Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid output for status command when using format option #23

Open
ssnepenthe opened this issue Mar 3, 2017 · 5 comments
Open

Invalid output for status command when using format option #23

ssnepenthe opened this issue Mar 3, 2017 · 5 comments
Labels
enhancement help wanted
Milestone
Future Release

Comments

@ssnepenthe
Copy link

There are two parts to this... When running wp vuln status --format=json:

  1. The headers are still being printed (WordPress %%VERSION%%, Plugins, Themes, Nothing to update).
  2. Output is presented as three separate JSON encoded arrays.

Because of this you cannot easily reuse the output from this command:

public function test( $args, $assoc_args ) {
    $parsed = WP_CLI::runcommand( 'vuln status --format=json', [
        'return' => true,
        'parse' => 'json',
    ] );

    var_dump( $parsed ); // NULL
}

The same goes for all other allowed formats.

Not sure if this is important to you or not but I thought I should point it out since this seems like it would be the main use for these alternative output formats.
@phlbnks
Copy link

phlbnks commented Jul 19, 2017

One suggestion for a fix for JSON - it shouldn't be too hard to extend it for the other types also #25

@ibertrix
Copy link

ibertrix commented Mar 4, 2018

If I run format=count the output of any of the commands like theme-status or plugin-status don´t return a 0 if no vulnerability is found.

The logic is to check first if any vulnerability is found and then print it out if necessary to update the theme or plugin or skip if not.

Similar behaviour if you try wp core check-update --format=count returning >0 if you need to upgrade.

@randstring
Copy link

Any chance for this to be fixed?

@jeffpaul jeffpaul added this to the 1.0.0 milestone Feb 19, 2019
@frankiebordone frankiebordone mentioned this issue Mar 29, 2021
Closed
@jeffpaul jeffpaul modified the milestones: 1.0.0, 1.1.0 Dec 1, 2021
@jeffpaul
Copy link
Member

Will look to validate this once 1.1.0 is released, so punting this out of the milestone for now.

@jeffpaul jeffpaul modified the milestones: 1.1.0, Future Release Oct 25, 2022
@iamdharmesh
Copy link
Member

Update:

Issue for json format is fixed by PR #25, but issue still exists for other format like csv, yaml. As headers are still being printed in that formats.

$ wp vuln status --format=csv

WordPress 6.2.2
name,"installed version",status,"introduced in","fixed in"
WordPress,6.2.2,"No vulnerabilities reported for this version of WordPress",n/a,n/a
Plugins
name,"installed version",status,"introduced in","fixed in"
safe-redirect-manager,2.0.1,"No vulnerabilities reported for this version of safe-redirect-manager",n/a,n/a
safe-svg,2.1.1,"No vulnerabilities reported for this version of safe-svg",n/a,n/a
simple-google-news-sitemap,1.0.2,"No vulnerabilities reported for this version of simple-google-news-sitemap",n/a,n/a
simple-page-ordering,2.4.3,"WordPress Simple Page Ordering plugin <= 2.5.0 - Broken Access Control vulnerability","<= 2.5.0",2.5.1
Themes
name,"installed version",status,"introduced in","fixed in"
twentytwentythree,1.1,"No vulnerabilities reported for this version of twentytwentythree",n/a,n/a
twentytwentytwo,1.4,"No vulnerabilities reported for this version of twentytwentytwo",n/a,n/a

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
Future Release
Development

No branches or pull requests
6 participants
@phlbnks @jeffpaul @iamdharmesh @ssnepenthe @randstring @ibertrix