@contrast/contrast 1.0.9 → 1.0.12

package/src/scaAnalysis/java/javaBuildDepsParser.js

@@ -14,14 +14,14 @@ const parseBuildDeps = (config, input) => {
 const preParser = shavedOutput => {
   let obj = []
   for (let dep in shavedOutput) {
+    shavedOutput[dep] = shaveDependencyType(shavedOutput[dep])
+
     obj.push(
       shavedOutput[dep]
         .replace('+-', '+---')
         .replace('[INFO]', '')
         .replace('\\-', '\\---')
         .replace(':jar:', ':')
-        .replace(':test', '')
-        .replace(':compile', '')
         .replace(' +', '+')
         .replace(' |', '|')
         .replace(' \\', '\\')
@@ -56,11 +56,29 @@ const preParser = shavedOutput => {
   return depTree
 }
 
+const shaveDependencyType = dep => {
+  if (dep.endsWith('\r')) {
+    dep = dep.slice(0, -1)
+  }
+
+  if (dep.endsWith(':test')) {
+    dep = dep.slice(0, -5)
+  }
+
+  if (dep.endsWith(':compile')) {
+    dep = dep.slice(0, -8)
+  }
+
+  if (dep.endsWith(':provided')) {
+    dep = dep.slice(0, -9)
+  }
+
+  return dep
+}
+
 const shaveOutput = (gradleDependencyTreeOutput, projectType) => {
   let shavedOutput = gradleDependencyTreeOutput.split('\n')
 
-  // console.log(projectType)
-
   if (projectType === 'maven') {
     shavedOutput = preParser(shavedOutput)
   }
@@ -375,7 +393,6 @@ const validateIndentation = shavedOutput => {
 
 const parseGradle = (gradleDependencyTreeOutput, config, projectType) => {
   let shavedOutput = shaveOutput(gradleDependencyTreeOutput, projectType)
-
   if (config.subProject) {
     let subProject = parseSubProject(shavedOutput)
     let validatedOutput = validateIndentation(subProject)
@@ -400,5 +417,7 @@ module.exports = {
   computeRelationToLastElement,
   addIndentation,
   computeLevel,
-  computeIndentation
+  computeIndentation,
+  shaveDependencyType,
+  preParser
 }

package/src/scaAnalysis/javascript/index.js

@@ -5,6 +5,9 @@ const formatMessage = require('../common/formatMessage')
 const jsAnalysis = async (config, languageFiles) => {
   checkForCorrectFiles(languageFiles)
 
+  if (!config.file.endsWith('/')) {
+    config.file = config.file.concat('/')
+  }
   return buildNodeTree(config, languageFiles.JAVASCRIPT)
 }
 const buildNodeTree = async (config, files) => {

package/src/scaAnalysis/php/analysis.js

@@ -5,7 +5,7 @@ const _ = require('lodash')
 const readFile = (config, nameOfFile) => {
   if (config.file) {
     try {
-      return fs.readFileSync(config.file + '/' + nameOfFile)
+      return fs.readFileSync(config.file + '/' + nameOfFile, 'utf8')
     } catch (error) {
       console.log('Unable to find file')
       console.log(error)

package/src/scaAnalysis/php/index.js

@@ -1,13 +1,19 @@
 const { readFile, parseProjectFiles } = require('./analysis')
 const { createPhpTSMessage } = require('../common/formatMessage')
+const { parsePHPLockFileForScaServices } = require('./phpNewServicesMapper')
 
-const phpAnalysis = (config, files) => {
-  let analysis = readFiles(config, files.PHP)
-  const phpDep = parseProjectFiles(analysis)
-  return createPhpTSMessage(phpDep)
+const phpAnalysis = config => {
+  let analysis = readFiles(config)
+
+  if (config.experimental) {
+    return parsePHPLockFileForScaServices(analysis.rawLockFileContents)
+  } else {
+    const phpDep = parseProjectFiles(analysis)
+    return createPhpTSMessage(phpDep)
+  }
 }
 
-const readFiles = (config, files) => {
+const readFiles = config => {
   let php = {}
 
   php.composerJSON = JSON.parse(readFile(config, 'composer.json'))
@@ -18,5 +24,5 @@ const readFiles = (config, files) => {
 }
 
 module.exports = {
-  phpAnalysis
+  phpAnalysis: phpAnalysis
 }

package/src/scaAnalysis/php/phpNewServicesMapper.js

@@ -0,0 +1,77 @@
+const { keyBy, merge } = require('lodash')
+
+const parsePHPLockFileForScaServices = phpLockFile => {
+  const packages = keyBy(phpLockFile.packages, 'name')
+  const packagesDev = keyBy(phpLockFile['packages-dev'], 'name')
+
+  return merge(buildDepTree(packages, true), buildDepTree(packagesDev, false))
+}
+
+const buildDepTree = (packages, isProduction) => {
+  //builds deps into flat structure
+  const dependencyTree = {}
+
+  for (const packagesKey in packages) {
+    const currentObj = packages[packagesKey]
+    const { group, name } = findGroupAndName(currentObj.name)
+
+    const key = `${group}/${name}@${currentObj.version}`
+    dependencyTree[key] = {
+      group: group,
+      name: name,
+      version: currentObj.version,
+      directDependency: true,
+      isProduction: isProduction,
+      dependencies: []
+    }
+
+    const mergedChildDeps = merge(
+      buildSubDepsIntoFlatStructure(currentObj.require),
+      buildSubDepsIntoFlatStructure(currentObj['require-dev'])
+    )
+
+    for (const childKey in mergedChildDeps) {
+      const { group, name } = findGroupAndName(childKey)
+      const builtKey = `${group}/${name}`
+      dependencyTree[builtKey] = mergedChildDeps[childKey]
+    }
+  }
+  return dependencyTree
+}
+
+// currently sub deps will be built into a flat structure
+// but not ingested via the new services as they do not have concrete versions
+const buildSubDepsIntoFlatStructure = childDeps => {
+  const dependencyTree = {}
+
+  for (const dep in childDeps) {
+    const version = childDeps[dep]
+    const { group, name } = findGroupAndName(dep)
+    const key = `${group}/${name}`
+    dependencyTree[key] = {
+      group: group,
+      name: name,
+      version: version,
+      directDependency: false,
+      isProduction: false,
+      dependencies: []
+    }
+  }
+  return dependencyTree
+}
+
+const findGroupAndName = groupAndName => {
+  if (groupAndName.includes('/')) {
+    const groupName = groupAndName.split('/')
+    return { group: groupName[0], name: groupName[1] }
+  } else {
+    return { group: groupAndName, name: groupAndName }
+  }
+}
+
+module.exports = {
+  parsePHPLockFileForScaServices,
+  buildDepTree,
+  buildSubDepsIntoFlatStructure,
+  findGroupAndName
+}

package/src/scaAnalysis/python/analysis.js

@@ -1,5 +1,6 @@
 const multiReplace = require('string-multiple-replace')
 const fs = require('fs')
+const i18n = require('i18n')
 
 const readAndParseProjectFile = file => {
   const filePath = filePathForWindows(file + '/Pipfile')
@@ -23,12 +24,52 @@ const readAndParseLockFile = file => {
   return parsedPipLock
 }
 
-const getPythonDeps = config => {
+const readLockFile = file => {
+  const filePath = filePathForWindows(file + '/Pipfile.lock')
+  const lockFile = fs.readFileSync(filePath, 'utf8')
+  let parsedPipLock = JSON.parse(lockFile)
+  return parsedPipLock['default']
+}
+
+const scaPythonParser = pythonDependencies => {
+  let pythonParsedDeps = {}
+  for (let key in pythonDependencies) {
+    pythonParsedDeps[key] = {}
+    pythonParsedDeps[key].version = pythonDependencies[key].version.replace(
+      '==',
+      ''
+    )
+    pythonParsedDeps[key].group = null
+    pythonParsedDeps[key].name = key
+    pythonParsedDeps[key].isProduction = true
+    pythonParsedDeps[key].dependencies = []
+    pythonParsedDeps[key].directDependency = true
+  }
+  return pythonParsedDeps
+}
+
+const checkForCorrectFiles = languageFiles => {
+  if (!languageFiles.includes('Pipfile.lock')) {
+    throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'python'))
+  }
+
+  if (!languageFiles.includes('Pipfile')) {
+    throw new Error(i18n.__('languageAnalysisProjectFileError', 'python'))
+  }
+}
+
+const getPythonDeps = (config, languageFiles) => {
   try {
-    const parseProject = readAndParseProjectFile(config.file)
-    const parsePip = readAndParseLockFile(config.file)
+    if (config.experimental) {
+      let pythonLockFileContents = readLockFile(config.file)
+      return scaPythonParser(pythonLockFileContents)
+    } else {
+      checkForCorrectFiles(languageFiles)
+      const parseProject = readAndParseProjectFile(config.file)
+      const parsePip = readAndParseLockFile(config.file)
 
-    return { pipfileLock: parsePip, pipfilDependanceies: parseProject }
+      return { pipfileLock: parsePip, pipfilDependanceies: parseProject }
+    }
   } catch (err) {
     console.log(err.message.toString())
     process.exit(1)
@@ -44,6 +85,9 @@ const filePathForWindows = path => {
 
 module.exports = {
   getPythonDeps,
+  scaPythonParser,
+  readAndParseLockFile,
   readAndParseProjectFile,
-  readAndParseLockFile
+  checkForCorrectFiles,
+  readLockFile
 }

package/src/scaAnalysis/python/index.js

@@ -1,9 +1,14 @@
 const { createPythonTSMessage } = require('../common/formatMessage')
-const { getPythonDeps } = require('./analysis')
+const { getPythonDeps, secondaryParser } = require('./analysis')
 
 const pythonAnalysis = (config, languageFiles) => {
   const pythonDeps = getPythonDeps(config, languageFiles.PYTHON)
-  return createPythonTSMessage(pythonDeps)
+
+  if (config.experimental) {
+    return pythonDeps
+  } else {
+    return createPythonTSMessage(pythonDeps)
+  }
 }
 
 module.exports = {

package/src/scaAnalysis/ruby/analysis.js

@@ -1,4 +1,5 @@
 const fs = require('fs')
+const i18n = require('i18n')
 
 const readAndParseGemfile = file => {
   const gemFile = fs.readFileSync(file + '/Gemfile', 'utf8')
@@ -241,15 +242,25 @@ const buildSourceDependencyWithVersion = (
   return dependencies
 }
 
-const getRubyDeps = config => {
+const getRubyDeps = (config, languageFiles) => {
   try {
+    checkForCorrectFiles(languageFiles)
     const parsedGem = readAndParseGemfile(config.file)
     const parsedLock = readAndParseGemLockFile(config.file)
 
     return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock }
   } catch (err) {
-    console.log(err.message)
-    process.exit(1)
+    throw err
+  }
+}
+
+const checkForCorrectFiles = languageFiles => {
+  if (!languageFiles.includes('Gemfile.lock')) {
+    throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'ruby'))
+  }
+
+  if (!languageFiles.includes('Gemfile')) {
+    throw new Error(i18n.__('languageAnalysisProjectFileError', 'ruby'))
   }
 }
 
@@ -269,5 +280,6 @@ module.exports = {
   getVersion,
   getPatchLevel,
   formatSourceArr,
-  getSourceArray
+  getSourceArray,
+  checkForCorrectFiles
 }

package/src/scan/autoDetection.js

@@ -1,6 +1,7 @@
 const i18n = require('i18n')
 const fileFinder = require('./fileUtils')
 const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames')
+const path = require('path')
 
 const autoDetectFileAndLanguage = async configToUse => {
   const entries = await fileFinder.findFile()
@@ -27,16 +28,10 @@ const autoDetectFileAndLanguage = async configToUse => {
   }
 }
 
-const autoDetectAuditFilesAndLanguages = async file => {
-  const filePath = file
+const autoDetectAuditFilesAndLanguages = async filePath => {
   let languagesFound = []
 
-  if (filePath) {
-    rootFile.getProjectRootFilenames(filePath)
-    console.log(i18n.__('searchingAuditFileDirectory', filePath))
-  } else {
-    console.log(i18n.__('searchingAuditFileDirectory', process.cwd()))
-  }
+  console.log(i18n.__('searchingAuditFileDirectory', filePath))
 
   await fileFinder.findFilesJava(languagesFound, filePath)
   await fileFinder.findFilesJavascript(languagesFound, filePath)
@@ -46,13 +41,11 @@ const autoDetectAuditFilesAndLanguages = async file => {
   await fileFinder.findFilesRuby(languagesFound, filePath)
   await fileFinder.findFilesDotNet(languagesFound, filePath)
 
-  if (languagesFound.length <= 1) {
+  if (languagesFound) {
     return languagesFound
-  } else {
-    console.log(
-      'found multiple languages, please specify one using --file to run SCA audit'
-    )
   }
+
+  return []
 }
 
 const hasWhiteSpace = s => {

package/src/scan/formatScanOutput.ts

@@ -62,12 +62,12 @@ export function formatScanOutput(scanResults: ScanResultsModel) {
       })
       let learnRow: string[] = []
       let adviceRow = []
+      const headerColour = chalk.hex(entry.colour)
       const headerRow = [
-        chalk
-          .hex(entry.colour)
-          .bold(`CONTRAST-${count.toString().padStart(3, '0')}`),
-        chalk.hex(entry.colour).bold('-'),
-        chalk.hex(entry.colour).bold(`[${entry.severity}] ${entry.ruleId}`) +
+        headerColour(`CONTRAST-${count.toString().padStart(3, '0')}`),
+        headerColour(`-`),
+        headerColour(`[${entry.severity}] `) +
+          headerColour.bold(`${entry.ruleId}`) +
           entry.message
       ]
 
@@ -104,6 +104,8 @@ export function formatScanOutput(scanResults: ScanResultsModel) {
     })
   }
   printVulnInfo(projectOverview)
+
+  return projectOverview
 }
 
 function printVulnInfo(projectOverview: any) {

package/src/scan/help.js

@@ -1,6 +1,7 @@
 const commandLineUsage = require('command-line-usage')
 const i18n = require('i18n')
 const constants = require('../constants')
+const { commonHelpLinks } = require('../common/commonHelp')
 
 const scanUsageGuide = commandLineUsage([
   {
@@ -35,9 +36,7 @@ const scanUsageGuide = commandLineUsage([
       'application-name'
     ]
   },
-  {
-    content: '{underline https://www.contrastsecurity.com}'
-  }
+  commonHelpLinks()
 ])
 
 module.exports = {

package/src/scan/populateProjectIdAndProjectName.js

@@ -28,7 +28,11 @@ const createProjectId = async (config, client) => {
         process.exit(1)
         return
       }
-
+      if (res.statusCode === 429) {
+        console.log(i18n.__('exceededFreeTier'))
+        process.exit(1)
+        return
+      }
       if (res.statusCode === 201) {
         console.log(i18n.__('projectCreatedScan'))
         if (config.verbose) {

package/src/scan/scan.ts

@@ -47,6 +47,10 @@ export const sendScan = async (config: any) => {
             )
             console.log(i18n.__('genericServiceError', res.statusCode))
           }
+          if (res.statusCode === 429) {
+            console.log(i18n.__('exceededFreeTier'))
+            process.exit(1)
+          }
           if (res.statusCode === 403) {
             console.log(i18n.__('permissionsError'))
             process.exit(1)

package/src/scan/scanConfig.js

@@ -1,13 +1,15 @@
 const paramHandler = require('../utils/paramsUtil/paramHandler')
-const constants = require('../../src/constants.js')
-const parsedCLIOptions = require('../../src/utils/parsedCLIOptions')
+const constants = require('../constants.js')
 const path = require('path')
 const { supportedLanguagesScan } = require('../constants/constants')
 const i18n = require('i18n')
 const { scanUsageGuide } = require('./help')
+const parsedCLIOptions = require('../utils/parsedCLIOptions')
 
-const getScanConfig = argv => {
-  let scanParams = parsedCLIOptions.getCommandLineArgsCustom(
+const getScanConfig = async (contrastConf, command, argv) => {
+  let scanParams = await parsedCLIOptions.getCommandLineArgsCustom(
+    contrastConf,
+    command,
     argv,
     constants.commandLineDefinitions.scanOptionDefinitions
   )

package/src/scan/scanResults.js

@@ -4,11 +4,15 @@ const oraFunctions = require('../utils/oraWrapper')
 const _ = require('lodash')
 const i18n = require('i18n')
 const oraWrapper = require('../utils/oraWrapper')
+const readLine = require('readline')
 
 const getScanId = async (config, codeArtifactId, client) => {
   return client
     .getScanId(config, codeArtifactId)
     .then(res => {
+      if (res.statusCode == 429) {
+        throw new Error(i18n.__('exceededFreeTier'))
+      }
       return res.body.id
     })
     .catch(err => {
@@ -88,13 +92,57 @@ const returnScanResults = async (
           startScanSpinner,
           'Contrast Scan timed out at the specified ' + timeout + ' seconds.'
         )
-        console.log('Please try again, allowing more time.')
-        process.exit(1)
+
+        const isCI = process.env.CONTRAST_CODESEC_CI
+          ? JSON.parse(process.env.CONTRAST_CODESEC_CI)
+          : false
+        if (!isCI) {
+          const retry = await retryScanPrompt()
+          timeout = retry.timeout
+        } else {
+          console.log('Please try again, allowing more time')
+          process.exit(1)
+        }
       }
     }
   }
 }
 
+const retryScanPrompt = async () => {
+  const rl = readLine.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  })
+
+  return new Promise((resolve, reject) => {
+    requestUtils.timeOutError(30000, reject)
+
+    rl.question(
+      '🔁 Do you want to continue waiting on Scan? [Y/N]\n',
+      async input => {
+        if (input.toLowerCase() === 'yes' || input.toLowerCase() === 'y') {
+          console.log('Continuing wait for Scan')
+          rl.close()
+          resolve({ timeout: 300 })
+        } else if (
+          input.toLowerCase() === 'no' ||
+          input.toLowerCase() === 'n'
+        ) {
+          rl.close()
+          console.log('Contrast Scan Retry Cancelled: Exiting')
+          resolve(process.exit(1))
+        } else {
+          rl.close()
+          console.log('Invalid Input: Exiting')
+          resolve(process.exit(1))
+        }
+      }
+    )
+  }).catch(e => {
+    throw e
+  })
+}
+
 const returnScanResultsInstances = async (config, scanId) => {
   const client = commonApi.getHttpClient(config)
   let result
@@ -118,5 +166,6 @@ module.exports = {
   getScanId: getScanId,
   returnScanResults: returnScanResults,
   pollScanResults: pollScanResults,
-  returnScanResultsInstances: returnScanResultsInstances
+  returnScanResultsInstances: returnScanResultsInstances,
+  retryScanPrompt
 }