npm - @contrast/contrast - Versions diffs - 2.1.2 → 2.1.4 - Mend

@contrast/contrast 2.1.2 → 2.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/constants/constants.js +1 -1
package/dist/constants/locales.js +5 -6
package/dist/scaAnalysis/repoMode/index.js +3 -2
package/dist/scan/formatScanOutput.js +4 -2
package/package.json +3 -2

package/dist/constants/constants.js CHANGED Viewed

@@ -17,7 +17,7 @@ export const HIGH = 'HIGH';
 export const CRITICAL = 'CRITICAL';
 // App
 export const APP_NAME = 'contrast';
-const APP_VERSION = '2.1.2';
+const APP_VERSION = '2.1.4';
 export const TIMEOUT = 120000;
 export const CRITICAL_PRIORITY = 1;
 export const HIGH_PRIORITY = 2;

package/dist/constants/locales.js CHANGED Viewed

@@ -56,7 +56,7 @@ export const en_locales = () => {
         configHeader2: 'Config options',
         clearHeader: '-c, --clear',
         clearContent: 'Removes stored credentials',
-        constantsPrerequisitesContentScanLanguages: 'Java, Javascript and .NET supported',
+        constantsPrerequisitesContentScanLanguages: 'Java binary and Multi language source code supported',
         constantsContrastContent: 'Use the ‘contrast’ command for fast and accurate security analysis of your applications, APIs, serverless functions, and libraries.',
         constantsContrastCategories: '\n Code, scan: Java, .NET, .NET Core, JavaScript.\n Runtime testing, assess:  Java, .NET, Node, Ruby, Python, Go, PHP. \n Serverless: AWS Lambda - Java, Python.\n Libraries: Java, .NET, Node, Ruby, Python, Go, PHP.\n',
         constantsPrerequisitesHeader: 'Pre-requisites',
@@ -65,9 +65,8 @@ export const en_locales = () => {
         constantsAuthHeaderContents: 'Authorize with external identity provider to perform scans on code',
         configHeader: 'Config',
         constantsConfigUsageContents: 'view / clear the configuration',
-        constantsPrerequisitesContent: 'To scan a Java project you will need a .jar or .war file for analysis\n' +
-            'To scan a Javascript project you will need a single .js or a .zip of  multiple .js files\n' +
-            'To scan a .NET c# webforms project you will need a .exe or a .zip file for analysis\n',
+        constantsPrerequisitesContent: 'To scan a Java binary project you will need a .jar, .war or a zip of multiple .jar or .war files for analysis\n' +
+            'To scan source code you will need a .zip file containing the code for analysis',
         constantsUsage: 'Usage',
         constantsUsageCommandExample: 'contrast [command] [options]',
         constantsUsageCommandInfo: 'The file argument is optional. If no file is given, Contrast will search for a .jar, .war, .exe or .zip file in the working directory.\n',
@@ -104,12 +103,12 @@ export const en_locales = () => {
         responseMessage: 'Response: %s',
         searchingDirectoryScan: 'Searched 3 directory levels & found: ',
         noFileFoundScan: "We couldn't find a suitable file in your directories (we go 3 deep)",
-        specifyFileScanError: 'Java Scan requires a .war or .jar file. Javascript Scan requires a .js or .zip file.\nTo start a Scan enter "contrast scan -f <path-to-file>"',
+        specifyFileScanError: 'Please specify a jar/war file for Java binary scanning or a zip file for source code scanning',
         specifyFileAuditNotFound: 'No files found for library analysis',
         populateProjectIdMessage: 'project ID is %s',
         genericServiceError: 'returned with status code %s',
         permissionsError: 'You do not have the correct permissions here. \n Contact support@contrastsecurity.com to get this fixed.',
-        scanErrorFileMessage: 'We only accept the following file types: \nJava - .jar, .war \nJavaScript - .js or .zip files',
+        scanErrorFileMessage: 'We only accept the following file types: \nJava - .jar, .war \nSource Code - .js or .zip files',
         helpAuthSummary: 'Authenticate Contrast using your Github or Google account OR include credentials if you are an existing licensed Contrast user.',
         helpAuditSummary: 'Searches for a suitable file in the working directory to perform a security audit of dependencies and returns the results. \n[audit --help for options] Java, .NET, Node, Ruby, Python, Go, PHP are supported. ',
         helpScanSummary: 'Searches for a .jar, .war, .js, or .zip file in the working directory, uploads files for analysis, and returns the results. \n[scan --help for options] Java, .NET, .NET Core, JavaScript are supported. ',

package/dist/scaAnalysis/repoMode/index.js CHANGED Viewed

@@ -19,7 +19,7 @@ export const buildRepo = async (config, languageFiles) => {
             const res = await getSCAAnalysis(config, request);
             return res.body;
         }
-        else if (project.packageManager === GRADLE) {
+        else if (project.projectType === GRADLE) {
             const gradleJson = readBuildGradleFile(project);
             return parseGradleJson(await gradleJson);
         }
@@ -35,10 +35,11 @@ export const buildRepo = async (config, languageFiles) => {
 export const readFilesToBase64 = (languageFiles, project) => {
     const filePaths = languageFiles.map(file => path.resolve(`${project.cwd}/${file}`));
     const readFiles = filePaths.map(file => fs.readFileSync(file, 'utf-8'));
-    return readFiles.map(file => btoa(file));
+    return readFiles.map(file => Buffer.from(file).toString('base64'));
 };
 export const buildRequest = (languageFiles, project) => {
     const base64Files = readFilesToBase64(languageFiles, project);
+    console.log(base64Files);
     return {
         type: project.projectType,
         files: base64Files

package/dist/scan/formatScanOutput.js CHANGED Viewed

@@ -107,8 +107,10 @@ export function getDefaultView(content, language) {
         const groupResultsObj = new GroupedResultsModel(resultEntry.ruleId);
         groupResultsObj.severity = resultEntry.severity;
         groupResultsObj.ruleId = resultEntry.ruleId;
-        groupResultsObj.issue = stripTags(resultEntry.issue);
-        groupResultsObj.advice = resultEntry.advice;
+        groupResultsObj.issue =
+            resultEntry.issue != null ? stripTags(resultEntry.issue) : '';
+        groupResultsObj.advice =
+            resultEntry.advice != null ? resultEntry.advice : '';
         groupResultsObj.learn = resultEntry.learn;
         groupResultsObj.message = resultEntry.message?.text
             ? editVulName(resultEntry.message.text) +

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "2.1.2",
+  "version": "2.1.4",
   "description": "Contrast Security's command line tool",
   "exports": "./dist/index.js",
   "type": "module",
@@ -69,6 +69,7 @@
     "fast-glob": "3.3.1",
     "fast-xml-parser": "4.2.6",
     "form-data": "4.0.0",
+    "g": "^2.0.1",
     "got": "13.0.0",
     "gradle-to-js": "2.0.1",
     "hpagent": "1.2.0",
@@ -110,7 +111,7 @@
     "pkg": "5.8.1",
     "prettier": "2.8.8",
     "tmp": "0.2.1",
-    "ts-node": "10.9.1",
+    "ts-node": "^10.9.2",
     "typescript": "5.1.6",
     "uuid": "9.0.0",
     "vitest": "0.33.0"