@contrast/contrast 2.0.2-beta.1 → 2.0.2-beta.11

package/src/sbom/generateSbom.ts

@@ -1,45 +0,0 @@
-import { getHttpClient } from '../utils/commonApi'
-
-export const generateSbom = (config: any, type: string) => {
-  const client = getHttpClient(config)
-  return client
-    .getSbom(config, type)
-    .then((res: { statusCode: number; body: any }) => {
-      if (res.statusCode === 200) {
-        return res.body
-      } else if (res.statusCode === 403) {
-        console.log('\nUnable to retrieve Software Bill of Materials (SBOM)')
-        console.log(
-          `Please ensure OSS is enabled for your organization - org-id ${config.organizationId} and app ${config.applicationId}`
-        )
-        return undefined
-      } else {
-        console.log('Unable to retrieve Software Bill of Materials (SBOM)')
-        return undefined
-      }
-    })
-    .catch((err: any) => {
-      console.log(err)
-    })
-}
-
-export const generateSCASbom = (
-  config: any,
-  type: string,
-  reportId: string
-) => {
-  const client = getHttpClient(config)
-  return client
-    .getSCASbom(config, type, reportId)
-    .then((res: { statusCode: number; body: any }) => {
-      if (res.statusCode === 200) {
-        return res.body
-      } else {
-        console.log('Unable to retrieve Software Bill of Materials (SBOM)')
-        return undefined
-      }
-    })
-    .catch((err: any) => {
-      console.log(err)
-    })
-}

package/src/scaAnalysis/common/auditReport.js

@@ -1,59 +0,0 @@
-const {
-  getSeverityCounts,
-  printNoVulnFoundMsg
-} = require('../../audit/report/commonReportingFunctions')
-const common = require('../../common/fail')
-const { printFormattedOutputSca } = require('./commonReportingFunctionsSca')
-const { auditSave } = require('../../audit/save')
-
-const processAuditReport = async (config, reportModelList, reportId) => {
-  let severityCounts = {}
-  if (reportModelList !== undefined) {
-    severityCounts = formatScaServicesReport(config, reportModelList)
-  }
-
-  if (config.save !== undefined) {
-    await auditSave(config, reportId)
-  } else {
-    console.log('Use contrast audit --save to generate an SBOM')
-  }
-
-  if (config.fail) {
-    common.processFail(config, severityCounts)
-  }
-}
-const formatScaServicesReport = (config, reportModelList) => {
-  const projectOverviewCount = getSeverityCounts(reportModelList)
-
-  if (projectOverviewCount.total === 0) {
-    printNoVulnFoundMsg()
-  } else {
-    const numberOfVulnerableLibraries = reportModelList.map(library => {
-      let count = 0
-
-      if (library.vulnerabilities.length > 0) {
-        count++
-      }
-
-      return count
-    }).length
-
-    let numberOfCves = reportModelList.reduce(
-      (count, current) => count + current.vulnerabilities.length,
-      0
-    )
-
-    printFormattedOutputSca(
-      config,
-      reportModelList,
-      numberOfVulnerableLibraries,
-      numberOfCves
-    )
-  }
-
-  return projectOverviewCount
-}
-module.exports = {
-  formatScaServicesReport,
-  processAuditReport
-}

package/src/scaAnalysis/common/commonReportingFunctionsSca.js

@@ -1,276 +0,0 @@
-const {
-  ReportList,
-  ReportModelStructure,
-  ReportCompositeKey
-} = require('../../audit/report/models/reportListModel')
-const {
-  countVulnerableLibrariesBySeverity
-} = require('../../audit/report/utils/reportUtils')
-const {
-  SeverityCountModel
-} = require('../../audit/report/models/severityCountModel')
-const { orderBy } = require('lodash')
-const {
-  ReportOutputModel,
-  ReportOutputHeaderModel,
-  ReportOutputBodyModel
-} = require('../../audit/report/models/reportOutputModel')
-const {
-  CE_URL,
-  CRITICAL_COLOUR,
-  HIGH_COLOUR,
-  MEDIUM_COLOUR,
-  LOW_COLOUR,
-  NOTE_COLOUR
-} = require('../../constants/constants')
-const chalk = require('chalk')
-const Table = require('cli-table3')
-const {
-  findHighestSeverityCVESca,
-  severityCountAllCVEsSca,
-  findCVESeveritySca,
-  orderByHighestPrioritySca
-} = require('./utils/reportUtilsSca')
-const {
-  buildFormattedHeaderNum
-} = require('../../audit/report/commonReportingFunctions')
-
-const createSummaryMessageTop = (numberOfVulnerableLibraries, numberOfCves) => {
-  numberOfVulnerableLibraries === 1
-    ? console.log(
-        `\n\nFound 1 vulnerable library containing ${numberOfCves} CVE`
-      )
-    : console.log(
-        `\n\nFound ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs`
-      )
-}
-
-const createSummaryMessageBottom = numberOfVulnerableLibraries => {
-  numberOfVulnerableLibraries === 1
-    ? console.log(`Found 1 vulnerability`)
-    : console.log(`Found ${numberOfVulnerableLibraries} vulnerabilities`)
-}
-
-const printFormattedOutputSca = (
-  config,
-  reportModelList,
-  numberOfVulnerableLibraries,
-  numberOfCves
-) => {
-  createSummaryMessageTop(numberOfVulnerableLibraries, numberOfCves)
-  console.log()
-  const report = new ReportList()
-
-  for (const library of reportModelList) {
-    const { artifactName, version, vulnerabilities, remediationAdvice } =
-      library
-
-    const newOutputModel = new ReportModelStructure(
-      new ReportCompositeKey(
-        artifactName,
-        version,
-        findHighestSeverityCVESca(vulnerabilities),
-        severityCountAllCVEsSca(
-          vulnerabilities,
-          new SeverityCountModel()
-        ).getTotal
-      ),
-      vulnerabilities,
-      remediationAdvice
-    )
-    report.reportOutputList.push(newOutputModel)
-  }
-
-  const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(
-    report.reportOutputList,
-    [
-      reportListItem => {
-        return reportListItem.compositeKey.highestSeverity.priority
-      },
-      reportListItem => {
-        return reportListItem.compositeKey.numberOfSeverities
-      }
-    ],
-    ['asc', 'desc']
-  )
-
-  let contrastHeaderNumCounter = 0
-  for (const reportModel of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
-    contrastHeaderNumCounter++
-    const { libraryName, libraryVersion, highestSeverity } =
-      reportModel.compositeKey
-
-    const { cveArray, remediationAdvice } = reportModel
-
-    const numOfCVEs = reportModel.cveArray.length
-
-    const table = getReportTable()
-
-    const header = buildHeader(
-      highestSeverity,
-      contrastHeaderNumCounter,
-      libraryName,
-      libraryVersion,
-      numOfCVEs
-    )
-
-    const body = buildBody(cveArray, remediationAdvice)
-
-    const reportOutputModel = new ReportOutputModel(header, body)
-
-    table.push(
-      reportOutputModel.body.issueMessage,
-      reportOutputModel.body.adviceMessage
-    )
-
-    console.log(
-      reportOutputModel.header.vulnMessage,
-      reportOutputModel.header.introducesMessage
-    )
-    console.log(table.toString() + '\n')
-  }
-
-  createSummaryMessageBottom(numberOfVulnerableLibraries)
-  const {
-    criticalMessage,
-    highMessage,
-    mediumMessage,
-    lowMessage,
-    noteMessage
-  } = buildFooter(outputOrderedByLowestSeverityAndLowestNumOfCvesFirst)
-  console.log(
-    `${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`
-  )
-
-  if (config.host !== CE_URL && config.projectId) {
-    console.log(
-      '\n' + chalk.bold("Check out your project's results in Contrast")
-    )
-    console.log(
-      `${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/libraries?view=static&projects=${config.name}`
-    )
-  }
-}
-
-function getReportTable() {
-  return new Table({
-    chars: {
-      top: '',
-      'top-mid': '',
-      'top-left': '',
-      'top-right': '',
-      bottom: '',
-      'bottom-mid': '',
-      'bottom-left': '',
-      'bottom-right': '',
-      left: '',
-      'left-mid': '',
-      mid: '',
-      'mid-mid': '',
-      right: '',
-      'right-mid': '',
-      middle: ' '
-    },
-    style: { 'padding-left': 0, 'padding-right': 0 },
-    colAligns: ['right'],
-    wordWrap: true,
-    colWidths: [12, 1, 100]
-  })
-}
-
-function buildHeader(
-  highestSeverity,
-  contrastHeaderNum,
-  libraryName,
-  version,
-  numOfCVEs
-) {
-  const vulnerabilityPluralised =
-    numOfCVEs > 1 ? 'vulnerabilities' : 'vulnerability'
-  const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum)
-
-  const headerColour = chalk.hex(highestSeverity.colour)
-  const headerNumAndSeverity = headerColour(
-    `${formattedHeaderNum} - [${highestSeverity.severity}]`
-  )
-  const libraryNameAndVersion = headerColour.bold(`${libraryName}-${version}`)
-  const vulnMessage = `${headerNumAndSeverity} ${libraryNameAndVersion}`
-
-  const introducesMessage = `introduces ${numOfCVEs} ${vulnerabilityPluralised}`
-
-  return new ReportOutputHeaderModel(vulnMessage, introducesMessage)
-}
-
-function buildBody(cveArray, advice) {
-  const orderedCvesWithSeverityAssigned = orderByHighestPrioritySca(
-    cveArray.map(cve => findCVESeveritySca(cve))
-  )
-  const issueMessage = getIssueRow(orderedCvesWithSeverityAssigned)
-  const adviceMessage = getAdviceRow(advice)
-
-  return new ReportOutputBodyModel(issueMessage, adviceMessage)
-}
-
-function getIssueRow(cveArray) {
-  const cveMessagesList = getIssueCveMsgList(cveArray)
-  return [chalk.bold('Issue'), ':', `${cveMessagesList.join(', ')}`]
-}
-
-function getAdviceRow(advice) {
-  const latestOrClosest = advice.closestStableVersion
-    ? advice.closestStableVersion
-    : advice.latestStableVersion
-  const displayAdvice = latestOrClosest
-    ? `Change to version ${chalk.bold(latestOrClosest)}`
-    : 'No recommendation is available according to our data. Upgrade to the latest stable is the best advice we can give.'
-
-  return [chalk.bold(`Advice`), chalk.bold(`:`), `${displayAdvice}`]
-}
-
-const buildFooter = reportModelStructure => {
-  const { critical, high, medium, low, note } =
-    countVulnerableLibrariesBySeverity(reportModelStructure)
-
-  const criticalMessage = chalk
-    .hex(CRITICAL_COLOUR)
-    .bold(`${critical} Critical`)
-  const highMessage = chalk.hex(HIGH_COLOUR).bold(`${high} High`)
-  const mediumMessage = chalk.hex(MEDIUM_COLOUR).bold(`${medium} Medium`)
-  const lowMessage = chalk.hex(LOW_COLOUR).bold(`${low} Low`)
-  const noteMessage = chalk.hex(NOTE_COLOUR).bold(`${note} Note`)
-
-  return {
-    criticalMessage,
-    highMessage,
-    mediumMessage,
-    lowMessage,
-    noteMessage
-  }
-}
-
-const getIssueCveMsgList = reportSeverityModels => {
-  const cveMessages = []
-  reportSeverityModels.forEach(reportSeverityModel => {
-    const { colour, severity, name } = reportSeverityModel
-
-    const severityShorthand = chalk
-      .hex(colour)
-      .bold(`[${severity.charAt(0).toUpperCase()}]`)
-
-    const builtMessage = severityShorthand + name
-    cveMessages.push(builtMessage)
-  })
-  return cveMessages
-}
-
-module.exports = {
-  createSummaryMessageTop,
-  createSummaryMessageBottom,
-  printFormattedOutputSca,
-  getReportTable,
-  buildHeader,
-  buildBody,
-  getIssueRow,
-  buildFormattedHeaderNum,
-  getIssueCveMsgList
-}

package/src/scaAnalysis/common/formatMessage.js

@@ -1,67 +0,0 @@
-const createJavaTSMessage = javaTree => {
-  return {
-    java: {
-      mavenDependencyTrees: javaTree
-    }
-  }
-}
-
-const createJavaScriptTSMessage = js => {
-  let message = {
-    node: {
-      packageJSON: js.packageJSON
-    }
-  }
-  if (js.yarn !== undefined) {
-    message.node.yarnLockFile = js.yarn.yarnLockFile
-    message.node.yarnVersion = js.yarn.yarnVersion
-  } else {
-    message.node.npmLockFile = js.npmLockFile
-  }
-  return message
-}
-
-const createGoTSMessage = goTree => {
-  return {
-    go: {
-      goDependencyTrees: goTree
-    }
-  }
-}
-
-const createRubyTSMessage = rubyTree => {
-  return {
-    ruby: rubyTree
-  }
-}
-
-const createPythonTSMessage = pythonTree => {
-  return {
-    python: pythonTree
-  }
-}
-
-const createPhpTSMessage = phpTree => {
-  return {
-    php: {
-      composerJSON: phpTree.composerJSON,
-      lockFile: phpTree.lockFile
-    }
-  }
-}
-
-const createDotNetTSMessage = dotnetTree => {
-  return {
-    dotnet: dotnetTree
-  }
-}
-
-module.exports = {
-  createJavaScriptTSMessage,
-  createJavaTSMessage,
-  createGoTSMessage,
-  createPhpTSMessage,
-  createRubyTSMessage,
-  createPythonTSMessage,
-  createDotNetTSMessage
-}

package/src/scaAnalysis/common/models/ScaReportModel.ts

@@ -1,81 +0,0 @@
-export class ScaReportModel {
-  uuid: string
-  groupName: string
-  artifactName: string
-  version: string
-  hash: string
-  fileName: string
-  libraryLanguage: string
-  vulnerable: boolean
-  privateLibrary: boolean
-  severity: string
-  releaseDate: string
-  latestVersionReleaseDate: string
-  latestVersion: string
-  versionsBehind: number
-  vulnerabilities: ScaReportVulnerabilityModel[]
-  remediationAdvice: ScaReportRemediationAdviceModel
-
-  constructor(library: any) {
-    this.uuid = library.uuid
-    this.groupName = library.groupName
-    this.artifactName = library.artifactName
-    this.version = library.version
-    this.hash = library.hash
-    this.fileName = library.fileName
-    this.libraryLanguage = library.libraryLanguage
-    this.vulnerable = library.vulnerable
-    this.privateLibrary = library.privateLibrary
-    this.severity = library.severity
-    this.releaseDate = library.releaseDate
-    this.latestVersionReleaseDate = library.latestVersionReleaseDate
-    this.latestVersion = library.latestVersion
-    this.versionsBehind = library.versionsBehind
-    this.vulnerabilities = library.vulnerabilities
-    this.remediationAdvice = library.remediationAdvice
-  }
-}
-
-export class ScaReportVulnerabilityModel {
-  name: string
-  description: string
-  cvss2Vector: string
-  severityValue: number
-  severity: string
-  cvss3Vector: string
-  cvss3SeverityValue: number
-  cvss3Severity: string
-  hasCvss3: boolean
-
-  constructor(
-    name: string,
-    description: string,
-    cvss2Vector: string,
-    severityValue: number,
-    severity: string,
-    cvss3Vector: string,
-    cvss3SeverityValue: number,
-    cvss3Severity: string,
-    hasCvss3: boolean
-  ) {
-    this.name = name
-    this.description = description
-    this.cvss2Vector = cvss2Vector
-    this.severityValue = severityValue
-    this.severity = severity
-    this.cvss3Vector = cvss3Vector
-    this.cvss3SeverityValue = cvss3SeverityValue
-    this.cvss3Severity = cvss3Severity
-    this.hasCvss3 = hasCvss3
-  }
-}
-
-export class ScaReportRemediationAdviceModel {
-  closestStableVersion: string
-  latestStableVersion: string
-
-  constructor(closestStableVersion: string, latestStableVersion: string) {
-    this.closestStableVersion = closestStableVersion
-    this.latestStableVersion = latestStableVersion
-  }
-}

package/src/scaAnalysis/common/scaParserForGoAndJava.js

@@ -1,41 +0,0 @@
-const parseDependenciesForSCAServices = dependencyTreeObject => {
-  let parsedDependencyTree = {}
-  let subDeps
-
-  for (let tree in dependencyTreeObject) {
-    let unParsedDependencyTree = dependencyTreeObject[tree]
-    for (let dependency in unParsedDependencyTree) {
-      subDeps = parseSubDependencies(unParsedDependencyTree[dependency].edges)
-
-      let parsedDependency = {
-        name: unParsedDependencyTree[dependency].artifactID,
-        group: unParsedDependencyTree[dependency].group,
-        version: unParsedDependencyTree[dependency].version,
-        directDependency: unParsedDependencyTree[dependency].type === 'direct',
-        productionDependency: true,
-        dependencies: subDeps
-      }
-      parsedDependencyTree[dependency] = parsedDependency
-    }
-  }
-  return parsedDependencyTree
-}
-
-const parseSubDependencies = dependencies => {
-  // converting:
-  // dependencies: {
-  //   'gopkg.in/check.v1@v0.0.0-2': 'gopkg.in/check.v1@v0.0.0-2'
-  // }
-  // to:
-  // dependencies: [ 'gopkg.in/check.v1@v0.0.0-2' ]
-  let subDeps = []
-  for (let x in dependencies) {
-    subDeps.push(dependencies[x])
-  }
-  return subDeps
-}
-
-module.exports = {
-  parseDependenciesForSCAServices,
-  parseSubDependencies
-}