On Wed, 24 Feb 2021 at 11:11, Lee Chee Yang <[email protected]> wrote:
+ json_string = ""
You're asking for a world of pain here. Just build a data structure
and json.dump() it instead.
+ json_string += ',"LAYER": "%s"' % layer
+ json_string += ',"PACKAGE NAME": "%s"' % d.getVar("PN")
+ json_string += ',"PACKAGE VERSION": "%s%s"' %
(d.getVar("EXTENDPE"), d.getVar("PV"))
+ json_string += ',"CVE": "%s"' % cve
+ json_string += ',"CVE SUMMARY": %s' %
json.dumps(cve_data[cve]["summary"])
+ json_string += ',"CVSS v2 BASE SCORE": "%s"' % cve_data[cve]["scorev2"]
+ json_string += ',"CVSS v3 BASE SCORE": "%s"' % cve_data[cve]["scorev3"]
+ json_string += ',"VECTOR": "%s"' % cve_data[cve]["vector"]
+ json_string += ',"MORE INFORMATION": "%s%s"}\n' % (nvd_link, cve)
If we're going to write a new format, can we at least use nice key
names instead of all THE SHOUTING KEYS. Keys like layer, name,
version, ID, summary, CVSSv2, CVSSv3, link, etc would be a lot easier
to consume.
If we merge JSON reporting we don't need two almost-but-not-quite
human-readable formats in the code, so I'd propose deleting the .txt
generation after the next major release. At least JSON is easier to
transform into something that is actually human readable.
Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#149587):
https://lists.openembedded.org/g/openembedded-core/message/149587
Mute This Topic: https://lists.openembedded.org/mt/80874233/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
