Add better command-line handling

Signed-off-by: Philipp Deppenwiese <[email protected]>

cmd/tpm-vuln-checker/cmds.go

@@ -21,7 +21,6 @@ import (
 	"github.com/immune-gmbh/tpm-vuln-checker/pkg/cve201715361"
 	"github.com/immune-gmbh/tpm-vuln-checker/pkg/cve20231017"
 	"github.com/immune-gmbh/tpm-vuln-checker/pkg/tss"
-	"github.com/manifoldco/promptui"
 )
 
 var (
@@ -33,21 +32,23 @@ var (
 
 type context struct {
 	Emulator bool
+	URL      string
 }
 
 type versionCmd struct {
 }
 
 type checkCmd struct {
-	NonInteractive bool `flag optional name:"auto-upload" help:"Always uploads anonymized data without asking"`
+	Upload  bool `flag optional name:"upload" help:"Always uploads anonymized data without asking"`
+	Verbose bool `flag optional name:"verbose" help:"Verbose TPM device info"`
 }
 
 func (v *versionCmd) Run(ctx *context) error {
 	showVersion(programName, gittag, gitcommit)
 	return nil
 }
 
-func (v *checkCmd) Run(ctx *context) error {
+func (c *checkCmd) Run(ctx *context) error {
 	socket, err := tss.NewTPM(ctx.Emulator)
 	if err != nil {
 		return err
@@ -62,6 +63,9 @@ func (v *checkCmd) Run(ctx *context) error {
 	}
 	fmt.Printf("TPM Manufacturer: \t\t%s\nTPM Spec Revision: \t\t%s\nTPM Family: \t\t\t%s\n",
 		tpmInfo.Manufacturer.String(), tpmInfo.SpecRevision.String(), tpmInfo.Family.String())
+	if c.Verbose {
+		// TODO
+	}
 	fmt.Printf("\nStarting TPM vulnerabilities checks.. This may take few seconds!\n\n")
 	vulnerable, cveData20231017, err := cve20231017.IsVulnerable(socket)
 	if err != nil {
@@ -90,29 +94,20 @@ func (v *checkCmd) Run(ctx *context) error {
 		}
 	}
 	fmt.Println()
-	if v.NonInteractive {
-		if err := cloud.UploadAnonData(tpmInfo, cveData20231017, cveData201715361); err != nil {
-			return err
-		}
-	} else {
-		prompt := promptui.Prompt{
-			Label:     "Do you want to upload this data anonymized for analysis and tpm firmware update support",
-			IsConfirm: true,
-		}
-		fmt.Println()
-		_, err := prompt.Run()
-		if err != nil {
-			return nil
-		}
-		if err := cloud.UploadAnonData(tpmInfo, cveData20231017, cveData201715361); err != nil {
+	fmt.Println()
+	if c.Upload {
+		if err := cloud.UploadAnonData(ctx.URL, tpmInfo, cveData20231017, cveData201715361); err != nil {
 			return err
+		} else {
+			fmt.Printf("Upload Complete! Thank you for the TPM metrics :)")
 		}
 	}
 	return nil
 }
 
 var cli struct {
 	Emulator bool       `help:"Enable emulator mode."`
+	URL      string     `help:"Custom upload url."`
 	Version  versionCmd `cmd help:"Prints the version of the program"`
-	Check    checkCmd   `short:"c" cmd help:"Check TPM for CVE 2023-1017-1018"`
+	Check    checkCmd   `short:"c" cmd help:"Checks for TPM vulnerabilities"`
 }

cmd/tpm-vuln-checker/main.go

@@ -49,7 +49,7 @@ func main() {
 			Compact: true,
 			Summary: true,
 		}))
-	err := ctx.Run(&context{Emulator: cli.Emulator})
+	err := ctx.Run(&context{Emulator: cli.Emulator, URL: cli.URL})
 	fmt.Println()
 	ctx.FatalIfErrorf(err)
 }

go.mod

@@ -6,11 +6,9 @@ require (
 	github.com/alecthomas/kong v0.7.1
 	github.com/fatih/color v1.14.1
 	github.com/google/go-tpm v0.3.3
-	github.com/manifoldco/promptui v0.9.0
 )
 
 require (
-	github.com/chzyer/readline v1.5.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.17 // indirect
 	golang.org/x/sys v0.6.0 // indirect

go.sum

@@ -12,15 +12,6 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/logex v1.2.0 h1:+eqR0HfOetur4tgnC8ftU5imRnhi4te+BadWS95c5AM=
-github.com/chzyer/logex v1.2.0/go.mod h1:9+9sk7u7pGNWYMkh0hdiL++6OeibzJccyQU4p4MedaY=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/readline v1.5.0 h1:lSwwFrbNviGePhkewF1az4oLmcwqCZijQ2/Wi3BGHAI=
-github.com/chzyer/readline v1.5.0/go.mod h1:x22KAscuvRqlLoK9CsoYsmxoXZMMFVyOl86cAH8qUic=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/chzyer/test v0.0.0-20210722231415-061457976a23 h1:dZ0/VyGgQdVGAss6Ju0dt5P0QltE0SFY5Woh6hbIfiQ=
-github.com/chzyer/test v0.0.0-20210722231415-061457976a23/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@@ -88,8 +79,6 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA=
-github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
@@ -162,11 +151,9 @@ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20210629170331-7dc0b73dc9fb/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

pkg/cloud/cloud.go

@@ -27,7 +27,7 @@ import (
 	"github.com/immune-gmbh/tpm-vuln-checker/pkg/tss"
 )
 
-const (
+var (
 	uploadURL = "https://upload.vuln.immune.gmbh"
 )
 
@@ -37,7 +37,7 @@ type AnonInfo struct {
 	CVEData201715361 *cve201715361.CVEData `json:"cveData-201715361"`
 }
 
-func UploadAnonData(info *tss.TPM20Info, cveData20231017 *cve20231017.CVEData, cveData201715361 *cve201715361.CVEData) error {
+func UploadAnonData(customURL string, info *tss.TPM20Info, cveData20231017 *cve20231017.CVEData, cveData201715361 *cve201715361.CVEData) error {
 	if info == nil {
 		return fmt.Errorf("tpm info is nil")
 	}
@@ -55,6 +55,9 @@ func UploadAnonData(info *tss.TPM20Info, cveData20231017 *cve20231017.CVEData, c
 	part, _ := writer.CreateFormFile("file", id+".json")
 	io.Copy(part, bytes.NewReader(data))
 	writer.Close()
+	if customURL != "" {
+		uploadURL = customURL
+	}
 	request, err := http.NewRequest("POST", uploadURL, body)
 	if err != nil {
 		return err