Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add text output format #181

Closed
wants to merge 8 commits into from
Closed

Add text output format #181

wants to merge 8 commits into from

Conversation

michaelkedar
Copy link
Member

Adds --format text option for outputting scan results, per #85

Outputs a numbered list of each vulnerability for each package, including all aliases.

Sample output format:

path/to/Cargo.lock:
  regex@1.3.1 is affected by the following vulnerabilities:
      1. https://osv.dev/GHSA-m5pq-gvj9-9vr8 - Rust's regex crate vulnerable to regular expression denial of service
         https://osv.dev/RUSTSEC-2022-0013   - Regexes with large repetitions on empty sub-expressions take a very lo...

path/to/go.mod:
  github.com/gogo/protobuf@1.3.1 is affected by the following vulnerabilities:
      1. https://osv.dev/GHSA-c3h9-896r-86jm - Improper Input Validation in GoGo Protobuf
         https://osv.dev/GO-2021-0053        - Due to improper bounds checking, maliciously crafted input to generate...

path/to/requirements.txt:
  jinja2@2.0 is affected by the following vulnerabilities:
      1. https://osv.dev/GHSA-462w-v97r-4m45 - High severity vulnerability that affects Jinja2
         https://osv.dev/PYSEC-2019-217      - In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
      2. https://osv.dev/GHSA-8r7q-cvjq-x353 - Incorrect Privilege Assignment in Jinja2
         https://osv.dev/PYSEC-2014-8        - The default configuration for bccache.FileSystemBytecodeCache in Jinja...
      3. https://osv.dev/GHSA-g3rq-g295-4j3m - Regular Expression Denial of Service (ReDoS) in Jinja2
         https://osv.dev/PYSEC-2021-66       - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDo...
      4. https://osv.dev/GHSA-hj2j-77xm-mc5v - High severity vulnerability that affects Jinja2
         https://osv.dev/PYSEC-2019-220      - In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
      5. https://osv.dev/PYSEC-2014-82       - FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create tempo...

(It's also in colour in terminals)

@G-Rath
Copy link
Collaborator

G-Rath commented Feb 3, 2023

Looks good! personally, I don't think I'm a big fan of the numbering as I don't know if it adds much value - I'd just have each item indented two spaces in (which'd also free up a couple of extra chars as you're currently doing four); but that's just my two cents :)

@michaelkedar
Copy link
Member Author

After some offline discussion, there was a decision to be more selective/deliberate on whether we should be adding more supported output formats.

I'm going to close this for now, though it might be revisited if we identify a need or demand for a text format.

@G-Rath G-Rath mentioned this pull request Feb 7, 2023
Merged
@Dentrax Dentrax mentioned this pull request Feb 17, 2023
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@another-rex another-rex Awaiting requested review from another-rex

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@michaelkedar @G-Rath