@contrast/contrast 2.0.2-beta.2 → 2.0.2-beta.4

package/src/scaAnalysis/java/javaBuildDepsParser.js

@@ -1,439 +0,0 @@
-const i18n = require('i18n')
-const StringBuilder = require('string-builder')
-let sb = new StringBuilder()
-
-const parseBuildDeps = (config, input) => {
-  const { mvnDependancyTreeOutput, projectType } = input
-  try {
-    return parseGradle(mvnDependancyTreeOutput, config, projectType)
-  } catch (err) {
-    throw new Error(i18n.__('javaParseProjectFile') + `${err.message}`)
-  }
-}
-
-const preParser = shavedOutput => {
-  let obj = []
-  for (let dep in shavedOutput) {
-    shavedOutput[dep] = shaveDependencyType(shavedOutput[dep])
-
-    obj.push(
-      shavedOutput[dep]
-        .replace('+-', '+---')
-        .replace('[INFO]', '')
-        .replace('\\-', '\\---')
-        .replace(':jar:', ':')
-        .replace(' +', '+')
-        .replace(' |', '|')
-        .replace(' \\', '\\')
-        .replace(':runtime', '')
-    )
-  }
-
-  let depTree = []
-  for (let x in obj) {
-    let nodeLevel = computeRelationToLastElement(obj[x])
-
-    let notLastLevel =
-      obj[x].startsWith('|') ||
-      obj[x].startsWith('+') ||
-      obj[x].startsWith('\\')
-
-    if (notLastLevel) {
-      if (nodeLevel === 0) {
-        depTree.push(obj[x])
-      } else {
-        let level = computeLevel(nodeLevel)
-        let validatedLevel = addIndentation(nodeLevel === 2 ? 5 : level, obj[x])
-        depTree.push(validatedLevel)
-      }
-    } else {
-      let level = computeLevel(nodeLevel)
-      let validatedLevel = addIndentation(nodeLevel === 3 ? 5 : level, obj[x])
-      depTree.push(validatedLevel)
-    }
-  }
-
-  return depTree
-}
-
-const shaveDependencyType = dep => {
-  if (dep.endsWith('\r')) {
-    dep = dep.slice(0, -1)
-  }
-
-  if (dep.endsWith(':test')) {
-    dep = dep.slice(0, -5)
-  }
-
-  if (dep.endsWith(':compile')) {
-    dep = dep.slice(0, -8)
-  }
-
-  if (dep.endsWith(':provided')) {
-    dep = dep.slice(0, -9)
-  }
-
-  return dep
-}
-
-const shaveOutput = (gradleDependencyTreeOutput, projectType) => {
-  let shavedOutput = gradleDependencyTreeOutput.split('\n')
-
-  if (projectType === 'maven') {
-    shavedOutput = preParser(shavedOutput)
-  }
-
-  let obj = []
-  for (let key in shavedOutput) {
-    if (shavedOutput[key].includes('project :')) {
-      //skip
-    } else if (
-      shavedOutput[key].includes('+---') ||
-      shavedOutput[key].includes('\\---')
-    ) {
-      obj.push(shavedOutput[key])
-    }
-  }
-  return obj
-}
-
-const computeIndentation = element => {
-  let hasPlus = element.includes('+')
-  let hasSlash = element.includes('\\')
-  if (hasPlus) {
-    return element.substring(element.indexOf('+'))
-  }
-  if (hasSlash) {
-    return element.substring(element.indexOf('\\'))
-  }
-}
-
-const computeLevel = nodeLevel => {
-  let num = [5, 8, 11, 14, 17, 20]
-  for (let z in num) {
-    if (num[z] === nodeLevel) {
-      let n = parseInt(z)
-      return 5 * (n + 2)
-    }
-  }
-}
-
-const addIndentation = (number, str) => {
-  str = computeIndentation(str)
-  sb.clear() // need to clear so each dep doesn't append to the string
-  for (let j = 0; j < number; j++) {
-    sb.append(' ')
-  }
-  sb.append(str)
-  return sb.toString()
-}
-
-const computeRelationToLastElement = element => {
-  let hasPlus = element.includes('+---')
-  let hasSlash = element.includes('\\---')
-  if (hasPlus) {
-    return element.split('+---')[0].length
-  }
-  if (hasSlash) {
-    return element.split('\\---')[0].length
-  }
-}
-
-const stripElement = element => {
-  const initialStrippedElement = element
-    .replace(/[|]/g, '')
-    .replace('+---', '')
-    .replace('\\---', '')
-    .replace(/[' ']/g, '')
-    .replace('(c)', '')
-    .replace('->', '@')
-    .replace('(*)', '')
-
-  //work out Gradle resolved versioning e.g. org.slf4j:slf4j-api:1.7.25 -> 1.7.22
-  //take 1.7.22
-  const splitElements = initialStrippedElement.split(':')
-  if (
-    splitElements[2] !== undefined &&
-    splitElements[2] !== null &&
-    splitElements[2].includes('@')
-  ) {
-    const splitVersions = splitElements[2].split('@')
-    return initialStrippedElement
-      .replace(':' + splitVersions[0], '')
-      .replace('@', ':')
-  }
-
-  return initialStrippedElement
-}
-
-const checkVersion = element => {
-  let version = element.split(':')
-  return version[version.length - 1]
-}
-
-const createElement = (element, isRoot) => {
-  let tree
-  let cleanElement = stripElement(element)
-  let splitGroupName = cleanElement.split(':')
-
-  let validateVersion = false
-  if (!element.includes('->')) {
-    validateVersion = true
-  }
-
-  tree = {
-    artifactID: splitGroupName[1],
-    group: splitGroupName[0],
-    version: validateVersion
-      ? checkVersion(cleanElement)
-      : splitGroupName[splitGroupName.length - 1],
-    scope: 'compile',
-    type: isRoot ? 'direct' : 'transitive',
-    edges: {}
-  }
-  return tree
-}
-
-const getElementHeader = element => {
-  let elementHeader = stripElement(element)
-  elementHeader = elementHeader.replace(':', '/')
-  elementHeader = elementHeader.replace(':', '@')
-
-  return elementHeader
-}
-
-const buildElement = (element, rootElement, parentOfCurrent, tree, isRoot) => {
-  let childElement = createElement(element, isRoot)
-  let elementHeader = getElementHeader(element)
-  let levelsArray = [rootElement, parentOfCurrent]
-  const treeNode = getNestedObject(tree, levelsArray)
-  const rootNode = getNestedObject(tree, [rootElement])
-
-  // eslint-disable-next-line
-  if (!rootNode.hasOwnProperty(elementHeader)) {
-    tree[rootElement][elementHeader] = childElement
-  }
-  treeNode.edges[elementHeader] = elementHeader
-}
-
-const hasChildren = (nextNodeLevel, nodeLevel) => {
-  if (nextNodeLevel > nodeLevel) {
-    return true
-  }
-}
-
-const lastChild = (nextNodeLevel, nodeLevel) => {
-  if (nextNodeLevel < nodeLevel) {
-    return true
-  }
-}
-
-const calculateLevels = (nextNodeLevel, nodeLevel) => {
-  return (nodeLevel - nextNodeLevel) / 5
-}
-
-const buildTree = shavedOutput => {
-  let tree = {}
-  let rootElement
-  let levelNodes = []
-
-  shavedOutput.forEach((element, index) => {
-    if (index === 0) {
-      // console.log(element, index)
-      let cleanElement = stripElement(element)
-      let elementHeader = getElementHeader(cleanElement)
-      let splitElement = element.split(' ')
-      let splitGroupName = splitElement[1].split(':')
-
-      let validateVersion = false
-      if (!element.includes('->')) {
-        validateVersion = true
-      }
-
-      tree[splitGroupName[0]] = {}
-      tree[splitGroupName[0]][elementHeader] = {
-        artifactID: splitGroupName[1],
-        group: splitGroupName[0],
-        version: validateVersion
-          ? checkVersion(cleanElement)
-          : splitElement[splitElement.length - 1],
-        scope: 'compile',
-        type: 'direct',
-        edges: {}
-      }
-
-      rootElement = splitGroupName[0]
-      levelNodes.push(elementHeader)
-    }
-
-    if (shavedOutput.length - 1 === index) {
-      // console.log(element, index)
-      const parentOfCurrent = levelNodes[levelNodes.length - 1]
-      let nodeLevel = computeRelationToLastElement(element)
-
-      let validateVersion = false
-      if (!element.includes('->')) {
-        validateVersion = true
-      }
-
-      if (nodeLevel === 0) {
-        let cleanElement = stripElement(element)
-        let elementHeader = getElementHeader(cleanElement)
-        let splitElement = element.split(' ')
-        let splitGroupName = splitElement[1].split(':')
-        tree[rootElement][elementHeader] = {
-          artifactID: splitGroupName[1],
-          group: splitGroupName[0],
-          version: validateVersion
-            ? checkVersion(cleanElement)
-            : splitElement[splitElement.length - 1],
-          scope: 'compile',
-          type: 'direct',
-          edges: {}
-        }
-      } else {
-        buildElement(element, rootElement, parentOfCurrent, tree)
-      }
-    }
-
-    if (index >= 1 && index < shavedOutput.length - 1) {
-      let nodeLevel = computeRelationToLastElement(element)
-      let nextNodeLevel = computeRelationToLastElement(shavedOutput[index + 1])
-      const parentOfCurrent = levelNodes[levelNodes.length - 1]
-
-      let isRoot = false
-      if (nodeLevel === 0) {
-        isRoot = true
-      }
-
-      // useful for debugging
-      // console.log(
-      //   element,
-      //   index,
-      //   'nodeLevel:',
-      //   nodeLevel,
-      //   'nextNodeLevel:',
-      //   nextNodeLevel,
-      //   'parentofCurrent:',
-      //   parentOfCurrent
-      // )
-
-      if (isRoot) {
-        let cleanElement = stripElement(element)
-        let elementHeader = getElementHeader(cleanElement)
-        let splitElement = element.split(' ')
-        let splitGroupName = splitElement[1].split(':')
-
-        let validateVersion = false
-        if (!element.includes('->')) {
-          validateVersion = true
-        }
-
-        tree[rootElement][elementHeader] = {
-          artifactID: splitGroupName[1],
-          group: splitGroupName[0],
-          version: validateVersion
-            ? checkVersion(cleanElement)
-            : splitElement[splitElement.length - 1],
-          scope: 'compile',
-          type: 'direct',
-          edges: {}
-        }
-        levelNodes.push(elementHeader)
-        return
-      }
-
-      let elementHeader = getElementHeader(element)
-      buildElement(element, rootElement, parentOfCurrent, tree, isRoot)
-
-      if (hasChildren(nextNodeLevel, nodeLevel)) {
-        buildElement(element, rootElement, parentOfCurrent, tree, isRoot)
-        levelNodes.push(elementHeader)
-      }
-
-      if (lastChild(nextNodeLevel, nodeLevel)) {
-        let levelDifference = calculateLevels(nextNodeLevel, nodeLevel)
-        if (levelDifference === 0) {
-          levelNodes.pop()
-        } else {
-          let i
-          for (i = 0; i < levelDifference; i++) {
-            levelNodes.pop()
-          }
-        }
-      }
-    }
-  })
-
-  return tree
-}
-
-const getNestedObject = (nestedObj, pathArr) => {
-  return pathArr.reduce(
-    (obj, key) => (obj && obj[key] !== 'undefined' ? obj[key] : undefined),
-    nestedObj
-  )
-}
-
-// emit any "+--- project :" within the tree
-const parseSubProject = shavedOutput => {
-  let obj = []
-  for (let key in shavedOutput) {
-    if (!shavedOutput[key].includes('project')) {
-      obj.push(shavedOutput[key])
-    }
-  }
-  return obj
-}
-
-const validateIndentation = shavedOutput => {
-  let validatedTree = []
-  shavedOutput.forEach((element, index) => {
-    let nextNodeLevel
-    let nodeLevel = computeRelationToLastElement(element)
-    if (shavedOutput[index + 1] !== undefined) {
-      nextNodeLevel = computeRelationToLastElement(shavedOutput[index + 1])
-    }
-    if (index === 0) {
-      validatedTree.push(shavedOutput[index])
-      validatedTree.push(shavedOutput[index + 1])
-    } else if (nextNodeLevel > nodeLevel + 5) {
-      return
-    } else {
-      validatedTree.push(shavedOutput[index + 1])
-    }
-  })
-  validatedTree.pop()
-  return validatedTree
-}
-
-const parseGradle = (gradleDependencyTreeOutput, config, projectType) => {
-  let shavedOutput = shaveOutput(gradleDependencyTreeOutput, projectType)
-  if (config.subProject) {
-    let subProject = parseSubProject(shavedOutput)
-    let validatedOutput = validateIndentation(subProject)
-    return buildTree(validatedOutput)
-  } else {
-    let validatedOutput = validateIndentation(shavedOutput)
-    return buildTree(validatedOutput)
-  }
-}
-
-module.exports = {
-  parseBuildDeps,
-  shaveOutput,
-  validateIndentation,
-  calculateLevels,
-  lastChild,
-  hasChildren,
-  getElementHeader,
-  createElement,
-  stripElement,
-  checkVersion,
-  computeRelationToLastElement,
-  addIndentation,
-  computeLevel,
-  computeIndentation,
-  shaveDependencyType,
-  preParser
-}

package/src/scaAnalysis/javascript/analysis.js

@@ -1,111 +0,0 @@
-const fs = require('fs')
-const yarnParser = require('@yarnpkg/lockfile')
-const yaml = require('js-yaml')
-const i18n = require('i18n')
-const {
-  formatKey
-} = require('../../audit/nodeAnalysisEngine/parseYarn2LockFileContents')
-
-const readFile = async (config, languageFiles, nameOfFile) => {
-  const index = languageFiles.findIndex(v => v.includes(nameOfFile))
-
-  if (config.file) {
-    return fs.readFileSync(config.file.concat(languageFiles[index]), 'utf8')
-  } else {
-    throw new Error('could not find file')
-  }
-}
-
-const readYarn = async (config, languageFiles, nameOfFile) => {
-  let yarn = {
-    yarnVersion: 1,
-    rawYarnLockFileContents: ''
-  }
-
-  try {
-    let rawYarnLockFileContents = await readFile(
-      config,
-      languageFiles,
-      nameOfFile
-    )
-    yarn.rawYarnLockFileContents = rawYarnLockFileContents
-
-    if (
-      !yarn.rawYarnLockFileContents.includes('lockfile v1') ||
-      yarn.rawYarnLockFileContents.includes('__metadata')
-    ) {
-      yarn.rawYarnLockFileContents = yaml.load(rawYarnLockFileContents)
-      yarn.yarnVersion = 2
-    }
-
-    return yarn
-  } catch (err) {
-    throw new Error(i18n.__('nodeReadYarnLockFileError') + `${err.message}`)
-  }
-}
-
-const parseNpmLockFile = async npmLockFile => {
-  try {
-    if (!npmLockFile.parsedPackages) {
-      npmLockFile.parsedPackages = {}
-    }
-
-    Object.entries(npmLockFile.packages).forEach(
-      ([packageKey, packageValue]) => {
-        if (packageKey.includes('node_modules/')) {
-          //remove object keys node modules prefixing
-          //e.g: node_modules/@aws-amplify/datastore/node_modules/uuid --> @aws-amplify/datastore/uuid
-          packageKey = packageKey.replace(/(node_modules\/)+/g, '')
-        }
-
-        npmLockFile.parsedPackages[packageKey] = packageValue
-      }
-    )
-
-    //remove base project package - unneeded
-    delete npmLockFile.parsedPackages['']
-
-    return npmLockFile
-  } catch (err) {
-    throw new Error(i18n.__('NodeParseNPM') + `${err.message}`)
-  }
-}
-
-const parseYarnLockFile = async js => {
-  try {
-    js.yarn.yarnLockFile = {}
-    if (js.yarn.yarnVersion === 1) {
-      js.yarn.yarnLockFile = yarnParser.parse(js.yarn.rawYarnLockFileContents)
-      delete js.yarn.rawYarnLockFileContents
-      return js
-    } else {
-      js.yarn.yarnLockFile['object'] = js.yarn.rawYarnLockFileContents
-      delete js.yarn.yarnLockFile['object'].__metadata
-      js.yarn.yarnLockFile['type'] = 'success'
-
-      Object.entries(js.yarn.rawYarnLockFileContents).forEach(
-        ([key, value]) => {
-          const rawKeyNames = key.split(',')
-          const keyNames = formatKey(rawKeyNames)
-
-          keyNames.forEach(name => {
-            js.yarn.yarnLockFile.object[name] = value
-          })
-        }
-      )
-      return js
-    }
-  } catch (err) {
-    throw new Error(
-      i18n.__('NodeParseYarn', js.yarn.yarnVersion) + `${err.message}`
-    )
-  }
-}
-
-module.exports = {
-  readYarn,
-  parseYarnLockFile,
-  parseNpmLockFile,
-  readFile,
-  formatKey
-}

package/src/scaAnalysis/javascript/index.js

@@ -1,104 +0,0 @@
-const analysis = require('./analysis')
-const i18n = require('i18n')
-const formatMessage = require('../common/formatMessage')
-const scaServiceParser = require('./scaServiceParser')
-
-const jsAnalysis = async (config, languageFiles) => {
-  checkForCorrectFiles(languageFiles)
-
-  if (!config.file.endsWith('/')) {
-    config.file = config.file.concat('/')
-  }
-  return buildNodeTree(config, languageFiles.JAVASCRIPT)
-}
-const buildNodeTree = async (config, files) => {
-  let analysis = await readFiles(config, files)
-  const rawNode = await parseFiles(config, files, analysis)
-  if (config.legacy === false) {
-    return scaServiceParser.parseJS(rawNode)
-  }
-
-  return formatMessage.createJavaScriptTSMessage(rawNode)
-}
-
-const readFiles = async (config, files) => {
-  let js = {}
-
-  js.packageJSON = JSON.parse(
-    await analysis.readFile(config, files, 'package.json')
-  )
-
-  if (files.includes('package-lock.json')) {
-    js.rawLockFileContents = await analysis.readFile(
-      config,
-      files,
-      'package-lock.json'
-    )
-  }
-  if (files.includes('yarn.lock')) {
-    js.yarn = {}
-    js.yarn = await analysis.readYarn(config, files, 'yarn.lock')
-  }
-
-  return js
-}
-
-const parseFiles = async (config, files, js) => {
-  if (files.includes('package-lock.json')) {
-    const npmLockFile = JSON.parse(js.rawLockFileContents)
-
-    const currentLockFileVersion = npmLockFile.lockfileVersion
-    const generalRebuildMessage =
-      '\nPlease update to Node 16+ & NPM 8+ or 9+ and then rebuild your package files.' +
-      '\nMore info here: https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json'
-
-    if (currentLockFileVersion === 1) {
-      throw new Error(
-        `NPM lockfileVersion 1 is no longer supported. \n ${generalRebuildMessage}`
-      )
-    }
-
-    if (!currentLockFileVersion || !npmLockFile.packages) {
-      throw new Error(
-        `package-lock.json needs to be in the NPM v2 or v3 format. \n ${generalRebuildMessage}`
-      )
-    }
-
-    if (currentLockFileVersion === 3 && config.legacy) {
-      throw new Error(`NPM lockfileVersion 3 is not support with --legacy`)
-    }
-
-    js.npmLockFile = await analysis.parseNpmLockFile(npmLockFile)
-  }
-
-  if (files.includes('yarn.lock')) {
-    js = await analysis.parseYarnLockFile(js)
-  }
-
-  return js
-}
-
-const checkForCorrectFiles = languageFiles => {
-  if (
-    languageFiles.JAVASCRIPT.includes('package-lock.json') &&
-    languageFiles.JAVASCRIPT.includes('yarn.lock')
-  ) {
-    throw new Error(
-      i18n.__('languageAnalysisHasMultipleLockFiles', 'javascript')
-    )
-  }
-
-  if (
-    !languageFiles.JAVASCRIPT.includes('package-lock.json') &&
-    !languageFiles.JAVASCRIPT.includes('yarn.lock')
-  ) {
-    throw new Error(i18n.__('languageAnalysisHasNoLockFile', 'javascript'))
-  }
-
-  if (!languageFiles.JAVASCRIPT.includes('package.json')) {
-    throw new Error(i18n.__('languageAnalysisHasNoPackageJsonFile'))
-  }
-}
-module.exports = {
-  jsAnalysis
-}