-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add risk levels to simple output #516
Conversation
Signed-off-by: egibs <[email protected]>
Looking into why the tests are wanting to downgrade the severity of several test cases when refreshing the test data and manual scans return the correct risk level. |
Signed-off-by: egibs <[email protected]>
Concurrency: runtime.NumCPU(), | ||
IgnoreSelf: false, | ||
IgnoreTags: []string{"harmless"}, | ||
QuantityIncreasesRisk: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tstromberg -- without this, some of our known malicious samples are registering as high
instead of critical
. I guess we never noticed since the risk level was never displayed in the simple reports.
make refresh-sample-testdata
calls malcontent
where QuantityIncreasesRisk
defaults to true
which explains the discrepancy.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That said, we do use QuantityIncreasesRisk: true
for the markdown tests but not the diff or JSON tests.
pkg/render/simple.go
Outdated
@@ -40,7 +41,7 @@ func (r Simple) File(_ context.Context, fr *malcontent.FileReport) error { | |||
}) | |||
|
|||
for _, b := range bs { | |||
fmt.Fprintf(r.w, "%s\n", b.ID) | |||
fmt.Fprintf(r.w, "%s:%s%s\n", b.ID, strings.Repeat(" ", maxLength(bs)-len(b.ID)+1), strings.ToLower(b.RiskLevel)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you just make this a single space between the ID and the risk level? Otherwise, we'll end up with the same inscrutable diff problem that markdown samples have today.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated in 8395a2a
(#516).
Signed-off-by: egibs <[email protected]>
* Add risk levels to simple output Signed-off-by: egibs <[email protected]> * Fix tests; appease the linter Signed-off-by: egibs <[email protected]> * One space Signed-off-by: egibs <[email protected]> --------- Signed-off-by: egibs <[email protected]>
…ike (#524) * Add more macOS detections * macOS alert tuning * Add risk levels to simple output (#516) * Add risk levels to simple output Signed-off-by: egibs <[email protected]> * Fix tests; appease the linter Signed-off-by: egibs <[email protected]> * One space Signed-off-by: egibs <[email protected]> --------- Signed-off-by: egibs <[email protected]> * update makefile * Fix --min-risk behavior re: overrides (#523) Signed-off-by: egibs <[email protected]> * refresh testdata * refresh testdata --------- Signed-off-by: egibs <[email protected]> Co-authored-by: Evan Gibler <[email protected]>
Closes: #512
This PR adds a lowercase risk level string next to scanned paths and their behaviors.
I also added consistent formatting to make the output a little cleaner.