diff --git a/docs/_data/bearer.yaml b/docs/_data/bearer.yaml index 95d04bf3c..5beb9f170 100644 --- a/docs/_data/bearer.yaml +++ b/docs/_data/bearer.yaml @@ -10,4 +10,4 @@ see_also: - bearer init - Generates a default config to `bearer.yml` - bearer scan - Scan a directory or file - bearer version - Print the version -aliases: +aliases: [] diff --git a/docs/_data/bearer_completion.yaml b/docs/_data/bearer_completion.yaml index 574780a31..03f426bb8 100644 --- a/docs/_data/bearer_completion.yaml +++ b/docs/_data/bearer_completion.yaml @@ -8,4 +8,4 @@ options: usage: help for completion see_also: - "bearer - " -aliases: +aliases: [] diff --git a/docs/_data/bearer_ignore_add.yaml b/docs/_data/bearer_ignore_add.yaml index 5c84e8f86..2c6857643 100644 --- a/docs/_data/bearer_ignore_add.yaml +++ b/docs/_data/bearer_ignore_add.yaml @@ -4,52 +4,65 @@ usage: bearer ignore add [flags] options: - name: api-key usage: Use your Bearer API Key to send the report to Bearer. + environment_variables: + - BEARER_API_KEY - name: author shorthand: a usage: | Add author information to this ignored finding. (default output of "git config user.name") + environment_variables: + - BEARER_AUTHOR - name: comment usage: Add a comment to this ignored finding. + environment_variables: + - BEARER_COMMENT - name: config-file default_value: bearer.yml usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE - name: debug default_value: "false" usage: Enable debug logs. Equivalent to --log-level=debug - - name: debug-profile - default_value: "false" - usage: Generate profiling data for debugging + environment_variables: + - BEARER_DEBUG - name: disable-version-check default_value: "false" usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK - name: false-positive default_value: "false" usage: Mark an this ignored finding as false positive. + environment_variables: + - BEARER_FALSE_POSITIVE - name: force default_value: "false" usage: Overwrite an existing ignored finding. + environment_variables: + - BEARER_FORCE - name: help shorthand: h default_value: "false" usage: help for add - - name: host - default_value: my.bearer.sh - usage: Specify the Host for sending the report. - name: ignore-file default_value: bearer.ignore usage: Load ignore file from the specified path. - - name: ignore-git - default_value: "false" - usage: Ignore Git listing + environment_variables: + - BEARER_IGNORE_FILE - name: log-level default_value: info usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL - name: no-color default_value: "false" usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- # Add an ignored fingerprint to your ignore file $ bearer ignore add --author Mish --comment "Possible false positive" see_also: - bearer ignore - Manage ignored fingerprints -aliases: +aliases: [] diff --git a/docs/_data/bearer_ignore_migrate.yaml b/docs/_data/bearer_ignore_migrate.yaml index ffe88659a..7200c563d 100644 --- a/docs/_data/bearer_ignore_migrate.yaml +++ b/docs/_data/bearer_ignore_migrate.yaml @@ -4,43 +4,50 @@ usage: bearer ignore migrate [flags] options: - name: api-key usage: Use your Bearer API Key to send the report to Bearer. + environment_variables: + - BEARER_API_KEY - name: config-file default_value: bearer.yml usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE - name: debug default_value: "false" usage: Enable debug logs. Equivalent to --log-level=debug - - name: debug-profile - default_value: "false" - usage: Generate profiling data for debugging + environment_variables: + - BEARER_DEBUG - name: disable-version-check default_value: "false" usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK - name: force default_value: "false" usage: Overwrite an existing ignored finding. + environment_variables: + - BEARER_FORCE - name: help shorthand: h default_value: "false" usage: help for migrate - - name: host - default_value: my.bearer.sh - usage: Specify the Host for sending the report. - name: ignore-file default_value: bearer.ignore usage: Load ignore file from the specified path. - - name: ignore-git - default_value: "false" - usage: Ignore Git listing + environment_variables: + - BEARER_IGNORE_FILE - name: log-level default_value: info usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL - name: no-color default_value: "false" usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- # Migrate existing ignored (excluded) fingerprints from bearer.yml file to ignore file $ bearer ignore migrate see_also: - bearer ignore - Manage ignored fingerprints -aliases: +aliases: [] diff --git a/docs/_data/bearer_ignore_pull.yaml b/docs/_data/bearer_ignore_pull.yaml index 00c440dff..1b26c5f81 100644 --- a/docs/_data/bearer_ignore_pull.yaml +++ b/docs/_data/bearer_ignore_pull.yaml @@ -4,40 +4,45 @@ usage: bearer ignore pull [flags] options: - name: api-key usage: Use your Bearer API Key to send the report to Bearer. + environment_variables: + - BEARER_API_KEY - name: config-file default_value: bearer.yml usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE - name: debug default_value: "false" usage: Enable debug logs. Equivalent to --log-level=debug - - name: debug-profile - default_value: "false" - usage: Generate profiling data for debugging + environment_variables: + - BEARER_DEBUG - name: disable-version-check default_value: "false" usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK - name: help shorthand: h default_value: "false" usage: help for pull - - name: host - default_value: my.bearer.sh - usage: Specify the Host for sending the report. - name: ignore-file default_value: bearer.ignore usage: Load ignore file from the specified path. - - name: ignore-git - default_value: "false" - usage: Ignore Git listing + environment_variables: + - BEARER_IGNORE_FILE - name: log-level default_value: info usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL - name: no-color default_value: "false" usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- # Pull ignored fingerprints from the Cloud (requires API key) $ bearer ignore pull /path/to/your_project --api-key=XXXXX see_also: - bearer ignore - Manage ignored fingerprints -aliases: +aliases: [] diff --git a/docs/_data/bearer_ignore_remove.yaml b/docs/_data/bearer_ignore_remove.yaml index d38d51c33..573a8d017 100644 --- a/docs/_data/bearer_ignore_remove.yaml +++ b/docs/_data/bearer_ignore_remove.yaml @@ -4,40 +4,45 @@ usage: bearer ignore remove [flags] options: - name: api-key usage: Use your Bearer API Key to send the report to Bearer. + environment_variables: + - BEARER_API_KEY - name: config-file default_value: bearer.yml usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE - name: debug default_value: "false" usage: Enable debug logs. Equivalent to --log-level=debug - - name: debug-profile - default_value: "false" - usage: Generate profiling data for debugging + environment_variables: + - BEARER_DEBUG - name: disable-version-check default_value: "false" usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK - name: help shorthand: h default_value: "false" usage: help for remove - - name: host - default_value: my.bearer.sh - usage: Specify the Host for sending the report. - name: ignore-file default_value: bearer.ignore usage: Load ignore file from the specified path. - - name: ignore-git - default_value: "false" - usage: Ignore Git listing + environment_variables: + - BEARER_IGNORE_FILE - name: log-level default_value: info usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL - name: no-color default_value: "false" usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- # Remove an ignored fingerprint from your ignore file $ bearer ignore remove see_also: - bearer ignore - Manage ignored fingerprints -aliases: +aliases: [] diff --git a/docs/_data/bearer_ignore_show.yaml b/docs/_data/bearer_ignore_show.yaml index 71d1dc13f..b309a3b23 100644 --- a/docs/_data/bearer_ignore_show.yaml +++ b/docs/_data/bearer_ignore_show.yaml @@ -5,42 +5,49 @@ options: - name: all default_value: "false" usage: Show all ignored fingerprints. + environment_variables: + - BEARER_ALL - name: api-key usage: Use your Bearer API Key to send the report to Bearer. + environment_variables: + - BEARER_API_KEY - name: config-file default_value: bearer.yml usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE - name: debug default_value: "false" usage: Enable debug logs. Equivalent to --log-level=debug - - name: debug-profile - default_value: "false" - usage: Generate profiling data for debugging + environment_variables: + - BEARER_DEBUG - name: disable-version-check default_value: "false" usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK - name: help shorthand: h default_value: "false" usage: help for show - - name: host - default_value: my.bearer.sh - usage: Specify the Host for sending the report. - name: ignore-file default_value: bearer.ignore usage: Load ignore file from the specified path. - - name: ignore-git - default_value: "false" - usage: Ignore Git listing + environment_variables: + - BEARER_IGNORE_FILE - name: log-level default_value: info usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL - name: no-color default_value: "false" usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- # Show the details of an ignored fingerprint from your ignore file $ bearer ignore show see_also: - bearer ignore - Manage ignored fingerprints -aliases: +aliases: [] diff --git a/docs/_data/bearer_init.yaml b/docs/_data/bearer_init.yaml index dfd244cdf..8cbfc17c1 100644 --- a/docs/_data/bearer_init.yaml +++ b/docs/_data/bearer_init.yaml @@ -8,4 +8,4 @@ options: usage: help for init see_also: - "bearer - " -aliases: +aliases: [] diff --git a/docs/_data/bearer_scan.yaml b/docs/_data/bearer_scan.yaml index cd19aad1f..2fae60176 100644 --- a/docs/_data/bearer_scan.yaml +++ b/docs/_data/bearer_scan.yaml @@ -4,79 +4,85 @@ usage: bearer scan [flags] options: - name: api-key usage: Use your Bearer API Key to send the report to Bearer. - - name: branch - usage: The name of the branch being scanned. - - name: commit - usage: The hash of the commit being scanned. + environment_variables: + - BEARER_API_KEY - name: config-file default_value: bearer.yml usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE - name: context usage: | Expand context of schema classification e.g., --context=health, to include data types particular to health + environment_variables: + - BEARER_CONTEXT - name: data-subject-mapping usage: | Override default data subject mapping by providing a path to a custom mapping JSON file + environment_variables: + - BEARER_DATA_SUBJECT_MAPPING - name: debug default_value: "false" usage: Enable debug logs. Equivalent to --log-level=debug - - name: debug-profile - default_value: "false" - usage: Generate profiling data for debugging - - name: default-branch - usage: The name of the default branch. + environment_variables: + - BEARER_DEBUG - name: diff default_value: "false" usage: | Only report differences in findings relative to a base branch. - - name: diff-base-branch - usage: The name of the base branch to use for diff scanning. - - name: diff-base-commit - usage: The hash of the base commit to use for diff scanning. + environment_variables: + - BEARER_DIFF - name: disable-default-rules default_value: "false" usage: Disables all default and built-in rules. + environment_variables: + - BEARER_DISABLE_DEFAULT_RULES - name: disable-domain-resolution default_value: "true" usage: | Do not attempt to resolve detected domains during classification + environment_variables: + - BEARER_DISABLE_DOMAIN_RESOLUTION - name: disable-version-check default_value: "false" usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK - name: domain-resolution-timeout default_value: 3s usage: | Set timeout when attempting to resolve detected domains during classification, e.g. --domain-resolution-timeout=3s - - name: exclude-fingerprint - default_value: "[]" - usage: | - Specify the comma-separated fingerprints of the findings you would like to exclude from the report. + environment_variables: + - BEARER_DOMAIN_RESOLUTION_TIMEOUT - name: exit-code default_value: "-1" usage: | Force a given exit code for the scan command. Set this to 0 (success) to always return a success exit code despite any findings from the scan. + environment_variables: + - BEARER_EXIT_CODE - name: external-rule-dir default_value: "[]" usage: | Specify directories paths that contain .yaml files with external rules configuration + environment_variables: + - BEARER_EXTERNAL_RULE_DIR - name: fail-on-severity default_value: critical,high,medium,low usage: | Specify which severities cause the report to fail. Works in conjunction with --exit-code. + environment_variables: + - BEARER_FAIL_ON_SEVERITY - name: force default_value: "false" usage: Disable the cache and runs the detections again + environment_variables: + - BEARER_FORCE - name: format shorthand: f usage: | Specify report format (json, yaml, sarif, gitlab-sast, rdjson, html) - - name: github-api-url - usage: A non-standard URL to use for the Github API - - name: github-repository - usage: | - The owner and name of the repository on Github. eg. Bearer/bearer - - name: github-token - usage: An access token for the Github API. + environment_variables: + - BEARER_FORMAT - name: help shorthand: h default_value: "false" @@ -84,60 +90,82 @@ options: - name: hide-progress-bar default_value: "false" usage: Hide progress bar from output - - name: host - default_value: my.bearer.sh - usage: Specify the Host for sending the report. + environment_variables: + - BEARER_HIDE_PROGRESS_BAR - name: ignore-file default_value: bearer.ignore usage: Load ignore file from the specified path. - - name: ignore-git - default_value: "false" - usage: Ignore Git listing + environment_variables: + - BEARER_IGNORE_FILE - name: internal-domains default_value: "[]" usage: | Define regular expressions for better classification of private or unreachable domains e.g. --internal-domains=".*.my-company.com,private.sh" + environment_variables: + - BEARER_INTERNAL_DOMAINS - name: log-level default_value: info usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL - name: no-color default_value: "false" usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR - name: only-rule default_value: "[]" usage: | Specify the comma-separated ids of the rules you would like to run. Skips all other rules. + environment_variables: + - BEARER_ONLY_RULE - name: output usage: Specify the output path for the report. + environment_variables: + - BEARER_OUTPUT - name: parallel default_value: "0" usage: Specify the amount of parallelism to use during the scan + environment_variables: + - BEARER_PARALLEL - name: quiet default_value: "false" usage: Suppress non-essential messages + environment_variables: + - BEARER_QUIET - name: report default_value: security usage: Specify the type of report (security, privacy, dataflow). - - name: repository-url - usage: The remote URL of the repository. + environment_variables: + - BEARER_REPORT - name: scanner default_value: "[sast]" usage: | Specify which scanner to use e.g. --scanner=secrets, --scanner=secrets,sast + environment_variables: + - BEARER_SCANNER + - SCANNER - name: severity default_value: critical,high,medium,low,warning usage: Specify which severities are included in the report. + environment_variables: + - BEARER_SEVERITY - name: skip-path default_value: "[]" usage: | Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql + environment_variables: + - BEARER_SKIP_PATH - name: skip-rule default_value: "[]" usage: | Specify the comma-separated ids of the rules you would like to skip. Runs all other rules. + environment_variables: + - BEARER_SKIP_RULE example: |4- # Scan a local project, including language-specific files $ bearer scan /path/to/your_project see_also: - "bearer - " -aliases: s +aliases: + - s diff --git a/docs/_data/bearer_version.yaml b/docs/_data/bearer_version.yaml index 957a4d9bc..94086d8d3 100644 --- a/docs/_data/bearer_version.yaml +++ b/docs/_data/bearer_version.yaml @@ -4,37 +4,42 @@ usage: bearer version [flags] options: - name: api-key usage: Use your Bearer API Key to send the report to Bearer. + environment_variables: + - BEARER_API_KEY - name: config-file default_value: bearer.yml usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE - name: debug default_value: "false" usage: Enable debug logs. Equivalent to --log-level=debug - - name: debug-profile - default_value: "false" - usage: Generate profiling data for debugging + environment_variables: + - BEARER_DEBUG - name: disable-version-check default_value: "false" usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK - name: help shorthand: h default_value: "false" usage: help for version - - name: host - default_value: my.bearer.sh - usage: Specify the Host for sending the report. - name: ignore-file default_value: bearer.ignore usage: Load ignore file from the specified path. - - name: ignore-git - default_value: "false" - usage: Ignore Git listing + environment_variables: + - BEARER_IGNORE_FILE - name: log-level default_value: info usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL - name: no-color default_value: "false" usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR see_also: - "bearer - " -aliases: +aliases: [] diff --git a/docs/reference/commands.njk b/docs/reference/commands.njk index 0ab58ea4f..1cc047845 100644 --- a/docs/reference/commands.njk +++ b/docs/reference/commands.njk @@ -34,6 +34,7 @@ Bearer CLI offers a number of commands to use and customize the CLI to your need Name Description Default Value + Environment Variables @@ -46,6 +47,7 @@ Bearer CLI offers a number of commands to use and customize the CLI to your need {{option.usage}} {{option.default_value}} + {{ option.environment_variables }} {% endfor %} @@ -57,7 +59,7 @@ Bearer CLI offers a number of commands to use and customize the CLI to your need {% endif %} {% if item.aliases %}

Aliases

-

In addition to the primary {{ item.name | trim }} command, you can also use {{ item.aliases | trim}} in place of it. +

In addition to the primary {{ item.name | trim }} command, you can also use {{ item.aliases }} in place of it.

{% endif %} {% endfor %} diff --git a/e2e/flags/.snapshots/TestMetadataFlags-help-scan b/e2e/flags/.snapshots/TestMetadataFlags-help-scan index 610ec4e95..80ea983df 100644 --- a/e2e/flags/.snapshots/TestMetadataFlags-help-scan +++ b/e2e/flags/.snapshots/TestMetadataFlags-help-scan @@ -38,6 +38,7 @@ Scan Flags --skip-path strings Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql General Flags + --api-key string Use your Bearer API Key to send the report to Bearer. --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking diff --git a/e2e/flags/.snapshots/TestMetadataFlags-scan-help b/e2e/flags/.snapshots/TestMetadataFlags-scan-help index 610ec4e95..80ea983df 100644 --- a/e2e/flags/.snapshots/TestMetadataFlags-scan-help +++ b/e2e/flags/.snapshots/TestMetadataFlags-scan-help @@ -38,6 +38,7 @@ Scan Flags --skip-path strings Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql General Flags + --api-key string Use your Bearer API Key to send the report to Bearer. --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking diff --git a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-context-flag b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-context-flag index 569fdfd06..a95458a30 100644 --- a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-context-flag +++ b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-context-flag @@ -39,6 +39,7 @@ Scan Flags --skip-path strings Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql General Flags + --api-key string Use your Bearer API Key to send the report to Bearer. --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking diff --git a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-privacy b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-privacy index 6fd4d119a..770a46fc4 100644 --- a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-privacy +++ b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-privacy @@ -39,6 +39,7 @@ Scan Flags --skip-path strings Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql General Flags + --api-key string Use your Bearer API Key to send the report to Bearer. --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking diff --git a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-security b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-security index 3b64e1d89..a62952c51 100644 --- a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-security +++ b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-security @@ -39,6 +39,7 @@ Scan Flags --skip-path strings Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql General Flags + --api-key string Use your Bearer API Key to send the report to Bearer. --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking diff --git a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-report-flag b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-report-flag index ecf89e381..6c2c37433 100644 --- a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-report-flag +++ b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-report-flag @@ -39,6 +39,7 @@ Scan Flags --skip-path strings Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql General Flags + --api-key string Use your Bearer API Key to send the report to Bearer. --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking diff --git a/go.mod b/go.mod index c02fab2c8..8d3c122ed 100644 --- a/go.mod +++ b/go.mod @@ -40,7 +40,6 @@ require ( github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/agnivade/levenshtein v1.1.1 // indirect github.com/charmbracelet/lipgloss v0.6.0 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/fatih/semgroup v1.2.0 // indirect github.com/gitleaks/go-gitdiff v0.9.0 // indirect @@ -58,7 +57,6 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect github.com/rivo/uniseg v0.4.4 // indirect - github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect @@ -115,7 +113,7 @@ require ( github.com/magiconair/properties v1.8.7 // indirect github.com/mitchellh/mapstructure v1.5.0 github.com/pelletier/go-toml v1.9.5 - github.com/pelletier/go-toml/v2 v2.1.0 // indirect + github.com/pelletier/go-toml/v2 v2.1.1 // indirect github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cast v1.6.0 // indirect github.com/spf13/cobra v1.8.0 @@ -128,3 +126,5 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 ) + +replace github.com/spf13/viper => github.com/cfabianski/viper v1.15.1-0.20231221085120-53a0f7864cd6 diff --git a/go.sum b/go.sum index 2b3ab48a9..6ec9805ae 100644 --- a/go.sum +++ b/go.sum @@ -27,6 +27,8 @@ github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cfabianski/viper v1.15.1-0.20231221085120-53a0f7864cd6 h1:HW9hLBTXvVxHrqSgnRsknxVlJfh7IUyxUGv7lmOa4rY= +github.com/cfabianski/viper v1.15.1-0.20231221085120-53a0f7864cd6/go.mod h1:ViOjWl6F2V3JRTuQU+T8ioJOUDoYu07nbAfFtiMlXzY= github.com/charmbracelet/lipgloss v0.6.0 h1:1StyZB9vBSOyuZxQUcUwGr17JmojPNm87inij9N3wJY= github.com/charmbracelet/lipgloss v0.6.0/go.mod h1:tHh2wr34xcHjC2HCXIlGSG1jaDF0S0atAUvBMP6Ppuk= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= @@ -34,7 +36,6 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -180,8 +181,8 @@ github.com/open-policy-agent/opa v0.59.0 h1:1WFU/KUhJAr3qatm0Lf8Ea5jp10ZmlE2M07o github.com/open-policy-agent/opa v0.59.0/go.mod h1:rdJSkEc4oQ+0074/3Fsgno5bkPsYxTjU5aLNmMujIvI= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4= -github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= +github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI= +github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -212,7 +213,6 @@ github.com/rs/zerolog v1.31.0 h1:FcTR3NnLWW+NnTwwhFWiJSZr4ECLpqCm6QsEnyvbV4A= github.com/rs/zerolog v1.31.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww= github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= -github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDjyw0ULyrTYWeN0UNCCkmCWfjPnIA2W6oviI= github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06/go.mod h1:+ePHsJ1keEjQtpvf9HHw0f4ZeJ0TLRsxhunSI2hYJSs= @@ -242,8 +242,6 @@ github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.18.1 h1:rmuU42rScKWlhhJDyXZRKJQHXFX02chSVW1IvkPGiVM= -github.com/spf13/viper v1.18.1/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= diff --git a/internal/commands/ignore.go b/internal/commands/ignore.go index c20b2a541..ff6c21055 100644 --- a/internal/commands/ignore.go +++ b/internal/commands/ignore.go @@ -80,11 +80,14 @@ func newIgnoreShowCommand() *cobra.Command { Short: "Show an ignored fingerprint", Example: `# Show the details of an ignored fingerprint from your ignore file $ bearer ignore show `, - RunE: func(cmd *cobra.Command, args []string) error { + PreRunE: func(cmd *cobra.Command, args []string) error { if err := IgnoreShowFlags.Bind(cmd); err != nil { return fmt.Errorf("flag bind error: %w", err) } + return nil + }, + RunE: func(cmd *cobra.Command, args []string) error { setLogLevel(cmd) options, err := IgnoreShowFlags.ToOptions(args) @@ -155,11 +158,14 @@ func newIgnoreAddCommand() *cobra.Command { Short: "Add an ignored fingerprint", Example: `# Add an ignored fingerprint to your ignore file $ bearer ignore add --author Mish --comment "Possible false positive"`, - RunE: func(cmd *cobra.Command, args []string) error { + PreRunE: func(cmd *cobra.Command, args []string) error { if err := IgnoreShowFlags.Bind(cmd); err != nil { return fmt.Errorf("flag bind error: %w", err) } + return nil + }, + RunE: func(cmd *cobra.Command, args []string) error { if len(args) == 0 { return cmd.Help() } @@ -253,11 +259,14 @@ func newIgnoreRemoveCommand() *cobra.Command { Short: "Remove an ignored fingerprint", Example: `# Remove an ignored fingerprint from your ignore file $ bearer ignore remove `, - RunE: func(cmd *cobra.Command, args []string) error { + PreRunE: func(cmd *cobra.Command, args []string) error { if err := flags.Bind(cmd); err != nil { return fmt.Errorf("flag bind error: %w", err) } + return nil + }, + RunE: func(cmd *cobra.Command, args []string) error { if len(args) == 0 { return cmd.Help() } @@ -298,6 +307,7 @@ $ bearer ignore remove `, SilenceErrors: false, SilenceUsage: false, } + flags.AddFlags(cmd) cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, flags.Usages(cmd))) @@ -312,11 +322,14 @@ func newIgnorePullCommand() *cobra.Command { Short: "Pull ignored fingerprints from Cloud", Example: `# Pull ignored fingerprints from the Cloud (requires API key) $ bearer ignore pull /path/to/your_project --api-key=XXXXX`, - RunE: func(cmd *cobra.Command, args []string) error { + PreRunE: func(cmd *cobra.Command, args []string) error { if err := flags.Bind(cmd); err != nil { return fmt.Errorf("flag bind error: %w", err) } + return nil + }, + RunE: func(cmd *cobra.Command, args []string) error { setLogLevel(cmd) options, err := flags.ToOptions(args) @@ -405,11 +418,14 @@ func newIgnoreMigrateCommand() *cobra.Command { Short: "Migrate ignored fingerprints from bearer.yml to ignore file", Example: `# Migrate existing ignored (excluded) fingerprints from bearer.yml file to ignore file $ bearer ignore migrate`, - RunE: func(cmd *cobra.Command, args []string) error { + PreRunE: func(cmd *cobra.Command, args []string) error { if err := flags.Bind(cmd); err != nil { return fmt.Errorf("flag bind error: %w", err) } + return nil + }, + RunE: func(cmd *cobra.Command, args []string) error { setLogLevel(cmd) options, err := flags.ToOptions(args) @@ -461,6 +477,7 @@ $ bearer ignore migrate`, SilenceErrors: false, SilenceUsage: false, } + flags.AddFlags(cmd) cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, flags.Usages(cmd))) diff --git a/internal/commands/processing_worker.go b/internal/commands/processing_worker.go index d1f21b1be..4148395c0 100644 --- a/internal/commands/processing_worker.go +++ b/internal/commands/processing_worker.go @@ -19,11 +19,14 @@ func NewProcessingWorkerCommand() *cobra.Command { cmd := &cobra.Command{ Use: "processing-worker [flags] PATH", Short: "start scan processing server", - RunE: func(cmd *cobra.Command, args []string) error { + PreRunE: func(cmd *cobra.Command, args []string) error { if err := flags.Bind(cmd); err != nil { return fmt.Errorf("flag bind error: %w", err) } + return nil + }, + RunE: func(cmd *cobra.Command, args []string) error { output.Setup(cmd, output.SetupRequest{ LogLevel: viper.GetString(flag.LogLevelFlag.ConfigName), Quiet: viper.GetBool(flag.QuietFlag.ConfigName), diff --git a/internal/commands/scan.go b/internal/commands/scan.go index 988056347..a0eff5d7c 100644 --- a/internal/commands/scan.go +++ b/internal/commands/scan.go @@ -49,13 +49,10 @@ func NewScanCommand() *cobra.Command { if err := ScanFlags.Bind(cmd); err != nil { return fmt.Errorf("flag bind error: %w", err) } + return nil }, RunE: func(cmd *cobra.Command, args []string) error { - if err := ScanFlags.Bind(cmd); err != nil { - return fmt.Errorf("flag bind error: %w", err) - } - logLevel := viper.GetString(flag.LogLevelFlag.ConfigName) if viper.GetBool(flag.DebugFlag.ConfigName) { logLevel = flag.DebugLogLevel diff --git a/internal/commands/version.go b/internal/commands/version.go index 56cbe432f..768ba8d97 100644 --- a/internal/commands/version.go +++ b/internal/commands/version.go @@ -18,12 +18,16 @@ func NewVersionCommand(version string, commitSHA string) *cobra.Command { Use: "version", Short: "Print the version", Args: cobra.NoArgs, - RunE: func(cmd *cobra.Command, args []string) error { + PreRunE: func(cmd *cobra.Command, args []string) error { if err := flags.Bind(cmd); err != nil { return fmt.Errorf("flag bind error: %w", err) } + return nil + }, + RunE: func(cmd *cobra.Command, args []string) error { logLevel := viper.GetString(flag.LogLevelFlag.ConfigName) + if viper.GetBool(flag.DebugFlag.ConfigName) { logLevel = flag.DebugLogLevel } @@ -47,6 +51,8 @@ func NewVersionCommand(version string, commitSHA string) *cobra.Command { cmd.SetUsageFunc(func(cmd *cobra.Command) error { return nil }) + flags.AddFlags(cmd) + return cmd } diff --git a/internal/flag/flags.go b/internal/flag/flags.go deleted file mode 100644 index 02d20d554..000000000 --- a/internal/flag/flags.go +++ /dev/null @@ -1 +0,0 @@ -package flag diff --git a/internal/flag/general_flags.go b/internal/flag/general_flags.go index 254d3d1eb..c38222a23 100644 --- a/internal/flag/general_flags.go +++ b/internal/flag/general_flags.go @@ -36,7 +36,6 @@ var ( Value: "", Usage: "Use your Bearer API Key to send the report to Bearer.", DisableInConfig: true, - Hide: true, }) ConfigFileFlag = GeneralFlagGroup.add(flagtypes.Flag{ diff --git a/internal/flag/options.go b/internal/flag/options.go index 42fb71539..42f69fa39 100644 --- a/internal/flag/options.go +++ b/internal/flag/options.go @@ -18,8 +18,7 @@ import ( type Flags []flagtypes.FlagGroup -const envPrefix = "bearer" - +var envPrefix = "bearer" var ErrInvalidScannerReportCombination = errors.New("invalid scanner argument; privacy report requires sast scanner") type flagGroupBase struct { diff --git a/scripts/gen-doc-yaml.go b/scripts/gen-doc-yaml.go index 2192989b5..ea611fe14 100644 --- a/scripts/gen-doc-yaml.go +++ b/scripts/gen-doc-yaml.go @@ -2,24 +2,83 @@ package main import ( "fmt" + "io" "os" "path/filepath" + "slices" + "sort" "strings" "github.com/bearer/bearer/cmd/bearer/build" "github.com/bearer/bearer/internal/commands" + "github.com/bearer/bearer/internal/flag" + flagtypes "github.com/bearer/bearer/internal/flag/types" + "github.com/bearer/bearer/internal/util/set" "github.com/spf13/cobra" - "github.com/spf13/cobra/doc" + "github.com/spf13/pflag" + "github.com/spf13/viper" + "gopkg.in/yaml.v3" +) + +type cmdOption struct { + Name string + Shorthand string `yaml:",omitempty"` + DefaultValue string `yaml:"default_value,omitempty"` + Usage string `yaml:",omitempty"` + EnvironmentVariables []string `yaml:"environment_variables,omitempty"` +} + +type cmdDoc struct { + Name string + Synopsis string `yaml:",omitempty"` + Description string `yaml:",omitempty"` + Usage string `yaml:",omitempty"` + Options []cmdOption `yaml:",omitempty"` + InheritedOptions []cmdOption `yaml:"inherited_options,omitempty"` + Example string `yaml:",omitempty"` + SeeAlso []string `yaml:"see_also,omitempty"` + Aliases []string `yaml:"aliases"` +} + +var ( + AllFlags = []*flagtypes.Flag{} + EnvVars = viper.AllEnvVar() + AllGroups = []flagtypes.FlagGroup{ + flag.GeneralFlagGroup, + flag.IgnoreAddFlagGroup, + flag.IgnoreMigrateFlagGroup, + flag.IgnoreShowFlagGroup, + flag.ReportFlagGroup, + flag.RepositoryFlagGroup, + flag.RuleFlagGroup, + flag.ScanFlagGroup, + flag.WorkerFlagGroup, + } + boundFlags = set.New[*flagtypes.Flag]() ) func main() { + for _, group := range AllGroups { + AllFlags = append(AllFlags, group.Flags()...) + } + + for _, f := range AllFlags { + if boundFlags.Add(f) { + flag.BindViper(f) // nolint: errcheck + } + } + dir := "./docs/_data" if _, err := os.Stat(dir); err != nil { fmt.Printf("Error: %v\n", err) os.Exit(1) } - err := writeDocs(commands.NewApp(build.Version, build.CommitSHA), dir) + cmd := commands.NewApp(build.Version, build.CommitSHA) + err := writeDocs( + cmd, + dir, + ) if err != nil { fmt.Printf("Error: %v\n", err) @@ -61,16 +120,162 @@ func writeDocs(cmd *cobra.Command, dir string) error { defer f.Close() // given the file - err = doc.GenYaml(cmd, f) - if err != nil { - return err + err = GenYaml(cmd, f) + + return err +} + +func GenYaml(cmd *cobra.Command, w io.Writer) error { + return GenYamlCustom(cmd, w, func(s string) string { return s }) +} + +func GenYamlCustom(cmd *cobra.Command, w io.Writer, linkHandler func(string) string) error { + cmd.InitDefaultHelpCmd() + cmd.InitDefaultHelpFlag() + + yamlDoc := cmdDoc{} + yamlDoc.Name = cmd.CommandPath() + yamlDoc.Synopsis = forceMultiLine(cmd.Short) + yamlDoc.Description = forceMultiLine(cmd.Long) + + if cmd.Runnable() { + yamlDoc.Usage = cmd.UseLine() + } + + if len(cmd.Example) > 0 { + yamlDoc.Example = cmd.Example + } + + flags := cmd.NonInheritedFlags() + if flags.HasFlags() { + yamlDoc.Options = genFlagResult(flags) + } + flags = cmd.InheritedFlags() + if flags.HasFlags() { + yamlDoc.InheritedOptions = genFlagResult(flags) + } + + if hasSeeAlso(cmd) { + result := []string{} + if cmd.HasParent() { + parent := cmd.Parent() + result = append(result, parent.CommandPath()+" - "+parent.Short) + } + children := cmd.Commands() + sort.Sort(byName(children)) + for _, child := range children { + if !child.IsAvailableCommand() || child.IsAdditionalHelpTopicCommand() { + continue + } + result = append(result, child.CommandPath()+" - "+child.Short) + } + yamlDoc.SeeAlso = result } - // add aliases - aliases := fmt.Sprintf("aliases: %s\n", strings.Join(cmd.Aliases, ", ")) + yamlDoc.Aliases = cmd.Aliases - if _, err := f.WriteString(aliases); err != nil { + final, err := yaml.Marshal(&yamlDoc) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + + if _, err := w.Write(final); err != nil { return err } return nil } + +func searchAppFlag(flag *pflag.Flag) *flagtypes.Flag { + var foundFlag *flagtypes.Flag + for _, f := range AllFlags { + if f.Name == flag.Name { + foundFlag = f + break + } + } + + return foundFlag +} + +func lookupEnvVariables(flag *pflag.Flag, otherFlag *flagtypes.Flag) []string { + var vars []string + + if otherFlag == nil { + vars = EnvVars[flag.Name] + } else { + vars = EnvVars[otherFlag.ConfigName] + } + + return removeDup(vars) +} + +func removeDup(vars []string) []string { + unique := set.New[string]() + unique.AddAll(vars) + + sorted := unique.Items() + slices.Sort(sorted) + + return sorted +} + +func genFlagResult(flags *pflag.FlagSet) []cmdOption { + var result []cmdOption + + flags.VisitAll(func(flag *pflag.Flag) { + appFlag := searchAppFlag(flag) + environmentVariables := lookupEnvVariables(flag, appFlag) + + if appFlag != nil && appFlag.Hide { + return + } + + if !(len(flag.ShorthandDeprecated) > 0) && len(flag.Shorthand) > 0 { + opt := cmdOption{ + flag.Name, + flag.Shorthand, + flag.DefValue, + forceMultiLine(flag.Usage), + environmentVariables, + } + result = append(result, opt) + } else { + opt := cmdOption{ + Name: flag.Name, + DefaultValue: forceMultiLine(flag.DefValue), + Usage: forceMultiLine(flag.Usage), + EnvironmentVariables: environmentVariables, + } + result = append(result, opt) + } + }) + + return result +} + +func forceMultiLine(s string) string { + if len(s) > 60 && !strings.Contains(s, "\n") { + s = s + "\n" + } + return s +} + +func hasSeeAlso(cmd *cobra.Command) bool { + if cmd.HasParent() { + return true + } + for _, c := range cmd.Commands() { + if !c.IsAvailableCommand() || c.IsAdditionalHelpTopicCommand() { + continue + } + return true + } + return false +} + +type byName []*cobra.Command + +func (s byName) Len() int { return len(s) } +func (s byName) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s byName) Less(i, j int) bool { return s[i].Name() < s[j].Name() }