Merge pull request Netflix-Skunkworks#250 from Netflix-Skunkworks/bugfix/vuln-views

sbehrens · web-flow · commit d6a48b927f14 · 2018-11-01T10:54:38.000-07:00
fixed partial and added new matcher
diff --git a/app/views/results/metadata/_vulnerability.html.erb b/app/views/results/metadata/_vulnerability.html.erb
@@ -143,6 +143,7 @@
         </dl>
       </div>
     </div>
+
     <% if finding["source_code_file"].to_s.strip != "" %>
       <div class="row">
         <div class="large-8 columns">
@@ -199,7 +200,7 @@
         </div>
       </div>
       <dl class="dl-horizontal">
-        <div class="panel" style="word-wrap: break-word; font-family: monospace;"">
+        <div class="panel" style="word-wrap: break-word; font-family: monospace;">
           <% if finding["line_number"].present? and finding["line_number"].to_i == 0 %>
 
           <% else %>
@@ -221,7 +222,7 @@
 </dl>
     <% end %>
 
-    <% unless (["curl", "sketchy", "depot"] & finding.try(:[], "source")).empty? %>
+    <% unless (["curl", "sketchy", "depot"] && finding.try(:[], "source")).empty? %>
       <div class="row">
         <div class="large-12 columns">
           <% if finding.try(:[], "match_location") == "headers" and finding.try(:[], "code_fragment") != nil%>
@@ -248,9 +249,26 @@
             <% (finding["after"]||[]).each do |i| %>
             </br>
             <%= i[1].to_s.rstrip %>
+
+
           <% end %>
         </div>
       </dl>
+
+        <% elsif finding.try(:[], "match_location") == "file" and finding.try(:[], "code_fragment") != nil%>
+          <div class="row">
+            <div class="large-8 columns">
+              <dl class="dl-horizontal">
+                <dt>File Match</dt>
+                <dd><%= "#{finding["term"]}" %></dd>
+              </dl>
+            </div>
+          </div>
+          <dl class="dl-horizontal">
+            <div class="panel" style="word-wrap: break-word; font-family: monospace; white-space:pre-wrap;">
+          <b><%= highlight(h(simple_format(finding["code_fragment"].to_s.gsub('\n', '<br/>'))), h(finding["term"])) %></b>
+      </div>
+    </dl>
       <!-- CUSTOMIZE THIS FOR PATHS AND BOTH,
         THINK ABOUT TERMS WE MAY NEED TO -->
     <% elsif finding.try(:[], "match_location") == "both" and finding.try(:[], "code_fragment") != nil%>
