fix(cli): HTML generation of vuln assessment (#1204)

* fix(cli): HTML generation of vuln assessment

Since #1025 the generation of
static HTML output has been broken, this change fixes it so that it
renders like it was before.

Signed-off-by: Salim Afiune Maya <[email protected]>

* test(cli): vulContainerImageLayersToHTML() function

Signed-off-by: Salim Afiune Maya <[email protected]>

---------

Signed-off-by: Salim Afiune Maya <[email protected]>

Author: afiune

api/v2_vulnerabilities.go

@@ -217,7 +217,7 @@ func (r VulnerabilitiesContainersResponse) VulnFixableCount(severity string) int
 func (r VulnerabilitiesContainersResponse) TotalVulnerabilities() int {
 	count := 0
 	for _, vuln := range r.Data {
-		if vuln.EvalCtx.ImageInfo.Status == "VULNERABLE" {
+		if vuln.Status == "VULNERABLE" {
 			count = count + 1
 		}
 	}

cli/cmd/vuln_html.go

@@ -328,32 +328,31 @@ func vulContainerImageLayersToHTML(image []api.VulnerabilityContainer) []htmlVul
 	var vulns = []htmlVuln{}
 	for _, i := range image {
 		space := regexp.MustCompile(`\s+`)
-		// Todo(v2): CreatedBy does not exist in v2
-		layerCreatedBy := space.ReplaceAllString("", " ")
+		layerCreatedBy := space.ReplaceAllString(i.FeatureProps.IntroducedIn, " ")
 
 		newHtmlVuln := htmlVuln{
 			CVE:               i.VulnID,
 			Severity:          cases.Title(language.English).String(i.Severity),
-			SeverityHTMLClass: i.Severity,
+			SeverityHTMLClass: strings.ToLower(i.Severity),
 			PkgName:           i.FeatureKey.Name,
 			PkgVersion:        i.FeatureKey.Version,
 			PkgFixed:          i.FixInfo.FixedVersion,
 			Layer:             layerCreatedBy,
 		}
 
 		// Todo(v2): CVSSv3Score does not exist in v2 container response
-		//if score := vul.CVSSv3Score(); score != 0 {
-		//	// CVSSv3
-		//	newHtmlVuln.V3Score = score
-		//	newHtmlVuln.UseV3Score = true
-		//} else if score = vul.CVSSv2Score(); score != 0 {
-		//	// CVSSv2
-		//	newHtmlVuln.V2Score = score
-		//	newHtmlVuln.UseV2Score = true
-		//} else {
-		//	// N/A
-		//	newHtmlVuln.UseNoScore = true
-		//}
+		// if score := vul.CVSSv3Score(); score != 0 {
+		// // CVSSv3
+		// newHtmlVuln.V3Score = score
+		// newHtmlVuln.UseV3Score = true
+		// } else if score = vul.CVSSv2Score(); score != 0 {
+		// // CVSSv2
+		// newHtmlVuln.V2Score = score
+		// newHtmlVuln.UseV2Score = true
+		// } else {
+		// // N/A
+		newHtmlVuln.UseNoScore = true
+		// }
 
 		vulns = append(vulns, newHtmlVuln)
 	}

cli/cmd/vuln_html_test.go

@@ -0,0 +1,41 @@
+//
+// Author:: Salim Afiune Maya (<[email protected]>)
+// Copyright:: Copyright 2023, Lacework Inc.
+// License:: Apache License, Version 2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package cmd
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestVulContainerImageLayersToHTML(t *testing.T) {
+	var (
+		expectedVulnIDs = []string{"CVE-2021-24215", "CVE-2020-24215"}
+		resp            = mockVulnerabilityAssessment()
+		subject         = vulContainerImageLayersToHTML(resp.Data)
+	)
+	if assert.Equal(t, 2, len(subject), "wrong number of vulnerabilities") {
+		for _, vuln := range subject {
+			assert.NotEmpty(t, vuln.Layer, "the layer should not be empty, did response change?")
+			assert.True(t, vuln.UseNoScore, "do we have CVSS scores? update, please")
+			assert.Contains(t, expectedVulnIDs, vuln.CVE,
+				"missing CVE, check HTML output")
+		}
+	}
+}