From c098a7e85c1617e0642b026b9b588ef3f3292dd4 Mon Sep 17 00:00:00 2001
From: Feei <feei@feei.cn>
Date: Mon, 18 Dec 2017 11:48:39 +0800
Subject: [PATCH] only show important info

---
 cobra/engine.py                                        | 10 ++++------
 rules/CVI-160003.xml                                   |  2 +-
 rules/CVI-160004.xml                                   |  2 +-
 .../v.php"                                             |  2 ++
 4 files changed, 8 insertions(+), 8 deletions(-)
 create mode 100644 "tests/vulnerabilities/\343\201\223\343\201\250\343\201\214\343\201\202/v.php"

diff --git a/cobra/engine.py b/cobra/engine.py
index 8cac1fa0..fcf97820 100644
--- a/cobra/engine.py
+++ b/cobra/engine.py
@@ -136,9 +136,7 @@ def score2level(score):
             score_full = '0{s}'.format(s=score)
         else:
             score_full = score
-
-        a = '{s}{e}'.format(s=score * '■', e=(10 - score) * '□')
-        return '{l}-{s}: {ast}'.format(l=level[:1], s=score_full, ast=a)
+        return '{l}-{s}'.format(l=level[:1], s=score_full)
 
 
 def scan_single(target_directory, single_rule):
@@ -202,12 +200,12 @@ def store(result):
 
         # print
     data = []
-    table = PrettyTable(['#', 'CVI', 'VUL', 'Rule', 'Lang', 'Level-Score', 'Target', 'Commit(Time, Author)', 'Source Code Content', 'Analysis'])
+    table = PrettyTable(['#', 'CVI', 'Rule', 'Level', 'Target', 'Source Code Content'])
     table.align = 'l'
     trigger_rules = []
     for idx, x in enumerate(find_vulnerabilities):
         trigger = '{fp}:{ln}'.format(fp=x.file_path, ln=x.line_number)
-        commit = u'{time}, @{author}'.format(author=x.commit_author, time=x.commit_time)
+        # commit = u'{time}, @{author}'.format(author=x.commit_author, time=x.commit_time)
         level = score2level(x.level)
         cvi = x.id[0:3]
         if cvi in vulnerabilities:
@@ -218,7 +216,7 @@ def store(result):
             code_content = x.code_content[:50].strip()
         except AttributeError as e:
             code_content = x.code_content.decode('utf-8')[:100].strip()
-        row = [idx + 1, x.id, cvn, x.rule_name, x.language, level, trigger, commit, code_content, x.analysis]
+        row = [idx + 1, x.id, x.rule_name, level, trigger, code_content]
         data.append(row)
         table.add_row(row)
         if x.id not in trigger_rules:
diff --git a/rules/CVI-160003.xml b/rules/CVI-160003.xml
index be45e4b9..5072632f 100644
--- a/rules/CVI-160003.xml
+++ b/rules/CVI-160003.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <cobra document="https://github.com/wufeifei/cobra">
-    <name value="MySQL Execute Functions可能导致SQL注入"/>
+    <name value="MySQL Execute Functions"/>
     <language value="php"/>
     <match mode="function-param-controllable"><![CDATA[(mysql_query|mysql_db_query)]]></match>
     <repair block="in-function"><![CDATA[(mysql_real_escape_string|addslashes)]]></repair>
diff --git a/rules/CVI-160004.xml b/rules/CVI-160004.xml
index 4a55e1a4..ebb60259 100644
--- a/rules/CVI-160004.xml
+++ b/rules/CVI-160004.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <cobra document="https://github.com/wufeifei/cobra">
-    <name value="SQL Execute Functions可能导致SQL注入"/>
+    <name value="SQL Execute Functions"/>
     <language value="php"/>
     <match mode="function-param-controllable"><![CDATA[(mysqli_query|pg_execute|pg_insert|pg_query|pg_select|pg_update|sqlite_query|msql_query|mssql_query|odbc_exec|fbsql_query|sybase_query|ibase_query|dbx_query|ingres_query|ifx_query|oci_parse|sqlsrv_query|maxdb_query|db2_exec)]]></match>
     <level value="8"/>
diff --git "a/tests/vulnerabilities/\343\201\223\343\201\250\343\201\214\343\201\202/v.php" "b/tests/vulnerabilities/\343\201\223\343\201\250\343\201\214\343\201\202/v.php"
new file mode 100644
index 00000000..82ce3070
--- /dev/null
+++ "b/tests/vulnerabilities/\343\201\223\343\201\250\343\201\214\343\201\202/v.php"
@@ -0,0 +1,2 @@
+<?php
+eval($_GET['a']);
\ No newline at end of file