npm - @contrast/contrast - Versions diffs - 1.0.9 → 1.0.12 - Mend

@contrast/contrast 1.0.9 → 1.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (108) hide show

package/README.md +2 -2
package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js +17 -17
package/dist/audit/{languageAnalysisEngine/report → report}/commonReportingFunctions.js +56 -35
package/dist/audit/report/models/reportGuidanceModel.js +6 -0
package/dist/audit/{languageAnalysisEngine/report → report}/models/reportLibraryModel.js +0 -0
package/dist/audit/{languageAnalysisEngine/report → report}/models/reportListModel.js +0 -0
package/dist/audit/{languageAnalysisEngine/report → report}/models/reportOutputModel.js +1 -2
package/dist/audit/{languageAnalysisEngine/report → report}/models/reportSeverityModel.js +0 -0
package/dist/audit/{languageAnalysisEngine/report → report}/models/severityCountModel.js +1 -0
package/dist/audit/{languageAnalysisEngine/report → report}/reportingFeature.js +12 -8
package/dist/audit/{languageAnalysisEngine/report → report}/utils/reportUtils.js +3 -4
package/dist/commands/audit/auditConfig.js +3 -3
package/dist/commands/audit/help.js +3 -1
package/dist/commands/audit/processAudit.js +4 -2
package/dist/commands/auth/auth.js +1 -1
package/dist/commands/config/config.js +2 -2
package/dist/commands/scan/processScan.js +11 -4
package/dist/commands/scan/sca/scaAnalysis.js +20 -9
package/dist/common/HTTPClient.js +9 -0
package/dist/common/commonHelp.js +19 -0
package/dist/common/errorHandling.js +2 -2
package/dist/common/fail.js +66 -0
package/dist/common/versionChecker.js +4 -2
package/dist/constants/constants.js +2 -2
package/dist/constants/locales.js +26 -11
package/dist/constants.js +52 -5
package/dist/index.js +5 -2
package/dist/lambda/help.js +2 -3
package/dist/scaAnalysis/common/scaParserForGoAndJava.js +32 -0
package/dist/scaAnalysis/common/treeUpload.js +20 -5
package/dist/scaAnalysis/dotnet/analysis.js +15 -3
package/dist/scaAnalysis/go/goAnalysis.js +8 -2
package/dist/scaAnalysis/java/analysis.js +10 -6
package/dist/scaAnalysis/java/index.js +7 -1
package/dist/scaAnalysis/java/javaBuildDepsParser.js +19 -3
package/dist/scaAnalysis/javascript/index.js +3 -0
package/dist/scaAnalysis/php/analysis.js +1 -1
package/dist/scaAnalysis/php/index.js +12 -6
package/dist/scaAnalysis/php/phpNewServicesMapper.js +62 -0
package/dist/scaAnalysis/python/analysis.js +43 -5
package/dist/scaAnalysis/python/index.js +7 -2
package/dist/scaAnalysis/ruby/analysis.js +14 -4
package/dist/scan/autoDetection.js +5 -13
package/dist/scan/formatScanOutput.js +6 -5
package/dist/scan/help.js +2 -3
package/dist/scan/populateProjectIdAndProjectName.js +5 -0
package/dist/scan/scan.js +4 -0
package/dist/scan/scanConfig.js +4 -4
package/dist/scan/scanResults.js +46 -3
package/dist/telemetry/telemetry.js +137 -0
package/dist/utils/commonApi.js +1 -1
package/dist/utils/getConfig.js +2 -4
package/dist/utils/parsedCLIOptions.js +3 -1
package/dist/utils/requestUtils.js +7 -1
package/package.json +4 -2
package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js +22 -29
package/src/audit/{languageAnalysisEngine/report → report}/commonReportingFunctions.ts +80 -44
package/src/audit/report/models/reportGuidanceModel.ts +5 -0
package/src/audit/{languageAnalysisEngine/report → report}/models/reportLibraryModel.ts +0 -0
package/src/audit/{languageAnalysisEngine/report → report}/models/reportListModel.ts +0 -0
package/src/audit/{languageAnalysisEngine/report → report}/models/reportOutputModel.ts +1 -7
package/src/audit/{languageAnalysisEngine/report → report}/models/reportSeverityModel.ts +0 -0
package/src/audit/{languageAnalysisEngine/report → report}/models/severityCountModel.ts +2 -0
package/src/audit/{languageAnalysisEngine/report → report}/reportingFeature.ts +16 -9
package/src/audit/{languageAnalysisEngine/report → report}/utils/reportUtils.ts +4 -4
package/src/commands/audit/auditConfig.ts +10 -3
package/src/commands/audit/help.ts +3 -1
package/src/commands/audit/processAudit.ts +16 -2
package/src/commands/auth/auth.js +3 -1
package/src/commands/config/config.js +4 -2
package/src/commands/scan/processScan.js +18 -4
package/src/commands/scan/sca/scaAnalysis.js +27 -10
package/src/common/HTTPClient.js +15 -0
package/src/common/commonHelp.ts +13 -0
package/src/common/errorHandling.ts +2 -3
package/src/common/fail.js +75 -0
package/src/common/versionChecker.ts +4 -4
package/src/constants/constants.js +2 -2
package/src/constants/locales.js +35 -13
package/src/constants.js +56 -6
package/src/index.ts +17 -2
package/src/lambda/help.ts +2 -3
package/src/scaAnalysis/common/scaParserForGoAndJava.js +41 -0
package/src/scaAnalysis/common/treeUpload.js +21 -5
package/src/scaAnalysis/dotnet/analysis.js +21 -3
package/src/scaAnalysis/go/goAnalysis.js +9 -2
package/src/scaAnalysis/java/analysis.js +11 -6
package/src/scaAnalysis/java/index.js +9 -1
package/src/scaAnalysis/java/javaBuildDepsParser.js +25 -6
package/src/scaAnalysis/javascript/index.js +3 -0
package/src/scaAnalysis/php/analysis.js +1 -1
package/src/scaAnalysis/php/index.js +12 -6
package/src/scaAnalysis/php/phpNewServicesMapper.js +77 -0
package/src/scaAnalysis/python/analysis.js +49 -5
package/src/scaAnalysis/python/index.js +7 -2
package/src/scaAnalysis/ruby/analysis.js +16 -4
package/src/scan/autoDetection.js +6 -13
package/src/scan/formatScanOutput.ts +7 -5
package/src/scan/help.js +2 -3
package/src/scan/populateProjectIdAndProjectName.js +5 -1
package/src/scan/scan.ts +4 -0
package/src/scan/scanConfig.js +6 -4
package/src/scan/scanResults.js +52 -3
package/src/telemetry/telemetry.ts +154 -0
package/src/utils/commonApi.js +1 -1
package/src/utils/getConfig.ts +2 -11
package/src/utils/parsedCLIOptions.js +14 -1
package/src/utils/requestUtils.js +8 -1

package/src/telemetry/telemetry.ts ADDED Viewed

@@ -0,0 +1,154 @@
+import { getHttpClient } from '../utils/commonApi'
+import * as crypto from 'crypto'
+import { ContrastConf } from '../utils/getConfig'
+export const TELEMETRY_CLI_COMMANDS_EVENT = 'CLI_COMMANDS'
+export const TELEMETRY_CLI_TIME_TO_AUTH_EVENT = 'CLI_TIME_TO_AUTH'
+export const sendTelemetryConfigAsConfObj = async (
+  config: ContrastConf,
+  command: string,
+  argv: string[],
+  result: string,
+  language: string
+) => {
+  const hostParam = '--host'
+  const hostParamAlias = '-h'
+  const orgIdParam = '--organization-id'
+  const orgIdParamAlias = '-o'
+  const authParam = '--authorization'
+  const apiKeyParam = '--api-key'
+  let configToUse
+  if (
+    paramExists(argv, hostParam, hostParamAlias) &&
+    paramExists(argv, orgIdParam, orgIdParamAlias) &&
+    paramExists(argv, authParam, null) &&
+    paramExists(argv, apiKeyParam, null)
+  ) {
+    //if the user has passed the values as params
+    configToUse = {
+      host: findParamValueFromArgs(argv, hostParam, hostParamAlias),
+      organizationId: findParamValueFromArgs(argv, orgIdParam, orgIdParamAlias),
+      authorization: findParamValueFromArgs(argv, authParam, null),
+      apiKey: findParamValueFromArgs(argv, apiKeyParam, null)
+    }
+  } else if (
+    config &&
+    config.get('host') &&
+    config.get('organizationId') &&
+    config.get('authorization') &&
+    config.get('apiKey')
+  ) {
+    configToUse = {
+      host: config.get('host')?.slice(0, -1), //slice off extra / in url, will 404 on teamserver if we don't
+      organizationId: config.get('organizationId'),
+      authorization: config.get('authorization'),
+      apiKey: config.get('apiKey')
+    }
+  } else {
+    //return when unable to get config
+    return
+  }
+  return await sendTelemetryConfigAsObject(
+    configToUse,
+    command,
+    argv,
+    result,
+    language
+  )
+}
+export const sendTelemetryConfigAsObject = async (
+  config: any,
+  command: string,
+  argv: string[],
+  result: string,
+  language: string
+) => {
+  const obfuscatedParams = obfuscateParams(argv)
+  const requestBody = {
+    event: TELEMETRY_CLI_COMMANDS_EVENT,
+    details: {
+      ip_address: '',
+      account_name: '',
+      account_host: '',
+      company_domain: '',
+      command: `contrast ${command} ${obfuscatedParams}`,
+      app_id:
+        config && config.applicationId
+          ? sha1Base64Value(config.applicationId)
+          : 'undefined',
+      project_id:
+        config && config.projectId
+          ? sha1Base64Value(config.projectId)
+          : 'undefined',
+      language: language,
+      result: result,
+      additional_info: '',
+      timestamp: new Date().toUTCString()
+    }
+  }
+  return await sendTelemetryRequest(config, requestBody)
+}
+export const sendTelemetryRequest = async (config: any, requestBody: any) => {
+  const client = getHttpClient(config)
+  return client
+    .postTelemetry(config, requestBody)
+    .then((res: any) => {
+      if (res.statusCode !== 200 && config.debug === true) {
+        console.log('Telemetry failed to send with status', res.statusCode)
+      }
+      return { statusCode: res.statusCode, statusMessage: res.statusMessage }
+    })
+    .catch((err: any) => {
+      return
+    })
+}
+export const obfuscateParams = (argv: string[]) => {
+  return argv
+    .join(' ')
+    .replace(/--(authorization [A-Z0-9]+)/gi, '--authorization *****')
+    .replace(/-(o [A-Z0-9-]+)/gi, '-o *****')
+    .replace(/--(organization-id [A-Z0-9-]+)/gi, '--organization-id *****')
+    .replace(/--(api-key [A-Z0-9]+)/gi, '--api-key *****')
+}
+export const paramExists = (
+  argv: string[],
+  param: string,
+  paramAlias: string | null
+) => {
+  return argv.find((arg: string) => arg === param || arg === paramAlias)
+}
+export const findParamValueFromArgs = (
+  argv: string[],
+  param: string,
+  paramAlias: string | null
+) => {
+  let paramAsValue
+  argv.forEach((arg: string, index: number) => {
+    if (
+      arg === param ||
+      (arg === paramAlias &&
+        argv[index + 1] !== undefined &&
+        argv[index + 1] !== null)
+    ) {
+      paramAsValue = argv[index + 1]
+    }
+  })
+  return paramAsValue
+}
+export const sha1Base64Value = (value: any) => {
+  return crypto.createHash('sha1').update(value).digest('base64')
+}

package/src/utils/commonApi.js CHANGED Viewed

@@ -20,7 +20,7 @@ const handleResponseErrors = (res, api) => {
   } else if (res.statusCode === 412) {
     maxAppError()
   } else {
-    genericError()
+    genericError(res)
   }
 }

package/src/utils/getConfig.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import Conf from 'conf'
+import { CE_URL } from '../constants/constants'
 type ContrastConfOptions = Partial<{
   version: string
@@ -7,7 +8,6 @@ type ContrastConfOptions = Partial<{
   orgId: string
   authHeader: string
   numOfRuns: number
-  updateMessageHidden: boolean
 }>
 type ContrastConf = Conf<ContrastConfOptions>
@@ -18,17 +18,8 @@ const localConfig = (name: string, version: string) => {
   })
   config.set('version', version)
-  if (process.env.CONTRAST_CODSEC_DISABLE_UPDATE_MESSAGE) {
-    config.set(
-      'updateMessageHidden',
-      JSON.parse(
-        process.env.CONTRAST_CODSEC_DISABLE_UPDATE_MESSAGE.toLowerCase()
-      )
-    )
-  }
   if (!config.has('host')) {
-    config.set('host', 'https://ce.contrastsecurity.com/')
+    config.set('host', CE_URL)
   }
   return config
 }

package/src/utils/parsedCLIOptions.js CHANGED Viewed

@@ -1,6 +1,12 @@
 const commandLineArgs = require('command-line-args')
+const { sendTelemetryConfigAsConfObj } = require('../telemetry/telemetry')
-const getCommandLineArgsCustom = (parameterList, optionDefinitions) => {
+const getCommandLineArgsCustom = async (
+  contrastConf,
+  command,
+  parameterList,
+  optionDefinitions
+) => {
   try {
     return commandLineArgs(optionDefinitions, {
       argv: parameterList,
@@ -9,6 +15,13 @@ const getCommandLineArgsCustom = (parameterList, optionDefinitions) => {
       caseInsensitive: true
     })
   } catch (e) {
+    await sendTelemetryConfigAsConfObj(
+      contrastConf,
+      command,
+      parameterList,
+      'FAILURE',
+      'undefined'
+    )
     console.log(e.message.toString())
     process.exit(1)
   }

package/src/utils/requestUtils.js CHANGED Viewed

@@ -15,8 +15,15 @@ const sleep = ms => {
   return new Promise(resolve => setTimeout(resolve, ms))
 }
+const timeOutError = (ms, reject) => {
+  return setTimeout(() => {
+    reject(new Error(`No input detected after 30s`))
+  }, ms)
+}
 module.exports = {
   sendRequest: sendRequest,
   sleep: sleep,
-  millisToSeconds: millisToSeconds
+  millisToSeconds: millisToSeconds,
+  timeOutError: timeOutError
 }