fix(report): don't include empty strings in .vulnerabilities[].identifiers[].url when gitlab.tpl is used (aquasecurity#6348)

DmitriyLewen · web-flow · commit 1870f28461c0 · 2024-03-24T09:44:40.000Z
diff --git a/contrib/gitlab.tpl b/contrib/gitlab.tpl
@@ -73,8 +73,11 @@
 	  {{- /* TODO: Type not extractable - https://github.com/aquasecurity/trivy-db/pull/24 */}}
           "type": "cve",
           "name": "{{ .VulnerabilityID }}",
-          "value": "{{ .VulnerabilityID }}",
+          "value": "{{ .VulnerabilityID }}"
+          {{- /* cf. https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/e3d280d7f0862ca66a1555ea8b24016a004bb914/dist/container-scanning-report-format.json#L157-179 */}}
+          {{- if .PrimaryURL | regexMatch "^(https?|ftp)://.+" -}},
           "url": "{{ .PrimaryURL }}"
+          {{- end }}
         }
       ],
       "links": [
@@ -85,9 +88,13 @@
         {{- else -}}
           ,
         {{- end -}}
+        {{- if . | regexMatch "^(https?|ftp)://.+" -}}
         {
-          "url": "{{ regexFind "[^ ]+" . }}"
+          "url": "{{ . }}"
         }
+        {{- else -}}
+          {{- $l_first = true }}
+        {{- end -}}
         {{- end }}
       ]
     }

Original file line number	Diff line number	Diff line change
`@@ -73,8 +73,11 @@`
`73`	`73`	`{{- /* TODO: Type not extractable - https://github.com/aquasecurity/trivy-db/pull/24 */}}`
`74`	`74`	`"type": "cve",`
`75`	`75`	`"name": "{{ .VulnerabilityID }}",`
`76`		`- "value": "{{ .VulnerabilityID }}",`
	`76`	`+ "value": "{{ .VulnerabilityID }}"`
	`77`	`+ {{- /* cf. https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/e3d280d7f0862ca66a1555ea8b24016a004bb914/dist/container-scanning-report-format.json#L157-179 */}}`
	`78`	`+ {{- if .PrimaryURL \| regexMatch "^(https?\|ftp)://.+" -}},`
`77`	`79`	`"url": "{{ .PrimaryURL }}"`
	`80`	`+ {{- end }}`
`78`	`81`	`}`
`79`	`82`	`],`
`80`	`83`	`"links": [`
`@@ -85,9 +88,13 @@`
`85`	`88`	`{{- else -}}`
`86`	`89`	`,`
`87`	`90`	`{{- end -}}`
	`91`	`+ {{- if . \| regexMatch "^(https?\|ftp)://.+" -}}`
`88`	`92`	`{`
`89`		`- "url": "{{ regexFind "[^ ]+" . }}"`
	`93`	`+ "url": "{{ . }}"`
`90`	`94`	`}`
	`95`	`+ {{- else -}}`
	`96`	`+ {{- $l_first = true }}`
	`97`	`+ {{- end -}}`
`91`	`98`	`{{- end }}`
`92`	`99`	`]`
`93`	`100`	`}`