output now can be set to multi writer

Author: wahyudibo

LICENSE

@@ -176,7 +176,7 @@
 
    END OF TERMS AND CONDITIONS
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2017-2022 GuardRails Pte. Ltd.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

cmd/common.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"os"
 
-	prettyFmt "github.com/guardrailsio/guardrails-cli/internal/formatter/pretty"
+	prettyFmt "github.com/guardrailsio/guardrails-cli/internal/format/pretty"
 )
 
 func fail(err error) {

cmd/root.go

@@ -35,14 +35,14 @@ Commands:
        [-o,--output=<path>][-q,--quiet]
   help
 
-scan scans a repository for vulnerabilities and output results
+scan: scans a repository for vulnerabilities and output results
   -t, --token  a valid Guardrails CLI token you can obtain from dashboard > settings
   -p, --path   the path to the repository to scan, defaults to $PWD
   -f, --format the output format for scan results, defaults to pretty
   -o, --output if provided, will save the output to the specified file path
   -q, --quiet  if provided, will only output scan results in --format and nothing else
 
-help displays this help menu
+help: displays this help menu
 
 Environment variables:
 GUARDRAILS_CLI_TOKEN  if set, will be used as token when --token is not provided

cmd/scan.go

@@ -7,6 +7,7 @@ import (
 	guardrailsclient "github.com/guardrailsio/guardrails-cli/internal/client/guardrails"
 	scan "github.com/guardrailsio/guardrails-cli/internal/command/scan"
 	"github.com/guardrailsio/guardrails-cli/internal/config"
+	outputwriter "github.com/guardrailsio/guardrails-cli/internal/output"
 	"github.com/guardrailsio/guardrails-cli/internal/repository"
 	spinner "github.com/guardrailsio/guardrails-cli/internal/tools/spinner"
 	"github.com/spf13/cobra"
@@ -58,11 +59,15 @@ var scanCmd = &cobra.Command{
 		// setup guardrails api client
 		grclient := guardrailsclient.New(cfg.HttpClient, args.Token)
 
+		// setup output writer
+		outputWriter := outputwriter.New(args.Output)
+		outputWriter.SetWriter()
+
 		// setup spinner animation
 		spinner := spinner.New()
 
 		// inject all scan command dependencies and execute the command
-		cmd := scan.New(args, spinner, cfg, repo, arc, grclient)
+		cmd := scan.New(args, spinner, cfg, repo, arc, outputWriter, grclient)
 		if err := cmd.Execute(ctx); err != nil {
 			fail(err)
 		}

go.mod

@@ -3,6 +3,7 @@ module github.com/guardrailsio/guardrails-cli
 go 1.18
 
 require (
+	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/briandowns/spinner v1.19.0
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/enescakir/emoji v1.0.0

go.sum

@@ -43,6 +43,8 @@ github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
+github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
+github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
 github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=

internal/command/scan/format.go

@@ -0,0 +1,22 @@
+package scan
+
+import (
+	guardrailsclient "github.com/guardrailsio/guardrails-cli/internal/client/guardrails"
+	formatter "github.com/guardrailsio/guardrails-cli/internal/command/scan/format"
+)
+
+// GetScanDataFormatter parses guardrailsclient.GetScanDataResp to chosen format.
+func (h *Handler) GetScanDataFormatter(resp *guardrailsclient.GetScanDataResp) error {
+	w := h.OutputWriter.Writer
+
+	switch h.Args.Format {
+	case "json":
+		return formatter.GetScanDataJSONFormat(w, resp)
+	case "csv":
+		return formatter.GetScanDataCSVFormat(w, resp)
+	case "sarif":
+		return formatter.GetScanDataSARIFFormat(w, resp, h.Args.Quiet)
+	default:
+		return formatter.GetScanDataPrettyFormat(w, resp)
+	}
+}

internal/formatter/csv/csv.go internal/command/scan/format/csv.gointernal/formatter/csv/csv.go renamed to internal/command/scan/format/csv.go

@@ -1,44 +1,46 @@
-package csv
+package scanformat
 
 import (
 	"bytes"
 	"encoding/csv"
 	"fmt"
+	"io"
 	"strconv"
 
 	guardrailsclient "github.com/guardrailsio/guardrails-cli/internal/client/guardrails"
 )
 
-func ScanResult(result *guardrailsclient.GetScanDataResp) error {
+// GetScanDataCSVFormat parses guardrailsclient.GetScanDataResp to csv format.
+func GetScanDataCSVFormat(w io.Writer, resp *guardrailsclient.GetScanDataResp) error {
 	var b []byte
 	buf := bytes.NewBuffer(b)
-	w := csv.NewWriter(buf)
+	csvWriter := csv.NewWriter(buf)
 
 	header := []string{"rule_id", "rule_title", "total", "finding_id", "path", "line_number", "docs"}
-	if err := w.Write(header); err != nil {
+	if err := csvWriter.Write(header); err != nil {
 		return err
 	}
 
-	for _, r := range result.Results.Rules {
+	for _, r := range resp.Results.Rules {
 		for _, v := range r.Vulnerabilities {
 			ruleID := strconv.FormatInt(r.Rule.RuleID, 10)
 			total := strconv.Itoa(r.Count.Total)
 			lineNumber := strconv.FormatInt(v.LineNumber, 10)
 			docs := fmt.Sprintf("https://docs.guardrails.io/docs/vulnerabilities/%s/%s", v.Language, r.Rule.Docs)
 
 			record := []string{ruleID, r.Rule.Title, total, v.FindingID, v.Path, lineNumber, docs}
-			if err := w.Write(record); err != nil {
+			if err := csvWriter.Write(record); err != nil {
 				return err
 			}
 		}
 	}
 
-	w.Flush()
-	if err := w.Error(); err != nil {
+	csvWriter.Flush()
+	if err := csvWriter.Error(); err != nil {
 		return err
 	}
 
-	fmt.Printf("%s", buf.String())
+	fmt.Fprintf(w, "%s", buf.String())
 
 	return nil
 }

internal/command/scan/format/json.go

@@ -0,0 +1,21 @@
+package scanformat
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	guardrailsclient "github.com/guardrailsio/guardrails-cli/internal/client/guardrails"
+)
+
+// GetScanDataJSONFormat parses guardrailsclient.GetScanDataResp to json format.
+func GetScanDataJSONFormat(w io.Writer, resp *guardrailsclient.GetScanDataResp) error {
+	manifestJson, err := json.MarshalIndent(resp, "", "  ")
+	if err != nil {
+		return err
+	}
+
+	fmt.Fprintf(w, "%s\n", string(manifestJson))
+
+	return nil
+}

internal/command/scan/format/pretty.go

@@ -0,0 +1,34 @@
+package scanformat
+
+import (
+	"fmt"
+	"io"
+
+	guardrailsclient "github.com/guardrailsio/guardrails-cli/internal/client/guardrails"
+	prettyFmt "github.com/guardrailsio/guardrails-cli/internal/format/pretty"
+	"github.com/jedib0t/go-pretty/text"
+)
+
+// GetScanDataJSONFormat parses guardrailsclient.GetScanDataResp to pretty format.
+func GetScanDataPrettyFormat(w io.Writer, resp *guardrailsclient.GetScanDataResp) error {
+	if resp.OK {
+		fmt.Fprintf(w, "%s\n", prettyFmt.Success("No issues detected, well done!"))
+	} else {
+		fmt.Fprintf(w, "%s\n", prettyFmt.Warning(fmt.Sprintf("We detected %d security issue", resp.Results.Count.Total)))
+
+		for _, r := range resp.Results.Rules {
+			fmt.Fprintf(w, "%s (%d)\n", r.Rule.Title, r.Count.Total)
+
+			for _, v := range r.Vulnerabilities {
+				fmt.Fprintln(w, text.FgCyan.Sprintf("%s (line %d)", v.Path, v.LineNumber))
+			}
+
+			fmt.Fprintln(w, "Not sure how to fix this ?")
+			for _, l := range r.Languages {
+				fmt.Fprintln(w, text.FgBlue.Sprintf("https://docs.guardrails.io/docs/vulnerabilities/%s/%s\n", l, r.Rule.Docs))
+			}
+		}
+	}
+
+	return nil
+}