Added bold text to package and color to CVE only. #36
Conversation
|
I like the bold text, but I don't like to have the CVEs listed after the risk score. Mainly because you can have multiple CVEs affecting one package and the risk score isn't related to all of them, but to the riskier. Attaching the "before-after" screenshot: |
|
Then can I color each CVE by the respective severity and add the merged risk at the end, as it was before? |
|
Better yet, I think we don't need the risk score anymore if you colour each CVE differently. Still, someone's terminal could not support colours, so we should display the risk score just in that case. |
|
I think the level is still useful. The severity is not so easy to understand from the color and I think it depends mainly on your terminal color scheme. It's also nice to have a summery of the CVEs severity. |
|
Fine. Then just go ahead by coloring each cve respectively. Thanks! |
|
I added a test to see how it should look with different CVEs. You can run it with In the test the output could seem strange without the |
|
There's something wrong. The package
Also, when using |
| @@ -145,23 +145,29 @@ fn main() { | |||
|
|
|||
| /// Converts a JSON to an `avg::AVG` | |||
| fn to_avg(data: &Value) -> avg::AVG { | |||
| let severity = data["severity"] | |||
There was a problem hiding this comment.
Ok, this is the reason behind the issue I was describing before.
Here, we set the CVE severity to the severity of the AVG. Which isn't the same.
There was a problem hiding this comment.
As far as I can see we don't have that information from the json. So the best option is to return to the start commit 04aa1f5 or close the pull request.
There was a problem hiding this comment.
Or print the AVG and color only that. But this is outside the scope of this pull request.
Formatted the output like
Package {pkg} is affected by {severity} {issues}.with the pkg in bold and the severity and issue colored.