fix: remove Highlighted from json output (#2131)

Co-authored-by: knqyf263 <knqyf263@gmail.com>
2025-12-13 00:00:19 -08:00 · 2022-05-16 17:04:09 +01:00
parent 3d23ad846c
commit afe3292843
4 changed files with 31 additions and 14 deletions
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.2
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
-	github.com/aquasecurity/fanal v0.0.0-20220516110734-b18dcc16cd58
+	github.com/aquasecurity/fanal v0.0.0-20220516143651-a81c666fb9b5
 	github.com/aquasecurity/go-dep-parser v0.0.0-20220503151658-d316f5cc2cff
 	github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
 	github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
@@ -77,7 +77,7 @@ require (
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/apparentlymart/go-cidr v1.1.0 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
-	github.com/aquasecurity/defsec v0.57.6
+	github.com/aquasecurity/defsec v0.57.7
 	github.com/aws/aws-sdk-go v1.44.5 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/bmatcuk/doublestar v1.3.4 // indirect
--- a/go.sum
+++ b/go.sum
@@ -180,10 +180,10 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM=
 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
-github.com/aquasecurity/defsec v0.57.6 h1:IeREWBMeJUmHHlG41FnjmsvndjoAs0aso6judsr82nc=
-github.com/aquasecurity/defsec v0.57.6/go.mod h1:42FxKif2itz+MHFlJ3TJjdroL9Jzj3THoexlueBTU5w=
-github.com/aquasecurity/fanal v0.0.0-20220516110734-b18dcc16cd58 h1:o6Y1tS1NuzDRDDb8pfKW/ElwBYW8fRI8etgaw9FlRJQ=
-github.com/aquasecurity/fanal v0.0.0-20220516110734-b18dcc16cd58/go.mod h1:5E2NdTg9dgzGfMNpy+5egrezFBF1v8j+iiUYPLL1cs0=
+github.com/aquasecurity/defsec v0.57.7 h1:Y5D9YOUuU5oEtOQ6a+gjfKS5AAhsOK9gMcXUyiq20tY=
+github.com/aquasecurity/defsec v0.57.7/go.mod h1:42FxKif2itz+MHFlJ3TJjdroL9Jzj3THoexlueBTU5w=
+github.com/aquasecurity/fanal v0.0.0-20220516143651-a81c666fb9b5 h1:YAdyy3x91x8UiP5ol96yp5Quhuc35K+MyWmnMfzADhQ=
+github.com/aquasecurity/fanal v0.0.0-20220516143651-a81c666fb9b5/go.mod h1:GKzV4Pj8VdjxaHvzn7CpO/t7VX46hxhbtqbDq7RKWQg=
 github.com/aquasecurity/go-dep-parser v0.0.0-20220503151658-d316f5cc2cff h1:YNlzRYB0n4mZtfuWx6AWaGEjnLVNekchyoFDlYFZegs=
 github.com/aquasecurity/go-dep-parser v0.0.0-20220503151658-d316f5cc2cff/go.mod h1:7EOQWQmyavVPY3fScbbPdd3dB/b0Q4ZbJ/NZCvNKrLs=
 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
--- a/pkg/report/json.go
+++ b/pkg/report/json.go
@@ -17,14 +17,6 @@ type JSONWriter struct {

 // Write writes the results in JSON format
 func (jw JSONWriter) Write(report types.Report) error {
-	// VendorSeverity includes all vendor severities.
-	// It would be noisy to users, so it should be removed from the JSON output.
-	for i := 0; i < len(report.Results); i++ {
-		for j := 0; j < len(report.Results[i].Vulnerabilities); j++ {
-			report.Results[i].Vulnerabilities[j].VendorSeverity = nil
-		}
-	}
-
 	output, err := json.MarshalIndent(report, "", "  ")
 	if err != nil {
 		return xerrors.Errorf("failed to marshal json: %w", err)
--- a/pkg/types/report.go
+++ b/pkg/types/report.go
@@ -1,6 +1,8 @@
 package types

 import (
+	"encoding/json"
+
 	v1 "github.com/google/go-containerregistry/pkg/v1" // nolint: goimports

 	ftypes "github.com/aquasecurity/fanal/types"
@@ -53,6 +55,29 @@ type Result struct {
 	CustomResources   []ftypes.CustomResource    `json:"CustomResources,omitempty"`
 }

+func (r *Result) MarshalJSON() ([]byte, error) {
+	// VendorSeverity includes all vendor severities.
+	// It would be noisy to users, so it should be removed from the JSON output.
+	for i := range r.Vulnerabilities {
+		r.Vulnerabilities[i].VendorSeverity = nil
+	}
+
+	// remove the Highlighted attribute from the json results
+	for i := range r.Misconfigurations {
+		for li := range r.Misconfigurations[i].CauseMetadata.Code.Lines {
+			r.Misconfigurations[i].CauseMetadata.Code.Lines[li].Highlighted = ""
+		}
+	}
+
+	// Notice the Alias struct prevents MarshalJSON being called infinitely
+	type ResultAlias Result
+	return json.Marshal(&struct {
+		*ResultAlias
+	}{
+		ResultAlias: (*ResultAlias)(r),
+	})
+}
+
 type MisconfSummary struct {
 	Successes  int
 	Failures   int