@contrast/contrast 2.0.2-beta.1 → 2.0.2-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (397) hide show
  1. package/README.md +2 -1
  2. package/dist/assess/assessConfig.js +9 -0
  3. package/dist/assess/assessConfig.js.map +1 -0
  4. package/dist/assess/help.js +36 -0
  5. package/dist/assess/help.js.map +1 -0
  6. package/dist/assess/http/index.js +39 -0
  7. package/dist/assess/http/index.js.map +1 -0
  8. package/dist/assess/index.js +69 -0
  9. package/dist/assess/index.js.map +1 -0
  10. package/dist/assess/metadata/findYamlFile.js +59 -0
  11. package/dist/assess/metadata/findYamlFile.js.map +1 -0
  12. package/dist/assess/metadata/index.js +37 -0
  13. package/dist/assess/metadata/index.js.map +1 -0
  14. package/dist/assess/metadata/utils.js +159 -0
  15. package/dist/assess/metadata/utils.js.map +1 -0
  16. package/dist/assess/printing/index.js +11 -0
  17. package/dist/assess/printing/index.js.map +1 -0
  18. package/dist/assess/printing/utils.js +119 -0
  19. package/dist/assess/printing/utils.js.map +1 -0
  20. package/dist/audit/auditConfig.js +9 -0
  21. package/dist/audit/auditConfig.js.map +1 -0
  22. package/dist/{commands/audit → audit}/auditController.js +12 -15
  23. package/dist/audit/auditController.js.map +1 -0
  24. package/dist/audit/auditRequests.js +178 -0
  25. package/dist/audit/auditRequests.js.map +1 -0
  26. package/dist/audit/auditRequestsLegacy.js +63 -0
  27. package/dist/audit/auditRequestsLegacy.js.map +1 -0
  28. package/dist/audit/catalogueApplication/catalogueApplication.js +16 -29
  29. package/dist/audit/catalogueApplication/catalogueApplication.js.map +1 -0
  30. package/dist/audit/help.js +67 -0
  31. package/dist/audit/help.js.map +1 -0
  32. package/dist/audit/languageAnalysisEngine/commonApi.js +12 -14
  33. package/dist/audit/languageAnalysisEngine/commonApi.js.map +1 -0
  34. package/dist/audit/languageAnalysisEngine/filterProjectPath.js +2 -1
  35. package/dist/audit/languageAnalysisEngine/filterProjectPath.js.map +1 -0
  36. package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js +9 -12
  37. package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js.map +1 -0
  38. package/dist/audit/languageAnalysisEngine/sendSnapshot.js +21 -32
  39. package/dist/audit/languageAnalysisEngine/sendSnapshot.js.map +1 -0
  40. package/dist/audit/nodeAnalysisEngine/parseYarn2LockFileContents.js +9 -9
  41. package/dist/audit/nodeAnalysisEngine/parseYarn2LockFileContents.js.map +1 -0
  42. package/dist/audit/processAudit.js +22 -0
  43. package/dist/audit/processAudit.js.map +1 -0
  44. package/dist/audit/report/commonReportingFunctions.js +51 -77
  45. package/dist/audit/report/commonReportingFunctions.js.map +1 -0
  46. package/dist/audit/report/models/reportGuidanceModel.js +2 -5
  47. package/dist/audit/report/models/reportGuidanceModel.js.map +1 -0
  48. package/dist/audit/report/models/reportLibraryModel.js +3 -7
  49. package/dist/audit/report/models/reportLibraryModel.js.map +1 -0
  50. package/dist/audit/report/models/reportListModel.js +4 -9
  51. package/dist/audit/report/models/reportListModel.js.map +1 -0
  52. package/dist/audit/report/models/reportOutputModel.js +4 -9
  53. package/dist/audit/report/models/reportOutputModel.js.map +1 -0
  54. package/dist/audit/report/models/reportSeverityModel.js +2 -5
  55. package/dist/audit/report/models/reportSeverityModel.js.map +1 -0
  56. package/dist/audit/report/models/severityCountModel.js +3 -5
  57. package/dist/audit/report/models/severityCountModel.js.map +1 -0
  58. package/dist/audit/report/reportingFeature.js +30 -57
  59. package/dist/audit/report/reportingFeature.js.map +1 -0
  60. package/dist/audit/report/utils/reportUtils.js +28 -59
  61. package/dist/audit/report/utils/reportUtils.js.map +1 -0
  62. package/dist/audit/save.js +18 -19
  63. package/dist/audit/save.js.map +1 -0
  64. package/dist/{commands/audit → audit}/saveFile.js +3 -6
  65. package/dist/audit/saveFile.js.map +1 -0
  66. package/dist/auth/auth.js +103 -0
  67. package/dist/auth/auth.js.map +1 -0
  68. package/dist/auth/authRequests.js +18 -0
  69. package/dist/auth/authRequests.js.map +1 -0
  70. package/dist/cliConstants.js +57 -37
  71. package/dist/cliConstants.js.map +1 -0
  72. package/dist/commands/config/config.js +12 -13
  73. package/dist/commands/config/config.js.map +1 -0
  74. package/dist/commands/learn/learn.js +3 -6
  75. package/dist/commands/learn/learn.js.map +1 -0
  76. package/dist/commands/learn/processLearn.js +3 -6
  77. package/dist/commands/learn/processLearn.js.map +1 -0
  78. package/dist/common/HTTPClient.js +200 -101
  79. package/dist/common/HTTPClient.js.map +1 -0
  80. package/dist/{scan → common}/autoDetection.js +53 -36
  81. package/dist/common/autoDetection.js.map +1 -0
  82. package/dist/common/baseRequest.js +59 -23
  83. package/dist/common/baseRequest.js.map +1 -0
  84. package/dist/common/commonHelp.js +13 -13
  85. package/dist/common/commonHelp.js.map +1 -0
  86. package/dist/common/errorHandling.js +49 -63
  87. package/dist/common/errorHandling.js.map +1 -0
  88. package/dist/common/fail.js +6 -12
  89. package/dist/common/fail.js.map +1 -0
  90. package/dist/common/logging.js +26 -0
  91. package/dist/common/logging.js.map +1 -0
  92. package/dist/common/stringManipulations.js +8 -0
  93. package/dist/common/stringManipulations.js.map +1 -0
  94. package/dist/common/versionChecker.js +16 -19
  95. package/dist/common/versionChecker.js.map +1 -0
  96. package/dist/constants/constants.js +46 -65
  97. package/dist/constants/constants.js.map +1 -0
  98. package/dist/constants/lambda.js +8 -5
  99. package/dist/constants/lambda.js.map +1 -0
  100. package/dist/constants/locales.js +15 -10
  101. package/dist/constants/locales.js.map +1 -0
  102. package/dist/github/fingerprintConfig.js +10 -0
  103. package/dist/github/fingerprintConfig.js.map +1 -0
  104. package/dist/github/processFingerprint.js +26 -0
  105. package/dist/github/processFingerprint.js.map +1 -0
  106. package/dist/github/projectGroup.js +202 -0
  107. package/dist/github/projectGroup.js.map +1 -0
  108. package/dist/github/repoServices.js +73 -0
  109. package/dist/github/repoServices.js.map +1 -0
  110. package/dist/index.js +42 -39
  111. package/dist/index.js.map +1 -0
  112. package/dist/lambda/analytics.js +6 -9
  113. package/dist/lambda/analytics.js.map +1 -0
  114. package/dist/lambda/arn.js +6 -9
  115. package/dist/lambda/arn.js.map +1 -0
  116. package/dist/lambda/aws.js +29 -34
  117. package/dist/lambda/aws.js.map +1 -0
  118. package/dist/lambda/cliError.js +13 -41
  119. package/dist/lambda/cliError.js.map +1 -0
  120. package/dist/lambda/constants.js +3 -4
  121. package/dist/lambda/constants.js.map +1 -0
  122. package/dist/lambda/help.js +39 -44
  123. package/dist/lambda/help.js.map +1 -0
  124. package/dist/lambda/lambda.js +61 -65
  125. package/dist/lambda/lambda.js.map +1 -0
  126. package/dist/lambda/lambdaUtils.js +38 -32
  127. package/dist/lambda/lambdaUtils.js.map +1 -0
  128. package/dist/lambda/logUtils.js +21 -17
  129. package/dist/lambda/logUtils.js.map +1 -0
  130. package/dist/lambda/scanDetailCompletion.js +19 -25
  131. package/dist/lambda/scanDetailCompletion.js.map +1 -0
  132. package/dist/lambda/scanRequest.js +34 -41
  133. package/dist/lambda/scanRequest.js.map +1 -0
  134. package/dist/lambda/scanResults.js +8 -10
  135. package/dist/lambda/scanResults.js.map +1 -0
  136. package/dist/lambda/types.js +5 -7
  137. package/dist/lambda/types.js.map +1 -0
  138. package/dist/lambda/utils.js +33 -35
  139. package/dist/lambda/utils.js.map +1 -0
  140. package/dist/sbom/generateSbom.js +6 -10
  141. package/dist/sbom/generateSbom.js.map +1 -0
  142. package/dist/scaAnalysis/common/auditReport.js +10 -13
  143. package/dist/scaAnalysis/common/auditReport.js.map +1 -0
  144. package/dist/scaAnalysis/common/commonReportingFunctionsSca.js +35 -40
  145. package/dist/scaAnalysis/common/commonReportingFunctionsSca.js.map +1 -0
  146. package/dist/scaAnalysis/common/formatMessage.js +8 -17
  147. package/dist/scaAnalysis/common/formatMessage.js.map +1 -0
  148. package/dist/scaAnalysis/common/models/ScaReportModel.js +4 -9
  149. package/dist/scaAnalysis/common/models/ScaReportModel.js.map +1 -0
  150. package/dist/scaAnalysis/common/scaParserForGoAndJava.js +10 -9
  151. package/dist/scaAnalysis/common/scaParserForGoAndJava.js.map +1 -0
  152. package/dist/scaAnalysis/common/scaServicesUpload.js +53 -96
  153. package/dist/scaAnalysis/common/scaServicesUpload.js.map +1 -0
  154. package/dist/scaAnalysis/common/treeUpload.js +15 -25
  155. package/dist/scaAnalysis/common/treeUpload.js.map +1 -0
  156. package/dist/scaAnalysis/common/utils/reportUtilsSca.js +21 -29
  157. package/dist/scaAnalysis/common/utils/reportUtilsSca.js.map +1 -0
  158. package/dist/scaAnalysis/dotnet/analysis.js +15 -20
  159. package/dist/scaAnalysis/dotnet/analysis.js.map +1 -0
  160. package/dist/scaAnalysis/dotnet/index.js +4 -7
  161. package/dist/scaAnalysis/dotnet/index.js.map +1 -0
  162. package/dist/scaAnalysis/go/goAnalysis.js +10 -12
  163. package/dist/scaAnalysis/go/goAnalysis.js.map +1 -0
  164. package/dist/scaAnalysis/go/goParseDeps.js +9 -7
  165. package/dist/scaAnalysis/go/goParseDeps.js.map +1 -0
  166. package/dist/scaAnalysis/go/goReadDepFile.js +12 -9
  167. package/dist/scaAnalysis/go/goReadDepFile.js.map +1 -0
  168. package/dist/scaAnalysis/java/analysis.js +26 -22
  169. package/dist/scaAnalysis/java/analysis.js.map +1 -0
  170. package/dist/scaAnalysis/java/index.js +7 -10
  171. package/dist/scaAnalysis/java/index.js.map +1 -0
  172. package/dist/scaAnalysis/java/javaBuildDepsParser.js +41 -43
  173. package/dist/scaAnalysis/java/javaBuildDepsParser.js.map +1 -0
  174. package/dist/scaAnalysis/javascript/analysis.js +16 -20
  175. package/dist/scaAnalysis/javascript/analysis.js.map +1 -0
  176. package/dist/scaAnalysis/javascript/index.js +17 -19
  177. package/dist/scaAnalysis/javascript/index.js.map +1 -0
  178. package/dist/scaAnalysis/javascript/scaServiceParser.js +8 -15
  179. package/dist/scaAnalysis/javascript/scaServiceParser.js.map +1 -0
  180. package/dist/scaAnalysis/legacy/legacyFlow.js +15 -16
  181. package/dist/scaAnalysis/legacy/legacyFlow.js.map +1 -0
  182. package/dist/scaAnalysis/php/analysis.js +18 -18
  183. package/dist/scaAnalysis/php/analysis.js.map +1 -0
  184. package/dist/scaAnalysis/php/index.js +5 -8
  185. package/dist/scaAnalysis/php/index.js.map +1 -0
  186. package/dist/scaAnalysis/php/phpNewServicesMapper.js +9 -12
  187. package/dist/scaAnalysis/php/phpNewServicesMapper.js.map +1 -0
  188. package/dist/scaAnalysis/processServicesFlow.js +92 -37
  189. package/dist/scaAnalysis/processServicesFlow.js.map +1 -0
  190. package/dist/scaAnalysis/python/analysis.js +18 -24
  191. package/dist/scaAnalysis/python/analysis.js.map +1 -0
  192. package/dist/scaAnalysis/python/index.js +4 -7
  193. package/dist/scaAnalysis/python/index.js.map +1 -0
  194. package/dist/scaAnalysis/repoMode/gradleParser.js +9 -14
  195. package/dist/scaAnalysis/repoMode/gradleParser.js.map +1 -0
  196. package/dist/scaAnalysis/repoMode/index.js +11 -13
  197. package/dist/scaAnalysis/repoMode/index.js.map +1 -0
  198. package/dist/scaAnalysis/repoMode/mavenParser.js +26 -14
  199. package/dist/scaAnalysis/repoMode/mavenParser.js.map +1 -0
  200. package/dist/scaAnalysis/ruby/analysis.js +32 -46
  201. package/dist/scaAnalysis/ruby/analysis.js.map +1 -0
  202. package/dist/scaAnalysis/ruby/index.js +5 -8
  203. package/dist/scaAnalysis/ruby/index.js.map +1 -0
  204. package/dist/scaAnalysis/scaAnalysis.js +54 -55
  205. package/dist/scaAnalysis/scaAnalysis.js.map +1 -0
  206. package/dist/scan/fileUtils.js +36 -40
  207. package/dist/scan/fileUtils.js.map +1 -0
  208. package/dist/scan/formatScanOutput.js +47 -61
  209. package/dist/scan/formatScanOutput.js.map +1 -0
  210. package/dist/scan/help.js +8 -11
  211. package/dist/scan/help.js.map +1 -0
  212. package/dist/scan/models/groupedResultsModel.js +2 -5
  213. package/dist/scan/models/groupedResultsModel.js.map +1 -0
  214. package/dist/scan/models/resultContentModel.js +2 -2
  215. package/dist/scan/models/resultContentModel.js.map +1 -0
  216. package/dist/scan/models/scanResultsModel.js +2 -5
  217. package/dist/scan/models/scanResultsModel.js.map +1 -0
  218. package/dist/scan/populateProjectIdAndProjectName.js +24 -62
  219. package/dist/scan/populateProjectIdAndProjectName.js.map +1 -0
  220. package/dist/scan/processScan.js +28 -0
  221. package/dist/scan/processScan.js.map +1 -0
  222. package/dist/scan/saveResults.js +3 -6
  223. package/dist/scan/saveResults.js.map +1 -0
  224. package/dist/scan/scan.js +33 -53
  225. package/dist/scan/scan.js.map +1 -0
  226. package/dist/scan/scanConfig.js +14 -12
  227. package/dist/scan/scanConfig.js.map +1 -0
  228. package/dist/scan/scanController.js +20 -22
  229. package/dist/scan/scanController.js.map +1 -0
  230. package/dist/scan/scanRequests.js +86 -0
  231. package/dist/scan/scanRequests.js.map +1 -0
  232. package/dist/scan/scanResults.js +26 -72
  233. package/dist/scan/scanResults.js.map +1 -0
  234. package/dist/telemetry/telemetry.js +29 -59
  235. package/dist/telemetry/telemetry.js.map +1 -0
  236. package/dist/utils/capabilities.js +2 -1
  237. package/dist/utils/capabilities.js.map +1 -0
  238. package/dist/utils/commonApi.js +61 -52
  239. package/dist/utils/commonApi.js.map +1 -0
  240. package/dist/utils/filterProjectPath.js +2 -1
  241. package/dist/utils/filterProjectPath.js.map +1 -0
  242. package/dist/utils/generalAPI.js +11 -33
  243. package/dist/utils/generalAPI.js.map +1 -0
  244. package/dist/utils/getConfig.js +8 -13
  245. package/dist/utils/getConfig.js.map +1 -0
  246. package/dist/utils/oraWrapper.js +7 -14
  247. package/dist/utils/oraWrapper.js.map +1 -0
  248. package/dist/utils/paramsUtil/commandlineParams.js +2 -5
  249. package/dist/utils/paramsUtil/commandlineParams.js.map +1 -0
  250. package/dist/utils/paramsUtil/configStoreParams.js +9 -10
  251. package/dist/utils/paramsUtil/configStoreParams.js.map +1 -0
  252. package/dist/utils/paramsUtil/envVariableParams.js +2 -3
  253. package/dist/utils/paramsUtil/envVariableParams.js.map +1 -0
  254. package/dist/utils/paramsUtil/paramHandler.js +12 -13
  255. package/dist/utils/paramsUtil/paramHandler.js.map +1 -0
  256. package/dist/utils/parsedCLIOptions.js +4 -7
  257. package/dist/utils/parsedCLIOptions.js.map +1 -0
  258. package/dist/utils/requestUtils.js +7 -13
  259. package/dist/utils/requestUtils.js.map +1 -0
  260. package/dist/utils/saveFile.js +8 -11
  261. package/dist/utils/saveFile.js.map +1 -0
  262. package/dist/utils/validationCheck.js +5 -11
  263. package/dist/utils/validationCheck.js.map +1 -0
  264. package/package.json +39 -48
  265. package/.prettierignore +0 -1
  266. package/bin/contrast.js +0 -2
  267. package/dist/audit/languageAnalysisEngine/util/requestUtils.js +0 -14
  268. package/dist/commands/audit/auditConfig.js +0 -12
  269. package/dist/commands/audit/help.js +0 -70
  270. package/dist/commands/audit/processAudit.js +0 -24
  271. package/dist/commands/auth/auth.js +0 -120
  272. package/dist/commands/github/fingerprintConfig.js +0 -13
  273. package/dist/commands/github/processFingerprint.js +0 -28
  274. package/dist/commands/github/projectGroup.js +0 -254
  275. package/dist/commands/github/repoServices.js +0 -108
  276. package/dist/commands/scan/processScan.js +0 -31
  277. package/dist/lambda/__mocks__/aws.js +0 -21
  278. package/dist/lambda/__mocks__/lambdaConfig.json +0 -42
  279. package/src/audit/catalogueApplication/catalogueApplication.js +0 -51
  280. package/src/audit/languageAnalysisEngine/commonApi.js +0 -20
  281. package/src/audit/languageAnalysisEngine/filterProjectPath.js +0 -21
  282. package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js +0 -36
  283. package/src/audit/languageAnalysisEngine/sendSnapshot.js +0 -57
  284. package/src/audit/languageAnalysisEngine/util/requestUtils.js +0 -17
  285. package/src/audit/nodeAnalysisEngine/parseYarn2LockFileContents.js +0 -63
  286. package/src/audit/report/commonReportingFunctions.js +0 -412
  287. package/src/audit/report/models/reportGuidanceModel.ts +0 -5
  288. package/src/audit/report/models/reportLibraryModel.ts +0 -30
  289. package/src/audit/report/models/reportListModel.ts +0 -49
  290. package/src/audit/report/models/reportOutputModel.ts +0 -29
  291. package/src/audit/report/models/reportSeverityModel.ts +0 -18
  292. package/src/audit/report/models/severityCountModel.ts +0 -22
  293. package/src/audit/report/reportingFeature.ts +0 -110
  294. package/src/audit/report/utils/reportUtils.ts +0 -165
  295. package/src/audit/save.js +0 -67
  296. package/src/cliConstants.js +0 -522
  297. package/src/commands/audit/auditConfig.js +0 -18
  298. package/src/commands/audit/auditController.js +0 -50
  299. package/src/commands/audit/help.js +0 -72
  300. package/src/commands/audit/processAudit.js +0 -34
  301. package/src/commands/audit/saveFile.js +0 -15
  302. package/src/commands/auth/auth.js +0 -146
  303. package/src/commands/config/config.js +0 -41
  304. package/src/commands/github/fingerprintConfig.js +0 -19
  305. package/src/commands/github/processFingerprint.js +0 -37
  306. package/src/commands/github/projectGroup.js +0 -294
  307. package/src/commands/github/repoServices.js +0 -122
  308. package/src/commands/learn/learn.js +0 -10
  309. package/src/commands/learn/processLearn.js +0 -13
  310. package/src/commands/scan/processScan.js +0 -42
  311. package/src/common/HTTPClient.js +0 -775
  312. package/src/common/baseRequest.ts +0 -83
  313. package/src/common/commonHelp.js +0 -53
  314. package/src/common/errorHandling.js +0 -157
  315. package/src/common/fail.js +0 -79
  316. package/src/common/versionChecker.js +0 -75
  317. package/src/constants/constants.js +0 -71
  318. package/src/constants/lambda.js +0 -85
  319. package/src/constants/locales.js +0 -365
  320. package/src/index.ts +0 -142
  321. package/src/lambda/__mocks__/aws.ts +0 -32
  322. package/src/lambda/__mocks__/lambdaConfig.json +0 -42
  323. package/src/lambda/analytics.ts +0 -9
  324. package/src/lambda/arn.ts +0 -33
  325. package/src/lambda/aws.ts +0 -248
  326. package/src/lambda/cliError.ts +0 -72
  327. package/src/lambda/constants.ts +0 -11
  328. package/src/lambda/help.ts +0 -92
  329. package/src/lambda/lambda.ts +0 -230
  330. package/src/lambda/lambdaUtils.ts +0 -111
  331. package/src/lambda/logUtils.ts +0 -64
  332. package/src/lambda/scanDetailCompletion.ts +0 -78
  333. package/src/lambda/scanRequest.ts +0 -169
  334. package/src/lambda/scanResults.ts +0 -29
  335. package/src/lambda/types.ts +0 -36
  336. package/src/lambda/utils.ts +0 -188
  337. package/src/sbom/generateSbom.ts +0 -45
  338. package/src/scaAnalysis/common/auditReport.js +0 -59
  339. package/src/scaAnalysis/common/commonReportingFunctionsSca.js +0 -276
  340. package/src/scaAnalysis/common/formatMessage.js +0 -67
  341. package/src/scaAnalysis/common/models/ScaReportModel.ts +0 -81
  342. package/src/scaAnalysis/common/scaParserForGoAndJava.js +0 -41
  343. package/src/scaAnalysis/common/scaServicesUpload.js +0 -155
  344. package/src/scaAnalysis/common/treeUpload.js +0 -51
  345. package/src/scaAnalysis/common/utils/reportUtilsSca.ts +0 -123
  346. package/src/scaAnalysis/dotnet/analysis.js +0 -72
  347. package/src/scaAnalysis/dotnet/index.js +0 -11
  348. package/src/scaAnalysis/go/goAnalysis.js +0 -26
  349. package/src/scaAnalysis/go/goParseDeps.js +0 -203
  350. package/src/scaAnalysis/go/goReadDepFile.js +0 -34
  351. package/src/scaAnalysis/java/analysis.js +0 -148
  352. package/src/scaAnalysis/java/index.js +0 -29
  353. package/src/scaAnalysis/java/javaBuildDepsParser.js +0 -439
  354. package/src/scaAnalysis/javascript/analysis.js +0 -111
  355. package/src/scaAnalysis/javascript/index.js +0 -104
  356. package/src/scaAnalysis/javascript/scaServiceParser.js +0 -151
  357. package/src/scaAnalysis/legacy/legacyFlow.js +0 -43
  358. package/src/scaAnalysis/php/analysis.js +0 -78
  359. package/src/scaAnalysis/php/index.js +0 -28
  360. package/src/scaAnalysis/php/phpNewServicesMapper.js +0 -77
  361. package/src/scaAnalysis/processServicesFlow.js +0 -119
  362. package/src/scaAnalysis/python/analysis.js +0 -93
  363. package/src/scaAnalysis/python/index.js +0 -16
  364. package/src/scaAnalysis/repoMode/gradleParser.js +0 -88
  365. package/src/scaAnalysis/repoMode/index.js +0 -21
  366. package/src/scaAnalysis/repoMode/mavenParser.js +0 -139
  367. package/src/scaAnalysis/ruby/analysis.js +0 -413
  368. package/src/scaAnalysis/ruby/index.js +0 -16
  369. package/src/scaAnalysis/scaAnalysis.js +0 -171
  370. package/src/scan/autoDetection.js +0 -175
  371. package/src/scan/fileUtils.js +0 -206
  372. package/src/scan/formatScanOutput.ts +0 -225
  373. package/src/scan/help.js +0 -56
  374. package/src/scan/models/groupedResultsModel.ts +0 -20
  375. package/src/scan/models/resultContentModel.ts +0 -86
  376. package/src/scan/models/scanResultsModel.ts +0 -55
  377. package/src/scan/populateProjectIdAndProjectName.js +0 -73
  378. package/src/scan/saveResults.js +0 -14
  379. package/src/scan/scan.ts +0 -68
  380. package/src/scan/scanConfig.js +0 -58
  381. package/src/scan/scanController.js +0 -98
  382. package/src/scan/scanResults.js +0 -171
  383. package/src/telemetry/telemetry.ts +0 -154
  384. package/src/utils/capabilities.js +0 -12
  385. package/src/utils/commonApi.js +0 -103
  386. package/src/utils/filterProjectPath.js +0 -25
  387. package/src/utils/generalAPI.js +0 -52
  388. package/src/utils/getConfig.ts +0 -34
  389. package/src/utils/oraWrapper.js +0 -29
  390. package/src/utils/paramsUtil/commandlineParams.js +0 -12
  391. package/src/utils/paramsUtil/configStoreParams.js +0 -19
  392. package/src/utils/paramsUtil/envVariableParams.js +0 -10
  393. package/src/utils/paramsUtil/paramHandler.js +0 -38
  394. package/src/utils/parsedCLIOptions.js +0 -32
  395. package/src/utils/requestUtils.js +0 -29
  396. package/src/utils/saveFile.js +0 -20
  397. package/src/utils/validationCheck.js +0 -39
@@ -1,111 +0,0 @@
1
- const fs = require('fs')
2
- const yarnParser = require('@yarnpkg/lockfile')
3
- const yaml = require('js-yaml')
4
- const i18n = require('i18n')
5
- const {
6
- formatKey
7
- } = require('../../audit/nodeAnalysisEngine/parseYarn2LockFileContents')
8
-
9
- const readFile = async (config, languageFiles, nameOfFile) => {
10
- const index = languageFiles.findIndex(v => v.includes(nameOfFile))
11
-
12
- if (config.file) {
13
- return fs.readFileSync(config.file.concat(languageFiles[index]), 'utf8')
14
- } else {
15
- throw new Error('could not find file')
16
- }
17
- }
18
-
19
- const readYarn = async (config, languageFiles, nameOfFile) => {
20
- let yarn = {
21
- yarnVersion: 1,
22
- rawYarnLockFileContents: ''
23
- }
24
-
25
- try {
26
- let rawYarnLockFileContents = await readFile(
27
- config,
28
- languageFiles,
29
- nameOfFile
30
- )
31
- yarn.rawYarnLockFileContents = rawYarnLockFileContents
32
-
33
- if (
34
- !yarn.rawYarnLockFileContents.includes('lockfile v1') ||
35
- yarn.rawYarnLockFileContents.includes('__metadata')
36
- ) {
37
- yarn.rawYarnLockFileContents = yaml.load(rawYarnLockFileContents)
38
- yarn.yarnVersion = 2
39
- }
40
-
41
- return yarn
42
- } catch (err) {
43
- throw new Error(i18n.__('nodeReadYarnLockFileError') + `${err.message}`)
44
- }
45
- }
46
-
47
- const parseNpmLockFile = async npmLockFile => {
48
- try {
49
- if (!npmLockFile.parsedPackages) {
50
- npmLockFile.parsedPackages = {}
51
- }
52
-
53
- Object.entries(npmLockFile.packages).forEach(
54
- ([packageKey, packageValue]) => {
55
- if (packageKey.includes('node_modules/')) {
56
- //remove object keys node modules prefixing
57
- //e.g: node_modules/@aws-amplify/datastore/node_modules/uuid --> @aws-amplify/datastore/uuid
58
- packageKey = packageKey.replace(/(node_modules\/)+/g, '')
59
- }
60
-
61
- npmLockFile.parsedPackages[packageKey] = packageValue
62
- }
63
- )
64
-
65
- //remove base project package - unneeded
66
- delete npmLockFile.parsedPackages['']
67
-
68
- return npmLockFile
69
- } catch (err) {
70
- throw new Error(i18n.__('NodeParseNPM') + `${err.message}`)
71
- }
72
- }
73
-
74
- const parseYarnLockFile = async js => {
75
- try {
76
- js.yarn.yarnLockFile = {}
77
- if (js.yarn.yarnVersion === 1) {
78
- js.yarn.yarnLockFile = yarnParser.parse(js.yarn.rawYarnLockFileContents)
79
- delete js.yarn.rawYarnLockFileContents
80
- return js
81
- } else {
82
- js.yarn.yarnLockFile['object'] = js.yarn.rawYarnLockFileContents
83
- delete js.yarn.yarnLockFile['object'].__metadata
84
- js.yarn.yarnLockFile['type'] = 'success'
85
-
86
- Object.entries(js.yarn.rawYarnLockFileContents).forEach(
87
- ([key, value]) => {
88
- const rawKeyNames = key.split(',')
89
- const keyNames = formatKey(rawKeyNames)
90
-
91
- keyNames.forEach(name => {
92
- js.yarn.yarnLockFile.object[name] = value
93
- })
94
- }
95
- )
96
- return js
97
- }
98
- } catch (err) {
99
- throw new Error(
100
- i18n.__('NodeParseYarn', js.yarn.yarnVersion) + `${err.message}`
101
- )
102
- }
103
- }
104
-
105
- module.exports = {
106
- readYarn,
107
- parseYarnLockFile,
108
- parseNpmLockFile,
109
- readFile,
110
- formatKey
111
- }
@@ -1,104 +0,0 @@
1
- const analysis = require('./analysis')
2
- const i18n = require('i18n')
3
- const formatMessage = require('../common/formatMessage')
4
- const scaServiceParser = require('./scaServiceParser')
5
-
6
- const jsAnalysis = async (config, languageFiles) => {
7
- checkForCorrectFiles(languageFiles)
8
-
9
- if (!config.file.endsWith('/')) {
10
- config.file = config.file.concat('/')
11
- }
12
- return buildNodeTree(config, languageFiles.JAVASCRIPT)
13
- }
14
- const buildNodeTree = async (config, files) => {
15
- let analysis = await readFiles(config, files)
16
- const rawNode = await parseFiles(config, files, analysis)
17
- if (config.legacy === false) {
18
- return scaServiceParser.parseJS(rawNode)
19
- }
20
-
21
- return formatMessage.createJavaScriptTSMessage(rawNode)
22
- }
23
-
24
- const readFiles = async (config, files) => {
25
- let js = {}
26
-
27
- js.packageJSON = JSON.parse(
28
- await analysis.readFile(config, files, 'package.json')
29
- )
30
-
31
- if (files.includes('package-lock.json')) {
32
- js.rawLockFileContents = await analysis.readFile(
33
- config,
34
- files,
35
- 'package-lock.json'
36
- )
37
- }
38
- if (files.includes('yarn.lock')) {
39
- js.yarn = {}
40
- js.yarn = await analysis.readYarn(config, files, 'yarn.lock')
41
- }
42
-
43
- return js
44
- }
45
-
46
- const parseFiles = async (config, files, js) => {
47
- if (files.includes('package-lock.json')) {
48
- const npmLockFile = JSON.parse(js.rawLockFileContents)
49
-
50
- const currentLockFileVersion = npmLockFile.lockfileVersion
51
- const generalRebuildMessage =
52
- '\nPlease update to Node 16+ & NPM 8+ or 9+ and then rebuild your package files.' +
53
- '\nMore info here: https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json'
54
-
55
- if (currentLockFileVersion === 1) {
56
- throw new Error(
57
- `NPM lockfileVersion 1 is no longer supported. \n ${generalRebuildMessage}`
58
- )
59
- }
60
-
61
- if (!currentLockFileVersion || !npmLockFile.packages) {
62
- throw new Error(
63
- `package-lock.json needs to be in the NPM v2 or v3 format. \n ${generalRebuildMessage}`
64
- )
65
- }
66
-
67
- if (currentLockFileVersion === 3 && config.legacy) {
68
- throw new Error(`NPM lockfileVersion 3 is not support with --legacy`)
69
- }
70
-
71
- js.npmLockFile = await analysis.parseNpmLockFile(npmLockFile)
72
- }
73
-
74
- if (files.includes('yarn.lock')) {
75
- js = await analysis.parseYarnLockFile(js)
76
- }
77
-
78
- return js
79
- }
80
-
81
- const checkForCorrectFiles = languageFiles => {
82
- if (
83
- languageFiles.JAVASCRIPT.includes('package-lock.json') &&
84
- languageFiles.JAVASCRIPT.includes('yarn.lock')
85
- ) {
86
- throw new Error(
87
- i18n.__('languageAnalysisHasMultipleLockFiles', 'javascript')
88
- )
89
- }
90
-
91
- if (
92
- !languageFiles.JAVASCRIPT.includes('package-lock.json') &&
93
- !languageFiles.JAVASCRIPT.includes('yarn.lock')
94
- ) {
95
- throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'javascript'))
96
- }
97
-
98
- if (!languageFiles.JAVASCRIPT.includes('package.json')) {
99
- throw new Error(i18n.__('languageAnalysisHasNoPackageJsonFile'))
100
- }
101
- }
102
- module.exports = {
103
- jsAnalysis
104
- }
@@ -1,151 +0,0 @@
1
- const parseJS = rawNode => {
2
- let dependencyTree = {}
3
- let combinedPackageJSONDep = {
4
- ...rawNode.packageJSON?.dependencies,
5
- ...rawNode.packageJSON?.devDependencies
6
- }
7
- let analyseLock = chooseLockFile(rawNode)
8
-
9
- if (analyseLock.type === 'yarn') {
10
- dependencyTree = yarnCreateDepTree(
11
- dependencyTree,
12
- combinedPackageJSONDep,
13
- analyseLock.lockFile,
14
- rawNode
15
- )
16
- }
17
-
18
- if (analyseLock.type === 'npm') {
19
- dependencyTree = npmCreateDepTree(
20
- dependencyTree,
21
- combinedPackageJSONDep,
22
- analyseLock.lockFile,
23
- rawNode
24
- )
25
- }
26
-
27
- return dependencyTree
28
- }
29
-
30
- const npmCreateDepTree = (
31
- dependencyTree,
32
- combinedPackageJSONDep,
33
- packageLock,
34
- rawNode
35
- ) => {
36
- for (const [key, value] of Object.entries(packageLock)) {
37
- dependencyTree[key] = {
38
- name: key,
39
- version: getResolvedVersion(key, packageLock),
40
- group: null,
41
- productionDependency: checkIfInPackageJSON(
42
- rawNode.packageJSON.dependencies,
43
- key
44
- ),
45
- directDependency: checkIfInPackageJSON(combinedPackageJSONDep, key),
46
- dependencies: createNPMChildDependencies(packageLock, key)
47
- }
48
- }
49
- return dependencyTree
50
- }
51
-
52
- const yarnCreateDepTree = (
53
- dependencyTree,
54
- combinedPackageJSONDep,
55
- packageLock,
56
- rawNode
57
- ) => {
58
- for (const [key, value] of Object.entries(packageLock)) {
59
- let gav = getNameFromGAV(key)
60
- let nag = getDepNameWithoutVersion(key)
61
- dependencyTree[key] = {
62
- name: gav,
63
- version: getResolvedVersion(key, packageLock),
64
- group: null,
65
- productionDependency: checkIfInPackageJSON(
66
- rawNode.packageJSON.dependencies,
67
- nag
68
- ),
69
- directDependency: checkIfInPackageJSON(combinedPackageJSONDep, nag),
70
- dependencies: createChildDependencies(packageLock, key)
71
- }
72
- }
73
- return dependencyTree
74
- }
75
-
76
- const chooseLockFile = rawNode => {
77
- if (rawNode?.yarn?.yarnLockFile !== undefined) {
78
- return { lockFile: rawNode?.yarn?.yarnLockFile?.object, type: 'yarn' }
79
- } else if (rawNode.npmLockFile !== undefined) {
80
- return { lockFile: rawNode?.npmLockFile?.parsedPackages, type: 'npm' }
81
- } else {
82
- return undefined
83
- }
84
- }
85
-
86
- const createKeyName = (dep, version) => {
87
- return dep + '@' + version
88
- }
89
-
90
- const checkIfInPackageJSON = (list, dep) => {
91
- return Object.keys(list).includes(dep)
92
- }
93
-
94
- const createChildDependencies = (lockFileDep, currentDep) => {
95
- let depArray = []
96
- if (lockFileDep[currentDep]?.dependencies) {
97
- for (const [key, value] of Object.entries(
98
- lockFileDep[currentDep]?.dependencies
99
- )) {
100
- depArray.push(createKeyName(key, value))
101
- }
102
- }
103
- return depArray
104
- }
105
-
106
- const createNPMChildDependencies = (lockFileDep, currentDep) => {
107
- let depArray = []
108
- if (lockFileDep[currentDep]?.dependencies) {
109
- for (const [key, value] of Object.entries(
110
- lockFileDep[currentDep]?.dependencies
111
- )) {
112
- depArray.push(key)
113
- }
114
- }
115
- return depArray
116
- }
117
-
118
- const getDepNameWithoutVersion = depKey => {
119
- let dependency = depKey.split('@')
120
- if (dependency.length - 1 > 1) {
121
- return '@' + dependency[1]
122
- }
123
- return dependency[0]
124
- }
125
-
126
- const getNameFromGAV = depKey => {
127
- let dependency = depKey.split('/')
128
- if (dependency.length == 2) {
129
- dependency = getDepNameWithoutVersion(dependency[1])
130
- return dependency
131
- }
132
- if (dependency.length == 1) {
133
- dependency = getDepNameWithoutVersion(depKey)
134
- return dependency
135
- }
136
- //what should we do if there's no version? The service will fall over but do we want to throw error for only one wrong version?
137
- return depKey
138
- }
139
-
140
- const getResolvedVersion = (depKey, packageLock) => {
141
- return packageLock[depKey]?.version
142
- }
143
-
144
- module.exports = {
145
- parseJS,
146
- checkIfInPackageJSON,
147
- getNameFromGAV,
148
- getResolvedVersion,
149
- chooseLockFile,
150
- createNPMChildDependencies
151
- }
@@ -1,43 +0,0 @@
1
- const auditController = require('../../commands/audit/auditController')
2
- const {
3
- returnOra,
4
- startSpinner,
5
- succeedSpinner
6
- } = require('../../utils/oraWrapper')
7
- const i18n = require('i18n')
8
- const treeUpload = require('../common/treeUpload')
9
- const {
10
- pollForSnapshotCompletion
11
- } = require('../../audit/languageAnalysisEngine/sendSnapshot')
12
- const { vulnerabilityReportV2 } = require('../../audit/report/reportingFeature')
13
- const { auditSave } = require('../../audit/save')
14
-
15
- const legacyFlow = async (config, messageToSend) => {
16
- const startTime = performance.now()
17
- if (!config.applicationId) {
18
- config.applicationId = await auditController.dealWithNoAppId(config)
19
- }
20
-
21
- console.log('') //empty log for space before spinner
22
- //send message to TS
23
- const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
24
- startSpinner(reportSpinner)
25
- const snapshotResponse = await treeUpload.commonSendSnapShot(
26
- messageToSend,
27
- config
28
- )
29
-
30
- // poll for completion
31
- await pollForSnapshotCompletion(config, snapshotResponse.id, reportSpinner)
32
- succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
33
-
34
- await vulnerabilityReportV2(config, snapshotResponse.id)
35
- const endTime = performance.now() - startTime
36
- const scanDurationMs = endTime - startTime
37
-
38
- console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`)
39
- }
40
-
41
- module.exports = {
42
- legacyFlow
43
- }
@@ -1,78 +0,0 @@
1
- const fs = require('fs')
2
- const i18n = require('i18n')
3
- const _ = require('lodash')
4
-
5
- const readFile = (config, nameOfFile) => {
6
- if (config.file) {
7
- try {
8
- return fs.readFileSync(config.file + '/' + nameOfFile, 'utf8')
9
- } catch (error) {
10
- console.log('Unable to find file')
11
- console.log(error)
12
- }
13
- }
14
- }
15
-
16
- const parseProjectFiles = php => {
17
- try {
18
- // composer.json
19
- php.composerJSON.dependencies = php.composerJSON.require
20
- php.composerJSON.devDependencies = php.composerJSON['require-dev']
21
-
22
- // composer.lock
23
- php.lockFile = php.rawLockFileContents
24
- let packages = _.keyBy(php.lockFile.packages, 'name')
25
- let packagesDev = _.keyBy(php.lockFile['packages-dev'], 'name')
26
- php.lockFile.dependencies = _.merge(packages, packagesDev)
27
-
28
- const listOfTopDep = Object.keys(php.lockFile.dependencies)
29
-
30
- Object.entries(php.lockFile.dependencies).forEach(([key, value]) => {
31
- if (value.require) {
32
- const listOfRequiresDep = Object.keys(value.require)
33
- listOfRequiresDep.forEach(dep => {
34
- if (!listOfTopDep.includes(dep)) {
35
- addChildDepToLockFileAsOwnObj(php, value['require'], dep)
36
- }
37
- })
38
- }
39
-
40
- if (value['require-dev']) {
41
- const listOfRequiresDep = Object.keys(value['require-dev'])
42
- listOfRequiresDep.forEach(dep => {
43
- if (!listOfTopDep.includes(dep)) {
44
- addChildDepToLockFileAsOwnObj(php, value['require-dev'], dep)
45
- }
46
- })
47
- }
48
- })
49
- formatParentDepToLockFile(php)
50
- delete php.rawLockFileContents
51
- return php
52
- } catch (err) {
53
- return console.log(i18n.__('phpParseComposerLock', php) + `${err.message}`) // not sure on this
54
- }
55
- }
56
-
57
- function addChildDepToLockFileAsOwnObj(php, depObj, key) {
58
- php.lockFile.dependencies[key] = { version: depObj[key] }
59
- }
60
-
61
- function formatParentDepToLockFile(php) {
62
- for (const [key, value] of Object.entries(php.lockFile.dependencies)) {
63
- let requires = {}
64
- for (const [childKey, childValue] of Object.entries(value)) {
65
- if (childKey === 'require' || childKey === 'require-dev') {
66
- requires = _.merge(requires, childValue)
67
- php.lockFile.dependencies[key].requires = requires
68
- delete php.lockFile.dependencies[key].require
69
- delete php.lockFile.dependencies[key]['require-dev']
70
- }
71
- }
72
- }
73
- }
74
-
75
- module.exports = {
76
- parseProjectFiles,
77
- readFile
78
- }
@@ -1,28 +0,0 @@
1
- const { readFile, parseProjectFiles } = require('./analysis')
2
- const { createPhpTSMessage } = require('../common/formatMessage')
3
- const { parsePHPLockFileForScaServices } = require('./phpNewServicesMapper')
4
-
5
- const phpAnalysis = config => {
6
- let analysis = readFiles(config)
7
-
8
- if (config.legacy === false) {
9
- return parsePHPLockFileForScaServices(analysis.rawLockFileContents)
10
- } else {
11
- const phpDep = parseProjectFiles(analysis)
12
- return createPhpTSMessage(phpDep)
13
- }
14
- }
15
-
16
- const readFiles = config => {
17
- let php = {}
18
-
19
- php.composerJSON = JSON.parse(readFile(config, 'composer.json'))
20
-
21
- php.rawLockFileContents = JSON.parse(readFile(config, 'composer.lock'))
22
-
23
- return php
24
- }
25
-
26
- module.exports = {
27
- phpAnalysis: phpAnalysis
28
- }
@@ -1,77 +0,0 @@
1
- const { keyBy, merge } = require('lodash')
2
-
3
- const parsePHPLockFileForScaServices = phpLockFile => {
4
- const packages = keyBy(phpLockFile.packages, 'name')
5
- const packagesDev = keyBy(phpLockFile['packages-dev'], 'name')
6
-
7
- return merge(buildDepTree(packages, true), buildDepTree(packagesDev, false))
8
- }
9
-
10
- const buildDepTree = (packages, productionDependency) => {
11
- //builds deps into flat structure
12
- const dependencyTree = {}
13
-
14
- for (const packagesKey in packages) {
15
- const currentObj = packages[packagesKey]
16
- const { group, name } = findGroupAndName(currentObj.name)
17
-
18
- const key = `${group}/${name}@${currentObj.version}`
19
- dependencyTree[key] = {
20
- group: group,
21
- name: name,
22
- version: currentObj.version,
23
- directDependency: true,
24
- productionDependency: productionDependency,
25
- dependencies: []
26
- }
27
-
28
- const mergedChildDeps = merge(
29
- buildSubDepsIntoFlatStructure(currentObj.require),
30
- buildSubDepsIntoFlatStructure(currentObj['require-dev'])
31
- )
32
-
33
- for (const childKey in mergedChildDeps) {
34
- const { group, name } = findGroupAndName(childKey)
35
- const builtKey = `${group}/${name}`
36
- dependencyTree[builtKey] = mergedChildDeps[childKey]
37
- }
38
- }
39
- return dependencyTree
40
- }
41
-
42
- // currently sub deps will be built into a flat structure
43
- // but not ingested via the new services as they do not have concrete versions
44
- const buildSubDepsIntoFlatStructure = childDeps => {
45
- const dependencyTree = {}
46
-
47
- for (const dep in childDeps) {
48
- const version = childDeps[dep]
49
- const { group, name } = findGroupAndName(dep)
50
- const key = `${group}/${name}`
51
- dependencyTree[key] = {
52
- group: group,
53
- name: name,
54
- version: version,
55
- directDependency: false,
56
- productionDependency: false,
57
- dependencies: []
58
- }
59
- }
60
- return dependencyTree
61
- }
62
-
63
- const findGroupAndName = groupAndName => {
64
- if (groupAndName.includes('/')) {
65
- const groupName = groupAndName.split('/')
66
- return { group: groupName[0], name: groupName[1] }
67
- } else {
68
- return { group: groupAndName, name: groupAndName }
69
- }
70
- }
71
-
72
- module.exports = {
73
- parsePHPLockFileForScaServices,
74
- buildDepTree,
75
- buildSubDepsIntoFlatStructure,
76
- findGroupAndName
77
- }