Skip to content

Feat/9 add report command to scan generate json and html reports#10

Merged
hasip-timurtas merged 5 commits intomainfrom
feat/9-add-report-command-to-scan-generate-json-and-html-reports
Jun 23, 2025
Merged

Feat/9 add report command to scan generate json and html reports#10
hasip-timurtas merged 5 commits intomainfrom
feat/9-add-report-command-to-scan-generate-json-and-html-reports

Conversation

@hasip-timurtas
Copy link
Owner

@hasip-timurtas hasip-timurtas commented Jun 23, 2025

This pull request introduces several updates to the Solana Smart Contract Security Toolkit (solsec) to enhance functionality, simplify workflows, and improve user experience. The most significant changes include the removal of the solsec report command, updates to the solsec scan command to support multiple output formats, and corresponding adjustments to the CLI, documentation, and CI workflow.

CLI and Command Enhancements:

  • Removed the solsec report command and integrated its functionality directly into the solsec scan command, which now supports generating multiple output formats (e.g., JSON, HTML, Markdown, CSV) simultaneously. Added new flags --json-only and --html-only for convenience. (src/cli.rs: [1] [2] [3] [4]

Documentation Updates:

  • Updated the README.md to reflect the removal of the solsec report command and to document the new multi-format capabilities of solsec scan. Added examples for generating JSON and HTML outputs independently or together. (README.md: [1] [2] [3]

CI Workflow Changes:

  • Simplified the CI workflow by replacing the solsec report step with the enhanced solsec scan command, which now directly generates all required output formats. (.github/workflows/ci.yml: .github/workflows/ci.ymlL88-R95)

Codebase Refactoring:

  • Removed the generate_from_directory method and related logic from the ReportGenerator class, as it is no longer needed with the updated solsec scan command. (src/report.rs: [1] [2]

Version Bumps:

  • Incremented the version of the solsec crate and the solsec-ui package to 0.1.6 to reflect these changes. (Cargo.toml: [1] ui/package.json: [2] ui/src/App.tsx: [3]

@hasip-timurtas
docs: Update README.md and CLI for enhanced solsec scan functionality
6743d0f 
- Revised the README.md to reflect new features in the `solsec scan` command, including default JSON and HTML output, and options for generating specific formats (JSON, HTML, Markdown, CSV).
- Updated CLI command definitions to support multiple output formats and added flags for generating only JSON or HTML outputs.
- Removed the legacy report command from the CLI, streamlining the command structure.

These changes improve user experience and clarify the capabilities of the solsec tool.
@hasip-timurtas
chore: Bump version to 0.1.6 in Cargo.toml, Cargo.lock, and UI packag…
e17b70b 
…e.json

- Updated version number from 0.1.5 to 0.1.6 across Cargo.toml, Cargo.lock, and UI package.json.
- Adjusted version reference in the application to ensure consistency in versioning throughout the project.

These changes maintain versioning accuracy across the project.
@hasip-timurtas hasip-timurtas requested a review from xvantur June 23, 2025 12:58
@hasip-timurtas hasip-timurtas linked an issue Jun 23, 2025 that may be closed by this pull request
Add report command to scan: generate JSON and HTML reports #9
Closed
cursor[bot]

This comment was marked as outdated.

Sign in to view

@github-actions
Copy link

github-actions bot commented Jun 23, 2025

🛡️ Security Scan Results

  • Total Issues: 68
  • Critical: 0
  • High: 0

View full report

@hasip-timurtas
docs: Update README.md with badges for improved visibility
c18c0f0 
- Added badges for version, downloads, license, and Rust edition to the README.md.
- Enhanced the README to provide quick access to important project metrics and information.

These updates improve the documentation and make key project details more accessible to users.
@hasip-timurtas
docs: Clarify README.md usage instructions for solsec scan command
e504225 
- Updated the README.md to enhance clarity in the usage instructions for the `solsec scan` command, specifying that it generates both JSON and HTML outputs.

These changes improve the documentation and user understanding of the command's functionality.
@hasip-timurtas
docs: Refine README.md for solsec scan command clarity
9dd3ce1 
- Updated the README.md to improve clarity in the usage instructions for the `solsec scan` command, specifically removing redundant phrases and enhancing readability.
- Adjusted descriptions for JSON and HTML output options to streamline user understanding.

These changes enhance the documentation and provide clearer guidance on the command's functionality.
@hasip-timurtas hasip-timurtas merged commit dd1e549 into main Jun 23, 2025
2 checks passed
@github-actions
Copy link

github-actions bot commented Jun 23, 2025

🛡️ Security Scan Results

  • Total Issues: 68
  • Critical: 0
  • High: 0

View full report

@github-actions
Copy link

github-actions bot commented Jun 23, 2025

🛡️ Security Scan Results

  • Total Issues: 68
  • Critical: 0
  • High: 0

View full report

cursor[bot]
cursor bot reviewed Jun 23, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Output Filename Overwrite Bug

When multiple output formats are requested and a specific output filename with an extension is provided (e.g., --output report.json), all formats are incorrectly written to the same file. This occurs because the output.clone() logic is applied to every format in the loop when an extension is detected, rather than generating unique filenames for subsequent formats. Consequently, each subsequent report overwrites the previous one, leading to data loss where only the last generated report is preserved. For example, solsec scan --output results.json --format json,html will result in only the HTML report being saved to results.json.

src/cli.rs#L116-L128

solsec/src/cli.rs

Lines 116 to 128 in 9dd3ce1

let output_file = if output.extension().is_some() {
// If user provided a specific filename, respect it for the first format
output.clone()
} else {
// Generate appropriate filename based on format
output.join(format!("security-report.{}", extension))
};
report_gen
.generate_report(&results, &output_file, format.clone())
.await?;
}

Fix in Cursor

Bug: Conflicting CLI Flags Lead to Unintuitive Behavior

The json_only and html_only CLI flags do not conflict with each other, allowing users to specify both simultaneously. When both are provided, the json_only flag takes precedence, resulting in only JSON output, which is unintuitive. These flags should be mutually exclusive.

src/cli.rs#L41-L47

solsec/src/cli.rs

Lines 41 to 47 in 9dd3ce1

/// Only generate JSON output (for CI/CD integration)
#[arg(long, conflicts_with = "format")]
json_only: bool,
/// Only generate HTML output (for human review)
#[arg(long, conflicts_with = "format")]
html_only: bool,

Fix in Cursor

Was this report helpful? Give feedback by reacting with 👍 or 👎

@github-actions
Copy link

github-actions bot commented Jun 23, 2025

🛡️ Security Scan Results

  • Total Issues: 68
  • Critical: 0
  • High: 0

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@xvantur xvantur Awaiting requested review from xvantur

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add report command to scan: generate JSON and HTML reports

1 participant

@hasip-timurtas