search

sonatype-nexus-community / nancy

A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index
Apache License 2.0
564 stars 74 forks source link

Docker usage produces invalid json [bug] #90

Closed AndreyMZ closed 4 years ago

AndreyMZ commented 4 years ago

Steps to reproduce

go list -m all > list.txt
docker run -v "%CD%":/project -i sonatypecommunity/nancy:latest -output=json /project/list.txt > result.json
python -m json.tool < result.json
head result.json

Actual result

C:\project>go list -m all > list.txt

C:\project>docker run -i sonatypecommunity/nancy:latest -output=json list.txt > result.json
2020/03/11 10:30:08 Nancy version: 0.1.6

C:\project>python -m json.tool < result.json
Expecting value: line 1 column 2 (char 1)

C:\project>head result.json
 __  __
/\ \/\ \
\ \ `\\ \      __       ___      ___    __  __
 \ \ , ` \   /'__`\   /' _ `\   /'___\ /\ \/\ \
  \ \ \`\ \ /\ \L\.\_ /\ \/\ \ /\ \__/ \ \ \_\ \
   \ \_\ \_\\ \__/.\_\\ \_\ \_\\ \____\ \/`____ \
    \/_/\/_/ \/__/\/_/ \/_/\/_/ \/____/  `/___/> \
                                            /\___/
                                            \/__/
  _        _                           _    _

Expected result

No errors on parsing JSON.

Possible solution

Do not write the pseudo-graphical logo at least when the output format is other than text. Actually it is useless in the text format too.

cc @bhamail / @DarthHater

DarthHater commented 4 years ago

This wasn't related to docker use, for the record. Some interesting code paths, I think I've cleaned them up in #91 , now the header should only show up on text formatting/IQ usage.