codesonar generate_hubpwfile.py: Interactively Generate a Hub Password File

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

General

codesonar generate_hubpwfile.py: Interactively Generate a Hub Password File

The codesonar generate_hubpwfile.py command allows you to interactively generate a hub password file. Once generated, this file can be supplied with the -hubpwfile option to any codesonar subcommands that require hub authentication.

The expected use case for this command is in deploying CodeSonar in a containerized context. You can run codesonar generate_hubpwfile.py in a temporary container to obtain a password and store it to a persistent location.

Overview
Command Line
Using codesonar generate_hubpwfile.py

Overview

The codesonar generate_hubpwfile.py command interactively prompts the user for a password, then stores this password in a specified file with owner-only permissions.

generate_hubpwfile.py is a codesonar Python subcommand.

Command Line

The general form of the command line is as follows.

codesonar generate_hubpwfile.py path/to/out_pwfile \
[--prompt "promptstring"] [--make-dirs] [--overwrite]

path/to/out_pwfile	Write the provided password to the file at this location. If the file already exists, fail unless --overwrite is specified. If one or more of the directories in the specified path do not exist, fail unless --make-dirs or --overwrite is specified. The file owner will be set to the system user who runs this command. The file permissions will set to allow access only to the file owner.
[--prompt "promptstring"]	Use the specified promptstring to interactively prompt the user for a password to store. If not specified, the prompt will be "Password: ".
[--make-dirs]	The command will create any directories in the specified path that do not already exist. If not specified, behavior depends on whether or not --overwrite is specified. --overwrite specified: the command will behave as if --make-dirs is also specified. --overwrite not specified: the command will fail if any of the directories do not exist.
[--overwrite]	Any existing file at path/to/out_pwfile will be overwritten. If not specified, the command will fail if file path/to/out_pwfile already exists. When --overwrite is specified, the command will behave as if --make-dirs is also specified.

Using codesonar generate_hubpwfile.py

The expected use case for this command is in deploying CodeSonar in a containerized context.

Suppose that:

You are running your container commands as container_user,
and
you wish to authenticate your CodeSonar commands using the hub user account with username alex.

Then the general technique is as follows.

Determine a persistent location for storing the password file.
For example, if you are using Docker then you can save the password file to a Docker volume.
The remaining steps will refer to this location as /persistent/pathto/pwfname.
Sign in to the container system as container_user.
Use a temporary container to set up your credentials by running a codesonar generate_hubpwfile.py command like the following.

codesonar generate_hubpwfile.py /persistent/pathto/pwfname --overwrite
When you start this temporary container, enter the password for hub user alex when prompted. The password will be saved as the only contents of file /persistent/path_to/pwfname.
- If the file already exists, it will be overwritten.
- If any directories in the specified file path do not already exist, they will be created.
- The file owner will be container_user.
- The file permissions will be set to owner-only (that is, container_user-only).
In the container (or containers) where you are deploying CodeSonar, provide your generated password file whenever you need to authenticate a codesonar subcommand:
-auth password -hubuser alex -hubpwfile /persistent/pathto/pwfname
For example:
codesonar analyze MyProject http://myhub.example.com:7340 \
-auth password -hubuser alex -hubpwfile /persistent/pathto/pwfname \
[... remainder of command]

Note: you will probably find it most convenient to store the /persistent/pathto/pwfname string in a variable and then refer to this variable in your various commands.

To report problems with this documentation, please visit https://support.codesecure.com/.