|
79 | 79 | from cve_bin_tool.version import VERSION |
80 | 80 | from cve_bin_tool.version_scanner import VersionScanner |
81 | 81 | from cve_bin_tool.vex_manager.parse import VEXParse |
| 82 | +from cve_bin_tool.vex_manager.validate import validate_vex_file |
82 | 83 |
|
83 | 84 | sys.excepthook = excepthook # Always install excepthook for entrypoint module. |
84 | 85 |
|
@@ -394,6 +395,13 @@ def main(argv=None): |
394 | 395 | default=False, |
395 | 396 | help="Filter cves based on triage data from Vex file", |
396 | 397 | ) |
| 398 | + vex_output_group.add_argument( |
| 399 | + "--vex-file-to-validate", |
| 400 | + action="store", |
| 401 | + help="VEX file path to validate (used with vex-validate command)", |
| 402 | + default="", |
| 403 | + ) |
| 404 | + |
397 | 405 | parser.add_argument( |
398 | 406 | "-e", |
399 | 407 | "--exclude", |
@@ -567,11 +575,37 @@ def main(argv=None): |
567 | 575 | default=False, |
568 | 576 | ) |
569 | 577 |
|
| 578 | + parser.add_argument( |
| 579 | + "command", |
| 580 | + nargs="?", |
| 581 | + choices=["vex-validate"], |
| 582 | + help="Command to run: vex-validate to validate VEX files", |
| 583 | + ) |
| 584 | + |
| 585 | + # Change directory to be optional when using commands |
| 586 | + input_group.add_argument( |
| 587 | + "directory", help="directory to scan", nargs="?", default="" |
| 588 | + ) |
| 589 | + |
570 | 590 | with ErrorHandler(mode=ErrorMode.NoTrace): |
571 | 591 | raw_args = parser.parse_args(argv[1:]) |
572 | 592 | args = {key: value for key, value in vars(raw_args).items() if value} |
573 | 593 | defaults = {key: parser.get_default(key) for key in vars(raw_args)} |
574 | 594 |
|
| 595 | + # Handle vex-validate command early |
| 596 | + if raw_args.command == "vex-validate": |
| 597 | + if not raw_args.vex_file_to_validate and not raw_args.directory: |
| 598 | + parser.error( |
| 599 | + "vex-validate command requires either --vex-file-to-validate or a VEX file path as directory argument" |
| 600 | + ) |
| 601 | + |
| 602 | + # Use directory as file path if vex_file_to_validate not provided |
| 603 | + vex_file_path = raw_args.vex_file_to_validate or raw_args.directory |
| 604 | + |
| 605 | + # Import and run validation |
| 606 | + exit_code = validate_vex_file(vex_file_path) |
| 607 | + return exit_code |
| 608 | + |
575 | 609 | configs = {} |
576 | 610 | if args.get("config"): |
577 | 611 | conf = ConfigParser(args["config"]) |
@@ -741,6 +775,24 @@ def main(argv=None): |
741 | 775 |
|
742 | 776 | return 0 |
743 | 777 |
|
| 778 | + # Handle vex-validate command |
| 779 | + if args.get("command") == "vex-validate": |
| 780 | + from cve_bin_tool.vex_manager.validate import validate_vex_file |
| 781 | + |
| 782 | + # Determine VEX file path |
| 783 | + vex_file_path = args.get("vex_file_to_validate") or args.get("directory") |
| 784 | + |
| 785 | + if not vex_file_path: |
| 786 | + LOGGER.error( |
| 787 | + "Please provide a VEX file path using --vex-file-to-validate or as a positional argument" |
| 788 | + ) |
| 789 | + parser.print_usage() |
| 790 | + return ERROR_CODES[InsufficientArgs] |
| 791 | + |
| 792 | + # Validate the VEX file |
| 793 | + exit_code = validate_vex_file(vex_file_path, LOGGER) |
| 794 | + return exit_code |
| 795 | + |
744 | 796 | # Offline processing |
745 | 797 | if args["offline"]: |
746 | 798 | # Override version check and database update arguments |
@@ -967,11 +1019,12 @@ def main(argv=None): |
967 | 1019 | and not args["merge"] |
968 | 1020 | and not args["sbom_file"] |
969 | 1021 | and not args["vex_file"] |
| 1022 | + and not raw_args.command |
970 | 1023 | ): |
971 | 1024 | parser.print_usage() |
972 | 1025 | with ErrorHandler(logger=LOGGER, mode=ErrorMode.NoTrace): |
973 | 1026 | raise InsufficientArgs( |
974 | | - "Please specify a directory to scan or an input file required" |
| 1027 | + "Please specify a directory to scan, an input file, or use vex-validate command" |
975 | 1028 | ) |
976 | 1029 |
|
977 | 1030 | # Output validation |
|
0 commit comments