@contrast/contrast 2.0.2-beta.0 → 2.0.2-beta.2

package/dist/cliConstants.js

@@ -395,6 +395,7 @@ const fingerprintOptionDefinitions = [
     {
         name: 'depth',
         type: Number,
+        default: 3,
         description: '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('depthOption')
     },
     {

package/dist/commands/github/processFingerprint.js

@@ -1,7 +1,7 @@
 "use strict";
 const fingerprintConfig = require('./fingerprintConfig');
 const repoServices = require('./repoServices');
-const autoDetection = require('../../scan/autoDetection');
+const autoDetection = require('../../common/autoDetection');
 const saveResults = require('../../scan/saveResults');
 const projectConfig = require('./projectGroup');
 const processFingerprint = async (contrastConf, argvMain) => {

package/dist/commands/github/projectGroup.js

@@ -79,10 +79,10 @@ const createProjectsArray = params => {
     });
     return projectsArray;
 };
-const createProject = param => {
+const createProject = (param, shortenedProjectName) => {
     return {
         path: param.fileName,
-        name: param.repo ? param.fileName : getProjectName(param),
+        name: param.repo ? shortenedProjectName : getProjectName(param),
         source: 'SCA',
         language: param.language,
         packageManager: param.packageManager,
@@ -121,11 +121,11 @@ const addAdditionalData = (body, data) => {
     body.projectLanguage = data.projectLanguage ? data.projectLanguage : null;
     body.projectType = data.projectType ? data.projectType : null;
 };
-const registerProjectIdOnCliServices = async (config, projectId, additionalData = undefined) => {
+const registerProjectIdOnCliServices = async (config, projectId, shortenedProjectName, additionalData = undefined) => {
     const client = commonApi.getHttpClient(config);
     let cliServicesBody = {
         projectId: projectId,
-        name: config.repo ? config.fileName : getProjectName(config)
+        name: config.repo ? shortenedProjectName : getProjectName(config)
     };
     if (additionalData) {
         addAdditionalData(cliServicesBody, additionalData);
@@ -149,10 +149,10 @@ const registerProjectIdOnCliServices = async (config, projectId, additionalData
     });
     return result;
 };
-const registerProjectWithGroupProjectId = async (config) => {
+const registerProjectWithGroupProjectId = async (config, shortenedProjectName) => {
     const client = commonApi.getHttpClient(config);
     config.language = config.language === 'NODE' ? 'JAVASCRIPT' : config.language;
-    let body = createProject(config);
+    let body = createProject(config, shortenedProjectName);
     let result = await client.registerProject(config, body).then(res => {
         if (config.debug || config.verbose) {
             console.log('\nregister Project With Group ProjectId');

package/dist/commands/github/repoServices.js

@@ -68,7 +68,7 @@ const registerNewRepo = async (config) => {
     return result;
 };
 const retrieveProjectInfoViaRepoId = async (config) => {
-    const client = await commonApi.getHttpClient(config);
+    const client = commonApi.getHttpClient(config);
     let result = await client
         .retrieveProjectByRepoId(config)
         .then(res => {

package/dist/{scan → common}/autoDetection.js

@@ -1,7 +1,8 @@
 "use strict";
 const i18n = require('i18n');
-const fileFinder = require('./fileUtils');
-const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET } } = require('../constants/constants');
+const fileFinder = require('../scan/fileUtils');
+const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, DOTNET } } = require('../constants/constants');
+const { shortenFilePath } = require('../scan/fileUtils');
 const autoDetectFingerprintInfo = async (filePath, depth, config) => {
     let complexObj = await fileFinder.findAllFiles(filePath, depth);
     let result = [];
@@ -10,6 +11,7 @@ const autoDetectFingerprintInfo = async (filePath, depth, config) => {
         count++;
         if (!i.includes('package.json')) {
             result.push({
+                name: shortenFilePath(i),
                 filePath: i,
                 id: count.toString(),
                 repositoryId: config.repositoryId,
@@ -100,18 +102,40 @@ const hasWhiteSpace = s => {
     const filename = s.split('/').pop();
     return filename.indexOf(' ') >= 0;
 };
-const dealWithMultiJava = filesFound => {
-    let hasMultiJava = filesFound.filter(data => {
-        return (Object.keys(data)[0] === JAVA &&
-            Object.values(data)[0].includes('build.gradle') &&
-            Object.values(data)[0].includes('pom.xml'));
-    }).length > 0;
+const dealWithMultiJava = (filesFound, config, isFile) => {
+    if (isFile) {
+        return multiJavaFilePathFullySpecified(filesFound, config);
+    }
+    else {
+        return multiJavaNoFilePathFullySpecified(filesFound);
+    }
+};
+const multiJavaNoFilePathFullySpecified = filesFound => {
+    const hasMultiJava = filesFound.filter(data => Object.keys(data)[0] === JAVA &&
+        Object.values(data)[0].includes('build.gradle') &&
+        Object.values(data)[0].includes('pom.xml')).length > 0;
     if (hasMultiJava) {
         console.log('Multiple Java language dependency files detected');
         console.log('Please use --file to audit one only. \nExample: contrast audit --file pom.xml');
         process.exit(1);
     }
-    return false;
+    return filesFound;
+};
+const multiJavaFilePathFullySpecified = (filesFound, config) => {
+    const filteredFiles = filesFound[0].JAVA.filter(fileTypes => config.fileName.endsWith(fileTypes));
+    filesFound[0].JAVA = filteredFiles;
+    filesFound[0].filePath = filteredFiles[0];
+    if (filteredFiles[0] === 'pom.xml') {
+        filesFound[0].packageManager = 'MAVEN';
+    }
+    else {
+        filesFound[0].packageManager = 'GRADLE';
+    }
+    if (config.debug || config.verbose) {
+        console.log('\nAuto detection - detected multiple Java files');
+        console.log(`\nAuto detection - using ${filesFound[0].filePath} as based on full file path`);
+    }
+    return filesFound;
 };
 const errorOnFileDetection = entries => {
     if (entries.length > 1) {

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '2.0.2-beta.0';
+const APP_VERSION = '2.0.2-beta.2';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';

package/dist/scaAnalysis/common/scaServicesUpload.js

@@ -22,6 +22,9 @@ const scaTreeUpload = async (analysis, config, reportSpinner) => {
             version: APP_VERSION
         }
     };
+    if (config.debug || config.verbose) {
+        console.log('requestBody', requestBody);
+    }
     if (config.branch) {
         requestBody.branchName = config.branch;
     }

package/dist/scaAnalysis/processServicesFlow.js

@@ -2,6 +2,7 @@
 const projectConfig = require('../commands/github/projectGroup');
 const repoService = require('../commands/github/repoServices');
 const scaServicesUpload = require('../scaAnalysis/common/scaServicesUpload');
+const { shortenFilePath } = require('../scan/fileUtils');
 const dealWithNoProjectId = async (analysis, config, reportSpinner) => {
     await projectConfig.registerNewProjectGroup(config);
     let projectId = await projectConfig.getProjectIdByOrg(config);
@@ -18,18 +19,19 @@ const repoProcess = async (analysis, config, reportSpinner) => {
         console.log('Failed to retrieve Repository Id');
         process.exit(1);
     }
+    let shortenedProjectName = shortenFilePath(config.fileName);
     let repoInfo = await repoService.retrieveProjectInfoViaRepoId(config);
     repoInfo = repoInfo.find(element => config.fileName === element.path &&
-        config.fileName === element.name &&
+        shortenedProjectName === element.name &&
         config.projectGroupId === element.projectGroupId);
     if (config.projectGroupId &&
         !repoInfo?.projectId &&
         (repoInfo === undefined || repoInfo.length === 0)) {
         console.log('*** has projectGroupId, no projectId and repo has no project found that matches');
-        repoInfo = await projectConfig.registerProjectWithGroupProjectId(config);
+        repoInfo = await projectConfig.registerProjectWithGroupProjectId(config, shortenedProjectName);
         console.log('new registered group', repoInfo);
         const language = repoInfo.language === 'JAVASCRIPT' ? 'NODE' : repoInfo.language;
-        await projectConfig.registerProjectIdOnCliServices(config, repoInfo.projectId);
+        await projectConfig.registerProjectIdOnCliServices(config, repoInfo.projectId, shortenedProjectName);
     }
     config.projectId = repoInfo.projectId;
     return await scaServicesUpload.scaTreeUpload(analysis, config, reportSpinner);

package/dist/scaAnalysis/repoMode/mavenParser.js

@@ -1,94 +1,117 @@
 "use strict";
 const fs = require('fs');
-const xml2js = require('xml2js');
+const { XMLParser } = require('fast-xml-parser');
 const readPomFile = project => {
     const mavenFilePath = project.cwd + '/pom.xml';
     const projectFile = fs.readFileSync(mavenFilePath);
-    let jsonPomFile;
-    xml2js.parseString(projectFile, (err, result) => {
-        if (err) {
-            throw err;
-        }
-        const json = JSON.stringify(result, null);
-        jsonPomFile = JSON.parse(json);
-    });
-    return jsonPomFile;
-};
-const getFromVersionsTag = (dependencyName, versionIdentifier, jsonPomFile) => {
-    let formattedVersion = versionIdentifier.replace(/[{}]/g, '').replace('$', '');
-    if (jsonPomFile.project.properties[0].hasOwnProperty([formattedVersion])) {
-        return jsonPomFile.project.properties[0][formattedVersion][0];
-    }
-    else {
-        return null;
-    }
+    const parser = new XMLParser();
+    return parser.parse(projectFile);
 };
 const parsePomFile = jsonPomFile => {
     let dependencyTree = {};
-    let parsedVersion;
-    let dependencies;
-    jsonPomFile.project.hasOwnProperty('dependencies')
-        ? (dependencies = jsonPomFile.project.dependencies[0].dependency)
-        : (dependencies =
-            jsonPomFile.project.dependencyManagement[0].dependencies[0].dependency);
-    for (let x in dependencies) {
-        let dependencyObject = dependencies[x];
-        if (!dependencyObject.hasOwnProperty('version')) {
-            parsedVersion = getVersion(jsonPomFile, dependencyObject);
-        }
-        else {
-            dependencyObject.version[0].includes('${versions.')
-                ? (parsedVersion = getFromVersionsTag(dependencyObject.artifactId[0], dependencyObject.version[0], jsonPomFile))
-                : (parsedVersion = dependencyObject.version[0]);
-        }
-        let depName = dependencyObject.groupId +
-            '/' +
-            dependencyObject.artifactId +
-            '@' +
-            parsedVersion;
-        let parsedDependency = {
-            name: dependencyObject.artifactId[0],
-            group: dependencyObject.groupId[0],
-            version: parsedVersion,
-            directDependency: true,
-            productionDependency: true,
-            dependencies: []
-        };
-        dependencyTree[depName] = parsedDependency;
+    let dependencies = [];
+    let dependencyManagement = [];
+    if (jsonPomFile.project && jsonPomFile.project.dependencies) {
+        dependencies = jsonPomFile.project.dependencies.dependency;
+    }
+    if (jsonPomFile.project && jsonPomFile.project.dependencyManagement) {
+        dependencyManagement =
+            jsonPomFile.project.dependencyManagement.dependencies.dependency;
     }
-    const retrieveParent = getParentDependency(jsonPomFile);
+    const mergedAndFilteredDeps = dependencies.map(obj1 => {
+        const obj2 = dependencyManagement.find(obj2 => obj2.groupId === obj1.groupId && obj2.artifactId === obj1.artifactId);
+        return obj2 ? { ...obj1, ...obj2 } : obj1;
+    });
+    buildDependencies(mergedAndFilteredDeps, dependencyTree, jsonPomFile);
     return {
-        parentPom: retrieveParent,
+        parentPom: getParentDependency(jsonPomFile),
         dependencyTree
     };
 };
 const getParentDependency = jsonPomFile => {
-    let parent = {};
-    jsonPomFile.project.hasOwnProperty('parent')
-        ? (parent = buildParent(jsonPomFile.project.parent))
-        : (parent = undefined);
-    return parent;
+    if (jsonPomFile.project && jsonPomFile.project.parent) {
+        return buildParent(jsonPomFile.project.parent);
+    }
+    else {
+        return undefined;
+    }
 };
 const buildParent = parent => {
     return {
-        group: parent[0].groupId[0],
-        name: parent[0].artifactId[0],
-        version: parent[0].version[0]
+        group: parent.groupId,
+        name: parent.artifactId,
+        version: parent.version
     };
 };
-const getVersion = (pomFile, dependencyWithoutVersion) => {
-    let parentVersion = pomFile.project.parent[0].version[0];
-    let parentGroupName = pomFile.project.parent[0].groupId[0];
-    if (parentGroupName === dependencyWithoutVersion.groupId[0]) {
-        return parentVersion;
+const getVersionFromParent = (parentObj, dependencyWithoutVersion) => {
+    const { groupId, version } = parentObj;
+    if (groupId === dependencyWithoutVersion.groupId) {
+        return version;
     }
     else {
         return null;
     }
 };
+const getVersionFromProperties = (properties, dep) => {
+    if (properties && dep.version.includes('${')) {
+        const currentDepVersionPlaceholder = dep.version
+            .replace('${', '')
+            .replace('}', '');
+        for (const prop in properties) {
+            if (prop === currentDepVersionPlaceholder) {
+                return properties[prop];
+            }
+        }
+    }
+};
+const buildDependencies = (dependencies, dependencyTree, jsonPomFile) => {
+    const parent = getParentDependency(jsonPomFile);
+    for (const dep of dependencies) {
+        const versionAsString = dep.version ? dep.version.toString() : dep.version;
+        if (versionAsString && !versionAsString.includes('${')) {
+            const depName = dep.groupId + '/' + dep.artifactId + '@' + versionAsString;
+            dependencyTree[depName] = buildDep(dep, dep.version);
+        }
+        else if (jsonPomFile.project.properties &&
+            dep.version &&
+            dep.version.includes('${')) {
+            searchAndBuildFromProperties(jsonPomFile, dep, dependencyTree);
+        }
+        else if (!dep.version) {
+            if (parent && parent.version) {
+                const { parent } = jsonPomFile.project;
+                const parsedVersion = getVersionFromParent(parent, dep);
+                const depName = dep.groupId + '/' + dep.artifactId + '@' + parsedVersion;
+                dependencyTree[depName] = buildDep(dep, parsedVersion);
+            }
+        }
+    }
+};
+const searchAndBuildFromProperties = (jsonPomFile, dep, dependencyTree) => {
+    const { properties } = jsonPomFile.project;
+    let versionFromProperties = getVersionFromProperties(properties, dep);
+    if (versionFromProperties) {
+        versionFromProperties = versionFromProperties.toString();
+        const depName = dep.groupId + '/' + dep.artifactId + '@' + versionFromProperties;
+        dependencyTree[depName] = buildDep(dep, versionFromProperties);
+    }
+    else {
+        const depName = dep.groupId + '/' + dep.artifactId + '@' + null;
+        dependencyTree[depName] = buildDep(dep, null);
+    }
+};
+const buildDep = (dep, version) => {
+    return {
+        name: dep.artifactId,
+        group: dep.groupId,
+        version: version,
+        directDependency: true,
+        productionDependency: true,
+        dependencies: []
+    };
+};
 module.exports = {
     readPomFile,
-    getVersion,
-    parsePomFile,
-    getFromVersionsTag
+    getVersionFromParent,
+    parsePomFile
 };

package/dist/scaAnalysis/scaAnalysis.js

@@ -1,7 +1,7 @@
 "use strict";
 const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET } } = require('../constants/constants');
 const { returnOra, startSpinner, succeedSpinner } = require('../utils/oraWrapper');
-const autoDetection = require('../scan/autoDetection');
+const autoDetection = require('../common/autoDetection');
 const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames');
 const path = require('path');
 const i18n = require('i18n');
@@ -35,7 +35,7 @@ const processSca = async (config) => {
         : config.file;
     filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
     filesFound = await autoDetection.detectPackageManager(filesFound);
-    autoDetection.dealWithMultiJava(filesFound);
+    autoDetection.dealWithMultiJava(filesFound, config, pathWithFile);
     if (filesFound.length > 1 && pathWithFile) {
         filesFound = filesFound.filter(i => Object.values(i)[0].includes(path.basename(config.fileName)));
     }

package/dist/scan/fileUtils.js

@@ -10,19 +10,14 @@ const findFile = async () => {
         onlyFiles: true
     });
 };
-const findAllFiles = async (filePath, depth = 2) => {
+const findAllFiles = async (filePath, depth = 3) => {
     const result = await fg([
         '**/pom.xml',
-        '**/build.gradle',
-        '**/build.gradle.kts',
         '**/package.json',
         '**/package-lock.json',
-        '**/yarn.lock',
-        '**/Pipfile',
-        '**/*.csproj',
-        '**/Gemfile',
-        '**/go.mod'
+        '**/yarn.lock'
     ], {
+        ignore: ['**/node_modules/**', '**/target/**', '**/bin/**'],
         dot: false,
         deep: depth,
         onlyFiles: true,
@@ -162,6 +157,15 @@ const fileIsEmpty = path => {
     }
     return false;
 };
+const shortenFilePath = filePath => {
+    let splitPath = filePath.split('home/runner/work/');
+    if (splitPath.length > 1) {
+        let splitPath2 = splitPath[1].split('/');
+        splitPath2.shift();
+        return splitPath2.join('/').toString();
+    }
+    return filePath;
+};
 module.exports = {
     findFile,
     fileExists,
@@ -174,5 +178,6 @@ module.exports = {
     findFilesRuby,
     findFilesDotNet,
     fileIsEmpty,
-    findAllFiles
+    findAllFiles,
+    shortenFilePath
 };

package/dist/scan/scanController.js

@@ -4,7 +4,7 @@ const { returnOra, startSpinner, succeedSpinner, stopSpinner } = require('../uti
 const populateProjectIdAndProjectName = require('./populateProjectIdAndProjectName');
 const scan = require('./scan');
 const scanResults = require('./scanResults');
-const autoDetection = require('./autoDetection');
+const autoDetection = require('../common/autoDetection');
 const fileFunctions = require('./fileUtils');
 const { performance } = require('perf_hooks');
 const getTimeout = config => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "2.0.2-beta.0",
+  "version": "2.0.2-beta.2",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {
@@ -61,6 +61,7 @@
     "cross-spawn": "^7.0.3",
     "dotenv": "^16.0.0",
     "fast-glob": "^3.2.11",
+    "fast-xml-parser": "^4.2.2",
     "got": "11.8.6",
     "gradle-to-js": "^2.0.1",
     "hpagent": "^1.2.0",

package/src/cliConstants.js

@@ -445,6 +445,7 @@ const fingerprintOptionDefinitions = [
   {
     name: 'depth',
     type: Number,
+    default: 3,
     description:
       '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('depthOption')
   },

package/src/commands/github/processFingerprint.js

@@ -1,6 +1,6 @@
 const fingerprintConfig = require('./fingerprintConfig')
 const repoServices = require('./repoServices')
-const autoDetection = require('../../scan/autoDetection')
+const autoDetection = require('../../common/autoDetection')
 const saveResults = require('../../scan/saveResults')
 const projectConfig = require('./projectGroup')
 const processFingerprint = async (contrastConf, argvMain) => {

package/src/commands/github/projectGroup.js

@@ -91,10 +91,10 @@ const createProjectsArray = params => {
   return projectsArray
 }
 
-const createProject = param => {
+const createProject = (param, shortenedProjectName) => {
   return {
     path: param.fileName,
-    name: param.repo ? param.fileName : getProjectName(param),
+    name: param.repo ? shortenedProjectName : getProjectName(param),
     source: 'SCA',
     language: param.language,
     packageManager: param.packageManager,
@@ -143,13 +143,14 @@ const addAdditionalData = (body, data) => {
 const registerProjectIdOnCliServices = async (
   config,
   projectId,
+  shortenedProjectName,
   additionalData = undefined
 ) => {
   const client = commonApi.getHttpClient(config)
 
   let cliServicesBody = {
     projectId: projectId,
-    name: config.repo ? config.fileName : getProjectName(config)
+    name: config.repo ? shortenedProjectName : getProjectName(config)
   }
 
   if (additionalData) {
@@ -176,11 +177,14 @@ const registerProjectIdOnCliServices = async (
   return result
 }
 
-const registerProjectWithGroupProjectId = async config => {
+const registerProjectWithGroupProjectId = async (
+  config,
+  shortenedProjectName
+) => {
   const client = commonApi.getHttpClient(config)
   config.language = config.language === 'NODE' ? 'JAVASCRIPT' : config.language
 
-  let body = createProject(config)
+  let body = createProject(config, shortenedProjectName)
   let result = await client.registerProject(config, body).then(res => {
     if (config.debug || config.verbose) {
       console.log('\nregister Project With Group ProjectId')

package/src/commands/github/repoServices.js

@@ -75,7 +75,7 @@ const registerNewRepo = async config => {
 }
 
 const retrieveProjectInfoViaRepoId = async config => {
-  const client = await commonApi.getHttpClient(config)
+  const client = commonApi.getHttpClient(config)
 
   let result = await client
     .retrieveProjectByRepoId(config)

package/src/{scan → common}/autoDetection.js

@@ -1,8 +1,10 @@
 const i18n = require('i18n')
-const fileFinder = require('./fileUtils')
+const fileFinder = require('../scan/fileUtils')
 const {
-  supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET }
+  supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, DOTNET }
 } = require('../constants/constants')
+const { shortenFilePath } = require('../scan/fileUtils')
+
 const autoDetectFingerprintInfo = async (filePath, depth, config) => {
   let complexObj = await fileFinder.findAllFiles(filePath, depth)
   let result = []
@@ -11,6 +13,7 @@ const autoDetectFingerprintInfo = async (filePath, depth, config) => {
     count++
     if (!i.includes('package.json')) {
       result.push({
+        name: shortenFilePath(i),
         filePath: i,
         id: count.toString(),
         repositoryId: config.repositoryId,
@@ -18,7 +21,6 @@ const autoDetectFingerprintInfo = async (filePath, depth, config) => {
       })
     }
   })
-
   return result
 }
 
@@ -114,15 +116,23 @@ const hasWhiteSpace = s => {
   return filename.indexOf(' ') >= 0
 }
 
-const dealWithMultiJava = filesFound => {
-  let hasMultiJava =
-    filesFound.filter(data => {
-      return (
+const dealWithMultiJava = (filesFound, config, isFile) => {
+  if (isFile) {
+    return multiJavaFilePathFullySpecified(filesFound, config)
+  } else {
+    return multiJavaNoFilePathFullySpecified(filesFound)
+  }
+}
+
+const multiJavaNoFilePathFullySpecified = filesFound => {
+  const hasMultiJava =
+    filesFound.filter(
+      data =>
         Object.keys(data)[0] === JAVA &&
         Object.values(data)[0].includes('build.gradle') &&
         Object.values(data)[0].includes('pom.xml')
-      )
-    }).length > 0
+    ).length > 0
+
   if (hasMultiJava) {
     console.log('Multiple Java language dependency files detected')
     console.log(
@@ -130,7 +140,31 @@ const dealWithMultiJava = filesFound => {
     )
     process.exit(1)
   }
-  return false
+
+  return filesFound
+}
+
+const multiJavaFilePathFullySpecified = (filesFound, config) => {
+  const filteredFiles = filesFound[0].JAVA.filter(fileTypes =>
+    config.fileName.endsWith(fileTypes)
+  )
+  filesFound[0].JAVA = filteredFiles
+  filesFound[0].filePath = filteredFiles[0]
+
+  if (filteredFiles[0] === 'pom.xml') {
+    filesFound[0].packageManager = 'MAVEN'
+  } else {
+    filesFound[0].packageManager = 'GRADLE'
+  }
+
+  if (config.debug || config.verbose) {
+    console.log('\nAuto detection - detected multiple Java files')
+    console.log(
+      `\nAuto detection - using ${filesFound[0].filePath} as based on full file path`
+    )
+  }
+
+  return filesFound
 }
 
 const errorOnFileDetection = entries => {

package/src/constants/constants.js

@@ -14,7 +14,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 // App
 const APP_NAME = 'contrast'
-const APP_VERSION = '2.0.2-beta.0'
+const APP_VERSION = '2.0.2-beta.2'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'

package/src/scaAnalysis/common/scaServicesUpload.js

@@ -28,6 +28,10 @@ const scaTreeUpload = async (analysis, config, reportSpinner) => {
     }
   }
 
+  if (config.debug || config.verbose) {
+    console.log('requestBody', requestBody)
+  }
+
   if (config.branch) {
     requestBody.branchName = config.branch
   }

package/src/scaAnalysis/processServicesFlow.js

@@ -1,6 +1,7 @@
 const projectConfig = require('../commands/github/projectGroup')
 const repoService = require('../commands/github/repoServices')
 const scaServicesUpload = require('../scaAnalysis/common/scaServicesUpload')
+const { shortenFilePath } = require('../scan/fileUtils')
 
 const dealWithNoProjectId = async (analysis, config, reportSpinner) => {
   await projectConfig.registerNewProjectGroup(config)
@@ -20,12 +21,14 @@ const repoProcess = async (analysis, config, reportSpinner) => {
     process.exit(1)
   }
 
+  let shortenedProjectName = shortenFilePath(config.fileName)
+
   let repoInfo = await repoService.retrieveProjectInfoViaRepoId(config)
 
   repoInfo = repoInfo.find(
     element =>
       config.fileName === element.path &&
-      config.fileName === element.name &&
+      shortenedProjectName === element.name &&
       config.projectGroupId === element.projectGroupId
   )
 
@@ -57,7 +60,10 @@ const repoProcess = async (analysis, config, reportSpinner) => {
     console.log(
       '*** has projectGroupId, no projectId and repo has no project found that matches'
     )
-    repoInfo = await projectConfig.registerProjectWithGroupProjectId(config)
+    repoInfo = await projectConfig.registerProjectWithGroupProjectId(
+      config,
+      shortenedProjectName
+    )
     console.log('new registered group', repoInfo)
     const language =
       repoInfo.language === 'JAVASCRIPT' ? 'NODE' : repoInfo.language
@@ -71,7 +77,8 @@ const repoProcess = async (analysis, config, reportSpinner) => {
 
     await projectConfig.registerProjectIdOnCliServices(
       config,
-      repoInfo.projectId
+      repoInfo.projectId,
+      shortenedProjectName
     )
   }
   config.projectId = repoInfo.projectId

package/src/scaAnalysis/repoMode/mavenParser.js

@@ -1,112 +1,138 @@
 const fs = require('fs')
-const xml2js = require('xml2js')
+const { XMLParser } = require('fast-xml-parser')
 
 const readPomFile = project => {
   const mavenFilePath = project.cwd + '/pom.xml'
   const projectFile = fs.readFileSync(mavenFilePath)
-  let jsonPomFile
-  xml2js.parseString(projectFile, (err, result) => {
-    if (err) {
-      throw err
-    }
-    const json = JSON.stringify(result, null)
-    jsonPomFile = JSON.parse(json)
-  })
-  return jsonPomFile
-}
-
-const getFromVersionsTag = (dependencyName, versionIdentifier, jsonPomFile) => {
-  // reading:
-  // <!-- DEPENDENCY VERSIONS -->
-  // <versions.animal-sniffer>1.16</versions.animal-sniffer>
-  let formattedVersion = versionIdentifier.replace(/[{}]/g, '').replace('$', '')
-
-  if (jsonPomFile.project.properties[0].hasOwnProperty([formattedVersion])) {
-    return jsonPomFile.project.properties[0][formattedVersion][0]
-  } else {
-    return null
-  }
+  const parser = new XMLParser()
+  return parser.parse(projectFile)
 }
 
 const parsePomFile = jsonPomFile => {
   let dependencyTree = {}
-  let parsedVersion
-  let dependencies
-
-  jsonPomFile.project.hasOwnProperty('dependencies')
-    ? (dependencies = jsonPomFile.project.dependencies[0].dependency)
-    : (dependencies =
-        jsonPomFile.project.dependencyManagement[0].dependencies[0].dependency)
-
-  for (let x in dependencies) {
-    let dependencyObject = dependencies[x]
-    if (!dependencyObject.hasOwnProperty('version')) {
-      parsedVersion = getVersion(jsonPomFile, dependencyObject)
-    } else {
-      dependencyObject.version[0].includes('${versions.')
-        ? (parsedVersion = getFromVersionsTag(
-            dependencyObject.artifactId[0],
-            dependencyObject.version[0],
-            jsonPomFile
-          ))
-        : (parsedVersion = dependencyObject.version[0])
-    }
+  let dependencies = []
+  let dependencyManagement = []
 
-    let depName =
-      dependencyObject.groupId +
-      '/' +
-      dependencyObject.artifactId +
-      '@' +
-      parsedVersion
-
-    let parsedDependency = {
-      name: dependencyObject.artifactId[0],
-      group: dependencyObject.groupId[0],
-      version: parsedVersion,
-      directDependency: true,
-      productionDependency: true,
-      dependencies: []
-    }
-    dependencyTree[depName] = parsedDependency
+  if (jsonPomFile.project && jsonPomFile.project.dependencies) {
+    dependencies = jsonPomFile.project.dependencies.dependency
+  }
+
+  if (jsonPomFile.project && jsonPomFile.project.dependencyManagement) {
+    dependencyManagement =
+      jsonPomFile.project.dependencyManagement.dependencies.dependency
   }
 
-  const retrieveParent = getParentDependency(jsonPomFile)
+  //merge dependencies with dependencyManagement deps
+  //filter out any that don't appear in both by groupId and artifactId
+  const mergedAndFilteredDeps = dependencies.map(obj1 => {
+    const obj2 = dependencyManagement.find(
+      obj2 =>
+        obj2.groupId === obj1.groupId && obj2.artifactId === obj1.artifactId
+    )
+    return obj2 ? { ...obj1, ...obj2 } : obj1
+  })
 
+  buildDependencies(mergedAndFilteredDeps, dependencyTree, jsonPomFile)
   return {
-    parentPom: retrieveParent,
+    parentPom: getParentDependency(jsonPomFile),
     dependencyTree
   }
 }
 
 const getParentDependency = jsonPomFile => {
-  let parent = {}
-  jsonPomFile.project.hasOwnProperty('parent')
-    ? (parent = buildParent(jsonPomFile.project.parent))
-    : (parent = undefined)
-  return parent
+  if (jsonPomFile.project && jsonPomFile.project.parent) {
+    return buildParent(jsonPomFile.project.parent)
+  } else {
+    return undefined
+  }
 }
 
 const buildParent = parent => {
   return {
-    group: parent[0].groupId[0],
-    name: parent[0].artifactId[0],
-    version: parent[0].version[0]
+    group: parent.groupId,
+    name: parent.artifactId,
+    version: parent.version
   }
 }
 
-const getVersion = (pomFile, dependencyWithoutVersion) => {
-  let parentVersion = pomFile.project.parent[0].version[0]
-  let parentGroupName = pomFile.project.parent[0].groupId[0]
-  if (parentGroupName === dependencyWithoutVersion.groupId[0]) {
-    return parentVersion
+const getVersionFromParent = (parentObj, dependencyWithoutVersion) => {
+  const { groupId, version } = parentObj
+  if (groupId === dependencyWithoutVersion.groupId) {
+    return version
   } else {
     return null
   }
 }
 
+const getVersionFromProperties = (properties, dep) => {
+  if (properties && dep.version.includes('${')) {
+    const currentDepVersionPlaceholder = dep.version
+      .replace('${', '')
+      .replace('}', '')
+
+    for (const prop in properties) {
+      if (prop === currentDepVersionPlaceholder) {
+        return properties[prop]
+      }
+    }
+  }
+}
+
+const buildDependencies = (dependencies, dependencyTree, jsonPomFile) => {
+  const parent = getParentDependency(jsonPomFile)
+  for (const dep of dependencies) {
+    //sometimes versions are parsed as numbers, convert to string
+    const versionAsString = dep.version ? dep.version.toString() : dep.version
+    if (versionAsString && !versionAsString.includes('${')) {
+      const depName = dep.groupId + '/' + dep.artifactId + '@' + versionAsString
+      dependencyTree[depName] = buildDep(dep, dep.version)
+    } else if (
+      jsonPomFile.project.properties &&
+      dep.version &&
+      dep.version.includes('${')
+    ) {
+      searchAndBuildFromProperties(jsonPomFile, dep, dependencyTree)
+    } else if (!dep.version) {
+      if (parent && parent.version) {
+        //get version where group matches from parent tag
+        const { parent } = jsonPomFile.project
+        const parsedVersion = getVersionFromParent(parent, dep)
+        const depName = dep.groupId + '/' + dep.artifactId + '@' + parsedVersion
+        dependencyTree[depName] = buildDep(dep, parsedVersion)
+      }
+    }
+  }
+}
+
+const searchAndBuildFromProperties = (jsonPomFile, dep, dependencyTree) => {
+  //get version from properties tag
+  const { properties } = jsonPomFile.project
+  let versionFromProperties = getVersionFromProperties(properties, dep)
+
+  if (versionFromProperties) {
+    versionFromProperties = versionFromProperties.toString()
+    const depName =
+      dep.groupId + '/' + dep.artifactId + '@' + versionFromProperties
+    dependencyTree[depName] = buildDep(dep, versionFromProperties)
+  } else {
+    const depName = dep.groupId + '/' + dep.artifactId + '@' + null
+    dependencyTree[depName] = buildDep(dep, null)
+  }
+}
+
+const buildDep = (dep, version) => {
+  return {
+    name: dep.artifactId,
+    group: dep.groupId,
+    version: version,
+    directDependency: true,
+    productionDependency: true,
+    dependencies: []
+  }
+}
+
 module.exports = {
   readPomFile,
-  getVersion,
-  parsePomFile,
-  getFromVersionsTag
+  getVersionFromParent,
+  parsePomFile
 }

package/src/scaAnalysis/scaAnalysis.js

@@ -6,7 +6,7 @@ const {
   startSpinner,
   succeedSpinner
 } = require('../utils/oraWrapper')
-const autoDetection = require('../scan/autoDetection')
+const autoDetection = require('../common/autoDetection')
 const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames')
 const path = require('path')
 const i18n = require('i18n')
@@ -48,7 +48,8 @@ const processSca = async config => {
 
   filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file)
   filesFound = await autoDetection.detectPackageManager(filesFound)
-  autoDetection.dealWithMultiJava(filesFound)
+
+  autoDetection.dealWithMultiJava(filesFound, config, pathWithFile)
 
   if (filesFound.length > 1 && pathWithFile) {
     filesFound = filesFound.filter(i =>

package/src/scan/fileUtils.js

@@ -11,21 +11,22 @@ const findFile = async () => {
   })
 }
 
-const findAllFiles = async (filePath, depth = 2) => {
+const findAllFiles = async (filePath, depth = 3) => {
   const result = await fg(
     [
       '**/pom.xml',
-      '**/build.gradle',
-      '**/build.gradle.kts',
+      // '**/build.gradle',
+      // '**/build.gradle.kts',
       '**/package.json',
       '**/package-lock.json',
-      '**/yarn.lock',
-      '**/Pipfile',
-      '**/*.csproj',
-      '**/Gemfile',
-      '**/go.mod'
+      '**/yarn.lock'
+      // '**/Pipfile',
+      // '**/*.csproj',
+      // '**/Gemfile',
+      // '**/go.mod'
     ],
     {
+      ignore: ['**/node_modules/**', '**/target/**', '**/bin/**'],
       dot: false,
       deep: depth,
       onlyFiles: true,
@@ -190,6 +191,16 @@ const fileIsEmpty = path => {
   return false
 }
 
+const shortenFilePath = filePath => {
+  let splitPath = filePath.split('home/runner/work/')
+  if (splitPath.length > 1) {
+    let splitPath2 = splitPath[1].split('/')
+    splitPath2.shift()
+    return splitPath2.join('/').toString()
+  }
+  return filePath
+}
+
 module.exports = {
   findFile,
   fileExists,
@@ -202,5 +213,6 @@ module.exports = {
   findFilesRuby,
   findFilesDotNet,
   fileIsEmpty,
-  findAllFiles
+  findAllFiles,
+  shortenFilePath
 }

package/src/scan/scanController.js

@@ -8,7 +8,7 @@ const {
 const populateProjectIdAndProjectName = require('./populateProjectIdAndProjectName')
 const scan = require('./scan')
 const scanResults = require('./scanResults')
-const autoDetection = require('./autoDetection')
+const autoDetection = require('../common/autoDetection')
 const fileFunctions = require('./fileUtils')
 const { performance } = require('perf_hooks')