search

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
https://safetycli.com/product/safety-cli
MIT License
1.66k stars 141 forks source link

Add CVE to reports #340

Closed damiencarol closed 1 year ago

damiencarol commented 3 years ago

Add CVE info to Sheet and JSON reports:

            +==============================================================================+
            |                                                                              |
            |                               /$$$$$$            /$$                         |
            |                              /$$__  $$          | $$                         |
            |           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$           |
            |          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$           |
            |         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$           |
            |          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$           |
            |          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$           |
            |         |_______/  \_______/|__/     \_______/   \___/   \____  $$           |
            |                                                          /$$  | $$           |
            |                                                         |  $$$$$$/           |
            |  by pyup.io                                              \______/            |
            |                                                                              |
            +==============================================================================+
            | REPORT                                                                       |
            | checked 5 packages, using test DB                                            |
            +============================+===========+==========================+==========+
            | package                    | installed | affected                 | ID       |
            +============================+===========+==========================+==========+
            | libfoo                     | 1.9.3     | <2.0.0                   |     1234 |
            +==============================================================================+
            | CVE: CVE-2099-34455                                                          |
            +==============================================================================+
            | libfoo prior to version 2.0.0 had a vulnerability blah blah blah blah blah   |
            | blah blah blah blah blah blah blah blah blah blah.                           |
            |                                                                              |
            | All users are urged to upgrade please.                                       |
            +==============================================================================+

For JSON:

(.venv) [damien@damien safety]$ safety check --json -r ../dd/requirements.txt 
[
    [
        "django",
        "==2.2.18",
        "2.2.18",
        "Django 2.2.19 fixes a security issue in 2.2.18 (CVE-2021-23336).",
        "39646",
        null,
        null,
        "CVE-2021-23336"
    ]
]

This PR is a first step to #253

codecov[bot] commented 3 years ago

Codecov Report

Merging #340 (4163fe1) into master (55cc69d) will increase coverage by 0.16%. The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #340      +/-   ##
==========================================
+ Coverage   69.51%   69.68%   +0.16%     
==========================================
  Files           8        8              
  Lines         538      541       +3     
==========================================
+ Hits          374      377       +3     
  Misses        164      164
Impacted Files Coverage Δ
safety/safety.py 93.18% <ø> (ø)
safety/formatter.py 51.72% <100.00%> (+0.84%) :arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 55cc69d...4163fe1. Read the comment docs.

valentijnscholten commented 3 years ago

Would be nice to have this included.

damiencarol commented 3 years ago

@rafaelpivato could you take a look? thanks! :D

damiencarol commented 3 years ago

any news on this one?

rafaelpivato commented 3 years ago

@harlekeyn can you look at this, please?

damiencarol commented 2 years ago

@rafaelpivato @harlekeyn anybody to review this one?

yeisonvargasf commented 1 year ago

Thank you, @damiencarol, for this pull request. I apologize for the late response. There was a WIP related to Safety 2 at that time.

This feature was included in the latest Safety releases, and Safety has an improved JSON structure with more data.

I'll close this PR.