@contrast/contrast 2.0.2-beta.3 → 2.0.2-beta.4

package/src/lambda/types.ts

@@ -1,36 +0,0 @@
-export enum StatusType {
-  FAILED = 'failed',
-  SUCCESS = 'success'
-}
-
-export enum EventType {
-  START = 'start_command_session',
-  END = 'end_command_session'
-}
-
-export type LambdaOptions = {
-  functionName?: string
-  listFunctions?: boolean
-  region?: string
-  endpointUrl?: string
-  profile?: string
-  help?: boolean
-  verbose?: boolean
-  jsonOutput?: boolean
-  _unknown?: string[]
-}
-
-type ScanFunctionData = {
-  functionArn: string
-  scanId: string
-}
-
-export type AnalyticsOption = {
-  sessionId: string
-  eventType: EventType
-  packageVersion: string
-  arguments?: LambdaOptions
-  scanFunctionData?: ScanFunctionData
-  status?: StatusType
-  errorMsg?: string
-}

package/src/lambda/utils.ts

@@ -1,188 +0,0 @@
-import chalk from 'chalk'
-import { groupBy, sortBy, capitalize, minBy } from 'lodash'
-import i18n from 'i18n'
-import { log } from './logUtils'
-
-// fix for using `plural`
-// https://github.com/mashpie/i18n-node/issues/429
-i18n.setLocale('en')
-
-class PrintVulnerability {
-  index: number
-  vulnerability: any
-  group?: any[]
-  title: string
-  severity: string
-  remediation: string
-  description: string
-  recommendation: string
-  whatHappened: string
-
-  constructor(index: number, vulnerability: any, group?: any[]) {
-    const { severityText, title, description, remediation, categoryText } =
-      vulnerability
-
-    this.group = group
-    this.vulnerability = vulnerability
-    this.index = index
-    this.title = title
-    this.severity = capitalize(severityText)
-    this.description = underlineLinks(description)
-    this.remediation = remediation?.description
-    this.recommendation = ''
-    this.whatHappened = ''
-
-    if (categoryText === 'PERMISSIONS') {
-      this.formatPermissions()
-    } else if (categoryText === 'DEPENDENCIES') {
-      this.formatDependencies()
-    }
-  }
-
-  formatPermissions() {
-    const { leastPrivilege, comment } = this.vulnerability.evidence
-    const violatingPolicies = leastPrivilege?.violatingPolicies || []
-
-    const filteredPolicies = violatingPolicies
-      .filter((vp: any) => vp?.suggestedPolicy?.suggestedPolicyCode?.length)
-      .map((vp: any) => vp?.suggestedPolicy)
-
-    const shouldNumerate = filteredPolicies.length > 1
-    filteredPolicies.forEach((policies: any, i: number) => {
-      const { suggestedPolicyCode, description } = policies
-
-      suggestedPolicyCode.forEach((policy: any) => {
-        const { snippet, title } = policy
-        this.recommendation += shouldNumerate
-          ? ` ${i + 1}. ${description}\n`
-          : `${description}\n`
-
-        if (title !== 'DELETE POLICY') {
-          this.recommendation += `${snippet}\n`
-        }
-      })
-    })
-
-    if (comment?.length) {
-      const splitComment = (comment: string) => {
-        const [policy, description] = comment.split(':').map(c => c.trim())
-        return { policy, description }
-      }
-      const groupByPolicy = groupBy(comment, c => splitComment(c).policy)
-
-      Object.entries(groupByPolicy).forEach(([policy, commentArr]) => {
-        const comments = commentArr
-          .map(splitComment)
-          .map(({ description }) => ` - ${description}`)
-          .join('\n')
-        this.whatHappened += i18n.__('whatHappenedItem', { policy, comments })
-      })
-    }
-  }
-
-  formatDependencies() {
-    if (!this.group?.length) {
-      this.recommendation = this.vulnerability?.remediation?.description
-      return
-    }
-
-    const maxSeverity = minBy(this.group, 'severity')
-    this.title = i18n.__('vulnerableDependency')
-    this.severity = capitalize(maxSeverity.severityText)
-    this.recommendation = maxSeverity.remediation?.description
-
-    const library = groupByDependency({ title: this.vulnerability.title })
-    const [packageName, version] = library.split(':')
-    const allCves = this.group.map(groupByCVE)
-
-    this.description = i18n.__mf('vulnerableDependencyDescriptions', {
-      NUM: this.group.length,
-      packageName,
-      version,
-      cves: allCves.join(' | ')
-    })
-  }
-
-  print() {
-    log(`${this.index}.`)
-    // prettier-ignore
-    log(`${chalk.bold(this.severity)} | ${chalk.bold(this.title)} ${this.description}`)
-
-    if (this.whatHappened) {
-      log(`\n${chalk.bold(i18n.__('whatHappenedTitle'))}\n${this.whatHappened}`)
-    }
-
-    if (this.recommendation) {
-      log(`${chalk.bold(i18n.__('recommendation'))}\n${this.recommendation}`)
-    }
-
-    log('')
-  }
-}
-
-const groupByCVE = ({ title }: any) =>
-  title.substring(0, title.indexOf('[') - 1)
-
-const groupByDependency = ({ title }: any) =>
-  title.substring(title.indexOf('[') + 1, title.indexOf(']'))
-
-const printResults = (results: any[]) => {
-  //filter out any vulnerabs which is not least privilege or dependencies- cli does not handle other vulnerabs yet
-  const vulnerabs = results.filter(r => r.category === 1 || r.category === 4)
-  const sortBySeverity = sortBy(vulnerabs, ['severity', 'title'])
-  const notDependencies = sortBySeverity.filter(r => r.category !== 1)
-  const dependencies = sortBySeverity.filter(r => r.category === 1)
-  const dependenciesByLibrary = groupBy(dependencies, groupByDependency)
-
-  log('')
-
-  notDependencies.forEach((vulnerability: any, index: number) => {
-    const printVulnerab = new PrintVulnerability(index + 1, vulnerability)
-    printVulnerab.print()
-  })
-  const prevIndex = notDependencies.length + 1
-  Object.entries(dependenciesByLibrary).forEach(([, group], i) => {
-    const printVulnerab = new PrintVulnerability(prevIndex + i, group[0], group)
-    printVulnerab.print()
-  })
-
-  const dependenciesCount = Object.keys(dependenciesByLibrary).length
-  const resultCount = notDependencies.length + dependenciesCount
-  log(i18n.__n('foundVulnerabilities', resultCount), { bold: true })
-
-  const counters = getNotDependenciesCounters(notDependencies)
-  if (dependenciesCount) {
-    counters.push(i18n.__n('dependenciesCount', dependenciesCount))
-  }
-  log(counters.join(' | '), { bold: true })
-}
-
-const getNotDependenciesCounters = (notDependencies: any[]) => {
-  const groupByType = groupBy(notDependencies, ['categoryText'])
-  return Object.values(groupByType).map(
-    group => `${group.length} ${capitalize(group[0].categoryText)}`
-  )
-}
-
-const underlineLinks = (text: string) => {
-  if (!text) {
-    return text
-  }
-  const urlRegex = /(https?:\/\/[^\s]+)/g
-  return text.replace(urlRegex, chalk.underline('$1'))
-}
-
-function toLowerKeys(obj: Record<string, unknown>) {
-  return Object.keys(obj).reduce((accumulator, key) => {
-    const new_key = `${key[0].toLowerCase()}${key.slice(1)}`
-    accumulator[new_key] = obj[key]
-    return accumulator
-  }, {} as Record<string, unknown>)
-}
-
-export { toLowerKeys, printResults }
-export const exportedForTesting = {
-  underlineLinks,
-  printResults,
-  PrintVulnerability
-}

package/src/sbom/generateSbom.ts

@@ -1,45 +0,0 @@
-import { getHttpClient } from '../utils/commonApi'
-
-export const generateSbom = (config: any, type: string) => {
-  const client = getHttpClient(config)
-  return client
-    .getSbom(config, type)
-    .then((res: { statusCode: number; body: any }) => {
-      if (res.statusCode === 200) {
-        return res.body
-      } else if (res.statusCode === 403) {
-        console.log('\nUnable to retrieve Software Bill of Materials (SBOM)')
-        console.log(
-          `Please ensure OSS is enabled for your organization - org-id ${config.organizationId} and app ${config.applicationId}`
-        )
-        return undefined
-      } else {
-        console.log('Unable to retrieve Software Bill of Materials (SBOM)')
-        return undefined
-      }
-    })
-    .catch((err: any) => {
-      console.log(err)
-    })
-}
-
-export const generateSCASbom = (
-  config: any,
-  type: string,
-  reportId: string
-) => {
-  const client = getHttpClient(config)
-  return client
-    .getSCASbom(config, type, reportId)
-    .then((res: { statusCode: number; body: any }) => {
-      if (res.statusCode === 200) {
-        return res.body
-      } else {
-        console.log('Unable to retrieve Software Bill of Materials (SBOM)')
-        return undefined
-      }
-    })
-    .catch((err: any) => {
-      console.log(err)
-    })
-}

package/src/scaAnalysis/common/auditReport.js

@@ -1,59 +0,0 @@
-const {
-  getSeverityCounts,
-  printNoVulnFoundMsg
-} = require('../../audit/report/commonReportingFunctions')
-const common = require('../../common/fail')
-const { printFormattedOutputSca } = require('./commonReportingFunctionsSca')
-const { auditSave } = require('../../audit/save')
-
-const processAuditReport = async (config, reportModelList, reportId) => {
-  let severityCounts = {}
-  if (reportModelList !== undefined) {
-    severityCounts = formatScaServicesReport(config, reportModelList)
-  }
-
-  if (config.save !== undefined) {
-    await auditSave(config, reportId)
-  } else {
-    console.log('Use contrast audit --save to generate an SBOM')
-  }
-
-  if (config.fail) {
-    common.processFail(config, severityCounts)
-  }
-}
-const formatScaServicesReport = (config, reportModelList) => {
-  const projectOverviewCount = getSeverityCounts(reportModelList)
-
-  if (projectOverviewCount.total === 0) {
-    printNoVulnFoundMsg()
-  } else {
-    const numberOfVulnerableLibraries = reportModelList.map(library => {
-      let count = 0
-
-      if (library.vulnerabilities.length > 0) {
-        count++
-      }
-
-      return count
-    }).length
-
-    let numberOfCves = reportModelList.reduce(
-      (count, current) => count + current.vulnerabilities.length,
-      0
-    )
-
-    printFormattedOutputSca(
-      config,
-      reportModelList,
-      numberOfVulnerableLibraries,
-      numberOfCves
-    )
-  }
-
-  return projectOverviewCount
-}
-module.exports = {
-  formatScaServicesReport,
-  processAuditReport
-}

package/src/scaAnalysis/common/commonReportingFunctionsSca.js

@@ -1,276 +0,0 @@
-const {
-  ReportList,
-  ReportModelStructure,
-  ReportCompositeKey
-} = require('../../audit/report/models/reportListModel')
-const {
-  countVulnerableLibrariesBySeverity
-} = require('../../audit/report/utils/reportUtils')
-const {
-  SeverityCountModel
-} = require('../../audit/report/models/severityCountModel')
-const { orderBy } = require('lodash')
-const {
-  ReportOutputModel,
-  ReportOutputHeaderModel,
-  ReportOutputBodyModel
-} = require('../../audit/report/models/reportOutputModel')
-const {
-  CE_URL,
-  CRITICAL_COLOUR,
-  HIGH_COLOUR,
-  MEDIUM_COLOUR,
-  LOW_COLOUR,
-  NOTE_COLOUR
-} = require('../../constants/constants')
-const chalk = require('chalk')
-const Table = require('cli-table3')
-const {
-  findHighestSeverityCVESca,
-  severityCountAllCVEsSca,
-  findCVESeveritySca,
-  orderByHighestPrioritySca
-} = require('./utils/reportUtilsSca')
-const {
-  buildFormattedHeaderNum
-} = require('../../audit/report/commonReportingFunctions')
-
-const createSummaryMessageTop = (numberOfVulnerableLibraries, numberOfCves) => {
-  numberOfVulnerableLibraries === 1
-    ? console.log(
-        `\n\nFound 1 vulnerable library containing ${numberOfCves} CVE`
-      )
-    : console.log(
-        `\n\nFound ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs`
-      )
-}
-
-const createSummaryMessageBottom = numberOfVulnerableLibraries => {
-  numberOfVulnerableLibraries === 1
-    ? console.log(`Found 1 vulnerability`)
-    : console.log(`Found ${numberOfVulnerableLibraries} vulnerabilities`)
-}
-
-const printFormattedOutputSca = (
-  config,
-  reportModelList,
-  numberOfVulnerableLibraries,
-  numberOfCves
-) => {
-  createSummaryMessageTop(numberOfVulnerableLibraries, numberOfCves)
-  console.log()
-  const report = new ReportList()
-
-  for (const library of reportModelList) {
-    const { artifactName, version, vulnerabilities, remediationAdvice } =
-      library
-
-    const newOutputModel = new ReportModelStructure(
-      new ReportCompositeKey(
-        artifactName,
-        version,
-        findHighestSeverityCVESca(vulnerabilities),
-        severityCountAllCVEsSca(
-          vulnerabilities,
-          new SeverityCountModel()
-        ).getTotal
-      ),
-      vulnerabilities,
-      remediationAdvice
-    )
-    report.reportOutputList.push(newOutputModel)
-  }
-
-  const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(
-    report.reportOutputList,
-    [
-      reportListItem => {
-        return reportListItem.compositeKey.highestSeverity.priority
-      },
-      reportListItem => {
-        return reportListItem.compositeKey.numberOfSeverities
-      }
-    ],
-    ['asc', 'desc']
-  )
-
-  let contrastHeaderNumCounter = 0
-  for (const reportModel of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
-    contrastHeaderNumCounter++
-    const { libraryName, libraryVersion, highestSeverity } =
-      reportModel.compositeKey
-
-    const { cveArray, remediationAdvice } = reportModel
-
-    const numOfCVEs = reportModel.cveArray.length
-
-    const table = getReportTable()
-
-    const header = buildHeader(
-      highestSeverity,
-      contrastHeaderNumCounter,
-      libraryName,
-      libraryVersion,
-      numOfCVEs
-    )
-
-    const body = buildBody(cveArray, remediationAdvice)
-
-    const reportOutputModel = new ReportOutputModel(header, body)
-
-    table.push(
-      reportOutputModel.body.issueMessage,
-      reportOutputModel.body.adviceMessage
-    )
-
-    console.log(
-      reportOutputModel.header.vulnMessage,
-      reportOutputModel.header.introducesMessage
-    )
-    console.log(table.toString() + '\n')
-  }
-
-  createSummaryMessageBottom(numberOfVulnerableLibraries)
-  const {
-    criticalMessage,
-    highMessage,
-    mediumMessage,
-    lowMessage,
-    noteMessage
-  } = buildFooter(outputOrderedByLowestSeverityAndLowestNumOfCvesFirst)
-  console.log(
-    `${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`
-  )
-
-  if (config.host !== CE_URL && config.projectId) {
-    console.log(
-      '\n' + chalk.bold("Check out your project's results in Contrast")
-    )
-    console.log(
-      `${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/libraries?view=static&projects=${config.name}`
-    )
-  }
-}
-
-function getReportTable() {
-  return new Table({
-    chars: {
-      top: '',
-      'top-mid': '',
-      'top-left': '',
-      'top-right': '',
-      bottom: '',
-      'bottom-mid': '',
-      'bottom-left': '',
-      'bottom-right': '',
-      left: '',
-      'left-mid': '',
-      mid: '',
-      'mid-mid': '',
-      right: '',
-      'right-mid': '',
-      middle: ' '
-    },
-    style: { 'padding-left': 0, 'padding-right': 0 },
-    colAligns: ['right'],
-    wordWrap: true,
-    colWidths: [12, 1, 100]
-  })
-}
-
-function buildHeader(
-  highestSeverity,
-  contrastHeaderNum,
-  libraryName,
-  version,
-  numOfCVEs
-) {
-  const vulnerabilityPluralised =
-    numOfCVEs > 1 ? 'vulnerabilities' : 'vulnerability'
-  const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum)
-
-  const headerColour = chalk.hex(highestSeverity.colour)
-  const headerNumAndSeverity = headerColour(
-    `${formattedHeaderNum} - [${highestSeverity.severity}]`
-  )
-  const libraryNameAndVersion = headerColour.bold(`${libraryName}-${version}`)
-  const vulnMessage = `${headerNumAndSeverity} ${libraryNameAndVersion}`
-
-  const introducesMessage = `introduces ${numOfCVEs} ${vulnerabilityPluralised}`
-
-  return new ReportOutputHeaderModel(vulnMessage, introducesMessage)
-}
-
-function buildBody(cveArray, advice) {
-  const orderedCvesWithSeverityAssigned = orderByHighestPrioritySca(
-    cveArray.map(cve => findCVESeveritySca(cve))
-  )
-  const issueMessage = getIssueRow(orderedCvesWithSeverityAssigned)
-  const adviceMessage = getAdviceRow(advice)
-
-  return new ReportOutputBodyModel(issueMessage, adviceMessage)
-}
-
-function getIssueRow(cveArray) {
-  const cveMessagesList = getIssueCveMsgList(cveArray)
-  return [chalk.bold('Issue'), ':', `${cveMessagesList.join(', ')}`]
-}
-
-function getAdviceRow(advice) {
-  const latestOrClosest = advice.closestStableVersion
-    ? advice.closestStableVersion
-    : advice.latestStableVersion
-  const displayAdvice = latestOrClosest
-    ? `Change to version ${chalk.bold(latestOrClosest)}`
-    : 'No recommendation is available according to our data. Upgrade to the latest stable is the best advice we can give.'
-
-  return [chalk.bold(`Advice`), chalk.bold(`:`), `${displayAdvice}`]
-}
-
-const buildFooter = reportModelStructure => {
-  const { critical, high, medium, low, note } =
-    countVulnerableLibrariesBySeverity(reportModelStructure)
-
-  const criticalMessage = chalk
-    .hex(CRITICAL_COLOUR)
-    .bold(`${critical} Critical`)
-  const highMessage = chalk.hex(HIGH_COLOUR).bold(`${high} High`)
-  const mediumMessage = chalk.hex(MEDIUM_COLOUR).bold(`${medium} Medium`)
-  const lowMessage = chalk.hex(LOW_COLOUR).bold(`${low} Low`)
-  const noteMessage = chalk.hex(NOTE_COLOUR).bold(`${note} Note`)
-
-  return {
-    criticalMessage,
-    highMessage,
-    mediumMessage,
-    lowMessage,
-    noteMessage
-  }
-}
-
-const getIssueCveMsgList = reportSeverityModels => {
-  const cveMessages = []
-  reportSeverityModels.forEach(reportSeverityModel => {
-    const { colour, severity, name } = reportSeverityModel
-
-    const severityShorthand = chalk
-      .hex(colour)
-      .bold(`[${severity.charAt(0).toUpperCase()}]`)
-
-    const builtMessage = severityShorthand + name
-    cveMessages.push(builtMessage)
-  })
-  return cveMessages
-}
-
-module.exports = {
-  createSummaryMessageTop,
-  createSummaryMessageBottom,
-  printFormattedOutputSca,
-  getReportTable,
-  buildHeader,
-  buildBody,
-  getIssueRow,
-  buildFormattedHeaderNum,
-  getIssueCveMsgList
-}

package/src/scaAnalysis/common/formatMessage.js

@@ -1,67 +0,0 @@
-const createJavaTSMessage = javaTree => {
-  return {
-    java: {
-      mavenDependencyTrees: javaTree
-    }
-  }
-}
-
-const createJavaScriptTSMessage = js => {
-  let message = {
-    node: {
-      packageJSON: js.packageJSON
-    }
-  }
-  if (js.yarn !== undefined) {
-    message.node.yarnLockFile = js.yarn.yarnLockFile
-    message.node.yarnVersion = js.yarn.yarnVersion
-  } else {
-    message.node.npmLockFile = js.npmLockFile
-  }
-  return message
-}
-
-const createGoTSMessage = goTree => {
-  return {
-    go: {
-      goDependencyTrees: goTree
-    }
-  }
-}
-
-const createRubyTSMessage = rubyTree => {
-  return {
-    ruby: rubyTree
-  }
-}
-
-const createPythonTSMessage = pythonTree => {
-  return {
-    python: pythonTree
-  }
-}
-
-const createPhpTSMessage = phpTree => {
-  return {
-    php: {
-      composerJSON: phpTree.composerJSON,
-      lockFile: phpTree.lockFile
-    }
-  }
-}
-
-const createDotNetTSMessage = dotnetTree => {
-  return {
-    dotnet: dotnetTree
-  }
-}
-
-module.exports = {
-  createJavaScriptTSMessage,
-  createJavaTSMessage,
-  createGoTSMessage,
-  createPhpTSMessage,
-  createRubyTSMessage,
-  createPythonTSMessage,
-  createDotNetTSMessage
-}