Command Line Interface (CLI)¶

Installation¶

The solidpoint-cli service can be installed using the following instructions.

Importaint

All commands in the instructions are run by a user with the administrator permissions.

GNU/LinuxDocker Compose

Add a repository. When adding it, you must enter a secret token to gain access.
```
curl -fsSL repo.solidpoint.net | sh -
```
Install the CLI using the package manager.
```
apt install solidpoint-cli
```
If multi-user mode is used, authenticate using the following command. Authentication is not required for single-user mode.
```
solidpoint-cli auth login -i
```

Download the distribution package. The distribution package is currently available upon request.

Run the command.

docker run --rm -it repo.solidpoint.net/solidpoint-cli

Environment variables¶

The solidpoint-cli service interacts with the environment variables listed in the table below. No default value is set for these variables, the values are set using the solidpoint-cli auth login command.

Environment variable	Description
`SOLIDPOINT_BASE_URL`	The URL of the server part to connect to. By default, it is suggested to use `https://cloud.solidpoint.net`
`SOLIDPOINT_TOKEN`	A personal access token that is created in the dashboard. It is used for authentication

Authentication¶

Authentication check is performed for every user command.

If authentication is not required, command execution proceeds;
If authentication is required, the login command is automatically invoked in interactive mode. After successful authentication, the main command execution proceeds.

Example¶

❯ ./build/solidpoint-cli user list
You are not logged in. Redirecting to login...
SolidPoint instance URL: > http://localhost:8085
Email: > admin@solidpoint.local
Password:

User (admin@solidpoint.local) was successfully logged in
Re-running command...

Users:
 [
   ...
 ]

Usage¶

The solidpoint-cli utility can be used as follows:

solidpoint-cli [flags]
solidpoint-cli [command]

The following commands are available:

Command	Description
`auth`	Authentication Management
`help`	Help for any command
`scan`	Manage scans
`scanner`	Manage scanners
`status`	CLI current status
`target`	Manage targets
`user`	Manage users

The following flags are available:

-h, --help — help for the solidpoint-cli utility.

`auth` command¶

The auth command allows to manage authentication. It can be used as follows:

solidpoint-cli auth [flags]
solidpoint-cli auth [command]

The following commands are available:

Command	Desсription
`login`	Logs in to the system.
`logout`	Logs out of the system.
`register`	Registers the user in the system.

The following commands are available:

-h, --help — help for the auth command.

`login` command¶

The login command is used to log in to the system.

Usage¶

solidpoint-cli auth login [flags]

Flags¶

Flags	Type	Description
`-b`, `--base-url`	string	SolidPoint instance URL
`-e`, `--email`	string	User email
`-h`, `--help`	-	Help for the `login` command
`-i`	-	Interactive mode
`-p`, `--password`	string	User password

Examples of usage¶

Login in the interactive mode:
```
solidpoint-cli auth login -i
```

Login without interactive mode:

solidpoint-cli auth login -b "https://cloud.solidpoint.net" -e "admin@solidpoint.local" -p "admin"

`logout` command¶

The logout command is used to log out of the system.

Usage¶

solidpoint-cli auth logout [flags]

Flags¶

-h, --help — help for the logout command.

`register` command¶

The register command is used to register the user in the system.

Usage¶

solidpoint-cli auth register [flags]

Flags¶

Flags	Type	Description
`-c`, `--company`	string	User company name
`-e`, `--email`	string	User email
`-h`, `--help`	-	Help for the `register` command
`-i`, `--interactive`	-	Interactive mode
`-n`, `--name string`	string	User name
`-o`, `--occupation string`	string	User occupation
`-p`, `--password`	string	User password
`-t`, `--tenant string`	string	Tenant name

Example of usage¶

Register in the interactive mode:
```
solidpoint-cli auth register -i
```

Register without interactive mode:

solidpoint-cli auth register -t "test" -e "user@test.ru" -p "testPassword" -n "testName" -c "testCompany" -o "testOccupation"

`help` command¶

The help command provides help for any application command. It can be used as follows:

solidpoint-cli help [command] [flags]

The following flags are available:

-h, --help — help for the help command.

`scan` command¶

The scan command allows to manage scans. It can be used as follows:

solidpoint-cli scan [flags]
solidpoint-cli scan [command]

The following commands are available:

Command	Desсription
`cancel`	Terminates the scan.
`new`	Starts a new scan.
`new-ci`	Starts a new scan for continuous integration.
`show-app-auth`	Provides information about the scanned application's authentication.
`status`	Displays the scan status.

The following flags are available:

-h, --help — help for the scan command.

`cancel` command¶

The cancel command terminates the scan.

Usage¶

solidpoint-cli scan cancel [scan_id] [flags]

Flags¶

-h, --help — help for the cancel command.

`new` command¶

The new command starts a new scan.

Usage¶

solidpoint-cli scan new [flags]

Flags¶

Flags	Type	Desсription
`-h`, `--help`	-	Help for the `new` command
`-m`, `--module`	strings	Scanning module
`-i`, `--targetID`	uint32	Target ID
`-u`, `--url`	string	The URL of the application being scanned

Examples of usage¶

Start scanning using the -i flag:
```
solidpoint-cli scan new -i 1
```

Start scanning using the -u flag:

solidpoint-cli scan new -u "http://test.test"

Start scanning with the specified modules:

solidpoint-cli scan new -u "http://test.test" -m "module-name-1" -m "module-name-2"

`new-ci` command¶

The new-ci command starts a new scan for continuous integration. The scan status is broadcasted in real time. The command terminates with a non-zero return code if at least one issue has been found.

Usage¶

solidpoint-cli scan new-ci [flags]

Flags¶

Flags	Type	Desсription
`-h`, `--help`	-	Help for the `new-ci` command
`-m`, `--module`	strings	Scanning module
`-s`, `--severity`	string	Severity level of the issue. If the specified value is detected, scan will be completed with an error. Valid values: `info`, `low`, `medium`, `high`, `critical`.
`-i`, `--targetID`	uint32	Target ID
`-u`, `--url`	string	The URL of the scanned application

Examples of usage¶

Start scanning using the -i flag:
```
solidpoint-cli scan new-ci -i 1
```

Start scanning using the -u flag:

solidpoint-cli scan new-ci -u "http://test.test"

Start scanning with a specified severity level value:

solidpoint-cli scan new-ci -u "http://test.test" -s [severity_value]

Start scanning for continuous integration with the specified modules:

solidpoint-cli scan new-ci -u "http://test.test" -m "module-name-1" -m "module-name-2"

`show-app-auth` command¶

The show-app-auth command shows information about the scanned application's authentication.

Usage¶

solidpoint-cli scan show-app-auth [scan_id] [flags]

Flags¶

-h, --help — help for the show-app-auth command.

Examples of usage¶

Request for authentication information (scan_id = 1):
```
solidpoint-cli scan show-app-auth 1
```

`status` command¶

The status command displays the scan status.

Usage¶

solidpoint-cli scan status [scan_id] [flags]

Flags¶

-d, --detailed — detailed description of issues.
-h, --help — help for the status command.

Examples of usage¶

Request for scan status (scan_id = 1):
```
solidpoint-cli scan status 1
```

`scanner` command¶

The scanner command allows to manage scanners. It can be used as follows:

solidpoint-cli scanner [flags]
solidpoint-cli scanner [command]

The following commands are available:

Command	Description
`new`	Creates new scanner
`info`	Shows information about scanner (parameters and modules)
`enable`	Enables scanner
`disable`	Disables scanner

The following flags are available:

-h, --help — help for the scanner command.

`new` command¶

The new command creates a new scanner.

Usage¶

solidpoint-cli scanner new [flags]

Flags¶

Flag	Type	Description
`-a`, `--address`	string	Specifies the address of the scanner
`-n`, `--name`	string	Specifies the name of the scanner
`-i`, `--interactive`	-	Allows to use the command interactively
`-h`, `--help`	-	Help for the `new` command

`info` command¶

The info command shows information about the scanner (parameters and modules).

Usage¶

solidpoint-cli scanner info [scanner_id] [flags]

Flags¶

-h, --help — help for the info command.

`enable` command¶

The enable command enables the scanner.

Usage¶

solidpoint-cli scanner enable [scanner_id] [flags]

Flags¶

-h, --help — help for the enable command.

`disable` command¶

The disable command disables the scanner.

Usage¶

solidpoint-cli scanner disable [scanner_id] [flags]

Flags¶

-h, --help — help for the disable command.

`status` command¶

The status command displays the current status of the CLI. It can be used as follows:

solidpoint-cli status [flags]

The following flags are available:

-h, --help — help for the scan command.

`target` command¶

The target command allows to manage targets. It can be used as follows:

solidpoint-cli target [flags]
solidpoint-cli target [command]

The following commands are available:

Command	Desсription
`clear-app-auth`	Deletes the authentication data of the target application.
`new`	Creates a new target.
`show-app-auth`	Shows information about the target application's authentication.
`update`	Updates a target or targets.

The following flags are available:

-h, --help — help for the target command.

`clear-app-auth` command¶

The clear-app-auth command deletes the authentication data for the target application.

Usage¶

solidpoint-cli target clear-app-auth [target_id] [flags]

Flags¶

-h, --help — help for the clear-app-auth command.

Examples of usage¶

Delete authentication data for the target application with target_id = 1 :
```
solidpoint-cli target clear-app-auth 1
```

`new` command¶

The new command creates a new target.

Usage¶

solidpoint-cli target new [flags]

Flags¶

Flags	Type	Description
`-d`, `--description`	string	Target description
`-h`, `--help`	-	Help for the `new` command
`-i`, `--interactive`	-	Interactive mode
`-n`, `--name`	string	Target name
`-u`, `--url`	string	Target URL

Examples of usage¶

Create target in the interactive mode:
```
solidpoint-cli target new -i
```

Create target without interactive mode:

solidpoint-cli target new -u "target URL" -n "target name" -d "target description"

`show-app-auth` command¶

The show-app-auth command shows information about the target application's authentication.

Usage¶

solidpoint-cli target show-app-auth [target_id] [flags]

Flags¶

-h, --help — help for the show-app-auth command.

Examples of usage¶

Get information about the authentication of the target application with target_id = 1:
```
solidpoint-cli target show-app-auth 1
```

`update` command¶

The update command updates the target or targets.

Usage¶

solidpoint-cli target update [flags]
solidpoint-cli target update [command]

Commands¶

Command	Description
`app-auth`	Updates the target application's authentication
`auth-checker`	Updates configuration of authentication check mechanism
`browser-auth-refresher`	Updates configuration of authentication refresh mechanism using a browser script
`regexp-auth-refresher`	Updates configuration of authentication refresh mechanism using an HTTP request

`app-auth` command¶

The app-auth command updates the authentication data of the target application.

Usage¶

solidpoint-cli target update app-auth [command] [flags]

Use the following commands and the corresponding flags to select the desired authentication type and parameters for the app-auth command:

Command	Desсription	Flags
`cookies`	Updates authentication using cookies of the target application. The number of host names and cookies must be equal, an empty hostname means that the cookie contains the name of the target host. To pass a path it must be specified by the `hostname`: test.test + /test = test.test/test parameter. By default, this command rewrites all cookies. To add cookies, use the `-a` (`--add`) flag. The `-r` (`--rewrite`) flag rewrites all application authentication data using cookies only	`-a`, `--add` — add `-v`, `--cookie` string — cookie `-h`, `--help` — help for `cookies` `-n`, `--hostname` string — host name `-r`, `--rewrite` — rewrite
`headers`	Updates authentication using headers. The number of nodes and headers must be equal, an empty node means that the host node will be specified in the header. To pass a path, it must be specified by the `host`: test.test + /test = test.test/test OR test.test:5000 + /test = test.test:5000/test parameter. By default, this command rewrites all authentication headers of the target application. To add headers, use the `-a` (`--add`) flag. The `-r` (`--rewrite`) flag rewrites all application authentication data using headers only	`-a`, `--add` — add `-v`, `--header` string — header `-h`, `--help` — help for `headers` `-n`, `--hostname` string — host name `-r`, `--rewrite` — rewrite
`http-basic-auth`	Updates authentication using basic HTTP authentication. To add basic HTTP authentication, use the `-a` (`--add`) flag. The `-r` (`--rewrite`) flag rewrites all application authentication data using basic HTTP authentication only	`-a`, `--add` — add `-h`, `--help` — help for `http-basic-auth` `-r`, `--rewrite` — rewrite
`tls`	By default, this command rewrites the authentication of all target applications over the TLS protocol. To add TLS application authentication, use the `-a` (`--add`) flag. The `-r` (`--rewrite`) flag rewrites all application authentication data using only TLS application authentication	`-a`, `--add` — add; `-c`, `--certificate` string — certificate file; `-h`, `--help` — help for `tls`; `-k`, `--key` string — the key file `-r`, `--rewrite` — rewrite

Flags¶

-h, --help — help for the app-auth command.

Examples of usage¶

ewrite or add cookies to authenticate the target application:

solidpoint-cli target update app-auth cookies 1 -v name=value

Add a cookie to authenticate the target application:

solidpoint-cli target update app-auth cookies 1 -a -v name2=value2

Rewrite or add a cookie to authenticate the target application with the host name:

solidpoint-cli target update app-auth cookies 1 -n test.test -v name=value

Rewrite or add a cookie to authenticate the target application, specifying the host and path:
```
solidpoint-cli target update app-auth cookies 1 -n test.test/test -v name=value
```

Rewrite or add a cookie to authenticate the target application with multiple hosts and paths:

solidpoint-cli target update app-auth cookies 1 -n test.test/test -v name=value -n test2.test/test -v name2=value2

Overwrite the authentication data of the target application using only cookies:
```
solidpoint-cli target update app-auth cookies 1 -r -v name=value
```

Rewrite or add authentication headers for the target application:

solidpoint-cli target update app-auth headers 1 -v Name=Value

Add authentication headers for the target application:

solidpoint-cli target update app-auth headers 1 -a -v Name2=Value2

Add authentication headers for the target application using host:

solidpoint-cli target update app-auth headers 1 -n test.test -v Name=Value

Add authentication headers for the target application specifying the node and path:

solidpoint-cli target update app-auth headers 1 -n test.test/test -v Name=Value

Add authentication headers for the target application specifying multiple nodes and paths:

solidpoint-cli target update app-auth headers 1 -n test.test/test -v Name=Value -n test2.test:5000/test -v Name2=Value2

Rewrite the authentication data of the target application using only headers:
```
solidpoint-cli target update app-auth headers 1 -r -v Name=Value
```

Rewrite or add basic HTTP authentication of the target application:
```
solidpoint-cli target update app-auth http-basic-auth 1
```

Add basic HTTP authentication of the target application:

solidpoint-cli target update app-auth http-basic-auth 1 -a

Rewrite the authentication data of the target application using only basic HTTP authentication:
```
solidpoint-cli target update app-auth http-basic-auth 1 -r
```

Rewrite or add TLS authentication of the target application:

solidpoint-cli target update app-auth tls 1 -c /path/to/cert/file.crt -k /path/to/key/file.key

Add TLS authentication of the target application:

solidpoint-cli target update app-auth tls 1 -a -c /path/to/cert/file.crt -k /path/to/key/file.key

Rewrite the authentication data of the target application using TLS only:

solidpoint-cli target update app-auth tls 1 -r -c /path/to/cert/file.crt -k /path/to/key/file.key

`auth-checker` command¶

the auth-checker command updates the configuration of the authentication check mechanism.

Usage¶

solidpoint-cli target update auth-checker [target_id] [flags]

Flags¶

Flags	Type	Description
`-c`, `--config`	string	JSON configuration
`-e`, `--enabled`	boolean	Enables authentication check mechanism
`-f`, `--file`	string	Path to configuration file
`-h`, `--help`	-	Help for `auth-checker` command
`-r`, `--rewrite`	string	Overwrites configuration data, ignoring any existing values, or completely removes them

Examples of usage¶

Update the authentication check mechanism configuration using a JSON object:
```
solidpoint-cli target update auth-checker 1 -c '{"key":"value"}'
```

Update the authentication check mechanism configuration using a JSON file:

solidpoint-cli target update auth-checker 1 -f "/path/to/config.json"

Enable authentication check:

solidpoint-cli target update auth-checker 1 -e

Disable authentication check:

solidpoint-cli target update auth-checker 1 -e=false

Update the authentication check mechanism configuration and enable authentication check:
```
solidpoint-cli target update auth-checker 1 -c '{"key":"value"}' -e
```

Delete the authentication check mechanism configuration:
```
solidpoint-cli target update auth-checker 1 -r
```

`browser-auth-refresher` command¶

Updates the configuration of the authentication refresh mechanism using a browser script.

Usage¶

solidpoint-cli target update browser-auth-refresher [target_id] [flags]

Flags¶

Flags	Type	Description
`-c`, `--config`	string	JSON configuration
`-e`, `--enabled`	boolean	Enables the authentication refresh mechanism using a browser script
`-f`, `--file`	string	Path to configuration file
`-h`, `--help`	-	Help for `browser-auth-refresher`
`-r`, `--rewrite`	string	Overwrites configuration data, ignoring any existing values, or deletes them entirely

Examples of usage¶

Update the configuration of the authentication refresh mechanism using a browser script with a JSON object:
```
solidpoint-cli target update browser-auth-refresher 1 -c '{"key":"value"}'
```

Update the configuration of the authentication refresh mechanism using a browser script with a JSON file:
```
solidpoint-cli target update browser-auth-refresher 1 -f "/path/to/config.json"
```

Enable authentication refresh:

solidpoint-cli target update browser-auth-refresher 1 -e

Disable authentication refresh:

solidpoint-cli target update browser-auth-refresher 1 -e=false

Update the configuration of the authentication refresh mechanism using a browser script and enable authentication refresh.:
```
solidpoint-cli target update browser-auth-refresher 1 -c '{"key":"value"}' -e
```

Delete the configuration of the authentication refresh mechanism using a browser script:
```
solidpoint-cli target update browser-auth-refresher 1 -r
```

`regexp-auth-refresher` command¶

Updates the configuration of the authentication refresh mechanism using an HTTP request.

Usage¶

solidpoint-cli target update regexp-auth-refresher [target_id] [flags]

Flags¶

Flags	Type	Description
`-c`, `--config`	string	JSON configuration
`-e`, `--enabled`	boolean	Enables the authentication refresh mechanism using an HTTP request
`-f`, `--file`	string	Path to configuration file
`-h`, `--help`	-	Help for `regexp-auth-refresher` command
`-r`, `--rewrite`	string	Overwrites configuration data, ignoring any existing values, or deletes them entirely

Examples of usage¶

Update the configuration of the authentication refresh mechanism using an HTTP request with a JSON object:
```
solidpoint-cli target update regexp-auth-refresher 1 -c '{"key":"value"}'
```

Update the configuration of the authentication refresh mechanism using an HTTP request with a JSON file:
```
solidpoint-cli target update regexp-auth-refresher 1 -f "/path/to/config.json"
```

Enable authentication refresh:

solidpoint-cli target update regexp-auth-refresher 1 -e

Disable authentication refresh:

solidpoint-cli target update regexp-auth-refresher 1 -e=false

Update the configuration of the authentication refresh mechanism using an HTTP request and enable authentication refresh:
```
solidpoint-cli target update regexp-auth-refresher 1 -c '{"key":"value"}' -e
```

Delete the configuration of the authentication refresh mechanism using an HTTP request and enable authentication refresh:
```
solidpoint-cli target update regexp-auth-refresher 1 -r
```

`user` command¶

The user command allows to manage users. It can be used as follows:

solidpoint-cli user [flags]
solidpoint-cli user [command]

The following commands are available:

Command	Desсription
`activate`	Activates a single user
`activate-all`	Activates all users
`list`	Displays a list of users

The following flags are available:

-h, --help — help for the user command.

`activate` command¶

Usage¶

solidpoint-cli user activate [flags]

Flags¶

Flags	Type	Desсription
`-h`, `--help`	-	Help for the `activate` command
`-i`, `--interactive`	-	Interactive input
`-r`, `--role`	string	Assigns users a role from the list: `user` (default), `admin`, `superAdmin`
`-t`, `--tenant`	string	Tenant ID or name (may be empty for the default tenant)
`-u`, `--user`	string	User's ID or email

Examples of usage¶

Interactive input:
```
solidpoint-cli user activate -i
```

User activation by ID:
```
solidpoint-cli user activate -u "1"
```

User activation by email:

solidpoint-cli user activate -u "user@test.ru"

Activation of a user by ID in a certain tenant with a certain role (tenant — test, role — admin):
```
solidpoint-cli user activate -u "1" -t "test" -r "admin"
```

Activation of a user by email in a certain tenant with a certain role (tenant — test, role — admin):
```
solidpoint-cli user activate -u "user@test.ru" -t "test" -r "admin"
```

`activate-all` command¶

All users in all tenants will be activated if the tenant is not specified or is empty. If the tenant does not have a name by default and it is necessary to activate all users in it, the ID should be specified.

All users in a particular tenant will be activated if the tenant is specified or is not empty.

Usage¶

solidpoint-cli user activate-all [flags]

Flags¶

Flags	Desсription
`-h`, `--help`	Help for the `activate-all` command
`-i`, `--interactive`	Interactive input
`-r`, `--role string`	Assigns users a role from the list: `user` (default), `admin`, `superAdmin`
`-t`, `--tenant string`	Tenant ID or name (may be empty for the default tenant)

Examples of usage¶

Interactive input:
```
solidpoint-cli user activate-all -i
```

Activation of all users in all tenants:
```
solidpoint-cli user activate-all
```

Activation of all users in the tenant by default:
```
solidpoint-cli user activate-all -t "1"
```

Activation of all users in a certain tenant (tenant — test):
```
solidpoint-cli user activate-all -t "test"
```

Activation of all users in a certain tenant with a certain role (tenant — test, role — user):
```
solidpoint-cli user activate-all -t "test" -r "user"
```

`list` command¶

Usage¶

solidpoint-cli user list [flags]

Flags¶

Flags	Desсription
`-h`, `--help`	Help for the `list` command
`-r`, `--role string`	User role from the list: `user`, `admin`, `superAdmin`, `unknown`
`-t`, `--tenant string`	Tenant's ID or name

Examples of usage¶

List of all users in all tenants:
```
solidpoint-cli user list
```

A list of all users with a defined role (role — unknown):
```
solidpoint-cli user list -r "unknown"
```

A list of all users in a certain tenant (tenant — test):
```
solidpoint-cli user list -t "test"
```

A list of all users in a certain tenant with a certain role (tenant — test, role — unknown):
```
solidpoint-cli user list -t "test" -r "unknown"
```

Command Line Interface (CLI)¶

Installation¶

Environment variables¶

Authentication¶

Example¶

Usage¶

auth command¶

login command¶

Usage¶

Flags¶

Examples of usage¶

logout command¶

Usage¶

Flags¶

register command¶

Usage¶

Flags¶

Example of usage¶

help command¶

scan command¶

cancel command¶

Usage¶

Flags¶

new command¶

Usage¶

Flags¶

Examples of usage¶

new-ci command¶

Usage¶

Flags¶

Examples of usage¶

show-app-auth command¶

Usage¶

Flags¶

Examples of usage¶

status command¶

Usage¶

Flags¶

Examples of usage¶

scanner command¶

new command¶

Usage¶

Flags¶

info command¶

Usage¶

Flags¶

enable command¶

Usage¶

Flags¶

disable command¶

Usage¶

Flags¶

status command¶

target command¶

clear-app-auth command¶

Usage¶

Flags¶

Examples of usage¶

new command¶

Usage¶

Flags¶

Examples of usage¶

show-app-auth command¶

Usage¶

Flags¶

Examples of usage¶

update command¶

Usage¶

Commands¶

app-auth command¶

Usage¶

Flags¶

Examples of usage¶

auth-checker command¶

Usage¶

Flags¶

Examples of usage¶

browser-auth-refresher command¶

Usage¶

Flags¶

`auth` command¶

`login` command¶

`logout` command¶

`register` command¶

`help` command¶

`scan` command¶

`cancel` command¶

`new` command¶

`new-ci` command¶

`show-app-auth` command¶

`status` command¶

`scanner` command¶

`new` command¶

`info` command¶

`enable` command¶

`disable` command¶

`status` command¶

`target` command¶

`clear-app-auth` command¶

`new` command¶

`show-app-auth` command¶

`update` command¶

`app-auth` command¶

`auth-checker` command¶

`browser-auth-refresher` command¶

`regexp-auth-refresher` command¶

`user` command¶

`activate` command¶

`activate-all` command¶

`list` command¶