[Bug BLOCKER] Ignoring vuln_id with a json file doesn't work. · Issue #16 · designsecurity/progpilot (original) (raw)

Hello,

Thanks for providing to us this nice security package.

I use last phar version, and set the config file like this:
setFalsePositives: "./tests/php/progpilot-false-positive.json"

and the json files with reported false positive:

{
  "false_positives": [
    {
      "vuln_id": "fcfa05bd72416786bcbf09289f64dad31d0afe89145421d42f2023f0198550ad",
      "vuln_id": "14fad770072acbb70eebdf1aeba31c032d63c6806c2cc94de1c97266d2fea41a"
    }
  ]
}

I tryed with just one:

{
  "false_positives": [
    {
      "vuln_id": "fcfa05bd72416786bcbf09289f64dad31d0afe89145421d42f2023f0198550ad"
    }
  ]
}

,and like this too:

{
  "false_positives": [
    {
      "vuln_id": "fcfa05bd72416786bcbf09289f64dad31d0afe89145421d42f2023f0198550ad"
    },
    {
      "vuln_id": "14fad770072acbb70eebdf1aeba31c032d63c6806c2cc94de1c97266d2fea41a"
    }
  ]
}

But problem are always displayed when i run the phar file : (
The json config is well parsed by progpilot because if the format is not good i got an error message, so the config and the json file is well loaded in progpilot.
Is it a bug or i missed something ? Actually I cannot use it because some false positive are reported and i would like to silent them.

When several vuln_id, which is the good format from my 2 examples ?

Thanks a lot!