From 3a03690a9cfb73acf548875a91c22b64d1af8ec3 Mon Sep 17 00:00:00 2001
From: Anthony Fielding <ant@antfie.com>
Date: Wed, 23 Aug 2023 10:56:43 +0100
Subject: [PATCH] Fix some bugs relating to flaw counting and with module
 instance accounting

---
 data/detailed_report.go | 64 ++++++++++++++++++++++++++++-------------
 report/utils.go         | 22 ++++++++++----
 scripts/release.sh      |  2 +-
 3 files changed, 62 insertions(+), 26 deletions(-)

diff --git a/data/detailed_report.go b/data/detailed_report.go
index b201961..1f83e93 100644
--- a/data/detailed_report.go
+++ b/data/detailed_report.go
@@ -57,6 +57,7 @@ type detailedReportFlaw struct {
 	RemediationStatus       string   `xml:"remediation_status,attr"`     // Fixed, New, Reopened, Mitigated, Potential False Positive
 	MitigationStatus        string   `xml:"mitigation_status,attr"`      // none, accepted, rejected
 	Mitigation              string   `xml:"mitigation_status_desc,attr"` // Mitigation Accepted, Not Mitigated, Mitigation Proposed
+	ModulePath              string
 }
 
 func (api API) populateDetailedReport(r *report.Report) {
@@ -126,6 +127,10 @@ func populateDetailedReportModules(r *report.Report, staticAnalysis detailedRepo
 
 func populateModulesFromFlaws(r *report.Report, detailedReport detailedReport) {
 	for index, flaw := range detailedReport.Flaws {
+
+		// Set the module path e.g. /a.war/b.jar/c
+		detailedReport.Flaws[index].ModulePath = flaw.Module
+
 		isDependentModule := false
 
 		if strings.Contains(flaw.Module, "/") {
@@ -168,30 +173,49 @@ func (report detailedReport) getTriageFlawsUrl(region string) string {
 
 func populateFlawSummaries(r *report.Report, detailedReport detailedReport) {
 	for _, flaw := range detailedReport.Flaws {
-		for moduleIndex, module := range r.Modules {
-			if strings.EqualFold(flaw.Module, module.Name) {
-				r.Modules[moduleIndex].Flaws.Total++
-				r.Flaws.Total++
+		// Update report totals
+		r.Flaws.Total++
 
-				if flaw.AffectsPolicyCompliance {
-					r.Modules[moduleIndex].Flaws.TotalAffectingPolicy++
-					r.Flaws.TotalAffectingPolicy++
-				}
+		if flaw.AffectsPolicyCompliance {
+			r.Flaws.TotalAffectingPolicy++
+		}
+
+		if flaw.isOpen() {
+			if flaw.AffectsPolicyCompliance {
+				r.Flaws.OpenAffectingPolicy++
+			} else {
+				r.Flaws.OpenButNotAffectingPolicy++
+			}
+		} else if flaw.isMitigated() {
+			r.Flaws.Mitigated++
+		} else if flaw.isFixed() {
+			r.Flaws.Fixed++
+		}
+
+		// Update totals per-module affected
+		for moduleIndex, module := range r.Modules {
+			// For each module in the module path
+			modulePathParts := strings.Split(flaw.ModulePath, "/")
+			for _, modulePath := range modulePathParts {
+				if strings.EqualFold(modulePath, module.Name) {
+					flawSummary := &r.Modules[moduleIndex].Flaws
+					flawSummary.Total++
 
-				if flaw.isOpen() {
 					if flaw.AffectsPolicyCompliance {
-						r.Modules[moduleIndex].Flaws.OpenAffectingPolicy++
-						r.Flaws.OpenAffectingPolicy++
-					} else {
-						r.Modules[moduleIndex].Flaws.OpenButNotAffectingPolicy++
-						r.Flaws.OpenButNotAffectingPolicy++
+						flawSummary.TotalAffectingPolicy++
+					}
+
+					if flaw.isOpen() {
+						if flaw.AffectsPolicyCompliance {
+							flawSummary.OpenAffectingPolicy++
+						} else {
+							flawSummary.OpenButNotAffectingPolicy++
+						}
+					} else if flaw.isMitigated() {
+						flawSummary.Mitigated++
+					} else if flaw.isFixed() {
+						flawSummary.Fixed++
 					}
-				} else if flaw.isMitigated() {
-					r.Modules[moduleIndex].Flaws.Mitigated++
-					r.Flaws.Mitigated++
-				} else if flaw.isFixed() {
-					r.Modules[moduleIndex].Flaws.Fixed++
-					r.Flaws.Fixed++
 				}
 			}
 		}
diff --git a/report/utils.go b/report/utils.go
index 0b03251..403d62b 100644
--- a/report/utils.go
+++ b/report/utils.go
@@ -2,19 +2,31 @@ package report
 
 import "strings"
 
-func (r *Report) AddModuleInstance(moduleName string, moduleInstance ModuleInstance) {
-	for _, reportModule := range r.Modules {
+func getReportModule(r *Report, moduleName string) *Module {
+	for index, reportModule := range r.Modules {
 		if strings.EqualFold(moduleName, reportModule.Name) {
-			return
+			return &r.Modules[index]
 		}
 	}
 
 	// Module has not been found so add it
+
 	module := Module{
 		Name: moduleName,
 	}
 
-	module.Instances = append(module.Instances, moduleInstance)
-
 	r.Modules = append(r.Modules, module)
+
+	for index, reportModule := range r.Modules {
+		if strings.EqualFold(moduleName, reportModule.Name) {
+			return &r.Modules[index]
+		}
+	}
+
+	return nil
+}
+
+func (r *Report) AddModuleInstance(moduleName string, moduleInstance ModuleInstance) {
+	module := getReportModule(r, moduleName)
+	module.Instances = append(module.Instances, moduleInstance)
 }
diff --git a/scripts/release.sh b/scripts/release.sh
index 538f786..8cd721c 100755
--- a/scripts/release.sh
+++ b/scripts/release.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env sh
 
 ESCAPE=$'\e'
-export VERSION="2.18"
+export VERSION="2.19"
 
 ./scripts/build.sh && \