npm - @contrast/contrast - Versions diffs - 1.0.8 → 1.0.9 - Mend

@contrast/contrast 1.0.8 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (173) hide show

package/src/audit/nodeAnalysisEngine/readYarnLockFileContents.js DELETED Viewed

@@ -1,36 +0,0 @@
-const fs = require('fs')
-const yaml = require('js-yaml')
-const i18n = require('i18n')
-module.exports = exports = ({ language: { lockFilePath }, node }, next) => {
-  // check if the lockFilePath is populated and if it is check to
-  // see if it has the package-lock if not then go on to next handler
-  if (!lockFilePath || !lockFilePath.includes('yarn.lock')) {
-    next()
-    return
-  }
-  try {
-    node.rawYarnLockFileContents = fs.readFileSync(lockFilePath, 'utf8')
-    node.yarnVersion = 1
-    if (
-      !node.rawYarnLockFileContents.includes('lockfile v1') ||
-      node.rawYarnLockFileContents.includes('__metadata')
-    ) {
-      node.rawYarnLockFileContents = yaml.load(
-        fs.readFileSync(lockFilePath, 'utf8')
-      )
-      node.yarnVersion = 2
-    }
-  } catch (err) {
-    next(
-      new Error(
-        i18n.__('nodeReadYarnLockFileError', lockFilePath) + `${err.message}`
-      )
-    )
-    return
-  }
-  next()
-}

package/src/audit/nodeAnalysisEngine/sanitizer.js DELETED Viewed

@@ -1,11 +0,0 @@
-module.exports = exports = ({ node }, next) => {
-  // Remove anything sensitive or unnecessary from being sent to the backend as
-  // a result of our NODE project analysis
-  delete node.rawProjectFileContents
-  delete node.projectFileJSON
-  delete node.projectLockFileJSON
-  delete node.rawLockFileContents
-  delete node.rawYarnLockFileContents
-  next()
-}

package/src/audit/phpAnalysisEngine/index.js DELETED Viewed

@@ -1,27 +0,0 @@
-const AnalysisEngine = require('../AnalysisEngine')
-const readProjectFileContents = require('./readProjectFileContents')
-const readLockFileContents = require('./readLockFileContents')
-const parseLockFileContents = require('./parseLockFileContents')
-const sanitizer = require('./sanitizer')
-const i18n = require('i18n')
-module.exports = exports = (language, config, callback) => {
-  const ae = new AnalysisEngine({ language, config, php: {} })
-  ae.use([
-    readProjectFileContents,
-    readLockFileContents,
-    parseLockFileContents,
-    sanitizer
-  ])
-  ae.analyze((err, analysis) => {
-    if (err) {
-      callback(new Error(i18n.__('phpAnalysisFailure') + `${err.message}`))
-      return
-    }
-    callback(null, analysis)
-  })
-}

package/src/audit/phpAnalysisEngine/parseLockFileContents.js DELETED Viewed

@@ -1,60 +0,0 @@
-const i18n = require('i18n')
-const _ = require('lodash')
-module.exports = exports = ({ language: { lockFilePath }, php }, next) => {
-  try {
-    php.lockFile = php.rawLockFileContents
-    let packages = _.keyBy(php.lockFile.packages, 'name')
-    let packagesDev = _.keyBy(php.lockFile['packages-dev'], 'name')
-    php.lockFile.dependencies = _.merge(packages, packagesDev)
-    const listOfTopDep = Object.keys(php.lockFile.dependencies)
-    Object.entries(php.lockFile.dependencies).forEach(([key, value]) => {
-      if (value.require) {
-        const listOfRequiresDep = Object.keys(value.require)
-        listOfRequiresDep.forEach(dep => {
-          if (!listOfTopDep.includes(dep)) {
-            addChildDepToLockFileAsOwnObj(value['require'], dep)
-          }
-        })
-      }
-      if (value['require-dev']) {
-        const listOfRequiresDep = Object.keys(value['require-dev'])
-        listOfRequiresDep.forEach(dep => {
-          if (!listOfTopDep.includes(dep)) {
-            addChildDepToLockFileAsOwnObj(value['require-dev'], dep)
-          }
-        })
-      }
-    })
-    formatParentDepToLockFile()
-  } catch (err) {
-    next(
-      new Error(
-        i18n.__('phpParseComposerLock', lockFilePath) + `${err.message}`
-      )
-    )
-    return
-  }
-  next()
-  function addChildDepToLockFileAsOwnObj(depObj, key) {
-    php.lockFile.dependencies[key] = { version: depObj[key] }
-  }
-  function formatParentDepToLockFile() {
-    for (const [key, value] of Object.entries(php.lockFile.dependencies)) {
-      let requires = {}
-      for (const [childKey, childValue] of Object.entries(value)) {
-        if (childKey === 'require' || childKey === 'require-dev') {
-          requires = _.merge(requires, childValue)
-          php.lockFile.dependencies[key].requires = requires
-          delete php.lockFile.dependencies[key].require
-          delete php.lockFile.dependencies[key]['require-dev']
-        }
-      }
-    }
-  }
-}

package/src/audit/phpAnalysisEngine/readLockFileContents.js DELETED Viewed

@@ -1,14 +0,0 @@
-const fs = require('fs')
-const i18n = require('i18n')
-module.exports = exports = ({ language: { lockFilePath }, php }, next) => {
-  try {
-    php.rawLockFileContents = JSON.parse(fs.readFileSync(lockFilePath))
-  } catch (err) {
-    next(new Error(i18n.__('phpReadError', lockFilePath) + `${err.message}`))
-    return
-  }
-  next()
-}

package/src/audit/phpAnalysisEngine/readProjectFileContents.js DELETED Viewed

@@ -1,25 +0,0 @@
-const fs = require('fs')
-const i18n = require('i18n')
-// all node references are because we're using that engine in the backend
-// so complying with the already existing node format
-module.exports = exports = (analysis, next) => {
-  const {
-    language: { projectFilePath },
-    php
-  } = analysis
-  try {
-    php.composerJSON = JSON.parse(fs.readFileSync(projectFilePath, 'utf8'))
-    php.composerJSON.dependencies = php.composerJSON.require
-    php.composerJSON.devDependencies = php.composerJSON['require-dev']
-  } catch (err) {
-    next(
-      new Error(
-        i18n.__('phpReadProjectFileError', projectFilePath) + `${err.message}`
-      )
-    )
-    return
-  }
-  next()
-}

package/src/audit/phpAnalysisEngine/sanitizer.js DELETED Viewed

@@ -1,4 +0,0 @@
-module.exports = exports = ({ php }, next) => {
-  delete php.rawLockFileContents
-  next()
-}

package/src/audit/pythonAnalysisEngine/index.js DELETED Viewed

@@ -1,55 +0,0 @@
-const AnalysisEngine = require('./../AnalysisEngine')
-const readPythonProjectFileContents = require('./readPythonProjectFileContents')
-const readPipfileLockFileContents = require('./readPipfileLockFileContents')
-const parseProjectFileContents = require('./parseProjectFileContents')
-const parsePipfileLockContents = require('./parsePipfileLockContents')
-const sanitizer = require('./sanitizer')
-const i18n = require('i18n')
-module.exports = exports = (language, config, callback) => {
-  const ae = new AnalysisEngine({ language, config, python: {} })
-  // python's dependancy management is a bit of a wild west.
-  // in general there is a requirements.txt but there can also be a test-requirements.txt
-  // and/or dev-requirements.txt. plus the versions in all of those files do not need
-  // to be specified meaning that when the file is run it can have different dependancies
-  // per environment. If the user runs pip freeze it updates the requirements to the exact
-  // versions running in their local solo environment. We might need to do this or get the
-  // customer to do this for more accurate results.
-  // pip has a ultility module that can be run pipdeptree that will give a dependancy tree
-  // but this is a package that needs to be installed.
-  // there is also pipenv that produces pipfile and pipfile.lock that helps managed dependancies
-  // to be the same across all the environements. if pipfile.lock is found as well as a requirements.txt
-  // then pipfile.lock superceeds the requirements.
-  // pipenv graph can create a dependancy tree but to run that we have to
-  // 1) know if pipenv is used to manage python env
-  // 2) what the name of their pipenv is called
-  // 3) run the command
-  // 4)scrape and parse the console output
-  // For a breakdown of more python packaging https://realpython.com/pipenv-guide/ is a good guide
-  // and https://medium.com/python-pandemonium/better-python-dependency-and-package-management-b5d8ea29dff1
-  ae.use([
-    readPythonProjectFileContents,
-    parseProjectFileContents,
-    readPipfileLockFileContents,
-    parsePipfileLockContents,
-    sanitizer
-  ])
-  ae.analyze((err, analysis) => {
-    if (err) {
-      callback(
-        new Error(i18n.__('pythonAnalysisEngineError') + `${err.message}`)
-      )
-      return
-    }
-    callback(null, analysis)
-  })
-}

package/src/audit/pythonAnalysisEngine/parsePipfileLockContents.js DELETED Viewed

@@ -1,23 +0,0 @@
-const i18n = require('i18n')
-module.exports = exports = ({ language: { lockFilePath }, python }, next) => {
-  if (python.rawLockFileContents === undefined) {
-    return next()
-  }
-  try {
-    let parsedPipLock = JSON.parse(python.rawLockFileContents)
-    parsedPipLock['defaults'] = parsedPipLock['default']
-    python.pipfileLock = parsedPipLock
-  } catch (err) {
-    next(
-      new Error(
-        i18n.__(
-          'pythonAnalysisEnginePipError',
-          lockFilePath ? lockFilePath : 'undefined'
-        ) + `${err.message}`
-      )
-    )
-    return
-  }
-  next()
-}

package/src/audit/pythonAnalysisEngine/parseProjectFileContents.js DELETED Viewed

@@ -1,33 +0,0 @@
-const multiReplace = require('string-multiple-replace')
-const i18n = require('i18n')
-module.exports = exports = ({ python }, next) => {
-  const { rawProjectFileContents } = python
-  try {
-    const matcherObj = { '"': '' }
-    const sequencer = ['"']
-    const parsedPipfile = multiReplace(
-      rawProjectFileContents,
-      matcherObj,
-      sequencer
-    )
-    const pythonArray = parsedPipfile.split('\n')
-    python.pipfilDependanceies = pythonArray.filter(element => {
-      return element != '' && !element.includes('#')
-    })
-    next()
-  } catch (err) {
-    next(
-      new Error(
-        i18n.__('pythonAnalysisParseProjectFileError', rawProjectFileContents) +
-          `${err.message}`
-      )
-    )
-    return
-  }
-}

package/src/audit/pythonAnalysisEngine/readPipfileLockFileContents.js DELETED Viewed

@@ -1,16 +0,0 @@
-const fs = require('fs')
-const i18n = require('i18n')
-module.exports = exports = ({ language: { lockFilePath }, python }, next) => {
-  try {
-    python.rawLockFileContents = fs.readFileSync(lockFilePath)
-  } catch (err) {
-    next(
-      new Error(
-        i18n.__('pythonAnalysisReadPipFileError', lockFilePath) +
-          `${err.message}`
-      )
-    )
-  }
-  next()
-}

package/src/audit/pythonAnalysisEngine/readPythonProjectFileContents.js DELETED Viewed

@@ -1,22 +0,0 @@
-const fs = require('fs')
-const i18n = require('i18n')
-module.exports = exports = (
-  { language: { projectFilePath }, python },
-  next
-) => {
-  try {
-    //project file Contents points to requirements.txt for python
-    python.rawProjectFileContents = fs.readFileSync(projectFilePath, 'utf8')
-    next()
-  } catch (err) {
-    next(
-      new Error(
-        i18n.__('pythonAnalysisReadPythonProjectFileError', projectFilePath) +
-          `${err.message}`
-      )
-    )
-    return
-  }
-}

package/src/audit/pythonAnalysisEngine/sanitizer.js DELETED Viewed

@@ -1,9 +0,0 @@
-module.exports = exports = ({ python }, next) => {
-  // Remove anything sensitive or unnecessary from being sent to the backend as
-  // a result of our Python project analysis
-  delete python.rawProjectFileContents
-  delete python.rawLockFileContents
-  delete python.pipfileLock.default
-  next()
-}

package/src/audit/rubyAnalysisEngine/index.js DELETED Viewed

@@ -1,30 +0,0 @@
-const AnalysisEngine = require('./../AnalysisEngine')
-const readGemfileContents = require('./readGemfileContents')
-const readGemfileLockContents = require('./readGemfileLockContents')
-const parsedGemfile = require('./parsedGemfile')
-const parseGemfileLockFileContents = require('./parseGemfileLockContents')
-const sanitizer = require('./sanitizer')
-const i18n = require('i18n')
-module.exports = exports = (language, config, callback) => {
-  const ae = new AnalysisEngine({ language, config, ruby: {} })
-  // Ruby dependency management is mostly handled by bundler which creates
-  // Gemfile and Gemfile.lock. This project will only pick up on those
-  ae.use([
-    readGemfileContents,
-    parsedGemfile,
-    readGemfileLockContents,
-    parseGemfileLockFileContents,
-    sanitizer
-  ])
-  ae.analyze((err, analysis) => {
-    if (err) {
-      callback(new Error(i18n.__('rubyAnalysisEngineError') + `${err.message}`))
-      return
-    }
-    callback(null, analysis)
-  })
-}

package/src/audit/rubyAnalysisEngine/parseGemfileLockContents.js DELETED Viewed

@@ -1,215 +0,0 @@
-const whitespaceRegx = /^(\s*)/
-let index = 0
-const depReg = /^\s*([A-Za-z0-9.!@#$%\-^&*_+]*)\s*(\((.*?)\))/
-const i18n = require('i18n')
-const GEMFILE_KEY_VALUE = /^\s*([^:(]*)\s*\:*\s*(.*)/ // eslint-disable-line
-let rubyObj = {}
-rubyObj.dependencies = {}
-module.exports = exports = ({ ruby }, next) => {
-  const { rawLockFileContents } = ruby
-  let lines = rawLockFileContents.split('\n')
-  try {
-    ruby.gemfileLock = {}
-    getDirectDepencies(lines, ruby.gemfileLock)
-    getRubyVersion(lines, ruby.gemfileLock)
-    getSourceArr(lines, ruby.gemfileLock)
-    next()
-  } catch (err) {
-    next(
-      new Error(
-        i18n.__('rubyAnalysisEngineParsedGemLockFileError') + `${err.message}`
-      )
-    )
-  }
-}
-const populateSourceType = (line, rubyObj) => {
-  // sourceType has 0 WS and isn't null
-  return (rubyObj.sourceType = line)
-}
-const nonDependencyKeys = (line, rubyObj) => {
-  let parts = GEMFILE_KEY_VALUE.exec(line)
-  let key = parts[1].trim()
-  let value = parts[2] || ''
-  return (rubyObj[key] = value)
-}
-const populateResolveAndPlatform = (dependency, rubyObj) => {
-  const depArr = dependency.split('-')
-  rubyObj.resolved = depArr[0]
-  rubyObj.platform = depArr.length > 1 ? depArr[1] : 'UNSPECIFIED'
-  return rubyObj
-}
-const isUpperCase = str => {
-  return str === str.toUpperCase()
-}
-const getDirectDepencies = (lines, ruby) => {
-  let depIndex = 0
-  for (let i = 0; i < lines.length; i++) {
-    if (lines[i] == 'DEPENDENCIES') {
-      depIndex = i
-    }
-  }
-  const getDepArray = lines.slice(depIndex)
-  ruby.dependencies = {}
-  for (let j = 1; j < getDepArray.length; j++) {
-    const element = getDepArray[j]
-    if (!isUpperCase(element)) {
-      const isDependencyWithVersion = depReg.test(element)
-      if (isDependencyWithVersion) {
-        const dependency = depReg.exec(element)
-        // BF bain!
-        let name = dependency[1]
-        name = name.replace('!', '')
-        //
-        ruby.dependencies[name.trim()] = dependency[3]
-      } else {
-        // BF bain!
-        let name = element
-        name = name.replace('!', ' ')
-        //
-        ruby.dependencies[name.trim()] = 'UNSPECIFIED'
-      }
-    } else {
-      return
-    }
-  }
-}
-const getRubyVersion = (lines, ruby) => {
-  let rubVersionIndex = 0
-  for (let i = 0; i < lines.length; i++) {
-    if (lines[i] == 'RUBY VERSION') {
-      rubVersionIndex = i
-      break
-    }
-  }
-  if (rubVersionIndex !== 0) {
-    const getRubyVersionArray = lines.slice(rubVersionIndex)
-    ruby.runtimeDetails = {}
-    for (let j = 1; j < getRubyVersionArray.length; j++) {
-      let element = getRubyVersionArray[j]
-      if (!isUpperCase(element)) {
-        element = element.trim()
-        if (/^([ruby\s0-9.*]+)/.test(element)) {
-          let splitElement = element.split(' ')
-          ruby.runtimeDetails['version'] = splitElement[1]
-        }
-        if (/^([p0-9]+)/.test(element)) {
-          ruby.runtimeDetails['patchLevel'] = element.substring(1)
-        }
-        if (element.includes('engine')) {
-          let splitElement = element.split(' ')
-          ruby.runtimeDetails[splitElement[0]] = splitElement[1]
-        }
-      } else {
-        return
-      }
-    }
-  }
-}
-const formatSourceArr = sourceArr => {
-  return sourceArr.map(element => {
-    if (element.sourceType === 'GIT') {
-      delete element.specs
-    }
-    if (element.sourceType === 'GEM') {
-      delete element.branch
-      delete element.revision
-      delete element.depthLevel
-      delete element.specs
-    }
-    if (element.sourceType === 'PATH') {
-      delete element.branch
-      delete element.revision
-      delete element.depthLevel
-      delete element.specs
-      delete element.platform
-    }
-    return element
-  })
-}
-const getSourceArr = (lines, ruby) => {
-  let line = 0
-  let source = []
-  while ((line = lines[index++]) !== undefined) {
-    let currentWS = whitespaceRegx.exec(line)[1].length
-    // BF bain!
-    if (!line.includes(' bundler (')) {
-      // populates sourceType
-      if (currentWS === 0 && !line.includes(':') && line != '') {
-        populateSourceType(line, rubyObj)
-      }
-      // gets top level keys
-      if (currentWS !== 0 && line.includes(':')) {
-        nonDependencyKeys(line, rubyObj)
-      }
-      // dep can be parent at 4WS or edge at 6 WS
-      if (currentWS > 2) {
-        const isDependencyWithVersion = depReg.test(line)
-        let nexlineWS = whitespaceRegx.exec(lines[index])[1].length
-        // means its an edge
-        if (currentWS === 6) {
-          const dependency = depReg.exec(line)
-          if (isDependencyWithVersion) {
-            if (rubyObj.name !== dependency[1]) {
-              rubyObj.dependencies[dependency[1]] = dependency[3]
-            }
-          } else {
-            rubyObj.dependencies[line.trim()] = 'UNSPECIFIED'
-          }
-        }
-        if (currentWS === 4 && rubyObj.depthLevel === undefined) {
-          const dependency = depReg.exec(line)
-          rubyObj.name = dependency[1]
-          rubyObj.depthLevel = currentWS
-          populateResolveAndPlatform(dependency[3], rubyObj)
-        }
-        // when dethlevel is defined and WS is 4 then its a new dep
-        if (currentWS === 4 && rubyObj.depthLevel) {
-          // create new Parent
-          const dependency = depReg.exec(line)
-          rubyObj.name = dependency[1]
-          rubyObj.depthLevel = currentWS
-          populateResolveAndPlatform(dependency[3], rubyObj)
-        }
-        // need to push into array when:
-        // parents with no dep
-        // dep and nextline is a parent
-        // last line
-        if (
-          (currentWS === 4 && nexlineWS === 4) ||
-          (currentWS === 6 && nexlineWS === 4) ||
-          nexlineWS == ''
-        ) {
-          let newObj = {}
-          newObj = JSON.parse(JSON.stringify(rubyObj))
-          source.push(newObj)
-          rubyObj.dependencies = {}
-        }
-      }
-    }
-  }
-  ruby.sources = formatSourceArr(source)
-}
-exports.getSourceArr = getSourceArr

package/src/audit/rubyAnalysisEngine/parsedGemfile.js DELETED Viewed

@@ -1,39 +0,0 @@
-const i18n = require('i18n')
-module.exports = exports = ({ ruby }, next) => {
-  const { rawProjectFileContents } = ruby
-  // Read the ruby requirements file contents.
-  try {
-    const rubyArray = rawProjectFileContents.split('\n')
-    //give me the gemfiles
-    let filteredRubyDep = rubyArray.filter(element => {
-      return (
-        !element.includes('#') &&
-        element.includes('gem') &&
-        !element.includes('source')
-      )
-    })
-    //trim off whitespace
-    for (let i = 0; i < filteredRubyDep.length; i++) {
-      filteredRubyDep[i] = filteredRubyDep[i].trim()
-    }
-    ruby.gemfilesDependanceies = filteredRubyDep
-    next()
-  } catch (err) {
-    next(
-      new Error(
-        i18n.__(
-          'rubyAnalysisEngineParsedGemFileError',
-          rawProjectFileContents
-        ) + `${err.message}`
-      )
-    )
-    return
-  }
-}

package/src/audit/rubyAnalysisEngine/readGemfileContents.js DELETED Viewed

@@ -1,18 +0,0 @@
-const fs = require('fs')
-const i18n = require('i18n')
-module.exports = exports = ({ language: { projectFilePath }, ruby }, next) => {
-  try {
-    ruby.rawProjectFileContents = fs.readFileSync(projectFilePath, 'utf8')
-    next()
-  } catch (err) {
-    next(
-      new Error(
-        i18n.__('rubyAnalysisEngineReadGemFileError', projectFilePath) +
-          `${err.message}`
-      )
-    )
-    return
-  }
-}

package/src/audit/rubyAnalysisEngine/readGemfileLockContents.js DELETED Viewed

@@ -1,17 +0,0 @@
-const fs = require('fs')
-const i18n = require('i18n')
-module.exports = exports = ({ language: { lockFilePath }, ruby }, next) => {
-  try {
-    ruby.rawLockFileContents = fs.readFileSync(lockFilePath, 'utf8')
-    next()
-  } catch (err) {
-    next(
-      new Error(
-        i18n.__('rubyAnalysisEngineReadGemLockFileError', lockFilePath) +
-          `${err.message}`
-      )
-    )
-    return
-  }
-}

package/src/audit/rubyAnalysisEngine/sanitizer.js DELETED Viewed

@@ -1,8 +0,0 @@
-module.exports = exports = ({ ruby }, next) => {
-  // Remove anything sensitive or unnecessary from being sent to the backend as
-  // a result of our Ruby project analysis
-  delete ruby.rawProjectFileContents
-  delete ruby.rawLockFileContents
-  next()
-}