feat: including metric table in Console (#3215)

Rexbeast2 · web-flow · commit 2757e669e85a · 2023-08-14T16:19:40.000-07:00
diff --git a/cve_bin_tool/output_engine/console.py b/cve_bin_tool/output_engine/console.py
@@ -268,3 +268,47 @@ def validate_cell_length(cell_name, cell_type):
                 table.add_row(*cells)
         # Print the table to the console
         console.print(table)
+
+    table = Table()
+    # Add Head Columns to the Table
+    table.add_column("CVE")
+    table.add_column("CVSS_version")
+    table.add_column("CVSS_score")
+    table.add_column("EPSS_propability")
+    table.add_column("EPSS_percentile")
+    color = "green"
+
+    cve_by_metrics: defaultdict[Remarks, list[dict[str, str]]] = defaultdict(list)
+    # group cve_data by its remarks and separately by paths
+    for product_info, cve_data in all_cve_data.items():
+        for cve in cve_data["cves"]:
+            propability = "-"
+            percentile = "-"
+            for metric, field in cve.metric.items():
+                if metric == "EPSS":
+                    propability = round(field[0] * 100, 4)
+                    percentile = field[1]
+            cve_by_metrics[cve.remarks].append(
+                {
+                    "cve_number": cve.cve_number,
+                    "cvss_version": str(cve.cvss_version),
+                    "cvss_score": str(cve.score),
+                    "epss_propability": str(propability),
+                    "epss_percentile": str(percentile),
+                    "severity": cve.severity,
+                }
+            )
+
+    for remarks in sorted(cve_by_remarks):
+        color = remarks_colors[remarks]
+        for cve in cve_by_metrics[remarks]:
+            color = cve["severity"].split("-")[0].lower()
+            cells = [
+                Text.styled(cve["cve_number"], color),
+                Text.styled(cve["cvss_version"], color),
+                Text.styled(str(cve["cvss_score"]), color),
+                Text.styled(cve["epss_propability"], color),
+                Text.styled(cve["epss_percentile"], color),
+            ]
+            table.add_row(*cells)
+        console.print(table)
diff --git a/test/test_output_engine.py b/test/test_output_engine.py
@@ -902,10 +902,18 @@ def test_output_console(self):
             "│ vendor1 │ product1 │ 3.2.1.0 │ CVE-1234-1234 │ OSV    │ HIGH     │ 7.5 (v2)       │ 4.68            │ 0.34072        │\n"
             "└─────────┴──────────┴─────────┴───────────────┴────────┴──────────┴────────────────┴─────────────────┴────────────────┘\n"
         )
+        expected_output_2 = (
+            "│ CVE-1234-1234 │ 2            │ 4.2        │ 0.126            │ 0.46387         │\n"
+            "│ CVE-1234-1234 │ 2            │ 1.2        │ 1.836            │ 0.79673         │\n"
+            "│ CVE-1234-1234 │ 3            │ 2.5        │ 3.895            │ 0.37350         │\n"
+            "│ CVE-1234-1234 │ 2            │ 7.5        │ 4.68             │ 0.34072         │\n"
+            "└───────────────┴──────────────┴────────────┴──────────────────┴─────────────────┘\n"
+        )
 
         self.mock_file.seek(0)  # reset file position
         result = self.mock_file.read()
         self.assertIn(expected_output, result)
+        self.assertIn(expected_output_2, result)
 
     def test_output_console_affected_versions(self):
         """Test Formatting Output as console with affected-versions"""
@@ -980,10 +988,18 @@ def test_output_console_outfile(self):
             "│ vendor1 │ product1 │ 3.2.1.0 │ CVE-1234-1234 │ OSV    │ HIGH     │ 7.5 (v2)       │ 4.68            │ 0.34072        │\n"
             "└─────────┴──────────┴─────────┴───────────────┴────────┴──────────┴────────────────┴─────────────────┴────────────────┘\n"
         )
+        expected_output_2 = (
+            "│ CVE-1234-1234 │ 2            │ 4.2        │ 0.126            │ 0.46387         │\n"
+            "│ CVE-1234-1234 │ 2            │ 1.2        │ 1.836            │ 0.79673         │\n"
+            "│ CVE-1234-1234 │ 3            │ 2.5        │ 3.895            │ 0.37350         │\n"
+            "│ CVE-1234-1234 │ 2            │ 7.5        │ 4.68             │ 0.34072         │\n"
+            "└───────────────┴──────────────┴────────────┴──────────────────┴─────────────────┘\n"
+        )
 
         with open(tmpf.name, encoding="utf-8") as f:
             result = f.read()
         self.assertIn(expected_output, result)
+        self.assertIn(expected_output_2, result)
         Path(tmpf.name).unlink()  # deleting tempfile
 
     def test_output_file(self):
