This change replaces the manual string parsing with a Cli parsing library.
The command line options have been updated to include both long and short options.
All short flags can be combined for more concise command usage, for example: <command> -acsgw would be equivalent to <command> --admin --continuous --service --grant --wait.
Additionally a single optional argument could be included as the last option in a list of short options, for example: <command> -acsgwH some.host would be equivalent to: <command> --admin --continuous --service --grant --wait --host some.host.
Help text has been added for all options and a --help or -h option is now included:
Usage: acdebugger [-acdghsVw] [--wait-timeout=<timeout>] [-H=<host>]
[-p=<port>] [-t=<transport>]
Purpose-built debugger for determining missing OSGi bundle security permissions.
--wait-timeout=<timeout>
Only applies when the '--wait' option is used. Sets the
maximum number of minutes to wait. (default: 10)
-a, --admin Indicates the tool is being run for an admin. In such cases,
the analysis won't be as extensive since an administrator
wouldn't be able to modify the code for example. At the
moment, it disables analyzing solutions that involve
extending privileges in bundles using doPrivileged() blocks.
In the above example, only the second solution would have
been reported if this option had been provided. As such,
this option should not be used by developers.
-c, --continuous Specifies to run in continuous mode where the debugger will
tell the VM not to fail on any security failures detected
and report on all failures found.
-d, --dump Additional information about detected security failures such
as stack traces and bundle information will be printed along
with solutions.
-g, --grant When specified, the debugger will use the backdoor and a
registered ServicePermission service to temporarily grant
permissions for detected security failures which after
analysis yields a single solution. This is only temporary
and will not survive a restart of the VM but will prevent
any further failures that would otherwise not be if the
permission(s) were defined. It also tends to slow down the
system since the OSGi permission cache ends up being cleared
each time.
-h, --help Show this help message and exit.
-H, --host=<host> Specifies the host or IP where the VM to attach to is located.
(default: localhost)
-p, --port=<port> Specifies the port number the VM is awaiting debuggers to
connect to. (default:5005)
-s, --service Specifies that a breakpoint should be added in Eclipse's
Service Registry to detect internal security checks done for
given bundles before dispatching service events. These
failures are analyzed and reported as normal security check
failures. This option tends to slow down the system a bit as
the debugger is invoked for all checks and not just when a
failure is about to be reported.
-t, --transport=<transport>
Specifies the transport to use when connecting to the VM.
(default: dt_socket)
-V, --version Print version information and exit.
-w, --wait Indicates to wait for a connection. To specify the timeout
value use with the '--wait-timeout' option.
Alternate Designs
Benefits
Better command line parsing, self documenting cli options.
Description of the Change
This change replaces the manual string parsing with a Cli parsing library. The command line options have been updated to include both long and short options. All short flags can be combined for more concise command usage, for example:
<command> -acsgw
would be equivalent to<command> --admin --continuous --service --grant --wait
. Additionally a single optional argument could be included as the last option in a list of short options, for example:<command> -acsgwH some.host
would be equivalent to:<command> --admin --continuous --service --grant --wait --host some.host
. Help text has been added for all options and a--help
or-h
option is now included:Alternate Designs
Benefits
Better command line parsing, self documenting cli options.
Possible Drawbacks
Verification Process
Applicable Issues
Fixes: #7
Remaining Tasks
awaitility