@contrast/contrast 2.0.2-beta.0 → 2.0.2-beta.10

package/src/scaAnalysis/ruby/analysis.js

@@ -1,413 +0,0 @@
-const fs = require('fs')
-const i18n = require('i18n')
-
-const getRubyDeps = (config, languageFiles) => {
-  try {
-    checkForCorrectFiles(languageFiles)
-    const parsedGem = readAndParseGemfile(config.file)
-    const parsedLock = readAndParseGemLockFile(config.file)
-    if (config.legacy === false) {
-      const rubyArray = removeRedundantAndPopulateDefinedElements(
-        parsedLock.sources
-      )
-      let rubyTree = createRubyTree(rubyArray)
-      findChildrenDependencies(rubyTree)
-      processRootDependencies(parsedLock.dependencies, rubyTree)
-      return rubyTree
-    } else {
-      return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock }
-    }
-  } catch (err) {
-    throw err
-  }
-}
-
-const readAndParseGemfile = file => {
-  const gemFile = fs.readFileSync(file + '/Gemfile', 'utf8')
-  const rubyArray = gemFile.split('\n')
-
-  let filteredRubyDep = rubyArray.filter(element => {
-    return (
-      !element.includes('#') &&
-      element.includes('gem') &&
-      !element.includes('source')
-    )
-  })
-
-  for (let i = 0; i < filteredRubyDep.length; i++) {
-    filteredRubyDep[i] = filteredRubyDep[i].trim()
-  }
-
-  return filteredRubyDep
-}
-
-const readAndParseGemLockFile = file => {
-  const lockFile = fs.readFileSync(file + '/Gemfile.lock', 'utf8')
-  const dependencyRegEx = /^\s*([A-Za-z0-9.!@#$%\-^&*_+]*)\s*(\((.*?)\))/
-
-  const lines = lockFile.split('\n')
-
-  return {
-    dependencies: getDirectDependencies(lines, dependencyRegEx),
-    runtimeDetails: getLockFileRuntimeInfo(lines),
-    sources: getSourceArray(lines, dependencyRegEx)
-  }
-}
-
-const nonDependencyKeys = (line, sourceObject) => {
-  const GEMFILE_KEY_VALUE = /^\s*([^:(]*)\s*\:*\s*(.*)/
-  let parts = GEMFILE_KEY_VALUE.exec(line)
-  let key = parts[1].trim()
-  let value = parts[2] || ''
-
-  sourceObject[key] = value
-  return sourceObject
-}
-
-const populateResolveAndPlatform = (version, sourceObject) => {
-  const depArr = version.split('-')
-  sourceObject.resolved = depArr[0]
-  sourceObject.platform = depArr.length > 1 ? depArr[1] : 'UNSPECIFIED'
-  return sourceObject
-}
-
-const isUpperCase = str => {
-  return str === str.toUpperCase()
-}
-
-const getDirectDependencies = (lines, dependencyRegEx) => {
-  const dependencies = {}
-
-  let depIndex = 0
-  for (let i = 0; i < lines.length; i++) {
-    if (lines[i] === 'DEPENDENCIES') {
-      depIndex = i
-    }
-  }
-  const getDepArray = lines.slice(depIndex)
-
-  for (let j = 1; j < getDepArray.length; j++) {
-    const element = getDepArray[j]
-    if (!isUpperCase(element)) {
-      const isDependencyWithVersion = dependencyRegEx.test(element)
-      if (isDependencyWithVersion) {
-        const dependency = dependencyRegEx.exec(element)
-        let name = dependency[1]
-        name = name.replace('!', '')
-        dependencies[name.trim()] = dependency[3]
-      } else {
-        let name = element
-        name = name.replace('!', ' ')
-        dependencies[name.trim()] = 'UNSPECIFIED'
-      }
-    }
-  }
-
-  return dependencies
-}
-
-const getLockFileRuntimeInfo = lines => {
-  let rubVersionIndex = 0
-  for (let i = 0; i < lines.length; i++) {
-    if (lines[i] === 'RUBY VERSION') {
-      rubVersionIndex = i
-      break
-    }
-  }
-
-  const runtimeDetails = {}
-  if (rubVersionIndex !== 0) {
-    const getRubyVersionArray = lines.slice(rubVersionIndex)
-
-    for (let element of getRubyVersionArray) {
-      if (!isUpperCase(element)) {
-        runtimeDetails['version'] = getVersion(element)
-        runtimeDetails['patchLevel'] = getPatchLevel(element)
-
-        if (element.includes('engine')) {
-          let splitElement = element.split(' ')
-          runtimeDetails[splitElement[0]] = splitElement[1]
-        }
-      }
-    }
-  }
-  return runtimeDetails
-}
-
-const getVersion = element => {
-  const versionRegex = /^([ruby\s0-9.*]+)/
-  if (versionRegex.test(element)) {
-    let version = versionRegex.exec(element)[0]
-
-    if (version.includes('ruby')) {
-      return trimWhiteSpace(version.replace('ruby', ''))
-    }
-  }
-}
-
-const getPatchLevel = element => {
-  const patchLevelRegex = /(p\d+)/
-  if (patchLevelRegex.test(element)) {
-    return patchLevelRegex.exec(element)[0]
-  }
-}
-
-const formatSourceArr = sourceArr => {
-  return sourceArr.map(element => {
-    if (element.sourceType === 'GIT') {
-      delete element.specs
-    }
-
-    if (element.sourceType === 'GEM') {
-      delete element.branch
-      delete element.revision
-      delete element.depthLevel
-      delete element.specs
-    }
-
-    if (element.sourceType === 'PATH') {
-      delete element.branch
-      delete element.revision
-      delete element.depthLevel
-      delete element.specs
-      delete element.platform
-    }
-    return element
-  })
-}
-
-const getSourceArray = (lines, dependencyRegEx) => {
-  const sourceObject = {
-    dependencies: {}
-  }
-
-  const whitespaceRegx = /^(\s*)/
-  let index = 0
-
-  let line = 0
-  const sources = []
-  while ((line = lines[index++]) !== undefined) {
-    let currentWS = whitespaceRegx.exec(line)[1].length
-    if (!line.includes(' bundler (')) {
-      if (currentWS === 0 && !line.includes(':') && line !== '') {
-        sourceObject.sourceType = line
-      }
-
-      if (currentWS !== 0 && line.includes(':')) {
-        nonDependencyKeys(line, sourceObject)
-      }
-
-      if (currentWS > 2) {
-        let nexlineWS = whitespaceRegx.exec(lines[index])[1].length
-        sourceObject.dependencies = buildSourceDependencyWithVersion(
-          whitespaceRegx,
-          dependencyRegEx,
-          line,
-          currentWS,
-          sourceObject.name,
-          sourceObject.dependencies
-        )
-
-        if (currentWS === 4 && sourceObject.depthLevel === undefined) {
-          const dependency = dependencyRegEx.exec(line)
-          sourceObject.name = dependency[1]
-          sourceObject.depthLevel = currentWS
-          populateResolveAndPlatform(dependency[3], sourceObject)
-        }
-
-        if (currentWS === 4 && sourceObject.depthLevel) {
-          // create new Parent
-          const dependency = dependencyRegEx.exec(line)
-          sourceObject.name = dependency[1]
-          sourceObject.depthLevel = currentWS
-          populateResolveAndPlatform(dependency[3], sourceObject)
-        }
-
-        if (
-          (currentWS === 4 && nexlineWS === 4) ||
-          (currentWS === 6 && nexlineWS === 4) ||
-          nexlineWS == ''
-        ) {
-          let newObj = {}
-          newObj = JSON.parse(JSON.stringify(sourceObject))
-          sources.push(newObj)
-          sourceObject.dependencies = {}
-        }
-      }
-    }
-  }
-  return formatSourceArr(sources)
-}
-
-const buildSourceDependencyWithVersion = (
-  whitespaceRegx,
-  dependencyRegEx,
-  line,
-  currentWhiteSpace,
-  name,
-  dependencies
-) => {
-  const isDependencyWithVersion = dependencyRegEx.test(line)
-
-  if (currentWhiteSpace === 6) {
-    const dependency = dependencyRegEx.exec(line)
-    if (isDependencyWithVersion) {
-      if (name !== dependency[1]) {
-        dependencies[dependency[1]] = dependency[3]
-      }
-    } else {
-      dependencies[line.trim()] = 'UNSPECIFIED'
-    }
-  }
-
-  return dependencies
-}
-
-const processRootDependencies = (rootDependencies, rubyTree) => {
-  const getParentObjectByName = queryToken =>
-    Object.values(rubyTree).filter(({ name }) => name === queryToken)
-
-  for (let parent in rootDependencies) {
-    let parentObject = getParentObjectByName(parent)
-
-    // ignore root dependencies that don't have a resolved version
-    if (parentObject[0]) {
-      let gav =
-        parentObject[0].group +
-        '/' +
-        parentObject[0].name +
-        '@' +
-        parentObject[0].version
-
-      rubyTree[gav] = parentObject[0]
-      rubyTree[gav].directDependency = true
-    }
-  }
-  return rubyTree
-}
-
-const createRubyTree = rubyArray => {
-  let rubyTree = {}
-  for (let x in rubyArray) {
-    let version = rubyArray[x].resolved
-
-    let gav = rubyArray[x].group + '/' + rubyArray[x].name + '@' + version
-    rubyTree[gav] = rubyArray[x]
-    rubyTree[gav].directDependency = false
-    rubyTree[gav].version = version
-
-    // add dependency array if none exists
-    if (!rubyTree[gav].dependencies) {
-      rubyTree[gav].dependencies = []
-    }
-
-    delete rubyTree[gav].resolved
-  }
-  return rubyTree
-}
-
-const findChildrenDependencies = rubyTree => {
-  for (let dep in rubyTree) {
-    let unResolvedChildDepsKey = Object.keys(rubyTree[dep].dependencies)
-    rubyTree[dep].dependencies = resolveVersionOfChildDependencies(
-      unResolvedChildDepsKey,
-      rubyTree
-    )
-  }
-}
-
-const resolveVersionOfChildDependencies = (
-  unResolvedChildDepsKey,
-  rubyObject
-) => {
-  const getParentObjectByName = queryToken =>
-    Object.values(rubyObject).filter(({ name }) => name === queryToken)
-  let resolvedChildrenDependencies = []
-  for (let childDep in unResolvedChildDepsKey) {
-    let childDependencyName = unResolvedChildDepsKey[childDep]
-    let parent = getParentObjectByName(childDependencyName)
-    resolvedChildrenDependencies.push(
-      'null/' + childDependencyName + '@' + parent[0].version
-    )
-  }
-  return resolvedChildrenDependencies
-}
-
-const removeRedundantAndPopulateDefinedElements = deps => {
-  return deps.map(element => {
-    if (element.sourceType === 'GIT') {
-      delete element.sourceType
-      delete element.remote
-      delete element.platform
-
-      element.group = null
-      element.productionDependency = true
-    }
-
-    if (element.sourceType === 'GEM') {
-      element.group = null
-      element.productionDependency = true
-
-      delete element.sourceType
-      delete element.remote
-      delete element.platform
-    }
-
-    if (element.sourceType === 'PATH') {
-      element.group = null
-      element.productionDependency = true
-
-      delete element.platform
-      delete element.sourceType
-      delete element.remote
-    }
-
-    if (element.sourceType === 'BUNDLED WITH') {
-      element.group = null
-      element.productionDependency = true
-
-      delete element.sourceType
-      delete element.remote
-      delete element.branch
-      delete element.revision
-      delete element.depthLevel
-      delete element.specs
-      delete element.platform
-    }
-    return element
-  })
-}
-
-const checkForCorrectFiles = languageFiles => {
-  if (!languageFiles.includes('Gemfile.lock')) {
-    throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'ruby'))
-  }
-
-  if (!languageFiles.includes('Gemfile')) {
-    throw new Error(i18n.__('languageAnalysisProjectFileError', 'ruby'))
-  }
-}
-
-const trimWhiteSpace = string => {
-  return string.replace(/\s+/g, '')
-}
-
-module.exports = {
-  getRubyDeps,
-  readAndParseGemfile,
-  readAndParseGemLockFile,
-  nonDependencyKeys,
-  populateResolveAndPlatform,
-  isUpperCase,
-  getDirectDependencies,
-  getLockFileRuntimeInfo,
-  getVersion,
-  getPatchLevel,
-  formatSourceArr,
-  getSourceArray,
-  checkForCorrectFiles,
-  removeRedundantAndPopulateDefinedElements,
-  createRubyTree,
-  findChildrenDependencies,
-  processRootDependencies
-}

package/src/scaAnalysis/ruby/index.js

@@ -1,16 +0,0 @@
-const analysis = require('./analysis')
-const { createRubyTSMessage } = require('../common/formatMessage')
-
-const rubyAnalysis = (config, languageFiles) => {
-  const rubyDeps = analysis.getRubyDeps(config, languageFiles.RUBY)
-
-  if (config.legacy === false) {
-    return rubyDeps
-  } else {
-    return createRubyTSMessage(rubyDeps)
-  }
-}
-
-module.exports = {
-  rubyAnalysis
-}

package/src/scaAnalysis/scaAnalysis.js

@@ -1,171 +0,0 @@
-const {
-  supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET }
-} = require('../constants/constants')
-const {
-  returnOra,
-  startSpinner,
-  succeedSpinner
-} = require('../utils/oraWrapper')
-const autoDetection = require('../scan/autoDetection')
-const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames')
-const path = require('path')
-const i18n = require('i18n')
-const { auditUsageGuide } = require('../commands/audit/help')
-const repoMode = require('./repoMode')
-const { dotNetAnalysis } = require('./dotnet')
-const { goAnalysis } = require('./go/goAnalysis')
-const { phpAnalysis } = require('./php')
-const { rubyAnalysis } = require('./ruby')
-const { pythonAnalysis } = require('./python')
-const javaAnalysis = require('./java')
-const jsAnalysis = require('./javascript')
-const auditReport = require('./common/auditReport')
-const processServices = require('./processServicesFlow')
-const chalk = require('chalk')
-const {
-  convertGenericToTypedReportModelSca
-} = require('./common/utils/reportUtilsSca')
-const projectConfig = require('../commands/github/projectGroup')
-const { legacyFlow } = require('./legacy/legacyFlow')
-
-const processSca = async config => {
-  let filesFound
-
-  if (config.help) {
-    console.log(auditUsageGuide)
-    process.exit(0)
-  }
-
-  config.repo = config.repositoryId !== undefined
-
-  const projectStats = await rootFile.getProjectStats(config.file)
-  let pathWithFile = projectStats.isFile()
-
-  config.fileName = config.file
-  config.file = pathWithFile
-    ? rootFile.getDirectoryFromPathGiven(config.file).concat('/')
-    : config.file
-
-  filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file)
-  filesFound = await autoDetection.detectPackageManager(filesFound)
-  autoDetection.dealWithMultiJava(filesFound)
-
-  if (filesFound.length > 1 && pathWithFile) {
-    filesFound = filesFound.filter(i =>
-      Object.values(i)[0].includes(path.basename(config.fileName))
-    )
-  }
-
-  // files found looks like [ { javascript: [ Array ] } ]
-  //check we have the language and call the right analyser
-  let messageToSend = undefined
-  if (filesFound.length === 1) {
-    config.packageManager = filesFound[0]?.packageManager
-    switch (Object.keys(filesFound[0])[0]) {
-      case JAVA:
-        config.language = JAVA
-        if (config.repo && !config.legacy) {
-          try {
-            messageToSend = await repoMode.buildRepo(config, filesFound[0])
-          } catch (e) {
-            throw new Error(
-              'Unable to build in repository mode. Check your project file'
-            )
-          }
-        } else {
-          messageToSend = await javaAnalysis.javaAnalysis(config, filesFound[0])
-        }
-        break
-      case JAVASCRIPT:
-        messageToSend = await jsAnalysis.jsAnalysis(config, filesFound[0])
-        config.language = NODE
-        break
-      case PYTHON:
-        messageToSend = pythonAnalysis(config, filesFound[0])
-        config.language = PYTHON
-        break
-      case RUBY:
-        messageToSend = rubyAnalysis(config, filesFound[0])
-        config.language = RUBY
-        break
-      case PHP:
-        messageToSend = phpAnalysis(config, filesFound[0])
-        config.language = PHP
-        break
-      case GO:
-        messageToSend = goAnalysis(config, filesFound[0])
-        config.language = GO
-        break
-      case DOTNET:
-        if (config.legacy === false) {
-          console.log(
-            `${chalk.bold(
-              '\n.NET project found\n'
-            )} Language type is unsupported.`
-          )
-          return
-        } else {
-          messageToSend = dotNetAnalysis(config, filesFound[0])
-          config.language = DOTNET
-          break
-        }
-      default:
-        //something is wrong
-        console.log('No supported language detected in project path')
-        return
-    }
-
-    if (config.legacy === false) {
-      if (!config.name) {
-        config = await projectConfig.dealWithNoName(config)
-      }
-      const startTime = performance.now()
-      console.log('') //empty log for space before spinner
-      const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
-      startSpinner(reportSpinner)
-
-      let reportResponse = await processServices.processUpload(
-        messageToSend,
-        config,
-        reportSpinner
-      )
-
-      const reportModelLibraryList = convertGenericToTypedReportModelSca(
-        reportResponse.reportArray
-      )
-      await auditReport.processAuditReport(
-        config,
-        reportModelLibraryList,
-        reportResponse.reportId
-      )
-
-      succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
-
-      const endTime = performance.now() - startTime
-      const scanDurationMs = endTime - startTime
-      console.log(
-        `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
-      )
-    } else {
-      await legacyFlow(config, messageToSend)
-    }
-  } else {
-    if (filesFound.length === 0) {
-      console.log(i18n.__('languageAnalysisNoLanguage'))
-      console.log(i18n.__('languageAnalysisNoLanguageHelpLine'))
-      throw new Error()
-    } else {
-      console.log(chalk.bold(`\nMultiple language files detected \n`))
-      filesFound.forEach(file => {
-        console.log(`${Object.keys(file)[0]} : `, Object.values(file)[0])
-      })
-      throw new Error(
-        `Please use --file to audit one language only. \nExample: contrast audit --file package-lock.json`
-      )
-    }
-  }
-}
-
-module.exports = {
-  processSca
-}