This is a command-line Go tool to process JSON analysis results of cryptographic function usage in source code, group the results by product, repository, and entrypoint, and export the grouped data into a CSV file. The CSV file can be imported as a spreadsheet to allow easy modification of reporting.
Note
ACKNOWLEDGMENT + CREDIT: The input JSON is obtained from fips-analyser, and credit goes to jacobsee for work done on AnalysisResult , CryptoUsage and CallNode structs. Comments in main.go give credit to jacobsee's code .
The program reads a JSON file containing cryptographic usage analysis results, groups the detected usage data by given metadata (product name, repository URL, and entrypoint), and outputs a CSV file with detailed information on each cryptographic function usage, including a dependency graph representing the call tree.
-
Parses JSON analysis output containing detected cryptographic function calls.
-
Groups results by product, repository, and entrypoint metadata.
-
Outputs a CSV file with columns for product info, crypto module, called function, and dependency graph.
-
Supports command-line flags for input/output and metadata specification.
go build -o crypto-csv-exporter main.go./crypto-csv-exporter -input analysis.json -output usage.csv -product "OpenShift API Server" -repo "https://github.com/openshift/openshift-apiserver" -entrypoint "cmd/openshift-apiserver/main.go"| Flag | Description | Required |
|---|---|---|
-input |
Path to the input JSON file containing analysis results. | Yes |
-output |
Path to the output CSV file to be created. | Yes |
-product |
Product name (e.g., OpenShift API Server). | Yes |
-repo |
Repository URL (e.g., https://github.com/openshift/openshift-apiserver). |
Yes |
-entrypoint |
Entrypoint file path (e.g., cmd/openshift-apiserver/main.go). |
Yes |
The input JSON should have the following structure (example):
{
"source_directory": "path/to/source",
"patterns": ["pattern1", "pattern2"],
"detected_usages": [
{
"package": "crypto/aes",
"function": "NewCipher",
"caller_function": "main.main",
"call_site": "main.go:45",
"package_path": "crypto/aes",
"call_tree": [
{
"function": "main.main",
"package": "main",
"package_path": "cmd/openshift-apiserver"
}
]
}
],
"summary": {
"total_usages": 1
}
}The CSV file will contain the following columns:
| Column | Description |
|---|---|
| Product | Product name passed as CLI argument |
| Repository | Repository URL passed as CLI argument |
| Entrypoint | Entrypoint file path passed as CLI argument |
| Crypto module | Package name of the cryptographic module |
| Function called | Cryptographic function being called |
| Status | Left blank for manual annotation |
| Comment | Left blank for manual annotation |
| Dependency Graph | Call tree represented as a chain of package paths and functions |
Product,Repository,Entrypoint,Crypto module,Function called,Status,Comment,Dependency Graph
OpenShift API Server,https://github.com/openshift/openshift-apiserver,cmd/openshift-apiserver/main.go,crypto/aes,NewCipher,,,cmd/openshift-apiserver.main.main-
The
StatusandCommentcolumns are left intentionally blank to allow manual review or further processing. -
The dependency graph shows the call chain from the root caller to the cryptographic function.
-
The program requires all CLI flags to be provided.