only show important info

FeeiCN · Dec 18, 2017 · c098a7e · c098a7e
1 parent 5a7de01
commit c098a7e
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 8 deletions.
diff --git a/cobra/engine.py b/cobra/engine.py
@@ -136,9 +136,7 @@ def score2level(score):
             score_full = '0{s}'.format(s=score)
         else:
             score_full = score
-
-        a = '{s}{e}'.format(s=score * '■', e=(10 - score) * '□')
-        return '{l}-{s}: {ast}'.format(l=level[:1], s=score_full, ast=a)
+        return '{l}-{s}'.format(l=level[:1], s=score_full)
 
 
 def scan_single(target_directory, single_rule):
@@ -202,12 +200,12 @@ def store(result):
 
         # print
     data = []
-    table = PrettyTable(['#', 'CVI', 'VUL', 'Rule', 'Lang', 'Level-Score', 'Target', 'Commit(Time, Author)', 'Source Code Content', 'Analysis'])
+    table = PrettyTable(['#', 'CVI', 'Rule', 'Level', 'Target', 'Source Code Content'])
     table.align = 'l'
     trigger_rules = []
     for idx, x in enumerate(find_vulnerabilities):
         trigger = '{fp}:{ln}'.format(fp=x.file_path, ln=x.line_number)
-        commit = u'{time}, @{author}'.format(author=x.commit_author, time=x.commit_time)
+        # commit = u'{time}, @{author}'.format(author=x.commit_author, time=x.commit_time)
         level = score2level(x.level)
         cvi = x.id[0:3]
         if cvi in vulnerabilities:
@@ -218,7 +216,7 @@ def store(result):
             code_content = x.code_content[:50].strip()
         except AttributeError as e:
             code_content = x.code_content.decode('utf-8')[:100].strip()
-        row = [idx + 1, x.id, cvn, x.rule_name, x.language, level, trigger, commit, code_content, x.analysis]
+        row = [idx + 1, x.id, x.rule_name, level, trigger, code_content]
         data.append(row)
         table.add_row(row)
         if x.id not in trigger_rules:

diff --git a/rules/CVI-160003.xml b/rules/CVI-160003.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <cobra document="https://github.com/wufeifei/cobra">
-    <name value="MySQL Execute Functions可能导致SQL注入"/>
+    <name value="MySQL Execute Functions"/>
     <language value="php"/>
     <match mode="function-param-controllable"><![CDATA[(mysql_query|mysql_db_query)]]></match>
     <repair block="in-function"><![CDATA[(mysql_real_escape_string|addslashes)]]></repair>

diff --git a/rules/CVI-160004.xml b/rules/CVI-160004.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <cobra document="https://github.com/wufeifei/cobra">
-    <name value="SQL Execute Functions可能导致SQL注入"/>
+    <name value="SQL Execute Functions"/>
     <language value="php"/>
     <match mode="function-param-controllable"><![CDATA[(mysqli_query|pg_execute|pg_insert|pg_query|pg_select|pg_update|sqlite_query|msql_query|mssql_query|odbc_exec|fbsql_query|sybase_query|ibase_query|dbx_query|ingres_query|ifx_query|oci_parse|sqlsrv_query|maxdb_query|db2_exec)]]></match>
     <level value="8"/>

diff --git a/tests/vulnerabilities/ことがあ/v.php b/tests/vulnerabilities/ことがあ/v.php
@@ -0,0 +1,2 @@
+<?php
+eval($_GET['a']);