Merge pull request #54 from Ostorlab/fix/fix_formatting_of_description

Add new line when formatting technical detail.
Ostorlab · Mar 14, 2024 · 5f70820 · 5f70820
2 parents ab04166 + 6720340
commit 5f70820
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 4 deletions.
diff --git a/agent/osv_output_handler.py b/agent/osv_output_handler.py
@@ -241,7 +241,6 @@ def parse_vulnerabilities_osv_api(
     except ValueError:
         fixed_version = ""
         logger.error("Can't get fixed version for %s package.", package_name)
-
     return [
         VulnData(
             package_name=package_name,
@@ -376,7 +375,7 @@ def construct_vuln(
             technical_detail = ""
             if path is not None:
                 technical_detail = f"Dependency `{vuln.package_name}` Found in {path} has a security issue: \n"
-            technical_detail += f"```{vuln.description}```"
+            technical_detail += f"```\n{vuln.description}\n```"
         else:
             title = f"Use of Outdated Vulnerable Component: {vuln.package_name}@{vuln.package_version}: {', '.join(vuln.cves)}"
 

diff --git a/ostorlab.yaml b/ostorlab.yaml
@@ -1,6 +1,6 @@
 kind: Agent
 name: osv
-version: 0.5.1
+version: 0.5.2
 description: |
   This repository is an implementation of [Ostorlab Agent](https://pypi.org/project/ostorlab/) for the [OSV Scanner](https://github.com/google/osv-scanner).
 license: Apache-2.0

diff --git a/tests/osv_agent_test.py b/tests/osv_agent_test.py
@@ -466,7 +466,7 @@ def testAgentOSV_whenElfLibraryFingerprintMessage_shouldExcludeNpmEcosystemVulnz
     )
     assert agent_mock[0].data["risk_rating"] == "POTENTIALLY"
     assert agent_mock[0].data["technical_detail"] == (
-        """```- OSV-2022-394 : OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47190\n\n```\nCrash type: Incorrect-function-pointer-type\nCrash state:\ncv::split\ncv::split\nTestSplitAndMerge\n```\n\n- OSV-2023-444 : OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59450\n\n```\nCrash type: Heap-buffer-overflow READ 4\nCrash state:\nopj_jp2_apply_pclr\nopj_jp2_decode\ncv::detail::Jpeg2KOpjDecoderBase::readData\n```\n\n```"""
+        """```\n- OSV-2022-394 : OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47190\n\n```\nCrash type: Incorrect-function-pointer-type\nCrash state:\ncv::split\ncv::split\nTestSplitAndMerge\n```\n\n- OSV-2023-444 : OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59450\n\n```\nCrash type: Heap-buffer-overflow READ 4\nCrash state:\nopj_jp2_apply_pclr\nopj_jp2_decode\ncv::detail::Jpeg2KOpjDecoderBase::readData\n```\n\n\n```"""
     )
     assert agent_mock[0].data["description"] == (
         """Dependency `opencv` with version `4.9.0` has a security issue."""