Skip to content

Commit

Permalink
breaking: migrate Jargo to Picocli to enable Graalvm
Browse files Browse the repository at this point in the history 
Because Jargo is not maintained and cannot be used with Graalvm to build native executable.

BREAKING CHANGE: Hopefully there are no breaking changes but I probably introduced some bugs when replacing Jargo with Picocli.
  • Loading branch information
@tomasbjerre
tomasbjerre committed Apr 1, 2024
1 parent 17e7eaf commit 459e319
Show file tree
Hide file tree
Showing 9 changed files with 563 additions and 420 deletions.
204 changes: 80 additions & 124 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ Run it with:
```bash
npx violations-command-line -s ERROR -mv 0 \
-v "CHECKSTYLE" "." ".*checkstyle/main\.xml$" "Checkstyle" \
-v "JSHINT" "." ".*jshint/report\.xml$" "JSHint"
-v "JSLINT" "." ".*jshint/report\.xml$" "JSHint"
```

It can parse results from static code analysis and:
Expand Down Expand Up @@ -245,129 +245,85 @@ Missing a format? Open an issue [here](https://github.com/tomasbjerre/violations
# Usage

```shell
-code-climate, -cc <path> Create a CodeClimate
file with all the
violations.
<path>: a file path
Default: /home/bjerre/workspace/violations/violations-command-line/.
-config-file, -cf <path> Will read config from
given file. Can also be
configured with environment
variable VIOLATIONS_CONFIG.
Format is what you get from -
show-json-config.
<path>: a file path
Default: /home/bjerre/workspace/violations/violations-command-line/.
-detail-level, -dl <ViolationsReporterDetailLevel> Verbosity
<ViolationsReporterDetailLevel>: {VERBOSE | COMPACT | PER_FILE_COMPACT}
Default: VERBOSE
-diff-detail-level, -ddl <ViolationsReporterDetailLevel>: {VERBOSE | COMPACT | PER_FILE_COMPACT}
<ViolationsReporterDetailLevel> Default: VERBOSE
-diff-from, -df <string> Can be empty
(ignored), Git-commit or any Git-
reference
<string>: any string
Default:
-diff-max-violations, -dmv <integer> Will fail the build if
total number of found
violations is higher
<integer>: -2,147,483,648 to 2,147,483,647
Default: 2,147,483,647
-diff-print-violations, -dpv <boolean> Will print violations
found in diff
<boolean>: true or false
Default: false
-diff-severity, -ds <SEVERITY> <SEVERITY>: {INFO | WARN | ERROR}
Default: INFO
-diff-to, -dt <string> Can be empty
(ignored), Git-commit or any Git-
reference
<string>: any string
Default:
-git-repo, -gr <path> Where to look for Git.
<path>: a file path
Default: /home/bjerre/workspace/violations/violations-command-line/.
-h, --help <argument-to-print-help-for> <argument-to-print-help-for>: an argument to print help for
Default: If no specific parameter is given the whole usage text is given
-jacoco-min-coverage, -jmc <big-decimal> Minimum coverage in
Jacoco that will generate a
violation.
<big-decimal>: an arbitrary decimal number (practically no limits)
Default: 0.7
-jacoco-min-line-count, -jmlc <integer> Minimum line count in
Jacoco that will generate a
violation.
<integer>: -2,147,483,648 to 2,147,483,647
Default: 4
-max-line-column-width, -mlcw <integer> 0 means no limit
<integer>: -2,147,483,648 to 2,147,483,647
Default: 0
-max-message-column-width, -mmcw <integer> 0 means no limit
<integer>: -2,147,483,648 to 2,147,483,647
Default: 50
-max-reporter-column-width, -mrcw <integer> 0 means no limit
<integer>: -2,147,483,648 to 2,147,483,647
Default: 0
-max-rule-column-width, -mrucw <integer> 0 means no limit
<integer>: -2,147,483,648 to 2,147,483,647
Default: 10
-max-severity-column-width, -mscw <integer> 0 means no limit
<integer>: -2,147,483,648 to 2,147,483,647
Default: 0
-max-violations, -mv <integer> Will fail the build if
total number of found
violations is higher.
<integer>: -2,147,483,648 to 2,147,483,647
Default: 2,147,483,647
-print-violations, -pv <boolean> Will print violations
found
<boolean>: true or false
Default: true
-sarif, -ss <path> Create a Sarif file
with all the violations.
<path>: a file path
Default: /home/bjerre/workspace/violations/violations-command-line/.
-severity, -s <SEVERITY> Minimum severity level
to report.
<SEVERITY>: {INFO | WARN | ERROR}
Default: INFO
-show-debug-info Please run your
command with this parameter
and supply output when
reporting bugs.
Default: disabled
-show-json-config Will print the given
config as JSON.
Default: disabled
--violations, -v <string> The violations to look
for. <PARSER> <FOLDER>
<REGEXP PATTERN> <NAME> where
PARSER is one of:
ANDROIDLINT, CHECKSTYLE, CODENARC,
CLANG, CPD, CPPCHECK,
CPPLINT, CSSLINT, GENERIC,
FINDBUGS, FLAKE8, FXCOP,
GENDARME, IAR, JACOCO, JCREPORT,
JSLINT, JUNIT, LINT, KLOCWORK,
KOTLINMAVEN, KOTLINGRADLE, MSCPP,
MSBULDLOG, MYPY, GOLINT,
GOOGLEERRORPRONE, PERLCRITIC, PITEST,
PMD, PROTOLINT, PYDOCSTYLE,
PYLINT, RESHARPER,
SARIFPARSER, SBTSCALAC, SIMIAN,
SONAR, STYLECOP, XMLLINT,
YAMLLINT, ZPTLINT, DOCFX,
PCLINT, CODECLIMATE, XUNIT,
VALGRIND
Example: -v "JSHINT"
"." ".*/jshint.xml$"
"JSHint" [Supports Multiple occurrences]
<string>: any string
Default: Empty list
-violations-file, -vf <path> Create a JSON file
with all the violations.
<path>: a file path
Default: /home/bjerre/workspace/violations/violations-command-line/.
Available parsers are:
ANDROIDLINT, ANSIBLELATER, CHECKSTYLE, CODENARC, CLANG, COVERITY, CPD, CPPCHECK, CPPLINT, CSSLINT, GENERIC, GHS, FINDBUGS, FLAKE8, MACHINE, FXCOP, GENDARME, IAR, JACOCO, JCREPORT, JSLINT, JUNIT, LINT, KLOCWORK, KOTLINMAVEN, KOTLINGRADLE, MSCPP, MSBULDLOG, MYPY, GOLINT, GOOGLEERRORPRONE, PERLCRITIC, PITEST, PMD, PROTOLINT, PYDOCSTYLE, PYLINT, RESHARPER, SARIF, SBTSCALAC, SEMGREP, SIMIAN, SONAR, STYLECOP, XMLLINT, YAMLLINT, ZPTLINT, DOCFX, PCLINT, CODECLIMATE, XUNIT, VALGRIND
Usage: violations-command-line [-dpv] [--help] [-pv] [-show-debug-info]
[-show-json-config] [-cc=<codeClimateFileArg>]
[-cf=<configFileArg>] [-ddl=<diffDetailLevel>]
[-df=<diffFrom>] [-dl=<detailLevelArg>]
[-dmv=<diffMaxViolations>]
[-ds=<diffMinSeverity>] [-dt=<diffTo>]
[-gr=<gitRepoArg>] [-jmc=<jacocoMinCoverage>]
[-jmlc=<jacocoMinLineCount>]
[-mlcw=<maxLineColumnWidth>]
[-mmcw=<maxMessageColumnWidth>]
[-mrcw=<maxReporterColumnWidth>]
[-mrucw=<maxRuleColumnWidth>]
[-mscw=<maxSeverityColumnWidth>]
[-mv=<maxViolationsArg>] [-s=<minSeverityArg>]
[-ss=<sarifFileArg>] [-vf=<violationsFileArg>]
[-v=<violationsArg>]...
-cc, -code-climate=<codeClimateFileArg>
Create a CodeClimate file with all the violations.
-cf, -config-file=<configFileArg>
Will read config from given file. Can also be
configured with environment variable
VIOLATIONS_CONFIG. Format is what you get from
-show-json-config.
-ddl, -diff-detail-level=<diffDetailLevel>
VERBOSE, COMPACT, PER_FILE_COMPACT
-df, -diff-from=<diffFrom>
Can be empty (ignored), Git-commit or any
Git-reference
-dl, -detail-level=<detailLevelArg>
Verbosity VERBOSE, COMPACT, PER_FILE_COMPACT
-dmv, -diff-max-violations=<diffMaxViolations>
Will fail the build if total number of found
violations is higher
-dpv, -diff-print-violations
Will print violations found in diff
-ds, -diff-severity=<diffMinSeverity>
INFO, WARN, ERROR
-dt, -diff-to=<diffTo>
Can be empty (ignored), Git-commit or any
Git-reference
-gr, -git-repo=<gitRepoArg>
Where to look for Git.
--help display this help and exit
-jmc, -jacoco-min-coverage=<jacocoMinCoverage>
Minimum coverage in Jacoco that will generate a
violation.
-jmlc, -jacoco-min-line-count=<jacocoMinLineCount>
Minimum line count in Jacoco that will generate a
violation.
-mlcw, -max-line-column-width=<maxLineColumnWidth>
0 means no limit
-mmcw, -max-message-column-width=<maxMessageColumnWidth>
0 means no limit
-mrcw, -max-reporter-column-width=<maxReporterColumnWidth>
0 means no limit
-mrucw, -max-rule-column-width=<maxRuleColumnWidth>
0 means no limit
-mscw, -max-severity-column-width=<maxSeverityColumnWidth>
0 means no limit
-mv, -max-violations=<maxViolationsArg>
Will fail the build if total number of found
violations is higher.
-pv, -print-violations
Will print violations found
-s, -severity=<minSeverityArg>
Minimum severity level to report. INFO, WARN, ERROR
-show-debug-info Please run your command with this parameter and
supply output when reporting bugs.
-show-json-config Will print the given config as JSON.
-ss, -sarif=<sarifFileArg>
Create a Sarif file with all the violations.
-v, --violations=<violationsArg>
Format: <PARSER> <FOLDER> <REGEXP PATTERN> <NAME>,
Example: -v "JSLINT" "." ".*/jshint.xml$" "JSHint"
-vf, -violations-file=<violationsFileArg>
Create a JSON file with all the violations.
```

Checkout the [Violations Lib](https://github.com/tomasbjerre/violations-lib) for more documentation.
2 changes: 1 addition & 1 deletion build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ dependencies {
implementation 'com.fasterxml.jackson.core:jackson-core:2.14.+'
implementation 'com.fasterxml.jackson.core:jackson-databind:2.14.+'
implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.14.+'
api 'se.softhouse:jargo:0.4.14'
api 'info.picocli:picocli:4.7.5'
api 'org.slf4j:slf4j-simple:2.0.6'
testImplementation 'junit:junit:4.13.2'
}
17 changes: 16 additions & 1 deletion src/main/java/se/bjurr/violations/main/Main.java
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,23 @@
package se.bjurr.violations.main;

import java.util.Arrays;
import java.util.stream.Collectors;
import picocli.CommandLine;
import se.bjurr.violations.lib.reports.Parser;

public class Main {

public static void main(final String[] args) throws Exception {
new Runner().main(args);
final CommandLine commandLine = new CommandLine(new Runner());
commandLine.setExecutionExceptionHandler(new PrintExceptionMessageHandler());
commandLine.parseArgs(args);
if (commandLine.isUsageHelpRequested()) {
final String parsers =
Arrays.asList(Parser.values()).stream()
.map((it) -> it.name())
.collect(Collectors.joining(", "));
System.out.println("Available parsers are:\n" + parsers + "\n");

Check failure

Code scanning / Violations Lib

System.out.println is used Best Practices https://pmd.github.io/pmd-6.55.0/pmd_rules_java_bestpractices.html#systemprintln Error

System.out.println is used Best Practices https://pmd.github.io/pmd-6.55.0/pmd\_rules\_java\_bestpractices.html#systemprintln
}
System.exit(commandLine.execute(args));
}
}
20 changes: 20 additions & 0 deletions src/main/java/se/bjurr/violations/main/PrintExceptionMessageHandler.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package se.bjurr.violations.main;

import picocli.CommandLine;
import picocli.CommandLine.IExecutionExceptionHandler;
import picocli.CommandLine.ParseResult;

public class PrintExceptionMessageHandler implements IExecutionExceptionHandler {

@Override
public int handleExecutionException(
final Exception ex, final CommandLine commandLine, final ParseResult parseResult)
throws Exception {
if (ex instanceof TooManyViolationsException) {
System.err.println(ex.getMessage());

Check failure

Code scanning / Violations Lib

System.err.println is used Best Practices https://pmd.github.io/pmd-6.55.0/pmd_rules_java_bestpractices.html#systemprintln Error

System.err.println is used Best Practices https://pmd.github.io/pmd-6.55.0/pmd\_rules\_java\_bestpractices.html#systemprintln
} else {
ex.printStackTrace(System.err);

Check warning

Code scanning / Violations Lib

Information Exposure Through An Error Message The sensitive information may be valuable information on its own (such as a password), or it may be useful for launching other, more deadly attacks. If an attack fails, an attacker may use error information provided by the server to launch another more focused attack. For example, an attempt to exploit a path traversal weakness (CWE-22) might yield the full pathname of the installed application. In turn, this could be used to select the proper number of ".." sequences to navigate to the targeted file. An attack using SQL injection (CWE-89) might not initially succeed, but an error message could reveal the malformed query, which would expose query logic and possibly even passwords or other sensitive information used within the query. Vulnerable Code: try { out = httpResponse.getOutputStream() } catch (Exception e) { e.printStackTrace(out); } References CWE-209: Information Exposure Through an Error Message CWE-211: Information Exposure Through Externally-Generated Error Message Warning

Information Exposure Through An Error Message The sensitive information may be valuable information on its own (such as a password), or it may be useful for launching other, more deadly attacks. If an attack fails, an attacker may use error information provided by the server to launch another more focused attack. For example, an attempt to exploit a path traversal weakness (CWE-22) might yield the full pathname of the installed application. In turn, this could be used to select the proper number of ".." sequences to navigate to the targeted file. An attack using SQL injection (CWE-89) might not initially succeed, but an error message could reveal the malformed query, which would expose query logic and possibly even passwords or other sensitive information used within the query. Vulnerable Code:
try { out = httpResponse.getOutputStream() } catch (Exception e) { e.printStackTrace(out); } References
CWE-209: Information Exposure Through an Error Message
CWE-211: Information Exposure Through Externally-Generated Error Message
}
return 1;
}
}
Loading

0 comments on commit 459e319

Please sign in to comment.