nuclei icon indicating copy to clipboard operation
nuclei copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

Output SARIF format is confusing

Open yuligesec opened this issue 2 years ago • 0 comments 

 -se, -sarif-export string     file to export results in SARIF format

Although nuclei supports exporting to sarif format, it does not conform to the rules of sarif format, and the output result should be placed in the results field. But not.

It is confusing, like this.

...
"results": [
        {
          "ruleId": "tech-detect-95410662745f9d47610c389af7d617774a98aa0c",
          "ruleIndex": 0,
          "level": "note",
          "message": {
            "text": "http://127.0.0.1:18080"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "README.md"
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 1,
                  "endLine": 1,
                  "endColumn": 1
                }
              },
              "message": {
                "text": "http://127.0.0.1:18080"
              }
            }
          ]
        },
...

Sarif Viewer can't view it and get any useful information! image

yuligesec avatar Sep 16 '22 02:09 yuligesec