diff --git a/checkov/common/output/report.py b/checkov/common/output/report.py index f8fe30ecb60..0b213e59d2c 100644 --- a/checkov/common/output/report.py +++ b/checkov/common/output/report.py @@ -462,6 +462,14 @@ def _create_test_case_failure_output(self, record: Record) -> str: if self.check_type == CheckType.SCA_PACKAGE: if record.vulnerability_details: + lowest_fixed_version = record.vulnerability_details.get('lowest_fixed_version') + if lowest_fixed_version is not None: + fix = lowest_fixed_version + else: + fixlist = record.vulnerability_details.get('fixed_versions') + if fixlist is not None: + fix = fixlist + failure_output.extend( [ "", @@ -471,6 +479,9 @@ def _create_test_case_failure_output(self, record: Record) -> str: f"Base Score: {record.vulnerability_details.get('cvss')}", f"Vector: {record.vulnerability_details.get('vector')}", f"Risk Factors: {record.vulnerability_details.get('risk_factors')}", + "Fix Details:", + f" Status: {record.vulnerability_details.get('status')}", + f" Fixed Version: {fix}", ] ) else: diff --git a/tests/sca_package/test_output_reports.py b/tests/sca_package/test_output_reports.py index 7e8a5697e92..f1be39c124f 100644 --- a/tests/sca_package/test_output_reports.py +++ b/tests/sca_package/test_output_reports.py @@ -418,6 +418,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result): "Base Score: 9.8\n", "Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n", "Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'Critical severity', 'Has fix']\n", + "Fix Details:\n", + " Status: fixed in 3.0.1, 2.2.9, 1.11.27\n", + " Fixed Version: 1.11.27\n", "\n", "Resource: path/to/requirements.txt.django\n", "File: /path/to/requirements.txt: 0-0\n", @@ -432,6 +435,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result): "Base Score: 6.1\n", "Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\n", "Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'Exploit exists', 'Has fix', 'Medium severity']\n", + "Fix Details:\n" + " Status: fixed in 1.9.8, 1.8.14\n", + " Fixed Version: 1.8.14\n", "\n", "Resource: path/to/requirements.txt.django\n", "File: /path/to/requirements.txt: 0-0\n", @@ -446,6 +452,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result): "Base Score: 7.5\n", "Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n", "Risk Factors: ['High severity', 'Attack complexity: low', 'Attack vector: network', 'Has fix']\n", + "Fix Details:\n", + " Status: fixed in 1.9.10, 1.8.15\n", + " Fixed Version: 1.8.15\n", "\n", "Resource: path/to/requirements.txt.django\n", "File: /path/to/requirements.txt: 0-0\n", @@ -460,6 +469,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result): "Base Score: 4.9\n", "Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\n", "Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'Has fix', 'Medium severity', 'Recent vulnerability']\n", + "Fix Details:\n" + " Status: fixed in 3.2.4, 3.1.12, 2.2.24\n", + " Fixed Version: 2.2.24\n", "\n", "Resource: path/to/requirements.txt.django\n", "File: /path/to/requirements.txt: 0-0\n", @@ -474,6 +486,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result): "Base Score: 7.5\n", "Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n", "Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'DoS', 'Has fix', 'High severity']\n", + "Fix Details:\n" + " Status: fixed in 1.0\n", + " Fixed Version: 1.0\n", "\n", "Resource: path/to/requirements.txt.flask\n", "File: /path/to/requirements.txt: 0-0\n", @@ -488,6 +503,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result): "Base Score: 7.5\n", "Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n", "Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'DoS', 'Has fix', 'High severity']\n", + "Fix Details:\n" + " Status: fixed in 0.12.3\n" + " Fixed Version: 0.12.3\n" "\n", "Resource: path/to/requirements.txt.flask\n", "File: /path/to/requirements.txt: 0-0\n", @@ -502,6 +520,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result): "Base Score: 7.7\n", "Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n", "Risk Factors: ['High severity', 'Attack complexity: low', 'Attack vector: network', 'Has fix']\n", + "Fix Details:\n" + " Status: fixed in v4.0.0-preview1\n", + " Fixed Version: 4.0.0rc1\n", "\n", "Resource: path/to/go.sum.github.com/dgrijalva/jwt-go\n", "File: /path/to/go.sum: 0-0\n",