Update version number and HAM module dependencies to 1.3.1, -json flag excludes source code information by default, -include-source flag includes source code information when combined with -json, help.txt updated accordingly

tylercamp · tylercamp · commit 51c597c7f34e · 2018-09-25T13:29:11.000-04:00
diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
 	<groupId>com.github.secdec.astam-correlator</groupId>
     <artifactId>attack-surface-detector-cli</artifactId>
     <name>attack-surface-detector-cli</name>
-	<version>1.3.0</version>
+	<version>1.3.1</version>
 	
     <description>
         This is a standalone tool that uses the ASTAM Correlator HAM module to detect endpoints from source code for
@@ -80,12 +80,12 @@
         <dependency>
             <groupId>com.github.secdec.astam-correlator</groupId>
             <artifactId>threadfix-entities</artifactId>
-            <version>1.3.0</version>
+            <version>1.3.1</version>
         </dependency>
         <dependency>
             <groupId>com.github.secdec.astam-correlator</groupId>
             <artifactId>threadfix-ham</artifactId>
-            <version>1.3.0</version>
+            <version>1.3.1</version>
         </dependency>
         <dependency>
             <groupId>org.owasp</groupId>
diff --git a/src/main/java/com/denimgroup/threadfix/cli/endpoints/EndpointMain.java b/src/main/java/com/denimgroup/threadfix/cli/endpoints/EndpointMain.java
@@ -73,6 +73,7 @@ enum Logging {
     static boolean simplePrint = false;
     static String pathListFile = null;
     static String outputFilePath = null;
+    static boolean cleanSourceCode = true;
 
     static int totalDetectedEndpoints = 0;
     static int totalDistinctEndpoints = 0;
@@ -309,6 +310,8 @@ private static boolean checkArguments(String[] args) {
                     String frameworkName = arg.substring(arg.indexOf(
                             FRAMEWORK_COMMAND) + FRAMEWORK_COMMAND.length(), arg.length());
                     defaultFramework = FrameworkType.getFrameworkType(frameworkName);
+                } else if (arg.contains("-keep-source")) {
+                    cleanSourceCode = false;
                 } else if (arg.equals("-simple")) {
                     simplePrint = true;
                 } else if (arg.startsWith("-output-file=")) {
@@ -636,7 +639,7 @@ private static Endpoint.Info[] getEndpointInfo(List<Endpoint> endpoints) {
         Endpoint.Info[] endpointsInfos = new Endpoint.Info[allEndpoints.size()];
 
         for (int i = 0; i < allEndpoints.size(); i++) {
-            endpointsInfos[i] = Endpoint.Info.fromEndpoint(allEndpoints.get(i));
+            endpointsInfos[i] = Endpoint.Info.fromEndpoint(allEndpoints.get(i), !cleanSourceCode);
         }
 
         return endpointsInfos;
diff --git a/src/main/resources/help.txt b/src/main/resources/help.txt
@@ -31,7 +31,9 @@ Flags:
 [JSON Output]
     -json                            -- Print only simple-format JSON to the console
                                         Simple-format JSON uses a common format for all generated endpoints
-                                        regardless of framework.
+                                        regardless of framework. Source code information is not included.
+
+    -keep-source                     -- Include source code information when combined with the -json flag
 
     -full-json                       -- Print full JSON information to the console
                                         Full-format JSON uses unique data formats depending on the framework
