Merge pull request #43 from snyk/fix/template-rendering-introduced-fields

paulrosca-snyk · web-flow · commit d4c172726df2 · 2025-08-01T17:25:54.000+03:00
fix: template rendering "introduced" fields
diff --git a/internal/presenters/funcs.go b/internal/presenters/funcs.go
@@ -120,9 +120,11 @@ func getVulnInfoURL(finding testapi.FindingData) string {
 
 // getIntroducedThrough returns the dependency path through which the vulnerability was introduced.
 func getIntroducedThrough(finding testapi.FindingData) string {
-	if len(finding.Attributes.Evidence) > 0 {
-		evidence := finding.Attributes.Evidence[0]
+	if finding.Attributes == nil || len(finding.Attributes.Evidence) == 0 {
+		return ""
+	}
 
+	for _, evidence := range finding.Attributes.Evidence {
 		// An evidence object is a union type. We need to check if it's a DependencyPathEvidence.
 		if depPathEvidence, err := evidence.AsDependencyPathEvidence(); err == nil {
 			var pathParts []string
@@ -134,13 +136,17 @@ func getIntroducedThrough(finding testapi.FindingData) string {
 			}
 		}
 	}
+
 	return ""
 }
 
 // getIntroducedBy returns the direct dependency that introduced the vulnerability.
 func getIntroducedBy(finding testapi.FindingData) string {
-	if len(finding.Attributes.Evidence) > 0 {
-		evidence := finding.Attributes.Evidence[0]
+	if finding.Attributes == nil || len(finding.Attributes.Evidence) == 0 {
+		return ""
+	}
+
+	for _, evidence := range finding.Attributes.Evidence {
 		if depPathEvidence, err := evidence.AsDependencyPathEvidence(); err == nil {
 			if len(depPathEvidence.Path) > 0 {
 				// The first element in the path is the direct dependency from the root.
@@ -149,6 +155,7 @@ func getIntroducedBy(finding testapi.FindingData) string {
 			}
 		}
 	}
+
 	return ""
 }
 

Original file line number	Diff line number	Diff line change
`@@ -120,9 +120,11 @@ func getVulnInfoURL(finding testapi.FindingData) string {`
`120`	`120`
`121`	`121`	`// getIntroducedThrough returns the dependency path through which the vulnerability was introduced.`
`122`	`122`	`func getIntroducedThrough(finding testapi.FindingData) string {`
`123`		`- if len(finding.Attributes.Evidence) > 0 {`
`124`		`- evidence := finding.Attributes.Evidence[0]`
	`123`	`+ if finding.Attributes == nil \|\| len(finding.Attributes.Evidence) == 0 {`
	`124`	`+ return ""`
	`125`	`+ }`
`125`	`126`
	`127`	`+ for _, evidence := range finding.Attributes.Evidence {`
`126`	`128`	`// An evidence object is a union type. We need to check if it's a DependencyPathEvidence.`
`127`	`129`	`if depPathEvidence, err := evidence.AsDependencyPathEvidence(); err == nil {`
`128`	`130`	`var pathParts []string`
`@@ -134,13 +136,17 @@ func getIntroducedThrough(finding testapi.FindingData) string {`
`134`	`136`	`}`
`135`	`137`	`}`
`136`	`138`	`}`
	`139`	`+`
`137`	`140`	`return ""`
`138`	`141`	`}`
`139`	`142`
`140`	`143`	`// getIntroducedBy returns the direct dependency that introduced the vulnerability.`
`141`	`144`	`func getIntroducedBy(finding testapi.FindingData) string {`
`142`		`- if len(finding.Attributes.Evidence) > 0 {`
`143`		`- evidence := finding.Attributes.Evidence[0]`
	`145`	`+ if finding.Attributes == nil \|\| len(finding.Attributes.Evidence) == 0 {`
	`146`	`+ return ""`
	`147`	`+ }`
	`148`	`+`
	`149`	`+ for _, evidence := range finding.Attributes.Evidence {`
`144`	`150`	`if depPathEvidence, err := evidence.AsDependencyPathEvidence(); err == nil {`
`145`	`151`	`if len(depPathEvidence.Path) > 0 {`
`146`	`152`	`// The first element in the path is the direct dependency from the root.`
`@@ -149,6 +155,7 @@ func getIntroducedBy(finding testapi.FindingData) string {`
`149`	`155`	`}`
`150`	`156`	`}`
`151`	`157`	`}`
	`158`	`+`
`152`	`159`	`return ""`
`153`	`160`	`}`
`154`	`161`