feat: add JSON output and severity filtering

Author: Saharsh1123

cli.py

@@ -17,9 +17,17 @@
     help="Path to the directory to scan"
 )
 
+parser.add_argument("--json", action="store_true")
+
+parser.add_argument("--severity", choices=["LOW", "MEDIUM", "HIGH"])
+
 # Parse command-line arguments
 args = parser.parse_args()
 
 # Extract the input path for use in the application
 input_path = args.path
 
+use_json = args.json
+
+chosen_severity = args.severity
+

detectors/find_secrets.py

@@ -179,7 +179,7 @@ def detect_ast_secrets(code):
             if vulnerabilities:
                 for pattern_name, severity, value in vulnerabilities:
                     findings.append((line_number, pattern_name, severity, value))
-        
+
     return findings
 
 

main.py

@@ -11,8 +11,8 @@
 Errors related to invalid input paths are handled gracefully.
 """
 
-from cli import input_path
-from scanner import check_path, scan, list_python_files, output
+from cli import input_path, chosen_severity, use_json
+from scanner import check_path, scan, list_python_files, output, filter_results
 
 
 if __name__ == "__main__":
@@ -26,8 +26,10 @@
         # Run the scanning engine and collect findings
         results = scan(files)
 
+        filtered_findings = filter_results(results, chosen_severity)
+
         # Output results to the CLI
-        output(results)
+        output(filtered_findings, use_json, files)
 
     except FileNotFoundError as e:
         # Display a user-friendly error message for invalid paths

scanner.py

@@ -1,6 +1,6 @@
 from pathlib import Path
 from detectors.find_secrets import detect_ast_secrets
-
+import json
 
 def check_path(input_path):
     """
@@ -64,8 +64,6 @@ def scan(files):
         print("No Python files found.")
         return []
 
-    print(f"Scanning {len(files)} Python files...")
-
     files = sorted(files)  # Ensure deterministic output order
     findings = []
 
@@ -76,13 +74,32 @@ def scan(files):
             content = f.read()
 
             ast_results = detect_ast_secrets(content)
-            for line_number, var_name, severity, value in ast_results:
-                findings.append((line_number, file, var_name, severity, value))
+            for line_number, rule_name, severity, value in ast_results:
+                findings.append((line_number, file, rule_name, severity, value))
 
     return findings
 
-
-def output(results):
+def filter_results(results, chosen_severity):
+    filtered_findings = []
+    for line_number, file, rule_name, severity, value in results:
+        if severity == chosen_severity or chosen_severity is None:
+            filtered_findings.append((line_number, file, rule_name, severity, value))
+    return filtered_findings
+
+def output_json(filtered_findings):
+    json_results = []
+    for line_number, file, rule_name, severity, value in filtered_findings:
+        finding = {
+            "line": line_number,
+            "file": str(file),
+            "rule": rule_name,
+            "severity": severity,
+            "value": value,
+        }
+        json_results.append(finding)
+    print(json.dumps(json_results, indent=2))
+
+def output(filtered_findings, use_json, files):
     """
     Display scan results in a structured CLI format.
 
@@ -96,16 +113,22 @@ def output(results):
     Returns:
         None
     """
-    if not results:
+    if use_json:
+        output_json(filtered_findings)
+        return
+
+    print(f"Scanning {len(files)} Python files...")
+    
+    if not filtered_findings:
         print("\nNo vulnerabilities found.")
     else:
         print("\n--- Findings ---\n")
 
-        for line_number, file, rule_name, severity, match in results:
+        for line_number, file, rule_name, severity, value in filtered_findings:      
             print(
                 f"[{severity}] "
                 f"{file}:{line_number} "
-                f"{rule_name} → {match}"
+                f"{rule_name} → {value}"
             )
 
-    print(f"\nTotal findings: {len(results)}")
+        print(f"\nTotal findings: {len(filtered_findings)}")