From 314e2ffda34be63c2d79708f309530beae84330b Mon Sep 17 00:00:00 2001 From: jonnadebricked Date: Tue, 12 Sep 2023 17:12:09 +0200 Subject: [PATCH 1/7] update callgraph documentation --- internal/cmd/callgraph/callgraph.go | 33 +++++++++++++++++------------ internal/cmd/scan/scan.go | 6 +++--- 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/internal/cmd/callgraph/callgraph.go b/internal/cmd/callgraph/callgraph.go index 01a7796e..59c37664 100644 --- a/internal/cmd/callgraph/callgraph.go +++ b/internal/cmd/callgraph/callgraph.go @@ -25,8 +25,9 @@ var generateTimeout int func NewCallgraphCmd(generator callgraph.IGenerator) *cobra.Command { cmd := &cobra.Command{ Use: "callgraph [path]", - Short: "Generate a static callgraph for the given directory and subdirectories", - Long: `If a directory is inputted all manifest files without a lock file are resolved. + Short: "Generate a static call graph for the given directory and subdirectories", + Long: `Generate a static call graph for a project. If a directory is inputted all manifest files without a lock file are resolved. + Example: $ debricked callgraph `, @@ -35,22 +36,26 @@ $ debricked callgraph }, RunE: RunE(generator), } + // TODO: add to docs: Complete documentation with advanced user guide is available at https://portal.debricked.com/docs/... fileExclusionExample := filepath.Join("*", "**.lock") dirExclusionExample := filepath.Join("**", "node_modules", "**") exampleFlags := fmt.Sprintf("-e \"%s\" -e \"%s\"", fileExclusionExample, dirExclusionExample) - cmd.Flags().StringArrayVarP(&exclusions, ExclusionFlag, "e", exclusions, `The following terms are supported to exclude paths: -Special Terms | Meaning -------------- | ------- -"*" | matches any sequence of non-Separator characters -"/**/" | matches zero or multiple directories -"?" | matches any single non-Separator character -"[class]" | matches any single non-Separator character against a class of characters ([see "character classes"]) -"{alt1,...}" | matches a sequence of characters if one of the comma-separated alternatives matches -Example: -$ debricked files resolve . `+exampleFlags) - cmd.Flags().BoolVar(&buildDisabled, NoBuildFlag, false, "Should not automatically build all source code in project to enable call graph generation.") - cmd.Flags().IntVar(&generateTimeout, GenerateTimeoutFlag, 60*60, "Timeout generate callgraph") + cmd.Flags().StringArrayVarP(&exclusions, ExclusionFlag, "e", exclusions, fmt.Sprintf( + `The following terms are supported to exclude paths: + Special Terms | Meaning + ------------- | ------- + "*" | matches any sequence of non-Separator characters + "/**/" | matches zero or multiple directories + "?" | matches any single non-Separator character + "[class]" | matches any single non-Separator character against a class of characters ([see "character classes"]) + "{alt1,...}" | matches a sequence of characters if one of the comma-separated alternatives matches + + Example: + $ debricked files resolve . %s`, exampleFlags)) + cmd.Flags().BoolVar(&buildDisabled, NoBuildFlag, false, "Do not automatically build all source code in the project to enable call graph generation. This option requires a pre-built project.") + cmd.Flags().IntVar(&generateTimeout, GenerateTimeoutFlag, 60*60, "Timeout (in seconds) on call graph generation.") + viper.MustBindEnv(ExclusionFlag) return cmd diff --git a/internal/cmd/scan/scan.go b/internal/cmd/scan/scan.go index cb6ae936..69a14858 100644 --- a/internal/cmd/scan/scan.go +++ b/internal/cmd/scan/scan.go @@ -88,9 +88,9 @@ $ debricked scan . `+exampleFlags) cmd.Flags().BoolVarP(&passOnDowntime, PassOnTimeOut, "p", false, "pass scan if there is a service access timeout") cmd.Flags().BoolVar(&noResolve, NoResolveFlag, false, `disables resolution of manifest files that lack lock files. Resolving manifest files enables more accurate dependency scanning since the whole dependency tree will be analysed. For example, if there is a "go.mod" in the target path, its dependencies are going to get resolved onto a lock file, and latter scanned.`) - cmd.Flags().BoolVar(&callgraph, CallGraphFlag, false, `Enables callgraph generation during scan.`) - cmd.Flags().IntVar(&callgraphUploadTimeout, CallGraphUploadTimeoutFlag, 10*60, "Sets a timeout on callgraph upload") - cmd.Flags().IntVar(&callgraphGenerateTimeout, CallGraphGenerateTimeoutFlag, 60*60, "Sets a timeout on callgraph generation") + cmd.Flags().BoolVar(&callgraph, CallGraphFlag, false, `Enables call graph generation during scan.`) + cmd.Flags().IntVar(&callgraphUploadTimeout, CallGraphUploadTimeoutFlag, 10*60, "Sets a timeout (in seconds) on call graph upload.") + cmd.Flags().IntVar(&callgraphGenerateTimeout, CallGraphGenerateTimeoutFlag, 60*60, "Sets a timeout (in seconds) on call graph generation.") viper.MustBindEnv(RepositoryFlag) viper.MustBindEnv(CommitFlag) From 99605e17acde24d1fdbfa6f1d4d95a1299cb9d7a Mon Sep 17 00:00:00 2001 From: jonnadebricked Date: Wed, 13 Sep 2023 08:18:34 +0200 Subject: [PATCH 2/7] fix indent in callgraph docs --- internal/cmd/callgraph/callgraph.go | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/internal/cmd/callgraph/callgraph.go b/internal/cmd/callgraph/callgraph.go index 59c37664..e0aadc3c 100644 --- a/internal/cmd/callgraph/callgraph.go +++ b/internal/cmd/callgraph/callgraph.go @@ -41,18 +41,18 @@ $ debricked callgraph dirExclusionExample := filepath.Join("**", "node_modules", "**") exampleFlags := fmt.Sprintf("-e \"%s\" -e \"%s\"", fileExclusionExample, dirExclusionExample) - cmd.Flags().StringArrayVarP(&exclusions, ExclusionFlag, "e", exclusions, fmt.Sprintf( - `The following terms are supported to exclude paths: - Special Terms | Meaning - ------------- | ------- - "*" | matches any sequence of non-Separator characters - "/**/" | matches zero or multiple directories - "?" | matches any single non-Separator character - "[class]" | matches any single non-Separator character against a class of characters ([see "character classes"]) - "{alt1,...}" | matches a sequence of characters if one of the comma-separated alternatives matches - - Example: - $ debricked files resolve . %s`, exampleFlags)) + cmd.Flags().StringArrayVarP(&exclusions, ExclusionFlag, "e", exclusions, +`The following terms are supported to exclude paths: +Special Terms | Meaning +------------- | ------- +"*" | matches any sequence of non-Separator characters +"/**/" | matches zero or multiple directories +"?" | matches any single non-Separator character +"[class]" | matches any single non-Separator character against a class of characters ([see "character classes"]) +"{alt1,...}" | matches a sequence of characters if one of the comma-separated alternatives matches + +Example: +$ debricked files resolve . `+exampleFlags) cmd.Flags().BoolVar(&buildDisabled, NoBuildFlag, false, "Do not automatically build all source code in the project to enable call graph generation. This option requires a pre-built project.") cmd.Flags().IntVar(&generateTimeout, GenerateTimeoutFlag, 60*60, "Timeout (in seconds) on call graph generation.") From 3a82e235c0cf60c5a642c97d7f9c495fef0d9cfa Mon Sep 17 00:00:00 2001 From: jonnadebricked Date: Wed, 13 Sep 2023 11:35:50 +0200 Subject: [PATCH 3/7] add more verbose callgraph docs, include temp links to portal --- internal/cmd/callgraph/callgraph.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/internal/cmd/callgraph/callgraph.go b/internal/cmd/callgraph/callgraph.go index e0aadc3c..daefa39f 100644 --- a/internal/cmd/callgraph/callgraph.go +++ b/internal/cmd/callgraph/callgraph.go @@ -27,6 +27,11 @@ func NewCallgraphCmd(generator callgraph.IGenerator) *cobra.Command { Use: "callgraph [path]", Short: "Generate a static call graph for the given directory and subdirectories", Long: `Generate a static call graph for a project. If a directory is inputted all manifest files without a lock file are resolved. +The command consists of two main parts, Build and Callgraph. +Build: build the project and resolve dependencies. In this step, all necessary .class files are created. +Callgraph: generate the static call graph using debricked Vulnerable Functionality. + +The full documentation is available here https://debricked.com/docs/integrations/cli.html#debricked-cli Example: $ debricked callgraph @@ -36,7 +41,6 @@ $ debricked callgraph }, RunE: RunE(generator), } - // TODO: add to docs: Complete documentation with advanced user guide is available at https://portal.debricked.com/docs/... fileExclusionExample := filepath.Join("*", "**.lock") dirExclusionExample := filepath.Join("**", "node_modules", "**") exampleFlags := fmt.Sprintf("-e \"%s\" -e \"%s\"", fileExclusionExample, dirExclusionExample) @@ -53,7 +57,9 @@ Special Terms | Meaning Example: $ debricked files resolve . `+exampleFlags) - cmd.Flags().BoolVar(&buildDisabled, NoBuildFlag, false, "Do not automatically build all source code in the project to enable call graph generation. This option requires a pre-built project.") + cmd.Flags().BoolVar(&buildDisabled, NoBuildFlag, false, `Do not automatically build all source code in the project to enable call graph generation. +This option requires a pre-built project, for more detailed documentation on Vulnerable Functionality visit our portal: +https://portal.debricked.com/vulnerability-management-43/how-do-i-enable-the-vulnerable-functionality-246`) cmd.Flags().IntVar(&generateTimeout, GenerateTimeoutFlag, 60*60, "Timeout (in seconds) on call graph generation.") viper.MustBindEnv(ExclusionFlag) From cf4469beed4dd5fe349593b4592bc349888e381a Mon Sep 17 00:00:00 2001 From: jonnadebricked Date: Wed, 13 Sep 2023 11:45:20 +0200 Subject: [PATCH 4/7] fix linting --- internal/cmd/callgraph/callgraph.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/internal/cmd/callgraph/callgraph.go b/internal/cmd/callgraph/callgraph.go index daefa39f..70a1ed56 100644 --- a/internal/cmd/callgraph/callgraph.go +++ b/internal/cmd/callgraph/callgraph.go @@ -45,8 +45,7 @@ $ debricked callgraph dirExclusionExample := filepath.Join("**", "node_modules", "**") exampleFlags := fmt.Sprintf("-e \"%s\" -e \"%s\"", fileExclusionExample, dirExclusionExample) - cmd.Flags().StringArrayVarP(&exclusions, ExclusionFlag, "e", exclusions, -`The following terms are supported to exclude paths: + cmd.Flags().StringArrayVarP(&exclusions, ExclusionFlag, "e", exclusions, `The following terms are supported to exclude paths: Special Terms | Meaning ------------- | ------- "*" | matches any sequence of non-Separator characters From 64197097a606f134d37814ca74713916b2aa1cff Mon Sep 17 00:00:00 2001 From: jonnadebricked <106801401+jonna-debricked@users.noreply.github.com> Date: Wed, 13 Sep 2023 12:03:25 +0200 Subject: [PATCH 5/7] Apply suggestions from code review Co-authored-by: klaradebricked <114389192+klaradebricked@users.noreply.github.com> --- internal/cmd/callgraph/callgraph.go | 10 +++++----- internal/cmd/scan/scan.go | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/internal/cmd/callgraph/callgraph.go b/internal/cmd/callgraph/callgraph.go index 70a1ed56..c7ba6dd8 100644 --- a/internal/cmd/callgraph/callgraph.go +++ b/internal/cmd/callgraph/callgraph.go @@ -26,10 +26,10 @@ func NewCallgraphCmd(generator callgraph.IGenerator) *cobra.Command { cmd := &cobra.Command{ Use: "callgraph [path]", Short: "Generate a static call graph for the given directory and subdirectories", - Long: `Generate a static call graph for a project. If a directory is inputted all manifest files without a lock file are resolved. -The command consists of two main parts, Build and Callgraph. -Build: build the project and resolve dependencies. In this step, all necessary .class files are created. -Callgraph: generate the static call graph using debricked Vulnerable Functionality. + Long: `Generate a static call graph for a project. If a directory is inputted, all manifest files without a lock file are resolved. +The command consists of two main parts: build and callgraph. +Build: Build the project and resolve dependencies. In this step, all necessary .class files are created. +Callgraph: Generate the static call graph using debricked Vulnerable Functionality. The full documentation is available here https://debricked.com/docs/integrations/cli.html#debricked-cli @@ -57,7 +57,7 @@ Special Terms | Meaning Example: $ debricked files resolve . `+exampleFlags) cmd.Flags().BoolVar(&buildDisabled, NoBuildFlag, false, `Do not automatically build all source code in the project to enable call graph generation. -This option requires a pre-built project, for more detailed documentation on Vulnerable Functionality visit our portal: +This option requires a pre-built project. For more detailed documentation on Vulnerable Functionality, visit our portal: https://portal.debricked.com/vulnerability-management-43/how-do-i-enable-the-vulnerable-functionality-246`) cmd.Flags().IntVar(&generateTimeout, GenerateTimeoutFlag, 60*60, "Timeout (in seconds) on call graph generation.") diff --git a/internal/cmd/scan/scan.go b/internal/cmd/scan/scan.go index 69a14858..30130473 100644 --- a/internal/cmd/scan/scan.go +++ b/internal/cmd/scan/scan.go @@ -89,8 +89,8 @@ $ debricked scan . `+exampleFlags) cmd.Flags().BoolVar(&noResolve, NoResolveFlag, false, `disables resolution of manifest files that lack lock files. Resolving manifest files enables more accurate dependency scanning since the whole dependency tree will be analysed. For example, if there is a "go.mod" in the target path, its dependencies are going to get resolved onto a lock file, and latter scanned.`) cmd.Flags().BoolVar(&callgraph, CallGraphFlag, false, `Enables call graph generation during scan.`) - cmd.Flags().IntVar(&callgraphUploadTimeout, CallGraphUploadTimeoutFlag, 10*60, "Sets a timeout (in seconds) on call graph upload.") - cmd.Flags().IntVar(&callgraphGenerateTimeout, CallGraphGenerateTimeoutFlag, 60*60, "Sets a timeout (in seconds) on call graph generation.") + cmd.Flags().IntVar(&callgraphUploadTimeout, CallGraphUploadTimeoutFlag, 10*60, "Set a timeout (in seconds) on call graph upload.") + cmd.Flags().IntVar(&callgraphGenerateTimeout, CallGraphGenerateTimeoutFlag, 60*60, "Set a timeout (in seconds) on call graph generation.") viper.MustBindEnv(RepositoryFlag) viper.MustBindEnv(CommitFlag) From eb6f879b4a911caef0979d84cfef53d68676c560 Mon Sep 17 00:00:00 2001 From: jonnadebricked Date: Wed, 13 Sep 2023 12:48:38 +0200 Subject: [PATCH 6/7] update cli docs link --- internal/cmd/callgraph/callgraph.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/cmd/callgraph/callgraph.go b/internal/cmd/callgraph/callgraph.go index c7ba6dd8..9402f40b 100644 --- a/internal/cmd/callgraph/callgraph.go +++ b/internal/cmd/callgraph/callgraph.go @@ -31,7 +31,7 @@ The command consists of two main parts: build and callgraph. Build: Build the project and resolve dependencies. In this step, all necessary .class files are created. Callgraph: Generate the static call graph using debricked Vulnerable Functionality. -The full documentation is available here https://debricked.com/docs/integrations/cli.html#debricked-cli +The full documentation is available here https://portal.debricked.com/debricked-cli-63/debricked-cli-documentation-298 Example: $ debricked callgraph From 8ce198f90728d222957af403ad3f9b77f90698cb Mon Sep 17 00:00:00 2001 From: jonnadebricked Date: Fri, 15 Sep 2023 10:50:23 +0200 Subject: [PATCH 7/7] remove old part of callgraph docs --- internal/cmd/callgraph/callgraph.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/internal/cmd/callgraph/callgraph.go b/internal/cmd/callgraph/callgraph.go index 9402f40b..f4e9095f 100644 --- a/internal/cmd/callgraph/callgraph.go +++ b/internal/cmd/callgraph/callgraph.go @@ -26,8 +26,7 @@ func NewCallgraphCmd(generator callgraph.IGenerator) *cobra.Command { cmd := &cobra.Command{ Use: "callgraph [path]", Short: "Generate a static call graph for the given directory and subdirectories", - Long: `Generate a static call graph for a project. If a directory is inputted, all manifest files without a lock file are resolved. -The command consists of two main parts: build and callgraph. + Long: `Generate a static call graph for a project in the given directory. The command consists of two main parts: build and callgraph. Build: Build the project and resolve dependencies. In this step, all necessary .class files are created. Callgraph: Generate the static call graph using debricked Vulnerable Functionality.