@contrast/contrast 1.0.9 → 1.0.10

package/README.md

@@ -52,7 +52,7 @@ export AWS_SECRET_ACCESS_KEY=<YOUR_SECRET_ACCESS_KEY>
 
 - These permissions are required to gather all required information on an AWS Lambda to use the `contrast lambda` command:
 
-  - Lambda: [GetFunction](https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunction.html) | [GetLayerVersion](https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersion.html)
+  - Lambda: [GetFunction](https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunction.html) | [GetLayerVersion](https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersion.html) | [ListFunctions](https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctions.html)
   - IAM: [GetRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html) | [GetPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html) | [GetPolicyVersion](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html) | [ListRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html) | [ListAttachedRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html)
 
 ### Start scanning

package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js

@@ -2,29 +2,29 @@
 const fs = require('fs');
 const path = require('path');
 const i18n = require('i18n');
-const getProjectRootFilenames = file => {
-    let projectStats = null;
+const getDirectoryFromPathGiven = file => {
+    let projectStats = getProjectStats(file);
+    if (projectStats.isFile()) {
+        let newPath = path.resolve(file);
+        return path.dirname(newPath);
+    }
+    if (projectStats.isDirectory()) {
+        return file;
+    }
+};
+const getProjectStats = file => {
     try {
-        projectStats = fs.statSync(file);
+        if (file.endsWith('/')) {
+            file = file.slice(0, -1);
+        }
+        return fs.statSync(file);
     }
     catch (err) {
         throw new Error(i18n.__('languageAnalysisProjectRootFileNameFailure', file) +
             `${err.message}`);
     }
-    if (projectStats.isDirectory()) {
-        try {
-            return fs.readdirSync(file);
-        }
-        catch (err) {
-            throw new Error(i18n.__('languageAnalysisProjectRootFileNameReadError', file) +
-                `${err.message}`);
-        }
-    }
-    if (projectStats.isFile()) {
-        return [path.basename(file)];
-    }
-    throw new Error(i18n.__('languageAnalysisProjectRootFileNameMissingError'), file);
 };
 module.exports = {
-    getProjectRootFilenames
+    getProjectStats,
+    getDirectoryFromPathGiven: getDirectoryFromPathGiven
 };

package/dist/commands/scan/sca/scaAnalysis.js

@@ -15,16 +15,20 @@ const i18n = require('i18n');
 const { vulnerabilityReportV2 } = require('../../../audit/languageAnalysisEngine/report/reportingFeature');
 const auditSave = require('../../../audit/save');
 const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet');
+const rootFile = require('../../../audit/languageAnalysisEngine/getProjectRootFilenames');
+const path = require('path');
 const processSca = async (config) => {
     const startTime = performance.now();
     let filesFound;
-    if (config.file) {
-        config.file = config.file.concat('/');
-        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
-    }
-    else {
-        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(undefined);
-        config.file = process.cwd().concat('/');
+    const projectStats = await rootFile.getProjectStats(config.file);
+    let pathWithFile = projectStats.isFile();
+    let fileName = config.file;
+    config.file = pathWithFile
+        ? rootFile.getDirectoryFromPathGiven(config.file).concat('/')
+        : config.file;
+    filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
+    if (filesFound.length > 1 && pathWithFile) {
+        filesFound = filesFound.filter(i => Object.values(i)[0].includes(path.basename(fileName)));
     }
     let messageToSend = undefined;
     if (filesFound.length === 1) {

package/dist/common/errorHandling.js

@@ -48,8 +48,8 @@ const reportFailureError = () => {
 };
 exports.reportFailureError = reportFailureError;
 const genericError = (missingCliOption) => {
-    console.log(`*************************** ${i18n_1.default.__('yamlMissingParametersHeader')} ***************************\n${missingCliOption}`);
-    console.error(i18n_1.default.__('yamlMissingParametersMessage'));
+    console.log(missingCliOption);
+    console.error(i18n_1.default.__('genericErrorMessage'));
     process.exit(1);
 };
 exports.genericError = genericError;

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.9';
+const APP_VERSION = '1.0.10';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';

package/dist/constants/locales.js

@@ -16,7 +16,7 @@ const en_locales = () => {
         languageAnalysisFactoryFailureHeader: 'FAIL',
         libraryAnalysisError: 'Please ensure the language parameter is set in accordance to the language specified on the project path.\nContrast CLI must be run in the same directory as the project manifest file OR the project_path parameter must be used to identify the directory containing the project manifest file.\n\nFor further information please read our usage guide, which can be accessed with the following command:\n\ncontrast-cli --help',
         yamlMissingParametersHeader: 'Missing Parameters',
-        yamlMissingParametersMessage: 'The following parameters are required: \n \norganization-id \napi-key \nauthorization \nhost \nlanguage \n \nThey must be specified as a command line argument. \nFor further information please read our usage guide, which can be accessed with the following command:\ncontrast audit --help',
+        genericErrorMessage: 'An error has occur please check your command again. For more information use the --help commands.',
         unauthenticatedErrorHeader: '401 error - Unauthenticated',
         unauthenticatedErrorMessage: 'Please check the following keys are correct:\n--organization-id, --api-key or --authorization',
         badRequestErrorHeader: '400 error - Bad Request',
@@ -45,7 +45,7 @@ const en_locales = () => {
         languageAnalysisProjectRootFileNameMissingError: "%s isn't a file or directory",
         languageAnalysisProjectRootFileNameFailure: 'Failed to get information about the file or directory @ %s because: ',
         languageAnalysisFailure: ' analysis failed because: ',
-        languageAnalysisNoLanguage: 'We cannot detect a project, use --f <path> to specify a file or folder to analyze.',
+        languageAnalysisNoLanguage: 'We cannot detect a project, use -f <path> to specify a file or folder to analyze.',
         languageAnalysisNoLanguageHelpLine: `${chalk.bold('contrast audit --help')} for more information.`,
         NodeAnalysisFailure: 'NODE analysis failed because: ',
         phpAnalysisFailure: 'PHP analysis failed because: ',
@@ -97,8 +97,12 @@ const en_locales = () => {
         constantsSeverity: 'Allows the user to report libraries with vulnerabilities above a chosen severity level. For example, cve_severity medium only reports libraries with vulnerabilities at medium or higher severity. Values for level are high, medium or low.',
         constantsCount: 'The number of CVEs that must be exceeded to fail a build',
         constantsHeader: 'CodeSec by Contrast Security',
+        configHeader2: 'Config options',
+        clearHeader: '-c, --clear',
+        clearContent: 'Removes stored credentials',
         constantsPrerequisitesContentScanLanguages: 'Java, Javascript and .NET supported',
-        constantsContrastContent: "Use the 'contrast' command for fast and accurate security analysis of your applications and APIs (Java, JavaScript and .NET ) as well as serverless functions (AWS lambda, Java and Python).",
+        constantsContrastContent: 'Use the ‘contrast’ command for fast and accurate security analysis of your applications, APIs, serverless functions, and libraries.',
+        constantsContrastCategories: '\n Code: Java, .NET, .NET Core, JavaScript\n Serverless: AWS Lambda - Java, Python\n Libraries: Java, .NET, Node, Ruby, Python, Go, PHP\n',
         constantsUsageGuideContentRecommendation: 'Our recommendation is that this is invoked as part of a CI pipeline so that running the cli is automated as part of your build process.',
         constantsPrerequisitesHeader: 'Pre-requisites',
         constantsAuthUsageHeader: 'Usage',
@@ -187,12 +191,14 @@ const en_locales = () => {
         permissionsError: 'You do not have the correct permissions here. \n Contact support@contrastsecurity.com to get this fixed.',
         scanErrorFileMessage: 'We only accept the following file types: \nJava - .jar, .war \nJavaScript - .js or .zip files',
         helpAuthSummary: 'Authenticate Contrast using your Github or Google account',
-        helpScanSummary: 'Perform static analysis on binaries / code artifacts',
-        helpLambdaSummary: 'Perform scan on AWS Lambda functions',
+        helpAuditSummary: 'Searches for a suitable file in the working directory to perform a security audit of dependencies and returns the results. [Contrast audit --help (for options).]',
+        helpScanSummary: 'Searches for a .jar, .war, .js, or .zip file in the working directory, uploads files for analysis, and returns the results. [For further help/options, enter scan --help]',
+        helpLambdaSummary: 'Performs a static security scan on an AWS lambda function. lambda --help (for options)',
         helpVersionSummary: 'Displays version of Contrast CLI',
         helpConfigSummary: 'Displays stored credentials',
         helpSummary: 'Displays usage guide',
         authName: 'auth',
+        auditName: 'audit',
         scanName: 'scan',
         lambdaName: 'lambda',
         versionName: 'version',
@@ -205,8 +211,7 @@ const en_locales = () => {
         scanOptionsFileNameSummary: 'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .exe or .zip file in the working directory.',
         scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
         authSuccessMessage: 'Authentication successful',
-        runAuthSuccessMessage: "Now you can use Contrast CLI \nRun 'contrast scan' on your file \n" +
-            "or 'contrast help' to learn more about the capabilities.",
+        runAuthSuccessMessage: "Now you can use CodeSec by Contrast \nRun: \n'contrast scan' on your file \n'contrast audit' on a file or directory,\n'contrast lambda' on an AWS function.\nor 'contrast help' to learn more about the capabilities.",
         authWaitingMessage: 'Waiting for auth...',
         authTimedOutMessage: 'Auth Timed out, try again',
         zipErrorScan: 'We only support zip files for JAVASCRIPT language, please set the flag --language JAVASCRIPT',
@@ -228,7 +233,7 @@ const en_locales = () => {
         lambdaPrerequisitesContent: '',
         lambdaPrerequisitesContentLambdaLanguages: 'Supported runtimes: Java & Python',
         lambdaPrerequisitesContentLambdaDescriptionTitle: 'AWS Requirements\n',
-        lambdaPrerequisitesContentLambdaDescription: 'Make sure you have the AWS credentials configured on your local environment. \nYou need the following AWS permissions configured on your IAM user:\n   - Lambda: GetFunction, GetLayerVersionֿ\n   - IAM: GetRolePolicy, GetPolicy, GetPolicyVersion, ListRolePolicies, ListAttachedRolePolicies',
+        lambdaPrerequisitesContentLambdaDescription: 'Make sure you have the AWS credentials configured on your local environment. \nYou need the following AWS permissions configured on your IAM user:\n   - Lambda: GetFunction, GetLayerVersion, ListFunctions\n   - IAM: GetRolePolicy, GetPolicy, GetPolicyVersion, ListRolePolicies, ListAttachedRolePolicies',
         scanFileNameOption: '-f, --file',
         lambdaFunctionNameOption: '-f, --function-name',
         lambdaListFunctionsOption: '-l, --list-functions',

package/dist/constants.js

@@ -189,7 +189,7 @@ const auditOptionDefinitions = [
     {
         name: 'file',
         alias: 'f',
-        defaultValue: process.cwd(),
+        defaultValue: process.cwd().concat('/'),
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
@@ -307,7 +307,10 @@ const auditOptionDefinitions = [
 const mainUsageGuide = commandLineUsage([
     {
         header: i18n.__('constantsHeader'),
-        content: [i18n.__('constantsContrastContent')]
+        content: [
+            i18n.__('constantsContrastContent'),
+            i18n.__('constantsContrastCategories')
+        ]
     },
     {
         header: i18n.__('constantsUsage'),
@@ -319,6 +322,7 @@ const mainUsageGuide = commandLineUsage([
             { name: i18n.__('authName'), summary: i18n.__('helpAuthSummary') },
             { name: i18n.__('scanName'), summary: i18n.__('helpScanSummary') },
             { name: i18n.__('lambdaName'), summary: i18n.__('helpLambdaSummary') },
+            { name: i18n.__('auditName'), summary: i18n.__('helpAuditSummary') },
             { name: i18n.__('versionName'), summary: i18n.__('helpVersionSummary') },
             { name: i18n.__('configName'), summary: i18n.__('helpConfigSummary') },
             { name: i18n.__('helpName'), summary: i18n.__('helpSummary') }
@@ -326,6 +330,12 @@ const mainUsageGuide = commandLineUsage([
     },
     {
         content: '{underline https://developer.contrastsecurity.com/} \n For technical support head to {underline https://support.contrastsecurity.com}'
+    },
+    {
+        header: i18n.__('configHeader2'),
+        content: [
+            { name: i18n.__('clearHeader'), summary: i18n.__('clearContent') }
+        ]
     }
 ]);
 const mainDefinition = [{ name: 'command', defaultOption: true }];

package/dist/scaAnalysis/javascript/index.js

@@ -4,6 +4,9 @@ const i18n = require('i18n');
 const formatMessage = require('../common/formatMessage');
 const jsAnalysis = async (config, languageFiles) => {
     checkForCorrectFiles(languageFiles);
+    if (!config.file.endsWith('/')) {
+        config.file = config.file.concat('/');
+    }
     return buildNodeTree(config, languageFiles.JAVASCRIPT);
 };
 const buildNodeTree = async (config, files) => {

package/dist/scan/autoDetection.js

@@ -2,6 +2,7 @@
 const i18n = require('i18n');
 const fileFinder = require('./fileUtils');
 const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames');
+const path = require('path');
 const autoDetectFileAndLanguage = async (configToUse) => {
     const entries = await fileFinder.findFile();
     if (entries.length === 1) {
@@ -23,16 +24,9 @@ const autoDetectFileAndLanguage = async (configToUse) => {
         errorOnFileDetection(entries);
     }
 };
-const autoDetectAuditFilesAndLanguages = async (file) => {
-    const filePath = file;
+const autoDetectAuditFilesAndLanguages = async (filePath) => {
     let languagesFound = [];
-    if (filePath) {
-        rootFile.getProjectRootFilenames(filePath);
-        console.log(i18n.__('searchingAuditFileDirectory', filePath));
-    }
-    else {
-        console.log(i18n.__('searchingAuditFileDirectory', process.cwd()));
-    }
+    console.log(i18n.__('searchingAuditFileDirectory', filePath));
     await fileFinder.findFilesJava(languagesFound, filePath);
     await fileFinder.findFilesJavascript(languagesFound, filePath);
     await fileFinder.findFilesPython(languagesFound, filePath);
@@ -40,12 +34,10 @@ const autoDetectAuditFilesAndLanguages = async (file) => {
     await fileFinder.findFilesPhp(languagesFound, filePath);
     await fileFinder.findFilesRuby(languagesFound, filePath);
     await fileFinder.findFilesDotNet(languagesFound, filePath);
-    if (languagesFound.length <= 1) {
+    if (languagesFound) {
         return languagesFound;
     }
-    else {
-        console.log('found multiple languages, please specify one using --file to run SCA audit');
-    }
+    return [];
 };
 const hasWhiteSpace = s => {
     const filename = s.split('/').pop();

package/dist/utils/commonApi.js

@@ -18,7 +18,7 @@ const handleResponseErrors = (res, api) => {
         maxAppError();
     }
     else {
-        genericError();
+        genericError(res);
     }
 };
 const getProtocol = host => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.9",
+  "version": "1.0.10",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {

package/src/audit/languageAnalysisEngine/getProjectRootFilenames.js

@@ -2,42 +2,35 @@ const fs = require('fs')
 const path = require('path')
 const i18n = require('i18n')
 
-const getProjectRootFilenames = file => {
-  let projectStats = null
+const getDirectoryFromPathGiven = file => {
+  let projectStats = getProjectStats(file)
+
+  if (projectStats.isFile()) {
+    let newPath = path.resolve(file)
+    return path.dirname(newPath)
+  }
+
+  if (projectStats.isDirectory()) {
+    return file
+  }
+}
+
+const getProjectStats = file => {
   try {
-    projectStats = fs.statSync(file)
+    //might not need this
+    if (file.endsWith('/')) {
+      file = file.slice(0, -1)
+    }
+    return fs.statSync(file)
   } catch (err) {
     throw new Error(
       i18n.__('languageAnalysisProjectRootFileNameFailure', file) +
         `${err.message}`
     )
   }
-
-  // Return the contents of a directory...
-  if (projectStats.isDirectory()) {
-    try {
-      return fs.readdirSync(file)
-    } catch (err) {
-      throw new Error(
-        i18n.__('languageAnalysisProjectRootFileNameReadError', file) +
-          `${err.message}`
-      )
-    }
-  }
-
-  // If we are working with a file return it in a list as we do when we work
-  // with a directory...
-  if (projectStats.isFile()) {
-    return [path.basename(file)]
-  }
-
-  // Error out if we are working with something like a socket file or some
-  // other craziness...
-  throw new Error(
-    i18n.__('languageAnalysisProjectRootFileNameMissingError'),
-    file
-  )
 }
+
 module.exports = {
-  getProjectRootFilenames
+  getProjectStats,
+  getDirectoryFromPathGiven: getDirectoryFromPathGiven
 }

package/src/commands/scan/sca/scaAnalysis.js

@@ -24,17 +24,26 @@ const {
 } = require('../../../audit/languageAnalysisEngine/report/reportingFeature')
 const auditSave = require('../../../audit/save')
 const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet')
+const rootFile = require('../../../audit/languageAnalysisEngine/getProjectRootFilenames')
+const path = require('path')
 const processSca = async config => {
   const startTime = performance.now()
   let filesFound
-  if (config.file) {
-    config.file = config.file.concat('/')
-    filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(
-      config.file
+
+  const projectStats = await rootFile.getProjectStats(config.file)
+  let pathWithFile = projectStats.isFile()
+
+  let fileName = config.file
+  config.file = pathWithFile
+    ? rootFile.getDirectoryFromPathGiven(config.file).concat('/')
+    : config.file
+
+  filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file)
+
+  if (filesFound.length > 1 && pathWithFile) {
+    filesFound = filesFound.filter(i =>
+      Object.values(i)[0].includes(path.basename(fileName))
     )
-  } else {
-    filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(undefined)
-    config.file = process.cwd().concat('/')
   }
 
   // files found looks like [ { javascript: [ Array ] } ]

package/src/common/errorHandling.ts

@@ -39,9 +39,8 @@ const reportFailureError = () => {
 }
 
 const genericError = (missingCliOption: string) => {
-  // prettier-ignore
-  console.log(`*************************** ${i18n.__('yamlMissingParametersHeader')} ***************************\n${missingCliOption}`)
-  console.error(i18n.__('yamlMissingParametersMessage'))
+  console.log(missingCliOption)
+  console.error(i18n.__('genericErrorMessage'))
   process.exit(1)
 }
 

package/src/constants/constants.js

@@ -14,7 +14,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 // App
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.9'
+const APP_VERSION = '1.0.10'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'

package/src/constants/locales.js

@@ -20,8 +20,8 @@ const en_locales = () => {
     libraryAnalysisError:
       'Please ensure the language parameter is set in accordance to the language specified on the project path.\nContrast CLI must be run in the same directory as the project manifest file OR the project_path parameter must be used to identify the directory containing the project manifest file.\n\nFor further information please read our usage guide, which can be accessed with the following command:\n\ncontrast-cli --help',
     yamlMissingParametersHeader: 'Missing Parameters',
-    yamlMissingParametersMessage:
-      'The following parameters are required: \n \norganization-id \napi-key \nauthorization \nhost \nlanguage \n \nThey must be specified as a command line argument. \nFor further information please read our usage guide, which can be accessed with the following command:\ncontrast audit --help',
+    genericErrorMessage:
+      'An error has occur please check your command again. For more information use the --help commands.',
     unauthenticatedErrorHeader: '401 error - Unauthenticated',
     unauthenticatedErrorMessage:
       'Please check the following keys are correct:\n--organization-id, --api-key or --authorization',
@@ -67,7 +67,7 @@ const en_locales = () => {
       'Failed to get information about the file or directory @ %s because: ',
     languageAnalysisFailure: ' analysis failed because: ',
     languageAnalysisNoLanguage:
-      'We cannot detect a project, use --f <path> to specify a file or folder to analyze.',
+      'We cannot detect a project, use -f <path> to specify a file or folder to analyze.',
     languageAnalysisNoLanguageHelpLine: `${chalk.bold(
       'contrast audit --help'
     )} for more information.`,
@@ -148,10 +148,15 @@ const en_locales = () => {
       'Allows the user to report libraries with vulnerabilities above a chosen severity level. For example, cve_severity medium only reports libraries with vulnerabilities at medium or higher severity. Values for level are high, medium or low.',
     constantsCount: 'The number of CVEs that must be exceeded to fail a build',
     constantsHeader: 'CodeSec by Contrast Security',
+    configHeader2: 'Config options',
+    clearHeader: '-c, --clear',
+    clearContent: 'Removes stored credentials',
     constantsPrerequisitesContentScanLanguages:
       'Java, Javascript and .NET supported',
     constantsContrastContent:
-      "Use the 'contrast' command for fast and accurate security analysis of your applications and APIs (Java, JavaScript and .NET ) as well as serverless functions (AWS lambda, Java and Python).",
+      'Use the ‘contrast’ command for fast and accurate security analysis of your applications, APIs, serverless functions, and libraries.',
+    constantsContrastCategories:
+      '\n Code: Java, .NET, .NET Core, JavaScript\n Serverless: AWS Lambda - Java, Python\n Libraries: Java, .NET, Node, Ruby, Python, Go, PHP\n',
     constantsUsageGuideContentRecommendation:
       'Our recommendation is that this is invoked as part of a CI pipeline so that running the cli is automated as part of your build process.',
     constantsPrerequisitesHeader: 'Pre-requisites',
@@ -282,12 +287,17 @@ const en_locales = () => {
       'We only accept the following file types: \nJava - .jar, .war \nJavaScript - .js or .zip files',
     helpAuthSummary:
       'Authenticate Contrast using your Github or Google account',
-    helpScanSummary: 'Perform static analysis on binaries / code artifacts',
-    helpLambdaSummary: 'Perform scan on AWS Lambda functions',
+    helpAuditSummary:
+      'Searches for a suitable file in the working directory to perform a security audit of dependencies and returns the results. [Contrast audit --help (for options).]',
+    helpScanSummary:
+      'Searches for a .jar, .war, .js, or .zip file in the working directory, uploads files for analysis, and returns the results. [For further help/options, enter scan --help]',
+    helpLambdaSummary:
+      'Performs a static security scan on an AWS lambda function. lambda --help (for options)',
     helpVersionSummary: 'Displays version of Contrast CLI',
     helpConfigSummary: 'Displays stored credentials',
     helpSummary: 'Displays usage guide',
     authName: 'auth',
+    auditName: 'audit',
     scanName: 'scan',
     lambdaName: 'lambda',
     versionName: 'version',
@@ -305,8 +315,7 @@ const en_locales = () => {
     scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
     authSuccessMessage: 'Authentication successful',
     runAuthSuccessMessage:
-      "Now you can use Contrast CLI \nRun 'contrast scan' on your file \n" +
-      "or 'contrast help' to learn more about the capabilities.",
+      "Now you can use CodeSec by Contrast \nRun: \n'contrast scan' on your file \n'contrast audit' on a file or directory,\n'contrast lambda' on an AWS function.\nor 'contrast help' to learn more about the capabilities.",
     authWaitingMessage: 'Waiting for auth...',
     authTimedOutMessage: 'Auth Timed out, try again',
     zipErrorScan:
@@ -334,7 +343,7 @@ const en_locales = () => {
       'Supported runtimes: Java & Python',
     lambdaPrerequisitesContentLambdaDescriptionTitle: 'AWS Requirements\n',
     lambdaPrerequisitesContentLambdaDescription:
-      'Make sure you have the AWS credentials configured on your local environment. \nYou need the following AWS permissions configured on your IAM user:\n   - Lambda: GetFunction, GetLayerVersionֿ\n   - IAM: GetRolePolicy, GetPolicy, GetPolicyVersion, ListRolePolicies, ListAttachedRolePolicies',
+      'Make sure you have the AWS credentials configured on your local environment. \nYou need the following AWS permissions configured on your IAM user:\n   - Lambda: GetFunction, GetLayerVersion, ListFunctions\n   - IAM: GetRolePolicy, GetPolicy, GetPolicyVersion, ListRolePolicies, ListAttachedRolePolicies',
     scanFileNameOption: '-f, --file',
     lambdaFunctionNameOption: '-f, --function-name',
     lambdaListFunctionsOption: '-l, --list-functions',

package/src/constants.js

@@ -213,7 +213,7 @@ const auditOptionDefinitions = [
   {
     name: 'file',
     alias: 'f',
-    defaultValue: process.cwd(),
+    defaultValue: process.cwd().concat('/'),
     description:
       '{bold ' +
       i18n.__('constantsOptional') +
@@ -347,7 +347,10 @@ const auditOptionDefinitions = [
 const mainUsageGuide = commandLineUsage([
   {
     header: i18n.__('constantsHeader'),
-    content: [i18n.__('constantsContrastContent')]
+    content: [
+      i18n.__('constantsContrastContent'),
+      i18n.__('constantsContrastCategories')
+    ]
   },
   {
     header: i18n.__('constantsUsage'),
@@ -359,6 +362,7 @@ const mainUsageGuide = commandLineUsage([
       { name: i18n.__('authName'), summary: i18n.__('helpAuthSummary') },
       { name: i18n.__('scanName'), summary: i18n.__('helpScanSummary') },
       { name: i18n.__('lambdaName'), summary: i18n.__('helpLambdaSummary') },
+      { name: i18n.__('auditName'), summary: i18n.__('helpAuditSummary') },
       { name: i18n.__('versionName'), summary: i18n.__('helpVersionSummary') },
       { name: i18n.__('configName'), summary: i18n.__('helpConfigSummary') },
       { name: i18n.__('helpName'), summary: i18n.__('helpSummary') }
@@ -367,6 +371,12 @@ const mainUsageGuide = commandLineUsage([
   {
     content:
       '{underline https://developer.contrastsecurity.com/} \n For technical support head to {underline https://support.contrastsecurity.com}'
+  },
+  {
+    header: i18n.__('configHeader2'),
+    content: [
+      { name: i18n.__('clearHeader'), summary: i18n.__('clearContent') }
+    ]
   }
 ])
 

package/src/scaAnalysis/javascript/index.js

@@ -5,6 +5,9 @@ const formatMessage = require('../common/formatMessage')
 const jsAnalysis = async (config, languageFiles) => {
   checkForCorrectFiles(languageFiles)
 
+  if (!config.file.endsWith('/')) {
+    config.file = config.file.concat('/')
+  }
   return buildNodeTree(config, languageFiles.JAVASCRIPT)
 }
 const buildNodeTree = async (config, files) => {

package/src/scan/autoDetection.js

@@ -1,6 +1,7 @@
 const i18n = require('i18n')
 const fileFinder = require('./fileUtils')
 const rootFile = require('../audit/languageAnalysisEngine/getProjectRootFilenames')
+const path = require('path')
 
 const autoDetectFileAndLanguage = async configToUse => {
   const entries = await fileFinder.findFile()
@@ -27,16 +28,10 @@ const autoDetectFileAndLanguage = async configToUse => {
   }
 }
 
-const autoDetectAuditFilesAndLanguages = async file => {
-  const filePath = file
+const autoDetectAuditFilesAndLanguages = async filePath => {
   let languagesFound = []
 
-  if (filePath) {
-    rootFile.getProjectRootFilenames(filePath)
-    console.log(i18n.__('searchingAuditFileDirectory', filePath))
-  } else {
-    console.log(i18n.__('searchingAuditFileDirectory', process.cwd()))
-  }
+  console.log(i18n.__('searchingAuditFileDirectory', filePath))
 
   await fileFinder.findFilesJava(languagesFound, filePath)
   await fileFinder.findFilesJavascript(languagesFound, filePath)
@@ -46,13 +41,11 @@ const autoDetectAuditFilesAndLanguages = async file => {
   await fileFinder.findFilesRuby(languagesFound, filePath)
   await fileFinder.findFilesDotNet(languagesFound, filePath)
 
-  if (languagesFound.length <= 1) {
+  if (languagesFound) {
     return languagesFound
-  } else {
-    console.log(
-      'found multiple languages, please specify one using --file to run SCA audit'
-    )
   }
+
+  return []
 }
 
 const hasWhiteSpace = s => {

package/src/utils/commonApi.js

@@ -20,7 +20,7 @@ const handleResponseErrors = (res, api) => {
   } else if (res.statusCode === 412) {
     maxAppError()
   } else {
-    genericError()
+    genericError(res)
   }
 }