add(report) -format-csv option (#1034)

2020-11-05 20:56:19 +09:00
parent 93059b74c3
commit ebd3834a35
5 changed files with 66 additions and 2 deletions
--- a/report/localfile.go
+++ b/report/localfile.go
@@ -96,6 +96,22 @@ func (w LocalFileWriter) Write(rs ...models.ScanResult) (err error) {
 				return xerrors.Errorf("Failed to write XML. path: %s, err: %w", p, err)
 			}
 		}
+
+		if c.Conf.FormatCsvList {
+			var p string
+			if c.Conf.Diff {
+				p = path + "_short_diff.csv"
+			} else {
+				p = path + "_short.csv"
+			}
+
+			err := formatCsvList(r, p)
+
+			if err == "" {
+				return xerrors.Errorf("Failed to write CSV. path: %s", p)
+			}
+		}
+
 	}
 	return nil
 }
--- a/report/stdout.go
+++ b/report/stdout.go
@@ -27,7 +27,7 @@ func (w StdoutWriter) Write(rs ...models.ScanResult) error {
 		fmt.Print("\n")
 	}

-	if c.Conf.FormatList {
+	if c.Conf.FormatList || c.Conf.FormatCsvList {
 		for _, r := range rs {
 			fmt.Println(formatList(r))
 		}
--- a/report/util.go
+++ b/report/util.go
@@ -2,6 +2,7 @@ package report

 import (
 	"bytes"
+	"encoding/csv"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -382,6 +383,51 @@ No CVE-IDs are found in updatable packages.
 	return
 }

+func formatCsvList(r models.ScanResult, path string) string {
+	data := [][]string{{"CVE-ID", "CVSS", "Attack", "PoC", "CERT", "Fixed", "NVD"}}
+
+	for _, vinfo := range r.ScannedCves.ToSortedSlice() {
+		max := vinfo.MaxCvssScore().Value.Score
+
+		exploits := ""
+		if 0 < len(vinfo.Exploits) || 0 < len(vinfo.Metasploits) {
+			exploits = "POC"
+		}
+
+		link := ""
+		if strings.HasPrefix(vinfo.CveID, "CVE-") {
+			link = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vinfo.CveID)
+		} else if strings.HasPrefix(vinfo.CveID, "WPVDBID-") {
+			link = fmt.Sprintf("https://wpvulndb.com/vulnerabilities/%s", strings.TrimPrefix(vinfo.CveID, "WPVDBID-"))
+		}
+
+		data = append(data, []string{
+			vinfo.CveID,
+			fmt.Sprintf("%4.1f", max),
+			fmt.Sprintf("%s", vinfo.AttackVector()),
+			exploits,
+			vinfo.AlertDict.FormatSource(),
+			fmt.Sprintf("%s", vinfo.PatchStatus(r.Packages)),
+			link,
+		})
+
+	}
+	file, err := os.Create(path)
+	if err != nil {
+		return fmt.Sprintf("Unable to create file: %s", err)
+	}
+
+	defer file.Close()
+
+	writer := csv.NewWriter(file)
+	err = writer.WriteAll(data)
+
+	if err != nil {
+		return fmt.Sprintf("Cannot write to file: %s", err)
+	}
+	return fmt.Sprintf("%s", data)
+}
+
 func cweURL(cweID string) string {
 	return fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html",
 		strings.TrimPrefix(cweID, "CWE-"))