feat: include PackagePath data in CVEs for image queries (#2241)

Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>

pkg/cli/client/cve_cmd_internal_test.go

@@ -227,7 +227,7 @@ func TestSearchCVECmd(t *testing.T) {
 		So(buff.String(), ShouldEqual, `{"Tag":"dummyImageName:tag","CVEList":`+
 			`[{"Id":"dummyCVEID","Severity":"HIGH","Title":"Title of that CVE",`+
 			`"Description":"Description of the CVE","PackageList":[{"Name":"packagename",`+
-			`"InstalledVersion":"installedver","FixedVersion":"fixedver"}]}],"Summary":`+
+			`"PackagePath":"","InstalledVersion":"installedver","FixedVersion":"fixedver"}]}],"Summary":`+
 			`{"maxSeverity":"HIGH","unknownCount":0,"lowCount":0,"mediumCount":0,"highCount":1,`+
 			`"criticalCount":0,"count":1}}`+"\n")
 		So(err, ShouldBeNil)
@@ -247,7 +247,7 @@ func TestSearchCVECmd(t *testing.T) {
 		str := space.ReplaceAllString(buff.String(), " ")
 		So(strings.TrimSpace(str), ShouldEqual, `--- tag: dummyImageName:tag cvelist: - id: dummyCVEID`+
 			` severity: HIGH title: Title of that CVE description: Description of the CVE packagelist: `+
-			`- name: packagename installedversion: installedver fixedversion: fixedver `+
+			`- name: packagename packagepath: "" installedversion: installedver fixedversion: fixedver `+
 			`summary: maxseverity: HIGH unknowncount: 0 lowcount: 0 mediumcount: 0 highcount: 1 criticalcount: 0 count: 1`)
 		So(err, ShouldBeNil)
 	})

pkg/cli/client/search_functions_internal_test.go

@@ -345,13 +345,33 @@ func TestSearchCVEForImageGQL(t *testing.T) {
 										},
 									},
 								},
+								{
+									ID:          "test-cve-id2",
+									Description: "Test CVE ID 2",
+									Title:       "Test CVE 2",
+									Severity:    "HIGH",
+									PackageList: []packageList{
+										{
+											Name:             "packagename",
+											PackagePath:      "/usr/bin/dummy.jar",
+											FixedVersion:     "fixedver",
+											InstalledVersion: "installedver",
+										},
+										{
+											Name:             "packagename",
+											PackagePath:      "/usr/bin/dummy.gem",
+											FixedVersion:     "fixedver",
+											InstalledVersion: "installedver",
+										},
+									},
+								},
 							},
 							Summary: common.ImageVulnerabilitySummary{
-								Count:         1,
+								Count:         2,
 								UnknownCount:  0,
 								LowCount:      0,
 								MediumCount:   0,
-								HighCount:     1,
+								HighCount:     2,
 								CriticalCount: 0,
 								MaxSeverity:   "HIGH",
 							},
@@ -363,14 +383,27 @@ func TestSearchCVEForImageGQL(t *testing.T) {
 
 		err := SearchCVEForImageGQL(searchConfig, "repo-test", "dummyCVEID")
 		So(err, ShouldBeNil)
+		bufferContent := buff.String()
+		bufferLines := strings.Split(bufferContent, "\n")
+
+		// Expected result - each row indicates a row of the table with reduced spaces
+		expected := []string{
+			"CRITICAL 0, HIGH 2, MEDIUM 0, LOW 0, UNKNOWN 0, TOTAL 2",
+			"",
+			"ID SEVERITY TITLE",
+			"dummyCVEID HIGH Title of that CVE",
+			"test-cve-id2 HIGH Test CVE 2",
+		}
+
 		space := regexp.MustCompile(`\s+`)
-		str := space.ReplaceAllString(buff.String(), " ")
-		actual := strings.TrimSpace(str)
-		So(actual, ShouldContainSubstring, "CRITICAL 0, HIGH 1, MEDIUM 0, LOW 0, UNKNOWN 0, TOTAL 1")
-		So(actual, ShouldContainSubstring, "dummyCVEID HIGH Title of that CVE")
+
+		for lineIndex := 0; lineIndex < len(expected); lineIndex++ {
+			line := space.ReplaceAllString(bufferLines[lineIndex], " ")
+			So(line, ShouldEqualTrimSpace, expected[lineIndex])
+		}
 	})
 
-	Convey("SearchCVEForImageGQL", t, func() {
+	Convey("SearchCVEForImageGQL with injected error", t, func() {
 		buff := bytes.NewBufferString("")
 		searchConfig := getMockSearchConfig(buff, mockService{
 			getCveByImageGQLFn: func(ctx context.Context, config SearchConfig, username string, password string,

pkg/cli/client/service.go

@@ -308,7 +308,7 @@ func (service searchService) getCveByImageGQL(ctx context.Context, config Search
 			Tag
 			CVEList {
 				Id Title Severity Description
-				PackageList {Name InstalledVersion FixedVersion}
+				PackageList {Name PackagePath InstalledVersion FixedVersion}
 			}
 			Summary {
 				Count UnknownCount LowCount MediumCount HighCount CriticalCount MaxSeverity
@@ -732,6 +732,7 @@ type tagListResp struct {
 //nolint:tagliatelle // graphQL schema
 type packageList struct {
 	Name             string `json:"Name"`
+	PackagePath      string `json:"PackagePath"`
 	InstalledVersion string `json:"InstalledVersion"`
 	FixedVersion     string `json:"FixedVersion"`
 }