From f5179c6ff5d12dcfce2344540cf8bc6f1b586695 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Fabianski?= Date: Thu, 21 Dec 2023 09:40:14 +0100 Subject: [PATCH 1/7] docs: improve commands generation --- docs/_data/bearer.yaml | 19 +- docs/_data/bearer_completion.yaml | 11 +- docs/_data/bearer_ignore_add.yaml | 106 ++++----- docs/_data/bearer_ignore_migrate.yaml | 82 +++---- docs/_data/bearer_ignore_pull.yaml | 74 +++---- docs/_data/bearer_ignore_remove.yaml | 74 +++---- docs/_data/bearer_ignore_show.yaml | 82 +++---- docs/_data/bearer_init.yaml | 11 +- docs/_data/bearer_scan.yaml | 294 +++++++++++++------------ docs/_data/bearer_version.yaml | 70 +++--- docs/reference/commands.njk | 4 +- go.mod | 8 +- go.sum | 10 +- internal/commands/ignore.go | 26 +-- internal/commands/processing_worker.go | 5 +- internal/commands/scan.go | 11 +- internal/commands/version.go | 10 +- internal/flag/flags.go | 1 - internal/flag/options.go | 7 +- scripts/gen-doc-yaml.go | 207 ++++++++++++++++- 20 files changed, 656 insertions(+), 456 deletions(-) delete mode 100644 internal/flag/flags.go diff --git a/docs/_data/bearer.yaml b/docs/_data/bearer.yaml index 95d04bf3c..b7677b684 100644 --- a/docs/_data/bearer.yaml +++ b/docs/_data/bearer.yaml @@ -1,13 +1,12 @@ name: bearer options: - - name: help - shorthand: h - default_value: "false" - usage: help for bearer + - name: help + shorthand: h + default_value: "false" + usage: help for bearer see_also: - - bearer completion - Generate the autocompletion script for the your shell. - - bearer ignore - Manage ignored fingerprints - - bearer init - Generates a default config to `bearer.yml` - - bearer scan - Scan a directory or file - - bearer version - Print the version -aliases: + - bearer completion - Generate the autocompletion script for the your shell. + - bearer ignore - Manage ignored fingerprints + - bearer init - Generates a default config to `bearer.yml` + - bearer scan - Scan a directory or file + - bearer version - Print the version diff --git a/docs/_data/bearer_completion.yaml b/docs/_data/bearer_completion.yaml index 574780a31..35dad9449 100644 --- a/docs/_data/bearer_completion.yaml +++ b/docs/_data/bearer_completion.yaml @@ -2,10 +2,9 @@ name: bearer completion synopsis: Generate the autocompletion script for the your shell. usage: bearer completion [command] options: - - name: help - shorthand: h - default_value: "false" - usage: help for completion + - name: help + shorthand: h + default_value: "false" + usage: help for completion see_also: - - "bearer - " -aliases: + - 'bearer - ' diff --git a/docs/_data/bearer_ignore_add.yaml b/docs/_data/bearer_ignore_add.yaml index 5c84e8f86..953cb67b1 100644 --- a/docs/_data/bearer_ignore_add.yaml +++ b/docs/_data/bearer_ignore_add.yaml @@ -2,54 +2,62 @@ name: bearer ignore add synopsis: Add an ignored fingerprint usage: bearer ignore add [flags] options: - - name: api-key - usage: Use your Bearer API Key to send the report to Bearer. - - name: author - shorthand: a - usage: | - Add author information to this ignored finding. (default output of "git config user.name") - - name: comment - usage: Add a comment to this ignored finding. - - name: config-file - default_value: bearer.yml - usage: Load configuration from the specified path. - - name: debug - default_value: "false" - usage: Enable debug logs. Equivalent to --log-level=debug - - name: debug-profile - default_value: "false" - usage: Generate profiling data for debugging - - name: disable-version-check - default_value: "false" - usage: Disable Bearer version checking - - name: false-positive - default_value: "false" - usage: Mark an this ignored finding as false positive. - - name: force - default_value: "false" - usage: Overwrite an existing ignored finding. - - name: help - shorthand: h - default_value: "false" - usage: help for add - - name: host - default_value: my.bearer.sh - usage: Specify the Host for sending the report. - - name: ignore-file - default_value: bearer.ignore - usage: Load ignore file from the specified path. - - name: ignore-git - default_value: "false" - usage: Ignore Git listing - - name: log-level - default_value: info - usage: Set log level (error, info, debug, trace) - - name: no-color - default_value: "false" - usage: Disable color in output + - name: author + shorthand: a + usage: | + Add author information to this ignored finding. (default output of "git config user.name") + environment_variables: + - BEARER_AUTHOR + - name: comment + usage: Add a comment to this ignored finding. + environment_variables: + - BEARER_COMMENT + - name: config-file + default_value: bearer.yml + usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE + - name: debug + default_value: "false" + usage: Enable debug logs. Equivalent to --log-level=debug + environment_variables: + - BEARER_DEBUG + - name: disable-version-check + default_value: "false" + usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK + - name: false-positive + default_value: "false" + usage: Mark an this ignored finding as false positive. + environment_variables: + - BEARER_FALSE_POSITIVE + - name: force + default_value: "false" + usage: Overwrite an existing ignored finding. + environment_variables: + - BEARER_FORCE + - name: help + shorthand: h + default_value: "false" + usage: help for add + - name: ignore-file + default_value: bearer.ignore + usage: Load ignore file from the specified path. + environment_variables: + - BEARER_IGNORE_FILE + - name: log-level + default_value: info + usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL + - name: no-color + default_value: "false" + usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- - # Add an ignored fingerprint to your ignore file - $ bearer ignore add --author Mish --comment "Possible false positive" + # Add an ignored fingerprint to your ignore file + $ bearer ignore add --author Mish --comment "Possible false positive" see_also: - - bearer ignore - Manage ignored fingerprints -aliases: + - bearer ignore - Manage ignored fingerprints diff --git a/docs/_data/bearer_ignore_migrate.yaml b/docs/_data/bearer_ignore_migrate.yaml index ffe88659a..1520235f6 100644 --- a/docs/_data/bearer_ignore_migrate.yaml +++ b/docs/_data/bearer_ignore_migrate.yaml @@ -2,45 +2,47 @@ name: bearer ignore migrate synopsis: Migrate ignored fingerprints from bearer.yml to ignore file usage: bearer ignore migrate [flags] options: - - name: api-key - usage: Use your Bearer API Key to send the report to Bearer. - - name: config-file - default_value: bearer.yml - usage: Load configuration from the specified path. - - name: debug - default_value: "false" - usage: Enable debug logs. Equivalent to --log-level=debug - - name: debug-profile - default_value: "false" - usage: Generate profiling data for debugging - - name: disable-version-check - default_value: "false" - usage: Disable Bearer version checking - - name: force - default_value: "false" - usage: Overwrite an existing ignored finding. - - name: help - shorthand: h - default_value: "false" - usage: help for migrate - - name: host - default_value: my.bearer.sh - usage: Specify the Host for sending the report. - - name: ignore-file - default_value: bearer.ignore - usage: Load ignore file from the specified path. - - name: ignore-git - default_value: "false" - usage: Ignore Git listing - - name: log-level - default_value: info - usage: Set log level (error, info, debug, trace) - - name: no-color - default_value: "false" - usage: Disable color in output + - name: config-file + default_value: bearer.yml + usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE + - name: debug + default_value: "false" + usage: Enable debug logs. Equivalent to --log-level=debug + environment_variables: + - BEARER_DEBUG + - name: disable-version-check + default_value: "false" + usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK + - name: force + default_value: "false" + usage: Overwrite an existing ignored finding. + environment_variables: + - BEARER_FORCE + - name: help + shorthand: h + default_value: "false" + usage: help for migrate + - name: ignore-file + default_value: bearer.ignore + usage: Load ignore file from the specified path. + environment_variables: + - BEARER_IGNORE_FILE + - name: log-level + default_value: info + usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL + - name: no-color + default_value: "false" + usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- - # Migrate existing ignored (excluded) fingerprints from bearer.yml file to ignore file - $ bearer ignore migrate + # Migrate existing ignored (excluded) fingerprints from bearer.yml file to ignore file + $ bearer ignore migrate see_also: - - bearer ignore - Manage ignored fingerprints -aliases: + - bearer ignore - Manage ignored fingerprints diff --git a/docs/_data/bearer_ignore_pull.yaml b/docs/_data/bearer_ignore_pull.yaml index 00c440dff..3c2890480 100644 --- a/docs/_data/bearer_ignore_pull.yaml +++ b/docs/_data/bearer_ignore_pull.yaml @@ -2,42 +2,42 @@ name: bearer ignore pull synopsis: Pull ignored fingerprints from Cloud usage: bearer ignore pull [flags] options: - - name: api-key - usage: Use your Bearer API Key to send the report to Bearer. - - name: config-file - default_value: bearer.yml - usage: Load configuration from the specified path. - - name: debug - default_value: "false" - usage: Enable debug logs. Equivalent to --log-level=debug - - name: debug-profile - default_value: "false" - usage: Generate profiling data for debugging - - name: disable-version-check - default_value: "false" - usage: Disable Bearer version checking - - name: help - shorthand: h - default_value: "false" - usage: help for pull - - name: host - default_value: my.bearer.sh - usage: Specify the Host for sending the report. - - name: ignore-file - default_value: bearer.ignore - usage: Load ignore file from the specified path. - - name: ignore-git - default_value: "false" - usage: Ignore Git listing - - name: log-level - default_value: info - usage: Set log level (error, info, debug, trace) - - name: no-color - default_value: "false" - usage: Disable color in output + - name: config-file + default_value: bearer.yml + usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE + - name: debug + default_value: "false" + usage: Enable debug logs. Equivalent to --log-level=debug + environment_variables: + - BEARER_DEBUG + - name: disable-version-check + default_value: "false" + usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK + - name: help + shorthand: h + default_value: "false" + usage: help for pull + - name: ignore-file + default_value: bearer.ignore + usage: Load ignore file from the specified path. + environment_variables: + - BEARER_IGNORE_FILE + - name: log-level + default_value: info + usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL + - name: no-color + default_value: "false" + usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- - # Pull ignored fingerprints from the Cloud (requires API key) - $ bearer ignore pull /path/to/your_project --api-key=XXXXX + # Pull ignored fingerprints from the Cloud (requires API key) + $ bearer ignore pull /path/to/your_project --api-key=XXXXX see_also: - - bearer ignore - Manage ignored fingerprints -aliases: + - bearer ignore - Manage ignored fingerprints diff --git a/docs/_data/bearer_ignore_remove.yaml b/docs/_data/bearer_ignore_remove.yaml index d38d51c33..325f9defc 100644 --- a/docs/_data/bearer_ignore_remove.yaml +++ b/docs/_data/bearer_ignore_remove.yaml @@ -2,42 +2,42 @@ name: bearer ignore remove synopsis: Remove an ignored fingerprint usage: bearer ignore remove [flags] options: - - name: api-key - usage: Use your Bearer API Key to send the report to Bearer. - - name: config-file - default_value: bearer.yml - usage: Load configuration from the specified path. - - name: debug - default_value: "false" - usage: Enable debug logs. Equivalent to --log-level=debug - - name: debug-profile - default_value: "false" - usage: Generate profiling data for debugging - - name: disable-version-check - default_value: "false" - usage: Disable Bearer version checking - - name: help - shorthand: h - default_value: "false" - usage: help for remove - - name: host - default_value: my.bearer.sh - usage: Specify the Host for sending the report. - - name: ignore-file - default_value: bearer.ignore - usage: Load ignore file from the specified path. - - name: ignore-git - default_value: "false" - usage: Ignore Git listing - - name: log-level - default_value: info - usage: Set log level (error, info, debug, trace) - - name: no-color - default_value: "false" - usage: Disable color in output + - name: config-file + default_value: bearer.yml + usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE + - name: debug + default_value: "false" + usage: Enable debug logs. Equivalent to --log-level=debug + environment_variables: + - BEARER_DEBUG + - name: disable-version-check + default_value: "false" + usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK + - name: help + shorthand: h + default_value: "false" + usage: help for remove + - name: ignore-file + default_value: bearer.ignore + usage: Load ignore file from the specified path. + environment_variables: + - BEARER_IGNORE_FILE + - name: log-level + default_value: info + usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL + - name: no-color + default_value: "false" + usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- - # Remove an ignored fingerprint from your ignore file - $ bearer ignore remove + # Remove an ignored fingerprint from your ignore file + $ bearer ignore remove see_also: - - bearer ignore - Manage ignored fingerprints -aliases: + - bearer ignore - Manage ignored fingerprints diff --git a/docs/_data/bearer_ignore_show.yaml b/docs/_data/bearer_ignore_show.yaml index 71d1dc13f..88484b0fd 100644 --- a/docs/_data/bearer_ignore_show.yaml +++ b/docs/_data/bearer_ignore_show.yaml @@ -2,45 +2,47 @@ name: bearer ignore show synopsis: Show an ignored fingerprint usage: bearer ignore show [flags] options: - - name: all - default_value: "false" - usage: Show all ignored fingerprints. - - name: api-key - usage: Use your Bearer API Key to send the report to Bearer. - - name: config-file - default_value: bearer.yml - usage: Load configuration from the specified path. - - name: debug - default_value: "false" - usage: Enable debug logs. Equivalent to --log-level=debug - - name: debug-profile - default_value: "false" - usage: Generate profiling data for debugging - - name: disable-version-check - default_value: "false" - usage: Disable Bearer version checking - - name: help - shorthand: h - default_value: "false" - usage: help for show - - name: host - default_value: my.bearer.sh - usage: Specify the Host for sending the report. - - name: ignore-file - default_value: bearer.ignore - usage: Load ignore file from the specified path. - - name: ignore-git - default_value: "false" - usage: Ignore Git listing - - name: log-level - default_value: info - usage: Set log level (error, info, debug, trace) - - name: no-color - default_value: "false" - usage: Disable color in output + - name: all + default_value: "false" + usage: Show all ignored fingerprints. + environment_variables: + - BEARER_ALL + - name: config-file + default_value: bearer.yml + usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE + - name: debug + default_value: "false" + usage: Enable debug logs. Equivalent to --log-level=debug + environment_variables: + - BEARER_DEBUG + - name: disable-version-check + default_value: "false" + usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK + - name: help + shorthand: h + default_value: "false" + usage: help for show + - name: ignore-file + default_value: bearer.ignore + usage: Load ignore file from the specified path. + environment_variables: + - BEARER_IGNORE_FILE + - name: log-level + default_value: info + usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL + - name: no-color + default_value: "false" + usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- - # Show the details of an ignored fingerprint from your ignore file - $ bearer ignore show + # Show the details of an ignored fingerprint from your ignore file + $ bearer ignore show see_also: - - bearer ignore - Manage ignored fingerprints -aliases: + - bearer ignore - Manage ignored fingerprints diff --git a/docs/_data/bearer_init.yaml b/docs/_data/bearer_init.yaml index dfd244cdf..ebe0fcd3d 100644 --- a/docs/_data/bearer_init.yaml +++ b/docs/_data/bearer_init.yaml @@ -2,10 +2,9 @@ name: bearer init synopsis: Generates a default config to `bearer.yml` usage: bearer init [flags] options: - - name: help - shorthand: h - default_value: "false" - usage: help for init + - name: help + shorthand: h + default_value: "false" + usage: help for init see_also: - - "bearer - " -aliases: + - 'bearer - ' diff --git a/docs/_data/bearer_scan.yaml b/docs/_data/bearer_scan.yaml index cd19aad1f..f331f7e74 100644 --- a/docs/_data/bearer_scan.yaml +++ b/docs/_data/bearer_scan.yaml @@ -2,142 +2,166 @@ name: bearer scan synopsis: Scan a directory or file usage: bearer scan [flags] options: - - name: api-key - usage: Use your Bearer API Key to send the report to Bearer. - - name: branch - usage: The name of the branch being scanned. - - name: commit - usage: The hash of the commit being scanned. - - name: config-file - default_value: bearer.yml - usage: Load configuration from the specified path. - - name: context - usage: | - Expand context of schema classification e.g., --context=health, to include data types particular to health - - name: data-subject-mapping - usage: | - Override default data subject mapping by providing a path to a custom mapping JSON file - - name: debug - default_value: "false" - usage: Enable debug logs. Equivalent to --log-level=debug - - name: debug-profile - default_value: "false" - usage: Generate profiling data for debugging - - name: default-branch - usage: The name of the default branch. - - name: diff - default_value: "false" - usage: | - Only report differences in findings relative to a base branch. - - name: diff-base-branch - usage: The name of the base branch to use for diff scanning. - - name: diff-base-commit - usage: The hash of the base commit to use for diff scanning. - - name: disable-default-rules - default_value: "false" - usage: Disables all default and built-in rules. - - name: disable-domain-resolution - default_value: "true" - usage: | - Do not attempt to resolve detected domains during classification - - name: disable-version-check - default_value: "false" - usage: Disable Bearer version checking - - name: domain-resolution-timeout - default_value: 3s - usage: | - Set timeout when attempting to resolve detected domains during classification, e.g. --domain-resolution-timeout=3s - - name: exclude-fingerprint - default_value: "[]" - usage: | - Specify the comma-separated fingerprints of the findings you would like to exclude from the report. - - name: exit-code - default_value: "-1" - usage: | - Force a given exit code for the scan command. Set this to 0 (success) to always return a success exit code despite any findings from the scan. - - name: external-rule-dir - default_value: "[]" - usage: | - Specify directories paths that contain .yaml files with external rules configuration - - name: fail-on-severity - default_value: critical,high,medium,low - usage: | - Specify which severities cause the report to fail. Works in conjunction with --exit-code. - - name: force - default_value: "false" - usage: Disable the cache and runs the detections again - - name: format - shorthand: f - usage: | - Specify report format (json, yaml, sarif, gitlab-sast, rdjson, html) - - name: github-api-url - usage: A non-standard URL to use for the Github API - - name: github-repository - usage: | - The owner and name of the repository on Github. eg. Bearer/bearer - - name: github-token - usage: An access token for the Github API. - - name: help - shorthand: h - default_value: "false" - usage: help for scan - - name: hide-progress-bar - default_value: "false" - usage: Hide progress bar from output - - name: host - default_value: my.bearer.sh - usage: Specify the Host for sending the report. - - name: ignore-file - default_value: bearer.ignore - usage: Load ignore file from the specified path. - - name: ignore-git - default_value: "false" - usage: Ignore Git listing - - name: internal-domains - default_value: "[]" - usage: | - Define regular expressions for better classification of private or unreachable domains e.g. --internal-domains=".*.my-company.com,private.sh" - - name: log-level - default_value: info - usage: Set log level (error, info, debug, trace) - - name: no-color - default_value: "false" - usage: Disable color in output - - name: only-rule - default_value: "[]" - usage: | - Specify the comma-separated ids of the rules you would like to run. Skips all other rules. - - name: output - usage: Specify the output path for the report. - - name: parallel - default_value: "0" - usage: Specify the amount of parallelism to use during the scan - - name: quiet - default_value: "false" - usage: Suppress non-essential messages - - name: report - default_value: security - usage: Specify the type of report (security, privacy, dataflow). - - name: repository-url - usage: The remote URL of the repository. - - name: scanner - default_value: "[sast]" - usage: | - Specify which scanner to use e.g. --scanner=secrets, --scanner=secrets,sast - - name: severity - default_value: critical,high,medium,low,warning - usage: Specify which severities are included in the report. - - name: skip-path - default_value: "[]" - usage: | - Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql - - name: skip-rule - default_value: "[]" - usage: | - Specify the comma-separated ids of the rules you would like to skip. Runs all other rules. + - name: config-file + default_value: bearer.yml + usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE + - name: context + usage: | + Expand context of schema classification e.g., --context=health, to include data types particular to health + environment_variables: + - BEARER_CONTEXT + - name: data-subject-mapping + usage: | + Override default data subject mapping by providing a path to a custom mapping JSON file + environment_variables: + - BEARER_DATA_SUBJECT_MAPPING + - name: debug + default_value: "false" + usage: Enable debug logs. Equivalent to --log-level=debug + environment_variables: + - BEARER_DEBUG + - name: diff + default_value: "false" + usage: | + Only report differences in findings relative to a base branch. + environment_variables: + - BEARER_DIFF + - name: disable-default-rules + default_value: "false" + usage: Disables all default and built-in rules. + environment_variables: + - BEARER_DISABLE_DEFAULT_RULES + - name: disable-domain-resolution + default_value: "true" + usage: | + Do not attempt to resolve detected domains during classification + environment_variables: + - BEARER_DISABLE_DOMAIN_RESOLUTION + - name: disable-version-check + default_value: "false" + usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK + - name: domain-resolution-timeout + default_value: 3s + usage: | + Set timeout when attempting to resolve detected domains during classification, e.g. --domain-resolution-timeout=3s + environment_variables: + - BEARER_DOMAIN_RESOLUTION_TIMEOUT + - name: exit-code + default_value: "-1" + usage: | + Force a given exit code for the scan command. Set this to 0 (success) to always return a success exit code despite any findings from the scan. + environment_variables: + - BEARER_EXIT_CODE + - name: external-rule-dir + default_value: '[]' + usage: | + Specify directories paths that contain .yaml files with external rules configuration + environment_variables: + - BEARER_EXTERNAL_RULE_DIR + - name: fail-on-severity + default_value: critical,high,medium,low + usage: | + Specify which severities cause the report to fail. Works in conjunction with --exit-code. + environment_variables: + - BEARER_FAIL_ON_SEVERITY + - name: force + default_value: "false" + usage: Disable the cache and runs the detections again + environment_variables: + - BEARER_FORCE + - name: format + shorthand: f + usage: | + Specify report format (json, yaml, sarif, gitlab-sast, rdjson, html) + environment_variables: + - BEARER_FORMAT + - name: help + shorthand: h + default_value: "false" + usage: help for scan + - name: hide-progress-bar + default_value: "false" + usage: Hide progress bar from output + environment_variables: + - BEARER_HIDE_PROGRESS_BAR + - name: ignore-file + default_value: bearer.ignore + usage: Load ignore file from the specified path. + environment_variables: + - BEARER_IGNORE_FILE + - name: internal-domains + default_value: '[]' + usage: | + Define regular expressions for better classification of private or unreachable domains e.g. --internal-domains=".*.my-company.com,private.sh" + environment_variables: + - BEARER_INTERNAL_DOMAINS + - name: log-level + default_value: info + usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL + - name: no-color + default_value: "false" + usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR + - name: only-rule + default_value: '[]' + usage: | + Specify the comma-separated ids of the rules you would like to run. Skips all other rules. + environment_variables: + - BEARER_ONLY_RULE + - name: output + usage: Specify the output path for the report. + environment_variables: + - BEARER_OUTPUT + - name: parallel + default_value: "0" + usage: Specify the amount of parallelism to use during the scan + environment_variables: + - BEARER_PARALLEL + - name: quiet + default_value: "false" + usage: Suppress non-essential messages + environment_variables: + - BEARER_QUIET + - name: report + default_value: security + usage: Specify the type of report (security, privacy, dataflow). + environment_variables: + - BEARER_REPORT + - name: scanner + default_value: '[sast]' + usage: | + Specify which scanner to use e.g. --scanner=secrets, --scanner=secrets,sast + environment_variables: + - BEARER_SCANNER + - SCANNER + - name: severity + default_value: critical,high,medium,low,warning + usage: Specify which severities are included in the report. + environment_variables: + - BEARER_SEVERITY + - name: skip-path + default_value: '[]' + usage: | + Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql + environment_variables: + - BEARER_SKIP_PATH + - name: skip-rule + default_value: '[]' + usage: | + Specify the comma-separated ids of the rules you would like to skip. Runs all other rules. + environment_variables: + - BEARER_SKIP_RULE example: |4- # Scan a local project, including language-specific files $ bearer scan /path/to/your_project see_also: - - "bearer - " -aliases: s + - 'bearer - ' +aliases: + - s diff --git a/docs/_data/bearer_version.yaml b/docs/_data/bearer_version.yaml index 957a4d9bc..5d73f48e6 100644 --- a/docs/_data/bearer_version.yaml +++ b/docs/_data/bearer_version.yaml @@ -2,39 +2,39 @@ name: bearer version synopsis: Print the version usage: bearer version [flags] options: - - name: api-key - usage: Use your Bearer API Key to send the report to Bearer. - - name: config-file - default_value: bearer.yml - usage: Load configuration from the specified path. - - name: debug - default_value: "false" - usage: Enable debug logs. Equivalent to --log-level=debug - - name: debug-profile - default_value: "false" - usage: Generate profiling data for debugging - - name: disable-version-check - default_value: "false" - usage: Disable Bearer version checking - - name: help - shorthand: h - default_value: "false" - usage: help for version - - name: host - default_value: my.bearer.sh - usage: Specify the Host for sending the report. - - name: ignore-file - default_value: bearer.ignore - usage: Load ignore file from the specified path. - - name: ignore-git - default_value: "false" - usage: Ignore Git listing - - name: log-level - default_value: info - usage: Set log level (error, info, debug, trace) - - name: no-color - default_value: "false" - usage: Disable color in output + - name: config-file + default_value: bearer.yml + usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE + - name: debug + default_value: "false" + usage: Enable debug logs. Equivalent to --log-level=debug + environment_variables: + - BEARER_DEBUG + - name: disable-version-check + default_value: "false" + usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK + - name: help + shorthand: h + default_value: "false" + usage: help for version + - name: ignore-file + default_value: bearer.ignore + usage: Load ignore file from the specified path. + environment_variables: + - BEARER_IGNORE_FILE + - name: log-level + default_value: info + usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL + - name: no-color + default_value: "false" + usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR see_also: - - "bearer - " -aliases: + - 'bearer - ' diff --git a/docs/reference/commands.njk b/docs/reference/commands.njk index 0ab58ea4f..1cc047845 100644 --- a/docs/reference/commands.njk +++ b/docs/reference/commands.njk @@ -34,6 +34,7 @@ Bearer CLI offers a number of commands to use and customize the CLI to your need Name Description Default Value + Environment Variables @@ -46,6 +47,7 @@ Bearer CLI offers a number of commands to use and customize the CLI to your need {{option.usage}} {{option.default_value}} + {{ option.environment_variables }} {% endfor %} @@ -57,7 +59,7 @@ Bearer CLI offers a number of commands to use and customize the CLI to your need {% endif %} {% if item.aliases %}

Aliases

-

In addition to the primary {{ item.name | trim }} command, you can also use {{ item.aliases | trim}} in place of it. +

In addition to the primary {{ item.name | trim }} command, you can also use {{ item.aliases }} in place of it.

{% endif %} {% endfor %} diff --git a/go.mod b/go.mod index c02fab2c8..f704ea3cf 100644 --- a/go.mod +++ b/go.mod @@ -40,7 +40,6 @@ require ( github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/agnivade/levenshtein v1.1.1 // indirect github.com/charmbracelet/lipgloss v0.6.0 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/fatih/semgroup v1.2.0 // indirect github.com/gitleaks/go-gitdiff v0.9.0 // indirect @@ -58,7 +57,6 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect github.com/rivo/uniseg v0.4.4 // indirect - github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect @@ -115,7 +113,7 @@ require ( github.com/magiconair/properties v1.8.7 // indirect github.com/mitchellh/mapstructure v1.5.0 github.com/pelletier/go-toml v1.9.5 - github.com/pelletier/go-toml/v2 v2.1.0 // indirect + github.com/pelletier/go-toml/v2 v2.1.1 // indirect github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cast v1.6.0 // indirect github.com/spf13/cobra v1.8.0 @@ -125,6 +123,8 @@ require ( golang.org/x/sys v0.15.0 // indirect golang.org/x/text v0.14.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 ) + +replace github.com/spf13/viper => github.com/cfabianski/viper v1.15.1-0.20231220102258-f9bd0ace5732 diff --git a/go.sum b/go.sum index 2b3ab48a9..f3c6a024e 100644 --- a/go.sum +++ b/go.sum @@ -27,6 +27,8 @@ github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cfabianski/viper v1.15.1-0.20231220102258-f9bd0ace5732 h1:ZZPf01vbtU+72beKrkFH+oM6pEoMjaJ1QbUTPbuM9R4= +github.com/cfabianski/viper v1.15.1-0.20231220102258-f9bd0ace5732/go.mod h1:ViOjWl6F2V3JRTuQU+T8ioJOUDoYu07nbAfFtiMlXzY= github.com/charmbracelet/lipgloss v0.6.0 h1:1StyZB9vBSOyuZxQUcUwGr17JmojPNm87inij9N3wJY= github.com/charmbracelet/lipgloss v0.6.0/go.mod h1:tHh2wr34xcHjC2HCXIlGSG1jaDF0S0atAUvBMP6Ppuk= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= @@ -34,7 +36,6 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -180,8 +181,8 @@ github.com/open-policy-agent/opa v0.59.0 h1:1WFU/KUhJAr3qatm0Lf8Ea5jp10ZmlE2M07o github.com/open-policy-agent/opa v0.59.0/go.mod h1:rdJSkEc4oQ+0074/3Fsgno5bkPsYxTjU5aLNmMujIvI= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4= -github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= +github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI= +github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -212,7 +213,6 @@ github.com/rs/zerolog v1.31.0 h1:FcTR3NnLWW+NnTwwhFWiJSZr4ECLpqCm6QsEnyvbV4A= github.com/rs/zerolog v1.31.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww= github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= -github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDjyw0ULyrTYWeN0UNCCkmCWfjPnIA2W6oviI= github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06/go.mod h1:+ePHsJ1keEjQtpvf9HHw0f4ZeJ0TLRsxhunSI2hYJSs= @@ -242,8 +242,6 @@ github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.18.1 h1:rmuU42rScKWlhhJDyXZRKJQHXFX02chSVW1IvkPGiVM= -github.com/spf13/viper v1.18.1/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= diff --git a/internal/commands/ignore.go b/internal/commands/ignore.go index c20b2a541..7ba8b0492 100644 --- a/internal/commands/ignore.go +++ b/internal/commands/ignore.go @@ -81,10 +81,6 @@ func newIgnoreShowCommand() *cobra.Command { Example: `# Show the details of an ignored fingerprint from your ignore file $ bearer ignore show `, RunE: func(cmd *cobra.Command, args []string) error { - if err := IgnoreShowFlags.Bind(cmd); err != nil { - return fmt.Errorf("flag bind error: %w", err) - } - setLogLevel(cmd) options, err := IgnoreShowFlags.ToOptions(args) @@ -139,6 +135,7 @@ $ bearer ignore show `, SilenceUsage: false, } IgnoreShowFlags.AddFlags(cmd) + IgnoreShowFlags.Bind(cmd) // nolint: errcheck cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, IgnoreShowFlags.Usages(cmd))) return cmd @@ -156,10 +153,6 @@ func newIgnoreAddCommand() *cobra.Command { Example: `# Add an ignored fingerprint to your ignore file $ bearer ignore add --author Mish --comment "Possible false positive"`, RunE: func(cmd *cobra.Command, args []string) error { - if err := IgnoreShowFlags.Bind(cmd); err != nil { - return fmt.Errorf("flag bind error: %w", err) - } - if len(args) == 0 { return cmd.Help() } @@ -240,6 +233,7 @@ $ bearer ignore add --author Mish --comment "Possible false positi SilenceUsage: false, } IgnoreShowFlags.AddFlags(cmd) + IgnoreShowFlags.Bind(cmd) // nolint: errcheck cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, IgnoreShowFlags.Usages(cmd))) return cmd @@ -254,10 +248,6 @@ func newIgnoreRemoveCommand() *cobra.Command { Example: `# Remove an ignored fingerprint from your ignore file $ bearer ignore remove `, RunE: func(cmd *cobra.Command, args []string) error { - if err := flags.Bind(cmd); err != nil { - return fmt.Errorf("flag bind error: %w", err) - } - if len(args) == 0 { return cmd.Help() } @@ -298,7 +288,9 @@ $ bearer ignore remove `, SilenceErrors: false, SilenceUsage: false, } + flags.AddFlags(cmd) + flags.Bind(cmd) // nolint: errcheck cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, flags.Usages(cmd))) return cmd @@ -313,10 +305,6 @@ func newIgnorePullCommand() *cobra.Command { Example: `# Pull ignored fingerprints from the Cloud (requires API key) $ bearer ignore pull /path/to/your_project --api-key=XXXXX`, RunE: func(cmd *cobra.Command, args []string) error { - if err := flags.Bind(cmd); err != nil { - return fmt.Errorf("flag bind error: %w", err) - } - setLogLevel(cmd) options, err := flags.ToOptions(args) @@ -390,6 +378,7 @@ $ bearer ignore pull /path/to/your_project --api-key=XXXXX`, SilenceUsage: false, } flags.AddFlags(cmd) + flags.Bind(cmd) // nolint: errcheck cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, flags.Usages(cmd))) return cmd @@ -406,10 +395,6 @@ func newIgnoreMigrateCommand() *cobra.Command { Example: `# Migrate existing ignored (excluded) fingerprints from bearer.yml file to ignore file $ bearer ignore migrate`, RunE: func(cmd *cobra.Command, args []string) error { - if err := flags.Bind(cmd); err != nil { - return fmt.Errorf("flag bind error: %w", err) - } - setLogLevel(cmd) options, err := flags.ToOptions(args) @@ -462,6 +447,7 @@ $ bearer ignore migrate`, SilenceUsage: false, } flags.AddFlags(cmd) + flags.Bind(cmd) // nolint: errcheck cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, flags.Usages(cmd))) return cmd diff --git a/internal/commands/processing_worker.go b/internal/commands/processing_worker.go index d1f21b1be..d40874bab 100644 --- a/internal/commands/processing_worker.go +++ b/internal/commands/processing_worker.go @@ -20,10 +20,6 @@ func NewProcessingWorkerCommand() *cobra.Command { Use: "processing-worker [flags] PATH", Short: "start scan processing server", RunE: func(cmd *cobra.Command, args []string) error { - if err := flags.Bind(cmd); err != nil { - return fmt.Errorf("flag bind error: %w", err) - } - output.Setup(cmd, output.SetupRequest{ LogLevel: viper.GetString(flag.LogLevelFlag.ConfigName), Quiet: viper.GetBool(flag.QuietFlag.ConfigName), @@ -54,6 +50,7 @@ func NewProcessingWorkerCommand() *cobra.Command { return err }) flags.AddFlags(cmd) + flags.Bind(cmd) // nolint: errcheck return cmd } diff --git a/internal/commands/scan.go b/internal/commands/scan.go index 988056347..7a42193b4 100644 --- a/internal/commands/scan.go +++ b/internal/commands/scan.go @@ -45,17 +45,7 @@ func NewScanCommand() *cobra.Command { Short: "Scan a directory or file", Example: ` # Scan a local project, including language-specific files $ bearer scan /path/to/your_project`, - PreRunE: func(cmd *cobra.Command, args []string) error { - if err := ScanFlags.Bind(cmd); err != nil { - return fmt.Errorf("flag bind error: %w", err) - } - return nil - }, RunE: func(cmd *cobra.Command, args []string) error { - if err := ScanFlags.Bind(cmd); err != nil { - return fmt.Errorf("flag bind error: %w", err) - } - logLevel := viper.GetString(flag.LogLevelFlag.ConfigName) if viper.GetBool(flag.DebugFlag.ConfigName) { logLevel = flag.DebugLogLevel @@ -96,6 +86,7 @@ func NewScanCommand() *cobra.Command { } ScanFlags.AddFlags(cmd) + ScanFlags.Bind(cmd) // nolint:errcheck cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, ScanFlags.Usages(cmd))) return cmd diff --git a/internal/commands/version.go b/internal/commands/version.go index 56cbe432f..48b894454 100644 --- a/internal/commands/version.go +++ b/internal/commands/version.go @@ -1,8 +1,6 @@ package commands import ( - "fmt" - "github.com/rs/zerolog/log" "github.com/spf13/cobra" "github.com/spf13/viper" @@ -19,11 +17,8 @@ func NewVersionCommand(version string, commitSHA string) *cobra.Command { Short: "Print the version", Args: cobra.NoArgs, RunE: func(cmd *cobra.Command, args []string) error { - if err := flags.Bind(cmd); err != nil { - return fmt.Errorf("flag bind error: %w", err) - } - logLevel := viper.GetString(flag.LogLevelFlag.ConfigName) + if viper.GetBool(flag.DebugFlag.ConfigName) { logLevel = flag.DebugLogLevel } @@ -47,6 +42,9 @@ func NewVersionCommand(version string, commitSHA string) *cobra.Command { cmd.SetUsageFunc(func(cmd *cobra.Command) error { return nil }) + flags.AddFlags(cmd) + flags.Bind(cmd) // nolint: errcheck + return cmd } diff --git a/internal/flag/flags.go b/internal/flag/flags.go deleted file mode 100644 index 02d20d554..000000000 --- a/internal/flag/flags.go +++ /dev/null @@ -1 +0,0 @@ -package flag diff --git a/internal/flag/options.go b/internal/flag/options.go index 42fb71539..000d3ba9b 100644 --- a/internal/flag/options.go +++ b/internal/flag/options.go @@ -18,7 +18,8 @@ import ( type Flags []flagtypes.FlagGroup -const envPrefix = "bearer" +var envPrefix = "bearer" +var boundFlags = set.New[*flagtypes.Flag]() var ErrInvalidScannerReportCombination = errors.New("invalid scanner argument; privacy report requires sast scanner") @@ -49,6 +50,10 @@ func addFlag(cmd *cobra.Command, flag *flagtypes.Flag) { } func BindViper(flag *flagtypes.Flag) error { + if !boundFlags.Add(flag) { + return nil + } + arguments := append( []string{ flag.ConfigName, diff --git a/scripts/gen-doc-yaml.go b/scripts/gen-doc-yaml.go index 2192989b5..18c1c7844 100644 --- a/scripts/gen-doc-yaml.go +++ b/scripts/gen-doc-yaml.go @@ -2,24 +2,69 @@ package main import ( "fmt" + "io" "os" "path/filepath" + "slices" + "sort" "strings" "github.com/bearer/bearer/cmd/bearer/build" "github.com/bearer/bearer/internal/commands" + "github.com/bearer/bearer/internal/flag" + flagtypes "github.com/bearer/bearer/internal/flag/types" + "github.com/bearer/bearer/internal/util/set" "github.com/spf13/cobra" - "github.com/spf13/cobra/doc" + "github.com/spf13/pflag" + "github.com/spf13/viper" + "gopkg.in/yaml.v3" ) +type cmdOption struct { + Name string + Shorthand string `yaml:",omitempty"` + DefaultValue string `yaml:"default_value,omitempty"` + Usage string `yaml:",omitempty"` + EnvironmentVariables []string `yaml:"environment_variables,omitempty"` +} + +type cmdDoc struct { + Name string + Synopsis string `yaml:",omitempty"` + Description string `yaml:",omitempty"` + Usage string `yaml:",omitempty"` + Options []cmdOption `yaml:",omitempty"` + InheritedOptions []cmdOption `yaml:"inherited_options,omitempty"` + Example string `yaml:",omitempty"` + SeeAlso []string `yaml:"see_also,omitempty"` + Aliases []string `yaml:"aliases,omitempty"` +} + +var AllFlags = []*flagtypes.Flag{} +var envVars = viper.AllEnvVar() + func main() { + AllFlags = append(AllFlags, flag.GeneralFlagGroup.Flags()...) + AllFlags = append(AllFlags, flag.IgnoreAddFlagGroup.Flags()...) + AllFlags = append(AllFlags, flag.IgnoreMigrateFlagGroup.Flags()...) + AllFlags = append(AllFlags, flag.IgnoreShowFlagGroup.Flags()...) + AllFlags = append(AllFlags, flag.ReportFlagGroup.Flags()...) + AllFlags = append(AllFlags, flag.RepositoryFlagGroup.Flags()...) + AllFlags = append(AllFlags, flag.RuleFlagGroup.Flags()...) + AllFlags = append(AllFlags, flag.ScanFlagGroup.Flags()...) + AllFlags = append(AllFlags, flag.WorkerFlagGroup.Flags()...) + dir := "./docs/_data" if _, err := os.Stat(dir); err != nil { fmt.Printf("Error: %v\n", err) os.Exit(1) } - err := writeDocs(commands.NewApp(build.Version, build.CommitSHA), dir) + cmd := commands.NewApp(build.Version, build.CommitSHA) + err := writeDocs( + cmd, + dir, + ) if err != nil { fmt.Printf("Error: %v\n", err) @@ -61,16 +106,162 @@ func writeDocs(cmd *cobra.Command, dir string) error { defer f.Close() // given the file - err = doc.GenYaml(cmd, f) - if err != nil { - return err + err = GenYaml(cmd, f) + + return err +} + +func GenYaml(cmd *cobra.Command, w io.Writer) error { + return GenYamlCustom(cmd, w, func(s string) string { return s }) +} + +func GenYamlCustom(cmd *cobra.Command, w io.Writer, linkHandler func(string) string) error { + cmd.InitDefaultHelpCmd() + cmd.InitDefaultHelpFlag() + + yamlDoc := cmdDoc{} + yamlDoc.Name = cmd.CommandPath() + yamlDoc.Synopsis = forceMultiLine(cmd.Short) + yamlDoc.Description = forceMultiLine(cmd.Long) + + if cmd.Runnable() { + yamlDoc.Usage = cmd.UseLine() } - // add aliases - aliases := fmt.Sprintf("aliases: %s\n", strings.Join(cmd.Aliases, ", ")) + if len(cmd.Example) > 0 { + yamlDoc.Example = cmd.Example + } - if _, err := f.WriteString(aliases); err != nil { + flags := cmd.NonInheritedFlags() + if flags.HasFlags() { + yamlDoc.Options = genFlagResult(flags) + } + flags = cmd.InheritedFlags() + if flags.HasFlags() { + yamlDoc.InheritedOptions = genFlagResult(flags) + } + + if hasSeeAlso(cmd) { + result := []string{} + if cmd.HasParent() { + parent := cmd.Parent() + result = append(result, parent.CommandPath()+" - "+parent.Short) + } + children := cmd.Commands() + sort.Sort(byName(children)) + for _, child := range children { + if !child.IsAvailableCommand() || child.IsAdditionalHelpTopicCommand() { + continue + } + result = append(result, child.CommandPath()+" - "+child.Short) + } + yamlDoc.SeeAlso = result + } + + yamlDoc.Aliases = cmd.Aliases + + final, err := yaml.Marshal(&yamlDoc) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + + if _, err := w.Write(final); err != nil { return err } return nil } + +func searchAppFlag(flag *pflag.Flag) *flagtypes.Flag { + var foundFlag *flagtypes.Flag + for _, f := range AllFlags { + if f.Name == flag.Name { + foundFlag = f + break + } + } + + return foundFlag +} + +func lookupEnvVariables(flag *pflag.Flag, otherFlag *flagtypes.Flag) []string { + var vars []string + + if otherFlag == nil { + vars = envVars[flag.Name] + } else { + vars = envVars[otherFlag.ConfigName] + } + + return removeDup(vars) +} + +func removeDup(vars []string) []string { + unique := set.New[string]() + unique.AddAll(vars) + + sorted := unique.Items() + slices.Sort(sorted) + + return sorted +} + +func genFlagResult(flags *pflag.FlagSet) []cmdOption { + var result []cmdOption + + flags.VisitAll(func(flag *pflag.Flag) { + appFlag := searchAppFlag(flag) + environmentVariables := lookupEnvVariables(flag, appFlag) + + if appFlag != nil && appFlag.Hide { + return + } + + if !(len(flag.ShorthandDeprecated) > 0) && len(flag.Shorthand) > 0 { + opt := cmdOption{ + flag.Name, + flag.Shorthand, + flag.DefValue, + forceMultiLine(flag.Usage), + environmentVariables, + } + result = append(result, opt) + } else { + opt := cmdOption{ + Name: flag.Name, + DefaultValue: forceMultiLine(flag.DefValue), + Usage: forceMultiLine(flag.Usage), + EnvironmentVariables: environmentVariables, + } + result = append(result, opt) + } + }) + + return result +} + +func forceMultiLine(s string) string { + if len(s) > 60 && !strings.Contains(s, "\n") { + s = s + "\n" + } + return s +} + +func hasSeeAlso(cmd *cobra.Command) bool { + if cmd.HasParent() { + return true + } + for _, c := range cmd.Commands() { + if !c.IsAvailableCommand() || c.IsAdditionalHelpTopicCommand() { + continue + } + return true + } + return false +} + +type byName []*cobra.Command + +func (s byName) Len() int { return len(s) } +func (s byName) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s byName) Less(i, j int) bool { return s[i].Name() < s[j].Name() } From e6d9e1e7ad8fdf12ab200d24af0096ebb936419a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Fabianski?= Date: Thu, 21 Dec 2023 10:00:21 +0100 Subject: [PATCH 2/7] fix: linter --- docs/_data/bearer.yaml | 18 +- docs/_data/bearer_completion.yaml | 10 +- docs/_data/bearer_ignore_add.yaml | 114 +++++----- docs/_data/bearer_ignore_migrate.yaml | 84 +++---- docs/_data/bearer_ignore_pull.yaml | 74 +++--- docs/_data/bearer_ignore_remove.yaml | 74 +++--- docs/_data/bearer_ignore_show.yaml | 84 +++---- docs/_data/bearer_init.yaml | 10 +- docs/_data/bearer_scan.yaml | 316 +++++++++++++------------- docs/_data/bearer_version.yaml | 70 +++--- 10 files changed, 427 insertions(+), 427 deletions(-) diff --git a/docs/_data/bearer.yaml b/docs/_data/bearer.yaml index b7677b684..079ccb7e6 100644 --- a/docs/_data/bearer.yaml +++ b/docs/_data/bearer.yaml @@ -1,12 +1,12 @@ name: bearer options: - - name: help - shorthand: h - default_value: "false" - usage: help for bearer + - name: help + shorthand: h + default_value: "false" + usage: help for bearer see_also: - - bearer completion - Generate the autocompletion script for the your shell. - - bearer ignore - Manage ignored fingerprints - - bearer init - Generates a default config to `bearer.yml` - - bearer scan - Scan a directory or file - - bearer version - Print the version + - bearer completion - Generate the autocompletion script for the your shell. + - bearer ignore - Manage ignored fingerprints + - bearer init - Generates a default config to `bearer.yml` + - bearer scan - Scan a directory or file + - bearer version - Print the version diff --git a/docs/_data/bearer_completion.yaml b/docs/_data/bearer_completion.yaml index 35dad9449..30de193b9 100644 --- a/docs/_data/bearer_completion.yaml +++ b/docs/_data/bearer_completion.yaml @@ -2,9 +2,9 @@ name: bearer completion synopsis: Generate the autocompletion script for the your shell. usage: bearer completion [command] options: - - name: help - shorthand: h - default_value: "false" - usage: help for completion + - name: help + shorthand: h + default_value: "false" + usage: help for completion see_also: - - 'bearer - ' + - "bearer - " diff --git a/docs/_data/bearer_ignore_add.yaml b/docs/_data/bearer_ignore_add.yaml index 953cb67b1..48bc25e9c 100644 --- a/docs/_data/bearer_ignore_add.yaml +++ b/docs/_data/bearer_ignore_add.yaml @@ -2,62 +2,62 @@ name: bearer ignore add synopsis: Add an ignored fingerprint usage: bearer ignore add [flags] options: - - name: author - shorthand: a - usage: | - Add author information to this ignored finding. (default output of "git config user.name") - environment_variables: - - BEARER_AUTHOR - - name: comment - usage: Add a comment to this ignored finding. - environment_variables: - - BEARER_COMMENT - - name: config-file - default_value: bearer.yml - usage: Load configuration from the specified path. - environment_variables: - - BEARER_CONFIG_FILE - - name: debug - default_value: "false" - usage: Enable debug logs. Equivalent to --log-level=debug - environment_variables: - - BEARER_DEBUG - - name: disable-version-check - default_value: "false" - usage: Disable Bearer version checking - environment_variables: - - BEARER_DISABLE_VERSION_CHECK - - name: false-positive - default_value: "false" - usage: Mark an this ignored finding as false positive. - environment_variables: - - BEARER_FALSE_POSITIVE - - name: force - default_value: "false" - usage: Overwrite an existing ignored finding. - environment_variables: - - BEARER_FORCE - - name: help - shorthand: h - default_value: "false" - usage: help for add - - name: ignore-file - default_value: bearer.ignore - usage: Load ignore file from the specified path. - environment_variables: - - BEARER_IGNORE_FILE - - name: log-level - default_value: info - usage: Set log level (error, info, debug, trace) - environment_variables: - - BEARER_LOG_LEVEL - - name: no-color - default_value: "false" - usage: Disable color in output - environment_variables: - - BEARER_NO_COLOR + - name: author + shorthand: a + usage: | + Add author information to this ignored finding. (default output of "git config user.name") + environment_variables: + - BEARER_AUTHOR + - name: comment + usage: Add a comment to this ignored finding. + environment_variables: + - BEARER_COMMENT + - name: config-file + default_value: bearer.yml + usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE + - name: debug + default_value: "false" + usage: Enable debug logs. Equivalent to --log-level=debug + environment_variables: + - BEARER_DEBUG + - name: disable-version-check + default_value: "false" + usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK + - name: false-positive + default_value: "false" + usage: Mark an this ignored finding as false positive. + environment_variables: + - BEARER_FALSE_POSITIVE + - name: force + default_value: "false" + usage: Overwrite an existing ignored finding. + environment_variables: + - BEARER_FORCE + - name: help + shorthand: h + default_value: "false" + usage: help for add + - name: ignore-file + default_value: bearer.ignore + usage: Load ignore file from the specified path. + environment_variables: + - BEARER_IGNORE_FILE + - name: log-level + default_value: info + usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL + - name: no-color + default_value: "false" + usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- - # Add an ignored fingerprint to your ignore file - $ bearer ignore add --author Mish --comment "Possible false positive" + # Add an ignored fingerprint to your ignore file + $ bearer ignore add --author Mish --comment "Possible false positive" see_also: - - bearer ignore - Manage ignored fingerprints + - bearer ignore - Manage ignored fingerprints diff --git a/docs/_data/bearer_ignore_migrate.yaml b/docs/_data/bearer_ignore_migrate.yaml index 1520235f6..b7d40ab79 100644 --- a/docs/_data/bearer_ignore_migrate.yaml +++ b/docs/_data/bearer_ignore_migrate.yaml @@ -2,47 +2,47 @@ name: bearer ignore migrate synopsis: Migrate ignored fingerprints from bearer.yml to ignore file usage: bearer ignore migrate [flags] options: - - name: config-file - default_value: bearer.yml - usage: Load configuration from the specified path. - environment_variables: - - BEARER_CONFIG_FILE - - name: debug - default_value: "false" - usage: Enable debug logs. Equivalent to --log-level=debug - environment_variables: - - BEARER_DEBUG - - name: disable-version-check - default_value: "false" - usage: Disable Bearer version checking - environment_variables: - - BEARER_DISABLE_VERSION_CHECK - - name: force - default_value: "false" - usage: Overwrite an existing ignored finding. - environment_variables: - - BEARER_FORCE - - name: help - shorthand: h - default_value: "false" - usage: help for migrate - - name: ignore-file - default_value: bearer.ignore - usage: Load ignore file from the specified path. - environment_variables: - - BEARER_IGNORE_FILE - - name: log-level - default_value: info - usage: Set log level (error, info, debug, trace) - environment_variables: - - BEARER_LOG_LEVEL - - name: no-color - default_value: "false" - usage: Disable color in output - environment_variables: - - BEARER_NO_COLOR + - name: config-file + default_value: bearer.yml + usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE + - name: debug + default_value: "false" + usage: Enable debug logs. Equivalent to --log-level=debug + environment_variables: + - BEARER_DEBUG + - name: disable-version-check + default_value: "false" + usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK + - name: force + default_value: "false" + usage: Overwrite an existing ignored finding. + environment_variables: + - BEARER_FORCE + - name: help + shorthand: h + default_value: "false" + usage: help for migrate + - name: ignore-file + default_value: bearer.ignore + usage: Load ignore file from the specified path. + environment_variables: + - BEARER_IGNORE_FILE + - name: log-level + default_value: info + usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL + - name: no-color + default_value: "false" + usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- - # Migrate existing ignored (excluded) fingerprints from bearer.yml file to ignore file - $ bearer ignore migrate + # Migrate existing ignored (excluded) fingerprints from bearer.yml file to ignore file + $ bearer ignore migrate see_also: - - bearer ignore - Manage ignored fingerprints + - bearer ignore - Manage ignored fingerprints diff --git a/docs/_data/bearer_ignore_pull.yaml b/docs/_data/bearer_ignore_pull.yaml index 3c2890480..42e16af03 100644 --- a/docs/_data/bearer_ignore_pull.yaml +++ b/docs/_data/bearer_ignore_pull.yaml @@ -2,42 +2,42 @@ name: bearer ignore pull synopsis: Pull ignored fingerprints from Cloud usage: bearer ignore pull [flags] options: - - name: config-file - default_value: bearer.yml - usage: Load configuration from the specified path. - environment_variables: - - BEARER_CONFIG_FILE - - name: debug - default_value: "false" - usage: Enable debug logs. Equivalent to --log-level=debug - environment_variables: - - BEARER_DEBUG - - name: disable-version-check - default_value: "false" - usage: Disable Bearer version checking - environment_variables: - - BEARER_DISABLE_VERSION_CHECK - - name: help - shorthand: h - default_value: "false" - usage: help for pull - - name: ignore-file - default_value: bearer.ignore - usage: Load ignore file from the specified path. - environment_variables: - - BEARER_IGNORE_FILE - - name: log-level - default_value: info - usage: Set log level (error, info, debug, trace) - environment_variables: - - BEARER_LOG_LEVEL - - name: no-color - default_value: "false" - usage: Disable color in output - environment_variables: - - BEARER_NO_COLOR + - name: config-file + default_value: bearer.yml + usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE + - name: debug + default_value: "false" + usage: Enable debug logs. Equivalent to --log-level=debug + environment_variables: + - BEARER_DEBUG + - name: disable-version-check + default_value: "false" + usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK + - name: help + shorthand: h + default_value: "false" + usage: help for pull + - name: ignore-file + default_value: bearer.ignore + usage: Load ignore file from the specified path. + environment_variables: + - BEARER_IGNORE_FILE + - name: log-level + default_value: info + usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL + - name: no-color + default_value: "false" + usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- - # Pull ignored fingerprints from the Cloud (requires API key) - $ bearer ignore pull /path/to/your_project --api-key=XXXXX + # Pull ignored fingerprints from the Cloud (requires API key) + $ bearer ignore pull /path/to/your_project --api-key=XXXXX see_also: - - bearer ignore - Manage ignored fingerprints + - bearer ignore - Manage ignored fingerprints diff --git a/docs/_data/bearer_ignore_remove.yaml b/docs/_data/bearer_ignore_remove.yaml index 325f9defc..d500b8729 100644 --- a/docs/_data/bearer_ignore_remove.yaml +++ b/docs/_data/bearer_ignore_remove.yaml @@ -2,42 +2,42 @@ name: bearer ignore remove synopsis: Remove an ignored fingerprint usage: bearer ignore remove [flags] options: - - name: config-file - default_value: bearer.yml - usage: Load configuration from the specified path. - environment_variables: - - BEARER_CONFIG_FILE - - name: debug - default_value: "false" - usage: Enable debug logs. Equivalent to --log-level=debug - environment_variables: - - BEARER_DEBUG - - name: disable-version-check - default_value: "false" - usage: Disable Bearer version checking - environment_variables: - - BEARER_DISABLE_VERSION_CHECK - - name: help - shorthand: h - default_value: "false" - usage: help for remove - - name: ignore-file - default_value: bearer.ignore - usage: Load ignore file from the specified path. - environment_variables: - - BEARER_IGNORE_FILE - - name: log-level - default_value: info - usage: Set log level (error, info, debug, trace) - environment_variables: - - BEARER_LOG_LEVEL - - name: no-color - default_value: "false" - usage: Disable color in output - environment_variables: - - BEARER_NO_COLOR + - name: config-file + default_value: bearer.yml + usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE + - name: debug + default_value: "false" + usage: Enable debug logs. Equivalent to --log-level=debug + environment_variables: + - BEARER_DEBUG + - name: disable-version-check + default_value: "false" + usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK + - name: help + shorthand: h + default_value: "false" + usage: help for remove + - name: ignore-file + default_value: bearer.ignore + usage: Load ignore file from the specified path. + environment_variables: + - BEARER_IGNORE_FILE + - name: log-level + default_value: info + usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL + - name: no-color + default_value: "false" + usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- - # Remove an ignored fingerprint from your ignore file - $ bearer ignore remove + # Remove an ignored fingerprint from your ignore file + $ bearer ignore remove see_also: - - bearer ignore - Manage ignored fingerprints + - bearer ignore - Manage ignored fingerprints diff --git a/docs/_data/bearer_ignore_show.yaml b/docs/_data/bearer_ignore_show.yaml index 88484b0fd..4b7b00b58 100644 --- a/docs/_data/bearer_ignore_show.yaml +++ b/docs/_data/bearer_ignore_show.yaml @@ -2,47 +2,47 @@ name: bearer ignore show synopsis: Show an ignored fingerprint usage: bearer ignore show [flags] options: - - name: all - default_value: "false" - usage: Show all ignored fingerprints. - environment_variables: - - BEARER_ALL - - name: config-file - default_value: bearer.yml - usage: Load configuration from the specified path. - environment_variables: - - BEARER_CONFIG_FILE - - name: debug - default_value: "false" - usage: Enable debug logs. Equivalent to --log-level=debug - environment_variables: - - BEARER_DEBUG - - name: disable-version-check - default_value: "false" - usage: Disable Bearer version checking - environment_variables: - - BEARER_DISABLE_VERSION_CHECK - - name: help - shorthand: h - default_value: "false" - usage: help for show - - name: ignore-file - default_value: bearer.ignore - usage: Load ignore file from the specified path. - environment_variables: - - BEARER_IGNORE_FILE - - name: log-level - default_value: info - usage: Set log level (error, info, debug, trace) - environment_variables: - - BEARER_LOG_LEVEL - - name: no-color - default_value: "false" - usage: Disable color in output - environment_variables: - - BEARER_NO_COLOR + - name: all + default_value: "false" + usage: Show all ignored fingerprints. + environment_variables: + - BEARER_ALL + - name: config-file + default_value: bearer.yml + usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE + - name: debug + default_value: "false" + usage: Enable debug logs. Equivalent to --log-level=debug + environment_variables: + - BEARER_DEBUG + - name: disable-version-check + default_value: "false" + usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK + - name: help + shorthand: h + default_value: "false" + usage: help for show + - name: ignore-file + default_value: bearer.ignore + usage: Load ignore file from the specified path. + environment_variables: + - BEARER_IGNORE_FILE + - name: log-level + default_value: info + usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL + - name: no-color + default_value: "false" + usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR example: |- - # Show the details of an ignored fingerprint from your ignore file - $ bearer ignore show + # Show the details of an ignored fingerprint from your ignore file + $ bearer ignore show see_also: - - bearer ignore - Manage ignored fingerprints + - bearer ignore - Manage ignored fingerprints diff --git a/docs/_data/bearer_init.yaml b/docs/_data/bearer_init.yaml index ebe0fcd3d..02ff253d6 100644 --- a/docs/_data/bearer_init.yaml +++ b/docs/_data/bearer_init.yaml @@ -2,9 +2,9 @@ name: bearer init synopsis: Generates a default config to `bearer.yml` usage: bearer init [flags] options: - - name: help - shorthand: h - default_value: "false" - usage: help for init + - name: help + shorthand: h + default_value: "false" + usage: help for init see_also: - - 'bearer - ' + - "bearer - " diff --git a/docs/_data/bearer_scan.yaml b/docs/_data/bearer_scan.yaml index f331f7e74..f587b2a47 100644 --- a/docs/_data/bearer_scan.yaml +++ b/docs/_data/bearer_scan.yaml @@ -2,166 +2,166 @@ name: bearer scan synopsis: Scan a directory or file usage: bearer scan [flags] options: - - name: config-file - default_value: bearer.yml - usage: Load configuration from the specified path. - environment_variables: - - BEARER_CONFIG_FILE - - name: context - usage: | - Expand context of schema classification e.g., --context=health, to include data types particular to health - environment_variables: - - BEARER_CONTEXT - - name: data-subject-mapping - usage: | - Override default data subject mapping by providing a path to a custom mapping JSON file - environment_variables: - - BEARER_DATA_SUBJECT_MAPPING - - name: debug - default_value: "false" - usage: Enable debug logs. Equivalent to --log-level=debug - environment_variables: - - BEARER_DEBUG - - name: diff - default_value: "false" - usage: | - Only report differences in findings relative to a base branch. - environment_variables: - - BEARER_DIFF - - name: disable-default-rules - default_value: "false" - usage: Disables all default and built-in rules. - environment_variables: - - BEARER_DISABLE_DEFAULT_RULES - - name: disable-domain-resolution - default_value: "true" - usage: | - Do not attempt to resolve detected domains during classification - environment_variables: - - BEARER_DISABLE_DOMAIN_RESOLUTION - - name: disable-version-check - default_value: "false" - usage: Disable Bearer version checking - environment_variables: - - BEARER_DISABLE_VERSION_CHECK - - name: domain-resolution-timeout - default_value: 3s - usage: | - Set timeout when attempting to resolve detected domains during classification, e.g. --domain-resolution-timeout=3s - environment_variables: - - BEARER_DOMAIN_RESOLUTION_TIMEOUT - - name: exit-code - default_value: "-1" - usage: | - Force a given exit code for the scan command. Set this to 0 (success) to always return a success exit code despite any findings from the scan. - environment_variables: - - BEARER_EXIT_CODE - - name: external-rule-dir - default_value: '[]' - usage: | - Specify directories paths that contain .yaml files with external rules configuration - environment_variables: - - BEARER_EXTERNAL_RULE_DIR - - name: fail-on-severity - default_value: critical,high,medium,low - usage: | - Specify which severities cause the report to fail. Works in conjunction with --exit-code. - environment_variables: - - BEARER_FAIL_ON_SEVERITY - - name: force - default_value: "false" - usage: Disable the cache and runs the detections again - environment_variables: - - BEARER_FORCE - - name: format - shorthand: f - usage: | - Specify report format (json, yaml, sarif, gitlab-sast, rdjson, html) - environment_variables: - - BEARER_FORMAT - - name: help - shorthand: h - default_value: "false" - usage: help for scan - - name: hide-progress-bar - default_value: "false" - usage: Hide progress bar from output - environment_variables: - - BEARER_HIDE_PROGRESS_BAR - - name: ignore-file - default_value: bearer.ignore - usage: Load ignore file from the specified path. - environment_variables: - - BEARER_IGNORE_FILE - - name: internal-domains - default_value: '[]' - usage: | - Define regular expressions for better classification of private or unreachable domains e.g. --internal-domains=".*.my-company.com,private.sh" - environment_variables: - - BEARER_INTERNAL_DOMAINS - - name: log-level - default_value: info - usage: Set log level (error, info, debug, trace) - environment_variables: - - BEARER_LOG_LEVEL - - name: no-color - default_value: "false" - usage: Disable color in output - environment_variables: - - BEARER_NO_COLOR - - name: only-rule - default_value: '[]' - usage: | - Specify the comma-separated ids of the rules you would like to run. Skips all other rules. - environment_variables: - - BEARER_ONLY_RULE - - name: output - usage: Specify the output path for the report. - environment_variables: - - BEARER_OUTPUT - - name: parallel - default_value: "0" - usage: Specify the amount of parallelism to use during the scan - environment_variables: - - BEARER_PARALLEL - - name: quiet - default_value: "false" - usage: Suppress non-essential messages - environment_variables: - - BEARER_QUIET - - name: report - default_value: security - usage: Specify the type of report (security, privacy, dataflow). - environment_variables: - - BEARER_REPORT - - name: scanner - default_value: '[sast]' - usage: | - Specify which scanner to use e.g. --scanner=secrets, --scanner=secrets,sast - environment_variables: - - BEARER_SCANNER - - SCANNER - - name: severity - default_value: critical,high,medium,low,warning - usage: Specify which severities are included in the report. - environment_variables: - - BEARER_SEVERITY - - name: skip-path - default_value: '[]' - usage: | - Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql - environment_variables: - - BEARER_SKIP_PATH - - name: skip-rule - default_value: '[]' - usage: | - Specify the comma-separated ids of the rules you would like to skip. Runs all other rules. - environment_variables: - - BEARER_SKIP_RULE + - name: config-file + default_value: bearer.yml + usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE + - name: context + usage: | + Expand context of schema classification e.g., --context=health, to include data types particular to health + environment_variables: + - BEARER_CONTEXT + - name: data-subject-mapping + usage: | + Override default data subject mapping by providing a path to a custom mapping JSON file + environment_variables: + - BEARER_DATA_SUBJECT_MAPPING + - name: debug + default_value: "false" + usage: Enable debug logs. Equivalent to --log-level=debug + environment_variables: + - BEARER_DEBUG + - name: diff + default_value: "false" + usage: | + Only report differences in findings relative to a base branch. + environment_variables: + - BEARER_DIFF + - name: disable-default-rules + default_value: "false" + usage: Disables all default and built-in rules. + environment_variables: + - BEARER_DISABLE_DEFAULT_RULES + - name: disable-domain-resolution + default_value: "true" + usage: | + Do not attempt to resolve detected domains during classification + environment_variables: + - BEARER_DISABLE_DOMAIN_RESOLUTION + - name: disable-version-check + default_value: "false" + usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK + - name: domain-resolution-timeout + default_value: 3s + usage: | + Set timeout when attempting to resolve detected domains during classification, e.g. --domain-resolution-timeout=3s + environment_variables: + - BEARER_DOMAIN_RESOLUTION_TIMEOUT + - name: exit-code + default_value: "-1" + usage: | + Force a given exit code for the scan command. Set this to 0 (success) to always return a success exit code despite any findings from the scan. + environment_variables: + - BEARER_EXIT_CODE + - name: external-rule-dir + default_value: "[]" + usage: | + Specify directories paths that contain .yaml files with external rules configuration + environment_variables: + - BEARER_EXTERNAL_RULE_DIR + - name: fail-on-severity + default_value: critical,high,medium,low + usage: | + Specify which severities cause the report to fail. Works in conjunction with --exit-code. + environment_variables: + - BEARER_FAIL_ON_SEVERITY + - name: force + default_value: "false" + usage: Disable the cache and runs the detections again + environment_variables: + - BEARER_FORCE + - name: format + shorthand: f + usage: | + Specify report format (json, yaml, sarif, gitlab-sast, rdjson, html) + environment_variables: + - BEARER_FORMAT + - name: help + shorthand: h + default_value: "false" + usage: help for scan + - name: hide-progress-bar + default_value: "false" + usage: Hide progress bar from output + environment_variables: + - BEARER_HIDE_PROGRESS_BAR + - name: ignore-file + default_value: bearer.ignore + usage: Load ignore file from the specified path. + environment_variables: + - BEARER_IGNORE_FILE + - name: internal-domains + default_value: "[]" + usage: | + Define regular expressions for better classification of private or unreachable domains e.g. --internal-domains=".*.my-company.com,private.sh" + environment_variables: + - BEARER_INTERNAL_DOMAINS + - name: log-level + default_value: info + usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL + - name: no-color + default_value: "false" + usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR + - name: only-rule + default_value: "[]" + usage: | + Specify the comma-separated ids of the rules you would like to run. Skips all other rules. + environment_variables: + - BEARER_ONLY_RULE + - name: output + usage: Specify the output path for the report. + environment_variables: + - BEARER_OUTPUT + - name: parallel + default_value: "0" + usage: Specify the amount of parallelism to use during the scan + environment_variables: + - BEARER_PARALLEL + - name: quiet + default_value: "false" + usage: Suppress non-essential messages + environment_variables: + - BEARER_QUIET + - name: report + default_value: security + usage: Specify the type of report (security, privacy, dataflow). + environment_variables: + - BEARER_REPORT + - name: scanner + default_value: "[sast]" + usage: | + Specify which scanner to use e.g. --scanner=secrets, --scanner=secrets,sast + environment_variables: + - BEARER_SCANNER + - SCANNER + - name: severity + default_value: critical,high,medium,low,warning + usage: Specify which severities are included in the report. + environment_variables: + - BEARER_SEVERITY + - name: skip-path + default_value: "[]" + usage: | + Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql + environment_variables: + - BEARER_SKIP_PATH + - name: skip-rule + default_value: "[]" + usage: | + Specify the comma-separated ids of the rules you would like to skip. Runs all other rules. + environment_variables: + - BEARER_SKIP_RULE example: |4- # Scan a local project, including language-specific files $ bearer scan /path/to/your_project see_also: - - 'bearer - ' + - "bearer - " aliases: - - s + - s diff --git a/docs/_data/bearer_version.yaml b/docs/_data/bearer_version.yaml index 5d73f48e6..1bdbe9795 100644 --- a/docs/_data/bearer_version.yaml +++ b/docs/_data/bearer_version.yaml @@ -2,39 +2,39 @@ name: bearer version synopsis: Print the version usage: bearer version [flags] options: - - name: config-file - default_value: bearer.yml - usage: Load configuration from the specified path. - environment_variables: - - BEARER_CONFIG_FILE - - name: debug - default_value: "false" - usage: Enable debug logs. Equivalent to --log-level=debug - environment_variables: - - BEARER_DEBUG - - name: disable-version-check - default_value: "false" - usage: Disable Bearer version checking - environment_variables: - - BEARER_DISABLE_VERSION_CHECK - - name: help - shorthand: h - default_value: "false" - usage: help for version - - name: ignore-file - default_value: bearer.ignore - usage: Load ignore file from the specified path. - environment_variables: - - BEARER_IGNORE_FILE - - name: log-level - default_value: info - usage: Set log level (error, info, debug, trace) - environment_variables: - - BEARER_LOG_LEVEL - - name: no-color - default_value: "false" - usage: Disable color in output - environment_variables: - - BEARER_NO_COLOR + - name: config-file + default_value: bearer.yml + usage: Load configuration from the specified path. + environment_variables: + - BEARER_CONFIG_FILE + - name: debug + default_value: "false" + usage: Enable debug logs. Equivalent to --log-level=debug + environment_variables: + - BEARER_DEBUG + - name: disable-version-check + default_value: "false" + usage: Disable Bearer version checking + environment_variables: + - BEARER_DISABLE_VERSION_CHECK + - name: help + shorthand: h + default_value: "false" + usage: help for version + - name: ignore-file + default_value: bearer.ignore + usage: Load ignore file from the specified path. + environment_variables: + - BEARER_IGNORE_FILE + - name: log-level + default_value: info + usage: Set log level (error, info, debug, trace) + environment_variables: + - BEARER_LOG_LEVEL + - name: no-color + default_value: "false" + usage: Disable color in output + environment_variables: + - BEARER_NO_COLOR see_also: - - 'bearer - ' + - "bearer - " From 3caee3a93e106949c488fd5676f7156edeb14f21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Fabianski?= Date: Thu, 21 Dec 2023 10:24:21 +0100 Subject: [PATCH 3/7] refactor: move logic to doc gen --- go.mod | 4 +-- go.sum | 4 +-- internal/commands/ignore.go | 41 ++++++++++++++++++++++---- internal/commands/processing_worker.go | 8 ++++- internal/commands/scan.go | 8 ++++- internal/commands/version.go | 10 ++++++- internal/flag/options.go | 6 ---- internal/flag/test_helper.go | 4 +++ scripts/gen-doc-yaml.go | 40 +++++++++++++++++-------- 9 files changed, 94 insertions(+), 31 deletions(-) diff --git a/go.mod b/go.mod index f704ea3cf..8d3c122ed 100644 --- a/go.mod +++ b/go.mod @@ -123,8 +123,8 @@ require ( golang.org/x/sys v0.15.0 // indirect golang.org/x/text v0.14.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect - gopkg.in/yaml.v2 v2.4.0 + gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 ) -replace github.com/spf13/viper => github.com/cfabianski/viper v1.15.1-0.20231220102258-f9bd0ace5732 +replace github.com/spf13/viper => github.com/cfabianski/viper v1.15.1-0.20231221085120-53a0f7864cd6 diff --git a/go.sum b/go.sum index f3c6a024e..6ec9805ae 100644 --- a/go.sum +++ b/go.sum @@ -27,8 +27,8 @@ github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cfabianski/viper v1.15.1-0.20231220102258-f9bd0ace5732 h1:ZZPf01vbtU+72beKrkFH+oM6pEoMjaJ1QbUTPbuM9R4= -github.com/cfabianski/viper v1.15.1-0.20231220102258-f9bd0ace5732/go.mod h1:ViOjWl6F2V3JRTuQU+T8ioJOUDoYu07nbAfFtiMlXzY= +github.com/cfabianski/viper v1.15.1-0.20231221085120-53a0f7864cd6 h1:HW9hLBTXvVxHrqSgnRsknxVlJfh7IUyxUGv7lmOa4rY= +github.com/cfabianski/viper v1.15.1-0.20231221085120-53a0f7864cd6/go.mod h1:ViOjWl6F2V3JRTuQU+T8ioJOUDoYu07nbAfFtiMlXzY= github.com/charmbracelet/lipgloss v0.6.0 h1:1StyZB9vBSOyuZxQUcUwGr17JmojPNm87inij9N3wJY= github.com/charmbracelet/lipgloss v0.6.0/go.mod h1:tHh2wr34xcHjC2HCXIlGSG1jaDF0S0atAUvBMP6Ppuk= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= diff --git a/internal/commands/ignore.go b/internal/commands/ignore.go index 7ba8b0492..ff6c21055 100644 --- a/internal/commands/ignore.go +++ b/internal/commands/ignore.go @@ -80,6 +80,13 @@ func newIgnoreShowCommand() *cobra.Command { Short: "Show an ignored fingerprint", Example: `# Show the details of an ignored fingerprint from your ignore file $ bearer ignore show `, + PreRunE: func(cmd *cobra.Command, args []string) error { + if err := IgnoreShowFlags.Bind(cmd); err != nil { + return fmt.Errorf("flag bind error: %w", err) + } + + return nil + }, RunE: func(cmd *cobra.Command, args []string) error { setLogLevel(cmd) @@ -135,7 +142,6 @@ $ bearer ignore show `, SilenceUsage: false, } IgnoreShowFlags.AddFlags(cmd) - IgnoreShowFlags.Bind(cmd) // nolint: errcheck cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, IgnoreShowFlags.Usages(cmd))) return cmd @@ -152,6 +158,13 @@ func newIgnoreAddCommand() *cobra.Command { Short: "Add an ignored fingerprint", Example: `# Add an ignored fingerprint to your ignore file $ bearer ignore add --author Mish --comment "Possible false positive"`, + PreRunE: func(cmd *cobra.Command, args []string) error { + if err := IgnoreShowFlags.Bind(cmd); err != nil { + return fmt.Errorf("flag bind error: %w", err) + } + + return nil + }, RunE: func(cmd *cobra.Command, args []string) error { if len(args) == 0 { return cmd.Help() @@ -233,7 +246,6 @@ $ bearer ignore add --author Mish --comment "Possible false positi SilenceUsage: false, } IgnoreShowFlags.AddFlags(cmd) - IgnoreShowFlags.Bind(cmd) // nolint: errcheck cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, IgnoreShowFlags.Usages(cmd))) return cmd @@ -247,6 +259,13 @@ func newIgnoreRemoveCommand() *cobra.Command { Short: "Remove an ignored fingerprint", Example: `# Remove an ignored fingerprint from your ignore file $ bearer ignore remove `, + PreRunE: func(cmd *cobra.Command, args []string) error { + if err := flags.Bind(cmd); err != nil { + return fmt.Errorf("flag bind error: %w", err) + } + + return nil + }, RunE: func(cmd *cobra.Command, args []string) error { if len(args) == 0 { return cmd.Help() @@ -290,7 +309,6 @@ $ bearer ignore remove `, } flags.AddFlags(cmd) - flags.Bind(cmd) // nolint: errcheck cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, flags.Usages(cmd))) return cmd @@ -304,6 +322,13 @@ func newIgnorePullCommand() *cobra.Command { Short: "Pull ignored fingerprints from Cloud", Example: `# Pull ignored fingerprints from the Cloud (requires API key) $ bearer ignore pull /path/to/your_project --api-key=XXXXX`, + PreRunE: func(cmd *cobra.Command, args []string) error { + if err := flags.Bind(cmd); err != nil { + return fmt.Errorf("flag bind error: %w", err) + } + + return nil + }, RunE: func(cmd *cobra.Command, args []string) error { setLogLevel(cmd) @@ -378,7 +403,6 @@ $ bearer ignore pull /path/to/your_project --api-key=XXXXX`, SilenceUsage: false, } flags.AddFlags(cmd) - flags.Bind(cmd) // nolint: errcheck cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, flags.Usages(cmd))) return cmd @@ -394,6 +418,13 @@ func newIgnoreMigrateCommand() *cobra.Command { Short: "Migrate ignored fingerprints from bearer.yml to ignore file", Example: `# Migrate existing ignored (excluded) fingerprints from bearer.yml file to ignore file $ bearer ignore migrate`, + PreRunE: func(cmd *cobra.Command, args []string) error { + if err := flags.Bind(cmd); err != nil { + return fmt.Errorf("flag bind error: %w", err) + } + + return nil + }, RunE: func(cmd *cobra.Command, args []string) error { setLogLevel(cmd) @@ -446,8 +477,8 @@ $ bearer ignore migrate`, SilenceErrors: false, SilenceUsage: false, } + flags.AddFlags(cmd) - flags.Bind(cmd) // nolint: errcheck cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, flags.Usages(cmd))) return cmd diff --git a/internal/commands/processing_worker.go b/internal/commands/processing_worker.go index d40874bab..4148395c0 100644 --- a/internal/commands/processing_worker.go +++ b/internal/commands/processing_worker.go @@ -19,6 +19,13 @@ func NewProcessingWorkerCommand() *cobra.Command { cmd := &cobra.Command{ Use: "processing-worker [flags] PATH", Short: "start scan processing server", + PreRunE: func(cmd *cobra.Command, args []string) error { + if err := flags.Bind(cmd); err != nil { + return fmt.Errorf("flag bind error: %w", err) + } + + return nil + }, RunE: func(cmd *cobra.Command, args []string) error { output.Setup(cmd, output.SetupRequest{ LogLevel: viper.GetString(flag.LogLevelFlag.ConfigName), @@ -50,7 +57,6 @@ func NewProcessingWorkerCommand() *cobra.Command { return err }) flags.AddFlags(cmd) - flags.Bind(cmd) // nolint: errcheck return cmd } diff --git a/internal/commands/scan.go b/internal/commands/scan.go index 7a42193b4..a0eff5d7c 100644 --- a/internal/commands/scan.go +++ b/internal/commands/scan.go @@ -45,6 +45,13 @@ func NewScanCommand() *cobra.Command { Short: "Scan a directory or file", Example: ` # Scan a local project, including language-specific files $ bearer scan /path/to/your_project`, + PreRunE: func(cmd *cobra.Command, args []string) error { + if err := ScanFlags.Bind(cmd); err != nil { + return fmt.Errorf("flag bind error: %w", err) + } + + return nil + }, RunE: func(cmd *cobra.Command, args []string) error { logLevel := viper.GetString(flag.LogLevelFlag.ConfigName) if viper.GetBool(flag.DebugFlag.ConfigName) { @@ -86,7 +93,6 @@ func NewScanCommand() *cobra.Command { } ScanFlags.AddFlags(cmd) - ScanFlags.Bind(cmd) // nolint:errcheck cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, ScanFlags.Usages(cmd))) return cmd diff --git a/internal/commands/version.go b/internal/commands/version.go index 48b894454..768ba8d97 100644 --- a/internal/commands/version.go +++ b/internal/commands/version.go @@ -1,6 +1,8 @@ package commands import ( + "fmt" + "github.com/rs/zerolog/log" "github.com/spf13/cobra" "github.com/spf13/viper" @@ -16,6 +18,13 @@ func NewVersionCommand(version string, commitSHA string) *cobra.Command { Use: "version", Short: "Print the version", Args: cobra.NoArgs, + PreRunE: func(cmd *cobra.Command, args []string) error { + if err := flags.Bind(cmd); err != nil { + return fmt.Errorf("flag bind error: %w", err) + } + + return nil + }, RunE: func(cmd *cobra.Command, args []string) error { logLevel := viper.GetString(flag.LogLevelFlag.ConfigName) @@ -44,7 +53,6 @@ func NewVersionCommand(version string, commitSHA string) *cobra.Command { }) flags.AddFlags(cmd) - flags.Bind(cmd) // nolint: errcheck return cmd } diff --git a/internal/flag/options.go b/internal/flag/options.go index 000d3ba9b..42f69fa39 100644 --- a/internal/flag/options.go +++ b/internal/flag/options.go @@ -19,8 +19,6 @@ import ( type Flags []flagtypes.FlagGroup var envPrefix = "bearer" -var boundFlags = set.New[*flagtypes.Flag]() - var ErrInvalidScannerReportCombination = errors.New("invalid scanner argument; privacy report requires sast scanner") type flagGroupBase struct { @@ -50,10 +48,6 @@ func addFlag(cmd *cobra.Command, flag *flagtypes.Flag) { } func BindViper(flag *flagtypes.Flag) error { - if !boundFlags.Add(flag) { - return nil - } - arguments := append( []string{ flag.ConfigName, diff --git a/internal/flag/test_helper.go b/internal/flag/test_helper.go index cb3fd8fc8..0bd11015f 100644 --- a/internal/flag/test_helper.go +++ b/internal/flag/test_helper.go @@ -1,6 +1,7 @@ package flag import ( + "fmt" "testing" flagtypes "github.com/bearer/bearer/internal/flag/types" @@ -34,6 +35,9 @@ func RunFlagTest(testCase TestCase, t *testing.T) { t.Setenv(testCase.env.key, testCase.env.value) } + fmt.Println(testCase.name) + fmt.Println("envVar", viper.AllEnvVar()) + sl := getStringSlice(testCase.flag) assert.Equal(t, testCase.want, sl) diff --git a/scripts/gen-doc-yaml.go b/scripts/gen-doc-yaml.go index 18c1c7844..6b5be06ab 100644 --- a/scripts/gen-doc-yaml.go +++ b/scripts/gen-doc-yaml.go @@ -40,19 +40,33 @@ type cmdDoc struct { Aliases []string `yaml:"aliases,omitempty"` } -var AllFlags = []*flagtypes.Flag{} -var envVars = viper.AllEnvVar() +var ( + AllFlags = []*flagtypes.Flag{} + EnvVars = viper.AllEnvVar() + AllGroups = []flagtypes.FlagGroup{ + flag.GeneralFlagGroup, + flag.IgnoreAddFlagGroup, + flag.IgnoreMigrateFlagGroup, + flag.IgnoreShowFlagGroup, + flag.ReportFlagGroup, + flag.RepositoryFlagGroup, + flag.RuleFlagGroup, + flag.ScanFlagGroup, + flag.WorkerFlagGroup, + } + boundFlags = set.New[*flagtypes.Flag]() +) func main() { - AllFlags = append(AllFlags, flag.GeneralFlagGroup.Flags()...) - AllFlags = append(AllFlags, flag.IgnoreAddFlagGroup.Flags()...) - AllFlags = append(AllFlags, flag.IgnoreMigrateFlagGroup.Flags()...) - AllFlags = append(AllFlags, flag.IgnoreShowFlagGroup.Flags()...) - AllFlags = append(AllFlags, flag.ReportFlagGroup.Flags()...) - AllFlags = append(AllFlags, flag.RepositoryFlagGroup.Flags()...) - AllFlags = append(AllFlags, flag.RuleFlagGroup.Flags()...) - AllFlags = append(AllFlags, flag.ScanFlagGroup.Flags()...) - AllFlags = append(AllFlags, flag.WorkerFlagGroup.Flags()...) + for _, group := range AllGroups { + AllFlags = append(AllFlags, group.Flags()...) + } + + for _, f := range AllFlags { + if boundFlags.Add(f) { + flag.BindViper(f) // nolint: errcheck + } + } dir := "./docs/_data" if _, err := os.Stat(dir); err != nil { @@ -188,9 +202,9 @@ func lookupEnvVariables(flag *pflag.Flag, otherFlag *flagtypes.Flag) []string { var vars []string if otherFlag == nil { - vars = envVars[flag.Name] + vars = EnvVars[flag.Name] } else { - vars = envVars[otherFlag.ConfigName] + vars = EnvVars[otherFlag.ConfigName] } return removeDup(vars) From 785ed46c6a4498543c787fc0415038757aa1ac07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Fabianski?= Date: Thu, 21 Dec 2023 10:34:27 +0100 Subject: [PATCH 4/7] fix: make api key visible --- docs/_data/bearer_ignore_add.yaml | 4 ++++ docs/_data/bearer_ignore_migrate.yaml | 4 ++++ docs/_data/bearer_ignore_pull.yaml | 4 ++++ docs/_data/bearer_ignore_remove.yaml | 4 ++++ docs/_data/bearer_ignore_show.yaml | 4 ++++ docs/_data/bearer_scan.yaml | 4 ++++ docs/_data/bearer_version.yaml | 4 ++++ internal/flag/general_flags.go | 1 - 8 files changed, 28 insertions(+), 1 deletion(-) diff --git a/docs/_data/bearer_ignore_add.yaml b/docs/_data/bearer_ignore_add.yaml index 48bc25e9c..2c55c3f6e 100644 --- a/docs/_data/bearer_ignore_add.yaml +++ b/docs/_data/bearer_ignore_add.yaml @@ -2,6 +2,10 @@ name: bearer ignore add synopsis: Add an ignored fingerprint usage: bearer ignore add [flags] options: + - name: api-key + usage: Use your Bearer API Key to send the report to Bearer. + environment_variables: + - BEARER_API_KEY - name: author shorthand: a usage: | diff --git a/docs/_data/bearer_ignore_migrate.yaml b/docs/_data/bearer_ignore_migrate.yaml index b7d40ab79..f44f1fcd6 100644 --- a/docs/_data/bearer_ignore_migrate.yaml +++ b/docs/_data/bearer_ignore_migrate.yaml @@ -2,6 +2,10 @@ name: bearer ignore migrate synopsis: Migrate ignored fingerprints from bearer.yml to ignore file usage: bearer ignore migrate [flags] options: + - name: api-key + usage: Use your Bearer API Key to send the report to Bearer. + environment_variables: + - BEARER_API_KEY - name: config-file default_value: bearer.yml usage: Load configuration from the specified path. diff --git a/docs/_data/bearer_ignore_pull.yaml b/docs/_data/bearer_ignore_pull.yaml index 42e16af03..b3475430d 100644 --- a/docs/_data/bearer_ignore_pull.yaml +++ b/docs/_data/bearer_ignore_pull.yaml @@ -2,6 +2,10 @@ name: bearer ignore pull synopsis: Pull ignored fingerprints from Cloud usage: bearer ignore pull [flags] options: + - name: api-key + usage: Use your Bearer API Key to send the report to Bearer. + environment_variables: + - BEARER_API_KEY - name: config-file default_value: bearer.yml usage: Load configuration from the specified path. diff --git a/docs/_data/bearer_ignore_remove.yaml b/docs/_data/bearer_ignore_remove.yaml index d500b8729..fbffc2ad4 100644 --- a/docs/_data/bearer_ignore_remove.yaml +++ b/docs/_data/bearer_ignore_remove.yaml @@ -2,6 +2,10 @@ name: bearer ignore remove synopsis: Remove an ignored fingerprint usage: bearer ignore remove [flags] options: + - name: api-key + usage: Use your Bearer API Key to send the report to Bearer. + environment_variables: + - BEARER_API_KEY - name: config-file default_value: bearer.yml usage: Load configuration from the specified path. diff --git a/docs/_data/bearer_ignore_show.yaml b/docs/_data/bearer_ignore_show.yaml index 4b7b00b58..f27e0fe1f 100644 --- a/docs/_data/bearer_ignore_show.yaml +++ b/docs/_data/bearer_ignore_show.yaml @@ -7,6 +7,10 @@ options: usage: Show all ignored fingerprints. environment_variables: - BEARER_ALL + - name: api-key + usage: Use your Bearer API Key to send the report to Bearer. + environment_variables: + - BEARER_API_KEY - name: config-file default_value: bearer.yml usage: Load configuration from the specified path. diff --git a/docs/_data/bearer_scan.yaml b/docs/_data/bearer_scan.yaml index f587b2a47..2fae60176 100644 --- a/docs/_data/bearer_scan.yaml +++ b/docs/_data/bearer_scan.yaml @@ -2,6 +2,10 @@ name: bearer scan synopsis: Scan a directory or file usage: bearer scan [flags] options: + - name: api-key + usage: Use your Bearer API Key to send the report to Bearer. + environment_variables: + - BEARER_API_KEY - name: config-file default_value: bearer.yml usage: Load configuration from the specified path. diff --git a/docs/_data/bearer_version.yaml b/docs/_data/bearer_version.yaml index 1bdbe9795..c1d2574d4 100644 --- a/docs/_data/bearer_version.yaml +++ b/docs/_data/bearer_version.yaml @@ -2,6 +2,10 @@ name: bearer version synopsis: Print the version usage: bearer version [flags] options: + - name: api-key + usage: Use your Bearer API Key to send the report to Bearer. + environment_variables: + - BEARER_API_KEY - name: config-file default_value: bearer.yml usage: Load configuration from the specified path. diff --git a/internal/flag/general_flags.go b/internal/flag/general_flags.go index 254d3d1eb..c38222a23 100644 --- a/internal/flag/general_flags.go +++ b/internal/flag/general_flags.go @@ -36,7 +36,6 @@ var ( Value: "", Usage: "Use your Bearer API Key to send the report to Bearer.", DisableInConfig: true, - Hide: true, }) ConfigFileFlag = GeneralFlagGroup.add(flagtypes.Flag{ From fe3c48827fa083585a4cae4eb5ff19d6b06d49f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Fabianski?= Date: Thu, 21 Dec 2023 10:35:43 +0100 Subject: [PATCH 5/7] chore: always show aliases --- docs/_data/bearer.yaml | 1 + docs/_data/bearer_completion.yaml | 1 + docs/_data/bearer_ignore_add.yaml | 1 + docs/_data/bearer_ignore_migrate.yaml | 1 + docs/_data/bearer_ignore_pull.yaml | 1 + docs/_data/bearer_ignore_remove.yaml | 1 + docs/_data/bearer_ignore_show.yaml | 1 + docs/_data/bearer_init.yaml | 1 + docs/_data/bearer_version.yaml | 1 + scripts/gen-doc-yaml.go | 2 +- 10 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/_data/bearer.yaml b/docs/_data/bearer.yaml index 079ccb7e6..5beb9f170 100644 --- a/docs/_data/bearer.yaml +++ b/docs/_data/bearer.yaml @@ -10,3 +10,4 @@ see_also: - bearer init - Generates a default config to `bearer.yml` - bearer scan - Scan a directory or file - bearer version - Print the version +aliases: [] diff --git a/docs/_data/bearer_completion.yaml b/docs/_data/bearer_completion.yaml index 30de193b9..03f426bb8 100644 --- a/docs/_data/bearer_completion.yaml +++ b/docs/_data/bearer_completion.yaml @@ -8,3 +8,4 @@ options: usage: help for completion see_also: - "bearer - " +aliases: [] diff --git a/docs/_data/bearer_ignore_add.yaml b/docs/_data/bearer_ignore_add.yaml index 2c55c3f6e..2c6857643 100644 --- a/docs/_data/bearer_ignore_add.yaml +++ b/docs/_data/bearer_ignore_add.yaml @@ -65,3 +65,4 @@ example: |- $ bearer ignore add --author Mish --comment "Possible false positive" see_also: - bearer ignore - Manage ignored fingerprints +aliases: [] diff --git a/docs/_data/bearer_ignore_migrate.yaml b/docs/_data/bearer_ignore_migrate.yaml index f44f1fcd6..7200c563d 100644 --- a/docs/_data/bearer_ignore_migrate.yaml +++ b/docs/_data/bearer_ignore_migrate.yaml @@ -50,3 +50,4 @@ example: |- $ bearer ignore migrate see_also: - bearer ignore - Manage ignored fingerprints +aliases: [] diff --git a/docs/_data/bearer_ignore_pull.yaml b/docs/_data/bearer_ignore_pull.yaml index b3475430d..1b26c5f81 100644 --- a/docs/_data/bearer_ignore_pull.yaml +++ b/docs/_data/bearer_ignore_pull.yaml @@ -45,3 +45,4 @@ example: |- $ bearer ignore pull /path/to/your_project --api-key=XXXXX see_also: - bearer ignore - Manage ignored fingerprints +aliases: [] diff --git a/docs/_data/bearer_ignore_remove.yaml b/docs/_data/bearer_ignore_remove.yaml index fbffc2ad4..573a8d017 100644 --- a/docs/_data/bearer_ignore_remove.yaml +++ b/docs/_data/bearer_ignore_remove.yaml @@ -45,3 +45,4 @@ example: |- $ bearer ignore remove see_also: - bearer ignore - Manage ignored fingerprints +aliases: [] diff --git a/docs/_data/bearer_ignore_show.yaml b/docs/_data/bearer_ignore_show.yaml index f27e0fe1f..b309a3b23 100644 --- a/docs/_data/bearer_ignore_show.yaml +++ b/docs/_data/bearer_ignore_show.yaml @@ -50,3 +50,4 @@ example: |- $ bearer ignore show see_also: - bearer ignore - Manage ignored fingerprints +aliases: [] diff --git a/docs/_data/bearer_init.yaml b/docs/_data/bearer_init.yaml index 02ff253d6..8cbfc17c1 100644 --- a/docs/_data/bearer_init.yaml +++ b/docs/_data/bearer_init.yaml @@ -8,3 +8,4 @@ options: usage: help for init see_also: - "bearer - " +aliases: [] diff --git a/docs/_data/bearer_version.yaml b/docs/_data/bearer_version.yaml index c1d2574d4..94086d8d3 100644 --- a/docs/_data/bearer_version.yaml +++ b/docs/_data/bearer_version.yaml @@ -42,3 +42,4 @@ options: - BEARER_NO_COLOR see_also: - "bearer - " +aliases: [] diff --git a/scripts/gen-doc-yaml.go b/scripts/gen-doc-yaml.go index 6b5be06ab..ea611fe14 100644 --- a/scripts/gen-doc-yaml.go +++ b/scripts/gen-doc-yaml.go @@ -37,7 +37,7 @@ type cmdDoc struct { InheritedOptions []cmdOption `yaml:"inherited_options,omitempty"` Example string `yaml:",omitempty"` SeeAlso []string `yaml:"see_also,omitempty"` - Aliases []string `yaml:"aliases,omitempty"` + Aliases []string `yaml:"aliases"` } var ( From cc6fae34eb22e5082fccdbf73ca55fd1ea312514 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Fabianski?= Date: Thu, 21 Dec 2023 10:39:39 +0100 Subject: [PATCH 6/7] chore: clean up --- internal/flag/test_helper.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/internal/flag/test_helper.go b/internal/flag/test_helper.go index 0bd11015f..cb3fd8fc8 100644 --- a/internal/flag/test_helper.go +++ b/internal/flag/test_helper.go @@ -1,7 +1,6 @@ package flag import ( - "fmt" "testing" flagtypes "github.com/bearer/bearer/internal/flag/types" @@ -35,9 +34,6 @@ func RunFlagTest(testCase TestCase, t *testing.T) { t.Setenv(testCase.env.key, testCase.env.value) } - fmt.Println(testCase.name) - fmt.Println("envVar", viper.AllEnvVar()) - sl := getStringSlice(testCase.flag) assert.Equal(t, testCase.want, sl) From 5d46af8321da071ec9844ba7d09a000af63a8d07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Fabianski?= Date: Thu, 21 Dec 2023 13:50:35 +0100 Subject: [PATCH 7/7] fix: update snapshots --- e2e/flags/.snapshots/TestMetadataFlags-help-scan | 1 + e2e/flags/.snapshots/TestMetadataFlags-scan-help | 1 + .../.snapshots/TestReportFlagsShouldFail-invalid-context-flag | 1 + .../TestReportFlagsShouldFail-invalid-format-flag-privacy | 1 + .../TestReportFlagsShouldFail-invalid-format-flag-security | 1 + .../.snapshots/TestReportFlagsShouldFail-invalid-report-flag | 1 + 6 files changed, 6 insertions(+) diff --git a/e2e/flags/.snapshots/TestMetadataFlags-help-scan b/e2e/flags/.snapshots/TestMetadataFlags-help-scan index 610ec4e95..80ea983df 100644 --- a/e2e/flags/.snapshots/TestMetadataFlags-help-scan +++ b/e2e/flags/.snapshots/TestMetadataFlags-help-scan @@ -38,6 +38,7 @@ Scan Flags --skip-path strings Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql General Flags + --api-key string Use your Bearer API Key to send the report to Bearer. --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking diff --git a/e2e/flags/.snapshots/TestMetadataFlags-scan-help b/e2e/flags/.snapshots/TestMetadataFlags-scan-help index 610ec4e95..80ea983df 100644 --- a/e2e/flags/.snapshots/TestMetadataFlags-scan-help +++ b/e2e/flags/.snapshots/TestMetadataFlags-scan-help @@ -38,6 +38,7 @@ Scan Flags --skip-path strings Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql General Flags + --api-key string Use your Bearer API Key to send the report to Bearer. --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking diff --git a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-context-flag b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-context-flag index 569fdfd06..a95458a30 100644 --- a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-context-flag +++ b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-context-flag @@ -39,6 +39,7 @@ Scan Flags --skip-path strings Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql General Flags + --api-key string Use your Bearer API Key to send the report to Bearer. --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking diff --git a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-privacy b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-privacy index 6fd4d119a..770a46fc4 100644 --- a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-privacy +++ b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-privacy @@ -39,6 +39,7 @@ Scan Flags --skip-path strings Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql General Flags + --api-key string Use your Bearer API Key to send the report to Bearer. --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking diff --git a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-security b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-security index 3b64e1d89..a62952c51 100644 --- a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-security +++ b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-security @@ -39,6 +39,7 @@ Scan Flags --skip-path strings Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql General Flags + --api-key string Use your Bearer API Key to send the report to Bearer. --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking diff --git a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-report-flag b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-report-flag index ecf89e381..6c2c37433 100644 --- a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-report-flag +++ b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-report-flag @@ -39,6 +39,7 @@ Scan Flags --skip-path strings Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql General Flags + --api-key string Use your Bearer API Key to send the report to Bearer. --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking