module Glue::Options

Parses command line arguments for Brakeman

Public Class Methods

get_options(args, destructive = false) click to toggle source

Return hash of options and the parser

# File lib/glue/options.rb, line 20
def get_options args, destructive = false
  options = {}

  parser = OptionParser.new do |opts|
    opts.banner = "Usage: Glue [options] image/root/path"

    opts.separator ""
    opts.separator "Glue is a swiss army knife of security analysis tools."
    opts.separator "It has built in support for static analysis, AV, fim, and "
    opts.separator "is being extended to be used for analyzing all kinds of "
    opts.separator "projects, images or file systems."
    opts.separator ""
    opts.separator "Glue also features filters to perform deduplication "
    opts.separator "and the abilty to handle false positives."
    opts.separator ""
    opts.separator "See also the docker image."
    opts.separator ""

    opts.separator "Control options:"

    opts.on "-n", "--no-threads", "Run checks sequentially" do
      options[:parallel_checks] = false
    end

    opts.on "--[no-]progress", "Show progress reports" do |progress|
      options[:report_progress] = progress
    end

    opts.on "-T", "--target PATH", "Specify target" do |target|
      options[:target] = path
    end

    opts.on "-q", "--[no-]quiet", "Suppress informational messages" do |quiet|
      options[:quiet] = quiet
    end

    opts.on( "-z", "--exit-on-warn", "Exit code is non-zero if warnings found") do
      options[:exit_on_warn] = true
    end

    opts.separator ""
    opts.separator "Scanning options:"

    opts.on "-A", "--run-all-checks", "Run all default and optional checks" do
      options[:run_all_checks] = true
    end

    opts.on "-t", "--test Check1,Check2,etc", Array, "Only run the specified checks" do |checks|
      options[:run_tasks] ||= Set.new
      options[:run_tasks].merge checks
    end

    opts.on "-x", "--except Check1,Check2,etc", Array, "Skip the specified checks" do |skip|
      skip.each do |s|

        options[:skip_checks] ||= Set.new
        options[:skip_checks] << s
      end
    end

    opts.on "-a", "--appname NAME", "Override the inferred application name." do |appname|
      options[:appname] = appname
    end

    opts.on "-r", "--revision REV", "Specify a revision of software to pass on to checkmarx" do |revision|
      options[:revision] = revision
    end

    opts.on "-l", "--labels Label1,Label2,etc", Array, "Run the checks with the supplied labels" do |labels|
      options[:labels] ||= Set.new
      options[:labels].merge labels
    end

    opts.on "--add-checks-path path1,path2,etc", Array, "A directory containing additional out-of-tree checks to run" do |paths|
      options[:additional_checks_path] ||= Set.new
      options[:additional_checks_path].merge paths.map {|p| File.expand_path p}
    end

    opts.on "--npm-registry URL", "Use a custom npm registry when installing dependencies for javascript scanners" do |url|
      options[:npm_registry] = url
    end

    opts.on "--exclude path1,path2,path3,etc", Array, "A list of paths to ignore when running recursive tasks (npm, retirejs, snyk, etc)" do |paths|
      paths.each do |path|
        options[:exclude_dirs] ||= Set.new
        options[:exclude_dirs] << path
      end
    end

    opts.separator ""
    opts.separator "Output options:"

    opts.on "-d", "--debug", "Lots of output" do
      options[:debug] = true
    end

    opts.on "-f",
            "--format TYPE",
            [:text, :html, :csv, :tabs, :json, :jira, :markdown],
            "Specify output formats. Default is text" do |type|
      options[:output_format] = type
    end

    opts.on "--css-file CSSFile", "Specify CSS to use for HTML output" do |file|
      options[:html_style] = File.expand_path file
    end

    opts.on "-i IGNOREFILE", "--ignore-config IGNOREFILE", "Use configuration to ignore warnings" do |file|
      options[:ignore_file] = file
    end

    opts.on "-I", "--interactive-ignore", "Interactively ignore warnings" do
      options[:interactive_ignore] = true
    end

    opts.on "-o", "--output FILE", "Specify file for output. Defaults to stdout." do |file|
      options[:output_file] = file
    end

    opts.on "--summary", "Only output summary of warnings" do
      options[:summary_only] = true
    end

    opts.on "-L LOGFILE", "--logfile LOGFILE", "Write full Glue log to LOGFILE" do |file|
      options[:logfile] = file
    end

    opts.separator ""
    opts.separator "JIRA options:"

    opts.on "--jira-project PROJECT", "Specify the jira project to create issues in. If issue looks like APPS-13, this should be APPS." do |project|
      options[:jira_project] = project
    end

    opts.on "--jira-api-url URL", "Specify the jira rest api endpoint. Eg. domain.com/jira/jira/rest/api/2/." do |url|
      options[:jira_api_url] = url
    end

    opts.on "--jira-cookie COOKIE", "Specify the session cookie to get to Jira." do |cookie|
      options[:jira_cookie] = cookie
    end

    opts.on "--jira-component COMPONENT", "Specify the JIRA component to use." do |component|
      options[:jira_component] = component
    end

    opts.separator ""
    opts.separator "ZAP options:"

    opts.on "--zap-api-token token", "Specify the ZAP API token to use when connecting to the API" do |token|
      options[:zap_api_token] = token
    end

    opts.on "--zap-host HOST", "Specify the host ZAP is running on." do |host|
      options[:zap_host] = host
    end

    opts.on "--zap-port PORT", "Specify the port ZAP is running on." do |port|
      options[:zap_port] = port
    end

    opts.separator ""
    opts.separator "Checkmarx options:"

    opts.on "--checkmarx-user USER", "Specify the Checkmarx user to use when connecting to the API" do |user|
      options[:checkmarx_user] = user
    end

    opts.on "--checkmarx-password PASSWORD", "Specify password for the Checkmarx API user" do |password|
      options[:checkmarx_password] = password
    end

    opts.on "--checkmarx-server server", "Specify the API server to use for Checkmarx scans" do |server|
      options[:checkmarx_server] = server
    end

    opts.on "--checkmarx-log logfile", "Specify the log file to use for Checkmarx scans" do |logfile|
      options[:checkmarx_log] = logfile
    end

    opts.on "--checkmarx-project project", "Specify the full path of the Checkmarx project for this scan" do |project|
      options[:checkmarx_project] = project
    end

    opts.separator ""
    opts.separator "PMD options:"

    opts.on "--pmd-path PATH", "The full path to the base PMD directory" do |dir|
      options[:pmd_path] = dir
    end

    opts.on "--pmd-checks CHECK1,CHECK2", "The list of checks passed to PMD run.sh -R, default: 'java-basic,java-sunsecure'" do |checks|
      options[:pmd_checks] = checks
    end

    opts.separator ""
    opts.separator "FindSecurityBugs options:"

    opts.on "--findsecbugs-path PATH", "The full path to the base FindSecurityBugs directory" do |dir|
      options[:findsecbugs_path] = dir
    end

    opts.separator ""
    opts.separator "Configuration files:"

    opts.on "-c", "--config-file FILE", "Use specified configuration file" do |file|
      options[:config_file] = File.expand_path(file)
    end

    opts.on "-C", "--create-config [FILE]", "Output configuration file based on options" do |file|
      if file
        options[:create_config] = file
      else
        options[:create_config] = true
      end
    end

    opts.separator ""

    opts.on "-k", "--checks", "List all available vulnerability checks" do
      options[:list_checks] = true
    end

    opts.on "--optional-checks", "List optional checks" do
      options[:list_optional_checks] = true
    end

    opts.on "-v", "--version", "Show Glue version" do
      options[:show_version] = true
    end

    opts.on_tail "-h", "--help", "Display this message" do
      options[:show_help] = true
    end
  end

  if destructive
    parser.parse! args
  else
    parser.parse args
  end

  if options[:previous_results_json] and options[:output_files]
    options[:comparison_output_file] = options[:output_files].shift
  end

  return options, parser
end
parse(args) click to toggle source

Parse argument array

# File lib/glue/options.rb, line 10
def parse args
  get_options args
end
parse!(args) click to toggle source

Parse arguments and remove them from the array as they are matched

# File lib/glue/options.rb, line 15
def parse! args
  get_options args, true
end