npm - @contrast/contrast - Versions diffs - 1.0.8 → 1.0.9 - Mend

@contrast/contrast 1.0.8 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (173) hide show

package/src/audit/goAnalysisEngine/parseProjectFileContents.js DELETED Viewed

@@ -1,209 +0,0 @@
-const i18n = require('i18n')
-const crypto = require('crypto')
-module.exports = exports = ({ go }, next) => {
-  const { modGraphOutput } = go
-  try {
-    go.goDependencyTrees = parseGo(modGraphOutput)
-  } catch (err) {
-    next(new Error(i18n.__('goParseProjectFile') + `${err.message}`))
-    return
-  }
-  next()
-}
-const splitAllLinesIntoArray = modGraphOutput => {
-  return modGraphOutput.split(/\r\n|\r|\n/)
-}
-const parseGo = modGraphOutput => {
-  let splitLines = splitAllLinesIntoArray(modGraphOutput)
-  const directDepNames = getDirectDepNames(splitLines)
-  const uniqueTransitiveDepNames = getAllUniqueTransitiveDepNames(
-    splitLines,
-    directDepNames
-  )
-  let rootNodes = createRootNodes(splitLines)
-  createTransitiveDeps(uniqueTransitiveDepNames, splitLines, rootNodes)
-  //console.log(rootNodes)
-  return rootNodes
-}
-const getAllDepsOfADepAsEdge = (dep, deps) => {
-  let edges = {}
-  const depRows = deps.filter(line => {
-    return line.startsWith(dep)
-  })
-  depRows.forEach(dep => {
-    const edgeName = dep.split(' ')[1]
-    edges[edgeName] = edgeName
-  })
-  return edges
-}
-const getAllDepsOfADepAsName = (dep, deps) => {
-  let edges = []
-  const depRows = deps.filter(line => {
-    return line.startsWith(dep)
-  })
-  depRows.forEach(dep => {
-    const edgeName = dep.split(' ')[1]
-    edges.push(edgeName)
-  })
-  return edges
-}
-const createRootNodes = deps => {
-  let rootDep = {}
-  const rootDeps = getRootDeps(deps)
-  const edges = rootDeps.map(dep => {
-    return dep.split(' ')[1]
-  })
-  rootDep[rootDeps[0].split(' ')[0]] = {}
-  edges.forEach(edge => {
-    const splitEdge = edge.split('@')
-    const splitGroupName = splitEdge[0].split('/')
-    const name = splitGroupName.pop()
-    const lastSlash = splitEdge[0].lastIndexOf('/')
-    let group = splitEdge[0].substring(0, lastSlash)
-    const hash = getHash(splitEdge[0])
-    group = checkGroupExists(group, name)
-    //get the edges of the root dependency
-    const edgesOfDep = getAllDepsOfADepAsEdge(edge, deps)
-    rootDep[rootDeps[0].split(' ')[0]][edge] = {
-      artifactID: name,
-      group: group,
-      version: splitEdge[1],
-      scope: '"compile',
-      type: 'direct',
-      hash: hash,
-      edges: edgesOfDep
-    }
-  })
-  return rootDep
-}
-const getRootDeps = deps => {
-  const rootDeps = deps.filter(dep => {
-    const parentDep = dep.split(' ')[0]
-    if (parentDep.split('@v').length === 1) {
-      return dep
-    }
-  })
-  return rootDeps
-}
-const getHash = library => {
-  let shaSum = crypto.createHash('sha1')
-  shaSum.update(library)
-  return shaSum.digest('hex')
-}
-const getDirectDepNames = deps => {
-  const directDepNames = []
-  deps.forEach(dep => {
-    const parentDep = dep.split(' ')[0]
-    if (parentDep.split('@v').length === 1) {
-      dep.split(' ')[1] !== undefined
-        ? directDepNames.push(dep.split(' ')[1])
-        : null
-    }
-  })
-  return directDepNames
-}
-const getAllUniqueTransitiveDepNames = (deps, directDepNames) => {
-  let uniqueDeps = []
-  deps.forEach(dep => {
-    const parentDep = dep.split(' ')[0]
-    if (parentDep.split('@v').length !== 1) {
-      if (!directDepNames.includes(parentDep)) {
-        if (!uniqueDeps.includes(parentDep)) {
-          parentDep.length > 1 ? uniqueDeps.push(parentDep) : null
-        }
-      }
-    }
-  })
-  return uniqueDeps
-}
-const checkGroupExists = (group, name) => {
-  if (group === null || group === '') {
-    return name
-  }
-  return group
-}
-const createTransitiveDeps = (transitiveDeps, splitLines, rootNodes) => {
-  transitiveDeps.forEach(dep => {
-    //create transitive dep
-    const splitEdge = dep.split('@')
-    const splitGroupName = splitEdge[0].split('/')
-    const name = splitGroupName.pop()
-    const lastSlash = splitEdge[0].lastIndexOf('/')
-    let group = splitEdge[0].substring(0, lastSlash)
-    const hash = getHash(splitEdge[0])
-    group = checkGroupExists(group, name)
-    const transitiveDep = {
-      artifactID: name,
-      group: group,
-      version: splitEdge[1],
-      scope: 'compile',
-      type: 'transitive',
-      hash: hash,
-      edges: {}
-    }
-    //add edges to transitiveDep
-    const edges = getAllDepsOfADepAsEdge(dep, splitLines)
-    transitiveDep.edges = edges
-    //add all edges as a transitive dependency to rootNodes
-    const edgesAsName = getAllDepsOfADepAsName(dep, splitLines)
-    edgesAsName.forEach(dep => {
-      const splitEdge = dep.split('@')
-      const splitGroupName = splitEdge[0].split('/')
-      const name = splitGroupName.pop()
-      const lastSlash = splitEdge[0].lastIndexOf('/')
-      let group = splitEdge[0].substring(0, lastSlash)
-      const hash = getHash(splitEdge[0])
-      group = checkGroupExists(group, name)
-      const transitiveDep = {
-        artifactID: name,
-        group: group,
-        version: splitEdge[1],
-        scope: 'compile',
-        type: 'transitive',
-        hash: hash,
-        edges: {}
-      }
-      rootNodes[Object.keys(rootNodes)[0]][dep] = transitiveDep
-    })
-    //add transitive dependency to rootNodes
-    rootNodes[Object.keys(rootNodes)[0]][dep] = transitiveDep
-  })
-}

package/src/audit/goAnalysisEngine/readProjectFileContents.js DELETED Viewed

@@ -1,31 +0,0 @@
-const child_process = require('child_process')
-const i18n = require('i18n')
-module.exports = exports = async (
-  { language: { projectFilePath }, go },
-  next
-) => {
-  let cmdStdout
-  let cwd
-  try {
-    cwd = projectFilePath.replace('go.mod', '')
-    // A sample of this output can be found
-    // in the go test folder data/goModGraphResults.text
-    cmdStdout = child_process.execSync('go mod graph', { cwd })
-    go.modGraphOutput = cmdStdout.toString()
-    next()
-  } catch (err) {
-    if (err.message === 'spawnSync /bin/sh ENOENT') {
-      err.message =
-        '\n\n*************** No transitive dependencies ***************\n\nWe are unable to build a dependency tree view from your repository as there were no transitive dependencies found.'
-    }
-    next(
-      new Error(
-        i18n.__('goReadProjectFile', cwd, `${err.message ? err.message : ''}`)
-      )
-    )
-    return
-  }
-}

package/src/audit/goAnalysisEngine/sanitizer.js DELETED Viewed

@@ -1,7 +0,0 @@
-module.exports = exports = ({ go }, next) => {
-  // Remove anything sensitive or unnecessary from being sent to the backend as
-  // a result of our Go project analysis
-  delete go.modGraphOutput
-  next()
-}

package/src/audit/javaAnalysisEngine/index.js DELETED Viewed

@@ -1,41 +0,0 @@
-const AnalysisEngine = require('../AnalysisEngine')
-const readProjectFileContents = require('./readProjectFileContents')
-const parseMavenProjectFileContents = require('./parseMavenProjectFileContents')
-const parseProjectFileContents = require('./parseProjectFileContents')
-const sanitizer = require('./sanitizer')
-const i18n = require('i18n')
-module.exports = exports = (language, config, callback) => {
-  const ae = new AnalysisEngine({ language, config, java: {} })
-  // Remove ".kts" from filename to look the same as a Gradle projectFileName so we can support Kotlin
-  language.projectFilePath = language.projectFilePath.replace(
-    'build.gradle.kts',
-    'build.gradle'
-  )
-  if (config['beta_unified_java_parser']) {
-    console.log('Using new parser...')
-    ae.use([readProjectFileContents, parseProjectFileContents, sanitizer])
-  } else if (
-    language.projectFilePath.endsWith('pom.xml') &&
-    !config['beta_unified_java_parser']
-  ) {
-    ae.use([readProjectFileContents, parseMavenProjectFileContents, sanitizer])
-  } else {
-    ae.use([
-      readProjectFileContents,
-      parseMavenProjectFileContents,
-      parseProjectFileContents,
-      sanitizer
-    ])
-  }
-  ae.analyze((err, analysis) => {
-    if (err) {
-      console.log(i18n.__('javaAnalysisError'), err.message)
-      return
-    }
-    callback(null, analysis, config)
-  }, config)
-}

package/src/audit/javaAnalysisEngine/parseMavenProjectFileContents.js DELETED Viewed

@@ -1,225 +0,0 @@
-const i18n = require('i18n')
-module.exports = exports = ({ language: { projectFilePath }, java }, next) => {
-  const { mvnDependancyTreeOutput } = java
-  if (projectFilePath.endsWith('pom.xml')) {
-    try {
-      java.mavenDependencyTrees = parseMvn(mvnDependancyTreeOutput)
-      next()
-    } catch (err) {
-      next(new Error(i18n.__('javaParseProjectFile') + `${err.message}`))
-      return
-    }
-  } else {
-    // Go to gradle project
-    next()
-  }
-}
-const hasVersion = key => {
-  var regex = RegExp('[0-9].[0-9]')
-  return regex.test(key)
-}
-const formatKeyName = value => {
-  let tempArr = value.split(':')
-  let versionIndex = undefined
-  for (let i = 0; i < tempArr.length; i++) {
-    if (hasVersion(tempArr[i])) {
-      versionIndex = i
-    }
-  }
-  return tempArr[0] + '/' + tempArr[1] + '@' + tempArr[versionIndex]
-}
-const shaveConsoleOutputUntilItFindsFirsDigraphMention =
-  mvnDependancyTreeOutput => {
-    //shaves of the console output until it reaches the first digraph
-    return mvnDependancyTreeOutput.substring(
-      mvnDependancyTreeOutput.indexOf('digraph')
-    )
-  }
-const getDigraphObjInfo = editedOutput => {
-  //turns the output into an array of digraph information
-  // which looks like
-  // ' "com.contrastsecurity:teamserver-model:jar:local" {\n
-  // \n [INFO]  "com.contrastsecurity:teamserver-model:jar:local" -> "junit:junit:jar:4.12:test" ;\n
-  // \n [INFO]  "junit:junit:jar:4.12:test" -> "org.hamcrest:hamcrest-core:jar:1.3:test" ;\n
-  //  [INFO]  }' ]
-  let digraphObj = editedOutput.split('digraph')
-  return digraphObj.filter(v => v != '')
-}
-const createDigraphObjKey = element => {
-  // parse the digraph to turn into an object key
-  let formatObjKey = element.substring(0, element.indexOf('{'))
-  formatObjKey = formatObjKey.replace(/"/g, '')
-  formatObjKey = formatObjKey.replace('{', '')
-  formatObjKey = formatObjKey.trim()
-  return formatObjKey
-}
-const turnDigraphDependanciesIntoArrOfInnerDep = digraphObj => {
-  // takes:
-  // "com.contrastsecurity:teamserver-model:jar:local" {
-  //   [INFO]  "com.contrastsecurity:teamserver-model:jar:local" -> "org.springframework:spring-core:jar:5.1.9.RELEASE:compile" ;
-  //   [INFO]  "com.contrastsecurity:teamserver-model:jar:local" -> "junit:junit:jar:4.12:test" ;
-  //   [INFO]  "org.springframework:spring-core:jar:5.1.9.RELEASE:compile" -> "org.springframework:spring-jcl:jar:5.1.9.RELEASE:compile" ;
-  //   [INFO]  "junit:junit:jar:4.12:test" -> "org.hamcrest:hamcrest-core:jar:1.3:test" ;
-  //   [INFO]  }
-  // and turns it into
-  // [ '"com.contrastsecurity:teamserver-model:jar:local" -> "org.springframework:spring-core:jar:5.1.9.RELEASE:compile"',
-  // '"com.contrastsecurity:teamserver-model:jar:local" -> "junit:junit:jar:4.12:test"',
-  // '"org.springframework:spring-core:jar:5.1.9.RELEASE:compile" -> "org.springframework:spring-jcl:jar:5.1.9.RELEASE:compile"',
-  // '"junit:junit:jar:4.12:test" -> "org.hamcrest:hamcrest-core:jar:1.3:test"',
-  // '' ]
-  let depRow = digraphObj.substring(
-    digraphObj.indexOf('{'),
-    digraphObj.indexOf('}') + 1
-  )
-  depRow = depRow.replace(/\[INFO\]/g, '')
-  depRow = depRow.replace(/\n/g, '')
-  depRow = depRow.replace(/\{/g, '')
-  depRow = depRow.replace(/\}/g, '')
-  depRow = depRow.replace(/\"/g, '') // eslint-disable-line
-  return depRow.split(';').map(s => s.trim())
-}
-const createOuterDependanciesAndType = (digraphObjKey, arrOfInnerDep) => {
-  let leftKey
-  let rightKey
-  let newDepNode
-  const list = []
-  arrOfInnerDep.forEach(element => {
-    leftKey = element.substring(0, element.indexOf(' -'))
-    rightKey = element.substring(element.indexOf('>') + 2)
-    // if the digraph and the leftKey are the same and the left has a version
-    // then “edgeType” is direct
-    if (leftKey === digraphObjKey) {
-      if (hasVersion(rightKey)) {
-        let rightKeyArr = rightKey.split(':')
-        newDepNode = {
-          [rightKey]: {
-            group: rightKeyArr[0],
-            artifactID: rightKeyArr[1],
-            packaging: rightKeyArr[2],
-            version: rightKeyArr[3],
-            scope: rightKeyArr[4],
-            type: 'direct',
-            parent: leftKey,
-            edges: {}
-          }
-        }
-        list.push(newDepNode)
-      }
-    }
-    // if right and left both have versions and left doesn't match digraph name
-    // then “type” is transitive
-    if (
-      hasVersion(leftKey) &&
-      hasVersion(rightKey) &&
-      !(leftKey === digraphObjKey)
-    ) {
-      let rightKeyArr = rightKey.split(':')
-      newDepNode = {
-        [rightKey]: {
-          group: rightKeyArr[0],
-          artifactID: rightKeyArr[1],
-          packaging: rightKeyArr[2],
-          version: rightKeyArr[3],
-          scope: rightKeyArr[4],
-          type: 'transitive',
-          parent: leftKey,
-          edges: {}
-        }
-      }
-      list.push(newDepNode)
-    }
-  })
-  return list
-}
-const createEdges = (digraphObjKey, listOuterDep) => {
-  listOuterDep.forEach(element => {
-    const key = Object.keys(element).toString()
-    const childParentRef = element[key].parent
-    if (childParentRef !== digraphObjKey) {
-      listOuterDep.forEach(i => {
-        let parentKey = Object.keys(i).toString()
-        if (childParentRef === parentKey) {
-          i[parentKey].edges[formatKeyName(key)] = formatKeyName(key)
-        }
-      })
-    }
-  })
-  return listOuterDep
-}
-const extractFromArrAndFinalParse = listWithEdges => {
-  let finalObj = {}
-  listWithEdges.forEach(element => {
-    const key = Object.keys(element).toString()
-    const parsedKey = formatKeyName(key)
-    delete element[key].parent
-    finalObj[parsedKey] = element[key]
-  })
-  return finalObj
-}
-const dependancyValueCreationOrganiser = (digraphObjKey, digraph) => {
-  const arrOfInnerDep = turnDigraphDependanciesIntoArrOfInnerDep(digraph)
-  const listOuterDep = createOuterDependanciesAndType(
-    digraphObjKey,
-    arrOfInnerDep
-  )
-  const listWithEdges = createEdges(digraphObjKey, listOuterDep)
-  const finishDepObj = extractFromArrAndFinalParse(listWithEdges)
-  return finishDepObj
-}
-const parseMvn = mvnDependancyTreeOutput => {
-  let parsedDepObj = {}
-  let editedOutput = shaveConsoleOutputUntilItFindsFirsDigraphMention(
-    mvnDependancyTreeOutput
-  )
-  let digraphObjArray = getDigraphObjInfo(editedOutput)
-  digraphObjArray.forEach(digraph => {
-    const digraphObjKey = createDigraphObjKey(digraph)
-    parsedDepObj[digraphObjKey] = dependancyValueCreationOrganiser(
-      digraphObjKey,
-      digraph
-    )
-  })
-  return parsedDepObj
-}
-// testing purposes
-exports.shaveConsoleOutputUntilItFindsFirsDigraphMention =
-  shaveConsoleOutputUntilItFindsFirsDigraphMention
-exports.getDigraphObjInfo = getDigraphObjInfo
-exports.createDigraphObjKey = createDigraphObjKey
-exports.turnDigraphDependanciesIntoArrOfInnerDep =
-  turnDigraphDependanciesIntoArrOfInnerDep
-exports.hasVersion = hasVersion
-exports.formatKeyName = formatKeyName
-exports.createOuterDependanciesAndType = createOuterDependanciesAndType
-exports.extractFromArrAndFinalParse = extractFromArrAndFinalParse
-exports.createEdges = createEdges