Include fingerprint in print and JSON format output

lib/sobelow/config/csp.ex

@@ -118,14 +118,16 @@ defmodule Sobelow.Config.CSP do
     file_header = "File: #{finding.filename}"
     pipeline_header = "Pipeline: #{finding.fun_name}"
     line_header = "Line: #{finding.vuln_line_no}"
+    fingerprint_header = "Fingerprint: #{finding.fingerprint}"
 
     case Sobelow.format() do
       "json" ->
         json_finding = [
           type: finding.type,
           file: finding.filename,
           pipeline: finding.fun_name,
-          line: finding.vuln_line_no
+          line: finding.vuln_line_no,
+          fingerprint: finding.fingerprint
         ]
 
         Sobelow.log_finding(json_finding, finding)
@@ -135,7 +137,7 @@ defmodule Sobelow.Config.CSP do
 
         Print.print_custom_finding_metadata(
           finding,
-          [file_header, pipeline_header, line_header]
+          [file_header, pipeline_header, line_header, fingerprint_header]
         )
 
       "compact" ->

lib/sobelow/config/csrf.ex

@@ -54,14 +54,16 @@ defmodule Sobelow.Config.CSRF do
     file_header = "File: #{finding.filename}"
     pipeline_header = "Pipeline: #{finding.fun_name}"
     line_header = "Line: #{finding.vuln_line_no}"
+    fingerprint_header = "Fingerprint: #{finding.fingerprint}"
 
     case Sobelow.format() do
       "json" ->
         json_finding = [
           type: finding.type,
           file: finding.filename,
           pipeline: finding.fun_name,
-          line: finding.vuln_line_no
+          line: finding.vuln_line_no,
+          fingerprint: finding.fingerprint
         ]
 
         Sobelow.log_finding(json_finding, finding)
@@ -71,7 +73,7 @@ defmodule Sobelow.Config.CSRF do
 
         Print.print_custom_finding_metadata(
           finding,
-          [file_header, pipeline_header, line_header]
+          [file_header, pipeline_header, line_header, fingerprint_header]
         )
 
       "compact" ->

lib/sobelow/config/csrf_route.ex

@@ -83,14 +83,16 @@ defmodule Sobelow.Config.CSRFRoute do
     file_header = "File: #{finding.filename}"
     action_header = "Action: #{finding.fun_name}"
     line_header = "Line: #{finding.vuln_line_no}"
+    fingerprint_header = "Fingerprint: #{finding.fingerprint}"
 
     case Sobelow.format() do
       "json" ->
         json_finding = [
           type: finding.type,
           file: finding.filename,
           route: finding.fun_name,
-          line: finding.vuln_line_no
+          line: finding.vuln_line_no,
+          fingerprint: finding.fingerprint
         ]
 
         Sobelow.log_finding(json_finding, finding)
@@ -100,7 +102,7 @@ defmodule Sobelow.Config.CSRFRoute do
 
         Print.print_custom_finding_metadata(
           finding,
-          [file_header, action_header, line_header]
+          [file_header, action_header, line_header, fingerprint_header]
         )
 
       "compact" ->

lib/sobelow/config/cswh.ex

@@ -67,13 +67,15 @@ defmodule Sobelow.Config.CSWH do
 
     file_header = "File: #{finding.filename}"
     line_header = "Line: #{finding.vuln_line_no}"
+    fingerprint_header = "Fingerprint: #{finding.fingerprint}"
 
     case Sobelow.format() do
       "json" ->
         json_finding = [
           type: finding.type,
           file: finding.filename,
-          line: finding.vuln_line_no
+          line: finding.vuln_line_no,
+          fingerprint: finding.fingerprint
         ]
 
         Sobelow.log_finding(json_finding, finding)
@@ -83,7 +85,7 @@ defmodule Sobelow.Config.CSWH do
 
         Print.print_custom_finding_metadata(
           finding,
-          [file_header, line_header]
+          [file_header, line_header, fingerprint_header]
         )
 
       "compact" ->

lib/sobelow/config/headers.ex

@@ -52,14 +52,16 @@ defmodule Sobelow.Config.Headers do
     file_header = "File: #{finding.filename}"
     pipeline_header = "Pipeline: #{finding.fun_name}"
     line_header = "Line: #{finding.vuln_line_no}"
+    fingerprint_header = "Fingerprint: #{finding.fingerprint}"
 
     case Sobelow.format() do
       "json" ->
         json_finding = [
           type: finding.type,
           file: finding.filename,
           pipeline: finding.fun_name,
-          line: finding.vuln_line_no
+          line: finding.vuln_line_no,
+          fingerprint: finding.fingerprint
         ]
 
         Sobelow.log_finding(json_finding, finding)
@@ -69,7 +71,7 @@ defmodule Sobelow.Config.Headers do
 
         Print.print_custom_finding_metadata(
           finding,
-          [file_header, pipeline_header, line_header]
+          [file_header, pipeline_header, line_header, fingerprint_header]
         )
 
       "compact" ->

lib/sobelow/config/hsts.ex

@@ -49,20 +49,23 @@ defmodule Sobelow.Config.HSTS do
       }
       |> Finding.fetch_fingerprint()
 
+    fingerprint_header = "Fingerprint: #{finding.fingerprint}"
+
     case Sobelow.format() do
       "json" ->
         json_finding = [
           type: finding.type,
           file: finding.filename,
-          line: finding.vuln_line_no
+          line: finding.vuln_line_no,
+          fingerprint: finding.fingerprint
         ]
 
         Sobelow.log_finding(json_finding, finding)
 
       "txt" ->
         Sobelow.log_finding(finding)
 
-        Print.print_custom_finding_metadata(finding, [])
+        Print.print_custom_finding_metadata(finding, [fingerprint_header])
 
       "compact" ->
         Print.log_compact_finding(finding)

lib/sobelow/config/https.ex

@@ -51,20 +51,23 @@ defmodule Sobelow.Config.HTTPS do
       }
       |> Finding.fetch_fingerprint()
 
+    fingerprint_header = "Fingerprint: #{finding.fingerprint}"
+
     case Sobelow.format() do
       "json" ->
         json_finding = [
           type: finding.type,
           file: finding.filename,
-          line: finding.vuln_line_no
+          line: finding.vuln_line_no,
+          fingerprint: finding.fingerprint
         ]
 
         Sobelow.log_finding(json_finding, finding)
 
       "txt" ->
         Sobelow.log_finding(finding)
 
-        Print.print_custom_finding_metadata(finding, [])
+        Print.print_custom_finding_metadata(finding, [fingerprint_header])
 
       "compact" ->
         Print.log_compact_finding(finding)

lib/sobelow/config/secrets.ex

@@ -80,14 +80,16 @@ defmodule Sobelow.Config.Secrets do
     file_header = "File: #{finding.filename}"
     line_header = "Line: #{finding.vuln_line_no}"
     key_header = "Key: #{key}"
+    fingerprint_header = "Fingerprint: #{finding.fingerprint}"
 
     case Sobelow.get_env(:format) do
       "json" ->
         json_finding = [
           type: finding.type,
           file: finding.filename,
           line: finding.vuln_line_no,
-          key: key
+          key: key,
+          fingerprint: finding.fingerprint
         ]
 
         Sobelow.log_finding(json_finding, finding)
@@ -98,7 +100,8 @@ defmodule Sobelow.Config.Secrets do
         Print.print_custom_finding_metadata(finding, [
           file_header,
           line_header,
-          key_header
+          key_header,
+          fingerprint_header
         ])
 
       "compact" ->

lib/sobelow/print.ex

@@ -36,6 +36,7 @@ defmodule Sobelow.Print do
     IO.puts(finding_line(finding.vuln_line_no))
     maybe_print_finding_fun_metadata(finding.fun_name, finding.fun_line_no)
     IO.puts(finding_variable(finding.vuln_variable))
+    IO.puts(finding_fingerprint(finding))
     maybe_print_code(finding.fun_source, finding.vuln_source)
     IO.puts(finding_break())
   end
@@ -103,7 +104,8 @@ defmodule Sobelow.Print do
       type: finding.type,
       file: finding.filename,
       line: finding.vuln_line_no,
-      variable: finding.vuln_variable
+      variable: finding.vuln_variable,
+      fingerprint: finding.fingerprint
     ]
 
     Sobelow.log_finding(json_finding, finding)
@@ -163,6 +165,10 @@ defmodule Sobelow.Print do
     "\n-----------------------------------------------\n"
   end
 
+  def finding_fingerprint(%Finding{} = finding) do
+    "Fingerprint: #{finding.fingerprint}"
+  end
+
   def maybe_print_code(fun, finding) do
     if Sobelow.get_env(:verbose), do: print_code(fun, finding)
   end

lib/sobelow/vuln.ex

@@ -55,14 +55,17 @@ defmodule Sobelow.Vuln do
       }
       |> Finding.fetch_fingerprint()
 
+    fingerprint_header = "Fingerprint: #{finding.fingerprint}"
+
     case Sobelow.format() do
       "json" ->
         json_finding = [
           type: finding.type,
           details: detail,
           file: finding.filename,
           cve: cve,
-          line: 0
+          line: 0,
+          fingerprint: finding.fingerprint
         ]
 
         Sobelow.log_finding(json_finding, finding)
@@ -73,7 +76,8 @@ defmodule Sobelow.Vuln do
         Print.print_custom_finding_metadata(finding, [
           "Details: #{detail}",
           "File: #{finding.filename}",
-          "CVE: #{cve}"
+          "CVE: #{cve}",
+          fingerprint_header
         ])
 
       "compact" ->

lib/sobelow/xss/raw.ex

@@ -125,14 +125,17 @@ defmodule Sobelow.XSS.Raw do
       }
       |> Finding.fetch_fingerprint()
 
+    fingerprint_header = "Fingerprint: #{finding.fingerprint}"
+
     case Sobelow.format() do
       "json" ->
         json_finding = [
           type: finding.type,
           file: finding.filename,
           variable: "#{finding.vuln_variable}",
           template: "#{t_name}",
-          line: finding.vuln_line_no
+          line: finding.vuln_line_no,
+          fingerprint: finding.fingerprint
         ]
 
         Sobelow.log_finding(json_finding, finding)
@@ -144,7 +147,8 @@ defmodule Sobelow.XSS.Raw do
           Print.finding_file_name(filename),
           Print.finding_line(finding.vuln_source),
           Print.finding_fun_metadata(fun_name, line_no),
-          "Template: #{t_name} - #{var}"
+          "Template: #{t_name} - #{var}",
+          fingerprint_header
         ])
 
       "compact" ->

test/print_test.exs

@@ -25,6 +25,8 @@ defmodule SobelowTest.PrintTest do
       CodeModule.run(ast, @metafile)
     end
 
-    assert capture_io(run_test) =~ "Code Execution in `Code.eval_string` - Medium Confidence"
+    output = capture_io(run_test)
+    assert output =~ "Code Execution in `Code.eval_string` - Medium Confidence"
+    assert output =~ "Fingerprint: 4B5AA54E7C16D1D9876E9118B84CB6CE"
   end
 end