search

chainguard-dev / malcontent

detect malicious program behaviors
Apache License 2.0
407 stars 26 forks source link

Overhaul CLI functionality with urfave/cli #436

Closed egibs closed 2 weeks ago

egibs commented 3 weeks ago

Our usage of the flags package was struggling with the amount of functionality introduced over the past several months.

This PR moves to the urfave/cli package for the CLI functionality and focuses on:

The changes in this PR will be breaking (as evidenced by the updated refresh-testdata.sh script); however, there is some flexibility around specifying the scan flags. Omitting the flags will default to the original path scanning behavior (i.e., non-image scans). Otherwise, specifying -i will scan OCI images and -p will scan a local file path.

The new use looks like this:

bincapz <flags> analyze -i <image URL>
bincapz <flags> analyze <file path> 
bincapz <flags> diff <file path 1> <file path 2>
bincapz <flags> scan -i <image URL>
bincapz <flags> scan <file path>

To view the flags:

$ bincapz -h
NAME:
   bincapz - Detect malicious program behaviors

USAGE:
   bincapz <flags> [diff, scan] <path>

VERSION:
   bincapz v0.19.0

COMMANDS:
   diff     scan and diff two paths
   scan     scan an image or path
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --all                      Ignore nothing within a provided scan path (default: false)
   --err-first-miss           Exit with error if scan source has no matching capabilities (default: false)
   --err-first-hit            Exit with error if scan source has matching capabilities (default: false)
   --format value             Output format (json, markdown, simple, terminal, yaml) (default: "terminal")
   --ignore-self              Ignore the bincapz binary (default: true)
   --ignore-tags value        Rule tags to ignore
   --include-data-files       Include files that are detected as non-program (binary or source) files (default: false)
   --jobs value, -j value     Concurrently scan files within target scan paths (default: 12)
   --min-file-level value     Obsoleted by --min-file-risk (default: -1)
   --min-file-risk value      Only show results for files which meet the given risk level (any, low, medium, high, critical) (default: "low")
   --min-level value          Obsoleted by --min-risk (default: -1)
   --min-risk value           Only show results which meet the given risk level (any, low, medium, high, critical) (default: "low")
   --output value, -o value   Write output to specified file instead of stdout
   --profile, -p              Generate profile and trace files (default: false)
   --quantity-increases-risk  Increase file risk score based on behavior quantity (default: true)
   --stats, -s                Show scan statistics (default: false)
   --third-party              Include third-party rules which may have licensing restrictions (default: true)
   --verbose                  Emit verbose logging messages to stderr (default: false)
   --help, -h                 show help
   --version, -v              print the version

To view command help:

$ bincapz diff -h
NAME:
   bincapz diff - scan and diff two paths

USAGE:
   bincapz diff [command options]

OPTIONS:
   --help, -h  show help

$ bincapz scan -h
NAME:
   bincapz scan - scan an image or path

USAGE:
   bincapz scan [command options]

OPTIONS:
   --image value, -i value  Scan an image
   --path value, -p value   Scan a file path
   --help, -h               show help

To view the version:

$ bincapz -v
bincapz version v0.19.0