@socketsecurity/cli 0.9.3 → 0.10.0

package/cli.js

@@ -20,6 +20,8 @@ try {
       entry[0] = 'raw-npm'
     } else if (entry[0] === 'rawNpx') {
       entry[0] = 'raw-npx'
+    } else if (entry[0] === 'auditlog') {
+      entry[0] = 'audit-log'
     }
     return entry
   }))

package/lib/commands/audit-log/index.js

@@ -0,0 +1,162 @@
+/* eslint-disable no-console */
+import { Separator } from '@inquirer/select'
+import chalk from 'chalk'
+import inquirer from 'inquirer'
+import meow from 'meow'
+import ora from 'ora'
+
+import { outputFlags } from '../../flags/index.js'
+import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
+import { prepareFlags } from '../../utils/flags.js'
+import { printFlagList } from '../../utils/formatting.js'
+import { FREE_API_KEY, getDefaultKey, setupSdk } from '../../utils/sdk.js'
+
+/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
+export const auditlog = {
+  description: 'Look up the audit log for an organization',
+  async run (argv, importMeta, { parentName }) {
+    const name = parentName + ' audit-log'
+
+    const input = setupCommand(name, auditlog.description, argv, importMeta)
+    if (input) {
+      const spinner = ora(`Looking up audit log for ${input.orgSlug}\n`).start()
+      await fetchOrgAuditLog(input.orgSlug, input, spinner)
+    }
+  }
+}
+
+const auditLogFlags = prepareFlags({
+    type: {
+      type: 'string',
+      shortFlag: 't',
+      default: '',
+      description: 'Type of log event',
+    },
+    perPage: {
+      type: 'number',
+      shortFlag: 'pp',
+      default: 30,
+      description: 'Results per page - default is 30',
+    },
+    page: {
+      type: 'number',
+      shortFlag: 'p',
+      default: 1,
+      description: 'Page number - default is 1',
+    }
+  })
+
+// Internal functions
+
+/**
+ * @typedef CommandInput
+ * @property {boolean} outputJson
+ * @property {boolean} outputMarkdown
+ * @property {string} orgSlug
+ * @property {string} type
+ * @property {number} page
+ * @property {number} per_page
+ */
+
+/**
+ * @param {string} name
+ * @param {string} description
+ * @param {readonly string[]} argv
+ * @param {ImportMeta} importMeta
+ * @returns {void|CommandInput}
+ */
+function setupCommand (name, description, argv, importMeta) {
+  const flags = {
+    ...auditLogFlags,
+    ...outputFlags
+  }
+
+  const cli = meow(`
+    Usage
+      $ ${name} <org slug>
+
+    Options
+      ${printFlagList(flags, 6)}
+
+    Examples
+      $ ${name} FakeOrg
+  `, {
+    argv,
+    description,
+    importMeta,
+    flags
+  })
+
+  const {
+    json: outputJson,
+    markdown: outputMarkdown,
+    type,
+    page,
+    perPage
+  } = cli.flags
+
+  if (cli.input.length < 1) {
+    console.error(`${chalk.bgRed('Input error')}: Please provide an organization slug \n`)
+    cli.showHelp()
+    return
+  }
+  const [orgSlug = ''] = cli.input
+
+  return {
+    outputJson,
+    outputMarkdown,
+    orgSlug,
+    type: type && type.charAt(0).toUpperCase() + type.slice(1),
+    page,
+    per_page: perPage
+  }
+}
+
+/**
+ * @typedef AuditLogData
+ * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'getAuditLogEvents'>["data"]} data
+ */
+
+/**
+ * @param {string} orgSlug
+ * @param {CommandInput} input
+ * @param {import('ora').Ora} spinner
+ * @returns {Promise<void|AuditLogData>}
+ */
+async function fetchOrgAuditLog (orgSlug, input, spinner) {
+  const socketSdk = await setupSdk(getDefaultKey() || FREE_API_KEY)
+  const result = await handleApiCall(socketSdk.getAuditLogEvents(orgSlug, input), `Looking up audit log for ${orgSlug}\n`)
+
+  if (!result.success) {
+    return handleUnsuccessfulApiResponse('getAuditLogEvents', result, spinner)
+  }
+  spinner.stop()
+
+  const /** @type {({name: string} | Separator)[]} */ data = []
+  const /** @type {{[key: string]: string}} */ logDetails = {}
+
+  result.data.results.map(d => {
+    data.push({
+      name: `${d.created_at && new Date(d.created_at).toLocaleDateString('en-us', { year: 'numeric', month: 'numeric', day: 'numeric' })} - ${d.user_email} - ${d.type} - ${d.ip_address} - ${d.user_agent}`
+    }, new Separator())
+
+    logDetails[`${d.created_at && new Date(d.created_at).toLocaleDateString('en-us', { year: 'numeric', month: 'numeric', day: 'numeric' })} - ${d.user_email} - ${d.type} - ${d.ip_address} - ${d.user_agent}`] = JSON.stringify(d.payload)
+    return data
+  })
+
+  inquirer
+  .prompt(
+    {
+      type: 'list',
+      name: 'log',
+      message: input.type ? `\n Audit log for: ${orgSlug} with type: ${input.type} \n` : `\n Audit log for: ${orgSlug} \n`,
+      choices: data,
+      pageSize: 30
+    }
+  )
+  .then((/** @type {{log: string}} */ answers) => console.log(logDetails[answers.log]))
+
+  return {
+    data: result.data
+  }
+}

package/lib/commands/cdxgen/index.js

@@ -0,0 +1,211 @@
+/* eslint-disable no-console */
+
+import { existsSync, promises as fs } from 'node:fs'
+import path from 'node:path'
+import { fileURLToPath } from 'node:url'
+
+import chalk from 'chalk'
+import { $ } from 'execa'
+import yargsParse from 'yargs-parser'
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url))
+
+const {
+  SBOM_SIGN_ALGORITHM, // Algorithm. Example: RS512
+  SBOM_SIGN_PRIVATE_KEY, // Location to the RSA private key
+  SBOM_SIGN_PUBLIC_KEY // Optional. Location to the RSA public key
+} = process.env
+
+const toLower = (/** @type {string} */ arg) => arg.toLowerCase()
+const arrayToLower = (/** @type {string[]} */ arg) => arg.map(toLower)
+
+const execaConfig = {
+  env: { NODE_ENV: '' },
+  localDir: path.join(__dirname, 'node_modules'),
+}
+
+const nodejsPlatformTypes = [
+  'javascript',
+  'js',
+  'nodejs',
+  'npm',
+  'pnpm',
+  'ts',
+  'tsx',
+  'typescript'
+]
+
+const yargsConfig = {
+  configuration: {
+    'camel-case-expansion': false,
+    'strip-aliased': true,
+    'parse-numbers': false,
+    'populate--': true,
+    'unknown-options-as-args': true
+  },
+  coerce: {
+    author: arrayToLower,
+    filter: arrayToLower,
+    only: arrayToLower,
+    profile: toLower,
+    standard: arrayToLower,
+    type: toLower
+  },
+  default: {
+    //author: ['OWASP Foundation'],
+    //'auto-compositions': true,
+    //babel: true,
+    //evidence: false,
+    //'include-crypto': false,
+    //'include-formulation': false,
+    //'install-deps': true,
+    //output: 'bom.json',
+    //profile: 'generic',
+    //'project-version': '',
+    //recurse: true,
+    //'server-host': '127.0.0.1',
+    //'server-port': '9090',
+    //'spec-version': '1.5',
+    type: 'js',
+    //validate: true,
+  },
+  alias: {
+    help: ['h'],
+    output: ['o'],
+    print: ['p'],
+    recurse: ['r'],
+    'resolve-class': ['c'],
+    type: ['t'],
+    version: ['v'],
+  },
+  array: [
+    { key: 'author', type: 'string' },
+    { key: 'exclude', type: 'string' },
+    { key: 'filter', type: 'string' },
+    { key: 'only', type: 'string' },
+    { key: 'standard', type: 'string' }
+  ],
+  boolean: [
+    'auto-compositions',
+    'babel',
+    'deep',
+    'evidence',
+    'fail-on-error',
+    'generate-key-and-sign',
+    'help',
+    'include-formulation',
+    'include-crypto',
+    'install-deps',
+    'print',
+    'required-only',
+    'server',
+    'validate',
+    'version',
+  ],
+  string: [
+    'api-key',
+    'output',
+    'parent-project-id',
+    'profile',
+    'project-group',
+    'project-name',
+    'project-version',
+    'project-id',
+    'server-host',
+    'server-port',
+    'server-url',
+    'spec-version',
+  ]
+}
+
+/**
+ *
+ * @param {{ [key: string]: boolean | null | number | string | (string | number)[]}} argv
+ * @returns {string[]}
+ */
+function argvToArray (/** @type {any} */ argv) {
+  if (argv['help']) return ['--help']
+  const result = []
+  for (const { 0: key, 1: value } of Object.entries(argv)) {
+    if (key === '_' || key === '--') continue
+    if (key === 'babel' || key === 'install-deps' || key === 'validate') {
+      // cdxgen documents no-babel, no-install-deps, and no-validate flags so
+      // use them when relevant.
+      result.push(`--${value ? key : `no-${key}`}`)
+    } else if (value === true) {
+      result.push(`--${key}`)
+    } else if (typeof value === 'string') {
+      result.push(`--${key}=${value}`)
+    } else if (Array.isArray(value)) {
+      result.push(`--${key}`, ...value.map(String))
+    }
+  }
+  if (argv['--']) {
+    result.push('--', ...argv['--'])
+  }
+  return result
+}
+
+/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
+export const cdxgen = {
+  description: 'Create an SBOM with CycloneDX generator (cdxgen)',
+  async run (argv_) {
+    const /** @type {any} */ yargv = {
+      __proto__: null,
+      // @ts-ignore
+      ...yargsParse(argv_, yargsConfig)
+    }
+
+    const /** @type {string[]} */ unknown = yargv._
+    const { length: unknownLength } = unknown
+    if (unknownLength) {
+      console.error(`Unknown argument${unknownLength > 1 ? 's' : ''}: ${yargv._.join(', ')}`)
+      process.exitCode = 1
+      return
+    }
+
+    let cleanupPackageLock = false
+    if (
+      yargv.type !== 'yarn' &&
+      nodejsPlatformTypes.includes(yargv.type) &&
+      existsSync('./yarn.lock')
+    ) {
+      if (existsSync('./package-lock.json')) {
+        yargv.type = 'npm'
+      } else {
+        // Use synp to create a package-lock.json from the yarn.lock,
+        // based on the node_modules folder, for a more accurate SBOM.
+        try {
+          await $(execaConfig)`synp --source-file ./yarn.lock`
+          yargv.type = 'npm'
+          cleanupPackageLock = true
+        } catch {}
+      }
+    }
+
+    if (yargv.output === undefined) {
+      yargv.output = 'socket-cdx.json'
+    }
+
+    await $({
+      ...execaConfig,
+      env: {
+        NODE_ENV: '',
+        SBOM_SIGN_ALGORITHM,
+        SBOM_SIGN_PRIVATE_KEY,
+        SBOM_SIGN_PUBLIC_KEY
+      },
+      stdout: 'inherit'
+    })`cdxgen ${argvToArray(yargv)}`
+
+    if (cleanupPackageLock) {
+      try {
+        await fs.unlink('./package-lock.json')
+      } catch {}
+    }
+    const fullOutputPath = path.join(process.cwd(), yargv.output)
+    if (existsSync(fullOutputPath)) {
+      console.log(chalk.cyanBright(`${yargv.output} created!`))
+    }
+  }
+}

package/lib/commands/dependencies/index.js

@@ -0,0 +1,150 @@
+/* eslint-disable no-console */
+
+import chalk from 'chalk'
+// @ts-ignore
+import chalkTable from 'chalk-table'
+import meow from 'meow'
+import ora from 'ora'
+
+import { outputFlags } from '../../flags/index.js'
+import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
+import { prepareFlags } from '../../utils/flags.js'
+import { printFlagList } from '../../utils/formatting.js'
+import { getDefaultKey, setupSdk } from '../../utils/sdk.js'
+
+/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
+export const dependencies = {
+  description: 'Search for any dependency that is being used in your organization',
+  async run (argv, importMeta, { parentName }) {
+    const name = parentName + ' dependencies'
+
+    const input = setupCommand(name, dependencies.description, argv, importMeta)
+    if (input) {
+      const spinnerText = 'Searching dependencies...'
+      const spinner = ora(spinnerText).start()
+      await searchDeps(input, spinner)
+    }
+  }
+}
+
+const dependenciesFlags = prepareFlags({
+    limit: {
+      type: 'number',
+      shortFlag: 'l',
+      default: 50,
+      description: 'Maximum number of dependencies returned',
+    },
+    offset: {
+      type: 'number',
+      shortFlag: 'o',
+      default: 0,
+      description: 'Page number',
+    }
+  })
+
+// Internal functions
+
+/**
+ * @typedef Command
+ * @property {boolean} outputJson
+ * @property {boolean} outputMarkdown
+ * @property {number} limit
+ * @property {number} offset
+ */
+
+/**
+ * @param {string} name
+ * @param {string} description
+ * @param {readonly string[]} argv
+ * @param {ImportMeta} importMeta
+ * @returns {void|Command}
+ */
+function setupCommand (name, description, argv, importMeta) {
+  const flags = {
+    ...outputFlags,
+    ...dependenciesFlags
+  }
+
+  const cli = meow(`
+    Usage
+      $ ${name}
+
+    Options
+      ${printFlagList(flags, 6)}
+
+    Examples
+      $ ${name}
+  `, {
+    argv,
+    description,
+    importMeta,
+    flags
+  })
+
+  const {
+    json: outputJson,
+    markdown: outputMarkdown,
+    limit,
+    offset
+  } = cli.flags
+
+  return {
+    outputJson,
+    outputMarkdown,
+    limit,
+    offset
+  }
+}
+
+/**
+ * @typedef DependenciesData
+ * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'searchDependencies'>["data"]} data
+ */
+
+/**
+ * @param {Command} input
+ * @param {import('ora').Ora} spinner
+ * @returns {Promise<void|DependenciesData>}
+ */
+async function searchDeps ({ limit, offset, outputJson }, spinner) {
+  const socketSdk = await setupSdk(getDefaultKey())
+  const result = await handleApiCall(socketSdk.searchDependencies({ limit, offset }), 'Searching dependencies')
+
+  if (!result.success) {
+    return handleUnsuccessfulApiResponse('searchDependencies', result, spinner)
+  }
+
+  spinner.stop()
+
+  console.log('Organization dependencies: \n')
+
+  if (outputJson) {
+    return console.log(result.data)
+  }
+
+  const options = {
+    columns: [
+      { field: 'namespace', name: chalk.cyan('Namespace') },
+      { field: 'name', name: chalk.cyan('Name') },
+      { field: 'version', name: chalk.cyan('Version') },
+      { field: 'repository', name: chalk.cyan('Repository') },
+      { field: 'branch', name: chalk.cyan('Branch') },
+      { field: 'type', name: chalk.cyan('Type') },
+      { field: 'direct', name: chalk.cyan('Direct') }
+    ]
+  }
+
+  const formattedResults = result.data.rows.map((/** @type {{[key:string]: any}} */ d) => {
+    return {
+      ...d
+    }
+  })
+
+  const table = chalkTable(options, formattedResults)
+
+  console.log(table, '\n')
+
+  return {
+    data: result.data
+  }
+}

package/lib/commands/index.js

@@ -1,9 +1,14 @@
+export * from './cdxgen/index.js'
 export * from './info/index.js'
-export * from './report/index.js'
-export * from './npm/index.js'
-export * from './npx/index.js'
 export * from './login/index.js'
 export * from './logout/index.js'
-export * from './wrapper/index.js'
+export * from './npm/index.js'
+export * from './npx/index.js'
 export * from './raw-npm/index.js'
 export * from './raw-npx/index.js'
+export * from './report/index.js'
+export * from './wrapper/index.js'
+export * from './scan/index.js'
+export * from './audit-log/index.js'
+export * from './repos/index.js'
+export * from './dependencies/index.js'