageAnalysisProjectRootFileNameFailure', file) +
|
|
23
24
|
`${err.message}`);
|
|
24
25
|
}
|
|
25
|
-
if (projectStats.isDirectory()) {
|
|
26
|
-
try {
|
|
27
|
-
return fs.readdirSync(file);
|
|
28
|
-
}
|
|
29
|
-
catch (err) {
|
|
30
|
-
throw new Error(i18n.__('languageAnalysisProjectRootFileNameReadError', file) +
|
|
31
|
-
`${err.message}`);
|
|
32
|
-
}
|
|
33
|
-
}
|
|
34
|
-
if (projectStats.isFile()) {
|
|
35
|
-
return [path.basename(file)];
|
|
36
|
-
}
|
|
37
|
-
throw new Error(i18n.__('languageAnalysisProjectRootFileNameMissingError'), file);
|
|
38
26
|
};
|
|
39
|
-
exports
|
|
27
|
+
module.exports = {
|
|
28
|
+
getProjectStats,
|
|
29
|
+
getDirectoryFromPathGiven: getDirectoryFromPathGiven
|
|
30
|
+
};
|
|
@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.getNumOfAndSeverityType = exports.buildFormattedHeaderNum = exports.buildBody = exports.buildHeader = exports.printFormattedOutput = exports.printVulnerabilityResponse = exports.getReport = exports.
|
|
6
|
+
exports.getNumOfAndSeverityType = exports.buildFormattedHeaderNum = exports.gatherRemediationAdvice = exports.buildBody = exports.buildHeader = exports.printFormattedOutput = exports.printVulnerabilityResponse = exports.getReport = exports.createSummaryMessage = void 0;
|
|
7
7
|
const commonApi_1 = require("../../../utils/commonApi");
|
|
8
8
|
const reportListModel_1 = require("./models/reportListModel");
|
|
9
9
|
const lodash_1 = require("lodash");
|
|
@@ -12,12 +12,14 @@ const reportUtils_1 = require("./utils/reportUtils");
|
|
|
12
12
|
const severityCountModel_1 = require("./models/severityCountModel");
|
|
13
13
|
const reportOutputModel_1 = require("./models/reportOutputModel");
|
|
14
14
|
const constants_1 = require("../../../constants/constants");
|
|
15
|
-
const
|
|
15
|
+
const cli_table3_1 = __importDefault(require("cli-table3"));
|
|
16
|
+
const reportGuidanceModel_1 = require("./models/reportGuidanceModel");
|
|
17
|
+
const createSummaryMessage = (numberOfVulnerableLibraries, numberOfCves) => {
|
|
16
18
|
numberOfVulnerableLibraries === 1
|
|
17
|
-
? console.log(`Found 1 vulnerable library containing ${numberOfCves}
|
|
18
|
-
: console.log(`Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs
|
|
19
|
+
? console.log(`Found 1 vulnerable library containing ${numberOfCves} CVE`)
|
|
20
|
+
: console.log(`Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs`);
|
|
19
21
|
};
|
|
20
|
-
exports.
|
|
22
|
+
exports.createSummaryMessage = createSummaryMessage;
|
|
21
23
|
const getReport = async (config, reportId) => {
|
|
22
24
|
const client = (0, commonApi_1.getHttpClient)(config);
|
|
23
25
|
return client
|
|
@@ -36,16 +38,18 @@ const getReport = async (config, reportId) => {
|
|
|
36
38
|
});
|
|
37
39
|
};
|
|
38
40
|
exports.getReport = getReport;
|
|
39
|
-
const printVulnerabilityResponse = (
|
|
41
|
+
const printVulnerabilityResponse = (config, vulnerableLibraries, numberOfVulnerableLibraries, numberOfCves, guidance) => {
|
|
40
42
|
let hasSomeVulnerabilitiesReported = false;
|
|
41
|
-
(0, exports.printFormattedOutput)(
|
|
42
|
-
if (Object.keys(
|
|
43
|
+
(0, exports.printFormattedOutput)(config, vulnerableLibraries, numberOfVulnerableLibraries, numberOfCves, guidance);
|
|
44
|
+
if (Object.keys(vulnerableLibraries).length > 0) {
|
|
43
45
|
hasSomeVulnerabilitiesReported = true;
|
|
44
46
|
}
|
|
45
47
|
return hasSomeVulnerabilitiesReported;
|
|
46
48
|
};
|
|
47
49
|
exports.printVulnerabilityResponse = printVulnerabilityResponse;
|
|
48
|
-
const printFormattedOutput = (libraries,
|
|
50
|
+
const printFormattedOutput = (config, libraries, numberOfVulnerableLibraries, numberOfCves, guidance) => {
|
|
51
|
+
(0, exports.createSummaryMessage)(numberOfVulnerableLibraries, numberOfCves);
|
|
52
|
+
console.log();
|
|
49
53
|
const report = new reportListModel_1.ReportList();
|
|
50
54
|
for (const library of libraries) {
|
|
51
55
|
const { name, version } = (0, reportUtils_1.findNameAndVersion)(library, config);
|
|
@@ -59,53 +63,122 @@ const printFormattedOutput = (libraries, config) => {
|
|
|
59
63
|
(reportListItem) => {
|
|
60
64
|
return reportListItem.compositeKey.numberOfSeverities;
|
|
61
65
|
}
|
|
62
|
-
], ['desc']);
|
|
63
|
-
let contrastHeaderNumCounter =
|
|
66
|
+
], ['asc', 'desc']);
|
|
67
|
+
let contrastHeaderNumCounter = 0;
|
|
64
68
|
for (const reportModel of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
|
|
65
|
-
contrastHeaderNumCounter
|
|
69
|
+
contrastHeaderNumCounter++;
|
|
66
70
|
const { libraryName, libraryVersion, highestSeverity } = reportModel.compositeKey;
|
|
67
71
|
const numOfCVEs = reportModel.cveArray.length;
|
|
72
|
+
const table = new cli_table3_1.default({
|
|
73
|
+
chars: {
|
|
74
|
+
top: '',
|
|
75
|
+
'top-mid': '',
|
|
76
|
+
'top-left': '',
|
|
77
|
+
'top-right': '',
|
|
78
|
+
bottom: '',
|
|
79
|
+
'bottom-mid': '',
|
|
80
|
+
'bottom-left': '',
|
|
81
|
+
'bottom-right': '',
|
|
82
|
+
left: '',
|
|
83
|
+
'left-mid': '',
|
|
84
|
+
mid: '',
|
|
85
|
+
'mid-mid': '',
|
|
86
|
+
right: '',
|
|
87
|
+
'right-mid': '',
|
|
88
|
+
middle: ' '
|
|
89
|
+
},
|
|
90
|
+
style: { 'padding-left': 0, 'padding-right': 0 },
|
|
91
|
+
colAligns: ['right'],
|
|
92
|
+
wordWrap: true,
|
|
93
|
+
colWidths: [12, 1, 100]
|
|
94
|
+
});
|
|
68
95
|
const header = buildHeader(highestSeverity, contrastHeaderNumCounter, libraryName, libraryVersion, numOfCVEs);
|
|
69
|
-
const
|
|
96
|
+
const advice = gatherRemediationAdvice(guidance, libraryName, libraryVersion);
|
|
97
|
+
const body = buildBody(reportModel.cveArray, advice);
|
|
70
98
|
const reportOutputModel = new reportOutputModel_1.ReportOutputModel(header, body);
|
|
99
|
+
table.push(reportOutputModel.body.issueMessage, reportOutputModel.body.adviceMessage);
|
|
71
100
|
console.log(reportOutputModel.header.vulnMessage, reportOutputModel.header.introducesMessage);
|
|
72
|
-
console.log(
|
|
73
|
-
console.log(reportOutputModel.body.adviceMessage + '\n');
|
|
74
|
-
}
|
|
75
|
-
const { criticalMessage, highMessage, mediumMessage, lowMessage, noteMessage, total } = buildFooter(libraries);
|
|
76
|
-
if (total > 1) {
|
|
77
|
-
console.log(`${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`);
|
|
101
|
+
console.log(table.toString() + '\n');
|
|
78
102
|
}
|
|
103
|
+
(0, exports.createSummaryMessage)(numberOfVulnerableLibraries, numberOfCves);
|
|
104
|
+
const { criticalMessage, highMessage, mediumMessage, lowMessage, noteMessage } = buildFooter(outputOrderedByLowestSeverityAndLowestNumOfCvesFirst);
|
|
105
|
+
console.log(`${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`);
|
|
79
106
|
};
|
|
80
107
|
exports.printFormattedOutput = printFormattedOutput;
|
|
81
108
|
function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, numOfCVEs) {
|
|
82
109
|
const vulnerabilityPluralised = numOfCVEs > 1 ? 'vulnerabilities' : 'vulnerability';
|
|
83
110
|
const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum);
|
|
84
|
-
const
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
const
|
|
111
|
+
const headerColour = chalk_1.default.hex(highestSeverity.outputColour);
|
|
112
|
+
const headerNumAndSeverity = headerColour(`${formattedHeaderNum} - [${highestSeverity.severity}]`);
|
|
113
|
+
const libraryNameAndVersion = headerColour.bold(`${libraryName}-${version}`);
|
|
114
|
+
const vulnMessage = `${headerNumAndSeverity} ${libraryNameAndVersion}`;
|
|
115
|
+
const introducesMessage = `introduces ${numOfCVEs} ${vulnerabilityPluralised}`;
|
|
88
116
|
return new reportOutputModel_1.ReportOutputHeaderModel(vulnMessage, introducesMessage);
|
|
89
117
|
}
|
|
90
118
|
exports.buildHeader = buildHeader;
|
|
91
|
-
function buildBody(cveArray) {
|
|
119
|
+
function buildBody(cveArray, advice) {
|
|
92
120
|
const cveMessages = [];
|
|
93
121
|
(0, reportUtils_1.findCVESeveritiesAndOrderByHighestPriority)(cveArray).forEach(reportSeverityModel => {
|
|
94
122
|
const { outputColour, severity, cveName } = reportSeverityModel;
|
|
95
123
|
const severityShorthand = chalk_1.default
|
|
96
124
|
.hex(outputColour)
|
|
97
125
|
.bold(`[${severity.charAt(0).toUpperCase()}]`);
|
|
98
|
-
const builtMessage =
|
|
126
|
+
const builtMessage = severityShorthand + cveName;
|
|
99
127
|
cveMessages.push(builtMessage);
|
|
100
128
|
});
|
|
101
129
|
const numAndSeverityType = getNumOfAndSeverityType(cveArray);
|
|
102
|
-
const issueMessage =
|
|
103
|
-
|
|
130
|
+
const issueMessage = [
|
|
131
|
+
chalk_1.default.bold('Issue'),
|
|
132
|
+
':',
|
|
133
|
+
`${numAndSeverityType} ${cveMessages.join(', ')}`
|
|
134
|
+
];
|
|
135
|
+
const minOrMax = advice.maximum ? advice.maximum : advice.minimum;
|
|
136
|
+
const displayAdvice = minOrMax
|
|
137
|
+
? `Change to version ${chalk_1.default.bold(minOrMax)}`
|
|
138
|
+
: 'No recommendation is available according to our data. Upgrade to the latest stable is the best advice we can give.';
|
|
139
|
+
const adviceMessage = [chalk_1.default.bold('Advice'), ':', displayAdvice];
|
|
104
140
|
return new reportOutputModel_1.ReportOutputBodyModel(issueMessage, adviceMessage);
|
|
105
141
|
}
|
|
106
142
|
exports.buildBody = buildBody;
|
|
107
|
-
|
|
108
|
-
const
|
|
143
|
+
function gatherRemediationAdvice(guidance, libraryName, libraryVersion) {
|
|
144
|
+
const guidanceModel = new reportGuidanceModel_1.ReportGuidanceModel();
|
|
145
|
+
const data = guidance[libraryName + '@' + libraryVersion];
|
|
146
|
+
if (data) {
|
|
147
|
+
guidanceModel.minimum = data.minUpgradeVersion;
|
|
148
|
+
guidanceModel.maximum = data.maxUpgradeVersion;
|
|
149
|
+
}
|
|
150
|
+
return guidanceModel;
|
|
151
|
+
}
|
|
152
|
+
exports.gatherRemediationAdvice = gatherRemediationAdvice;
|
|
153
|
+
function buildFormattedHeaderNum(contrastHeaderNum) {
|
|
154
|
+
return `CONTRAST-${contrastHeaderNum.toString().padStart(3, '0')}`;
|
|
155
|
+
}
|
|
156
|
+
exports.buildFormattedHeaderNum = buildFormattedHeaderNum;
|
|
157
|
+
function getNumOfAndSeverityType(cveArray) {
|
|
158
|
+
const { critical, high, medium, low, note } = (0, reportUtils_1.severityCountAllCVEs)(cveArray, new severityCountModel_1.SeverityCountModel());
|
|
159
|
+
const criticalNumCheck = critical > 0;
|
|
160
|
+
const highNumCheck = high > 0;
|
|
161
|
+
const highDivider = highNumCheck ? '|' : '';
|
|
162
|
+
const mediumNumCheck = medium > 0;
|
|
163
|
+
const mediumDivider = mediumNumCheck ? '|' : '';
|
|
164
|
+
const lowNumCheck = low > 0;
|
|
165
|
+
const lowDivider = lowNumCheck ? '|' : '';
|
|
166
|
+
const noteNumCheck = low > 0;
|
|
167
|
+
const noteDivider = noteNumCheck ? '|' : '';
|
|
168
|
+
const criticalMessage = criticalNumCheck
|
|
169
|
+
? `${critical} Critical ${highDivider}`
|
|
170
|
+
: '';
|
|
171
|
+
const highMessage = highNumCheck ? `${high} High ${mediumDivider}` : '';
|
|
172
|
+
const mediumMessage = mediumNumCheck ? `${medium} Medium ${lowDivider}` : '';
|
|
173
|
+
const lowMessage = lowNumCheck ? `${low} Low ${noteDivider}` : '';
|
|
174
|
+
const noteMessage = noteNumCheck ? `${note} Note` : '';
|
|
175
|
+
return `${criticalMessage} ${highMessage} ${mediumMessage} ${lowMessage} ${noteMessage}`
|
|
176
|
+
.replace(/\s+/g, ' ')
|
|
177
|
+
.trim();
|
|
178
|
+
}
|
|
179
|
+
exports.getNumOfAndSeverityType = getNumOfAndSeverityType;
|
|
180
|
+
const buildFooter = (reportModelStructure) => {
|
|
181
|
+
const { critical, high, medium, low, note } = (0, reportUtils_1.countVulnerableLibrariesBySeverity)(reportModelStructure);
|
|
109
182
|
const criticalMessage = chalk_1.default
|
|
110
183
|
.hex(constants_1.CRITICAL_COLOUR)
|
|
111
184
|
.bold(`${critical} Critical`);
|
|
@@ -118,33 +191,6 @@ const buildFooter = (libraries) => {
|
|
|
118
191
|
highMessage,
|
|
119
192
|
mediumMessage,
|
|
120
193
|
lowMessage,
|
|
121
|
-
noteMessage
|
|
122
|
-
total: getTotal
|
|
194
|
+
noteMessage
|
|
123
195
|
};
|
|
124
196
|
};
|
|
125
|
-
function buildFormattedHeaderNum(contrastHeaderNum) {
|
|
126
|
-
let formattedHeaderNum;
|
|
127
|
-
if (contrastHeaderNum < 10) {
|
|
128
|
-
formattedHeaderNum = `00${contrastHeaderNum}`;
|
|
129
|
-
}
|
|
130
|
-
else if (contrastHeaderNum >= 10 && contrastHeaderNum < 100) {
|
|
131
|
-
formattedHeaderNum = `0${contrastHeaderNum}`;
|
|
132
|
-
}
|
|
133
|
-
else if (contrastHeaderNum >= 100) {
|
|
134
|
-
formattedHeaderNum = contrastHeaderNum;
|
|
135
|
-
}
|
|
136
|
-
return `CONTRAST-${formattedHeaderNum}`;
|
|
137
|
-
}
|
|
138
|
-
exports.buildFormattedHeaderNum = buildFormattedHeaderNum;
|
|
139
|
-
function getNumOfAndSeverityType(cveArray) {
|
|
140
|
-
const { critical, high, medium, low, note } = (0, reportUtils_1.severityCountAllCVEs)(cveArray, new severityCountModel_1.SeverityCountModel());
|
|
141
|
-
const criticalMessage = critical > 0 ? `${critical} Critical` : '';
|
|
142
|
-
const highMessage = high > 0 ? `${high} High` : '';
|
|
143
|
-
const mediumMessage = medium > 0 ? `${medium} Medium` : '';
|
|
144
|
-
const lowMessage = low > 0 ? `${low} Low` : '';
|
|
145
|
-
const noteMessage = note > 0 ? `${note} Note` : '';
|
|
146
|
-
return `${criticalMessage} ${highMessage} ${mediumMessage} ${lowMessage} ${noteMessage}`
|
|
147
|
-
.replace(/\s+/g, ' ')
|
|
148
|
-
.trim();
|
|
149
|
-
}
|
|
150
|
-
exports.getNumOfAndSeverityType = getNumOfAndSeverityType;
|
|
@@ -16,9 +16,9 @@ class ReportOutputHeaderModel {
|
|
|
16
16
|
}
|
|
17
17
|
exports.ReportOutputHeaderModel = ReportOutputHeaderModel;
|
|
18
18
|
class ReportOutputBodyModel {
|
|
19
|
-
constructor(
|
|
20
|
-
this.issueMessage =
|
|
21
|
-
this.adviceMessage =
|
|
19
|
+
constructor(issueMessage, adviceMessage) {
|
|
20
|
+
this.issueMessage = issueMessage;
|
|
21
|
+
this.adviceMessage = adviceMessage;
|
|
22
22
|
}
|
|
23
23
|
}
|
|
24
24
|
exports.ReportOutputBodyModel = ReportOutputBodyModel;
|
|
@@ -1,23 +1,70 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
2
25
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
26
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
27
|
};
|
|
5
28
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.vulnerabilityReportV2 = exports.formatVulnerabilityOutput = exports.
|
|
29
|
+
exports.vulnerabilityReportV2 = exports.formatVulnerabilityOutput = exports.convertJSDotNetPython = exports.convertKeysToStandardFormat = void 0;
|
|
7
30
|
const commonReportingFunctions_1 = require("./commonReportingFunctions");
|
|
8
31
|
const reportUtils_1 = require("./utils/reportUtils");
|
|
9
32
|
const i18n_1 = __importDefault(require("i18n"));
|
|
10
33
|
const chalk_1 = __importDefault(require("chalk"));
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
34
|
+
const constants = __importStar(require("../../../constants/constants"));
|
|
35
|
+
const severityCountModel_1 = require("./models/severityCountModel");
|
|
36
|
+
const common = __importStar(require("../../../common/fail"));
|
|
37
|
+
function convertKeysToStandardFormat(config, guidance) {
|
|
38
|
+
let convertedGuidance = guidance;
|
|
39
|
+
switch (config.language) {
|
|
40
|
+
case constants.supportedLanguages.JAVA:
|
|
41
|
+
case constants.supportedLanguages.GO:
|
|
42
|
+
case constants.supportedLanguages.PHP:
|
|
43
|
+
break;
|
|
44
|
+
case constants.supportedLanguages.NODE:
|
|
45
|
+
case constants.supportedLanguages.DOTNET:
|
|
46
|
+
case constants.supportedLanguages.PYTHON:
|
|
47
|
+
case constants.supportedLanguages.RUBY:
|
|
48
|
+
convertedGuidance = convertJSDotNetPython(guidance);
|
|
49
|
+
break;
|
|
16
50
|
}
|
|
51
|
+
return convertedGuidance;
|
|
52
|
+
}
|
|
53
|
+
exports.convertKeysToStandardFormat = convertKeysToStandardFormat;
|
|
54
|
+
function convertJSDotNetPython(guidance) {
|
|
55
|
+
const returnObject = {};
|
|
56
|
+
Object.entries(guidance).forEach(([key, value]) => {
|
|
57
|
+
const splitKey = key.split('/');
|
|
58
|
+
if (splitKey.length === 2) {
|
|
59
|
+
returnObject[splitKey[1]] = value;
|
|
60
|
+
}
|
|
61
|
+
});
|
|
62
|
+
return returnObject;
|
|
17
63
|
}
|
|
18
|
-
exports.
|
|
19
|
-
function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, config) {
|
|
64
|
+
exports.convertJSDotNetPython = convertJSDotNetPython;
|
|
65
|
+
function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, config, remediationGuidance) {
|
|
20
66
|
const vulnerableLibraries = (0, reportUtils_1.convertGenericToTypedLibraryVulns)(libraryVulnerabilityResponse);
|
|
67
|
+
const guidance = convertKeysToStandardFormat(config, remediationGuidance);
|
|
21
68
|
const numberOfVulnerableLibraries = vulnerableLibraries.length;
|
|
22
69
|
if (numberOfVulnerableLibraries === 0) {
|
|
23
70
|
console.log(i18n_1.default.__('scanNoVulnerabilitiesFound'));
|
|
@@ -25,25 +72,29 @@ function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, config) {
|
|
|
25
72
|
console.log(i18n_1.default.__('scanNoVulnerabilitiesFoundGoodWork'));
|
|
26
73
|
console.log(chalk_1.default.bold(`Found ${numberOfVulnerableLibraries} vulnerabilities`));
|
|
27
74
|
console.log(i18n_1.default.__('foundDetailedVulnerabilities', String(0), String(0), String(0), String(0), String(0)));
|
|
75
|
+
return [false, 0, [new severityCountModel_1.SeverityCountModel()]];
|
|
28
76
|
}
|
|
29
77
|
else {
|
|
30
78
|
let numberOfCves = 0;
|
|
31
79
|
vulnerableLibraries.forEach(lib => (numberOfCves += lib.cveArray.length));
|
|
32
|
-
(0, commonReportingFunctions_1.
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
(0, reportUtils_1.severityCountAllLibraries)(vulnerableLibraries)
|
|
38
|
-
];
|
|
80
|
+
const hasSomeVulnerabilitiesReported = (0, commonReportingFunctions_1.printVulnerabilityResponse)(config, vulnerableLibraries, numberOfVulnerableLibraries, numberOfCves, guidance);
|
|
81
|
+
let severityCount = new severityCountModel_1.SeverityCountModel();
|
|
82
|
+
severityCount = (0, reportUtils_1.severityCountAllLibraries)(vulnerableLibraries, severityCount);
|
|
83
|
+
severityCount.total = severityCount.getTotal;
|
|
84
|
+
return [hasSomeVulnerabilitiesReported, numberOfCves, severityCount];
|
|
39
85
|
}
|
|
40
86
|
}
|
|
41
87
|
exports.formatVulnerabilityOutput = formatVulnerabilityOutput;
|
|
42
88
|
async function vulnerabilityReportV2(config, reportId) {
|
|
89
|
+
console.log();
|
|
43
90
|
const reportResponse = await (0, commonReportingFunctions_1.getReport)(config, reportId);
|
|
44
91
|
if (reportResponse !== undefined) {
|
|
45
|
-
|
|
46
|
-
|
|
92
|
+
let output = formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config, reportResponse.remediationGuidance
|
|
93
|
+
? reportResponse.remediationGuidance
|
|
94
|
+
: {});
|
|
95
|
+
if (config.fail) {
|
|
96
|
+
common.processFail(config, output[2]);
|
|
97
|
+
}
|
|
47
98
|
}
|
|
48
99
|
}
|
|
49
100
|
exports.vulnerabilityReportV2 = vulnerabilityReportV2;
|
|
@@ -3,10 +3,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraryVulns = exports.findCVESeverity = exports.findCVESeveritiesAndOrderByHighestPriority = exports.findHighestSeverityCVE = void 0;
|
|
6
|
+
exports.countVulnerableLibrariesBySeverity = exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraryVulns = exports.findCVESeverity = exports.findCVESeveritiesAndOrderByHighestPriority = exports.findHighestSeverityCVE = void 0;
|
|
7
7
|
const reportLibraryModel_1 = require("../models/reportLibraryModel");
|
|
8
8
|
const reportSeverityModel_1 = require("../models/reportSeverityModel");
|
|
9
|
-
const constants_1 = __importDefault(require("
|
|
9
|
+
const constants_1 = __importDefault(require("./../../../../constants/constants"));
|
|
10
10
|
const constants_2 = require("../../../../constants/constants");
|
|
11
11
|
const lodash_1 = require("lodash");
|
|
12
12
|
const severityCountModel_1 = require("../models/severityCountModel");
|
|
@@ -46,8 +46,7 @@ function convertGenericToTypedLibraryVulns(libraries) {
|
|
|
46
46
|
});
|
|
47
47
|
}
|
|
48
48
|
exports.convertGenericToTypedLibraryVulns = convertGenericToTypedLibraryVulns;
|
|
49
|
-
function severityCountAllLibraries(vulnerableLibraries) {
|
|
50
|
-
const severityCount = new severityCountModel_1.SeverityCountModel();
|
|
49
|
+
function severityCountAllLibraries(vulnerableLibraries, severityCount) {
|
|
51
50
|
vulnerableLibraries.forEach(lib => severityCountAllCVEs(lib.cveArray, severityCount));
|
|
52
51
|
return severityCount;
|
|
53
52
|
}
|
|
@@ -86,11 +85,44 @@ function findNameAndVersion(library, config) {
|
|
|
86
85
|
return { name, version };
|
|
87
86
|
}
|
|
88
87
|
else {
|
|
89
|
-
const
|
|
90
|
-
const nameVersion =
|
|
91
|
-
|
|
88
|
+
const uniqueSplitLibraryName = [...new Set(library.name.split('/'))];
|
|
89
|
+
const nameVersion = uniqueSplitLibraryName[1].split('@');
|
|
90
|
+
let parentLibrary;
|
|
91
|
+
let name;
|
|
92
|
+
if (uniqueSplitLibraryName[0] !== 'null' &&
|
|
93
|
+
uniqueSplitLibraryName[0] !== '' &&
|
|
94
|
+
!uniqueSplitLibraryName[1].includes(uniqueSplitLibraryName[0])) {
|
|
95
|
+
parentLibrary = uniqueSplitLibraryName[0];
|
|
96
|
+
name = `${parentLibrary}/${nameVersion[0]}`;
|
|
97
|
+
}
|
|
98
|
+
else {
|
|
99
|
+
name = nameVersion[0];
|
|
100
|
+
}
|
|
92
101
|
const version = nameVersion[1];
|
|
93
102
|
return { name, version };
|
|
94
103
|
}
|
|
95
104
|
}
|
|
96
105
|
exports.findNameAndVersion = findNameAndVersion;
|
|
106
|
+
function countVulnerableLibrariesBySeverity(reportModelStructure) {
|
|
107
|
+
const severityCount = new severityCountModel_1.SeverityCountModel();
|
|
108
|
+
reportModelStructure.forEach(vuln => {
|
|
109
|
+
const currentSeverity = vuln.compositeKey.highestSeverity.severity;
|
|
110
|
+
if (currentSeverity === 'CRITICAL') {
|
|
111
|
+
severityCount.critical += 1;
|
|
112
|
+
}
|
|
113
|
+
else if (currentSeverity === 'HIGH') {
|
|
114
|
+
severityCount.high += 1;
|
|
115
|
+
}
|
|
116
|
+
else if (currentSeverity === 'MEDIUM') {
|
|
117
|
+
severityCount.medium += 1;
|
|
118
|
+
}
|
|
119
|
+
else if (currentSeverity === 'LOW') {
|
|
120
|
+
severityCount.low += 1;
|
|
121
|
+
}
|
|
122
|
+
else if (currentSeverity === 'NOTE') {
|
|
123
|
+
severityCount.note += 1;
|
|
124
|
+
}
|
|
125
|
+
});
|
|
126
|
+
return severityCount;
|
|
127
|
+
}
|
|
128
|
+
exports.countVulnerableLibrariesBySeverity = countVulnerableLibrariesBySeverity;
|
|
@@ -1,6 +1,4 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
const { handleResponseErrors } = require('../../common/errorHandling');
|
|
3
|
-
const { APP_VERSION } = require('../../constants/constants');
|
|
4
2
|
const commonApi = require('../../utils/commonApi');
|
|
5
3
|
const _ = require('lodash');
|
|
6
4
|
const oraFunctions = require('../../utils/oraWrapper');
|
|
@@ -8,28 +6,6 @@ const i18n = require('i18n');
|
|
|
8
6
|
const oraWrapper = require('../../utils/oraWrapper');
|
|
9
7
|
const requestUtils = require('../../utils/requestUtils');
|
|
10
8
|
const { performance } = require('perf_hooks');
|
|
11
|
-
const newSendSnapShot = async (analysis) => {
|
|
12
|
-
const analysisLanguage = analysis.config.language.toLowerCase();
|
|
13
|
-
const requestBody = {
|
|
14
|
-
appID: analysis.config.applicationId,
|
|
15
|
-
cliVersion: APP_VERSION,
|
|
16
|
-
snapshot: { [analysisLanguage]: analysis[analysisLanguage] }
|
|
17
|
-
};
|
|
18
|
-
const client = commonApi.getHttpClient(analysis.config);
|
|
19
|
-
return client
|
|
20
|
-
.sendSnapshot(requestBody, analysis.config)
|
|
21
|
-
.then(res => {
|
|
22
|
-
if (res.statusCode === 201) {
|
|
23
|
-
return res.body;
|
|
24
|
-
}
|
|
25
|
-
else {
|
|
26
|
-
handleResponseErrors(res, 'snapshot');
|
|
27
|
-
}
|
|
28
|
-
})
|
|
29
|
-
.catch(err => {
|
|
30
|
-
console.log(err);
|
|
31
|
-
});
|
|
32
|
-
};
|
|
33
9
|
const pollSnapshotResults = async (config, snapshotId, client) => {
|
|
34
10
|
await requestUtils.sleep(5000);
|
|
35
11
|
return client
|
|
@@ -47,9 +23,9 @@ const getTimeout = config => {
|
|
|
47
23
|
}
|
|
48
24
|
else {
|
|
49
25
|
if (config.verbose) {
|
|
50
|
-
console.log('Timeout set to
|
|
26
|
+
console.log('Timeout set to 5 minutes');
|
|
51
27
|
}
|
|
52
|
-
return
|
|
28
|
+
return 300;
|
|
53
29
|
}
|
|
54
30
|
};
|
|
55
31
|
const pollForSnapshotCompletition = async (config, snapshotId, reportSpinner) => {
|
|
@@ -78,14 +54,14 @@ const pollForSnapshotCompletition = async (config, snapshotId, reportSpinner) =>
|
|
|
78
54
|
}
|
|
79
55
|
const endTime = performance.now() - startTime;
|
|
80
56
|
if (requestUtils.millisToSeconds(endTime) > timeout) {
|
|
81
|
-
oraFunctions.failSpinner(reportSpinner, 'Contrast audit timed out at the specified
|
|
82
|
-
|
|
83
|
-
|
|
57
|
+
oraFunctions.failSpinner(reportSpinner, 'Contrast audit timed out at the specified timeout of ' +
|
|
58
|
+
timeout +
|
|
59
|
+
' seconds.');
|
|
60
|
+
throw new Error('You can update the timeout using --timeout');
|
|
84
61
|
}
|
|
85
62
|
}
|
|
86
63
|
}
|
|
87
64
|
};
|
|
88
65
|
module.exports = {
|
|
89
|
-
newSendSnapShot: newSendSnapShot,
|
|
90
66
|
pollForSnapshotCompletition: pollForSnapshotCompletition
|
|
91
67
|
};
|
package/dist/audit/save.js
CHANGED
|
@@ -4,24 +4,32 @@ const i18n = require('i18n');
|
|
|
4
4
|
const chalk = require('chalk');
|
|
5
5
|
const save = require('../commands/audit/saveFile');
|
|
6
6
|
const sbom = require('../sbom/generateSbom');
|
|
7
|
+
const { SBOM_CYCLONE_DX_FILE, SBOM_SPDX_FILE } = require('../constants/constants');
|
|
7
8
|
async function auditSave(config) {
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
9
|
+
let fileFormat;
|
|
10
|
+
switch (config.save) {
|
|
11
|
+
case null:
|
|
12
|
+
case SBOM_CYCLONE_DX_FILE:
|
|
13
|
+
fileFormat = SBOM_CYCLONE_DX_FILE;
|
|
14
|
+
break;
|
|
15
|
+
case SBOM_SPDX_FILE:
|
|
16
|
+
fileFormat = SBOM_SPDX_FILE;
|
|
17
|
+
break;
|
|
18
|
+
default:
|
|
19
|
+
break;
|
|
20
|
+
}
|
|
21
|
+
if (fileFormat) {
|
|
22
|
+
save.saveFile(config, fileFormat, await sbom.generateSbom(config, fileFormat));
|
|
23
|
+
const filename = `${config.applicationId}-sbom-${fileFormat}.json`;
|
|
24
|
+
if (fs.existsSync(filename)) {
|
|
25
|
+
console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`);
|
|
18
26
|
}
|
|
19
27
|
else {
|
|
20
|
-
console.log(
|
|
28
|
+
console.log(chalk.yellow.bold(`\n Unable to save ${filename} Software Bill of Materials (SBOM)`));
|
|
21
29
|
}
|
|
22
30
|
}
|
|
23
|
-
else
|
|
24
|
-
console.log(i18n.__('
|
|
31
|
+
else {
|
|
32
|
+
console.log(i18n.__('auditBadFiletypeSpecifiedForSave'));
|
|
25
33
|
}
|
|
26
34
|
}
|
|
27
35
|
module.exports = {
|