Maximum severity rating for each Group object in JSON output (#805)

AppleGamer22 · web-flow · commit 07cbeffc573b · 2024-03-05T09:52:45.000+11:00
- Addresses issue #495. - I'm happy to add tests for the `MaxSeverity` function if this is required for this issue. --------- Signed-off-by: Omri Bornstein <omribor@gmail.com>
diff --git a/internal/ci/__snapshots__/vulnerability_result_diff_test.snap b/internal/ci/__snapshots__/vulnerability_result_diff_test.snap
@@ -108,7 +108,8 @@
               "ids": [
                 "GO-2021-0053"
               ],
-              "aliases": null
+              "aliases": null,
+              "max_severity": ""
             }
           ]
         }
@@ -243,7 +244,8 @@
               "aliases": [
                 "CVE-2021-3121",
                 "GHSA-c3h9-896r-86jm"
-              ]
+              ],
+              "max_severity": "8.6"
             }
           ]
         }
@@ -378,7 +380,8 @@
               "aliases": [
                 "CVE-2021-3121",
                 "GHSA-c3h9-896r-86jm"
-              ]
+              ],
+              "max_severity": ""
             }
           ]
         }
@@ -537,7 +540,8 @@
               "aliases": [
                 "CVE-2021-3121",
                 "GHSA-c3h9-896r-86jm"
-              ]
+              ],
+              "max_severity": "8.6"
             }
           ]
         }
@@ -745,7 +749,8 @@
                 "GHSA-m5pq-gvj9-9vr8",
                 "RUSTSEC-2022-0013"
               ],
-              "aliases": null
+              "aliases": null,
+              "max_severity": ""
             }
           ]
         }
@@ -880,7 +885,8 @@
               "aliases": [
                 "CVE-2021-3121",
                 "GHSA-c3h9-896r-86jm"
-              ]
+              ],
+              "max_severity": ""
             }
           ]
         }
@@ -1088,7 +1094,8 @@
                 "GHSA-m5pq-gvj9-9vr8",
                 "RUSTSEC-2022-0013"
               ],
-              "aliases": null
+              "aliases": null,
+              "max_severity": ""
             }
           ]
         }
diff --git a/internal/ci/vulnerability_result_diff.go b/internal/ci/vulnerability_result_diff.go
@@ -3,6 +3,7 @@ package ci
 import (
 	"slices"
 
+	"github.com/google/osv-scanner/internal/output"
 	"github.com/google/osv-scanner/pkg/grouper"
 	"github.com/google/osv-scanner/pkg/models"
 )
@@ -55,6 +56,9 @@ func DiffVulnerabilityResults(oldRes, newRes models.VulnerabilityResults) models
 			}
 			// Rebuild the groups lost in the previous step
 			groups := grouper.Group(grouper.ConvertVulnerabilityToIDAliases(resultPV.Vulnerabilities))
+			for i, group := range groups {
+				groups[i].MaxSeverity = output.MaxSeverity(group, *resultPV)
+			}
 			resultPV.Groups = groups
 		}
 		if len(resultPS.Packages) == 0 {
diff --git a/internal/output/githubannotation.go b/internal/output/githubannotation.go
@@ -28,7 +28,7 @@ func createSourceRemediationTable(source models.PackageSource, groupFixedVersion
 			remediationTable.AppendRow(table.Row{
 				pv.Package.Name,
 				strings.Join(vulnIDs, "\n"),
-				MaxSeverity(group, pv),
+				group.MaxSeverity,
 				pv.Package.Version,
 				strings.Join(fixedVersions, "\n")})
 		}
diff --git a/internal/output/table.go b/internal/output/table.go
@@ -121,7 +121,7 @@ func tableBuilderInner(vulnResult *models.VulnerabilityResults, addStyling bool,
 				}
 
 				outputRow = append(outputRow, strings.Join(links, "\n"))
-				outputRow = append(outputRow, MaxSeverity(group, pkg))
+				outputRow = append(outputRow, group.MaxSeverity)
 
 				if pkg.Package.Ecosystem == "" && pkg.Package.Commit != "" {
 					pkgCommitStr := results.PkgToString(pkg.Package)
diff --git a/internal/sourceanalysis/__snapshots__/go_test.snap b/internal/sourceanalysis/__snapshots__/go_test.snap
@@ -162,7 +162,8 @@
           "GO-2021-0053": {
             "called": false
           }
-        }
+        },
+        "max_severity": ""
       }
     ]
   },
@@ -314,7 +315,8 @@
           "GO-2023-1558": {
             "called": true
           }
-        }
+        },
+        "max_severity": ""
       }
     ]
   },
@@ -467,7 +469,8 @@
           "GO-2023-1572": {
             "called": false
           }
-        }
+        },
+        "max_severity": ""
       }
     ]
   }
@@ -621,7 +624,8 @@
           "GHSA-c3h9-896r-86jm",
           "GO-2021-0053"
         ],
-        "aliases": null
+        "aliases": null,
+        "max_severity": ""
       }
     ]
   },
@@ -757,7 +761,8 @@
           "GHSA-2h6c-j3gf-xp9r",
           "GO-2023-1558"
         ],
-        "aliases": null
+        "aliases": null,
+        "max_severity": ""
       }
     ]
   },
@@ -892,7 +897,8 @@
           "GHSA-qgc7-mgm3-q253",
           "GO-2023-1572"
         ],
-        "aliases": null
+        "aliases": null,
+        "max_severity": ""
       }
     ]
   }
diff --git a/pkg/models/results.go b/pkg/models/results.go
@@ -111,6 +111,7 @@ type GroupInfo struct {
 	Aliases []string `json:"aliases"`
 	// Map of Vulnerability IDs to AnalysisInfo
 	ExperimentalAnalysis map[string]AnalysisInfo `json:"experimentalAnalysis,omitempty"`
+	MaxSeverity          string                  `json:"max_severity"`
 }
 
 // IsCalled returns true if any analysis performed determines that the vulnerability is being called
diff --git a/pkg/osvscanner/__snapshots__/osvscanner_internal_test.snap b/pkg/osvscanner/__snapshots__/osvscanner_internal_test.snap
@@ -166,7 +166,8 @@
               "aliases": [
                 "GHSA-mc8h-8q98-g5hr",
                 "RUSTSEC-2023-0018"
-              ]
+              ],
+              "max_severity": ""
             }
           ]
         },
@@ -414,7 +415,8 @@
               "aliases": [
                 "GHSA-wcg3-cvx6-7396",
                 "RUSTSEC-2020-0071"
-              ]
+              ],
+              "max_severity": ""
             }
           ]
         }
@@ -889,15 +891,17 @@
               "aliases": [
                 "GHSA-fxg5-wq6x-vr4w",
                 "GO-2023-1495"
-              ]
+              ],
+              "max_severity": ""
             },
             {
               "ids": [
                 "GO-2022-1144"
               ],
               "aliases": [
                 "GO-2022-1144"
-              ]
+              ],
+              "max_severity": ""
             },
             {
               "ids": [
@@ -907,7 +911,8 @@
               "aliases": [
                 "GHSA-vvpx-j8f3-3w6h",
                 "GO-2023-1571"
-              ]
+              ],
+              "max_severity": ""
             }
           ]
         }
@@ -1051,15 +1056,17 @@
               ],
               "aliases": [
                 "GHSA-mrrw-grhq-86gf"
-              ]
+              ],
+              "max_severity": ""
             },
             {
               "ids": [
                 "RUSTSEC-2023-0015"
               ],
               "aliases": [
                 "RUSTSEC-2023-0015"
-              ]
+              ],
+              "max_severity": ""
             }
           ]
         },
@@ -1209,7 +1216,8 @@
               "aliases": [
                 "GHSA-mc8h-8q98-g5hr",
                 "RUSTSEC-2023-0018"
-              ]
+              ],
+              "max_severity": ""
             }
           ]
         },
@@ -1457,7 +1465,8 @@
               "aliases": [
                 "GHSA-wcg3-cvx6-7396",
                 "RUSTSEC-2020-0071"
-              ]
+              ],
+              "max_severity": ""
             }
           ]
         }
@@ -1682,7 +1691,8 @@
               "aliases": [
                 "GHSA-vvpx-j8f3-3w6h",
                 "GO-2023-1571"
-              ]
+              ],
+              "max_severity": ""
             }
           ]
         }
@@ -1767,7 +1777,8 @@
               ],
               "aliases": [
                 "GHSA-mrrw-grhq-86gf"
-              ]
+              ],
+              "max_severity": ""
             }
           ]
         },
@@ -2015,7 +2026,8 @@
               "aliases": [
                 "GHSA-wcg3-cvx6-7396",
                 "RUSTSEC-2020-0071"
-              ]
+              ],
+              "max_severity": ""
             }
           ]
         }
diff --git a/pkg/osvscanner/vulnerability_result.go b/pkg/osvscanner/vulnerability_result.go
@@ -4,6 +4,7 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/google/osv-scanner/internal/output"
 	"github.com/google/osv-scanner/internal/sourceanalysis"
 	"github.com/google/osv-scanner/pkg/grouper"
 	"github.com/google/osv-scanner/pkg/models"
@@ -22,7 +23,7 @@ func buildVulnerabilityResults(
 	licensesResp [][]models.License,
 	actions ScannerActions,
 ) models.VulnerabilityResults {
-	output := models.VulnerabilityResults{
+	results := models.VulnerabilityResults{
 		Results: []models.PackageSource{},
 	}
 	groupedBySource := map[models.SourceInfo][]models.PackageVulns{}
@@ -57,6 +58,9 @@ func buildVulnerabilityResults(
 			includePackage = true
 			pkg.Vulnerabilities = vulnsResp.Results[i].Vulns
 			pkg.Groups = grouper.Group(grouper.ConvertVulnerabilityToIDAliases(pkg.Vulnerabilities))
+			for i, group := range pkg.Groups {
+				pkg.Groups[i].MaxSeverity = output.MaxSeverity(group, pkg)
+			}
 		}
 		if len(actions.ScanLicensesAllowlist) > 0 {
 			pkg.Licenses = licensesResp[i]
@@ -83,28 +87,28 @@ func buildVulnerabilityResults(
 
 	for source, packages := range groupedBySource {
 		sourceanalysis.Run(r, source, packages, actions.CallAnalysisStates)
-		output.Results = append(output.Results, models.PackageSource{
+		results.Results = append(results.Results, models.PackageSource{
 			Source:   source,
 			Packages: packages,
 		})
 	}
 
-	sort.Slice(output.Results, func(i, j int) bool {
-		if output.Results[i].Source.Path == output.Results[j].Source.Path {
-			return output.Results[i].Source.Type < output.Results[j].Source.Type
+	sort.Slice(results.Results, func(i, j int) bool {
+		if results.Results[i].Source.Path == results.Results[j].Source.Path {
+			return results.Results[i].Source.Type < results.Results[j].Source.Type
 		}
 
-		return output.Results[i].Source.Path < output.Results[j].Source.Path
+		return results.Results[i].Source.Path < results.Results[j].Source.Path
 	})
 
 	if len(actions.ScanLicensesAllowlist) > 0 || actions.ScanLicensesSummary {
-		output.ExperimentalAnalysisConfig.Licenses.Summary = actions.ScanLicensesSummary
+		results.ExperimentalAnalysisConfig.Licenses.Summary = actions.ScanLicensesSummary
 		allowlist := make([]models.License, len(actions.ScanLicensesAllowlist))
 		for i, l := range actions.ScanLicensesAllowlist {
 			allowlist[i] = models.License(l)
 		}
-		output.ExperimentalAnalysisConfig.Licenses.Allowlist = allowlist
+		results.ExperimentalAnalysisConfig.Licenses.Allowlist = allowlist
 	}
 
-	return output
+	return results
 }

Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,8 @@`
`108`	`108`	`"ids": [`
`109`	`109`	`"GO-2021-0053"`
`110`	`110`	`],`
`111`		`- "aliases": null`
	`111`	`+ "aliases": null,`
	`112`	`+ "max_severity": ""`
`112`	`113`	`}`
`113`	`114`	`]`
`114`	`115`	`}`
`@@ -243,7 +244,8 @@`
`243`	`244`	`"aliases": [`
`244`	`245`	`"CVE-2021-3121",`
`245`	`246`	`"GHSA-c3h9-896r-86jm"`
`246`		`- ]`
	`247`	`+ ],`
	`248`	`+ "max_severity": "8.6"`
`247`	`249`	`}`
`248`	`250`	`]`
`249`	`251`	`}`
`@@ -378,7 +380,8 @@`
`378`	`380`	`"aliases": [`
`379`	`381`	`"CVE-2021-3121",`
`380`	`382`	`"GHSA-c3h9-896r-86jm"`
`381`		`- ]`
	`383`	`+ ],`
	`384`	`+ "max_severity": ""`
`382`	`385`	`}`
`383`	`386`	`]`
`384`	`387`	`}`
`@@ -537,7 +540,8 @@`
`537`	`540`	`"aliases": [`
`538`	`541`	`"CVE-2021-3121",`
`539`	`542`	`"GHSA-c3h9-896r-86jm"`
`540`		`- ]`
	`543`	`+ ],`
	`544`	`+ "max_severity": "8.6"`
`541`	`545`	`}`
`542`	`546`	`]`
`543`	`547`	`}`
`@@ -745,7 +749,8 @@`
`745`	`749`	`"GHSA-m5pq-gvj9-9vr8",`
`746`	`750`	`"RUSTSEC-2022-0013"`
`747`	`751`	`],`
`748`		`- "aliases": null`
	`752`	`+ "aliases": null,`
	`753`	`+ "max_severity": ""`
`749`	`754`	`}`
`750`	`755`	`]`
`751`	`756`	`}`
`@@ -880,7 +885,8 @@`
`880`	`885`	`"aliases": [`
`881`	`886`	`"CVE-2021-3121",`
`882`	`887`	`"GHSA-c3h9-896r-86jm"`
`883`		`- ]`
	`888`	`+ ],`
	`889`	`+ "max_severity": ""`
`884`	`890`	`}`
`885`	`891`	`]`
`886`	`892`	`}`
`@@ -1088,7 +1094,8 @@`
`1088`	`1094`	`"GHSA-m5pq-gvj9-9vr8",`
`1089`	`1095`	`"RUSTSEC-2022-0013"`
`1090`	`1096`	`],`
`1091`		`- "aliases": null`
	`1097`	`+ "aliases": null,`
	`1098`	`+ "max_severity": ""`
`1092`	`1099`	`}`
`1093`	`1100`	`]`
`1094`	`1101`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@ package ci`
`3`	`3`	`import (`
`4`	`4`	`"slices"`
`5`	`5`
	`6`	`+ "github.com/google/osv-scanner/internal/output"`
`6`	`7`	`"github.com/google/osv-scanner/pkg/grouper"`
`7`	`8`	`"github.com/google/osv-scanner/pkg/models"`
`8`	`9`	`)`
`@@ -55,6 +56,9 @@ func DiffVulnerabilityResults(oldRes, newRes models.VulnerabilityResults) models`
`55`	`56`	`}`
`56`	`57`	`// Rebuild the groups lost in the previous step`
`57`	`58`	`groups := grouper.Group(grouper.ConvertVulnerabilityToIDAliases(resultPV.Vulnerabilities))`
	`59`	`+ for i, group := range groups {`
	`60`	`+ groups[i].MaxSeverity = output.MaxSeverity(group, *resultPV)`
	`61`	`+ }`
`58`	`62`	`resultPV.Groups = groups`
`59`	`63`	`}`
`60`	`64`	`if len(resultPS.Packages) == 0 {`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ func createSourceRemediationTable(source models.PackageSource, groupFixedVersion`
`28`	`28`	`remediationTable.AppendRow(table.Row{`
`29`	`29`	`pv.Package.Name,`
`30`	`30`	`strings.Join(vulnIDs, "\n"),`
`31`		`- MaxSeverity(group, pv),`
	`31`	`+ group.MaxSeverity,`
`32`	`32`	`pv.Package.Version,`
`33`	`33`	`strings.Join(fixedVersions, "\n")})`
`34`	`34`	`}`
Original file line number	Diff line number	Diff line change
`@@ -121,7 +121,7 @@ func tableBuilderInner(vulnResult *models.VulnerabilityResults, addStyling bool,`
`121`	`121`	`}`
`122`	`122`
`123`	`123`	`outputRow = append(outputRow, strings.Join(links, "\n"))`
`124`		`- outputRow = append(outputRow, MaxSeverity(group, pkg))`
	`124`	`+ outputRow = append(outputRow, group.MaxSeverity)`
`125`	`125`
`126`	`126`	`if pkg.Package.Ecosystem == "" && pkg.Package.Commit != "" {`
`127`	`127`	`pkgCommitStr := results.PkgToString(pkg.Package)`
Original file line number	Diff line number	Diff line change
`@@ -162,7 +162,8 @@`
`162`	`162`	`"GO-2021-0053": {`
`163`	`163`	`"called": false`
`164`	`164`	`}`
`165`		`- }`
	`165`	`+ },`
	`166`	`+ "max_severity": ""`
`166`	`167`	`}`
`167`	`168`	`]`
`168`	`169`	`},`
`@@ -314,7 +315,8 @@`
`314`	`315`	`"GO-2023-1558": {`
`315`	`316`	`"called": true`
`316`	`317`	`}`
`317`		`- }`
	`318`	`+ },`
	`319`	`+ "max_severity": ""`
`318`	`320`	`}`
`319`	`321`	`]`
`320`	`322`	`},`
`@@ -467,7 +469,8 @@`
`467`	`469`	`"GO-2023-1572": {`
`468`	`470`	`"called": false`
`469`	`471`	`}`
`470`		`- }`
	`472`	`+ },`
	`473`	`+ "max_severity": ""`
`471`	`474`	`}`
`472`	`475`	`]`
`473`	`476`	`}`
`@@ -621,7 +624,8 @@`
`621`	`624`	`"GHSA-c3h9-896r-86jm",`
`622`	`625`	`"GO-2021-0053"`
`623`	`626`	`],`
`624`		`- "aliases": null`
	`627`	`+ "aliases": null,`
	`628`	`+ "max_severity": ""`
`625`	`629`	`}`
`626`	`630`	`]`
`627`	`631`	`},`
`@@ -757,7 +761,8 @@`
`757`	`761`	`"GHSA-2h6c-j3gf-xp9r",`
`758`	`762`	`"GO-2023-1558"`
`759`	`763`	`],`
`760`		`- "aliases": null`
	`764`	`+ "aliases": null,`
	`765`	`+ "max_severity": ""`
`761`	`766`	`}`
`762`	`767`	`]`
`763`	`768`	`},`
`@@ -892,7 +897,8 @@`
`892`	`897`	`"GHSA-qgc7-mgm3-q253",`
`893`	`898`	`"GO-2023-1572"`
`894`	`899`	`],`
`895`		`- "aliases": null`
	`900`	`+ "aliases": null,`
	`901`	`+ "max_severity": ""`
`896`	`902`	`}`
`897`	`903`	`]`
`898`	`904`	`}`
Original file line number	Diff line number	Diff line change
`@@ -111,6 +111,7 @@ type GroupInfo struct {`
`111`	`111`	Aliases []string `json:"aliases"`
`112`	`112`	`// Map of Vulnerability IDs to AnalysisInfo`
`113`	`113`	ExperimentalAnalysis map[string]AnalysisInfo `json:"experimentalAnalysis,omitempty"`
	`114`	+ MaxSeverity string `json:"max_severity"`
`114`	`115`	`}`
`115`	`116`
`116`	`117`	`// IsCalled returns true if any analysis performed determines that the vulnerability is being called`
Original file line number	Diff line number	Diff line change
`@@ -166,7 +166,8 @@`
`166`	`166`	`"aliases": [`
`167`	`167`	`"GHSA-mc8h-8q98-g5hr",`
`168`	`168`	`"RUSTSEC-2023-0018"`
`169`		`- ]`
	`169`	`+ ],`
	`170`	`+ "max_severity": ""`
`170`	`171`	`}`
`171`	`172`	`]`
`172`	`173`	`},`
`@@ -414,7 +415,8 @@`
`414`	`415`	`"aliases": [`
`415`	`416`	`"GHSA-wcg3-cvx6-7396",`
`416`	`417`	`"RUSTSEC-2020-0071"`
`417`		`- ]`
	`418`	`+ ],`
	`419`	`+ "max_severity": ""`
`418`	`420`	`}`
`419`	`421`	`]`
`420`	`422`	`}`
`@@ -889,15 +891,17 @@`
`889`	`891`	`"aliases": [`
`890`	`892`	`"GHSA-fxg5-wq6x-vr4w",`
`891`	`893`	`"GO-2023-1495"`
`892`		`- ]`
	`894`	`+ ],`
	`895`	`+ "max_severity": ""`
`893`	`896`	`},`
`894`	`897`	`{`
`895`	`898`	`"ids": [`
`896`	`899`	`"GO-2022-1144"`
`897`	`900`	`],`
`898`	`901`	`"aliases": [`
`899`	`902`	`"GO-2022-1144"`
`900`		`- ]`
	`903`	`+ ],`
	`904`	`+ "max_severity": ""`
`901`	`905`	`},`
`902`	`906`	`{`
`903`	`907`	`"ids": [`
`@@ -907,7 +911,8 @@`
`907`	`911`	`"aliases": [`
`908`	`912`	`"GHSA-vvpx-j8f3-3w6h",`
`909`	`913`	`"GO-2023-1571"`
`910`		`- ]`
	`914`	`+ ],`
	`915`	`+ "max_severity": ""`
`911`	`916`	`}`
`912`	`917`	`]`
`913`	`918`	`}`
`@@ -1051,15 +1056,17 @@`
`1051`	`1056`	`],`
`1052`	`1057`	`"aliases": [`
`1053`	`1058`	`"GHSA-mrrw-grhq-86gf"`
`1054`		`- ]`
	`1059`	`+ ],`
	`1060`	`+ "max_severity": ""`
`1055`	`1061`	`},`
`1056`	`1062`	`{`
`1057`	`1063`	`"ids": [`
`1058`	`1064`	`"RUSTSEC-2023-0015"`
`1059`	`1065`	`],`
`1060`	`1066`	`"aliases": [`
`1061`	`1067`	`"RUSTSEC-2023-0015"`
`1062`		`- ]`
	`1068`	`+ ],`
	`1069`	`+ "max_severity": ""`
`1063`	`1070`	`}`
`1064`	`1071`	`]`
`1065`	`1072`	`},`
`@@ -1209,7 +1216,8 @@`
`1209`	`1216`	`"aliases": [`
`1210`	`1217`	`"GHSA-mc8h-8q98-g5hr",`
`1211`	`1218`	`"RUSTSEC-2023-0018"`
`1212`		`- ]`
	`1219`	`+ ],`
	`1220`	`+ "max_severity": ""`
`1213`	`1221`	`}`
`1214`	`1222`	`]`
`1215`	`1223`	`},`
`@@ -1457,7 +1465,8 @@`
`1457`	`1465`	`"aliases": [`
`1458`	`1466`	`"GHSA-wcg3-cvx6-7396",`
`1459`	`1467`	`"RUSTSEC-2020-0071"`
`1460`		`- ]`
	`1468`	`+ ],`
	`1469`	`+ "max_severity": ""`
`1461`	`1470`	`}`
`1462`	`1471`	`]`
`1463`	`1472`	`}`
`@@ -1682,7 +1691,8 @@`
`1682`	`1691`	`"aliases": [`
`1683`	`1692`	`"GHSA-vvpx-j8f3-3w6h",`
`1684`	`1693`	`"GO-2023-1571"`
`1685`		`- ]`
	`1694`	`+ ],`
	`1695`	`+ "max_severity": ""`
`1686`	`1696`	`}`
`1687`	`1697`	`]`
`1688`	`1698`	`}`
`@@ -1767,7 +1777,8 @@`
`1767`	`1777`	`],`
`1768`	`1778`	`"aliases": [`
`1769`	`1779`	`"GHSA-mrrw-grhq-86gf"`
`1770`		`- ]`
	`1780`	`+ ],`
	`1781`	`+ "max_severity": ""`
`1771`	`1782`	`}`
`1772`	`1783`	`]`
`1773`	`1784`	`},`
`@@ -2015,7 +2026,8 @@`
`2015`	`2026`	`"aliases": [`
`2016`	`2027`	`"GHSA-wcg3-cvx6-7396",`
`2017`	`2028`	`"RUSTSEC-2020-0071"`
`2018`		`- ]`
	`2029`	`+ ],`
	`2030`	`+ "max_severity": ""`
`2019`	`2031`	`}`
`2020`	`2032`	`]`
`2021`	`2033`	`}`