npm - @contrast/contrast - Versions diffs - 1.0.8 → 1.0.11 - Mend

@contrast/contrast 1.0.8 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (217) hide show

package/README.md +2 -2
package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js +16 -25
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +103 -57
package/dist/audit/languageAnalysisEngine/report/models/reportGuidanceModel.js +6 -0
package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js +3 -3
package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js +1 -0
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +68 -17
package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js +39 -7
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +6 -30
package/dist/audit/save.js +21 -13
package/dist/commands/audit/auditConfig.js +3 -19
package/dist/commands/audit/auditController.js +1 -10
package/dist/commands/audit/help.js +7 -24
package/dist/commands/audit/processAudit.js +5 -9
package/dist/commands/audit/saveFile.js +2 -2
package/dist/commands/auth/auth.js +1 -1
package/dist/commands/config/config.js +2 -2
package/dist/commands/scan/processScan.js +11 -4
package/dist/commands/scan/sca/scaAnalysis.js +37 -13
package/dist/common/HTTPClient.js +17 -8
package/dist/common/errorHandling.js +2 -2
package/dist/common/fail.js +66 -0
package/dist/common/versionChecker.js +1 -1
package/dist/constants/constants.js +7 -2
package/dist/constants/locales.js +40 -38
package/dist/constants.js +62 -12
package/dist/index.js +57 -45
package/dist/lambda/lambda.js +5 -2
package/dist/sbom/generateSbom.js +2 -2
package/dist/scaAnalysis/common/formatMessage.js +7 -1
package/dist/scaAnalysis/common/scaParserForGoAndJava.js +32 -0
package/dist/scaAnalysis/common/treeUpload.js +24 -10
package/dist/scaAnalysis/dotnet/analysis.js +55 -0
package/dist/scaAnalysis/dotnet/index.js +10 -0
package/dist/scaAnalysis/go/goAnalysis.js +8 -2
package/dist/scaAnalysis/java/analysis.js +10 -6
package/dist/scaAnalysis/java/index.js +7 -1
package/dist/scaAnalysis/java/javaBuildDepsParser.js +19 -3
package/dist/scaAnalysis/javascript/analysis.js +4 -7
package/dist/scaAnalysis/javascript/index.js +16 -4
package/dist/scaAnalysis/php/analysis.js +14 -33
package/dist/scaAnalysis/php/index.js +11 -4
package/dist/scaAnalysis/python/analysis.js +43 -5
package/dist/scaAnalysis/python/index.js +7 -2
package/dist/scaAnalysis/ruby/analysis.js +16 -14
package/dist/scan/autoDetection.js +13 -24
package/dist/scan/fileUtils.js +31 -12
package/dist/scan/formatScanOutput.js +9 -8
package/dist/scan/populateProjectIdAndProjectName.js +5 -0
package/dist/scan/scan.js +4 -0
package/dist/scan/scanConfig.js +5 -5
package/dist/scan/scanResults.js +39 -3
package/dist/telemetry/telemetry.js +137 -0
package/dist/utils/commonApi.js +1 -1
package/dist/utils/getConfig.js +3 -8
package/dist/utils/parsedCLIOptions.js +3 -1
package/dist/utils/requestUtils.js +7 -1
package/package.json +2 -3
package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js +21 -57
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts +155 -77
package/src/audit/languageAnalysisEngine/report/models/reportGuidanceModel.ts +5 -0
package/src/audit/languageAnalysisEngine/report/models/reportOutputModel.ts +5 -5
package/src/audit/languageAnalysisEngine/report/models/severityCountModel.ts +2 -0
package/src/audit/languageAnalysisEngine/report/reportingFeature.ts +56 -27
package/src/audit/languageAnalysisEngine/report/utils/reportUtils.ts +45 -6
package/src/audit/languageAnalysisEngine/sendSnapshot.js +6 -32
package/src/audit/save.js +32 -16
package/src/commands/audit/auditConfig.ts +10 -28
package/src/commands/audit/auditController.ts +0 -11
package/src/commands/audit/help.ts +7 -24
package/src/commands/audit/processAudit.ts +16 -8
package/src/commands/audit/saveFile.ts +2 -2
package/src/commands/auth/auth.js +3 -1
package/src/commands/config/config.js +4 -2
package/src/commands/scan/processScan.js +18 -5
package/src/commands/scan/sca/scaAnalysis.js +50 -18
package/src/common/HTTPClient.js +23 -9
package/src/common/errorHandling.ts +2 -3
package/src/common/fail.js +75 -0
package/src/common/versionChecker.ts +1 -1
package/src/constants/constants.js +9 -3
package/src/constants/locales.js +70 -45
package/src/constants.js +67 -13
package/src/index.ts +91 -66
package/src/lambda/lambda.ts +5 -2
package/src/lambda/types.ts +1 -0
package/src/sbom/generateSbom.ts +2 -2
package/src/scaAnalysis/common/formatMessage.js +8 -1
package/src/scaAnalysis/common/scaParserForGoAndJava.js +41 -0
package/src/scaAnalysis/common/treeUpload.js +25 -11
package/src/scaAnalysis/dotnet/analysis.js +72 -0
package/src/scaAnalysis/dotnet/index.js +11 -0
package/src/scaAnalysis/go/goAnalysis.js +9 -2
package/src/scaAnalysis/java/analysis.js +11 -6
package/src/scaAnalysis/java/index.js +9 -1
package/src/scaAnalysis/java/javaBuildDepsParser.js +25 -6
package/src/scaAnalysis/javascript/analysis.js +6 -7
package/src/scaAnalysis/javascript/index.js +25 -6
package/src/scaAnalysis/php/analysis.js +15 -35
package/src/scaAnalysis/php/index.js +15 -4
package/src/scaAnalysis/python/analysis.js +49 -5
package/src/scaAnalysis/python/index.js +7 -2
package/src/scaAnalysis/ruby/analysis.js +18 -15
package/src/scan/autoDetection.js +14 -27
package/src/scan/fileUtils.js +33 -12
package/src/scan/formatScanOutput.ts +10 -8
package/src/scan/populateProjectIdAndProjectName.js +5 -1
package/src/scan/scan.ts +4 -0
package/src/scan/scanConfig.js +7 -7
package/src/scan/scanResults.js +46 -3
package/src/telemetry/telemetry.ts +154 -0
package/src/utils/commonApi.js +1 -1
package/src/utils/getConfig.ts +5 -18
package/src/utils/parsedCLIOptions.js +14 -1
package/src/utils/requestUtils.js +8 -1
package/dist/audit/AnalysisEngine.js +0 -37
package/dist/audit/autodetection/autoDetectLanguage.js +0 -32
package/dist/audit/dotnetAnalysisEngine/index.js +0 -25
package/dist/audit/dotnetAnalysisEngine/parseLockFileContents.js +0 -35
package/dist/audit/dotnetAnalysisEngine/parseProjectFileContents.js +0 -15
package/dist/audit/dotnetAnalysisEngine/readLockFileContents.js +0 -18
package/dist/audit/dotnetAnalysisEngine/readProjectFileContents.js +0 -14
package/dist/audit/dotnetAnalysisEngine/sanitizer.js +0 -9
package/dist/audit/goAnalysisEngine/index.js +0 -17
package/dist/audit/goAnalysisEngine/parseProjectFileContents.js +0 -164
package/dist/audit/goAnalysisEngine/readProjectFileContents.js +0 -21
package/dist/audit/goAnalysisEngine/sanitizer.js +0 -5
package/dist/audit/javaAnalysisEngine/index.js +0 -34
package/dist/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +0 -155
package/dist/audit/javaAnalysisEngine/parseProjectFileContents.js +0 -353
package/dist/audit/javaAnalysisEngine/readProjectFileContents.js +0 -98
package/dist/audit/javaAnalysisEngine/sanitizer.js +0 -5
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +0 -25
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +0 -25
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +0 -35
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +0 -24
package/dist/audit/languageAnalysisEngine/constants.js +0 -20
package/dist/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +0 -25
package/dist/audit/languageAnalysisEngine/index.js +0 -39
package/dist/audit/languageAnalysisEngine/languageAnalysisFactory.js +0 -66
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +0 -166
package/dist/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +0 -40
package/dist/audit/nodeAnalysisEngine/index.js +0 -31
package/dist/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +0 -18
package/dist/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +0 -18
package/dist/audit/nodeAnalysisEngine/readNPMLockFileContents.js +0 -17
package/dist/audit/nodeAnalysisEngine/readProjectFileContents.js +0 -14
package/dist/audit/nodeAnalysisEngine/readYarnLockFileContents.js +0 -24
package/dist/audit/nodeAnalysisEngine/sanitizer.js +0 -9
package/dist/audit/phpAnalysisEngine/index.js +0 -23
package/dist/audit/phpAnalysisEngine/parseLockFileContents.js +0 -52
package/dist/audit/phpAnalysisEngine/readLockFileContents.js +0 -13
package/dist/audit/phpAnalysisEngine/readProjectFileContents.js +0 -16
package/dist/audit/phpAnalysisEngine/sanitizer.js +0 -5
package/dist/audit/pythonAnalysisEngine/index.js +0 -25
package/dist/audit/pythonAnalysisEngine/parsePipfileLockContents.js +0 -17
package/dist/audit/pythonAnalysisEngine/parseProjectFileContents.js +0 -21
package/dist/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +0 -13
package/dist/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +0 -14
package/dist/audit/pythonAnalysisEngine/sanitizer.js +0 -7
package/dist/audit/rubyAnalysisEngine/index.js +0 -25
package/dist/audit/rubyAnalysisEngine/parseGemfileLockContents.js +0 -176
package/dist/audit/rubyAnalysisEngine/parsedGemfile.js +0 -22
package/dist/audit/rubyAnalysisEngine/readGemfileContents.js +0 -14
package/dist/audit/rubyAnalysisEngine/readGemfileLockContents.js +0 -14
package/dist/audit/rubyAnalysisEngine/sanitizer.js +0 -6
package/src/audit/AnalysisEngine.js +0 -103
package/src/audit/autodetection/autoDetectLanguage.ts +0 -40
package/src/audit/dotnetAnalysisEngine/index.js +0 -26
package/src/audit/dotnetAnalysisEngine/parseLockFileContents.js +0 -47
package/src/audit/dotnetAnalysisEngine/parseProjectFileContents.js +0 -29
package/src/audit/dotnetAnalysisEngine/readLockFileContents.js +0 -30
package/src/audit/dotnetAnalysisEngine/readProjectFileContents.js +0 -26
package/src/audit/dotnetAnalysisEngine/sanitizer.js +0 -11
package/src/audit/goAnalysisEngine/index.js +0 -18
package/src/audit/goAnalysisEngine/parseProjectFileContents.js +0 -209
package/src/audit/goAnalysisEngine/readProjectFileContents.js +0 -31
package/src/audit/goAnalysisEngine/sanitizer.js +0 -7
package/src/audit/javaAnalysisEngine/index.js +0 -41
package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +0 -225
package/src/audit/javaAnalysisEngine/parseProjectFileContents.js +0 -420
package/src/audit/javaAnalysisEngine/readProjectFileContents.js +0 -141
package/src/audit/javaAnalysisEngine/sanitizer.js +0 -6
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +0 -36
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +0 -42
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +0 -54
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +0 -33
package/src/audit/languageAnalysisEngine/constants.js +0 -23
package/src/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +0 -41
package/src/audit/languageAnalysisEngine/index.js +0 -45
package/src/audit/languageAnalysisEngine/languageAnalysisFactory.js +0 -96
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +0 -251
package/src/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +0 -49
package/src/audit/nodeAnalysisEngine/index.js +0 -35
package/src/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +0 -20
package/src/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +0 -26
package/src/audit/nodeAnalysisEngine/readNPMLockFileContents.js +0 -23
package/src/audit/nodeAnalysisEngine/readProjectFileContents.js +0 -27
package/src/audit/nodeAnalysisEngine/readYarnLockFileContents.js +0 -36
package/src/audit/nodeAnalysisEngine/sanitizer.js +0 -11
package/src/audit/phpAnalysisEngine/index.js +0 -27
package/src/audit/phpAnalysisEngine/parseLockFileContents.js +0 -60
package/src/audit/phpAnalysisEngine/readLockFileContents.js +0 -14
package/src/audit/phpAnalysisEngine/readProjectFileContents.js +0 -25
package/src/audit/phpAnalysisEngine/sanitizer.js +0 -4
package/src/audit/pythonAnalysisEngine/index.js +0 -55
package/src/audit/pythonAnalysisEngine/parsePipfileLockContents.js +0 -23
package/src/audit/pythonAnalysisEngine/parseProjectFileContents.js +0 -33
package/src/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +0 -16
package/src/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +0 -22
package/src/audit/pythonAnalysisEngine/sanitizer.js +0 -9
package/src/audit/rubyAnalysisEngine/index.js +0 -30
package/src/audit/rubyAnalysisEngine/parseGemfileLockContents.js +0 -215
package/src/audit/rubyAnalysisEngine/parsedGemfile.js +0 -39
package/src/audit/rubyAnalysisEngine/readGemfileContents.js +0 -18
package/src/audit/rubyAnalysisEngine/readGemfileLockContents.js +0 -17
package/src/audit/rubyAnalysisEngine/sanitizer.js +0 -8

package/src/scan/autoDetection.js CHANGED Viewed

@@ -1,7 +1,7 @@
 const i18n = require('i18n')
 const fileFinder = require('./fileUtils')
-const languageResolver = require('../audit/languageAnalysisEngine/reduceIdentifiedLanguages')
 const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames')
+const path = require('path')
 const autoDetectFileAndLanguage = async configToUse => {
   const entries = await fileFinder.findFile()
@@ -28,36 +28,24 @@ const autoDetectFileAndLanguage = async configToUse => {
   }
 }
-const autoDetectAuditFilesAndLanguages = async () => {
+const autoDetectAuditFilesAndLanguages = async filePath => {
   let languagesFound = []
-  console.log(i18n.__('searchingAuditFileDirectory', process.cwd()))
-  await fileFinder.findFilesJava(languagesFound)
-  await fileFinder.findFilesJavascript(languagesFound)
-  await fileFinder.findFilesPython(languagesFound)
-  await fileFinder.findFilesGo(languagesFound)
-  await fileFinder.findFilesPhp(languagesFound)
-  await fileFinder.findFilesRuby(languagesFound)
+  console.log(i18n.__('searchingAuditFileDirectory', filePath))
-  if (languagesFound.length === 1) {
+  await fileFinder.findFilesJava(languagesFound, filePath)
+  await fileFinder.findFilesJavascript(languagesFound, filePath)
+  await fileFinder.findFilesPython(languagesFound, filePath)
+  await fileFinder.findFilesGo(languagesFound, filePath)
+  await fileFinder.findFilesPhp(languagesFound, filePath)
+  await fileFinder.findFilesRuby(languagesFound, filePath)
+  await fileFinder.findFilesDotNet(languagesFound, filePath)
+  if (languagesFound) {
     return languagesFound
-  } else {
-    console.log(
-      'found multiple languages, please specify one using --file to run SCA audit'
-    )
   }
-}
-const manualDetectAuditFilesAndLanguages = file => {
-  let projectRootFilenames = rootFile.getProjectRootFilenames(file)
-  let identifiedLanguages =
-    languageResolver.deduceLanguageScaAnalysis(projectRootFilenames)
-  if (Object.keys(identifiedLanguages).length === 0) {
-    console.log(i18n.__('languageAnalysisNoLanguage', file))
-    return []
-  }
-  return [identifiedLanguages]
+  return []
 }
 const hasWhiteSpace = s => {
@@ -100,6 +88,5 @@ module.exports = {
   autoDetectFileAndLanguage,
   errorOnFileDetection,
   autoDetectAuditFilesAndLanguages,
-  errorOnAuditFileDetection,
-  manualDetectAuditFilesAndLanguages
+  errorOnAuditFileDetection
 }

package/src/scan/fileUtils.js CHANGED Viewed

@@ -11,13 +11,14 @@ const findFile = async () => {
   })
 }
-const findFilesJava = async languagesFound => {
+const findFilesJava = async (languagesFound, filePath) => {
   const result = await fg(
     ['**/pom.xml', '**/build.gradle', '**/build.gradle.kts'],
     {
       dot: false,
       deep: 1,
-      onlyFiles: true
+      onlyFiles: true,
+      cwd: filePath ? filePath : process.cwd()
     }
   )
@@ -27,13 +28,14 @@ const findFilesJava = async languagesFound => {
   return languagesFound
 }
-const findFilesJavascript = async languagesFound => {
+const findFilesJavascript = async (languagesFound, filePath) => {
   const result = await fg(
     ['**/package.json', '**/yarn.lock', '**/package-lock.json'],
     {
       dot: false,
       deep: 1,
-      onlyFiles: true
+      onlyFiles: true,
+      cwd: filePath ? filePath : process.cwd()
     }
   )
@@ -43,11 +45,12 @@ const findFilesJavascript = async languagesFound => {
   return languagesFound
 }
-const findFilesPython = async languagesFound => {
+const findFilesPython = async (languagesFound, filePath) => {
   const result = await fg(['**/Pipfile.lock', '**/Pipfile'], {
     dot: false,
     deep: 3,
-    onlyFiles: true
+    onlyFiles: true,
+    cwd: filePath ? filePath : process.cwd()
   })
   if (result.length > 0) {
@@ -56,11 +59,12 @@ const findFilesPython = async languagesFound => {
   return languagesFound
 }
-const findFilesGo = async languagesFound => {
+const findFilesGo = async (languagesFound, filePath) => {
   const result = await fg(['**/go.mod'], {
     dot: false,
     deep: 3,
-    onlyFiles: true
+    onlyFiles: true,
+    cwd: filePath ? filePath : process.cwd()
   })
   if (result.length > 0) {
@@ -69,11 +73,12 @@ const findFilesGo = async languagesFound => {
   return languagesFound
 }
-const findFilesRuby = async languagesFound => {
+const findFilesRuby = async (languagesFound, filePath) => {
   const result = await fg(['**/Gemfile', '**/Gemfile.lock'], {
     dot: false,
     deep: 3,
-    onlyFiles: true
+    onlyFiles: true,
+    cwd: filePath ? filePath : process.cwd()
   })
   if (result.length > 0) {
@@ -82,11 +87,12 @@ const findFilesRuby = async languagesFound => {
   return languagesFound
 }
-const findFilesPhp = async languagesFound => {
+const findFilesPhp = async (languagesFound, filePath) => {
   const result = await fg(['**/composer.json', '**/composer.lock'], {
     dot: false,
     deep: 3,
-    onlyFiles: true
+    onlyFiles: true,
+    cwd: filePath ? filePath : process.cwd()
   })
   if (result.length > 0) {
@@ -95,6 +101,20 @@ const findFilesPhp = async languagesFound => {
   return languagesFound
 }
+const findFilesDotNet = async (languagesFound, filePath) => {
+  const result = await fg(['**/*.csproj', '**/packages.lock.json'], {
+    dot: false,
+    deep: 3,
+    onlyFiles: true,
+    cwd: filePath ? filePath : process.cwd()
+  })
+  if (result.length > 0) {
+    return languagesFound.push({ DOTNET: result })
+  }
+  return languagesFound
+}
 const checkFilePermissions = file => {
   let readableFile = false
   try {
@@ -138,5 +158,6 @@ module.exports = {
   findFilesGo,
   findFilesPhp,
   findFilesRuby,
+  findFilesDotNet,
   fileIsEmpty
 }

package/src/scan/formatScanOutput.ts CHANGED Viewed

@@ -34,8 +34,9 @@ export function formatScanOutput(scanResults: ScanResultsModel) {
     let defaultView = getDefaultView(scanResultsInstances.content)
-    let count = defaultView.length
+    let count = 0
     defaultView.forEach(entry => {
+      count++
       let table = new Table({
         chars: {
           top: '',
@@ -61,12 +62,12 @@ export function formatScanOutput(scanResults: ScanResultsModel) {
       })
       let learnRow: string[] = []
       let adviceRow = []
+      const headerColour = chalk.hex(entry.colour)
       const headerRow = [
-        chalk
-          .hex(entry.colour)
-          .bold(`CONTRAST-${count.toString().padStart(3, '0')}`),
-        chalk.hex(entry.colour).bold('-'),
-        chalk.hex(entry.colour).bold(`[${entry.severity}] ${entry.ruleId}`) +
+        headerColour(`CONTRAST-${count.toString().padStart(3, '0')}`),
+        headerColour(`-`),
+        headerColour(`[${entry.severity}] `) +
+          headerColour.bold(`${entry.ruleId}`) +
           entry.message
       ]
@@ -98,12 +99,13 @@ export function formatScanOutput(scanResults: ScanResultsModel) {
         ]
         table.push(learnRow)
       }
-      count--
       console.log(table.toString())
       console.log()
     })
   }
   printVulnInfo(projectOverview)
+  return projectOverview
 }
 function printVulnInfo(projectOverview: any) {
@@ -179,7 +181,7 @@ export function getDefaultView(content: ResultContent[]) {
     assignBySeverity(resultEntry, groupResultsObj)
   })
-  return sortBy(groupTypeResults, ['priority']).reverse()
+  return sortBy(groupTypeResults, ['priority'])
 }
 export function editVulName(message: string) {
   return message.substring(message.indexOf(' in '))

package/src/scan/populateProjectIdAndProjectName.js CHANGED Viewed

@@ -28,7 +28,11 @@ const createProjectId = async (config, client) => {
         process.exit(1)
         return
       }
+      if (res.statusCode === 429) {
+        console.log(i18n.__('exceededFreeTier'))
+        process.exit(1)
+        return
+      }
       if (res.statusCode === 201) {
         console.log(i18n.__('projectCreatedScan'))
         if (config.verbose) {

package/src/scan/scan.ts CHANGED Viewed

@@ -47,6 +47,10 @@ export const sendScan = async (config: any) => {
             )
             console.log(i18n.__('genericServiceError', res.statusCode))
           }
+          if (res.statusCode === 429) {
+            console.log(i18n.__('exceededFreeTier'))
+            process.exit(1)
+          }
           if (res.statusCode === 403) {
             console.log(i18n.__('permissionsError'))
             process.exit(1)

package/src/scan/scanConfig.js CHANGED Viewed

@@ -1,15 +1,15 @@
 const paramHandler = require('../utils/paramsUtil/paramHandler')
 const constants = require('../../src/constants.js')
-const parsedCLIOptions = require('../../src/utils/parsedCLIOptions')
 const path = require('path')
-const {
-  supportedLanguages
-} = require('../audit/languageAnalysisEngine/constants')
+const { supportedLanguagesScan } = require('../constants/constants')
 const i18n = require('i18n')
 const { scanUsageGuide } = require('./help')
+const parsedCLIOptions = require('../utils/parsedCLIOptions')
-const getScanConfig = argv => {
-  let scanParams = parsedCLIOptions.getCommandLineArgsCustom(
+const getScanConfig = async (contrastConf, command, argv) => {
+  let scanParams = await parsedCLIOptions.getCommandLineArgsCustom(
+    contrastConf,
+    command,
     argv,
     constants.commandLineDefinitions.scanOptionDefinitions
   )
@@ -23,7 +23,7 @@ const getScanConfig = argv => {
   if (scanParams.language) {
     scanParams.language = scanParams.language.toUpperCase()
-    if (!Object.values(supportedLanguages).includes(scanParams.language)) {
+    if (!Object.values(supportedLanguagesScan).includes(scanParams.language)) {
       console.log(`Did not recognise --language ${scanParams.language}`)
       console.log(i18n.__('constantsHowToRunDev3'))
       process.exit(1)

package/src/scan/scanResults.js CHANGED Viewed

@@ -4,11 +4,15 @@ const oraFunctions = require('../utils/oraWrapper')
 const _ = require('lodash')
 const i18n = require('i18n')
 const oraWrapper = require('../utils/oraWrapper')
+const readLine = require('readline')
 const getScanId = async (config, codeArtifactId, client) => {
   return client
     .getScanId(config, codeArtifactId)
     .then(res => {
+      if (res.statusCode == 429) {
+        throw new Error(i18n.__('exceededFreeTier'))
+      }
       return res.body.id
     })
     .catch(err => {
@@ -88,13 +92,51 @@ const returnScanResults = async (
           startScanSpinner,
           'Contrast Scan timed out at the specified ' + timeout + ' seconds.'
         )
-        console.log('Please try again, allowing more time.')
-        process.exit(1)
+        if (!config.isCI) {
+          const retry = await retryScanPrompt()
+          timeout = retry.timeout
+        }
       }
     }
   }
 }
+const retryScanPrompt = async () => {
+  const rl = readLine.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  })
+  return new Promise((resolve, reject) => {
+    requestUtils.timeOutError(30000, reject)
+    rl.question(
+      '🔁 Do you want to continue waiting on Scan? [Y/N]\n',
+      async input => {
+        if (input.toLowerCase() === 'yes' || input.toLowerCase() === 'y') {
+          console.log('Continuing wait for Scan')
+          rl.close()
+          resolve({ timeout: 300 })
+        } else if (
+          input.toLowerCase() === 'no' ||
+          input.toLowerCase() === 'n'
+        ) {
+          rl.close()
+          console.log('Contrast Scan Retry Cancelled: Exiting')
+          resolve(process.exit(1))
+        } else {
+          rl.close()
+          console.log('Invalid Input: Exiting')
+          resolve(process.exit(1))
+        }
+      }
+    )
+  }).catch(e => {
+    throw e
+  })
+}
 const returnScanResultsInstances = async (config, scanId) => {
   const client = commonApi.getHttpClient(config)
   let result
@@ -118,5 +160,6 @@ module.exports = {
   getScanId: getScanId,
   returnScanResults: returnScanResults,
   pollScanResults: pollScanResults,
-  returnScanResultsInstances: returnScanResultsInstances
+  returnScanResultsInstances: returnScanResultsInstances,
+  retryScanPrompt
 }

package/src/telemetry/telemetry.ts ADDED Viewed

@@ -0,0 +1,154 @@
+import { getHttpClient } from '../utils/commonApi'
+import * as crypto from 'crypto'
+import { ContrastConf } from '../utils/getConfig'
+export const TELEMETRY_CLI_COMMANDS_EVENT = 'CLI_COMMANDS'
+export const TELEMETRY_CLI_TIME_TO_AUTH_EVENT = 'CLI_TIME_TO_AUTH'
+export const sendTelemetryConfigAsConfObj = async (
+  config: ContrastConf,
+  command: string,
+  argv: string[],
+  result: string,
+  language: string
+) => {
+  const hostParam = '--host'
+  const hostParamAlias = '-h'
+  const orgIdParam = '--organization-id'
+  const orgIdParamAlias = '-o'
+  const authParam = '--authorization'
+  const apiKeyParam = '--api-key'
+  let configToUse
+  if (
+    paramExists(argv, hostParam, hostParamAlias) &&
+    paramExists(argv, orgIdParam, orgIdParamAlias) &&
+    paramExists(argv, authParam, null) &&
+    paramExists(argv, apiKeyParam, null)
+  ) {
+    //if the user has passed the values as params
+    configToUse = {
+      host: findParamValueFromArgs(argv, hostParam, hostParamAlias),
+      organizationId: findParamValueFromArgs(argv, orgIdParam, orgIdParamAlias),
+      authorization: findParamValueFromArgs(argv, authParam, null),
+      apiKey: findParamValueFromArgs(argv, apiKeyParam, null)
+    }
+  } else if (
+    config &&
+    config.get('host') &&
+    config.get('organizationId') &&
+    config.get('authorization') &&
+    config.get('apiKey')
+  ) {
+    configToUse = {
+      host: config.get('host')?.slice(0, -1), //slice off extra / in url, will 404 on teamserver if we don't
+      organizationId: config.get('organizationId'),
+      authorization: config.get('authorization'),
+      apiKey: config.get('apiKey')
+    }
+  } else {
+    //return when unable to get config
+    return
+  }
+  return await sendTelemetryConfigAsObject(
+    configToUse,
+    command,
+    argv,
+    result,
+    language
+  )
+}
+export const sendTelemetryConfigAsObject = async (
+  config: any,
+  command: string,
+  argv: string[],
+  result: string,
+  language: string
+) => {
+  const obfuscatedParams = obfuscateParams(argv)
+  const requestBody = {
+    event: TELEMETRY_CLI_COMMANDS_EVENT,
+    details: {
+      ip_address: '',
+      account_name: '',
+      account_host: '',
+      company_domain: '',
+      command: `contrast ${command} ${obfuscatedParams}`,
+      app_id:
+        config && config.applicationId
+          ? sha1Base64Value(config.applicationId)
+          : 'undefined',
+      project_id:
+        config && config.projectId
+          ? sha1Base64Value(config.projectId)
+          : 'undefined',
+      language: language,
+      result: result,
+      additional_info: '',
+      timestamp: new Date().toUTCString()
+    }
+  }
+  return await sendTelemetryRequest(config, requestBody)
+}
+export const sendTelemetryRequest = async (config: any, requestBody: any) => {
+  const client = getHttpClient(config)
+  return client
+    .postTelemetry(config, requestBody)
+    .then((res: any) => {
+      if (res.statusCode !== 200 && config.debug === true) {
+        console.log('Telemetry failed to send with status', res.statusCode)
+      }
+      return { statusCode: res.statusCode, statusMessage: res.statusMessage }
+    })
+    .catch((err: any) => {
+      return
+    })
+}
+export const obfuscateParams = (argv: string[]) => {
+  return argv
+    .join(' ')
+    .replace(/--(authorization [A-Z0-9]+)/gi, '--authorization *****')
+    .replace(/-(o [A-Z0-9-]+)/gi, '-o *****')
+    .replace(/--(organization-id [A-Z0-9-]+)/gi, '--organization-id *****')
+    .replace(/--(api-key [A-Z0-9]+)/gi, '--api-key *****')
+}
+export const paramExists = (
+  argv: string[],
+  param: string,
+  paramAlias: string | null
+) => {
+  return argv.find((arg: string) => arg === param || arg === paramAlias)
+}
+export const findParamValueFromArgs = (
+  argv: string[],
+  param: string,
+  paramAlias: string | null
+) => {
+  let paramAsValue
+  argv.forEach((arg: string, index: number) => {
+    if (
+      arg === param ||
+      (arg === paramAlias &&
+        argv[index + 1] !== undefined &&
+        argv[index + 1] !== null)
+    ) {
+      paramAsValue = argv[index + 1]
+    }
+  })
+  return paramAsValue
+}
+export const sha1Base64Value = (value: any) => {
+  return crypto.createHash('sha1').update(value).digest('base64')
+}

package/src/utils/commonApi.js CHANGED Viewed

@@ -20,7 +20,7 @@ const handleResponseErrors = (res, api) => {
   } else if (res.statusCode === 412) {
     maxAppError()
   } else {
-    genericError()
+    genericError(res)
   }
 }

package/src/utils/getConfig.ts CHANGED Viewed

@@ -7,7 +7,7 @@ type ContrastConfOptions = Partial<{
   orgId: string
   authHeader: string
   numOfRuns: number
-  updateMessageHidden: boolean
+  isCI: boolean
 }>
 type ContrastConf = Conf<ContrastConfOptions>
@@ -18,12 +18,10 @@ const localConfig = (name: string, version: string) => {
   })
   config.set('version', version)
-  if (process.env.CONTRAST_CODSEC_DISABLE_UPDATE_MESSAGE) {
+  if (process.env.CONTRAST_CODSEC_CI) {
     config.set(
-      'updateMessageHidden',
-      JSON.parse(
-        process.env.CONTRAST_CODSEC_DISABLE_UPDATE_MESSAGE.toLowerCase()
-      )
+      'isCI',
+      JSON.parse(process.env.CONTRAST_CODSEC_CI.toLowerCase()) as boolean
     )
   }
@@ -33,11 +31,6 @@ const localConfig = (name: string, version: string) => {
   return config
 }
-const createConfigFromYaml = (yamlPath: string) => {
-  const yamlConfig = {}
-  return yamlConfig
-}
 const setConfigValues = (config: ContrastConf, values: ContrastConfOptions) => {
   config.set('apiKey', values.apiKey)
   config.set('organizationId', values.orgId)
@@ -45,10 +38,4 @@ const setConfigValues = (config: ContrastConf, values: ContrastConfOptions) => {
   values.host ? config.set('host', values.host) : null
 }
-export {
-  localConfig,
-  createConfigFromYaml,
-  setConfigValues,
-  ContrastConf,
-  ContrastConfOptions
-}
+export { localConfig, setConfigValues, ContrastConf, ContrastConfOptions }

package/src/utils/parsedCLIOptions.js CHANGED Viewed

@@ -1,6 +1,12 @@
 const commandLineArgs = require('command-line-args')
+const { sendTelemetryConfigAsConfObj } = require('../telemetry/telemetry')
-const getCommandLineArgsCustom = (parameterList, optionDefinitions) => {
+const getCommandLineArgsCustom = async (
+  contrastConf,
+  command,
+  parameterList,
+  optionDefinitions
+) => {
   try {
     return commandLineArgs(optionDefinitions, {
       argv: parameterList,
@@ -9,6 +15,13 @@ const getCommandLineArgsCustom = (parameterList, optionDefinitions) => {
       caseInsensitive: true
     })
   } catch (e) {
+    await sendTelemetryConfigAsConfObj(
+      contrastConf,
+      command,
+      parameterList,
+      'FAILURE',
+      'undefined'
+    )
     console.log(e.message.toString())
     process.exit(1)
   }

package/src/utils/requestUtils.js CHANGED Viewed

@@ -15,8 +15,15 @@ const sleep = ms => {
   return new Promise(resolve => setTimeout(resolve, ms))
 }
+const timeOutError = (ms, reject) => {
+  return setTimeout(() => {
+    reject(new Error(`No input detected after 30s`))
+  }, ms)
+}
 module.exports = {
   sendRequest: sendRequest,
   sleep: sleep,
-  millisToSeconds: millisToSeconds
+  millisToSeconds: millisToSeconds,
+  timeOutError: timeOutError
 }

package/dist/audit/AnalysisEngine.js DELETED Viewed

@@ -1,37 +0,0 @@
-"use strict";
-class AnalysisEngine {
-    constructor(initAnalysis = {}) {
-        this.analyzers = [];
-        this.analysis = { ...initAnalysis };
-    }
-    use(analyzer) {
-        if (Array.isArray(analyzer)) {
-            this.analyzers = [...this.analyzers, ...analyzer];
-            return;
-        }
-        this.analyzers.push(analyzer);
-    }
-    analyze(callback, config) {
-        let i = 0;
-        const next = err => {
-            if (err) {
-                return setImmediate(() => callback(err, this.analysis));
-            }
-            if (i >= this.analyzers.length) {
-                return setImmediate(() => callback(null, this.analysis));
-            }
-            const analyzer = this.analyzers[i];
-            i++;
-            setImmediate(() => {
-                try {
-                    analyzer(this.analysis, next, config);
-                }
-                catch (uncaughtErr) {
-                    next(uncaughtErr);
-                }
-            });
-        };
-        next();
-    }
-}
-module.exports = exports = AnalysisEngine;