CryptoAnalysis icon indicating copy to clipboard operation
CryptoAnalysis copied to clipboard
verified publisher icon CROSSINGTUD

Feature Request: JSON Result Format

Open luismoeller opened this issue 3 years ago • 1 comments

Because we are using CogniCrypt CryptoAnalysis in a fully automated pipeline-based environment, a JSON result file would allow us to process all results in an automated way. It would be nice to have all available information within this JSON. The example below is possibly incomplete.

Example JSON:

[
  {
    "Class": "example.ConstraintErrorExample",
    "Method": "void main(java.lang.String[])",
    "Statement": "r0 = staticinvoke <javax.crypto.Cipher: javax.crypto.Cipher getInstance(java.lang.String)>(varReplacer0)",
    "Type": "ConstraintError",
    "Rule": "javax.crypto.Cipher",
    "Description": "First parameter (with value \"AES/ECB/PKCS5Padding\") should be any of AES/{CBC, GCM, PCBC, CTR, CTS, CFB, OFB}"
  }
]

luismoeller avatar Jul 21 '22 13:07 luismoeller

There is an option to specify the output format. CryptoAnalysis can output a SARIF-based json file. You can do that by adding the command line flag --reportFormat SARIF.

svenfeld avatar Aug 09 '22 21:08 svenfeld

We are reworking the report formats in #417. Once this is merged you can check the reworked report formats (flags for the then "legacy" formats will be provided).

schlichtig avatar Jan 19 '23 09:01 schlichtig