@contrast/contrast 1.0.8 → 1.0.9

package/src/sbom/generateSbom.ts

@@ -1,9 +1,9 @@
 import { getHttpClient } from '../utils/commonApi'
 
-export const generateSbom = (config: any) => {
+export const generateSbom = (config: any, type: string) => {
   const client = getHttpClient(config)
   return client
-    .getSbom(config)
+    .getSbom(config, type)
     .then((res: { statusCode: number; body: any }) => {
       if (res.statusCode === 200) {
         return res.body

package/src/scaAnalysis/common/formatMessage.js

@@ -50,11 +50,18 @@ const createPhpTSMessage = phpTree => {
   }
 }
 
+const createDotNetTSMessage = dotnetTree => {
+  return {
+    dotnet: dotnetTree
+  }
+}
+
 module.exports = {
   createJavaScriptTSMessage,
   createJavaTSMessage,
   createGoTSMessage,
   createPhpTSMessage,
   createRubyTSMessage,
-  createPythonTSMessage
+  createPythonTSMessage,
+  createDotNetTSMessage
 }

package/src/scaAnalysis/common/treeUpload.js

@@ -1,4 +1,4 @@
-const { getHttpClient } = require('../../utils/commonApi')
+const commonApi = require('../../utils/commonApi')
 const { APP_VERSION } = require('../../constants/constants')
 
 const commonSendSnapShot = async (analysis, config) => {
@@ -8,19 +8,18 @@ const commonSendSnapShot = async (analysis, config) => {
     snapshot: analysis
   }
 
-  const client = getHttpClient(config)
+  const client = commonApi.getHttpClient(config)
   return client
     .sendSnapshot(requestBody, config)
     .then(res => {
       if (res.statusCode === 201) {
         return res.body
       } else {
-        console.log(res.statusCode)
-        console.log('error processing dependencies')
+        throw new Error(res.statusCode + ` error processing dependencies`)
       }
     })
     .catch(err => {
-      console.log(err)
+      throw err
     })
 }
 

package/src/scaAnalysis/dotnet/analysis.js

@@ -0,0 +1,54 @@
+const fs = require('fs')
+const xml2js = require('xml2js')
+const i18n = require('i18n')
+
+const readAndParseProjectFile = projectFilePath => {
+  const projectFile = fs.readFileSync(projectFilePath)
+
+  return new xml2js.Parser({
+    explicitArray: false,
+    mergeAttrs: true
+  }).parseString(projectFile)
+}
+
+const readAndParseLockFile = lockFilePath => {
+  const lockFile = JSON.parse(fs.readFileSync(lockFilePath).toString())
+
+  let count = 0 // Used to test if some nodes are deleted
+
+  for (const dependenciesNode in lockFile.dependencies) {
+    for (const innerNode in lockFile.dependencies[dependenciesNode]) {
+      const nodeValidation = JSON.stringify(
+        lockFile.dependencies[dependenciesNode][innerNode]
+      )
+      if (nodeValidation.includes('"type":"Project"')) {
+        count += 1
+        delete lockFile.dependencies[dependenciesNode][innerNode]
+        lockFile.additionalInfo = 'dependenciesNote'
+      }
+    }
+  }
+
+  if (count > 0) {
+    const multiLevelProjectWarning = () => {
+      console.log('')
+      console.log(i18n.__('dependenciesNote'))
+    }
+    setTimeout(multiLevelProjectWarning, 7000)
+  }
+
+  return lockFile
+}
+
+const getDotNetDeps = (filePath, languageFiles) => {
+  const projectFile = readAndParseProjectFile(filePath + `/${languageFiles[0]}`)
+  const lockFile = readAndParseLockFile(filePath + `/${languageFiles[1]}`)
+
+  return { projectFile, lockFile }
+}
+
+module.exports = {
+  getDotNetDeps,
+  readAndParseProjectFile,
+  readAndParseLockFile
+}

package/src/scaAnalysis/dotnet/index.js

@@ -0,0 +1,11 @@
+const { getDotNetDeps } = require('./analysis')
+const { createDotNetTSMessage } = require('../common/formatMessage')
+
+const dotNetAnalysis = (config, languageFiles) => {
+  const dotNetDeps = getDotNetDeps(config.file, languageFiles.DOTNET)
+  return createDotNetTSMessage(dotNetDeps)
+}
+
+module.exports = {
+  dotNetAnalysis
+}

package/src/scaAnalysis/javascript/analysis.js

@@ -12,7 +12,7 @@ const readFile = async (config, languageFiles, nameOfFile) => {
   if (config.file) {
     return fs.readFileSync(config.file.concat(languageFiles[index]), 'utf8')
   } else {
-    console.log('could not find file')
+    throw new Error('could not find file')
   }
 }
 
@@ -40,8 +40,7 @@ const readYarn = async (config, languageFiles, nameOfFile) => {
 
     return yarn
   } catch (err) {
-    console.log(i18n.__('nodeReadYarnLockFileError') + `${err.message}`)
-    return
+    throw new Error(i18n.__('nodeReadYarnLockFileError') + `${err.message}`)
   }
 }
 
@@ -80,8 +79,7 @@ const parseNpmLockFile = async js => {
       return js.npmLockFile
     }
   } catch (err) {
-    console.log(i18n.__('NodeParseNPM') + `${err.message}`)
-    return
+    throw new Error(i18n.__('NodeParseNPM') + `${err.message}`)
   }
 }
 
@@ -113,8 +111,9 @@ const parseYarnLockFile = async js => {
       return js
     }
   } catch (err) {
-    console.log(i18n.__('NodeParseYarn') + `${err.message}`)
-    return
+    throw new Error(
+      i18n.__('NodeParseYarn', js.yarn.yarnVersion) + `${err.message}`
+    )
   }
 }
 

package/src/scaAnalysis/javascript/index.js

@@ -3,13 +3,8 @@ const i18n = require('i18n')
 const formatMessage = require('../common/formatMessage')
 
 const jsAnalysis = async (config, languageFiles) => {
-  if (
-    languageFiles.JAVASCRIPT.includes('package-lock.json') &&
-    languageFiles.JAVASCRIPT.includes('yarn.lock')
-  ) {
-    console.log(i18n.__('languageAnalysisMultipleLanguages1'))
-    return
-  }
+  checkForCorrectFiles(languageFiles)
+
   return buildNodeTree(config, languageFiles.JAVASCRIPT)
 }
 const buildNodeTree = async (config, files) => {
@@ -51,6 +46,27 @@ const parseFiles = async (config, files, js) => {
   return js
 }
 
+const checkForCorrectFiles = languageFiles => {
+  if (
+    languageFiles.JAVASCRIPT.includes('package-lock.json') &&
+    languageFiles.JAVASCRIPT.includes('yarn.lock')
+  ) {
+    throw new Error(
+      i18n.__('languageAnalysisHasMultipleLockFiles', 'javascript')
+    )
+  }
+
+  if (
+    !languageFiles.JAVASCRIPT.includes('package-lock.json') &&
+    !languageFiles.JAVASCRIPT.includes('yarn.lock')
+  ) {
+    throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'javascript'))
+  }
+
+  if (!languageFiles.JAVASCRIPT.includes('package.json')) {
+    throw new Error(i18n.__('languageAnalysisHasNoPackageJsonFile'))
+  }
+}
 module.exports = {
   jsAnalysis
 }

package/src/scaAnalysis/php/analysis.js

@@ -2,24 +2,24 @@ const fs = require('fs')
 const i18n = require('i18n')
 const _ = require('lodash')
 
-let php = {}
+const readFile = (config, nameOfFile) => {
+  if (config.file) {
+    try {
+      return fs.readFileSync(config.file + '/' + nameOfFile)
+    } catch (error) {
+      console.log('Unable to find file')
+      console.log(error)
+    }
+  }
+}
 
-const readProjectFile = (projectPath, customFile) => {
-  const filePath = filePathForWindows(projectPath + customFile)
+const parseProjectFiles = php => {
   try {
-    php.composerJSON = JSON.parse(fs.readFileSync(filePath, 'utf8')) //wrong here
+    // composer.json
     php.composerJSON.dependencies = php.composerJSON.require
     php.composerJSON.devDependencies = php.composerJSON['require-dev']
-    return php
-  } catch (err) {
-    console.log(err.message.toString())
-  }
-}
 
-const readAndParseLockFile = (projectPath, customFile) => {
-  const filePath = filePathForWindows(projectPath + customFile)
-  try {
-    php.rawLockFileContents = JSON.parse(fs.readFileSync(filePath, 'utf8'))
+    // composer.lock
     php.lockFile = php.rawLockFileContents
     let packages = _.keyBy(php.lockFile.packages, 'name')
     let packagesDev = _.keyBy(php.lockFile['packages-dev'], 'name')
@@ -54,25 +54,6 @@ const readAndParseLockFile = (projectPath, customFile) => {
   }
 }
 
-const getPhpDeps = (config, files) => {
-  try {
-    return (
-      readProjectFile(config.file, files[0].projectFilename),
-      readAndParseLockFile(config.file, files[1].lockFilename)
-    )
-  } catch (err) {
-    console.log(err.message.toString())
-    process.exit(1)
-  }
-}
-
-const filePathForWindows = path => {
-  if (process.platform === 'win32') {
-    path = path.replace(/\//g, '\\')
-  }
-  return path
-}
-
 function addChildDepToLockFileAsOwnObj(php, depObj, key) {
   php.lockFile.dependencies[key] = { version: depObj[key] }
 }
@@ -92,7 +73,6 @@ function formatParentDepToLockFile(php) {
 }
 
 module.exports = {
-  getPhpDeps,
-  readAndParseLockFile,
-  readProjectFile
+  parseProjectFiles,
+  readFile
 }

package/src/scaAnalysis/php/index.js

@@ -1,9 +1,20 @@
-const { getPhpDeps } = require('./analysis')
+const { readFile, parseProjectFiles } = require('./analysis')
 const { createPhpTSMessage } = require('../common/formatMessage')
 
-const phpAnalysis = (config, languageFiles) => {
-  const phpDeps = getPhpDeps(config, languageFiles.PHP)
-  return createPhpTSMessage(phpDeps)
+const phpAnalysis = (config, files) => {
+  let analysis = readFiles(config, files.PHP)
+  const phpDep = parseProjectFiles(analysis)
+  return createPhpTSMessage(phpDep)
+}
+
+const readFiles = (config, files) => {
+  let php = {}
+
+  php.composerJSON = JSON.parse(readFile(config, 'composer.json'))
+
+  php.rawLockFileContents = JSON.parse(readFile(config, 'composer.lock'))
+
+  return php
 }
 
 module.exports = {

package/src/scaAnalysis/ruby/analysis.js

@@ -1,8 +1,7 @@
 const fs = require('fs')
 
 const readAndParseGemfile = file => {
-  const fileName = filePathForWindows(file + '/Gemfile')
-  const gemFile = fs.readFileSync(fileName, 'utf8')
+  const gemFile = fs.readFileSync(file + '/Gemfile', 'utf8')
   const rubyArray = gemFile.split('\n')
 
   let filteredRubyDep = rubyArray.filter(element => {
@@ -21,8 +20,7 @@ const readAndParseGemfile = file => {
 }
 
 const readAndParseGemLockFile = file => {
-  const fileName = filePathForWindows(file + '/Gemfile.lock')
-  const lockFile = fs.readFileSync(fileName, 'utf8')
+  const lockFile = fs.readFileSync(file + '/Gemfile.lock', 'utf8')
   const dependencyRegEx = /^\s*([A-Za-z0-9.!@#$%\-^&*_+]*)\s*(\((.*?)\))/
 
   const lines = lockFile.split('\n')
@@ -259,13 +257,6 @@ const trimWhiteSpace = string => {
   return string.replace(/\s+/g, '')
 }
 
-const filePathForWindows = path => {
-  if (process.platform === 'win32') {
-    path = path.replace(/\//g, '\\')
-  }
-  return path
-}
-
 module.exports = {
   getRubyDeps,
   readAndParseGemfile,

package/src/scan/autoDetection.js

@@ -1,6 +1,5 @@
 const i18n = require('i18n')
 const fileFinder = require('./fileUtils')
-const languageResolver = require('../audit/languageAnalysisEngine/reduceIdentifiedLanguages')
 const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames')
 
 const autoDetectFileAndLanguage = async configToUse => {
@@ -28,18 +27,26 @@ const autoDetectFileAndLanguage = async configToUse => {
   }
 }
 
-const autoDetectAuditFilesAndLanguages = async () => {
+const autoDetectAuditFilesAndLanguages = async file => {
+  const filePath = file
   let languagesFound = []
-  console.log(i18n.__('searchingAuditFileDirectory', process.cwd()))
 
-  await fileFinder.findFilesJava(languagesFound)
-  await fileFinder.findFilesJavascript(languagesFound)
-  await fileFinder.findFilesPython(languagesFound)
-  await fileFinder.findFilesGo(languagesFound)
-  await fileFinder.findFilesPhp(languagesFound)
-  await fileFinder.findFilesRuby(languagesFound)
+  if (filePath) {
+    rootFile.getProjectRootFilenames(filePath)
+    console.log(i18n.__('searchingAuditFileDirectory', filePath))
+  } else {
+    console.log(i18n.__('searchingAuditFileDirectory', process.cwd()))
+  }
 
-  if (languagesFound.length === 1) {
+  await fileFinder.findFilesJava(languagesFound, filePath)
+  await fileFinder.findFilesJavascript(languagesFound, filePath)
+  await fileFinder.findFilesPython(languagesFound, filePath)
+  await fileFinder.findFilesGo(languagesFound, filePath)
+  await fileFinder.findFilesPhp(languagesFound, filePath)
+  await fileFinder.findFilesRuby(languagesFound, filePath)
+  await fileFinder.findFilesDotNet(languagesFound, filePath)
+
+  if (languagesFound.length <= 1) {
     return languagesFound
   } else {
     console.log(
@@ -48,18 +55,6 @@ const autoDetectAuditFilesAndLanguages = async () => {
   }
 }
 
-const manualDetectAuditFilesAndLanguages = file => {
-  let projectRootFilenames = rootFile.getProjectRootFilenames(file)
-  let identifiedLanguages =
-    languageResolver.deduceLanguageScaAnalysis(projectRootFilenames)
-
-  if (Object.keys(identifiedLanguages).length === 0) {
-    console.log(i18n.__('languageAnalysisNoLanguage', file))
-    return []
-  }
-  return [identifiedLanguages]
-}
-
 const hasWhiteSpace = s => {
   const filename = s.split('/').pop()
   return filename.indexOf(' ') >= 0
@@ -100,6 +95,5 @@ module.exports = {
   autoDetectFileAndLanguage,
   errorOnFileDetection,
   autoDetectAuditFilesAndLanguages,
-  errorOnAuditFileDetection,
-  manualDetectAuditFilesAndLanguages
+  errorOnAuditFileDetection
 }

package/src/scan/fileUtils.js

@@ -11,13 +11,14 @@ const findFile = async () => {
   })
 }
 
-const findFilesJava = async languagesFound => {
+const findFilesJava = async (languagesFound, filePath) => {
   const result = await fg(
     ['**/pom.xml', '**/build.gradle', '**/build.gradle.kts'],
     {
       dot: false,
       deep: 1,
-      onlyFiles: true
+      onlyFiles: true,
+      cwd: filePath ? filePath : process.cwd()
     }
   )
 
@@ -27,13 +28,14 @@ const findFilesJava = async languagesFound => {
   return languagesFound
 }
 
-const findFilesJavascript = async languagesFound => {
+const findFilesJavascript = async (languagesFound, filePath) => {
   const result = await fg(
     ['**/package.json', '**/yarn.lock', '**/package-lock.json'],
     {
       dot: false,
       deep: 1,
-      onlyFiles: true
+      onlyFiles: true,
+      cwd: filePath ? filePath : process.cwd()
     }
   )
 
@@ -43,11 +45,12 @@ const findFilesJavascript = async languagesFound => {
   return languagesFound
 }
 
-const findFilesPython = async languagesFound => {
+const findFilesPython = async (languagesFound, filePath) => {
   const result = await fg(['**/Pipfile.lock', '**/Pipfile'], {
     dot: false,
     deep: 3,
-    onlyFiles: true
+    onlyFiles: true,
+    cwd: filePath ? filePath : process.cwd()
   })
 
   if (result.length > 0) {
@@ -56,11 +59,12 @@ const findFilesPython = async languagesFound => {
   return languagesFound
 }
 
-const findFilesGo = async languagesFound => {
+const findFilesGo = async (languagesFound, filePath) => {
   const result = await fg(['**/go.mod'], {
     dot: false,
     deep: 3,
-    onlyFiles: true
+    onlyFiles: true,
+    cwd: filePath ? filePath : process.cwd()
   })
 
   if (result.length > 0) {
@@ -69,11 +73,12 @@ const findFilesGo = async languagesFound => {
   return languagesFound
 }
 
-const findFilesRuby = async languagesFound => {
+const findFilesRuby = async (languagesFound, filePath) => {
   const result = await fg(['**/Gemfile', '**/Gemfile.lock'], {
     dot: false,
     deep: 3,
-    onlyFiles: true
+    onlyFiles: true,
+    cwd: filePath ? filePath : process.cwd()
   })
 
   if (result.length > 0) {
@@ -82,11 +87,12 @@ const findFilesRuby = async languagesFound => {
   return languagesFound
 }
 
-const findFilesPhp = async languagesFound => {
+const findFilesPhp = async (languagesFound, filePath) => {
   const result = await fg(['**/composer.json', '**/composer.lock'], {
     dot: false,
     deep: 3,
-    onlyFiles: true
+    onlyFiles: true,
+    cwd: filePath ? filePath : process.cwd()
   })
 
   if (result.length > 0) {
@@ -95,6 +101,20 @@ const findFilesPhp = async languagesFound => {
   return languagesFound
 }
 
+const findFilesDotNet = async (languagesFound, filePath) => {
+  const result = await fg(['**/*.csproj', '**/packages.lock.json'], {
+    dot: false,
+    deep: 3,
+    onlyFiles: true,
+    cwd: filePath ? filePath : process.cwd()
+  })
+
+  if (result.length > 0) {
+    return languagesFound.push({ DOTNET: result })
+  }
+  return languagesFound
+}
+
 const checkFilePermissions = file => {
   let readableFile = false
   try {
@@ -138,5 +158,6 @@ module.exports = {
   findFilesGo,
   findFilesPhp,
   findFilesRuby,
+  findFilesDotNet,
   fileIsEmpty
 }

package/src/scan/formatScanOutput.ts

@@ -34,8 +34,9 @@ export function formatScanOutput(scanResults: ScanResultsModel) {
 
     let defaultView = getDefaultView(scanResultsInstances.content)
 
-    let count = defaultView.length
+    let count = 0
     defaultView.forEach(entry => {
+      count++
       let table = new Table({
         chars: {
           top: '',
@@ -98,7 +99,6 @@ export function formatScanOutput(scanResults: ScanResultsModel) {
         ]
         table.push(learnRow)
       }
-      count--
       console.log(table.toString())
       console.log()
     })
@@ -179,7 +179,7 @@ export function getDefaultView(content: ResultContent[]) {
     assignBySeverity(resultEntry, groupResultsObj)
   })
 
-  return sortBy(groupTypeResults, ['priority']).reverse()
+  return sortBy(groupTypeResults, ['priority'])
 }
 export function editVulName(message: string) {
   return message.substring(message.indexOf(' in '))

package/src/scan/scanConfig.js

@@ -2,9 +2,7 @@ const paramHandler = require('../utils/paramsUtil/paramHandler')
 const constants = require('../../src/constants.js')
 const parsedCLIOptions = require('../../src/utils/parsedCLIOptions')
 const path = require('path')
-const {
-  supportedLanguages
-} = require('../audit/languageAnalysisEngine/constants')
+const { supportedLanguagesScan } = require('../constants/constants')
 const i18n = require('i18n')
 const { scanUsageGuide } = require('./help')
 
@@ -23,7 +21,7 @@ const getScanConfig = argv => {
 
   if (scanParams.language) {
     scanParams.language = scanParams.language.toUpperCase()
-    if (!Object.values(supportedLanguages).includes(scanParams.language)) {
+    if (!Object.values(supportedLanguagesScan).includes(scanParams.language)) {
       console.log(`Did not recognise --language ${scanParams.language}`)
       console.log(i18n.__('constantsHowToRunDev3'))
       process.exit(1)

package/src/utils/getConfig.ts

@@ -33,11 +33,6 @@ const localConfig = (name: string, version: string) => {
   return config
 }
 
-const createConfigFromYaml = (yamlPath: string) => {
-  const yamlConfig = {}
-  return yamlConfig
-}
-
 const setConfigValues = (config: ContrastConf, values: ContrastConfOptions) => {
   config.set('apiKey', values.apiKey)
   config.set('organizationId', values.orgId)
@@ -45,10 +40,4 @@ const setConfigValues = (config: ContrastConf, values: ContrastConfOptions) => {
   values.host ? config.set('host', values.host) : null
 }
 
-export {
-  localConfig,
-  createConfigFromYaml,
-  setConfigValues,
-  ContrastConf,
-  ContrastConfOptions
-}
+export { localConfig, setConfigValues, ContrastConf, ContrastConfOptions }

package/dist/audit/AnalysisEngine.js

@@ -1,37 +0,0 @@
-"use strict";
-class AnalysisEngine {
-    constructor(initAnalysis = {}) {
-        this.analyzers = [];
-        this.analysis = { ...initAnalysis };
-    }
-    use(analyzer) {
-        if (Array.isArray(analyzer)) {
-            this.analyzers = [...this.analyzers, ...analyzer];
-            return;
-        }
-        this.analyzers.push(analyzer);
-    }
-    analyze(callback, config) {
-        let i = 0;
-        const next = err => {
-            if (err) {
-                return setImmediate(() => callback(err, this.analysis));
-            }
-            if (i >= this.analyzers.length) {
-                return setImmediate(() => callback(null, this.analysis));
-            }
-            const analyzer = this.analyzers[i];
-            i++;
-            setImmediate(() => {
-                try {
-                    analyzer(this.analysis, next, config);
-                }
-                catch (uncaughtErr) {
-                    next(uncaughtErr);
-                }
-            });
-        };
-        next();
-    }
-}
-module.exports = exports = AnalysisEngine;

package/dist/audit/autodetection/autoDetectLanguage.js

@@ -1,32 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.determineProjectLanguage = exports.identifyLanguages = void 0;
-const i18n_1 = __importDefault(require("i18n"));
-const reduceIdentifiedLanguages_1 = require("../languageAnalysisEngine/reduceIdentifiedLanguages");
-const getProjectRootFilenames_1 = require("../languageAnalysisEngine/getProjectRootFilenames");
-function identifyLanguages(config) {
-    const { file } = config;
-    const projectRootFilenames = (0, getProjectRootFilenames_1.getProjectRootFilenames)(file);
-    const identifiedLanguages = projectRootFilenames.reduce((accumulator, filename) => {
-        const deducedLanguages = (0, reduceIdentifiedLanguages_1.deduceLanguage)(filename);
-        return [...accumulator, ...deducedLanguages];
-    }, []);
-    if (Object.keys(identifiedLanguages).length === 0) {
-        throw new Error(i18n_1.default.__('languageAnalysisNoLanguage', file));
-    }
-    return (0, reduceIdentifiedLanguages_1.reduceIdentifiedLanguages)(identifiedLanguages);
-}
-exports.identifyLanguages = identifyLanguages;
-function determineProjectLanguage(reducedLanguages) {
-    const reducedLanguagesKeys = Object.keys(reducedLanguages);
-    if (reducedLanguagesKeys.length === 1) {
-        return reducedLanguagesKeys[0];
-    }
-    else {
-        throw new Error('Detected multiple languages. Please specify a single language using --language');
-    }
-}
-exports.determineProjectLanguage = determineProjectLanguage;