|
| 1 | +This is a utility intended to make it easier to interact with |
| 2 | +[Code Dx's REST API](https://codedx.com/Documentation/APIGuide.html) from the command line. |
| 3 | + |
| 4 | +Currently only a couple API actions are supported, but more may come with demand (or with pull requests!) |
| 5 | + |
| 6 | +# Usage |
| 7 | + |
| 8 | +The program runs as a [REPL](https://en.wikipedia.org/wiki/Read%E2%80%93eval%E2%80%93print_loop). |
| 9 | +Start it by providing the connection information (Code Dx "base url", and username+password or API Key): |
| 10 | + |
| 11 | +```text |
| 12 | +$> ./codedx-client https://localhost/codedx --api-key 8e218b38-fcdd-453d-8f78-185f7d1d9fa7 |
| 13 | +codedx> |
| 14 | +``` |
| 15 | + |
| 16 | +Once in the REPL, type `help` (and hit Enter) for a list of commands. |
| 17 | +You can exit the REPL by typing `exit` or `quit`, or with <kbd>Ctrl+C</kbd> or sending an EOF signal. |
| 18 | +You can learn more about a command by typing `help <command name>` e.g. `help analyze`. |
| 19 | + |
| 20 | +You're probably here because you're trying to configure your CI environment to send files to Code Dx for analysis. |
| 21 | +For this, you'll want the `analyze` command. |
| 22 | +You can find more details about the `analyze` command by entering `help analyze` in the REPL, but here's an example: |
| 23 | + |
| 24 | +The `analyze` command has two required flags: a project ID and at least one file. |
| 25 | +These are given with the `--project-id` (`-p`) and `--file` (`-f`) flags respectively. |
| 26 | +Suppose I want analyze a file in my "WebGoat" project, which happens to have an ID of `5`: |
| 27 | + |
| 28 | +```text |
| 29 | +codedx> analyze -p 5 -f "/path/to/workspace/webgoat-source.zip" |
| 30 | +# Started analysis 77 with job id f2f3b8c3-9a2c-4446-9765-e99a6d47e69e |
| 31 | +# Polling job completion, iteration 1: status = Running |
| 32 | +...omitted for brevity... |
| 33 | +# Polling job completion, iteration 13: status = Running |
| 34 | +# Polling done |
| 35 | +Completed |
| 36 | +codedx> |
| 37 | +``` |
| 38 | + |
| 39 | +You can optionally set the name of the analysis with the `--name` flag. |
| 40 | +The `analyze` command saves the effort of putting together a complex `curl` request for the initial file upload, |
| 41 | +setting up a separate request to set an analysis name, |
| 42 | +and setting up a polling loop to wait for the analysis "job" to complete. |
| 43 | + |
| 44 | +> A note about command arguments inside the REPL: |
| 45 | +> |
| 46 | +> Each argument is separated by a space. If the argument itself needs to have a space in it (e.g. for file paths), |
| 47 | +> you must surround it with quotes (single `'` or double `"`). Within a quoted argument, the backslash character (`\`) |
| 48 | +> is used as the "escape", e.g. so that if you have another quote or a backslash in the argument (common with windows |
| 49 | +> paths), you'll need to escape it e.g. `"C:\\path\\to\\some\\files.zip"` or just use forward slashes |
| 50 | +> e.g. `"C:/path/to/some/files.zip"`. |
| 51 | +> |
| 52 | +> If you see a message like "The filename, directory name, or volume label syntax is incorrect.", you likely used |
| 53 | +> backslashes (`\`) without escaping them (`\\`) inside a quoted argument. |
0 commit comments