Skip to content

fix: CSV output under Windows has empty lines  #4557

New issue
New issue
Closed
#4558
Closed
fix: CSV output under Windows has empty lines #4557
#4558
Labels
bugSomething isn't working
Milestone
3.4.1
@weichslgartner

Description

@weichslgartner
weichslgartner
opened on Nov 5, 2024

Description

When scanning under under Windows, with csv as output, the resulting csv file has \r\r\n line endings, hence every second line is empty in various editors (e.g. Excel, Pycharm etc.).
Screenshot from Notepad++ with line symbols activated:
image

To reproduce

Steps to reproduce the behaviour:

  1. Run a scan with csv output under Windows cve-bin-tool -u never --disable-data-source OSV,GAD,REDHAT,PURL2CPE -n json --sbom cyclonedx --sbom-file test/sbom/cyclonedx_test.json -f csv -o out.csv

Expected behaviour: Content of out.csv should look like:

vendor,product,version,location,cve_number,severity,score,source,cvss_version,cvss_vector,paths,remarks,comments
gnu,glibc,2.11.1,NotFound,CVE-2009-5029,MEDIUM,6.8,NVD,2,AV:N/AC:M/Au:N/C:P/I:P/A:P,,NewFound,
gnu,glibc,2.11.1,NotFound,CVE-2009-5155,HIGH,7.5,NVD,3,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,,NewFound,
gnu,glibc,2.11.1,NotFound,CVE-2010-0296,HIGH,7.2,NVD,2,AV:L/AC:L/Au:N/C:C/I:C/A:C,,NewFound,

Actual behaviour:
One additional \r is added which results in empty lines:

vendor,product,version,location,cve_number,severity,score,source,cvss_version,cvss_vector,paths,remarks,comments

gnu,glibc,2.11.1,NotFound,CVE-2009-5029,MEDIUM,6.8,NVD,2,AV:N/AC:M/Au:N/C:P/I:P/A:P,,NewFound,

gnu,glibc,2.11.1,NotFound,CVE-2009-5155,HIGH,7.5,NVD,3,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,,NewFound,

gnu,glibc,2.11.1,NotFound,CVE-2010-0296,HIGH,7.2,NVD,2,AV:L/AC:L/Au:N/C:C/I:C/A:C,,NewFound,

Version/platform info

Version of CVE-bin-tool( e.g. output of cve-bin-tool --version): 3.4
Installed from pypi or github? pypi
Operating system: Windows
Microsoft Windows 10 Home
10.0.19045 Build 19045
Python version (e.g. python3 --version): Python 3.12.1
Running in any particular CI environment we should know about? (e.g. Github Actions)

Anything else?

The csv file is opened here without defining newline argument.
According to Python docs, csv files should be opened with newline='' otherwise there will be double newlines in Windows.
See here and here

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions