feat: os output update - add issue summary

src/lib/formatters/test/format-test-results.ts

@@ -30,6 +30,8 @@ import {
   facts as dockerFacts,
 } from 'snyk-docker-plugin/dist';
 import { ScanResult } from '../../ecosystems/types';
+import { FormattedIssuesWithRemediation } from '../types';
+import { colorTextBySeverity } from '../../snyk-test/common';
 
 function createJsonResultOutput(jsonResult, options: Options) {
   const jsonResultClone = cloneDeep(jsonResult);
@@ -197,7 +199,17 @@ export function getDisplayedOutput(
     (vuln) => vuln.metadata.packageManager === 'upstream',
   );
 
-  let groupedVulnInfoOutput;
+  let groupedVulnInfoOutput: FormattedIssuesWithRemediation = {
+    outputTextArray: [],
+    counts: {
+      noUpgradeOrPatchCount: 0,
+      licenseTotal: 0,
+      fixableTotal: 0,
+      licenseBySeverity: { low: 0, medium: 0, high: 0, critical: 0 },
+      fixableBySeverity: { low: 0, medium: 0, high: 0, critical: 0 },
+    },
+  };
+
   if (res.remediation) {
     analytics.add('actionableRemediation', true);
     groupedVulnInfoOutput = formatIssuesWithRemediation(
@@ -207,8 +219,8 @@ export function getDisplayedOutput(
     );
   } else {
     analytics.add('actionableRemediation', false);
-    groupedVulnInfoOutput = filteredSortedGroupedVulns.map((vuln) =>
-      formatIssues(vuln, options),
+    groupedVulnInfoOutput.outputTextArray = filteredSortedGroupedVulns.map(
+      (vuln) => formatIssues(vuln, options),
     );
   }
 
@@ -221,15 +233,73 @@ export function getDisplayedOutput(
         )
       : [];
 
+  const licenseBySeverityText = `${Object.keys(
+    groupedVulnInfoOutput.counts.licenseBySeverity,
+  )
+    .reverse()
+    .filter(
+      (severity) =>
+        groupedVulnInfoOutput.counts.licenseBySeverity[severity] > 0,
+    )
+    .map((severity) =>
+      colorTextBySeverity(
+        severity,
+        chalk.bold(
+          `${
+            groupedVulnInfoOutput.counts.licenseBySeverity[severity]
+          } ${severity.charAt(0).toUpperCase() + severity.slice(1)}`,
+        ),
+      ),
+    )
+    .join(', ')}`;
+  const fixableBySeverityText = `${Object.keys(
+    groupedVulnInfoOutput.counts.fixableBySeverity,
+  )
+    .reverse()
+    .filter(
+      (severity) =>
+        groupedVulnInfoOutput.counts.fixableBySeverity[severity] > 0,
+    )
+    .map((severity) =>
+      colorTextBySeverity(
+        severity,
+        chalk.bold(
+          `${
+            groupedVulnInfoOutput.counts.fixableBySeverity[severity]
+          } ${severity.charAt(0).toUpperCase() + severity.slice(1)}`,
+        ),
+      ),
+    )
+    .join(', ')}`;
+
+  const testSummary = `${
+    !options.docker
+      ? `${chalk.bold('\n\nTest summary:')}\n${
+          groupedVulnInfoOutput.counts.noUpgradeOrPatchCount
+            ? `\n  ${groupedVulnInfoOutput.counts.noUpgradeOrPatchCount} issues with no upgrade or patch`
+            : ''
+        }${
+          groupedVulnInfoOutput.counts.licenseTotal
+            ? `\n  ${groupedVulnInfoOutput.counts.licenseTotal} license issues: `
+            : ''
+        }${licenseBySeverityText}${
+          groupedVulnInfoOutput.counts.fixableTotal
+            ? `\n  ${groupedVulnInfoOutput.counts.fixableTotal} fixable issues: `
+            : ''
+        }${fixableBySeverityText}`
+      : ''
+  }`;
+
   let body =
-    groupedVulnInfoOutput.join('\n\n') +
+    groupedVulnInfoOutput.outputTextArray.join('\n\n') +
     '\n\n' +
     groupedDockerBinariesVulnInfoOutput.join('\n\n') +
     '\n\n' +
-    meta;
+    meta +
+    `${res.remediation ? `${testSummary}` : ''}`;
 
   if (res.remediation) {
-    body = summary + body + fixAdvice;
+    body = summary + '\n\n' + body + fixAdvice;
   } else {
     body = body + '\n\n' + summary + fixAdvice;
   }

src/lib/formatters/types.ts

@@ -22,3 +22,16 @@ interface TopLevelPackageUpgrade {
 export interface UpgradesByAffectedPackage {
   [pkgNameAndVersion: string]: TopLevelPackageUpgrade[];
 }
+
+export type FormattedIssuesCounts = {
+  noUpgradeOrPatchCount: number;
+  licenseTotal: number;
+  fixableTotal: number;
+  licenseBySeverity: { [severity in SEVERITY]: number };
+  fixableBySeverity: { [severity in SEVERITY]: number };
+};
+
+export type FormattedIssuesWithRemediation = {
+  outputTextArray: string[];
+  counts: FormattedIssuesCounts;
+};

test/acceptance/workspaces/pip-app-transitive-vuln/cli-output-actionable-remediation.txt

@@ -4,29 +4,33 @@ Testing pip-app-transitive-vuln...
 Tested 6 dependencies for known vulnerabilities, found 4 vulnerabilities, 4 vulnerable paths.
 
 
-Issues to fix by upgrading dependencies (2 issues):
+Issues to fix by upgrading dependencies (4 issues):
 
   Upgrade flask to 1.0 to fix 2 issues
 
   ✗ [High] Improper Input Validation
-    [https://security.snyk.io/vuln/SNYK-PYTHON-FLASK-42185] in flask@0.12.2
-    introduced by flask@0.12.2
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-FLASK-42185
+    Introduced through: flask@0.12.2
+    Introduced by: flask@0.12.2
 
   ✗ [High] Denial of Service (DOS)
-    [https://security.snyk.io/vuln/SNYK-PYTHON-FLASK-451637] in flask@0.12.2
-    introduced by flask@0.12.2
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-FLASK-451637
+    Introduced through: flask@0.12.2
+    Introduced by: flask@0.12.2
 
   Pin Jinja2 to 2.10.1 to fix 1 issue
 
   ✗ [Medium] Sandbox Escape
-    [https://security.snyk.io/vuln/SNYK-PYTHON-JINJA2-174126] in Jinja2@2.9.6
-    introduced by flask@0.12.2 > Jinja2@2.9.6
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-JINJA2-174126
+    Introduced through: Jinja2@2.9.6
+    Introduced by: flask@0.12.2 > Jinja2@2.9.6
 
   Pin Werkzeug to 0.15.3 to fix 1 issue
 
   ✗ [High] Insufficient Randomness
-    [https://security.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-458931] in Werkzeug@0.12.2
-    introduced by flask@0.12.2 > Werkzeug@0.12.2
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-458931
+    Introduced through: Werkzeug@0.12.2
+    Introduced by: flask@0.12.2 > Werkzeug@0.12.2
 
 
 
@@ -37,5 +41,9 @@ Project name:      pip-app-transitive-vuln
 Open source:       no
 Project path:      pip-app-transitive-vuln
 
+Test summary:
+
+  4 fixable issues: 3 High, 1 Medium
+
 Tip: Try `snyk fix` to address these issues.`snyk fix` is a new CLI command in that aims to automatically apply the recommended updates for supported ecosystems.
 See documentation on how to enable this beta feature: https://docs.snyk.io/snyk-cli/fix-vulnerabilities-from-the-cli/automatic-remediation-with-snyk-fix#enabling-snyk-fix

test/jest/unit/lib/formatters/__snapshots__/remediation-based-format-issues.spec.ts.snap

@@ -2,134 +2,130 @@
 
 exports[`with license issues 1`] = `
 "
-
 License issues (1 issue):
 
   ✗ [High] Unknown license
-    [URL] in rack-cache@1.1
-    introduced by:
-    rack-cache@1.1
+    Info: https://dev.snyk.io/vuln/snyk:lic:rubygems:rack-cache:Unknown
+    Introduced through: rack-cache@1.1
+    Introduced by: rack-cache@1.1
     Legal instructions:
     ○ for LGPL-3.0 license: I am legal license instruction
 
+
 Issues to fix by upgrading (7 issues):
 
   Upgrade rack@1.6.5 to rack@1.6.11 to fix 1 issue
 
   ✗ [Medium] Cross-site Scripting (XSS)
-    [URL] in rack@1.6.5
-    introduced by:
-    rack@1.6.5
-    rack-cache@1.1 > rack@1.6.5
-    rack-protection@1.5.3 > rack@1.6.5
+    Info: https://security.snyk.io/vuln/SNYK-RUBY-RACK-72567
+    Introduced through: rack@1.6.5
+    Introduced by: rack@1.6.5 > rack-cache@1.1 > rack@1.6.5 > rack-protection@1.5.3 > rack@1.6.5
 
   Upgrade rack-cache@1.1 to rack-cache@1.3.0 to fix 2 issues
 
   ✗ [Medium] Cross-site Scripting (XSS)
-    [URL] in rack@1.6.5
-    introduced by:
-    rack@1.6.5
-    rack-cache@1.1 > rack@1.6.5
-    rack-protection@1.5.3 > rack@1.6.5
+    Info: https://security.snyk.io/vuln/SNYK-RUBY-RACK-72567
+    Introduced through: rack@1.6.5
+    Introduced by: rack@1.6.5 > rack-cache@1.1 > rack@1.6.5 > rack-protection@1.5.3 > rack@1.6.5
 
   ✗ [High] HTTP Header Caching Weakness
-    [URL] in rack-cache@1.1
-    introduced by:
-    rack-cache@1.1
+    Info: https://security.snyk.io/vuln/SNYK-RUBY-RACKCACHE-20031
+    Introduced through: rack-cache@1.1
+    Introduced by: rack-cache@1.1
 
   Upgrade rack-protection@1.5.3 to rack-protection@2.0.0 to fix 4 issues
 
   ✗ [Low] Side-channel attack
-    [URL] in rack-protection@1.5.3
-    introduced by:
-    rack-protection@1.5.3
+    Info: https://security.snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20394
+    Introduced through: rack-protection@1.5.3
+    Introduced by: rack-protection@1.5.3
 
   ✗ [Medium] Timing Attack
-    [URL] in rack-protection@1.5.3
-    introduced by:
-    rack-protection@1.5.3
+    Info: https://security.snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
+    Introduced through: rack-protection@1.5.3
+    Introduced by: rack-protection@1.5.3
 
   ✗ [Medium] Directory Traversal
-    [URL] in rack-protection@1.5.3
-    introduced by:
-    rack-protection@1.5.3
+    Info: https://security.snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-22019
+    Introduced through: rack-protection@1.5.3
+    Introduced by: rack-protection@1.5.3
 
   ✗ [Medium] Cross-site Scripting (XSS)
-    [URL] in rack@1.6.5
-    introduced by:
-    rack@1.6.5
-    rack-cache@1.1 > rack@1.6.5
-    rack-protection@1.5.3 > rack@1.6.5"
+    Info: https://security.snyk.io/vuln/SNYK-RUBY-RACK-72567
+    Introduced through: rack@1.6.5
+    Introduced by: rack@1.6.5 > rack-cache@1.1 > rack@1.6.5 > rack-protection@1.5.3 > rack@1.6.5"
 `;
 
 exports[`with pins & unfixable & showVulnsPaths = all 1`] = `
 "
-
 Issues with no direct upgrade or patch (1 issue):
 
   ✗ [Low] Directory Traversal
-    [URL] in django@1.6.1
-    introduced by:
-    django@1.6.1
-    This issue was fixed in versions: 2.2.18, 3.0.12, 3.1.6
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-DJANGO-1066259
+    Introduced through: django@1.6.1
+    Introduced by: django@1.6.1
+    Fixed in: 2.2.18, 3.0.12, 3.1.6
+
 
 Issues to fix by upgrading dependencies (1 issue):
 
   Upgrade django@1.6.1 to django@2.2.18 to fix 1 issue
 
   ✗ [Medium] Content Spoofing
-    [URL] in django@1.6.1
-    introduced by:
-    django@1.6.1"
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-DJANGO-72888
+    Introduced through: django@1.6.1
+    Introduced by: django@1.6.1"
 `;
 
 exports[`with showVulnPaths = some 1`] = `
 "
-
 Issues with no direct upgrade or patch (1 issue):
 
   ✗ [Low] Directory Traversal
-    [URL] in django@1.6.1
-    introduced by django@1.6.1
-    This issue was fixed in versions: 2.2.18, 3.0.12, 3.1.6
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-DJANGO-1066259
+    Introduced through: django@1.6.1
+    Introduced by: django@1.6.1
+    Fixed in: 2.2.18, 3.0.12, 3.1.6
+
 
 Issues to fix by upgrading dependencies (1 issue):
 
   Upgrade django@1.6.1 to django@2.2.18 to fix 1 issue
 
   ✗ [Medium] Content Spoofing
-    [URL] in django@1.6.1
-    introduced by django@1.6.1"
+    Info: https://security.snyk.io/vuln/SNYK-PYTHON-DJANGO-72888
+    Introduced through: django@1.6.1
+    Introduced by: django@1.6.1"
 `;
 
 exports[`with upgrades & patches 1`] = `
 "
-
 Patchable issues (1 issue):
 
   Patch available for node-uuid@1.4.0
 
   ✗ [Low (originally Medium)] Insecure Randomness
-    [URL] in node-uuid@1.4.0
-    introduced by:
-    node-uuid@1.4.0
+    Info: https://security.snyk.io/vuln/npm:node-uuid:20160328
+    Introduced through: node-uuid@1.4.0
+    Introduced by: node-uuid@1.4.0
+
 
 Issues to fix by upgrading (3 issues):
 
   Upgrade qs@0.0.6 to qs@6.0.4 to fix 3 issues
 
   ✗ [Low (originally High)] Prototype Override Protection Bypass
-    [URL] in qs@0.0.6
-    introduced by:
-    qs@0.0.6
+    Info: https://security.snyk.io/vuln/npm:qs:20170213
+    Introduced through: qs@0.0.6
+    Introduced by: qs@0.0.6
 
   ✗ [Low (originally High)] Denial of Service (DoS)
-    [URL] in qs@0.0.6
-    introduced by:
-    qs@0.0.6
+    Info: https://security.snyk.io/vuln/npm:qs:20140806
+    Introduced through: qs@0.0.6
+    Introduced by: qs@0.0.6
 
   ✗ [Low (originally Medium)] Denial of Service (DoS)
-    [URL] in qs@0.0.6
-    introduced by:
-    qs@0.0.6"
+    Info: https://security.snyk.io/vuln/npm:qs:20140806-1
+    Introduced through: qs@0.0.6
+    Introduced by: qs@0.0.6"
 `;