Coverage Report - org.owasp.dependencycheck.CliParser
 
Classes in this File Line Coverage Branch Coverage Complexity
CliParser
71%
259/363
25%
46/180
2.452
CliParser$ARGUMENT
0%
0/1
N/A
N/A
2.452
 
 1   
 /*
 2   
  * This file is part of dependency-check-cli.
 3   
  *
 4   
  * Licensed under the Apache License, Version 2.0 (the "License");
 5   
  * you may not use this file except in compliance with the License.
 6   
  * You may obtain a copy of the License at
 7   
  *
 8   
  *     http://www.apache.org/licenses/LICENSE-2.0
 9   
  *
 10   
  * Unless required by applicable law or agreed to in writing, software
 11   
  * distributed under the License is distributed on an "AS IS" BASIS,
 12   
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13   
  * See the License for the specific language governing permissions and
 14   
  * limitations under the License.
 15   
  *
 16   
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
 17   
  */
 18   
 package org.owasp.dependencycheck;
 19   
 
 20   
 import java.io.File;
 21   
 import java.io.FileNotFoundException;
 22   
 
 23   
 import org.apache.commons.cli.CommandLine;
 24   
 import org.apache.commons.cli.CommandLineParser;
 25   
 import org.apache.commons.cli.DefaultParser;
 26   
 import org.apache.commons.cli.HelpFormatter;
 27   
 import org.apache.commons.cli.Option;
 28   
 import org.apache.commons.cli.OptionGroup;
 29   
 import org.apache.commons.cli.Options;
 30   
 import org.apache.commons.cli.ParseException;
 31   
 import org.owasp.dependencycheck.reporting.ReportGenerator.Format;
 32   
 import org.owasp.dependencycheck.utils.InvalidSettingException;
 33   
 import org.owasp.dependencycheck.utils.Settings;
 34   
 import org.slf4j.Logger;
 35   
 import org.slf4j.LoggerFactory;
 36   
 
 37   
 /**
 38   
  * A utility to parse command line arguments for the DependencyCheck.
 39   
  *
 40   
  * @author Jeremy Long
 41   
  */
 42  9 
 public final class CliParser {
 43   
 
 44   
     /**
 45   
      * The logger.
 46   
      */
 47  1 
     private static final Logger LOGGER = LoggerFactory.getLogger(CliParser.class);
 48   
     /**
 49   
      * The command line.
 50   
      */
 51   
     private CommandLine line;
 52   
     /**
 53   
      * Indicates whether the arguments are valid.
 54   
      */
 55  9 
     private boolean isValid = true;
 56   
 
 57   
     /**
 58   
      * Parses the arguments passed in and captures the results for later use.
 59   
      *
 60   
      * @param args the command line arguments
 61   
      * @throws FileNotFoundException is thrown when a 'file' argument does not point to a file that exists.
 62   
      * @throws ParseException is thrown when a Parse Exception occurs.
 63   
      */
 64   
     public void parse(String[] args) throws FileNotFoundException, ParseException {
 65  9 
         line = parseArgs(args);
 66   
 
 67  7 
         if (line != null) {
 68  7 
             validateArgs();
 69   
         }
 70  6 
     }
 71   
 
 72   
     /**
 73   
      * Parses the command line arguments.
 74   
      *
 75   
      * @param args the command line arguments
 76   
      * @return the results of parsing the command line arguments
 77   
      * @throws ParseException if the arguments are invalid
 78   
      */
 79   
     private CommandLine parseArgs(String[] args) throws ParseException {
 80  9 
         final CommandLineParser parser = new DefaultParser();
 81  9 
         final Options options = createCommandLineOptions();
 82  9 
         return parser.parse(options, args);
 83   
     }
 84   
 
 85   
     /**
 86   
      * Validates that the command line arguments are valid.
 87   
      *
 88   
      * @throws FileNotFoundException if there is a file specified by either the SCAN or CPE command line arguments that does not
 89   
      * exist.
 90   
      * @throws ParseException is thrown if there is an exception parsing the command line.
 91   
      */
 92   
     private void validateArgs() throws FileNotFoundException, ParseException {
 93  7 
         if (isUpdateOnly() || isRunScan()) {
 94  2 
             final String value = line.getOptionValue(ARGUMENT.CVE_VALID_FOR_HOURS);
 95  2 
             if (value != null) {
 96   
                 try {
 97  0 
                     final int i = Integer.parseInt(value);
 98  0 
                     if (i < 0) {
 99  0 
                         throw new ParseException("Invalid Setting: cveValidForHours must be a number greater than or equal to 0.");
 100   
                     }
 101  0 
                 } catch (NumberFormatException ex) {
 102  0 
                     throw new ParseException("Invalid Setting: cveValidForHours must be a number greater than or equal to 0.");
 103  0 
                 }
 104   
             }
 105   
         }
 106  7 
         if (isRunScan()) {
 107  2 
             validatePathExists(getScanFiles(), ARGUMENT.SCAN);
 108  1 
             validatePathExists(getReportDirectory(), ARGUMENT.OUT);
 109  1 
             if (getPathToMono() != null) {
 110  0 
                 validatePathExists(getPathToMono(), ARGUMENT.PATH_TO_MONO);
 111   
             }
 112  1 
             if (!line.hasOption(ARGUMENT.APP_NAME) && !line.hasOption(ARGUMENT.PROJECT)) {
 113  0 
                 throw new ParseException("Missing '" + ARGUMENT.PROJECT + "' argument; the scan cannot be run without the an project name.");
 114   
             }
 115  1 
             if (line.hasOption(ARGUMENT.OUTPUT_FORMAT)) {
 116  0 
                 final String format = line.getOptionValue(ARGUMENT.OUTPUT_FORMAT);
 117   
                 try {
 118  0 
                     Format.valueOf(format);
 119  0 
                 } catch (IllegalArgumentException ex) {
 120  0 
                     final String msg = String.format("An invalid 'format' of '%s' was specified. "
 121   
                             + "Supported output formats are XML, HTML, VULN, or ALL", format);
 122  0 
                     throw new ParseException(msg);
 123  0 
                 }
 124   
             }
 125  1 
             if ((getBaseCve12Url() != null || getBaseCve20Url() != null || getModifiedCve12Url() != null || getModifiedCve20Url() != null)
 126  0 
                     && (getBaseCve12Url() == null || getBaseCve20Url() == null || getModifiedCve12Url() == null || getModifiedCve20Url() == null)) {
 127  0 
                 final String msg = "If one of the CVE URLs is specified they must all be specified; please add the missing CVE URL.";
 128  0 
                 throw new ParseException(msg);
 129   
             }
 130  1 
             if (line.hasOption((ARGUMENT.SYM_LINK_DEPTH))) {
 131   
                 try {
 132  0 
                     final int i = Integer.parseInt(line.getOptionValue(ARGUMENT.SYM_LINK_DEPTH));
 133  0 
                     if (i < 0) {
 134  0 
                         throw new ParseException("Symbolic Link Depth (symLink) must be greater than zero.");
 135   
                     }
 136  0 
                 } catch (NumberFormatException ex) {
 137  0 
                     throw new ParseException("Symbolic Link Depth (symLink) is not a number.");
 138  0 
                 }
 139   
             }
 140   
         }
 141  6 
     }
 142   
 
 143   
     /**
 144   
      * Validates whether or not the path(s) points at a file that exists; if the path(s) does not point to an existing file a
 145   
      * FileNotFoundException is thrown.
 146   
      *
 147   
      * @param paths the paths to validate if they exists
 148   
      * @param optType the option being validated (e.g. scan, out, etc.)
 149   
      * @throws FileNotFoundException is thrown if one of the paths being validated does not exist.
 150   
      */
 151   
     private void validatePathExists(String[] paths, String optType) throws FileNotFoundException {
 152  3 
         for (String path : paths) {
 153  2 
             validatePathExists(path, optType);
 154   
         }
 155  1 
     }
 156   
 
 157   
     /**
 158   
      * Validates whether or not the path points at a file that exists; if the path does not point to an existing file a
 159   
      * FileNotFoundException is thrown.
 160   
      *
 161   
      * @param path the paths to validate if they exists
 162   
      * @param argumentName the argument being validated (e.g. scan, out, etc.)
 163   
      * @throws FileNotFoundException is thrown if the path being validated does not exist.
 164   
      */
 165   
     private void validatePathExists(String path, String argumentName) throws FileNotFoundException {
 166  3 
         if (path == null) {
 167  0 
             isValid = false;
 168  0 
             final String msg = String.format("Invalid '%s' argument: null", argumentName);
 169  0 
             throw new FileNotFoundException(msg);
 170  3 
         } else if (!path.contains("*") && !path.contains("?")) {
 171  3 
             File f = new File(path);
 172  3 
             if ("o".equalsIgnoreCase(argumentName.substring(0, 1)) && !"ALL".equalsIgnoreCase(this.getReportFormat())) {
 173  1 
                 final String checkPath = path.toLowerCase();
 174  1 
                 if (checkPath.endsWith(".html") || checkPath.endsWith(".xml") || checkPath.endsWith(".htm")) {
 175  0 
                     if (f.getParentFile() == null) {
 176  0 
                         f = new File(".", path);
 177   
                     }
 178  0 
                     if (!f.getParentFile().isDirectory()) {
 179  0 
                         isValid = false;
 180  0 
                         final String msg = String.format("Invalid '%s' argument: '%s'", argumentName, path);
 181  0 
                         throw new FileNotFoundException(msg);
 182   
                     }
 183   
                 }
 184  1 
             } else {
 185  2 
                 if (!f.exists()) {
 186  1 
                     isValid = false;
 187  1 
                     final String msg = String.format("Invalid '%s' argument: '%s'", argumentName, path);
 188  1 
                     throw new FileNotFoundException(msg);
 189   
                 }
 190   
             }
 191  2 
         } else if (path.startsWith("//") || path.startsWith("\\\\")) {
 192  0 
             isValid = false;
 193  0 
             final String msg = String.format("Invalid '%s' argument: '%s'%nUnable to scan paths that start with '//'.", argumentName, path);
 194  0 
             throw new FileNotFoundException(msg);
 195   
         }
 196  2 
     }
 197   
 
 198   
     /**
 199   
      * Generates an Options collection that is used to parse the command line and to display the help message.
 200   
      *
 201   
      * @return the command line options used for parsing the command line
 202   
      */
 203   
     @SuppressWarnings("static-access")
 204   
     private Options createCommandLineOptions() {
 205  9 
         final Options options = new Options();
 206  9 
         addStandardOptions(options);
 207  9 
         addAdvancedOptions(options);
 208  9 
         addDeprecatedOptions(options);
 209  9 
         return options;
 210   
     }
 211   
 
 212   
     /**
 213   
      * Adds the standard command line options to the given options collection.
 214   
      *
 215   
      * @param options a collection of command line arguments
 216   
      * @throws IllegalArgumentException thrown if there is an exception
 217   
      */
 218   
     @SuppressWarnings("static-access")
 219   
     private void addStandardOptions(final Options options) throws IllegalArgumentException {
 220  11 
         final Option help = new Option(ARGUMENT.HELP_SHORT, ARGUMENT.HELP, false,
 221   
                 "Print this message.");
 222   
 
 223  11 
         final Option advancedHelp = Option.builder().longOpt(ARGUMENT.ADVANCED_HELP)
 224  11 
                 .desc("Print the advanced help message.").build();
 225   
 
 226  11 
         final Option version = new Option(ARGUMENT.VERSION_SHORT, ARGUMENT.VERSION,
 227   
                 false, "Print the version information.");
 228   
 
 229  11 
         final Option noUpdate = new Option(ARGUMENT.DISABLE_AUTO_UPDATE_SHORT, ARGUMENT.DISABLE_AUTO_UPDATE,
 230   
                 false, "Disables the automatic updating of the CPE data.");
 231   
 
 232  11 
         final Option projectName = Option.builder().hasArg().argName("name").longOpt(ARGUMENT.PROJECT)
 233  11 
                 .desc("The name of the project being scanned. This is a required argument.")
 234  11 
                 .build();
 235   
 
 236  11 
         final Option path = Option.builder(ARGUMENT.SCAN_SHORT).argName("path").hasArg().longOpt(ARGUMENT.SCAN)
 237  11 
                 .desc("The path to scan - this option can be specified multiple times. Ant style"
 238   
                         + " paths are supported (e.g. path/**/*.jar).")
 239  11 
                 .build();
 240   
 
 241  11 
         final Option excludes = Option.builder().argName("pattern").hasArg().longOpt(ARGUMENT.EXCLUDE)
 242  11 
                 .desc("Specify and exclusion pattern. This option can be specified multiple times"
 243   
                         + " and it accepts Ant style excludsions.")
 244  11 
                 .build();
 245   
 
 246  11 
         final Option props = Option.builder(ARGUMENT.PROP_SHORT).argName("file").hasArg().longOpt(ARGUMENT.PROP)
 247  11 
                 .desc("A property file to load.")
 248  11 
                 .build();
 249   
 
 250  11 
         final Option out = Option.builder(ARGUMENT.OUT_SHORT).argName("path").hasArg().longOpt(ARGUMENT.OUT)
 251  11 
                 .desc("The folder to write reports to. This defaults to the current directory. "
 252   
                         + "It is possible to set this to a specific file name if the format argument is not set to ALL.")
 253  11 
                 .build();
 254   
 
 255  11 
         final Option outputFormat = Option.builder(ARGUMENT.OUTPUT_FORMAT_SHORT).argName("format").hasArg().longOpt(ARGUMENT.OUTPUT_FORMAT)
 256  11 
                 .desc("The output format to write to (XML, HTML, VULN, ALL). The default is HTML.")
 257  11 
                 .build();
 258   
 
 259  11 
         final Option verboseLog = Option.builder(ARGUMENT.VERBOSE_LOG_SHORT).argName("file").hasArg().longOpt(ARGUMENT.VERBOSE_LOG)
 260  11 
                 .desc("The file path to write verbose logging information.")
 261  11 
                 .build();
 262   
 
 263  11 
         final Option symLinkDepth = Option.builder().argName("depth").hasArg().longOpt(ARGUMENT.SYM_LINK_DEPTH)
 264  11 
                 .desc("Sets how deep nested symbolic links will be followed; 0 indicates symbolic links will not be followed.")
 265  11 
                 .build();
 266   
 
 267  11 
         final Option suppressionFile = Option.builder().argName("file").hasArg().longOpt(ARGUMENT.SUPPRESSION_FILE)
 268  11 
                 .desc("The file path to the suppression XML file.")
 269  11 
                 .build();
 270   
 
 271  11 
         final Option cveValidForHours = Option.builder().argName("hours").hasArg().longOpt(ARGUMENT.CVE_VALID_FOR_HOURS)
 272  11 
                 .desc("The number of hours to wait before checking for new updates from the NVD.")
 273  11 
                 .build();
 274   
 
 275   
         //This is an option group because it can be specified more then once.
 276  11 
         final OptionGroup og = new OptionGroup();
 277  11 
         og.addOption(path);
 278   
 
 279  11 
         final OptionGroup exog = new OptionGroup();
 280  11 
         exog.addOption(excludes);
 281   
 
 282  11 
         options.addOptionGroup(og)
 283  11 
                 .addOptionGroup(exog)
 284  11 
                 .addOption(projectName)
 285  11 
                 .addOption(out)
 286  11 
                 .addOption(outputFormat)
 287  11 
                 .addOption(version)
 288  11 
                 .addOption(help)
 289  11 
                 .addOption(advancedHelp)
 290  11 
                 .addOption(noUpdate)
 291  11 
                 .addOption(symLinkDepth)
 292  11 
                 .addOption(props)
 293  11 
                 .addOption(verboseLog)
 294  11 
                 .addOption(suppressionFile)
 295  11 
                 .addOption(cveValidForHours);
 296  11 
     }
 297   
 
 298   
     /**
 299   
      * Adds the advanced command line options to the given options collection. These are split out for purposes of being able to
 300   
      * display two different help messages.
 301   
      *
 302   
      * @param options a collection of command line arguments
 303   
      * @throws IllegalArgumentException thrown if there is an exception
 304   
      */
 305   
     @SuppressWarnings("static-access")
 306   
     private void addAdvancedOptions(final Options options) throws IllegalArgumentException {
 307   
 
 308  9 
         final Option cve12Base = Option.builder().argName("url").hasArg().longOpt(ARGUMENT.CVE_BASE_12)
 309  9 
                 .desc("Base URL for each year’s CVE 1.2, the %d will be replaced with the year. ")
 310  9 
                 .build();
 311   
 
 312  9 
         final Option cve20Base = Option.builder().argName("url").hasArg().longOpt(ARGUMENT.CVE_BASE_20)
 313  9 
                 .desc("Base URL for each year’s CVE 2.0, the %d will be replaced with the year.")
 314  9 
                 .build();
 315   
 
 316  9 
         final Option cve12Modified = Option.builder().argName("url").hasArg().longOpt(ARGUMENT.CVE_MOD_12)
 317  9 
                 .desc("URL for the modified CVE 1.2.")
 318  9 
                 .build();
 319   
 
 320  9 
         final Option cve20Modified = Option.builder().argName("url").hasArg().longOpt(ARGUMENT.CVE_MOD_20)
 321  9 
                 .desc("URL for the modified CVE 2.0.")
 322  9 
                 .build();
 323   
 
 324  9 
         final Option updateOnly = Option.builder().longOpt(ARGUMENT.UPDATE_ONLY)
 325  9 
                 .desc("Only update the local NVD data cache; no scan will be executed.").build();
 326   
 
 327  9 
         final Option data = Option.builder(ARGUMENT.DATA_DIRECTORY_SHORT).argName("path").hasArg().longOpt(ARGUMENT.DATA_DIRECTORY)
 328  9 
                 .desc("The location of the H2 Database file. This option should generally not be set.")
 329  9 
                 .build();
 330   
 
 331  9 
         final Option nexusUrl = Option.builder().argName("url").hasArg().longOpt(ARGUMENT.NEXUS_URL)
 332  9 
                 .desc("The url to the Nexus Server's REST API Endpoint (http://domain/nexus/service/local). "
 333  9 
                         + "If not set the Nexus Analyzer will be disabled.").build();
 334   
 
 335  9 
         final Option nexusUsesProxy = Option.builder().argName("true/false").hasArg().longOpt(ARGUMENT.NEXUS_USES_PROXY)
 336  9 
                 .desc("Whether or not the configured proxy should be used when connecting to Nexus.")
 337  9 
                 .build();
 338   
 
 339  9 
         final Option additionalZipExtensions = Option.builder().argName("extensions").hasArg()
 340  9 
                 .longOpt(ARGUMENT.ADDITIONAL_ZIP_EXTENSIONS)
 341  9 
                 .desc("A comma separated list of additional extensions to be scanned as ZIP files "
 342  9 
                         + "(ZIP, EAR, WAR are already treated as zip files)").build();
 343   
 
 344  9 
         final Option pathToMono = Option.builder().argName("path").hasArg().longOpt(ARGUMENT.PATH_TO_MONO)
 345  9 
                 .desc("The path to Mono for .NET Assembly analysis on non-windows systems.")
 346  9 
                 .build();
 347   
 
 348  9 
         final Option pathToBundleAudit = Option.builder().argName("path").hasArg()
 349  9 
                 .longOpt(ARGUMENT.PATH_TO_BUNDLE_AUDIT)
 350  9 
                 .desc("The path to bundle-audit for Gem bundle analysis.").build();
 351   
 
 352  9 
         final Option connectionTimeout = Option.builder(ARGUMENT.CONNECTION_TIMEOUT_SHORT).argName("timeout").hasArg()
 353  9 
                 .longOpt(ARGUMENT.CONNECTION_TIMEOUT).desc("The connection timeout (in milliseconds) to use when downloading resources.")
 354  9 
                 .build();
 355   
 
 356  9 
         final Option proxyServer = Option.builder().argName("server").hasArg().longOpt(ARGUMENT.PROXY_SERVER)
 357  9 
                 .desc("The proxy server to use when downloading resources.").build();
 358   
 
 359  9 
         final Option proxyPort = Option.builder().argName("port").hasArg().longOpt(ARGUMENT.PROXY_PORT)
 360  9 
                 .desc("The proxy port to use when downloading resources.").build();
 361   
 
 362  9 
         final Option proxyUsername = Option.builder().argName("user").hasArg().longOpt(ARGUMENT.PROXY_USERNAME)
 363  9 
                 .desc("The proxy username to use when downloading resources.").build();
 364   
 
 365  9 
         final Option proxyPassword = Option.builder().argName("pass").hasArg().longOpt(ARGUMENT.PROXY_PASSWORD)
 366  9 
                 .desc("The proxy password to use when downloading resources.").build();
 367   
 
 368  9 
         final Option connectionString = Option.builder().argName("connStr").hasArg().longOpt(ARGUMENT.CONNECTION_STRING)
 369  9 
                 .desc("The connection string to the database.").build();
 370   
 
 371  9 
         final Option dbUser = Option.builder().argName("user").hasArg().longOpt(ARGUMENT.DB_NAME)
 372  9 
                 .desc("The username used to connect to the database.").build();
 373   
 
 374  9 
         final Option dbPassword = Option.builder().argName("password").hasArg().longOpt(ARGUMENT.DB_PASSWORD)
 375  9 
                 .desc("The password for connecting to the database.").build();
 376   
 
 377  9 
         final Option dbDriver = Option.builder().argName("driver").hasArg().longOpt(ARGUMENT.DB_DRIVER)
 378  9 
                 .desc("The database driver name.").build();
 379   
 
 380  9 
         final Option dbDriverPath = Option.builder().argName("path").hasArg().longOpt(ARGUMENT.DB_DRIVER_PATH)
 381  9 
                 .desc("The path to the database driver; note, this does not need to be set unless the JAR is outside of the classpath.")
 382  9 
                 .build();
 383   
 
 384  9 
         final Option disableJarAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_JAR)
 385  9 
                 .desc("Disable the Jar Analyzer.").build();
 386   
 
 387  9 
         final Option disableArchiveAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_ARCHIVE)
 388  9 
                 .desc("Disable the Archive Analyzer.").build();
 389   
 
 390  9 
         final Option disableNuspecAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_NUSPEC)
 391  9 
                 .desc("Disable the Nuspec Analyzer.").build();
 392   
 
 393  9 
         final Option disableAssemblyAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_ASSEMBLY)
 394  9 
                 .desc("Disable the .NET Assembly Analyzer.").build();
 395   
 
 396  9 
         final Option disablePythonDistributionAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_PY_DIST)
 397  9 
                 .desc("Disable the Python Distribution Analyzer.").build();
 398   
 
 399  9 
         final Option disablePythonPackageAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_PY_PKG)
 400  9 
                 .desc("Disable the Python Package Analyzer.").build();
 401   
 
 402  9 
         final Option disableComposerAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_COMPOSER)
 403  9 
                 .desc("Disable the PHP Composer Analyzer.").build();
 404   
 
 405  9 
         final Option disableAutoconfAnalyzer = Option.builder()
 406  9 
                 .longOpt(ARGUMENT.DISABLE_AUTOCONF)
 407  9 
                 .desc("Disable the Autoconf Analyzer.").build();
 408   
 
 409  9 
         final Option disableOpenSSLAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_OPENSSL)
 410  9 
                 .desc("Disable the OpenSSL Analyzer.").build();
 411  9 
         final Option disableCmakeAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_CMAKE)
 412  9 
                 .desc("Disable the Cmake Analyzer.").build();
 413   
 
 414  9 
         final Option disableCentralAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_CENTRAL)
 415  9 
                 .desc("Disable the Central Analyzer. If this analyzer is disabled it is likely you also want to disable "
 416  9 
                         + "the Nexus Analyzer.").build();
 417   
 
 418  9 
         final Option disableNexusAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_NEXUS)
 419  9 
                 .desc("Disable the Nexus Analyzer.").build();
 420   
 
 421  9 
         final Option purge = Option.builder().longOpt(ARGUMENT.PURGE_NVD)
 422  9 
                 .desc("Purges the local NVD data cache")
 423  9 
                 .build();
 424   
 
 425  9 
         options.addOption(updateOnly)
 426  9 
                 .addOption(cve12Base)
 427  9 
                 .addOption(cve20Base)
 428  9 
                 .addOption(cve12Modified)
 429  9 
                 .addOption(cve20Modified)
 430  9 
                 .addOption(proxyPort)
 431  9 
                 .addOption(proxyServer)
 432  9 
                 .addOption(proxyUsername)
 433  9 
                 .addOption(proxyPassword)
 434  9 
                 .addOption(connectionTimeout)
 435  9 
                 .addOption(connectionString)
 436  9 
                 .addOption(dbUser)
 437  9 
                 .addOption(data)
 438  9 
                 .addOption(dbPassword)
 439  9 
                 .addOption(dbDriver)
 440  9 
                 .addOption(dbDriverPath)
 441  9 
                 .addOption(disableJarAnalyzer)
 442  9 
                 .addOption(disableArchiveAnalyzer)
 443  9 
                 .addOption(disableAssemblyAnalyzer)
 444  9 
                 .addOption(pathToBundleAudit)
 445  9 
                 .addOption(disablePythonDistributionAnalyzer)
 446  9 
                 .addOption(disableCmakeAnalyzer)
 447  9 
                 .addOption(disablePythonPackageAnalyzer)
 448  18 
                 .addOption(Option.builder().longOpt(ARGUMENT.DISABLE_RUBYGEMS)
 449  9 
                         .desc("Disable the Ruby Gemspec Analyzer.").build())
 450  18 
                 .addOption(Option.builder().longOpt(ARGUMENT.DISABLE_BUNDLE_AUDIT)
 451  9 
                         .desc("Disable the Ruby Bundler-Audit Analyzer.").build())
 452  9 
                 .addOption(disableAutoconfAnalyzer)
 453  9 
                 .addOption(disableComposerAnalyzer)
 454  9 
                 .addOption(disableOpenSSLAnalyzer)
 455  9 
                 .addOption(disableNuspecAnalyzer)
 456  9 
                 .addOption(disableCentralAnalyzer)
 457  9 
                 .addOption(disableNexusAnalyzer)
 458  18 
                 .addOption(Option.builder().longOpt(ARGUMENT.DISABLE_NODE_JS)
 459  9 
                         .desc("Disable the Node.js Package Analyzer.").build())
 460  9 
                 .addOption(nexusUrl)
 461  9 
                 .addOption(nexusUsesProxy)
 462  9 
                 .addOption(additionalZipExtensions)
 463  9 
                 .addOption(pathToMono)
 464  9 
                 .addOption(pathToBundleAudit)
 465  9 
                 .addOption(purge);
 466  9 
     }
 467   
 
 468   
     /**
 469   
      * Adds the deprecated command line options to the given options collection. These are split out for purposes of not including
 470   
      * them in the help message. We need to add the deprecated options so as not to break existing scripts.
 471   
      *
 472   
      * @param options a collection of command line arguments
 473   
      * @throws IllegalArgumentException thrown if there is an exception
 474   
      */
 475   
     @SuppressWarnings({"static-access", "deprecation"})
 476   
     private void addDeprecatedOptions(final Options options) throws IllegalArgumentException {
 477   
 
 478  9 
         final Option proxyServer = Option.builder().argName("url").hasArg().longOpt(ARGUMENT.PROXY_URL)
 479  9 
                 .desc("The proxy url argument is deprecated, use proxyserver instead.")
 480  9 
                 .build();
 481  9 
         final Option appName = Option.builder(ARGUMENT.APP_NAME_SHORT).argName("name").hasArg().longOpt(ARGUMENT.APP_NAME)
 482  9 
                 .desc("The name of the project being scanned.")
 483  9 
                 .build();
 484   
 
 485  9 
         options.addOption(proxyServer);
 486  9 
         options.addOption(appName);
 487  9 
     }
 488   
 
 489   
     /**
 490   
      * Determines if the 'version' command line argument was passed in.
 491   
      *
 492   
      * @return whether or not the 'version' command line argument was passed in
 493   
      */
 494   
     public boolean isGetVersion() {
 495  7 
         return (line != null) && line.hasOption(ARGUMENT.VERSION);
 496   
     }
 497   
 
 498   
     /**
 499   
      * Determines if the 'help' command line argument was passed in.
 500   
      *
 501   
      * @return whether or not the 'help' command line argument was passed in
 502   
      */
 503   
     public boolean isGetHelp() {
 504  7 
         return (line != null) && line.hasOption(ARGUMENT.HELP);
 505   
     }
 506   
 
 507   
     /**
 508   
      * Determines if the 'scan' command line argument was passed in.
 509   
      *
 510   
      * @return whether or not the 'scan' command line argument was passed in
 511   
      */
 512   
     public boolean isRunScan() {
 513  21 
         return (line != null) && isValid && line.hasOption(ARGUMENT.SCAN);
 514   
     }
 515   
 
 516   
     /**
 517   
      * Returns the symbolic link depth (how deeply symbolic links will be followed).
 518   
      *
 519   
      * @return the symbolic link depth
 520   
      */
 521   
     public int getSymLinkDepth() {
 522  0 
         int value = 0;
 523   
         try {
 524  0 
             value = Integer.parseInt(line.getOptionValue(ARGUMENT.SYM_LINK_DEPTH, "0"));
 525  0 
             if (value < 0) {
 526  0 
                 value = 0;
 527   
             }
 528  0 
         } catch (NumberFormatException ex) {
 529  0 
             LOGGER.debug("Symbolic link was not a number");
 530  0 
         }
 531  0 
         return value;
 532   
     }
 533   
 
 534   
     /**
 535   
      * Returns true if the disableJar command line argument was specified.
 536   
      *
 537   
      * @return true if the disableJar command line argument was specified; otherwise false
 538   
      */
 539   
     public boolean isJarDisabled() {
 540  0 
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_JAR);
 541   
     }
 542   
 
 543   
     /**
 544   
      * Returns true if the disableArchive command line argument was specified.
 545   
      *
 546   
      * @return true if the disableArchive command line argument was specified; otherwise false
 547   
      */
 548   
     public boolean isArchiveDisabled() {
 549  0 
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_ARCHIVE);
 550   
     }
 551   
 
 552   
     /**
 553   
      * Returns true if the disableNuspec command line argument was specified.
 554   
      *
 555   
      * @return true if the disableNuspec command line argument was specified; otherwise false
 556   
      */
 557   
     public boolean isNuspecDisabled() {
 558  0 
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_NUSPEC);
 559   
     }
 560   
 
 561   
     /**
 562   
      * Returns true if the disableAssembly command line argument was specified.
 563   
      *
 564   
      * @return true if the disableAssembly command line argument was specified; otherwise false
 565   
      */
 566   
     public boolean isAssemblyDisabled() {
 567  0 
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_ASSEMBLY);
 568   
     }
 569   
 
 570   
     /**
 571   
      * Returns true if the disableBundleAudit command line argument was specified.
 572   
      *
 573   
      * @return true if the disableBundleAudit command line argument was specified; otherwise false
 574   
      */
 575   
     public boolean isBundleAuditDisabled() {
 576  0 
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_BUNDLE_AUDIT);
 577   
     }
 578   
 
 579   
     /**
 580   
      * Returns true if the disablePyDist command line argument was specified.
 581   
      *
 582   
      * @return true if the disablePyDist command line argument was specified; otherwise false
 583   
      */
 584   
     public boolean isPythonDistributionDisabled() {
 585  0 
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_PY_DIST);
 586   
     }
 587   
 
 588   
     /**
 589   
      * Returns true if the disablePyPkg command line argument was specified.
 590   
      *
 591   
      * @return true if the disablePyPkg command line argument was specified; otherwise false
 592   
      */
 593   
     public boolean isPythonPackageDisabled() {
 594  0 
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_PY_PKG);
 595   
     }
 596   
 
 597   
     /**
 598   
      * Returns whether the Ruby gemspec analyzer is disabled.
 599   
      *
 600   
      * @return true if the {@link ARGUMENT#DISABLE_RUBYGEMS} command line argument was specified; otherwise false
 601   
      */
 602   
     public boolean isRubyGemspecDisabled() {
 603  0 
         return (null != line) && line.hasOption(ARGUMENT.DISABLE_RUBYGEMS);
 604   
     }
 605   
 
 606   
     /**
 607   
      * Returns true if the disableCmake command line argument was specified.
 608   
      *
 609   
      * @return true if the disableCmake command line argument was specified; otherwise false
 610   
      */
 611   
     public boolean isCmakeDisabled() {
 612  0 
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_CMAKE);
 613   
     }
 614   
 
 615   
     /**
 616   
      * Returns true if the disableAutoconf command line argument was specified.
 617   
      *
 618   
      * @return true if the disableAutoconf command line argument was specified; otherwise false
 619   
      */
 620   
     public boolean isAutoconfDisabled() {
 621  0 
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_AUTOCONF);
 622   
     }
 623   
 
 624   
     /**
 625   
      * Returns true if the disableComposer command line argument was specified.
 626   
      *
 627   
      * @return true if the disableComposer command line argument was specified; otherwise false
 628   
      */
 629   
     public boolean isComposerDisabled() {
 630  0 
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_COMPOSER);
 631   
     }
 632   
 
 633   
     /**
 634   
      * Returns true if the disableNexus command line argument was specified.
 635   
      *
 636   
      * @return true if the disableNexus command line argument was specified; otherwise false
 637   
      */
 638   
     public boolean isNexusDisabled() {
 639  0 
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_NEXUS);
 640   
     }
 641   
 
 642   
     /**
 643   
      * Returns true if the disableOpenSSL command line argument was specified.
 644   
      *
 645   
      * @return true if the disableOpenSSL command line argument was specified; otherwise false
 646   
      */
 647   
     public boolean isOpenSSLDisabled() {
 648  0 
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_OPENSSL);
 649   
     }
 650   
 
 651   
     /**
 652   
      * Returns true if the disableNodeJS command line argument was specified.
 653   
      *
 654   
      * @return true if the disableNodeJS command line argument was specified; otherwise false
 655   
      */
 656   
     public boolean isNodeJsDisabled() {
 657  0 
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_NODE_JS);
 658   
     }
 659   
 
 660   
     /**
 661   
      * Returns true if the disableCentral command line argument was specified.
 662   
      *
 663   
      * @return true if the disableCentral command line argument was specified; otherwise false
 664   
      */
 665   
     public boolean isCentralDisabled() {
 666  0 
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_CENTRAL);
 667   
     }
 668   
 
 669   
     /**
 670   
      * Returns the url to the nexus server if one was specified.
 671   
      *
 672   
      * @return the url to the nexus server; if none was specified this will return null;
 673   
      */
 674   
     public String getNexusUrl() {
 675  0 
         if (line == null || !line.hasOption(ARGUMENT.NEXUS_URL)) {
 676  0 
             return null;
 677   
         } else {
 678  0 
             return line.getOptionValue(ARGUMENT.NEXUS_URL);
 679   
         }
 680   
     }
 681   
 
 682   
     /**
 683   
      * Returns true if the Nexus Analyzer should use the configured proxy to connect to Nexus; otherwise false is returned.
 684   
      *
 685   
      * @return true if the Nexus Analyzer should use the configured proxy to connect to Nexus; otherwise false
 686   
      */
 687   
     public boolean isNexusUsesProxy() {
 688   
         // If they didn't specify whether Nexus needs to use the proxy, we should
 689   
         // still honor the property if it's set.
 690  0 
         if (line == null || !line.hasOption(ARGUMENT.NEXUS_USES_PROXY)) {
 691   
             try {
 692  0 
                 return Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_USES_PROXY);
 693  0 
             } catch (InvalidSettingException ise) {
 694  0 
                 return true;
 695   
             }
 696   
         } else {
 697  0 
             return Boolean.parseBoolean(line.getOptionValue(ARGUMENT.NEXUS_USES_PROXY));
 698   
         }
 699   
     }
 700   
 
 701   
     /**
 702   
      * Displays the command line help message to the standard output.
 703   
      */
 704   
     public void printHelp() {
 705  2 
         final HelpFormatter formatter = new HelpFormatter();
 706  2 
         final Options options = new Options();
 707  2 
         addStandardOptions(options);
 708  2 
         if (line != null && line.hasOption(ARGUMENT.ADVANCED_HELP)) {
 709  0 
             addAdvancedOptions(options);
 710   
         }
 711  4 
         final String helpMsg = String.format("%n%s"
 712   
                 + " can be used to identify if there are any known CVE vulnerabilities in libraries utilized by an application. "
 713   
                 + "%s will automatically update required data from the Internet, such as the CVE and CPE data files from nvd.nist.gov.%n%n",
 714  2 
                 Settings.getString("application.name", "DependencyCheck"),
 715  2 
                 Settings.getString("application.name", "DependencyCheck"));
 716   
 
 717  2 
         formatter.printHelp(Settings.getString("application.name", "DependencyCheck"),
 718   
                 helpMsg,
 719   
                 options,
 720   
                 "",
 721   
                 true);
 722  2 
     }
 723   
 
 724   
     /**
 725   
      * Retrieves the file command line parameter(s) specified for the 'scan' argument.
 726   
      *
 727   
      * @return the file paths specified on the command line for scan
 728   
      */
 729   
     public String[] getScanFiles() {
 730  3 
         return line.getOptionValues(ARGUMENT.SCAN);
 731   
     }
 732   
 
 733   
     /**
 734   
      * Retrieves the list of excluded file patterns specified by the 'exclude' argument.
 735   
      *
 736   
      * @return the excluded file patterns
 737   
      */
 738   
     public String[] getExcludeList() {
 739  0 
         return line.getOptionValues(ARGUMENT.EXCLUDE);
 740   
     }
 741   
 
 742   
     /**
 743   
      * Returns the directory to write the reports to specified on the command line.
 744   
      *
 745   
      * @return the path to the reports directory.
 746   
      */
 747   
     public String getReportDirectory() {
 748  1 
         return line.getOptionValue(ARGUMENT.OUT, ".");
 749   
     }
 750   
 
 751   
     /**
 752   
      * Returns the path to Mono for .NET Assembly analysis on non-windows systems.
 753   
      *
 754   
      * @return the path to Mono
 755   
      */
 756   
     public String getPathToMono() {
 757  1 
         return line.getOptionValue(ARGUMENT.PATH_TO_MONO);
 758   
     }
 759   
 
 760   
     /**
 761   
      * Returns the path to bundle-audit for Ruby bundle analysis.
 762   
      *
 763   
      * @return the path to Mono
 764   
      */
 765   
     public String getPathToBundleAudit() {
 766  0 
         return line.getOptionValue(ARGUMENT.PATH_TO_BUNDLE_AUDIT);
 767   
     }
 768   
 
 769   
     /**
 770   
      * Returns the output format specified on the command line. Defaults to HTML if no format was specified.
 771   
      *
 772   
      * @return the output format name.
 773   
      */
 774   
     public String getReportFormat() {
 775  1 
         return line.getOptionValue(ARGUMENT.OUTPUT_FORMAT, "HTML");
 776   
     }
 777   
 
 778   
     /**
 779   
      * Returns the application name specified on the command line.
 780   
      *
 781   
      * @return the application name.
 782   
      */
 783   
     public String getProjectName() {
 784  0 
         final String appName = line.getOptionValue(ARGUMENT.APP_NAME);
 785  0 
         String name = line.getOptionValue(ARGUMENT.PROJECT);
 786  0 
         if (name == null && appName != null) {
 787  0 
             name = appName;
 788  0 
             LOGGER.warn("The '" + ARGUMENT.APP_NAME + "' argument should no longer be used; use '" + ARGUMENT.PROJECT + "' instead.");
 789   
         }
 790  0 
         return name;
 791   
     }
 792   
 
 793   
     /**
 794   
      * Returns the base URL for the CVE 1.2 XMl file.
 795   
      *
 796   
      * @return the URL to the CVE 1.2 XML file.
 797   
      */
 798   
     public String getBaseCve12Url() {
 799  1 
         return line.getOptionValue(ARGUMENT.CVE_BASE_12);
 800   
     }
 801   
 
 802   
     /**
 803   
      * Returns the base URL for the CVE 2.0 XMl file.
 804   
      *
 805   
      * @return the URL to the CVE 2.0 XML file.
 806   
      */
 807   
     public String getBaseCve20Url() {
 808  1 
         return line.getOptionValue(ARGUMENT.CVE_BASE_20);
 809   
     }
 810   
 
 811   
     /**
 812   
      * Returns the URL for the modified CVE 1.2 XMl file.
 813   
      *
 814   
      * @return the URL to the modified CVE 1.2 XML file.
 815   
      */
 816   
     public String getModifiedCve12Url() {
 817  1 
         return line.getOptionValue(ARGUMENT.CVE_MOD_12);
 818   
     }
 819   
 
 820   
     /**
 821   
      * Returns the URL for the modified CVE 2.0 XMl file.
 822   
      *
 823   
      * @return the URL to the modified CVE 2.0 XML file.
 824   
      */
 825   
     public String getModifiedCve20Url() {
 826  1 
         return line.getOptionValue(ARGUMENT.CVE_MOD_20);
 827   
     }
 828   
 
 829   
     /**
 830   
      * Returns the connection timeout.
 831   
      *
 832   
      * @return the connection timeout
 833   
      */
 834   
     public String getConnectionTimeout() {
 835  0 
         return line.getOptionValue(ARGUMENT.CONNECTION_TIMEOUT);
 836   
     }
 837   
 
 838   
     /**
 839   
      * Returns the proxy server.
 840   
      *
 841   
      * @return the proxy server
 842   
      */
 843   
     @SuppressWarnings("deprecation")
 844   
     public String getProxyServer() {
 845   
 
 846  0 
         String server = line.getOptionValue(ARGUMENT.PROXY_SERVER);
 847  0 
         if (server == null) {
 848  0 
             server = line.getOptionValue(ARGUMENT.PROXY_URL);
 849  0 
             if (server != null) {
 850  0 
                 LOGGER.warn("An old command line argument 'proxyurl' was detected; use proxyserver instead");
 851   
             }
 852   
         }
 853  0 
         return server;
 854   
     }
 855   
 
 856   
     /**
 857   
      * Returns the proxy port.
 858   
      *
 859   
      * @return the proxy port
 860   
      */
 861   
     public String getProxyPort() {
 862  0 
         return line.getOptionValue(ARGUMENT.PROXY_PORT);
 863   
     }
 864   
 
 865   
     /**
 866   
      * Returns the proxy username.
 867   
      *
 868   
      * @return the proxy username
 869   
      */
 870   
     public String getProxyUsername() {
 871  0 
         return line.getOptionValue(ARGUMENT.PROXY_USERNAME);
 872   
     }
 873   
 
 874   
     /**
 875   
      * Returns the proxy password.
 876   
      *
 877   
      * @return the proxy password
 878   
      */
 879   
     public String getProxyPassword() {
 880  0 
         return line.getOptionValue(ARGUMENT.PROXY_PASSWORD);
 881   
     }
 882   
 
 883   
     /**
 884   
      * Get the value of dataDirectory.
 885   
      *
 886   
      * @return the value of dataDirectory
 887   
      */
 888   
     public String getDataDirectory() {
 889  0 
         return line.getOptionValue(ARGUMENT.DATA_DIRECTORY);
 890   
     }
 891   
 
 892   
     /**
 893   
      * Returns the properties file specified on the command line.
 894   
      *
 895   
      * @return the properties file specified on the command line
 896   
      */
 897   
     public File getPropertiesFile() {
 898  0 
         final String path = line.getOptionValue(ARGUMENT.PROP);
 899  0 
         if (path != null) {
 900  0 
             return new File(path);
 901   
         }
 902  0 
         return null;
 903   
     }
 904   
 
 905   
     /**
 906   
      * Returns the path to the verbose log file.
 907   
      *
 908   
      * @return the path to the verbose log file
 909   
      */
 910   
     public String getVerboseLog() {
 911  0 
         return line.getOptionValue(ARGUMENT.VERBOSE_LOG);
 912   
     }
 913   
 
 914   
     /**
 915   
      * Returns the path to the suppression file.
 916   
      *
 917   
      * @return the path to the suppression file
 918   
      */
 919   
     public String getSuppressionFile() {
 920  0 
         return line.getOptionValue(ARGUMENT.SUPPRESSION_FILE);
 921   
     }
 922   
 
 923   
     /**
 924   
      * <p>
 925   
      * Prints the manifest information to standard output.</p>
 926   
      * <ul><li>Implementation-Title: ${pom.name}</li>
 927   
      * <li>Implementation-Version: ${pom.version}</li></ul>
 928   
      */
 929   
     public void printVersionInfo() {
 930  2 
         final String version = String.format("%s version %s",
 931  1 
                 Settings.getString(Settings.KEYS.APPLICATION_VAME, "dependency-check"),
 932  1 
                 Settings.getString(Settings.KEYS.APPLICATION_VERSION, "Unknown"));
 933  1 
         System.out.println(version);
 934  1 
     }
 935   
 
 936   
     /**
 937   
      * Checks if the auto update feature has been disabled. If it has been disabled via the command line this will return false.
 938   
      *
 939   
      * @return <code>true</code> if auto-update is allowed; otherwise <code>false</code>
 940   
      */
 941   
     public boolean isAutoUpdate() {
 942  0 
         return line != null && !line.hasOption(ARGUMENT.DISABLE_AUTO_UPDATE);
 943   
     }
 944   
 
 945   
     /**
 946   
      * Checks if the update only flag has been set.
 947   
      *
 948   
      * @return <code>true</code> if the update only flag has been set; otherwise <code>false</code>.
 949   
      */
 950   
     public boolean isUpdateOnly() {
 951  7 
         return line != null && line.hasOption(ARGUMENT.UPDATE_ONLY);
 952   
     }
 953   
 
 954   
     /**
 955   
      * Checks if the purge NVD flag has been set.
 956   
      *
 957   
      * @return <code>true</code> if the purge nvd flag has been set; otherwise <code>false</code>.
 958   
      */
 959   
     public boolean isPurge() {
 960  0 
         return line != null && line.hasOption(ARGUMENT.PURGE_NVD);
 961   
     }
 962   
 
 963   
     /**
 964   
      * Returns the database driver name if specified; otherwise null is returned.
 965   
      *
 966   
      * @return the database driver name if specified; otherwise null is returned
 967   
      */
 968   
     public String getDatabaseDriverName() {
 969  0 
         return line.getOptionValue(ARGUMENT.DB_DRIVER);
 970   
     }
 971   
 
 972   
     /**
 973   
      * Returns the database driver path if specified; otherwise null is returned.
 974   
      *
 975   
      * @return the database driver name if specified; otherwise null is returned
 976   
      */
 977   
     public String getDatabaseDriverPath() {
 978  0 
         return line.getOptionValue(ARGUMENT.DB_DRIVER_PATH);
 979   
     }
 980   
 
 981   
     /**
 982   
      * Returns the database connection string if specified; otherwise null is returned.
 983   
      *
 984   
      * @return the database connection string if specified; otherwise null is returned
 985   
      */
 986   
     public String getConnectionString() {
 987  0 
         return line.getOptionValue(ARGUMENT.CONNECTION_STRING);
 988   
     }
 989   
 
 990   
     /**
 991   
      * Returns the database database user name if specified; otherwise null is returned.
 992   
      *
 993   
      * @return the database database user name if specified; otherwise null is returned
 994   
      */
 995   
     public String getDatabaseUser() {
 996  0 
         return line.getOptionValue(ARGUMENT.DB_NAME);
 997   
     }
 998   
 
 999   
     /**
 1000   
      * Returns the database database password if specified; otherwise null is returned.
 1001   
      *
 1002   
      * @return the database database password if specified; otherwise null is returned
 1003   
      */
 1004   
     public String getDatabasePassword() {
 1005  0 
         return line.getOptionValue(ARGUMENT.DB_PASSWORD);
 1006   
     }
 1007   
 
 1008   
     /**
 1009   
      * Returns the additional Extensions if specified; otherwise null is returned.
 1010   
      *
 1011   
      * @return the additional Extensions; otherwise null is returned
 1012   
      */
 1013   
     public String getAdditionalZipExtensions() {
 1014  0 
         return line.getOptionValue(ARGUMENT.ADDITIONAL_ZIP_EXTENSIONS);
 1015   
     }
 1016   
 
 1017   
     /**
 1018   
      * Get the value of cveValidForHours.
 1019   
      *
 1020   
      * @return the value of cveValidForHours
 1021   
      */
 1022   
     public Integer getCveValidForHours() {
 1023  0 
         final String v = line.getOptionValue(ARGUMENT.CVE_VALID_FOR_HOURS);
 1024  0 
         if (v != null) {
 1025  0 
             return Integer.parseInt(v);
 1026   
         }
 1027  0 
         return null;
 1028   
     }
 1029   
 
 1030   
     /**
 1031   
      * A collection of static final strings that represent the possible command line arguments.
 1032   
      */
 1033  0 
     public static class ARGUMENT {
 1034   
 
 1035   
         /**
 1036   
          * The long CLI argument name specifying the directory/file to scan.
 1037   
          */
 1038   
         public static final String SCAN = "scan";
 1039   
         /**
 1040   
          * The short CLI argument name specifying the directory/file to scan.
 1041   
          */
 1042   
         public static final String SCAN_SHORT = "s";
 1043   
         /**
 1044   
          * The long CLI argument name specifying that the CPE/CVE/etc. data should not be automatically updated.
 1045   
          */
 1046   
         public static final String DISABLE_AUTO_UPDATE = "noupdate";
 1047   
         /**
 1048   
          * The short CLI argument name specifying that the CPE/CVE/etc. data should not be automatically updated.
 1049   
          */
 1050   
         public static final String DISABLE_AUTO_UPDATE_SHORT = "n";
 1051   
         /**
 1052   
          * The long CLI argument name specifying that only the update phase should be executed; no scan should be run.
 1053   
          */
 1054   
         public static final String UPDATE_ONLY = "updateonly";
 1055   
         /**
 1056   
          * The long CLI argument name specifying that only the update phase should be executed; no scan should be run.
 1057   
          */
 1058   
         public static final String PURGE_NVD = "purge";
 1059   
         /**
 1060   
          * The long CLI argument name specifying the directory to write the reports to.
 1061   
          */
 1062   
         public static final String OUT = "out";
 1063   
         /**
 1064   
          * The short CLI argument name specifying the directory to write the reports to.
 1065   
          */
 1066   
         public static final String OUT_SHORT = "o";
 1067   
         /**
 1068   
          * The long CLI argument name specifying the output format to write the reports to.
 1069   
          */
 1070   
         public static final String OUTPUT_FORMAT = "format";
 1071   
         /**
 1072   
          * The short CLI argument name specifying the output format to write the reports to.
 1073   
          */
 1074   
         public static final String OUTPUT_FORMAT_SHORT = "f";
 1075   
         /**
 1076   
          * The long CLI argument name specifying the name of the project to be scanned.
 1077   
          */
 1078   
         public static final String PROJECT = "project";
 1079   
         /**
 1080   
          * The long CLI argument name specifying the name of the application to be scanned.
 1081   
          *
 1082   
          * @deprecated project should be used instead
 1083   
          */
 1084   
         @Deprecated
 1085   
         public static final String APP_NAME = "app";
 1086   
         /**
 1087   
          * The short CLI argument name specifying the name of the application to be scanned.
 1088   
          *
 1089   
          * @deprecated project should be used instead
 1090   
          */
 1091   
         @Deprecated
 1092   
         public static final String APP_NAME_SHORT = "a";
 1093   
         /**
 1094   
          * The long CLI argument name asking for help.
 1095   
          */
 1096   
         public static final String HELP = "help";
 1097   
         /**
 1098   
          * The long CLI argument name asking for advanced help.
 1099   
          */
 1100   
         public static final String ADVANCED_HELP = "advancedHelp";
 1101   
         /**
 1102   
          * The short CLI argument name asking for help.
 1103   
          */
 1104   
         public static final String HELP_SHORT = "h";
 1105   
         /**
 1106   
          * The long CLI argument name asking for the version.
 1107   
          */
 1108   
         public static final String VERSION_SHORT = "v";
 1109   
         /**
 1110   
          * The short CLI argument name asking for the version.
 1111   
          */
 1112   
         public static final String VERSION = "version";
 1113   
         /**
 1114   
          * The CLI argument name indicating the proxy port.
 1115   
          */
 1116   
         public static final String PROXY_PORT = "proxyport";
 1117   
         /**
 1118   
          * The CLI argument name indicating the proxy server.
 1119   
          */
 1120   
         public static final String PROXY_SERVER = "proxyserver";
 1121   
         /**
 1122   
          * The CLI argument name indicating the proxy url.
 1123   
          *
 1124   
          * @deprecated use {@link #PROXY_SERVER} instead
 1125   
          */
 1126   
         @Deprecated
 1127   
         public static final String PROXY_URL = "proxyurl";
 1128   
         /**
 1129   
          * The CLI argument name indicating the proxy username.
 1130   
          */
 1131   
         public static final String PROXY_USERNAME = "proxyuser";
 1132   
         /**
 1133   
          * The CLI argument name indicating the proxy password.
 1134   
          */
 1135   
         public static final String PROXY_PASSWORD = "proxypass";
 1136   
         /**
 1137   
          * The short CLI argument name indicating the connection timeout.
 1138   
          */
 1139   
         public static final String CONNECTION_TIMEOUT_SHORT = "c";
 1140   
         /**
 1141   
          * The CLI argument name indicating the connection timeout.
 1142   
          */
 1143   
         public static final String CONNECTION_TIMEOUT = "connectiontimeout";
 1144   
         /**
 1145   
          * The short CLI argument name for setting the location of an additional properties file.
 1146   
          */
 1147   
         public static final String PROP_SHORT = "P";
 1148   
         /**
 1149   
          * The CLI argument name for setting the location of an additional properties file.
 1150   
          */
 1151   
         public static final String PROP = "propertyfile";
 1152   
         /**
 1153   
          * The CLI argument name for setting the location of the data directory.
 1154   
          */
 1155   
         public static final String DATA_DIRECTORY = "data";
 1156   
         /**
 1157   
          * The CLI argument name for setting the URL for the CVE Data Files.
 1158   
          */
 1159   
         public static final String CVE_MOD_12 = "cveUrl12Modified";
 1160   
         /**
 1161   
          * The CLI argument name for setting the URL for the CVE Data Files.
 1162   
          */
 1163   
         public static final String CVE_MOD_20 = "cveUrl20Modified";
 1164   
         /**
 1165   
          * The CLI argument name for setting the URL for the CVE Data Files.
 1166   
          */
 1167   
         public static final String CVE_BASE_12 = "cveUrl12Base";
 1168   
         /**
 1169   
          * The CLI argument name for setting the URL for the CVE Data Files.
 1170   
          */
 1171   
         public static final String CVE_BASE_20 = "cveUrl20Base";
 1172   
         /**
 1173   
          * The short CLI argument name for setting the location of the data directory.
 1174   
          */
 1175   
         public static final String DATA_DIRECTORY_SHORT = "d";
 1176   
         /**
 1177   
          * The CLI argument name for setting the location of the data directory.
 1178   
          */
 1179   
         public static final String VERBOSE_LOG = "log";
 1180   
         /**
 1181   
          * The short CLI argument name for setting the location of the data directory.
 1182   
          */
 1183   
         public static final String VERBOSE_LOG_SHORT = "l";
 1184   
 
 1185   
         /**
 1186   
          * The CLI argument name for setting the depth of symbolic links that will be followed.
 1187   
          */
 1188   
         public static final String SYM_LINK_DEPTH = "symLink";
 1189   
         /**
 1190   
          * The CLI argument name for setting the location of the suppression file.
 1191   
          */
 1192   
         public static final String SUPPRESSION_FILE = "suppression";
 1193   
         /**
 1194   
          * The CLI argument name for setting the location of the suppression file.
 1195   
          */
 1196   
         public static final String CVE_VALID_FOR_HOURS = "cveValidForHours";
 1197   
         /**
 1198   
          * Disables the Jar Analyzer.
 1199   
          */
 1200   
         public static final String DISABLE_JAR = "disableJar";
 1201   
         /**
 1202   
          * Disables the Archive Analyzer.
 1203   
          */
 1204   
         public static final String DISABLE_ARCHIVE = "disableArchive";
 1205   
         /**
 1206   
          * Disables the Python Distribution Analyzer.
 1207   
          */
 1208   
         public static final String DISABLE_PY_DIST = "disablePyDist";
 1209   
         /**
 1210   
          * Disables the Python Package Analyzer.
 1211   
          */
 1212   
         public static final String DISABLE_PY_PKG = "disablePyPkg";
 1213   
         /**
 1214   
          * Disables the Python Package Analyzer.
 1215   
          */
 1216   
         public static final String DISABLE_COMPOSER = "disableComposer";
 1217   
         /**
 1218   
          * Disables the Ruby Gemspec Analyzer.
 1219   
          */
 1220   
         public static final String DISABLE_RUBYGEMS = "disableRubygems";
 1221   
         /**
 1222   
          * Disables the Autoconf Analyzer.
 1223   
          */
 1224   
         public static final String DISABLE_AUTOCONF = "disableAutoconf";
 1225   
         /**
 1226   
          * Disables the Cmake Analyzer.
 1227   
          */
 1228   
         public static final String DISABLE_CMAKE = "disableCmake";
 1229   
         /**
 1230   
          * Disables the Assembly Analyzer.
 1231   
          */
 1232   
         public static final String DISABLE_ASSEMBLY = "disableAssembly";
 1233   
         /**
 1234   
          * Disables the Ruby Bundler Audit Analyzer.
 1235   
          */
 1236   
         public static final String DISABLE_BUNDLE_AUDIT = "disableBundleAudit";
 1237   
         /**
 1238   
          * Disables the Nuspec Analyzer.
 1239   
          */
 1240   
         public static final String DISABLE_NUSPEC = "disableNuspec";
 1241   
         /**
 1242   
          * Disables the Central Analyzer.
 1243   
          */
 1244   
         public static final String DISABLE_CENTRAL = "disableCentral";
 1245   
         /**
 1246   
          * Disables the Nexus Analyzer.
 1247   
          */
 1248   
         public static final String DISABLE_NEXUS = "disableNexus";
 1249   
         /**
 1250   
          * Disables the OpenSSL Analyzer.
 1251   
          */
 1252   
         public static final String DISABLE_OPENSSL = "disableOpenSSL";
 1253   
         /**
 1254   
          * Disables the Node.js Package Analyzer.
 1255   
          */
 1256   
         public static final String DISABLE_NODE_JS = "disableNodeJS";
 1257   
         /**
 1258   
          * The URL of the nexus server.
 1259   
          */
 1260   
         public static final String NEXUS_URL = "nexus";
 1261   
         /**
 1262   
          * Whether or not the defined proxy should be used when connecting to Nexus.
 1263   
          */
 1264   
         public static final String NEXUS_USES_PROXY = "nexusUsesProxy";
 1265   
         /**
 1266   
          * The CLI argument name for setting the connection string.
 1267   
          */
 1268   
         public static final String CONNECTION_STRING = "connectionString";
 1269   
         /**
 1270   
          * The CLI argument name for setting the database user name.
 1271   
          */
 1272   
         public static final String DB_NAME = "dbUser";
 1273   
         /**
 1274   
          * The CLI argument name for setting the database password.
 1275   
          */
 1276   
         public static final String DB_PASSWORD = "dbPassword";
 1277   
         /**
 1278   
          * The CLI argument name for setting the database driver name.
 1279   
          */
 1280   
         public static final String DB_DRIVER = "dbDriverName";
 1281   
         /**
 1282   
          * The CLI argument name for setting the path to the database driver; in case it is not on the class path.
 1283   
          */
 1284   
         public static final String DB_DRIVER_PATH = "dbDriverPath";
 1285   
         /**
 1286   
          * The CLI argument name for setting the path to mono for .NET Assembly analysis on non-windows systems.
 1287   
          */
 1288   
         public static final String PATH_TO_MONO = "mono";
 1289   
         /**
 1290   
          * The CLI argument name for setting extra extensions.
 1291   
          */
 1292   
         public static final String ADDITIONAL_ZIP_EXTENSIONS = "zipExtensions";
 1293   
         /**
 1294   
          * Exclude path argument.
 1295   
          */
 1296   
         public static final String EXCLUDE = "exclude";
 1297   
         /**
 1298   
          * The CLI argument name for setting the path to bundle-audit for Ruby bundle analysis.
 1299   
          */
 1300   
         public static final String PATH_TO_BUNDLE_AUDIT = "bundleAudit";
 1301   
     }
 1302   
 }
Report generated by Cobertura 2.1.1 on 4/9/16 8:10 PM.