@contrast/contrast 2.0.2-beta.0 → 2.0.2-beta.10

package/README.md

@@ -1,6 +1,7 @@
 # Contrast CLI
 
-Use the ‘contrast’ command for fast and accurate security analysis of your applications, APIs, serverless functions, and libraries.
+Use the ‘contrast’ command for fast and accurate security analysis of your applications, APIs,
+serverless functions, and libraries.
 
 ## Supported
 

package/dist/assess/assessConfig.js

@@ -0,0 +1,9 @@
+import { getCommandLineArgsCustom } from '../utils/parsedCLIOptions.js';
+import { commandLineDefinitions } from '../cliConstants.js';
+import { getAuth } from '../utils/paramsUtil/paramHandler.js';
+export const getAssessConfig = async (contrastConf, command, argv) => {
+    const auditParameters = await getCommandLineArgsCustom(contrastConf, command, argv, commandLineDefinitions.assessOptionDefinitions);
+    const paramsAuth = getAuth(auditParameters);
+    return { ...paramsAuth, ...auditParameters };
+};
+//# sourceMappingURL=assessConfig.js.map

package/dist/assess/assessConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"assessConfig.js","sourceRoot":"","sources":["../../src/assess/assessConfig.js"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAA;AACvE,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAA;AAC3D,OAAO,EAAE,OAAO,EAAE,MAAM,qCAAqC,CAAA;AAE7D,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACnE,MAAM,eAAe,GAAG,MAAM,wBAAwB,CACpD,YAAY,EACZ,OAAO,EACP,IAAI,EACJ,sBAAsB,CAAC,uBAAuB,CAC/C,CAAA;IACD,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,CAAA;IAC3C,OAAO,EAAE,GAAG,UAAU,EAAE,GAAG,eAAe,EAAE,CAAA;AAC9C,CAAC,CAAA"}

package/dist/assess/help.js

@@ -0,0 +1,37 @@
+import commandLineUsage from 'command-line-usage';
+import i18n from 'i18n';
+import { commandLineDefinitions } from '../cliConstants.js';
+import { commonHelpLinks } from '../common/commonHelp.js';
+export const assessUsageGuide = commandLineUsage([
+    {
+        header: i18n.__('constantsHeader')
+    },
+    {
+        header: i18n.__('assessHeader')
+    },
+    {
+        header: i18n.__('constantsAssessOptions'),
+        optionList: commandLineDefinitions.assessOptionDefinitions,
+        hide: [
+            'project-id',
+            'organization-id',
+            'api-key',
+            'authorization',
+            'host',
+            'proxy',
+            'help',
+            'ff',
+            'cert-self-signed',
+            'key',
+            'cacert',
+            'cert',
+            'verbose',
+            'debug',
+            'experimental'
+        ]
+    },
+    commonHelpLinks()[0],
+    commonHelpLinks()[1],
+    commonHelpLinks()[2]
+]);
+//# sourceMappingURL=help.js.map

package/dist/assess/help.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"help.js","sourceRoot":"","sources":["../../src/assess/help.js"],"names":[],"mappings":"AAAA,OAAO,gBAAgB,MAAM,oBAAoB,CAAA;AACjD,OAAO,IAAI,MAAM,MAAM,CAAA;AACvB,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAA;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAA;AAEzD,MAAM,CAAC,MAAM,gBAAgB,GAAG,gBAAgB,CAAC;IAC/C;QACE,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC,iBAAiB,CAAC;KACnC;IACD;QACE,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC;KAChC;IACD;QACE,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC,wBAAwB,CAAC;QACzC,UAAU,EAAE,sBAAsB,CAAC,uBAAuB;QAC1D,IAAI,EAAE;YACJ,YAAY;YACZ,iBAAiB;YACjB,SAAS;YACT,eAAe;YACf,MAAM;YACN,OAAO;YACP,MAAM;YACN,IAAI;YACJ,kBAAkB;YAClB,KAAK;YACL,QAAQ;YACR,MAAM;YACN,SAAS;YACT,OAAO;YACP,cAAc;SACf;KACF;IACD,eAAe,EAAE,CAAC,CAAC,CAAC;IACpB,eAAe,EAAE,CAAC,CAAC,CAAC;IACpB,eAAe,EAAE,CAAC,CAAC,CAAC;CACrB,CAAC,CAAA"}

package/dist/assess/http/index.js

@@ -0,0 +1,39 @@
+import { getHttpClient } from '../../utils/commonApi.js';
+import { returnOra, startSpinner, succeedSpinner } from '../../utils/oraWrapper.js';
+import { sleep } from '../../utils/requestUtils.js';
+const TEAM_SERVER_REQUEST_DELAY = 3000; // add a 3 second delay
+export const createClient = config => getHttpClient(config);
+export const getInstanceFromMetadataFilter = async (httpClient, buildNumber, applicationId, hasLoggedMessage = false, oraMessage) => {
+    const instanceGuid = await httpClient.getInstanceFromMetadataFilter(buildNumber, applicationId);
+    const sessionRegistration = oraMessage || returnOra('Waiting for the session to be created.');
+    if (!instanceGuid.body.agentSessions[0]?.agentSessionId) {
+        if (!hasLoggedMessage) {
+            startSpinner(sessionRegistration);
+            hasLoggedMessage = true;
+        }
+        await sleep(TEAM_SERVER_REQUEST_DELAY);
+        return getInstanceFromMetadataFilter(httpClient, buildNumber, applicationId, hasLoggedMessage, sessionRegistration);
+    }
+    succeedSpinner(sessionRegistration, 'Session created.');
+    return instanceGuid.body.agentSessions[0].agentSessionId;
+};
+export const getAppId = async (httpClient, config, hasLoggedMessage = false, oraMessage) => {
+    const res = await httpClient.getAppId(config);
+    const applicationRegistration = oraMessage ||
+        returnOra('Contrast Assess started, waiting for the application to be registered.');
+    if (res.body) {
+        let obj = res.body.applications;
+        if (obj.length > 0) {
+            succeedSpinner(applicationRegistration, 'Application registered.');
+            return obj[0].app_id;
+        }
+        if (!hasLoggedMessage) {
+            startSpinner(applicationRegistration);
+            hasLoggedMessage = true;
+        }
+        await sleep(TEAM_SERVER_REQUEST_DELAY);
+        return getAppId(httpClient, config, hasLoggedMessage, applicationRegistration);
+    }
+    return null;
+};
+//# sourceMappingURL=index.js.map

package/dist/assess/http/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/assess/http/index.js"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAA;AACxD,OAAO,EACL,SAAS,EACT,YAAY,EACZ,cAAc,EACf,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAA;AAEnD,MAAM,yBAAyB,GAAG,IAAI,CAAA,CAAC,uBAAuB;AAE9D,MAAM,CAAC,MAAM,YAAY,GAAG,MAAM,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,CAAA;AAE3D,MAAM,CAAC,MAAM,6BAA6B,GAAG,KAAK,EAChD,UAAU,EACV,WAAW,EACX,aAAa,EACb,gBAAgB,GAAG,KAAK,EACxB,UAAU,EACV,EAAE;IACF,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,6BAA6B,CACjE,WAAW,EACX,aAAa,CACd,CAAA;IACD,MAAM,mBAAmB,GACvB,UAAU,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAA;IAEnE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE;QACvD,IAAI,CAAC,gBAAgB,EAAE;YACrB,YAAY,CAAC,mBAAmB,CAAC,CAAA;YACjC,gBAAgB,GAAG,IAAI,CAAA;SACxB;QAED,MAAM,KAAK,CAAC,yBAAyB,CAAC,CAAA;QACtC,OAAO,6BAA6B,CAClC,UAAU,EACV,WAAW,EACX,aAAa,EACb,gBAAgB,EAChB,mBAAmB,CACpB,CAAA;KACF;IAED,cAAc,CAAC,mBAAmB,EAAE,kBAAkB,CAAC,CAAA;IACvD,OAAO,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,cAAc,CAAA;AAC1D,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,KAAK,EAC3B,UAAU,EACV,MAAM,EACN,gBAAgB,GAAG,KAAK,EACxB,UAAU,EACV,EAAE;IACF,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;IAC7C,MAAM,uBAAuB,GAC3B,UAAU;QACV,SAAS,CACP,wEAAwE,CACzE,CAAA;IAEH,IAAI,GAAG,CAAC,IAAI,EAAE;QACZ,IAAI,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,YAAY,CAAA;QAC/B,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE;YAClB,cAAc,CAAC,uBAAuB,EAAE,yBAAyB,CAAC,CAAA;YAClE,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA;SACrB;QAED,IAAI,CAAC,gBAAgB,EAAE;YACrB,YAAY,CAAC,uBAAuB,CAAC,CAAA;YACrC,gBAAgB,GAAG,IAAI,CAAA;SACxB;QAED,MAAM,KAAK,CAAC,yBAAyB,CAAC,CAAA;QACtC,OAAO,QAAQ,CACb,UAAU,EACV,MAAM,EACN,gBAAgB,EAChB,uBAAuB,CACxB,CAAA;KACF;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CAAA"}

package/dist/assess/index.js

@@ -0,0 +1,69 @@
+import { createClient, getInstanceFromMetadataFilter, getAppId } from './http/index.js';
+import { getAssessConfig } from './assessConfig.js';
+import { printVulnerability } from './printing/index.js';
+import { emptyListSpinner } from './printing/utils.js';
+import { retrieveAndSetAgentCredentials } from './metadata/index.js';
+import { getBuildNumber } from './metadata/utils.js';
+import { assessUsageGuide } from './help.js';
+const printedVulnerabilities = new Map();
+const { start: displayEmptyListMessage, stop: removeEmptyListMessage } = emptyListSpinner();
+export const processAssess = async (contrastConf, argvMain) => {
+    if (argvMain.indexOf('--help') !== -1) {
+        console.log(assessUsageGuide);
+        return process.exit(0);
+    }
+    /* Probably needs a little refactoring */
+    const config = await getAssessConfig(contrastConf, 'assess', argvMain);
+    const reportNotes = config.reportNotes;
+    const yamlData = await retrieveAndSetAgentCredentials(config);
+    const buildNumber = getBuildNumber(yamlData.application.session_metadata);
+    const applicationName = yamlData.application.name;
+    config.applicationName = applicationName;
+    const httpClient = createClient(config);
+    const applicationId = await getAppId(httpClient, config);
+    if (!applicationId) {
+        throw new Error('Something went wrong!');
+    }
+    const retrievedInstanceGuid = await getInstanceFromMetadataFilter(httpClient, buildNumber, applicationId);
+    return setAssessListener(httpClient, applicationId, retrievedInstanceGuid, reportNotes);
+};
+async function getVulnerabilitiesDetails(tailData, httpClient) {
+    return Promise.all(tailData.body.items.map(({ vulnerability }) => httpClient.getVulnerabilityDetails(vulnerability.uuid).then(details => {
+        vulnerability.details = details.body;
+        return vulnerability;
+    })));
+}
+async function printVulnerabilities(vulnerabilities, reportNotes) {
+    if (vulnerabilities.length === 0) {
+        displayEmptyListMessage();
+    }
+    vulnerabilities.forEach(vulnerability => {
+        if (printedVulnerabilities.has(vulnerability.uuid) ||
+            (vulnerability.severity === 'NOTE' && !reportNotes)) {
+            return;
+        }
+        removeEmptyListMessage();
+        printVulnerability(vulnerability, console.log);
+        printedVulnerabilities.set(vulnerability.uuid, true);
+    });
+}
+async function setAssessListener(httpClient, applicationId, retrievedInstanceGuid, reportNotes) {
+    return httpClient
+        .getAssessData(applicationId, retrievedInstanceGuid)
+        .then(tailData => {
+        if (tailData.statusCode !== 200) {
+            throw new Error('Something went wrong!');
+        }
+        return getVulnerabilitiesDetails(tailData, httpClient);
+    })
+        .then(vulnerabilities => printVulnerabilities(vulnerabilities, reportNotes))
+        .then(() => {
+        // Request data again
+        setTimeout(() => {
+            setAssessListener(httpClient, applicationId, retrievedInstanceGuid, reportNotes).catch(err => {
+                throw new Error(err);
+            });
+        }, 3000);
+    });
+}
+//# sourceMappingURL=index.js.map

package/dist/assess/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/assess/index.js"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,6BAA6B,EAC7B,QAAQ,EACT,MAAM,iBAAiB,CAAA;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACnD,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAA;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AACtD,OAAO,EAAE,8BAA8B,EAAE,MAAM,qBAAqB,CAAA;AACpE,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAA;AAE5C,MAAM,sBAAsB,GAAG,IAAI,GAAG,EAAE,CAAA;AAExC,MAAM,EAAE,KAAK,EAAE,uBAAuB,EAAE,IAAI,EAAE,sBAAsB,EAAE,GACpE,gBAAgB,EAAE,CAAA;AAEpB,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,EAAE;IAC5D,IAAI,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAA;QAC7B,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;KACvB;IAED,yCAAyC;IACzC,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,YAAY,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAA;IACtE,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAA;IAEtC,MAAM,QAAQ,GAAG,MAAM,8BAA8B,CAAC,MAAM,CAAC,CAAA;IAC7D,MAAM,WAAW,GAAG,cAAc,CAAC,QAAQ,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAA;IAEzE,MAAM,eAAe,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAA;IACjD,MAAM,CAAC,eAAe,GAAG,eAAe,CAAA;IAExC,MAAM,UAAU,GAAG,YAAY,CAAC,MAAM,CAAC,CAAA;IAEvC,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC,CAAA;IACxD,IAAI,CAAC,aAAa,EAAE;QAClB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;KACzC;IAED,MAAM,qBAAqB,GAAG,MAAM,6BAA6B,CAC/D,UAAU,EACV,WAAW,EACX,aAAa,CACd,CAAA;IAED,OAAO,iBAAiB,CACtB,UAAU,EACV,aAAa,EACb,qBAAqB,EACrB,WAAW,CACZ,CAAA;AACH,CAAC,CAAA;AAED,KAAK,UAAU,yBAAyB,CAAC,QAAQ,EAAE,UAAU;IAC3D,OAAO,OAAO,CAAC,GAAG,CAChB,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,aAAa,EAAE,EAAE,EAAE,CAC5C,UAAU,CAAC,uBAAuB,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QACpE,aAAa,CAAC,OAAO,GAAG,OAAO,CAAC,IAAI,CAAA;QACpC,OAAO,aAAa,CAAA;IACtB,CAAC,CAAC,CACH,CACF,CAAA;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,eAAe,EAAE,WAAW;IAC9D,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE;QAChC,uBAAuB,EAAE,CAAA;KAC1B;IAED,eAAe,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;QACtC,IACE,sBAAsB,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC;YAC9C,CAAC,aAAa,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,WAAW,CAAC,EACnD;YACA,OAAM;SACP;QAED,sBAAsB,EAAE,CAAA;QACxB,kBAAkB,CAAC,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,CAAA;QAC9C,sBAAsB,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;IACtD,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,UAAU,EACV,aAAa,EACb,qBAAqB,EACrB,WAAW;IAEX,OAAO,UAAU;SACd,aAAa,CAAC,aAAa,EAAE,qBAAqB,CAAC;SACnD,IAAI,CAAC,QAAQ,CAAC,EAAE;QACf,IAAI,QAAQ,CAAC,UAAU,KAAK,GAAG,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;SACzC;QAED,OAAO,yBAAyB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;IACxD,CAAC,CAAC;SACD,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,oBAAoB,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;SAC3E,IAAI,CAAC,GAAG,EAAE;QACT,qBAAqB;QACrB,UAAU,CAAC,GAAG,EAAE;YACd,iBAAiB,CACf,UAAU,EACV,aAAa,EACb,qBAAqB,EACrB,WAAW,CACZ,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;gBACZ,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAA;YACtB,CAAC,CAAC,CAAA;QACJ,CAAC,EAAE,IAAI,CAAC,CAAA;IACV,CAAC,CAAC,CAAA;AACN,CAAC"}

package/dist/assess/metadata/findYamlFile.js

@@ -0,0 +1,59 @@
+import fs from 'fs';
+import path from 'path';
+import { CONTRAST_FILE_NAME } from './utils.js';
+export function findContrastSecurityYaml(process) {
+    // Check for a contrast_security.yaml file in the current working directory
+    const currentDir = process.cwd();
+    const currentFile = path.join(currentDir, CONTRAST_FILE_NAME);
+    if (fs.existsSync(currentFile)) {
+        return currentFile;
+    }
+    // Check for a contrast_security.yaml file - Ruby on Rails
+    const rubyFilePath = path.join(currentDir, `./config/${CONTRAST_FILE_NAME}`);
+    if (fs.existsSync(rubyFilePath)) {
+        return rubyFilePath;
+    }
+    // Check for a contrast_security.yaml file - Django
+    const djangoFilePath = path.join(currentDir, `./settings/${CONTRAST_FILE_NAME}`);
+    if (fs.existsSync(djangoFilePath)) {
+        return djangoFilePath;
+    }
+    // Check for a contrast_security.yaml file in an agent-specific configuration directory
+    const agentName = getAgentName(process);
+    const agentConfigDir = getAgentConfigDir(agentName, process);
+    if (fs.existsSync(agentConfigDir)) {
+        return agentConfigDir;
+    }
+    // Check for a contrast_security.yaml file within the server's /etc/contrast directory
+    const serverFile = getServerConfigFile(process);
+    if (fs.existsSync(serverFile)) {
+        return serverFile;
+    }
+    return null;
+}
+function getAgentConfigDir(agentName, process) {
+    // Get the agent-specific configuration directory based on the current platform
+    if (process.platform === 'win32') {
+        return path.join(process.env.ProgramData, 'Contrast', agentName, CONTRAST_FILE_NAME);
+    }
+    else {
+        return path.join('/etc', 'contrast', agentName, CONTRAST_FILE_NAME);
+    }
+}
+function getServerConfigFile(process) {
+    // Get the server's configuration file based on the current platform
+    if (process.platform === 'win32') {
+        return path.join(process.env.ProgramData, 'Contrast', CONTRAST_FILE_NAME);
+    }
+    else {
+        return path.join('/etc/contrast/', CONTRAST_FILE_NAME);
+    }
+}
+function getAgentName(process) {
+    // You can use the agent's environment variable to get the agent name
+    // For example, for Node.js agent, you can use the CONTRAST__NAME environment variable
+    // For Java agent, you can use the CONTRAST__APPLICATION__NAME environment variable
+    // Here's an example of how you can get the agent name for the Node.js agent:
+    return process.env.CONTRAST__NAME || 'node';
+}
+//# sourceMappingURL=findYamlFile.js.map

package/dist/assess/metadata/findYamlFile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"findYamlFile.js","sourceRoot":"","sources":["../../../src/assess/metadata/findYamlFile.js"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,IAAI,CAAA;AACnB,OAAO,IAAI,MAAM,MAAM,CAAA;AACvB,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AAE/C,MAAM,UAAU,wBAAwB,CAAC,OAAO;IAC9C,2EAA2E;IAC3E,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,EAAE,CAAA;IAChC,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAA;IAC7D,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE;QAC9B,OAAO,WAAW,CAAA;KACnB;IAED,0DAA0D;IAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,kBAAkB,EAAE,CAAC,CAAA;IAC5E,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE;QAC/B,OAAO,YAAY,CAAA;KACpB;IAED,mDAAmD;IACnD,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAC9B,UAAU,EACV,cAAc,kBAAkB,EAAE,CACnC,CAAA;IACD,IAAI,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE;QACjC,OAAO,cAAc,CAAA;KACtB;IAED,uFAAuF;IACvF,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,CAAA;IACvC,MAAM,cAAc,GAAG,iBAAiB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;IAC5D,IAAI,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE;QACjC,OAAO,cAAc,CAAA;KACtB;IAED,sFAAsF;IACtF,MAAM,UAAU,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAA;IAC/C,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;QAC7B,OAAO,UAAU,CAAA;KAClB;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAS,EAAE,OAAO;IAC3C,+EAA+E;IAC/E,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,OAAO,IAAI,CAAC,IAAI,CACd,OAAO,CAAC,GAAG,CAAC,WAAW,EACvB,UAAU,EACV,SAAS,EACT,kBAAkB,CACnB,CAAA;KACF;SAAM;QACL,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,kBAAkB,CAAC,CAAA;KACpE;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAO;IAClC,oEAAoE;IACpE,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,UAAU,EAAE,kBAAkB,CAAC,CAAA;KAC1E;SAAM;QACL,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,CAAA;KACvD;AACH,CAAC;AAED,SAAS,YAAY,CAAC,OAAO;IAC3B,qEAAqE;IACrE,sFAAsF;IACtF,mFAAmF;IACnF,6EAA6E;IAC7E,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,MAAM,CAAA;AAC7C,CAAC"}

package/dist/assess/metadata/index.js

@@ -0,0 +1,37 @@
+import { createClient } from '../http/index.js';
+import fs from 'fs';
+import yaml from 'js-yaml';
+import { findContrastSecurityYaml } from './findYamlFile.js';
+import { saveYamlData, createYamlFile, isYamlFileCreated, normalizeYamlPath } from './utils.js';
+export const retrieveAndSetAgentCredentials = async (config) => {
+    const httpClient = createClient(config);
+    const agentCredentials = await httpClient.getAgentCredentials(config);
+    if (agentCredentials.body != null) {
+        const { configPath } = config;
+        let filePath;
+        if (configPath) {
+            if (isYamlFileCreated(configPath)) {
+                filePath = normalizeYamlPath(configPath);
+            }
+            else {
+                filePath = createYamlFile(configPath);
+            }
+        }
+        if (!filePath) {
+            filePath = await findContrastSecurityYaml(process);
+        }
+        if (!filePath) {
+            filePath = createYamlFile();
+        }
+        const yamlData = yaml.load(fs.readFileSync(filePath, 'utf8'));
+        saveYamlData(config.host, agentCredentials, yamlData, filePath);
+        // todo research on env vars below
+        // setting env vars is a nono, can only apply to the process within the app that sets them
+        // needs to be done in the shells config e.g. zshrc etc, not to be done by an app, can possible mess it up (netskope does it)
+        // order of export can matter as well depending on the apps in use by a user
+        // stick to yaml and keep it in directory cli is ran in or store it to a agent default location per system
+        return yamlData;
+    }
+    throw new Error('unable to retrieve agent credentials');
+};
+//# sourceMappingURL=index.js.map

package/dist/assess/metadata/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/assess/metadata/index.js"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,EAAE,MAAM,IAAI,CAAA;AACnB,OAAO,IAAI,MAAM,SAAS,CAAA;AAC1B,OAAO,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAA;AAC5D,OAAO,EACL,YAAY,EACZ,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EAClB,MAAM,YAAY,CAAA;AAEnB,MAAM,CAAC,MAAM,8BAA8B,GAAG,KAAK,EAAC,MAAM,EAAC,EAAE;IAC3D,MAAM,UAAU,GAAG,YAAY,CAAC,MAAM,CAAC,CAAA;IACvC,MAAM,gBAAgB,GAAG,MAAM,UAAU,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAA;IAErE,IAAI,gBAAgB,CAAC,IAAI,IAAI,IAAI,EAAE;QACjC,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,CAAA;QAC7B,IAAI,QAAQ,CAAA;QAEZ,IAAI,UAAU,EAAE;YACd,IAAI,iBAAiB,CAAC,UAAU,CAAC,EAAE;gBACjC,QAAQ,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAA;aACzC;iBAAM;gBACL,QAAQ,GAAG,cAAc,CAAC,UAAU,CAAC,CAAA;aACtC;SACF;QAED,IAAI,CAAC,QAAQ,EAAE;YACb,QAAQ,GAAG,MAAM,wBAAwB,CAAC,OAAO,CAAC,CAAA;SACnD;QAED,IAAI,CAAC,QAAQ,EAAE;YACb,QAAQ,GAAG,cAAc,EAAE,CAAA;SAC5B;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAA;QAC7D,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAA;QAE/D,kCAAkC;QAClC,0FAA0F;QAC1F,6HAA6H;QAC7H,4EAA4E;QAC5E,0GAA0G;QAE1G,OAAO,QAAQ,CAAA;KAChB;IAED,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;AACzD,CAAC,CAAA"}

package/dist/assess/metadata/utils.js

@@ -0,0 +1,159 @@
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import yaml from 'js-yaml';
+import { v4 as uuidv4 } from 'uuid';
+const API_URL_PATH = '/Contrast/';
+export const CONTRAST_FILE_NAME = 'contrast_security.yaml';
+export const winDirectory = () => path.join(process.env.ProgramData, 'Contrast');
+export const defaultDirectory = '/etc/contrast';
+export function getBuildNumber(str) {
+    return str
+        .split(',')
+        .find(kv => kv.startsWith('buildNumber='))
+        ?.split('=')[1];
+}
+function replaceBuildNumber(str, newBuildNumber) {
+    const pairs = str.split(',');
+    const buildNumberIndex = pairs.findIndex(pair => pair.startsWith('buildNumber='));
+    if (buildNumberIndex !== -1) {
+        pairs[buildNumberIndex] = `buildNumber=${newBuildNumber}`;
+    }
+    else {
+        pairs.push(`buildNumber=${newBuildNumber}`);
+    }
+    return pairs.filter(pair => pair !== '').join(',');
+}
+export function isDirectoryWriteable(directory) {
+    try {
+        fs.accessSync(directory, fs.constants.W_OK);
+    }
+    catch (err) {
+        return false;
+    }
+    return true;
+}
+function getDirname(pathStr) {
+    const parsedPath = path.parse(pathStr);
+    return parsedPath.ext ? parsedPath.dir : pathStr;
+}
+function getDirectory(configPath) {
+    const platform = os.platform();
+    const isWindows = platform === 'win32';
+    if (configPath) {
+        const directory = getDirname(configPath);
+        return {
+            directory,
+            isDefaultDirectory: isWindows
+                ? directory === winDirectory()
+                : directory === defaultDirectory
+        };
+    }
+    // Check the current platform and determine the directory to save the YAML file
+    if (isWindows) {
+        return {
+            directory: winDirectory(),
+            isDefaultDirectory: true
+        };
+    }
+    return {
+        directory: defaultDirectory,
+        isDefaultDirectory: true
+    };
+}
+export function isYamlFileCreated(configPath) {
+    const normalizedPath = normalizeYamlPath(configPath);
+    if (fs.existsSync(normalizedPath)) {
+        return true;
+    }
+    return false;
+}
+export function normalizeYamlPath(configPath) {
+    const { directory } = getDirectory(configPath);
+    return path.join(directory, CONTRAST_FILE_NAME);
+}
+export const createYamlFile = configPath => {
+    const { directory, isDefaultDirectory } = getDirectory(configPath);
+    if (!fs.existsSync(directory)) {
+        if (configPath && !isDefaultDirectory) {
+            throw new Error('The provided path does not exist!');
+        }
+        // The default directory doesn't exist, so we need to create it
+        try {
+            fs.mkdirSync(directory, { recursive: true });
+        }
+        catch (err) {
+            if (err.code === 'EACCES') {
+                throw new Error(`Permission denied: cannot write to ${directory}`);
+            }
+            throw new Error(err);
+        }
+    }
+    // Check if the directory is writable
+    if (!isDirectoryWriteable(directory)) {
+        throw new Error(`Permission denied: cannot write to ${directory}`);
+    }
+    const yamlData = yaml.dump({});
+    const filePath = path.join(directory, CONTRAST_FILE_NAME);
+    // Write the YAML data to a file
+    try {
+        fs.writeFileSync(filePath, yamlData, { flag: 'w+' });
+    }
+    catch (err) {
+        throw new Error(`Cannot write to file ${filePath}`);
+    }
+    return filePath;
+};
+export const saveYamlData = (host, agentCredentials, yamlData = {}, fileName) => {
+    yamlData.api = {
+        ...yamlData.api,
+        url: `${host}${API_URL_PATH}`,
+        api_key: agentCredentials.body.api_key,
+        service_key: agentCredentials.body.service_key,
+        user_name: agentCredentials.body.user_uid
+    };
+    yamlData.application = {
+        ...yamlData.application,
+        session_metadata: replaceBuildNumber(yamlData.application?.session_metadata || '', uuidv4())
+    };
+    yamlData.inventory = {
+        ...yamlData.inventory,
+        analyze_libraries: false
+    };
+    yamlData.agent = {
+        ...yamlData.agent,
+        diagnostics: {
+            ...yamlData.agent?.diagnostics,
+            enable: false
+        }
+    };
+    if (!yamlData.application.name) {
+        yamlData.application.name = 'ContrastAssessApplication';
+    }
+    yamlData.assess = {
+        ...yamlData.assess,
+        enable: true
+    };
+    yamlData.protect = {
+        ...yamlData.protect,
+        enable: false
+    };
+    try {
+        const filePath = path.resolve(fileName);
+        const dirPath = getDirname(filePath);
+        // Ensure the directory exists
+        fs.mkdirSync(dirPath, { recursive: true });
+        // Write the file
+        fs.writeFileSync(filePath, yaml.dump(yamlData), 'utf-8');
+    }
+    catch (err) {
+        if (err.code === 'EACCES') {
+            throw new Error(`Permission denied: cannot write to ${fileName}`);
+        }
+        else {
+            throw new Error(`Error saving YAML data to file ${fileName}: ${err}`);
+        }
+    }
+    return yamlData;
+};
+//# sourceMappingURL=utils.js.map

package/dist/assess/metadata/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/assess/metadata/utils.js"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,IAAI,CAAA;AACnB,OAAO,EAAE,MAAM,IAAI,CAAA;AACnB,OAAO,IAAI,MAAM,MAAM,CAAA;AACvB,OAAO,IAAI,MAAM,SAAS,CAAA;AAC1B,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAA;AAEnC,MAAM,YAAY,GAAG,YAAY,CAAA;AACjC,MAAM,CAAC,MAAM,kBAAkB,GAAG,wBAAwB,CAAA;AAC1D,MAAM,CAAC,MAAM,YAAY,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,UAAU,CAAC,CAAA;AAChF,MAAM,CAAC,MAAM,gBAAgB,GAAG,eAAe,CAAA;AAE/C,MAAM,UAAU,cAAc,CAAC,GAAG;IAChC,OAAO,GAAG;SACP,KAAK,CAAC,GAAG,CAAC;SACV,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;QAC1C,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;AACnB,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAG,EAAE,cAAc;IAC7C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,gBAAgB,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAC9C,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,CAChC,CAAA;IAED,IAAI,gBAAgB,KAAK,CAAC,CAAC,EAAE;QAC3B,KAAK,CAAC,gBAAgB,CAAC,GAAG,eAAe,cAAc,EAAE,CAAA;KAC1D;SAAM;QACL,KAAK,CAAC,IAAI,CAAC,eAAe,cAAc,EAAE,CAAC,CAAA;KAC5C;IAED,OAAO,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;AACpD,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,SAAS;IAC5C,IAAI;QACF,EAAE,CAAC,UAAU,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;KAC5C;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAA;KACb;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,UAAU,CAAC,OAAO;IACzB,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;IACtC,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAA;AAClD,CAAC;AAED,SAAS,YAAY,CAAC,UAAU;IAC9B,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAA;IAC9B,MAAM,SAAS,GAAG,QAAQ,KAAK,OAAO,CAAA;IAEtC,IAAI,UAAU,EAAE;QACd,MAAM,SAAS,GAAG,UAAU,CAAC,UAAU,CAAC,CAAA;QAExC,OAAO;YACL,SAAS;YACT,kBAAkB,EAAE,SAAS;gBAC3B,CAAC,CAAC,SAAS,KAAK,YAAY,EAAE;gBAC9B,CAAC,CAAC,SAAS,KAAK,gBAAgB;SACnC,CAAA;KACF;IAED,+EAA+E;IAC/E,IAAI,SAAS,EAAE;QACb,OAAO;YACL,SAAS,EAAE,YAAY,EAAE;YACzB,kBAAkB,EAAE,IAAI;SACzB,CAAA;KACF;IAED,OAAO;QACL,SAAS,EAAE,gBAAgB;QAC3B,kBAAkB,EAAE,IAAI;KACzB,CAAA;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,UAAU;IAC1C,MAAM,cAAc,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAA;IAEpD,IAAI,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE;QACjC,OAAO,IAAI,CAAA;KACZ;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,UAAU;IAC1C,MAAM,EAAE,SAAS,EAAE,GAAG,YAAY,CAAC,UAAU,CAAC,CAAA;IAE9C,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAA;AACjD,CAAC;AAED,MAAM,CAAC,MAAM,cAAc,GAAG,UAAU,CAAC,EAAE;IACzC,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,YAAY,CAAC,UAAU,CAAC,CAAA;IAElE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;QAC7B,IAAI,UAAU,IAAI,CAAC,kBAAkB,EAAE;YACrC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAA;SACrD;QAED,+DAA+D;QAC/D,IAAI;YACF,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;SAC7C;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE;gBACzB,MAAM,IAAI,KAAK,CAAC,sCAAsC,SAAS,EAAE,CAAC,CAAA;aACnE;YAED,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAA;SACrB;KACF;IAED,qCAAqC;IACrC,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,EAAE;QACpC,MAAM,IAAI,KAAK,CAAC,sCAAsC,SAAS,EAAE,CAAC,CAAA;KACnE;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAA;IAEzD,gCAAgC;IAChC,IAAI;QACF,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;KACrD;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,EAAE,CAAC,CAAA;KACpD;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,IAAI,EACJ,gBAAgB,EAChB,QAAQ,GAAG,EAAE,EACb,QAAQ,EACR,EAAE;IACF,QAAQ,CAAC,GAAG,GAAG;QACb,GAAG,QAAQ,CAAC,GAAG;QACf,GAAG,EAAE,GAAG,IAAI,GAAG,YAAY,EAAE;QAC7B,OAAO,EAAE,gBAAgB,CAAC,IAAI,CAAC,OAAO;QACtC,WAAW,EAAE,gBAAgB,CAAC,IAAI,CAAC,WAAW;QAC9C,SAAS,EAAE,gBAAgB,CAAC,IAAI,CAAC,QAAQ;KAC1C,CAAA;IAED,QAAQ,CAAC,WAAW,GAAG;QACrB,GAAG,QAAQ,CAAC,WAAW;QACvB,gBAAgB,EAAE,kBAAkB,CAClC,QAAQ,CAAC,WAAW,EAAE,gBAAgB,IAAI,EAAE,EAC5C,MAAM,EAAE,CACT;KACF,CAAA;IAED,QAAQ,CAAC,SAAS,GAAG;QACnB,GAAG,QAAQ,CAAC,SAAS;QACrB,iBAAiB,EAAE,KAAK;KACzB,CAAA;IAED,QAAQ,CAAC,KAAK,GAAG;QACf,GAAG,QAAQ,CAAC,KAAK;QACjB,WAAW,EAAE;YACX,GAAG,QAAQ,CAAC,KAAK,EAAE,WAAW;YAC9B,MAAM,EAAE,KAAK;SACd;KACF,CAAA;IAED,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE;QAC9B,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,2BAA2B,CAAA;KACxD;IAED,QAAQ,CAAC,MAAM,GAAG;QAChB,GAAG,QAAQ,CAAC,MAAM;QAClB,MAAM,EAAE,IAAI;KACb,CAAA;IAED,QAAQ,CAAC,OAAO,GAAG;QACjB,GAAG,QAAQ,CAAC,OAAO;QACnB,MAAM,EAAE,KAAK;KACd,CAAA;IAED,IAAI;QACF,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACvC,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAA;QAEpC,8BAA8B;QAC9B,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;QAE1C,iBAAiB;QACjB,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAA;KACzD;IAAC,OAAO,GAAG,EAAE;QACZ,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE;YACzB,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAA;SAClE;aAAM;YACL,MAAM,IAAI,KAAK,CAAC,kCAAkC,QAAQ,KAAK,GAAG,EAAE,CAAC,CAAA;SACtE;KACF;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC,CAAA"}

package/dist/assess/printing/index.js

@@ -0,0 +1,11 @@
+import { buildHeader, buildDetails } from './utils.js';
+export const printVulnerability = (vulnerability, logger) => {
+    const header = buildHeader(vulnerability);
+    const keyValues = buildDetails(vulnerability);
+    logger(header);
+    Object.values(keyValues).forEach(({ key, value }) => {
+        logger(key + value);
+    });
+    logger('\n');
+};
+//# sourceMappingURL=index.js.map

package/dist/assess/printing/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/assess/printing/index.js"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAEtD,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,aAAa,EAAE,MAAM,EAAE,EAAE;IAC1D,MAAM,MAAM,GAAG,WAAW,CAAC,aAAa,CAAC,CAAA;IACzC,MAAM,SAAS,GAAG,YAAY,CAAC,aAAa,CAAC,CAAA;IAE7C,MAAM,CAAC,MAAM,CAAC,CAAA;IAEd,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE;QAClD,MAAM,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IACrB,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,IAAI,CAAC,CAAA;AACd,CAAC,CAAA"}

package/dist/assess/printing/utils.js

@@ -0,0 +1,119 @@
+import { CRITICAL_COLOUR, HIGH_COLOUR, MEDIUM_COLOUR, LOW_COLOUR, NOTE_COLOUR, BLUE_TEXT_COLOUR } from '../../constants/constants.js';
+import { returnOra, startSpinner, stopSpinner } from '../../utils/oraWrapper.js';
+import { wrapText, setOffsetForNewLine } from '../../common/stringManipulations.js';
+import chalk from 'chalk';
+const severityToColor = severity => {
+    switch (severity) {
+        case 'CRITICAL':
+            return CRITICAL_COLOUR;
+        case 'HIGH':
+            return HIGH_COLOUR;
+        case 'MEDIUM':
+            return MEDIUM_COLOUR;
+        case 'LOW':
+            return LOW_COLOUR;
+        case 'NOTE':
+            return NOTE_COLOUR;
+        default:
+            return NOTE_COLOUR;
+    }
+};
+export const buildHeader = vulnerability => {
+    const color = severityToColor(vulnerability.severity);
+    const title = vulnerability.title.split(' from ');
+    let header = '';
+    if (title.length >= 1) {
+        header =
+            chalk.hex(color)(`${vulnerability.application.name} - [${vulnerability.severity}]`) +
+                chalk.hex(color).bold(` ${title[0]}`) +
+                ' from ' +
+                title.slice(1).join(' ') +
+                `${vulnerability.title}`;
+    }
+    else {
+        header =
+            chalk.hex(color)(`${vulnerability.application.name} - [${vulnerability.severity}]`) + ` ${vulnerability.title}`;
+    }
+    header = wrapText(header, 160);
+    return header;
+};
+const buildDetailsKey = (key, keyWidth) => {
+    return chalk.bold(key.padStart(keyWidth) + ': ');
+};
+const buildSource = (chapter, keyWidth, wrapNumber) => {
+    const key = buildDetailsKey('Source', keyWidth);
+    const value = setOffsetForNewLine(wrapText(chapter.body, wrapNumber), keyWidth + 2).trimStart();
+    return { key, value };
+};
+const buildLocation = (chapter, keyWidth, wrapNumber) => {
+    const key = buildDetailsKey('Location', keyWidth);
+    const value = setOffsetForNewLine(chalk.hex(BLUE_TEXT_COLOUR)(wrapText(chapter.body, wrapNumber)), keyWidth + 2).trimStart();
+    return { key, value };
+};
+const buildDataFlow = (chapter, keyWidth, wrapNumber) => {
+    const key = buildDetailsKey('Dataflow', keyWidth);
+    const value = chalk.hex('#e63025')(wrapText(chapter.body, wrapNumber));
+    return { key, value };
+};
+const buildConfiguration = (chapter, keyWidth, wrapNumber) => {
+    const key = buildDetailsKey('Configuration', keyWidth);
+    const value = setOffsetForNewLine(wrapText(chapter.body, wrapNumber), keyWidth + 2).trimStart();
+    return { key, value };
+};
+const buildProperties = (chapter, keyWidth, wrapNumber) => {
+    const key = buildDetailsKey('Properties', keyWidth);
+    const properties = Object.keys(chapter.properties)
+        .map(value => value)
+        .join(',');
+    const value = setOffsetForNewLine(wrapText(chapter.introText + ' ' + properties, wrapNumber), keyWidth + 2).trimStart();
+    return { key, value };
+};
+export const buildDetails = vulnerability => {
+    const wrapNumber = 90;
+    const keyWidth = 10;
+    const issue = buildDetailsKey('Issue', keyWidth);
+    const issueValue = setOffsetForNewLine(wrapText(vulnerability.details.story.risk.text, wrapNumber), keyWidth + 2).trimStart();
+    const keyValues = {};
+    vulnerability.details.story.chapters.forEach(chapter => {
+        switch (chapter.type) {
+            case 'source':
+                keyValues.source = buildSource(chapter, keyWidth, wrapNumber);
+                break;
+            case 'location':
+                keyValues.location = buildLocation(chapter, keyWidth, wrapNumber);
+                break;
+            case 'dataflow':
+                keyValues.dataflow = buildDataFlow(chapter, keyWidth, wrapNumber);
+                break;
+            case 'properties':
+                keyValues.properties = buildProperties(chapter, keyWidth, wrapNumber);
+                break;
+            case 'configuration':
+                keyValues.configuration = buildConfiguration(chapter, keyWidth, wrapNumber);
+                break;
+        }
+    });
+    keyValues.issue = { key: issue, value: issueValue.trimStart() };
+    return keyValues;
+};
+export const emptyListSpinner = () => {
+    const message = returnOra('Waiting for vulnerability to be reported.');
+    let emptyListMessageDisplayed = false;
+    const start = () => {
+        if (emptyListMessageDisplayed)
+            return;
+        startSpinner(message);
+        emptyListMessageDisplayed = true;
+    };
+    const stop = () => {
+        if (!emptyListMessageDisplayed)
+            return;
+        stopSpinner(message);
+        emptyListMessageDisplayed = false;
+    };
+    return {
+        start,
+        stop
+    };
+};
+//# sourceMappingURL=utils.js.map

package/dist/assess/printing/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/assess/printing/utils.js"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EACf,WAAW,EACX,aAAa,EACb,UAAU,EACV,WAAW,EACX,gBAAgB,EACjB,MAAM,8BAA8B,CAAA;AAErC,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAA;AAEhF,OAAO,EACL,QAAQ,EACR,mBAAmB,EACpB,MAAM,qCAAqC,CAAA;AAC5C,OAAO,KAAK,MAAM,OAAO,CAAA;AAEzB,MAAM,eAAe,GAAG,QAAQ,CAAC,EAAE;IACjC,QAAQ,QAAQ,EAAE;QAChB,KAAK,UAAU;YACb,OAAO,eAAe,CAAA;QACxB,KAAK,MAAM;YACT,OAAO,WAAW,CAAA;QACpB,KAAK,QAAQ;YACX,OAAO,aAAa,CAAA;QACtB,KAAK,KAAK;YACR,OAAO,UAAU,CAAA;QACnB,KAAK,MAAM;YACT,OAAO,WAAW,CAAA;QACpB;YACE,OAAO,WAAW,CAAA;KACrB;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,aAAa,CAAC,EAAE;IACzC,MAAM,KAAK,GAAG,eAAe,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAA;IACrD,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;IAEjD,IAAI,MAAM,GAAG,EAAE,CAAA;IAEf,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE;QACrB,MAAM;YACJ,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CACd,GAAG,aAAa,CAAC,WAAW,CAAC,IAAI,OAAO,aAAa,CAAC,QAAQ,GAAG,CAClE;gBACD,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrC,QAAQ;gBACR,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;gBACxB,GAAG,aAAa,CAAC,KAAK,EAAE,CAAA;KAC3B;SAAM;QACL,MAAM;YACJ,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CACd,GAAG,aAAa,CAAC,WAAW,CAAC,IAAI,OAAO,aAAa,CAAC,QAAQ,GAAG,CAClE,GAAG,IAAI,aAAa,CAAC,KAAK,EAAE,CAAA;KAChC;IAED,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAE9B,OAAO,MAAM,CAAA;AACf,CAAC,CAAA;AAED,MAAM,eAAe,GAAG,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE;IACxC,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAA;AAClD,CAAC,CAAA;AAED,MAAM,WAAW,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE;IACpD,MAAM,GAAG,GAAG,eAAe,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;IAC/C,MAAM,KAAK,GAAG,mBAAmB,CAC/B,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,EAClC,QAAQ,GAAG,CAAC,CACb,CAAC,SAAS,EAAE,CAAA;IAEb,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE;IACtD,MAAM,GAAG,GAAG,eAAe,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAA;IACjD,MAAM,KAAK,GAAG,mBAAmB,CAC/B,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,EAC/D,QAAQ,GAAG,CAAC,CACb,CAAC,SAAS,EAAE,CAAA;IAEb,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE;IACtD,MAAM,GAAG,GAAG,eAAe,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAA;IACjD,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;IAEtE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,kBAAkB,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE;IAC3D,MAAM,GAAG,GAAG,eAAe,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAA;IACtD,MAAM,KAAK,GAAG,mBAAmB,CAC/B,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,EAClC,QAAQ,GAAG,CAAC,CACb,CAAC,SAAS,EAAE,CAAA;IAEb,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE;IACxD,MAAM,GAAG,GAAG,eAAe,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAA;IACnD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;SAC/C,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC;SACnB,IAAI,CAAC,GAAG,CAAC,CAAA;IAEZ,MAAM,KAAK,GAAG,mBAAmB,CAC/B,QAAQ,CAAC,OAAO,CAAC,SAAS,GAAG,GAAG,GAAG,UAAU,EAAE,UAAU,CAAC,EAC1D,QAAQ,GAAG,CAAC,CACb,CAAC,SAAS,EAAE,CAAA;IAEb,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,aAAa,CAAC,EAAE;IAC1C,MAAM,UAAU,GAAG,EAAE,CAAA;IACrB,MAAM,QAAQ,GAAG,EAAE,CAAA;IAEnB,MAAM,KAAK,GAAG,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;IAChD,MAAM,UAAU,GAAG,mBAAmB,CACpC,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,EAC3D,QAAQ,GAAG,CAAC,CACb,CAAC,SAAS,EAAE,CAAA;IAEb,MAAM,SAAS,GAAG,EAAE,CAAA;IACpB,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACrD,QAAQ,OAAO,CAAC,IAAI,EAAE;YACpB,KAAK,QAAQ;gBACX,SAAS,CAAC,MAAM,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAA;gBAC7D,MAAK;YACP,KAAK,UAAU;gBACb,SAAS,CAAC,QAAQ,GAAG,aAAa,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAA;gBACjE,MAAK;YACP,KAAK,UAAU;gBACb,SAAS,CAAC,QAAQ,GAAG,aAAa,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAA;gBACjE,MAAK;YACP,KAAK,YAAY;gBACf,SAAS,CAAC,UAAU,GAAG,eAAe,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAA;gBACrE,MAAK;YACP,KAAK,eAAe;gBAClB,SAAS,CAAC,aAAa,GAAG,kBAAkB,CAC1C,OAAO,EACP,QAAQ,EACR,UAAU,CACX,CAAA;gBACD,MAAK;SACR;IACH,CAAC,CAAC,CAAA;IAEF,SAAS,CAAC,KAAK,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,CAAC,SAAS,EAAE,EAAE,CAAA;IAE/D,OAAO,SAAS,CAAA;AAClB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,GAAG,EAAE;IACnC,MAAM,OAAO,GAAG,SAAS,CAAC,2CAA2C,CAAC,CAAA;IACtE,IAAI,yBAAyB,GAAG,KAAK,CAAA;IAErC,MAAM,KAAK,GAAG,GAAG,EAAE;QACjB,IAAI,yBAAyB;YAAE,OAAM;QAErC,YAAY,CAAC,OAAO,CAAC,CAAA;QACrB,yBAAyB,GAAG,IAAI,CAAA;IAClC,CAAC,CAAA;IAED,MAAM,IAAI,GAAG,GAAG,EAAE;QAChB,IAAI,CAAC,yBAAyB;YAAE,OAAM;QACtC,WAAW,CAAC,OAAO,CAAC,CAAA;QACpB,yBAAyB,GAAG,KAAK,CAAA;IACnC,CAAC,CAAA;IAED,OAAO;QACL,KAAK;QACL,IAAI;KACL,CAAA;AACH,CAAC,CAAA"}

package/dist/audit/auditConfig.js

@@ -0,0 +1,9 @@
+import { getCommandLineArgsCustom } from '../utils/parsedCLIOptions.js';
+import { commandLineDefinitions } from '../cliConstants.js';
+import { getAuth } from '../utils/paramsUtil/paramHandler.js';
+export const getAuditConfig = async (contrastConf, command, argv) => {
+    const auditParameters = await getCommandLineArgsCustom(contrastConf, command, argv, commandLineDefinitions.auditOptionDefinitions);
+    const paramsAuth = getAuth(auditParameters);
+    return { ...paramsAuth, ...auditParameters };
+};
+//# sourceMappingURL=auditConfig.js.map

package/dist/audit/auditConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../src/audit/auditConfig.js"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAA;AACvE,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAA;AAC3D,OAAO,EAAE,OAAO,EAAE,MAAM,qCAAqC,CAAA;AAE7D,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAClE,MAAM,eAAe,GAAG,MAAM,wBAAwB,CACpD,YAAY,EACZ,OAAO,EACP,IAAI,EACJ,sBAAsB,CAAC,sBAAsB,CAC9C,CAAA;IACD,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,CAAA;IAC3C,OAAO,EAAE,GAAG,UAAU,EAAE,GAAG,eAAe,EAAE,CAAA;AAC9C,CAAC,CAAA"}