@contrast/contrast 2.0.2-beta.0 → 2.0.2-beta.10

package/src/common/baseRequest.ts

@@ -1,83 +0,0 @@
-import { HttpsProxyAgent } from 'hpagent'
-import fs from 'fs'
-import got, { Options } from 'got'
-import { Agents, HTTPSOptions } from 'got/dist/source/core'
-
-export function gotInstance(config: any) {
-  return got.extend({ retry: { limit: 0 }, ...buildBaseRequestOptions(config) })
-}
-
-export function buildBaseRequestOptions(config: any) {
-  const { apiKey, authorization } = config
-  const rejectUnauthorized = !config.certSelfSigned
-
-  const superApiKey = config.superApiKey
-  const superAuthToken = config.superAuthorization
-
-  const requestOptions = {
-    responseType: 'json',
-    forever: true,
-    uri: config.host,
-    followRedirect: false,
-    headers: {
-      'Content-Type': 'application/json; charset=utf-8',
-      Authorization: authorization,
-      'API-Key': apiKey,
-      SuperAuthorization: superAuthToken,
-      'Super-API-Key': superApiKey,
-      'User-Agent': 'contrast-cli-v2'
-    },
-    agent: getAgent(config)
-  } as Options
-
-  requestOptions.https = {
-    rejectUnauthorized: rejectUnauthorized
-  }
-
-  maybeAddCertsToRequest(config, requestOptions.https)
-  return requestOptions
-}
-
-function getAgent(config: any) {
-  return config.proxy
-    ? (new HttpsProxyAgent({ proxy: config.proxy }) as Agents)
-    : false
-}
-
-function maybeAddCertsToRequest(config: any, https: HTTPSOptions) {
-  // cacert
-  const caCertFilePath = config.cacert
-  if (caCertFilePath) {
-    try {
-      https.certificateAuthority = fs.readFileSync(caCertFilePath)
-    } catch (error: any) {
-      throw new Error(
-        `Unable to read CA from ${caCertFilePath}, msg: ${error.message}`
-      )
-    }
-  }
-
-  // cert
-  const certPath = config.cert
-  if (certPath) {
-    try {
-      https.certificate = fs.readFileSync(certPath)
-    } catch (error: any) {
-      throw new Error(
-        `Unable to read Certificate PEM file from config option contrast.api.certificate.cert_file='${certPath}', msg: ${error.message}`
-      )
-    }
-  }
-
-  // key
-  const keyPath = config.key
-  if (keyPath) {
-    try {
-      https.key = fs.readFileSync(keyPath)
-    } catch (error: any) {
-      throw new Error(
-        `Unable to read Key PEM file from config option contrast.api.certificate.key_file='${keyPath}', msg: ${error.message}`
-      )
-    }
-  }
-}

package/src/common/commonHelp.js

@@ -1,53 +0,0 @@
-const i18n = require('i18n')
-const chalk = require('chalk')
-
-const commonHelpLinks = () => {
-  return [
-    {
-      header: i18n.__('commonHelpHeader'),
-      content: [
-        i18n.__('commonHelpCheckOutHeader') + i18n.__('commonHelpCheckOutText'),
-        i18n.__('commonHelpLearnMoreHeader') +
-          i18n.__('commonHelpLearnMoreText'),
-        i18n.__('commonHelpJoinDiscussionHeader') +
-          i18n.__('commonHelpJoinDiscussionText')
-      ]
-    },
-    {
-      header: i18n.__('commonHelpEnterpriseHeader'),
-      content: [
-        i18n.__('commonHelpLearnMoreEnterpriseHeader') +
-          i18n.__('commonHelpLearnMoreEnterpriseText')
-      ]
-    },
-    {
-      content: [
-        i18n.__('commonHelpLearnHeader') + i18n.__('commonHelpLearnText')
-      ]
-    }
-  ]
-}
-
-const postRunMessage = commandName => {
-  console.log('\n' + chalk.underline.bold('Other Features:'))
-  if (commandName !== 'scan')
-    console.log(
-      "'contrast scan' to run Contrast's industry leading SAST scanner"
-    )
-  if (commandName !== 'audit')
-    console.log(
-      "'contrast audit' to find vulnerabilities in your open source dependencies"
-    )
-  if (commandName !== 'lambda')
-    console.log("'contrast lambda' to secure your AWS serverless functions")
-
-  if (commandName !== 'learn')
-    console.log(
-      "'contrast learn' launches Contrast's Secure Code Learning Hub."
-    )
-}
-
-module.exports = {
-  commonHelpLinks,
-  postRunMessage
-}

package/src/common/errorHandling.js

@@ -1,157 +0,0 @@
-const i18n = require('i18n')
-const chalk = require('chalk')
-
-const libraryAnalysisError = () => {
-  console.log(i18n.__('libraryAnalysisError'))
-}
-
-const snapshotFailureError = () => {
-  console.log(i18n.__('snapshotFailureMessage'))
-}
-
-const vulnerabilitiesFailureError = () => {
-  console.log(i18n.__('vulnerabilitiesFailureMessage'))
-}
-
-const reportFailureError = () => {
-  console.log(i18n.__('auditReportFailureMessage'))
-}
-
-const genericError = () => {
-  console.error(i18n.__('genericErrorMessage'))
-  process.exit(1)
-}
-
-const unauthenticatedError = () => {
-  generalError('unauthenticatedErrorHeader', 'unauthenticatedErrorMessage')
-}
-
-const badRequestError = catalogue => {
-  catalogue === true
-    ? generalError('badRequestErrorHeader', 'badRequestCatalogueErrorMessage')
-    : generalError('badRequestErrorHeader', 'badRequestErrorMessage')
-}
-
-const forbiddenError = () => {
-  generalError('forbiddenRequestErrorHeader', 'forbiddenRequestErrorMessage')
-  process.exit(1)
-}
-
-const proxyError = () => {
-  generalError('proxyErrorHeader', 'proxyErrorMessage')
-}
-
-const maxAppError = () => {
-  generalError(
-    'No applications remaining',
-    'You have reached the maximum number of application you can create.'
-  )
-  process.exit(1)
-}
-
-const parametersError = () => {
-  generalError(
-    `Credentials not recognized`,
-    'Check your command & keys again for hidden characters / verify that the credentials are correct.\nFor more information use contrast help.'
-  )
-  process.exit(1)
-}
-
-const invalidHostNameError = () => {
-  generalError(
-    `Invalid host`,
-    'Check that the host parameter does not include a trailing "/".'
-  )
-  process.exit(1)
-}
-
-const failOptionError = () => {
-  console.log(
-    '\n ******************************** ' +
-      i18n.__('snapshotFailureHeader') +
-      ' ********************************\n' +
-      i18n.__('failOptionErrorMessage')
-  )
-}
-
-/**
- * You don't have to pass `i18n` translation.
- * String that didn't exists on translations will pass as regular string
- * @param header title for the error
- * @param message message for the error
- * @returns error in general format
- */
-const getErrorMessage = (header, message) => {
-  // prettier-ignore
-  const title = `******************************** ${i18n.__(header)} ********************************`
-  const multiLine = message?.includes('\n')
-  let finalMessage = ''
-
-  // i18n split the line if it includes '\n'
-  if (multiLine) {
-    finalMessage = `\n${message}`
-  } else if (message) {
-    finalMessage = `\n${i18n.__(message)}`
-  }
-
-  return `${title}${finalMessage}`
-}
-
-const generalError = (header, message) => {
-  const finalMessage = getErrorMessage(header, message)
-  console.log(finalMessage)
-}
-
-const findCommandOnError = unknownOptions => {
-  const commandKeywords = {
-    auth: 'auth',
-    audit: 'audit',
-    scan: 'scan',
-    lambda: 'lambda',
-    config: 'config'
-  }
-
-  const containsCommandKeyword = unknownOptions.some(
-    command => commandKeywords[command]
-  )
-
-  if (containsCommandKeyword) {
-    const foundCommands = unknownOptions.filter(
-      command => commandKeywords[command]
-    )
-
-    //return the first command found
-    return foundCommands[0]
-  }
-}
-
-const commonMessageFormatter = (message, fail) => {
-  console.log(chalk.bold(i18n.__(message.title)))
-  console.log(i18n.__(message.body))
-  if (message.extra) {
-    console.log(i18n.__(message.extra))
-  }
-  if (fail) {
-    process.exit(1)
-  }
-}
-
-module.exports = {
-  genericError,
-  unauthenticatedError,
-  badRequestError,
-  forbiddenError,
-  proxyError,
-  failOptionError,
-  generalError,
-  getErrorMessage,
-  libraryAnalysisError,
-  findCommandOnError,
-  snapshotFailureError,
-  vulnerabilitiesFailureError,
-  reportFailureError,
-  maxAppError,
-  parametersError,
-  invalidHostNameError,
-  commonMessageFormatter
-}

package/src/common/fail.js

@@ -1,79 +0,0 @@
-const i18n = require('i18n')
-
-const processFail = (config, reportResults) => {
-  if (config.severity !== undefined) {
-    if (
-      reportResults[config.severity] !== undefined &&
-      isSeverityViolation(config.severity, reportResults)
-    ) {
-      failPipeline('failSeverityOptionErrorMessage')
-    }
-  }
-
-  if (config.severity === undefined && reportResults.total > 0) {
-    failPipeline('failThresholdOptionErrorMessage')
-  }
-}
-
-const isSeverityViolation = (severity, reportResults) => {
-  let count = 0
-  switch (severity) {
-    case 'critical':
-      count += reportResults.critical
-      break
-    case 'high':
-      count += reportResults.high + reportResults.critical
-      break
-    case 'medium':
-      count +=
-        reportResults.medium + reportResults.high + reportResults.critical
-      break
-    case 'low':
-      count +=
-        reportResults.high +
-        reportResults.critical +
-        reportResults.medium +
-        reportResults.low
-      break
-    case 'note':
-      if (reportResults.note == reportResults.total) {
-        count = 0
-      } else {
-        count = reportResults.total
-      }
-      break
-    default:
-      count = 0
-  }
-  return count > 0
-}
-
-const failPipeline = (message = '') => {
-  console.log(
-    '\n ******************************** ' +
-      i18n.__('snapshotFailureHeader') +
-      ' *********************************\n' +
-      i18n.__(message)
-  )
-  process.exit(2)
-}
-
-const parseSeverity = severity => {
-  const severities = ['NOTE', 'LOW', 'MEDIUM', 'HIGH', 'CRITICAL']
-  if (severities.includes(severity.toUpperCase())) {
-    return severity.toLowerCase()
-  } else {
-    console.log(
-      severity +
-        ' Not recognised as a severity type please use LOW, MEDIUM, HIGH, CRITICAL, NOTE'
-    )
-    return undefined
-  }
-}
-
-module.exports = {
-  failPipeline,
-  processFail,
-  isSeverityViolation,
-  parseSeverity
-}

package/src/common/versionChecker.js

@@ -1,75 +0,0 @@
-const { APP_VERSION } = require('../constants/constants')
-const boxen = require('boxen')
-const chalk = require('chalk')
-const semver = require('semver')
-const commonApi = require('../utils/commonApi')
-const { constants } = require('http2')
-
-const getLatestVersion = async config => {
-  const client = commonApi.getHttpClient(config)
-  try {
-    const res = await client.getLatestVersion()
-    if (res.statusCode === constants.HTTP_STATUS_OK) {
-      return res.body
-    }
-  } catch (e) {
-    return undefined
-  }
-}
-
-const findLatestCLIVersion = async config => {
-  const isCI = process.env.CONTRAST_CODESEC_CI
-    ? JSON.parse(process.env.CONTRAST_CODESEC_CI.toLowerCase())
-    : false
-
-  if (!isCI) {
-    let latestCLIVersion = await getLatestVersion(config)
-
-    if (latestCLIVersion === undefined) {
-      config.set('numOfRuns', 0)
-      console.log(
-        'Failed to retrieve latest version info. Continuing execution.'
-      )
-      return
-    }
-
-    //strip key and remove new lines
-    latestCLIVersion = latestCLIVersion.substring(8).replace('\n', '')
-
-    if (semver.lt(APP_VERSION, latestCLIVersion)) {
-      const updateAvailableMessage = `Update available ${chalk.yellow(
-        APP_VERSION
-      )} → ${chalk.green(latestCLIVersion)}`
-
-      const npmUpdateAvailableCommand = `Run ${chalk.cyan(
-        'npm i @contrast/contrast -g'
-      )} to update via npm`
-
-      const homebrewUpdateAvailableCommand = `Run ${chalk.cyan(
-        'brew install contrastsecurity/tap/contrast'
-      )} to update via brew`
-
-      console.log(
-        boxen(
-          `${updateAvailableMessage}\n${npmUpdateAvailableCommand}\n\n${homebrewUpdateAvailableCommand}`,
-          {
-            titleAlignment: 'center',
-            margin: 1,
-            padding: 1,
-            align: 'center'
-          }
-        )
-      )
-    }
-  }
-}
-
-const isCorrectNodeVersion = async currentVersion => {
-  return semver.satisfies(currentVersion, '>=16')
-}
-
-module.exports = {
-  getLatestVersion,
-  findLatestCLIVersion,
-  isCorrectNodeVersion
-}

package/src/constants/constants.js

@@ -1,71 +0,0 @@
-// Language identifiers
-const NODE = 'NODE'
-const DOTNET = 'DOTNET'
-const JAVA = 'JAVA'
-const RUBY = 'RUBY'
-const PYTHON = 'PYTHON'
-const GO = 'GO'
-const PHP = 'PHP'
-const JAVASCRIPT = 'JAVASCRIPT'
-// Severity
-const LOW = 'LOW'
-const MEDIUM = 'MEDIUM'
-const HIGH = 'HIGH'
-const CRITICAL = 'CRITICAL'
-// App
-const APP_NAME = 'contrast'
-const APP_VERSION = '2.0.2-beta.0'
-const TIMEOUT = 120000
-const HIGH_COLOUR = '#ff9900'
-const CRITICAL_COLOUR = '#e35858'
-const MEDIUM_COLOUR = '#f1c232'
-const LOW_COLOUR = '#b7b7b7'
-const NOTE_COLOUR = '#999999'
-const CRITICAL_PRIORITY = 1
-const HIGH_PRIORITY = 2
-const MEDIUM_PRIORITY = 3
-const LOW_PRIORITY = 4
-const NOTE_PRIORITY = 5
-
-const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com'
-const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com'
-const SARIF_FILE = 'SARIF'
-const SBOM_CYCLONE_DX_FILE = 'CYCLONEDX'
-const SBOM_SPDX_FILE = 'SPDX'
-const CE_URL = 'https://ce.contrastsecurity.com'
-
-//configuration
-const SAAS = 'SAAS'
-const EOP = 'EOP'
-const MODE_REPO = 'REPO'
-
-module.exports = {
-  supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
-  supportedLanguagesScan: { JAVASCRIPT, DOTNET, JAVA },
-  LOW,
-  MEDIUM,
-  HIGH,
-  CRITICAL,
-  APP_VERSION,
-  APP_NAME,
-  TIMEOUT,
-  AUTH_UI_URL,
-  AUTH_CALLBACK_URL,
-  SARIF_FILE,
-  HIGH_COLOUR,
-  CRITICAL_COLOUR,
-  MEDIUM_COLOUR,
-  LOW_COLOUR,
-  NOTE_COLOUR,
-  CE_URL,
-  CRITICAL_PRIORITY,
-  HIGH_PRIORITY,
-  MEDIUM_PRIORITY,
-  LOW_PRIORITY,
-  NOTE_PRIORITY,
-  SBOM_CYCLONE_DX_FILE,
-  SBOM_SPDX_FILE,
-  SAAS,
-  EOP,
-  MODE_REPO
-}

package/src/constants/lambda.js

@@ -1,85 +0,0 @@
-const lambda = {
-  failedToStartScan: 'Failed to start scan',
-  failedToParseArn: 'Failed to parse ARN',
-  failedToGetScan: 'Failed to get scan',
-  missingLambdaConfig: 'Missing Lambda Configuration',
-  missingLambdaArn: 'Missing Lambda ARN',
-  validationFailed: 'Request validation failed',
-  missingFunctionName:
-    'Required parameter --function-name is missing.\nRun command with --help to see usage',
-  failedToGetResults: 'Failed to get results',
-  missingResults: 'Missing vulnerabilities',
-  awsError: 'AWS error',
-  missingFlagArguments:
-    'The following flags are missing an arguments:\n{{flags}}',
-  notSupportedFlags:
-    'The following flags are not supported:\n{{flags}}\nRun command with --help to see usage',
-  layerNotFound:
-    'The layer {{layerArn}} could not be found. The scan will continue without it',
-
-  // ====== general ===== //
-  noVulnerabilitiesFound: '👏 No vulnerabilities found',
-  scanCompleted: '----- Scan completed {{time}}s -----',
-  sendingScanRequest:
-    '{{icon}} Sending Lambda Function scan request to Contrast',
-  scanRequestedSuccessfully: '{{icon}} Scan requested successfully',
-  fetchingConfiguration:
-    '{{icon}} Fetching configuration and policies for Lambda Function {{functionName}}',
-  fetchedConfiguration: '{{icon}} Fetched configuration from AWS',
-
-  // ====== scan polling ===== //
-  scanStarted: 'Scan Started',
-  scanFailed: 'Scan Failed',
-  scanTimedOut: 'Scan timed out',
-
-  // ====== lambda utils ===== //
-  loadingFunctionList: 'Loading lambda function list',
-  functionsFound: '{{count}} functions found',
-  noFunctionsFound: 'No functions found',
-  failedToLoadFunctions: 'Failed to load lambda functions',
-  availableForScan: '{{icon}} {{count}} available for scan',
-  runtimeCount: '----- {{runtime}} ({{count}}) -----',
-
-  // ====== print vulnerabilities ===== //
-  gatherResults: 'Gathering results...',
-  doneGatherResults: 'Done gathering results',
-  whatHappenedTitle: 'What happened:',
-  whatHappenedItem: '{{policy}} have:\n{{comments}}\n',
-  recommendation: 'Recommendation:',
-  vulnerableDependency: 'Vulnerable dependency',
-  dependenciesCount: {
-    one: '1 Dependency',
-    other: '%s Dependencies'
-  },
-  foundVulnerabilities: {
-    one: 'Found 1 vulnerability',
-    other: 'Found %s vulnerabilities'
-  },
-  vulnerableDependencyDescriptions:
-    '{packageName} (v{version}) has {NUM} known {NUM, plural,one{CVE}other{CVEs}}\n {cves}',
-
-  // ====== errorCodes ===== //
-  something_went_wrong: 'Something went wrong',
-  not_found_404: '404 error - Not found',
-  internal_error: 'Internal error',
-  inactive_account:
-    'Scanning a function of an inactive account is not supported',
-  not_supported_runtime:
-    'Scanning resource of runtime "{{runtime}}" is not supported.\nSupported runtimes: {{supportedRuntimes}}',
-  not_supported_lambda: 'This function cannot be scanned',
-  not_supported_onboard_account:
-    'Scanning a function of onboard account is not supported',
-  scan_lock:
-    'Other scan is still running. Please wait until the previous scan finishes',
-
-  // ====== statuses ===== //
-  unsupported: 'unsupported',
-  excluded: 'excluded',
-  canceled: 'canceled',
-  failed: 'failed',
-  dismissed: 'dismissed'
-}
-
-module.exports = {
-  lambda
-}