Checkmarx
diff --git a/‎go.mod‎
Lines changed: 2 additions & 5 deletions b/‎go.mod‎
Lines changed: 2 additions & 5 deletions
diff --git a/‎go.sum‎
Lines changed: 4 additions & 4 deletions b/‎go.sum‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎internal/commands/predicates.go‎
Lines changed: 3 additions & 2 deletions b/‎internal/commands/predicates.go‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎internal/commands/predicates_test.go‎
Lines changed: 2 additions & 1 deletion b/‎internal/commands/predicates_test.go‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎internal/commands/result.go‎
Lines changed: 19 additions & 6 deletions b/‎internal/commands/result.go‎
Lines changed: 19 additions & 6 deletions
diff --git a/‎internal/commands/result_test.go‎
Lines changed: 77 additions & 3 deletions b/‎internal/commands/result_test.go‎
Lines changed: 77 additions & 3 deletions
@@ -7,7 +7,7 @@ require (
 	github.com/Checkmarx/containers-types v1.0.9
 	github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63
 	github.com/Checkmarx/gen-ai-wrapper v1.0.2
-	github.com/Checkmarx/manifest-parser v0.1.0
+	github.com/Checkmarx/manifest-parser v0.1.1
 	github.com/Checkmarx/secret-detection v1.2.1
 	github.com/MakeNowJust/heredoc v1.0.0
 	github.com/bouk/monkey v1.0.0
@@ -41,9 +41,6 @@ require (
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 	modernc.org/sqlite v1.38.2 // indirect
-)
-
-require (
 	dario.cat/mergo v1.0.1 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
 	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20240914100643-eb91380d8434 // indirect
@@ -148,7 +145,7 @@ require (
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.1 // indirect
 	github.com/go-restruct/restruct v1.2.0-alpha // indirect
-	github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
+	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 
@@ -75,8 +75,8 @@ github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 h1:SCuTcE
 github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63/go.mod h1:MI6lfLerXU+5eTV/EPTDavgnV3owz3GPT4g/msZBWPo=
 github.com/Checkmarx/gen-ai-wrapper v1.0.2 h1:T6X40+4hYnwfDsvkjWs9VIcE6s1O+8DUu0+sDdCY3GI=
 github.com/Checkmarx/gen-ai-wrapper v1.0.2/go.mod h1:xwRLefezwNNnRGu1EjGS6wNiR9FVV/eP9D+oXwLViVM=
-github.com/Checkmarx/manifest-parser v0.1.0 h1:swnzQpBFbJap7dgoj39oI6MaIqUlnVuBp5VJzeLVevQ=
-github.com/Checkmarx/manifest-parser v0.1.0/go.mod h1:hh5FX5FdDieU8CKQEkged4hfOaSylpJzub8PRFXa4kA=
+github.com/Checkmarx/manifest-parser v0.1.1 h1:Yp/fy0NjeLxxcS8y9AA9yIzWafC/Zeqn36YjVSe91DU=
+github.com/Checkmarx/manifest-parser v0.1.1/go.mod h1:hh5FX5FdDieU8CKQEkged4hfOaSylpJzub8PRFXa4kA=
 github.com/Checkmarx/secret-detection v1.2.1 h1:Hzpz74dcN/L14Q86ARvPOZpKBnERzGTpy6sl1RXKOTo=
 github.com/Checkmarx/secret-detection v1.2.1/go.mod h1:kbXbtIQisDdB/TNuV7r9HPclEznUyBHLQ5yr7IX7vBQ=
 github.com/CycloneDX/cyclonedx-go v0.9.2 h1:688QHn2X/5nRezKe2ueIVCt+NRqf7fl3AVQk+vaFcIo=
@@ -421,8 +421,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZ
 github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/go-viper/mapstructure/v2 v2.3.0 h1:27XbWsHIqhbdR5TIC911OfYvgSaW93HM+dX7970Q7jk=
-github.com/go-viper/mapstructure/v2 v2.3.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
+github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
 
@@ -1,14 +1,15 @@
 package commands
 
 import (
+	"strings"
+	"time"
+
 	"github.com/MakeNowJust/heredoc"
 	"github.com/checkmarx/ast-cli/internal/commands/util/printer"
 	"github.com/checkmarx/ast-cli/internal/params"
 	"github.com/checkmarx/ast-cli/internal/wrappers"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
-	"strings"
-	"time"
 )
 
 var systemStates = []wrappers.CustomState{
 
@@ -4,9 +4,10 @@ package commands
 
 import (
 	"fmt"
+	"testing"
+
 	"github.com/checkmarx/ast-cli/internal/wrappers"
 	"github.com/checkmarx/ast-cli/internal/wrappers/mock"
-	"testing"
 
 	"gotest.tools/assert"
 )
 
@@ -1662,7 +1662,7 @@ func exportGlSastResults(targetFile string, results *wrappers.ScanResultsCollect
 	if err != nil {
 		return errors.Wrapf(err, "%s: failed to add scan to gl-sast report", failedListingResults)
 	}
-	convertCxResultToGlSastVulnerability(results, glSast, summary.BaseURI)
+	convertCxResultToGlSastVulnerability(results, glSast, summary)
 	resultsJSON, err := json.Marshal(glSast)
 	if err != nil {
 		return errors.Wrapf(err, "%s: failed to serialize gl-sast report ", failedListingResults)
@@ -2031,10 +2031,10 @@ func convertCxResultsToSarif(results *wrappers.ScanResultsCollection) *wrappers.
 	return sarif
 }
 
-func convertCxResultToGlSastVulnerability(results *wrappers.ScanResultsCollection, glSast *wrappers.GlSastResultsCollection, summaryBaseURI string) {
+func convertCxResultToGlSastVulnerability(results *wrappers.ScanResultsCollection, glSast *wrappers.GlSastResultsCollection, summary *wrappers.ResultSummary) {
 	for _, result := range results.Results {
 		if strings.TrimSpace(result.Type) == commonParams.SastType {
-			glSast = parseGlSastVulnerability(result, glSast, summaryBaseURI)
+			glSast = parseGlSastVulnerability(result, glSast, summary)
 		}
 	}
 }
@@ -2054,7 +2054,9 @@ func convertCxResultToGlScaFiles(results *wrappers.ScanResultsCollection, glScaR
 		}
 	}
 }
-func parseGlSastVulnerability(result *wrappers.ScanResult, glSast *wrappers.GlSastResultsCollection, summaryBaseURI string) *wrappers.GlSastResultsCollection {
+func parseGlSastVulnerability(result *wrappers.ScanResult, glSast *wrappers.GlSastResultsCollection, summary *wrappers.ResultSummary) *wrappers.GlSastResultsCollection {
+	hostName := parseURI(summary.BaseURI)
+
 	queryName := result.ScanResultData.QueryName
 	fileName := result.ScanResultData.Nodes[0].FileName
 	lineNumber := strconv.FormatUint(uint64(result.ScanResultData.Nodes[0].Line), 10)
@@ -2063,13 +2065,14 @@ func parseGlSastVulnerability(result *wrappers.ScanResult, glSast *wrappers.GlSa
 	ID := fmt.Sprintf("%s:%s:%s", queryName, fileName, lineNumber)
 	category := fmt.Sprintf("%s-%s", wrappers.VendorName, result.Type)
 	message := fmt.Sprintf("%s@%s:%s", queryName, fileName, lineNumber)
+	QueryDescriptionLink := fmt.Sprintf("%s/results/%s/%s/sast/description/%s/%s", hostName, summary.ScanID, summary.ProjectID, result.VulnerabilityDetails.CweID, result.ScanResultData.QueryID)
 
 	glSast.Vulnerabilities = append(glSast.Vulnerabilities, wrappers.GlVulnerabilities{
 		ID:          ID,
 		Category:    category,
 		Name:        queryName,
 		Message:     message,
-		Description: result.Description,
+		Description: result.Description + "   \n" + QueryDescriptionLink,
 		CVE:         ID,
 		Severity:    cases.Title(language.English).String(result.Severity),
 		Confidence:  cases.Title(language.English).String(result.Severity),
@@ -2083,7 +2086,7 @@ func parseGlSastVulnerability(result *wrappers.ScanResult, glSast *wrappers.GlSa
 			{
 				Type:  "cxOneScan",
 				Name:  "CxOne Scan",
-				URL:   summaryBaseURI,
+				URL:   summary.BaseURI,
 				Value: result.ID,
 			},
 		},
@@ -2889,6 +2892,16 @@ type ScannerResponse struct {
 	ErrorCode string `json:"ErrorCode,omitempty"`
 }
 
+func parseURI(summaryBaseURI string) (hostName string) {
+	parsedURL, err := url.Parse(summaryBaseURI)
+	if err != nil {
+		return ""
+	}
+	hostName = fmt.Sprintf("%s://%s", parsedURL.Scheme, parsedURL.Host)
+
+	return hostName
+}
+
 func printWarningIfIgnorePolicyOmiited() {
 	fmt.Printf("\n            Warning: The --ignore-policy flag was not implemented because you don’t have the required permission.\n                     Only users with 'override-policy-management' permission can use this flag.                     \n\n")
 }
@@ -1095,7 +1095,7 @@ func TestRunGetResultsByScanIdSummaryConsoleFormat_ScsCompleted_ScsCompletedInRe
 		"Expected SCS summary:"+scsSummary)
 	secretDetectionSummary := secretDetectionLine
 	assert.Equal(t, strings.Contains(cleanString, secretDetectionSummary), true,
-		"Expected Secret Detection summary:"+secretDetectionSummary)
+		"Expected Secret Detection summary:"+secretDetectionLine)
 	scorecardSummary := "| Scorecard                 0      0        0      1      0   Completed  |"
 	assert.Equal(t, strings.Contains(cleanString, scorecardSummary), true,
 		"Expected Scorecard summary:"+scorecardSummary)
@@ -1130,7 +1130,7 @@ func TestRunGetResultsByScanIdSummaryConsoleFormat_ScsPartial_ScsPartialInReport
 		"Expected SCS summary:"+scsSummary)
 	secretDetectionSummary := secretDetectionLine
 	assert.Equal(t, strings.Contains(cleanString, secretDetectionSummary), true,
-		"Expected Secret Detection summary:"+secretDetectionSummary)
+		"Expected Secret Detection summary:"+secretDetectionLine)
 	scorecardSummary := " | Scorecard                 0      0        0      0      0   Failed     |"
 	assert.Equal(t, strings.Contains(cleanString, scorecardSummary), true,
 		"Expected Scorecard summary:"+scorecardSummary)
@@ -1157,7 +1157,7 @@ func TestRunGetResultsByScanIdSummaryConsoleFormat_ScsScorecardNotScanned_Scorec
 		"Expected SCS summary:"+scsSummary)
 	secretDetectionSummary := secretDetectionLine
 	assert.Equal(t, strings.Contains(stdoutString, secretDetectionSummary), true,
-		"Expected Secret Detection summary:"+secretDetectionSummary)
+		"Expected Secret Detection summary:"+secretDetectionLine)
 	scorecardSummary := "| Scorecard                 -      -        -      -      -       -      |"
 	assert.Equal(t, strings.Contains(stdoutString, scorecardSummary), true,
 		"Expected Scorecard summary:"+scorecardSummary)
@@ -1697,3 +1697,77 @@ func TestIgnorePolicyWithPermission(t *testing.T) {
 	output := buf.String()
 	assert.Assert(t, !strings.Contains(output, "Warning: The --ignore-policy flag was not implemented because you don’t have the required permission."), "'Ignore Policy flag omitted because you dont have permission' should not be present in the output")
 }
+
+func TestParseGlSastVulnerability_QueryDescriptionLink_Succeed(t *testing.T) {
+	mockResult := createMockScanResult("q1234", "c5678")
+	glSast := &wrappers.GlSastResultsCollection{}
+	summary := &wrappers.ResultSummary{
+		BaseURI:   "https://example.com/overview",
+		ScanID:    "scanID",
+		ProjectID: "projectID",
+	}
+	expectedURL := "https://example.com/results/scanID/projectID/sast/description/c5678/q1234"
+
+	glSast = parseGlSastVulnerability(mockResult, glSast, summary)
+
+	assert.Assert(t, len(glSast.Vulnerabilities) > 0)
+
+	actualURL := extractURLFromDescription(glSast.Vulnerabilities[0].Description)
+
+	assert.Equal(t, actualURL, expectedURL, "QueryDescriptionLink URL does not match expected format")
+}
+
+func TestParseGlSastVulnerability_QueryDescriptionLink_Negative(t *testing.T) {
+	mockResult := createMockScanResult("", "")
+	glSast := &wrappers.GlSastResultsCollection{}
+	summary := &wrappers.ResultSummary{
+		BaseURI:   "invalid-url",
+		ScanID:    "scanID",
+		ProjectID: "projectID",
+	}
+	expectedPattern := "/results/scanID/projectID/sast/description//"
+
+	glSast = parseGlSastVulnerability(mockResult, glSast, summary)
+
+	assert.Assert(t, len(glSast.Vulnerabilities) > 0)
+	vuln := glSast.Vulnerabilities[0]
+
+	assert.Assert(t, strings.Contains(vuln.Description, expectedPattern),
+		"URL should contain pattern with empty values")
+
+	actualURL := extractURLFromDescription(vuln.Description)
+	assert.Assert(t, actualURL != "", "Extracted URL should not be empty")
+}
+
+func createMockScanResult(queryID, cweID string) *wrappers.ScanResult {
+	return &wrappers.ScanResult{
+		Type: "sast",
+		ScanResultData: wrappers.ScanResultData{
+			QueryName: "TestQuery",
+			QueryID:   queryID,
+			Nodes: []*wrappers.ScanResultNode{
+				{
+					FileName: "file.go",
+					Line:     42,
+					Length:   1,
+				},
+			},
+		},
+		VulnerabilityDetails: wrappers.VulnerabilityDetails{
+			CweID: cweID,
+		},
+		ID:          "vuln-1",
+		Description: "desc-",
+		Severity:    "high",
+	}
+}
+
+func extractURLFromDescription(description string) string {
+	parts := strings.Split(description, "http")
+	if len(parts) == 1 {
+		return "http" + strings.Split(parts[0], " ")[0]
+	} else if len(parts) > 1 {
+		return "http" + strings.Split(parts[1], " ")[0]
+	}
+	return ""
+}