@contrast/contrast 1.0.9 → 1.0.12

package/README.md

@@ -10,7 +10,7 @@ CodeSec delivers:
 ## Install
 
 ```shell
-npm install -g @contrast/contrast
+npm install --location=global @contrast/contrast
 ```
 
 ## Authenticate
@@ -52,7 +52,7 @@ export AWS_SECRET_ACCESS_KEY=<YOUR_SECRET_ACCESS_KEY>
 
 - These permissions are required to gather all required information on an AWS Lambda to use the `contrast lambda` command:
 
-  - Lambda: [GetFunction](https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunction.html) | [GetLayerVersion](https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersion.html)
+  - Lambda: [GetFunction](https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunction.html) | [GetLayerVersion](https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersion.html) | [ListFunctions](https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctions.html)
   - IAM: [GetRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html) | [GetPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html) | [GetPolicyVersion](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html) | [ListRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html) | [ListAttachedRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html)
 
 ### Start scanning

package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js

@@ -2,29 +2,29 @@
 const fs = require('fs');
 const path = require('path');
 const i18n = require('i18n');
-const getProjectRootFilenames = file => {
-    let projectStats = null;
+const getDirectoryFromPathGiven = file => {
+    let projectStats = getProjectStats(file);
+    if (projectStats.isFile()) {
+        let newPath = path.resolve(file);
+        return path.dirname(newPath);
+    }
+    if (projectStats.isDirectory()) {
+        return file;
+    }
+};
+const getProjectStats = file => {
     try {
-        projectStats = fs.statSync(file);
+        if (file.endsWith('/')) {
+            file = file.slice(0, -1);
+        }
+        return fs.statSync(file);
     }
     catch (err) {
         throw new Error(i18n.__('languageAnalysisProjectRootFileNameFailure', file) +
             `${err.message}`);
     }
-    if (projectStats.isDirectory()) {
-        try {
-            return fs.readdirSync(file);
-        }
-        catch (err) {
-            throw new Error(i18n.__('languageAnalysisProjectRootFileNameReadError', file) +
-                `${err.message}`);
-        }
-    }
-    if (projectStats.isFile()) {
-        return [path.basename(file)];
-    }
-    throw new Error(i18n.__('languageAnalysisProjectRootFileNameMissingError'), file);
 };
 module.exports = {
-    getProjectRootFilenames
+    getProjectStats,
+    getDirectoryFromPathGiven: getDirectoryFromPathGiven
 };

package/dist/audit/{languageAnalysisEngine/report → report}/commonReportingFunctions.js

@@ -3,22 +3,29 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getNumOfAndSeverityType = exports.buildFormattedHeaderNum = exports.gatherRemediationAdvice = exports.buildBody = exports.buildHeader = exports.printFormattedOutput = exports.printVulnerabilityResponse = exports.getReport = exports.createSummaryMessage = void 0;
-const commonApi_1 = require("../../../utils/commonApi");
+exports.getNumOfAndSeverityType = exports.buildFormattedHeaderNum = exports.gatherRemediationAdvice = exports.buildBody = exports.buildHeader = exports.printFormattedOutput = exports.printVulnerabilityResponse = exports.getReport = exports.createSummaryMessageBottom = exports.createSummaryMessageTop = void 0;
+const commonApi_1 = require("../../utils/commonApi");
 const reportListModel_1 = require("./models/reportListModel");
 const lodash_1 = require("lodash");
 const chalk_1 = __importDefault(require("chalk"));
 const reportUtils_1 = require("./utils/reportUtils");
 const severityCountModel_1 = require("./models/severityCountModel");
 const reportOutputModel_1 = require("./models/reportOutputModel");
-const constants_1 = require("../../../constants/constants");
+const constants_1 = require("../../constants/constants");
 const cli_table3_1 = __importDefault(require("cli-table3"));
-const createSummaryMessage = (numberOfVulnerableLibraries, numberOfCves) => {
+const reportGuidanceModel_1 = require("./models/reportGuidanceModel");
+const createSummaryMessageTop = (numberOfVulnerableLibraries, numberOfCves) => {
     numberOfVulnerableLibraries === 1
         ? console.log(`Found 1 vulnerable library containing ${numberOfCves} CVE`)
         : console.log(`Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs`);
 };
-exports.createSummaryMessage = createSummaryMessage;
+exports.createSummaryMessageTop = createSummaryMessageTop;
+const createSummaryMessageBottom = (numberOfVulnerableLibraries) => {
+    numberOfVulnerableLibraries === 1
+        ? console.log(`Found 1 vulnerable library`)
+        : console.log(`Found ${numberOfVulnerableLibraries} vulnerable libraries`);
+};
+exports.createSummaryMessageBottom = createSummaryMessageBottom;
 const getReport = async (config, reportId) => {
     const client = (0, commonApi_1.getHttpClient)(config);
     return client
@@ -47,7 +54,7 @@ const printVulnerabilityResponse = (config, vulnerableLibraries, numberOfVulnera
 };
 exports.printVulnerabilityResponse = printVulnerabilityResponse;
 const printFormattedOutput = (config, libraries, numberOfVulnerableLibraries, numberOfCves, guidance) => {
-    (0, exports.createSummaryMessage)(numberOfVulnerableLibraries, numberOfCves);
+    (0, exports.createSummaryMessageTop)(numberOfVulnerableLibraries, numberOfCves);
     console.log();
     const report = new reportListModel_1.ReportList();
     for (const library of libraries) {
@@ -92,24 +99,29 @@ const printFormattedOutput = (config, libraries, numberOfVulnerableLibraries, nu
             colWidths: [12, 1, 100]
         });
         const header = buildHeader(highestSeverity, contrastHeaderNumCounter, libraryName, libraryVersion, numOfCVEs);
-        const advice = gatherRemediationAdvice(guidance, reportModel);
+        const advice = gatherRemediationAdvice(guidance, libraryName, libraryVersion);
         const body = buildBody(reportModel.cveArray, advice);
         const reportOutputModel = new reportOutputModel_1.ReportOutputModel(header, body);
-        table.push(reportOutputModel.body.issueMessage, reportOutputModel.body.issueMessageCves, reportOutputModel.body.adviceMessage);
+        table.push(reportOutputModel.body.issueMessage, reportOutputModel.body.adviceMessage);
         console.log(reportOutputModel.header.vulnMessage, reportOutputModel.header.introducesMessage);
         console.log(table.toString() + '\n');
     }
-    (0, exports.createSummaryMessage)(numberOfVulnerableLibraries, numberOfCves);
+    (0, exports.createSummaryMessageBottom)(numberOfVulnerableLibraries);
     const { criticalMessage, highMessage, mediumMessage, lowMessage, noteMessage } = buildFooter(outputOrderedByLowestSeverityAndLowestNumOfCvesFirst);
     console.log(`${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`);
+    if (config.host !== constants_1.CE_URL) {
+        console.log('\n' + chalk_1.default.bold('View your full dependency tree in Contrast:'));
+        console.log(`${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
+    }
 };
 exports.printFormattedOutput = printFormattedOutput;
 function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, numOfCVEs) {
     const vulnerabilityPluralised = numOfCVEs > 1 ? 'vulnerabilities' : 'vulnerability';
     const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum);
-    const vulnMessage = chalk_1.default
-        .hex(highestSeverity.outputColour)
-        .bold(`${formattedHeaderNum} - [${highestSeverity.severity}] ${libraryName}-${version}`);
+    const headerColour = chalk_1.default.hex(highestSeverity.outputColour);
+    const headerNumAndSeverity = headerColour(`${formattedHeaderNum} - [${highestSeverity.severity}]`);
+    const libraryNameAndVersion = headerColour.bold(`${libraryName}-${version}`);
+    const vulnMessage = `${headerNumAndSeverity} ${libraryNameAndVersion}`;
     const introducesMessage = `introduces ${numOfCVEs} ${vulnerabilityPluralised}`;
     return new reportOutputModel_1.ReportOutputHeaderModel(vulnMessage, introducesMessage);
 }
@@ -125,29 +137,27 @@ function buildBody(cveArray, advice) {
         cveMessages.push(builtMessage);
     });
     const numAndSeverityType = getNumOfAndSeverityType(cveArray);
-    const issueMessage = [chalk_1.default.bold('Issue'), ':', `${numAndSeverityType}`];
-    const issueMessageCves = ['', '', cveMessages.join(', ')];
-    const displayAdvice = advice?.minimum
-        ? `Update to version ${chalk_1.default.bold(advice.minimum)}`
-        : `Update to latest version`;
+    const issueMessage = [
+        chalk_1.default.bold('Issue'),
+        ':',
+        `${numAndSeverityType} ${cveMessages.join(', ')}`
+    ];
+    const minOrMax = advice.maximum ? advice.maximum : advice.minimum;
+    const displayAdvice = minOrMax
+        ? `Change to version ${chalk_1.default.bold(minOrMax)}`
+        : 'No recommendation is available according to our data. Upgrade to the latest stable is the best advice we can give.';
     const adviceMessage = [chalk_1.default.bold('Advice'), ':', displayAdvice];
-    return new reportOutputModel_1.ReportOutputBodyModel(issueMessage, issueMessageCves, adviceMessage);
+    return new reportOutputModel_1.ReportOutputBodyModel(issueMessage, adviceMessage);
 }
 exports.buildBody = buildBody;
-function gatherRemediationAdvice(guidance, reportModel) {
-    const guidanceData = {
-        minimum: undefined,
-        maximum: undefined,
-        latest: undefined
-    };
-    const data = guidance[reportModel.compositeKey.libraryName +
-        '@' +
-        reportModel.compositeKey.libraryVersion];
+function gatherRemediationAdvice(guidance, libraryName, libraryVersion) {
+    const guidanceModel = new reportGuidanceModel_1.ReportGuidanceModel();
+    const data = guidance[libraryName + '@' + libraryVersion];
     if (data) {
-        guidanceData.minimum = data.minUpgradeVersion;
-        guidanceData.maximum = data.maxUpgradeVersion;
+        guidanceModel.minimum = data.minUpgradeVersion;
+        guidanceModel.maximum = data.maxUpgradeVersion;
     }
-    return guidanceData;
+    return guidanceModel;
 }
 exports.gatherRemediationAdvice = gatherRemediationAdvice;
 function buildFormattedHeaderNum(contrastHeaderNum) {
@@ -156,11 +166,22 @@ function buildFormattedHeaderNum(contrastHeaderNum) {
 exports.buildFormattedHeaderNum = buildFormattedHeaderNum;
 function getNumOfAndSeverityType(cveArray) {
     const { critical, high, medium, low, note } = (0, reportUtils_1.severityCountAllCVEs)(cveArray, new severityCountModel_1.SeverityCountModel());
-    const criticalMessage = critical > 0 ? `${critical} Critical` : '';
-    const highMessage = high > 0 ? `${high} High` : '';
-    const mediumMessage = medium > 0 ? `${medium} Medium` : '';
-    const lowMessage = low > 0 ? `${low} Low` : '';
-    const noteMessage = note > 0 ? `${note} Note` : '';
+    const criticalNumCheck = critical > 0;
+    const highNumCheck = high > 0;
+    const highDivider = highNumCheck ? '|' : '';
+    const mediumNumCheck = medium > 0;
+    const mediumDivider = mediumNumCheck ? '|' : '';
+    const lowNumCheck = low > 0;
+    const lowDivider = lowNumCheck ? '|' : '';
+    const noteNumCheck = low > 0;
+    const noteDivider = noteNumCheck ? '|' : '';
+    const criticalMessage = criticalNumCheck
+        ? `${critical} Critical ${highDivider}`
+        : '';
+    const highMessage = highNumCheck ? `${high} High ${mediumDivider}` : '';
+    const mediumMessage = mediumNumCheck ? `${medium} Medium ${lowDivider}` : '';
+    const lowMessage = lowNumCheck ? `${low} Low ${noteDivider}` : '';
+    const noteMessage = noteNumCheck ? `${note} Note` : '';
     return `${criticalMessage} ${highMessage} ${mediumMessage} ${lowMessage} ${noteMessage}`
         .replace(/\s+/g, ' ')
         .trim();

package/dist/audit/report/models/reportGuidanceModel.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReportGuidanceModel = void 0;
+class ReportGuidanceModel {
+}
+exports.ReportGuidanceModel = ReportGuidanceModel;

package/dist/audit/{languageAnalysisEngine/report → report}/models/reportOutputModel.js

@@ -16,9 +16,8 @@ class ReportOutputHeaderModel {
 }
 exports.ReportOutputHeaderModel = ReportOutputHeaderModel;
 class ReportOutputBodyModel {
-    constructor(issueMessage, issueMessageCves, adviceMessage) {
+    constructor(issueMessage, adviceMessage) {
         this.issueMessage = issueMessage;
-        this.issueMessageCves = issueMessageCves;
         this.adviceMessage = adviceMessage;
     }
 }

package/dist/audit/{languageAnalysisEngine/report → report}/models/severityCountModel.js

@@ -8,6 +8,7 @@ class SeverityCountModel {
         this.medium = 0;
         this.low = 0;
         this.note = 0;
+        this.total = 0;
     }
     get getTotal() {
         return this.critical + this.high + this.medium + this.low + this.note;

package/dist/audit/{languageAnalysisEngine/report → report}/reportingFeature.js

@@ -31,7 +31,9 @@ const commonReportingFunctions_1 = require("./commonReportingFunctions");
 const reportUtils_1 = require("./utils/reportUtils");
 const i18n_1 = __importDefault(require("i18n"));
 const chalk_1 = __importDefault(require("chalk"));
-const constants = __importStar(require("../../../constants/constants"));
+const constants = __importStar(require("../../constants/constants"));
+const severityCountModel_1 = require("./models/severityCountModel");
+const common = __importStar(require("../../common/fail"));
 function convertKeysToStandardFormat(config, guidance) {
     let convertedGuidance = guidance;
     switch (config.language) {
@@ -70,16 +72,16 @@ function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, config, rem
         console.log(i18n_1.default.__('scanNoVulnerabilitiesFoundGoodWork'));
         console.log(chalk_1.default.bold(`Found ${numberOfVulnerableLibraries} vulnerabilities`));
         console.log(i18n_1.default.__('foundDetailedVulnerabilities', String(0), String(0), String(0), String(0), String(0)));
+        return [false, 0, [new severityCountModel_1.SeverityCountModel()]];
     }
     else {
         let numberOfCves = 0;
         vulnerableLibraries.forEach(lib => (numberOfCves += lib.cveArray.length));
         const hasSomeVulnerabilitiesReported = (0, commonReportingFunctions_1.printVulnerabilityResponse)(config, vulnerableLibraries, numberOfVulnerableLibraries, numberOfCves, guidance);
-        return [
-            hasSomeVulnerabilitiesReported,
-            numberOfCves,
-            (0, reportUtils_1.severityCountAllLibraries)(vulnerableLibraries)
-        ];
+        let severityCount = new severityCountModel_1.SeverityCountModel();
+        severityCount = (0, reportUtils_1.severityCountAllLibraries)(vulnerableLibraries, severityCount);
+        severityCount.total = severityCount.getTotal;
+        return [hasSomeVulnerabilitiesReported, numberOfCves, severityCount];
     }
 }
 exports.formatVulnerabilityOutput = formatVulnerabilityOutput;
@@ -87,10 +89,12 @@ async function vulnerabilityReportV2(config, reportId) {
     console.log();
     const reportResponse = await (0, commonReportingFunctions_1.getReport)(config, reportId);
     if (reportResponse !== undefined) {
-        const name = config.applicationName;
-        formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config, reportResponse.remediationGuidance
+        let output = formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config, reportResponse.remediationGuidance
             ? reportResponse.remediationGuidance
             : {});
+        if (config.fail) {
+            common.processFail(config, output[2]);
+        }
     }
 }
 exports.vulnerabilityReportV2 = vulnerabilityReportV2;

package/dist/audit/{languageAnalysisEngine/report → report}/utils/reportUtils.js

@@ -6,8 +6,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.countVulnerableLibrariesBySeverity = exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraryVulns = exports.findCVESeverity = exports.findCVESeveritiesAndOrderByHighestPriority = exports.findHighestSeverityCVE = void 0;
 const reportLibraryModel_1 = require("../models/reportLibraryModel");
 const reportSeverityModel_1 = require("../models/reportSeverityModel");
-const constants_1 = __importDefault(require("./../../../../constants/constants"));
-const constants_2 = require("../../../../constants/constants");
+const constants_1 = __importDefault(require("../../../constants/constants"));
+const constants_2 = require("../../../constants/constants");
 const lodash_1 = require("lodash");
 const severityCountModel_1 = require("../models/severityCountModel");
 const { supportedLanguages: { GO } } = constants_1.default;
@@ -46,8 +46,7 @@ function convertGenericToTypedLibraryVulns(libraries) {
     });
 }
 exports.convertGenericToTypedLibraryVulns = convertGenericToTypedLibraryVulns;
-function severityCountAllLibraries(vulnerableLibraries) {
-    const severityCount = new severityCountModel_1.SeverityCountModel();
+function severityCountAllLibraries(vulnerableLibraries, severityCount) {
     vulnerableLibraries.forEach(lib => severityCountAllCVEs(lib.cveArray, severityCount));
     return severityCount;
 }

package/dist/commands/audit/auditConfig.js

@@ -6,9 +6,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.getAuditConfig = void 0;
 const paramHandler_1 = __importDefault(require("../../utils/paramsUtil/paramHandler"));
 const constants_1 = __importDefault(require("../../constants"));
-const parsedCLIOptions_1 = __importDefault(require("../../utils/parsedCLIOptions"));
-const getAuditConfig = (argv) => {
-    const auditParameters = parsedCLIOptions_1.default.getCommandLineArgsCustom(argv, constants_1.default.commandLineDefinitions.auditOptionDefinitions);
+const parsedCLIOptions_1 = require("../../utils/parsedCLIOptions");
+const getAuditConfig = async (contrastConf, command, argv) => {
+    const auditParameters = await (0, parsedCLIOptions_1.getCommandLineArgsCustom)(contrastConf, command, argv, constants_1.default.commandLineDefinitions.auditOptionDefinitions);
     const paramsAuth = paramHandler_1.default.getAuth(auditParameters);
     return { ...paramsAuth, ...auditParameters };
 };

package/dist/commands/audit/help.js

@@ -7,6 +7,7 @@ exports.auditUsageGuide = void 0;
 const command_line_usage_1 = __importDefault(require("command-line-usage"));
 const i18n_1 = __importDefault(require("i18n"));
 const constants_1 = __importDefault(require("../../constants"));
+const commonHelp_1 = require("../../common/commonHelp");
 const auditUsageGuide = (0, command_line_usage_1.default)([
     {
         header: i18n_1.default.__('auditHeader'),
@@ -53,6 +54,7 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
             'app-groups',
             'metadata'
         ]
-    }
+    },
+    (0, commonHelp_1.commonHelpLinks)()
 ]);
 exports.auditUsageGuide = auditUsageGuide;

package/dist/commands/audit/processAudit.js

@@ -4,13 +4,15 @@ exports.processAudit = void 0;
 const auditConfig_1 = require("./auditConfig");
 const help_1 = require("./help");
 const scaAnalysis_1 = require("../scan/sca/scaAnalysis");
-const processAudit = async (argv) => {
+const telemetry_1 = require("../../telemetry/telemetry");
+const processAudit = async (contrastConf, argv) => {
     if (argv.indexOf('--help') != -1) {
         printHelpMessage();
         process.exit(0);
     }
-    const config = (0, auditConfig_1.getAuditConfig)(argv);
+    const config = await (0, auditConfig_1.getAuditConfig)(contrastConf, 'audit', argv);
     await (0, scaAnalysis_1.processSca)(config);
+    await (0, telemetry_1.sendTelemetryConfigAsObject)(config, 'audit', argv, 'SUCCESS', config.language);
 };
 exports.processAudit = processAudit;
 const printHelpMessage = () => {

package/dist/commands/auth/auth.js

@@ -11,7 +11,7 @@ const parsedCLIOptions = require('../../utils/parsedCLIOptions');
 const constants = require('../../constants');
 const commandLineUsage = require('command-line-usage');
 const processAuth = async (argv, config) => {
-    let authParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.authOptionDefinitions);
+    let authParams = await parsedCLIOptions.getCommandLineArgsCustom(config, 'auth', argv, constants.commandLineDefinitions.authOptionDefinitions);
     if (authParams.help) {
         console.log(authUsageGuide);
         process.exit(0);

package/dist/commands/config/config.js

@@ -3,9 +3,9 @@ const parsedCLIOptions = require('../../utils/parsedCLIOptions');
 const constants = require('../../constants');
 const commandLineUsage = require('command-line-usage');
 const i18n = require('i18n');
-const processConfig = (argv, config) => {
+const processConfig = async (argv, config) => {
     try {
-        let configParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.configOptionDefinitions);
+        let configParams = await parsedCLIOptions.getCommandLineArgsCustom(config, 'config', argv, constants.commandLineDefinitions.configOptionDefinitions);
         if (configParams.help) {
             console.log(configUsageGuide);
             process.exit(0);

package/dist/commands/scan/processScan.js

@@ -5,18 +5,25 @@ const { saveScanFile } = require('../../utils/saveFile');
 const { ScanResultsModel } = require('../../scan/models/scanResultsModel');
 const { formatScanOutput } = require('../../scan/formatScanOutput');
 const { processSca } = require('./sca/scaAnalysis');
-const processScan = async (argvMain) => {
-    let config = scanConfig.getScanConfig(argvMain);
+const common = require('../../common/fail');
+const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry');
+const processScan = async (contrastConf, argv) => {
+    let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv);
+    let output = undefined;
     if (config.experimental) {
-        await processSca(config);
+        await processSca(config, argv);
     }
     let scanResults = new ScanResultsModel(await startScan(config));
+    await sendTelemetryConfigAsObject(config, 'scan', argv, 'SUCCESS', scanResults.scanDetail.language);
     if (scanResults.scanResultsInstances !== undefined) {
-        formatScanOutput(scanResults);
+        output = formatScanOutput(scanResults);
     }
     if (config.save !== undefined) {
         await saveScanFile(config, scanResults);
     }
+    if (config.fail) {
+        common.processFail(config, output);
+    }
 };
 module.exports = {
     processScan

package/dist/commands/scan/sca/scaAnalysis.js

@@ -12,19 +12,28 @@ const javascriptAnalysis = require('../../../scaAnalysis/javascript');
 const { pollForSnapshotCompletition } = require('../../../audit/languageAnalysisEngine/sendSnapshot');
 const { returnOra, startSpinner, succeedSpinner } = require('../../../utils/oraWrapper');
 const i18n = require('i18n');
-const { vulnerabilityReportV2 } = require('../../../audit/languageAnalysisEngine/report/reportingFeature');
+const { vulnerabilityReportV2 } = require('../../../audit/report/reportingFeature');
 const auditSave = require('../../../audit/save');
 const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet');
+const { auditUsageGuide } = require('../../audit/help');
+const rootFile = require('../../../audit/languageAnalysisEngine/getProjectRootFilenames');
+const path = require('path');
 const processSca = async (config) => {
     const startTime = performance.now();
     let filesFound;
-    if (config.file) {
-        config.file = config.file.concat('/');
-        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
+    if (config.help) {
+        console.log(auditUsageGuide);
+        process.exit(0);
     }
-    else {
-        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(undefined);
-        config.file = process.cwd().concat('/');
+    const projectStats = await rootFile.getProjectStats(config.file);
+    let pathWithFile = projectStats.isFile();
+    config.fileName = config.file;
+    config.file = pathWithFile
+        ? rootFile.getDirectoryFromPathGiven(config.file).concat('/')
+        : config.file;
+    filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
+    if (filesFound.length > 1 && pathWithFile) {
+        filesFound = filesFound.filter(i => Object.values(i)[0].includes(path.basename(config.fileName)));
     }
     let messageToSend = undefined;
     if (filesFound.length === 1) {
@@ -45,7 +54,7 @@ const processSca = async (config) => {
                 messageToSend = rubyAnalysis(config, filesFound[0]);
                 config.language = RUBY;
                 break;
-            case 'PHP':
+            case PHP:
                 messageToSend = phpAnalysis.phpAnalysis(config, filesFound[0]);
                 config.language = PHP;
                 break;
@@ -85,7 +94,9 @@ const processSca = async (config) => {
             throw new Error();
         }
         else {
-            throw new Error('multiple language files detected, please use --file to specify a directory or the file where dependencies are declared');
+            throw new Error(`multiple language files detected \n` +
+                JSON.stringify(filesFound) +
+                `\nplease use --file to audit one language only. Example: contrast audit --file package-lock.json`);
         }
     }
 };

package/dist/common/HTTPClient.js

@@ -253,6 +253,12 @@ HTTPClient.prototype.getLatestVersion = function getLatestVersion() {
         'https://pkg.contrastsecurity.com/artifactory/cli/latest-version.txt';
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.postTelemetry = function postTelemetry(config, requestBody) {
+    const options = _.cloneDeep(this.requestOptions);
+    options.url = createTelemetryEventUrl(config);
+    options.body = requestBody;
+    return requestUtils.sendRequest({ method: 'post', options });
+};
 HTTPClient.prototype.postAnalyticsFunction = function (config, provider, body) {
     const url = createAnalyticsFunctionPostUrl(config, provider);
     const options = { ...this.requestOptions, body, url };
@@ -319,6 +325,9 @@ function createDataUrl() {
 function createSbomUrl(config, type) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/${type}`;
 }
+function createTelemetryEventUrl(config) {
+    return `${config.host}/Contrast/api/sast/organizations/${config.organizationId}/cli`;
+}
 module.exports = HTTPClient;
 module.exports.pollForAuthUrl = pollForAuthUrl;
 module.exports.getServerlessHost = getServerlessHost;

package/dist/common/commonHelp.js

@@ -0,0 +1,19 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.commonHelpLinks = void 0;
+const i18n_1 = __importDefault(require("i18n"));
+function commonHelpLinks() {
+    return {
+        header: i18n_1.default.__('commonHelpHeader'),
+        content: [
+            i18n_1.default.__('commonHelpCheckOutHeader') + i18n_1.default.__('commonHelpCheckOutText'),
+            i18n_1.default.__('commonHelpLearnMoreHeader') + i18n_1.default.__('commonHelpLearnMoreText'),
+            i18n_1.default.__('commonHelpJoinDiscussionHeader') +
+                i18n_1.default.__('commonHelpJoinDiscussionText')
+        ]
+    };
+}
+exports.commonHelpLinks = commonHelpLinks;

package/dist/common/errorHandling.js

@@ -48,8 +48,8 @@ const reportFailureError = () => {
 };
 exports.reportFailureError = reportFailureError;
 const genericError = (missingCliOption) => {
-    console.log(`*************************** ${i18n_1.default.__('yamlMissingParametersHeader')} ***************************\n${missingCliOption}`);
-    console.error(i18n_1.default.__('yamlMissingParametersMessage'));
+    console.log(missingCliOption);
+    console.error(i18n_1.default.__('genericErrorMessage'));
     process.exit(1);
 };
 exports.genericError = genericError;

package/dist/common/fail.js

@@ -0,0 +1,66 @@
+"use strict";
+const i18n = require('i18n');
+const processFail = (config, reportResults) => {
+    if (config.severity !== undefined) {
+        if (reportResults[config.severity] !== undefined &&
+            isSeverityViolation(config.severity, reportResults)) {
+            failPipeline('failSeverityOptionErrorMessage');
+        }
+    }
+    if (config.severity === undefined && reportResults.total > 0) {
+        failPipeline('failThresholdOptionErrorMessage');
+    }
+};
+const isSeverityViolation = (severity, reportResults) => {
+    let count = 0;
+    switch (severity) {
+        case 'critical':
+            count += reportResults.critical;
+            break;
+        case 'high':
+            count += reportResults.high + reportResults.critical;
+            break;
+        case 'medium':
+            count += reportResults.medium + reportResults.low + reportResults.critical;
+            break;
+        case 'low':
+            count +=
+                reportResults.high + reportResults.critical + reportResults.medium;
+            break;
+        case 'note':
+            if (reportResults.note == reportResults.total) {
+                count = 0;
+            }
+            else {
+                count = reportResults.total;
+            }
+            break;
+        default:
+            count = 0;
+    }
+    return count > 0;
+};
+const failPipeline = (message = '') => {
+    console.log('\n ******************************** ' +
+        i18n.__('snapshotFailureHeader') +
+        ' *********************************\n' +
+        i18n.__(message));
+    process.exit(1);
+};
+const parseSeverity = severity => {
+    const severities = ['NOTE', 'LOW', 'MEDIUM', 'HIGH', 'CRITICAL'];
+    if (severities.includes(severity.toUpperCase())) {
+        return severity.toLowerCase();
+    }
+    else {
+        console.log(severity +
+            ' Not recognised as a severity type please use LOW, MEDIUM, HIGH, CRITICAL, NOTE');
+        return undefined;
+    }
+};
+module.exports = {
+    failPipeline,
+    processFail,
+    isSeverityViolation,
+    parseSeverity
+};

package/dist/common/versionChecker.js

@@ -23,8 +23,10 @@ const getLatestVersion = async (config) => {
     }
 };
 async function findLatestCLIVersion(config) {
-    const messageHidden = config.get('updateMessageHidden');
-    if (!messageHidden) {
+    const isCI = process.env.CONTRAST_CODESEC_CI
+        ? JSON.parse(process.env.CONTRAST_CODESEC_CI)
+        : false;
+    if (!isCI) {
         let latestCLIVersion = await getLatestVersion(config);
         latestCLIVersion = latestCLIVersion.substring(8);
         if (semver_1.default.lt(constants_1.APP_VERSION, latestCLIVersion)) {