-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathcli.js
More file actions
executable file
·49 lines (45 loc) · 2.84 KB
/
cli.js
File metadata and controls
executable file
·49 lines (45 loc) · 2.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/usr/bin/env node
const chalk = require('chalk');
const clear = require('clear');
const figlet = require('figlet');
const path = require('path');
const program = require('commander');
const config = require('./config.json');
config.version = require('./package.json').version;
const { scan } = require('./index.js');
clear();
console.log(
chalk.red(
figlet.textSync('CodeQL Agent')
)
);
console.log(
chalk.italic.green(
`\tAuthor: doublevkay - Version: ${config.version}\n`
)
);
program
.name('codeql-agent')
.description('Automate the process of using CodeQL, a semantic code analysis engine, to execute code scanning in source.\n\nExamples:\n\tcodeql-agent src/sammple \n\tcodeql-agent scan src/sammple --use-docker\n\tcodeql-agent scan https://github.com/OWASP/NodeGoat')
.version(config.version);
program.command('scan')
.description('scan a target. Target could be source code folder, remote repository (e.g. GitHub repository) or a list of target.')
.argument('<target>', 'source code folder, remote repository or list of target.\n\nExamples:\n\tcodeql-agent scan src/sammple\n\tcodeql-agent scan targets.txt\n\tcodeql-agent scan https://github.com/OWASP/NodeGoat')
.option('-l, --language <language>', 'language of source code. Supported languages: go, java, cpp, csharp, cpp, javascript, ruby. Omitting this option to auto-detect the language.',)
.option('-o, --output <output>', 'output folder. Default: <target>-codeql-results')
.option('-c, --command <command>', 'command to create database for compiled languages, omit if the only languages requested are Python and JavaScript. This specifies the build commands needed to invoke the compiler. If you don\'t set this variable, CodeQL will attempt to detect the build system automatically, using a built-in autobuilder')
.option('-t, --threads <number>', 'number of threads to use. Pass 0 to use one threads per core on the machine. Default: 1', 1)
.option('--query <query>', 'CodeQL query to run. Default: <language>-security-extended.qls')
.option('--format <format>', 'output format. Default: sarif-latest', 'sarif-latest')
.option('--overwrite', 'overwrite existing database.')
.option('--download', 'download missing queries before analyzing.')
.option('--remove-remote-repository', 'remove the remote repository after cloning.')
.option('--db-output <dbOutput>', 'database folder path. ')
.option('--remove-database', 'remove the CodeQL database after scanning.')
.option('--create-db-only', 'only create CodeQL database, do not scan.')
.option('--enable-file-logging', 'enable file logging.')
.option('--discord-webhook <webhookUrl>', 'discord web hook to send the result to.')
.option('--use-docker', 'use docker to isolated run CodeQL.')
.option('-v, --verbose', 'verbose output')
.action(scan);
program.parse();