Closed Maximilianhummel closed 1 year ago
The expected result log is generated using CLI HeadlessCryptoScanner of CryptoAnalysis where all the results after analysis are displayed on CLI. If --reportFormat TXT is selected, it shows the result same.
[main] INFO crypto.HeadlessCryptoScanner - Using call graph algorithm CHA
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$2 (file:/G:/fraunhofer/Newfolder/CryptoAnalysis/CryptoAnalysis-2.8.0-SNAPSHOT-jar-with-dependencies.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$2
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[main] WARN pes.access.impl.DeclaredTypeFactory - --- xtext.common.types ---------------------------------------------------
[main] WARN pes.access.impl.DeclaredTypeFactory - ASM library is too old. Falling back to java.lang.reflect API.
[main] WARN pes.access.impl.DeclaredTypeFactory - Please note that no information about compile time constants is available.
[main] WARN pes.access.impl.DeclaredTypeFactory - It's recommended to use org.objectweb.asm 9.0.0 or better (Maven group id: org.ow2.asm).
[main] WARN pes.access.impl.DeclaredTypeFactory - --------------------------------------------------------------------------
[main] INFO crypto.HeadlessCryptoScanner - Analysis soot setup done in 3.252 s
[main] INFO crypto.analysis.CryptoScanner - Searching for seeds for the analysis!
[main] INFO crypto.analysis.CryptoScanner - Discovered 1 analysis seeds within 1 seconds!
[main] INFO crypto.analysis.CryptoScanner - Analyzed Objects: 1 of 2
[main] INFO crypto.analysis.CryptoScanner - Percentage Completed: 0.5
[main] INFO crypto.reporting.TXTReporter - Text Report generated to file : G:\fraunhofer\Newfolder\CryptoAnalysis\reports\CryptoAnalysis-Report.txt
[main] INFO crypto.analysis.CryptoScanner - Static Analysis took 1 seconds!
[main] INFO crypto.HeadlessCryptoScanner - Analysis finished in 7.754 s
For --reportFormat CSV, it shows the same log.
[main] INFO crypto.HeadlessCryptoScanner - Using call graph algorithm CHA
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$2 (file:/G:/fraunhofer/Newfolder/CryptoAnalysis/CryptoAnalysis-2.8.0-SNAPSHOT-jar-with-dependencies.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$2
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[main] WARN pes.access.impl.DeclaredTypeFactory - --- xtext.common.types ---------------------------------------------------
[main] WARN pes.access.impl.DeclaredTypeFactory - ASM library is too old. Falling back to java.lang.reflect API.
[main] WARN pes.access.impl.DeclaredTypeFactory - Please note that no information about compile time constants is available.
[main] WARN pes.access.impl.DeclaredTypeFactory - It's recommended to use org.objectweb.asm 9.0.0 or better (Maven group id: org.ow2.asm).
[main] WARN pes.access.impl.DeclaredTypeFactory - --------------------------------------------------------------------------
[main] INFO crypto.HeadlessCryptoScanner - Analysis soot setup done in 2.631 s
[main] INFO crypto.analysis.CryptoScanner - Searching for seeds for the analysis!
[main] INFO crypto.analysis.CryptoScanner - Discovered 1 analysis seeds within 1 seconds!
[main] INFO crypto.analysis.CryptoScanner - Analyzed Objects: 1 of 2
[main] INFO crypto.analysis.CryptoScanner - Percentage Completed: 0.5
[main] INFO crypto.reporting.CSVReporter - CSV Report generated to file : G:\fraunhofer\Newfolder\CryptoAnalysis\reports\CryptoAnalysis-Report.csv
[main] INFO crypto.analysis.CryptoScanner - Static Analysis took 1 seconds!
[main] INFO crypto.HeadlessCryptoScanner - Analysis finished in 7.241 s
Please use a CSV Viewer to read the results of CSV file.
We could also reproduce this behavior with the built version 2.8. What we would like to have is the output in CSV format in a file, as well as the output under the reporttype txt as a log on stdout. Because the txt output provides even more information, in which classes e.g. constraint errors were found.
So would it be possible to save the output in a csv file and output the txt out in parallel on the console? Or do I have to call the tool twice on the same file to get the desired information?
So the issue is not related to how the logs compare to each other but the information that is populated into the csv file and txt files generated. The csv file contains the number of reported errors, whereas the txt contains where these issues are. And txt files are not machine-readable. So ideally, all of this information should be dumped into the csv. Without this being possible, CogniCrypt cannot be integrated into any automated pipeline. Reopening this issue.
Running with CSV as report format does not give me the same log information as running with .TXT as report format.
This is the log with CSV:
I would like to have a log like this:
Is there any option, to get the full log with CSV as report option?
Thank you in advance!