npm - @contrast/contrast - Versions diffs - 1.0.8 → 1.0.9 - Mend

@contrast/contrast 1.0.8 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (173) hide show

package/src/audit/javaAnalysisEngine/parseProjectFileContents.js DELETED Viewed

@@ -1,420 +0,0 @@
-const i18n = require('i18n')
-let projectType = ''
-const StringBuilder = require('string-builder')
-let sb = new StringBuilder()
-module.exports = exports = (
-  { language: { projectFilePath }, java },
-  next,
-  config
-) => {
-  const { mvnDependancyTreeOutput } = java
-  if (
-    projectFilePath.endsWith('build.gradle') ||
-    projectFilePath.endsWith('pom.xml')
-  ) {
-    if (projectFilePath.endsWith('build.gradle')) {
-      projectType = 'Gradle'
-    } else {
-      projectType = 'Maven'
-    }
-    try {
-      java.mavenDependencyTrees = parseGradle(mvnDependancyTreeOutput, config)
-      next()
-    } catch (err) {
-      next(new Error(i18n.__('javaParseProjectFile') + `${err.message}`))
-      return
-    }
-  } else {
-    next()
-  }
-}
-const preParser = shavedOutput => {
-  let obj = []
-  for (let dep in shavedOutput) {
-    obj.push(
-      shavedOutput[dep]
-        .replace('+-', '+---')
-        .replace('[INFO]', '')
-        .replace('\\-', '\\---')
-        .replace(':jar:', ':')
-        .replace(':test', '')
-        .replace(':compile', '')
-        .replace(' +', '+')
-        .replace(' |', '|')
-        .replace(' \\', '\\')
-        .replace(':runtime', '')
-    )
-  }
-  let depTree = []
-  for (let x in obj) {
-    let nodeLevel = computeRelationToLastElement(obj[x])
-    let notLastLevel =
-      obj[x].startsWith('|') ||
-      obj[x].startsWith('+') ||
-      obj[x].startsWith('\\')
-    if (notLastLevel) {
-      if (nodeLevel === 0) {
-        depTree.push(obj[x])
-      } else {
-        let level = computeLevel(nodeLevel)
-        let validatedLevel = addIndentation(nodeLevel === 2 ? 5 : level, obj[x])
-        depTree.push(validatedLevel)
-      }
-    } else {
-      let level = computeLevel(nodeLevel)
-      let validatedLevel = addIndentation(nodeLevel === 3 ? 5 : level, obj[x])
-      depTree.push(validatedLevel)
-    }
-  }
-  return depTree
-}
-const shaveOutput = gradleDependencyTreeOutput => {
-  let shavedOutput = gradleDependencyTreeOutput.split('\n')
-  if (projectType === 'Maven') {
-    shavedOutput = preParser(shavedOutput)
-  }
-  let obj = []
-  for (let key in shavedOutput) {
-    if (shavedOutput[key].includes('project :')) {
-      //skip
-    } else if (
-      shavedOutput[key].includes('+---') ||
-      shavedOutput[key].includes('\\---')
-    ) {
-      obj.push(shavedOutput[key])
-    }
-  }
-  return obj
-}
-const computeIndentation = element => {
-  let hasPlus = element.includes('+')
-  let hasSlash = element.includes('\\')
-  if (hasPlus) {
-    return element.substring(element.indexOf('+'))
-  }
-  if (hasSlash) {
-    return element.substring(element.indexOf('\\'))
-  }
-}
-const computeLevel = nodeLevel => {
-  let num = [5, 8, 11, 14, 17, 20]
-  for (let z in num) {
-    if (num[z] === nodeLevel) {
-      let n = parseInt(z)
-      return 5 * (n + 2)
-    }
-  }
-}
-const addIndentation = (number, str) => {
-  str = computeIndentation(str)
-  sb.clear() // need to clear so each dep doesn't append to the string
-  for (let j = 0; j < number; j++) {
-    sb.append(' ')
-  }
-  sb.append(str)
-  return sb.toString()
-}
-const computeRelationToLastElement = element => {
-  let hasPlus = element.includes('+---')
-  let hasSlash = element.includes('\\---')
-  if (hasPlus) {
-    return element.split('+---')[0].length
-  }
-  if (hasSlash) {
-    return element.split('\\---')[0].length
-  }
-}
-const stripElement = element => {
-  return element
-    .replace(/[|]/g, '')
-    .replace('+---', '')
-    .replace('\\---', '')
-    .replace(/[' ']/g, '')
-    .replace('(c)', '')
-    .replace('->', '@')
-    .replace('(*)', '')
-}
-const checkVersion = element => {
-  let version = element.split(':')
-  return version[version.length - 1]
-}
-const createElement = (element, isRoot) => {
-  let tree
-  let cleanElement = stripElement(element)
-  let splitGroupName = cleanElement.split(':')
-  let validateVersion = false
-  if (!element.includes('->')) {
-    validateVersion = true
-  }
-  tree = {
-    artifactID: splitGroupName[1],
-    group: splitGroupName[0],
-    version: validateVersion
-      ? checkVersion(cleanElement)
-      : splitGroupName[splitGroupName.length - 1],
-    scope: 'compile',
-    type: isRoot ? 'direct' : 'transitive',
-    edges: {}
-  }
-  return tree
-}
-const getElementHeader = element => {
-  let elementHeader = stripElement(element)
-  elementHeader = elementHeader.replace(':', '/')
-  elementHeader = elementHeader.replace(':', '@')
-  return elementHeader
-}
-const buildElement = (element, rootElement, parentOfCurrent, tree, isRoot) => {
-  let childElement = createElement(element, isRoot)
-  let elementHeader = getElementHeader(element)
-  let levelsArray = [rootElement, parentOfCurrent]
-  const treeNode = getNestedObject(tree, levelsArray)
-  const rootNode = getNestedObject(tree, [rootElement])
-  // eslint-disable-next-line
-  if (!rootNode.hasOwnProperty(elementHeader)) {
-    tree[rootElement][elementHeader] = childElement
-  }
-  treeNode.edges[elementHeader] = elementHeader
-}
-const hasChildren = (nextNodeLevel, nodeLevel) => {
-  if (nextNodeLevel > nodeLevel) {
-    return true
-  }
-}
-const lastChild = (nextNodeLevel, nodeLevel) => {
-  if (nextNodeLevel < nodeLevel) {
-    return true
-  }
-}
-const calculateLevels = (nextNodeLevel, nodeLevel) => {
-  return (nodeLevel - nextNodeLevel) / 5
-}
-const buildTree = shavedOutput => {
-  let tree = {}
-  let rootElement
-  let levelNodes = []
-  shavedOutput.forEach((element, index) => {
-    if (index === 0) {
-      // console.log(element, index)
-      let cleanElement = stripElement(element)
-      let elementHeader = getElementHeader(cleanElement)
-      let splitElement = element.split(' ')
-      let splitGroupName = splitElement[1].split(':')
-      let validateVersion = false
-      if (!element.includes('->')) {
-        validateVersion = true
-      }
-      tree[splitGroupName[0]] = {}
-      tree[splitGroupName[0]][elementHeader] = {
-        artifactID: splitGroupName[1],
-        group: splitGroupName[0],
-        version: validateVersion
-          ? checkVersion(cleanElement)
-          : splitElement[splitElement.length - 1],
-        scope: 'compile',
-        type: 'direct',
-        edges: {}
-      }
-      rootElement = splitGroupName[0]
-      levelNodes.push(elementHeader)
-    }
-    if (shavedOutput.length - 1 === index) {
-      // console.log(element, index)
-      const parentOfCurrent = levelNodes[levelNodes.length - 1]
-      let nodeLevel = computeRelationToLastElement(element)
-      let validateVersion = false
-      if (!element.includes('->')) {
-        validateVersion = true
-      }
-      if (nodeLevel === 0) {
-        let cleanElement = stripElement(element)
-        let elementHeader = getElementHeader(cleanElement)
-        let splitElement = element.split(' ')
-        let splitGroupName = splitElement[1].split(':')
-        tree[rootElement][elementHeader] = {
-          artifactID: splitGroupName[1],
-          group: splitGroupName[0],
-          version: validateVersion
-            ? checkVersion(cleanElement)
-            : splitElement[splitElement.length - 1],
-          scope: 'compile',
-          type: 'direct',
-          edges: {}
-        }
-      } else {
-        buildElement(element, rootElement, parentOfCurrent, tree)
-      }
-    }
-    if (index >= 1 && index < shavedOutput.length - 1) {
-      let nodeLevel = computeRelationToLastElement(element)
-      let nextNodeLevel = computeRelationToLastElement(shavedOutput[index + 1])
-      const parentOfCurrent = levelNodes[levelNodes.length - 1]
-      let isRoot = false
-      if (nodeLevel === 0) {
-        isRoot = true
-      }
-      // useful for debugging
-      // console.log(
-      //   element,
-      //   index,
-      //   'nodeLevel:',
-      //   nodeLevel,
-      //   'nextNodeLevel:',
-      //   nextNodeLevel,
-      //   'parentofCurrent:',
-      //   parentOfCurrent
-      // )
-      if (isRoot) {
-        let cleanElement = stripElement(element)
-        let elementHeader = getElementHeader(cleanElement)
-        let splitElement = element.split(' ')
-        let splitGroupName = splitElement[1].split(':')
-        let validateVersion = false
-        if (!element.includes('->')) {
-          validateVersion = true
-        }
-        tree[rootElement][elementHeader] = {
-          artifactID: splitGroupName[1],
-          group: splitGroupName[0],
-          version: validateVersion
-            ? checkVersion(cleanElement)
-            : splitElement[splitElement.length - 1],
-          scope: 'compile',
-          type: 'direct',
-          edges: {}
-        }
-        levelNodes.push(elementHeader)
-        return
-      }
-      let elementHeader = getElementHeader(element)
-      buildElement(element, rootElement, parentOfCurrent, tree, isRoot)
-      if (hasChildren(nextNodeLevel, nodeLevel)) {
-        buildElement(element, rootElement, parentOfCurrent, tree, isRoot)
-        levelNodes.push(elementHeader)
-      }
-      if (lastChild(nextNodeLevel, nodeLevel)) {
-        let levelDifference = calculateLevels(nextNodeLevel, nodeLevel)
-        if (levelDifference === 0) {
-          levelNodes.pop()
-        } else {
-          let i
-          for (i = 0; i < levelDifference; i++) {
-            levelNodes.pop()
-          }
-        }
-      }
-    }
-  })
-  return tree
-}
-const getNestedObject = (nestedObj, pathArr) => {
-  return pathArr.reduce(
-    (obj, key) => (obj && obj[key] !== 'undefined' ? obj[key] : undefined),
-    nestedObj
-  )
-}
-// emit any "+--- project :" within the tree
-const parseSubProject = shavedOutput => {
-  let obj = []
-  for (let key in shavedOutput) {
-    if (!shavedOutput[key].includes('project')) {
-      obj.push(shavedOutput[key])
-    }
-  }
-  return obj
-}
-const validateIndentation = shavedOutput => {
-  let validatedTree = []
-  shavedOutput.forEach((element, index) => {
-    let nextNodeLevel
-    let nodeLevel = computeRelationToLastElement(element)
-    if (shavedOutput[index + 1] !== undefined) {
-      nextNodeLevel = computeRelationToLastElement(shavedOutput[index + 1])
-    }
-    if (index === 0) {
-      validatedTree.push(shavedOutput[index])
-      validatedTree.push(shavedOutput[index + 1])
-    } else if (nextNodeLevel > nodeLevel + 5) {
-      return
-    } else {
-      validatedTree.push(shavedOutput[index + 1])
-    }
-  })
-  validatedTree.pop()
-  return validatedTree
-}
-const parseGradle = (gradleDependencyTreeOutput, config) => {
-  let shavedOutput = shaveOutput(gradleDependencyTreeOutput)
-  if (config.subProject) {
-    let subProject = parseSubProject(shavedOutput)
-    let validatedOutput = validateIndentation(subProject)
-    return buildTree(validatedOutput)
-  } else {
-    let validatedOutput = validateIndentation(shavedOutput)
-    return buildTree(validatedOutput)
-  }
-}
-exports.shaveOutput = shaveOutput
-exports.validateIndentation = validateIndentation
-exports.stripElement = stripElement
-exports.getElementHeader = getElementHeader
-exports.createElement = createElement
-exports.parseGradle = parseGradle
-exports.computeRelationToLastElement = computeRelationToLastElement
-exports.hasChildren = hasChildren
-exports.lastChild = lastChild
-exports.calculateLevels = calculateLevels
-exports.buildElement = buildElement
-exports.checkVersion = checkVersion
-exports.computeIndentation = computeIndentation
-exports.computeLevel = computeLevel
-exports.addIndentation = addIndentation

package/src/audit/javaAnalysisEngine/readProjectFileContents.js DELETED Viewed

@@ -1,141 +0,0 @@
-const child_process = require('child_process')
-const fs = require('fs')
-const i18n = require('i18n')
-const path = require('path')
-module.exports = exports = (
-  { language: { projectFilePath }, java },
-  next,
-  config
-) => {
-  let cmdStdout
-  let cwd
-  let timeout
-  let javaProject = ''
-  let mvn_settings = ''
-  const maven = 'Maven'
-  const gradle = 'Gradle'
-  try {
-    if (projectFilePath.includes('pom.xml')) {
-      javaProject = maven
-      cwd = projectFilePath.replace('pom.xml', '')
-    } else if (projectFilePath.includes('build.gradle')) {
-      javaProject = gradle
-      cwd = projectFilePath.replace('build.gradle', '')
-    }
-    // timeout is in milliseconds and 2.30 mintues was choses as when tested against
-    // Spring-boot (https://github.com/spring-projects/spring-boot) a complex project that was the
-    // average time for a first run when it had to download projects then build tree
-    timeout = 960000
-    // A sample of this output can be found
-    // in the java test data/mvnCmdResults.text
-    if (javaProject === maven) {
-      // Allow users to provide a custom location for their settings.xml
-      if (config.mavenSettingsPath) {
-        mvn_settings = ' -s ' + config.mavenSettingsPath
-      }
-      if (config.betaUnifiedJavaParser) {
-        cmdStdout = child_process.execSync(
-          'mvn dependency:tree -B' + mvn_settings,
-          {
-            cwd,
-            timeout
-          }
-        )
-      } else {
-        cmdStdout = child_process.execSync(
-          'mvn dependency:tree -DoutputType=dot -B' + mvn_settings,
-          {
-            cwd,
-            timeout
-          }
-        )
-      }
-      java.mvnDependancyTreeOutput = cmdStdout.toString()
-    } else if (javaProject === gradle) {
-      // path.sep is user here to either execute as "./gradlew" for UNIX/Linux/MacOS
-      // & ".\gradlew" for Windows
-      // Check if the user has specified a sub-project
-      if (config.subProject) {
-        cmdStdout = child_process.execSync(
-          '.' +
-            path.sep +
-            'gradlew :' +
-            config.subProject +
-            ':dependencies --configuration runtimeClasspath',
-          {
-            cwd,
-            timeout
-          }
-        )
-      } else {
-        cmdStdout = child_process.execSync(
-          '.' +
-            path.sep +
-            'gradlew dependencies --configuration runtimeClasspath',
-          {
-            cwd,
-            timeout
-          }
-        )
-      }
-      if (
-        cmdStdout
-          .toString()
-          .includes(
-            "runtimeClasspath - Runtime classpath of source set 'main'.\n" +
-              'No dependencies'
-          )
-      ) {
-        cmdStdout = child_process.execSync(
-          '.' + path.sep + 'gradlew dependencies',
-          {
-            cwd,
-            timeout
-          }
-        )
-      }
-      java.mvnDependancyTreeOutput = cmdStdout.toString()
-    }
-    next()
-  } catch (err) {
-    if (javaProject === maven) {
-      try {
-        child_process.execSync('mvn --version', {
-          cwd,
-          timeout
-        })
-        next(
-          new Error(
-            i18n.__('mavenDependencyTreeNonZero', cwd, `${err.message}`)
-          )
-        )
-      } catch (mvnErr) {
-        next(
-          new Error(i18n.__('mavenNotInstalledError', cwd, `${mvnErr.message}`))
-        )
-      }
-    } else if (javaProject === gradle) {
-      if (
-        fs.existsSync(cwd + 'gradlew') ||
-        fs.existsSync(cwd + 'gradlew.bat')
-      ) {
-        next(
-          new Error(
-            i18n.__('gradleDependencyTreeNonZero', cwd, `${err.message}`)
-          )
-        )
-      } else {
-        next(
-          new Error(i18n.__('gradleWrapperUnavailable', cwd, `${err.message}`))
-        )
-      }
-    }
-    return
-  }
-}

package/src/audit/javaAnalysisEngine/sanitizer.js DELETED Viewed

@@ -1,6 +0,0 @@
-module.exports = exports = ({ java }, next) => {
-  // Remove anything sensitive or unnecessary from being sent to the backend as
-  // a result of our Java project analysis
-  delete java.mvnDependancyTreeOutput
-  next()
-}

package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedLanguages.js DELETED Viewed

@@ -1,36 +0,0 @@
-const i18n = require('i18n')
-/**
- * Checks that the list of languages and files that has been reduced doesn't
- * contain more than one identified language.
- */
-module.exports = exports = (analysis, next) => {
-  const { languageAnalysis } = analysis
-  try {
-    checkForMultipleIdentifiedLanguages(languageAnalysis.identifiedLanguages)
-  } catch (err) {
-    next(err)
-    return
-  }
-  next()
-}
-const checkForMultipleIdentifiedLanguages = identifiedLanguages => {
-  if (Object.keys(identifiedLanguages).length > 1) {
-    // Handle the error case where multiple languages have been identified
-    let errMsg = i18n.__('languageAnalysisMultipleLanguages1')
-    for (const [language, { projectFilenames }] of Object.entries(
-      identifiedLanguages
-    )) {
-      errMsg += `\t${language}: ${projectFilenames.join(', ')}\n`
-    }
-    errMsg += i18n.__('languageAnalysisMultipleLanguages2', "'project_path'")
-    throw new Error(errMsg)
-  }
-}
-//For testing purposes
-exports.checkForMultipleIdentifiedLanguages =
-  checkForMultipleIdentifiedLanguages

package/src/audit/languageAnalysisEngine/checkForMultipleIdentifiedProjectFiles.js DELETED Viewed

@@ -1,42 +0,0 @@
-const i18n = require('i18n')
-/**
- * Checks that the list of languages and files that has been reduced doesn't
- * contain more than one project file for any identified language.
- */
-module.exports = exports = (analysis, next) => {
-  const { languageAnalysis } = analysis
-  try {
-    checkForMultipleIdentifiedProjectFiles(languageAnalysis.identifiedLanguages)
-  } catch (err) {
-    next(err)
-    return
-  }
-  next()
-}
-const checkForMultipleIdentifiedProjectFiles = identifiedLanguages => {
-  // Handle the error case where only a single language has been identified...
-  if (Object.keys(identifiedLanguages).length == 1) {
-    let { projectFilenames } = Object.values(identifiedLanguages)[0]
-    // ...but multiple project files for that language have been found
-    if (projectFilenames.length > 1) {
-      const [language] = Object.keys(identifiedLanguages)
-      projectFilenames = projectFilenames.join(', ')
-      // NOTE : Quotation marks for language needs to be added back in (this includes tests)
-      throw new Error(
-        i18n.__(
-          'languageAnalysisProjectFiles',
-          language,
-          projectFilenames,
-          "'project_path'"
-        )
-      )
-    }
-  }
-}
-//For testing purposes
-exports.checkForMultipleIdentifiedProjectFiles =
-  checkForMultipleIdentifiedProjectFiles

package/src/audit/languageAnalysisEngine/checkIdentifiedLanguageHasLockFile.js DELETED Viewed

@@ -1,54 +0,0 @@
-const i18n = require('i18n')
-/**
- * Checks that a project has a lock file
- */
-module.exports = exports = (analysis, next) => {
-  try {
-    const { languageAnalysis } = analysis
-    //.NET and NODE both need lock files. currently JAVA and GO do not
-    // need a lock file so if lang is JAVA / GO just go to next
-    if (
-      Object.getOwnPropertyNames(languageAnalysis.identifiedLanguages)[0] ===
-        'JAVA' ||
-      Object.getOwnPropertyNames(languageAnalysis.identifiedLanguages)[0] ===
-        'GO'
-    ) {
-      next()
-      return
-    }
-    checkForLockFile(languageAnalysis.identifiedLanguages)
-  } catch (err) {
-    next(err)
-    return
-  }
-  next()
-  return
-}
-const checkForLockFile = identifiedLanguages => {
-  // Handle the error case where only a single language has been identified...
-  if (Object.keys(identifiedLanguages).length == 1) {
-    let { lockFilenames } = Object.values(identifiedLanguages)[0]
-    // ...but no lock files for that language have been found
-    if (lockFilenames.length == 0) {
-      const [language] = Object.keys(identifiedLanguages)
-      throw new Error(i18n.__('languageAnalysisHasNoLockFile', language))
-    }
-    if (lockFilenames.length > 1) {
-      const [language] = Object.keys(identifiedLanguages)
-      throw new Error(
-        i18n.__(
-          'languageAnalysisHasMultipleLockFiles',
-          language,
-          String(lockFilenames)
-        )
-      )
-    }
-  }
-}
-//For testing purposes
-exports.checkForLockFile = checkForLockFile