Fix ansi when not supported

main.go

@@ -22,7 +22,7 @@ var (
 )
 
 func main() {
-	format := flag.String("format", "ansi", "Output format (ansi, junit, markdown, json, or yaml)")
+	format := flag.String("format", "ansi", "Output format (ansi, text, junit, markdown, json, or yaml)")
 	path := flag.String("path", "", "composer.lock file or directory")
 	advisoryArchiveURL := flag.String("archive", security.AdvisoryArchiveURL, "Advisory archive URL")
 	cacheDir := flag.String("cache-dir", os.TempDir(), "Cache directory")
@@ -55,7 +55,7 @@ func main() {
 		return
 	}
 
-	if *format != "" && *format != "markdown" && *format != "json" && *format != "yaml" && *format != "ansi" && *format != "junit" {
+	if *format != "" && *format != "markdown" && *format != "json" && *format != "text" && *format != "yaml" && *format != "ansi" && *format != "junit" {
 		fmt.Fprintf(os.Stderr, "format \"%s\" is not supported (supported formats: markdown, ansi, json, junit, and yaml)\n", *format)
 		os.Exit(2)
 	}

security/formatter.go

@@ -3,6 +3,7 @@ package security
 import (
 	"encoding/json"
 	"fmt"
+	"os"
 	"regexp"
 	"strings"
 
@@ -29,6 +30,10 @@ func Format(vulns *Vulnerabilities, format string) ([]byte, error) {
 
 // ToANSI returns vulnerabilities as text with ANSI code for colors
 func ToANSI(vulns *Vulnerabilities) []byte {
+	if !hasPosixColorSupport() {
+		return ToText(vulns)
+	}
+
 	var output string
 	output += "\u001B[33mSymfony Security Check Report\u001B[0m\n"
 	output += "\u001B[33m=============================\u001B[0m\n\n"
@@ -72,6 +77,51 @@ func ToANSI(vulns *Vulnerabilities) []byte {
 	return []byte(output)
 }
 
+// ToText returns vulnerabilities as text
+func ToText(vulns *Vulnerabilities) []byte {
+	var output string
+	output += "Symfony Security Check Report\n"
+	output += "=============================\n\n"
+	if vulns.CountVulnerablePackages() == 1 {
+		output += " package has known vulnerabilities.\n"
+	} else if vulns.CountVulnerablePackages() > 0 {
+		output += fmt.Sprintf("%d packages have known vulnerabilities.\n", vulns.CountVulnerablePackages())
+	} else {
+		output += "No packages have known vulnerabilities."
+	}
+	output += fmt.Sprintln("")
+	links := ""
+	ref := 0
+	for _, pkg := range vulns.Keys() {
+		v := vulns.Get(pkg)
+		str := fmt.Sprintf("%s (%s)", pkg, v.Version)
+		output += fmt.Sprintf("%s\n%s\n\n", str, strings.Repeat("-", len(str)))
+		for _, a := range v.Advisories {
+			cve := a.CVE
+			if cve == "" {
+				ref++
+				cve = fmt.Sprintf("CVE-NONE-%04d", ref)
+			}
+			title := strings.TrimPrefix(a.Title, a.CVE+": ")
+
+			if a.Link == "" {
+				output += fmt.Sprintf(" * %s: %s\n", cve, title)
+			} else {
+				output += fmt.Sprintf(" * [%s][]: %s\n", cve, title)
+				links += fmt.Sprintf("[%s]: %s %s\n", cve, a.Link, a.Link)
+			}
+		}
+		output += fmt.Sprintln("")
+	}
+	output += links
+	output += fmt.Sprintln("")
+
+	output += "Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.\n" +
+		"Execute this command regularly to check the newly discovered vulnerabilities.\n"
+
+	return []byte(output)
+}
+
 var ansiRe = regexp.MustCompile("(\u001B\\[\\d+m|\u001B\\]8;;.*?\u0007)")
 
 // ToMarkdown returns vulnerabilities as Markdown
@@ -92,3 +142,7 @@ func ToJSON(vulns *Vulnerabilities, prettify bool) ([]byte, error) {
 func ToYAML(vulns *Vulnerabilities) ([]byte, error) {
 	return yaml.Marshal(vulns)
 }
+
+func hasPosixColorSupport() bool {
+	return os.Getenv("ANSICON") != "" || os.Getenv("ConEmuANSI") == "ON" || strings.HasPrefix(os.Getenv("TERM"), "xterm") || os.Getenv("TERM_PROGRAM") == "Hyper" || os.Getenv("SHLVL") != ""
+}