From a1768388bfa48424865dd378990641018c54389f Mon Sep 17 00:00:00 2001 From: Greg Valentine Date: Tue, 8 Nov 2022 11:11:01 -0500 Subject: [PATCH] improve --helpFormatted output to make it easier to read (#53) * update --helpFormatted output to prevent line wrap * Update README.md * update --level arg description * update `--reportRequestHeaders` arg description --- README.md | 96 ++++++++++++++++++++++++++--------------------------- VERSION.txt | 2 +- main.py | 6 ++-- 3 files changed, 52 insertions(+), 52 deletions(-) diff --git a/README.md b/README.md index c82183d..6790653 100644 --- a/README.md +++ b/README.md @@ -30,54 +30,54 @@ The basic command to run a baseline scan would look like: | Argument | Default | Description | | --- | --- | --- | -| -h, --help | ==SUPPRESS== | show this help message and exit | -| -hf, --helpFormatted | False | Print the --help command in markdown table format | -| --configFile | None | Config File - SOOS yaml file with all the configuration for the DAST Analysis (See https://github.com/soos-io/soos-dast#config-file-definition) | -| --clientId | None | SOOS Client ID - get yours from https://app.soos.io/integrate/sca | -| --apiKey | None | SOOS API Key - get yours from https://app.soos.io/integrate/sca | -| --projectName | None | Project Name - this is what will be displayed in the SOOS app | -| --scanMode | baseline | Scan Mode - Available modes: baseline, fullscan, and apiscan (for more information about scan modes visit https://github.com/soos-io/soos-dast#scan-modes) | -| --apiURL | https://api.soos.io/api/ | SOOS API URL - Intended for internal use only, do not modify. | -| --debug | False | Enable to show debug messages. | -| --ajaxSpider | None | Ajax Spider - Use the ajax spider in addition to the traditional one. Additional information: https://www.zaproxy.org/docs/desktop/addons/ajax-spider/ | -| --rules | None | Rules file to use to INFO, IGNORE or FAIL warnings | -| --contextFile | None | Context file which will be loaded prior to scanning the target | -| --contextUser | None | Username to use for authenticated scans - must be defined in the given context file | -| --fullScanMinutes | None | Number of minutes for the spider to run | -| --apiScanFormat | None | Target API format: OpenAPI, SOAP, or GraphQL | -| --level | None | Mimimun level to show logs for: INFO, DEBUG, WARN, ERROR, CRITICAL | -| --integrationName | None | Integration Name - Intended for internal use only. | -| --integrationType | None | Integration Type - Intended for internal use only. | -| --scriptVersion | None | Script Version - Intended for internal use only. | -| --appVersion | None | App Version - Intended for internal use only. | -| --authDisplay | None | Minimum level to show: PASS, IGNORE, INFO, WARN or FAIL | -| --authUsername | None | Username to use in auth apps | -| --authPassword | None | Password to use in auth apps | -| --authLoginURL | None | Login url to use in auth apps | -| --authUsernameField | None | Username input id to use in auth apps | -| --authPasswordField | None | Password input id to use in auth apps | -| --authSubmitField | None | Submit button id to use in auth apps | -| --authFirstSubmitField | None | First submit button id to use in auth apps | -| --authSubmitAction | None | Submit action to perform on form filled. Options: click or submit | -| --zapOptions | None | Additional ZAP Options | -| --requestCookies | None | Set Cookie values for the requests to the target URL | -| --requestHeaders | None | Set extra Header requests | -| --onFailure | continue_on_failure | Action to perform when the scan fails. Options: fail_the_build, continue_on_failure | -| --commitHash | None | The commit hash value from the SCM System | -| --branchName | None | The name of the branch from the SCM System | -| --branchURI | None | The URI to the branch from the SCM System | -| --buildVersion | None | Version of application build artifacts | -| --buildURI | None | URI to CI build info | -| --operatingEnvironment | None | Set Operating environment for information purposes only | -| --reportRequestHeaders | False | Include request/response headers data in report | -| --outputFormat | None | Output format for vulnerabilities: only the value SARIF is available at the moment | -| --gpat | None | GitHub Personal Authorization Token | -| --bearerToken | None | Bearer token to authenticate | -| --checkoutDir | None | Checkout directory to locate SARIF report | -| --sarifDestination | None | SARIF destination to upload report in the form of / | -| --sarif | None | DEPRECATED - SARIF parameter is currently deprecated, please use --outputFormat='sarif' instead | -| --oauthTokenUrl | None | The authentication URL that grants the access_token. | -| --oauthParameters | None | Parameters to be added to the oauth token request. (eg --oauthParameters="client_id:clientID, client_secret:clientSecret, grant_type:client_credentials") | +| `-h`, `--help` | ==SUPPRESS== | show this help message and exit | +| `-hf`, `--helpFormatted` | False | Print the --help command in markdown table format | +| `--configFile` | None | Config File - SOOS yaml file with all the configuration for the DAST Analysis (See https://github.com/soos-io/soos-dast#config-file-definition) | +| `--clientId` | None | SOOS Client ID - get yours from https://app.soos.io/integrate/sca | +| `--apiKey` | None | SOOS API Key - get yours from https://app.soos.io/integrate/sca | +| `--projectName` | None | Project Name - this is what will be displayed in the SOOS app | +| `--scanMode` | baseline | Scan Mode - Available modes: baseline, fullscan, and apiscan (for more information about scan modes visit https://github.com/soos-io/soos-dast#scan-modes) | +| `--apiURL` | https://api.soos.io/api/ | SOOS API URL - Intended for internal use only, do not modify. | +| `--debug` | False | Enable to show debug messages. | +| `--ajaxSpider` | None | Ajax Spider - Use the ajax spider in addition to the traditional one. Additional information: https://www.zaproxy.org/docs/desktop/addons/ajax-spider/ | +| `--rules` | None | Rules file to use to INFO, IGNORE or FAIL warnings | +| `--contextFile` | None | Context file which will be loaded prior to scanning the target | +| `--contextUser` | None | Username to use for authenticated scans - must be defined in the given context file | +| `--fullScanMinutes` | None | Number of minutes for the spider to run | +| `--apiScanFormat` | None | Target API format: OpenAPI, SOAP, or GraphQL | +| `--level` | INFO | Log level to show: DEBUG, INFO, WARN, ERROR, CRITICAL | +| `--integrationName` | None | Integration Name - Intended for internal use only. | +| `--integrationType` | None | Integration Type - Intended for internal use only. | +| `--scriptVersion` | None | Script Version - Intended for internal use only. | +| `--appVersion` | None | App Version - Intended for internal use only. | +| `--authDisplay` | None | Minimum level to show: PASS, IGNORE, INFO, WARN or FAIL | +| `--authUsername` | None | Username to use in auth apps | +| `--authPassword` | None | Password to use in auth apps | +| `--authLoginURL` | None | Login url to use in auth apps | +| `--authUsernameField` | None | Username input id to use in auth apps | +| `--authPasswordField` | None | Password input id to use in auth apps | +| `--authSubmitField` | None | Submit button id to use in auth apps | +| `--authFirstSubmitField` | None | First submit button id to use in auth apps | +| `--authSubmitAction` | None | Submit action to perform on form filled. Options: click or submit | +| `--zapOptions` | None | Additional ZAP Options | +| `--requestCookies` | None | Set Cookie values for the requests to the target URL | +| `--requestHeaders` | None | Set extra Header requests | +| `--onFailure` | continue_on_failure | Action to perform when the scan fails. Options: fail_the_build, continue_on_failure | +| `--commitHash` | None | The commit hash value from the SCM System | +| `--branchName` | None | The name of the branch from the SCM System | +| `--branchURI` | None | The URI to the branch from the SCM System | +| `--buildVersion` | None | Version of application build artifacts | +| `--buildURI` | None | URI to CI build info | +| `--operatingEnvironment` | None | Set Operating environment for information purposes only | +| `--reportRequestHeaders` | False | (Temporarily Unavailable) Include request/response headers data in report | +| `--outputFormat` | None | Output format for vulnerabilities: only the value SARIF is available at the moment | +| `--gpat` | None | GitHub Personal Authorization Token | +| `--bearerToken` | None | Bearer token to authenticate | +| `--checkoutDir` | None | Checkout directory to locate SARIF report | +| `--sarifDestination` | None | SARIF destination to upload report in the form of / | +| `--sarif` | None | DEPRECATED - SARIF parameter is currently deprecated, please use --outputFormat='sarif' instead | +| `--oauthTokenUrl` | None | The authentication URL that grants the access_token. | +| `--oauthParameters` | None | Parameters to be added to the oauth token request. (eg --oauthParameters="client_id:clientID, client_secret:clientSecret, grant_type:client_credentials") | #### Config File Definition ``` yaml diff --git a/VERSION.txt b/VERSION.txt index 59e9e60..bb83058 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -1.0.11 +1.0.12 diff --git a/main.py b/main.py index ed31983..0e0da1e 100644 --- a/main.py +++ b/main.py @@ -709,7 +709,7 @@ def parse_args(self) -> None: ) parser.add_argument( "--level", - help="Minimum level to show: PASS, IGNORE, INFO, WARN or FAIL", + help="Log level to show: DEBUG, INFO, WARN, ERROR, CRITICAL", default="INFO", required=False, ) @@ -862,7 +862,7 @@ def parse_args(self) -> None: ) parser.add_argument( "--reportRequestHeaders", - help="Include request/response headers data in report", + help="(Temporarily Unavailable) Include request/response headers data in report", type=str, default="False", required=False @@ -946,7 +946,7 @@ def print_help_formatted(self, parser: ArgumentParser): for arg, options in parser._option_string_actions.items(): default_value = options.default description_text = options.help - all_rows.append(f"| {', '.join(options.option_strings)} | {default_value} | {description_text} |") + all_rows.append(f"| `{'`, `'.join(options.option_strings)}` | {default_value} | {description_text} |") # remove duplicates for row in list(OrderedDict.fromkeys(all_rows)): print(row)