From 4a3ba58260e7c5e6045c4060708dcb40ba7577f5 Mon Sep 17 00:00:00 2001
From: Yang Qian <yang.qian@citrix.com>
Date: Thu, 30 May 2019 20:43:03 +0800
Subject: output formatted issues

Output the formatted issues to a file

Signed-off-by: Yang Qian <yang.qian@citrix.com>
---
 analyze.py        | 37 +++++++++++++++++++++++++++----------
 security-check.sh | 23 +++++++++++++++++++----
 2 files changed, 46 insertions(+), 14 deletions(-)

diff --git a/analyze.py b/analyze.py
index 51a7269..abea29f 100644
--- a/analyze.py
+++ b/analyze.py
@@ -6,7 +6,14 @@ import json
 def cnt_on_rule_id(issues, rule_id):
     return len([issue for issue in issues if issue['rule_id'] == rule_id])
 
-def analyze(js):
+
+def write_issue(f, issue, idx):
+    f.write('Issue %d\\n' % idx)
+    for k, v in issue.iteritems():
+        f.write('|%s|%s|\\n' % (k, v))
+
+
+def analyze(js, formatted_issues_f):
     issues = js['Issues']
     if not issues:
         print "Security check: no security issue detected"
@@ -26,13 +33,21 @@ def analyze(js):
             better_fix.append(issue)
 
 
-    print '======== Must fix the potential security issues ========'
-    for issue in must_fix:
-        print json.dumps(issue, indent=4)
+    with open(formatted_issues_f, 'w') as f:
+        idx = 1
+        f.write('\\n*Must fix issues*\\n')
+        print '======== Must fix the potential security issues ========'
+        for issue in must_fix:
+            print json.dumps(issue, indent=4)
+            write_issue(f, issue, idx)
+            idx += 1
 
-    print '======== Optional to fix the potential security issues ========'
-    for issue in better_fix:
-        print json.dumps(issue, indent=4)
+        f.write('\\n----\\n*Optinal fix issues*\\n')
+        print '======== Optional to fix the potential security issues ========'
+        for issue in better_fix:
+            print json.dumps(issue, indent=4)
+            write_issue(f, issue, idx)
+            idx += 1
 
     if must_fix:
         return 1
@@ -45,8 +60,10 @@ def parse_args_or_exit(argv=None):
     Parse command line options
     """
     parser = argparse.ArgumentParser(description="Analyze security check result")
-    parser.add_argument("check_result", metavar="check_result",
-            help="json file of check result")
+    parser.add_argument("-i", metavar="check_result",
+            dest="check_result", help="json file of check result")
+    parser.add_argument("issues", metavar="issues",
+            help="formatted issues")
 
     args = parser.parse_args(argv)
 
@@ -57,7 +74,7 @@ def main(argv):
     check_result = args.check_result
     with open(args.check_result) as f:
         js = json.load(f)
-        sys.exit(analyze(js))
+        sys.exit(analyze(js, args.issues))
 
 if __name__ == '__main__':
     main(sys.argv[1:])
diff --git a/security-check.sh b/security-check.sh
index 34b03fc..7994875 100755
--- a/security-check.sh
+++ b/security-check.sh
@@ -2,17 +2,32 @@
 set -x
 
 top_dir=$(pwd)
+out_dir=""
+
 if [ ! -z $1 ];then
     mkdir -p $1
-    cd $1
+    out_dir=$1
 fi
 
+tmp_dir=`mktemp -d`
+cd $tmp_dir
+
 if [ ! -f ./bin/gosec ];then
     curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s 2.0.0
 fi
 
-out_file=result.json
+result_file=result.json
+issue_file=issues.txt
+
+./bin/gosec -fmt=json -out=${result_file} ${top_dir}/...
 
-./bin/gosec -fmt=json -out=${out_file} ${top_dir}/...
 
-python ${top_dir}/analyze.py ${out_file}
+python ${top_dir}/analyze.py -i ${result_file} ${issue_file}
+ret=$?
+
+rm $result_file
+chmod 666 $issue_file
+if [ "x" != "x$out_dir" ];then
+    mv $issue_file $out_dir
+fi
+exit $ret
-- 
cgit v1.2.3