Merge pull request #33 from snyk/feat/no-risk-score-for-licenses

feat: remove risk score line for license issues since they don't have one

Author: bsalomon-snyk

internal/presenters/funcs.go

@@ -94,14 +94,23 @@ func getFieldValueFrom(data interface{}, path string) string {
 
 // getVulnInfoURL returns the vulnerability information URL for a finding.
 func getVulnInfoURL(finding testapi.FindingData) string {
-	if len(finding.Attributes.Problems) > 0 {
-		problem := finding.Attributes.Problems[0]
-		if p, err := problem.AsSnykVulnProblem(); err == nil {
-			return "https://snyk.io/vuln/" + p.Id
-		}
-		if p, err := problem.AsSnykLicenseProblem(); err == nil {
-			// License issues might have a different URL structure, but for now this is a safe bet.
-			return "https://snyk.io/vuln/" + p.Id
+	if finding.Attributes != nil {
+		for _, problem := range finding.Attributes.Problems {
+			disc, err := problem.Discriminator()
+			if err != nil {
+				continue
+			}
+
+			switch disc {
+			case string(testapi.SnykVuln):
+				if p, err := problem.AsSnykVulnProblem(); err == nil {
+					return "https://snyk.io/vuln/" + p.Id
+				}
+			case string(testapi.SnykLicense):
+				if p, err := problem.AsSnykLicenseProblem(); err == nil {
+					return "https://snyk.io/vuln/" + p.Id
+				}
+			}
 		}
 	}
 	return ""
@@ -250,6 +259,7 @@ func getCliTemplateFuncMap(tmpl *template.Template) template.FuncMap {
 	fnMap["divider"] = RenderDivider
 	fnMap["title"] = RenderTitle
 	fnMap["renderToString"] = renderTemplateToString(tmpl)
+	fnMap["isLicenseFinding"] = isLicenseFinding
 	fnMap["isOpenFinding"] = isOpenFinding
 	fnMap["isPendingFinding"] = isPendingFinding
 	fnMap["isIgnoredFinding"] = isIgnoredFinding
@@ -266,6 +276,27 @@ func getDefaultTemplateFuncMap(config configuration.Configuration, ri runtimeinf
 		return nil
 	}
 	getFindingID := func(finding testapi.FindingData) string {
+		if finding.Attributes != nil {
+			for _, problem := range finding.Attributes.Problems {
+				disc, err := problem.Discriminator()
+				if err != nil {
+					continue
+				}
+
+				switch disc {
+				case string(testapi.SnykVuln):
+					if p, err := problem.AsSnykVulnProblem(); err == nil {
+						return p.Id
+					}
+				case string(testapi.SnykLicense):
+					if p, err := problem.AsSnykLicenseProblem(); err == nil {
+						return p.Id
+					}
+				}
+			}
+		}
+
+		// fallback to top-level ID if no problem ID is found
 		if finding.Id != nil {
 			return finding.Id.String()
 		}
@@ -295,10 +326,24 @@ func getDefaultTemplateFuncMap(config configuration.Configuration, ri runtimeinf
 	defaultMap["getSourceLocation"] = getSourceLocation
 	defaultMap["getFindingId"] = getFindingID
 	defaultMap["hasPrefix"] = strings.HasPrefix
+	defaultMap["isLicenseFinding"] = isLicenseFinding
 
 	return defaultMap
 }
 
+// isLicenseFinding returns true if the finding is a license finding.
+func isLicenseFinding(finding testapi.FindingData) bool {
+	if finding.Attributes != nil {
+		for _, problem := range finding.Attributes.Problems {
+			disc, err := problem.Discriminator()
+			if err == nil && disc == string(testapi.SnykLicense) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
 // reverse reverses the order of elements in a slice.
 func reverse(v interface{}) []interface{} {
 	l, err := mustReverse(v)

internal/presenters/presenter_unified_finding_test.go

@@ -4,9 +4,14 @@ import (
 	"bytes"
 	"testing"
 
+	"github.com/google/uuid"
+	"github.com/snyk/go-application-framework/pkg/apiclients/testapi"
+	"github.com/snyk/go-application-framework/pkg/configuration"
+	"github.com/snyk/go-application-framework/pkg/local_workflows/json_schemas"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/snyk/cli-extension-os-flows/internal/presenters"
+	"github.com/snyk/cli-extension-os-flows/internal/util"
 )
 
 func TestJsonWriter(t *testing.T) {
@@ -42,3 +47,109 @@ func TestJsonWriter(t *testing.T) {
 		assert.Equal(t, input, buffer.Bytes())
 	})
 }
+
+func TestUnifiedFindingPresenter_CliOutput(t *testing.T) {
+	t.Run("license finding should not have risk score", func(t *testing.T) {
+		// setup
+		config := configuration.New()
+		buffer := &bytes.Buffer{}
+
+		problemID := uuid.New().String()
+		licenseFinding := testapi.FindingData{
+			Id:   util.Ptr(uuid.New()),
+			Type: util.Ptr(testapi.Findings),
+			Attributes: &testapi.FindingAttributes{
+				Title: "GPL-3.0-only",
+				Rating: testapi.Rating{
+					Severity: testapi.Severity("medium"),
+				},
+				Problems: func() []testapi.Problem {
+					var p testapi.Problem
+					err := p.FromSnykLicenseProblem(testapi.SnykLicenseProblem{
+						Id:      problemID,
+						License: "license",
+					})
+					assert.NoError(t, err)
+					return []testapi.Problem{p}
+				}(),
+			},
+		}
+
+		projectResult := &presenters.UnifiedProjectResult{
+			Findings: []testapi.FindingData{licenseFinding},
+			Summary: &json_schemas.TestSummary{
+				SeverityOrderAsc: []string{"critical", "high", "medium", "low", "none"},
+				Results: []json_schemas.TestSummaryResult{
+					{
+						Severity: "medium",
+						Open:     1,
+					},
+				},
+			},
+		}
+
+		presenter := presenters.NewUnifiedFindingsRenderer(
+			[]*presenters.UnifiedProjectResult{projectResult},
+			config,
+			buffer,
+		)
+
+		// execute
+		err := presenter.RenderTemplate(presenters.DefaultTemplateFiles, presenters.DefaultMimeType)
+
+		// assert
+		assert.NoError(t, err)
+		output := buffer.String()
+		assert.NotContains(t, output, "Risk Score:")
+	})
+
+	t.Run("vulnerability finding should have risk score", func(t *testing.T) {
+		// setup
+		config := configuration.New()
+		buffer := &bytes.Buffer{}
+
+		riskScore := uint16(780)
+		vulnFinding := testapi.FindingData{
+			Id:   util.Ptr(uuid.New()),
+			Type: util.Ptr(testapi.Findings),
+			Attributes: &testapi.FindingAttributes{
+				Title: "High severity vulnerability",
+				Risk: testapi.Risk{
+					RiskScore: &testapi.RiskScore{
+						Value: riskScore,
+					},
+				},
+				Rating: testapi.Rating{
+					Severity: testapi.Severity("high"),
+				},
+			},
+		}
+
+		projectResult := &presenters.UnifiedProjectResult{
+			Findings: []testapi.FindingData{vulnFinding},
+			Summary: &json_schemas.TestSummary{
+				SeverityOrderAsc: []string{"critical", "high", "medium", "low", "none"},
+				Results: []json_schemas.TestSummaryResult{
+					{
+						Severity: "high",
+						Open:     1,
+					},
+				},
+			},
+		}
+
+		presenter := presenters.NewUnifiedFindingsRenderer(
+			[]*presenters.UnifiedProjectResult{projectResult},
+			config,
+			buffer,
+		)
+
+		// execute
+		err := presenter.RenderTemplate(presenters.DefaultTemplateFiles, presenters.DefaultMimeType)
+
+		// assert
+		assert.NoError(t, err)
+		output := buffer.String()
+		assert.Contains(t, output, "Risk Score: 780")
+	})
+}

internal/presenters/templates/unified_finding.tmpl

@@ -9,11 +9,13 @@
 			{{- with (getIntroducedThrough .) }}
    Introduced through: {{ . }}
 			{{- end }}
-			{{- $riskScore := getFieldValueFrom . "Attributes.Risk.RiskScore.Value" -}}
-			{{- if $riskScore }}
+			{{- if not (isLicenseFinding .) }}
+				{{- $riskScore := getFieldValueFrom . "Attributes.Risk.RiskScore.Value" -}}
+				{{- if $riskScore }}
    Risk Score: {{ $riskScore }}
-			{{- else }}
-   Risk Score: N/A (Risk score couldn't be computed)
+				{{- else }}
+   Risk Score: N/A
+				{{- end }}
 			{{- end }}
 			{{- $isReachable := getFieldValueFrom . "Attributes.IsReachable" -}}
 			{{- if eq $isReachable "true" }}