From 3fb71e1b7506229714b8b8de9808fb54a283124b Mon Sep 17 00:00:00 2001
From: Chanan Merari <cmerari@paloaltonetworks.com>
Date: Sun, 13 Oct 2024 14:40:11 +0300
Subject: [PATCH] [PCSUP-24970] - When using the Prisma Cloud VS Code
 Extension, CVE fixes are not applied to the file // Worley Parsons

---
 CHANGELOG.md               |  1 +
 src/services/fixService.ts | 22 ++++++++++------------
 src/types/checkov.ts       |  1 +
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3c6004f..bc78393 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@
 
 - Fixed an issue where an error log wasn't triggered on extension activation failure
 - Fixed an issue where trailing slashes on Prisma URl configuration caused scan issues
+- Fixed an issue where clicking fix on an SCA finding showed the wrong message
 
 ## [1.0.21] - 2024-09-15
 
diff --git a/src/services/fixService.ts b/src/services/fixService.ts
index 9534eaa..63e2283 100644
--- a/src/services/fixService.ts
+++ b/src/services/fixService.ts
@@ -4,12 +4,12 @@ import * as vscode from 'vscode';
 
 import { CONFIG } from '../config';
 import { CHECKOV_RESULT_CATEGORY } from '../constants';
+import { CategoriesService, CheckovExecutor } from '../services';
 import { CheckovResult } from '../types';
-import { CategoriesService, CheckovExecutor, ResultsService } from '../services';
+import { isPipInstall, isWindows } from '../utils';
 import { CheckovResultWebviewPanel } from '../views/interface/checkovResult';
-import { CustomPopupService } from './customPopupService';
 import { TreeDataProvidersContainer } from '../views/interface/primarySidebar/services/treeDataProvidersContainer';
-import { isPipInstall, isWindows } from '../utils';
+import { CustomPopupService } from './customPopupService';
 
 export class FixService {
     public static async fix(result: CheckovResult) {
@@ -28,15 +28,14 @@ export class FixService {
     }
 
     private static async applyScaFix({ vulnerability_details }: CheckovResult) {
-        const command = vulnerability_details.fix_command.cmds.join(EOL).replace(/`/g, '');
-        const message = `${vulnerability_details.fix_command.msg}:${EOL}${command}`;
-
-        if (vulnerability_details.fix_command.manualCodeFix) {
-            const { msg, cmds } = vulnerability_details.fix_command;
-            vscode.window.showInformationMessage(`${msg}: ${cmds.length > 1 ? cmds.join(', ') : cmds[0]}`);
-            return;
+        const { msg, cmds, manualCodeFix } = vulnerability_details.fix_command;
+        const command = (cmds.length > 1 ? cmds.join(EOL) : cmds[0]).replace(/`/g, '');
+        let message;
+        if (manualCodeFix) {
+            message = `To bump to the fixed version please manually change the version to ${vulnerability_details.lowest_fixed_version} and run the following command:${EOL}${command}`;
+        } else {
+            message = `${msg}:${EOL}${command}`;
         }
-
         const action = await vscode.window.showInformationMessage(
             CONFIG.userInterface.extensionTitle,
             {
@@ -47,7 +46,6 @@ export class FixService {
                 title: 'Copy Command',
             },
         );
-        
         if (action) {
             if (action.title === 'Copy Command') {
                 vscode.env.clipboard.writeText(command);   
diff --git a/src/types/checkov.ts b/src/types/checkov.ts
index b8cc79b..f8068ee 100644
--- a/src/types/checkov.ts
+++ b/src/types/checkov.ts
@@ -25,6 +25,7 @@ export type CheckovResult = {
         package_name: string;
         package_version: string;
         license: string;
+        lowest_fixed_version: string;
         fix_command: {
             cmds: string[];
             manualCodeFix: boolean;