Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support JSON output including details #10

Closed
manuel-sommer opened this issue Oct 16, 2023 · 10 comments
Closed

Support JSON output including details #10

manuel-sommer opened this issue Oct 16, 2023 · 10 comments
Assignees
Labels
enhancement New feature or request

Comments

@manuel-sommer
Copy link

It would be nice if humble presents a better output format including more details like CWE numbers or a severity justification.
HSTS could have the following CWE number: https://cwe.mitre.org/data/definitions/319.html

This would be a benefit for e.g. https://defectdojo.github.io/django-DefectDojo/integrations/parsers/file/ as I would like to use humble and parse the information of your scanner.

manuel-sommer added a commit to manuel-sommer/humble that referenced this issue Oct 16, 2023
@rfc-st rfc-st self-assigned this Oct 16, 2023
@rfc-st rfc-st added the enhancement New feature or request label Oct 16, 2023
@rfc-st
Copy link
Owner

rfc-st commented Oct 21, 2023

Hello,

Great suggestion!. To make it a reality it is necessary for me to review, from scratch, how to transform the intermediate .txt file I generate into a .json ... taking into account the multi-language capabilities of this tool and the different parameters with which it can be executed.

Let's leave this suggestion open for now. However, I have discarded the associated PR for the reasons stated therein.

Thank you.

Best regards,

rfc-st added a commit that referenced this issue Oct 27, 2023
#10 and with some restrictions (by now!).
@rfc-st
Copy link
Owner

rfc-st commented Oct 27, 2023

Hello! @manuel-sommer,

Please take a look at: 6b03a3c

That commit allows to export to a .json file the analysis, but with some limitations (for now!): it doesn't allow to generate it with the response headers ('-r' parameter) and it forces to be a short analysis ('-b' parameter).

My intention, of course, is to improve this functionality, in order to include in the .json file also the detailed analysis (with values, directives, references, etc). But I think, as a start, it is not bad.

What do you think?.

Best regards,

@rfc-st
Copy link
Owner

rfc-st commented Oct 31, 2023

Hi there!,

Another commit improving JSON generation, please take a look: f90ad90

Regards,

@manuel-sommer
Copy link
Author

Hi @rfc-st
I looked at the JSON generation. It is a good start. As soon as you have also implemented the -r parameter, I will make a PR at defectdojo to add a parser for humble.

@rfc-st
Copy link
Owner

rfc-st commented Nov 2, 2023

Hello!,

Thank you. My intention is not only to export to JSON the response headers ('-r' parameter) but also to allow the export to JSON of a detailed analysis; with additional references, insecure concrete values, obsolete directives, etc.

I'll get to work on it. I'll let you know as soon as I have (at least) the -r parameter part.

Best regards,

@rfc-st
Copy link
Owner

rfc-st commented Nov 10, 2023

Hello! @manuel-sommer,

Please take a look at: 51588d2

Now JSON generation also accepts '-r' parameter :).

The remaining part is to include in the JSON generation all the information of a detailed analysis: with references about headers, insecure values, directives, etc. ... this will take me some time.

Best regards,

@manuel-sommer
Copy link
Author

Thank you already @rfc-st for the feature :-)
I added another issue as I don't know if this is only json output related: #13 Maybe

@rfc-st
Copy link
Owner

rfc-st commented Nov 15, 2023

Hi!,

I am going to start working on generating JSON files with all the information from the detailed analyses, which are much more complex than the brief ones.

Your initial suggestions (such as severity and CWE) I'm going to put aside for now ... they would require me to go through all the checks that this tool performs, one by one, and I don't have the time at the moment to do that. I'd rather focus on getting the JSON generated with all the detailed analysis information.

Best regards,

@rfc-st
Copy link
Owner

rfc-st commented Dec 16, 2023

Hi @manuel-sommer,

I'm going to resolve this Issue: I've invested a LOT of time in getting a detailed analysis exported correctly to JSON (taking into account i10n, corner cases, etc.) and I haven't succeeded. Honestly, it's not something that particularly appeals to me or that I want to keep spending my free time on.

Therefore, exports to JSON (and by extension to CSV) will be available only for brief analysis.

Best regards,

@rfc-st rfc-st closed this as completed Dec 16, 2023
@manuel-sommer
Copy link
Author

Thank you @rfc-st

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants