From 51e40b57bb02a8c3c313e1acf064cfccfe414e90 Mon Sep 17 00:00:00 2001 From: jonnadebricked Date: Tue, 12 Sep 2023 17:12:09 +0200 Subject: [PATCH] Update callgraph documentation --- internal/cmd/callgraph/callgraph.go | 17 +++++++++++++---- internal/cmd/scan/scan.go | 6 +++--- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/internal/cmd/callgraph/callgraph.go b/internal/cmd/callgraph/callgraph.go index 01a7796e..f4e9095f 100644 --- a/internal/cmd/callgraph/callgraph.go +++ b/internal/cmd/callgraph/callgraph.go @@ -25,8 +25,13 @@ var generateTimeout int func NewCallgraphCmd(generator callgraph.IGenerator) *cobra.Command { cmd := &cobra.Command{ Use: "callgraph [path]", - Short: "Generate a static callgraph for the given directory and subdirectories", - Long: `If a directory is inputted all manifest files without a lock file are resolved. + Short: "Generate a static call graph for the given directory and subdirectories", + Long: `Generate a static call graph for a project in the given directory. The command consists of two main parts: build and callgraph. +Build: Build the project and resolve dependencies. In this step, all necessary .class files are created. +Callgraph: Generate the static call graph using debricked Vulnerable Functionality. + +The full documentation is available here https://portal.debricked.com/debricked-cli-63/debricked-cli-documentation-298 + Example: $ debricked callgraph `, @@ -38,6 +43,7 @@ $ debricked callgraph fileExclusionExample := filepath.Join("*", "**.lock") dirExclusionExample := filepath.Join("**", "node_modules", "**") exampleFlags := fmt.Sprintf("-e \"%s\" -e \"%s\"", fileExclusionExample, dirExclusionExample) + cmd.Flags().StringArrayVarP(&exclusions, ExclusionFlag, "e", exclusions, `The following terms are supported to exclude paths: Special Terms | Meaning ------------- | ------- @@ -49,8 +55,11 @@ Special Terms | Meaning Example: $ debricked files resolve . `+exampleFlags) - cmd.Flags().BoolVar(&buildDisabled, NoBuildFlag, false, "Should not automatically build all source code in project to enable call graph generation.") - cmd.Flags().IntVar(&generateTimeout, GenerateTimeoutFlag, 60*60, "Timeout generate callgraph") + cmd.Flags().BoolVar(&buildDisabled, NoBuildFlag, false, `Do not automatically build all source code in the project to enable call graph generation. +This option requires a pre-built project. For more detailed documentation on Vulnerable Functionality, visit our portal: +https://portal.debricked.com/vulnerability-management-43/how-do-i-enable-the-vulnerable-functionality-246`) + cmd.Flags().IntVar(&generateTimeout, GenerateTimeoutFlag, 60*60, "Timeout (in seconds) on call graph generation.") + viper.MustBindEnv(ExclusionFlag) return cmd diff --git a/internal/cmd/scan/scan.go b/internal/cmd/scan/scan.go index cb6ae936..30130473 100644 --- a/internal/cmd/scan/scan.go +++ b/internal/cmd/scan/scan.go @@ -88,9 +88,9 @@ $ debricked scan . `+exampleFlags) cmd.Flags().BoolVarP(&passOnDowntime, PassOnTimeOut, "p", false, "pass scan if there is a service access timeout") cmd.Flags().BoolVar(&noResolve, NoResolveFlag, false, `disables resolution of manifest files that lack lock files. Resolving manifest files enables more accurate dependency scanning since the whole dependency tree will be analysed. For example, if there is a "go.mod" in the target path, its dependencies are going to get resolved onto a lock file, and latter scanned.`) - cmd.Flags().BoolVar(&callgraph, CallGraphFlag, false, `Enables callgraph generation during scan.`) - cmd.Flags().IntVar(&callgraphUploadTimeout, CallGraphUploadTimeoutFlag, 10*60, "Sets a timeout on callgraph upload") - cmd.Flags().IntVar(&callgraphGenerateTimeout, CallGraphGenerateTimeoutFlag, 60*60, "Sets a timeout on callgraph generation") + cmd.Flags().BoolVar(&callgraph, CallGraphFlag, false, `Enables call graph generation during scan.`) + cmd.Flags().IntVar(&callgraphUploadTimeout, CallGraphUploadTimeoutFlag, 10*60, "Set a timeout (in seconds) on call graph upload.") + cmd.Flags().IntVar(&callgraphGenerateTimeout, CallGraphGenerateTimeoutFlag, 60*60, "Set a timeout (in seconds) on call graph generation.") viper.MustBindEnv(RepositoryFlag) viper.MustBindEnv(CommitFlag)