Skip to content

ui,cli: add -j json output#98

Open
nmanthey wants to merge 1 commit into
weggli-rs:mainfrom
nmanthey:json-report
Open

ui,cli: add -j json output#98
nmanthey wants to merge 1 commit into
weggli-rs:mainfrom
nmanthey:json-report

Conversation

@nmanthey
Copy link
Copy Markdown

@nmanthey nmanthey commented Nov 5, 2025

When running weggli on multiple projects, or with multiple queries on project, leaving traces of the activities on disk helps to revisit findings later on again. Hence, this change extends weggli to keep track of its activities by storing a JSON file with the invocation, as well as the findings and a brief summary.

Testing Done

I executed weggli on a simple example input file with this feature enabled:

rm -f output.json && cargo build --release && ./target/release/weggli --json output.json 'memcpy($buf,_,_);' test_file.c && cat output.json

Release build:

warning: `/home/ANT.AMAZON.COM/nmanthey/projects/weggli/.cargo/config` is deprecated in favor of `config.toml`
note: if you need to support cargo 1.38 or earlier, you can symlink `config` to `config.toml`
    Finished `release` profile [optimized] target(s) in 0.27s

Run output :

int main() {
    char buf[100];
    memcpy(buf, "hello", 5);
    return 0;

test_file.c:10
void vulnerable_function() {
    char stack_buffer[256];
    memcpy(stack_buffer, "data", 4);
}

JSON output:

{
  "matches": [
    {
      "path": "test_file.c",
      "line": 4,
      "lines": {
        "4": "int main() {",
        "6": "    memcpy(buf, \"hello\", 5);"
      }
    },
    {
      "path": "test_file.c",
      "line": 10,
      "lines": {
        "10": "void vulnerable_function() {",
        "12": "    memcpy(stack_buffer, \"data\", 4);"
      }
    }
  ],
  "summary": {
    "matched_patterns": 2
  },
  "parameters": {
    "pattern": [
      "memcpy($buf,_,_);"
    ],
    "path": "test_file.c",
    "before": 5,
    "after": 5,
    "extensions": [
      "c",
      "h"
    ],
    "regexes": [],
    "limit": false,
    "cpp": false,
    "unique": false,
    "include": [],
    "exclude": []
  }
}

Actual file:

#include <stdio.h>
#include <string.h>

int main() {
    char buf[100];
    memcpy(buf, "hello", 5);
    return 0;
}

void vulnerable_function() {
    char stack_buffer[256];
    memcpy(stack_buffer, "data", 4);
}

@nmanthey
ui,cli: add -j json output
72b50d7 
When running weggli on multiple projects, or with multiple
queries on project, leaving traces of the activities on
disk helps to revisit findings later on again. Hence, this
change extends weggli to keep track of its activities by
storing a JSON file with the invocation, as well as the
findings and a brief summary.

Signed-off-by: Norbert Manthey <nmanthey@amazon.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nmanthey