refactor(table): use file name instead package path (#1966)

2025-12-12 15:50:15 -08:00 · 2022-04-11 15:15:15 +06:00
parent a92da72263
commit 0127c1d39e
3 changed files with 19 additions and 7 deletions
--- a/pkg/report/table.go
+++ b/pkg/report/table.go
@@ -4,13 +4,16 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"path/filepath"
 	"strings"
+	"sync"

 	"github.com/fatih/color"
 	"github.com/olekukonko/tablewriter"
 	"golang.org/x/exp/slices"

 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/types"
 )

@@ -19,6 +22,9 @@ type TableWriter struct {
 	Severities []dbTypes.Severity
 	Output     io.Writer

+	// We have to show a message once about using the '-format json' subcommand to get the full pkgPath
+	ShowMessageOnce *sync.Once
+
 	// For misconfigurations
 	IncludeNonFailures bool
 	Trace              bool
@@ -134,7 +140,11 @@ func (tw TableWriter) setVulnerabilityRows(table *tablewriter.Table, vulns []typ
 		severityCount[v.Severity]++
 		lib := v.PkgName
 		if v.PkgPath != "" {
-			lib = fmt.Sprintf("%s (%s)", v.PkgName, v.PkgPath)
+			fileName := filepath.Base(v.PkgPath)
+			lib = fmt.Sprintf("%s (%s)", v.PkgName, fileName)
+			tw.ShowMessageOnce.Do(func() {
+				log.Logger.Infof("Table result includes only package filenames. Use '--format json' option to get the full path to the package file.")
+			})
 		}

 		title := v.Title
--- a/pkg/report/table_test.go
+++ b/pkg/report/table_test.go
@@ -69,12 +69,12 @@ func TestReportWriter_Table(t *testing.T) {
 					},
 				},
 			},
-			expectedOutput: `+---------------+------------------+----------+-------------------+---------------+--------------------------------------+
-|    LIBRARY    | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                TITLE                 |
-+---------------+------------------+----------+-------------------+---------------+--------------------------------------+
-| foo (foo/bar) | CVE-2020-0001    | HIGH     | 1.2.3             | 3.4.5         | foobar                               |
-|               |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2020-0001 |
-+---------------+------------------+----------+-------------------+---------------+--------------------------------------+
+			expectedOutput: `+-----------+------------------+----------+-------------------+---------------+--------------------------------------+
+|  LIBRARY  | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                TITLE                 |
+-----------+------------------+----------+-------------------+---------------+--------------------------------------+
+| foo (bar) | CVE-2020-0001    | HIGH     | 1.2.3             | 3.4.5         | foobar                               |
+|           |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2020-0001 |
+-----------+------------------+----------+-------------------+---------------+--------------------------------------+
 `,
 		},
 		{
--- a/pkg/report/writer.go
+++ b/pkg/report/writer.go
@@ -4,6 +4,7 @@ import (
 	"io"
 	"path/filepath"
 	"strings"
+	"sync"
 	"time"

 	"golang.org/x/xerrors"
@@ -41,6 +42,7 @@ func Write(report types.Report, option Option) error {
 		writer = &TableWriter{
 			Output:             option.Output,
 			Severities:         option.Severities,
+			ShowMessageOnce:    &sync.Once{},
 			IncludeNonFailures: option.IncludeNonFailures,
 			Trace:              option.Trace,
 		}