snyk · dotkas · Dec 7, 2023 · Dec 5, 2023 · Dec 6, 2023
diff --git a/src/lib/snyk-to-html.ts b/src/lib/snyk-to-html.ts
@@ -256,15 +256,34 @@ async function generateCodeTemplate(
 }
 
 function mergeData(dataArray: any[]): any {
-  const vulnsArrays = dataArray.map(project => project.vulnerabilities || []);
+  const vulnsArrays = dataArray.map((project) => {
+    if (!project.vulnerabilities) {
+      return [];
+    }
+
+    // Add project data to each of the vulnerabilities to display more
+    // details on each vulnerability card, in order to properly distinguish
+    // from which project a vuln is connected, in case of displaying multiple
+    // projects.
+    const vulns = project.vulnerabilities.map((vuln) => ({
+      ...vuln,
+      displayTargetFile: project.displayTargetFile,
+      path: project.path
+    }));
+    return vulns;
+  });
   const aggregateVulnerabilities = [].concat(...vulnsArrays);
 
   const totalUniqueCount =
     dataArray.reduce((acc, item) => acc + item.vulnerabilities.length || 0, 0);
   const totalDepCount =
     dataArray.reduce((acc, item) => acc + item.dependencyCount || 0, 0);
 
-  const paths = dataArray.map(project => ({ path: project.path, packageManager: project.packageManager }));
+  const paths = dataArray.map(project => ({
+    path: project.path,
+    packageManager: project.packageManager,
+    displayTargetFile: project.displayTargetFile,
+  }));
 
   return {
     vulnerabilities: aggregateVulnerabilities,
@@ -325,7 +344,7 @@ async function processCodeData(
   const dataArray = Array.isArray(data) ? data : [data];
 
   const OrderedIssuesArray = await processSourceCode(dataArray);
-  
+
   const totalIssues = dataArray[0].runs[0].results.length;
   const processedData = {
     projects: OrderedIssuesArray,

diff --git a/tap-snapshots/test-snyk-to-html.test.ts-TAP.test.js b/tap-snapshots/test-snyk-to-html.test.ts-TAP.test.js
@@ -2176,7 +2176,8 @@ exports[`test/snyk-to-html.test.ts TAP template output displays vulns in descend
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
                 <ul>
-                  <li class="paths">./java-goof (maven)</li><li class="paths">./goof (npm)</li>
+                  <li class="paths">./java-goof (maven)</li>
+                  <li class="paths">./goof (npm)</li>
                 </ul>
               </div>
 
@@ -6541,7 +6542,7 @@ exports[`test/snyk-to-html.test.ts TAP test snyk-to-html handles -a argument cor
               <div class="source-panel">
                 <span>Scanned the following path:</span>
                 <ul>
-                  <li class="paths">/path/to/npm-lockfile-with-vulns (npm)</li>
+                  <li class="paths">/path/to/npm-lockfile-with-vulns/package-lock.json (npm)</li>
                 </ul>
               </div>
 
@@ -7192,7 +7193,7 @@ exports[`test/snyk-to-html.test.ts TAP test snyk-to-html handles -s argument cor
               <div class="source-panel">
                 <span>Scanned the following path:</span>
                 <ul>
-                  <li class="paths">/path/to/npm-lockfile-with-vulns (npm)</li>
+                  <li class="paths">/path/to/npm-lockfile-with-vulns/package-lock.json (npm)</li>
                 </ul>
               </div>
 
@@ -8134,7 +8135,7 @@ exports[`test/snyk-to-html.test.ts TAP test snyk-to-html shows remediation & sum
               <div class="source-panel">
                 <span>Scanned the following path:</span>
                 <ul>
-                  <li class="paths">/Users/lili/www/snyk-fixtures/python-pip-app-with-vulns (pip)</li>
+                  <li class="paths">/Users/lili/www/snyk-fixtures/python-pip-app-with-vulns/requirements.txt (pip)</li>
                 </ul>
               </div>
 
@@ -8935,7 +8936,7 @@ exports[`test/snyk-to-html.test.ts TAP test snyk-to-html shows remediation with
               <div class="source-panel">
                 <span>Scanned the following path:</span>
                 <ul>
-                  <li class="paths">/Users/lili/www/snyk-fixtures/python-pip-app-with-vulns (pip)</li>
+                  <li class="paths">/Users/lili/www/snyk-fixtures/python-pip-app-with-vulns/requirements.txt (pip)</li>
                 </ul>
               </div>
 

diff --git a/template/test-report.header.hbs b/template/test-report.header.hbs
@@ -24,15 +24,17 @@
           <div class="source-panel">
             <span>Scanned the following paths:</span>
             <ul>
-              {{#each paths}}<li class="paths">{{path}} ({{packageManager}})</li>{{/each}}
+            {{#each paths}}
+              <li class="paths">{{path}}{{#if displayTargetFile}}/{{displayTargetFile}}{{/if}} ({{packageManager}})</li>
+            {{/each}}
             </ul>
           </div>
           {{/if}}
           {{#if path}}
           <div class="source-panel">
             <span>Scanned the following path:</span>
             <ul>
-              <li class="paths">{{path}} ({{packageManager}})</li>
+              <li class="paths">{{path}}{{#if displayTargetFile}}/{{displayTargetFile}}{{/if}} ({{packageManager}})</li>
             </ul>
           </div>
           {{/if}}

diff --git a/template/test-report.vuln-card.hbs b/template/test-report.vuln-card.hbs
@@ -9,6 +9,11 @@
         <hr/>
 
         <ul class="card__meta">
+            {{#if list.[0].displayTargetFile }}
+            <li class="card__meta__item">
+                Manifest file: {{list.[0].path}} <span class="list-paths__item__arrow">›</span> {{list.[0].displayTargetFile}}
+            </li>
+            {{/if}}
             <li class="card__meta__item">
                 Package Manager: {{metadata.packageManager}}
             </li>

diff --git a/test/fixtures/test-report-container-with-app-vulns.json b/test/fixtures/test-report-container-with-app-vulns.json
@@ -1276,7 +1276,6 @@
       "uniqueCount": 1,
       "targetFile": "/bin/gobin",
       "projectName": "mymod",
-      "displayTargetFile": "/bin/gobin",
       "path": "vulnerable:latest"
     }
   ]