View Javadoc

1   /*
2    * This file is part of dependency-check-cli.
3    *
4    * Dependency-check-cli is free software: you can redistribute it and/or modify it
5    * under the terms of the GNU General Public License as published by the Free
6    * Software Foundation, either version 3 of the License, or (at your option) any
7    * later version.
8    *
9    * Dependency-check-cli is distributed in the hope that it will be useful, but
10   * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11   * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
12   * details.
13   *
14   * You should have received a copy of the GNU General Public License along with
15   * dependency-check-cli. If not, see http://www.gnu.org/licenses/.
16   *
17   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
18   */
19  package org.owasp.dependencycheck.cli;
20  
21  import java.io.File;
22  import java.io.FileNotFoundException;
23  import org.apache.commons.cli.CommandLine;
24  import org.apache.commons.cli.CommandLineParser;
25  import org.apache.commons.cli.HelpFormatter;
26  import org.apache.commons.cli.Option;
27  import org.apache.commons.cli.OptionBuilder;
28  import org.apache.commons.cli.OptionGroup;
29  import org.apache.commons.cli.Options;
30  import org.apache.commons.cli.ParseException;
31  import org.apache.commons.cli.PosixParser;
32  import org.owasp.dependencycheck.reporting.ReportGenerator.Format;
33  import org.owasp.dependencycheck.utils.Settings;
34  
35  /**
36   * A utility to parse command line arguments for the DependencyCheck.
37   *
38   * @author Jeremy Long (jeremy.long@owasp.org)
39   */
40  public final class CliParser {
41  
42      /**
43       * The command line.
44       */
45      private CommandLine line;
46      /**
47       * The options for the command line parser.
48       */
49      private final Options options = createCommandLineOptions();
50      /**
51       * Indicates whether the arguments are valid.
52       */
53      private boolean isValid = true;
54  
55      /**
56       * Parses the arguments passed in and captures the results for later use.
57       *
58       * @param args the command line arguments
59       * @throws FileNotFoundException is thrown when a 'file' argument does not
60       * point to a file that exists.
61       * @throws ParseException is thrown when a Parse Exception occurs.
62       */
63      public void parse(String[] args) throws FileNotFoundException, ParseException {
64          line = parseArgs(args);
65  
66          if (line != null) {
67              validateArgs();
68          }
69      }
70  
71      /**
72       * Parses the command line arguments.
73       *
74       * @param args the command line arguments
75       * @return the results of parsing the command line arguments
76       * @throws ParseException if the arguments are invalid
77       */
78      private CommandLine parseArgs(String[] args) throws ParseException {
79          final CommandLineParser parser = new PosixParser();
80          return parser.parse(options, args);
81      }
82  
83      /**
84       * Validates that the command line arguments are valid.
85       *
86       * @throws FileNotFoundException if there is a file specified by either the
87       * SCAN or CPE command line arguments that does not exist.
88       * @throws ParseException is thrown if there is an exception parsing the
89       * command line.
90       */
91      private void validateArgs() throws FileNotFoundException, ParseException {
92          if (isRunScan()) {
93              validatePathExists(getScanFiles(), "scan");
94              validatePathExists(getReportDirectory(), "out");
95              if (!line.hasOption(ArgumentName.APP_NAME)) {
96                  throw new ParseException("Missing 'app' argument; the scan cannot be run without the an application name.");
97              }
98              if (line.hasOption(ArgumentName.OUTPUT_FORMAT)) {
99                  final String format = line.getOptionValue(ArgumentName.OUTPUT_FORMAT);
100                 try {
101                     Format.valueOf(format);
102                 } catch (IllegalArgumentException ex) {
103                     final String msg = String.format("An invalid 'format' of '%s' was specified. Supported output formats are XML, HTML, VULN, or ALL", format);
104                     throw new ParseException(msg);
105                 }
106             }
107         }
108     }
109 
110     /**
111      * Validates whether or not the path(s) points at a file that exists; if the
112      * path(s) does not point to an existing file a FileNotFoundException is
113      * thrown.
114      *
115      * @param paths the paths to validate if they exists
116      * @param optType the option being validated (e.g. scan, out, etc.)
117      * @throws FileNotFoundException is thrown if one of the paths being
118      * validated does not exist.
119      */
120     private void validatePathExists(String[] paths, String optType) throws FileNotFoundException {
121         for (String path : paths) {
122             validatePathExists(path, optType);
123         }
124     }
125 
126     /**
127      * Validates whether or not the path points at a file that exists; if the
128      * path does not point to an existing file a FileNotFoundException is
129      * thrown.
130      *
131      * @param path the paths to validate if they exists
132      * @param optType the option being validated (e.g. scan, out, etc.)
133      * @throws FileNotFoundException is thrown if the path being validated does
134      * not exist.
135      */
136     private void validatePathExists(String path, String optType) throws FileNotFoundException {
137         final File f = new File(path);
138         if (!f.exists()) {
139             isValid = false;
140             final String msg = String.format("Invalid '%s' argument: '%s'", optType, path);
141             throw new FileNotFoundException(msg);
142         }
143     }
144 
145     /**
146      * Generates an Options collection that is used to parse the command line
147      * and to display the help message.
148      *
149      * @return the command line options used for parsing the command line
150      */
151     @SuppressWarnings("static-access")
152     private Options createCommandLineOptions() {
153         final Option help = new Option(ArgumentName.HELP_SHORT, ArgumentName.HELP, false,
154                 "Print this message.");
155 
156         final Option version = new Option(ArgumentName.VERSION_SHORT, ArgumentName.VERSION,
157                 false, "Print the version information.");
158 
159         final Option noUpdate = new Option(ArgumentName.DISABLE_AUTO_UPDATE_SHORT, ArgumentName.DISABLE_AUTO_UPDATE,
160                 false, "Disables the automatic updating of the CPE data.");
161 
162         final Option appName = OptionBuilder.withArgName("name").hasArg().withLongOpt(ArgumentName.APP_NAME)
163                 .withDescription("The name of the application being scanned. This is a required argument.")
164                 .create(ArgumentName.APP_NAME_SHORT);
165 
166         final Option connectionTimeout = OptionBuilder.withArgName("timeout").hasArg().withLongOpt(ArgumentName.CONNECTION_TIMEOUT)
167                 .withDescription("The connection timeout (in milliseconds) to use when downloading resources.")
168                 .create(ArgumentName.CONNECTION_TIMEOUT_SHORT);
169 
170         final Option proxyUrl = OptionBuilder.withArgName("url").hasArg().withLongOpt(ArgumentName.PROXY_URL)
171                 .withDescription("The proxy url to use when downloading resources.")
172                 .create(ArgumentName.PROXY_URL_SHORT);
173 
174         final Option proxyPort = OptionBuilder.withArgName("port").hasArg().withLongOpt(ArgumentName.PROXY_PORT)
175                 .withDescription("The proxy port to use when downloading resources.")
176                 .create(ArgumentName.PROXY_PORT_SHORT);
177 
178         final Option path = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.SCAN)
179                 .withDescription("The path to scan - this option can be specified multiple times.")
180                 .create(ArgumentName.SCAN_SHORT);
181 
182         final Option props = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.PROP)
183                 .withDescription("A property file to load.")
184                 .create(ArgumentName.PROP_SHORT);
185 
186         final Option data = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.DATA_DIRECTORY)
187                 .withDescription("The location of the data directory used to store persistent data. This option should generally not be set.")
188                 .create(ArgumentName.DATA_DIRECTORY_SHORT);
189 
190         final Option out = OptionBuilder.withArgName("folder").hasArg().withLongOpt(ArgumentName.OUT)
191                 .withDescription("The folder to write reports to. This defaults to the current directory.")
192                 .create(ArgumentName.OUT_SHORT);
193 
194         final Option outputFormat = OptionBuilder.withArgName("format").hasArg().withLongOpt(ArgumentName.OUTPUT_FORMAT)
195                 .withDescription("The output format to write to (XML, HTML, VULN, ALL). The default is HTML.")
196                 .create(ArgumentName.OUTPUT_FORMAT_SHORT);
197 
198         final Option verboseLog = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.VERBOSE_LOG)
199                 .withDescription("The file path to write verbose logging information.")
200                 .create(ArgumentName.VERBOSE_LOG_SHORT);
201 
202         final OptionGroup og = new OptionGroup();
203         og.addOption(path);
204 
205         final Options opts = new Options();
206         opts.addOptionGroup(og);
207         opts.addOption(out);
208         opts.addOption(outputFormat);
209         opts.addOption(appName);
210         opts.addOption(version);
211         opts.addOption(help);
212         opts.addOption(noUpdate);
213         opts.addOption(props);
214         opts.addOption(data);
215         opts.addOption(verboseLog);
216         opts.addOption(proxyPort);
217         opts.addOption(proxyUrl);
218         opts.addOption(connectionTimeout);
219 
220         return opts;
221     }
222 
223     /**
224      * Determines if the 'version' command line argument was passed in.
225      *
226      * @return whether or not the 'version' command line argument was passed in
227      */
228     public boolean isGetVersion() {
229         return (line != null) && line.hasOption(ArgumentName.VERSION);
230     }
231 
232     /**
233      * Determines if the 'help' command line argument was passed in.
234      *
235      * @return whether or not the 'help' command line argument was passed in
236      */
237     public boolean isGetHelp() {
238         return (line != null) && line.hasOption(ArgumentName.HELP);
239     }
240 
241     /**
242      * Determines if the 'scan' command line argument was passed in.
243      *
244      * @return whether or not the 'scan' command line argument was passed in
245      */
246     public boolean isRunScan() {
247         return (line != null) && isValid && line.hasOption(ArgumentName.SCAN);
248     }
249 
250     /**
251      * Displays the command line help message to the standard output.
252      */
253     public void printHelp() {
254         final HelpFormatter formatter = new HelpFormatter();
255         final String nl = System.getProperty("line.separator");
256 
257         formatter.printHelp(Settings.getString("application.name", "DependencyCheck"),
258                 nl + Settings.getString("application.name", "DependencyCheck")
259                 + " can be used to identify if there are any known CVE vulnerabilities in libraries utilized by an application. "
260                 + Settings.getString("application.name", "DependencyCheck")
261                 + " will automatically update required data from the Internet, such as the CVE and CPE data files from nvd.nist.gov." + nl + nl,
262                 options,
263                 "",
264                 true);
265     }
266 
267     /**
268      * Retrieves the file command line parameter(s) specified for the 'scan'
269      * argument.
270      *
271      * @return the file paths specified on the command line for scan
272      */
273     public String[] getScanFiles() {
274         return line.getOptionValues(ArgumentName.SCAN);
275     }
276 
277     /**
278      * Returns the directory to write the reports to specified on the command
279      * line.
280      *
281      * @return the path to the reports directory.
282      */
283     public String getReportDirectory() {
284         return line.getOptionValue(ArgumentName.OUT, ".");
285     }
286 
287     /**
288      * Returns the output format specified on the command line. Defaults to HTML
289      * if no format was specified.
290      *
291      * @return the output format name.
292      */
293     public String getReportFormat() {
294         return line.getOptionValue(ArgumentName.OUTPUT_FORMAT, "HTML");
295     }
296 
297     /**
298      * Returns the application name specified on the command line.
299      *
300      * @return the application name.
301      */
302     public String getApplicationName() {
303         return line.getOptionValue(ArgumentName.APP_NAME);
304     }
305 
306     /**
307      * Returns the connection timeout.
308      *
309      * @return the connection timeout
310      */
311     public String getConnectionTimeout() {
312         return line.getOptionValue(ArgumentName.CONNECTION_TIMEOUT);
313     }
314 
315     /**
316      * Returns the proxy url.
317      *
318      * @return the proxy url
319      */
320     public String getProxyUrl() {
321         return line.getOptionValue(ArgumentName.PROXY_URL);
322     }
323 
324     /**
325      * Returns the proxy port.
326      *
327      * @return the proxy port
328      */
329     public String getProxyPort() {
330         return line.getOptionValue(ArgumentName.PROXY_PORT);
331     }
332 
333     /**
334      * Get the value of dataDirectory.
335      *
336      * @return the value of dataDirectory
337      */
338     public String getDataDirectory() {
339         return line.getOptionValue(ArgumentName.DATA_DIRECTORY);
340     }
341 
342     /**
343      * Returns the properties file specified on the command line.
344      *
345      * @return the properties file specified on the command line
346      */
347     public File getPropertiesFile() {
348         final String path = line.getOptionValue(ArgumentName.PROP);
349         if (path != null) {
350             return new File(path);
351         }
352         return null;
353     }
354 
355     /**
356      * Returns the path to the verbose log file.
357      *
358      * @return the path to the verbose log file
359      */
360     public String getVerboseLog() {
361         return line.getOptionValue(ArgumentName.VERBOSE_LOG);
362     }
363 
364     /**
365      * <p>Prints the manifest information to standard output.</p>
366      * <ul><li>Implementation-Title: ${pom.name}</li>
367      * <li>Implementation-Version: ${pom.version}</li></ul>
368      */
369     public void printVersionInfo() {
370         final String version = String.format("%s version %s",
371                 Settings.getString("application.name", "DependencyCheck"),
372                 Settings.getString("application.version", "Unknown"));
373         System.out.println(version);
374     }
375 
376     /**
377      * Checks if the auto update feature has been disabled. If it has been
378      * disabled via the command line this will return false.
379      *
380      * @return if auto-update is allowed.
381      */
382     public boolean isAutoUpdate() {
383         return (line == null) || !line.hasOption(ArgumentName.DISABLE_AUTO_UPDATE);
384     }
385 
386     /**
387      * A collection of static final strings that represent the possible command
388      * line arguments.
389      */
390     public static class ArgumentName {
391 
392         /**
393          * The long CLI argument name specifying the directory/file to scan.
394          */
395         public static final String SCAN = "scan";
396         /**
397          * The short CLI argument name specifying the directory/file to scan.
398          */
399         public static final String SCAN_SHORT = "s";
400         /**
401          * The long CLI argument name specifying that the CPE/CVE/etc. data
402          * should not be automatically updated.
403          */
404         public static final String DISABLE_AUTO_UPDATE = "noupdate";
405         /**
406          * The short CLI argument name specifying that the CPE/CVE/etc. data
407          * should not be automatically updated.
408          */
409         public static final String DISABLE_AUTO_UPDATE_SHORT = "n";
410         /**
411          * The long CLI argument name specifying the directory to write the
412          * reports to.
413          */
414         public static final String OUT = "out";
415         /**
416          * The short CLI argument name specifying the directory to write the
417          * reports to.
418          */
419         public static final String OUT_SHORT = "o";
420         /**
421          * The long CLI argument name specifying the output format to write the
422          * reports to.
423          */
424         public static final String OUTPUT_FORMAT = "format";
425         /**
426          * The short CLI argument name specifying the output format to write the
427          * reports to.
428          */
429         public static final String OUTPUT_FORMAT_SHORT = "f";
430         /**
431          * The long CLI argument name specifying the name of the application to
432          * be scanned.
433          */
434         public static final String APP_NAME = "app";
435         /**
436          * The short CLI argument name specifying the name of the application to
437          * be scanned.
438          */
439         public static final String APP_NAME_SHORT = "a";
440         /**
441          * The long CLI argument name asking for help.
442          */
443         public static final String HELP = "help";
444         /**
445          * The short CLI argument name asking for help.
446          */
447         public static final String HELP_SHORT = "h";
448         /**
449          * The long CLI argument name asking for the version.
450          */
451         public static final String VERSION_SHORT = "v";
452         /**
453          * The short CLI argument name asking for the version.
454          */
455         public static final String VERSION = "version";
456         /**
457          * The short CLI argument name indicating the proxy port.
458          */
459         public static final String PROXY_PORT_SHORT = "p";
460         /**
461          * The CLI argument name indicating the proxy port.
462          */
463         public static final String PROXY_PORT = "proxyport";
464         /**
465          * The short CLI argument name indicating the proxy url.
466          */
467         public static final String PROXY_URL_SHORT = "u";
468         /**
469          * The CLI argument name indicating the proxy url.
470          */
471         public static final String PROXY_URL = "proxyurl";
472         /**
473          * The short CLI argument name indicating the proxy url.
474          */
475         public static final String CONNECTION_TIMEOUT_SHORT = "c";
476         /**
477          * The CLI argument name indicating the proxy url.
478          */
479         public static final String CONNECTION_TIMEOUT = "connectiontimeout";
480         /**
481          * The short CLI argument name for setting the location of an additional
482          * properties file.
483          */
484         public static final String PROP_SHORT = "p";
485         /**
486          * The CLI argument name for setting the location of an additional
487          * properties file.
488          */
489         public static final String PROP = "propertyfile";
490         /**
491          * The CLI argument name for setting the location of the data directory.
492          */
493         public static final String DATA_DIRECTORY = "data";
494         /**
495          * The short CLI argument name for setting the location of the data
496          * directory.
497          */
498         public static final String DATA_DIRECTORY_SHORT = "d";
499         /**
500          * The CLI argument name for setting the location of the data directory.
501          */
502         public static final String VERBOSE_LOG = "log";
503         /**
504          * The short CLI argument name for setting the location of the data
505          * directory.
506          */
507         public static final String VERBOSE_LOG_SHORT = "l";
508     }
509 }