@contrast/contrast 1.0.8 → 1.0.11

package/dist/commands/audit/auditConfig.js

@@ -6,26 +6,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.getAuditConfig = void 0;
 const paramHandler_1 = __importDefault(require("../../utils/paramsUtil/paramHandler"));
 const constants_1 = __importDefault(require("../../constants"));
-const parsedCLIOptions_1 = __importDefault(require("../../utils/parsedCLIOptions"));
-const constants_2 = __importDefault(require("../../audit/languageAnalysisEngine/constants"));
-const autoDetectLanguage_1 = require("../../audit/autodetection/autoDetectLanguage");
-const { supportedLanguages: { NODE, JAVASCRIPT } } = constants_2.default;
-const getAuditConfig = (argv) => {
-    const auditParameters = parsedCLIOptions_1.default.getCommandLineArgsCustom(argv, constants_1.default.commandLineDefinitions.auditOptionDefinitions);
+const parsedCLIOptions_1 = require("../../utils/parsedCLIOptions");
+const getAuditConfig = async (contrastConf, command, argv) => {
+    const auditParameters = await (0, parsedCLIOptions_1.getCommandLineArgsCustom)(contrastConf, command, argv, constants_1.default.commandLineDefinitions.auditOptionDefinitions);
     const paramsAuth = paramHandler_1.default.getAuth(auditParameters);
-    if (auditParameters.language === undefined ||
-        auditParameters.language === null) {
-        try {
-            auditParameters.language = (0, autoDetectLanguage_1.determineProjectLanguage)((0, autoDetectLanguage_1.identifyLanguages)(auditParameters));
-        }
-        catch (err) {
-            console.log(err.message);
-            process.exit(1);
-        }
-    }
-    else if (auditParameters.language.toUpperCase() === JAVASCRIPT) {
-        auditParameters.language = NODE.toLowerCase();
-    }
     return { ...paramsAuth, ...auditParameters };
 };
 exports.getAuditConfig = getAuditConfig;

package/dist/commands/audit/auditController.js

@@ -3,11 +3,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAppName = exports.startAudit = exports.dealWithNoAppId = void 0;
+exports.getAppName = exports.dealWithNoAppId = void 0;
 const catalogueApplication_1 = require("../../audit/catalogueApplication/catalogueApplication");
 const commonApi_1 = __importDefault(require("../../audit/languageAnalysisEngine/commonApi"));
-const identifyLanguageAE = require('./../../audit/languageAnalysisEngine');
-const languageFactory = require('../../audit/languageAnalysisEngine/languageAnalysisFactory');
 const dealWithNoAppId = async (config) => {
     let appID;
     try {
@@ -33,13 +31,6 @@ const dealWithNoAppId = async (config) => {
     return appID;
 };
 exports.dealWithNoAppId = dealWithNoAppId;
-const startAudit = async (config) => {
-    if (!config.applicationId) {
-        config.applicationId = await (0, exports.dealWithNoAppId)(config);
-    }
-    identifyLanguageAE(config.file, languageFactory, config.applicationId, config);
-};
-exports.startAudit = startAudit;
 const getAppName = (file) => {
     const last = file.charAt(file.length - 1);
     if (last !== '/') {

package/dist/commands/audit/help.js

@@ -18,30 +18,13 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
             '{bold ' +
                 i18n_1.default.__('constantsAuditPrerequisitesContentSupportedLanguages') +
                 '}',
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentJava') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentMessage'),
-            '',
-            '{italic ' + i18n_1.default.__('constantsJavaNote') + '}',
-            '{italic ' + i18n_1.default.__('constantsJavaNoteGradle') + '}',
-            '',
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentDotNet') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentDotNetMessage'),
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageNode') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageNodeMessage'),
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageRuby') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageRubyMessage'),
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguagePython') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguagePythonMessage')
+            i18n_1.default.__('constantsAuditPrerequisitesJavaContentMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentDotNetMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentNodeMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentRubyMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentPythonMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentGoMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentPHPMessage')
         ]
     },
     {

package/dist/commands/audit/processAudit.js

@@ -1,22 +1,18 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.processAudit = void 0;
-const auditController_1 = require("./auditController");
 const auditConfig_1 = require("./auditConfig");
 const help_1 = require("./help");
 const scaAnalysis_1 = require("../scan/sca/scaAnalysis");
-const processAudit = async (argv) => {
+const telemetry_1 = require("../../telemetry/telemetry");
+const processAudit = async (contrastConf, argv) => {
     if (argv.indexOf('--help') != -1) {
         printHelpMessage();
         process.exit(0);
     }
-    const config = (0, auditConfig_1.getAuditConfig)(argv);
-    if (config.experimental) {
-        await (0, scaAnalysis_1.processSca)(config);
-    }
-    else {
-        await (0, auditController_1.startAudit)(config);
-    }
+    const config = await (0, auditConfig_1.getAuditConfig)(contrastConf, 'audit', argv);
+    await (0, scaAnalysis_1.processSca)(config);
+    await (0, telemetry_1.sendTelemetryConfigAsObject)(config, 'audit', argv, 'SUCCESS', config.language);
 };
 exports.processAudit = processAudit;
 const printHelpMessage = () => {

package/dist/commands/audit/saveFile.js

@@ -5,8 +5,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.saveFile = void 0;
 const fs_1 = __importDefault(require("fs"));
-const saveFile = (config, rawResults) => {
-    const fileName = `${config.applicationId}-sbom-cyclonedx.json`;
+const saveFile = (config, type, rawResults) => {
+    const fileName = `${config.applicationId}-sbom-${type}.json`;
     fs_1.default.writeFileSync(fileName, JSON.stringify(rawResults));
 };
 exports.saveFile = saveFile;

package/dist/commands/auth/auth.js

@@ -11,7 +11,7 @@ const parsedCLIOptions = require('../../utils/parsedCLIOptions');
 const constants = require('../../constants');
 const commandLineUsage = require('command-line-usage');
 const processAuth = async (argv, config) => {
-    let authParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.authOptionDefinitions);
+    let authParams = await parsedCLIOptions.getCommandLineArgsCustom(config, 'auth', argv, constants.commandLineDefinitions.authOptionDefinitions);
     if (authParams.help) {
         console.log(authUsageGuide);
         process.exit(0);

package/dist/commands/config/config.js

@@ -3,9 +3,9 @@ const parsedCLIOptions = require('../../utils/parsedCLIOptions');
 const constants = require('../../constants');
 const commandLineUsage = require('command-line-usage');
 const i18n = require('i18n');
-const processConfig = (argv, config) => {
+const processConfig = async (argv, config) => {
     try {
-        let configParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.configOptionDefinitions);
+        let configParams = await parsedCLIOptions.getCommandLineArgsCustom(config, 'config', argv, constants.commandLineDefinitions.configOptionDefinitions);
         if (configParams.help) {
             console.log(configUsageGuide);
             process.exit(0);

package/dist/commands/scan/processScan.js

@@ -5,18 +5,25 @@ const { saveScanFile } = require('../../utils/saveFile');
 const { ScanResultsModel } = require('../../scan/models/scanResultsModel');
 const { formatScanOutput } = require('../../scan/formatScanOutput');
 const { processSca } = require('./sca/scaAnalysis');
-const processScan = async (argvMain) => {
-    let config = scanConfig.getScanConfig(argvMain);
+const common = require('../../common/fail');
+const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry');
+const processScan = async (contrastConf, argv) => {
+    let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv);
+    let output = undefined;
     if (config.experimental) {
-        await processSca(config);
+        await processSca(config, argv);
     }
     let scanResults = new ScanResultsModel(await startScan(config));
+    await sendTelemetryConfigAsObject(config, 'scan', argv, 'SUCCESS', scanResults.scanDetail.language);
     if (scanResults.scanResultsInstances !== undefined) {
-        formatScanOutput(scanResults);
+        output = formatScanOutput(scanResults);
     }
     if (config.save !== undefined) {
         await saveScanFile(config, scanResults);
     }
+    if (config.fail) {
+        common.processFail(config, output);
+    }
 };
 module.exports = {
     processScan

package/dist/commands/scan/sca/scaAnalysis.js

@@ -2,9 +2,8 @@
 const autoDetection = require('../../../scan/autoDetection');
 const javaAnalysis = require('../../../scaAnalysis/java');
 const treeUpload = require('../../../scaAnalysis/common/treeUpload');
-const { manualDetectAuditFilesAndLanguages } = require('../../../scan/autoDetection');
 const auditController = require('../../audit/auditController');
-const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP } } = require('../../../audit/languageAnalysisEngine/constants');
+const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET } } = require('../../../constants/constants');
 const goAnalysis = require('../../../scaAnalysis/go/goAnalysis');
 const phpAnalysis = require('../../../scaAnalysis/php/index');
 const { rubyAnalysis } = require('../../../scaAnalysis/ruby');
@@ -15,15 +14,26 @@ const { returnOra, startSpinner, succeedSpinner } = require('../../../utils/oraW
 const i18n = require('i18n');
 const { vulnerabilityReportV2 } = require('../../../audit/languageAnalysisEngine/report/reportingFeature');
 const auditSave = require('../../../audit/save');
+const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet');
+const { auditUsageGuide } = require('../../audit/help');
+const rootFile = require('../../../audit/languageAnalysisEngine/getProjectRootFilenames');
+const path = require('path');
 const processSca = async (config) => {
+    const startTime = performance.now();
     let filesFound;
-    if (config.file) {
-        config.file = config.file.concat('/');
-        filesFound = await manualDetectAuditFilesAndLanguages(config.file);
+    if (config.help) {
+        console.log(auditUsageGuide);
+        process.exit(0);
     }
-    else {
-        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config);
-        config.file = process.cwd().concat('/');
+    const projectStats = await rootFile.getProjectStats(config.file);
+    let pathWithFile = projectStats.isFile();
+    config.fileName = config.file;
+    config.file = pathWithFile
+        ? rootFile.getDirectoryFromPathGiven(config.file).concat('/')
+        : config.file;
+    filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
+    if (filesFound.length > 1 && pathWithFile) {
+        filesFound = filesFound.filter(i => Object.values(i)[0].includes(path.basename(config.fileName)));
     }
     let messageToSend = undefined;
     if (filesFound.length === 1) {
@@ -52,27 +62,41 @@ const processSca = async (config) => {
                 messageToSend = goAnalysis.goAnalysis(config, filesFound[0]);
                 config.language = GO;
                 break;
+            case DOTNET:
+                messageToSend = dotNetAnalysis(config, filesFound[0]);
+                config.language = DOTNET;
+                break;
             default:
-                console.log('language detected not supported');
+                console.log('No supported language detected in project path');
                 return;
         }
         if (!config.applicationId) {
             config.applicationId = await auditController.dealWithNoAppId(config);
         }
+        console.log('');
         const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
         startSpinner(reportSpinner);
         const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
         await pollForSnapshotCompletition(config, snapshotResponse.id, reportSpinner);
-        succeedSpinner(reportSpinner, 'Contrast SCA audit complete');
+        succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
         await vulnerabilityReportV2(config, snapshotResponse.id);
-        await auditSave.auditSave(config);
+        if (config.save !== undefined) {
+            await auditSave.auditSave(config);
+        }
+        const endTime = performance.now() - startTime;
+        const scanDurationMs = endTime - startTime;
+        console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
     }
     else {
         if (filesFound.length === 0) {
-            console.log('no compatible dependency files detected. Continuing...');
+            console.log(i18n.__('languageAnalysisNoLanguage'));
+            console.log(i18n.__('languageAnalysisNoLanguageHelpLine'));
+            throw new Error();
         }
         else {
-            console.log('multiple language files detected, please use --file to specify a directory or the file where dependencies are declared');
+            throw new Error(`multiple language files detected \n` +
+                JSON.stringify(filesFound) +
+                `\nplease use --file to audit one language only. Example: contrast audit --file package-lock.json`);
         }
     }
 };

package/dist/common/HTTPClient.js

@@ -242,9 +242,9 @@ HTTPClient.prototype.checkLibrary = function checkLibrary(data) {
     options.body = data;
     return requestUtils.sendRequest({ method: 'post', options });
 };
-HTTPClient.prototype.getSbom = function getSbom(config) {
+HTTPClient.prototype.getSbom = function getSbom(config, type) {
     const options = _.cloneDeep(this.requestOptions);
-    options.url = createSbomCycloneDXUrl(config);
+    options.url = createSbomUrl(config, type);
     return requestUtils.sendRequest({ method: 'get', options });
 };
 HTTPClient.prototype.getLatestVersion = function getLatestVersion() {
@@ -253,6 +253,12 @@ HTTPClient.prototype.getLatestVersion = function getLatestVersion() {
         'https://pkg.contrastsecurity.com/artifactory/cli/latest-version.txt';
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.postTelemetry = function postTelemetry(config, requestBody) {
+    const options = _.cloneDeep(this.requestOptions);
+    options.url = createTelemetryEventUrl(config);
+    options.body = requestBody;
+    return requestUtils.sendRequest({ method: 'post', options });
+};
 HTTPClient.prototype.postAnalyticsFunction = function (config, provider, body) {
     const url = createAnalyticsFunctionPostUrl(config, provider);
     const options = { ...this.requestOptions, body, url };
@@ -304,11 +310,11 @@ const createAppNameUrl = config => {
 function createLibraryVulnerabilitiesUrl(config) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`;
 }
-function createSpecificReportUrl(config, reportId) {
-    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}`;
+function createSpecificReportUrl(config, reportId, includeTree = false) {
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}?&includeTree=${includeTree}`;
 }
-function createSpecificReportWithProdUrl(config, reportId) {
-    return createSpecificReportUrl(config, reportId).concat(`?nodesToInclude=PROD`);
+function createSpecificReportWithProdUrl(config, reportId, includeTree) {
+    return createSpecificReportUrl(config, reportId, includeTree).concat(`&nodesToInclude=PROD`);
 }
 function createSpecificReportStatusURL(config, reportId) {
     return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots/${reportId}/status`;
@@ -316,8 +322,11 @@ function createSpecificReportStatusURL(config, reportId) {
 function createDataUrl() {
     return `https://ardy.contrastsecurity.com/production`;
 }
-function createSbomCycloneDXUrl(config) {
-    return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/cyclonedx`;
+function createSbomUrl(config, type) {
+    return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/${type}`;
+}
+function createTelemetryEventUrl(config) {
+    return `${config.host}/Contrast/api/sast/organizations/${config.organizationId}/cli`;
 }
 module.exports = HTTPClient;
 module.exports.pollForAuthUrl = pollForAuthUrl;

package/dist/common/errorHandling.js

@@ -48,8 +48,8 @@ const reportFailureError = () => {
 };
 exports.reportFailureError = reportFailureError;
 const genericError = (missingCliOption) => {
-    console.log(`*************************** ${i18n_1.default.__('yamlMissingParametersHeader')} ***************************\n${missingCliOption}`);
-    console.error(i18n_1.default.__('yamlMissingParametersMessage'));
+    console.log(missingCliOption);
+    console.error(i18n_1.default.__('genericErrorMessage'));
     process.exit(1);
 };
 exports.genericError = genericError;

package/dist/common/fail.js

@@ -0,0 +1,66 @@
+"use strict";
+const i18n = require('i18n');
+const processFail = (config, reportResults) => {
+    if (config.severity !== undefined) {
+        if (reportResults[config.severity] !== undefined &&
+            isSeverityViolation(config.severity, reportResults)) {
+            failPipeline('failSeverityOptionErrorMessage');
+        }
+    }
+    if (config.severity === undefined && reportResults.total > 0) {
+        failPipeline('failThresholdOptionErrorMessage');
+    }
+};
+const isSeverityViolation = (severity, reportResults) => {
+    let count = 0;
+    switch (severity) {
+        case 'critical':
+            count += reportResults.critical;
+            break;
+        case 'high':
+            count += reportResults.high + reportResults.critical;
+            break;
+        case 'medium':
+            count += reportResults.medium + reportResults.low + reportResults.critical;
+            break;
+        case 'low':
+            count +=
+                reportResults.high + reportResults.critical + reportResults.medium;
+            break;
+        case 'note':
+            if (reportResults.note == reportResults.total) {
+                count = 0;
+            }
+            else {
+                count = reportResults.total;
+            }
+            break;
+        default:
+            count = 0;
+    }
+    return count > 0;
+};
+const failPipeline = (message = '') => {
+    console.log('\n ******************************** ' +
+        i18n.__('snapshotFailureHeader') +
+        ' *********************************\n' +
+        i18n.__(message));
+    process.exit(1);
+};
+const parseSeverity = severity => {
+    const severities = ['NOTE', 'LOW', 'MEDIUM', 'HIGH', 'CRITICAL'];
+    if (severities.includes(severity.toUpperCase())) {
+        return severity.toLowerCase();
+    }
+    else {
+        console.log(severity +
+            ' Not recognised as a severity type please use LOW, MEDIUM, HIGH, CRITICAL, NOTE');
+        return undefined;
+    }
+};
+module.exports = {
+    failPipeline,
+    processFail,
+    isSeverityViolation,
+    parseSeverity
+};

package/dist/common/versionChecker.js

@@ -23,7 +23,7 @@ const getLatestVersion = async (config) => {
     }
 };
 async function findLatestCLIVersion(config) {
-    const messageHidden = config.get('updateMessageHidden');
+    const messageHidden = config.get('isCI');
     if (!messageHidden) {
         let latestCLIVersion = await getLatestVersion(config);
         latestCLIVersion = latestCLIVersion.substring(8);

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.8';
+const APP_VERSION = '1.0.11';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';
@@ -27,9 +27,12 @@ const NOTE_PRIORITY = 5;
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com';
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com';
 const SARIF_FILE = 'SARIF';
+const SBOM_CYCLONE_DX_FILE = 'cyclonedx';
+const SBOM_SPDX_FILE = 'spdx';
 const CE_URL = 'https://ce.contrastsecurity.com/';
 module.exports = {
     supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
+    supportedLanguagesScan: { JAVASCRIPT, DOTNET, JAVA },
     LOW,
     MEDIUM,
     HIGH,
@@ -50,5 +53,7 @@ module.exports = {
     HIGH_PRIORITY,
     MEDIUM_PRIORITY,
     LOW_PRIORITY,
-    NOTE_PRIORITY
+    NOTE_PRIORITY,
+    SBOM_CYCLONE_DX_FILE,
+    SBOM_SPDX_FILE
 };