-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
More human readable output #46
Conversation
72e5dbf
to
d35eba4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Content looks good, but concerns around the %s
format string printing directly in some calls.
@@ -313,6 +320,28 @@ func (i *Log4jIdentifier) lookForMatchInTar(ctx context.Context, getTarReader ar | |||
return archiveResult, versions, nil | |||
} | |||
|
|||
func (i *Log4jIdentifier) printDetailedHashFinding(path string, finding Finding) { | |||
if finding&ClassFileMd5 > 0 { | |||
i.printInfoFinding("Found JndiManager class that was an exact md5 match for a known version at %s", path) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't think this outputs what you want -- as currently written, I think this will output a literal %s
since printInfoFinding
takes message
and location
but prints both literally.
Either printInfoFinding
should take a format string or the calls should render directly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is the case as the colour library takes formatted strings and outputs e.g.:
[INFO] Found finding in what appeared to be an obfuscated jar at examples/obfuscated/2.14.1-aaaagb.jar
} else { | ||
output = fmt.Sprintf(cveMessage+" in file %s. log4j versions: %s. Reasons: %s", path, strings.Join(versions, ", "), strings.Join(readableReasons, ", ")) | ||
_, _ = fmt.Fprintln(r.OutputWriter, color.YellowString("[MATCH] "+cveMessage+" in file %s. log4j versions: %s. Reasons: %s", path, strings.Join(versions, ", "), strings.Join(readableReasons, ", "))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar to the above, this is using %s
but in a Fprintln
(rather than Fprintf
), so think that %s
will print literally.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As above - I think the colour library is doing formatting and so we're getting the formatted strings printed out.
ac15dc8
to
b435e57
Compare
d35eba4
to
9a184e2
Compare
Example running of latest version:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got it -- wasn't aware that the color
library applied formatting itself as well. Look good.
This adds much more explanation for when being invoked directly by a user, with the individual match hits coming up as info lines and then the overall summary as a match line.
Colours are used to try and make it easy to see the most important parts of the output.
Intended to address #41