@contrast/contrast 2.5.2 → 3.1.0

package/dist/audit/auditRequests.js

@@ -42,7 +42,7 @@ const retrieveProjectByOrganizationIdUrl = (config) => {
         ? baseUrl.concat(`?name=${config.name}`)
         : baseUrl.concat(`?name=${config.fileName}`);
     baseUrl = config.language
-        ? baseUrl.concat(`&language=${config.language}`)
+        ? baseUrl.concat(`&language=${config.language === 'DOTNET' ? 'DOT_NET' : config.language}`)
         : baseUrl;
     baseUrl = config.language ? baseUrl.concat(`&source=SCA`) : baseUrl;
     baseUrl = config.repo
@@ -54,7 +54,7 @@ export async function registerProjectGroup(config, requestBody) {
     const options = buildBaseRequestOptions(config, ErrorType.GENERIC);
     options.url = registerProjectGroupUrl(config);
     options.json = requestBody;
-    logDebug(config, 'registerProjectGroup');
+    logDebug(config, `registerProjectGroup ${options.json}`);
     logDebug(config, `url ${options.url}`);
     try {
         return await got.post(options);

package/dist/auth/auth.js

@@ -2,7 +2,7 @@ import { v4 as uuidv4 } from 'uuid';
 import i18n from 'i18n';
 import { failSpinner, returnOra, startSpinner, succeedSpinner } from '../utils/oraWrapper.js';
 import { en_locales } from '../constants/locales.js';
-import { AUTH_UI_URL, TIMEOUT } from '../constants/constants.js';
+import { AUTH_UI_URL, CE_URL, TIMEOUT } from '../constants/constants.js';
 import { setConfigValues } from '../utils/getConfig.js';
 import commandLineUsage from 'command-line-usage';
 import { commonMessageFormatter } from '../common/errorHandling.js';
@@ -14,6 +14,10 @@ import { logDebug, logInfo } from '../common/logging.js';
 const messages = en_locales();
 export const processAuth = async (argv, config) => {
     const authParams = await getCommandLineArgsCustom(config, 'auth', argv, commandLineDefinitions.authOptionDefinitions);
+    if (authParams.host === CE_URL) {
+        logInfo(i18n.__('codeSecEoL'));
+        process.exit(0);
+    }
     if (authParams.help) {
         logInfo(authUsageGuide);
         process.exit(0);
@@ -76,9 +80,9 @@ const authUsageGuide = commandLineUsage([
     }
 ]);
 const checkForCustomCredentials = (authParams) => {
-    const hasSomeKeys = authParams.apiKey ||
-        authParams.organizationId ||
-        authParams.host ||
+    const hasSomeKeys = authParams.apiKey ??
+        authParams.organizationId ??
+        authParams.host ??
         authParams.authorization;
     const hasAllKeys = authParams.apiKey &&
         authParams.organizationId &&
@@ -101,7 +105,7 @@ const processCustomCredentials = (authParams, config) => {
     const valuesToSet = {
         apiKey: authParams.apiKey,
         orgId: authParams.organizationId,
-        authHeader: buildAuth(config, authParams),
+        authHeader: authParams.authorization,
         host: authParams.host
     };
     setConfigValues(config, valuesToSet);

package/dist/common/autoDetection.js

@@ -54,7 +54,7 @@ export const detectPackageManager = array => {
             i['language'] = PYTHON;
             i['packageManager'] = 'PYPI';
         }
-        if (i.filePath && i.filePath.includes('csproj')) {
+        if (i.filePath && i.filePath.includes('packages-lock.json')) {
             i['language'] = DOTNET;
             i['packageManager'] = 'NUGET';
         }

package/dist/common/versionChecker.js

@@ -54,5 +54,5 @@ export const findLatestCLIVersion = async (config) => {
     }
 };
 export const isCorrectNodeVersion = async (currentVersion) => {
-    return satisfies(currentVersion, '>=18');
+    return satisfies(currentVersion, '>=20');
 };

package/dist/constants/constants.js

@@ -17,7 +17,7 @@ export const HIGH = 'HIGH';
 export const CRITICAL = 'CRITICAL';
 // App
 export const APP_NAME = 'contrast';
-const APP_VERSION = '2.5.2';
+const APP_VERSION = '3.1.0';
 export const TIMEOUT = 120000;
 export const CRITICAL_PRIORITY = 1;
 export const HIGH_PRIORITY = 2;

package/dist/github/projectGroup.js

@@ -74,7 +74,7 @@ export const createProject = (param, shortenedProjectName) => {
         path: param.fileName,
         name: param.repo ? shortenedProjectName : getProjectName(param),
         source: 'SCA',
-        language: param.language,
+        language: param.language === 'DOTNET' ? 'DOT_NET' : param.language,
         packageManager: param.packageManager,
         target: 'SCA',
         sourceId: ''

package/dist/index.js

@@ -18,6 +18,7 @@ import { processSarif } from './sarif/generateSarif.js';
 import { logInfo } from './common/logging.js';
 import { generateYamlConfiguration } from './generateYaml/index.js';
 import i18n from 'i18n';
+import { exit } from 'process';
 const config = localConfig(APP_NAME, getAppVersion());
 const getMainOption = () => {
     const mainOptions = commandLineArgs(commandLineDefinitions.mainDefinition, {
@@ -25,14 +26,13 @@ const getMainOption = () => {
         camelCase: true,
         caseInsensitive: true
     });
-    const argv = mainOptions._unknown || [];
+    const argv = mainOptions._unknown ?? [];
     return {
         mainOptions,
         argv
     };
 };
 const start = async () => {
-    // testing changes
     try {
         if (await isCorrectNodeVersion(process.version)) {
             const { mainOptions, argv: argvMain } = getMainOption();
@@ -63,6 +63,7 @@ const start = async () => {
             }
             if (config.get('host') === CE_URL) {
                 logInfo(i18n.__('codeSecEoL'));
+                exit(0);
             }
             if (command === 'lambda') {
                 return await processLambda(argvMain);
@@ -109,7 +110,7 @@ const start = async () => {
             process.exit(9);
         }
         else {
-            logInfo('Contrast supports Node versions >=18.16.0 Node LTS. Please use one of those versions.');
+            logInfo('Contrast supports Node versions >=20.18.3 Node LTS. Please use one of those versions.');
             process.exit(9);
         }
     }

package/dist/scaAnalysis/dotnet/index.js

@@ -1,6 +1,10 @@
 import { getDotNetDeps } from './analysis.js';
 import { createDotNetTSMessage } from '../common/formatMessage.js';
+import { parseDotNet } from './scaServiceParser.js';
 export const dotNetAnalysis = (config, languageFiles) => {
     const dotNetDeps = getDotNetDeps(config, languageFiles.DOTNET);
+    if (config.legacy === false) {
+        return parseDotNet(dotNetDeps);
+    }
     return createDotNetTSMessage(dotNetDeps);
 };

package/dist/scaAnalysis/dotnet/scaServiceParser.js

@@ -0,0 +1,17 @@
+export const parseDotNet = rawNode => {
+    let dependencyTree = {};
+    const dependencies = rawNode?.lockFile?.dependencies || {};
+    for (const [framework, frameworkDeps] of Object.entries(dependencies)) {
+        for (const [depName, depDetails] of Object.entries(frameworkDeps)) {
+            dependencyTree[depName] = {
+                group: depName,
+                name: `${depName}.dll`,
+                directDependency: 'true',
+                version: depDetails.resolved,
+                dependencies: Object.keys(depDetails.dependencies || []).map(key => `"${key}"`),
+                productionDependency: depDetails.type === 'Direct' || depDetails.type === 'Transitive'
+            };
+        }
+    }
+    return dependencyTree;
+};

package/dist/scaAnalysis/scaAnalysis.js

@@ -71,15 +71,10 @@ export const processSca = async (config) => {
                 messageToSend = await determineFlow(config, filesFound, goAnalysis);
                 break;
             case DOTNET:
-                if (config.legacy === false) {
-                    logInfo(`${chalk.bold('\n.NET project found\n')} Language type is unsupported.`);
-                    return;
-                }
-                else {
-                    messageToSend = dotNetAnalysis(config, filesFound[0]);
-                    config.language = DOTNET;
-                    break;
-                }
+                config.language = DOTNET;
+                config.packageManager = 'NUGET';
+                messageToSend = dotNetAnalysis(config, filesFound[0]);
+                break;
             default:
                 //something is wrong
                 logInfo('No supported language detected in project path');

package/dist/utils/getConfig.js

@@ -1,14 +1,10 @@
 import Conf from 'conf';
-import { CE_URL } from '../constants/constants.js';
 const localConfig = (name, version) => {
     const config = new Conf({
         projectName: '@contrast/contrast',
         configName: name
     });
     config.set('version', version);
-    if (!config.has('host')) {
-        config.set('host', CE_URL);
-    }
     return config;
 };
 const setConfigValues = (config, values) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "2.5.2",
+  "version": "3.1.0",
   "description": "Contrast Security's command line tool",
   "exports": "./dist/index.js",
   "type": "module",
@@ -26,7 +26,7 @@
   "scripts": {
     "build": "tsc",
     "build-binary": "esbuild src/index.ts --bundle --outdir=dist-binary --platform=node",
-    "package-binary": "pkg dist-binary/index.js --out-path binaries --targets node18-macos,node18-linux,node18-win",
+    "package-binary": "pkg dist-binary/index.js --out-path binaries --targets node20-macos,node20-linux,node20-win",
     "build-package": "yarn build && yarn build-binary && yarn package-binary",
     "test": "export VITEST_MAX_THREADS=4 && export VITEST_MIN_THREADS=1 && vitest --dir ./tests/unit-tests/",
     "test-debug": "export VITEST_MAX_THREADS=4 && export VITEST_MIN_THREADS=1 && vitest --dir ./tests/unit-tests/ --inspect-brk",
@@ -50,11 +50,11 @@
     "proxy-tests": "vitest ./tests/integration-tests/proxy/proxy-coverage.spec.js --pool=forks"
   },
   "engines": {
-    "node": ">=18.16.0"
+    "node": ">=20.18.3"
   },
   "dependencies": {
     "@aws-sdk/client-iam": "3.370.0",
-    "@aws-sdk/client-lambda": "3.370.0",
+    "@aws-sdk/client-lambda": "3.782.0",
     "@aws-sdk/config-resolver": "^3.374.0",
     "@aws-sdk/credential-provider-ini": "3.370.0",
     "@aws-sdk/middleware-signing": "3.370.0",
@@ -64,13 +64,13 @@
     "cli-table3": "0.6.3",
     "command-line-args": "5.2.1",
     "command-line-usage": "6.1.3",
-    "conf": "11.0.2",
-    "cross-spawn": "7.0.3",
+    "conf": "13.1.0",
+    "cross-spawn": "7.0.6",
     "fast-glob": "3.3.1",
-    "fast-xml-parser": "4.2.6",
+    "fast-xml-parser": "5.2.0",
     "form-data": "4.0.0",
     "g": "^2.0.1",
-    "got": "13.0.0",
+    "got": "14.4.7",
     "gradle-to-js": "2.0.1",
     "hpagent": "1.2.0",
     "i18n": "0.15.1",
@@ -88,7 +88,7 @@
     "yarn-lockfile": "1.1.1"
   },
   "devDependencies": {
-    "@babel/core": "7.21.8",
+    "@babel/core": "7.23.2",
     "@babel/preset-modules": "0.1.6",
     "@types/command-line-args": "5.2.0",
     "@types/command-line-usage": "5.0.2",
@@ -101,22 +101,22 @@
     "@typescript-eslint/parser": "5.62.0",
     "@vitest/coverage-v8": "0.34.3",
     "csv-writer": "1.6.0",
-    "dotenv": "16.3.1",
-    "esbuild": "0.18.16",
-    "eslint": "8.45.0",
-    "eslint-config-prettier": "8.8.0",
-    "eslint-plugin-prettier": "4.2.1",
+    "dotenv": "16.4.7",
+    "esbuild": "0.25.2",
+    "eslint": "9.24.0",
+    "eslint-config-prettier": "10.1.1",
+    "eslint-plugin-prettier": "5.2.6",
     "husky": "3.1.0",
-    "mocha": "10.2.0",
+    "mocha": "11.1.0",
     "nock": "13.3.2",
     "npm-license-crawler": "0.2.1",
-    "pkg": "5.8.1",
     "prettier": "2.8.8",
+    "@yao-pkg/pkg": "^6.1.0",
     "tmp": "0.2.1",
     "ts-node": "^10.9.2",
     "typescript": "5.1.6",
     "uuid": "9.0.0",
-    "vitest": "1.4.0"
+    "vitest": "1.6.1"
   },
   "resolutions": {
     "faker": "5.5.3",