@contrast/contrast 1.0.8 → 1.0.11

package/dist/scan/fileUtils.js

@@ -10,72 +10,90 @@ const findFile = async () => {
         onlyFiles: true
     });
 };
-const findFilesJava = async (languagesFound) => {
+const findFilesJava = async (languagesFound, filePath) => {
     const result = await fg(['**/pom.xml', '**/build.gradle', '**/build.gradle.kts'], {
         dot: false,
         deep: 1,
-        onlyFiles: true
+        onlyFiles: true,
+        cwd: filePath ? filePath : process.cwd()
     });
     if (result.length > 0) {
         return languagesFound.push({ JAVA: result });
     }
     return languagesFound;
 };
-const findFilesJavascript = async (languagesFound) => {
+const findFilesJavascript = async (languagesFound, filePath) => {
     const result = await fg(['**/package.json', '**/yarn.lock', '**/package-lock.json'], {
         dot: false,
         deep: 1,
-        onlyFiles: true
+        onlyFiles: true,
+        cwd: filePath ? filePath : process.cwd()
     });
     if (result.length > 0) {
         return languagesFound.push({ JAVASCRIPT: result });
     }
     return languagesFound;
 };
-const findFilesPython = async (languagesFound) => {
+const findFilesPython = async (languagesFound, filePath) => {
     const result = await fg(['**/Pipfile.lock', '**/Pipfile'], {
         dot: false,
         deep: 3,
-        onlyFiles: true
+        onlyFiles: true,
+        cwd: filePath ? filePath : process.cwd()
     });
     if (result.length > 0) {
         return languagesFound.push({ PYTHON: result });
     }
     return languagesFound;
 };
-const findFilesGo = async (languagesFound) => {
+const findFilesGo = async (languagesFound, filePath) => {
     const result = await fg(['**/go.mod'], {
         dot: false,
         deep: 3,
-        onlyFiles: true
+        onlyFiles: true,
+        cwd: filePath ? filePath : process.cwd()
     });
     if (result.length > 0) {
         return languagesFound.push({ GO: result });
     }
     return languagesFound;
 };
-const findFilesRuby = async (languagesFound) => {
+const findFilesRuby = async (languagesFound, filePath) => {
     const result = await fg(['**/Gemfile', '**/Gemfile.lock'], {
         dot: false,
         deep: 3,
-        onlyFiles: true
+        onlyFiles: true,
+        cwd: filePath ? filePath : process.cwd()
     });
     if (result.length > 0) {
         return languagesFound.push({ RUBY: result });
     }
     return languagesFound;
 };
-const findFilesPhp = async (languagesFound) => {
+const findFilesPhp = async (languagesFound, filePath) => {
     const result = await fg(['**/composer.json', '**/composer.lock'], {
         dot: false,
         deep: 3,
-        onlyFiles: true
+        onlyFiles: true,
+        cwd: filePath ? filePath : process.cwd()
     });
     if (result.length > 0) {
         return languagesFound.push({ PHP: result });
     }
     return languagesFound;
 };
+const findFilesDotNet = async (languagesFound, filePath) => {
+    const result = await fg(['**/*.csproj', '**/packages.lock.json'], {
+        dot: false,
+        deep: 3,
+        onlyFiles: true,
+        cwd: filePath ? filePath : process.cwd()
+    });
+    if (result.length > 0) {
+        return languagesFound.push({ DOTNET: result });
+    }
+    return languagesFound;
+};
 const checkFilePermissions = file => {
     let readableFile = false;
     try {
@@ -117,5 +135,6 @@ module.exports = {
     findFilesGo,
     findFilesPhp,
     findFilesRuby,
+    findFilesDotNet,
     fileIsEmpty
 };

package/dist/scan/formatScanOutput.js

@@ -25,8 +25,9 @@ function formatScanOutput(scanResults) {
         console.log(chalk_1.default.bold(message));
         console.log();
         let defaultView = getDefaultView(scanResultsInstances.content);
-        let count = defaultView.length;
+        let count = 0;
         defaultView.forEach(entry => {
+            count++;
             let table = new cli_table3_1.default({
                 chars: {
                     top: '',
@@ -52,12 +53,12 @@ function formatScanOutput(scanResults) {
             });
             let learnRow = [];
             let adviceRow = [];
+            const headerColour = chalk_1.default.hex(entry.colour);
             const headerRow = [
-                chalk_1.default
-                    .hex(entry.colour)
-                    .bold(`CONTRAST-${count.toString().padStart(3, '0')}`),
-                chalk_1.default.hex(entry.colour).bold('-'),
-                chalk_1.default.hex(entry.colour).bold(`[${entry.severity}] ${entry.ruleId}`) +
+                headerColour(`CONTRAST-${count.toString().padStart(3, '0')}`),
+                headerColour(`-`),
+                headerColour(`[${entry.severity}] `) +
+                    headerColour.bold(`${entry.ruleId}`) +
                     entry.message
             ];
             const codePath = entry.codePath?.replace(/^@/, '');
@@ -84,12 +85,12 @@ function formatScanOutput(scanResults) {
                 ];
                 table.push(learnRow);
             }
-            count--;
             console.log(table.toString());
             console.log();
         });
     }
     printVulnInfo(projectOverview);
+    return projectOverview;
 }
 exports.formatScanOutput = formatScanOutput;
 function printVulnInfo(projectOverview) {
@@ -149,7 +150,7 @@ function getDefaultView(content) {
         groupTypeResults.push(groupResultsObj);
         assignBySeverity(resultEntry, groupResultsObj);
     });
-    return (0, lodash_1.sortBy)(groupTypeResults, ['priority']).reverse();
+    return (0, lodash_1.sortBy)(groupTypeResults, ['priority']);
 }
 exports.getDefaultView = getDefaultView;
 function editVulName(message) {

package/dist/scan/populateProjectIdAndProjectName.js

@@ -25,6 +25,11 @@ const createProjectId = async (config, client) => {
             process.exit(1);
             return;
         }
+        if (res.statusCode === 429) {
+            console.log(i18n.__('exceededFreeTier'));
+            process.exit(1);
+            return;
+        }
         if (res.statusCode === 201) {
             console.log(i18n.__('projectCreatedScan'));
             if (config.verbose) {

package/dist/scan/scan.js

@@ -45,6 +45,10 @@ const sendScan = async (config) => {
                     oraWrapper_1.default.failSpinner(startUploadSpinner, i18n_1.default.__('uploadingScanFail'));
                     console.log(i18n_1.default.__('genericServiceError', res.statusCode));
                 }
+                if (res.statusCode === 429) {
+                    console.log(i18n_1.default.__('exceededFreeTier'));
+                    process.exit(1);
+                }
                 if (res.statusCode === 403) {
                     console.log(i18n_1.default.__('permissionsError'));
                     process.exit(1);

package/dist/scan/scanConfig.js

@@ -1,13 +1,13 @@
 "use strict";
 const paramHandler = require('../utils/paramsUtil/paramHandler');
 const constants = require('../../src/constants.js');
-const parsedCLIOptions = require('../../src/utils/parsedCLIOptions');
 const path = require('path');
-const { supportedLanguages } = require('../audit/languageAnalysisEngine/constants');
+const { supportedLanguagesScan } = require('../constants/constants');
 const i18n = require('i18n');
 const { scanUsageGuide } = require('./help');
-const getScanConfig = argv => {
-    let scanParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.scanOptionDefinitions);
+const parsedCLIOptions = require('../utils/parsedCLIOptions');
+const getScanConfig = async (contrastConf, command, argv) => {
+    let scanParams = await parsedCLIOptions.getCommandLineArgsCustom(contrastConf, command, argv, constants.commandLineDefinitions.scanOptionDefinitions);
     if (scanParams.help) {
         printHelpMessage();
         process.exit(0);
@@ -15,7 +15,7 @@ const getScanConfig = argv => {
     const paramsAuth = paramHandler.getAuth(scanParams);
     if (scanParams.language) {
         scanParams.language = scanParams.language.toUpperCase();
-        if (!Object.values(supportedLanguages).includes(scanParams.language)) {
+        if (!Object.values(supportedLanguagesScan).includes(scanParams.language)) {
             console.log(`Did not recognise --language ${scanParams.language}`);
             console.log(i18n.__('constantsHowToRunDev3'));
             process.exit(1);

package/dist/scan/scanResults.js

@@ -5,10 +5,14 @@ const oraFunctions = require('../utils/oraWrapper');
 const _ = require('lodash');
 const i18n = require('i18n');
 const oraWrapper = require('../utils/oraWrapper');
+const readLine = require('readline');
 const getScanId = async (config, codeArtifactId, client) => {
     return client
         .getScanId(config, codeArtifactId)
         .then(res => {
+        if (res.statusCode == 429) {
+            throw new Error(i18n.__('exceededFreeTier'));
+        }
         return res.body.id;
     })
         .catch(err => {
@@ -61,12 +65,43 @@ const returnScanResults = async (config, codeArtifactId, newProject, timeout, st
             let endTime = new Date() - startTime;
             if (requestUtils.millisToSeconds(endTime) > timeout) {
                 oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan timed out at the specified ' + timeout + ' seconds.');
-                console.log('Please try again, allowing more time.');
-                process.exit(1);
+                if (!config.isCI) {
+                    const retry = await retryScanPrompt();
+                    timeout = retry.timeout;
+                }
             }
         }
     }
 };
+const retryScanPrompt = async () => {
+    const rl = readLine.createInterface({
+        input: process.stdin,
+        output: process.stdout
+    });
+    return new Promise((resolve, reject) => {
+        requestUtils.timeOutError(30000, reject);
+        rl.question('🔁 Do you want to continue waiting on Scan? [Y/N]\n', async (input) => {
+            if (input.toLowerCase() === 'yes' || input.toLowerCase() === 'y') {
+                console.log('Continuing wait for Scan');
+                rl.close();
+                resolve({ timeout: 300 });
+            }
+            else if (input.toLowerCase() === 'no' ||
+                input.toLowerCase() === 'n') {
+                rl.close();
+                console.log('Contrast Scan Retry Cancelled: Exiting');
+                resolve(process.exit(1));
+            }
+            else {
+                rl.close();
+                console.log('Invalid Input: Exiting');
+                resolve(process.exit(1));
+            }
+        });
+    }).catch(e => {
+        throw e;
+    });
+};
 const returnScanResultsInstances = async (config, scanId) => {
     const client = commonApi.getHttpClient(config);
     let result;
@@ -89,5 +124,6 @@ module.exports = {
     getScanId: getScanId,
     returnScanResults: returnScanResults,
     pollScanResults: pollScanResults,
-    returnScanResultsInstances: returnScanResultsInstances
+    returnScanResultsInstances: returnScanResultsInstances,
+    retryScanPrompt
 };

package/dist/telemetry/telemetry.js

@@ -0,0 +1,137 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sha1Base64Value = exports.findParamValueFromArgs = exports.paramExists = exports.obfuscateParams = exports.sendTelemetryRequest = exports.sendTelemetryConfigAsObject = exports.sendTelemetryConfigAsConfObj = exports.TELEMETRY_CLI_TIME_TO_AUTH_EVENT = exports.TELEMETRY_CLI_COMMANDS_EVENT = void 0;
+const commonApi_1 = require("../utils/commonApi");
+const crypto = __importStar(require("crypto"));
+exports.TELEMETRY_CLI_COMMANDS_EVENT = 'CLI_COMMANDS';
+exports.TELEMETRY_CLI_TIME_TO_AUTH_EVENT = 'CLI_TIME_TO_AUTH';
+const sendTelemetryConfigAsConfObj = async (config, command, argv, result, language) => {
+    const hostParam = '--host';
+    const hostParamAlias = '-h';
+    const orgIdParam = '--organization-id';
+    const orgIdParamAlias = '-o';
+    const authParam = '--authorization';
+    const apiKeyParam = '--api-key';
+    let configToUse;
+    if ((0, exports.paramExists)(argv, hostParam, hostParamAlias) &&
+        (0, exports.paramExists)(argv, orgIdParam, orgIdParamAlias) &&
+        (0, exports.paramExists)(argv, authParam, null) &&
+        (0, exports.paramExists)(argv, apiKeyParam, null)) {
+        configToUse = {
+            host: (0, exports.findParamValueFromArgs)(argv, hostParam, hostParamAlias),
+            organizationId: (0, exports.findParamValueFromArgs)(argv, orgIdParam, orgIdParamAlias),
+            authorization: (0, exports.findParamValueFromArgs)(argv, authParam, null),
+            apiKey: (0, exports.findParamValueFromArgs)(argv, apiKeyParam, null)
+        };
+    }
+    else if (config &&
+        config.get('host') &&
+        config.get('organizationId') &&
+        config.get('authorization') &&
+        config.get('apiKey')) {
+        configToUse = {
+            host: config.get('host')?.slice(0, -1),
+            organizationId: config.get('organizationId'),
+            authorization: config.get('authorization'),
+            apiKey: config.get('apiKey')
+        };
+    }
+    else {
+        return;
+    }
+    return await (0, exports.sendTelemetryConfigAsObject)(configToUse, command, argv, result, language);
+};
+exports.sendTelemetryConfigAsConfObj = sendTelemetryConfigAsConfObj;
+const sendTelemetryConfigAsObject = async (config, command, argv, result, language) => {
+    const obfuscatedParams = (0, exports.obfuscateParams)(argv);
+    const requestBody = {
+        event: exports.TELEMETRY_CLI_COMMANDS_EVENT,
+        details: {
+            ip_address: '',
+            account_name: '',
+            account_host: '',
+            company_domain: '',
+            command: `contrast ${command} ${obfuscatedParams}`,
+            app_id: config && config.applicationId
+                ? (0, exports.sha1Base64Value)(config.applicationId)
+                : 'undefined',
+            project_id: config && config.projectId
+                ? (0, exports.sha1Base64Value)(config.projectId)
+                : 'undefined',
+            language: language,
+            result: result,
+            additional_info: '',
+            timestamp: new Date().toUTCString()
+        }
+    };
+    return await (0, exports.sendTelemetryRequest)(config, requestBody);
+};
+exports.sendTelemetryConfigAsObject = sendTelemetryConfigAsObject;
+const sendTelemetryRequest = async (config, requestBody) => {
+    const client = (0, commonApi_1.getHttpClient)(config);
+    return client
+        .postTelemetry(config, requestBody)
+        .then((res) => {
+        if (res.statusCode !== 200 && config.debug === true) {
+            console.log('Telemetry failed to send with status', res.statusCode);
+        }
+        return { statusCode: res.statusCode, statusMessage: res.statusMessage };
+    })
+        .catch((err) => {
+        return;
+    });
+};
+exports.sendTelemetryRequest = sendTelemetryRequest;
+const obfuscateParams = (argv) => {
+    return argv
+        .join(' ')
+        .replace(/--(authorization [A-Z0-9]+)/gi, '--authorization *****')
+        .replace(/-(o [A-Z0-9-]+)/gi, '-o *****')
+        .replace(/--(organization-id [A-Z0-9-]+)/gi, '--organization-id *****')
+        .replace(/--(api-key [A-Z0-9]+)/gi, '--api-key *****');
+};
+exports.obfuscateParams = obfuscateParams;
+const paramExists = (argv, param, paramAlias) => {
+    return argv.find((arg) => arg === param || arg === paramAlias);
+};
+exports.paramExists = paramExists;
+const findParamValueFromArgs = (argv, param, paramAlias) => {
+    let paramAsValue;
+    argv.forEach((arg, index) => {
+        if (arg === param ||
+            (arg === paramAlias &&
+                argv[index + 1] !== undefined &&
+                argv[index + 1] !== null)) {
+            paramAsValue = argv[index + 1];
+        }
+    });
+    return paramAsValue;
+};
+exports.findParamValueFromArgs = findParamValueFromArgs;
+const sha1Base64Value = (value) => {
+    return crypto.createHash('sha1').update(value).digest('base64');
+};
+exports.sha1Base64Value = sha1Base64Value;

package/dist/utils/commonApi.js

@@ -18,7 +18,7 @@ const handleResponseErrors = (res, api) => {
         maxAppError();
     }
     else {
-        genericError();
+        genericError(res);
     }
 };
 const getProtocol = host => {

package/dist/utils/getConfig.js

@@ -3,15 +3,15 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.setConfigValues = exports.createConfigFromYaml = exports.localConfig = void 0;
+exports.setConfigValues = exports.localConfig = void 0;
 const conf_1 = __importDefault(require("conf"));
 const localConfig = (name, version) => {
     const config = new conf_1.default({
         configName: name
     });
     config.set('version', version);
-    if (process.env.CONTRAST_CODSEC_DISABLE_UPDATE_MESSAGE) {
-        config.set('updateMessageHidden', JSON.parse(process.env.CONTRAST_CODSEC_DISABLE_UPDATE_MESSAGE.toLowerCase()));
+    if (process.env.CONTRAST_CODSEC_CI) {
+        config.set('isCI', JSON.parse(process.env.CONTRAST_CODSEC_CI.toLowerCase()));
     }
     if (!config.has('host')) {
         config.set('host', 'https://ce.contrastsecurity.com/');
@@ -19,11 +19,6 @@ const localConfig = (name, version) => {
     return config;
 };
 exports.localConfig = localConfig;
-const createConfigFromYaml = (yamlPath) => {
-    const yamlConfig = {};
-    return yamlConfig;
-};
-exports.createConfigFromYaml = createConfigFromYaml;
 const setConfigValues = (config, values) => {
     config.set('apiKey', values.apiKey);
     config.set('organizationId', values.orgId);

package/dist/utils/parsedCLIOptions.js

@@ -1,6 +1,7 @@
 "use strict";
 const commandLineArgs = require('command-line-args');
-const getCommandLineArgsCustom = (parameterList, optionDefinitions) => {
+const { sendTelemetryConfigAsConfObj } = require('../telemetry/telemetry');
+const getCommandLineArgsCustom = async (contrastConf, command, parameterList, optionDefinitions) => {
     try {
         return commandLineArgs(optionDefinitions, {
             argv: parameterList,
@@ -10,6 +11,7 @@ const getCommandLineArgsCustom = (parameterList, optionDefinitions) => {
         });
     }
     catch (e) {
+        await sendTelemetryConfigAsConfObj(contrastConf, command, parameterList, 'FAILURE', 'undefined');
         console.log(e.message.toString());
         process.exit(1);
     }

package/dist/utils/requestUtils.js

@@ -11,8 +11,14 @@ const millisToSeconds = millis => {
 const sleep = ms => {
     return new Promise(resolve => setTimeout(resolve, ms));
 };
+const timeOutError = (ms, reject) => {
+    return setTimeout(() => {
+        reject(new Error(`No input detected after 30s`));
+    }, ms);
+};
 module.exports = {
     sendRequest: sendRequest,
     sleep: sleep,
-    millisToSeconds: millisToSeconds
+    millisToSeconds: millisToSeconds,
+    timeOutError: timeOutError
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.8",
+  "version": "1.0.11",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {
@@ -23,8 +23,7 @@
     "test": "jest --testPathIgnorePatterns=./test-integration/",
     "test-int": "jest ./test-integration/",
     "test-int-scan": "jest ./test-integration/scan",
-    "test-int-audit": "jest ./test-integration/audit/audit.spec.js",
-    "test-int-audit-experimental": "jest ./test-integration/audit/audit-experimental.spec.js",
+    "test-int-audit": "jest test-integration/audit/audit-int.spec.js",
     "format": "prettier --write \"**/*.{ts,tsx,js,json,md,yml}\" .eslintrc.*",
     "check-format": "prettier --check \"**/*.{ts,tsx,js,json,md,yml}\" .eslintrc.*",
     "coverage-local": "nyc --reporter=text mocha './test/**/*.spec.js'",

package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js

@@ -1,72 +1,36 @@
 const fs = require('fs')
 const path = require('path')
 const i18n = require('i18n')
-/**
- * Will get the filenames from the project path provided to the SCA CLI tool. If
- * the project path points to a file and not a directory will return the
- * filename in the same fashion as if a directory had been read.
- *
- * Will fail and throw for a manner of reasons when doing file/directory
- * inspection.
- *
- * @param {string} file - The path to a projects root directory or a
- * specific project file
- *
- * @return {string[]} List of filenames associated with a projects root
- * directory or the name of the specific project file if that was provided to
- * the 'file' parameter
- *
- * @throws {Error} If the project path doesn't exist
- * @throws {Error} If the project path information can't be collected
- * @throws {Error} If a non-file or non-directory inspected
- */
-module.exports = exports = (analysis, next) => {
-  const { file, languageAnalysis } = analysis
-  try {
-    languageAnalysis.projectRootFilenames = getProjectRootFilenames(file)
-  } catch (err) {
-    next(err)
-    return
+
+const getDirectoryFromPathGiven = file => {
+  let projectStats = getProjectStats(file)
+
+  if (projectStats.isFile()) {
+    let newPath = path.resolve(file)
+    return path.dirname(newPath)
+  }
+
+  if (projectStats.isDirectory()) {
+    return file
   }
-  next()
 }
 
-const getProjectRootFilenames = file => {
-  let projectStats = null
+const getProjectStats = file => {
   try {
-    projectStats = fs.statSync(file)
+    //might not need this
+    if (file.endsWith('/')) {
+      file = file.slice(0, -1)
+    }
+    return fs.statSync(file)
   } catch (err) {
     throw new Error(
       i18n.__('languageAnalysisProjectRootFileNameFailure', file) +
         `${err.message}`
     )
   }
-
-  // Return the contents of a directory...
-  if (projectStats.isDirectory()) {
-    try {
-      return fs.readdirSync(file)
-    } catch (err) {
-      throw new Error(
-        i18n.__('languageAnalysisProjectRootFileNameReadError', file) +
-          `${err.message}`
-      )
-    }
-  }
-
-  // If we are working with a file return it in a list as we do when we work
-  // with a directory...
-  if (projectStats.isFile()) {
-    return [path.basename(file)]
-  }
-
-  // Error out if we are working with something like a socket file or some
-  // other craziness...
-  throw new Error(
-    i18n.__('languageAnalysisProjectRootFileNameMissingError'),
-    file
-  )
 }
 
-//For testing purposes
-exports.getProjectRootFilenames = getProjectRootFilenames
+module.exports = {
+  getProjectStats,
+  getDirectoryFromPathGiven: getDirectoryFromPathGiven
+}