@contrast/contrast 1.0.8 → 1.0.9

package/dist/audit/rubyAnalysisEngine/parseGemfileLockContents.js

@@ -1,176 +0,0 @@
-"use strict";
-const whitespaceRegx = /^(\s*)/;
-let index = 0;
-const depReg = /^\s*([A-Za-z0-9.!@#$%\-^&*_+]*)\s*(\((.*?)\))/;
-const i18n = require('i18n');
-const GEMFILE_KEY_VALUE = /^\s*([^:(]*)\s*\:*\s*(.*)/;
-let rubyObj = {};
-rubyObj.dependencies = {};
-module.exports = exports = ({ ruby }, next) => {
-    const { rawLockFileContents } = ruby;
-    let lines = rawLockFileContents.split('\n');
-    try {
-        ruby.gemfileLock = {};
-        getDirectDepencies(lines, ruby.gemfileLock);
-        getRubyVersion(lines, ruby.gemfileLock);
-        getSourceArr(lines, ruby.gemfileLock);
-        next();
-    }
-    catch (err) {
-        next(new Error(i18n.__('rubyAnalysisEngineParsedGemLockFileError') + `${err.message}`));
-    }
-};
-const populateSourceType = (line, rubyObj) => {
-    return (rubyObj.sourceType = line);
-};
-const nonDependencyKeys = (line, rubyObj) => {
-    let parts = GEMFILE_KEY_VALUE.exec(line);
-    let key = parts[1].trim();
-    let value = parts[2] || '';
-    return (rubyObj[key] = value);
-};
-const populateResolveAndPlatform = (dependency, rubyObj) => {
-    const depArr = dependency.split('-');
-    rubyObj.resolved = depArr[0];
-    rubyObj.platform = depArr.length > 1 ? depArr[1] : 'UNSPECIFIED';
-    return rubyObj;
-};
-const isUpperCase = str => {
-    return str === str.toUpperCase();
-};
-const getDirectDepencies = (lines, ruby) => {
-    let depIndex = 0;
-    for (let i = 0; i < lines.length; i++) {
-        if (lines[i] == 'DEPENDENCIES') {
-            depIndex = i;
-        }
-    }
-    const getDepArray = lines.slice(depIndex);
-    ruby.dependencies = {};
-    for (let j = 1; j < getDepArray.length; j++) {
-        const element = getDepArray[j];
-        if (!isUpperCase(element)) {
-            const isDependencyWithVersion = depReg.test(element);
-            if (isDependencyWithVersion) {
-                const dependency = depReg.exec(element);
-                let name = dependency[1];
-                name = name.replace('!', '');
-                ruby.dependencies[name.trim()] = dependency[3];
-            }
-            else {
-                let name = element;
-                name = name.replace('!', ' ');
-                ruby.dependencies[name.trim()] = 'UNSPECIFIED';
-            }
-        }
-        else {
-            return;
-        }
-    }
-};
-const getRubyVersion = (lines, ruby) => {
-    let rubVersionIndex = 0;
-    for (let i = 0; i < lines.length; i++) {
-        if (lines[i] == 'RUBY VERSION') {
-            rubVersionIndex = i;
-            break;
-        }
-    }
-    if (rubVersionIndex !== 0) {
-        const getRubyVersionArray = lines.slice(rubVersionIndex);
-        ruby.runtimeDetails = {};
-        for (let j = 1; j < getRubyVersionArray.length; j++) {
-            let element = getRubyVersionArray[j];
-            if (!isUpperCase(element)) {
-                element = element.trim();
-                if (/^([ruby\s0-9.*]+)/.test(element)) {
-                    let splitElement = element.split(' ');
-                    ruby.runtimeDetails['version'] = splitElement[1];
-                }
-                if (/^([p0-9]+)/.test(element)) {
-                    ruby.runtimeDetails['patchLevel'] = element.substring(1);
-                }
-                if (element.includes('engine')) {
-                    let splitElement = element.split(' ');
-                    ruby.runtimeDetails[splitElement[0]] = splitElement[1];
-                }
-            }
-            else {
-                return;
-            }
-        }
-    }
-};
-const formatSourceArr = sourceArr => {
-    return sourceArr.map(element => {
-        if (element.sourceType === 'GIT') {
-            delete element.specs;
-        }
-        if (element.sourceType === 'GEM') {
-            delete element.branch;
-            delete element.revision;
-            delete element.depthLevel;
-            delete element.specs;
-        }
-        if (element.sourceType === 'PATH') {
-            delete element.branch;
-            delete element.revision;
-            delete element.depthLevel;
-            delete element.specs;
-            delete element.platform;
-        }
-        return element;
-    });
-};
-const getSourceArr = (lines, ruby) => {
-    let line = 0;
-    let source = [];
-    while ((line = lines[index++]) !== undefined) {
-        let currentWS = whitespaceRegx.exec(line)[1].length;
-        if (!line.includes(' bundler (')) {
-            if (currentWS === 0 && !line.includes(':') && line != '') {
-                populateSourceType(line, rubyObj);
-            }
-            if (currentWS !== 0 && line.includes(':')) {
-                nonDependencyKeys(line, rubyObj);
-            }
-            if (currentWS > 2) {
-                const isDependencyWithVersion = depReg.test(line);
-                let nexlineWS = whitespaceRegx.exec(lines[index])[1].length;
-                if (currentWS === 6) {
-                    const dependency = depReg.exec(line);
-                    if (isDependencyWithVersion) {
-                        if (rubyObj.name !== dependency[1]) {
-                            rubyObj.dependencies[dependency[1]] = dependency[3];
-                        }
-                    }
-                    else {
-                        rubyObj.dependencies[line.trim()] = 'UNSPECIFIED';
-                    }
-                }
-                if (currentWS === 4 && rubyObj.depthLevel === undefined) {
-                    const dependency = depReg.exec(line);
-                    rubyObj.name = dependency[1];
-                    rubyObj.depthLevel = currentWS;
-                    populateResolveAndPlatform(dependency[3], rubyObj);
-                }
-                if (currentWS === 4 && rubyObj.depthLevel) {
-                    const dependency = depReg.exec(line);
-                    rubyObj.name = dependency[1];
-                    rubyObj.depthLevel = currentWS;
-                    populateResolveAndPlatform(dependency[3], rubyObj);
-                }
-                if ((currentWS === 4 && nexlineWS === 4) ||
-                    (currentWS === 6 && nexlineWS === 4) ||
-                    nexlineWS == '') {
-                    let newObj = {};
-                    newObj = JSON.parse(JSON.stringify(rubyObj));
-                    source.push(newObj);
-                    rubyObj.dependencies = {};
-                }
-            }
-        }
-    }
-    ruby.sources = formatSourceArr(source);
-};
-exports.getSourceArr = getSourceArr;

package/dist/audit/rubyAnalysisEngine/parsedGemfile.js

@@ -1,22 +0,0 @@
-"use strict";
-const i18n = require('i18n');
-module.exports = exports = ({ ruby }, next) => {
-    const { rawProjectFileContents } = ruby;
-    try {
-        const rubyArray = rawProjectFileContents.split('\n');
-        let filteredRubyDep = rubyArray.filter(element => {
-            return (!element.includes('#') &&
-                element.includes('gem') &&
-                !element.includes('source'));
-        });
-        for (let i = 0; i < filteredRubyDep.length; i++) {
-            filteredRubyDep[i] = filteredRubyDep[i].trim();
-        }
-        ruby.gemfilesDependanceies = filteredRubyDep;
-        next();
-    }
-    catch (err) {
-        next(new Error(i18n.__('rubyAnalysisEngineParsedGemFileError', rawProjectFileContents) + `${err.message}`));
-        return;
-    }
-};

package/dist/audit/rubyAnalysisEngine/readGemfileContents.js

@@ -1,14 +0,0 @@
-"use strict";
-const fs = require('fs');
-const i18n = require('i18n');
-module.exports = exports = ({ language: { projectFilePath }, ruby }, next) => {
-    try {
-        ruby.rawProjectFileContents = fs.readFileSync(projectFilePath, 'utf8');
-        next();
-    }
-    catch (err) {
-        next(new Error(i18n.__('rubyAnalysisEngineReadGemFileError', projectFilePath) +
-            `${err.message}`));
-        return;
-    }
-};

package/dist/audit/rubyAnalysisEngine/readGemfileLockContents.js

@@ -1,14 +0,0 @@
-"use strict";
-const fs = require('fs');
-const i18n = require('i18n');
-module.exports = exports = ({ language: { lockFilePath }, ruby }, next) => {
-    try {
-        ruby.rawLockFileContents = fs.readFileSync(lockFilePath, 'utf8');
-        next();
-    }
-    catch (err) {
-        next(new Error(i18n.__('rubyAnalysisEngineReadGemLockFileError', lockFilePath) +
-            `${err.message}`));
-        return;
-    }
-};

package/dist/audit/rubyAnalysisEngine/sanitizer.js

@@ -1,6 +0,0 @@
-"use strict";
-module.exports = exports = ({ ruby }, next) => {
-    delete ruby.rawProjectFileContents;
-    delete ruby.rawLockFileContents;
-    next();
-};

package/src/audit/AnalysisEngine.js

@@ -1,103 +0,0 @@
-/**
- * The 'AnalysisEngine' type represents a simple state machine that can be used
- * to move through a list of steps sequentially to analyze a project. Consumers
- * construct their own steps and add them to the state machine in their desired
- * order. Upon completion the state machine can callback to the consumer that
- * originally invoked them with the results of the analysis.
- */
-class AnalysisEngine {
-  /**
-   * Constructor that creates a new state machine instance. Accepts an optional
-   * argument that initializes the internal state.
-   *
-   * @param {Object} initAnalysis - state used to initialize internal state
-   *
-   * @example
-   * const ae = new AnalysisEngine()
-   * const ae = new AnalysisEngine({ someInfo: [1, 2, 3] })
-   */
-  constructor(initAnalysis = {}) {
-    this.analyzers = []
-    this.analysis = { ...initAnalysis }
-  }
-
-  /**
-   * Takes either a function or a list of functions and adds them in sequential
-   * order to a list. The list will be executed at a later time as the steps of
-   * the state machine.
-   *
-   * Functions must follow the signature (analysis, next) where:
-   * 'analysis' is an object that represents the current internal state
-   * 'next' is a function to be invoked when the step is complete
-   *
-   * The function signature of 'next' is (err) where:
-   * 'err' is an Error that occurred during the previous step invoked
-   *
-   * @param {function(analysis: object, next: function)|function[]} analyzer -
-   * the analyzer(s) to be added to the list of steps in sequential order
-   *
-   * @example
-   * const myAnalyzer = (analysis, next) => {
-   *   // Perform business logic
-   *   // Add results to 'analysis'
-   *   analysis.result = ...
-   *
-   *   // Signal the next analyzer/step to be invoked
-   *   next()
-   * }
-   *
-   * ae.use(myAnalyzer)
-   */
-  use(analyzer) {
-    if (Array.isArray(analyzer)) {
-      this.analyzers = [...this.analyzers, ...analyzer]
-      return
-    }
-
-    this.analyzers.push(analyzer)
-  }
-
-  /**
-   * Starts the execution of the state machine given the steps it is to use.
-   * When complete it callbacks back to the consumer that invoked it. The
-   * callbacks signature is (err, analysis) where:
-   * 'err' is an Error from one of the steps that prevented completion
-   * 'analysis' is the final internal state
-   *
-   * @param {function(err: Error, analysis: object)} callback - callback to be
-   * invoked when state machine complete or fails prematurely
-   * @param config:object containing config - needed for Java analysis - optional for other languages
-   */
-  analyze(callback, config) {
-    let i = 0
-
-    const next = err => {
-      // If one of the analyzers encountered an error then callback
-      if (err) {
-        return setImmediate(() => callback(err, this.analysis))
-      }
-
-      // If there are no more analyzers to invoke then callback
-      if (i >= this.analyzers.length) {
-        return setImmediate(() => callback(null, this.analysis))
-      }
-
-      // Invoke the next analyzer
-      const analyzer = this.analyzers[i]
-      i++
-
-      setImmediate(() => {
-        // Protect ourselves from any uncaught errors thrown by analyzers
-        try {
-          analyzer(this.analysis, next, config)
-        } catch (uncaughtErr) {
-          next(uncaughtErr)
-        }
-      })
-    }
-
-    next()
-  }
-}
-
-module.exports = exports = AnalysisEngine

package/src/audit/autodetection/autoDetectLanguage.ts

@@ -1,40 +0,0 @@
-/* eslint-disable  @typescript-eslint/no-explicit-any */
-import i18n from 'i18n'
-import {
-  reduceIdentifiedLanguages,
-  deduceLanguage
-} from '../languageAnalysisEngine/reduceIdentifiedLanguages'
-
-import { getProjectRootFilenames } from '../languageAnalysisEngine/getProjectRootFilenames'
-
-export function identifyLanguages(config: any) {
-  const { file } = config
-  const projectRootFilenames = getProjectRootFilenames(file)
-
-  const identifiedLanguages = projectRootFilenames.reduce(
-    (accumulator: any, filename: string) => {
-      const deducedLanguages = deduceLanguage(filename)
-      return [...accumulator, ...deducedLanguages]
-    },
-    []
-  )
-
-  if (Object.keys(identifiedLanguages).length === 0) {
-    throw new Error(i18n.__('languageAnalysisNoLanguage', file))
-  }
-
-  return reduceIdentifiedLanguages(identifiedLanguages)
-}
-
-export function determineProjectLanguage(
-  reducedLanguages: Record<string, string>
-) {
-  const reducedLanguagesKeys = Object.keys(reducedLanguages)
-  if (reducedLanguagesKeys.length === 1) {
-    return reducedLanguagesKeys[0]
-  } else {
-    throw new Error(
-      'Detected multiple languages. Please specify a single language using --language'
-    )
-  }
-}

package/src/audit/dotnetAnalysisEngine/index.js

@@ -1,26 +0,0 @@
-const AnalysisEngine = require('../AnalysisEngine')
-const readProjectFileContents = require('./readProjectFileContents')
-const parseProjectFileContents = require('./parseProjectFileContents')
-const readLockFileContents = require('./readLockFileContents')
-const parseLockFileContents = require('./parseLockFileContents')
-const sanitizer = require('./sanitizer')
-const i18n = require('i18n')
-
-module.exports = exports = (language, config, callback) => {
-  const ae = new AnalysisEngine({ language, config, dotnet: {} })
-  ae.use([
-    readProjectFileContents,
-    parseProjectFileContents,
-    readLockFileContents,
-    parseLockFileContents,
-    sanitizer
-  ])
-
-  ae.analyze((err, analysis) => {
-    if (err) {
-      callback(new Error(i18n.__('dotnetAnalysisFailure') + err.message))
-      return
-    }
-    callback(null, analysis)
-  })
-}

package/src/audit/dotnetAnalysisEngine/parseLockFileContents.js

@@ -1,47 +0,0 @@
-const i18n = require('i18n')
-
-module.exports = exports = ({ language: { lockFilePath }, dotnet }, next) => {
-  const { rawLockFileContents } = dotnet
-
-  // If we never read the lock file then pass priority
-  if (!rawLockFileContents) {
-    next()
-
-    return
-  }
-
-  try {
-    let count = 0 // Used to test if some nodes are deleted
-    dotnet.lockFile = JSON.parse(rawLockFileContents)
-
-    for (const dependenciesNode in dotnet.lockFile.dependencies) {
-      for (const innerNode in dotnet.lockFile.dependencies[dependenciesNode]) {
-        const nodeValidation = JSON.stringify(
-          dotnet.lockFile.dependencies[dependenciesNode][innerNode]
-        )
-        if (nodeValidation.includes('"type":"Project"')) {
-          count += 1
-          delete dotnet.lockFile.dependencies[dependenciesNode][innerNode]
-          dotnet.additionalInfo = 'dependenciesNote'
-        }
-      }
-    }
-
-    // If dependencies removed wait for json to be displayed and flag warning
-    if (count > 0) {
-      const multiLevelProjectWarning = () => {
-        console.log('')
-        console.log(i18n.__('dependenciesNote'))
-      }
-      setTimeout(multiLevelProjectWarning, 7000)
-    }
-  } catch (err) {
-    next(
-      new Error(i18n.__('dotnetParseLockfile', lockFilePath) + `${err.message}`)
-    )
-
-    return
-  }
-
-  next()
-}

package/src/audit/dotnetAnalysisEngine/parseProjectFileContents.js

@@ -1,29 +0,0 @@
-const xml2js = require('xml2js')
-const i18n = require('i18n')
-
-module.exports = exports = (
-  { language: { projectFilePath }, dotnet },
-  next
-) => {
-  const { rawProjectFileContents } = dotnet
-
-  // Read the .NET project file contents. We are reading into memory presuming
-  // that the contents of the file aren't large which may be bad... Could look
-  // into streaming in the future
-  // explicitArray: false - to not abuse of arrays, with this option we are able to read JSON properties in an easier way
-  // mergeAttrs: true  - to merge attributes and child elements as properties of the parent
-  const parser = new xml2js.Parser({ explicitArray: false, mergeAttrs: true })
-  parser.parseString(rawProjectFileContents, (err, projectFileXML) => {
-    if (err) {
-      next(
-        new Error(i18n.__('dotnetParseProjectFile', projectFilePath) + `${err}`)
-      )
-
-      return
-    }
-
-    dotnet.projectFile = projectFileXML
-
-    next()
-  })
-}

package/src/audit/dotnetAnalysisEngine/readLockFileContents.js

@@ -1,30 +0,0 @@
-const fs = require('fs')
-const i18n = require('i18n')
-
-module.exports = exports = (analysis, next) => {
-  const {
-    language: { lockFilePath },
-    dotnet
-  } = analysis
-
-  // Make sure to check to see if there was a lock file detected as its not
-  // required
-  if (!lockFilePath) {
-    next()
-    return
-  }
-
-  // we're working on the assumtion that a dotNet project will only ever have one lock file
-  //while other language may have more
-  try {
-    dotnet.rawLockFileContents = fs.readFileSync(lockFilePath)
-  } catch (err) {
-    next(
-      new Error(i18n.__('dotnetReadLockfile', lockFilePath) + `${err.message}`)
-    )
-
-    return
-  }
-
-  next()
-}

package/src/audit/dotnetAnalysisEngine/readProjectFileContents.js

@@ -1,26 +0,0 @@
-const fs = require('fs')
-const i18n = require('i18n')
-
-module.exports = exports = (analysis, next) => {
-  const {
-    language: { projectFilePath },
-    dotnet
-  } = analysis
-
-  // Read the .NET project file contents. We are reading into memory presuming
-  // that the contents of the file aren't large which may be bad... Could look
-  // into streaming in the future
-  try {
-    dotnet.rawProjectFileContents = fs.readFileSync(projectFilePath)
-  } catch (err) {
-    next(
-      new Error(
-        i18n.__('dotnetReadProjectFile', projectFilePath) + `${err.message}`
-      )
-    )
-
-    return
-  }
-
-  next()
-}

package/src/audit/dotnetAnalysisEngine/sanitizer.js

@@ -1,11 +0,0 @@
-module.exports = exports = ({ dotnet }, next) => {
-  // Remove anything sensitive or unnecessary from being sent to the backend as
-  // a result of our .NET project analysis
-  delete dotnet.rawProjectFileContents
-  delete dotnet.parsedProjectFileContents
-  delete dotnet.projectFileXML
-  delete dotnet.packageReferences
-  delete dotnet.rawLockFileContents
-
-  next()
-}

package/src/audit/goAnalysisEngine/index.js

@@ -1,18 +0,0 @@
-const AnalysisEngine = require('../AnalysisEngine')
-const readProjectFileContents = require('./readProjectFileContents')
-const parseProjectFileContents = require('./parseProjectFileContents')
-const sanitizer = require('./sanitizer')
-const i18n = require('i18n')
-
-module.exports = exports = (language, config, callback) => {
-  const ae = new AnalysisEngine({ language, config, go: {} })
-  ae.use([readProjectFileContents, parseProjectFileContents, sanitizer])
-
-  ae.analyze((err, analysis) => {
-    if (err) {
-      callback(new Error(i18n.__('goAnalysisError') + `${err.message}`))
-      return
-    }
-    callback(null, analysis)
-  })
-}