-
Notifications
You must be signed in to change notification settings - Fork 3
/
flags.go
259 lines (202 loc) · 10.8 KB
/
flags.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
// Copyright 2020 Adam Chalkley
//
// https://github.com/atc0005/check-cert
//
// Licensed under the MIT License. See LICENSE file in the project root for
// full license information.
package config
import (
"flag"
"fmt"
"os"
)
// supportedValuesFlagHelpText is a flag package helper function that combines
// base help text with a list of supported values for the flag.
func supportedValuesFlagHelpText(baseHelpText string, supportedValues []string) string {
return fmt.Sprintf(
"%s Supported values: %v",
baseHelpText,
supportedValues,
)
}
// handleFlagsConfig handles toggling the exposure of specific configuration
// flags to the user. This behavior is controlled via the specified
// application type as set by each cmd. Based on the application type, a
// smaller subset of flags specific to each type are exposed along with a set
// common to all application types.
func (c *Config) handleFlagsConfig(appType AppType) {
var (
// Application specific template used for generating lead-in
// usage/help text.
usageTextHeaderTmpl string
// Additional requirements for using positional arguments. May not
// apply to all application types.
positionalArgRequirements string
// A human readable description of the specific application.
appDescription string
)
// Flags specific to one application type or the other
switch {
case appType.Plugin:
// Override the default Help output with a brief lead-in summary of
// the expected syntax and project version.
//
// For this specific application type, flags are *required*.
//
// https://stackoverflow.com/a/36787811/903870
// https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
usageTextHeaderTmpl = "%s\n\nUsage: %s <flags>\n\n%s\n\nFlags:\n"
appDescription = "Nagios plugin used to monitor & perform validation checks of certificate chains."
flag.BoolVar(&c.EmitBranding, BrandingFlag, defaultBranding, brandingFlagHelp)
flag.BoolVar(
&c.IgnoreHostnameVerificationFailureIfEmptySANsList,
IgnoreHostnameVerificationFailureIfEmptySANsListFlag,
defaultIgnoreHostnameVerificationIfEmptySANsList,
ignoreHostnameVerificationFailureIfEmptySANsListFlagHelp,
)
flag.BoolVar(
&c.IgnoreExpiredIntermediateCertificates,
IgnoreExpiredIntermediateCertificatesFlag,
defaultIgnoreExpiredIntermediateCertificates,
ignoreExpiredIntermediateCertificatesFlagHelp,
)
flag.BoolVar(
&c.IgnoreExpiredRootCertificates,
IgnoreExpiredRootCertificatesFlag,
defaultIgnoreExpiredRootCertificates,
ignoreExpiredRootCertificatesFlagHelp,
)
flag.BoolVar(&c.VerboseOutput, VerboseFlagShort, defaultVerboseOutput, verboseOutputFlagHelp+shorthandFlagSuffix)
flag.BoolVar(&c.VerboseOutput, VerboseFlagLong, defaultVerboseOutput, verboseOutputFlagHelp)
flag.BoolVar(&c.ListIgnoredValidationCheckResultErrors, ListIgnoredErrorsFlag, defaultListIgnoredValidationCheckResultErrors, listIgnoredErrorsFlagHelp)
flag.StringVar(&c.Filename, FilenameFlagLong, defaultFilename, filenameFlagHelp)
flag.StringVar(&c.Server, ServerFlagShort, defaultServer, serverFlagHelp+shorthandFlagSuffix)
flag.StringVar(&c.Server, ServerFlagLong, defaultServer, serverFlagHelp)
flag.StringVar(&c.DNSName, DNSNameFlagShort, defaultDNSName, dnsNameFlagHelp+shorthandFlagSuffix)
flag.StringVar(&c.DNSName, DNSNameFlagLong, defaultDNSName, dnsNameFlagHelp)
flag.IntVar(&c.Port, PortFlagShort, defaultPort, portFlagHelp+shorthandFlagSuffix)
flag.IntVar(&c.Port, PortFlagLong, defaultPort, portFlagHelp)
flag.Var(
&c.ignoreValidationResults,
IgnoreValidationResultFlag,
supportedValuesFlagHelpText(ignoreValidationResultsFlagHelp, supportedValidationCheckResultKeywords()),
)
flag.Var(
&c.applyValidationResults,
ApplyValidationResultFlag,
supportedValuesFlagHelpText(applyValidationResultsFlagHelp, supportedValidationCheckResultKeywords()),
)
case appType.Inspector:
// Override the default Help output with a brief lead-in summary of
// the expected syntax and project version.
//
// For this specific application type, flags are required unless the
// host/url pattern is provided, at which point flags are optional.
// Because I'm not sure how to specify this briefly, both are listed
// as optional.
//
// https://stackoverflow.com/a/36787811/903870
// https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
usageTextHeaderTmpl = "%s\n\nUsage: %s [flags] [pattern]\n\n%s\n\nFlags:\n"
positionalArgRequirements = fmt.Sprintf(
"\nPositional Argument (\"pattern\") Requirements:\n\n"+
"- if the %q or %q"+
" flags are specified, the URL pattern is ignored"+
"\n- if the %q flag is specified, its value will be"+
" ignored if a port is provided in the given URL pattern",
ServerFlagLong,
FilenameFlagLong,
PortFlagLong,
)
appDescription = "Used to generate a summary of certificate chain metadata and validation results for quick review."
flag.BoolVar(&c.VerboseOutput, VerboseFlagShort, defaultVerboseOutput, verboseOutputFlagHelp+shorthandFlagSuffix)
flag.BoolVar(&c.VerboseOutput, VerboseFlagLong, defaultVerboseOutput, verboseOutputFlagHelp)
flag.StringVar(&c.Filename, FilenameFlagLong, defaultFilename, filenameFlagHelp)
flag.BoolVar(&c.EmitCertText, EmitCertTextFlagLong, defaultEmitCertText, emitCertTextFlagHelp)
flag.StringVar(&c.Server, ServerFlagShort, defaultServer, serverFlagHelp+shorthandFlagSuffix)
flag.StringVar(&c.Server, ServerFlagLong, defaultServer, serverFlagHelp)
flag.StringVar(&c.DNSName, DNSNameFlagShort, defaultDNSName, dnsNameFlagHelp)
flag.StringVar(&c.DNSName, DNSNameFlagLong, defaultDNSName, dnsNameFlagHelp)
flag.IntVar(&c.Port, PortFlagShort, defaultPort, portFlagHelp+shorthandFlagSuffix)
flag.IntVar(&c.Port, PortFlagLong, defaultPort, portFlagHelp)
case appType.Scanner:
// Override the default Help output with a brief lead-in summary of
// the expected syntax and project version.
//
// For this specific application type, flags are *required*.
//
// https://stackoverflow.com/a/36787811/903870
// https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
usageTextHeaderTmpl = "%s\n\nUsage: %s <flags>\n\n%s\n\nFlags:\n"
appDescription = "Scanner used for evaluating certificates in one or more given IP ranges or collection of name/FQDN values."
flag.IntVar(&c.timeoutPortScan, TimeoutPortScanFlagLong, defaultPortScanTimeout, timeoutPortScanFlagHelp)
flag.IntVar(&c.timeoutPortScan, TimeoutPortScanFlagShort, defaultPortScanTimeout, timeoutPortScanFlagHelp+shorthandFlagSuffix)
flag.Var(&c.hosts, HostsFlagLong, hostsFlagHelp)
flag.Var(&c.hosts, HostsFlagAlt, hostsFlagHelp+" (alt name)")
flag.IntVar(&c.ScanRateLimit, ScanRateLimitFlagLong, defaultScanRateLimit, scanRateLimitFlagHelp)
flag.IntVar(&c.ScanRateLimit, ScanRateLimitFlagShort, defaultScanRateLimit, scanRateLimitFlagHelp+shorthandFlagSuffix)
flag.IntVar(&c.timeoutAppInactivity, AppTimeoutFlagLong, defaultAppTimeout, timeoutAppInactivityFlagHelp)
flag.IntVar(&c.timeoutAppInactivity, AppTimeoutFlagShort, defaultAppTimeout, timeoutAppInactivityFlagHelp+shorthandFlagSuffix)
flag.Var(&c.portsList, PortsFlagLong, portsListFlagHelp)
flag.Var(&c.portsList, PortsFlagShort, portsListFlagHelp+shorthandFlagSuffix)
flag.BoolVar(&c.ShowPortScanResults, ShowPortScanResultsFlagLong, defaultShowPortScanResults, showPortScanResultsFlagHelp)
flag.BoolVar(&c.ShowPortScanResults, ShowPortScanResultsFlagShort, defaultShowPortScanResults, showPortScanResultsFlagHelp+shorthandFlagSuffix)
flag.BoolVar(&c.ShowHostsWithClosedPorts, ShowHostsWithClosedPortsFlagLong, defaultShowHostsWithClosedPorts, showHostsWithClosedPortsFlagHelp)
flag.BoolVar(&c.ShowHostsWithClosedPorts, ShowHostsWithClosedPortsFlagShort, defaultShowHostsWithClosedPorts, showHostsWithClosedPortsFlagHelp+shorthandFlagSuffix)
flag.BoolVar(&c.ShowHostsWithValidCerts, ShowHostsWithValidCertsFlagLong, defaultShowHostsWithValidCerts, showHostsWithValidCertsFlagHelp)
flag.BoolVar(&c.ShowHostsWithValidCerts, ShowHostsWithValidCertsFlagShort, defaultShowHostsWithValidCerts, showHostsWithValidCertsFlagHelp+shorthandFlagSuffix)
flag.BoolVar(&c.ShowValidCerts, ShowValidCertsFlagLong, defaultShowValidCerts, showValidCertsFlagHelp)
flag.BoolVar(&c.ShowValidCerts, ShowValidCertsFlagShort, defaultShowValidCerts, showValidCertsFlagHelp+shorthandFlagSuffix)
flag.BoolVar(&c.ShowOverview, ShowOverviewFlagLong, defaultShowOverview, showOverviewFlagHelp)
flag.BoolVar(&c.ShowOverview, ShowOverviewFlagShort, defaultShowOverview, showOverviewFlagHelp+shorthandFlagSuffix)
}
// Shared flags for all application type
flag.Var(&c.SANsEntries, SANsEntriesFlagShort, sansEntriesFlagHelp+shorthandFlagSuffix)
flag.Var(&c.SANsEntries, SANsEntriesFlagLong, sansEntriesFlagHelp)
flag.IntVar(&c.AgeWarning, AgeWarningFlagShort, defaultCertExpireAgeWarning, certExpireAgeWarningFlagHelp+shorthandFlagSuffix)
flag.IntVar(&c.AgeWarning, AgeWarningFlagLong, defaultCertExpireAgeWarning, certExpireAgeWarningFlagHelp)
flag.IntVar(&c.AgeCritical, AgeCriticalFlagShort, defaultCertExpireAgeCritical, certExpireAgeCriticalFlagHelp+shorthandFlagSuffix)
flag.IntVar(&c.AgeCritical, AgeCriticalFlagLong, defaultCertExpireAgeCritical, certExpireAgeCriticalFlagHelp)
flag.IntVar(&c.timeout, TimeoutFlagShort, defaultConnectTimeout, timeoutConnectFlagHelp+shorthandFlagSuffix)
flag.IntVar(&c.timeout, TimeoutFlagLong, defaultConnectTimeout, timeoutConnectFlagHelp)
flag.StringVar(
&c.LoggingLevel,
LogLevelFlagShort,
defaultLogLevel,
supportedValuesFlagHelpText(logLevelFlagHelp, supportedLogLevels())+shorthandFlagSuffix,
)
flag.StringVar(
&c.LoggingLevel,
LogLevelFlagLong,
defaultLogLevel,
supportedValuesFlagHelpText(logLevelFlagHelp, supportedLogLevels()),
)
flag.BoolVar(&c.ShowVersion, VersionFlagLong, defaultDisplayVersionAndExit, versionFlagHelp)
// Prepend a brief lead-in summary of the expected syntax and project
// version before emitting the default Help output.
//
// https://stackoverflow.com/a/36787811/903870
// https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
flag.Usage = func() {
headerText := fmt.Sprintf(
usageTextHeaderTmpl,
Version(),
os.Args[0],
appDescription,
)
footerText := fmt.Sprintf(
"\nSee project README at %s for examples and additional details.\n",
myAppURL,
)
// Override default of stderr as destination for help output. This
// allows Nagios XI and similar monitoring systems to call plugins
// with the `--help` flag and have it display within the Admin web UI.
flag.CommandLine.SetOutput(os.Stdout)
fmt.Fprintln(flag.CommandLine.Output(), headerText)
flag.PrintDefaults()
fmt.Fprintln(flag.CommandLine.Output(), positionalArgRequirements)
fmt.Fprintln(flag.CommandLine.Output(), footerText)
}
// parse flag definitions from the argument list
flag.Parse()
}