@contrast/contrast 1.0.8 → 1.0.9

package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js

@@ -2,17 +2,6 @@
 const fs = require('fs');
 const path = require('path');
 const i18n = require('i18n');
-module.exports = exports = (analysis, next) => {
-    const { file, languageAnalysis } = analysis;
-    try {
-        languageAnalysis.projectRootFilenames = getProjectRootFilenames(file);
-    }
-    catch (err) {
-        next(err);
-        return;
-    }
-    next();
-};
 const getProjectRootFilenames = file => {
     let projectStats = null;
     try {
@@ -36,4 +25,6 @@ const getProjectRootFilenames = file => {
     }
     throw new Error(i18n.__('languageAnalysisProjectRootFileNameMissingError'), file);
 };
-exports.getProjectRootFilenames = getProjectRootFilenames;
+module.exports = {
+    getProjectRootFilenames
+};

package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getNumOfAndSeverityType = exports.buildFormattedHeaderNum = exports.buildBody = exports.buildHeader = exports.printFormattedOutput = exports.printVulnerabilityResponse = exports.getReport = exports.createLibraryHeader = void 0;
+exports.getNumOfAndSeverityType = exports.buildFormattedHeaderNum = exports.gatherRemediationAdvice = exports.buildBody = exports.buildHeader = exports.printFormattedOutput = exports.printVulnerabilityResponse = exports.getReport = exports.createSummaryMessage = void 0;
 const commonApi_1 = require("../../../utils/commonApi");
 const reportListModel_1 = require("./models/reportListModel");
 const lodash_1 = require("lodash");
@@ -12,12 +12,13 @@ const reportUtils_1 = require("./utils/reportUtils");
 const severityCountModel_1 = require("./models/severityCountModel");
 const reportOutputModel_1 = require("./models/reportOutputModel");
 const constants_1 = require("../../../constants/constants");
-const createLibraryHeader = (id, numberOfVulnerableLibraries, numberOfCves) => {
+const cli_table3_1 = __importDefault(require("cli-table3"));
+const createSummaryMessage = (numberOfVulnerableLibraries, numberOfCves) => {
     numberOfVulnerableLibraries === 1
-        ? console.log(`Found 1 vulnerable library containing ${numberOfCves} CVEs`)
-        : console.log(`Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs `);
+        ? console.log(`Found 1 vulnerable library containing ${numberOfCves} CVE`)
+        : console.log(`Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs`);
 };
-exports.createLibraryHeader = createLibraryHeader;
+exports.createSummaryMessage = createSummaryMessage;
 const getReport = async (config, reportId) => {
     const client = (0, commonApi_1.getHttpClient)(config);
     return client
@@ -36,16 +37,18 @@ const getReport = async (config, reportId) => {
     });
 };
 exports.getReport = getReport;
-const printVulnerabilityResponse = (vulnerabilities, config) => {
+const printVulnerabilityResponse = (config, vulnerableLibraries, numberOfVulnerableLibraries, numberOfCves, guidance) => {
     let hasSomeVulnerabilitiesReported = false;
-    (0, exports.printFormattedOutput)(vulnerabilities, config);
-    if (Object.keys(vulnerabilities).length > 0) {
+    (0, exports.printFormattedOutput)(config, vulnerableLibraries, numberOfVulnerableLibraries, numberOfCves, guidance);
+    if (Object.keys(vulnerableLibraries).length > 0) {
         hasSomeVulnerabilitiesReported = true;
     }
     return hasSomeVulnerabilitiesReported;
 };
 exports.printVulnerabilityResponse = printVulnerabilityResponse;
-const printFormattedOutput = (libraries, config) => {
+const printFormattedOutput = (config, libraries, numberOfVulnerableLibraries, numberOfCves, guidance) => {
+    (0, exports.createSummaryMessage)(numberOfVulnerableLibraries, numberOfCves);
+    console.log();
     const report = new reportListModel_1.ReportList();
     for (const library of libraries) {
         const { name, version } = (0, reportUtils_1.findNameAndVersion)(library, config);
@@ -59,23 +62,46 @@ const printFormattedOutput = (libraries, config) => {
         (reportListItem) => {
             return reportListItem.compositeKey.numberOfSeverities;
         }
-    ], ['desc']);
-    let contrastHeaderNumCounter = outputOrderedByLowestSeverityAndLowestNumOfCvesFirst.length + 1;
+    ], ['asc', 'desc']);
+    let contrastHeaderNumCounter = 0;
     for (const reportModel of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
-        contrastHeaderNumCounter--;
+        contrastHeaderNumCounter++;
         const { libraryName, libraryVersion, highestSeverity } = reportModel.compositeKey;
         const numOfCVEs = reportModel.cveArray.length;
+        const table = new cli_table3_1.default({
+            chars: {
+                top: '',
+                'top-mid': '',
+                'top-left': '',
+                'top-right': '',
+                bottom: '',
+                'bottom-mid': '',
+                'bottom-left': '',
+                'bottom-right': '',
+                left: '',
+                'left-mid': '',
+                mid: '',
+                'mid-mid': '',
+                right: '',
+                'right-mid': '',
+                middle: ' '
+            },
+            style: { 'padding-left': 0, 'padding-right': 0 },
+            colAligns: ['right'],
+            wordWrap: true,
+            colWidths: [12, 1, 100]
+        });
         const header = buildHeader(highestSeverity, contrastHeaderNumCounter, libraryName, libraryVersion, numOfCVEs);
-        const body = buildBody(reportModel.cveArray);
+        const advice = gatherRemediationAdvice(guidance, reportModel);
+        const body = buildBody(reportModel.cveArray, advice);
         const reportOutputModel = new reportOutputModel_1.ReportOutputModel(header, body);
+        table.push(reportOutputModel.body.issueMessage, reportOutputModel.body.issueMessageCves, reportOutputModel.body.adviceMessage);
         console.log(reportOutputModel.header.vulnMessage, reportOutputModel.header.introducesMessage);
-        console.log(reportOutputModel.body.issueMessage);
-        console.log(reportOutputModel.body.adviceMessage + '\n');
-    }
-    const { criticalMessage, highMessage, mediumMessage, lowMessage, noteMessage, total } = buildFooter(libraries);
-    if (total > 1) {
-        console.log(`${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`);
+        console.log(table.toString() + '\n');
     }
+    (0, exports.createSummaryMessage)(numberOfVulnerableLibraries, numberOfCves);
+    const { criticalMessage, highMessage, mediumMessage, lowMessage, noteMessage } = buildFooter(outputOrderedByLowestSeverityAndLowestNumOfCvesFirst);
+    console.log(`${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`);
 };
 exports.printFormattedOutput = printFormattedOutput;
 function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, numOfCVEs) {
@@ -84,56 +110,48 @@ function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, n
     const vulnMessage = chalk_1.default
         .hex(highestSeverity.outputColour)
         .bold(`${formattedHeaderNum} - [${highestSeverity.severity}] ${libraryName}-${version}`);
-    const introducesMessage = chalk_1.default.bold(`introduces ${numOfCVEs} ${vulnerabilityPluralised}`);
+    const introducesMessage = `introduces ${numOfCVEs} ${vulnerabilityPluralised}`;
     return new reportOutputModel_1.ReportOutputHeaderModel(vulnMessage, introducesMessage);
 }
 exports.buildHeader = buildHeader;
-function buildBody(cveArray) {
+function buildBody(cveArray, advice) {
     const cveMessages = [];
     (0, reportUtils_1.findCVESeveritiesAndOrderByHighestPriority)(cveArray).forEach(reportSeverityModel => {
         const { outputColour, severity, cveName } = reportSeverityModel;
         const severityShorthand = chalk_1.default
             .hex(outputColour)
             .bold(`[${severity.charAt(0).toUpperCase()}]`);
-        const builtMessage = `${severityShorthand} ${cveName}`;
+        const builtMessage = severityShorthand + cveName;
         cveMessages.push(builtMessage);
     });
     const numAndSeverityType = getNumOfAndSeverityType(cveArray);
-    const issueMessage = ` ${chalk_1.default.bold('Issue')}  : ${numAndSeverityType} ${cveMessages.join(', ')}.`;
-    const adviceMessage = ` ${chalk_1.default.bold('Advice')} : ${chalk_1.default.bold('Update to latest version')}.`;
-    return new reportOutputModel_1.ReportOutputBodyModel(issueMessage, adviceMessage);
+    const issueMessage = [chalk_1.default.bold('Issue'), ':', `${numAndSeverityType}`];
+    const issueMessageCves = ['', '', cveMessages.join(', ')];
+    const displayAdvice = advice?.minimum
+        ? `Update to version ${chalk_1.default.bold(advice.minimum)}`
+        : `Update to latest version`;
+    const adviceMessage = [chalk_1.default.bold('Advice'), ':', displayAdvice];
+    return new reportOutputModel_1.ReportOutputBodyModel(issueMessage, issueMessageCves, adviceMessage);
 }
 exports.buildBody = buildBody;
-const buildFooter = (libraries) => {
-    const { critical, high, medium, low, note, getTotal } = (0, reportUtils_1.severityCountAllLibraries)(libraries);
-    const criticalMessage = chalk_1.default
-        .hex(constants_1.CRITICAL_COLOUR)
-        .bold(`${critical} Critical`);
-    const highMessage = chalk_1.default.hex(constants_1.HIGH_COLOUR).bold(`${high} High`);
-    const mediumMessage = chalk_1.default.hex(constants_1.MEDIUM_COLOUR).bold(`${medium} Medium`);
-    const lowMessage = chalk_1.default.hex(constants_1.LOW_COLOUR).bold(`${low} Low`);
-    const noteMessage = chalk_1.default.hex(constants_1.NOTE_COLOUR).bold(`${note} Note`);
-    return {
-        criticalMessage,
-        highMessage,
-        mediumMessage,
-        lowMessage,
-        noteMessage,
-        total: getTotal
+function gatherRemediationAdvice(guidance, reportModel) {
+    const guidanceData = {
+        minimum: undefined,
+        maximum: undefined,
+        latest: undefined
     };
-};
-function buildFormattedHeaderNum(contrastHeaderNum) {
-    let formattedHeaderNum;
-    if (contrastHeaderNum < 10) {
-        formattedHeaderNum = `00${contrastHeaderNum}`;
-    }
-    else if (contrastHeaderNum >= 10 && contrastHeaderNum < 100) {
-        formattedHeaderNum = `0${contrastHeaderNum}`;
-    }
-    else if (contrastHeaderNum >= 100) {
-        formattedHeaderNum = contrastHeaderNum;
+    const data = guidance[reportModel.compositeKey.libraryName +
+        '@' +
+        reportModel.compositeKey.libraryVersion];
+    if (data) {
+        guidanceData.minimum = data.minUpgradeVersion;
+        guidanceData.maximum = data.maxUpgradeVersion;
     }
-    return `CONTRAST-${formattedHeaderNum}`;
+    return guidanceData;
+}
+exports.gatherRemediationAdvice = gatherRemediationAdvice;
+function buildFormattedHeaderNum(contrastHeaderNum) {
+    return `CONTRAST-${contrastHeaderNum.toString().padStart(3, '0')}`;
 }
 exports.buildFormattedHeaderNum = buildFormattedHeaderNum;
 function getNumOfAndSeverityType(cveArray) {
@@ -148,3 +166,20 @@ function getNumOfAndSeverityType(cveArray) {
         .trim();
 }
 exports.getNumOfAndSeverityType = getNumOfAndSeverityType;
+const buildFooter = (reportModelStructure) => {
+    const { critical, high, medium, low, note } = (0, reportUtils_1.countVulnerableLibrariesBySeverity)(reportModelStructure);
+    const criticalMessage = chalk_1.default
+        .hex(constants_1.CRITICAL_COLOUR)
+        .bold(`${critical} Critical`);
+    const highMessage = chalk_1.default.hex(constants_1.HIGH_COLOUR).bold(`${high} High`);
+    const mediumMessage = chalk_1.default.hex(constants_1.MEDIUM_COLOUR).bold(`${medium} Medium`);
+    const lowMessage = chalk_1.default.hex(constants_1.LOW_COLOUR).bold(`${low} Low`);
+    const noteMessage = chalk_1.default.hex(constants_1.NOTE_COLOUR).bold(`${note} Note`);
+    return {
+        criticalMessage,
+        highMessage,
+        mediumMessage,
+        lowMessage,
+        noteMessage
+    };
+};

package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js

@@ -16,9 +16,10 @@ class ReportOutputHeaderModel {
 }
 exports.ReportOutputHeaderModel = ReportOutputHeaderModel;
 class ReportOutputBodyModel {
-    constructor(bodyIssueMessage, bodyAdviceMessage) {
-        this.issueMessage = bodyIssueMessage;
-        this.adviceMessage = bodyAdviceMessage;
+    constructor(issueMessage, issueMessageCves, adviceMessage) {
+        this.issueMessage = issueMessage;
+        this.issueMessageCves = issueMessageCves;
+        this.adviceMessage = adviceMessage;
     }
 }
 exports.ReportOutputBodyModel = ReportOutputBodyModel;

package/dist/audit/languageAnalysisEngine/report/reportingFeature.js

@@ -1,23 +1,68 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.vulnerabilityReportV2 = exports.formatVulnerabilityOutput = exports.vulnerabilityReport = void 0;
+exports.vulnerabilityReportV2 = exports.formatVulnerabilityOutput = exports.convertJSDotNetPython = exports.convertKeysToStandardFormat = void 0;
 const commonReportingFunctions_1 = require("./commonReportingFunctions");
 const reportUtils_1 = require("./utils/reportUtils");
 const i18n_1 = __importDefault(require("i18n"));
 const chalk_1 = __importDefault(require("chalk"));
-async function vulnerabilityReport(analysis, applicationId, reportId) {
-    const reportResponse = await (0, commonReportingFunctions_1.getReport)(analysis.config, reportId);
-    if (reportResponse !== undefined) {
-        const id = applicationId;
-        formatVulnerabilityOutput(reportResponse.vulnerabilities, id, analysis.config);
+const constants = __importStar(require("../../../constants/constants"));
+function convertKeysToStandardFormat(config, guidance) {
+    let convertedGuidance = guidance;
+    switch (config.language) {
+        case constants.supportedLanguages.JAVA:
+        case constants.supportedLanguages.GO:
+        case constants.supportedLanguages.PHP:
+            break;
+        case constants.supportedLanguages.NODE:
+        case constants.supportedLanguages.DOTNET:
+        case constants.supportedLanguages.PYTHON:
+        case constants.supportedLanguages.RUBY:
+            convertedGuidance = convertJSDotNetPython(guidance);
+            break;
     }
+    return convertedGuidance;
+}
+exports.convertKeysToStandardFormat = convertKeysToStandardFormat;
+function convertJSDotNetPython(guidance) {
+    const returnObject = {};
+    Object.entries(guidance).forEach(([key, value]) => {
+        const splitKey = key.split('/');
+        if (splitKey.length === 2) {
+            returnObject[splitKey[1]] = value;
+        }
+    });
+    return returnObject;
 }
-exports.vulnerabilityReport = vulnerabilityReport;
-function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, config) {
+exports.convertJSDotNetPython = convertJSDotNetPython;
+function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, config, remediationGuidance) {
     const vulnerableLibraries = (0, reportUtils_1.convertGenericToTypedLibraryVulns)(libraryVulnerabilityResponse);
+    const guidance = convertKeysToStandardFormat(config, remediationGuidance);
     const numberOfVulnerableLibraries = vulnerableLibraries.length;
     if (numberOfVulnerableLibraries === 0) {
         console.log(i18n_1.default.__('scanNoVulnerabilitiesFound'));
@@ -29,8 +74,7 @@ function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, config) {
     else {
         let numberOfCves = 0;
         vulnerableLibraries.forEach(lib => (numberOfCves += lib.cveArray.length));
-        (0, commonReportingFunctions_1.createLibraryHeader)(id, numberOfVulnerableLibraries, numberOfCves);
-        const hasSomeVulnerabilitiesReported = (0, commonReportingFunctions_1.printVulnerabilityResponse)(vulnerableLibraries, config);
+        const hasSomeVulnerabilitiesReported = (0, commonReportingFunctions_1.printVulnerabilityResponse)(config, vulnerableLibraries, numberOfVulnerableLibraries, numberOfCves, guidance);
         return [
             hasSomeVulnerabilitiesReported,
             numberOfCves,
@@ -40,10 +84,13 @@ function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, config) {
 }
 exports.formatVulnerabilityOutput = formatVulnerabilityOutput;
 async function vulnerabilityReportV2(config, reportId) {
+    console.log();
     const reportResponse = await (0, commonReportingFunctions_1.getReport)(config, reportId);
     if (reportResponse !== undefined) {
         const name = config.applicationName;
-        formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config);
+        formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config, reportResponse.remediationGuidance
+            ? reportResponse.remediationGuidance
+            : {});
     }
 }
 exports.vulnerabilityReportV2 = vulnerabilityReportV2;

package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js

@@ -3,10 +3,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraryVulns = exports.findCVESeverity = exports.findCVESeveritiesAndOrderByHighestPriority = exports.findHighestSeverityCVE = void 0;
+exports.countVulnerableLibrariesBySeverity = exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraryVulns = exports.findCVESeverity = exports.findCVESeveritiesAndOrderByHighestPriority = exports.findHighestSeverityCVE = void 0;
 const reportLibraryModel_1 = require("../models/reportLibraryModel");
 const reportSeverityModel_1 = require("../models/reportSeverityModel");
-const constants_1 = __importDefault(require("../../../languageAnalysisEngine/constants"));
+const constants_1 = __importDefault(require("./../../../../constants/constants"));
 const constants_2 = require("../../../../constants/constants");
 const lodash_1 = require("lodash");
 const severityCountModel_1 = require("../models/severityCountModel");
@@ -86,11 +86,44 @@ function findNameAndVersion(library, config) {
         return { name, version };
     }
     else {
-        const splitLibraryName = library.name.split('/');
-        const nameVersion = splitLibraryName[1].split('@');
-        const name = nameVersion[0];
+        const uniqueSplitLibraryName = [...new Set(library.name.split('/'))];
+        const nameVersion = uniqueSplitLibraryName[1].split('@');
+        let parentLibrary;
+        let name;
+        if (uniqueSplitLibraryName[0] !== 'null' &&
+            uniqueSplitLibraryName[0] !== '' &&
+            !uniqueSplitLibraryName[1].includes(uniqueSplitLibraryName[0])) {
+            parentLibrary = uniqueSplitLibraryName[0];
+            name = `${parentLibrary}/${nameVersion[0]}`;
+        }
+        else {
+            name = nameVersion[0];
+        }
         const version = nameVersion[1];
         return { name, version };
     }
 }
 exports.findNameAndVersion = findNameAndVersion;
+function countVulnerableLibrariesBySeverity(reportModelStructure) {
+    const severityCount = new severityCountModel_1.SeverityCountModel();
+    reportModelStructure.forEach(vuln => {
+        const currentSeverity = vuln.compositeKey.highestSeverity.severity;
+        if (currentSeverity === 'CRITICAL') {
+            severityCount.critical += 1;
+        }
+        else if (currentSeverity === 'HIGH') {
+            severityCount.high += 1;
+        }
+        else if (currentSeverity === 'MEDIUM') {
+            severityCount.medium += 1;
+        }
+        else if (currentSeverity === 'LOW') {
+            severityCount.low += 1;
+        }
+        else if (currentSeverity === 'NOTE') {
+            severityCount.note += 1;
+        }
+    });
+    return severityCount;
+}
+exports.countVulnerableLibrariesBySeverity = countVulnerableLibrariesBySeverity;

package/dist/audit/languageAnalysisEngine/sendSnapshot.js

@@ -1,6 +1,4 @@
 "use strict";
-const { handleResponseErrors } = require('../../common/errorHandling');
-const { APP_VERSION } = require('../../constants/constants');
 const commonApi = require('../../utils/commonApi');
 const _ = require('lodash');
 const oraFunctions = require('../../utils/oraWrapper');
@@ -8,28 +6,6 @@ const i18n = require('i18n');
 const oraWrapper = require('../../utils/oraWrapper');
 const requestUtils = require('../../utils/requestUtils');
 const { performance } = require('perf_hooks');
-const newSendSnapShot = async (analysis) => {
-    const analysisLanguage = analysis.config.language.toLowerCase();
-    const requestBody = {
-        appID: analysis.config.applicationId,
-        cliVersion: APP_VERSION,
-        snapshot: { [analysisLanguage]: analysis[analysisLanguage] }
-    };
-    const client = commonApi.getHttpClient(analysis.config);
-    return client
-        .sendSnapshot(requestBody, analysis.config)
-        .then(res => {
-        if (res.statusCode === 201) {
-            return res.body;
-        }
-        else {
-            handleResponseErrors(res, 'snapshot');
-        }
-    })
-        .catch(err => {
-        console.log(err);
-    });
-};
 const pollSnapshotResults = async (config, snapshotId, client) => {
     await requestUtils.sleep(5000);
     return client
@@ -47,9 +23,9 @@ const getTimeout = config => {
     }
     else {
         if (config.verbose) {
-            console.log('Timeout set to 2 minutes');
+            console.log('Timeout set to 5 minutes');
         }
-        return 120;
+        return 300;
     }
 };
 const pollForSnapshotCompletition = async (config, snapshotId, reportSpinner) => {
@@ -78,14 +54,14 @@ const pollForSnapshotCompletition = async (config, snapshotId, reportSpinner) =>
             }
             const endTime = performance.now() - startTime;
             if (requestUtils.millisToSeconds(endTime) > timeout) {
-                oraFunctions.failSpinner(reportSpinner, 'Contrast audit timed out at the specified ' + timeout + ' seconds.');
-                console.log('Please try again, allowing more time.');
-                process.exit(1);
+                oraFunctions.failSpinner(reportSpinner, 'Contrast audit timed out at the specified timeout of ' +
+                    timeout +
+                    ' seconds.');
+                throw new Error('You can update the timeout using --timeout');
             }
         }
     }
 };
 module.exports = {
-    newSendSnapShot: newSendSnapShot,
     pollForSnapshotCompletition: pollForSnapshotCompletition
 };

package/dist/audit/save.js

@@ -4,24 +4,32 @@ const i18n = require('i18n');
 const chalk = require('chalk');
 const save = require('../commands/audit/saveFile');
 const sbom = require('../sbom/generateSbom');
+const { SBOM_CYCLONE_DX_FILE, SBOM_SPDX_FILE } = require('../constants/constants');
 async function auditSave(config) {
-    if (config.save) {
-        if (config.save.toLowerCase() === 'sbom') {
-            save.saveFile(config, await sbom.generateSbom(config));
-            const filename = `${config.applicationId}-sbom-cyclonedx.json`;
-            if (fs.existsSync(filename)) {
-                console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`);
-            }
-            else {
-                console.log(chalk.yellow.bold(`\n Unable to save ${filename} Software Bill of Materials (SBOM)`));
-            }
+    let fileFormat;
+    switch (config.save) {
+        case null:
+        case SBOM_CYCLONE_DX_FILE:
+            fileFormat = SBOM_CYCLONE_DX_FILE;
+            break;
+        case SBOM_SPDX_FILE:
+            fileFormat = SBOM_SPDX_FILE;
+            break;
+        default:
+            break;
+    }
+    if (fileFormat) {
+        save.saveFile(config, fileFormat, await sbom.generateSbom(config, fileFormat));
+        const filename = `${config.applicationId}-sbom-${fileFormat}.json`;
+        if (fs.existsSync(filename)) {
+            console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`);
         }
         else {
-            console.log(i18n.__('auditBadFiletypeSpecifiedForSave'));
+            console.log(chalk.yellow.bold(`\n Unable to save ${filename} Software Bill of Materials (SBOM)`));
         }
     }
-    else if (config.save === null) {
-        console.log(i18n.__('auditNoFiletypeSpecifiedForSave'));
+    else {
+        console.log(i18n.__('auditBadFiletypeSpecifiedForSave'));
     }
 }
 module.exports = {

package/dist/commands/audit/auditConfig.js

@@ -7,25 +7,9 @@ exports.getAuditConfig = void 0;
 const paramHandler_1 = __importDefault(require("../../utils/paramsUtil/paramHandler"));
 const constants_1 = __importDefault(require("../../constants"));
 const parsedCLIOptions_1 = __importDefault(require("../../utils/parsedCLIOptions"));
-const constants_2 = __importDefault(require("../../audit/languageAnalysisEngine/constants"));
-const autoDetectLanguage_1 = require("../../audit/autodetection/autoDetectLanguage");
-const { supportedLanguages: { NODE, JAVASCRIPT } } = constants_2.default;
 const getAuditConfig = (argv) => {
     const auditParameters = parsedCLIOptions_1.default.getCommandLineArgsCustom(argv, constants_1.default.commandLineDefinitions.auditOptionDefinitions);
     const paramsAuth = paramHandler_1.default.getAuth(auditParameters);
-    if (auditParameters.language === undefined ||
-        auditParameters.language === null) {
-        try {
-            auditParameters.language = (0, autoDetectLanguage_1.determineProjectLanguage)((0, autoDetectLanguage_1.identifyLanguages)(auditParameters));
-        }
-        catch (err) {
-            console.log(err.message);
-            process.exit(1);
-        }
-    }
-    else if (auditParameters.language.toUpperCase() === JAVASCRIPT) {
-        auditParameters.language = NODE.toLowerCase();
-    }
     return { ...paramsAuth, ...auditParameters };
 };
 exports.getAuditConfig = getAuditConfig;

package/dist/commands/audit/auditController.js

@@ -3,11 +3,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAppName = exports.startAudit = exports.dealWithNoAppId = void 0;
+exports.getAppName = exports.dealWithNoAppId = void 0;
 const catalogueApplication_1 = require("../../audit/catalogueApplication/catalogueApplication");
 const commonApi_1 = __importDefault(require("../../audit/languageAnalysisEngine/commonApi"));
-const identifyLanguageAE = require('./../../audit/languageAnalysisEngine');
-const languageFactory = require('../../audit/languageAnalysisEngine/languageAnalysisFactory');
 const dealWithNoAppId = async (config) => {
     let appID;
     try {
@@ -33,13 +31,6 @@ const dealWithNoAppId = async (config) => {
     return appID;
 };
 exports.dealWithNoAppId = dealWithNoAppId;
-const startAudit = async (config) => {
-    if (!config.applicationId) {
-        config.applicationId = await (0, exports.dealWithNoAppId)(config);
-    }
-    identifyLanguageAE(config.file, languageFactory, config.applicationId, config);
-};
-exports.startAudit = startAudit;
 const getAppName = (file) => {
     const last = file.charAt(file.length - 1);
     if (last !== '/') {

package/dist/commands/audit/help.js

@@ -18,30 +18,13 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
             '{bold ' +
                 i18n_1.default.__('constantsAuditPrerequisitesContentSupportedLanguages') +
                 '}',
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentJava') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentMessage'),
-            '',
-            '{italic ' + i18n_1.default.__('constantsJavaNote') + '}',
-            '{italic ' + i18n_1.default.__('constantsJavaNoteGradle') + '}',
-            '',
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentDotNet') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentDotNetMessage'),
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageNode') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageNodeMessage'),
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageRuby') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageRubyMessage'),
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguagePython') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguagePythonMessage')
+            i18n_1.default.__('constantsAuditPrerequisitesJavaContentMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentDotNetMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentNodeMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentRubyMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentPythonMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentGoMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentPHPMessage')
         ]
     },
     {

package/dist/commands/audit/processAudit.js

@@ -1,7 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.processAudit = void 0;
-const auditController_1 = require("./auditController");
 const auditConfig_1 = require("./auditConfig");
 const help_1 = require("./help");
 const scaAnalysis_1 = require("../scan/sca/scaAnalysis");
@@ -11,12 +10,7 @@ const processAudit = async (argv) => {
         process.exit(0);
     }
     const config = (0, auditConfig_1.getAuditConfig)(argv);
-    if (config.experimental) {
-        await (0, scaAnalysis_1.processSca)(config);
-    }
-    else {
-        await (0, auditController_1.startAudit)(config);
-    }
+    await (0, scaAnalysis_1.processSca)(config);
 };
 exports.processAudit = processAudit;
 const printHelpMessage = () => {