Closed dpnishant closed 3 years ago
Yes, this is a good point. It's not really nice to consume. Just to clarify, the JSON output format is used within the web interface as well, so that would need changing too.
A boilerplate structure:
{ "scan_info": { "app_path": "/home/user/test_app", "security_warnings": 36, "start_time": "2014-07-18 04:07:20 -0700", "end_time": "2014-07-18 04:07:27 -0700", "duration": 6.961357247, "scanjs": "0.1" }, "warnings": [ { "warning_type": "Code Injection", "warning_code": 2, "fingerprint": "500fc1e567f4be0c014dfdeb9beab4691a00b9f7a69bb947fae46bcc4ef8ae4d", "message": "eval from unsafe string", "file": "app/test.js", "line": 23, "link": "http://wiki.mozilla.org/scanjs/docs/warning_types/code_injection/", "code": "eval(location.hash);", "user_input": "location.hash", "confidence": "High" } ], "ignored_warnings": [], "errors": [] }
Hi,
I feel the output format of the JSON blob from the commandline scanner can be made to be more automation friendly. The idea is to programatically iterate through the JSON and find issues and report in a dashboard. I could create a rough structure something like this: http://pastie.org/private/yuictwpsjldydfhgbmdoeg. But I'm sure there would be a better way to do it. Please let me know your thoughts.