shield_ast 1.0.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: baa8585d940103a2ffa3e2b7ccd47166dd75d3caebd58b16031d814c1f9a9af1
-  data.tar.gz: 794fb75bf613ea453cc5628cddb7d37d43751f43d215619053958bec757069bf
+  metadata.gz: 7f6c61da40db55d33cb491cfac9aee8d6a42160b8703db338498d8990852245c
+  data.tar.gz: a72f17d19e7b92057db035e00783c51d2007e874ec216f3b3301d1b9c640f349
 SHA512:
-  metadata.gz: b9ca658a73fc85de6ef32f09a4525e8945e558ea52a00362b714ce26dc22162f81ecabd5684bf6e9aea92a51b70f6a0b1bcbad035d977d0eb467940a7339f7b8
-  data.tar.gz: fa30e723c35d87b199e79d7fad982dcb47ac868b04133e85216d6eb3023e902f9a6c2648cef2653118b58ff7b94ff84c55b05692030907a90b92ca58c1e1ae98
+  metadata.gz: f2cb6e62fa8dd5f7bf41f8411af8f4420179ba9b356413bb204eddc26a7213704d37a8534d4dcec5e6a62ed12b439dada3b1551ea5802eae12975fce8c84321c
+  data.tar.gz: 2dca66c6eac359384237bf73e57621f911f8bea31d4b6a481325e5ab7f7011a7656114949908df4c026c060b3dedf6c025f0f2114b81d5cce4f5d0d86806a5d2

data/lib/reports/templates/pdf_report_template.rb

@@ -0,0 +1,147 @@
+# frozen_string_literal: true
+
+require "prawn"
+require "prawn/table"
+
+Prawn::Document.generate(output_file) do
+  def extract_short_description(result)
+    message = result[:extra]&.[](:message) || result["extra"]&.[]("message") || result.dig(:extra,
+                                                                                           :message) || result.dig(
+                                                                                             "extra", "message"
+                                                                                           ) || "No description available"
+    description = message.gsub("\n", " ").strip
+    description.length > 80 ? "#{description[0..80]}..." : description
+  end
+
+  font "Helvetica"
+  font_size 12
+
+  text "Shield AST Scan Report", size: 20, style: :bold, align: :center
+  move_down 10
+  text "Generated by Shield AST v#{version}", size: 10, align: :center
+  text generated_at, size: 10, align: :center
+  move_down 20
+
+  text "Summary", size: 16, style: :bold
+  move_down 10
+  text "Generated on: #{generated_at}"
+  text "Scan Duration: #{scan_duration}"
+  text "Total Issues Found: #{total_issues}"
+  text "Severity Breakdown:", style: :bold
+  text "Errors: #{severity_summary[:error_count]} (High Severity)", color: "DC3545" # Red
+  text "Warnings: #{severity_summary[:warning_count]} (Medium Severity)", color: "FFC107" # Yellow
+  text "Info: #{severity_summary[:info_count]} (Low Severity)", color: "17A2B8" # Blue
+  move_down 20
+
+  if sast_results.any?
+    text "Static Application Security Testing (SAST)", size: 16, style: :bold
+    text "Issues Found: #{sast_results.length}", size: 12
+    move_down 10
+    table_data = [%w[Severity Title File Description]]
+    sast_results.each do |result|
+      severity = result[:severity] || result["severity"] || result.dig(:extra,
+                                                                       :severity) || result.dig("extra",
+                                                                                                "severity") || "INFO"
+      message = result.dig(:extra, :message) || result.dig("extra", "message") || "Unknown issue"
+      title = message.split(".")[0].strip
+      file_info = if result[:path] || result["path"]
+                    "#{File.basename(result[:path] || result["path"])}:#{result.dig(
+                      :start, :line
+                    ) || result.dig("start", "line") || "N/A"}"
+                  else
+                    "N/A"
+                  end
+      description = extract_short_description(result)
+      severity_color = case severity.upcase
+                       when "ERROR" then "DC3545"
+                       when "WARNING" then "FFC107"
+                       else "17A2B8"
+                       end
+      table_data << [{ content: severity, text_color: severity_color }, title, file_info, description]
+    rescue StandardError => e
+      table_data << [{ content: "ERROR", text_color: "DC3545" }, "Invalid result", "N/A", "Error: #{e.message}"]
+    end
+    table table_data, header: true, width: bounds.width, cell_style: { size: 10 } do
+      cells.padding = 5
+      cells.borders = %i[top bottom left right]
+      row(0).font_style = :bold
+      row(0).background_color = "007BFF"
+      row(0).text_color = "FFFFFF"
+    end
+    move_down 20
+  end
+
+  if sca_results.any?
+    text "Software Composition Analysis (SCA)", size: 16, style: :bold
+    text "Issues Found: #{sca_results.length}", size: 12
+    move_down 10
+    table_data = [["Severity", "Title", "File", "Vuln Version", "Fixed Version", "Description"]]
+    sca_results.each_with_index do |result, _index|
+      severity = result[:severity] || result["severity"] || "INFO"
+      title = (result[:title] || result["title"] || "Unknown issue").to_s
+      file = (result[:file] || result["file"] || "N/A").to_s
+      vuln_version = (result[:vulnerable_version] || result["vulnerable_version"] || "N/A").to_s
+      fixed_version = (result[:fixed_version] || result["fixed_version"] || "N/A").to_s
+      description = (result[:description] || result["description"] || "No description").to_s
+      description = description[0..80] + (description.length > 80 ? "..." : "")
+      severity_color = case severity.upcase
+                       when "ERROR" then "DC3545"
+                       when "WARNING" then "FFC107"
+                       else "17A2B8"
+                       end
+      table_data << [{ content: severity, text_color: severity_color }, title, file, vuln_version, fixed_version,
+                     description]
+    rescue StandardError => e
+      table_data << [{ content: "ERROR", text_color: "DC3545" }, "Invalid result", "N/A", "N/A", "N/A",
+                     "Error: #{e.message}"]
+    end
+    table table_data, header: true, width: bounds.width, cell_style: { size: 10 } do
+      cells.padding = 5
+      cells.borders = %i[top bottom left right]
+      row(0).font_style = :bold
+      row(0).background_color = "007BFF"
+      row(0).text_color = "FFFFFF"
+    end
+    move_down 20
+  end
+
+  if iac_results.any?
+    text "Infrastructure as Code (IaC)", size: 16, style: :bold
+    text "Issues Found: #{iac_results.length}", size: 12
+    move_down 10
+    table_data = [%w[Severity Title File Description]]
+    iac_results.each_with_index do |result, _index|
+      severity = result[:severity] || result["severity"] || result.dig(:extra,
+                                                                       :severity) || result.dig("extra",
+                                                                                                "severity") || "INFO"
+      message = result.dig(:extra, :message) || result.dig("extra", "message") || "Unknown issue"
+      title = message.split(".")[0].strip
+      file_info = if result[:path] || result["path"]
+                    "#{File.basename(result[:path] || result["path"])}:#{result.dig(
+                      :start, :line
+                    ) || result.dig("start", "line") || "N/A"}"
+                  else
+                    "N/A"
+                  end
+      description = extract_short_description(result)
+      severity_color = case severity.upcase
+                       when "ERROR" then "DC3545"
+                       when "WARNING" then "FFC107"
+                       else "17A2B8"
+                       end
+      table_data << [{ content: severity, text_color: severity_color }, title, file_info, description]
+    rescue StandardError => e
+      table_data << [{ content: "ERROR", text_color: "DC3545" }, "Invalid result", "N/A", "Error: #{e.message}"]
+    end
+    table table_data, header: true, width: bounds.width, cell_style: { size: 10 } do
+      cells.padding = 5
+      cells.borders = %i[top bottom left right]
+      row(0).font_style = :bold
+      row(0).background_color = "007BFF"
+      row(0).text_color = "FFFFFF"
+    end
+  end
+
+  move_down 20
+  text "Generated by Shield AST v#{version}", size: 10, align: :center
+end

data/lib/shield_ast/sca.rb

@@ -25,25 +25,15 @@ module ShieldAst
         puts "Exit code: #{exit_code}" if ENV["DEBUG"]
         puts "Output: #{output}" if ENV["DEBUG"]
 
-        # OSV Scanner exit codes:
-        # 0: No vulnerabilities found
-        # 1: Vulnerabilities found
-        # 1-126: Vulnerability result related errors
-        # 127: General error
-        # 128: No packages found
-        # 129-255: Non result related errors
-
         case exit_code
         when 0
-          { "results" => [] } # No vulnerabilities
+          { "results" => [] }
         when 1
-          { "results" => parse_json_output(output) } # Vulnerabilities found
+          { "results" => parse_json_output(output) }
         when 1..126
-          # Vulnerability related errors, but try to parse results anyway
           puts "OSV Scanner vulnerability error (exit code: #{exit_code})" if ENV["DEBUG"]
           { "results" => parse_json_output(output) }
         when 127
-          # General error, but if we have JSON output, use it
           if output.include?('{"results"')
             puts "OSV Scanner completed with general error but has results" if ENV["DEBUG"]
             { "results" => parse_json_output(output) }
@@ -111,7 +101,6 @@ module ShieldAst
       severity = determine_severity(vuln, package_data)
       file_path = determine_file_path(ecosystem)
 
-      # Extract fixed version info
       fixed_version = extract_fixed_version(vuln)
 
       {
@@ -142,7 +131,6 @@ module ShieldAst
     end
 
     def self.extract_fixed_version(vuln)
-      # Try to find fixed version in affected ranges
       if vuln["affected"] && vuln["affected"].is_a?(Array)
         vuln["affected"].each do |affected|
           if affected["ranges"] && affected["ranges"].is_a?(Array)
@@ -155,14 +143,12 @@ module ShieldAst
             end
           end
 
-          # Also check database_specific for fixed version
           if affected["database_specific"] && affected["database_specific"]["last_affected"]
-            return ">" + affected["database_specific"]["last_affected"]
+            return "> #{affected["database_specific"]["last_affected"]}"
           end
         end
       end
 
-      # Fallback: check database_specific at root level
       if vuln["database_specific"]
         return vuln["database_specific"]["fixed_version"] if vuln["database_specific"]["fixed_version"]
       end
@@ -171,17 +157,13 @@ module ShieldAst
     end
 
     def self.determine_severity(vuln, package_data)
-      # Check database_specific severity first
-      if vuln.dig("database_specific", "severity")
-        return map_severity(vuln["database_specific"]["severity"])
-      end
+      return map_severity(vuln["database_specific"]["severity"]) if vuln.dig("database_specific", "severity")
 
-      # Check groups max_severity
       groups = package_data&.dig("groups") || []
       max_severity = groups.first&.dig("max_severity")
       return cvss_to_severity(max_severity.to_f) if max_severity
 
-      "WARNING" # Default
+      "WARNING" # Default severity
     end
 
     def self.determine_file_path(ecosystem)

data/lib/shield_ast/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ShieldAst
-  VERSION = "1.0.0"
+  VERSION = "1.2.0"
 end

data/lib/shield_ast.rb

@@ -1,23 +1,31 @@
+# lib/shield_ast/main.rb
 # frozen_string_literal: true
 
 require_relative "shield_ast/version"
 require_relative "shield_ast/runner"
-
 require "json"
+require "fileutils"
+require "erb"
+require "prawn"
+require "prawn/table"
 
 # Main module for the Shield AST gem.
 module ShieldAst
   class Error < StandardError; end
 
   # Main class for the Shield AST command-line tool.
-  # Handles command-line argument parsing and delegates to the Runner.
   class Main
+    SCAN_DATA_FILE = File.join(Dir.pwd, "lib", "reports", "scan_data.json")
+    REPORT_JSON_FILE = File.join(Dir.pwd, "lib", "reports", "scan_report.json")
+    REPORT_PDF_FILE = File.join(Dir.pwd, "lib", "reports", "scan_report.pdf")
+    PDF_TEMPLATE = File.join(__dir__, "reports", "templates", "pdf_report_template.rb")
+
     def self.call(args)
       options = parse_args(args)
       handle_options(options)
     end
 
-    private_class_method def self.handle_options(options)
+    def self.handle_options(options)
       if options[:help]
         show_help
       elsif options[:version]
@@ -25,14 +33,14 @@ module ShieldAst
       elsif options[:command] == "scan"
         run_scan(options)
       elsif options[:command] == "report"
-        puts "Generating report... (not yet implemented)"
+        generate_report(options)
       else
         puts "Invalid command. Use 'ast help' for more information."
         show_help
       end
     end
 
-    private_class_method def self.run_scan(options)
+    def self.run_scan(options)
       path = options[:path] || Dir.pwd
       options = apply_default_scanners(options)
 
@@ -45,9 +53,129 @@ module ShieldAst
       execution_time = end_time - start_time
 
       display_reports(reports, execution_time)
+      save_scan_data(reports, execution_time)
+    end
+
+    def self.save_scan_data(reports, execution_time)
+      normalized_reports = {}
+      reports.each do |key, value|
+        normalized_reports[key.to_sym] = value.transform_keys(&:to_sym)
+      end
+      data = {
+        reports: normalized_reports,
+        execution_time: execution_time,
+        generated_at: Time.now.strftime("%Y-%m-%d %H:%M:%S %z")
+      }
+      FileUtils.mkdir_p(File.dirname(SCAN_DATA_FILE))
+      File.write(SCAN_DATA_FILE, JSON.pretty_generate(data))
+      puts "Scan data saved to: #{SCAN_DATA_FILE}"
+    end
+
+    def self.load_scan_data
+      unless File.exist?(SCAN_DATA_FILE)
+        puts "Error: Scan data file #{SCAN_DATA_FILE} does not exist."
+        return nil
+      end
+
+      begin
+        JSON.parse(File.read(SCAN_DATA_FILE), symbolize_names: true)
+      rescue JSON::ParserError => e
+        puts "Error: Invalid scan data in #{SCAN_DATA_FILE}: #{e.message}"
+        nil
+      end
+    end
+
+    def self.generate_report(options)
+      scan_data = load_scan_data
+      unless scan_data
+        puts "No scan data available. Please run 'ast scan' first."
+        return
+      end
+
+      output_format = options[:output] || "json"
+      unless %w[json pdf].include?(output_format)
+        puts "Error: Invalid output format '#{output_format}'. Use 'json' or 'pdf'."
+        return
+      end
+
+      puts "Generating #{output_format.upcase} report..."
+
+      if output_format == "json"
+        generate_json_report(scan_data)
+      elsif output_format == "pdf"
+        generate_pdf_report(scan_data)
+      end
+    end
+
+    def self.generate_json_report(scan_data)
+      FileUtils.mkdir_p(File.dirname(REPORT_JSON_FILE))
+      report = {
+        generated_at: scan_data[:generated_at],
+        scan_duration: format_duration(scan_data[:execution_time]),
+        total_issues: calculate_total_issues(scan_data[:reports]),
+        severity_summary: calculate_severity_summary(scan_data[:reports]),
+        reports: scan_data[:reports]
+      }
+      File.write(REPORT_JSON_FILE, JSON.pretty_generate(report))
+      puts "JSON report generated at: #{REPORT_JSON_FILE}"
+    end
+
+    def self.generate_pdf_report(scan_data)
+      unless File.exist?(PDF_TEMPLATE)
+        puts "Error: PDF template file #{PDF_TEMPLATE} not found."
+        return
+      end
+
+      FileUtils.mkdir_p(File.dirname(REPORT_PDF_FILE))
+
+      version = ShieldAst::VERSION
+      generated_at = scan_data[:generated_at]
+      scan_duration = format_duration(scan_data[:execution_time])
+      sast_results = normalize_results(sort_by_severity(scan_data[:reports][:sast]&.[](:results) || []))
+      sca_results = normalize_results(sort_by_severity(scan_data[:reports][:sca]&.[](:results) || []))
+      iac_results = normalize_results(sort_by_severity(scan_data[:reports][:iac]&.[](:results) || []))
+      total_issues = calculate_total_issues(scan_data[:reports])
+      severity_summary = calculate_severity_summary(scan_data[:reports])
+      output_file = REPORT_PDF_FILE
+
+      begin
+        template_context = Object.new
+        template_context.instance_variable_set(:@version, version)
+        template_context.instance_variable_set(:@generated_at, generated_at)
+        template_context.instance_variable_set(:@scan_duration, scan_duration)
+        template_context.instance_variable_set(:@sast_results, sast_results)
+        template_context.instance_variable_set(:@sca_results, sca_results)
+        template_context.instance_variable_set(:@iac_results, iac_results)
+        template_context.instance_variable_set(:@total_issues, total_issues)
+        template_context.instance_variable_set(:@severity_summary, severity_summary)
+        template_context.instance_variable_set(:@output_file, output_file)
+        template = File.read(PDF_TEMPLATE)
+        template_context.instance_eval template, PDF_TEMPLATE
+        puts "PDF report generated at: #{REPORT_PDF_FILE}"
+      rescue StandardError => e
+        puts "Error: Failed to generate PDF: #{e.message}"
+        puts "Error: Backtrace: #{e.backtrace.join("\n")}"
+      end
     end
 
-    private_class_method def self.apply_default_scanners(options)
+    def self.normalize_results(results)
+      results.map do |result|
+        normalized = result.transform_keys(&:to_sym)
+        normalized[:severity] ||= normalized[:extra]&.[](:severity) || normalized[:extra]&.[]("severity") || "INFO"
+        normalized[:vulnerable_version] = normalized[:vulnerable_version].to_s if normalized[:vulnerable_version]
+        normalized[:fixed_version] = normalized[:fixed_version].to_s if normalized[:fixed_version]
+        normalized
+      end
+    end
+
+    def self.calculate_total_issues(reports)
+      sast_count = (reports[:sast]&.[](:results) || reports["sast"]&.[]("results") || []).length
+      sca_count = (reports[:sca]&.[](:results) || reports["sca"]&.[]("results") || []).length
+      iac_count = (reports[:iac]&.[](:results) || reports["iac"]&.[]("results") || []).length
+      sast_count + sca_count + iac_count
+    end
+
+    def self.apply_default_scanners(options)
       options.tap do |o|
         if !o[:sast] && !o[:sca] && !o[:iac]
           o[:sast] = true
@@ -57,19 +185,27 @@ module ShieldAst
       end
     end
 
-    private_class_method def self.display_reports(reports, execution_time)
+    def self.display_reports(reports, execution_time)
       total_issues = 0
 
       reports.each do |type, report_data|
-        results = report_data["results"] || []
+        results = report_data[:results] || report_data["results"] || []
         total_issues += results.length
 
         next if results.empty?
 
-        puts "\n#{get_scan_icon(type)} #{type.to_s.upcase} (#{results.length} #{results.length == 1 ? "issue" : "issues"})"
+        sorted_results = sort_by_severity(results)
+        top_results = sorted_results.first(5)
+        remaining_count = results.length - top_results.length
+
+        puts "\n#{get_scan_icon(type)} #{type.to_s.upcase} (#{results.length} #{results.length == 1 ? "issue" : "issues"}#{remaining_count.positive? ? ", showing top 5" : ""})"
         puts "-" * 60
 
-        format_report(results, type)
+        format_report(top_results, type)
+
+        if remaining_count.positive?
+          puts "     ... and #{remaining_count} more #{remaining_count == 1 ? "issue" : "issues"} (run with --verbose to see all)"
+        end
       end
 
       puts "\n✅ Scan finished in: #{format_duration(execution_time)}"
@@ -78,23 +214,35 @@ module ShieldAst
         puts "✅ No security issues found! Your code looks clean."
       else
         severity_summary = calculate_severity_summary(reports)
-        puts "📊 Total: #{total_issues} findings #{severity_summary}"
+        puts "📊 Total: #{total_issues} findings {error_count: #{severity_summary[:error_count]}, warning_count: #{severity_summary[:warning_count]}, info_count: #{severity_summary[:info_count]}}"
+      end
+    end
+
+    def self.sort_by_severity(results)
+      severity_order = { "ERROR" => 0, "WARNING" => 1, "INFO" => 2 }
+
+      results.sort_by do |result|
+        severity = result[:severity] || result["severity"] || result.dig(:extra,
+                                                                         :severity) || result.dig("extra",
+                                                                                                  "severity") || "INFO"
+        severity_order[severity.upcase] || 3
+      rescue TypeError
+        3
       end
     end
 
-    private_class_method def self.format_report(results, scan_type)
+    def self.format_report(results, scan_type)
       results.each_with_index do |result, index|
         if scan_type == :sca && has_sca_format?(result)
           format_sca_result(result)
         else
           format_default_result(result)
         end
-        puts "" if index < results.length - 1 # Add spacing between items, but not after last
+        puts "" if index < results.length - 1
       end
     end
 
-    # Helper methods for better formatting
-    private_class_method def self.get_severity_icon(severity)
+    def self.get_severity_icon(severity)
       case severity&.upcase
       when "ERROR" then "🔴"
       when "WARNING" then "🟡"
@@ -103,7 +251,7 @@ module ShieldAst
       end
     end
 
-    private_class_method def self.get_scan_icon(scan_type)
+    def self.get_scan_icon(scan_type)
       case scan_type
       when :sast then "🔍"
       when :sca then "📦"
@@ -112,23 +260,15 @@ module ShieldAst
       end
     end
 
-    private_class_method def self.extract_short_description(result)
-      description = result["extra"]["message"].gsub("\n", " ").strip
-      if description.length > 80
-        "#{description[0..80]}..."
-      else
-        description
-      end
-    end
-
-    private_class_method def self.calculate_severity_summary(reports)
+    def self.calculate_severity_summary(reports)
       error_count = 0
       warning_count = 0
       info_count = 0
 
       reports.each_value do |report_data|
-        (report_data["results"] || []).each do |result|
-          severity = result["severity"] || result.dig("extra", "severity")
+        (report_data[:results] || report_data["results"] || []).each do |result|
+          severity = result[:severity] || result["severity"] || result.dig(:extra,
+                                                                           :severity) || result.dig("extra", "severity")
           case severity&.upcase
           when "ERROR" then error_count += 1
           when "WARNING" then warning_count += 1
@@ -137,15 +277,10 @@ module ShieldAst
         end
       end
 
-      parts = []
-      parts << "#{error_count} 🔴" if error_count.positive?
-      parts << "#{warning_count} 🟡" if warning_count.positive?
-      parts << "#{info_count} 🔵" if info_count.positive?
-
-      "(#{parts.join(", ")})"
+      { error_count: error_count, warning_count: warning_count, info_count: info_count }
     end
 
-    private_class_method def self.format_duration(seconds)
+    def self.format_duration(seconds)
       if seconds < 1
         "#{(seconds * 1000).round}ms"
       elsif seconds < 60
@@ -157,31 +292,33 @@ module ShieldAst
       end
     end
 
-    private_class_method def self.has_sca_format?(result)
-      result.key?("title") && result.key?("description") &&
-      result.key?("vulnerable_version") && result.key?("fixed_version")
+    def self.has_sca_format?(result)
+      (result.key?(:title) || result.key?("title")) &&
+        (result.key?(:description) || result.key?("description")) &&
+        (result.key?(:vulnerable_version) || result.key?("vulnerable_version")) &&
+        (result.key?(:fixed_version) || result.key?("fixed_version"))
     end
 
-    private_class_method def self.format_sca_result(result)
-      severity_icon = get_severity_icon(result['severity'])
-      puts "  #{severity_icon} #{result["title"]} (#{result["vulnerable_version"]} → #{result["fixed_version"]})"
-      puts "     📁 #{result["file"]} | #{result["description"][0..80]}#{result["description"].length > 80 ? "..." : ""}"
+    def self.format_sca_result(result)
+      severity_icon = get_severity_icon(result[:severity] || result["severity"])
+      puts "  #{severity_icon} #{result[:title] || result["title"]} (#{result[:vulnerable_version] || result["vulnerable_version"]} → #{result[:fixed_version] || result["fixed_version"]})"
+      puts "     📁 #{result[:file] || result["file"]} | #{(result[:description] || result["description"] || "")[0..80]}#{(result[:description] || result["description"] || "").length > 80 ? "..." : ""}"
     end
 
-    private_class_method def self.format_default_result(result)
-      severity_icon = get_severity_icon(result["extra"]["severity"])
-      title = result["extra"]["message"].split(".")[0].strip
-      file_info = "#{File.basename(result["path"])}:#{result["start"]["line"]}"
+    def self.format_default_result(result)
+      severity_icon = get_severity_icon(result[:severity] || result["severity"] || result[:extra]&.[](:severity) || result["extra"]&.[]("severity"))
+      message = result[:extra]&.[](:message) || result["extra"]&.[]("message") || "Unknown issue"
+      title = message.split(".")[0].strip
+      file_info = "#{File.basename(result[:path] || result["path"] || "N/A")}:#{result[:start]&.[](:line) || result["start"]&.[]("line") || "N/A"}"
 
       puts "  #{severity_icon} #{title}"
-      puts "     📁 #{file_info} | #{extract_short_description(result)}"
+      puts "     📁 #{file_info} | #{(result[:extra]&.[](:message) || result["extra"]&.[]("message") || "No description available")[0..80]}..."
     end
 
-    # Parses command-line arguments to build an options hash.
-    private_class_method def self.parse_args(args)
-      options = { command: nil, path: nil, sast: false, sca: false, iac: false, help: false, version: false }
-
-      args.each do |arg|
+    def self.parse_args(args)
+      options = { command: nil, path: nil, sast: false, sca: false, iac: false, help: false, version: false,
+                  output: nil }
+      args.each_with_index do |arg, index|
         case arg
         when "scan" then options[:command] = "scan"
         when "report" then options[:command] = "report"
@@ -190,43 +327,34 @@ module ShieldAst
         when "-i", "--iac" then options[:iac] = true
         when "-h", "--help" then options[:help] = true
         when "--version" then options[:version] = true
+        when "-o", "--output"
+          options[:output] = args[index + 1] if index + 1 < args.length
         when /^[^-]/ then options[:path] = arg if options[:command] == "scan" && options[:path].nil?
         end
       end
       options
     end
 
-    # Displays the help message for the CLI tool.
-    private_class_method def self.show_help
+    def self.show_help
       puts <<~HELP
         ast - A powerful command-line tool for Application Security Testing
-
         Usage:
           ast [command] [options]
-
         Commands:
           scan [path]    Scans a directory for vulnerabilities. Defaults to the current directory.
-          report         Generates a detailed report from the last scan.
+          report         Generates a report from the last scan in JSON or PDF format.
           help           Shows this help message.
-
         Options:
           -s, --sast       Run Static Application Security Testing (SAST) with Semgrep.
           -c, --sca        Run Software Composition Analysis (SCA) with OSV Scanner.
           -i, --iac        Run Infrastructure as Code (IaC) analysis with Semgrep.
-          -o, --output     Specify the output format (e.g., json, sarif, console).
+          -o, --output     Specify the output format for report (json or pdf, default: json).
           -h, --help       Show this help message.
           --version        Show the ast version.
-
         Examples:
-          # Scan the current directory for all types of vulnerabilities
           ast scan
-
-          # Run only SAST and SCA on a specific project folder
           ast scan /path/to/project --sast --sca
-
-          # Generate a report in SARIF format
-          ast report --output sarif
-
+          ast report --output pdf
         Description:
           ast is an all-in-one command-line tool that automates security testing by
           integrating popular open-source scanners for SAST, SCA, and IaC, helping you

metadata

@@ -1,14 +1,84 @@
 --- !ruby/object:Gem::Specification
 name: shield_ast
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Jose Augusto
 bindir: exe
 cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
-dependencies: []
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: erb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: fileutils
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+- !ruby/object:Gem::Dependency
+  name: prawn
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.4'
+- !ruby/object:Gem::Dependency
+  name: prawn-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
 description: |-
   Shield AST is an all-in-one command-line tool that automates security testing by integrating
                         popular open-source scanners for SAST, SCA, and IaC, helping you find and fix vulnerabilities
@@ -20,18 +90,13 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".idea/.gitignore"
-- ".idea/dictionaries/project.xml"
-- ".idea/misc.xml"
-- ".idea/modules.xml"
-- ".idea/shield_ast.iml"
-- ".idea/vcs.xml"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - LICENSE.txt
 - README.md
 - Rakefile
 - exe/ast
+- lib/reports/templates/pdf_report_template.rb
 - lib/shield_ast.rb
 - lib/shield_ast/iac.rb
 - lib/shield_ast/runner.rb

data/.idea/.gitignore

@@ -1,8 +0,0 @@
-# Default ignored files
-/shelf/
-/workspace.xml
-# Editor-based HTTP Client requests
-/httpRequests/
-# Datasource local storage ignored files
-/dataSources/
-/dataSources.local.xml

data/.idea/dictionaries/project.xml

@@ -1,7 +0,0 @@
-<component name="ProjectDictionaryState">
-  <dictionary name="project">
-    <words>
-      <w>sast</w>
-    </words>
-  </dictionary>
-</component>

data/.idea/misc.xml

@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectRootManager" version="2" project-jdk-name="rbenv: 3.4.5" project-jdk-type="RUBY_SDK" />
-</project>

data/.idea/modules.xml

@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/shield_ast.iml" filepath="$PROJECT_DIR$/.idea/shield_ast.iml" />
-    </modules>
-  </component>
-</project>

data/.idea/shield_ast.iml

@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="RUBY_MODULE" version="4">
-  <component name="ModuleRunConfigurationManager">
-    <shared />
-  </component>
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$">
-      <sourceFolder url="file://$MODULE_DIR$/features" isTestSource="true" />
-      <sourceFolder url="file://$MODULE_DIR$/spec" isTestSource="true" />
-      <sourceFolder url="file://$MODULE_DIR$/test" isTestSource="true" />
-    </content>
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-    <orderEntry type="library" scope="PROVIDED" name="ast (v2.4.3, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="bundler (v2.7.1, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="date (v3.4.1, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="diff-lcs (v1.6.2, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="erb (v5.0.2, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="io-console (v0.8.1, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="irb (v1.15.2, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="json (v2.13.2, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="language_server-protocol (v3.17.0.5, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="lint_roller (v1.1.0, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="parallel (v1.27.0, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="parser (v3.3.9.0, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="pp (v0.6.2, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="prettyprint (v0.2.0, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="prism (v1.4.0, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="psych (v5.2.6, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="racc (v1.8.1, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rainbow (v3.1.1, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rake (v13.3.0, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rdoc (v6.14.2, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="regexp_parser (v2.11.0, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="reline (v0.6.2, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rspec (v3.13.1, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rspec-core (v3.13.5, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rspec-expectations (v3.13.5, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rspec-mocks (v3.13.5, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rspec-support (v3.13.4, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rubocop (v1.79.1, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rubocop-ast (v1.46.0, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="ruby-progressbar (v1.13.0, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="stringio (v3.1.7, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="unicode-display_width (v3.1.4, rbenv: 3.4.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="unicode-emoji (v4.0.4, rbenv: 3.4.5) [gem]" level="application" />
-  </component>
-</module>

data/.idea/vcs.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="" vcs="Git" />
-  </component>
-</project>