View Javadoc
1   /*
2    * This file is part of dependency-check-cli.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck;
19  
20  import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
21  
22  import java.io.File;
23  import java.io.FileNotFoundException;
24  
25  import org.apache.commons.cli.CommandLine;
26  import org.apache.commons.cli.CommandLineParser;
27  import org.apache.commons.cli.DefaultParser;
28  import org.apache.commons.cli.HelpFormatter;
29  import org.apache.commons.cli.Option;
30  import org.apache.commons.cli.OptionGroup;
31  import org.apache.commons.cli.Options;
32  import org.apache.commons.cli.ParseException;
33  import org.owasp.dependencycheck.reporting.ReportGenerator.Format;
34  import org.owasp.dependencycheck.utils.InvalidSettingException;
35  import org.owasp.dependencycheck.utils.Settings;
36  import org.slf4j.Logger;
37  import org.slf4j.LoggerFactory;
38  
39  /**
40   * A utility to parse command line arguments for the DependencyCheck.
41   *
42   * @author Jeremy Long
43   */
44  //suppress hard-coded password rule
45  @SuppressWarnings("squid:S2068")
46  public final class CliParser {
47  
48      /**
49       * The logger.
50       */
51      private static final Logger LOGGER = LoggerFactory.getLogger(CliParser.class);
52      /**
53       * The command line.
54       */
55      private CommandLine line;
56      /**
57       * Indicates whether the arguments are valid.
58       */
59      private boolean isValid = true;
60      /**
61       * The configured settings.
62       */
63      private final Settings settings;
64      /**
65       * The supported reported formats.
66       */
67      private static final String SUPPORTED_FORMATS = "HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, GITLAB or ALL";
68  
69      /**
70       * Constructs a new CLI Parser object with the configured settings.
71       *
72       * @param settings the configured settings
73       */
74      public CliParser(Settings settings) {
75          this.settings = settings;
76      }
77  
78      /**
79       * Parses the arguments passed in and captures the results for later use.
80       *
81       * @param args the command line arguments
82       * @throws FileNotFoundException is thrown when a 'file' argument does not
83       * point to a file that exists.
84       * @throws ParseException is thrown when a Parse Exception occurs.
85       */
86      public void parse(String[] args) throws FileNotFoundException, ParseException {
87          line = parseArgs(args);
88  
89          if (line != null) {
90              validateArgs();
91          }
92      }
93  
94      /**
95       * Parses the command line arguments.
96       *
97       * @param args the command line arguments
98       * @return the results of parsing the command line arguments
99       * @throws ParseException if the arguments are invalid
100      */
101     private CommandLine parseArgs(String[] args) throws ParseException {
102         final CommandLineParser parser = new DefaultParser();
103         final Options options = createCommandLineOptions();
104         return parser.parse(options, args);
105     }
106 
107     /**
108      * Validates that the command line arguments are valid.
109      *
110      * @throws FileNotFoundException if there is a file specified by either the
111      * SCAN or CPE command line arguments that does not exist.
112      * @throws ParseException is thrown if there is an exception parsing the
113      * command line.
114      */
115     private void validateArgs() throws FileNotFoundException, ParseException {
116         if (isUpdateOnly() || isRunScan()) {
117 
118             String value = line.getOptionValue(ARGUMENT.NVD_API_VALID_FOR_HOURS);
119             if (value != null) {
120                 try {
121                     final int i = Integer.parseInt(value);
122                     if (i < 0) {
123                         throw new ParseException("Invalid Setting: nvdValidForHours must be a number greater than or equal to 0.");
124                     }
125                 } catch (NumberFormatException ex) {
126                     throw new ParseException("Invalid Setting: nvdValidForHours must be a number greater than or equal to 0.");
127                 }
128             }
129             value = line.getOptionValue(ARGUMENT.NVD_API_MAX_RETRY_COUNT);
130             if (value != null) {
131                 try {
132                     final int i = Integer.parseInt(value);
133                     if (i <= 0) {
134                         throw new ParseException("Invalid Setting: nvdMaxRetryCount must be a number greater than 0.");
135                     }
136                 } catch (NumberFormatException ex) {
137                     throw new ParseException("Invalid Setting: nvdMaxRetryCount must be a number greater than 0.");
138                 }
139             }
140             value = line.getOptionValue(ARGUMENT.NVD_API_DELAY);
141             if (value != null) {
142                 try {
143                     final int i = Integer.parseInt(value);
144                     if (i < 0) {
145                         throw new ParseException("Invalid Setting: nvdApiDelay must be a number greater than or equal to 0.");
146                     }
147                 } catch (NumberFormatException ex) {
148                     throw new ParseException("Invalid Setting: nvdApiDelay must be a number greater than or equal to 0.");
149                 }
150             }
151             value = line.getOptionValue(ARGUMENT.NVD_API_RESULTS_PER_PAGE);
152             if (value != null) {
153                 try {
154                     final int i = Integer.parseInt(value);
155                     if (i <= 0 || i > 2000) {
156                         throw new ParseException("Invalid Setting: nvdApiResultsPerPage must be a number in the range [1, 2000].");
157                     }
158                 } catch (NumberFormatException ex) {
159                     throw new ParseException("Invalid Setting: nvdApiResultsPerPage must be a number in the range [1, 2000].");
160                 }
161             }
162         }
163         if (isRunScan()) {
164             validatePathExists(getScanFiles(), ARGUMENT.SCAN);
165             validatePathExists(getReportDirectory(), ARGUMENT.OUT);
166             final String pathToCore = getStringArgument(ARGUMENT.PATH_TO_CORE);
167             if (pathToCore != null) {
168                 validatePathExists(pathToCore, ARGUMENT.PATH_TO_CORE);
169             }
170             if (line.hasOption(ARGUMENT.OUTPUT_FORMAT)) {
171                 for (String validating : getReportFormat()) {
172                     if (!isValidFormat(validating)
173                             && !isValidFilePath(validating, "format")) {
174                         final String msg = String.format("An invalid 'format' of '%s' was specified. "
175                                         + "Supported output formats are %s, and custom template files.",
176                                 validating, SUPPORTED_FORMATS);
177                         throw new ParseException(msg);
178                     }
179                 }
180             }
181             if (line.hasOption(ARGUMENT.SYM_LINK_DEPTH)) {
182                 try {
183                     final int i = Integer.parseInt(line.getOptionValue(ARGUMENT.SYM_LINK_DEPTH));
184                     if (i < 0) {
185                         throw new ParseException("Symbolic Link Depth (symLink) must be greater than zero.");
186                     }
187                 } catch (NumberFormatException ex) {
188                     throw new ParseException("Symbolic Link Depth (symLink) is not a number.");
189                 }
190             }
191         }
192     }
193 
194     /**
195      * Validates the format to be one of the known Formats.
196      *
197      * @param format the format to validate
198      * @return true, if format is known in Format; false otherwise
199      * @see Format
200      */
201     private boolean isValidFormat(String format) {
202         try {
203             Format.valueOf(format);
204             return true;
205         } catch (IllegalArgumentException ex) {
206             return false;
207         }
208     }
209 
210     /**
211      * Validates the path to point at an existing file.
212      *
213      * @param path the path to validate if it exists
214      * @param argumentName the argument being validated (e.g. scan, out, etc.)
215      * @return true, if path exists; false otherwise
216      */
217     private boolean isValidFilePath(String path, String argumentName) {
218         try {
219             validatePathExists(path, argumentName);
220             return true;
221         } catch (FileNotFoundException ex) {
222             return false;
223         }
224     }
225 
226     /**
227      * Validates whether or not the path(s) points at a file that exists; if the
228      * path(s) does not point to an existing file a FileNotFoundException is
229      * thrown.
230      *
231      * @param paths the paths to validate if they exists
232      * @param optType the option being validated (e.g. scan, out, etc.)
233      * @throws FileNotFoundException is thrown if one of the paths being
234      * validated does not exist.
235      */
236     private void validatePathExists(String[] paths, String optType) throws FileNotFoundException {
237         for (String path : paths) {
238             validatePathExists(path, optType);
239         }
240     }
241 
242     /**
243      * Validates whether or not the path points at a file that exists; if the
244      * path does not point to an existing file a FileNotFoundException is
245      * thrown.
246      *
247      * @param path the paths to validate if they exists
248      * @param argumentName the argument being validated (e.g. scan, out, etc.)
249      * @throws FileNotFoundException is thrown if the path being validated does
250      * not exist.
251      */
252     private void validatePathExists(String path, String argumentName) throws FileNotFoundException {
253         if (path == null) {
254             isValid = false;
255             final String msg = String.format("Invalid '%s' argument: null", argumentName);
256             throw new FileNotFoundException(msg);
257         } else if (!path.contains("*") && !path.contains("?")) {
258             File f = new File(path);
259             final String[] formats = this.getReportFormat();
260             if ("o".equalsIgnoreCase(argumentName.substring(0, 1)) && formats.length == 1 && !"ALL".equalsIgnoreCase(formats[0])) {
261                 final String checkPath = path.toLowerCase();
262                 if (checkPath.endsWith(".html") || checkPath.endsWith(".xml") || checkPath.endsWith(".htm")
263                         || checkPath.endsWith(".csv") || checkPath.endsWith(".json")) {
264                     if (f.getParentFile() == null) {
265                         f = new File(".", path);
266                     }
267                     if (!f.getParentFile().isDirectory()) {
268                         isValid = false;
269                         final String msg = String.format("Invalid '%s' argument: '%s' - directory path does not exist", argumentName, path);
270                         throw new FileNotFoundException(msg);
271                     }
272                 }
273             } else if ("o".equalsIgnoreCase(argumentName.substring(0, 1)) && !f.isDirectory()) {
274                 if (f.getParentFile() != null && f.getParentFile().isDirectory() && !f.mkdir()) {
275                     isValid = false;
276                     final String msg = String.format("Invalid '%s' argument: '%s' - unable to create the output directory", argumentName, path);
277                     throw new FileNotFoundException(msg);
278                 }
279                 if (!f.isDirectory()) {
280                     isValid = false;
281                     final String msg = String.format("Invalid '%s' argument: '%s' - path does not exist", argumentName, path);
282                     throw new FileNotFoundException(msg);
283                 }
284             } else if (!f.exists()) {
285                 isValid = false;
286                 final String msg = String.format("Invalid '%s' argument: '%s' - path does not exist", argumentName, path);
287                 throw new FileNotFoundException(msg);
288             }
289 //        } else if (path.startsWith("//") || path.startsWith("\\\\")) {
290 //            isValid = false;
291 //            final String msg = String.format("Invalid '%s' argument: '%s'%nUnable to scan paths that start with '//'.", argumentName, path);
292 //            throw new FileNotFoundException(msg);
293         } else if ((path.endsWith("/*") && !path.endsWith("**/*")) || (path.endsWith("\\*") && path.endsWith("**\\*"))) {
294             LOGGER.warn("Possibly incorrect path '{}' from argument '{}' because it ends with a slash star; "
295                     + "dependency-check uses ant-style paths", path, argumentName);
296         }
297     }
298 
299     /**
300      * Generates an Options collection that is used to parse the command line
301      * and to display the help message.
302      *
303      * @return the command line options used for parsing the command line
304      */
305     @SuppressWarnings("static-access")
306     private Options createCommandLineOptions() {
307         final Options options = new Options();
308         addStandardOptions(options);
309         addAdvancedOptions(options);
310         addDeprecatedOptions(options);
311         return options;
312     }
313 
314     /**
315      * Adds the standard command line options to the given options collection.
316      *
317      * @param options a collection of command line arguments
318      */
319     @SuppressWarnings("static-access")
320     private void addStandardOptions(final Options options) {
321         //This is an option group because it can be specified more then once.
322 
323         options.addOptionGroup(newOptionGroup(newOptionWithArg(ARGUMENT.SCAN_SHORT, ARGUMENT.SCAN, "path",
324                         "The path to scan - this option can be specified multiple times. Ant style paths are supported (e.g. 'path/**/*.jar'); "
325                                 + "if using Ant style paths it is highly recommended to quote the argument value.")))
326                 .addOptionGroup(newOptionGroup(newOptionWithArg(ARGUMENT.EXCLUDE, "pattern", "Specify an exclusion pattern. This option "
327                         + "can be specified multiple times and it accepts Ant style exclusions.")))
328                 .addOption(newOptionWithArg(ARGUMENT.PROJECT, "name", "The name of the project being scanned."))
329                 .addOption(newOptionWithArg(ARGUMENT.OUT_SHORT, ARGUMENT.OUT, "path",
330                         "The folder to write reports to. This defaults to the current directory. It is possible to set this to a specific "
331                                 + "file name if the format argument is not set to ALL."))
332                 .addOption(newOptionWithArg(ARGUMENT.OUTPUT_FORMAT_SHORT, ARGUMENT.OUTPUT_FORMAT, "format",
333                         "The report format (" + SUPPORTED_FORMATS + "). The default is HTML. Multiple format parameters can be specified."))
334                 .addOption(newOption(ARGUMENT.PRETTY_PRINT, "When specified the JSON and XML report formats will be pretty printed."))
335                 .addOption(newOption(ARGUMENT.VERSION_SHORT, ARGUMENT.VERSION, "Print the version information."))
336                 .addOption(newOption(ARGUMENT.HELP_SHORT, ARGUMENT.HELP, "Print this message."))
337                 .addOption(newOption(ARGUMENT.ADVANCED_HELP, "Print the advanced help message."))
338                 .addOption(newOption(ARGUMENT.DISABLE_AUTO_UPDATE_SHORT, ARGUMENT.DISABLE_AUTO_UPDATE,
339                         "Disables the automatic updating of the NVD-CVE, hosted-suppressions and RetireJS data."))
340                 .addOption(newOptionWithArg(ARGUMENT.VERBOSE_LOG_SHORT, ARGUMENT.VERBOSE_LOG, "file",
341                         "The file path to write verbose logging information."))
342                 .addOptionGroup(newOptionGroup(newOptionWithArg(ARGUMENT.SUPPRESSION_FILES, "file",
343                         "The file path to the suppression XML file. This can be specified more then once to utilize multiple suppression files")))
344                 .addOption(newOption(ARGUMENT.DISABLE_VERSION_CHECK, "Disables the dependency-check version check"))
345                 .addOption(newOption(ARGUMENT.EXPERIMENTAL, "Enables the experimental analyzers."))
346                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_KEY, "apiKey", "The API Key to access the NVD API."))
347                 .addOption(newOptionWithArg(ARGUMENT.FAIL_ON_CVSS, "score",
348                         "Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11; "
349                                 + "since the CVSS scores are 0-10, by default the build will never fail."))
350                 .addOption(newOptionWithArg(ARGUMENT.FAIL_JUNIT_ON_CVSS, "score",
351                         "Specifies the CVSS score that is considered a failure when generating the junit report. The default is 0."));
352     }
353 
354     /**
355      * Adds the advanced command line options to the given options collection.
356      * These are split out for purposes of being able to display two different
357      * help messages.
358      *
359      * @param options a collection of command line arguments
360      */
361     @SuppressWarnings("static-access")
362     private void addAdvancedOptions(final Options options) {
363         options
364                 .addOption(newOption(ARGUMENT.UPDATE_ONLY,
365                         "Only update the local NVD data cache; no scan will be executed."))
366                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_DELAY, "milliseconds",
367                         "Time in milliseconds to wait between downloading from the NVD."))
368                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_RESULTS_PER_PAGE, "count",
369                         "The number records for a single page from NVD API (must be <=2000)."))
370                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_ENDPOINT, "endpoint",
371                         "The NVD API Endpoint - setting this is rare."))
372                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_DATAFEED_URL, "url",
373                         "The URL to the NVD API Datafeed."))
374                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_DATAFEED_USER, "user",
375                         "Credentials for basic authentication to the NVD API Datafeed."))
376                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_DATAFEED_PASSWORD, "password",
377                         "Credentials for basic authentication to the NVD API Datafeed."))
378                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_DATAFEED_BEARER_TOKEN, "token",
379                         "Credentials for bearer authentication to the NVD API Datafeed."))
380                 .addOption(newOptionWithArg(ARGUMENT.SUPPRESSION_FILE_USER, "user",
381                         "Credentials for basic authentication to web-hosted suppression files."))
382                 .addOption(newOptionWithArg(ARGUMENT.SUPPRESSION_FILE_PASSWORD, "password",
383                         "Credentials for basic authentication to web-hosted suppression files."))
384                 .addOption(newOptionWithArg(ARGUMENT.SUPPRESSION_FILE_BEARER_TOKEN, "token",
385                         "Credentials for bearer authentication to web-hosted suppression files."))
386                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_MAX_RETRY_COUNT, "count",
387                         "The maximum number of retry requests for a single call to the NVD API."))
388                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_VALID_FOR_HOURS, "hours",
389                         "The number of hours to wait before checking for new updates from the NVD."))
390                 .addOption(newOptionWithArg(ARGUMENT.PROXY_PORT, "port",
391                         "The proxy port to use when downloading resources."))
392                 .addOption(newOptionWithArg(ARGUMENT.PROXY_SERVER, "server",
393                         "The proxy server to use when downloading resources."))
394                 .addOption(newOptionWithArg(ARGUMENT.PROXY_USERNAME, "user",
395                         "The proxy username to use when downloading resources."))
396                 .addOption(newOptionWithArg(ARGUMENT.PROXY_PASSWORD, "pass",
397                         "The proxy password to use when downloading resources."))
398                 .addOption(newOptionWithArg(ARGUMENT.NON_PROXY_HOSTS, "list",
399                         "The proxy exclusion list: hostnames (or patterns) for which proxy should not be used. "
400                                 + "Use pipe, comma or colon as list separator."))
401                 .addOption(newOptionWithArg(ARGUMENT.CONNECTION_TIMEOUT_SHORT, ARGUMENT.CONNECTION_TIMEOUT, "timeout",
402                         "The connection timeout (in milliseconds) to use when downloading resources."))
403                 .addOption(newOptionWithArg(ARGUMENT.CONNECTION_READ_TIMEOUT, "timeout",
404                         "The read timeout (in milliseconds) to use when downloading resources."))
405                 .addOption(newOptionWithArg(ARGUMENT.CONNECTION_STRING, "connStr",
406                         "The connection string to the database."))
407                 .addOption(newOptionWithArg(ARGUMENT.DB_NAME, "user",
408                         "The username used to connect to the database."))
409                 .addOption(newOptionWithArg(ARGUMENT.DATA_DIRECTORY_SHORT, ARGUMENT.DATA_DIRECTORY, "path",
410                         "The location of the H2 Database file. This option should generally not be set."))
411                 .addOption(newOptionWithArg(ARGUMENT.DB_PASSWORD, "password",
412                         "The password for connecting to the database."))
413                 .addOption(newOptionWithArg(ARGUMENT.DB_DRIVER, "driver",
414                         "The database driver name."))
415                 .addOption(newOptionWithArg(ARGUMENT.DB_DRIVER_PATH, "path",
416                         "The path to the database driver; note, this does not need to be set unless the JAR is "
417                                 + "outside of the classpath."))
418                 .addOption(newOptionWithArg(ARGUMENT.SYM_LINK_DEPTH, "depth",
419                         "Sets how deep nested symbolic links will be followed; 0 indicates symbolic links will not be followed."))
420                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_BUNDLE_AUDIT, "path",
421                         "The path to bundle-audit for Gem bundle analysis."))
422                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_BUNDLE_AUDIT_WORKING_DIRECTORY, "path",
423                         "The path to working directory that the bundle-audit command should be executed from when "
424                                 + "doing Gem bundle analysis."))
425                 .addOption(newOptionWithArg(ARGUMENT.CENTRAL_URL, "url",
426                         "Alternative URL for Maven Central Search. If not set the public Sonatype Maven Central will be used."))
427                 .addOption(newOptionWithArg(ARGUMENT.CENTRAL_USERNAME, "username",
428                         "Credentials for basic auth towards the --centralUrl."))
429                 .addOption(newOptionWithArg(ARGUMENT.CENTRAL_PASSWORD, "password",
430                         "Credentials for basic auth towards the --centralUrl"))
431                 .addOption(newOptionWithArg(ARGUMENT.CENTRAL_BEARER_TOKEN, "token",
432                         "Token for bearer auth towards the --centralUrl"))
433                 .addOption(newOptionWithArg(ARGUMENT.OSSINDEX_URL, "url",
434                         "Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used."))
435                 .addOption(newOptionWithArg(ARGUMENT.OSSINDEX_USERNAME, "username",
436                         "The username to authenticate to Sonatype's OSS Index. If not set the Sonatype OSS Index "
437                                 + "Analyzer will use an unauthenticated connection."))
438                 .addOption(newOptionWithArg(ARGUMENT.OSSINDEX_PASSWORD, "password", ""
439                         + "The password to authenticate to Sonatype's OSS Index. If not set the Sonatype OSS "
440                         + "Index Analyzer will use an unauthenticated connection."))
441                 .addOption(newOptionWithArg(ARGUMENT.OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS, "true/false", ""
442                         + "Whether a Sonatype OSS Index remote error should result in a warning only or a failure."))
443                 .addOption(newOption(ARGUMENT.RETIRE_JS_FORCEUPDATE, "Force the RetireJS Analyzer to update "
444                         + "even if autoupdate is disabled"))
445                 .addOption(newOptionWithArg(ARGUMENT.RETIREJS_URL, "url",
446                         "The Retire JS Repository URL"))
447                 .addOption(newOptionWithArg(ARGUMENT.RETIREJS_URL_USER, "username",
448                         "The password to authenticate to Retire JS Repository URL"))
449                 .addOption(newOptionWithArg(ARGUMENT.RETIREJS_URL_PASSWORD, "password",
450                         "The password to authenticate to Retire JS Repository URL"))
451                 .addOption(newOptionWithArg(ARGUMENT.RETIREJS_URL_BEARER_TOKEN, "token",
452                         "The password to authenticate to Retire JS Repository URL"))
453                 .addOption(newOption(ARGUMENT.RETIREJS_FILTER_NON_VULNERABLE, "Specifies that the Retire JS "
454                         + "Analyzer should filter out non-vulnerable JS files from the report."))
455                 .addOption(newOptionWithArg(ARGUMENT.ARTIFACTORY_PARALLEL_ANALYSIS, "true/false",
456                         "Whether the Artifactory Analyzer should use parallel analysis."))
457                 .addOption(newOptionWithArg(ARGUMENT.ARTIFACTORY_USES_PROXY, "true/false",
458                         "Whether the Artifactory Analyzer should use the proxy."))
459                 .addOption(newOptionWithArg(ARGUMENT.ARTIFACTORY_USERNAME, "username",
460                         "The Artifactory username for authentication."))
461                 .addOption(newOptionWithArg(ARGUMENT.ARTIFACTORY_API_TOKEN, "token",
462                         "The Artifactory API token."))
463                 .addOption(newOptionWithArg(ARGUMENT.ARTIFACTORY_BEARER_TOKEN, "token",
464                         "The Artifactory bearer token."))
465                 .addOption(newOptionWithArg(ARGUMENT.ARTIFACTORY_URL, "url",
466                         "The Artifactory URL."))
467                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_GO, "path",
468                         "The path to the `go` executable."))
469                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_YARN, "path",
470                         "The path to the `yarn` executable."))
471                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_PNPM, "path",
472                         "The path to the `pnpm` executable."))
473                 .addOption(newOptionWithArg(ARGUMENT.RETIREJS_FILTERS, "pattern",
474                         "Specify Retire JS content filter used to exclude files from analysis based on their content; "
475                                 + "most commonly used to exclude based on your applications own copyright line. This "
476                                 + "option can be specified multiple times."))
477                 .addOption(newOptionWithArg(ARGUMENT.NEXUS_URL, "url",
478                         "The url to the Nexus Server's REST API Endpoint (http://domain/nexus/service/local). If not "
479                                 + "set the Nexus Analyzer will be disabled."))
480                 .addOption(newOptionWithArg(ARGUMENT.NEXUS_USERNAME, "username",
481                         "The username to authenticate to the Nexus Server's REST API Endpoint. If not set the Nexus "
482                                 + "Analyzer will use an unauthenticated connection."))
483                 .addOption(newOptionWithArg(ARGUMENT.NEXUS_PASSWORD, "password",
484                         "The password to authenticate to the Nexus Server's REST API Endpoint. If not set the Nexus "
485                                 + "Analyzer will use an unauthenticated connection."))
486                 //TODO remove as this should be covered by non-proxy hosts
487                 .addOption(newOptionWithArg(ARGUMENT.NEXUS_USES_PROXY, "true/false",
488                         "Whether or not the configured proxy should be used when connecting to Nexus."))
489                 .addOption(newOptionWithArg(ARGUMENT.ADDITIONAL_ZIP_EXTENSIONS, "extensions",
490                         "A comma separated list of additional extensions to be scanned as ZIP files (ZIP, EAR, WAR "
491                                 + "are already treated as zip files)"))
492                 .addOption(newOptionWithArg(ARGUMENT.PROP_SHORT, ARGUMENT.PROP, "file", "A property file to load."))
493                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_CORE, "path", "The path to dotnet core."))
494                 .addOption(newOptionWithArg(ARGUMENT.HINTS_FILE, "file", "The file path to the hints XML file."))
495                 .addOption(newOption(ARGUMENT.RETIRED, "Enables the retired analyzers."))
496                 .addOption(newOption(ARGUMENT.DISABLE_MSBUILD, "Disable the MS Build Analyzer."))
497                 .addOption(newOption(ARGUMENT.DISABLE_JAR, "Disable the Jar Analyzer."))
498                 .addOption(newOption(ARGUMENT.DISABLE_ARCHIVE, "Disable the Archive Analyzer."))
499                 .addOption(newOption(ARGUMENT.DISABLE_KEV, "Disable the Known Exploited Vulnerability Analyzer."))
500                 .addOption(newOptionWithArg(ARGUMENT.KEV_URL, "url", "The url to the CISA Known Exploited Vulnerabilities JSON data feed"))
501                 .addOption(newOptionWithArg(ARGUMENT.KEV_USER, "user", "The user for basic authentication towards the CISA Known Exploited "
502                         + "Vulnerabilities JSON data feed"))
503                 .addOption(newOptionWithArg(ARGUMENT.KEV_PASSWORD, "password", "The password for basic authentication towards the CISA Known "
504                         + "Exploited Vulnerabilities JSON data feed"))
505                 .addOption(newOptionWithArg(ARGUMENT.KEV_BEARER_TOKEN, "token", "The token for bearer authentication towards the CISA Known "
506                         + "Exploited Vulnerabilities JSON data feed"))
507                 .addOption(newOption(ARGUMENT.DISABLE_ASSEMBLY, "Disable the .NET Assembly Analyzer."))
508                 .addOption(newOption(ARGUMENT.DISABLE_PY_DIST, "Disable the Python Distribution Analyzer."))
509                 .addOption(newOption(ARGUMENT.DISABLE_CMAKE, "Disable the Cmake Analyzer."))
510                 .addOption(newOption(ARGUMENT.DISABLE_PY_PKG, "Disable the Python Package Analyzer."))
511                 .addOption(newOption(ARGUMENT.DISABLE_MIX_AUDIT, "Disable the Elixir mix_audit Analyzer."))
512                 .addOption(newOption(ARGUMENT.DISABLE_RUBYGEMS, "Disable the Ruby Gemspec Analyzer."))
513                 .addOption(newOption(ARGUMENT.DISABLE_BUNDLE_AUDIT, "Disable the Ruby Bundler-Audit Analyzer."))
514                 .addOption(newOption(ARGUMENT.DISABLE_FILENAME, "Disable the File Name Analyzer."))
515                 .addOption(newOption(ARGUMENT.DISABLE_AUTOCONF, "Disable the Autoconf Analyzer."))
516                 .addOption(newOption(ARGUMENT.DISABLE_MAVEN_INSTALL, "Disable the Maven install Analyzer."))
517                 .addOption(newOption(ARGUMENT.DISABLE_PIP, "Disable the pip Analyzer."))
518                 .addOption(newOption(ARGUMENT.DISABLE_PIPFILE, "Disable the Pipfile Analyzer."))
519                 .addOption(newOption(ARGUMENT.DISABLE_COMPOSER, "Disable the PHP Composer Analyzer."))
520                 .addOption(newOption(ARGUMENT.COMPOSER_LOCK_SKIP_DEV, "Configures the PHP Composer Analyzer to skip packages-dev"))
521                 .addOption(newOption(ARGUMENT.DISABLE_CPAN, "Disable the Perl CPAN file Analyzer."))
522                 .addOption(newOption(ARGUMENT.DISABLE_POETRY, "Disable the Poetry Analyzer."))
523                 .addOption(newOption(ARGUMENT.DISABLE_GOLANG_MOD, "Disable the Golang Mod Analyzer."))
524                 .addOption(newOption(ARGUMENT.DISABLE_DART, "Disable the Dart Analyzer."))
525                 .addOption(newOption(ARGUMENT.DISABLE_OPENSSL, "Disable the OpenSSL Analyzer."))
526                 .addOption(newOption(ARGUMENT.DISABLE_NUSPEC, "Disable the Nuspec Analyzer."))
527                 .addOption(newOption(ARGUMENT.DISABLE_NUGETCONF, "Disable the Nuget packages.config Analyzer."))
528                 .addOption(newOption(ARGUMENT.DISABLE_CENTRAL, "Disable the Central Analyzer. If this analyzer "
529                         + "is disabled it is likely you also want to disable the Nexus Analyzer."))
530                 .addOption(newOption(ARGUMENT.DISABLE_CENTRAL_CACHE, "Disallow the Central Analyzer from caching results"))
531                 .addOption(newOption(ARGUMENT.DISABLE_OSSINDEX, "Disable the Sonatype OSS Index Analyzer."))
532                 .addOption(newOption(ARGUMENT.DISABLE_OSSINDEX_CACHE, "Disallow the OSS Index Analyzer from caching results"))
533                 .addOption(newOption(ARGUMENT.DISABLE_COCOAPODS, "Disable the CocoaPods Analyzer."))
534                 .addOption(newOption(ARGUMENT.DISABLE_CARTHAGE, "Disable the Carthage Analyzer."))
535                 .addOption(newOption(ARGUMENT.DISABLE_SWIFT, "Disable the swift package Analyzer."))
536                 .addOption(newOption(ARGUMENT.DISABLE_SWIFT_RESOLVED, "Disable the swift package resolved Analyzer."))
537                 .addOption(newOption(ARGUMENT.DISABLE_GO_DEP, "Disable the Golang Package Analyzer."))
538                 .addOption(newOption(ARGUMENT.DISABLE_NODE_JS, "Disable the Node.js Package Analyzer."))
539                 .addOption(newOption(ARGUMENT.NODE_PACKAGE_SKIP_DEV_DEPENDENCIES, "Configures the Node Package Analyzer to skip devDependencies"))
540                 .addOption(newOption(ARGUMENT.DISABLE_NODE_AUDIT, "Disable the Node Audit Analyzer."))
541                 .addOption(newOption(ARGUMENT.DISABLE_PNPM_AUDIT, "Disable the Pnpm Audit Analyzer."))
542                 .addOption(newOption(ARGUMENT.DISABLE_YARN_AUDIT, "Disable the Yarn Audit Analyzer."))
543                 .addOption(newOption(ARGUMENT.DISABLE_NODE_AUDIT_CACHE, "Disallow the Node Audit Analyzer from caching results"))
544                 .addOption(newOption(ARGUMENT.DISABLE_NODE_AUDIT_SKIPDEV, "Configures the Node Audit Analyzer to skip devDependencies"))
545                 .addOption(newOption(ARGUMENT.DISABLE_RETIRE_JS, "Disable the RetireJS Analyzer."))
546                 .addOption(newOption(ARGUMENT.ENABLE_NEXUS, "Enable the Nexus Analyzer."))
547                 .addOption(newOption(ARGUMENT.ARTIFACTORY_ENABLED, "Whether the Artifactory Analyzer should be enabled."))
548                 .addOption(newOption(ARGUMENT.PURGE_NVD, "Purges the local NVD data cache"))
549                 .addOption(newOption(ARGUMENT.DISABLE_HOSTED_SUPPRESSIONS, "Disable the usage of the hosted suppressions file"))
550                 .addOption(newOption(ARGUMENT.HOSTED_SUPPRESSIONS_FORCEUPDATE, "Force the hosted suppressions file to update even"
551                         + " if autoupdate is disabled"))
552                 .addOption(newOptionWithArg(ARGUMENT.HOSTED_SUPPRESSIONS_VALID_FOR_HOURS, "hours",
553                         "The number of hours to wait before checking for new updates of the the hosted suppressions file."))
554                 .addOption(newOptionWithArg(ARGUMENT.HOSTED_SUPPRESSIONS_URL, "url",
555                         "The URL for a mirrored hosted suppressions file"))
556                 .addOption(newOptionWithArg(ARGUMENT.HOSTED_SUPPRESSIONS_USER, "user",
557                         "The user for basic auth to a mirrored hosted suppressions file"))
558                 .addOption(newOptionWithArg(ARGUMENT.HOSTED_SUPPRESSIONS_PASSWORD, "password",
559                         "The password for basic auth to a mirrored hosted suppressions file"))
560                 .addOption(newOptionWithArg(ARGUMENT.HOSTED_SUPPRESSIONS_BEARER_TOKEN, "token",
561                         "The token for bearer auth to  a mirrored hosted suppressions file"));
562 
563     }
564 
565     /**
566      * Adds the deprecated command line options to the given options collection.
567      * These are split out for purposes of not including them in the help
568      * message. We need to add the deprecated options so as not to break
569      * existing scripts.
570      *
571      * @param options a collection of command line arguments
572      */
573     @SuppressWarnings({"static-access", "deprecation"})
574     private void addDeprecatedOptions(final Options options) {
575         //not a real option - but enables java debugging via the shell script
576         options.addOption(newOption("debug",
577                 "Used to enable java debugging of the cli via dependency-check.sh."));
578     }
579 
580     /**
581      * Determines if the 'version' command line argument was passed in.
582      *
583      * @return whether or not the 'version' command line argument was passed in
584      */
585     public boolean isGetVersion() {
586         return (line != null) && line.hasOption(ARGUMENT.VERSION);
587     }
588 
589     /**
590      * Determines if the 'help' command line argument was passed in.
591      *
592      * @return whether or not the 'help' command line argument was passed in
593      */
594     public boolean isGetHelp() {
595         return (line != null) && line.hasOption(ARGUMENT.HELP);
596     }
597 
598     /**
599      * Determines if the 'scan' command line argument was passed in.
600      *
601      * @return whether or not the 'scan' command line argument was passed in
602      */
603     public boolean isRunScan() {
604         return (line != null) && isValid && line.hasOption(ARGUMENT.SCAN);
605     }
606 
607     /**
608      * Returns the symbolic link depth (how deeply symbolic links will be
609      * followed).
610      *
611      * @return the symbolic link depth
612      */
613     public int getSymLinkDepth() {
614         int value = 0;
615         try {
616             value = Integer.parseInt(line.getOptionValue(ARGUMENT.SYM_LINK_DEPTH, "0"));
617             if (value < 0) {
618                 value = 0;
619             }
620         } catch (NumberFormatException ex) {
621             LOGGER.debug("Symbolic link was not a number");
622         }
623         return value;
624     }
625 
626     /**
627      * Utility method to determine if one of the disable options has been set.
628      * If not set, this method will check the currently configured settings for
629      * the current value to return.
630      * <p>
631      * Example given `--disableArchive` on the command line would cause this
632      * method to return true for the disable archive setting.
633      *
634      * @param disableFlag the command line disable option
635      * @param setting the corresponding settings key
636      * @return true if the disable option was set, if not set the currently
637      * configured value will be returned
638      */
639     public boolean isDisabled(String disableFlag, String setting) {
640         if (line == null || !line.hasOption(disableFlag)) {
641             try {
642                 return !settings.getBoolean(setting);
643             } catch (InvalidSettingException ise) {
644                 LOGGER.warn("Invalid property setting '{}' defaulting to false", setting);
645                 return false;
646             }
647         } else {
648             return true;
649         }
650     }
651 
652     /**
653      * Returns true if the disableNodeAudit command line argument was specified.
654      *
655      * @return true if the disableNodeAudit command line argument was specified;
656      * otherwise false
657      */
658     public boolean isNodeAuditDisabled() {
659         return isDisabled(ARGUMENT.DISABLE_NODE_AUDIT, Settings.KEYS.ANALYZER_NODE_AUDIT_ENABLED);
660     }
661 
662     /**
663      * Returns true if the disableYarnAudit command line argument was specified.
664      *
665      * @return true if the disableYarnAudit command line argument was specified;
666      * otherwise false
667      */
668     public boolean isYarnAuditDisabled() {
669         return isDisabled(ARGUMENT.DISABLE_YARN_AUDIT, Settings.KEYS.ANALYZER_YARN_AUDIT_ENABLED);
670     }
671 
672     /**
673      * Returns true if the disablePnpmAudit command line argument was specified.
674      *
675      * @return true if the disablePnpmAudit command line argument was specified;
676      * otherwise false
677      */
678     public boolean isPnpmAuditDisabled() {
679         return isDisabled(ARGUMENT.DISABLE_PNPM_AUDIT, Settings.KEYS.ANALYZER_PNPM_AUDIT_ENABLED);
680     }
681 
682     /**
683      * Returns true if the Nexus Analyzer should use the configured proxy to
684      * connect to Nexus; otherwise false is returned.
685      *
686      * @return true if the Nexus Analyzer should use the configured proxy to
687      * connect to Nexus; otherwise false
688      */
689     public boolean isNexusUsesProxy() {
690         // If they didn't specify whether Nexus needs to use the proxy, we should
691         // still honor the property if it's set.
692         if (line == null || !line.hasOption(ARGUMENT.NEXUS_USES_PROXY)) {
693             try {
694                 return settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_USES_PROXY);
695             } catch (InvalidSettingException ise) {
696                 return true;
697             }
698         } else {
699             return Boolean.parseBoolean(line.getOptionValue(ARGUMENT.NEXUS_USES_PROXY));
700         }
701     }
702 
703     /**
704      * Returns the argument boolean value.
705      *
706      * @param argument the argument
707      * @return the argument boolean value
708      */
709     @SuppressFBWarnings(justification = "Accepting that this is a bad practice - used a Boolean as we needed three states",
710             value = {"NP_BOOLEAN_RETURN_NULL"})
711     public Boolean getBooleanArgument(String argument) {
712         if (line != null && line.hasOption(argument)) {
713             final String value = line.getOptionValue(argument);
714             if (value != null) {
715                 return Boolean.parseBoolean(value);
716             }
717         }
718         return null;
719     }
720 
721     /**
722      * Returns the argument value for the given option.
723      *
724      * @param option the option
725      * @return the value of the argument
726      */
727     public String getStringArgument(String option) {
728         return getStringArgument(option, null);
729     }
730 
731     /**
732      * Returns the argument value for the given option.
733      *
734      * @param option the option
735      * @param key the dependency-check settings key for the option.
736      * @return the value of the argument
737      */
738     public String getStringArgument(String option, String key) {
739         if (line != null && line.hasOption(option)) {
740             if (key != null && (option.toLowerCase().endsWith("password")
741                     || option.toLowerCase().endsWith("pass"))) {
742                 LOGGER.warn("{} used on the command line, consider moving the password "
743                         + "to a properties file using the key `{}` and using the "
744                         + "--propertyfile argument instead", option, key);
745             }
746             return line.getOptionValue(option);
747         }
748         return null;
749     }
750 
751     /**
752      * Returns the argument value for the given option.
753      *
754      * @param option the option
755      * @return the value of the argument
756      */
757     public String[] getStringArguments(String option) {
758         if (line != null && line.hasOption(option)) {
759             return line.getOptionValues(option);
760         }
761         return null;
762     }
763 
764     /**
765      * Returns the argument value for the given option.
766      *
767      * @param option the option
768      * @return the value of the argument
769      */
770     public File getFileArgument(String option) {
771         final String path = line.getOptionValue(option);
772         if (path != null) {
773             return new File(path);
774         }
775         return null;
776     }
777 
778     /**
779      * Displays the command line help message to the standard output.
780      */
781     public void printHelp() {
782         final HelpFormatter formatter = new HelpFormatter();
783         final Options options = new Options();
784         addStandardOptions(options);
785         if (line != null && line.hasOption(ARGUMENT.ADVANCED_HELP)) {
786             addAdvancedOptions(options);
787         }
788         final String helpMsg = String.format("%n%s"
789                         + " can be used to identify if there are any known CVE vulnerabilities in libraries utilized by an application. "
790                         + "%s will automatically update required data from the Internet, such as the CVE and CPE data files from nvd.nist.gov.%n%n",
791                 settings.getString(Settings.KEYS.APPLICATION_NAME, "DependencyCheck"),
792                 settings.getString(Settings.KEYS.APPLICATION_NAME, "DependencyCheck"));
793 
794         formatter.printHelp(settings.getString(Settings.KEYS.APPLICATION_NAME, "DependencyCheck"),
795                 helpMsg,
796                 options,
797                 "",
798                 true);
799     }
800 
801     /**
802      * Retrieves the file command line parameter(s) specified for the 'scan'
803      * argument.
804      *
805      * @return the file paths specified on the command line for scan
806      */
807     public String[] getScanFiles() {
808         return line.getOptionValues(ARGUMENT.SCAN);
809     }
810 
811     /**
812      * Retrieves the list of excluded file patterns specified by the 'exclude'
813      * argument.
814      *
815      * @return the excluded file patterns
816      */
817     public String[] getExcludeList() {
818         return line.getOptionValues(ARGUMENT.EXCLUDE);
819     }
820 
821     /**
822      * Retrieves the list of retire JS content filters used to exclude JS files
823      * by content.
824      *
825      * @return the retireJS filters
826      */
827     public String[] getRetireJsFilters() {
828         return line.getOptionValues(ARGUMENT.RETIREJS_FILTERS);
829     }
830 
831     /**
832      * Returns whether or not the retireJS analyzer should exclude
833      * non-vulnerable JS from the report.
834      *
835      * @return <code>true</code> if non-vulnerable JS should be filtered in the
836      * RetireJS Analyzer; otherwise <code>null</code>
837      */
838     @SuppressFBWarnings(justification = "Accepting that this is a bad practice - but made more sense in this use case",
839             value = {"NP_BOOLEAN_RETURN_NULL"})
840     public Boolean isRetireJsFilterNonVulnerable() {
841         return (line != null && line.hasOption(ARGUMENT.RETIREJS_FILTER_NON_VULNERABLE)) ? true : null;
842     }
843 
844     /**
845      * Returns the directory to write the reports to specified on the command
846      * line.
847      *
848      * @return the path to the reports directory.
849      */
850     public String getReportDirectory() {
851         return line.getOptionValue(ARGUMENT.OUT, ".");
852     }
853 
854     /**
855      * Returns the output format specified on the command line. Defaults to HTML
856      * if no format was specified.
857      *
858      * @return the output format name.
859      */
860     public String[] getReportFormat() {
861         if (line.hasOption(ARGUMENT.OUTPUT_FORMAT)) {
862             return line.getOptionValues(ARGUMENT.OUTPUT_FORMAT);
863         }
864         return new String[]{"HTML"};
865     }
866 
867     /**
868      * Returns the application name specified on the command line.
869      *
870      * @return the application name.
871      */
872     public String getProjectName() {
873         String name = line.getOptionValue(ARGUMENT.PROJECT);
874         if (name == null) {
875             name = "";
876         }
877         return name;
878     }
879 
880     /**
881      * <p>
882      * Prints the manifest information to standard output.</p>
883      * <ul><li>Implementation-Title: ${pom.name}</li>
884      * <li>Implementation-Version: ${pom.version}</li></ul>
885      */
886     public void printVersionInfo() {
887         final String version = String.format("%s version %s",
888                 settings.getString(Settings.KEYS.APPLICATION_NAME, "dependency-check"),
889                 settings.getString(Settings.KEYS.APPLICATION_VERSION, "Unknown"));
890         System.out.println(version);
891     }
892 
893     /**
894      * Checks if the update only flag has been set.
895      *
896      * @return <code>true</code> if the update only flag has been set; otherwise
897      * <code>false</code>.
898      */
899     public boolean isUpdateOnly() {
900         return line != null && line.hasOption(ARGUMENT.UPDATE_ONLY);
901     }
902 
903     /**
904      * Checks if the purge NVD flag has been set.
905      *
906      * @return <code>true</code> if the purge nvd flag has been set; otherwise
907      * <code>false</code>.
908      */
909     public boolean isPurge() {
910         return line != null && line.hasOption(ARGUMENT.PURGE_NVD);
911     }
912 
913     /**
914      * Returns the database driver name if specified; otherwise null is
915      * returned.
916      *
917      * @return the database driver name if specified; otherwise null is returned
918      */
919     public String getDatabaseDriverName() {
920         return line.getOptionValue(ARGUMENT.DB_DRIVER);
921     }
922 
923     /**
924      * Returns the argument value.
925      *
926      * @param argument the argument
927      * @return the value of the argument
928      */
929     public Integer getIntegerValue(String argument) {
930         final String v = line.getOptionValue(argument);
931         if (v != null) {
932             return Integer.parseInt(v);
933         }
934         return null;
935     }
936 
937     /**
938      * Checks if the option is present. If present it will return
939      * <code>true</code>; otherwise <code>false</code>.
940      *
941      * @param option the option to check
942      * @return <code>true</code> if auto-update is allowed; otherwise
943      * <code>null</code>
944      */
945     @SuppressFBWarnings(justification = "Accepting that this is a bad practice - but made more sense in this use case",
946             value = {"NP_BOOLEAN_RETURN_NULL"})
947     public Boolean hasOption(String option) {
948         return (line != null && line.hasOption(option)) ? true : null;
949     }
950 
951     /**
952      * Returns the CVSS value to fail on.
953      *
954      * @return 11 if nothing is set. Otherwise it returns the int passed from
955      * the command line arg
956      */
957     public float getFailOnCVSS() {
958         if (line.hasOption(ARGUMENT.FAIL_ON_CVSS)) {
959             final String value = line.getOptionValue(ARGUMENT.FAIL_ON_CVSS);
960             try {
961                 return Float.parseFloat(value);
962             } catch (NumberFormatException nfe) {
963                 return 11;
964             }
965         } else {
966             return 11;
967         }
968     }
969 
970     /**
971      * Returns the float argument for the given option.
972      *
973      * @param option the option
974      * @param defaultValue the value if the option is not present
975      * @return the value of the argument if present; otherwise the defaultValue
976      */
977     public float getFloatArgument(String option, float defaultValue) {
978         if (line.hasOption(option)) {
979             final String value = line.getOptionValue(option);
980             try {
981                 return Integer.parseInt(value);
982             } catch (NumberFormatException nfe) {
983                 return defaultValue;
984             }
985         } else {
986             return defaultValue;
987         }
988     }
989 
990     /**
991      * Builds a new option.
992      *
993      * @param name the long name
994      * @param description the description
995      * @return a new option
996      */
997     private Option newOption(String name, String description) {
998         return Option.builder().longOpt(name).desc(description).build();
999     }
1000 
1001     /**
1002      * Builds a new option.
1003      *
1004      * @param shortName the short name
1005      * @param name the long name
1006      * @param description the description
1007      * @return a new option
1008      */
1009     private Option newOption(String shortName, String name, String description) {
1010         return Option.builder(shortName).longOpt(name).desc(description).build();
1011     }
1012 
1013     /**
1014      * Builds a new option.
1015      *
1016      * @param name the long name
1017      * @param arg the argument name
1018      * @param description the description
1019      * @return a new option
1020      */
1021     private Option newOptionWithArg(String name, String arg, String description) {
1022         return Option.builder().longOpt(name).argName(arg).hasArg().desc(description).build();
1023     }
1024 
1025     /**
1026      * Builds a new option.
1027      *
1028      * @param shortName the short name
1029      * @param name the long name
1030      * @param arg the argument name
1031      * @param description the description
1032      * @return a new option
1033      */
1034     private Option newOptionWithArg(String shortName, String name, String arg, String description) {
1035         return Option.builder(shortName).longOpt(name).argName(arg).hasArg().desc(description).build();
1036     }
1037 
1038     /**
1039      * Builds a new option group so that an option can be specified multiple
1040      * times on the command line.
1041      *
1042      * @param option the option to add to the group
1043      * @return a new option group
1044      */
1045     private OptionGroup newOptionGroup(Option option) {
1046         final OptionGroup group = new OptionGroup();
1047         group.addOption(option);
1048         return group;
1049     }
1050 
1051     /**
1052      * A collection of static final strings that represent the possible command
1053      * line arguments.
1054      */
1055     public static class ARGUMENT {
1056 
1057         /**
1058          * The long CLI argument name specifying the directory/file to scan.
1059          */
1060         public static final String SCAN = "scan";
1061         /**
1062          * The short CLI argument name specifying the directory/file to scan.
1063          */
1064         public static final String SCAN_SHORT = "s";
1065         /**
1066          * The long CLI argument name specifying that the CPE/CVE/etc. data
1067          * should not be automatically updated.
1068          */
1069         public static final String DISABLE_AUTO_UPDATE = "noupdate";
1070         /**
1071          * The long CLI argument name specifying that the version check should
1072          * not be performed.
1073          */
1074         public static final String DISABLE_VERSION_CHECK = "disableVersionCheck";
1075         /**
1076          * The short CLI argument name specifying that the CPE/CVE/etc. data
1077          * should not be automatically updated.
1078          */
1079         public static final String DISABLE_AUTO_UPDATE_SHORT = "n";
1080         /**
1081          * The long CLI argument name specifying that only the update phase
1082          * should be executed; no scan should be run.
1083          */
1084         public static final String UPDATE_ONLY = "updateonly";
1085         /**
1086          * The long CLI argument name specifying that only the update phase
1087          * should be executed; no scan should be run.
1088          */
1089         public static final String PURGE_NVD = "purge";
1090         /**
1091          * The long CLI argument name specifying the directory to write the
1092          * reports to.
1093          */
1094         public static final String OUT = "out";
1095         /**
1096          * The short CLI argument name specifying the directory to write the
1097          * reports to.
1098          */
1099         public static final String OUT_SHORT = "o";
1100         /**
1101          * The long CLI argument name specifying the output format to write the
1102          * reports to.
1103          */
1104         public static final String OUTPUT_FORMAT = "format";
1105         /**
1106          * The short CLI argument name specifying the output format to write the
1107          * reports to.
1108          */
1109         public static final String OUTPUT_FORMAT_SHORT = "f";
1110         /**
1111          * The long CLI argument name specifying the name of the project to be
1112          * scanned.
1113          */
1114         public static final String PROJECT = "project";
1115         /**
1116          * The long CLI argument name asking for help.
1117          */
1118         public static final String HELP = "help";
1119         /**
1120          * The long CLI argument name asking for advanced help.
1121          */
1122         public static final String ADVANCED_HELP = "advancedHelp";
1123         /**
1124          * The short CLI argument name asking for help.
1125          */
1126         public static final String HELP_SHORT = "h";
1127         /**
1128          * The long CLI argument name asking for the version.
1129          */
1130         public static final String VERSION_SHORT = "v";
1131         /**
1132          * The short CLI argument name asking for the version.
1133          */
1134         public static final String VERSION = "version";
1135         /**
1136          * The CLI argument name indicating the proxy port.
1137          */
1138         public static final String PROXY_PORT = "proxyport";
1139         /**
1140          * The CLI argument name indicating the proxy server.
1141          */
1142         public static final String PROXY_SERVER = "proxyserver";
1143         /**
1144          * The CLI argument name indicating the proxy username.
1145          */
1146         public static final String PROXY_USERNAME = "proxyuser";
1147         /**
1148          * The CLI argument name indicating the proxy password.
1149          */
1150         public static final String PROXY_PASSWORD = "proxypass";
1151         /**
1152          * The CLI argument name indicating the proxy proxy exclusion list.
1153          */
1154         public static final String NON_PROXY_HOSTS = "nonProxyHosts";
1155         /**
1156          * The short CLI argument name indicating the connection timeout.
1157          */
1158         public static final String CONNECTION_TIMEOUT_SHORT = "c";
1159         /**
1160          * The CLI argument name indicating the connection timeout.
1161          */
1162         public static final String CONNECTION_TIMEOUT = "connectiontimeout";
1163         /**
1164          * The CLI argument name indicating the connection read timeout.
1165          */
1166         public static final String CONNECTION_READ_TIMEOUT = "readtimeout";
1167         /**
1168          * The short CLI argument name for setting the location of an additional
1169          * properties file.
1170          */
1171         public static final String PROP_SHORT = "P";
1172         /**
1173          * The CLI argument name for setting the location of an additional
1174          * properties file.
1175          */
1176         public static final String PROP = "propertyfile";
1177         /**
1178          * The CLI argument name for setting the location of the data directory.
1179          */
1180         public static final String DATA_DIRECTORY = "data";
1181         /**
1182          * The CLI argument name for setting the URL for the NVD API Endpoint.
1183          */
1184         public static final String NVD_API_ENDPOINT = "nvdApiEndpoint";
1185         /**
1186          * The CLI argument name for setting the URL for the NVD API Key.
1187          */
1188         public static final String NVD_API_KEY = "nvdApiKey";
1189         /**
1190          * The CLI argument name for setting the maximum number of retry
1191          * requests for a single call to the NVD API.
1192          */
1193         public static final String NVD_API_MAX_RETRY_COUNT = "nvdMaxRetryCount";
1194         /**
1195          * The CLI argument name for setting the number of hours to wait before
1196          * checking for new updates from the NVD.
1197          */
1198         public static final String NVD_API_VALID_FOR_HOURS = "nvdValidForHours";
1199         /**
1200          * The CLI argument name for the NVD API Data Feed URL.
1201          */
1202         public static final String NVD_API_DATAFEED_URL = "nvdDatafeed";
1203         /**
1204          * The username for basic auth to the CVE data.
1205          */
1206         public static final String NVD_API_DATAFEED_USER = "nvdUser";
1207         /**
1208          * The password for basic auth to the CVE data.
1209          */
1210         public static final String NVD_API_DATAFEED_PASSWORD = "nvdPassword";
1211         /**
1212          * The token for bearer auth to the CVE data.
1213          */
1214         public static final String NVD_API_DATAFEED_BEARER_TOKEN = "nvdBearerToken";
1215         /**
1216          * The username for basic auth to web-hosted suppression files.
1217          */
1218         public static final String SUPPRESSION_FILE_USER = "suppressionUser";
1219         /**
1220          * The passwored for basic auth to web-hosted suppression files.
1221          */
1222         public static final String SUPPRESSION_FILE_PASSWORD = "suppressionPassword";
1223         /**
1224          * The toke for bearer auth to web-hosted suppression files.
1225          */
1226         public static final String SUPPRESSION_FILE_BEARER_TOKEN = "suppressionBearerToken";
1227         /**
1228          * The time in milliseconds to wait between downloading NVD API data.
1229          */
1230         public static final String NVD_API_DELAY = "nvdApiDelay";
1231         /**
1232          * The number records for a single page from NVD API.
1233          */
1234         public static final String NVD_API_RESULTS_PER_PAGE = "nvdApiResultsPerPage";
1235         /**
1236          * The short CLI argument name for setting the location of the data
1237          * directory.
1238          */
1239         public static final String DATA_DIRECTORY_SHORT = "d";
1240         /**
1241          * The CLI argument name for setting the location of the data directory.
1242          */
1243         public static final String VERBOSE_LOG = "log";
1244         /**
1245          * The short CLI argument name for setting the location of the data
1246          * directory.
1247          */
1248         public static final String VERBOSE_LOG_SHORT = "l";
1249         /**
1250          * The CLI argument name for setting the depth of symbolic links that
1251          * will be followed.
1252          */
1253         public static final String SYM_LINK_DEPTH = "symLink";
1254         /**
1255          * The CLI argument name for setting the location of the suppression
1256          * file(s).
1257          */
1258         public static final String SUPPRESSION_FILES = "suppression";
1259         /**
1260          * The CLI argument name for setting the location of the hint file.
1261          */
1262         public static final String HINTS_FILE = "hints";
1263         /**
1264          * Disables the Jar Analyzer.
1265          */
1266         public static final String DISABLE_JAR = "disableJar";
1267         /**
1268          * Disable the MS Build Analyzer.
1269          */
1270         public static final String DISABLE_MSBUILD = "disableMSBuild";
1271         /**
1272          * Disables the Archive Analyzer.
1273          */
1274         public static final String DISABLE_ARCHIVE = "disableArchive";
1275         /**
1276          * Disables the Known Exploited Analyzer.
1277          */
1278         public static final String DISABLE_KEV = "disableKnownExploited";
1279         /**
1280          * The URL to the CISA Known Exploited Vulnerability JSON datafeed.
1281          */
1282         public static final String KEV_URL = "kevURL";
1283         /**
1284          * The user for basic auth towards a CISA Known Exploited Vulnerability JSON datafeed mirror.
1285          */
1286         public static final String KEV_USER = "kevUser";
1287         /**
1288          * The password for basic auth towards a CISA Known Exploited Vulnerability JSON datafeed mirror.
1289          */
1290         public static final String KEV_PASSWORD = "kevPassword";
1291         /**
1292          * The token for bearer auth towards a CISA Known Exploited Vulnerability JSON datafeed mirror.
1293          */
1294         public static final String KEV_BEARER_TOKEN = "kevBearerToken";
1295         /**
1296          * Disables the Python Distribution Analyzer.
1297          */
1298         public static final String DISABLE_PY_DIST = "disablePyDist";
1299         /**
1300          * Disables the Python Package Analyzer.
1301          */
1302         public static final String DISABLE_PY_PKG = "disablePyPkg";
1303         /**
1304          * Disables the Elixir mix audit Analyzer.
1305          */
1306         public static final String DISABLE_MIX_AUDIT = "disableMixAudit";
1307         /**
1308          * Disables the Golang Dependency Analyzer.
1309          */
1310         public static final String DISABLE_GO_DEP = "disableGolangDep";
1311         /**
1312          * Disables the PHP Composer Analyzer.
1313          */
1314         public static final String DISABLE_COMPOSER = "disableComposer";
1315         /**
1316          * Whether the PHP Composer Analyzer skips dev packages.
1317          */
1318         public static final String COMPOSER_LOCK_SKIP_DEV = "composerSkipDev";
1319         /**
1320          * Disables the Perl CPAN File Analyzer.
1321          */
1322         public static final String DISABLE_CPAN = "disableCpan";
1323         /**
1324          * Disables the Golang Mod Analyzer.
1325          */
1326         public static final String DISABLE_GOLANG_MOD = "disableGolangMod";
1327         /**
1328          * Disables the Dart Analyzer.
1329          */
1330         public static final String DISABLE_DART = "disableDart";
1331         /**
1332          * The CLI argument name for setting the path to `go`.
1333          */
1334         public static final String PATH_TO_GO = "go";
1335         /**
1336          * The CLI argument name for setting the path to `yarn`.
1337          */
1338         public static final String PATH_TO_YARN = "yarn";
1339         /**
1340          * The CLI argument name for setting the path to `pnpm`.
1341          */
1342         public static final String PATH_TO_PNPM = "pnpm";
1343         /**
1344          * Disables the Ruby Gemspec Analyzer.
1345          */
1346         public static final String DISABLE_RUBYGEMS = "disableRubygems";
1347         /**
1348          * Disables the Autoconf Analyzer.
1349          */
1350         public static final String DISABLE_AUTOCONF = "disableAutoconf";
1351         /**
1352          * Disables the Maven install Analyzer.
1353          */
1354         public static final String DISABLE_MAVEN_INSTALL = "disableMavenInstall";
1355         /**
1356          * Disables the pip Analyzer.
1357          */
1358         public static final String DISABLE_PIP = "disablePip";
1359         /**
1360          * Disables the Pipfile Analyzer.
1361          */
1362         public static final String DISABLE_PIPFILE = "disablePipfile";
1363         /**
1364          * Disables the Poetry Analyzer.
1365          */
1366         public static final String DISABLE_POETRY = "disablePoetry";
1367         /**
1368          * Disables the Cmake Analyzer.
1369          */
1370         public static final String DISABLE_CMAKE = "disableCmake";
1371         /**
1372          * Disables the cocoapods analyzer.
1373          */
1374         public static final String DISABLE_COCOAPODS = "disableCocoapodsAnalyzer";
1375         /**
1376          * Disables the Carthage analyzer.
1377          */
1378         public static final String DISABLE_CARTHAGE = "disableCarthageAnalyzer";
1379         /**
1380          * Disables the swift package manager analyzer.
1381          */
1382         public static final String DISABLE_SWIFT = "disableSwiftPackageManagerAnalyzer";
1383         /**
1384          * Disables the swift package resolved analyzer.
1385          */
1386         public static final String DISABLE_SWIFT_RESOLVED = "disableSwiftPackageResolvedAnalyzer";
1387         /**
1388          * Disables the Assembly Analyzer.
1389          */
1390         public static final String DISABLE_ASSEMBLY = "disableAssembly";
1391         /**
1392          * Disables the Ruby Bundler Audit Analyzer.
1393          */
1394         public static final String DISABLE_BUNDLE_AUDIT = "disableBundleAudit";
1395         /**
1396          * Disables the File Name Analyzer.
1397          */
1398         public static final String DISABLE_FILENAME = "disableFileName";
1399         /**
1400          * Disables the Nuspec Analyzer.
1401          */
1402         public static final String DISABLE_NUSPEC = "disableNuspec";
1403         /**
1404          * Disables the Nuget packages.config Analyzer.
1405          */
1406         public static final String DISABLE_NUGETCONF = "disableNugetconf";
1407         /**
1408          * Disables the Central Analyzer.
1409          */
1410         public static final String DISABLE_CENTRAL = "disableCentral";
1411         /**
1412          * Disables the Central Analyzer's ability to cache results locally.
1413          */
1414         public static final String DISABLE_CENTRAL_CACHE = "disableCentralCache";
1415         /**
1416          * The alternative URL for Maven Central Search.
1417          */
1418         public static final String CENTRAL_URL = "centralUrl";
1419         /**
1420          * The username for basic authentication to the alternative Maven Central Search.
1421          */
1422         public static final String CENTRAL_USERNAME = "centralUsername";
1423         /**
1424          * The password for basic authentication to the alternative Maven Central Search.
1425          */
1426         public static final String CENTRAL_PASSWORD = "centralPassword";
1427         /**
1428          * The token for bearer authentication to the alternative Maven Central Search.
1429          */
1430         public static final String CENTRAL_BEARER_TOKEN = "centralBearerToken";
1431         /**
1432          * Disables the Nexus Analyzer.
1433          */
1434         public static final String ENABLE_NEXUS = "enableNexus";
1435         /**
1436          * Disables the Sonatype OSS Index Analyzer.
1437          */
1438         public static final String DISABLE_OSSINDEX = "disableOssIndex";
1439         /**
1440          * Disables the Sonatype OSS Index Analyzer's ability to cache results
1441          * locally.
1442          */
1443         public static final String DISABLE_OSSINDEX_CACHE = "disableOssIndexCache";
1444         /**
1445          * The alternative URL for the Sonatype OSS Index.
1446          */
1447         public static final String OSSINDEX_URL = "ossIndexUrl";
1448         /**
1449          * The username for the Sonatype OSS Index.
1450          */
1451         public static final String OSSINDEX_USERNAME = "ossIndexUsername";
1452         /**
1453          * The password for the Sonatype OSS Index.
1454          */
1455         public static final String OSSINDEX_PASSWORD = "ossIndexPassword";
1456         /**
1457          * The password for the Sonatype OSS Index.
1458          */
1459         public static final String OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS = "ossIndexRemoteErrorWarnOnly";
1460         /**
1461          * Disables the OpenSSL Analyzer.
1462          */
1463         public static final String DISABLE_OPENSSL = "disableOpenSSL";
1464         /**
1465          * Disables the Node.js Package Analyzer.
1466          */
1467         public static final String DISABLE_NODE_JS = "disableNodeJS";
1468         /**
1469          * Skips dev dependencies in Node Package Analyzer.
1470          */
1471         public static final String NODE_PACKAGE_SKIP_DEV_DEPENDENCIES = "nodePackageSkipDevDependencies";
1472         /**
1473          * Disables the Node Audit Analyzer.
1474          */
1475         public static final String DISABLE_NODE_AUDIT = "disableNodeAudit";
1476         /**
1477          * Disables the Yarn Audit Analyzer.
1478          */
1479         public static final String DISABLE_YARN_AUDIT = "disableYarnAudit";
1480         /**
1481          * Disables the Pnpm Audit Analyzer.
1482          */
1483         public static final String DISABLE_PNPM_AUDIT = "disablePnpmAudit";
1484         /**
1485          * Disables the Node Audit Analyzer's ability to cache results locally.
1486          */
1487         public static final String DISABLE_NODE_AUDIT_CACHE = "disableNodeAuditCache";
1488         /**
1489          * Configures the Node Audit Analyzer to skip the dev dependencies.
1490          */
1491         public static final String DISABLE_NODE_AUDIT_SKIPDEV = "nodeAuditSkipDevDependencies";
1492         /**
1493          * Disables the RetireJS Analyzer.
1494          */
1495         public static final String DISABLE_RETIRE_JS = "disableRetireJS";
1496         /**
1497          * Whether the RetireJS Analyzer will update regardless of the
1498          * `autoupdate` setting.
1499          */
1500         public static final String RETIRE_JS_FORCEUPDATE = "retireJsForceUpdate";
1501         /**
1502          * The URL to the retire JS repository.
1503          */
1504         public static final String RETIREJS_URL = "retireJsUrl";
1505         /**
1506          * The username for basic auth to the retire JS repository.
1507          */
1508         public static final String RETIREJS_URL_USER = "retireJsUrlUser";
1509         /**
1510          * The password for basic auth to the retire JS repository.
1511          */
1512         public static final String RETIREJS_URL_PASSWORD = "retireJsUrlPass";
1513         /**
1514          * The token for bearer auth to the retire JS repository.
1515          */
1516         public static final String RETIREJS_URL_BEARER_TOKEN = "retireJsUrlBearerToken";
1517         /**
1518          * The URL of the nexus server.
1519          */
1520         public static final String NEXUS_URL = "nexus";
1521         /**
1522          * The username for the nexus server.
1523          */
1524         public static final String NEXUS_USERNAME = "nexusUser";
1525         /**
1526          * The password for the nexus server.
1527          */
1528         public static final String NEXUS_PASSWORD = "nexusPass";
1529         /**
1530          * Whether or not the defined proxy should be used when connecting to
1531          * Nexus.
1532          */
1533         public static final String NEXUS_USES_PROXY = "nexusUsesProxy";
1534         /**
1535          * The CLI argument name for setting the connection string.
1536          */
1537         public static final String CONNECTION_STRING = "connectionString";
1538         /**
1539          * The CLI argument name for setting the database user name.
1540          */
1541         public static final String DB_NAME = "dbUser";
1542         /**
1543          * The CLI argument name for setting the database password.
1544          */
1545         public static final String DB_PASSWORD = "dbPassword";
1546         /**
1547          * The CLI argument name for setting the database driver name.
1548          */
1549         public static final String DB_DRIVER = "dbDriverName";
1550         /**
1551          * The CLI argument name for setting the path to the database driver; in
1552          * case it is not on the class path.
1553          */
1554         public static final String DB_DRIVER_PATH = "dbDriverPath";
1555         /**
1556          * The CLI argument name for setting the path to dotnet core.
1557          */
1558         public static final String PATH_TO_CORE = "dotnet";
1559         /**
1560          * The CLI argument name for setting extra extensions.
1561          */
1562         public static final String ADDITIONAL_ZIP_EXTENSIONS = "zipExtensions";
1563         /**
1564          * Exclude path argument.
1565          */
1566         public static final String EXCLUDE = "exclude";
1567         /**
1568          * The CLI argument name for setting the path to bundle-audit for Ruby
1569          * bundle analysis.
1570          */
1571         public static final String PATH_TO_BUNDLE_AUDIT = "bundleAudit";
1572         /**
1573          * The CLI argument name for setting the path that should be used as the
1574          * working directory that the bundle-audit command used for Ruby bundle
1575          * analysis should be executed from. This will allow for the usage of
1576          * rbenv
1577          */
1578         public static final String PATH_TO_BUNDLE_AUDIT_WORKING_DIRECTORY = "bundleAuditWorkingDirectory";
1579         /**
1580          * The CLI argument name for setting the path to mix_audit for Elixir
1581          * analysis.
1582          */
1583         public static final String PATH_TO_MIX_AUDIT = "mixAudit";
1584         /**
1585          * The CLI argument to enable the experimental analyzers.
1586          */
1587         public static final String EXPERIMENTAL = "enableExperimental";
1588         /**
1589          * The CLI argument to enable the retired analyzers.
1590          */
1591         public static final String RETIRED = "enableRetired";
1592         /**
1593          * The CLI argument for the retire js content filters.
1594          */
1595         public static final String RETIREJS_FILTERS = "retirejsFilter";
1596         /**
1597          * The CLI argument for the retire js content filters.
1598          */
1599         public static final String RETIREJS_FILTER_NON_VULNERABLE = "retirejsFilterNonVulnerable";
1600         /**
1601          * The CLI argument for indicating if the Artifactory analyzer should be
1602          * enabled.
1603          */
1604         public static final String ARTIFACTORY_ENABLED = "enableArtifactory";
1605         /**
1606          * The CLI argument for indicating if the Artifactory analyzer should
1607          * use the proxy.
1608          */
1609         public static final String ARTIFACTORY_URL = "artifactoryUrl";
1610         /**
1611          * The CLI argument for indicating the Artifactory username.
1612          */
1613         public static final String ARTIFACTORY_USERNAME = "artifactoryUsername";
1614         /**
1615          * The CLI argument for indicating the Artifactory API token.
1616          */
1617         public static final String ARTIFACTORY_API_TOKEN = "artifactoryApiToken";
1618         /**
1619          * The CLI argument for indicating the Artifactory bearer token.
1620          */
1621         public static final String ARTIFACTORY_BEARER_TOKEN = "artifactoryBearerToken";
1622         /**
1623          * The CLI argument for indicating if the Artifactory analyzer should
1624          * use the proxy.
1625          */
1626         public static final String ARTIFACTORY_USES_PROXY = "artifactoryUseProxy";
1627         /**
1628          * The CLI argument for indicating if the Artifactory analyzer should
1629          * use the parallel analysis.
1630          */
1631         public static final String ARTIFACTORY_PARALLEL_ANALYSIS = "artifactoryParallelAnalysis";
1632         /**
1633          * The CLI argument to configure when the execution should be considered
1634          * a failure.
1635          */
1636         public static final String FAIL_ON_CVSS = "failOnCVSS";
1637         /**
1638          * The CLI argument to configure if the XML and JSON reports should be
1639          * pretty printed.
1640          */
1641         public static final String PRETTY_PRINT = "prettyPrint";
1642         /**
1643          * The CLI argument to set the threshold that is considered a failure
1644          * when generating the JUNIT report format.
1645          */
1646         public static final String FAIL_JUNIT_ON_CVSS = "junitFailOnCVSS";
1647         /**
1648          * The CLI argument to set the number of hours to wait before
1649          * re-checking hosted suppressions file for updates.
1650          */
1651         public static final String DISABLE_HOSTED_SUPPRESSIONS = "disableHostedSuppressions";
1652         /**
1653          * The CLI argument to set the number of hours to wait before
1654          * re-checking hosted suppressions file for updates.
1655          */
1656         public static final String HOSTED_SUPPRESSIONS_VALID_FOR_HOURS = "hostedSuppressionsValidForHours";
1657         /**
1658          * The CLI argument to set Whether the hosted suppressions file will
1659          * update regardless of the `noupdate` argument.
1660          */
1661         public static final String HOSTED_SUPPRESSIONS_FORCEUPDATE = "hostedSuppressionsForceUpdate";
1662         /**
1663          * The CLI argument to set the location of a mirrored hosted
1664          * suppressions file .
1665          */
1666         public static final String HOSTED_SUPPRESSIONS_URL = "hostedSuppressionsUrl";
1667         /**
1668          * The username for basic auth to a mirrored hosted suppressions file.
1669          */
1670         public static final String HOSTED_SUPPRESSIONS_USER = "hostedSuppressionsUser";
1671         /**
1672          * The passwored for basic auth to a mirrored hosted suppressions file.
1673          */
1674         public static final String HOSTED_SUPPRESSIONS_PASSWORD = "hostedSuppressionsPassword";
1675         /**
1676          * The toke for bearer auth to  a mirrored hosted suppressions file.
1677          */
1678         public static final String HOSTED_SUPPRESSIONS_BEARER_TOKEN = "hostedSuppressionsBearerToken";
1679     }
1680 }