Switch analyzer build diff direction from expectation to change
This has been bugging me for a while, the diff reporting is swapped, so expectations can be a bit confusing
Previous
$ diff -u test/fixtures/${REPORT_FILENAME:-gl-sast-report.json} test/expect/${REPORT_FILENAME:-gl-sast-report.json}
--- test/fixtures/gl-dependency-scanning-report.json
+++ test/expect/gl-dependency-scanning-report.json
@@ -3,10 +3,10 @@
"vulnerabilities": [
{
"category": "dependency_scanning",
- "message": "File Content Disclosure in Action View",
- "cve": "sast-sample-rails/Gemfile.lock:actionview:cve:CVE-2019-5418",
+ "message": "Denial of Service Vulnerability in Action View",
+ "cve": "sast-sample-rails/Gemfile.lock:actionview:cve:CVE-2019-5419",
"severity": "Unknown",
- "solution": "upgrade to ~\u003e 4.2.11, \u003e= 4.2.11.1, ~\u003e 5.0.7, \u003e= 5.0.7.2, ~\u003e 5.1.6, \u003e= 5.1.6.2, ~\u003e 5.2.2, \u003e= 5.2.2.1, \u003e= 6.0.0.beta3",
+ "solution": "upgrade to \u003e= 6.0.0.beta3, ~\u003e 5.2.2, \u003e= 5.2.2.1, ~\u003e 5.1.6, \u003e= 5.1.6.2, ~\u003e 5.0.7, \u003e= 5.0.7.2, ~\u003e 4.2.11, \u003e= 4.2.11.1",
"scanner": {
"id": "bundler_audit",
"name": "bundler-audit"
@@ -23,23 +23,23 @@
"identifiers": [
{
"type": "cve",
- "name": "CVE-2019-5418",
- "value": "CVE-2019-5418",
- "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418"
+ "name": "CVE-2019-5419",
+ "value": "CVE-2019-5419",
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419"
}
],
"links": [
{
- "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q"
+ "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI"
}
]
},
Updated
$ diff -u test/expect/${REPORT_FILENAME:-gl-sast-report.json} test/fixtures/${REPORT_FILENAME:-gl-sast-report.json}
--- test/expect/gl-dependency-scanning-report.json
+++ test/fixtures/gl-dependency-scanning-report.json
Edited by Lucas Charles