@contrast/contrast 2.0.0 → 2.0.1

package/dist/cliConstants.js

@@ -377,6 +377,11 @@ const auditOptionDefinitions = [
             i18n.__('constantsOptional') +
             '}:' +
             i18n.__('auditOptionsRepoSummary')
+    },
+    {
+        name: 'repo-id',
+        type: String,
+        description: ''
     }
 ];
 const fingerprintOptionDefinitions = [
@@ -387,7 +392,22 @@ const fingerprintOptionDefinitions = [
         description: '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('depthOption')
     },
     {
-        name: 'repoUrl',
+        name: 'repo-url',
+        type: String,
+        description: ''
+    },
+    {
+        name: 'external-id',
+        type: String,
+        description: ''
+    },
+    {
+        name: 'repo-name',
+        type: String,
+        description: ''
+    },
+    {
+        name: 'language',
         type: String,
         description: ''
     }

package/dist/commands/audit/help.js

@@ -53,10 +53,8 @@ const auditUsageGuide = commandLineUsage([
             'language',
             'app-groups',
             'metadata',
-            'fingerprint',
             'branch',
-            'repo',
-            'name'
+            'repo'
         ]
     },
     {

package/dist/commands/github/processFingerprint.js

@@ -0,0 +1,18 @@
+"use strict";
+const fingerprintConfig = require('./fingerprintConfig');
+const repoServices = require('./repoServices');
+const settingsHelper = require('../../utils/settingsHelper');
+const autoDetection = require('../../scan/autoDetection');
+const saveResults = require('../../scan/saveResults');
+const processFingerprint = async (contrastConf, argvMain) => {
+    let config = await fingerprintConfig.getFingerprintConfig(contrastConf, 'fingerprint', argvMain);
+    config = await settingsHelper.getSettings(config);
+    config.repositoryId = await repoServices.getRepoId(config);
+    let fingerprint = await autoDetection.autoDetectFingerprintInfo(config.file, config.depth, config);
+    let idArray = fingerprint.map(x => x.id);
+    await saveResults.writeResultsToFile(fingerprint, 'fingerPrintInfo.json');
+    return console.log(idArray);
+};
+module.exports = {
+    processFingerprint
+};

package/dist/commands/github/projectGroup.js

@@ -11,14 +11,23 @@ const getProjectIdByOrg = async (config) => {
     }
     return projectId;
 };
-const registerNewProjectGroup = async (config) => {
-    let projectId = '';
+const createNewProjectGroupBody = async (config) => {
     let body = {
         organizationId: config.organizationId,
-        name: config.name ? config.name : config.file,
-        repositoryId: null,
-        type: 'CLI'
+        name: config.name ? config.name : config.file
     };
+    if (config.repo || config?.repositoryId) {
+        body.repositoryId = config.repositoryId;
+        body.type = 'REPOSITORY';
+    }
+    else {
+        body.repositoryId = null;
+        body.type = 'CLI';
+    }
+    return body;
+};
+const registerNewProjectGroup = async (config) => {
+    let body = await createNewProjectGroupBody(config);
     const client = await commonApi.getHttpClient(config);
     body.projects = createProjects([config]);
     let projectGroupInfo = await client
@@ -160,5 +169,6 @@ module.exports = {
     getProjectIdByOrg,
     registerProjectIdOnCliServices,
     dealWithNoName,
-    registerNewProjectGroup
+    registerNewProjectGroup,
+    createNewProjectGroupBody
 };

package/dist/commands/github/repoServices.js

@@ -0,0 +1,70 @@
+"use strict";
+const commonApi = require('../../utils/commonApi');
+const retrieveRepoId = async (config) => {
+    const client = await commonApi.getHttpClient(config);
+    let repositoryId = await client
+        .retrieveRepoByOrgAndGitURL(config)
+        .then(res => {
+        if (config.debug || config.verbose) {
+            console.log('\nRetrieve RepoId By retrieveRepoByOrgAndGitURL');
+            console.log(res.statusCode);
+            console.log(res.body);
+        }
+        if (res.statusCode === 201 || res.statusCode === 200) {
+            return res.body.repositoryId;
+        }
+        else {
+            return '';
+        }
+    });
+    return repositoryId;
+};
+const registerNewRepo = async (config) => {
+    let body = {
+        externalScmUrl: config.repoUrl ? config.repoUrl : '',
+        externalScmName: config.repoName,
+        externalId: config.externalId ? config.externalId : '',
+        primaryLanguage: config.language,
+        defaultBranch: 'develop'
+    };
+    const client = await commonApi.getHttpClient(config);
+    let result = await client
+        .registerRepo(config, body)
+        .then(res => {
+        if (config.debug || config.verbose) {
+            console.log('\nRegister Repository');
+            console.log(res.statusCode);
+            console.log(res.body);
+        }
+        if (res.statusCode === 201 || res.statusCode === 200) {
+            if (config.debug || config.verbose) {
+                console.log('registerRepository - response');
+                console.log('response', res.body);
+            }
+            return res?.body?.repositoryId;
+        }
+        if (res.statusCode === 409) {
+            return '';
+        }
+    })
+        .catch(err => {
+        console.log('\nError Registering Repository');
+        console.log(err.statusCode);
+    });
+    return result;
+};
+const getRepoId = async (config) => {
+    let repoId = '';
+    if (config.repositoryId === '' || config.repositoryId === undefined) {
+        repoId = await retrieveRepoId(config);
+    }
+    if (repoId === '') {
+        repoId = await registerNewRepo(config);
+    }
+    return repoId;
+};
+module.exports = {
+    retrieveRepoId,
+    registerNewRepo,
+    getRepoId
+};

package/dist/common/HTTPClient.js

@@ -489,7 +489,7 @@ const retrieveSourcesUrl = (config, repositoryId) => {
     return `${config.host}/projects/v1/repositories/${repositoryId}/sources`;
 };
 const retrieveRepoByOrgAndGitURL = config => {
-    return `${config.host}/api/v4/organizations/${config.organizationId}/repository`;
+    return `${config.host}/api/v4/organizations/${config.organizationId}/repositories/external-url?externalRepoUrl=${config.repoUrl}`;
 };
 const retrieveProjectByOrganizationIdUrl = config => {
     let baseUrl = `${config.host}/api/v4/organizations/${config.organizationId}/projects`;
@@ -510,7 +510,7 @@ const retrieveExistingRepoUrl = config => {
     return `${config.host}/projects/v4/organizations/${config.organizationId}/repositories`;
 };
 function createRepositoryUrl(config) {
-    return `${config.host}/projects/v1/repositories`;
+    return `${config.host}/api/v4/organizations/${config.organizationId}/repositories`;
 }
 function createLibraryVulnerabilitiesUrl(config) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`;

package/dist/common/errorHandling.js

@@ -37,7 +37,7 @@ const maxAppError = () => {
     process.exit(1);
 };
 const parametersError = () => {
-    generalError(`Values not recognised`, 'Check your command & keys again for hidden characters.\nFor more information use contrast help.');
+    generalError(`Credentials not recognized`, 'Check your command & keys again for hidden characters / verify that the credentials are correct.\nFor more information use contrast help.');
     process.exit(1);
 };
 const invalidHostNameError = () => {

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '2.0.0';
+const APP_VERSION = '2.0.1';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';

package/dist/index.js

@@ -17,6 +17,7 @@ const versionChecker_1 = require("./common/versionChecker");
 const errorHandling_1 = require("./common/errorHandling");
 const telemetry_1 = require("./telemetry/telemetry");
 const processLearn_1 = require("./commands/learn/processLearn");
+const processFingerprint_1 = require("./commands/github/processFingerprint");
 const { commandLineDefinitions: { mainUsageGuide, mainDefinition } } = cliConstants_1.default;
 const config = (0, getConfig_1.localConfig)(constants_1.APP_NAME, constants_1.APP_VERSION);
 const getMainOption = () => {
@@ -65,6 +66,9 @@ const start = async () => {
             if (command === 'audit') {
                 return await (0, processAudit_1.processAudit)(config, argvMain);
             }
+            if (command === 'fingerprint') {
+                return await (0, processFingerprint_1.processFingerprint)(config, argvMain);
+            }
             if (command === 'learn') {
                 return (0, processLearn_1.processLearn)();
             }

package/dist/scaAnalysis/processServicesFlow.js

@@ -1,21 +1,39 @@
 "use strict";
 const projectConfig = require('../commands/github/projectGroup');
 const scaServicesUpload = require('../scaAnalysis/common/scaServicesUpload');
-const processUpload = async (analysis, config, reportSpinner) => {
+const trackProcess = async (analysis, config, reportSpinner) => {
+    await projectConfig.registerNewProjectGroup(config);
     let projectId = await projectConfig.getProjectIdByOrg(config);
-    if (projectId === '') {
-        if (config.track === true) {
-            await projectConfig.registerNewProjectGroup(config);
-            projectId = await projectConfig.getProjectIdByOrg(config);
-        }
-        if (config.track === false || config.track === undefined) {
-            return await scaServicesUpload.noProjectUpload(analysis, config, reportSpinner);
-        }
-    }
     await projectConfig.registerProjectIdOnCliServices(config, projectId);
     config.projectId = projectId;
     return await scaServicesUpload.scaTreeUpload(analysis, config, reportSpinner);
 };
+const repoProcess = async (analysis, config, reportSpinner) => {
+    let repoInfo = repoService.retrieveRepoId(config);
+    if (repoInfo.repoId === '') {
+        repoInfo = repoService.registerRepo(config);
+    }
+    await projectConfig.registerProjectIdOnCliServices(config, repoInfo.projectId);
+    return repoInfo;
+};
+const dealWithNoProjectId = async (analysis, config, reportSpinner) => {
+    if (config.track) {
+        return trackProcess(analysis, config, reportSpinner);
+    }
+    if (!config.track) {
+        return await scaServicesUpload.noProjectUpload(analysis, config, reportSpinner);
+    }
+};
+const processUpload = async (analysis, config, reportSpinner) => {
+    let projectId = await projectConfig.getProjectIdByOrg(config);
+    if (projectId === '') {
+        return dealWithNoProjectId(analysis, config, reportSpinner);
+    }
+    if (projectId) {
+        config.projectId = projectId;
+        return await scaServicesUpload.scaTreeUpload(analysis, config, reportSpinner);
+    }
+};
 module.exports = {
     processUpload
 };

package/dist/scan/autoDetection.js

@@ -2,13 +2,17 @@
 const i18n = require('i18n');
 const fileFinder = require('./fileUtils');
 const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET } } = require('../constants/constants');
-const autoDetectFingerprintInfo = async (filePath, depth) => {
+const autoDetectFingerprintInfo = async (filePath, depth, config) => {
     let complexObj = await fileFinder.findAllFiles(filePath, depth);
     let result = [];
     let count = 0;
     complexObj.forEach(i => {
         count++;
-        result.push({ filePath: i, id: count.toString() });
+        result.push({
+            filePath: i,
+            id: count.toString(),
+            repositoryId: config.repositoryId
+        });
     });
     return result;
 };
@@ -26,7 +30,7 @@ const detectPackageManager = async (array) => {
             i['language'] = JAVA;
             i['packageManager'] = 'GRADLE';
         }
-        if (i.filePath.includes('package.json')) {
+        if (i.filePath.includes('package-lock.json')) {
             i['language'] = JAVASCRIPT;
             i['packageManager'] = 'NPM';
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {

package/src/cliConstants.js

@@ -426,6 +426,11 @@ const auditOptionDefinitions = [
       i18n.__('constantsOptional') +
       '}:' +
       i18n.__('auditOptionsRepoSummary')
+  },
+  {
+    name: 'repo-id',
+    type: String,
+    description: ''
   }
 ]
 
@@ -438,7 +443,22 @@ const fingerprintOptionDefinitions = [
       '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('depthOption')
   },
   {
-    name: 'repoUrl',
+    name: 'repo-url',
+    type: String,
+    description: ''
+  },
+  {
+    name: 'external-id',
+    type: String,
+    description: ''
+  },
+  {
+    name: 'repo-name',
+    type: String,
+    description: ''
+  },
+  {
+    name: 'language',
     type: String,
     description: ''
   }

package/src/commands/audit/help.js

@@ -53,10 +53,8 @@ const auditUsageGuide = commandLineUsage([
       'language',
       'app-groups',
       'metadata',
-      'fingerprint',
       'branch',
-      'repo',
-      'name'
+      'repo'
     ]
   },
   {

package/src/commands/github/processFingerprint.js

@@ -0,0 +1,27 @@
+const fingerprintConfig = require('./fingerprintConfig')
+const repoServices = require('./repoServices')
+const settingsHelper = require('../../utils/settingsHelper')
+const autoDetection = require('../../scan/autoDetection')
+const saveResults = require('../../scan/saveResults')
+const processFingerprint = async (contrastConf, argvMain) => {
+  let config = await fingerprintConfig.getFingerprintConfig(
+    contrastConf,
+    'fingerprint',
+    argvMain
+  )
+  config = await settingsHelper.getSettings(config)
+  config.repositoryId = await repoServices.getRepoId(config)
+  let fingerprint = await autoDetection.autoDetectFingerprintInfo(
+    config.file,
+    config.depth,
+    config
+  )
+
+  let idArray = fingerprint.map(x => x.id)
+  await saveResults.writeResultsToFile(fingerprint, 'fingerPrintInfo.json')
+  return console.log(idArray)
+}
+
+module.exports = {
+  processFingerprint
+}

package/src/commands/github/projectGroup.js

@@ -15,14 +15,24 @@ const getProjectIdByOrg = async config => {
   return projectId
 }
 
-const registerNewProjectGroup = async config => {
-  let projectId = ''
+const createNewProjectGroupBody = async config => {
   let body = {
     organizationId: config.organizationId,
-    name: config.name ? config.name : config.file, //has to be unique per project
-    repositoryId: null,
-    type: 'CLI'
+    name: config.name ? config.name : config.file //has to be unique per project
   }
+  if (config.repo || config?.repositoryId) {
+    body.repositoryId = config.repositoryId
+    body.type = 'REPOSITORY'
+  } else {
+    body.repositoryId = null
+    body.type = 'CLI'
+  }
+  return body
+}
+
+const registerNewProjectGroup = async config => {
+  let body = await createNewProjectGroupBody(config)
+
   const client = await commonApi.getHttpClient(config)
   body.projects = createProjects([config])
 
@@ -183,5 +193,6 @@ module.exports = {
   getProjectIdByOrg,
   registerProjectIdOnCliServices,
   dealWithNoName,
-  registerNewProjectGroup
+  registerNewProjectGroup,
+  createNewProjectGroupBody
 }

package/src/commands/github/repoServices.js

@@ -0,0 +1,80 @@
+const commonApi = require('../../utils/commonApi')
+const retrieveRepoId = async config => {
+  const client = await commonApi.getHttpClient(config)
+
+  let repositoryId = await client
+    .retrieveRepoByOrgAndGitURL(config)
+    .then(res => {
+      if (config.debug || config.verbose) {
+        console.log('\nRetrieve RepoId By retrieveRepoByOrgAndGitURL')
+        console.log(res.statusCode)
+        console.log(res.body)
+      }
+
+      if (res.statusCode === 201 || res.statusCode === 200) {
+        return res.body.repositoryId
+      } else {
+        return ''
+      }
+    })
+
+  return repositoryId
+}
+
+const registerNewRepo = async config => {
+  let body = {
+    externalScmUrl: config.repoUrl ? config.repoUrl : '',
+    externalScmName: config.repoName,
+    externalId: config.externalId ? config.externalId : '',
+    primaryLanguage: config.language,
+    defaultBranch: 'develop'
+  }
+
+  const client = await commonApi.getHttpClient(config)
+
+  let result = await client
+    .registerRepo(config, body)
+    .then(res => {
+      if (config.debug || config.verbose) {
+        console.log('\nRegister Repository')
+        console.log(res.statusCode)
+        console.log(res.body)
+      }
+      if (res.statusCode === 201 || res.statusCode === 200) {
+        if (config.debug || config.verbose) {
+          console.log('registerRepository - response')
+          console.log('response', res.body)
+        }
+        return res?.body?.repositoryId
+      }
+
+      if (res.statusCode === 409) {
+        return ''
+      }
+    })
+    .catch(err => {
+      console.log('\nError Registering Repository')
+      console.log(err.statusCode)
+    })
+
+  return result
+}
+
+const getRepoId = async config => {
+  let repoId = ''
+  if (config.repositoryId === '' || config.repositoryId === undefined) {
+    repoId = await retrieveRepoId(config)
+  }
+
+  if (repoId === '') {
+    repoId = await registerNewRepo(config)
+  }
+
+  return repoId
+}
+
+module.exports = {
+  retrieveRepoId,
+  registerNewRepo,
+  getRepoId
+}

package/src/common/HTTPClient.js

@@ -677,7 +677,7 @@ const retrieveSourcesUrl = (config, repositoryId) => {
 }
 
 const retrieveRepoByOrgAndGitURL = config => {
-  return `${config.host}/api/v4/organizations/${config.organizationId}/repository`
+  return `${config.host}/api/v4/organizations/${config.organizationId}/repositories/external-url?externalRepoUrl=${config.repoUrl}`
 }
 
 const retrieveProjectByOrganizationIdUrl = config => {
@@ -702,7 +702,7 @@ const retrieveExistingRepoUrl = config => {
 }
 
 function createRepositoryUrl(config) {
-  return `${config.host}/projects/v1/repositories`
+  return `${config.host}/api/v4/organizations/${config.organizationId}/repositories`
 }
 
 function createLibraryVulnerabilitiesUrl(config) {

package/src/common/errorHandling.js

@@ -51,8 +51,8 @@ const maxAppError = () => {
 
 const parametersError = () => {
   generalError(
-    `Values not recognised`,
-    'Check your command & keys again for hidden characters.\nFor more information use contrast help.'
+    `Credentials not recognized`,
+    'Check your command & keys again for hidden characters / verify that the credentials are correct.\nFor more information use contrast help.'
   )
   process.exit(1)
 }

package/src/constants/constants.js

@@ -14,7 +14,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 // App
 const APP_NAME = 'contrast'
-const APP_VERSION = '2.0.0'
+const APP_VERSION = '2.0.1'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'

package/src/index.ts

@@ -16,6 +16,7 @@ import {
 import { findCommandOnError } from './common/errorHandling'
 import { sendTelemetryConfigAsConfObj } from './telemetry/telemetry'
 import { processLearn } from './commands/learn/processLearn'
+import { processFingerprint } from './commands/github/processFingerprint'
 const {
   commandLineDefinitions: { mainUsageGuide, mainDefinition }
 } = constants
@@ -83,6 +84,10 @@ const start = async () => {
         return await processAudit(config, argvMain)
       }
 
+      if (command === 'fingerprint') {
+        return await processFingerprint(config, argvMain)
+      }
+
       if (command === 'learn') {
         return processLearn()
       }

package/src/scaAnalysis/processServicesFlow.js

@@ -1,27 +1,59 @@
 const projectConfig = require('../commands/github/projectGroup')
 const scaServicesUpload = require('../scaAnalysis/common/scaServicesUpload')
+
+const trackProcess = async (analysis, config, reportSpinner) => {
+  await projectConfig.registerNewProjectGroup(config)
+  let projectId = await projectConfig.getProjectIdByOrg(config)
+  await projectConfig.registerProjectIdOnCliServices(config, projectId)
+  config.projectId = projectId
+  return await scaServicesUpload.scaTreeUpload(analysis, config, reportSpinner)
+}
+
+const repoProcess = async (analysis, config, reportSpinner) => {
+  let repoInfo = repoService.retrieveRepoId(config)
+  if (repoInfo.repoId === '') {
+    repoInfo = repoService.registerRepo(config)
+  }
+  await projectConfig.registerProjectIdOnCliServices(config, repoInfo.projectId)
+  return repoInfo
+}
+
+const dealWithNoProjectId = async (analysis, config, reportSpinner) => {
+  // if (config.repo === '') {
+  //   return repoProcess(analysis, config, reportSpinner)
+  // }
+  if (config.track) {
+    return trackProcess(analysis, config, reportSpinner)
+  }
+
+  if (!config.track) {
+    return await scaServicesUpload.noProjectUpload(
+      analysis,
+      config,
+      reportSpinner
+    )
+  }
+}
+
 const processUpload = async (analysis, config, reportSpinner) => {
+  //  if repo but no repoId -> RegisterRepo -> GroupProjectFlow THEN scaTreeUpload
+  //  if cli tracked but no projectId -> registerNewProjectGroup THEN scaTreeUpload
+  //  if cli not tracked and no projectID -> noProjectUpload
+  //  if cli not tracked and projectID -> scaTreeUpload}
   let projectId = await projectConfig.getProjectIdByOrg(config)
 
   if (projectId === '') {
-    if (config.track === true) {
-      await projectConfig.registerNewProjectGroup(config)
-      projectId = await projectConfig.getProjectIdByOrg(config)
-    }
-
-    if (config.track === false || config.track === undefined) {
-      return await scaServicesUpload.noProjectUpload(
-        analysis,
-        config,
-        reportSpinner
-      )
-    }
+    return dealWithNoProjectId(analysis, config, reportSpinner)
   }
 
-  await projectConfig.registerProjectIdOnCliServices(config, projectId)
-  config.projectId = projectId
-
-  return await scaServicesUpload.scaTreeUpload(analysis, config, reportSpinner)
+  if (projectId) {
+    config.projectId = projectId
+    return await scaServicesUpload.scaTreeUpload(
+      analysis,
+      config,
+      reportSpinner
+    )
+  }
 }
 
 module.exports = {

package/src/scan/autoDetection.js

@@ -3,13 +3,17 @@ const fileFinder = require('./fileUtils')
 const {
   supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET }
 } = require('../constants/constants')
-const autoDetectFingerprintInfo = async (filePath, depth) => {
+const autoDetectFingerprintInfo = async (filePath, depth, config) => {
   let complexObj = await fileFinder.findAllFiles(filePath, depth)
   let result = []
   let count = 0
   complexObj.forEach(i => {
     count++
-    result.push({ filePath: i, id: count.toString() })
+    result.push({
+      filePath: i,
+      id: count.toString(),
+      repositoryId: config.repositoryId
+    })
   })
 
   return result
@@ -29,7 +33,7 @@ const detectPackageManager = async array => {
       i['language'] = JAVA
       i['packageManager'] = 'GRADLE'
     }
-    if (i.filePath.includes('package.json')) {
+    if (i.filePath.includes('package-lock.json')) {
       i['language'] = JAVASCRIPT
       i['packageManager'] = 'NPM'
     }