ZupIT · wiliansilvazup · Dec 11, 2020 · Dec 10, 2020 · Dec 10, 2020 · Dec 10, 2020
diff --git a/development-kit/pkg/entities/analyser/python/output.go b/development-kit/pkg/entities/analyser/python/output.go
@@ -14,7 +14,9 @@
 
 package python
 
-import "github.com/ZupIT/horusec/development-kit/pkg/enums/severity"
+import (
+	"github.com/ZupIT/horusec/development-kit/pkg/enums/severity"
+)
 
 type BanditOutput struct {
 	Results []BanditResult `json:"results"`
@@ -44,3 +46,11 @@ type SafetyIssues struct {
 	Description      string `json:"description"`
 	ID               string `json:"id"`
 }
+
+func (b *BanditResult) GetFile() string {
+	if b.FileName != "" && b.FileName[0:2] == "./" {
+		return b.FileName[2:]
+	}
+
+	return b.FileName
+}
diff --git a/horusec-cli/README.md b/horusec-cli/README.md
@@ -98,11 +98,11 @@ workflows:
 
 * Example using `code-build`:
     *   Environment:
-        - `CUstom Image`
-            - Environment type: `Linux` 
-            - Image registry: `Other registry`
-            - External registry URL: `horuszup/horusec-cli`
-            - Image Version: `Alway use the latest image for this runtime version`
+        - `Managed image`
+            - Operational system: `Ubuntu` 
+            - Execution time: `Standard`
+            - Image: `Any`
+            - Image Version: `Latest`
             - Privileged: `true`
             - Allow AWS CodeBuild to modify this service role so it can be used with this build project: `true`
 
@@ -111,11 +111,25 @@ workflows:
     version: 0.2
 
     phases:
+      install:
+        runtime-versions:
+            docker: 19
       build:
         commands:
-           - sh /usr/local/bin/hoursec-cli.sh -p="./" -e="true"
+           - docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src/horusec-vscode horuszup/horusec-cli:latest horusec start -p /src/horusec-vscode -P $(pwd)
     ```
 
+#### Docker image
+We also have a docker image for the cli that can be used to replace the binary. Here is an example of use:
+
+`docker run -v /var/run/docker.sock:/var/run/docker.sock -v {path of project in host}:/src/horusec-vscode horuszup/horusec-cli:latest horusec start -p /src/horusec-vscode -P {path of project in host}`
+
+We use a bind with the local docker through the volume `-v /var/run/docker.sock:/var/run/docker.sock` (on windows --> `-v //var/run/docker.sock:/var/run/docker.sock`).
+
+A bind type volume it is created to allow the container to access the project `-v path of project in host:/src/horusec-vscode` (`/src/horusec-vscode` --> represents the project path inside the container).
+
+In this case due the docker.sock we need to have the path to the project inside container passed in -p flag, and the original host path in the -P flag.
+
 #### Check the installation
 ```bash
 horusec version

diff --git a/horusec-cli/internal/services/formatters/csharp/scs/formatter.go b/horusec-cli/internal/services/formatters/csharp/scs/formatter.go
@@ -16,7 +16,6 @@ package scs
 
 import (
 	"encoding/json"
-	"fmt"
 	vulnhash "github.com/ZupIT/horusec/development-kit/pkg/utils/vuln_hash"
 	"strings"
 
@@ -106,7 +105,7 @@ func (f *Formatter) setVulnerabilitySeverityData(output dotnet.Output) *horusec.
 	data.Details = f.removeCsprojPathFromDetails(output.IssueText)
 	data.Line = output.GetLine()
 	data.Column = output.GetColumn()
-	data.File = output.GetFilename()
+	data.File = f.GetFilepathFromFilename(output.GetFilename())
 
 	// Set data.VulnHash value
 	data = vulnhash.Bind(data)
@@ -115,7 +114,7 @@ func (f *Formatter) setVulnerabilitySeverityData(output dotnet.Output) *horusec.
 }
 
 func (f *Formatter) setCommitAuthor(vulnerability *horusec.Vulnerability) *horusec.Vulnerability {
-	commitAuthor := f.GetCommitAuthor(vulnerability.Line, f.getFilePathFromPackageName(vulnerability.File))
+	commitAuthor := f.GetCommitAuthor(vulnerability.Line, vulnerability.File)
 
 	vulnerability.CommitAuthor = commitAuthor.Author
 	vulnerability.CommitHash = commitAuthor.CommitHash
@@ -141,11 +140,6 @@ func (f *Formatter) appendVulnerabilities(vulnerability *horusec.Vulnerability)
 		})
 }
 
-func (f *Formatter) getFilePathFromPackageName(filePath string) string {
-	return fileUtil.GetPathIntoFilename(filePath,
-		fmt.Sprintf("%s/.horusec/%s/", f.GetConfigProjectPath(), f.GetAnalysisID()))
-}
-
 func (f *Formatter) getConfigData(projectSubPath string) *dockerEntities.AnalysisData {
 	return &dockerEntities.AnalysisData{
 		Image: ImageName,

diff --git a/horusec-cli/internal/services/formatters/javascript/npmaudit/formatter.go b/horusec-cli/internal/services/formatters/javascript/npmaudit/formatter.go
@@ -123,7 +123,7 @@ func (f *Formatter) setCommitAuthor(vulnerability *horusec.Vulnerability) *horus
 
 func (f *Formatter) getDefaultVulnerabilitySeverity() *horusec.Vulnerability {
 	vulnerabilitySeverity := &horusec.Vulnerability{}
-	vulnerabilitySeverity.File = "package-lock.json"
+	vulnerabilitySeverity.File = f.GetFilepathFromFilename("package-lock.json")
 	vulnerabilitySeverity.SecurityTool = tools.NpmAudit
 	vulnerabilitySeverity.Language = languages.Javascript
 	return vulnerabilitySeverity

diff --git a/horusec-cli/internal/services/formatters/javascript/yarnaudit/formatter.go b/horusec-cli/internal/services/formatters/javascript/yarnaudit/formatter.go
@@ -123,7 +123,7 @@ func (f *Formatter) getDefaultVulnerabilitySeverity() *horusec.Vulnerability {
 	vulnerabilitySeverity := &horusec.Vulnerability{}
 	vulnerabilitySeverity.SecurityTool = tools.YarnAudit
 	vulnerabilitySeverity.Language = languages.Javascript
-	vulnerabilitySeverity.File = "yarn.lock"
+	vulnerabilitySeverity.File = f.GetFilepathFromFilename("yarn.lock")
 	return vulnerabilitySeverity
 }
 

diff --git a/horusec-cli/internal/services/formatters/python/bandit/formatter.go b/horusec-cli/internal/services/formatters/python/bandit/formatter.go
@@ -120,7 +120,7 @@ func (f *Formatter) setupVulnerabilitiesSeveritiesBandit(
 	vulnerabilitySeverity.Code = f.GetCodeWithMaxCharacters(issues[index].Code, 0)
 	vulnerabilitySeverity.Line = strconv.Itoa(issues[index].LineNumber)
 	vulnerabilitySeverity.Confidence = issues[index].IssueConfidence
-	vulnerabilitySeverity.File = issues[index].FileName
+	vulnerabilitySeverity.File = issues[index].GetFile()
 
 	// Set vulnerabilitySeverity.VulnHash value
 	vulnerabilitySeverity = vulnhash.Bind(vulnerabilitySeverity)

diff --git a/horusec-cli/internal/services/formatters/python/safety/formatter.go b/horusec-cli/internal/services/formatters/python/safety/formatter.go
@@ -174,6 +174,6 @@ func (f *Formatter) getDefaultVulnerabilitySeverityInSafety() *horusec.Vulnerabi
 	vulnerabilitySeverity.SecurityTool = tools.Safety
 	vulnerabilitySeverity.Confidence = "-"
 	vulnerabilitySeverity.Column = "0"
-	vulnerabilitySeverity.File = "requirements.txt"
+	vulnerabilitySeverity.File = f.GetFilepathFromFilename("requirements.txt")
 	return vulnerabilitySeverity
 }
diff --git a/horusec-cli/internal/services/formatters/service.go b/horusec-cli/internal/services/formatters/service.go
@@ -45,6 +45,7 @@ type IService interface {
 	RemoveSrcFolderFromPath(filepath string) string
 	GetCodeWithMaxCharacters(code string, column int) string
 	ToolIsToIgnore(tool tools.Tool) bool
+	GetFilepathFromFilename(filename string) string
 }
 
 type Service struct {
@@ -176,3 +177,12 @@ func (s *Service) getAHundredCharacters(code string, column int) string {
 
 	return codeFromColumn
 }
+
+func (s *Service) GetFilepathFromFilename(filename string) string {
+	filepath := file.GetPathIntoFilename(filename, s.GetConfigProjectPath())
+	if filepath != "" {
+		return filepath[1:]
+	}
+
+	return filepath
+}
diff --git a/horusec-manager/package-lock.json b/horusec-manager/package-lock.json