From b5a84495c85d4b20c007394550d50ef788563384 Mon Sep 17 00:00:00 2001
From: Danang Heriyadi <danang.heriyadi19@gmail.com>
Date: Fri, 17 Dec 2021 14:57:32 +0700
Subject: [PATCH 1/3] Add some logic to find where the correct line that should
 be pinpointed

Signed-off-by: Danang Heriyadi <danang.heriyadi19@gmail.com>
---
 .../formatters/generic/trivy/formatter.go     | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/internal/services/formatters/generic/trivy/formatter.go b/internal/services/formatters/generic/trivy/formatter.go
index a5886edeb..6c6c7821c 100644
--- a/internal/services/formatters/generic/trivy/formatter.go
+++ b/internal/services/formatters/generic/trivy/formatter.go
@@ -15,9 +15,13 @@
 package trivy
 
 import (
+	"bufio"
 	"encoding/json"
 	"fmt"
+	"os"
 	"path/filepath"
+	"strconv"
+	"strings"
 	"sync"
 
 	"github.com/ZupIT/horusec-devkit/pkg/entities/vulnerability"
@@ -161,9 +165,32 @@ func (f *Formatter) setVulnerabilities(cmd string, result *entities.Result, path
 	}
 }
 
+func findLineByFilename(target string, pkgName string, installedVersion string) string {
+	line := 0
+	file, err := os.Open(target)
+	if err != nil {
+		return strconv.Itoa(line)
+	}
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		if strings.HasPrefix(scanner.Text(), pkgName+" v"+installedVersion) {
+			return strconv.Itoa(line)
+		}
+		line++
+	}
+
+	if err := scanner.Err(); err != nil {
+		line = 0
+	}
+	return strconv.Itoa(line)
+}
+
 func (f *Formatter) setVulnerabilitiesOutput(vulnerabilities []*entities.Vulnerability, target string) {
 	for _, vuln := range vulnerabilities {
 		addVuln := f.getVulnBase()
+		addVuln.Line = findLineByFilename(target, vuln.PkgName, vuln.InstalledVersion)
 		addVuln.File = target
 		addVuln.Code = vuln.PkgName
 		addVuln.Details = vuln.GetDetails()

From 2627656ab166fc1e5f65befcafd9758f7287ce70 Mon Sep 17 00:00:00 2001
From: Danang Heriyadi <danang.heriyadi19@gmail.com>
Date: Mon, 20 Dec 2021 11:24:05 +0700
Subject: [PATCH 2/3] Replace findLineByFilename with GetDependencyInfo

Signed-off-by: Danang Heriyadi <danang.heriyadi19@gmail.com>
---
 .../formatters/generic/trivy/formatter.go     | 31 ++-----------------
 internal/utils/file/file.go                   |  4 +--
 2 files changed, 5 insertions(+), 30 deletions(-)

diff --git a/internal/services/formatters/generic/trivy/formatter.go b/internal/services/formatters/generic/trivy/formatter.go
index 6c6c7821c..712d37802 100644
--- a/internal/services/formatters/generic/trivy/formatter.go
+++ b/internal/services/formatters/generic/trivy/formatter.go
@@ -15,13 +15,9 @@
 package trivy
 
 import (
-	"bufio"
 	"encoding/json"
 	"fmt"
-	"os"
 	"path/filepath"
-	"strconv"
-	"strings"
 	"sync"
 
 	"github.com/ZupIT/horusec-devkit/pkg/entities/vulnerability"
@@ -38,6 +34,7 @@ import (
 	"github.com/ZupIT/horusec/internal/helpers/messages"
 	"github.com/ZupIT/horusec/internal/services/formatters"
 	"github.com/ZupIT/horusec/internal/services/formatters/generic/trivy/entities"
+	"github.com/ZupIT/horusec/internal/utils/file"
 	vulnhash "github.com/ZupIT/horusec/internal/utils/vuln_hash"
 )
 
@@ -165,34 +162,12 @@ func (f *Formatter) setVulnerabilities(cmd string, result *entities.Result, path
 	}
 }
 
-func findLineByFilename(target string, pkgName string, installedVersion string) string {
-	line := 0
-	file, err := os.Open(target)
-	if err != nil {
-		return strconv.Itoa(line)
-	}
-	defer file.Close()
-
-	scanner := bufio.NewScanner(file)
-	for scanner.Scan() {
-		if strings.HasPrefix(scanner.Text(), pkgName+" v"+installedVersion) {
-			return strconv.Itoa(line)
-		}
-		line++
-	}
-
-	if err := scanner.Err(); err != nil {
-		line = 0
-	}
-	return strconv.Itoa(line)
-}
-
 func (f *Formatter) setVulnerabilitiesOutput(vulnerabilities []*entities.Vulnerability, target string) {
 	for _, vuln := range vulnerabilities {
 		addVuln := f.getVulnBase()
-		addVuln.Line = findLineByFilename(target, vuln.PkgName, vuln.InstalledVersion)
+		addVuln.Code = fmt.Sprintf("%s v%s", vuln.PkgName, vuln.InstalledVersion)
+		_, _, addVuln.Line = file.GetDependencyInfo([]string{target}, addVuln.Code)
 		addVuln.File = target
-		addVuln.Code = vuln.PkgName
 		addVuln.Details = vuln.GetDetails()
 		addVuln.Severity = severities.GetSeverityByString(vuln.Severity)
 		addVuln = vulnhash.Bind(addVuln)
diff --git a/internal/utils/file/file.go b/internal/utils/file/file.go
index 33fb13f42..3d2687010 100644
--- a/internal/utils/file/file.go
+++ b/internal/utils/file/file.go
@@ -241,7 +241,7 @@ func GetDependencyCodeFilepathAndLine(
 		return "", "", ""
 	}
 
-	return getDependencyInfo(paths, dependency)
+	return GetDependencyInfo(paths, dependency)
 }
 
 // nolint: funlen
@@ -271,7 +271,7 @@ func getPathsByExtension(projectPath, subPath string, extensions ...string) ([]s
 // The line and the dependency trimmed is also returned.
 //
 //nolint:funlen,gocyclo
-func getDependencyInfo(paths []string, dependency string) (string, string, string) {
+func GetDependencyInfo(paths []string, dependency string) (string, string, string) {
 	var line int
 
 	for _, path := range paths {

From 274a738d042e85b0260be34f2dd9b75b561fa361 Mon Sep 17 00:00:00 2001
From: Danang Heriyadi <danang.heriyadi19@gmail.com>
Date: Tue, 21 Dec 2021 09:07:58 +0700
Subject: [PATCH 3/3] Update godoc & implement variadic parameter

Signed-off-by: Danang Heriyadi <danang.heriyadi19@gmail.com>
---
 internal/services/formatters/generic/trivy/formatter.go | 2 +-
 internal/utils/file/file.go                             | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/internal/services/formatters/generic/trivy/formatter.go b/internal/services/formatters/generic/trivy/formatter.go
index 712d37802..cae1b8d6f 100644
--- a/internal/services/formatters/generic/trivy/formatter.go
+++ b/internal/services/formatters/generic/trivy/formatter.go
@@ -166,7 +166,7 @@ func (f *Formatter) setVulnerabilitiesOutput(vulnerabilities []*entities.Vulnera
 	for _, vuln := range vulnerabilities {
 		addVuln := f.getVulnBase()
 		addVuln.Code = fmt.Sprintf("%s v%s", vuln.PkgName, vuln.InstalledVersion)
-		_, _, addVuln.Line = file.GetDependencyInfo([]string{target}, addVuln.Code)
+		_, _, addVuln.Line = file.GetDependencyInfo(addVuln.Code, target)
 		addVuln.File = target
 		addVuln.Details = vuln.GetDetails()
 		addVuln.Severity = severities.GetSeverityByString(vuln.Severity)
diff --git a/internal/utils/file/file.go b/internal/utils/file/file.go
index 3d2687010..f1a162c09 100644
--- a/internal/utils/file/file.go
+++ b/internal/utils/file/file.go
@@ -241,7 +241,7 @@ func GetDependencyCodeFilepathAndLine(
 		return "", "", ""
 	}
 
-	return GetDependencyInfo(paths, dependency)
+	return GetDependencyInfo(dependency, paths...)
 }
 
 // nolint: funlen
@@ -266,12 +266,12 @@ func getPathsByExtension(projectPath, subPath string, extensions ...string) ([]s
 	})
 }
 
-// getDependencyInfo return the path inside paths that match the dependency.
+// GetDependencyInfo return the path inside paths that match the dependency.
 //
 // The line and the dependency trimmed is also returned.
 //
 //nolint:funlen,gocyclo
-func GetDependencyInfo(paths []string, dependency string) (string, string, string) {
+func GetDependencyInfo(dependency string, paths ...string) (string, string, string) {
 	var line int
 
 	for _, path := range paths {