Package org.owasp.dependencycheck

Class CliParser

  • public final class CliParser
extends java.lang.Object
    A utility to parse command line arguments for the DependencyCheck.
    Author:
    Jeremy Long

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  CliParser.ARGUMENT
      A collection of static final strings that represent the possible command line arguments.

    • Constructor Summary

      Constructors 
      Constructor Description
      CliParser​(Settings settings)
      Constructs a new CLI Parser object with the configured settings.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.Boolean getBooleanArgument​(java.lang.String argument)
      Returns the argument boolean value.
      java.lang.String getDatabaseDriverName()
      Returns the database driver name if specified; otherwise null is returned.
      java.lang.String[] getExcludeList()
      Retrieves the list of excluded file patterns specified by the 'exclude' argument.
      float getFailOnCVSS()
      Returns the CVSS value to fail on.
      java.io.File getFileArgument​(java.lang.String option)
      Returns the argument value for the given option.
      float getFloatArgument​(java.lang.String option, float defaultValue)
      Returns the float argument for the given option.
      java.lang.Integer getIntegerValue​(java.lang.String argument)
      Returns the argument value.
      java.lang.String getProjectName()
      Returns the application name specified on the command line.
      java.lang.String getReportDirectory()
      Returns the directory to write the reports to specified on the command line.
      java.lang.String[] getReportFormat()
      Returns the output format specified on the command line.
      java.lang.String[] getRetireJsFilters()
      Retrieves the list of retire JS content filters used to exclude JS files by content.
      java.lang.String[] getScanFiles()
      Retrieves the file command line parameter(s) specified for the 'scan' argument.
      java.lang.String getStringArgument​(java.lang.String option)
      Returns the argument value for the given option.
      java.lang.String getStringArgument​(java.lang.String option, java.lang.String key)
      Returns the argument value for the given option.
      java.lang.String[] getStringArguments​(java.lang.String option)
      Returns the argument value for the given option.
      int getSymLinkDepth()
      Returns the symbolic link depth (how deeply symbolic links will be followed).
      java.lang.Boolean hasOption​(java.lang.String option)
      Checks if the option is present.
      boolean isDisabled​(java.lang.String disableFlag, java.lang.String setting)
      Utility method to determine if one of the disable options has been set.
      boolean isGetHelp()
      Determines if the 'help' command line argument was passed in.
      boolean isGetVersion()
      Determines if the 'version' command line argument was passed in.
      boolean isNexusUsesProxy()
      Returns true if the Nexus Analyzer should use the configured proxy to connect to Nexus; otherwise false is returned.
      boolean isNodeAuditDisabled()
      Returns true if the disableNodeAudit command line argument was specified.
      boolean isPnpmAuditDisabled()
      Returns true if the disablePnpmAudit command line argument was specified.
      boolean isPurge()
      Checks if the purge NVD flag has been set.
      java.lang.Boolean isRetireJsFilterNonVulnerable()
      Returns whether or not the retireJS analyzer should exclude non-vulnerable JS from the report.
      boolean isRunScan()
      Determines if the 'scan' command line argument was passed in.
      boolean isUpdateOnly()
      Checks if the update only flag has been set.
      boolean isYarnAuditDisabled()
      Returns true if the disableYarnAudit command line argument was specified.
      void parse​(java.lang.String[] args)
      Parses the arguments passed in and captures the results for later use.
      void printHelp()
      Displays the command line help message to the standard output.
      void printVersionInfo()
      Prints the manifest information to standard output.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • CliParser

        public CliParser​(Settings settings)
        Constructs a new CLI Parser object with the configured settings.
        Parameters:
        settings - the configured settings

    • Method Detail

      • parse

        public void parse​(java.lang.String[] args)
           throws java.io.FileNotFoundException,
                  org.apache.commons.cli.ParseException
        Parses the arguments passed in and captures the results for later use.
        Parameters:
        args - the command line arguments
        Throws:
        java.io.FileNotFoundException - is thrown when a 'file' argument does not point to a file that exists.
        org.apache.commons.cli.ParseException - is thrown when a Parse Exception occurs.

      • isGetVersion

        public boolean isGetVersion()
        Determines if the 'version' command line argument was passed in.
        Returns:
        whether or not the 'version' command line argument was passed in

      • isGetHelp

        public boolean isGetHelp()
        Determines if the 'help' command line argument was passed in.
        Returns:
        whether or not the 'help' command line argument was passed in

      • isRunScan

        public boolean isRunScan()
        Determines if the 'scan' command line argument was passed in.
        Returns:
        whether or not the 'scan' command line argument was passed in

      • getSymLinkDepth

        public int getSymLinkDepth()
        Returns the symbolic link depth (how deeply symbolic links will be followed).
        Returns:
        the symbolic link depth

      • isDisabled

        public boolean isDisabled​(java.lang.String disableFlag,
                          java.lang.String setting)
        Utility method to determine if one of the disable options has been set. If not set, this method will check the currently configured settings for the current value to return.

        Example given `--disableArchive` on the command line would cause this method to return true for the disable archive setting.

        Parameters:
        disableFlag - the command line disable option
        setting - the corresponding settings key
        Returns:
        true if the disable option was set, if not set the currently configured value will be returned

      • isNodeAuditDisabled

        public boolean isNodeAuditDisabled()
        Returns true if the disableNodeAudit command line argument was specified.
        Returns:
        true if the disableNodeAudit command line argument was specified; otherwise false

      • isYarnAuditDisabled

        public boolean isYarnAuditDisabled()
        Returns true if the disableYarnAudit command line argument was specified.
        Returns:
        true if the disableYarnAudit command line argument was specified; otherwise false

      • isPnpmAuditDisabled

        public boolean isPnpmAuditDisabled()
        Returns true if the disablePnpmAudit command line argument was specified.
        Returns:
        true if the disablePnpmAudit command line argument was specified; otherwise false

      • isNexusUsesProxy

        public boolean isNexusUsesProxy()
        Returns true if the Nexus Analyzer should use the configured proxy to connect to Nexus; otherwise false is returned.
        Returns:
        true if the Nexus Analyzer should use the configured proxy to connect to Nexus; otherwise false

      • getBooleanArgument

        public java.lang.Boolean getBooleanArgument​(java.lang.String argument)
        Returns the argument boolean value.
        Parameters:
        argument - the argument
        Returns:
        the argument boolean value

      • getStringArgument

        public java.lang.String getStringArgument​(java.lang.String option)
        Returns the argument value for the given option.
        Parameters:
        option - the option
        Returns:
        the value of the argument

      • getStringArgument

        public java.lang.String getStringArgument​(java.lang.String option,
                                          java.lang.String key)
        Returns the argument value for the given option.
        Parameters:
        option - the option
        key - the dependency-check settings key for the option.
        Returns:
        the value of the argument

      • getStringArguments

        public java.lang.String[] getStringArguments​(java.lang.String option)
        Returns the argument value for the given option.
        Parameters:
        option - the option
        Returns:
        the value of the argument

      • getFileArgument

        public java.io.File getFileArgument​(java.lang.String option)
        Returns the argument value for the given option.
        Parameters:
        option - the option
        Returns:
        the value of the argument

      • printHelp

        public void printHelp()
        Displays the command line help message to the standard output.

      • getScanFiles

        public java.lang.String[] getScanFiles()
        Retrieves the file command line parameter(s) specified for the 'scan' argument.
        Returns:
        the file paths specified on the command line for scan

      • getExcludeList

        public java.lang.String[] getExcludeList()
        Retrieves the list of excluded file patterns specified by the 'exclude' argument.
        Returns:
        the excluded file patterns

      • getRetireJsFilters

        public java.lang.String[] getRetireJsFilters()
        Retrieves the list of retire JS content filters used to exclude JS files by content.
        Returns:
        the retireJS filters

      • isRetireJsFilterNonVulnerable

        public java.lang.Boolean isRetireJsFilterNonVulnerable()
        Returns whether or not the retireJS analyzer should exclude non-vulnerable JS from the report.
        Returns:
        true if non-vulnerable JS should be filtered in the RetireJS Analyzer; otherwise null

      • getReportDirectory

        public java.lang.String getReportDirectory()
        Returns the directory to write the reports to specified on the command line.
        Returns:
        the path to the reports directory.

      • getReportFormat

        public java.lang.String[] getReportFormat()
        Returns the output format specified on the command line. Defaults to HTML if no format was specified.
        Returns:
        the output format name.

      • getProjectName

        public java.lang.String getProjectName()
        Returns the application name specified on the command line.
        Returns:
        the application name.

      • printVersionInfo

        public void printVersionInfo()

        Prints the manifest information to standard output.

        • Implementation-Title: ${pom.name}
        • Implementation-Version: ${pom.version}

      • isUpdateOnly

        public boolean isUpdateOnly()
        Checks if the update only flag has been set.
        Returns:
        true if the update only flag has been set; otherwise false.

      • isPurge

        public boolean isPurge()
        Checks if the purge NVD flag has been set.
        Returns:
        true if the purge nvd flag has been set; otherwise false.

      • getDatabaseDriverName

        public java.lang.String getDatabaseDriverName()
        Returns the database driver name if specified; otherwise null is returned.
        Returns:
        the database driver name if specified; otherwise null is returned

      • getIntegerValue

        public java.lang.Integer getIntegerValue​(java.lang.String argument)
        Returns the argument value.
        Parameters:
        argument - the argument
        Returns:
        the value of the argument

      • hasOption

        public java.lang.Boolean hasOption​(java.lang.String option)
        Checks if the option is present. If present it will return true; otherwise false.
        Parameters:
        option - the option to check
        Returns:
        true if auto-update is allowed; otherwise null

      • getFailOnCVSS

        public float getFailOnCVSS()
        Returns the CVSS value to fail on.
        Returns:
        11 if nothing is set. Otherwise it returns the int passed from the command line arg

      • getFloatArgument

        public float getFloatArgument​(java.lang.String option,
                              float defaultValue)
        Returns the float argument for the given option.
        Parameters:
        option - the option
        defaultValue - the value if the option is not present
        Returns:
        the value of the argument if present; otherwise the defaultValue