search

nccgroup / sobelow

Security-focused static analysis for the Phoenix Framework
Apache License 2.0
1.67k stars 92 forks source link

Sobelow.XSS.Raw JSON schema missing `line` key #54

Closed NickMeves closed 4 years ago

NickMeves commented 4 years ago

Hey there,

The mandatory line key appears to be missing from here: https://github.com/nccgroup/sobelow/blob/6b8a89282acde1931945a31f2f93741651e410e4/lib/sobelow/xss/raw.ex#L113

case Sobelow.format() do
      "json" ->
        json_finding = [
          type: finding.type,
          file: finding.filename,
          variable: "#{finding.vuln_variable}",
          template: "#{t_name}"
        ]

I haven't tested this live (in case it is handled elsewhere). I just noticed when I was trying to get a feel for the optional JSON keys various types might present back.

Thanks!

GriffinMB commented 4 years ago

Thanks for opening the issue! You're right, "line" is missing from the JSON output. I just pushed a fix to master, so it will be available in the next release. I'll close this ticket once the change is live on Hex.

Thanks again!

GriffinMB commented 4 years ago

This is live in 0.9.3!