Esempio n. 1
0
    def _report(self):
        template = u"\n{title}\n{issues}\n\n{statistics}"

        title = u"Scaning <{directory}> at {time}".format(
            directory=Out.R(conf.target),
            time=Out.R(time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())))

        issues_content = \
            Out.Y("-"*80 + "\nFound security issues as follows:\n\n")

        for issue in issuemgr:
            issues_content = issues_content + self._format_issue(issue)

        statistics = Out.Y("-" * 80 + "\nStatistics information:\n")
        sinfo = issuemgr.statistics()
        for s in sinfo:
            statistics = statistics + \
                "{key}: {value}".format(key=severity_map[s][0].capitalize(),
                    value=sinfo[s]) + "\n"

        content = template.format(title=title,
                                  issues=issues_content,
                                  statistics=statistics)

        return content
Esempio n. 2
0
    def _format_issue(self, issue):
        template = (u"[{id}:{name}]\n"
                    u"<Match:{pattern}> <Severity:{severity}> "
                    u"<Confidence:{confidence}>\n"
                    u"@{filename}\n"
                    u"{context}\n")

        return template.format(
            id=Out.R(issue['ID']),
            name=Out.G(issue['name']),
            pattern=Out.Y(issue['pattern']),
            severity=severity_map[issue['severity']][0].capitalize(),
            confidence=confidence_map[issue['confidence']][0].capitalize(),
            filename=Out.B(issue['filename']),
            context=self._format_issue_context(issue))
Esempio n. 3
0
    def _format_issue_context(self, issue):
        result = ""
        if not issue['context']:
            return result

        largest_lineno = issue['context'][-1][0]
        no_fmt = "{0:>" + str(len(str(largest_lineno))) + "}"

        for line in issue['context']:
            if line[0] == issue['lineno']:
                result = result + Out.Y(no_fmt.format(str(line[0])) + ": " +\
                    line[1].rstrip() + "\n")
            else:
                result = result + no_fmt.format(str(line[0])) + "- " +\
                    line[1].rstrip() + "\n"

        return result