@contrast/contrast 2.1.2 → 2.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -17,7 +17,7 @@ export const HIGH = 'HIGH';
17
17
  export const CRITICAL = 'CRITICAL';
18
18
  // App
19
19
  export const APP_NAME = 'contrast';
20
- const APP_VERSION = '2.1.2';
20
+ const APP_VERSION = '2.1.4';
21
21
  export const TIMEOUT = 120000;
22
22
  export const CRITICAL_PRIORITY = 1;
23
23
  export const HIGH_PRIORITY = 2;
@@ -56,7 +56,7 @@ export const en_locales = () => {
56
56
  configHeader2: 'Config options',
57
57
  clearHeader: '-c, --clear',
58
58
  clearContent: 'Removes stored credentials',
59
- constantsPrerequisitesContentScanLanguages: 'Java, Javascript and .NET supported',
59
+ constantsPrerequisitesContentScanLanguages: 'Java binary and Multi language source code supported',
60
60
  constantsContrastContent: 'Use the ‘contrast’ command for fast and accurate security analysis of your applications, APIs, serverless functions, and libraries.',
61
61
  constantsContrastCategories: '\n Code, scan: Java, .NET, .NET Core, JavaScript.\n Runtime testing, assess: Java, .NET, Node, Ruby, Python, Go, PHP. \n Serverless: AWS Lambda - Java, Python.\n Libraries: Java, .NET, Node, Ruby, Python, Go, PHP.\n',
62
62
  constantsPrerequisitesHeader: 'Pre-requisites',
@@ -65,9 +65,8 @@ export const en_locales = () => {
65
65
  constantsAuthHeaderContents: 'Authorize with external identity provider to perform scans on code',
66
66
  configHeader: 'Config',
67
67
  constantsConfigUsageContents: 'view / clear the configuration',
68
- constantsPrerequisitesContent: 'To scan a Java project you will need a .jar or .war file for analysis\n' +
69
- 'To scan a Javascript project you will need a single .js or a .zip of multiple .js files\n' +
70
- 'To scan a .NET c# webforms project you will need a .exe or a .zip file for analysis\n',
68
+ constantsPrerequisitesContent: 'To scan a Java binary project you will need a .jar, .war or a zip of multiple .jar or .war files for analysis\n' +
69
+ 'To scan source code you will need a .zip file containing the code for analysis',
71
70
  constantsUsage: 'Usage',
72
71
  constantsUsageCommandExample: 'contrast [command] [options]',
73
72
  constantsUsageCommandInfo: 'The file argument is optional. If no file is given, Contrast will search for a .jar, .war, .exe or .zip file in the working directory.\n',
@@ -104,12 +103,12 @@ export const en_locales = () => {
104
103
  responseMessage: 'Response: %s',
105
104
  searchingDirectoryScan: 'Searched 3 directory levels & found: ',
106
105
  noFileFoundScan: "We couldn't find a suitable file in your directories (we go 3 deep)",
107
- specifyFileScanError: 'Java Scan requires a .war or .jar file. Javascript Scan requires a .js or .zip file.\nTo start a Scan enter "contrast scan -f <path-to-file>"',
106
+ specifyFileScanError: 'Please specify a jar/war file for Java binary scanning or a zip file for source code scanning',
108
107
  specifyFileAuditNotFound: 'No files found for library analysis',
109
108
  populateProjectIdMessage: 'project ID is %s',
110
109
  genericServiceError: 'returned with status code %s',
111
110
  permissionsError: 'You do not have the correct permissions here. \n Contact support@contrastsecurity.com to get this fixed.',
112
- scanErrorFileMessage: 'We only accept the following file types: \nJava - .jar, .war \nJavaScript - .js or .zip files',
111
+ scanErrorFileMessage: 'We only accept the following file types: \nJava - .jar, .war \nSource Code - .js or .zip files',
113
112
  helpAuthSummary: 'Authenticate Contrast using your Github or Google account OR include credentials if you are an existing licensed Contrast user.',
114
113
  helpAuditSummary: 'Searches for a suitable file in the working directory to perform a security audit of dependencies and returns the results. \n[audit --help for options] Java, .NET, Node, Ruby, Python, Go, PHP are supported. ',
115
114
  helpScanSummary: 'Searches for a .jar, .war, .js, or .zip file in the working directory, uploads files for analysis, and returns the results. \n[scan --help for options] Java, .NET, .NET Core, JavaScript are supported. ',
@@ -19,7 +19,7 @@ export const buildRepo = async (config, languageFiles) => {
19
19
  const res = await getSCAAnalysis(config, request);
20
20
  return res.body;
21
21
  }
22
- else if (project.packageManager === GRADLE) {
22
+ else if (project.projectType === GRADLE) {
23
23
  const gradleJson = readBuildGradleFile(project);
24
24
  return parseGradleJson(await gradleJson);
25
25
  }
@@ -35,10 +35,11 @@ export const buildRepo = async (config, languageFiles) => {
35
35
  export const readFilesToBase64 = (languageFiles, project) => {
36
36
  const filePaths = languageFiles.map(file => path.resolve(`${project.cwd}/${file}`));
37
37
  const readFiles = filePaths.map(file => fs.readFileSync(file, 'utf-8'));
38
- return readFiles.map(file => btoa(file));
38
+ return readFiles.map(file => Buffer.from(file).toString('base64'));
39
39
  };
40
40
  export const buildRequest = (languageFiles, project) => {
41
41
  const base64Files = readFilesToBase64(languageFiles, project);
42
+ console.log(base64Files);
42
43
  return {
43
44
  type: project.projectType,
44
45
  files: base64Files
@@ -107,8 +107,10 @@ export function getDefaultView(content, language) {
107
107
  const groupResultsObj = new GroupedResultsModel(resultEntry.ruleId);
108
108
  groupResultsObj.severity = resultEntry.severity;
109
109
  groupResultsObj.ruleId = resultEntry.ruleId;
110
- groupResultsObj.issue = stripTags(resultEntry.issue);
111
- groupResultsObj.advice = resultEntry.advice;
110
+ groupResultsObj.issue =
111
+ resultEntry.issue != null ? stripTags(resultEntry.issue) : '';
112
+ groupResultsObj.advice =
113
+ resultEntry.advice != null ? resultEntry.advice : '';
112
114
  groupResultsObj.learn = resultEntry.learn;
113
115
  groupResultsObj.message = resultEntry.message?.text
114
116
  ? editVulName(resultEntry.message.text) +
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@contrast/contrast",
3
- "version": "2.1.2",
3
+ "version": "2.1.4",
4
4
  "description": "Contrast Security's command line tool",
5
5
  "exports": "./dist/index.js",
6
6
  "type": "module",
@@ -69,6 +69,7 @@
69
69
  "fast-glob": "3.3.1",
70
70
  "fast-xml-parser": "4.2.6",
71
71
  "form-data": "4.0.0",
72
+ "g": "^2.0.1",
72
73
  "got": "13.0.0",
73
74
  "gradle-to-js": "2.0.1",
74
75
  "hpagent": "1.2.0",
@@ -110,7 +111,7 @@
110
111
  "pkg": "5.8.1",
111
112
  "prettier": "2.8.8",
112
113
  "tmp": "0.2.1",
113
- "ts-node": "10.9.1",
114
+ "ts-node": "^10.9.2",
114
115
  "typescript": "5.1.6",
115
116
  "uuid": "9.0.0",
116
117
  "vitest": "0.33.0"