feat:OS CLI output part VI - add description labels

src/lib/formatters/remediation-based-format-issues.ts

@@ -387,10 +387,8 @@ function constructUnfixableText(
 
     const extraInfo =
       issue.fixedIn && issue.fixedIn.length
-        ? `\n  This issue was fixed in versions: ${chalk.bold(
-            issue.fixedIn.join(', '),
-          )}`
-        : '\n  No upgrade or patch available';
+        ? `\n    Fixed in: ${chalk.bold(issue.fixedIn.join(', '))}`
+        : '\n    No upgrade or patch available';
     unfixableIssuesTextArray.push(
       formatIssue(
         issue.id,
@@ -436,7 +434,9 @@ export function formatIssue(
   sampleReachablePaths?: SampleReachablePaths,
 ): string {
   const newBadge = isNew ? ' (new)' : '';
-  const name = vulnerableModule ? ` in ${chalk.bold(vulnerableModule)}` : '';
+  const introducedThrough = vulnerableModule
+    ? `\n    Introduced through: ${chalk.bold(vulnerableModule)}`
+    : '';
   let legalLicenseInstructionsText;
   if (legalInstructions) {
     legalLicenseInstructionsText = formatLegalInstructions(legalInstructions);
@@ -457,13 +457,13 @@ export function formatIssue(
     const pathStr = printPath(paths[0]);
     introducedBy =
       paths.length === 1
-        ? `\n    introduced by ${pathStr}`
-        : `\n    introduced by ${pathStr} and ${chalk.cyanBright(
+        ? `\n    Introduced by: ${pathStr}`
+        : `\n    Introduced by: ${pathStr} and ${chalk.cyanBright(
             '' + (paths.length - 1),
           )} other path(s)`;
   } else if (testOptions.showVulnPaths === 'all' && paths) {
     introducedBy =
-      '\n    introduced by:' +
+      '\n    Introduced by:' +
       paths
         .slice(0, 1000)
         .map((p) => '\n    ' + printPath(p))
@@ -494,8 +494,8 @@ export function formatIssue(
       )} Severity${originalSeverityStr}]`,
     ) +
     reachabilityText +
-    `[${config.PUBLIC_VULN_DB_URL}/vuln/${id}]` +
-    name +
+    `\n    Info: ${config.PUBLIC_VULN_DB_URL}/vuln/${id}` +
+    introducedThrough +
     reachableVia +
     introducedBy +
     (legalLicenseInstructionsText

test/acceptance/workspaces/pip-app-transitive-vuln/cli-output-actionable-remediation.txt

@@ -7,18 +7,26 @@ Tested 6 dependencies for known vulnerabilities, found 4 vulnerabilities, 4 vuln
 Issues to fix by upgrading dependencies:
 
   Upgrade flask to 1.0 to fix
-  ✗ Improper Input Validation [High Severity][https://security.snyk.io/vuln/SNYK-PYTHON-FLASK-42185] in flask@0.12.2
-    introduced by flask@0.12.2
-  ✗ Denial of Service (DOS) [High Severity][https://security.snyk.io/vuln/SNYK-PYTHON-FLASK-451637] in flask@0.12.2
-    introduced by flask@0.12.2
+  ✗ Improper Input Validation [High Severity]
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-FLASK-42185
+    Introduced through: flask@0.12.2
+    Introduced by: flask@0.12.2
+  ✗ Denial of Service (DOS) [High Severity]
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-FLASK-451637
+    Introduced through: flask@0.12.2
+    Introduced by: flask@0.12.2
 
   Pin Jinja2 to 2.10.1 to fix
-  ✗ Sandbox Escape [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-JINJA2-174126] in Jinja2@2.9.6
-    introduced by flask@0.12.2 > Jinja2@2.9.6
+  ✗ Sandbox Escape [Medium Severity]
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-JINJA2-174126
+    Introduced through: Jinja2@2.9.6
+    Introduced by: flask@0.12.2 > Jinja2@2.9.6
 
   Pin Werkzeug to 0.15.3 to fix
-  ✗ Insufficient Randomness [High Severity][https://security.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-458931] in Werkzeug@0.12.2
-    introduced by flask@0.12.2 > Werkzeug@0.12.2
+  ✗ Insufficient Randomness [High Severity]
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-458931
+    Introduced through: Werkzeug@0.12.2
+    Introduced by: flask@0.12.2 > Werkzeug@0.12.2
 
 
 

test/jest/unit/lib/formatters/__snapshots__/remediation-based-format-issues.spec.ts.snap

@@ -6,42 +6,58 @@ exports[`with license issues 1`] = `
 Issues to fix by upgrading:
 
   Upgrade rack@1.6.5 to rack@1.6.11 to fix
-  ✗ Cross-site Scripting (XSS) [Medium Severity][URL] in rack@1.6.5
-    introduced by:
+  ✗ Cross-site Scripting (XSS) [Medium Severity]
+    Info: https://security.snyk.io/vuln/SNYK-RUBY-RACK-72567
+    Introduced through: rack@1.6.5
+    Introduced by:
     rack@1.6.5
     rack-cache@1.1 > rack@1.6.5
     rack-protection@1.5.3 > rack@1.6.5
 
   Upgrade rack-cache@1.1 to rack-cache@1.3.0 to fix
-  ✗ Cross-site Scripting (XSS) [Medium Severity][URL] in rack@1.6.5
-    introduced by:
+  ✗ Cross-site Scripting (XSS) [Medium Severity]
+    Info: https://security.snyk.io/vuln/SNYK-RUBY-RACK-72567
+    Introduced through: rack@1.6.5
+    Introduced by:
     rack@1.6.5
     rack-cache@1.1 > rack@1.6.5
     rack-protection@1.5.3 > rack@1.6.5
-  ✗ HTTP Header Caching Weakness [High Severity][URL] in rack-cache@1.1
-    introduced by:
+  ✗ HTTP Header Caching Weakness [High Severity]
+    Info: https://security.snyk.io/vuln/SNYK-RUBY-RACKCACHE-20031
+    Introduced through: rack-cache@1.1
+    Introduced by:
     rack-cache@1.1
 
   Upgrade rack-protection@1.5.3 to rack-protection@2.0.0 to fix
-  ✗ Side-channel attack [Low Severity][URL] in rack-protection@1.5.3
-    introduced by:
+  ✗ Side-channel attack [Low Severity]
+    Info: https://security.snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20394
+    Introduced through: rack-protection@1.5.3
+    Introduced by:
     rack-protection@1.5.3
-  ✗ Timing Attack [Medium Severity][URL] in rack-protection@1.5.3
-    introduced by:
+  ✗ Timing Attack [Medium Severity]
+    Info: https://security.snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
+    Introduced through: rack-protection@1.5.3
+    Introduced by:
     rack-protection@1.5.3
-  ✗ Directory Traversal [Medium Severity][URL] in rack-protection@1.5.3
-    introduced by:
+  ✗ Directory Traversal [Medium Severity]
+    Info: https://security.snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-22019
+    Introduced through: rack-protection@1.5.3
+    Introduced by:
     rack-protection@1.5.3
-  ✗ Cross-site Scripting (XSS) [Medium Severity][URL] in rack@1.6.5
-    introduced by:
+  ✗ Cross-site Scripting (XSS) [Medium Severity]
+    Info: https://security.snyk.io/vuln/SNYK-RUBY-RACK-72567
+    Introduced through: rack@1.6.5
+    Introduced by:
     rack@1.6.5
     rack-cache@1.1 > rack@1.6.5
     rack-protection@1.5.3 > rack@1.6.5
 
 License issues:
 
-  ✗ Unknown license [High Severity][URL] in rack-cache@1.1
-    introduced by:
+  ✗ Unknown license [High Severity]
+    Info: https://security.snyk.io/vuln/snyk:lic:rubygems:rack-cache:Unknown
+    Introduced through: rack-cache@1.1
+    Introduced by:
     rack-cache@1.1
     Legal instructions:
     ○ for LGPL-3.0 license: I am legal license instruction"
@@ -53,15 +69,19 @@ exports[`with pins & unfixable & showVulnsPaths = all 1`] = `
 Issues to fix by upgrading dependencies:
 
   Upgrade django@1.6.1 to django@2.2.18 to fix
-  ✗ Content Spoofing [Medium Severity][URL] in django@1.6.1
-    introduced by:
+  ✗ Content Spoofing [Medium Severity]
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-DJANGO-72888
+    Introduced through: django@1.6.1
+    Introduced by:
     django@1.6.1
 
 Issues with no direct upgrade or patch:
-  ✗ Directory Traversal [Low Severity][URL] in django@1.6.1
-    introduced by:
+  ✗ Directory Traversal [Low Severity]
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-DJANGO-1066259
+    Introduced through: django@1.6.1
+    Introduced by:
     django@1.6.1
-  This issue was fixed in versions: 2.2.18, 3.0.12, 3.1.6"
+    Fixed in: 2.2.18, 3.0.12, 3.1.6"
 `;
 
 exports[`with reachable info 1`] = `
@@ -70,8 +90,10 @@ exports[`with reachable info 1`] = `
 Issues to fix by upgrading:
 
   Upgrade package-name@1.6.1 to package-name@1.6.3 to fix
-  ✗ Arbitrary Code Execution [Medium Severity][Reachable][URL] in package-name@1.6.1
-    introduced by:
+  ✗ Arbitrary Code Execution [Medium Severity][Reachable]
+    Info: https://security.snyk.io/vuln/SNYK-JAVA-PACAKGE-12345
+    Introduced through: package-name@1.6.1
+    Introduced by:
     package-name@1.6.1"
 `;
 
@@ -81,13 +103,17 @@ exports[`with showVulnPaths = some 1`] = `
 Issues to fix by upgrading dependencies:
 
   Upgrade django@1.6.1 to django@2.2.18 to fix
-  ✗ Content Spoofing [Medium Severity][URL] in django@1.6.1
-    introduced by django@1.6.1
+  ✗ Content Spoofing [Medium Severity]
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-DJANGO-72888
+    Introduced through: django@1.6.1
+    Introduced by: django@1.6.1
 
 Issues with no direct upgrade or patch:
-  ✗ Directory Traversal [Low Severity][URL] in django@1.6.1
-    introduced by django@1.6.1
-  This issue was fixed in versions: 2.2.18, 3.0.12, 3.1.6"
+  ✗ Directory Traversal [Low Severity]
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-DJANGO-1066259
+    Introduced through: django@1.6.1
+    Introduced by: django@1.6.1
+    Fixed in: 2.2.18, 3.0.12, 3.1.6"
 `;
 
 exports[`with upgrades & patches 1`] = `
@@ -96,20 +122,28 @@ exports[`with upgrades & patches 1`] = `
 Issues to fix by upgrading:
 
   Upgrade qs@0.0.6 to qs@6.0.4 to fix
-  ✗ Prototype Override Protection Bypass [Low Severity (originally High)][URL] in qs@0.0.6
-    introduced by:
+  ✗ Prototype Override Protection Bypass [Low Severity (originally High)]
+    Info: https://security.snyk.io/vuln/npm:qs:20170213
+    Introduced through: qs@0.0.6
+    Introduced by:
     qs@0.0.6
-  ✗ Denial of Service (DoS) [Low Severity (originally High)][URL] in qs@0.0.6
-    introduced by:
+  ✗ Denial of Service (DoS) [Low Severity (originally High)]
+    Info: https://security.snyk.io/vuln/npm:qs:20140806
+    Introduced through: qs@0.0.6
+    Introduced by:
     qs@0.0.6
-  ✗ Denial of Service (DoS) [Low Severity (originally Medium)][URL] in qs@0.0.6
-    introduced by:
+  ✗ Denial of Service (DoS) [Low Severity (originally Medium)]
+    Info: https://security.snyk.io/vuln/npm:qs:20140806-1
+    Introduced through: qs@0.0.6
+    Introduced by:
     qs@0.0.6
 
 Patchable issues:
 
   Patch available for node-uuid@1.4.0
-  ✗ Insecure Randomness [Low Severity (originally Medium)][URL] in node-uuid@1.4.0
-    introduced by:
+  ✗ Insecure Randomness [Low Severity (originally Medium)]
+    Info: https://security.snyk.io/vuln/npm:node-uuid:20160328
+    Introduced through: node-uuid@1.4.0
+    Introduced by:
     node-uuid@1.4.0"
 `;