View Javadoc
1   /*
2    * This file is part of dependency-check-cli.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck;
19  
20  import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
21  
22  import java.io.File;
23  import java.io.FileNotFoundException;
24  
25  import org.apache.commons.cli.CommandLine;
26  import org.apache.commons.cli.CommandLineParser;
27  import org.apache.commons.cli.DefaultParser;
28  import org.apache.commons.cli.HelpFormatter;
29  import org.apache.commons.cli.Option;
30  import org.apache.commons.cli.OptionGroup;
31  import org.apache.commons.cli.Options;
32  import org.apache.commons.cli.ParseException;
33  import org.owasp.dependencycheck.reporting.ReportGenerator.Format;
34  import org.owasp.dependencycheck.utils.InvalidSettingException;
35  import org.owasp.dependencycheck.utils.Settings;
36  import org.slf4j.Logger;
37  import org.slf4j.LoggerFactory;
38  
39  /**
40   * A utility to parse command line arguments for the DependencyCheck.
41   *
42   * @author Jeremy Long
43   */
44  //suppress hard-coded password rule
45  @SuppressWarnings("squid:S2068")
46  public final class CliParser {
47  
48      /**
49       * The logger.
50       */
51      private static final Logger LOGGER = LoggerFactory.getLogger(CliParser.class);
52      /**
53       * The command line.
54       */
55      private CommandLine line;
56      /**
57       * Indicates whether the arguments are valid.
58       */
59      private boolean isValid = true;
60      /**
61       * The configured settings.
62       */
63      private final Settings settings;
64      /**
65       * The supported reported formats.
66       */
67      private static final String SUPPORTED_FORMATS = "HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, GITLAB or ALL";
68  
69      /**
70       * Constructs a new CLI Parser object with the configured settings.
71       *
72       * @param settings the configured settings
73       */
74      public CliParser(Settings settings) {
75          this.settings = settings;
76      }
77  
78      /**
79       * Parses the arguments passed in and captures the results for later use.
80       *
81       * @param args the command line arguments
82       * @throws FileNotFoundException is thrown when a 'file' argument does not
83       * point to a file that exists.
84       * @throws ParseException is thrown when a Parse Exception occurs.
85       */
86      public void parse(String[] args) throws FileNotFoundException, ParseException {
87          line = parseArgs(args);
88  
89          if (line != null) {
90              validateArgs();
91          }
92      }
93  
94      /**
95       * Parses the command line arguments.
96       *
97       * @param args the command line arguments
98       * @return the results of parsing the command line arguments
99       * @throws ParseException if the arguments are invalid
100      */
101     private CommandLine parseArgs(String[] args) throws ParseException {
102         final CommandLineParser parser = new DefaultParser();
103         final Options options = createCommandLineOptions();
104         return parser.parse(options, args);
105     }
106 
107     /**
108      * Validates that the command line arguments are valid.
109      *
110      * @throws FileNotFoundException if there is a file specified by either the
111      * SCAN or CPE command line arguments that does not exist.
112      * @throws ParseException is thrown if there is an exception parsing the
113      * command line.
114      */
115     private void validateArgs() throws FileNotFoundException, ParseException {
116         if (isUpdateOnly() || isRunScan()) {
117 
118             String value = line.getOptionValue(ARGUMENT.NVD_API_VALID_FOR_HOURS);
119             if (value != null) {
120                 try {
121                     final int i = Integer.parseInt(value);
122                     if (i < 0) {
123                         throw new ParseException("Invalid Setting: nvdValidForHours must be a number greater than or equal to 0.");
124                     }
125                 } catch (NumberFormatException ex) {
126                     throw new ParseException("Invalid Setting: nvdValidForHours must be a number greater than or equal to 0.");
127                 }
128             }
129             value = line.getOptionValue(ARGUMENT.NVD_API_MAX_RETRY_COUNT);
130             if (value != null) {
131                 try {
132                     final int i = Integer.parseInt(value);
133                     if (i <= 0) {
134                         throw new ParseException("Invalid Setting: nvdMaxRetryCount must be a number greater than 0.");
135                     }
136                 } catch (NumberFormatException ex) {
137                     throw new ParseException("Invalid Setting: nvdMaxRetryCount must be a number greater than 0.");
138                 }
139             }
140             value = line.getOptionValue(ARGUMENT.NVD_API_DELAY);
141             if (value != null) {
142                 try {
143                     final int i = Integer.parseInt(value);
144                     if (i < 0) {
145                         throw new ParseException("Invalid Setting: nvdApiDelay must be a number greater than or equal to 0.");
146                     }
147                 } catch (NumberFormatException ex) {
148                     throw new ParseException("Invalid Setting: nvdApiDelay must be a number greater than or equal to 0.");
149                 }
150             }
151             value = line.getOptionValue(ARGUMENT.NVD_API_RESULTS_PER_PAGE);
152             if (value != null) {
153                 try {
154                     final int i = Integer.parseInt(value);
155                     if (i <= 0 || i > 2000) {
156                         throw new ParseException("Invalid Setting: nvdApiResultsPerPage must be a number in the range [1, 2000].");
157                     }
158                 } catch (NumberFormatException ex) {
159                     throw new ParseException("Invalid Setting: nvdApiResultsPerPage must be a number in the range [1, 2000].");
160                 }
161             }
162         }
163         if (isRunScan()) {
164             validatePathExists(getScanFiles(), ARGUMENT.SCAN);
165             validatePathExists(getReportDirectory(), ARGUMENT.OUT);
166             final String pathToCore = getStringArgument(ARGUMENT.PATH_TO_CORE);
167             if (pathToCore != null) {
168                 validatePathExists(pathToCore, ARGUMENT.PATH_TO_CORE);
169             }
170             if (line.hasOption(ARGUMENT.OUTPUT_FORMAT)) {
171                 for (String validating : getReportFormat()) {
172                     if (!isValidFormat(validating)
173                             && !isValidFilePath(validating, "format")) {
174                         final String msg = String.format("An invalid 'format' of '%s' was specified. "
175                                 + "Supported output formats are %s, and custom template files.",
176                                 validating, SUPPORTED_FORMATS);
177                         throw new ParseException(msg);
178                     }
179                 }
180             }
181             if (line.hasOption(ARGUMENT.SYM_LINK_DEPTH)) {
182                 try {
183                     final int i = Integer.parseInt(line.getOptionValue(ARGUMENT.SYM_LINK_DEPTH));
184                     if (i < 0) {
185                         throw new ParseException("Symbolic Link Depth (symLink) must be greater than zero.");
186                     }
187                 } catch (NumberFormatException ex) {
188                     throw new ParseException("Symbolic Link Depth (symLink) is not a number.");
189                 }
190             }
191         }
192     }
193 
194     /**
195      * Validates the format to be one of the known Formats.
196      *
197      * @param format the format to validate
198      * @return true, if format is known in Format; false otherwise
199      * @see Format
200      */
201     private boolean isValidFormat(String format) {
202         try {
203             Format.valueOf(format);
204             return true;
205         } catch (IllegalArgumentException ex) {
206             return false;
207         }
208     }
209 
210     /**
211      * Validates the path to point at an existing file.
212      *
213      * @param path the path to validate if it exists
214      * @param argumentName the argument being validated (e.g. scan, out, etc.)
215      * @return true, if path exists; false otherwise
216      */
217     private boolean isValidFilePath(String path, String argumentName) {
218         try {
219             validatePathExists(path, argumentName);
220             return true;
221         } catch (FileNotFoundException ex) {
222             return false;
223         }
224     }
225 
226     /**
227      * Validates whether or not the path(s) points at a file that exists; if the
228      * path(s) does not point to an existing file a FileNotFoundException is
229      * thrown.
230      *
231      * @param paths the paths to validate if they exists
232      * @param optType the option being validated (e.g. scan, out, etc.)
233      * @throws FileNotFoundException is thrown if one of the paths being
234      * validated does not exist.
235      */
236     private void validatePathExists(String[] paths, String optType) throws FileNotFoundException {
237         for (String path : paths) {
238             validatePathExists(path, optType);
239         }
240     }
241 
242     /**
243      * Validates whether or not the path points at a file that exists; if the
244      * path does not point to an existing file a FileNotFoundException is
245      * thrown.
246      *
247      * @param path the paths to validate if they exists
248      * @param argumentName the argument being validated (e.g. scan, out, etc.)
249      * @throws FileNotFoundException is thrown if the path being validated does
250      * not exist.
251      */
252     private void validatePathExists(String path, String argumentName) throws FileNotFoundException {
253         if (path == null) {
254             isValid = false;
255             final String msg = String.format("Invalid '%s' argument: null", argumentName);
256             throw new FileNotFoundException(msg);
257         } else if (!path.contains("*") && !path.contains("?")) {
258             File f = new File(path);
259             final String[] formats = this.getReportFormat();
260             if ("o".equalsIgnoreCase(argumentName.substring(0, 1)) && formats.length == 1 && !"ALL".equalsIgnoreCase(formats[0])) {
261                 final String checkPath = path.toLowerCase();
262                 if (checkPath.endsWith(".html") || checkPath.endsWith(".xml") || checkPath.endsWith(".htm")
263                         || checkPath.endsWith(".csv") || checkPath.endsWith(".json")) {
264                     if (f.getParentFile() == null) {
265                         f = new File(".", path);
266                     }
267                     if (!f.getParentFile().isDirectory()) {
268                         isValid = false;
269                         final String msg = String.format("Invalid '%s' argument: '%s' - directory path does not exist", argumentName, path);
270                         throw new FileNotFoundException(msg);
271                     }
272                 }
273             } else if ("o".equalsIgnoreCase(argumentName.substring(0, 1)) && !f.isDirectory()) {
274                 if (f.getParentFile() != null && f.getParentFile().isDirectory() && !f.mkdir()) {
275                     isValid = false;
276                     final String msg = String.format("Invalid '%s' argument: '%s' - unable to create the output directory", argumentName, path);
277                     throw new FileNotFoundException(msg);
278                 }
279                 if (!f.isDirectory()) {
280                     isValid = false;
281                     final String msg = String.format("Invalid '%s' argument: '%s' - path does not exist", argumentName, path);
282                     throw new FileNotFoundException(msg);
283                 }
284             } else if (!f.exists()) {
285                 isValid = false;
286                 final String msg = String.format("Invalid '%s' argument: '%s' - path does not exist", argumentName, path);
287                 throw new FileNotFoundException(msg);
288             }
289 //        } else if (path.startsWith("//") || path.startsWith("\\\\")) {
290 //            isValid = false;
291 //            final String msg = String.format("Invalid '%s' argument: '%s'%nUnable to scan paths that start with '//'.", argumentName, path);
292 //            throw new FileNotFoundException(msg);
293         } else if ((path.endsWith("/*") && !path.endsWith("**/*")) || (path.endsWith("\\*") && path.endsWith("**\\*"))) {
294             LOGGER.warn("Possibly incorrect path '{}' from argument '{}' because it ends with a slash star; "
295                     + "dependency-check uses ant-style paths", path, argumentName);
296         }
297     }
298 
299     /**
300      * Generates an Options collection that is used to parse the command line
301      * and to display the help message.
302      *
303      * @return the command line options used for parsing the command line
304      */
305     @SuppressWarnings("static-access")
306     private Options createCommandLineOptions() {
307         final Options options = new Options();
308         addStandardOptions(options);
309         addAdvancedOptions(options);
310         addDeprecatedOptions(options);
311         return options;
312     }
313 
314     /**
315      * Adds the standard command line options to the given options collection.
316      *
317      * @param options a collection of command line arguments
318      */
319     @SuppressWarnings("static-access")
320     private void addStandardOptions(final Options options) {
321         //This is an option group because it can be specified more then once.
322 
323         options.addOptionGroup(newOptionGroup(newOptionWithArg(ARGUMENT.SCAN_SHORT, ARGUMENT.SCAN, "path",
324                 "The path to scan - this option can be specified multiple times. Ant style paths are supported (e.g. 'path/**/*.jar'); "
325                 + "if using Ant style paths it is highly recommended to quote the argument value.")))
326                 .addOptionGroup(newOptionGroup(newOptionWithArg(ARGUMENT.EXCLUDE, "pattern", "Specify an exclusion pattern. This option "
327                         + "can be specified multiple times and it accepts Ant style exclusions.")))
328                 .addOption(newOptionWithArg(ARGUMENT.PROJECT, "name", "The name of the project being scanned."))
329                 .addOption(newOptionWithArg(ARGUMENT.OUT_SHORT, ARGUMENT.OUT, "path",
330                         "The folder to write reports to. This defaults to the current directory. It is possible to set this to a specific "
331                         + "file name if the format argument is not set to ALL."))
332                 .addOption(newOptionWithArg(ARGUMENT.OUTPUT_FORMAT_SHORT, ARGUMENT.OUTPUT_FORMAT, "format",
333                         "The report format (" + SUPPORTED_FORMATS + "). The default is HTML. Multiple format parameters can be specified."))
334                 .addOption(newOption(ARGUMENT.PRETTY_PRINT, "When specified the JSON and XML report formats will be pretty printed."))
335                 .addOption(newOption(ARGUMENT.VERSION_SHORT, ARGUMENT.VERSION, "Print the version information."))
336                 .addOption(newOption(ARGUMENT.HELP_SHORT, ARGUMENT.HELP, "Print this message."))
337                 .addOption(newOption(ARGUMENT.ADVANCED_HELP, "Print the advanced help message."))
338                 .addOption(newOption(ARGUMENT.DISABLE_AUTO_UPDATE_SHORT, ARGUMENT.DISABLE_AUTO_UPDATE,
339                         "Disables the automatic updating of the NVD-CVE, hosted-suppressions and RetireJS data."))
340                 .addOption(newOptionWithArg(ARGUMENT.VERBOSE_LOG_SHORT, ARGUMENT.VERBOSE_LOG, "file",
341                         "The file path to write verbose logging information."))
342                 .addOptionGroup(newOptionGroup(newOptionWithArg(ARGUMENT.SUPPRESSION_FILES, "file",
343                         "The file path to the suppression XML file. This can be specified more then once to utilize multiple suppression files")))
344                 .addOption(newOption(ARGUMENT.DISABLE_VERSION_CHECK, "Disables the dependency-check version check"))
345                 .addOption(newOption(ARGUMENT.EXPERIMENTAL, "Enables the experimental analyzers."))
346                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_KEY, "apiKey", "The API Key to access the NVD API."))
347                 .addOption(newOptionWithArg(ARGUMENT.FAIL_ON_CVSS, "score",
348                         "Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11; "
349                         + "since the CVSS scores are 0-10, by default the build will never fail."))
350                 .addOption(newOptionWithArg(ARGUMENT.FAIL_JUNIT_ON_CVSS, "score",
351                         "Specifies the CVSS score that is considered a failure when generating the junit report. The default is 0."));
352     }
353 
354     /**
355      * Adds the advanced command line options to the given options collection.
356      * These are split out for purposes of being able to display two different
357      * help messages.
358      *
359      * @param options a collection of command line arguments
360      */
361     @SuppressWarnings("static-access")
362     private void addAdvancedOptions(final Options options) {
363         options
364                 .addOption(newOption(ARGUMENT.UPDATE_ONLY,
365                         "Only update the local NVD data cache; no scan will be executed."))
366                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_DELAY, "milliseconds",
367                         "Time in milliseconds to wait between downloading from the NVD."))
368                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_RESULTS_PER_PAGE, "count",
369                         "The number records for a single page from NVD API (must be <=2000)."))
370                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_ENDPOINT, "endpoint",
371                         "The NVD API Endpoint - setting this is rare."))
372                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_DATAFEED_URL, "url",
373                         "The URL to the NVD API Datafeed."))
374                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_DATAFEED_USER, "user",
375                         "Credentials for basic authentication to the NVD API Datafeed."))
376                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_DATAFEED_PASSWORD, "password",
377                         "Credentials for basic authentication to the NVD API Datafeed."))
378                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_DATAFEED_BEARER_TOKEN, "token",
379                         "Credentials for bearer authentication to the NVD API Datafeed."))
380                 .addOption(newOptionWithArg(ARGUMENT.SUPPRESSION_FILE_USER, "user",
381                         "Credentials for basic authentication to web-hosted suppression files."))
382                 .addOption(newOptionWithArg(ARGUMENT.SUPPRESSION_FILE_PASSWORD, "password",
383                         "Credentials for basic authentication to web-hosted suppression files."))
384                 .addOption(newOptionWithArg(ARGUMENT.SUPPRESSION_FILE_BEARER_TOKEN, "token",
385                         "Credentials for bearer authentication to web-hosted suppression files."))
386                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_MAX_RETRY_COUNT, "count",
387                         "The maximum number of retry requests for a single call to the NVD API."))
388                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_VALID_FOR_HOURS, "hours",
389                         "The number of hours to wait before checking for new updates from the NVD."))
390                 .addOption(newOptionWithArg(ARGUMENT.PROXY_PORT, "port",
391                         "The proxy port to use when downloading resources."))
392                 .addOption(newOptionWithArg(ARGUMENT.PROXY_SERVER, "server",
393                         "The proxy server to use when downloading resources."))
394                 .addOption(newOptionWithArg(ARGUMENT.PROXY_USERNAME, "user",
395                         "The proxy username to use when downloading resources."))
396                 .addOption(newOptionWithArg(ARGUMENT.PROXY_PASSWORD, "pass",
397                         "The proxy password to use when downloading resources."))
398                 .addOption(newOptionWithArg(ARGUMENT.NON_PROXY_HOSTS, "list",
399                         "The proxy exclusion list: hostnames (or patterns) for which proxy should not be used. "
400                         + "Use pipe, comma or colon as list separator."))
401                 .addOption(newOptionWithArg(ARGUMENT.CONNECTION_TIMEOUT_SHORT, ARGUMENT.CONNECTION_TIMEOUT, "timeout",
402                         "The connection timeout (in milliseconds) to use when downloading resources."))
403                 .addOption(newOptionWithArg(ARGUMENT.CONNECTION_READ_TIMEOUT, "timeout",
404                         "The read timeout (in milliseconds) to use when downloading resources."))
405                 .addOption(newOptionWithArg(ARGUMENT.CONNECTION_STRING, "connStr",
406                         "The connection string to the database."))
407                 .addOption(newOptionWithArg(ARGUMENT.DB_NAME, "user",
408                         "The username used to connect to the database."))
409                 .addOption(newOptionWithArg(ARGUMENT.DATA_DIRECTORY_SHORT, ARGUMENT.DATA_DIRECTORY, "path",
410                         "The location of the H2 Database file. This option should generally not be set."))
411                 .addOption(newOptionWithArg(ARGUMENT.DB_PASSWORD, "password",
412                         "The password for connecting to the database."))
413                 .addOption(newOptionWithArg(ARGUMENT.DB_DRIVER, "driver",
414                         "The database driver name."))
415                 .addOption(newOptionWithArg(ARGUMENT.DB_DRIVER_PATH, "path",
416                         "The path to the database driver; note, this does not need to be set unless the JAR is "
417                         + "outside of the classpath."))
418                 .addOption(newOptionWithArg(ARGUMENT.SYM_LINK_DEPTH, "depth",
419                         "Sets how deep nested symbolic links will be followed; 0 indicates symbolic links will not be followed."))
420                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_BUNDLE_AUDIT, "path",
421                         "The path to bundle-audit for Gem bundle analysis."))
422                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_BUNDLE_AUDIT_WORKING_DIRECTORY, "path",
423                         "The path to working directory that the bundle-audit command should be executed from when "
424                         + "doing Gem bundle analysis."))
425                 .addOption(newOptionWithArg(ARGUMENT.CENTRAL_URL, "url",
426                         "Alternative URL for Maven Central Search. If not set the public Sonatype Maven Central will be used."))
427                 .addOption(newOptionWithArg(ARGUMENT.CENTRAL_USERNAME, "username",
428                         "Credentials for basic auth towards the --centralUrl."))
429                 .addOption(newOptionWithArg(ARGUMENT.CENTRAL_PASSWORD, "password",
430                         "Credentials for basic auth towards the --centralUrl"))
431                 .addOption(newOptionWithArg(ARGUMENT.CENTRAL_BEARER_TOKEN, "token",
432                         "Token for bearer auth towards the --centralUrl"))
433                 .addOption(newOptionWithArg(ARGUMENT.OSSINDEX_URL, "url",
434                         "Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used."))
435                 .addOption(newOptionWithArg(ARGUMENT.OSSINDEX_USERNAME, "username",
436                         "The username to authenticate to Sonatype's OSS Index. If not set the Sonatype OSS Index "
437                         + "Analyzer will use an unauthenticated connection."))
438                 .addOption(newOptionWithArg(ARGUMENT.OSSINDEX_PASSWORD, "password", ""
439                         + "The password to authenticate to Sonatype's OSS Index. If not set the Sonatype OSS "
440                         + "Index Analyzer will use an unauthenticated connection."))
441                 .addOption(newOptionWithArg(ARGUMENT.OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS, "true/false", ""
442                         + "Whether a Sonatype OSS Index remote error should result in a warning only or a failure."))
443                 .addOption(newOption(ARGUMENT.RETIRE_JS_FORCEUPDATE, "Force the RetireJS Analyzer to update "
444                         + "even if autoupdate is disabled"))
445                 .addOption(newOptionWithArg(ARGUMENT.RETIREJS_URL, "url",
446                         "The Retire JS Repository URL"))
447                 .addOption(newOptionWithArg(ARGUMENT.RETIREJS_URL_USER, "username",
448                         "The password to authenticate to Retire JS Repository URL"))
449                 .addOption(newOptionWithArg(ARGUMENT.RETIREJS_URL_PASSWORD, "password",
450                         "The password to authenticate to Retire JS Repository URL"))
451                 .addOption(newOptionWithArg(ARGUMENT.RETIREJS_URL_BEARER_TOKEN, "token",
452                         "The password to authenticate to Retire JS Repository URL"))
453                 .addOption(newOption(ARGUMENT.RETIREJS_FILTER_NON_VULNERABLE, "Specifies that the Retire JS "
454                         + "Analyzer should filter out non-vulnerable JS files from the report."))
455                 .addOption(newOptionWithArg(ARGUMENT.ARTIFACTORY_PARALLEL_ANALYSIS, "true/false",
456                         "Whether the Artifactory Analyzer should use parallel analysis."))
457                 .addOption(newOptionWithArg(ARGUMENT.ARTIFACTORY_USES_PROXY, "true/false",
458                         "Whether the Artifactory Analyzer should use the proxy."))
459                 .addOption(newOptionWithArg(ARGUMENT.ARTIFACTORY_USERNAME, "username",
460                         "The Artifactory username for authentication."))
461                 .addOption(newOptionWithArg(ARGUMENT.ARTIFACTORY_API_TOKEN, "token",
462                         "The Artifactory API token."))
463                 .addOption(newOptionWithArg(ARGUMENT.ARTIFACTORY_BEARER_TOKEN, "token",
464                         "The Artifactory bearer token."))
465                 .addOption(newOptionWithArg(ARGUMENT.ARTIFACTORY_URL, "url",
466                         "The Artifactory URL."))
467                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_GO, "path",
468                         "The path to the `go` executable."))
469                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_YARN, "path",
470                         "The path to the `yarn` executable."))
471                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_PNPM, "path",
472                         "The path to the `pnpm` executable."))
473                 .addOption(newOptionWithArg(ARGUMENT.RETIREJS_FILTERS, "pattern",
474                         "Specify Retire JS content filter used to exclude files from analysis based on their content; "
475                         + "most commonly used to exclude based on your applications own copyright line. This "
476                         + "option can be specified multiple times."))
477                 .addOption(newOptionWithArg(ARGUMENT.NEXUS_URL, "url",
478                         "The url to the Nexus Server's REST API Endpoint (http://domain/nexus/service/local). If not "
479                         + "set the Nexus Analyzer will be disabled."))
480                 .addOption(newOptionWithArg(ARGUMENT.NEXUS_USERNAME, "username",
481                         "The username to authenticate to the Nexus Server's REST API Endpoint. If not set the Nexus "
482                         + "Analyzer will use an unauthenticated connection."))
483                 .addOption(newOptionWithArg(ARGUMENT.NEXUS_PASSWORD, "password",
484                         "The password to authenticate to the Nexus Server's REST API Endpoint. If not set the Nexus "
485                         + "Analyzer will use an unauthenticated connection."))
486                 //TODO remove as this should be covered by non-proxy hosts
487                 .addOption(newOptionWithArg(ARGUMENT.NEXUS_USES_PROXY, "true/false",
488                         "Whether or not the configured proxy should be used when connecting to Nexus."))
489                 .addOption(newOptionWithArg(ARGUMENT.ADDITIONAL_ZIP_EXTENSIONS, "extensions",
490                         "A comma separated list of additional extensions to be scanned as ZIP files (ZIP, EAR, WAR "
491                         + "are already treated as zip files)"))
492                 .addOption(newOptionWithArg(ARGUMENT.PROP_SHORT, ARGUMENT.PROP, "file", "A property file to load."))
493                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_CORE, "path", "The path to dotnet core."))
494                 .addOption(newOptionWithArg(ARGUMENT.HINTS_FILE, "file", "The file path to the hints XML file."))
495                 .addOption(newOption(ARGUMENT.RETIRED, "Enables the retired analyzers."))
496                 .addOption(newOption(ARGUMENT.DISABLE_MSBUILD, "Disable the MS Build Analyzer."))
497                 .addOption(newOption(ARGUMENT.DISABLE_JAR, "Disable the Jar Analyzer."))
498                 .addOption(newOption(ARGUMENT.DISABLE_ARCHIVE, "Disable the Archive Analyzer."))
499                 .addOption(newOption(ARGUMENT.DISABLE_KEV, "Disable the Known Exploited Vulnerability Analyzer."))
500                 .addOption(newOptionWithArg(ARGUMENT.KEV_URL, "url", "The url to the CISA Known Exploited Vulnerabilities JSON data feed"))
501                 .addOption(newOptionWithArg(ARGUMENT.KEV_USER, "user", "The user for basic authentication towards the CISA Known Exploited Vulnerabilities JSON data feed"))
502                 .addOption(newOptionWithArg(ARGUMENT.KEV_PASSWORD, "password", "The password for basic authentication towards the CISA Known Exploited Vulnerabilities JSON data feed"))
503                 .addOption(newOptionWithArg(ARGUMENT.KEV_BEARER_TOKEN, "token", "The token for bearer authentication towards the CISA Known Exploited Vulnerabilities JSON data feed"))
504                 .addOption(newOption(ARGUMENT.DISABLE_ASSEMBLY, "Disable the .NET Assembly Analyzer."))
505                 .addOption(newOption(ARGUMENT.DISABLE_PY_DIST, "Disable the Python Distribution Analyzer."))
506                 .addOption(newOption(ARGUMENT.DISABLE_CMAKE, "Disable the Cmake Analyzer."))
507                 .addOption(newOption(ARGUMENT.DISABLE_PY_PKG, "Disable the Python Package Analyzer."))
508                 .addOption(newOption(ARGUMENT.DISABLE_MIX_AUDIT, "Disable the Elixir mix_audit Analyzer."))
509                 .addOption(newOption(ARGUMENT.DISABLE_RUBYGEMS, "Disable the Ruby Gemspec Analyzer."))
510                 .addOption(newOption(ARGUMENT.DISABLE_BUNDLE_AUDIT, "Disable the Ruby Bundler-Audit Analyzer."))
511                 .addOption(newOption(ARGUMENT.DISABLE_FILENAME, "Disable the File Name Analyzer."))
512                 .addOption(newOption(ARGUMENT.DISABLE_AUTOCONF, "Disable the Autoconf Analyzer."))
513                 .addOption(newOption(ARGUMENT.DISABLE_MAVEN_INSTALL, "Disable the Maven install Analyzer."))
514                 .addOption(newOption(ARGUMENT.DISABLE_PIP, "Disable the pip Analyzer."))
515                 .addOption(newOption(ARGUMENT.DISABLE_PIPFILE, "Disable the Pipfile Analyzer."))
516                 .addOption(newOption(ARGUMENT.DISABLE_COMPOSER, "Disable the PHP Composer Analyzer."))
517                 .addOption(newOption(ARGUMENT.COMPOSER_LOCK_SKIP_DEV, "Configures the PHP Composer Analyzer to skip packages-dev"))
518                 .addOption(newOption(ARGUMENT.DISABLE_CPAN, "Disable the Perl CPAN file Analyzer."))
519                 .addOption(newOption(ARGUMENT.DISABLE_POETRY, "Disable the Poetry Analyzer."))
520                 .addOption(newOption(ARGUMENT.DISABLE_GOLANG_MOD, "Disable the Golang Mod Analyzer."))
521                 .addOption(newOption(ARGUMENT.DISABLE_DART, "Disable the Dart Analyzer."))
522                 .addOption(newOption(ARGUMENT.DISABLE_OPENSSL, "Disable the OpenSSL Analyzer."))
523                 .addOption(newOption(ARGUMENT.DISABLE_NUSPEC, "Disable the Nuspec Analyzer."))
524                 .addOption(newOption(ARGUMENT.DISABLE_NUGETCONF, "Disable the Nuget packages.config Analyzer."))
525                 .addOption(newOption(ARGUMENT.DISABLE_CENTRAL, "Disable the Central Analyzer. If this analyzer "
526                         + "is disabled it is likely you also want to disable the Nexus Analyzer."))
527                 .addOption(newOption(ARGUMENT.DISABLE_CENTRAL_CACHE, "Disallow the Central Analyzer from caching results"))
528                 .addOption(newOption(ARGUMENT.DISABLE_OSSINDEX, "Disable the Sonatype OSS Index Analyzer."))
529                 .addOption(newOption(ARGUMENT.DISABLE_OSSINDEX_CACHE, "Disallow the OSS Index Analyzer from caching results"))
530                 .addOption(newOption(ARGUMENT.DISABLE_COCOAPODS, "Disable the CocoaPods Analyzer."))
531                 .addOption(newOption(ARGUMENT.DISABLE_CARTHAGE, "Disable the Carthage Analyzer."))
532                 .addOption(newOption(ARGUMENT.DISABLE_SWIFT, "Disable the swift package Analyzer."))
533                 .addOption(newOption(ARGUMENT.DISABLE_SWIFT_RESOLVED, "Disable the swift package resolved Analyzer."))
534                 .addOption(newOption(ARGUMENT.DISABLE_GO_DEP, "Disable the Golang Package Analyzer."))
535                 .addOption(newOption(ARGUMENT.DISABLE_NODE_JS, "Disable the Node.js Package Analyzer."))
536                 .addOption(newOption(ARGUMENT.NODE_PACKAGE_SKIP_DEV_DEPENDENCIES, "Configures the Node Package Analyzer to skip devDependencies"))
537                 .addOption(newOption(ARGUMENT.DISABLE_NODE_AUDIT, "Disable the Node Audit Analyzer."))
538                 .addOption(newOption(ARGUMENT.DISABLE_PNPM_AUDIT, "Disable the Pnpm Audit Analyzer."))
539                 .addOption(newOption(ARGUMENT.DISABLE_YARN_AUDIT, "Disable the Yarn Audit Analyzer."))
540                 .addOption(newOption(ARGUMENT.DISABLE_NODE_AUDIT_CACHE, "Disallow the Node Audit Analyzer from caching results"))
541                 .addOption(newOption(ARGUMENT.DISABLE_NODE_AUDIT_SKIPDEV, "Configures the Node Audit Analyzer to skip devDependencies"))
542                 .addOption(newOption(ARGUMENT.DISABLE_RETIRE_JS, "Disable the RetireJS Analyzer."))
543                 .addOption(newOption(ARGUMENT.ENABLE_NEXUS, "Enable the Nexus Analyzer."))
544                 .addOption(newOption(ARGUMENT.ARTIFACTORY_ENABLED, "Whether the Artifactory Analyzer should be enabled."))
545                 .addOption(newOption(ARGUMENT.PURGE_NVD, "Purges the local NVD data cache"))
546                 .addOption(newOption(ARGUMENT.DISABLE_HOSTED_SUPPRESSIONS, "Disable the usage of the hosted suppressions file"))
547                 .addOption(newOption(ARGUMENT.HOSTED_SUPPRESSIONS_FORCEUPDATE, "Force the hosted suppressions file to update even"
548                         + " if autoupdate is disabled"))
549                 .addOption(newOptionWithArg(ARGUMENT.HOSTED_SUPPRESSIONS_VALID_FOR_HOURS, "hours",
550                         "The number of hours to wait before checking for new updates of the the hosted suppressions file."))
551                 .addOption(newOptionWithArg(ARGUMENT.HOSTED_SUPPRESSIONS_URL, "url",
552                         "The URL for a mirrored hosted suppressions file"))
553                 .addOption(newOptionWithArg(ARGUMENT.HOSTED_SUPPRESSIONS_USER, "user",
554                         "The user for basic auth to a mirrored hosted suppressions file"))
555                 .addOption(newOptionWithArg(ARGUMENT.HOSTED_SUPPRESSIONS_PASSWORD, "password",
556                         "The password for basic auth to a mirrored hosted suppressions file"))
557                 .addOption(newOptionWithArg(ARGUMENT.HOSTED_SUPPRESSIONS_BEARER_TOKEN, "token",
558                         "The token for bearer auth to  a mirrored hosted suppressions file"));
559 
560     }
561 
562     /**
563      * Adds the deprecated command line options to the given options collection.
564      * These are split out for purposes of not including them in the help
565      * message. We need to add the deprecated options so as not to break
566      * existing scripts.
567      *
568      * @param options a collection of command line arguments
569      */
570     @SuppressWarnings({"static-access", "deprecation"})
571     private void addDeprecatedOptions(final Options options) {
572         //not a real option - but enables java debugging via the shell script
573         options.addOption(newOption("debug",
574                 "Used to enable java debugging of the cli via dependency-check.sh."));
575     }
576 
577     /**
578      * Determines if the 'version' command line argument was passed in.
579      *
580      * @return whether or not the 'version' command line argument was passed in
581      */
582     public boolean isGetVersion() {
583         return (line != null) && line.hasOption(ARGUMENT.VERSION);
584     }
585 
586     /**
587      * Determines if the 'help' command line argument was passed in.
588      *
589      * @return whether or not the 'help' command line argument was passed in
590      */
591     public boolean isGetHelp() {
592         return (line != null) && line.hasOption(ARGUMENT.HELP);
593     }
594 
595     /**
596      * Determines if the 'scan' command line argument was passed in.
597      *
598      * @return whether or not the 'scan' command line argument was passed in
599      */
600     public boolean isRunScan() {
601         return (line != null) && isValid && line.hasOption(ARGUMENT.SCAN);
602     }
603 
604     /**
605      * Returns the symbolic link depth (how deeply symbolic links will be
606      * followed).
607      *
608      * @return the symbolic link depth
609      */
610     public int getSymLinkDepth() {
611         int value = 0;
612         try {
613             value = Integer.parseInt(line.getOptionValue(ARGUMENT.SYM_LINK_DEPTH, "0"));
614             if (value < 0) {
615                 value = 0;
616             }
617         } catch (NumberFormatException ex) {
618             LOGGER.debug("Symbolic link was not a number");
619         }
620         return value;
621     }
622 
623     /**
624      * Utility method to determine if one of the disable options has been set.
625      * If not set, this method will check the currently configured settings for
626      * the current value to return.
627      * <p>
628      * Example given `--disableArchive` on the command line would cause this
629      * method to return true for the disable archive setting.
630      *
631      * @param disableFlag the command line disable option
632      * @param setting the corresponding settings key
633      * @return true if the disable option was set, if not set the currently
634      * configured value will be returned
635      */
636     public boolean isDisabled(String disableFlag, String setting) {
637         if (line == null || !line.hasOption(disableFlag)) {
638             try {
639                 return !settings.getBoolean(setting);
640             } catch (InvalidSettingException ise) {
641                 LOGGER.warn("Invalid property setting '{}' defaulting to false", setting);
642                 return false;
643             }
644         } else {
645             return true;
646         }
647     }
648 
649     /**
650      * Returns true if the disableNodeAudit command line argument was specified.
651      *
652      * @return true if the disableNodeAudit command line argument was specified;
653      * otherwise false
654      */
655     public boolean isNodeAuditDisabled() {
656         return isDisabled(ARGUMENT.DISABLE_NODE_AUDIT, Settings.KEYS.ANALYZER_NODE_AUDIT_ENABLED);
657     }
658 
659     /**
660      * Returns true if the disableYarnAudit command line argument was specified.
661      *
662      * @return true if the disableYarnAudit command line argument was specified;
663      * otherwise false
664      */
665     public boolean isYarnAuditDisabled() {
666         return isDisabled(ARGUMENT.DISABLE_YARN_AUDIT, Settings.KEYS.ANALYZER_YARN_AUDIT_ENABLED);
667     }
668 
669     /**
670      * Returns true if the disablePnpmAudit command line argument was specified.
671      *
672      * @return true if the disablePnpmAudit command line argument was specified;
673      * otherwise false
674      */
675     public boolean isPnpmAuditDisabled() {
676         return isDisabled(ARGUMENT.DISABLE_PNPM_AUDIT, Settings.KEYS.ANALYZER_PNPM_AUDIT_ENABLED);
677     }
678 
679     /**
680      * Returns true if the Nexus Analyzer should use the configured proxy to
681      * connect to Nexus; otherwise false is returned.
682      *
683      * @return true if the Nexus Analyzer should use the configured proxy to
684      * connect to Nexus; otherwise false
685      */
686     public boolean isNexusUsesProxy() {
687         // If they didn't specify whether Nexus needs to use the proxy, we should
688         // still honor the property if it's set.
689         if (line == null || !line.hasOption(ARGUMENT.NEXUS_USES_PROXY)) {
690             try {
691                 return settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_USES_PROXY);
692             } catch (InvalidSettingException ise) {
693                 return true;
694             }
695         } else {
696             return Boolean.parseBoolean(line.getOptionValue(ARGUMENT.NEXUS_USES_PROXY));
697         }
698     }
699 
700     /**
701      * Returns the argument boolean value.
702      *
703      * @param argument the argument
704      * @return the argument boolean value
705      */
706     @SuppressFBWarnings(justification = "Accepting that this is a bad practice - used a Boolean as we needed three states",
707             value = {"NP_BOOLEAN_RETURN_NULL"})
708     public Boolean getBooleanArgument(String argument) {
709         if (line != null && line.hasOption(argument)) {
710             final String value = line.getOptionValue(argument);
711             if (value != null) {
712                 return Boolean.parseBoolean(value);
713             }
714         }
715         return null;
716     }
717 
718     /**
719      * Returns the argument value for the given option.
720      *
721      * @param option the option
722      * @return the value of the argument
723      */
724     public String getStringArgument(String option) {
725         return getStringArgument(option, null);
726     }
727 
728     /**
729      * Returns the argument value for the given option.
730      *
731      * @param option the option
732      * @param key the dependency-check settings key for the option.
733      * @return the value of the argument
734      */
735     public String getStringArgument(String option, String key) {
736         if (line != null && line.hasOption(option)) {
737             if (key != null && (option.toLowerCase().endsWith("password")
738                     || option.toLowerCase().endsWith("pass"))) {
739                 LOGGER.warn("{} used on the command line, consider moving the password "
740                         + "to a properties file using the key `{}` and using the "
741                         + "--propertyfile argument instead", option, key);
742             }
743             return line.getOptionValue(option);
744         }
745         return null;
746     }
747 
748     /**
749      * Returns the argument value for the given option.
750      *
751      * @param option the option
752      * @return the value of the argument
753      */
754     public String[] getStringArguments(String option) {
755         if (line != null && line.hasOption(option)) {
756             return line.getOptionValues(option);
757         }
758         return null;
759     }
760 
761     /**
762      * Returns the argument value for the given option.
763      *
764      * @param option the option
765      * @return the value of the argument
766      */
767     public File getFileArgument(String option) {
768         final String path = line.getOptionValue(option);
769         if (path != null) {
770             return new File(path);
771         }
772         return null;
773     }
774 
775     /**
776      * Displays the command line help message to the standard output.
777      */
778     public void printHelp() {
779         final HelpFormatter formatter = new HelpFormatter();
780         final Options options = new Options();
781         addStandardOptions(options);
782         if (line != null && line.hasOption(ARGUMENT.ADVANCED_HELP)) {
783             addAdvancedOptions(options);
784         }
785         final String helpMsg = String.format("%n%s"
786                 + " can be used to identify if there are any known CVE vulnerabilities in libraries utilized by an application. "
787                 + "%s will automatically update required data from the Internet, such as the CVE and CPE data files from nvd.nist.gov.%n%n",
788                 settings.getString(Settings.KEYS.APPLICATION_NAME, "DependencyCheck"),
789                 settings.getString(Settings.KEYS.APPLICATION_NAME, "DependencyCheck"));
790 
791         formatter.printHelp(settings.getString(Settings.KEYS.APPLICATION_NAME, "DependencyCheck"),
792                 helpMsg,
793                 options,
794                 "",
795                 true);
796     }
797 
798     /**
799      * Retrieves the file command line parameter(s) specified for the 'scan'
800      * argument.
801      *
802      * @return the file paths specified on the command line for scan
803      */
804     public String[] getScanFiles() {
805         return line.getOptionValues(ARGUMENT.SCAN);
806     }
807 
808     /**
809      * Retrieves the list of excluded file patterns specified by the 'exclude'
810      * argument.
811      *
812      * @return the excluded file patterns
813      */
814     public String[] getExcludeList() {
815         return line.getOptionValues(ARGUMENT.EXCLUDE);
816     }
817 
818     /**
819      * Retrieves the list of retire JS content filters used to exclude JS files
820      * by content.
821      *
822      * @return the retireJS filters
823      */
824     public String[] getRetireJsFilters() {
825         return line.getOptionValues(ARGUMENT.RETIREJS_FILTERS);
826     }
827 
828     /**
829      * Returns whether or not the retireJS analyzer should exclude
830      * non-vulnerable JS from the report.
831      *
832      * @return <code>true</code> if non-vulnerable JS should be filtered in the
833      * RetireJS Analyzer; otherwise <code>null</code>
834      */
835     @SuppressFBWarnings(justification = "Accepting that this is a bad practice - but made more sense in this use case",
836             value = {"NP_BOOLEAN_RETURN_NULL"})
837     public Boolean isRetireJsFilterNonVulnerable() {
838         return (line != null && line.hasOption(ARGUMENT.RETIREJS_FILTER_NON_VULNERABLE)) ? true : null;
839     }
840 
841     /**
842      * Returns the directory to write the reports to specified on the command
843      * line.
844      *
845      * @return the path to the reports directory.
846      */
847     public String getReportDirectory() {
848         return line.getOptionValue(ARGUMENT.OUT, ".");
849     }
850 
851     /**
852      * Returns the output format specified on the command line. Defaults to HTML
853      * if no format was specified.
854      *
855      * @return the output format name.
856      */
857     public String[] getReportFormat() {
858         if (line.hasOption(ARGUMENT.OUTPUT_FORMAT)) {
859             return line.getOptionValues(ARGUMENT.OUTPUT_FORMAT);
860         }
861         return new String[]{"HTML"};
862     }
863 
864     /**
865      * Returns the application name specified on the command line.
866      *
867      * @return the application name.
868      */
869     public String getProjectName() {
870         String name = line.getOptionValue(ARGUMENT.PROJECT);
871         if (name == null) {
872             name = "";
873         }
874         return name;
875     }
876 
877     /**
878      * <p>
879      * Prints the manifest information to standard output.</p>
880      * <ul><li>Implementation-Title: ${pom.name}</li>
881      * <li>Implementation-Version: ${pom.version}</li></ul>
882      */
883     public void printVersionInfo() {
884         final String version = String.format("%s version %s",
885                 settings.getString(Settings.KEYS.APPLICATION_NAME, "dependency-check"),
886                 settings.getString(Settings.KEYS.APPLICATION_VERSION, "Unknown"));
887         System.out.println(version);
888     }
889 
890     /**
891      * Checks if the update only flag has been set.
892      *
893      * @return <code>true</code> if the update only flag has been set; otherwise
894      * <code>false</code>.
895      */
896     public boolean isUpdateOnly() {
897         return line != null && line.hasOption(ARGUMENT.UPDATE_ONLY);
898     }
899 
900     /**
901      * Checks if the purge NVD flag has been set.
902      *
903      * @return <code>true</code> if the purge nvd flag has been set; otherwise
904      * <code>false</code>.
905      */
906     public boolean isPurge() {
907         return line != null && line.hasOption(ARGUMENT.PURGE_NVD);
908     }
909 
910     /**
911      * Returns the database driver name if specified; otherwise null is
912      * returned.
913      *
914      * @return the database driver name if specified; otherwise null is returned
915      */
916     public String getDatabaseDriverName() {
917         return line.getOptionValue(ARGUMENT.DB_DRIVER);
918     }
919 
920     /**
921      * Returns the argument value.
922      *
923      * @param argument the argument
924      * @return the value of the argument
925      */
926     public Integer getIntegerValue(String argument) {
927         final String v = line.getOptionValue(argument);
928         if (v != null) {
929             return Integer.parseInt(v);
930         }
931         return null;
932     }
933 
934     /**
935      * Checks if the option is present. If present it will return
936      * <code>true</code>; otherwise <code>false</code>.
937      *
938      * @param option the option to check
939      * @return <code>true</code> if auto-update is allowed; otherwise
940      * <code>null</code>
941      */
942     @SuppressFBWarnings(justification = "Accepting that this is a bad practice - but made more sense in this use case",
943             value = {"NP_BOOLEAN_RETURN_NULL"})
944     public Boolean hasOption(String option) {
945         return (line != null && line.hasOption(option)) ? true : null;
946     }
947 
948     /**
949      * Returns the CVSS value to fail on.
950      *
951      * @return 11 if nothing is set. Otherwise it returns the int passed from
952      * the command line arg
953      */
954     public float getFailOnCVSS() {
955         if (line.hasOption(ARGUMENT.FAIL_ON_CVSS)) {
956             final String value = line.getOptionValue(ARGUMENT.FAIL_ON_CVSS);
957             try {
958                 return Float.parseFloat(value);
959             } catch (NumberFormatException nfe) {
960                 return 11;
961             }
962         } else {
963             return 11;
964         }
965     }
966 
967     /**
968      * Returns the float argument for the given option.
969      *
970      * @param option the option
971      * @param defaultValue the value if the option is not present
972      * @return the value of the argument if present; otherwise the defaultValue
973      */
974     public float getFloatArgument(String option, float defaultValue) {
975         if (line.hasOption(option)) {
976             final String value = line.getOptionValue(option);
977             try {
978                 return Integer.parseInt(value);
979             } catch (NumberFormatException nfe) {
980                 return defaultValue;
981             }
982         } else {
983             return defaultValue;
984         }
985     }
986 
987     /**
988      * Builds a new option.
989      *
990      * @param name the long name
991      * @param description the description
992      * @return a new option
993      */
994     private Option newOption(String name, String description) {
995         return Option.builder().longOpt(name).desc(description).build();
996     }
997 
998     /**
999      * Builds a new option.
1000      *
1001      * @param shortName the short name
1002      * @param name the long name
1003      * @param description the description
1004      * @return a new option
1005      */
1006     private Option newOption(String shortName, String name, String description) {
1007         return Option.builder(shortName).longOpt(name).desc(description).build();
1008     }
1009 
1010     /**
1011      * Builds a new option.
1012      *
1013      * @param name the long name
1014      * @param arg the argument name
1015      * @param description the description
1016      * @return a new option
1017      */
1018     private Option newOptionWithArg(String name, String arg, String description) {
1019         return Option.builder().longOpt(name).argName(arg).hasArg().desc(description).build();
1020     }
1021 
1022     /**
1023      * Builds a new option.
1024      *
1025      * @param shortName the short name
1026      * @param name the long name
1027      * @param arg the argument name
1028      * @param description the description
1029      * @return a new option
1030      */
1031     private Option newOptionWithArg(String shortName, String name, String arg, String description) {
1032         return Option.builder(shortName).longOpt(name).argName(arg).hasArg().desc(description).build();
1033     }
1034 
1035     /**
1036      * Builds a new option group so that an option can be specified multiple
1037      * times on the command line.
1038      *
1039      * @param option the option to add to the group
1040      * @return a new option group
1041      */
1042     private OptionGroup newOptionGroup(Option option) {
1043         final OptionGroup group = new OptionGroup();
1044         group.addOption(option);
1045         return group;
1046     }
1047 
1048     /**
1049      * A collection of static final strings that represent the possible command
1050      * line arguments.
1051      */
1052     public static class ARGUMENT {
1053 
1054         /**
1055          * The long CLI argument name specifying the directory/file to scan.
1056          */
1057         public static final String SCAN = "scan";
1058         /**
1059          * The short CLI argument name specifying the directory/file to scan.
1060          */
1061         public static final String SCAN_SHORT = "s";
1062         /**
1063          * The long CLI argument name specifying that the CPE/CVE/etc. data
1064          * should not be automatically updated.
1065          */
1066         public static final String DISABLE_AUTO_UPDATE = "noupdate";
1067         /**
1068          * The long CLI argument name specifying that the version check should
1069          * not be performed.
1070          */
1071         public static final String DISABLE_VERSION_CHECK = "disableVersionCheck";
1072         /**
1073          * The short CLI argument name specifying that the CPE/CVE/etc. data
1074          * should not be automatically updated.
1075          */
1076         public static final String DISABLE_AUTO_UPDATE_SHORT = "n";
1077         /**
1078          * The long CLI argument name specifying that only the update phase
1079          * should be executed; no scan should be run.
1080          */
1081         public static final String UPDATE_ONLY = "updateonly";
1082         /**
1083          * The long CLI argument name specifying that only the update phase
1084          * should be executed; no scan should be run.
1085          */
1086         public static final String PURGE_NVD = "purge";
1087         /**
1088          * The long CLI argument name specifying the directory to write the
1089          * reports to.
1090          */
1091         public static final String OUT = "out";
1092         /**
1093          * The short CLI argument name specifying the directory to write the
1094          * reports to.
1095          */
1096         public static final String OUT_SHORT = "o";
1097         /**
1098          * The long CLI argument name specifying the output format to write the
1099          * reports to.
1100          */
1101         public static final String OUTPUT_FORMAT = "format";
1102         /**
1103          * The short CLI argument name specifying the output format to write the
1104          * reports to.
1105          */
1106         public static final String OUTPUT_FORMAT_SHORT = "f";
1107         /**
1108          * The long CLI argument name specifying the name of the project to be
1109          * scanned.
1110          */
1111         public static final String PROJECT = "project";
1112         /**
1113          * The long CLI argument name asking for help.
1114          */
1115         public static final String HELP = "help";
1116         /**
1117          * The long CLI argument name asking for advanced help.
1118          */
1119         public static final String ADVANCED_HELP = "advancedHelp";
1120         /**
1121          * The short CLI argument name asking for help.
1122          */
1123         public static final String HELP_SHORT = "h";
1124         /**
1125          * The long CLI argument name asking for the version.
1126          */
1127         public static final String VERSION_SHORT = "v";
1128         /**
1129          * The short CLI argument name asking for the version.
1130          */
1131         public static final String VERSION = "version";
1132         /**
1133          * The CLI argument name indicating the proxy port.
1134          */
1135         public static final String PROXY_PORT = "proxyport";
1136         /**
1137          * The CLI argument name indicating the proxy server.
1138          */
1139         public static final String PROXY_SERVER = "proxyserver";
1140         /**
1141          * The CLI argument name indicating the proxy username.
1142          */
1143         public static final String PROXY_USERNAME = "proxyuser";
1144         /**
1145          * The CLI argument name indicating the proxy password.
1146          */
1147         public static final String PROXY_PASSWORD = "proxypass";
1148         /**
1149          * The CLI argument name indicating the proxy proxy exclusion list.
1150          */
1151         public static final String NON_PROXY_HOSTS = "nonProxyHosts";
1152         /**
1153          * The short CLI argument name indicating the connection timeout.
1154          */
1155         public static final String CONNECTION_TIMEOUT_SHORT = "c";
1156         /**
1157          * The CLI argument name indicating the connection timeout.
1158          */
1159         public static final String CONNECTION_TIMEOUT = "connectiontimeout";
1160         /**
1161          * The CLI argument name indicating the connection read timeout.
1162          */
1163         public static final String CONNECTION_READ_TIMEOUT = "readtimeout";
1164         /**
1165          * The short CLI argument name for setting the location of an additional
1166          * properties file.
1167          */
1168         public static final String PROP_SHORT = "P";
1169         /**
1170          * The CLI argument name for setting the location of an additional
1171          * properties file.
1172          */
1173         public static final String PROP = "propertyfile";
1174         /**
1175          * The CLI argument name for setting the location of the data directory.
1176          */
1177         public static final String DATA_DIRECTORY = "data";
1178         /**
1179          * The CLI argument name for setting the URL for the NVD API Endpoint.
1180          */
1181         public static final String NVD_API_ENDPOINT = "nvdApiEndpoint";
1182         /**
1183          * The CLI argument name for setting the URL for the NVD API Key.
1184          */
1185         public static final String NVD_API_KEY = "nvdApiKey";
1186         /**
1187          * The CLI argument name for setting the maximum number of retry
1188          * requests for a single call to the NVD API.
1189          */
1190         public static final String NVD_API_MAX_RETRY_COUNT = "nvdMaxRetryCount";
1191         /**
1192          * The CLI argument name for setting the number of hours to wait before
1193          * checking for new updates from the NVD.
1194          */
1195         public static final String NVD_API_VALID_FOR_HOURS = "nvdValidForHours";
1196         /**
1197          * The CLI argument name for the NVD API Data Feed URL.
1198          */
1199         public static final String NVD_API_DATAFEED_URL = "nvdDatafeed";
1200         /**
1201          * The username for basic auth to the CVE data.
1202          */
1203         public static final String NVD_API_DATAFEED_USER = "nvdUser";
1204         /**
1205          * The password for basic auth to the CVE data.
1206          */
1207         public static final String NVD_API_DATAFEED_PASSWORD = "nvdPassword";
1208         /**
1209          * The token for bearer auth to the CVE data.
1210          */
1211         public static final String NVD_API_DATAFEED_BEARER_TOKEN = "nvdBearerToken";
1212         /**
1213          * The username for basic auth to web-hosted suppression files.
1214          */
1215         public static final String SUPPRESSION_FILE_USER = "suppressionUser";
1216         /**
1217          * The passwored for basic auth to web-hosted suppression files.
1218          */
1219         public static final String SUPPRESSION_FILE_PASSWORD = "suppressionPassword";
1220         /**
1221          * The toke for bearer auth to web-hosted suppression files.
1222          */
1223         public static final String SUPPRESSION_FILE_BEARER_TOKEN = "suppressionBearerToken";
1224         /**
1225          * The time in milliseconds to wait between downloading NVD API data.
1226          */
1227         public static final String NVD_API_DELAY = "nvdApiDelay";
1228         /**
1229          * The number records for a single page from NVD API.
1230          */
1231         public static final String NVD_API_RESULTS_PER_PAGE = "nvdApiResultsPerPage";
1232         /**
1233          * The short CLI argument name for setting the location of the data
1234          * directory.
1235          */
1236         public static final String DATA_DIRECTORY_SHORT = "d";
1237         /**
1238          * The CLI argument name for setting the location of the data directory.
1239          */
1240         public static final String VERBOSE_LOG = "log";
1241         /**
1242          * The short CLI argument name for setting the location of the data
1243          * directory.
1244          */
1245         public static final String VERBOSE_LOG_SHORT = "l";
1246         /**
1247          * The CLI argument name for setting the depth of symbolic links that
1248          * will be followed.
1249          */
1250         public static final String SYM_LINK_DEPTH = "symLink";
1251         /**
1252          * The CLI argument name for setting the location of the suppression
1253          * file(s).
1254          */
1255         public static final String SUPPRESSION_FILES = "suppression";
1256         /**
1257          * The CLI argument name for setting the location of the hint file.
1258          */
1259         public static final String HINTS_FILE = "hints";
1260         /**
1261          * Disables the Jar Analyzer.
1262          */
1263         public static final String DISABLE_JAR = "disableJar";
1264         /**
1265          * Disable the MS Build Analyzer.
1266          */
1267         public static final String DISABLE_MSBUILD = "disableMSBuild";
1268         /**
1269          * Disables the Archive Analyzer.
1270          */
1271         public static final String DISABLE_ARCHIVE = "disableArchive";
1272         /**
1273          * Disables the Known Exploited Analyzer.
1274          */
1275         public static final String DISABLE_KEV = "disableKnownExploited";
1276         /**
1277          * The URL to the CISA Known Exploited Vulnerability JSON datafeed.
1278          */
1279         public static final String KEV_URL = "kevURL";
1280         /**
1281          * The user for basic auth towards a CISA Known Exploited Vulnerability JSON datafeed mirror.
1282          */
1283         public static final String KEV_USER = "kevUser";
1284         /**
1285          * The password for basic auth towards a CISA Known Exploited Vulnerability JSON datafeed mirror.
1286          */
1287         public static final String KEV_PASSWORD = "kevPassword";
1288         /**
1289          * The token for bearer auth towards a CISA Known Exploited Vulnerability JSON datafeed mirror.
1290          */
1291         public static final String KEV_BEARER_TOKEN = "kevBearerToken";
1292         /**
1293          * Disables the Python Distribution Analyzer.
1294          */
1295         public static final String DISABLE_PY_DIST = "disablePyDist";
1296         /**
1297          * Disables the Python Package Analyzer.
1298          */
1299         public static final String DISABLE_PY_PKG = "disablePyPkg";
1300         /**
1301          * Disables the Elixir mix audit Analyzer.
1302          */
1303         public static final String DISABLE_MIX_AUDIT = "disableMixAudit";
1304         /**
1305          * Disables the Golang Dependency Analyzer.
1306          */
1307         public static final String DISABLE_GO_DEP = "disableGolangDep";
1308         /**
1309          * Disables the PHP Composer Analyzer.
1310          */
1311         public static final String DISABLE_COMPOSER = "disableComposer";
1312         /**
1313          * Whether the PHP Composer Analyzer skips dev packages.
1314          */
1315         public static final String COMPOSER_LOCK_SKIP_DEV = "composerSkipDev";
1316         /**
1317          * Disables the Perl CPAN File Analyzer.
1318          */
1319         public static final String DISABLE_CPAN = "disableCpan";
1320         /**
1321          * Disables the Golang Mod Analyzer.
1322          */
1323         public static final String DISABLE_GOLANG_MOD = "disableGolangMod";
1324         /**
1325          * Disables the Dart Analyzer.
1326          */
1327         public static final String DISABLE_DART = "disableDart";
1328         /**
1329          * The CLI argument name for setting the path to `go`.
1330          */
1331         public static final String PATH_TO_GO = "go";
1332         /**
1333          * The CLI argument name for setting the path to `yarn`.
1334          */
1335         public static final String PATH_TO_YARN = "yarn";
1336         /**
1337          * The CLI argument name for setting the path to `pnpm`.
1338          */
1339         public static final String PATH_TO_PNPM = "pnpm";
1340         /**
1341          * Disables the Ruby Gemspec Analyzer.
1342          */
1343         public static final String DISABLE_RUBYGEMS = "disableRubygems";
1344         /**
1345          * Disables the Autoconf Analyzer.
1346          */
1347         public static final String DISABLE_AUTOCONF = "disableAutoconf";
1348         /**
1349          * Disables the Maven install Analyzer.
1350          */
1351         public static final String DISABLE_MAVEN_INSTALL = "disableMavenInstall";
1352         /**
1353          * Disables the pip Analyzer.
1354          */
1355         public static final String DISABLE_PIP = "disablePip";
1356         /**
1357          * Disables the Pipfile Analyzer.
1358          */
1359         public static final String DISABLE_PIPFILE = "disablePipfile";
1360         /**
1361          * Disables the Poetry Analyzer.
1362          */
1363         public static final String DISABLE_POETRY = "disablePoetry";
1364         /**
1365          * Disables the Cmake Analyzer.
1366          */
1367         public static final String DISABLE_CMAKE = "disableCmake";
1368         /**
1369          * Disables the cocoapods analyzer.
1370          */
1371         public static final String DISABLE_COCOAPODS = "disableCocoapodsAnalyzer";
1372         /**
1373          * Disables the Carthage analyzer.
1374          */
1375         public static final String DISABLE_CARTHAGE = "disableCarthageAnalyzer";
1376         /**
1377          * Disables the swift package manager analyzer.
1378          */
1379         public static final String DISABLE_SWIFT = "disableSwiftPackageManagerAnalyzer";
1380         /**
1381          * Disables the swift package resolved analyzer.
1382          */
1383         public static final String DISABLE_SWIFT_RESOLVED = "disableSwiftPackageResolvedAnalyzer";
1384         /**
1385          * Disables the Assembly Analyzer.
1386          */
1387         public static final String DISABLE_ASSEMBLY = "disableAssembly";
1388         /**
1389          * Disables the Ruby Bundler Audit Analyzer.
1390          */
1391         public static final String DISABLE_BUNDLE_AUDIT = "disableBundleAudit";
1392         /**
1393          * Disables the File Name Analyzer.
1394          */
1395         public static final String DISABLE_FILENAME = "disableFileName";
1396         /**
1397          * Disables the Nuspec Analyzer.
1398          */
1399         public static final String DISABLE_NUSPEC = "disableNuspec";
1400         /**
1401          * Disables the Nuget packages.config Analyzer.
1402          */
1403         public static final String DISABLE_NUGETCONF = "disableNugetconf";
1404         /**
1405          * Disables the Central Analyzer.
1406          */
1407         public static final String DISABLE_CENTRAL = "disableCentral";
1408         /**
1409          * Disables the Central Analyzer's ability to cache results locally.
1410          */
1411         public static final String DISABLE_CENTRAL_CACHE = "disableCentralCache";
1412         /**
1413          * The alternative URL for Maven Central Search.
1414          */
1415         public static final String CENTRAL_URL = "centralUrl";
1416         /**
1417          * The username for basic authentication to the alternative Maven Central Search.
1418          */
1419         public static final String CENTRAL_USERNAME = "centralUsername";
1420         /**
1421          * The password for basic authentication to the alternative Maven Central Search.
1422          */
1423         public static final String CENTRAL_PASSWORD = "centralPassword";
1424         /**
1425          * The token for bearer authentication to the alternative Maven Central Search.
1426          */
1427         public static final String CENTRAL_BEARER_TOKEN = "centralBearerToken";
1428         /**
1429          * Disables the Nexus Analyzer.
1430          */
1431         public static final String ENABLE_NEXUS = "enableNexus";
1432         /**
1433          * Disables the Sonatype OSS Index Analyzer.
1434          */
1435         public static final String DISABLE_OSSINDEX = "disableOssIndex";
1436         /**
1437          * Disables the Sonatype OSS Index Analyzer's ability to cache results
1438          * locally.
1439          */
1440         public static final String DISABLE_OSSINDEX_CACHE = "disableOssIndexCache";
1441         /**
1442          * The alternative URL for the Sonatype OSS Index.
1443          */
1444         public static final String OSSINDEX_URL = "ossIndexUrl";
1445         /**
1446          * The username for the Sonatype OSS Index.
1447          */
1448         public static final String OSSINDEX_USERNAME = "ossIndexUsername";
1449         /**
1450          * The password for the Sonatype OSS Index.
1451          */
1452         public static final String OSSINDEX_PASSWORD = "ossIndexPassword";
1453         /**
1454          * The password for the Sonatype OSS Index.
1455          */
1456         public static final String OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS = "ossIndexRemoteErrorWarnOnly";
1457         /**
1458          * Disables the OpenSSL Analyzer.
1459          */
1460         public static final String DISABLE_OPENSSL = "disableOpenSSL";
1461         /**
1462          * Disables the Node.js Package Analyzer.
1463          */
1464         public static final String DISABLE_NODE_JS = "disableNodeJS";
1465         /**
1466          * Skips dev dependencies in Node Package Analyzer.
1467          */
1468         public static final String NODE_PACKAGE_SKIP_DEV_DEPENDENCIES = "nodePackageSkipDevDependencies";
1469         /**
1470          * Disables the Node Audit Analyzer.
1471          */
1472         public static final String DISABLE_NODE_AUDIT = "disableNodeAudit";
1473         /**
1474          * Disables the Yarn Audit Analyzer.
1475          */
1476         public static final String DISABLE_YARN_AUDIT = "disableYarnAudit";
1477         /**
1478          * Disables the Pnpm Audit Analyzer.
1479          */
1480         public static final String DISABLE_PNPM_AUDIT = "disablePnpmAudit";
1481         /**
1482          * Disables the Node Audit Analyzer's ability to cache results locally.
1483          */
1484         public static final String DISABLE_NODE_AUDIT_CACHE = "disableNodeAuditCache";
1485         /**
1486          * Configures the Node Audit Analyzer to skip the dev dependencies.
1487          */
1488         public static final String DISABLE_NODE_AUDIT_SKIPDEV = "nodeAuditSkipDevDependencies";
1489         /**
1490          * Disables the RetireJS Analyzer.
1491          */
1492         public static final String DISABLE_RETIRE_JS = "disableRetireJS";
1493         /**
1494          * Whether the RetireJS Analyzer will update regardless of the
1495          * `autoupdate` setting.
1496          */
1497         public static final String RETIRE_JS_FORCEUPDATE = "retireJsForceUpdate";
1498         /**
1499          * The URL to the retire JS repository.
1500          */
1501         public static final String RETIREJS_URL = "retireJsUrl";
1502         /**
1503          * The username for basic auth to the retire JS repository.
1504          */
1505         public static final String RETIREJS_URL_USER = "retireJsUrlUser";
1506         /**
1507          * The password for basic auth to the retire JS repository.
1508          */
1509         public static final String RETIREJS_URL_PASSWORD = "retireJsUrlPass";
1510         /**
1511          * The token for bearer auth to the retire JS repository.
1512          */
1513         public static final String RETIREJS_URL_BEARER_TOKEN = "retireJsUrlBearerToken";
1514         /**
1515          * The URL of the nexus server.
1516          */
1517         public static final String NEXUS_URL = "nexus";
1518         /**
1519          * The username for the nexus server.
1520          */
1521         public static final String NEXUS_USERNAME = "nexusUser";
1522         /**
1523          * The password for the nexus server.
1524          */
1525         public static final String NEXUS_PASSWORD = "nexusPass";
1526         /**
1527          * Whether or not the defined proxy should be used when connecting to
1528          * Nexus.
1529          */
1530         public static final String NEXUS_USES_PROXY = "nexusUsesProxy";
1531         /**
1532          * The CLI argument name for setting the connection string.
1533          */
1534         public static final String CONNECTION_STRING = "connectionString";
1535         /**
1536          * The CLI argument name for setting the database user name.
1537          */
1538         public static final String DB_NAME = "dbUser";
1539         /**
1540          * The CLI argument name for setting the database password.
1541          */
1542         public static final String DB_PASSWORD = "dbPassword";
1543         /**
1544          * The CLI argument name for setting the database driver name.
1545          */
1546         public static final String DB_DRIVER = "dbDriverName";
1547         /**
1548          * The CLI argument name for setting the path to the database driver; in
1549          * case it is not on the class path.
1550          */
1551         public static final String DB_DRIVER_PATH = "dbDriverPath";
1552         /**
1553          * The CLI argument name for setting the path to dotnet core.
1554          */
1555         public static final String PATH_TO_CORE = "dotnet";
1556         /**
1557          * The CLI argument name for setting extra extensions.
1558          */
1559         public static final String ADDITIONAL_ZIP_EXTENSIONS = "zipExtensions";
1560         /**
1561          * Exclude path argument.
1562          */
1563         public static final String EXCLUDE = "exclude";
1564         /**
1565          * The CLI argument name for setting the path to bundle-audit for Ruby
1566          * bundle analysis.
1567          */
1568         public static final String PATH_TO_BUNDLE_AUDIT = "bundleAudit";
1569         /**
1570          * The CLI argument name for setting the path that should be used as the
1571          * working directory that the bundle-audit command used for Ruby bundle
1572          * analysis should be executed from. This will allow for the usage of
1573          * rbenv
1574          */
1575         public static final String PATH_TO_BUNDLE_AUDIT_WORKING_DIRECTORY = "bundleAuditWorkingDirectory";
1576         /**
1577          * The CLI argument name for setting the path to mix_audit for Elixir
1578          * analysis.
1579          */
1580         public static final String PATH_TO_MIX_AUDIT = "mixAudit";
1581         /**
1582          * The CLI argument to enable the experimental analyzers.
1583          */
1584         public static final String EXPERIMENTAL = "enableExperimental";
1585         /**
1586          * The CLI argument to enable the retired analyzers.
1587          */
1588         public static final String RETIRED = "enableRetired";
1589         /**
1590          * The CLI argument for the retire js content filters.
1591          */
1592         public static final String RETIREJS_FILTERS = "retirejsFilter";
1593         /**
1594          * The CLI argument for the retire js content filters.
1595          */
1596         public static final String RETIREJS_FILTER_NON_VULNERABLE = "retirejsFilterNonVulnerable";
1597         /**
1598          * The CLI argument for indicating if the Artifactory analyzer should be
1599          * enabled.
1600          */
1601         public static final String ARTIFACTORY_ENABLED = "enableArtifactory";
1602         /**
1603          * The CLI argument for indicating if the Artifactory analyzer should
1604          * use the proxy.
1605          */
1606         public static final String ARTIFACTORY_URL = "artifactoryUrl";
1607         /**
1608          * The CLI argument for indicating the Artifactory username.
1609          */
1610         public static final String ARTIFACTORY_USERNAME = "artifactoryUsername";
1611         /**
1612          * The CLI argument for indicating the Artifactory API token.
1613          */
1614         public static final String ARTIFACTORY_API_TOKEN = "artifactoryApiToken";
1615         /**
1616          * The CLI argument for indicating the Artifactory bearer token.
1617          */
1618         public static final String ARTIFACTORY_BEARER_TOKEN = "artifactoryBearerToken";
1619         /**
1620          * The CLI argument for indicating if the Artifactory analyzer should
1621          * use the proxy.
1622          */
1623         public static final String ARTIFACTORY_USES_PROXY = "artifactoryUseProxy";
1624         /**
1625          * The CLI argument for indicating if the Artifactory analyzer should
1626          * use the parallel analysis.
1627          */
1628         public static final String ARTIFACTORY_PARALLEL_ANALYSIS = "artifactoryParallelAnalysis";
1629         /**
1630          * The CLI argument to configure when the execution should be considered
1631          * a failure.
1632          */
1633         public static final String FAIL_ON_CVSS = "failOnCVSS";
1634         /**
1635          * The CLI argument to configure if the XML and JSON reports should be
1636          * pretty printed.
1637          */
1638         public static final String PRETTY_PRINT = "prettyPrint";
1639         /**
1640          * The CLI argument to set the threshold that is considered a failure
1641          * when generating the JUNIT report format.
1642          */
1643         public static final String FAIL_JUNIT_ON_CVSS = "junitFailOnCVSS";
1644         /**
1645          * The CLI argument to set the number of hours to wait before
1646          * re-checking hosted suppressions file for updates.
1647          */
1648         public static final String DISABLE_HOSTED_SUPPRESSIONS = "disableHostedSuppressions";
1649         /**
1650          * The CLI argument to set the number of hours to wait before
1651          * re-checking hosted suppressions file for updates.
1652          */
1653         public static final String HOSTED_SUPPRESSIONS_VALID_FOR_HOURS = "hostedSuppressionsValidForHours";
1654         /**
1655          * The CLI argument to set Whether the hosted suppressions file will
1656          * update regardless of the `noupdate` argument.
1657          */
1658         public static final String HOSTED_SUPPRESSIONS_FORCEUPDATE = "hostedSuppressionsForceUpdate";
1659         /**
1660          * The CLI argument to set the location of a mirrored hosted
1661          * suppressions file .
1662          */
1663         public static final String HOSTED_SUPPRESSIONS_URL = "hostedSuppressionsUrl";
1664         /**
1665          * The username for basic auth to a mirrored hosted suppressions file.
1666          */
1667         public static final String HOSTED_SUPPRESSIONS_USER = "hostedSuppressionsUser";
1668         /**
1669          * The passwored for basic auth to a mirrored hosted suppressions file.
1670          */
1671         public static final String HOSTED_SUPPRESSIONS_PASSWORD = "hostedSuppressionsPassword";
1672         /**
1673          * The toke for bearer auth to  a mirrored hosted suppressions file.
1674          */
1675         public static final String HOSTED_SUPPRESSIONS_BEARER_TOKEN = "hostedSuppressionsBearerToken";
1676     }
1677 }