npm - @contrast/contrast - Versions diffs - 1.0.8 → 1.0.9 - Mend

@contrast/contrast 1.0.8 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (173) hide show

package/dist/scaAnalysis/javascript/index.js CHANGED Viewed

@@ -3,11 +3,7 @@ const analysis = require('./analysis');
 const i18n = require('i18n');
 const formatMessage = require('../common/formatMessage');
 const jsAnalysis = async (config, languageFiles) => {
-    if (languageFiles.JAVASCRIPT.includes('package-lock.json') &&
-        languageFiles.JAVASCRIPT.includes('yarn.lock')) {
-        console.log(i18n.__('languageAnalysisMultipleLanguages1'));
-        return;
-    }
+    checkForCorrectFiles(languageFiles);
     return buildNodeTree(config, languageFiles.JAVASCRIPT);
 };
 const buildNodeTree = async (config, files) => {
@@ -36,6 +32,19 @@ const parseFiles = async (config, files, js) => {
     }
     return js;
 };
+const checkForCorrectFiles = languageFiles => {
+    if (languageFiles.JAVASCRIPT.includes('package-lock.json') &&
+        languageFiles.JAVASCRIPT.includes('yarn.lock')) {
+        throw new Error(i18n.__('languageAnalysisHasMultipleLockFiles', 'javascript'));
+    }
+    if (!languageFiles.JAVASCRIPT.includes('package-lock.json') &&
+        !languageFiles.JAVASCRIPT.includes('yarn.lock')) {
+        throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'javascript'));
+    }
+    if (!languageFiles.JAVASCRIPT.includes('package.json')) {
+        throw new Error(i18n.__('languageAnalysisHasNoPackageJsonFile'));
+    }
+};
 module.exports = {
     jsAnalysis
 };

package/dist/scaAnalysis/php/analysis.js CHANGED Viewed

@@ -2,23 +2,21 @@
 const fs = require('fs');
 const i18n = require('i18n');
 const _ = require('lodash');
-let php = {};
-const readProjectFile = (projectPath, customFile) => {
-    const filePath = filePathForWindows(projectPath + customFile);
-    try {
-        php.composerJSON = JSON.parse(fs.readFileSync(filePath, 'utf8'));
-        php.composerJSON.dependencies = php.composerJSON.require;
-        php.composerJSON.devDependencies = php.composerJSON['require-dev'];
-        return php;
-    }
-    catch (err) {
-        console.log(err.message.toString());
+const readFile = (config, nameOfFile) => {
+    if (config.file) {
+        try {
+            return fs.readFileSync(config.file + '/' + nameOfFile);
+        }
+        catch (error) {
+            console.log('Unable to find file');
+            console.log(error);
+        }
     }
 };
-const readAndParseLockFile = (projectPath, customFile) => {
-    const filePath = filePathForWindows(projectPath + customFile);
+const parseProjectFiles = php => {
     try {
-        php.rawLockFileContents = JSON.parse(fs.readFileSync(filePath, 'utf8'));
+        php.composerJSON.dependencies = php.composerJSON.require;
+        php.composerJSON.devDependencies = php.composerJSON['require-dev'];
         php.lockFile = php.rawLockFileContents;
         let packages = _.keyBy(php.lockFile.packages, 'name');
         let packagesDev = _.keyBy(php.lockFile['packages-dev'], 'name');
@@ -50,22 +48,6 @@ const readAndParseLockFile = (projectPath, customFile) => {
         return console.log(i18n.__('phpParseComposerLock', php) + `${err.message}`);
     }
 };
-const getPhpDeps = (config, files) => {
-    try {
-        return (readProjectFile(config.file, files[0].projectFilename),
-            readAndParseLockFile(config.file, files[1].lockFilename));
-    }
-    catch (err) {
-        console.log(err.message.toString());
-        process.exit(1);
-    }
-};
-const filePathForWindows = path => {
-    if (process.platform === 'win32') {
-        path = path.replace(/\//g, '\\');
-    }
-    return path;
-};
 function addChildDepToLockFileAsOwnObj(php, depObj, key) {
     php.lockFile.dependencies[key] = { version: depObj[key] };
 }
@@ -83,7 +65,6 @@ function formatParentDepToLockFile(php) {
     }
 }
 module.exports = {
-    getPhpDeps,
-    readAndParseLockFile,
-    readProjectFile
+    parseProjectFiles,
+    readFile
 };

package/dist/scaAnalysis/php/index.js CHANGED Viewed

@@ -1,9 +1,16 @@
 "use strict";
-const { getPhpDeps } = require('./analysis');
+const { readFile, parseProjectFiles } = require('./analysis');
 const { createPhpTSMessage } = require('../common/formatMessage');
-const phpAnalysis = (config, languageFiles) => {
-    const phpDeps = getPhpDeps(config, languageFiles.PHP);
-    return createPhpTSMessage(phpDeps);
+const phpAnalysis = (config, files) => {
+    let analysis = readFiles(config, files.PHP);
+    const phpDep = parseProjectFiles(analysis);
+    return createPhpTSMessage(phpDep);
+};
+const readFiles = (config, files) => {
+    let php = {};
+    php.composerJSON = JSON.parse(readFile(config, 'composer.json'));
+    php.rawLockFileContents = JSON.parse(readFile(config, 'composer.lock'));
+    return php;
 };
 module.exports = {
     phpAnalysis

package/dist/scaAnalysis/ruby/analysis.js CHANGED Viewed

@@ -1,8 +1,7 @@
 "use strict";
 const fs = require('fs');
 const readAndParseGemfile = file => {
-    const fileName = filePathForWindows(file + '/Gemfile');
-    const gemFile = fs.readFileSync(fileName, 'utf8');
+    const gemFile = fs.readFileSync(file + '/Gemfile', 'utf8');
     const rubyArray = gemFile.split('\n');
     let filteredRubyDep = rubyArray.filter(element => {
         return (!element.includes('#') &&
@@ -15,8 +14,7 @@ const readAndParseGemfile = file => {
     return filteredRubyDep;
 };
 const readAndParseGemLockFile = file => {
-    const fileName = filePathForWindows(file + '/Gemfile.lock');
-    const lockFile = fs.readFileSync(fileName, 'utf8');
+    const lockFile = fs.readFileSync(file + '/Gemfile.lock', 'utf8');
     const dependencyRegEx = /^\s*([A-Za-z0-9.!@#$%\-^&*_+]*)\s*(\((.*?)\))/;
     const lines = lockFile.split('\n');
     return {
@@ -204,12 +202,6 @@ const getRubyDeps = config => {
 const trimWhiteSpace = string => {
     return string.replace(/\s+/g, '');
 };
-const filePathForWindows = path => {
-    if (process.platform === 'win32') {
-        path = path.replace(/\//g, '\\');
-    }
-    return path;
-};
 module.exports = {
     getRubyDeps,
     readAndParseGemfile,

package/dist/scan/autoDetection.js CHANGED Viewed

@@ -1,7 +1,6 @@
 "use strict";
 const i18n = require('i18n');
 const fileFinder = require('./fileUtils');
-const languageResolver = require('../audit/languageAnalysisEngine/reduceIdentifiedLanguages');
 const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames');
 const autoDetectFileAndLanguage = async (configToUse) => {
     const entries = await fileFinder.findFile();
@@ -24,31 +23,30 @@ const autoDetectFileAndLanguage = async (configToUse) => {
         errorOnFileDetection(entries);
     }
 };
-const autoDetectAuditFilesAndLanguages = async () => {
+const autoDetectAuditFilesAndLanguages = async (file) => {
+    const filePath = file;
     let languagesFound = [];
-    console.log(i18n.__('searchingAuditFileDirectory', process.cwd()));
-    await fileFinder.findFilesJava(languagesFound);
-    await fileFinder.findFilesJavascript(languagesFound);
-    await fileFinder.findFilesPython(languagesFound);
-    await fileFinder.findFilesGo(languagesFound);
-    await fileFinder.findFilesPhp(languagesFound);
-    await fileFinder.findFilesRuby(languagesFound);
-    if (languagesFound.length === 1) {
+    if (filePath) {
+        rootFile.getProjectRootFilenames(filePath);
+        console.log(i18n.__('searchingAuditFileDirectory', filePath));
+    }
+    else {
+        console.log(i18n.__('searchingAuditFileDirectory', process.cwd()));
+    }
+    await fileFinder.findFilesJava(languagesFound, filePath);
+    await fileFinder.findFilesJavascript(languagesFound, filePath);
+    await fileFinder.findFilesPython(languagesFound, filePath);
+    await fileFinder.findFilesGo(languagesFound, filePath);
+    await fileFinder.findFilesPhp(languagesFound, filePath);
+    await fileFinder.findFilesRuby(languagesFound, filePath);
+    await fileFinder.findFilesDotNet(languagesFound, filePath);
+    if (languagesFound.length <= 1) {
         return languagesFound;
     }
     else {
         console.log('found multiple languages, please specify one using --file to run SCA audit');
     }
 };
-const manualDetectAuditFilesAndLanguages = file => {
-    let projectRootFilenames = rootFile.getProjectRootFilenames(file);
-    let identifiedLanguages = languageResolver.deduceLanguageScaAnalysis(projectRootFilenames);
-    if (Object.keys(identifiedLanguages).length === 0) {
-        console.log(i18n.__('languageAnalysisNoLanguage', file));
-        return [];
-    }
-    return [identifiedLanguages];
-};
 const hasWhiteSpace = s => {
     const filename = s.split('/').pop();
     return filename.indexOf(' ') >= 0;
@@ -88,6 +86,5 @@ module.exports = {
     autoDetectFileAndLanguage,
     errorOnFileDetection,
     autoDetectAuditFilesAndLanguages,
-    errorOnAuditFileDetection,
-    manualDetectAuditFilesAndLanguages
+    errorOnAuditFileDetection
 };

package/dist/scan/fileUtils.js CHANGED Viewed

@@ -10,72 +10,90 @@ const findFile = async () => {
         onlyFiles: true
     });
 };
-const findFilesJava = async (languagesFound) => {
+const findFilesJava = async (languagesFound, filePath) => {
     const result = await fg(['**/pom.xml', '**/build.gradle', '**/build.gradle.kts'], {
         dot: false,
         deep: 1,
-        onlyFiles: true
+        onlyFiles: true,
+        cwd: filePath ? filePath : process.cwd()
     });
     if (result.length > 0) {
         return languagesFound.push({ JAVA: result });
     }
     return languagesFound;
 };
-const findFilesJavascript = async (languagesFound) => {
+const findFilesJavascript = async (languagesFound, filePath) => {
     const result = await fg(['**/package.json', '**/yarn.lock', '**/package-lock.json'], {
         dot: false,
         deep: 1,
-        onlyFiles: true
+        onlyFiles: true,
+        cwd: filePath ? filePath : process.cwd()
     });
     if (result.length > 0) {
         return languagesFound.push({ JAVASCRIPT: result });
     }
     return languagesFound;
 };
-const findFilesPython = async (languagesFound) => {
+const findFilesPython = async (languagesFound, filePath) => {
     const result = await fg(['**/Pipfile.lock', '**/Pipfile'], {
         dot: false,
         deep: 3,
-        onlyFiles: true
+        onlyFiles: true,
+        cwd: filePath ? filePath : process.cwd()
     });
     if (result.length > 0) {
         return languagesFound.push({ PYTHON: result });
     }
     return languagesFound;
 };
-const findFilesGo = async (languagesFound) => {
+const findFilesGo = async (languagesFound, filePath) => {
     const result = await fg(['**/go.mod'], {
         dot: false,
         deep: 3,
-        onlyFiles: true
+        onlyFiles: true,
+        cwd: filePath ? filePath : process.cwd()
     });
     if (result.length > 0) {
         return languagesFound.push({ GO: result });
     }
     return languagesFound;
 };
-const findFilesRuby = async (languagesFound) => {
+const findFilesRuby = async (languagesFound, filePath) => {
     const result = await fg(['**/Gemfile', '**/Gemfile.lock'], {
         dot: false,
         deep: 3,
-        onlyFiles: true
+        onlyFiles: true,
+        cwd: filePath ? filePath : process.cwd()
     });
     if (result.length > 0) {
         return languagesFound.push({ RUBY: result });
     }
     return languagesFound;
 };
-const findFilesPhp = async (languagesFound) => {
+const findFilesPhp = async (languagesFound, filePath) => {
     const result = await fg(['**/composer.json', '**/composer.lock'], {
         dot: false,
         deep: 3,
-        onlyFiles: true
+        onlyFiles: true,
+        cwd: filePath ? filePath : process.cwd()
     });
     if (result.length > 0) {
         return languagesFound.push({ PHP: result });
     }
     return languagesFound;
 };
+const findFilesDotNet = async (languagesFound, filePath) => {
+    const result = await fg(['**/*.csproj', '**/packages.lock.json'], {
+        dot: false,
+        deep: 3,
+        onlyFiles: true,
+        cwd: filePath ? filePath : process.cwd()
+    });
+    if (result.length > 0) {
+        return languagesFound.push({ DOTNET: result });
+    }
+    return languagesFound;
+};
 const checkFilePermissions = file => {
     let readableFile = false;
     try {
@@ -117,5 +135,6 @@ module.exports = {
     findFilesGo,
     findFilesPhp,
     findFilesRuby,
+    findFilesDotNet,
     fileIsEmpty
 };

package/dist/scan/formatScanOutput.js CHANGED Viewed

@@ -25,8 +25,9 @@ function formatScanOutput(scanResults) {
         console.log(chalk_1.default.bold(message));
         console.log();
         let defaultView = getDefaultView(scanResultsInstances.content);
-        let count = defaultView.length;
+        let count = 0;
         defaultView.forEach(entry => {
+            count++;
             let table = new cli_table3_1.default({
                 chars: {
                     top: '',
@@ -84,7 +85,6 @@ function formatScanOutput(scanResults) {
                 ];
                 table.push(learnRow);
             }
-            count--;
             console.log(table.toString());
             console.log();
         });
@@ -149,7 +149,7 @@ function getDefaultView(content) {
         groupTypeResults.push(groupResultsObj);
         assignBySeverity(resultEntry, groupResultsObj);
     });
-    return (0, lodash_1.sortBy)(groupTypeResults, ['priority']).reverse();
+    return (0, lodash_1.sortBy)(groupTypeResults, ['priority']);
 }
 exports.getDefaultView = getDefaultView;
 function editVulName(message) {

package/dist/scan/scanConfig.js CHANGED Viewed

@@ -3,7 +3,7 @@ const paramHandler = require('../utils/paramsUtil/paramHandler');
 const constants = require('../../src/constants.js');
 const parsedCLIOptions = require('../../src/utils/parsedCLIOptions');
 const path = require('path');
-const { supportedLanguages } = require('../audit/languageAnalysisEngine/constants');
+const { supportedLanguagesScan } = require('../constants/constants');
 const i18n = require('i18n');
 const { scanUsageGuide } = require('./help');
 const getScanConfig = argv => {
@@ -15,7 +15,7 @@ const getScanConfig = argv => {
     const paramsAuth = paramHandler.getAuth(scanParams);
     if (scanParams.language) {
         scanParams.language = scanParams.language.toUpperCase();
-        if (!Object.values(supportedLanguages).includes(scanParams.language)) {
+        if (!Object.values(supportedLanguagesScan).includes(scanParams.language)) {
             console.log(`Did not recognise --language ${scanParams.language}`);
             console.log(i18n.__('constantsHowToRunDev3'));
             process.exit(1);

package/dist/utils/getConfig.js CHANGED Viewed

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.setConfigValues = exports.createConfigFromYaml = exports.localConfig = void 0;
+exports.setConfigValues = exports.localConfig = void 0;
 const conf_1 = __importDefault(require("conf"));
 const localConfig = (name, version) => {
     const config = new conf_1.default({
@@ -19,11 +19,6 @@ const localConfig = (name, version) => {
     return config;
 };
 exports.localConfig = localConfig;
-const createConfigFromYaml = (yamlPath) => {
-    const yamlConfig = {};
-    return yamlConfig;
-};
-exports.createConfigFromYaml = createConfigFromYaml;
 const setConfigValues = (config, values) => {
     config.set('apiKey', values.apiKey);
     config.set('organizationId', values.orgId);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.8",
+  "version": "1.0.9",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {
@@ -23,8 +23,7 @@
     "test": "jest --testPathIgnorePatterns=./test-integration/",
     "test-int": "jest ./test-integration/",
     "test-int-scan": "jest ./test-integration/scan",
-    "test-int-audit": "jest ./test-integration/audit/audit.spec.js",
-    "test-int-audit-experimental": "jest ./test-integration/audit/audit-experimental.spec.js",
+    "test-int-audit": "jest test-integration/audit/audit-int.spec.js",
     "format": "prettier --write \"**/*.{ts,tsx,js,json,md,yml}\" .eslintrc.*",
     "check-format": "prettier --check \"**/*.{ts,tsx,js,json,md,yml}\" .eslintrc.*",
     "coverage-local": "nyc --reporter=text mocha './test/**/*.spec.js'",

package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js CHANGED Viewed

@@ -1,35 +1,6 @@
 const fs = require('fs')
 const path = require('path')
 const i18n = require('i18n')
-/**
- * Will get the filenames from the project path provided to the SCA CLI tool. If
- * the project path points to a file and not a directory will return the
- * filename in the same fashion as if a directory had been read.
- *
- * Will fail and throw for a manner of reasons when doing file/directory
- * inspection.
- *
- * @param {string} file - The path to a projects root directory or a
- * specific project file
- *
- * @return {string[]} List of filenames associated with a projects root
- * directory or the name of the specific project file if that was provided to
- * the 'file' parameter
- *
- * @throws {Error} If the project path doesn't exist
- * @throws {Error} If the project path information can't be collected
- * @throws {Error} If a non-file or non-directory inspected
- */
-module.exports = exports = (analysis, next) => {
-  const { file, languageAnalysis } = analysis
-  try {
-    languageAnalysis.projectRootFilenames = getProjectRootFilenames(file)
-  } catch (err) {
-    next(err)
-    return
-  }
-  next()
-}
 const getProjectRootFilenames = file => {
   let projectStats = null
@@ -67,6 +38,6 @@ const getProjectRootFilenames = file => {
     file
   )
 }
-//For testing purposes
-exports.getProjectRootFilenames = getProjectRootFilenames
+module.exports = {
+  getProjectRootFilenames
+}