-
Notifications
You must be signed in to change notification settings - Fork 12
CLI
PT.PM can be used in CLI (Command Line Interface) mode. In this case, the following parameters can be specified:
The path to the source code file or directory. PT.PM determines whether
the path is a file or directory. Also, .zip archives and archives by link
are supported (e.g. https://github.com/PositiveTechnologies/PT.PM/archive/dev.zip).
Languages to be processed. CSharp, Java, Php, PlSql, TSql, Aspx, PlSql, TSql, MySql, and JavaScript are supported (case-insensitive). Commas (',') used as a separating character. If the parameter is not set, the language is determined automatically depending on the extension. If there is an ambiguity (the .sql extension can be both defined as T-SQL, PL/SQL and MySql), the algorithm try to determine language by file content (a file is parsed and the language with less parsing errors is chosen). If the language could not be determined for some reason after parsing a file, this file is ignored. If JavaScript is specified, JavaScript insertions will be processed inside PHP code.
If the parameter value ends with .json, patterns are loaded from the passed file name. Also, DSL format is supported (files ends with .pattern). Otherwise, patterns are loaded from the string. The file and string patterns have the same format.
Each pattern is represented as follows:
-
Key — pattern ID (
stringorlong) - Name — [optionally] pattern name
- Languages — [optionally] target pattern languages (CSharp, Java, PHP, PLSQL, TSQL, MYSQL, JavaScript a combination thereof, for example, CSharp, Java). All languages are supported by default.
- DataFormat — [optionally] format for describing a pattern (JSON, DSL). Default format: DSL. DSL description is located in document: DSL.
- Value—pattern value in DataFormat.
- Description — [optionally] pattern description.
An example of Hardcoded Password Pattern:
{
"Key": "96",
"Languages": "CSharp, Java, PHP, PLSQL, TSQL",
"DataFormat": "Dsl",
"Value": "<[(?i)password]> = <[ \"\\w*\" || null ]>"
}JSON backslash (\) and double-quote mark (") characters should be
escaped with a backslash \. Actually, Value looks more simple:
<[(?i)password(?-i)]> = <[ "\w*" || null ]>.
If patterns are not set, the default built-in patterns are used for matching. It's equivalent to default option. If you want to run scan without patterns, use no option.
Patterns to be used. Commas are used as separators. By default all patterns are used.
The maximum number of threads in use. 0 — at the discretion of the OS (it's default).
Phase at which the parsing is stopped Default value: match.
- file — file reading
- language — detection of language. Not used if no ambiguity.
- tokens tokenize text (only for ANTLR-based parsers).
- parsetree — parsing.
- ust — converting to UST.
- match — matching with patterns
- patterns — mode for checking the patterns
Do not propagate and fold constants (integers and strings).
If not defined, the expression 2 + 2 * 2 will be converted to 6.
Approximate memory consumption (MB) of ANTLR parsers. Default value: 3000 MB. ANTLR сaches information on parsing; thus, memory consumption may increase significantly up to several gigabytes. Therefore, it's necessary to clear the cache from time to time.
The maximum stack size for the thread (in bytes). Used if the StackOverflow
exception occurred during ANTLR parsing. You can first start processing
without this parameter; then, if an exception occurred and the
process is abruptly interrupted, you can increase this parameter (For
example, specify the size of int.MaxValue / 8).
Max spent time per file in seconds. By default: endless.
The path to the directory to which the info, errors, and
matching_result logs will be written while the engine is running. By
default, the parameter is set to %LOCALAPPDATA%\PT.PM directory.
The path to the directory for storing temp files.
Do not log info and error messages.
Is error logging required? Default value: false.
Shows the version of engine.
Specify what intermediate structures should be dumped. Values from -s, --stage
parameter are correct.
Stages to be rendered (with help of Graphviz library).
Specify the format of UST serialization: json or msgpack.