blob: 21ecd9824e9af3023f8e842913bf9f0cf74fbafe [file] [log] [blame]
// Copyright 2021 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Command vulnreport provides a tool for creating a YAML vulnerability report for
// x/vulndb.
package main
import (
"context"
"flag"
"fmt"
"log"
"os"
"runtime/pprof"
"text/tabwriter"
vlog "golang.org/x/vulndb/cmd/vulnreport/log"
)
var (
githubToken = flag.String("ghtoken", "", "GitHub access token (default: value of VULN_GITHUB_ACCESS_TOKEN)")
cpuprofile = flag.String("cpuprofile", "", "write cpuprofile to this file")
quiet = flag.Bool("q", false, "quiet mode (suppress info logs)")
colorize = flag.Bool("color", os.Getenv("NO_COLOR") == "", "show colors in logs")
issueRepo = flag.String("issue-repo", "github.com/golang/vulndb", "repo to locate Github issues")
reportRepo = flag.String("local-repo", ".", "local path to repo to locate YAML reports")
)
func init() {
out := flag.CommandLine.Output()
flag.Usage = func() {
fmt.Fprintf(out, "usage: vulnreport [flags] [cmd] [args]\n\n")
tw := tabwriter.NewWriter(out, 2, 4, 2, ' ', 0)
for _, command := range commands {
argUsage, desc := command.usage()
fmt.Fprintf(tw, " %s\t%s\t%s\n", command.name(), argUsage, desc)
}
tw.Flush()
fmt.Fprint(out, "\nsupported flags:\n\n")
flag.PrintDefaults()
}
}
// The subcommands supported by vulnreport.
// To add a new command, implement the command interface and
// add the command to this list.
var commands = map[string]command{
"create": &create{},
"create-excluded": &createExcluded{},
"commit": &commit{},
"cve": &cveCmd{},
"triage": &triage{},
"fix": &fix{},
"lint": &lint{},
"regen": &regenerate{},
"review": &review{},
"set-dates": &setDates{},
"suggest": &suggest{},
"symbols": &symbolsCmd{},
"osv": &osvCmd{},
"unexclude": &unexclude{},
"withdraw": &withdraw{},
"xref": &xref{},
}
func main() {
ctx := context.Background()
flag.Parse()
if flag.NArg() < 1 {
flag.Usage()
log.Fatal("subcommand required")
}
if *quiet {
vlog.SetQuiet()
}
if !*colorize {
vlog.RemoveColor()
}
if *githubToken == "" {
*githubToken = os.Getenv("VULN_GITHUB_ACCESS_TOKEN")
}
// Start CPU profiler.
if *cpuprofile != "" {
f, err := os.Create(*cpuprofile)
if err != nil {
log.Fatal(err)
}
_ = pprof.StartCPUProfile(f)
defer pprof.StopCPUProfile()
}
cmdName := flag.Arg(0)
args := flag.Args()[1:]
cmd, ok := commands[cmdName]
if !ok {
flag.Usage()
log.Fatalf("unsupported command: %q", cmdName)
}
if err := run(ctx, cmd, args, defaultEnv()); err != nil {
log.Fatalf("%s: %s", cmdName, err)
}
}