@contrast/contrast 1.0.8 → 1.0.11

package/dist/scaAnalysis/dotnet/analysis.js

@@ -0,0 +1,55 @@
+"use strict";
+const fs = require('fs');
+const xml2js = require('xml2js');
+const i18n = require('i18n');
+const readAndParseProjectFile = projectFilePath => {
+    const projectFile = fs.readFileSync(projectFilePath);
+    return new xml2js.Parser({
+        explicitArray: false,
+        mergeAttrs: true
+    }).parseString(projectFile);
+};
+const readAndParseLockFile = lockFilePath => {
+    const lockFile = JSON.parse(fs.readFileSync(lockFilePath).toString());
+    let count = 0;
+    for (const dependenciesNode in lockFile.dependencies) {
+        for (const innerNode in lockFile.dependencies[dependenciesNode]) {
+            const nodeValidation = JSON.stringify(lockFile.dependencies[dependenciesNode][innerNode]);
+            if (nodeValidation.includes('"type":"Project"')) {
+                count += 1;
+                delete lockFile.dependencies[dependenciesNode][innerNode];
+                lockFile.additionalInfo = 'dependenciesNote';
+            }
+        }
+    }
+    if (count > 0) {
+        const multiLevelProjectWarning = () => {
+            console.log('');
+            console.log(i18n.__('dependenciesNote'));
+        };
+        setTimeout(multiLevelProjectWarning, 7000);
+    }
+    return lockFile;
+};
+const checkForCorrectFiles = languageFiles => {
+    if (!languageFiles.includes('packages.lock.json')) {
+        throw new Error(i18n.__('languageAnalysisHasNoLockFile', '.NET'));
+    }
+    if (!languageFiles.some(i => i.includes('.csproj'))) {
+        throw new Error(i18n.__('languageAnalysisProjectFileError', '.NET'));
+    }
+};
+const getDotNetDeps = (filePath, languageFiles) => {
+    checkForCorrectFiles(languageFiles);
+    const projectFileName = languageFiles.find(fileName => fileName.includes('.csproj'));
+    const lockFileName = languageFiles.find(fileName => fileName.includes('.json'));
+    const projectFile = readAndParseProjectFile(filePath + `/${projectFileName}`);
+    const lockFile = readAndParseLockFile(filePath + `/${lockFileName}`);
+    return { projectFile, lockFile };
+};
+module.exports = {
+    getDotNetDeps,
+    readAndParseProjectFile,
+    readAndParseLockFile,
+    checkForCorrectFiles
+};

package/dist/scaAnalysis/dotnet/index.js

@@ -0,0 +1,10 @@
+"use strict";
+const { getDotNetDeps } = require('./analysis');
+const { createDotNetTSMessage } = require('../common/formatMessage');
+const dotNetAnalysis = (config, languageFiles) => {
+    const dotNetDeps = getDotNetDeps(config.file, languageFiles.DOTNET);
+    return createDotNetTSMessage(dotNetDeps);
+};
+module.exports = {
+    dotNetAnalysis
+};

package/dist/scaAnalysis/go/goAnalysis.js

@@ -1,12 +1,18 @@
 "use strict";
 const { createGoTSMessage } = require('../common/formatMessage');
+const { parseDependenciesForSCAServices } = require('../common/scaParserForGoAndJava');
 const goReadDepFile = require('./goReadDepFile');
 const goParseDeps = require('./goParseDeps');
-const goAnalysis = (config, languageFiles) => {
+const goAnalysis = config => {
     try {
         const rawGoDependencies = goReadDepFile.getGoDependencies(config);
         const parsedGoDependencies = goParseDeps.parseGoDependencies(rawGoDependencies);
-        return createGoTSMessage(parsedGoDependencies);
+        if (config.experimental) {
+            return parseDependenciesForSCAServices(parsedGoDependencies);
+        }
+        else {
+            return createGoTSMessage(parsedGoDependencies);
+        }
     }
     catch (e) {
         console.log(e.message.toString());

package/dist/scaAnalysis/java/analysis.js

@@ -5,17 +5,20 @@ const i18n = require('i18n');
 const fs = require('fs');
 const MAVEN = 'maven';
 const GRADLE = 'gradle';
-const determineProjectTypeAndCwd = (files, file) => {
+const determineProjectTypeAndCwd = (files, config) => {
     const projectData = {};
+    if (files.length > 1) {
+        files = files.filter(i => config.fileName.includes(i));
+    }
     if (files[0].includes('pom.xml')) {
         projectData.projectType = MAVEN;
     }
     else if (files[0].includes('build.gradle')) {
         projectData.projectType = GRADLE;
     }
-    projectData.cwd = file
-        ? file.replace('pom.xml', '').replace('build.gradle', '')
-        : file;
+    projectData.cwd = config.file
+        ? config.file.replace('pom.xml', '').replace('build.gradle', '')
+        : config.file;
     return projectData;
 };
 const buildMaven = (config, projectData, timeout) => {
@@ -86,7 +89,7 @@ const getJavaBuildDeps = (config, files) => {
         projectType: undefined
     };
     try {
-        const projectData = determineProjectTypeAndCwd(files, config.file);
+        const projectData = determineProjectTypeAndCwd(files, config);
         if (projectData.projectType === MAVEN) {
             output.mvnDependancyTreeOutput = buildMaven(config, projectData, timeout);
         }
@@ -101,5 +104,6 @@ const getJavaBuildDeps = (config, files) => {
     }
 };
 module.exports = {
-    getJavaBuildDeps
+    getJavaBuildDeps,
+    determineProjectTypeAndCwd
 };

package/dist/scaAnalysis/java/index.js

@@ -2,12 +2,18 @@
 const analysis = require('./analysis');
 const { parseBuildDeps } = require('./javaBuildDepsParser');
 const { createJavaTSMessage } = require('../common/formatMessage');
+const { parseDependenciesForSCAServices } = require('../common/scaParserForGoAndJava');
 const javaAnalysis = (config, languageFiles) => {
     languageFiles.JAVA.forEach(file => {
         file.replace('build.gradle.kts', 'build.gradle');
     });
     const javaDeps = buildJavaTree(config, languageFiles.JAVA);
-    return createJavaTSMessage(javaDeps);
+    if (config.experimental) {
+        return parseDependenciesForSCAServices(javaDeps);
+    }
+    else {
+        return createJavaTSMessage(javaDeps);
+    }
 };
 const buildJavaTree = (config, files) => {
     const javaBuildDeps = analysis.getJavaBuildDeps(config, files);

package/dist/scaAnalysis/java/javaBuildDepsParser.js

@@ -14,13 +14,12 @@ const parseBuildDeps = (config, input) => {
 const preParser = shavedOutput => {
     let obj = [];
     for (let dep in shavedOutput) {
+        shavedOutput[dep] = shaveDependencyType(shavedOutput[dep]);
         obj.push(shavedOutput[dep]
             .replace('+-', '+---')
             .replace('[INFO]', '')
             .replace('\\-', '\\---')
             .replace(':jar:', ':')
-            .replace(':test', '')
-            .replace(':compile', '')
             .replace(' +', '+')
             .replace(' |', '|')
             .replace(' \\', '\\')
@@ -50,6 +49,21 @@ const preParser = shavedOutput => {
     }
     return depTree;
 };
+const shaveDependencyType = dep => {
+    if (dep.endsWith('\r')) {
+        dep = dep.slice(0, -1);
+    }
+    if (dep.endsWith(':test')) {
+        dep = dep.slice(0, -5);
+    }
+    if (dep.endsWith(':compile')) {
+        dep = dep.slice(0, -8);
+    }
+    if (dep.endsWith(':provided')) {
+        dep = dep.slice(0, -9);
+    }
+    return dep;
+};
 const shaveOutput = (gradleDependencyTreeOutput, projectType) => {
     let shavedOutput = gradleDependencyTreeOutput.split('\n');
     if (projectType === 'maven') {
@@ -335,5 +349,7 @@ module.exports = {
     computeRelationToLastElement,
     addIndentation,
     computeLevel,
-    computeIndentation
+    computeIndentation,
+    shaveDependencyType,
+    preParser
 };

package/dist/scaAnalysis/javascript/analysis.js

@@ -10,7 +10,7 @@ const readFile = async (config, languageFiles, nameOfFile) => {
         return fs.readFileSync(config.file.concat(languageFiles[index]), 'utf8');
     }
     else {
-        console.log('could not find file');
+        throw new Error('could not find file');
     }
 };
 const readYarn = async (config, languageFiles, nameOfFile) => {
@@ -29,8 +29,7 @@ const readYarn = async (config, languageFiles, nameOfFile) => {
         return yarn;
     }
     catch (err) {
-        console.log(i18n.__('nodeReadYarnLockFileError') + `${err.message}`);
-        return;
+        throw new Error(i18n.__('nodeReadYarnLockFileError') + `${err.message}`);
     }
 };
 const parseNpmLockFile = async (js) => {
@@ -67,8 +66,7 @@ const parseNpmLockFile = async (js) => {
         }
     }
     catch (err) {
-        console.log(i18n.__('NodeParseNPM') + `${err.message}`);
-        return;
+        throw new Error(i18n.__('NodeParseNPM') + `${err.message}`);
     }
 };
 const addDepToLockFile = (js, depObj, key) => {
@@ -97,8 +95,7 @@ const parseYarnLockFile = async (js) => {
         }
     }
     catch (err) {
-        console.log(i18n.__('NodeParseYarn') + `${err.message}`);
-        return;
+        throw new Error(i18n.__('NodeParseYarn', js.yarn.yarnVersion) + `${err.message}`);
     }
 };
 module.exports = {

package/dist/scaAnalysis/javascript/index.js

@@ -3,10 +3,9 @@ const analysis = require('./analysis');
 const i18n = require('i18n');
 const formatMessage = require('../common/formatMessage');
 const jsAnalysis = async (config, languageFiles) => {
-    if (languageFiles.JAVASCRIPT.includes('package-lock.json') &&
-        languageFiles.JAVASCRIPT.includes('yarn.lock')) {
-        console.log(i18n.__('languageAnalysisMultipleLanguages1'));
-        return;
+    checkForCorrectFiles(languageFiles);
+    if (!config.file.endsWith('/')) {
+        config.file = config.file.concat('/');
     }
     return buildNodeTree(config, languageFiles.JAVASCRIPT);
 };
@@ -36,6 +35,19 @@ const parseFiles = async (config, files, js) => {
     }
     return js;
 };
+const checkForCorrectFiles = languageFiles => {
+    if (languageFiles.JAVASCRIPT.includes('package-lock.json') &&
+        languageFiles.JAVASCRIPT.includes('yarn.lock')) {
+        throw new Error(i18n.__('languageAnalysisHasMultipleLockFiles', 'javascript'));
+    }
+    if (!languageFiles.JAVASCRIPT.includes('package-lock.json') &&
+        !languageFiles.JAVASCRIPT.includes('yarn.lock')) {
+        throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'javascript'));
+    }
+    if (!languageFiles.JAVASCRIPT.includes('package.json')) {
+        throw new Error(i18n.__('languageAnalysisHasNoPackageJsonFile'));
+    }
+};
 module.exports = {
     jsAnalysis
 };

package/dist/scaAnalysis/php/analysis.js

@@ -2,23 +2,21 @@
 const fs = require('fs');
 const i18n = require('i18n');
 const _ = require('lodash');
-let php = {};
-const readProjectFile = (projectPath, customFile) => {
-    const filePath = filePathForWindows(projectPath + customFile);
-    try {
-        php.composerJSON = JSON.parse(fs.readFileSync(filePath, 'utf8'));
-        php.composerJSON.dependencies = php.composerJSON.require;
-        php.composerJSON.devDependencies = php.composerJSON['require-dev'];
-        return php;
-    }
-    catch (err) {
-        console.log(err.message.toString());
+const readFile = (config, nameOfFile) => {
+    if (config.file) {
+        try {
+            return fs.readFileSync(config.file + '/' + nameOfFile);
+        }
+        catch (error) {
+            console.log('Unable to find file');
+            console.log(error);
+        }
     }
 };
-const readAndParseLockFile = (projectPath, customFile) => {
-    const filePath = filePathForWindows(projectPath + customFile);
+const parseProjectFiles = php => {
     try {
-        php.rawLockFileContents = JSON.parse(fs.readFileSync(filePath, 'utf8'));
+        php.composerJSON.dependencies = php.composerJSON.require;
+        php.composerJSON.devDependencies = php.composerJSON['require-dev'];
         php.lockFile = php.rawLockFileContents;
         let packages = _.keyBy(php.lockFile.packages, 'name');
         let packagesDev = _.keyBy(php.lockFile['packages-dev'], 'name');
@@ -50,22 +48,6 @@ const readAndParseLockFile = (projectPath, customFile) => {
         return console.log(i18n.__('phpParseComposerLock', php) + `${err.message}`);
     }
 };
-const getPhpDeps = (config, files) => {
-    try {
-        return (readProjectFile(config.file, files[0].projectFilename),
-            readAndParseLockFile(config.file, files[1].lockFilename));
-    }
-    catch (err) {
-        console.log(err.message.toString());
-        process.exit(1);
-    }
-};
-const filePathForWindows = path => {
-    if (process.platform === 'win32') {
-        path = path.replace(/\//g, '\\');
-    }
-    return path;
-};
 function addChildDepToLockFileAsOwnObj(php, depObj, key) {
     php.lockFile.dependencies[key] = { version: depObj[key] };
 }
@@ -83,7 +65,6 @@ function formatParentDepToLockFile(php) {
     }
 }
 module.exports = {
-    getPhpDeps,
-    readAndParseLockFile,
-    readProjectFile
+    parseProjectFiles,
+    readFile
 };

package/dist/scaAnalysis/php/index.js

@@ -1,9 +1,16 @@
 "use strict";
-const { getPhpDeps } = require('./analysis');
+const { readFile, parseProjectFiles } = require('./analysis');
 const { createPhpTSMessage } = require('../common/formatMessage');
-const phpAnalysis = (config, languageFiles) => {
-    const phpDeps = getPhpDeps(config, languageFiles.PHP);
-    return createPhpTSMessage(phpDeps);
+const phpAnalysis = (config, files) => {
+    let analysis = readFiles(config, files.PHP);
+    const phpDep = parseProjectFiles(analysis);
+    return createPhpTSMessage(phpDep);
+};
+const readFiles = (config, files) => {
+    let php = {};
+    php.composerJSON = JSON.parse(readFile(config, 'composer.json'));
+    php.rawLockFileContents = JSON.parse(readFile(config, 'composer.lock'));
+    return php;
 };
 module.exports = {
     phpAnalysis

package/dist/scaAnalysis/python/analysis.js

@@ -1,6 +1,7 @@
 "use strict";
 const multiReplace = require('string-multiple-replace');
 const fs = require('fs');
+const i18n = require('i18n');
 const readAndParseProjectFile = file => {
     const filePath = filePathForWindows(file + '/Pipfile');
     const pipFile = fs.readFileSync(filePath, 'utf8');
@@ -18,11 +19,45 @@ const readAndParseLockFile = file => {
     delete parsedPipLock['default'];
     return parsedPipLock;
 };
-const getPythonDeps = config => {
+const readLockFile = file => {
+    const filePath = filePathForWindows(file + '/Pipfile.lock');
+    const lockFile = fs.readFileSync(filePath, 'utf8');
+    let parsedPipLock = JSON.parse(lockFile);
+    return parsedPipLock['default'];
+};
+const scaPythonParser = pythonDependencies => {
+    let pythonParsedDeps = {};
+    for (let key in pythonDependencies) {
+        pythonParsedDeps[key] = {};
+        pythonParsedDeps[key].version = pythonDependencies[key].version.replace('==', '');
+        pythonParsedDeps[key].group = null;
+        pythonParsedDeps[key].name = key;
+        pythonParsedDeps[key].isProduction = true;
+        pythonParsedDeps[key].dependencies = [];
+        pythonParsedDeps[key].directDependency = true;
+    }
+    return pythonParsedDeps;
+};
+const checkForCorrectFiles = languageFiles => {
+    if (!languageFiles.includes('Pipfile.lock')) {
+        throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'python'));
+    }
+    if (!languageFiles.includes('Pipfile')) {
+        throw new Error(i18n.__('languageAnalysisProjectFileError', 'python'));
+    }
+};
+const getPythonDeps = (config, languageFiles) => {
     try {
-        const parseProject = readAndParseProjectFile(config.file);
-        const parsePip = readAndParseLockFile(config.file);
-        return { pipfileLock: parsePip, pipfilDependanceies: parseProject };
+        if (config.experimental) {
+            let pythonLockFileContents = readLockFile(config.file);
+            return scaPythonParser(pythonLockFileContents);
+        }
+        else {
+            checkForCorrectFiles(languageFiles);
+            const parseProject = readAndParseProjectFile(config.file);
+            const parsePip = readAndParseLockFile(config.file);
+            return { pipfileLock: parsePip, pipfilDependanceies: parseProject };
+        }
     }
     catch (err) {
         console.log(err.message.toString());
@@ -37,6 +72,9 @@ const filePathForWindows = path => {
 };
 module.exports = {
     getPythonDeps,
+    scaPythonParser,
+    readAndParseLockFile,
     readAndParseProjectFile,
-    readAndParseLockFile
+    checkForCorrectFiles,
+    readLockFile
 };

package/dist/scaAnalysis/python/index.js

@@ -1,9 +1,14 @@
 "use strict";
 const { createPythonTSMessage } = require('../common/formatMessage');
-const { getPythonDeps } = require('./analysis');
+const { getPythonDeps, secondaryParser } = require('./analysis');
 const pythonAnalysis = (config, languageFiles) => {
     const pythonDeps = getPythonDeps(config, languageFiles.PYTHON);
-    return createPythonTSMessage(pythonDeps);
+    if (config.experimental) {
+        return pythonDeps;
+    }
+    else {
+        return createPythonTSMessage(pythonDeps);
+    }
 };
 module.exports = {
     pythonAnalysis

package/dist/scaAnalysis/ruby/analysis.js

@@ -1,8 +1,8 @@
 "use strict";
 const fs = require('fs');
+const i18n = require('i18n');
 const readAndParseGemfile = file => {
-    const fileName = filePathForWindows(file + '/Gemfile');
-    const gemFile = fs.readFileSync(fileName, 'utf8');
+    const gemFile = fs.readFileSync(file + '/Gemfile', 'utf8');
     const rubyArray = gemFile.split('\n');
     let filteredRubyDep = rubyArray.filter(element => {
         return (!element.includes('#') &&
@@ -15,8 +15,7 @@ const readAndParseGemfile = file => {
     return filteredRubyDep;
 };
 const readAndParseGemLockFile = file => {
-    const fileName = filePathForWindows(file + '/Gemfile.lock');
-    const lockFile = fs.readFileSync(fileName, 'utf8');
+    const lockFile = fs.readFileSync(file + '/Gemfile.lock', 'utf8');
     const dependencyRegEx = /^\s*([A-Za-z0-9.!@#$%\-^&*_+]*)\s*(\((.*?)\))/;
     const lines = lockFile.split('\n');
     return {
@@ -190,26 +189,28 @@ const buildSourceDependencyWithVersion = (whitespaceRegx, dependencyRegEx, line,
     }
     return dependencies;
 };
-const getRubyDeps = config => {
+const getRubyDeps = (config, languageFiles) => {
     try {
+        checkForCorrectFiles(languageFiles);
         const parsedGem = readAndParseGemfile(config.file);
         const parsedLock = readAndParseGemLockFile(config.file);
         return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock };
     }
     catch (err) {
-        console.log(err.message);
-        process.exit(1);
+        throw err;
+    }
+};
+const checkForCorrectFiles = languageFiles => {
+    if (!languageFiles.includes('Gemfile.lock')) {
+        throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'ruby'));
+    }
+    if (!languageFiles.includes('Gemfile')) {
+        throw new Error(i18n.__('languageAnalysisProjectFileError', 'ruby'));
     }
 };
 const trimWhiteSpace = string => {
     return string.replace(/\s+/g, '');
 };
-const filePathForWindows = path => {
-    if (process.platform === 'win32') {
-        path = path.replace(/\//g, '\\');
-    }
-    return path;
-};
 module.exports = {
     getRubyDeps,
     readAndParseGemfile,
@@ -222,5 +223,6 @@ module.exports = {
     getVersion,
     getPatchLevel,
     formatSourceArr,
-    getSourceArray
+    getSourceArray,
+    checkForCorrectFiles
 };

package/dist/scan/autoDetection.js

@@ -1,8 +1,8 @@
 "use strict";
 const i18n = require('i18n');
 const fileFinder = require('./fileUtils');
-const languageResolver = require('../audit/languageAnalysisEngine/reduceIdentifiedLanguages');
 const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames');
+const path = require('path');
 const autoDetectFileAndLanguage = async (configToUse) => {
     const entries = await fileFinder.findFile();
     if (entries.length === 1) {
@@ -24,30 +24,20 @@ const autoDetectFileAndLanguage = async (configToUse) => {
         errorOnFileDetection(entries);
     }
 };
-const autoDetectAuditFilesAndLanguages = async () => {
+const autoDetectAuditFilesAndLanguages = async (filePath) => {
     let languagesFound = [];
-    console.log(i18n.__('searchingAuditFileDirectory', process.cwd()));
-    await fileFinder.findFilesJava(languagesFound);
-    await fileFinder.findFilesJavascript(languagesFound);
-    await fileFinder.findFilesPython(languagesFound);
-    await fileFinder.findFilesGo(languagesFound);
-    await fileFinder.findFilesPhp(languagesFound);
-    await fileFinder.findFilesRuby(languagesFound);
-    if (languagesFound.length === 1) {
+    console.log(i18n.__('searchingAuditFileDirectory', filePath));
+    await fileFinder.findFilesJava(languagesFound, filePath);
+    await fileFinder.findFilesJavascript(languagesFound, filePath);
+    await fileFinder.findFilesPython(languagesFound, filePath);
+    await fileFinder.findFilesGo(languagesFound, filePath);
+    await fileFinder.findFilesPhp(languagesFound, filePath);
+    await fileFinder.findFilesRuby(languagesFound, filePath);
+    await fileFinder.findFilesDotNet(languagesFound, filePath);
+    if (languagesFound) {
         return languagesFound;
     }
-    else {
-        console.log('found multiple languages, please specify one using --file to run SCA audit');
-    }
-};
-const manualDetectAuditFilesAndLanguages = file => {
-    let projectRootFilenames = rootFile.getProjectRootFilenames(file);
-    let identifiedLanguages = languageResolver.deduceLanguageScaAnalysis(projectRootFilenames);
-    if (Object.keys(identifiedLanguages).length === 0) {
-        console.log(i18n.__('languageAnalysisNoLanguage', file));
-        return [];
-    }
-    return [identifiedLanguages];
+    return [];
 };
 const hasWhiteSpace = s => {
     const filename = s.split('/').pop();
@@ -88,6 +78,5 @@ module.exports = {
     autoDetectFileAndLanguage,
     errorOnFileDetection,
     autoDetectAuditFilesAndLanguages,
-    errorOnAuditFileDetection,
-    manualDetectAuditFilesAndLanguages
+    errorOnAuditFileDetection
 };