Fix usage output behavior, make README consistent with usage blurb

hillu · Dec 23, 2021 · c13fda0 · c13fda0
1 parent 5eec3af
commit c13fda0
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -1,3 +1,4 @@
+
 # Simple local log4j vulnerability scanner
 
 (Written in Go because, you know, "write once, run anywhere.")
@@ -25,20 +26,20 @@ page.
 # Using the scanner
 
 ```
-$ ./local-log4j-vuln-scanner [--verbose] [--quiet] [--ignore-v1] \
-    [--exclude /path/to/exclude …] [--log /path/to/file.log] \
+$ ./local-log4j-vuln-scanner [-verbose] [-quiet] [-ignore-v1] \
+    [-exclude /path/to/exclude …] [-log /path/to/file.log] \
     /path/to/app1 /path/to/app2 …
 ```
 
-The `--verbose` flag will show every .jar and .war file checked, even if no problem is found.
+The `-verbose` flag will show every .jar and .war file checked, even if no problem is found.
 
-The `--quiet` flag will supress output except for indicators of a known vulnerability.
+The `-quiet` flag will supress output except for indicators of a known vulnerability.
 
-The `--ignore-v1` flag will _exclude_ checks for log4j 1.x vulnerabilities.
+The `-ignore-v1` flag will _exclude_ checks for log4j 1.x vulnerabilities.
 
-The `--log` flag allows everythig to be written to a log file instead of stdout/stderr.
+The `-log` flag allows everythig to be written to a log file instead of stdout/stderr.
 
-Use the `--exclude` flag to exclude subdirectories from being scanned. Can be used multiple times.
+Use the `-exclude` flag to exclude subdirectories from being scanned. Can be used multiple times.
 
 If class files indicating one of the vulnerabilities are found,
 messages like the following are printed to standard output:

diff --git a/scanner/main.go b/scanner/main.go
@@ -108,17 +108,22 @@ func main() {
 	flag.StringVar(&logFileName, "log", "", "log file to write output to")
 	flag.BoolVar(&quiet, "quiet", false, "no ouput unless vulnerable")
 	flag.BoolVar(&ignoreV1, "ignore-v1", false, "ignore log4j 1.x versions")
+	flag.Usage = func() {
+		fmt.Fprintf(flag.CommandLine.Output(), "Usage of %s:\n", os.Args[0])
+		flag.PrintDefaults()
+		fmt.Fprint(flag.CommandLine.Output(), "  PATH [, PATH ...]\n        paths to search for Java code\n")
+	}
 	flag.Parse()
+	args := flag.Args()
+	if len(args) < 1 {
+		flag.Usage()
+		os.Exit(1)
+	}
 
 	if !quiet {
 		fmt.Printf("%s - a simple local log4j vulnerability scanner\n\n", filepath.Base(os.Args[0]))
 	}
 
-	if len(os.Args) < 2 {
-		fmt.Fprintf(os.Stderr, "Usage: %s [--verbose] [--quiet] [--ignore-v1] [--exclude <path>] [--log <file>] [ paths ... ]\n", os.Args[0])
-		os.Exit(1)
-	}
-
 	if logFileName != "" {
 		f, err := os.Create(logFileName)
 		if err != nil {
@@ -130,7 +135,7 @@ func main() {
 		defer f.Close()
 	}
 
-	for _, root := range flag.Args() {
+	for _, root := range args {
 		filepath.Walk(filepath.Clean(root), func(path string, info os.FileInfo, err error) error {
 			if err != nil {
 				fmt.Fprintf(errFile, "%s: %s\n", path, err)