### Example: Start Scan for a Repository Link Source: https://docs.derscanner.com/static-analysis/create-project/start-scan-cli This example demonstrates how to start a scan for a project hosted in a Git repository. It specifies the API endpoint, authorization token, scan type, and the repository URL. ```bash java -jar clt.jar -rest http:///app/api/v1 \ -token jfghkdjghfkdjgfdkg sastStart -type LINK -link \ https://github.com/your_repository ``` -------------------------------- ### Start Scan CLI Example Source: https://docs.derscanner.com/static-analysis/create-project/start-scan-cli This example demonstrates how to start a scan using the CLI with specified REST API endpoint, token, scan ID, and path. The '-default' flag indicates default settings are applied. ```bash java -jar clt.jar -rest http:///app/api/v1 \ -token kljkjljlkjljklkjk sastExport -scanid ec59395b-4372-47b1-95a2-4d48b044ff0b \ -path C:\\test -default ``` -------------------------------- ### Run Builder Module Installation Script Source: https://docs.derscanner.com/for-admins/getting-started/derscanner-installation/builder Execute the installation script for the Builder module. This script manages the download, unpacking, and initial setup of the module. ```bash sudo bash actions.sh ``` -------------------------------- ### Start SCA Scan CLI Example Source: https://docs.derscanner.com/software-composition-analysis/create-project/start-scan-cli Initiates an SCA scan using the clt.jar with specified parameters. This example demonstrates how to export scan results to a specified path. ```bash java -jar clt.jar -rest http:///app/api/v1 -token kljkjljlkjljklkjk scaExport -scan ec59395b-4372-47b1-95a2-4d48b044ff0b -path C:\test -default ``` -------------------------------- ### Start DerScanner Application Server Source: https://docs.derscanner.com/for-admins/data-migration/db-migration Starts the application server service on the host machine after configuration changes. ```bash sudo systemctl start derscanner-app ``` -------------------------------- ### Start SAST Scan via CLI Source: https://docs.derscanner.com/static-analysis/create-project/start-scan-cli Use this command to initiate a SAST scan. Ensure Java 11 or later is installed. Replace placeholders like [rest URL] and [token] with your actual API endpoint and authorization token. ```bash java -jar clt.jar -rest [rest URL] -token [token] sastStart [options] ``` -------------------------------- ### Install DerScanner APP Module Source: https://docs.derscanner.com/for-admins/getting-started/derscanner-installation/install-instruction Run the installation script for the APP module and redirect output to a log file. ```bash sudo bash actions.sh | sudo tee -a /tmp/derscanner_APP.log ``` -------------------------------- ### Git Client Configuration Example Source: https://docs.derscanner.com/for-admins/additional-information/private-repos Configure your Git client to use a cache helper for credentials. This example sets a user email and username, and configures a cache helper with a timeout. ```gitconfig [user] email = your@email.com user = your_username [credential] helper = cache --timeout 30000 ``` -------------------------------- ### Install DerScanner DAST Module Source: https://docs.derscanner.com/for-admins/getting-started/derscanner-installation/install-instruction Run the installation script for the DAST module and redirect output to a log file. ```bash sudo bash actions.sh | sudo tee -a /tmp/derscanner_DAST.log ``` -------------------------------- ### Install DerScanner SAST Module Source: https://docs.derscanner.com/for-admins/getting-started/derscanner-installation/install-instruction Run the installation script for the SAST module and redirect output to a log file. ```bash sudo bash actions.sh | sudo tee -a /tmp/derscanner_SAST.log ``` -------------------------------- ### Install DerScanner SCA Module Source: https://docs.derscanner.com/for-admins/getting-started/derscanner-installation/install-instruction Run the installation script for the SCA module and redirect output to a log file. ```bash sudo bash actions.sh | sudo tee -a /tmp/derscanner_OSA.log ``` -------------------------------- ### Start DerScanner Service on Host_2 Source: https://docs.derscanner.com/for-admins/data-migration/server-migration After restoring the database, start the DerScanner application service on the new host (Host_2). ```bash sudo systemctl start derscanner-app.service ``` -------------------------------- ### Create a DAST Project via CLI Source: https://docs.derscanner.com/dynamic-analysis/create-project/start-scan-cli Use this command to create a new DAST project from the command line. Ensure you have Java 11 or later installed. Replace placeholders with your actual API address and authorization token. ```bash java -jar clt.jar -rest [rest URL] -token [token] dastProjectCreate -name DAST project name ``` -------------------------------- ### Start a DAST Scan via CLI Source: https://docs.derscanner.com/dynamic-analysis/create-project/start-scan-cli Initiate a DAST scan for a specified project. You must provide the project ID and the URL to be attacked. Various optional arguments can be used to customize the scan. ```bash java -jar clt.jar -rest [rest URL] -token [token] dastScanCreate -project PROJECT -url URL ``` -------------------------------- ### Start DerScanner Daemon Source: https://docs.derscanner.com/for-admins/getting-started/derscanner-installation/clang-for-macos Run the DerScanner daemon from the terminal after configuring its settings. This command starts the main analysis service. ```bash java -jar daemon.jar ``` -------------------------------- ### Start DAST Scan with Basic Options Source: https://docs.derscanner.com/dynamic-analysis/create-project/start-scan-cli This command initiates a DAST scan using the CLI. It specifies the REST endpoint, an authentication token, the scan type, a target path, and applies default settings. ```bash java -jar clt.jar -rest http:///app/api/v1 -token kljkjljlkjljklkjk dastExport -scan ec59395b-4372-47b1-95a2-4d48b044ff0b -path C:\test -default ``` -------------------------------- ### Sample Self-Signed Certificate Format Source: https://docs.derscanner.com/for-admins/getting-started/system-administration/git-config Example format for a single self-signed certificate to be added to the trusted Git configuration. This is used when manually managing certificates. ```text -----BEGIN CERTIFICATE----- CERTIFICATE_SAMPLE_1 -----END CERTIFICATE----- ``` -------------------------------- ### Objective-C and C Pattern for Function Call Source: https://docs.derscanner.com/rules-and-sets/pattern-writing-guide/pattern-examples Example XPath query for Objective-C and C function calls. ```xpath //CallExpr[ ./*[1]//FunctionDecl[ @name = 'TEST_FUNC1' or @name = 'TEST_FUNC2' ] ] ``` -------------------------------- ### Multiple Self-Signed Certificates Format Source: https://docs.derscanner.com/for-admins/getting-started/system-administration/git-config Example format for adding multiple self-signed certificates to a trusted Git configuration file. This allows for a bundle of trusted certificates. ```text -----BEGIN CERTIFICATE----- CERTIFICATE_SAMPLE_1 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- CERTIFICATE_SAMPLE_2 -----END CERTIFICATE----- ... ``` -------------------------------- ### Start SCA Scan via CLI Source: https://docs.derscanner.com/software-composition-analysis/create-project/start-scan-cli Initiate an SCA scan for a project using the CLI. Specify the project ID and either a repository URL or a local path for analysis. Various optional arguments can be used to customize the scan. ```bash java -jar clt.jar -rest [rest URL] -token [token] scaScanCreate [options] ``` ```bash java -jar clt.jar -rest [rest_url] -token [token] scaScanCreate -url URL -project PROJECT ``` -------------------------------- ### JavaScript Pattern for Method Call Source: https://docs.derscanner.com/rules-and-sets/pattern-writing-guide/pattern-examples Example XPath query for a JavaScript method call with specific arguments. ```xpath //singleExpression[ singleExpression[singleExpression/text()='testClass'] [identifierName/text()='testMethod'] ][ arguments/argumentList[ singleExpression[1]/literal/numericLiteral[number(text()) < 128] ] ] ``` -------------------------------- ### Download OpenAPI Specification Source: https://docs.derscanner.com/working-with-derscanner-api/work-intro Use this cURL command to download the OpenAPI specification file. Ensure you replace `` with your API authorization token and `` with your DerScanner installation URL. ```bash curl -H 'Authorization: Bearer ' \ /app/v1/openapi.json -o openapi.json ``` -------------------------------- ### Source/Passthrough Pattern Example Source: https://docs.derscanner.com/rules-and-sets/pattern-writing-guide/pattern-examples This pattern identifies calls to methods in org.apache.commons.httpclient.util.URIUtil that start with 'encode'. It sets all flags of a null argument and adds the URL_ENCODE flag to the returned value. ```xml SOURCE_00AF03C6 JavaWeb org.apache.commons.httpclient.util.URIUtil encode.* 0 +URL_ENCODE ``` -------------------------------- ### Dump Application Database Source: https://docs.derscanner.com/for-admins/data-migration/data-backup Execute this command on the host with the APP module deployed to create a SQL dump of the application database. Ensure you have sudo privileges. ```bash sudo docker exec app-db pg_dump -U backend backend > db_dump.sql ``` -------------------------------- ### ABAP Pattern for Function Call Source: https://docs.derscanner.com/rules-and-sets/pattern-writing-guide/pattern-examples Example XPath query for an ABAP function call. ```xpath //statement/ callStatement/ call_method_static_short/ methodId1/ methodId[1]/ anySingleToken[ matches(text()[1], 'test_func', 'i') ] ``` -------------------------------- ### LotusScript Pattern for Method Call Source: https://docs.derscanner.com/rules-and-sets/pattern-writing-guide/pattern-examples Example XPath query for a LotusScript method call. ```xpath //iCS_B_MemberProcedureCall[ implicitCallStmt_InStmt/ iCS_S_VariableOrProcedureCall/ ambiguousIdentifier[text()[1] = 'TestClass'] ][ ambiguousIdentifier/ ambiguousKeyword[text()[1] = 'TestMethod'] ] ``` -------------------------------- ### Analyze All Files Source: https://docs.derscanner.com/static-analysis/manage-project/file-exclusion-analysis Use `**/*` to include all files and directories in the analysis. ```regex **/* ``` -------------------------------- ### Generate Keystore and Certificate Source: https://docs.derscanner.com/for-admins/additional-information/builder-over-https Use the keytool utility to generate a keystore file (keystore.jks) with a self-signed certificate for the Builder agent. This is a prerequisite for enabling HTTPS. ```bash keytool -genkey -alias builder -keyalg RSA -storepass keystore-file-password -keystore keystore.jks -validity 3650 ``` ```bash keytool -export -alias builder -storepass password -file builder.cer -keystore keystore.jks ``` -------------------------------- ### View NGINX Default Configuration Template Source: https://docs.derscanner.com/for-admins/additional-information/nginx Execute this command to view the default NGINX configuration template used by the frontend service. ```bash sudo docker exec frontend cat /etc/nginx/templates/default.conf.template ``` -------------------------------- ### C++ Pattern for Function Call Source: https://docs.derscanner.com/rules-and-sets/pattern-writing-guide/pattern-examples Example XML structure for a C++ pattern targeting a specific function name. ```xml ``` -------------------------------- ### PL/SQL Pattern for Procedure Call with Constant Argument Source: https://docs.derscanner.com/rules-and-sets/pattern-writing-guide/pattern-examples Example XPath query for a PL/SQL procedure call with a constant argument. ```xpath //function_call[ routine_name[ ./id/id_expression/regular_id[ matches(text(), '^test_class$', 'i') ] ][ ./id_expression/regular_id[ matches(text(), '^test_proc$', 'i') ] ] ][ function_argument[ .//constant ] ] ``` -------------------------------- ### Create DerScanner Database on Linux Source: https://docs.derscanner.com/for-admins/data-migration/windows-linux-migration Create a new, empty DerScanner backend database using Docker exec to run the createdb command. ```bash sudo docker exec app-db createdb -p 5432 -h localhost -U backend backend ``` -------------------------------- ### Rust Pattern for Hardcoded Variable Assignment Source: https://docs.derscanner.com/rules-and-sets/pattern-writing-guide/pattern-examples Example XPath query for a Rust let statement assigning a literal value to a variable. ```xpath //let[ assignee/pattern//identifier[ matches(text(), 'my_variable') ] ][ initialization/expression[ count(*) = 1 and literal[text()[1]] ] ] ``` -------------------------------- ### Perl Pattern for Method Call with Argument Count Source: https://docs.derscanner.com/rules-and-sets/pattern-writing-guide/pattern-examples Example XPath query for a Perl method call with a specific number of arguments. ```xpath //listOperatorCall[ listOperatorName[text()[1] = 'insecure_operator'] ][ list/operators[ operator[1] ][ operator[2] ][ not(operator[3]) ] ] ``` -------------------------------- ### View Frontend Log Source: https://docs.derscanner.com/for-admins/additional-information/nginx Check the frontend log to confirm that multiline variables have been set in the configuration file. ```bash sudo docker logs frontend ``` -------------------------------- ### Migrate Database from Dump on Linux Source: https://docs.derscanner.com/for-admins/data-migration/windows-linux-migration Restore the DerScanner backend database from the SQL dump file using psql within a Docker container. ```bash sudo cat db_dump.sql | sudo docker exec -i app-db psql -p 5432 -h localhost -U backend -d backend ``` -------------------------------- ### Method Name Not Matching Value Source: https://docs.derscanner.com/rules-and-sets/pattern-writing-guide/detailed-element-desc Example of using boolean logic to specify a condition where a method name does not match a specific value. ```XML Method ``` -------------------------------- ### Run iccheck script Source: https://docs.derscanner.com/for-admins/getting-started/derscanner-installation/clang-for-macos Execute the iccheck script from the terminal after extracting the archive. This script is part of the installation process for the C/C++ analysis module. ```bash bash iccheck.sh ``` -------------------------------- ### T-SQL Pattern for Function Call with String Constant Source: https://docs.derscanner.com/rules-and-sets/pattern-writing-guide/pattern-examples Example XPath query for a T-SQL function call with a specific string constant argument. ```xpath //function_call[ scalar_function_name/func_proc_name/ id/simple_id[ matches(text()[1], '^TESTFUNC$', 'i') ] ][ expression_list/expression[1]/ constant[ matches(text()[1], '^TEST_STRING_CONSTANT$', 'i') ] ] ``` -------------------------------- ### Create SCA Project via CLI Source: https://docs.derscanner.com/software-composition-analysis/create-project/start-scan-cli Use this command to create a new SCA project from the CLI. You must provide the API address, authorization token, and a project name. ```bash java -jar clt.jar -rest [rest URL] -token [token] scaProjectCreate -name [SCA project name] ``` -------------------------------- ### VBScript Pattern for Method Call with String Argument Source: https://docs.derscanner.com/rules-and-sets/pattern-writing-guide/pattern-examples Example XPath query for a VBScript method call with a specific string as the third argument. ```xpath //iCS_B_MemberProcedureCall[ implicitCallStmt_InStmt// ambiguousIdentifier[ matches(@class, '^TestClass$', 'i') ] ][ ambiguousIdentifier/ ambiguousKeyword/text()[1] = 'TestMethod' ][ argsCall/argCall[3]// literal[text()[1]] ] ``` -------------------------------- ### Python Pattern for Method Call with String Length Constraint Source: https://docs.derscanner.com/rules-and-sets/pattern-writing-guide/pattern-examples Example XPath query for a Python method call with a string argument of a specific length. ```xpath //power[ atom[1]/text()[1] = 'TestClass' ][ trailer[1]/text()[1] = 'test_method' ][ trailer[2]/arglist/argument// arith_expr/term/factor/power/atom/string[ string-length(text()[1])<16 ] ] ``` -------------------------------- ### Copy Database Dump to Container on Host_2 Source: https://docs.derscanner.com/for-admins/data-migration/server-migration Copy the previously created database dump file into the running database container on Host_2. ```bash sudo docker cp db_dump.sql app-db:/ ``` -------------------------------- ### TypeScript Pattern for Function Call with Regex Argument Source: https://docs.derscanner.com/rules-and-sets/pattern-writing-guide/pattern-examples Example XPath query for a TypeScript function call with a constant argument matching a regular expression. ```xpath //callExpression[ memberExpression/identifierName[text()[1] = 'testFunction'] ][ arguments//literal[matches(text()[1], '.*val.*', 'i')] ] ``` -------------------------------- ### Configure Builder Agent Environment Source: https://docs.derscanner.com/for-admins/additional-information/builder-over-https Update the derscanner.env file on the Builder agent server to specify the path to the keystore file and its password. Optionally, change the agent's port. ```bash JKS_PASSWORD=keystore-file-password JKS_PATH=/opt/derscanner/builder/keystore.jks ``` ```bash AST_BUILDER_PORT=8443 ``` -------------------------------- ### Analyze All Except 'sometestfile.ext' Source: https://docs.derscanner.com/static-analysis/manage-project/file-exclusion-analysis Use `**/*; !**/sometestfile.ext` to analyze all files, excluding 'sometestfile.ext'. ```regex **/*; !**/sometestfile.ext ```