@contrast/contrast 3.0.0 → 3.2.0

package/dist/audit/auditRequests.js

@@ -42,7 +42,7 @@ const retrieveProjectByOrganizationIdUrl = (config) => {
         ? baseUrl.concat(`?name=${config.name}`)
         : baseUrl.concat(`?name=${config.fileName}`);
     baseUrl = config.language
-        ? baseUrl.concat(`&language=${config.language}`)
+        ? baseUrl.concat(`&language=${config.language === 'DOTNET' ? 'DOT_NET' : config.language}`)
         : baseUrl;
     baseUrl = config.language ? baseUrl.concat(`&source=SCA`) : baseUrl;
     baseUrl = config.repo
@@ -54,7 +54,7 @@ export async function registerProjectGroup(config, requestBody) {
     const options = buildBaseRequestOptions(config, ErrorType.GENERIC);
     options.url = registerProjectGroupUrl(config);
     options.json = requestBody;
-    logDebug(config, 'registerProjectGroup');
+    logDebug(config, `registerProjectGroup ${options.json}`);
     logDebug(config, `url ${options.url}`);
     try {
         return await got.post(options);

package/dist/auth/auth.js

@@ -2,7 +2,7 @@ import { v4 as uuidv4 } from 'uuid';
 import i18n from 'i18n';
 import { failSpinner, returnOra, startSpinner, succeedSpinner } from '../utils/oraWrapper.js';
 import { en_locales } from '../constants/locales.js';
-import { AUTH_UI_URL, TIMEOUT } from '../constants/constants.js';
+import { AUTH_UI_URL, CE_URL, TIMEOUT } from '../constants/constants.js';
 import { setConfigValues } from '../utils/getConfig.js';
 import commandLineUsage from 'command-line-usage';
 import { commonMessageFormatter } from '../common/errorHandling.js';
@@ -14,6 +14,10 @@ import { logDebug, logInfo } from '../common/logging.js';
 const messages = en_locales();
 export const processAuth = async (argv, config) => {
     const authParams = await getCommandLineArgsCustom(config, 'auth', argv, commandLineDefinitions.authOptionDefinitions);
+    if (authParams.host === CE_URL) {
+        logInfo(i18n.__('codeSecEoL'));
+        process.exit(0);
+    }
     if (authParams.help) {
         logInfo(authUsageGuide);
         process.exit(0);
@@ -76,9 +80,9 @@ const authUsageGuide = commandLineUsage([
     }
 ]);
 const checkForCustomCredentials = (authParams) => {
-    const hasSomeKeys = authParams.apiKey ||
-        authParams.organizationId ||
-        authParams.host ||
+    const hasSomeKeys = authParams.apiKey ??
+        authParams.organizationId ??
+        authParams.host ??
         authParams.authorization;
     const hasAllKeys = authParams.apiKey &&
         authParams.organizationId &&

package/dist/common/autoDetection.js

@@ -54,7 +54,7 @@ export const detectPackageManager = array => {
             i['language'] = PYTHON;
             i['packageManager'] = 'PYPI';
         }
-        if (i.filePath && i.filePath.includes('csproj')) {
+        if (i.filePath && i.filePath.includes('packages-lock.json')) {
             i['language'] = DOTNET;
             i['packageManager'] = 'NUGET';
         }

package/dist/constants/constants.js

@@ -17,7 +17,7 @@ export const HIGH = 'HIGH';
 export const CRITICAL = 'CRITICAL';
 // App
 export const APP_NAME = 'contrast';
-const APP_VERSION = '3.0.0';
+const APP_VERSION = '3.2.0';
 export const TIMEOUT = 120000;
 export const CRITICAL_PRIORITY = 1;
 export const HIGH_PRIORITY = 2;

package/dist/github/projectGroup.js

@@ -74,7 +74,7 @@ export const createProject = (param, shortenedProjectName) => {
         path: param.fileName,
         name: param.repo ? shortenedProjectName : getProjectName(param),
         source: 'SCA',
-        language: param.language,
+        language: param.language === 'DOTNET' ? 'DOT_NET' : param.language,
         packageManager: param.packageManager,
         target: 'SCA',
         sourceId: ''

package/dist/index.js

@@ -18,6 +18,7 @@ import { processSarif } from './sarif/generateSarif.js';
 import { logInfo } from './common/logging.js';
 import { generateYamlConfiguration } from './generateYaml/index.js';
 import i18n from 'i18n';
+import { exit } from 'process';
 const config = localConfig(APP_NAME, getAppVersion());
 const getMainOption = () => {
     const mainOptions = commandLineArgs(commandLineDefinitions.mainDefinition, {
@@ -25,7 +26,7 @@ const getMainOption = () => {
         camelCase: true,
         caseInsensitive: true
     });
-    const argv = mainOptions._unknown || [];
+    const argv = mainOptions._unknown ?? [];
     return {
         mainOptions,
         argv
@@ -62,6 +63,7 @@ const start = async () => {
             }
             if (config.get('host') === CE_URL) {
                 logInfo(i18n.__('codeSecEoL'));
+                exit(0);
             }
             if (command === 'lambda') {
                 return await processLambda(argvMain);

package/dist/scaAnalysis/dotnet/index.js

@@ -1,6 +1,10 @@
 import { getDotNetDeps } from './analysis.js';
 import { createDotNetTSMessage } from '../common/formatMessage.js';
+import { parseDotNet } from './scaServiceParser.js';
 export const dotNetAnalysis = (config, languageFiles) => {
     const dotNetDeps = getDotNetDeps(config, languageFiles.DOTNET);
+    if (config.legacy === false) {
+        return parseDotNet(dotNetDeps);
+    }
     return createDotNetTSMessage(dotNetDeps);
 };

package/dist/scaAnalysis/dotnet/scaServiceParser.js

@@ -0,0 +1,17 @@
+export const parseDotNet = rawNode => {
+    let dependencyTree = {};
+    const dependencies = rawNode?.lockFile?.dependencies || {};
+    for (const [framework, frameworkDeps] of Object.entries(dependencies)) {
+        for (const [depName, depDetails] of Object.entries(frameworkDeps)) {
+            dependencyTree[depName] = {
+                group: depName,
+                name: `${depName}.dll`,
+                directDependency: 'true',
+                version: depDetails.resolved,
+                dependencies: Object.keys(depDetails.dependencies || []).map(key => `"${key}"`),
+                productionDependency: depDetails.type === 'Direct' || depDetails.type === 'Transitive'
+            };
+        }
+    }
+    return dependencyTree;
+};

package/dist/scaAnalysis/java/analysis.js

@@ -74,6 +74,9 @@ export const calculateMavenCommand = projectData => {
     else {
         projectData.mvnCommand = 'mvn';
     }
+    if (projectData.mvnCommand.includes('//')) {
+        projectData.mvnCommand = projectData.mvnCommand.replace(/\/+/g, '/');
+    }
 };
 export function checkForErrors(cmdDepTree, config) {
     checkMavenExists(cmdDepTree, config);

package/dist/scaAnalysis/scaAnalysis.js

@@ -71,15 +71,10 @@ export const processSca = async (config) => {
                 messageToSend = await determineFlow(config, filesFound, goAnalysis);
                 break;
             case DOTNET:
-                if (config.legacy === false) {
-                    logInfo(`${chalk.bold('\n.NET project found\n')} Language type is unsupported.`);
-                    return;
-                }
-                else {
-                    messageToSend = dotNetAnalysis(config, filesFound[0]);
-                    config.language = DOTNET;
-                    break;
-                }
+                config.language = DOTNET;
+                config.packageManager = 'NUGET';
+                messageToSend = dotNetAnalysis(config, filesFound[0]);
+                break;
             default:
                 //something is wrong
                 logInfo('No supported language detected in project path');

package/dist/scan/processScan.js

@@ -1,30 +1,39 @@
 import scanConfig from './scanConfig.js';
-import { startScan } from './scanController.js';
+import { startScan, startScanWithResults } from './scanController.js';
 import { saveScanFile } from '../utils/saveFile.js';
 import { ScanResultsModel } from './models/scanResultsModel.js';
 import { formatScanOutput } from './formatScanOutput.js';
 import { sendTelemetryConfigAsObject } from '../telemetry/telemetry.js';
 import { processFail } from '../common/fail.js';
 import { postRunMessage } from '../common/commonHelp.js';
-import { logInfo } from '../common/logging.js';
+import { logDebug, logInfo } from '../common/logging.js';
 import { validateHost } from '../utils/validationCheck.js';
 export const processScan = async (contrastConf, argv) => {
     let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv);
     validateHost(config);
-    let output = undefined;
-    const scanResults = new ScanResultsModel(await startScan(config));
-    await sendTelemetryConfigAsObject(config, 'scan', argv, 'SUCCESS', scanResults.scanDetail.language);
-    if (scanResults.scanResultsInstances !== undefined) {
-        output = formatScanOutput(scanResults);
-    }
-    if (config.save !== undefined) {
-        await saveScanFile(config, scanResults);
+    let scanResults;
+    if (config.ff) {
+        logDebug(config, 'Is fire and forget request');
+        await startScan(config);
     }
     else {
-        logInfo('\nUse contrast scan --save to save results as a SARIF');
+        scanResults = new ScanResultsModel(await startScanWithResults(config));
     }
-    if (config.fail) {
-        processFail(config, output);
+    await sendTelemetryConfigAsObject(config, 'scan', argv, 'SUCCESS', config.ff ? 'UNKNOWN' : scanResults.scanDetail.language);
+    if (!config.ff) {
+        let output;
+        if (scanResults.scanResultsInstances !== undefined) {
+            output = formatScanOutput(scanResults);
+        }
+        if (config.save !== undefined) {
+            await saveScanFile(config, scanResults);
+        }
+        else {
+            logInfo('\nUse contrast scan --save to save results as a SARIF');
+        }
+        if (config.fail) {
+            processFail(config, output);
+        }
     }
     postRunMessage('scan');
 };

package/dist/scan/scan.js

@@ -13,7 +13,7 @@ export const isFileAllowed = (scanOption) => {
     });
     return valid;
 };
-export const sendScan = async (config) => {
+export const uploadArtifact = async (config) => {
     if (!isFileAllowed(config.file)) {
         const message = i18n.__('scanErrorFileMessage');
         logDebug(config, message);

package/dist/scan/scanController.js

@@ -1,12 +1,12 @@
 import i18n from 'i18n';
 import { populateProjectId } from './populateProjectIdAndProjectName.js';
-import { sendScan } from './scan.js';
+import { uploadArtifact } from './scan.js';
 import { performance } from 'perf_hooks';
 import { fileExists, fileIsEmpty } from './fileUtils.js';
 import { returnOra, startSpinner, stopSpinner, succeedSpinner } from '../utils/oraWrapper.js';
 import { returnScanResults } from './scanResults.js';
 import { autoDetectFileAndLanguage } from '../common/autoDetection.js';
-import { getScanResultsInstances } from './scanRequests.js';
+import { submitScanForArtifact, getScanResultsInstances } from './scanRequests.js';
 import { logDebug, logInfo } from '../common/logging.js';
 const getTimeout = config => {
     if (config.timeout) {
@@ -40,7 +40,6 @@ export const fileAndLanguageLogic = async (configToUse) => {
     }
 };
 export const startScan = async (configToUse) => {
-    const startTime = performance.now();
     await fileAndLanguageLogic(configToUse);
     let newProject;
     if (!configToUse.projectId) {
@@ -51,28 +50,33 @@ export const startScan = async (configToUse) => {
     else {
         newProject = false;
     }
-    const codeArtifactId = await sendScan(configToUse);
-    if (!configToUse.ff) {
-        const startScanSpinner = returnOra('🚀 Contrast Scan started');
-        startSpinner(startScanSpinner);
-        const scanDetail = await returnScanResults(configToUse, codeArtifactId, newProject, getTimeout(configToUse), startScanSpinner);
-        const scanResultsInstances = await getScanResultsInstances(configToUse, scanDetail.id);
-        const endTime = performance.now();
-        const scanDurationMs = endTime - startTime;
-        if (scanResultsInstances.statusCode !== 200) {
-            stopSpinner(startScanSpinner);
-            const message = 'Result Service is unavailable, please try again later';
-            logInfo(message);
-            logDebug(configToUse, message);
-            process.exit(1);
-        }
-        else {
-            succeedSpinner(startScanSpinner, 'Contrast Scan complete');
-            logInfo(`----- Scan completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
-            return {
-                scanDetail,
-                scanResultsInstances: scanResultsInstances.body
-            };
-        }
+    const codeArtifactId = await uploadArtifact(configToUse);
+    const scanId = await submitScanForArtifact(configToUse, codeArtifactId);
+    logDebug(configToUse, `For proj: ${configToUse.projectId}, is new: ${newProject}, new scanId submitted: ${scanId}`);
+    return { newProject, scanId };
+};
+export const startScanWithResults = async (configToUse) => {
+    const startTime = performance.now();
+    const { newProject, scanId } = await startScan(configToUse);
+    const startScanSpinner = returnOra('🚀 Contrast Scan started');
+    startSpinner(startScanSpinner);
+    const scanDetail = await returnScanResults(configToUse, scanId, newProject, getTimeout(configToUse), startScanSpinner);
+    const scanResultsInstances = await getScanResultsInstances(configToUse, scanDetail.id);
+    const endTime = performance.now();
+    const scanDurationMs = endTime - startTime;
+    if (scanResultsInstances.statusCode !== 200) {
+        stopSpinner(startScanSpinner);
+        const message = 'Result Service is unavailable, please try again later';
+        logInfo(message);
+        logDebug(configToUse, message);
+        process.exit(1);
+    }
+    else {
+        succeedSpinner(startScanSpinner, 'Contrast Scan complete');
+        logInfo(`----- Scan completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
+        return {
+            scanDetail,
+            scanResultsInstances: scanResultsInstances.body
+        };
     }
 };

package/dist/scan/scanRequests.js

@@ -2,6 +2,7 @@ import { buildBaseRequestOptions, ErrorType } from '../common/baseRequest.js';
 import { got } from 'got';
 import fs from 'fs';
 import FormData from 'form-data';
+import { logDebug } from '../common/logging.js';
 export function createProjectId(config) {
     const options = buildBaseRequestOptions(config, ErrorType.SCAN);
     options.json = {
@@ -38,17 +39,18 @@ export async function sendArtifact(config) {
 function createHarmonyUrl(config) {
     return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/code-artifacts`;
 }
-export function getScanId(config, codeArtifactId) {
+export const submitScanForArtifact = async (config, codeArtifactId) => {
     const options = buildBaseRequestOptions(config, ErrorType.SCAN);
     options.url = createGetScanIdURL(config);
     options.json = {
         codeArtifactId: codeArtifactId,
-        label: config.label
-            ? config.label
-            : `Started by CLI tool at ${new Date().toString()}`
+        label: config.label ?? `Started by CLI tool at ${new Date().toString()}`
     };
-    return got.post(options);
-}
+    logDebug(config, `Kicked off scan for project ${config.projectId} and codeArtifact: ${codeArtifactId}`);
+    const post = (await got.post(options));
+    const body = post.body;
+    return body.id;
+};
 const createGetScanIdURL = (config) => {
     return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/`;
 };

package/dist/scan/scanResults.js

@@ -2,15 +2,13 @@ import { sleep, millisToSeconds, timeOutError } from '../utils/requestUtils.js';
 import i18n from 'i18n';
 import readline from 'readline';
 import { failSpinner, stopSpinner } from '../utils/oraWrapper.js';
-import { createNewEvent, getScanId, getSpecificScanResult } from './scanRequests.js';
+import { createNewEvent, getSpecificScanResult } from './scanRequests.js';
 import { logDebug, logInfo } from '../common/logging.js';
 export const pollScanResults = async (config, scanId) => {
     await sleep(5000);
     return getSpecificScanResult(config, scanId);
 };
-export const returnScanResults = async (config, codeArtifactId, newProject, timeout, startScanSpinner) => {
-    const scanIdRes = await getScanId(config, codeArtifactId);
-    const scanId = scanIdRes.body.id;
+export const returnScanResults = async (config, scanId, newProject, timeout, startScanSpinner) => {
     // send metrics event to sast-event-collector
     if (process.env.CODESEC_INVOCATION_ENVIRONMENT &&
         process.env.CODESEC_INVOCATION_ENVIRONMENT.toUpperCase() === 'GITHUB') {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "3.0.0",
+  "version": "3.2.0",
   "description": "Contrast Security's command line tool",
   "exports": "./dist/index.js",
   "type": "module",
@@ -54,7 +54,7 @@
   },
   "dependencies": {
     "@aws-sdk/client-iam": "3.370.0",
-    "@aws-sdk/client-lambda": "3.370.0",
+    "@aws-sdk/client-lambda": "3.782.0",
     "@aws-sdk/config-resolver": "^3.374.0",
     "@aws-sdk/credential-provider-ini": "3.370.0",
     "@aws-sdk/middleware-signing": "3.370.0",
@@ -64,13 +64,13 @@
     "cli-table3": "0.6.3",
     "command-line-args": "5.2.1",
     "command-line-usage": "6.1.3",
-    "conf": "11.0.2",
-    "cross-spawn": "7.0.3",
+    "conf": "13.1.0",
+    "cross-spawn": "7.0.6",
     "fast-glob": "3.3.1",
-    "fast-xml-parser": "4.2.6",
+    "fast-xml-parser": "5.2.0",
     "form-data": "4.0.0",
     "g": "^2.0.1",
-    "got": "13.0.0",
+    "got": "14.4.7",
     "gradle-to-js": "2.0.1",
     "hpagent": "1.2.0",
     "i18n": "0.15.1",
@@ -88,7 +88,7 @@
     "yarn-lockfile": "1.1.1"
   },
   "devDependencies": {
-    "@babel/core": "7.21.8",
+    "@babel/core": "7.23.2",
     "@babel/preset-modules": "0.1.6",
     "@types/command-line-args": "5.2.0",
     "@types/command-line-usage": "5.0.2",
@@ -101,13 +101,13 @@
     "@typescript-eslint/parser": "5.62.0",
     "@vitest/coverage-v8": "0.34.3",
     "csv-writer": "1.6.0",
-    "dotenv": "16.3.1",
-    "esbuild": "0.18.16",
-    "eslint": "8.45.0",
-    "eslint-config-prettier": "8.8.0",
-    "eslint-plugin-prettier": "4.2.1",
+    "dotenv": "16.4.7",
+    "esbuild": "0.25.2",
+    "eslint": "9.24.0",
+    "eslint-config-prettier": "10.1.1",
+    "eslint-plugin-prettier": "5.2.6",
     "husky": "3.1.0",
-    "mocha": "10.2.0",
+    "mocha": "11.1.0",
     "nock": "13.3.2",
     "npm-license-crawler": "0.2.1",
     "prettier": "2.8.8",
@@ -116,7 +116,7 @@
     "ts-node": "^10.9.2",
     "typescript": "5.1.6",
     "uuid": "9.0.0",
-    "vitest": "1.4.0"
+    "vitest": "1.6.1"
   },
   "resolutions": {
     "faker": "5.5.3",