Add new flags into documentation (fixes #956)

intel · Nov 11, 2020 · 04235a8 · 04235a8
1 parent 2f9757b
commit 04235a8
Showing 1 changed file with 53 additions and 17 deletions.
diff --git a/doc/MANUAL.md b/doc/MANUAL.md
@@ -6,6 +6,9 @@
   - [Optional Arguments:](#optional-arguments)
     - [-u {now,daily,never}, --update {now,daily,never}](#-u-nowdailynever---update-nowdailynever)
     - [-e EXCLUDE, --exclude EXCLUDE](#-e-exclude---exclude-exclude)
+    - [-h, --help](#-h---help)
+    - [-V, --version ](#-V---version)
+    - [--disable-version-check](#--disable-version-check)
   - [Checkers Arguments:](#checkers-arguments)
     - [-s SKIPS, --skips SKIPS](#-s-skips---skips-skips)
     - [-r CHECKERS, --runs CHECKERS](#-r-checkers---runs-checkers)
@@ -15,7 +18,10 @@
     - [-C CONFIG, --config CONFIG](#-c-config---config-config)
   - [Output Arguments:](#output-arguments)
     - [-o OUTPUT_FILE, --output-file OUTPUT_FILE](#-o-output_file---output-file-output_file)
-    - [-f {csv,json,console}, --format {csv,json,console}](#-f-csvjsonconsole---format-csvjsonconsole)
+    - [--html-theme HTML_THEME](#--html-theme-html_theme)
+    - [-f {csv,json,console,html}, --format {csv,json,console,html}](#-f-csvjsonconsolehtml---format-csvjsonconsolehtml)
+    - [-c CVSS, --cvss CVSS](#-c-cvss---cvss-cvss)
+    - [-S {low,medium,high,critical}, --severity {low,medium,high,critical}](#S-lowmediumhighcritical---severity-lowmediumhighcritical)
     - [Output verbosity](#output-verbosity)
       - [Quiet Mode](#quiet-mode)
       - [Logging modes](#logging-modes)
@@ -26,16 +32,16 @@
 
 # CVE Binary Tool User Manual
 
-The CVE Binary Tool scans for a number of common, vulnerable open source 
-components like openssl, libpng, libxml2, expat etc. to let you know 
-if a given directory or binary file includes common libraries with 
+The CVE Binary Tool scans for a number of common, vulnerable open source
+components like openssl, libpng, libxml2, expat etc. to let you know
+if a given directory or binary file includes common libraries with
 known vulnerabilities., known as CVEs(Common Vulnerabilities and Exposures).
 
 Usage:
 `cve-bin-tool`
 
-You can also do `python -m cve_bin_tool.cli` 
-which is useful if you're trying the latest code from 
+You can also do `python -m cve_bin_tool.cli`
+which is useful if you're trying the latest code from
 [the cve-bin-tool github](https://github.com/intel/cve-bin-tool).
 
     optional arguments:
@@ -77,7 +83,7 @@ which is useful if you're trying the latest code from
 |          |           |                | Available checkers |            |            |         |
 | -------- | --------- | ---------------| ------------------ | ---------- | ---------- | ------- |
 | avahi    | bash      | bind           | binutils           | busybox    | bzip2      | cups    |
-| curl     | dovecot   | expat          | ffmpeg             | freeradius | gcc        | gimp    | 
+| curl     | dovecot   | expat          | ffmpeg             | freeradius | gcc        | gimp    |
 | gnutls   | glibc     | gstreamer      | haproxy            | hostapd    | icecast    | icu     |
 | irssi    | kerberos  | libarchive     | libdb              | libgcrypt  | libjpeg    | libnss  |
 | libtiff  | libvirt   | lighttpd       | mariadb            | memcached  | ncurses    | nessus  |
@@ -99,14 +105,14 @@ vulnerable version, it merely provides a mapping between strings, versions, and
 known CVEs.
 
 A [list of currently available checkers](https://github.com/intel/cve-bin-tool/tree/master/cve_bin_tool/checkers)
-can be found in the checkers directory or using `cve-bin-tool --help` command, as can the 
+can be found in the checkers directory or using `cve-bin-tool --help` command, as can the
 [instructions on how to add a new checker](cve_bin_tool/checkers/README.md).
-Support for new checkers can be requested via 
+Support for new checkers can be requested via
 [GitHub issues](https://github.com/intel/cve-bin-tool/issues).
 (Please note, you will need to be logged in to add a new issue.)
 
 This tool gives a list of CVE numbers.  For those not familiar with the process,
-these can be looked up using a number of different tools, such as the 
+these can be looked up using a number of different tools, such as the
 [vulnerability search on the CVE Details website](https://www.cvedetails.com/vulnerability-search.php).
 Each CVE field contains a short summary of the issue, a set of severity scores
 that are combined to make a CVSS score, a list of products known to be affected, and
@@ -172,7 +178,7 @@ supported, as is usage within cygwin on windows.
 
 This tool does not scan for all possible known public vulnerabilities, it only
 scans for specific commonly vulnerable open source components.   A complete
-list of currently supported library checkers can be found in [the checkers 
+list of currently supported library checkers can be found in [the checkers
 directory](https://github.com/intel/cve-bin-tool/tree/master/cve_bin_tool/checkers).
 
 As the name implies, this tool is intended for use with binaries. If you have
@@ -191,6 +197,18 @@ This option controls the frequency of updates for the CVE data from the National
 
 This option allows one the skip a comma-separated lists of paths. This can be useful for excluding certain files and directories from the scan which will also decrease the scanning time.
 
+### -h, --help
+
+This option shows a help message and exits.
+
+### -V, --version
+
+This option shows program's version number and exits.
+
+### --disable-version-check
+
+This option skips checking for a new version of the program.
+
 ## Checkers Arguments:
 
 ### -s SKIPS, --skips SKIPS
@@ -205,7 +223,7 @@ This option allows one to enable a comma-separated list of checkers.
 
 ### directory (positional argument)
 
-Specify path to directory you want to scan. 
+Specify path to directory you want to scan.
 
 ### -i INPUT_FILE, --input-file INPUT_FILE
 
@@ -224,7 +242,7 @@ You can provide either CSV or JSON file as input_file with vendor, product and v
 -   All the characters denoted in parenthesis are aliases for that specific value. Output will be displayed in the same order as priority given to the remarks.
 
 3.  **comments** - You can write any comments you want to write in this field. This will be ignored in the console output but will be propagated as it is in CSV, JSON or HTML formats.
-4.  **severity** - This field allows you to adjust severity score of specific product or CVE. This can be useful in the case where CVE affects a portion of  the library that you aren't using currently but you don't want to ignore it completely. In that case, you can reduce severity for this CVE. 
+4.  **severity** - This field allows you to adjust severity score of specific product or CVE. This can be useful in the case where CVE affects a portion of  the library that you aren't using currently but you don't want to ignore it completely. In that case, you can reduce severity for this CVE.
 5.  **cve_number** - This field give you fine grained control over output of specific CVE. You can change remarks, comments and severity for specific CVE instead of whole product.
 
 You can use `-i` or `--input-file` option to produce list of CVEs found in given vendor, product and version fields (Usage: `cve-bin-tool -i=test.csv`) or supplement extra triage data like remarks, comments etc. while scanning directory so that output will reflect this triage data and you can save time of re-triaging (Usage: `cve-bin-tool -i=test.csv /path/to/scan`).
@@ -315,7 +333,11 @@ Although the examples in this section show results for a single library to make
 
 This option allows you to specify the filename for the report, rather than having CVE Binary Tool generate it by itself.
 
-### -f {csv,json,console}, --format {csv,json,console}
+### --html-theme HTML_THEME
+
+This option specifies the theme directory to be used in formatting the HTML report.
+
+### -f {csv,json,console,html}, --format {csv,json,console,html}
 
 This option allows the CVE Binary Tool to produce a report in an alternate format. This is useful if you have other tools which only take a specific format. The default is `console` which prints category wise beautiful tables of CVEs on terminal.
 
@@ -363,11 +385,24 @@ haxx,curl,7.34.0,CVE-2014-0139,MEDIUM,Unexplored,
     haxx  , curl   , 7.34.0 , CVE-2014-0138, HIGH      
     haxx  , curl   , 7.34.0 , CVE-2014-0139, CRITICAL
     haxx  , curl   , 7.34.0 , CVE-2014-0015, MEDIUM
-    " 
+    "
     style="width:100%;white-space:pre;">
   <figcaption>formated console output</figcaption>
 </figure>
 
+
+4.  `--format html` - creates a report in html format according to the specified HTML theme.
+
+### -c CVSS, --cvss CVSS
+
+This option specifies the minimum CVSS score (as integer in range 0 to 10) of the CVE to report. The default value is 0 which results in all CVEs being reported.
+
+### -S {low,medium,high,critical}, --severity {low,medium,high,critical}
+
+This option specifies the minimum CVE severity to report. The default value is low which results in all CVEs being reported.
+
+Note that this option is overridden by `--cvss` parameter if this is also specified.
+
 ### Output verbosity
 
 As well as the modes above, there are two other output options to decrease or increase the number of messages printed:
@@ -383,7 +418,7 @@ return code to see if any issues were found.  The return value will be the numbe
 Below is what it returns on bash when one file is found to have CVEs:
 
 ```console
-terri@sandia:~/Code/cve-bin-tool$ cve-bin-tool -q ~/output_test_quiet/openssl 
+terri@sandia:~/Code/cve-bin-tool$ cve-bin-tool -q ~/output_test_quiet/openssl
 terri@sandia:~/Code/cve-bin-tool$ echo $?
 1
 ```
@@ -402,12 +437,13 @@ The logging modes provide additional fine-grained control for debug information.
 This option allows the CVE Binary Tool to extract compressed files into a temporary directory
 so the contents can be scanned.  If the quiet flag is not used, the list of extracted files
 will be printed.
+
 CVE Binary Tool by default auto-extract all compressed files inside the directory path. You can always exclude certain paths by using `-e --exclude`
 
 ## Feedback & Contributions
 
 Bugs and feature requests can be made via [GitHub issues](https://github.com/intel/cve-bin-tool).
-Be aware that these issues are not private, so take care when providing output to make sure 
+Be aware that these issues are not private, so take care when providing output to make sure
 you are not disclosing security issues in other products.
 
 Pull requests are also welcome via git.