-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support JSON output including details #10
Comments
Hello, Great suggestion!. To make it a reality it is necessary for me to review, from scratch, how to transform the intermediate .txt file I generate into a .json ... taking into account the multi-language capabilities of this tool and the different parameters with which it can be executed. Let's leave this suggestion open for now. However, I have discarded the associated PR for the reasons stated therein. Thank you. Best regards, |
#10 and with some restrictions (by now!).
Hello! @manuel-sommer, Please take a look at: 6b03a3c That commit allows to export to a .json file the analysis, but with some limitations (for now!): it doesn't allow to generate it with the response headers ('-r' parameter) and it forces to be a short analysis ('-b' parameter). My intention, of course, is to improve this functionality, in order to include in the .json file also the detailed analysis (with values, directives, references, etc). But I think, as a start, it is not bad. What do you think?. Best regards, |
Hi there!, Another commit improving JSON generation, please take a look: f90ad90 Regards, |
Hi @rfc-st |
Hello!, Thank you. My intention is not only to export to JSON the response headers ('-r' parameter) but also to allow the export to JSON of a detailed analysis; with additional references, insecure concrete values, obsolete directives, etc. I'll get to work on it. I'll let you know as soon as I have (at least) the -r parameter part. Best regards, |
Hello! @manuel-sommer, Please take a look at: 51588d2 Now JSON generation also accepts '-r' parameter :). The remaining part is to include in the JSON generation all the information of a detailed analysis: with references about headers, insecure values, directives, etc. ... this will take me some time. Best regards, |
Hi!, I am going to start working on generating JSON files with all the information from the detailed analyses, which are much more complex than the brief ones. Your initial suggestions (such as severity and CWE) I'm going to put aside for now ... they would require me to go through all the checks that this tool performs, one by one, and I don't have the time at the moment to do that. I'd rather focus on getting the JSON generated with all the detailed analysis information. Best regards, |
Hi @manuel-sommer, I'm going to resolve this Issue: I've invested a LOT of time in getting a detailed analysis exported correctly to JSON (taking into account i10n, corner cases, etc.) and I haven't succeeded. Honestly, it's not something that particularly appeals to me or that I want to keep spending my free time on. Therefore, exports to JSON (and by extension to CSV) will be available only for brief analysis. Best regards, |
Thank you @rfc-st |
It would be nice if humble presents a better output format including more details like CWE numbers or a severity justification.
HSTS could have the following CWE number: https://cwe.mitre.org/data/definitions/319.html
This would be a benefit for e.g. https://defectdojo.github.io/django-DefectDojo/integrations/parsers/file/ as I would like to use humble and parse the information of your scanner.
The text was updated successfully, but these errors were encountered: