@contrast/contrast 2.0.2-beta.1 → 2.0.2-beta.2

package/dist/cliConstants.js

@@ -395,6 +395,7 @@ const fingerprintOptionDefinitions = [
     {
         name: 'depth',
         type: Number,
+        default: 3,
         description: '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('depthOption')
     },
     {

package/dist/commands/github/processFingerprint.js

@@ -1,7 +1,7 @@
 "use strict";
 const fingerprintConfig = require('./fingerprintConfig');
 const repoServices = require('./repoServices');
-const autoDetection = require('../../scan/autoDetection');
+const autoDetection = require('../../common/autoDetection');
 const saveResults = require('../../scan/saveResults');
 const projectConfig = require('./projectGroup');
 const processFingerprint = async (contrastConf, argvMain) => {

package/dist/commands/github/projectGroup.js

@@ -79,10 +79,10 @@ const createProjectsArray = params => {
     });
     return projectsArray;
 };
-const createProject = param => {
+const createProject = (param, shortenedProjectName) => {
     return {
         path: param.fileName,
-        name: param.repo ? param.fileName : getProjectName(param),
+        name: param.repo ? shortenedProjectName : getProjectName(param),
         source: 'SCA',
         language: param.language,
         packageManager: param.packageManager,
@@ -121,11 +121,11 @@ const addAdditionalData = (body, data) => {
     body.projectLanguage = data.projectLanguage ? data.projectLanguage : null;
     body.projectType = data.projectType ? data.projectType : null;
 };
-const registerProjectIdOnCliServices = async (config, projectId, additionalData = undefined) => {
+const registerProjectIdOnCliServices = async (config, projectId, shortenedProjectName, additionalData = undefined) => {
     const client = commonApi.getHttpClient(config);
     let cliServicesBody = {
         projectId: projectId,
-        name: config.repo ? config.fileName : getProjectName(config)
+        name: config.repo ? shortenedProjectName : getProjectName(config)
     };
     if (additionalData) {
         addAdditionalData(cliServicesBody, additionalData);
@@ -149,10 +149,10 @@ const registerProjectIdOnCliServices = async (config, projectId, additionalData
     });
     return result;
 };
-const registerProjectWithGroupProjectId = async (config) => {
+const registerProjectWithGroupProjectId = async (config, shortenedProjectName) => {
     const client = commonApi.getHttpClient(config);
     config.language = config.language === 'NODE' ? 'JAVASCRIPT' : config.language;
-    let body = createProject(config);
+    let body = createProject(config, shortenedProjectName);
     let result = await client.registerProject(config, body).then(res => {
         if (config.debug || config.verbose) {
             console.log('\nregister Project With Group ProjectId');

package/dist/commands/github/repoServices.js

@@ -68,7 +68,7 @@ const registerNewRepo = async (config) => {
     return result;
 };
 const retrieveProjectInfoViaRepoId = async (config) => {
-    const client = await commonApi.getHttpClient(config);
+    const client = commonApi.getHttpClient(config);
     let result = await client
         .retrieveProjectByRepoId(config)
         .then(res => {

package/dist/{scan → common}/autoDetection.js

@@ -1,7 +1,8 @@
 "use strict";
 const i18n = require('i18n');
-const fileFinder = require('./fileUtils');
-const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET } } = require('../constants/constants');
+const fileFinder = require('../scan/fileUtils');
+const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, DOTNET } } = require('../constants/constants');
+const { shortenFilePath } = require('../scan/fileUtils');
 const autoDetectFingerprintInfo = async (filePath, depth, config) => {
     let complexObj = await fileFinder.findAllFiles(filePath, depth);
     let result = [];
@@ -10,6 +11,7 @@ const autoDetectFingerprintInfo = async (filePath, depth, config) => {
         count++;
         if (!i.includes('package.json')) {
             result.push({
+                name: shortenFilePath(i),
                 filePath: i,
                 id: count.toString(),
                 repositoryId: config.repositoryId,
@@ -100,18 +102,40 @@ const hasWhiteSpace = s => {
     const filename = s.split('/').pop();
     return filename.indexOf(' ') >= 0;
 };
-const dealWithMultiJava = filesFound => {
-    let hasMultiJava = filesFound.filter(data => {
-        return (Object.keys(data)[0] === JAVA &&
-            Object.values(data)[0].includes('build.gradle') &&
-            Object.values(data)[0].includes('pom.xml'));
-    }).length > 0;
+const dealWithMultiJava = (filesFound, config, isFile) => {
+    if (isFile) {
+        return multiJavaFilePathFullySpecified(filesFound, config);
+    }
+    else {
+        return multiJavaNoFilePathFullySpecified(filesFound);
+    }
+};
+const multiJavaNoFilePathFullySpecified = filesFound => {
+    const hasMultiJava = filesFound.filter(data => Object.keys(data)[0] === JAVA &&
+        Object.values(data)[0].includes('build.gradle') &&
+        Object.values(data)[0].includes('pom.xml')).length > 0;
     if (hasMultiJava) {
         console.log('Multiple Java language dependency files detected');
         console.log('Please use --file to audit one only. \nExample: contrast audit --file pom.xml');
         process.exit(1);
     }
-    return false;
+    return filesFound;
+};
+const multiJavaFilePathFullySpecified = (filesFound, config) => {
+    const filteredFiles = filesFound[0].JAVA.filter(fileTypes => config.fileName.endsWith(fileTypes));
+    filesFound[0].JAVA = filteredFiles;
+    filesFound[0].filePath = filteredFiles[0];
+    if (filteredFiles[0] === 'pom.xml') {
+        filesFound[0].packageManager = 'MAVEN';
+    }
+    else {
+        filesFound[0].packageManager = 'GRADLE';
+    }
+    if (config.debug || config.verbose) {
+        console.log('\nAuto detection - detected multiple Java files');
+        console.log(`\nAuto detection - using ${filesFound[0].filePath} as based on full file path`);
+    }
+    return filesFound;
 };
 const errorOnFileDetection = entries => {
     if (entries.length > 1) {

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '2.0.2-beta.1';
+const APP_VERSION = '2.0.2-beta.2';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';

package/dist/scaAnalysis/common/scaServicesUpload.js

@@ -22,6 +22,9 @@ const scaTreeUpload = async (analysis, config, reportSpinner) => {
             version: APP_VERSION
         }
     };
+    if (config.debug || config.verbose) {
+        console.log('requestBody', requestBody);
+    }
     if (config.branch) {
         requestBody.branchName = config.branch;
     }

package/dist/scaAnalysis/processServicesFlow.js

@@ -2,6 +2,7 @@
 const projectConfig = require('../commands/github/projectGroup');
 const repoService = require('../commands/github/repoServices');
 const scaServicesUpload = require('../scaAnalysis/common/scaServicesUpload');
+const { shortenFilePath } = require('../scan/fileUtils');
 const dealWithNoProjectId = async (analysis, config, reportSpinner) => {
     await projectConfig.registerNewProjectGroup(config);
     let projectId = await projectConfig.getProjectIdByOrg(config);
@@ -18,18 +19,19 @@ const repoProcess = async (analysis, config, reportSpinner) => {
         console.log('Failed to retrieve Repository Id');
         process.exit(1);
     }
+    let shortenedProjectName = shortenFilePath(config.fileName);
     let repoInfo = await repoService.retrieveProjectInfoViaRepoId(config);
     repoInfo = repoInfo.find(element => config.fileName === element.path &&
-        config.fileName === element.name &&
+        shortenedProjectName === element.name &&
         config.projectGroupId === element.projectGroupId);
     if (config.projectGroupId &&
         !repoInfo?.projectId &&
         (repoInfo === undefined || repoInfo.length === 0)) {
         console.log('*** has projectGroupId, no projectId and repo has no project found that matches');
-        repoInfo = await projectConfig.registerProjectWithGroupProjectId(config);
+        repoInfo = await projectConfig.registerProjectWithGroupProjectId(config, shortenedProjectName);
         console.log('new registered group', repoInfo);
         const language = repoInfo.language === 'JAVASCRIPT' ? 'NODE' : repoInfo.language;
-        await projectConfig.registerProjectIdOnCliServices(config, repoInfo.projectId);
+        await projectConfig.registerProjectIdOnCliServices(config, repoInfo.projectId, shortenedProjectName);
     }
     config.projectId = repoInfo.projectId;
     return await scaServicesUpload.scaTreeUpload(analysis, config, reportSpinner);

package/dist/scaAnalysis/repoMode/mavenParser.js

@@ -8,7 +8,6 @@ const readPomFile = project => {
     return parser.parse(projectFile);
 };
 const parsePomFile = jsonPomFile => {
-    console.log(JSON.stringify(jsonPomFile));
     let dependencyTree = {};
     let dependencies = [];
     let dependencyManagement = [];

package/dist/scaAnalysis/scaAnalysis.js

@@ -1,7 +1,7 @@
 "use strict";
 const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET } } = require('../constants/constants');
 const { returnOra, startSpinner, succeedSpinner } = require('../utils/oraWrapper');
-const autoDetection = require('../scan/autoDetection');
+const autoDetection = require('../common/autoDetection');
 const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames');
 const path = require('path');
 const i18n = require('i18n');
@@ -35,7 +35,7 @@ const processSca = async (config) => {
         : config.file;
     filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
     filesFound = await autoDetection.detectPackageManager(filesFound);
-    autoDetection.dealWithMultiJava(filesFound);
+    autoDetection.dealWithMultiJava(filesFound, config, pathWithFile);
     if (filesFound.length > 1 && pathWithFile) {
         filesFound = filesFound.filter(i => Object.values(i)[0].includes(path.basename(config.fileName)));
     }

package/dist/scan/fileUtils.js

@@ -10,19 +10,14 @@ const findFile = async () => {
         onlyFiles: true
     });
 };
-const findAllFiles = async (filePath, depth = 2) => {
+const findAllFiles = async (filePath, depth = 3) => {
     const result = await fg([
         '**/pom.xml',
-        '**/build.gradle',
-        '**/build.gradle.kts',
         '**/package.json',
         '**/package-lock.json',
-        '**/yarn.lock',
-        '**/Pipfile',
-        '**/*.csproj',
-        '**/Gemfile',
-        '**/go.mod'
+        '**/yarn.lock'
     ], {
+        ignore: ['**/node_modules/**', '**/target/**', '**/bin/**'],
         dot: false,
         deep: depth,
         onlyFiles: true,
@@ -162,6 +157,15 @@ const fileIsEmpty = path => {
     }
     return false;
 };
+const shortenFilePath = filePath => {
+    let splitPath = filePath.split('home/runner/work/');
+    if (splitPath.length > 1) {
+        let splitPath2 = splitPath[1].split('/');
+        splitPath2.shift();
+        return splitPath2.join('/').toString();
+    }
+    return filePath;
+};
 module.exports = {
     findFile,
     fileExists,
@@ -174,5 +178,6 @@ module.exports = {
     findFilesRuby,
     findFilesDotNet,
     fileIsEmpty,
-    findAllFiles
+    findAllFiles,
+    shortenFilePath
 };

package/dist/scan/scanController.js

@@ -4,7 +4,7 @@ const { returnOra, startSpinner, succeedSpinner, stopSpinner } = require('../uti
 const populateProjectIdAndProjectName = require('./populateProjectIdAndProjectName');
 const scan = require('./scan');
 const scanResults = require('./scanResults');
-const autoDetection = require('./autoDetection');
+const autoDetection = require('../common/autoDetection');
 const fileFunctions = require('./fileUtils');
 const { performance } = require('perf_hooks');
 const getTimeout = config => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "2.0.2-beta.1",
+  "version": "2.0.2-beta.2",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {

package/src/cliConstants.js

@@ -445,6 +445,7 @@ const fingerprintOptionDefinitions = [
   {
     name: 'depth',
     type: Number,
+    default: 3,
     description:
       '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('depthOption')
   },

package/src/commands/github/processFingerprint.js

@@ -1,6 +1,6 @@
 const fingerprintConfig = require('./fingerprintConfig')
 const repoServices = require('./repoServices')
-const autoDetection = require('../../scan/autoDetection')
+const autoDetection = require('../../common/autoDetection')
 const saveResults = require('../../scan/saveResults')
 const projectConfig = require('./projectGroup')
 const processFingerprint = async (contrastConf, argvMain) => {

package/src/commands/github/projectGroup.js

@@ -91,10 +91,10 @@ const createProjectsArray = params => {
   return projectsArray
 }
 
-const createProject = param => {
+const createProject = (param, shortenedProjectName) => {
   return {
     path: param.fileName,
-    name: param.repo ? param.fileName : getProjectName(param),
+    name: param.repo ? shortenedProjectName : getProjectName(param),
     source: 'SCA',
     language: param.language,
     packageManager: param.packageManager,
@@ -143,13 +143,14 @@ const addAdditionalData = (body, data) => {
 const registerProjectIdOnCliServices = async (
   config,
   projectId,
+  shortenedProjectName,
   additionalData = undefined
 ) => {
   const client = commonApi.getHttpClient(config)
 
   let cliServicesBody = {
     projectId: projectId,
-    name: config.repo ? config.fileName : getProjectName(config)
+    name: config.repo ? shortenedProjectName : getProjectName(config)
   }
 
   if (additionalData) {
@@ -176,11 +177,14 @@ const registerProjectIdOnCliServices = async (
   return result
 }
 
-const registerProjectWithGroupProjectId = async config => {
+const registerProjectWithGroupProjectId = async (
+  config,
+  shortenedProjectName
+) => {
   const client = commonApi.getHttpClient(config)
   config.language = config.language === 'NODE' ? 'JAVASCRIPT' : config.language
 
-  let body = createProject(config)
+  let body = createProject(config, shortenedProjectName)
   let result = await client.registerProject(config, body).then(res => {
     if (config.debug || config.verbose) {
       console.log('\nregister Project With Group ProjectId')

package/src/commands/github/repoServices.js

@@ -75,7 +75,7 @@ const registerNewRepo = async config => {
 }
 
 const retrieveProjectInfoViaRepoId = async config => {
-  const client = await commonApi.getHttpClient(config)
+  const client = commonApi.getHttpClient(config)
 
   let result = await client
     .retrieveProjectByRepoId(config)

package/src/{scan → common}/autoDetection.js

@@ -1,8 +1,10 @@
 const i18n = require('i18n')
-const fileFinder = require('./fileUtils')
+const fileFinder = require('../scan/fileUtils')
 const {
-  supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET }
+  supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, DOTNET }
 } = require('../constants/constants')
+const { shortenFilePath } = require('../scan/fileUtils')
+
 const autoDetectFingerprintInfo = async (filePath, depth, config) => {
   let complexObj = await fileFinder.findAllFiles(filePath, depth)
   let result = []
@@ -11,6 +13,7 @@ const autoDetectFingerprintInfo = async (filePath, depth, config) => {
     count++
     if (!i.includes('package.json')) {
       result.push({
+        name: shortenFilePath(i),
         filePath: i,
         id: count.toString(),
         repositoryId: config.repositoryId,
@@ -18,7 +21,6 @@ const autoDetectFingerprintInfo = async (filePath, depth, config) => {
       })
     }
   })
-
   return result
 }
 
@@ -114,15 +116,23 @@ const hasWhiteSpace = s => {
   return filename.indexOf(' ') >= 0
 }
 
-const dealWithMultiJava = filesFound => {
-  let hasMultiJava =
-    filesFound.filter(data => {
-      return (
+const dealWithMultiJava = (filesFound, config, isFile) => {
+  if (isFile) {
+    return multiJavaFilePathFullySpecified(filesFound, config)
+  } else {
+    return multiJavaNoFilePathFullySpecified(filesFound)
+  }
+}
+
+const multiJavaNoFilePathFullySpecified = filesFound => {
+  const hasMultiJava =
+    filesFound.filter(
+      data =>
         Object.keys(data)[0] === JAVA &&
         Object.values(data)[0].includes('build.gradle') &&
         Object.values(data)[0].includes('pom.xml')
-      )
-    }).length > 0
+    ).length > 0
+
   if (hasMultiJava) {
     console.log('Multiple Java language dependency files detected')
     console.log(
@@ -130,7 +140,31 @@ const dealWithMultiJava = filesFound => {
     )
     process.exit(1)
   }
-  return false
+
+  return filesFound
+}
+
+const multiJavaFilePathFullySpecified = (filesFound, config) => {
+  const filteredFiles = filesFound[0].JAVA.filter(fileTypes =>
+    config.fileName.endsWith(fileTypes)
+  )
+  filesFound[0].JAVA = filteredFiles
+  filesFound[0].filePath = filteredFiles[0]
+
+  if (filteredFiles[0] === 'pom.xml') {
+    filesFound[0].packageManager = 'MAVEN'
+  } else {
+    filesFound[0].packageManager = 'GRADLE'
+  }
+
+  if (config.debug || config.verbose) {
+    console.log('\nAuto detection - detected multiple Java files')
+    console.log(
+      `\nAuto detection - using ${filesFound[0].filePath} as based on full file path`
+    )
+  }
+
+  return filesFound
 }
 
 const errorOnFileDetection = entries => {

package/src/constants/constants.js

@@ -14,7 +14,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 // App
 const APP_NAME = 'contrast'
-const APP_VERSION = '2.0.2-beta.1'
+const APP_VERSION = '2.0.2-beta.2'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'

package/src/scaAnalysis/common/scaServicesUpload.js

@@ -28,6 +28,10 @@ const scaTreeUpload = async (analysis, config, reportSpinner) => {
     }
   }
 
+  if (config.debug || config.verbose) {
+    console.log('requestBody', requestBody)
+  }
+
   if (config.branch) {
     requestBody.branchName = config.branch
   }

package/src/scaAnalysis/processServicesFlow.js

@@ -1,6 +1,7 @@
 const projectConfig = require('../commands/github/projectGroup')
 const repoService = require('../commands/github/repoServices')
 const scaServicesUpload = require('../scaAnalysis/common/scaServicesUpload')
+const { shortenFilePath } = require('../scan/fileUtils')
 
 const dealWithNoProjectId = async (analysis, config, reportSpinner) => {
   await projectConfig.registerNewProjectGroup(config)
@@ -20,12 +21,14 @@ const repoProcess = async (analysis, config, reportSpinner) => {
     process.exit(1)
   }
 
+  let shortenedProjectName = shortenFilePath(config.fileName)
+
   let repoInfo = await repoService.retrieveProjectInfoViaRepoId(config)
 
   repoInfo = repoInfo.find(
     element =>
       config.fileName === element.path &&
-      config.fileName === element.name &&
+      shortenedProjectName === element.name &&
       config.projectGroupId === element.projectGroupId
   )
 
@@ -57,7 +60,10 @@ const repoProcess = async (analysis, config, reportSpinner) => {
     console.log(
       '*** has projectGroupId, no projectId and repo has no project found that matches'
     )
-    repoInfo = await projectConfig.registerProjectWithGroupProjectId(config)
+    repoInfo = await projectConfig.registerProjectWithGroupProjectId(
+      config,
+      shortenedProjectName
+    )
     console.log('new registered group', repoInfo)
     const language =
       repoInfo.language === 'JAVASCRIPT' ? 'NODE' : repoInfo.language
@@ -71,7 +77,8 @@ const repoProcess = async (analysis, config, reportSpinner) => {
 
     await projectConfig.registerProjectIdOnCliServices(
       config,
-      repoInfo.projectId
+      repoInfo.projectId,
+      shortenedProjectName
     )
   }
   config.projectId = repoInfo.projectId

package/src/scaAnalysis/repoMode/mavenParser.js

@@ -9,7 +9,6 @@ const readPomFile = project => {
 }
 
 const parsePomFile = jsonPomFile => {
-  console.log(JSON.stringify(jsonPomFile))
   let dependencyTree = {}
   let dependencies = []
   let dependencyManagement = []

package/src/scaAnalysis/scaAnalysis.js

@@ -6,7 +6,7 @@ const {
   startSpinner,
   succeedSpinner
 } = require('../utils/oraWrapper')
-const autoDetection = require('../scan/autoDetection')
+const autoDetection = require('../common/autoDetection')
 const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames')
 const path = require('path')
 const i18n = require('i18n')
@@ -48,7 +48,8 @@ const processSca = async config => {
 
   filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file)
   filesFound = await autoDetection.detectPackageManager(filesFound)
-  autoDetection.dealWithMultiJava(filesFound)
+
+  autoDetection.dealWithMultiJava(filesFound, config, pathWithFile)
 
   if (filesFound.length > 1 && pathWithFile) {
     filesFound = filesFound.filter(i =>

package/src/scan/fileUtils.js

@@ -11,21 +11,22 @@ const findFile = async () => {
   })
 }
 
-const findAllFiles = async (filePath, depth = 2) => {
+const findAllFiles = async (filePath, depth = 3) => {
   const result = await fg(
     [
       '**/pom.xml',
-      '**/build.gradle',
-      '**/build.gradle.kts',
+      // '**/build.gradle',
+      // '**/build.gradle.kts',
       '**/package.json',
       '**/package-lock.json',
-      '**/yarn.lock',
-      '**/Pipfile',
-      '**/*.csproj',
-      '**/Gemfile',
-      '**/go.mod'
+      '**/yarn.lock'
+      // '**/Pipfile',
+      // '**/*.csproj',
+      // '**/Gemfile',
+      // '**/go.mod'
     ],
     {
+      ignore: ['**/node_modules/**', '**/target/**', '**/bin/**'],
       dot: false,
       deep: depth,
       onlyFiles: true,
@@ -190,6 +191,16 @@ const fileIsEmpty = path => {
   return false
 }
 
+const shortenFilePath = filePath => {
+  let splitPath = filePath.split('home/runner/work/')
+  if (splitPath.length > 1) {
+    let splitPath2 = splitPath[1].split('/')
+    splitPath2.shift()
+    return splitPath2.join('/').toString()
+  }
+  return filePath
+}
+
 module.exports = {
   findFile,
   fileExists,
@@ -202,5 +213,6 @@ module.exports = {
   findFilesRuby,
   findFilesDotNet,
   fileIsEmpty,
-  findAllFiles
+  findAllFiles,
+  shortenFilePath
 }

package/src/scan/scanController.js

@@ -8,7 +8,7 @@ const {
 const populateProjectIdAndProjectName = require('./populateProjectIdAndProjectName')
 const scan = require('./scan')
 const scanResults = require('./scanResults')
-const autoDetection = require('./autoDetection')
+const autoDetection = require('../common/autoDetection')
 const fileFunctions = require('./fileUtils')
 const { performance } = require('perf_hooks')