npm - @contrast/contrast - Versions diffs - 1.0.8 → 1.0.11 - Mend

@contrast/contrast 1.0.8 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (217) hide show

package/README.md +2 -2
package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js +16 -25
package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js +103 -57
package/dist/audit/languageAnalysisEngine/report/models/reportGuidanceModel.js +6 -0
package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js +3 -3
package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js +1 -0
package/dist/audit/languageAnalysisEngine/report/reportingFeature.js +68 -17
package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js +39 -7
package/dist/audit/languageAnalysisEngine/sendSnapshot.js +6 -30
package/dist/audit/save.js +21 -13
package/dist/commands/audit/auditConfig.js +3 -19
package/dist/commands/audit/auditController.js +1 -10
package/dist/commands/audit/help.js +7 -24
package/dist/commands/audit/processAudit.js +5 -9
package/dist/commands/audit/saveFile.js +2 -2
package/dist/commands/auth/auth.js +1 -1
package/dist/commands/config/config.js +2 -2
package/dist/commands/scan/processScan.js +11 -4
package/dist/commands/scan/sca/scaAnalysis.js +37 -13
package/dist/common/HTTPClient.js +17 -8
package/dist/common/errorHandling.js +2 -2
package/dist/common/fail.js +66 -0
package/dist/common/versionChecker.js +1 -1
package/dist/constants/constants.js +7 -2
package/dist/constants/locales.js +40 -38
package/dist/constants.js +62 -12
package/dist/index.js +57 -45
package/dist/lambda/lambda.js +5 -2
package/dist/sbom/generateSbom.js +2 -2
package/dist/scaAnalysis/common/formatMessage.js +7 -1
package/dist/scaAnalysis/common/scaParserForGoAndJava.js +32 -0
package/dist/scaAnalysis/common/treeUpload.js +24 -10
package/dist/scaAnalysis/dotnet/analysis.js +55 -0
package/dist/scaAnalysis/dotnet/index.js +10 -0
package/dist/scaAnalysis/go/goAnalysis.js +8 -2
package/dist/scaAnalysis/java/analysis.js +10 -6
package/dist/scaAnalysis/java/index.js +7 -1
package/dist/scaAnalysis/java/javaBuildDepsParser.js +19 -3
package/dist/scaAnalysis/javascript/analysis.js +4 -7
package/dist/scaAnalysis/javascript/index.js +16 -4
package/dist/scaAnalysis/php/analysis.js +14 -33
package/dist/scaAnalysis/php/index.js +11 -4
package/dist/scaAnalysis/python/analysis.js +43 -5
package/dist/scaAnalysis/python/index.js +7 -2
package/dist/scaAnalysis/ruby/analysis.js +16 -14
package/dist/scan/autoDetection.js +13 -24
package/dist/scan/fileUtils.js +31 -12
package/dist/scan/formatScanOutput.js +9 -8
package/dist/scan/populateProjectIdAndProjectName.js +5 -0
package/dist/scan/scan.js +4 -0
package/dist/scan/scanConfig.js +5 -5
package/dist/scan/scanResults.js +39 -3
package/dist/telemetry/telemetry.js +137 -0
package/dist/utils/commonApi.js +1 -1
package/dist/utils/getConfig.js +3 -8
package/dist/utils/parsedCLIOptions.js +3 -1
package/dist/utils/requestUtils.js +7 -1
package/package.json +2 -3
package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js +21 -57
package/src/audit/languageAnalysisEngine/report/commonReportingFunctions.ts +155 -77
package/src/audit/languageAnalysisEngine/report/models/reportGuidanceModel.ts +5 -0
package/src/audit/languageAnalysisEngine/report/models/reportOutputModel.ts +5 -5
package/src/audit/languageAnalysisEngine/report/models/severityCountModel.ts +2 -0
package/src/audit/languageAnalysisEngine/report/reportingFeature.ts +56 -27
package/src/audit/languageAnalysisEngine/report/utils/reportUtils.ts +45 -6
package/src/audit/languageAnalysisEngine/sendSnapshot.js +6 -32
package/src/audit/save.js +32 -16
package/src/commands/audit/auditConfig.ts +10 -28
package/src/commands/audit/auditController.ts +0 -11
package/src/commands/audit/help.ts +7 -24
package/src/commands/audit/processAudit.ts +16 -8
package/src/commands/audit/saveFile.ts +2 -2
package/src/commands/auth/auth.js +3 -1
package/src/commands/config/config.js +4 -2
package/src/commands/scan/processScan.js +18 -5
package/src/commands/scan/sca/scaAnalysis.js +50 -18
package/src/common/HTTPClient.js +23 -9
package/src/common/errorHandling.ts +2 -3
package/src/common/fail.js +75 -0
package/src/common/versionChecker.ts +1 -1
package/src/constants/constants.js +9 -3
package/src/constants/locales.js +70 -45
package/src/constants.js +67 -13
package/src/index.ts +91 -66
package/src/lambda/lambda.ts +5 -2
package/src/lambda/types.ts +1 -0
package/src/sbom/generateSbom.ts +2 -2
package/src/scaAnalysis/common/formatMessage.js +8 -1
package/src/scaAnalysis/common/scaParserForGoAndJava.js +41 -0
package/src/scaAnalysis/common/treeUpload.js +25 -11
package/src/scaAnalysis/dotnet/analysis.js +72 -0
package/src/scaAnalysis/dotnet/index.js +11 -0
package/src/scaAnalysis/go/goAnalysis.js +9 -2
package/src/scaAnalysis/java/analysis.js +11 -6
package/src/scaAnalysis/java/index.js +9 -1
package/src/scaAnalysis/java/javaBuildDepsParser.js +25 -6
package/src/scaAnalysis/javascript/analysis.js +6 -7
package/src/scaAnalysis/javascript/index.js +25 -6
package/src/scaAnalysis/php/analysis.js +15 -35
package/src/scaAnalysis/php/index.js +15 -4
package/src/scaAnalysis/python/analysis.js +49 -5
package/src/scaAnalysis/python/index.js +7 -2
package/src/scaAnalysis/ruby/analysis.js +18 -15
package/src/scan/autoDetection.js +14 -27
package/src/scan/fileUtils.js +33 -12
package/src/scan/formatScanOutput.ts +10 -8
package/src/scan/populateProjectIdAndProjectName.js +5 -1
package/src/scan/scan.ts +4 -0
package/src/scan/scanConfig.js +7 -7
package/src/scan/scanResults.js +46 -3
package/src/telemetry/telemetry.ts +154 -0
package/src/utils/commonApi.js +1 -1
package/src/utils/getConfig.ts +5 -18
package/src/utils/parsedCLIOptions.js +14 -1
package/src/utils/requestUtils.js +8 -1
package/dist/audit/AnalysisEngine.js +0 -37
package/dist/audit/autodetection/autoDetectLanguage.js +0 -32
package/dist/audit/dotnetAnalysisEngine/index.js +0 -25
package/dist/audit/dotnetAnalysisEngine/parseLockFileContents.js +0 -35
package/dist/audit/dotnetAnalysisEngine/parseProjectFileContents.js +0 -15
package/dist/audit/dotnetAnalysisEngine/readLockFileContents.js +0 -18
package/dist/audit/dotnetAnalysisEngine/readProjectFileContents.js +0 -14
package/dist/audit/dotnetAnalysisEngine/sanitizer.js +0 -9
package/dist/audit/goAnalysisEngine/index.js +0 -17
package/dist/audit/goAnalysisEngine/parseProjectFileContents.js +0 -164
package/dist/audit/goAnalysisEngine/readProjectFileContents.js +0 -21
package/dist/audit/goAnalysisEngine/sanitizer.js +0 -5
package/dist/audit/javaAnalysisEngine/index.js +0 -34
package/dist/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +0 -155
package/dist/audit/javaAnalysisEngine/parseProjectFileContents.js +0 -353
package/dist/audit/javaAnalysisEngine/readProjectFileContents.js +0 -98
package/dist/audit/javaAnalysisEngine/sanitizer.js +0 -5
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +0 -25
package/dist/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +0 -25
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +0 -35
package/dist/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +0 -24
package/dist/audit/languageAnalysisEngine/constants.js +0 -20
package/dist/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +0 -25
package/dist/audit/languageAnalysisEngine/index.js +0 -39
package/dist/audit/languageAnalysisEngine/languageAnalysisFactory.js +0 -66
package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +0 -166
package/dist/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +0 -40
package/dist/audit/nodeAnalysisEngine/index.js +0 -31
package/dist/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +0 -18
package/dist/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +0 -18
package/dist/audit/nodeAnalysisEngine/readNPMLockFileContents.js +0 -17
package/dist/audit/nodeAnalysisEngine/readProjectFileContents.js +0 -14
package/dist/audit/nodeAnalysisEngine/readYarnLockFileContents.js +0 -24
package/dist/audit/nodeAnalysisEngine/sanitizer.js +0 -9
package/dist/audit/phpAnalysisEngine/index.js +0 -23
package/dist/audit/phpAnalysisEngine/parseLockFileContents.js +0 -52
package/dist/audit/phpAnalysisEngine/readLockFileContents.js +0 -13
package/dist/audit/phpAnalysisEngine/readProjectFileContents.js +0 -16
package/dist/audit/phpAnalysisEngine/sanitizer.js +0 -5
package/dist/audit/pythonAnalysisEngine/index.js +0 -25
package/dist/audit/pythonAnalysisEngine/parsePipfileLockContents.js +0 -17
package/dist/audit/pythonAnalysisEngine/parseProjectFileContents.js +0 -21
package/dist/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +0 -13
package/dist/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +0 -14
package/dist/audit/pythonAnalysisEngine/sanitizer.js +0 -7
package/dist/audit/rubyAnalysisEngine/index.js +0 -25
package/dist/audit/rubyAnalysisEngine/parseGemfileLockContents.js +0 -176
package/dist/audit/rubyAnalysisEngine/parsedGemfile.js +0 -22
package/dist/audit/rubyAnalysisEngine/readGemfileContents.js +0 -14
package/dist/audit/rubyAnalysisEngine/readGemfileLockContents.js +0 -14
package/dist/audit/rubyAnalysisEngine/sanitizer.js +0 -6
package/src/audit/AnalysisEngine.js +0 -103
package/src/audit/autodetection/autoDetectLanguage.ts +0 -40
package/src/audit/dotnetAnalysisEngine/index.js +0 -26
package/src/audit/dotnetAnalysisEngine/parseLockFileContents.js +0 -47
package/src/audit/dotnetAnalysisEngine/parseProjectFileContents.js +0 -29
package/src/audit/dotnetAnalysisEngine/readLockFileContents.js +0 -30
package/src/audit/dotnetAnalysisEngine/readProjectFileContents.js +0 -26
package/src/audit/dotnetAnalysisEngine/sanitizer.js +0 -11
package/src/audit/goAnalysisEngine/index.js +0 -18
package/src/audit/goAnalysisEngine/parseProjectFileContents.js +0 -209
package/src/audit/goAnalysisEngine/readProjectFileContents.js +0 -31
package/src/audit/goAnalysisEngine/sanitizer.js +0 -7
package/src/audit/javaAnalysisEngine/index.js +0 -41
package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js +0 -225
package/src/audit/javaAnalysisEngine/parseProjectFileContents.js +0 -420
package/src/audit/javaAnalysisEngine/readProjectFileContents.js +0 -141
package/src/audit/javaAnalysisEngine/sanitizer.js +0 -6
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js +0 -36
package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js +0 -42
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js +0 -54
package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasProjectFile.js +0 -33
package/src/audit/languageAnalysisEngine/constants.js +0 -23
package/src/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js +0 -41
package/src/audit/languageAnalysisEngine/index.js +0 -45
package/src/audit/languageAnalysisEngine/languageAnalysisFactory.js +0 -96
package/src/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js +0 -251
package/src/audit/nodeAnalysisEngine/handleNPMLockFileV2.js +0 -49
package/src/audit/nodeAnalysisEngine/index.js +0 -35
package/src/audit/nodeAnalysisEngine/parseNPMLockFileContents.js +0 -20
package/src/audit/nodeAnalysisEngine/parseYarnLockFileContents.js +0 -26
package/src/audit/nodeAnalysisEngine/readNPMLockFileContents.js +0 -23
package/src/audit/nodeAnalysisEngine/readProjectFileContents.js +0 -27
package/src/audit/nodeAnalysisEngine/readYarnLockFileContents.js +0 -36
package/src/audit/nodeAnalysisEngine/sanitizer.js +0 -11
package/src/audit/phpAnalysisEngine/index.js +0 -27
package/src/audit/phpAnalysisEngine/parseLockFileContents.js +0 -60
package/src/audit/phpAnalysisEngine/readLockFileContents.js +0 -14
package/src/audit/phpAnalysisEngine/readProjectFileContents.js +0 -25
package/src/audit/phpAnalysisEngine/sanitizer.js +0 -4
package/src/audit/pythonAnalysisEngine/index.js +0 -55
package/src/audit/pythonAnalysisEngine/parsePipfileLockContents.js +0 -23
package/src/audit/pythonAnalysisEngine/parseProjectFileContents.js +0 -33
package/src/audit/pythonAnalysisEngine/readPipfileLockFileContents.js +0 -16
package/src/audit/pythonAnalysisEngine/readPythonProjectFileContents.js +0 -22
package/src/audit/pythonAnalysisEngine/sanitizer.js +0 -9
package/src/audit/rubyAnalysisEngine/index.js +0 -30
package/src/audit/rubyAnalysisEngine/parseGemfileLockContents.js +0 -215
package/src/audit/rubyAnalysisEngine/parsedGemfile.js +0 -39
package/src/audit/rubyAnalysisEngine/readGemfileContents.js +0 -18
package/src/audit/rubyAnalysisEngine/readGemfileLockContents.js +0 -17
package/src/audit/rubyAnalysisEngine/sanitizer.js +0 -8

package/src/scaAnalysis/common/treeUpload.js CHANGED Viewed

@@ -1,29 +1,43 @@
-const { getHttpClient } = require('../../utils/commonApi')
+const commonApi = require('../../utils/commonApi')
 const { APP_VERSION } = require('../../constants/constants')
 const commonSendSnapShot = async (analysis, config) => {
-  const requestBody = {
-    appID: config.applicationId,
-    cliVersion: APP_VERSION,
-    snapshot: analysis
-  }
-  const client = getHttpClient(config)
+  let requestBody = {}
+  config.experimental === true
+    ? (requestBody = sendToSCAServices(config, analysis))
+    : (requestBody = {
+        appID: config.applicationId,
+        cliVersion: APP_VERSION,
+        snapshot: analysis
+      })
+  const client = commonApi.getHttpClient(config)
   return client
     .sendSnapshot(requestBody, config)
     .then(res => {
       if (res.statusCode === 201) {
         return res.body
       } else {
-        console.log(res.statusCode)
-        console.log('error processing dependencies')
+        throw new Error(res.statusCode + ` error processing dependencies`)
       }
     })
     .catch(err => {
-      console.log(err)
+      throw err
     })
 }
+const sendToSCAServices = (config, analysis) => {
+  return {
+    applicationId: config.applicationId,
+    dependencyTree: analysis,
+    organizationId: config.organizationId,
+    language: config.language,
+    tool: {
+      name: 'Contrast Codesec',
+      version: APP_VERSION
+    }
+  }
+}
 module.exports = {
   commonSendSnapShot
 }

package/src/scaAnalysis/dotnet/analysis.js ADDED Viewed

@@ -0,0 +1,72 @@
+const fs = require('fs')
+const xml2js = require('xml2js')
+const i18n = require('i18n')
+const readAndParseProjectFile = projectFilePath => {
+  const projectFile = fs.readFileSync(projectFilePath)
+  return new xml2js.Parser({
+    explicitArray: false,
+    mergeAttrs: true
+  }).parseString(projectFile)
+}
+const readAndParseLockFile = lockFilePath => {
+  const lockFile = JSON.parse(fs.readFileSync(lockFilePath).toString())
+  let count = 0 // Used to test if some nodes are deleted
+  for (const dependenciesNode in lockFile.dependencies) {
+    for (const innerNode in lockFile.dependencies[dependenciesNode]) {
+      const nodeValidation = JSON.stringify(
+        lockFile.dependencies[dependenciesNode][innerNode]
+      )
+      if (nodeValidation.includes('"type":"Project"')) {
+        count += 1
+        delete lockFile.dependencies[dependenciesNode][innerNode]
+        lockFile.additionalInfo = 'dependenciesNote'
+      }
+    }
+  }
+  if (count > 0) {
+    const multiLevelProjectWarning = () => {
+      console.log('')
+      console.log(i18n.__('dependenciesNote'))
+    }
+    setTimeout(multiLevelProjectWarning, 7000)
+  }
+  return lockFile
+}
+const checkForCorrectFiles = languageFiles => {
+  if (!languageFiles.includes('packages.lock.json')) {
+    throw new Error(i18n.__('languageAnalysisHasNoLockFile', '.NET'))
+  }
+  if (!languageFiles.some(i => i.includes('.csproj'))) {
+    throw new Error(i18n.__('languageAnalysisProjectFileError', '.NET'))
+  }
+}
+const getDotNetDeps = (filePath, languageFiles) => {
+  checkForCorrectFiles(languageFiles)
+  const projectFileName = languageFiles.find(fileName =>
+    fileName.includes('.csproj')
+  )
+  const lockFileName = languageFiles.find(fileName =>
+    fileName.includes('.json')
+  )
+  const projectFile = readAndParseProjectFile(filePath + `/${projectFileName}`)
+  const lockFile = readAndParseLockFile(filePath + `/${lockFileName}`)
+  return { projectFile, lockFile }
+}
+module.exports = {
+  getDotNetDeps,
+  readAndParseProjectFile,
+  readAndParseLockFile,
+  checkForCorrectFiles
+}

package/src/scaAnalysis/dotnet/index.js ADDED Viewed

@@ -0,0 +1,11 @@
+const { getDotNetDeps } = require('./analysis')
+const { createDotNetTSMessage } = require('../common/formatMessage')
+const dotNetAnalysis = (config, languageFiles) => {
+  const dotNetDeps = getDotNetDeps(config.file, languageFiles.DOTNET)
+  return createDotNetTSMessage(dotNetDeps)
+}
+module.exports = {
+  dotNetAnalysis
+}

package/src/scaAnalysis/go/goAnalysis.js CHANGED Viewed

@@ -1,14 +1,21 @@
 const { createGoTSMessage } = require('../common/formatMessage')
+const {
+  parseDependenciesForSCAServices
+} = require('../common/scaParserForGoAndJava')
 const goReadDepFile = require('./goReadDepFile')
 const goParseDeps = require('./goParseDeps')
-const goAnalysis = (config, languageFiles) => {
+const goAnalysis = config => {
   try {
     const rawGoDependencies = goReadDepFile.getGoDependencies(config)
     const parsedGoDependencies =
       goParseDeps.parseGoDependencies(rawGoDependencies)
-    return createGoTSMessage(parsedGoDependencies)
+    if (config.experimental) {
+      return parseDependenciesForSCAServices(parsedGoDependencies)
+    } else {
+      return createGoTSMessage(parsedGoDependencies)
+    }
   } catch (e) {
     console.log(e.message.toString())
   }

package/src/scaAnalysis/java/analysis.js CHANGED Viewed

@@ -6,9 +6,13 @@ const fs = require('fs')
 const MAVEN = 'maven'
 const GRADLE = 'gradle'
-const determineProjectTypeAndCwd = (files, file) => {
+const determineProjectTypeAndCwd = (files, config) => {
   const projectData = {}
+  if (files.length > 1) {
+    files = files.filter(i => config.fileName.includes(i))
+  }
   if (files[0].includes('pom.xml')) {
     projectData.projectType = MAVEN
   } else if (files[0].includes('build.gradle')) {
@@ -16,9 +20,9 @@ const determineProjectTypeAndCwd = (files, file) => {
   }
   //clean up the path to be a folder not a file
-  projectData.cwd = file
-    ? file.replace('pom.xml', '').replace('build.gradle', '')
-    : file
+  projectData.cwd = config.file
+    ? config.file.replace('pom.xml', '').replace('build.gradle', '')
+    : config.file
   return projectData
 }
@@ -124,7 +128,7 @@ const getJavaBuildDeps = (config, files) => {
   }
   try {
-    const projectData = determineProjectTypeAndCwd(files, config.file)
+    const projectData = determineProjectTypeAndCwd(files, config)
     if (projectData.projectType === MAVEN) {
       output.mvnDependancyTreeOutput = buildMaven(config, projectData, timeout)
     } else if (projectData.projectType === GRADLE) {
@@ -138,5 +142,6 @@ const getJavaBuildDeps = (config, files) => {
 }
 module.exports = {
-  getJavaBuildDeps
+  getJavaBuildDeps,
+  determineProjectTypeAndCwd
 }

package/src/scaAnalysis/java/index.js CHANGED Viewed

@@ -1,6 +1,9 @@
 const analysis = require('./analysis')
 const { parseBuildDeps } = require('./javaBuildDepsParser')
 const { createJavaTSMessage } = require('../common/formatMessage')
+const {
+  parseDependenciesForSCAServices
+} = require('../common/scaParserForGoAndJava')
 const javaAnalysis = (config, languageFiles) => {
   languageFiles.JAVA.forEach(file => {
@@ -8,7 +11,12 @@ const javaAnalysis = (config, languageFiles) => {
   })
   const javaDeps = buildJavaTree(config, languageFiles.JAVA)
-  return createJavaTSMessage(javaDeps)
+  if (config.experimental) {
+    return parseDependenciesForSCAServices(javaDeps)
+  } else {
+    return createJavaTSMessage(javaDeps)
+  }
 }
 const buildJavaTree = (config, files) => {

package/src/scaAnalysis/java/javaBuildDepsParser.js CHANGED Viewed

@@ -14,14 +14,14 @@ const parseBuildDeps = (config, input) => {
 const preParser = shavedOutput => {
   let obj = []
   for (let dep in shavedOutput) {
+    shavedOutput[dep] = shaveDependencyType(shavedOutput[dep])
     obj.push(
       shavedOutput[dep]
         .replace('+-', '+---')
         .replace('[INFO]', '')
         .replace('\\-', '\\---')
         .replace(':jar:', ':')
-        .replace(':test', '')
-        .replace(':compile', '')
         .replace(' +', '+')
         .replace(' |', '|')
         .replace(' \\', '\\')
@@ -56,11 +56,29 @@ const preParser = shavedOutput => {
   return depTree
 }
+const shaveDependencyType = dep => {
+  if (dep.endsWith('\r')) {
+    dep = dep.slice(0, -1)
+  }
+  if (dep.endsWith(':test')) {
+    dep = dep.slice(0, -5)
+  }
+  if (dep.endsWith(':compile')) {
+    dep = dep.slice(0, -8)
+  }
+  if (dep.endsWith(':provided')) {
+    dep = dep.slice(0, -9)
+  }
+  return dep
+}
 const shaveOutput = (gradleDependencyTreeOutput, projectType) => {
   let shavedOutput = gradleDependencyTreeOutput.split('\n')
-  // console.log(projectType)
   if (projectType === 'maven') {
     shavedOutput = preParser(shavedOutput)
   }
@@ -375,7 +393,6 @@ const validateIndentation = shavedOutput => {
 const parseGradle = (gradleDependencyTreeOutput, config, projectType) => {
   let shavedOutput = shaveOutput(gradleDependencyTreeOutput, projectType)
   if (config.subProject) {
     let subProject = parseSubProject(shavedOutput)
     let validatedOutput = validateIndentation(subProject)
@@ -400,5 +417,7 @@ module.exports = {
   computeRelationToLastElement,
   addIndentation,
   computeLevel,
-  computeIndentation
+  computeIndentation,
+  shaveDependencyType,
+  preParser
 }

package/src/scaAnalysis/javascript/analysis.js CHANGED Viewed

@@ -12,7 +12,7 @@ const readFile = async (config, languageFiles, nameOfFile) => {
   if (config.file) {
     return fs.readFileSync(config.file.concat(languageFiles[index]), 'utf8')
   } else {
-    console.log('could not find file')
+    throw new Error('could not find file')
   }
 }
@@ -40,8 +40,7 @@ const readYarn = async (config, languageFiles, nameOfFile) => {
     return yarn
   } catch (err) {
-    console.log(i18n.__('nodeReadYarnLockFileError') + `${err.message}`)
-    return
+    throw new Error(i18n.__('nodeReadYarnLockFileError') + `${err.message}`)
   }
 }
@@ -80,8 +79,7 @@ const parseNpmLockFile = async js => {
       return js.npmLockFile
     }
   } catch (err) {
-    console.log(i18n.__('NodeParseNPM') + `${err.message}`)
-    return
+    throw new Error(i18n.__('NodeParseNPM') + `${err.message}`)
   }
 }
@@ -113,8 +111,9 @@ const parseYarnLockFile = async js => {
       return js
     }
   } catch (err) {
-    console.log(i18n.__('NodeParseYarn') + `${err.message}`)
-    return
+    throw new Error(
+      i18n.__('NodeParseYarn', js.yarn.yarnVersion) + `${err.message}`
+    )
   }
 }

package/src/scaAnalysis/javascript/index.js CHANGED Viewed

@@ -3,12 +3,10 @@ const i18n = require('i18n')
 const formatMessage = require('../common/formatMessage')
 const jsAnalysis = async (config, languageFiles) => {
-  if (
-    languageFiles.JAVASCRIPT.includes('package-lock.json') &&
-    languageFiles.JAVASCRIPT.includes('yarn.lock')
-  ) {
-    console.log(i18n.__('languageAnalysisMultipleLanguages1'))
-    return
+  checkForCorrectFiles(languageFiles)
+  if (!config.file.endsWith('/')) {
+    config.file = config.file.concat('/')
   }
   return buildNodeTree(config, languageFiles.JAVASCRIPT)
 }
@@ -51,6 +49,27 @@ const parseFiles = async (config, files, js) => {
   return js
 }
+const checkForCorrectFiles = languageFiles => {
+  if (
+    languageFiles.JAVASCRIPT.includes('package-lock.json') &&
+    languageFiles.JAVASCRIPT.includes('yarn.lock')
+  ) {
+    throw new Error(
+      i18n.__('languageAnalysisHasMultipleLockFiles', 'javascript')
+    )
+  }
+  if (
+    !languageFiles.JAVASCRIPT.includes('package-lock.json') &&
+    !languageFiles.JAVASCRIPT.includes('yarn.lock')
+  ) {
+    throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'javascript'))
+  }
+  if (!languageFiles.JAVASCRIPT.includes('package.json')) {
+    throw new Error(i18n.__('languageAnalysisHasNoPackageJsonFile'))
+  }
+}
 module.exports = {
   jsAnalysis
 }

package/src/scaAnalysis/php/analysis.js CHANGED Viewed

@@ -2,24 +2,24 @@ const fs = require('fs')
 const i18n = require('i18n')
 const _ = require('lodash')
-let php = {}
+const readFile = (config, nameOfFile) => {
+  if (config.file) {
+    try {
+      return fs.readFileSync(config.file + '/' + nameOfFile)
+    } catch (error) {
+      console.log('Unable to find file')
+      console.log(error)
+    }
+  }
+}
-const readProjectFile = (projectPath, customFile) => {
-  const filePath = filePathForWindows(projectPath + customFile)
+const parseProjectFiles = php => {
   try {
-    php.composerJSON = JSON.parse(fs.readFileSync(filePath, 'utf8')) //wrong here
+    // composer.json
     php.composerJSON.dependencies = php.composerJSON.require
     php.composerJSON.devDependencies = php.composerJSON['require-dev']
-    return php
-  } catch (err) {
-    console.log(err.message.toString())
-  }
-}
-const readAndParseLockFile = (projectPath, customFile) => {
-  const filePath = filePathForWindows(projectPath + customFile)
-  try {
-    php.rawLockFileContents = JSON.parse(fs.readFileSync(filePath, 'utf8'))
+    // composer.lock
     php.lockFile = php.rawLockFileContents
     let packages = _.keyBy(php.lockFile.packages, 'name')
     let packagesDev = _.keyBy(php.lockFile['packages-dev'], 'name')
@@ -54,25 +54,6 @@ const readAndParseLockFile = (projectPath, customFile) => {
   }
 }
-const getPhpDeps = (config, files) => {
-  try {
-    return (
-      readProjectFile(config.file, files[0].projectFilename),
-      readAndParseLockFile(config.file, files[1].lockFilename)
-    )
-  } catch (err) {
-    console.log(err.message.toString())
-    process.exit(1)
-  }
-}
-const filePathForWindows = path => {
-  if (process.platform === 'win32') {
-    path = path.replace(/\//g, '\\')
-  }
-  return path
-}
 function addChildDepToLockFileAsOwnObj(php, depObj, key) {
   php.lockFile.dependencies[key] = { version: depObj[key] }
 }
@@ -92,7 +73,6 @@ function formatParentDepToLockFile(php) {
 }
 module.exports = {
-  getPhpDeps,
-  readAndParseLockFile,
-  readProjectFile
+  parseProjectFiles,
+  readFile
 }

package/src/scaAnalysis/php/index.js CHANGED Viewed

@@ -1,9 +1,20 @@
-const { getPhpDeps } = require('./analysis')
+const { readFile, parseProjectFiles } = require('./analysis')
 const { createPhpTSMessage } = require('../common/formatMessage')
-const phpAnalysis = (config, languageFiles) => {
-  const phpDeps = getPhpDeps(config, languageFiles.PHP)
-  return createPhpTSMessage(phpDeps)
+const phpAnalysis = (config, files) => {
+  let analysis = readFiles(config, files.PHP)
+  const phpDep = parseProjectFiles(analysis)
+  return createPhpTSMessage(phpDep)
+}
+const readFiles = (config, files) => {
+  let php = {}
+  php.composerJSON = JSON.parse(readFile(config, 'composer.json'))
+  php.rawLockFileContents = JSON.parse(readFile(config, 'composer.lock'))
+  return php
 }
 module.exports = {

package/src/scaAnalysis/python/analysis.js CHANGED Viewed

@@ -1,5 +1,6 @@
 const multiReplace = require('string-multiple-replace')
 const fs = require('fs')
+const i18n = require('i18n')
 const readAndParseProjectFile = file => {
   const filePath = filePathForWindows(file + '/Pipfile')
@@ -23,12 +24,52 @@ const readAndParseLockFile = file => {
   return parsedPipLock
 }
-const getPythonDeps = config => {
+const readLockFile = file => {
+  const filePath = filePathForWindows(file + '/Pipfile.lock')
+  const lockFile = fs.readFileSync(filePath, 'utf8')
+  let parsedPipLock = JSON.parse(lockFile)
+  return parsedPipLock['default']
+}
+const scaPythonParser = pythonDependencies => {
+  let pythonParsedDeps = {}
+  for (let key in pythonDependencies) {
+    pythonParsedDeps[key] = {}
+    pythonParsedDeps[key].version = pythonDependencies[key].version.replace(
+      '==',
+      ''
+    )
+    pythonParsedDeps[key].group = null
+    pythonParsedDeps[key].name = key
+    pythonParsedDeps[key].isProduction = true
+    pythonParsedDeps[key].dependencies = []
+    pythonParsedDeps[key].directDependency = true
+  }
+  return pythonParsedDeps
+}
+const checkForCorrectFiles = languageFiles => {
+  if (!languageFiles.includes('Pipfile.lock')) {
+    throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'python'))
+  }
+  if (!languageFiles.includes('Pipfile')) {
+    throw new Error(i18n.__('languageAnalysisProjectFileError', 'python'))
+  }
+}
+const getPythonDeps = (config, languageFiles) => {
   try {
-    const parseProject = readAndParseProjectFile(config.file)
-    const parsePip = readAndParseLockFile(config.file)
+    if (config.experimental) {
+      let pythonLockFileContents = readLockFile(config.file)
+      return scaPythonParser(pythonLockFileContents)
+    } else {
+      checkForCorrectFiles(languageFiles)
+      const parseProject = readAndParseProjectFile(config.file)
+      const parsePip = readAndParseLockFile(config.file)
-    return { pipfileLock: parsePip, pipfilDependanceies: parseProject }
+      return { pipfileLock: parsePip, pipfilDependanceies: parseProject }
+    }
   } catch (err) {
     console.log(err.message.toString())
     process.exit(1)
@@ -44,6 +85,9 @@ const filePathForWindows = path => {
 module.exports = {
   getPythonDeps,
+  scaPythonParser,
+  readAndParseLockFile,
   readAndParseProjectFile,
-  readAndParseLockFile
+  checkForCorrectFiles,
+  readLockFile
 }

package/src/scaAnalysis/python/index.js CHANGED Viewed

@@ -1,9 +1,14 @@
 const { createPythonTSMessage } = require('../common/formatMessage')
-const { getPythonDeps } = require('./analysis')
+const { getPythonDeps, secondaryParser } = require('./analysis')
 const pythonAnalysis = (config, languageFiles) => {
   const pythonDeps = getPythonDeps(config, languageFiles.PYTHON)
-  return createPythonTSMessage(pythonDeps)
+  if (config.experimental) {
+    return pythonDeps
+  } else {
+    return createPythonTSMessage(pythonDeps)
+  }
 }
 module.exports = {

package/src/scaAnalysis/ruby/analysis.js CHANGED Viewed

@@ -1,8 +1,8 @@
 const fs = require('fs')
+const i18n = require('i18n')
 const readAndParseGemfile = file => {
-  const fileName = filePathForWindows(file + '/Gemfile')
-  const gemFile = fs.readFileSync(fileName, 'utf8')
+  const gemFile = fs.readFileSync(file + '/Gemfile', 'utf8')
   const rubyArray = gemFile.split('\n')
   let filteredRubyDep = rubyArray.filter(element => {
@@ -21,8 +21,7 @@ const readAndParseGemfile = file => {
 }
 const readAndParseGemLockFile = file => {
-  const fileName = filePathForWindows(file + '/Gemfile.lock')
-  const lockFile = fs.readFileSync(fileName, 'utf8')
+  const lockFile = fs.readFileSync(file + '/Gemfile.lock', 'utf8')
   const dependencyRegEx = /^\s*([A-Za-z0-9.!@#$%\-^&*_+]*)\s*(\((.*?)\))/
   const lines = lockFile.split('\n')
@@ -243,27 +242,30 @@ const buildSourceDependencyWithVersion = (
   return dependencies
 }
-const getRubyDeps = config => {
+const getRubyDeps = (config, languageFiles) => {
   try {
+    checkForCorrectFiles(languageFiles)
     const parsedGem = readAndParseGemfile(config.file)
     const parsedLock = readAndParseGemLockFile(config.file)
     return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock }
   } catch (err) {
-    console.log(err.message)
-    process.exit(1)
+    throw err
   }
 }
-const trimWhiteSpace = string => {
-  return string.replace(/\s+/g, '')
-}
+const checkForCorrectFiles = languageFiles => {
+  if (!languageFiles.includes('Gemfile.lock')) {
+    throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'ruby'))
+  }
-const filePathForWindows = path => {
-  if (process.platform === 'win32') {
-    path = path.replace(/\//g, '\\')
+  if (!languageFiles.includes('Gemfile')) {
+    throw new Error(i18n.__('languageAnalysisProjectFileError', 'ruby'))
   }
-  return path
+}
+const trimWhiteSpace = string => {
+  return string.replace(/\s+/g, '')
 }
 module.exports = {
@@ -278,5 +280,6 @@ module.exports = {
   getVersion,
   getPatchLevel,
   formatSourceArr,
-  getSourceArray
+  getSourceArray,
+  checkForCorrectFiles
 }