@contrast/contrast 2.0.0 → 2.0.2-beta.0

package/dist/audit/report/reportingFeature.js

@@ -29,6 +29,7 @@ const reportUtils_1 = require("./utils/reportUtils");
 const constants = __importStar(require("../../constants/constants"));
 const severityCountModel_1 = require("./models/severityCountModel");
 const common = __importStar(require("../../common/fail"));
+const save_1 = require("../save");
 function convertKeysToStandardFormat(config, guidance) {
     let convertedGuidance = guidance;
     switch (config.language) {
@@ -83,6 +84,12 @@ async function vulnerabilityReportV2(config, reportId) {
         const output = formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config, reportResponse.remediationGuidance
             ? reportResponse.remediationGuidance
             : {});
+        if (config.save !== undefined) {
+            await (0, save_1.auditSave)(config);
+        }
+        else {
+            console.log('\nUse contrast audit --save to generate an SBOM');
+        }
         if (config.fail) {
             common.processFail(config, output[2]);
         }

package/dist/cliConstants.js

@@ -365,6 +365,7 @@ const auditOptionDefinitions = [
         name: 'legacy',
         alias: 'l',
         type: Boolean,
+        defaultValue: false,
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}:' +
@@ -377,6 +378,16 @@ const auditOptionDefinitions = [
             i18n.__('constantsOptional') +
             '}:' +
             i18n.__('auditOptionsRepoSummary')
+    },
+    {
+        name: 'repository-id',
+        type: String,
+        description: ''
+    },
+    {
+        name: 'project-group-id',
+        type: String,
+        description: ''
     }
 ];
 const fingerprintOptionDefinitions = [
@@ -387,7 +398,17 @@ const fingerprintOptionDefinitions = [
         description: '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('depthOption')
     },
     {
-        name: 'repoUrl',
+        name: 'repository-url',
+        type: String,
+        description: ''
+    },
+    {
+        name: 'external-id',
+        type: String,
+        description: ''
+    },
+    {
+        name: 'repository-name',
         type: String,
         description: ''
     }

package/dist/commands/audit/help.js

@@ -53,10 +53,8 @@ const auditUsageGuide = commandLineUsage([
             'language',
             'app-groups',
             'metadata',
-            'fingerprint',
             'branch',
-            'repo',
-            'name'
+            'repo'
         ]
     },
     {

package/dist/commands/audit/processAudit.js

@@ -4,14 +4,12 @@ const { auditUsageGuide } = require('./help');
 const scaController = require('../../scaAnalysis/scaAnalysis');
 const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry');
 const { postRunMessage } = require('../../common/commonHelp');
-const settingsHelper = require('../../utils/settingsHelper');
 const processAudit = async (contrastConf, argvMain) => {
     if (argvMain.indexOf('--help') !== -1) {
         printHelpMessage();
         process.exit(0);
     }
     let config = await auditConfig.getAuditConfig(contrastConf, 'audit', argvMain);
-    config = await settingsHelper.getSettings(config);
     await scaController.processSca(config);
     if (!config.fingerprint) {
         postRunMessage('audit');

package/dist/commands/github/fingerprintConfig.js

@@ -3,8 +3,9 @@ const parsedCLIOptions = require('../../utils/parsedCLIOptions');
 const constants = require('../../cliConstants');
 const paramHandler = require('../../utils/paramsUtil/paramHandler');
 const getFingerprintConfig = async (contrastConf, command, argv) => {
-    const fingerprintParameters = await parsedCLIOptions.getCommandLineArgsCustom(contrastConf, command, argv, constants.commandLineDefinitions.fingerprintOptionDefinitions);
+    let fingerprintParameters = await parsedCLIOptions.getCommandLineArgsCustom(contrastConf, command, argv, constants.commandLineDefinitions.fingerprintOptionDefinitions);
     const paramsAuth = paramHandler.getAuth(fingerprintParameters);
+    fingerprintParameters = paramHandler.getFingerprint(fingerprintParameters);
     return { ...paramsAuth, ...fingerprintParameters };
 };
 module.exports = {

package/dist/commands/github/processFingerprint.js

@@ -0,0 +1,28 @@
+"use strict";
+const fingerprintConfig = require('./fingerprintConfig');
+const repoServices = require('./repoServices');
+const autoDetection = require('../../scan/autoDetection');
+const saveResults = require('../../scan/saveResults');
+const projectConfig = require('./projectGroup');
+const processFingerprint = async (contrastConf, argvMain) => {
+    let config = await fingerprintConfig.getFingerprintConfig(contrastConf, 'fingerprint', argvMain);
+    config.repositoryId = await repoServices.getRepoId(config);
+    if (config.repositoryId !== '') {
+        config.projectGroupId = await projectConfig.getProjectGroupId(config);
+        let fingerprint = await autoDetection.autoDetectFingerprintInfo(config.file, config.depth, config);
+        if (fingerprint.length === 0) {
+            console.log('No supported manifests found');
+            process.exit(0);
+        }
+        let idArray = fingerprint.map(x => x.id);
+        await saveResults.writeResultsToFile(fingerprint, 'fingerPrintInfo.json');
+        return console.log(idArray);
+    }
+    else {
+        console.log('No repository Id found');
+        process.exit(1);
+    }
+};
+module.exports = {
+    processFingerprint: processFingerprint
+};

package/dist/commands/github/projectGroup.js

@@ -11,16 +11,40 @@ const getProjectIdByOrg = async (config) => {
     }
     return projectId;
 };
-const registerNewProjectGroup = async (config) => {
-    let projectId = '';
+const createNewProjectGroupBody = async (config) => {
     let body = {
-        organizationId: config.organizationId,
-        name: config.name ? config.name : config.file,
-        repositoryId: null,
-        type: 'CLI'
+        organizationId: config.organizationId
     };
+    if (config.repo || config?.repositoryId) {
+        body.repositoryId = config.repositoryId;
+        body.type = 'REPOSITORY';
+        body.name = getProjectGroupNameRepo(config);
+    }
+    else {
+        body.repositoryId = null;
+        body.type = 'CLI';
+        body.name = getProjectGroupNameCLI(config);
+    }
+    return body;
+};
+const getProjectGroupNameRepo = config => {
+    return config.repositoryName;
+};
+const getProjectGroupNameCLI = config => {
+    return config.name ? config.name : config.file;
+};
+const getProjectName = config => {
+    return config.name ? config.name : config.fileName;
+};
+const registerNewProjectGroup = async (config) => {
+    let body = await createNewProjectGroupBody(config);
     const client = await commonApi.getHttpClient(config);
-    body.projects = createProjects([config]);
+    if (config.repositoryId) {
+        body.projects = [];
+    }
+    else {
+        body.projects = createProjectsArray([config]);
+    }
     let projectGroupInfo = await client
         .registerProjectGroup(config, body)
         .then(res => {
@@ -37,7 +61,7 @@ const registerNewProjectGroup = async (config) => {
             return res?.body?.projectGroupId;
         }
         if (res.statusCode === 409) {
-            return [];
+            return '';
         }
     })
         .catch(err => {
@@ -46,53 +70,94 @@ const registerNewProjectGroup = async (config) => {
     });
     return projectGroupInfo;
 };
-const createProjects = params => {
+const createProjectsArray = params => {
     let projectsArray = [];
     let projects = {};
     params.forEach(param => {
-        projects = {
-            path: param.file,
-            name: param.name ? param.name : param.file,
-            source: 'SCA',
-            language: param.language,
-            packageManager: 'MAVEN',
-            target: 'SCA',
-            sourceId: ''
-        };
+        projects = createProject(param);
         projectsArray.push(projects);
     });
     return projectsArray;
 };
+const createProject = param => {
+    return {
+        path: param.fileName,
+        name: param.repo ? param.fileName : getProjectName(param),
+        source: 'SCA',
+        language: param.language,
+        packageManager: param.packageManager,
+        target: 'SCA',
+        sourceId: ''
+    };
+};
 const getExistingGroupProjectId = (config, projectGroupsInfoEx) => {
     let existingGroupProjectId = '';
     projectGroupsInfoEx.forEach(i => {
-        if (i.name === config.name) {
+        if (i.repositoryId === config.repositoryId) {
             existingGroupProjectId = i.projectGroupId;
         }
     });
     return existingGroupProjectId;
 };
 const getProjectIdFromArray = (config, array) => {
-    let projectId = '';
-    array?.forEach(i => {
-        if (i.name === config.name) {
-            projectId = i.projectId;
+    if (array.length === 1) {
+        return array[0].projectId;
+    }
+    if (config.name) {
+        for (const i of array) {
+            if (i.name === config.name)
+                return i.projectId;
         }
-    });
-    return projectId;
+    }
+    for (const i of array) {
+        if (i.name === config.fileName)
+            return i.projectId;
+    }
+    return '';
+};
+const addAdditionalData = (body, data) => {
+    body.projectGroupId = data.projectGroupId ? data.projectGroupId : null;
+    body.projectGroupName = data.projectGroupName ? data.projectGroupName : null;
+    body.projectLanguage = data.projectLanguage ? data.projectLanguage : null;
+    body.projectType = data.projectType ? data.projectType : null;
 };
-const registerProjectIdOnCliServices = async (config, projectId) => {
+const registerProjectIdOnCliServices = async (config, projectId, additionalData = undefined) => {
     const client = commonApi.getHttpClient(config);
     let cliServicesBody = {
         projectId: projectId,
-        name: config.name
+        name: config.repo ? config.fileName : getProjectName(config)
     };
+    if (additionalData) {
+        addAdditionalData(cliServicesBody, additionalData);
+    }
     let result = await client
         .registerOnCliServices(config, cliServicesBody)
         .then(res => {
         if (config.debug || config.verbose) {
             console.log('\nregistration on cli services');
+            console.log('request body', cliServicesBody);
+            console.log('response code', res.statusCode);
+        }
+        if (res.statusCode === 201 || res.statusCode === 200) {
+            return res.body;
+        }
+        else {
+            console.log('Failed to Register On Cli Services');
+            console.log(res.statusCode);
+            process.exit(1);
+        }
+    });
+    return result;
+};
+const registerProjectWithGroupProjectId = async (config) => {
+    const client = commonApi.getHttpClient(config);
+    config.language = config.language === 'NODE' ? 'JAVASCRIPT' : config.language;
+    let body = createProject(config);
+    let result = await client.registerProject(config, body).then(res => {
+        if (config.debug || config.verbose) {
+            console.log('\nregister Project With Group ProjectId');
             console.log(res.statusCode);
+            console.log(res.body);
         }
         if (res.statusCode === 201 || res.statusCode === 200) {
             return res.body;
@@ -104,7 +169,7 @@ const registerProjectIdOnCliServices = async (config, projectId) => {
     return result;
 };
 const retrieveExistingProjectIdWithProjectGroupId = async (config, client, projectGroupId) => {
-    let groups = await client
+    return await client
         .retrieveExistingProjectIdByProjectGroupId(config, projectGroupId)
         .then(res => {
         if (config.debug || config.verbose) {
@@ -116,10 +181,9 @@ const retrieveExistingProjectIdWithProjectGroupId = async (config, client, proje
             return res.body;
         }
         else {
-            return [];
+            return '';
         }
     });
-    return getProjectIdFromArray(config, groups);
 };
 const retrieveProjectByOrganization = async (config, client) => {
     return await client.retrieveProjectByOrganizationId(config).then(res => {
@@ -136,16 +200,36 @@ const retrieveProjectByOrganization = async (config, client) => {
         }
     });
 };
-const retrieveExistingProjectGroups = async (config, client) => {
+const retrieveExistingProjectGroups = async (config) => {
+    const client = commonApi.getHttpClient(config);
     return await client.retrieveExistingProjectGroupsByOrg(config).then(res => {
+        if (config.debug || config.verbose) {
+            console.log('retrieve Existing ProjectGroups By Org');
+            console.log(res.statusCode);
+            console.log(res.body);
+        }
         if (res.statusCode === 201 || res.statusCode === 200) {
-            return res.body;
+            let correctGroupID = res?.body?.filter(i => i.repositoryId === config.repositoryId);
+            if (correctGroupID.length > 0) {
+                return correctGroupID[0].projectGroupId;
+            }
+            return '';
         }
         else {
-            return [];
+            return '';
         }
     });
 };
+const getProjectGroupId = async (config) => {
+    let projectGroupId = '';
+    if (config.projectGroupId === '' || config.projectGroupId === undefined) {
+        projectGroupId = await retrieveExistingProjectGroups(config);
+    }
+    if (projectGroupId === '') {
+        projectGroupId = await registerNewProjectGroup(config);
+    }
+    return projectGroupId;
+};
 const dealWithNoName = async (config) => {
     try {
         config.name = getAppName(config.file);
@@ -160,5 +244,11 @@ module.exports = {
     getProjectIdByOrg,
     registerProjectIdOnCliServices,
     dealWithNoName,
-    registerNewProjectGroup
+    registerNewProjectGroup,
+    createNewProjectGroupBody,
+    registerProjectWithGroupProjectId,
+    getExistingGroupProjectId,
+    getProjectGroupId,
+    retrieveExistingProjectGroups,
+    createProject
 };

package/dist/commands/github/repoServices.js

@@ -0,0 +1,108 @@
+"use strict";
+const commonApi = require('../../utils/commonApi');
+const retrieveRepoId = async (config) => {
+    const client = await commonApi.getHttpClient(config);
+    let repositoryId = await client
+        .retrieveRepoByOrgAndGitURL(config)
+        .then(res => {
+        if (config.debug || config.verbose) {
+            console.log('\nRetrieve RepoId By retrieveRepoByOrgAndGitURL');
+            console.log(res.statusCode);
+            console.log(res.body);
+        }
+        if (res.statusCode === 201 || res.statusCode === 200) {
+            return res.body.repositoryId;
+        }
+        else {
+            return '';
+        }
+    });
+    return repositoryId;
+};
+const registerNewRepo = async (config) => {
+    let body = {
+        externalScmUrl: config.repositoryUrl,
+        externalScmName: config.repositoryName,
+        externalId: config.externalId,
+        primaryLanguage: config.language,
+        defaultBranch: 'develop'
+    };
+    if (config.debug || config.verbose) {
+        console.log('registerNewRepo');
+        console.log(body);
+    }
+    const client = await commonApi.getHttpClient(config);
+    let result = await client
+        .registerRepo(config, body)
+        .then(res => {
+        if (config.debug || config.verbose) {
+            console.log('\nRegister Repository');
+            console.log(res.statusCode);
+            console.log(res.body);
+        }
+        if (res.statusCode === 201 || res.statusCode === 200) {
+            if (config.debug || config.verbose) {
+                console.log('registerRepository - response');
+                console.log('response', res.body);
+            }
+            return res?.body?.repositoryId;
+        }
+        if (res.statusCode === 409) {
+            return '';
+        }
+        if (res.statusCode === 400) {
+            if (config.debug || config.verbose) {
+                console.log('\nError Registering Repository - Bad request');
+                console.log(res.statusCode);
+                console.log(res.message);
+            }
+            process.exit(1);
+        }
+    })
+        .catch(err => {
+        console.log('\nError Registering Repository');
+        console.log(err.statusCode);
+        console.log(err.message);
+        process.exit(1);
+    });
+    return result;
+};
+const retrieveProjectInfoViaRepoId = async (config) => {
+    const client = await commonApi.getHttpClient(config);
+    let result = await client
+        .retrieveProjectByRepoId(config)
+        .then(res => {
+        if (config.debug || config.verbose) {
+            console.log('\nRetrieve Project By RepoId');
+            console.log(res.statusCode);
+            console.log(res.body);
+        }
+        if (res.statusCode === 201 || res.statusCode === 200) {
+            return res?.body;
+        }
+        if (res.statusCode === 409) {
+            return [];
+        }
+    })
+        .catch(err => {
+        console.log('\nError Retrieve Project By RepoId');
+        console.log(err.statusCode);
+    });
+    return result;
+};
+const getRepoId = async (config) => {
+    let repoId = '';
+    if (config.repositoryId === '' || config.repositoryId === undefined) {
+        repoId = await retrieveRepoId(config);
+    }
+    if (repoId === '') {
+        repoId = await registerNewRepo(config);
+    }
+    return repoId;
+};
+module.exports = {
+    retrieveRepoId,
+    registerNewRepo,
+    getRepoId,
+    retrieveProjectInfoViaRepoId
+};

package/dist/common/HTTPClient.js

@@ -171,11 +171,6 @@ HTTPClient.prototype.scaServiceIngest = function scaServiceIngest(requestBody, c
     let url = createScaServiceIngestURL(config);
     options.url = url;
     options.body = requestBody;
-    if (config.debug || config.verbose) {
-        console.log('scaServiceIngest');
-        console.log('url', options.url);
-        console.log('body', options.body);
-    }
     return requestUtils.sendRequest({ method: 'post', options });
 };
 HTTPClient.prototype.noProjectIdUpload = function scaServiceIngest(requestBody, config) {
@@ -257,6 +252,13 @@ HTTPClient.prototype.registerRepo = function registerRepo(config, requestBody) {
     options.body = requestBody;
     return requestUtils.sendRequest({ method: 'post', options });
 };
+HTTPClient.prototype.retrieveProjectByRepoId = function retrieveProjectByRepoId(config, requestBody) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createRepoProjectUrl(config);
+    options.url = url;
+    options.body = requestBody;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
 HTTPClient.prototype.registerProjectGroup = function (config, requestBody) {
     const options = _.cloneDeep(this.requestOptions);
     let url = registerProjectGroupUrl(config);
@@ -265,15 +267,15 @@ HTTPClient.prototype.registerProjectGroup = function (config, requestBody) {
     if (config.debug || config.verbose) {
         console.log('registerProjectGroup');
         console.log('url', options.url);
-        console.log('body', options.body);
     }
     return requestUtils.sendRequest({ method: 'post', options });
 };
-HTTPClient.prototype.registerProject = function (config, projectGroupId) {
+HTTPClient.prototype.registerProject = function (config, body) {
     const options = _.cloneDeep(this.requestOptions);
-    let url = registerProjectUrl(config, projectGroupId);
+    let url = registerProjectUrl(config);
     options.url = url;
-    return requestUtils.sendRequest({ method: 'get', options });
+    options.body = body;
+    return requestUtils.sendRequest({ method: 'post', options });
 };
 HTTPClient.prototype.retrieveSourcesViaRepositoryId = function (config, repositoryId) {
     const options = _.cloneDeep(this.requestOptions);
@@ -303,12 +305,21 @@ HTTPClient.prototype.retrieveProjectByOrganizationId = function registerRepo(con
     const options = _.cloneDeep(this.requestOptions);
     let url = retrieveProjectByOrganizationIdUrl(config);
     options.url = url;
+    if (config.debug || config.verbose) {
+        console.log(url);
+    }
     return requestUtils.sendRequest({ method: 'get', options });
 };
 HTTPClient.prototype.retrieveExistingProjectGroupsByOrg = function registerRepo(config) {
     const options = _.cloneDeep(this.requestOptions);
-    let url = retrieveExistingGroupProjectsByOrgUrl(config);
+    let url = retrieveExistingGroupProjectsByOrgUrl(config) +
+        '?name=' +
+        config.repositoryName +
+        '&type=REPOSITORY';
     options.url = url;
+    if (config.debug || config.verbose) {
+        console.log(options.url);
+    }
     return requestUtils.sendRequest({ method: 'get', options });
 };
 HTTPClient.prototype.retrieveExistingProjectIdByProjectGroupId =
@@ -450,14 +461,16 @@ function createScaServiceReportStatusURL(config, reportId) {
     return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/${reportId}/status`;
 }
 function createScaServiceNoProjectIdURL(config) {
-    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/tree${config.repo ? '?incomplete=true' : ''}`;
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/tree${config.repo && config.language === 'JAVA?' ? 'incomplete=true' : ''}`;
 }
 function createScaServiceHealthURL(config) {
     return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/health`;
 }
 function createScaServiceIngestURL(config) {
     let optionalParams = [];
-    config.repo ? optionalParams.push('incomplete=true') : null;
+    config.repo && config.language === 'JAVA'
+        ? optionalParams.push('incomplete=true')
+        : null;
     config.track ? optionalParams.push('persist=true') : null;
     let params = '?';
     optionalParams.forEach(param => {
@@ -479,8 +492,8 @@ const createAppNameUrl = config => {
 const registerProjectGroupUrl = config => {
     return `${config.host}/api/v4/organizations/${config.organizationId}/project-groups`;
 };
-const registerProjectUrl = (config, projectGroupId) => {
-    return `${config.host}/api/v4/organizations/${config.organizationId}/project-groups/${projectGroupId}/projects`;
+const registerProjectUrl = config => {
+    return `${config.host}/api/v4/organizations/${config.organizationId}/project-groups/${config.projectGroupId}/projects`;
 };
 const retrieveRegisterOnCliServicesUrl = config => {
     return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/projects`;
@@ -489,15 +502,20 @@ const retrieveSourcesUrl = (config, repositoryId) => {
     return `${config.host}/projects/v1/repositories/${repositoryId}/sources`;
 };
 const retrieveRepoByOrgAndGitURL = config => {
-    return `${config.host}/api/v4/organizations/${config.organizationId}/repository`;
+    return `${config.host}/api/v4/organizations/${config.organizationId}/repositories/external-url?externalRepoUrl=${config.repositoryUrl}`;
 };
 const retrieveProjectByOrganizationIdUrl = config => {
     let baseUrl = `${config.host}/api/v4/organizations/${config.organizationId}/projects`;
-    baseUrl = config.name ? baseUrl.concat(`?name=${config.name}`) : baseUrl;
+    baseUrl = config.name
+        ? baseUrl.concat(`?name=${config.name}`)
+        : baseUrl.concat(`?name=${config.fileName}`);
     baseUrl = config.language
         ? baseUrl.concat(`&language=${config.language}`)
         : baseUrl;
     baseUrl = config.language ? baseUrl.concat(`&source=SCA`) : baseUrl;
+    baseUrl = config.repo
+        ? baseUrl.concat(`&type=REPOSITORY`)
+        : baseUrl.concat(`&type=CLI`);
     return baseUrl;
 };
 const retrieveExistingGroupProjectsByOrgUrl = config => {
@@ -510,7 +528,10 @@ const retrieveExistingRepoUrl = config => {
     return `${config.host}/projects/v4/organizations/${config.organizationId}/repositories`;
 };
 function createRepositoryUrl(config) {
-    return `${config.host}/projects/v1/repositories`;
+    return `${config.host}/api/v4/organizations/${config.organizationId}/repositories`;
+}
+function createRepoProjectUrl(config) {
+    return `${config.host}/api/v4/organizations/${config.organizationId}/repositories/${config.repositoryId}/projects`;
 }
 function createLibraryVulnerabilitiesUrl(config) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`;