@contrast/contrast 2.3.2 → 2.5.0

package/dist/audit/auditRequests.js

@@ -50,13 +50,19 @@ const retrieveProjectByOrganizationIdUrl = (config) => {
         : baseUrl.concat(`&type=CLI`);
     return baseUrl;
 };
-export function registerProjectGroup(config, requestBody) {
+export async function registerProjectGroup(config, requestBody) {
     const options = buildBaseRequestOptions(config, ErrorType.GENERIC);
     options.url = registerProjectGroupUrl(config);
     options.json = requestBody;
     logDebug(config, 'registerProjectGroup');
     logDebug(config, `url ${options.url}`);
-    return got.post(options);
+    try {
+        return await got.post(options);
+    }
+    catch (e) {
+        console.log(`\nResource group ${config.resourceGroup} does not exist`);
+        process.exit(1);
+    }
 }
 const registerProjectGroupUrl = (config) => {
     return `${config.host}/api/v4/organizations/${config.organizationId}/project-groups`;

package/dist/audit/processAudit.js

@@ -4,12 +4,14 @@ import { processSca } from '../scaAnalysis/scaAnalysis.js';
 import { sendTelemetryConfigAsObject } from '../telemetry/telemetry.js';
 import { postRunMessage } from '../common/commonHelp.js';
 import { logInfo } from '../common/logging.js';
+import { validateHost } from '../utils/validationCheck.js';
 export const processAudit = async (contrastConf, argvMain) => {
     if (argvMain.indexOf('--help') !== -1) {
         printHelpMessage();
         process.exit(0);
     }
     let config = await getAuditConfig(contrastConf, 'audit', argvMain);
+    validateHost(config);
     await processSca(config);
     if (!config.fingerprint) {
         postRunMessage('audit');

package/dist/auth/auth.js

@@ -23,7 +23,8 @@ export const processAuth = async (argv, config) => {
         processCustomCredentials(authParams, config);
     }
     else {
-        await startAuthProcess(config);
+        logInfo(i18n.__('noParams'));
+        process.exit(0);
     }
 };
 const startAuthProcess = async (config) => {

package/dist/cliConstants.js

@@ -474,6 +474,14 @@ const auditOptionDefinitions = [
             '}:' +
             i18n.__('auditOptionsTrackSummary')
     },
+    {
+        name: 'resource-group',
+        type: String,
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}:' +
+            i18n.__('auditOptionsResourceGroupSummary')
+    },
     {
         name: 'branch',
         description: '{bold ' +
@@ -561,7 +569,6 @@ const mainUsageGuide = commandLineUsage([
             { name: i18n.__('lambdaName'), summary: i18n.__('helpLambdaSummary') },
             { name: i18n.__('helpName'), summary: i18n.__('helpSummary') },
             { name: i18n.__('learnName'), summary: i18n.__('helpLearnSummary') },
-            { name: i18n.__('sarifName'), summary: i18n.__('sarifSummary') },
             {
                 name: i18n.__('configGenerate'),
                 summary: i18n.__('configGenerateSummary')

package/dist/constants/constants.js

@@ -17,7 +17,7 @@ export const HIGH = 'HIGH';
 export const CRITICAL = 'CRITICAL';
 // App
 export const APP_NAME = 'contrast';
-const APP_VERSION = '2.3.2';
+const APP_VERSION = '2.5.0';
 export const TIMEOUT = 120000;
 export const CRITICAL_PRIORITY = 1;
 export const HIGH_PRIORITY = 2;

package/dist/constants/locales.js

@@ -148,6 +148,7 @@ export const en_locales = () => {
         scanOptionsFileNameSummary: 'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .exe or .zip file in the working directory.',
         scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
         auditOptionsTrackSummary: ' Send your dependency audit to Contrast to see results in the UI and start automating security checks. For instance when running local SCA checks you may not need or want to track the results.',
+        auditOptionsResourceGroupSummary: ' Add permissions for a new project to selected resource group.',
         auditOptionsBranchSummary: ' Set the branch name to associate the library results to.',
         auditOptionsLegacySummary: ' Creates an application in Contrast (a legacy workflow) - displays a dependency tree for your piece of code, utilizes metadata.' +
             '\n' +
@@ -205,7 +206,11 @@ export const en_locales = () => {
         lambdaJsonSummery: 'Return response in JSON (versus default human readable format).',
         lambdaVerbosSummery: 'Returns extended information to the terminal.',
         configNotFound: 'Configuration details not found. Try authenticating by using ‘contrast auth’.',
-        redirectAuth: '\nOpening the authentication page in your web browser.\nSign in and complete the steps.\nReturn here to start using Contrast.\n\nIf your browser has trouble loading, try this:\n%s \n',
+        noParams: 'No parameters provided. \n' +
+            'Please run `contrast auth --api-key <KEY> --authorization <TOKEN> --host <HOST> --organization-id <ORGID>`',
+        noHost: 'No host provided. \n' +
+            'Please run `contrast auth --api-key <KEY> --authorization <TOKEN> --host <HOST> --organization-id <ORGID>`',
+        codeSecEoL: chalk.hex('#ef1414')('❗ WARNING: CodeSec / Community Edition is deprecated. Please configure the CLI with a valid Contrast host URL'),
         fileNotExist: 'File specified does not exist, please check and try again.',
         scanFileIsEmpty: 'File specified is empty. Please choose another.',
         fileHasWhiteSpacesError: 'File cannot have spaces, please rename or choose another file to Scan.',

package/dist/github/projectGroup.js

@@ -27,6 +27,9 @@ export const buildNewProjectGroupBody = async (config) => {
         body.type = 'CLI';
         body.name = getProjectGroupNameCLI(config);
     }
+    if (config.resourceGroup) {
+        body.resourceGroups = [config.resourceGroup];
+    }
     return body;
 };
 const getProjectGroupNameRepo = config => {

package/dist/index.js

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 import { localConfig } from './utils/getConfig.js';
-import { APP_NAME, getAppVersion } from './constants/constants.js';
+import { APP_NAME, CE_URL, getAppVersion } from './constants/constants.js';
 import commandLineArgs from 'command-line-args';
 import { commandLineDefinitions } from './cliConstants.js';
 import { findLatestCLIVersion, isCorrectNodeVersion } from './common/versionChecker.js';
@@ -17,6 +17,7 @@ import { processAssess } from './assess/index.js';
 import { processSarif } from './sarif/generateSarif.js';
 import { logInfo } from './common/logging.js';
 import { generateYamlConfiguration } from './generateYaml/index.js';
+import i18n from 'i18n';
 const config = localConfig(APP_NAME, getAppVersion());
 const getMainOption = () => {
     const mainOptions = commandLineArgs(commandLineDefinitions.mainDefinition, {
@@ -54,11 +55,15 @@ const start = async () => {
                 config.set('numOfRuns', 0);
             }
             if (command === 'config') {
+                console.log('config command');
                 return processConfig(argvMain, config);
             }
             if (command === 'auth') {
                 return await processAuth(argvMain, config);
             }
+            if (config.get('host') === CE_URL) {
+                logInfo(i18n.__('codeSecEoL'));
+            }
             if (command === 'lambda') {
                 return await processLambda(argvMain);
             }
@@ -104,7 +109,7 @@ const start = async () => {
             process.exit(9);
         }
         else {
-            logInfo('Contrast supports Node versions >=18.16.0 Node LTS. Please use one of those versions.');
+            logInfo('Contrast supports Node versions >=22.3.0 Node LTS. Please use one of those versions.');
             process.exit(9);
         }
     }

package/dist/scaAnalysis/common/scaServicesUpload.js

@@ -42,6 +42,9 @@ export const scaTreeUpload = async (analysis, config, reportSpinner) => {
             doPoll = false;
             const reportRes = await scaServiceReport(config, reportId);
             const reportBody = reportRes.body;
+            if (config.saveResults !== undefined) {
+                fs.writeFileSync('audit-results.json', JSON.stringify(reportBody));
+            }
             return { reportArray: reportBody, reportId: reportId };
         }
         handleTimeout(startTime, timeout, reportSpinner);

package/dist/scaAnalysis/processServicesFlow.js

@@ -88,6 +88,12 @@ const trackProcess = async (analysis, config, reportSpinner) => {
     if (projectId === '') {
         return dealWithNoProjectId(analysis, config, reportSpinner);
     }
+    else if (config.resourceGroup) {
+        console.log('\nProject ' +
+            projectId +
+            ' already exists and will not be added to resource group ' +
+            config.resourceGroup);
+    }
     config.projectId = projectId;
     // we can always register just in case but normally we exit when
     await registerProjectIdOnCliServices(config, projectId);

package/dist/scan/processScan.js

@@ -7,8 +7,10 @@ import { sendTelemetryConfigAsObject } from '../telemetry/telemetry.js';
 import { processFail } from '../common/fail.js';
 import { postRunMessage } from '../common/commonHelp.js';
 import { logInfo } from '../common/logging.js';
+import { validateHost } from '../utils/validationCheck.js';
 export const processScan = async (contrastConf, argv) => {
     let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv);
+    validateHost(config);
     let output = undefined;
     const scanResults = new ScanResultsModel(await startScan(config));
     await sendTelemetryConfigAsObject(config, 'scan', argv, 'SUCCESS', scanResults.scanDetail.language);

package/dist/utils/getConfig.js

@@ -15,6 +15,6 @@ const setConfigValues = (config, values) => {
     config.set('apiKey', values.apiKey);
     config.set('organizationId', values.orgId);
     config.set('authorization', values.authHeader);
-    values.host ? config.set('host', values.host) : config.set('host', CE_URL);
+    config.set('host', values.host);
 };
 export { localConfig, setConfigValues };

package/dist/utils/validationCheck.js

@@ -18,6 +18,11 @@ export const validateAuthParams = params => {
         params.host &&
         params.authorization);
 };
+export const validateHost = config => {
+    if (config.host.endsWith('/')) {
+        config.host = config.host.slice(0, -1);
+    }
+};
 export const validateFingerprintParams = params => {
     return !!(params.repositoryUrl && params.repositoryName);
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "2.3.2",
+  "version": "2.5.0",
   "description": "Contrast Security's command line tool",
   "exports": "./dist/index.js",
   "type": "module",
@@ -26,7 +26,7 @@
   "scripts": {
     "build": "tsc",
     "build-binary": "esbuild src/index.ts --bundle --outdir=dist-binary --platform=node",
-    "package-binary": "pkg dist-binary/index.js --out-path binaries --targets node18-macos,node18-linux,node18-win",
+    "package-binary": "pkg dist-binary/index.js --out-path binaries --targets node22-macos,node22-linux,node22-win",
     "build-package": "yarn build && yarn build-binary && yarn package-binary",
     "test": "export VITEST_MAX_THREADS=4 && export VITEST_MIN_THREADS=1 && vitest --dir ./tests/unit-tests/",
     "test-debug": "export VITEST_MAX_THREADS=4 && export VITEST_MIN_THREADS=1 && vitest --dir ./tests/unit-tests/ --inspect-brk",
@@ -50,7 +50,7 @@
     "proxy-tests": "vitest ./tests/integration-tests/proxy/proxy-coverage.spec.js --pool=forks"
   },
   "engines": {
-    "node": ">=18.16.0"
+    "node": ">=22.3.0"
   },
   "dependencies": {
     "@aws-sdk/client-iam": "3.370.0",
@@ -84,6 +84,7 @@
     "semver": "7.5.4",
     "string-builder": "0.1.8",
     "string-multiple-replace": "1.0.5",
+    "tsx": "^4.19.2",
     "xml2js": "0.6.1",
     "yarn-lockfile": "1.1.1"
   },
@@ -100,6 +101,7 @@
     "@typescript-eslint/eslint-plugin": "5.62.0",
     "@typescript-eslint/parser": "5.62.0",
     "@vitest/coverage-v8": "0.34.3",
+    "@yao-pkg/pkg": "^6.1.0",
     "csv-writer": "1.6.0",
     "dotenv": "16.3.1",
     "esbuild": "0.18.16",
@@ -110,10 +112,8 @@
     "mocha": "10.2.0",
     "nock": "13.3.2",
     "npm-license-crawler": "0.2.1",
-    "pkg": "5.8.1",
     "prettier": "2.8.8",
     "tmp": "0.2.1",
-    "ts-node": "^10.9.2",
     "typescript": "5.1.6",
     "uuid": "9.0.0",
     "vitest": "1.4.0"