From 1d2fe83b70e2b879c6a05f5801218646c40b3aa5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Str=C3=B6mberg?= <t+github@chainguard.dev>
Date: Thu, 24 Oct 2024 08:08:53 -0400
Subject: [PATCH] scan: include match strings (truncated) (#537)

---
 pkg/render/terminal_brief.go | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/pkg/render/terminal_brief.go b/pkg/render/terminal_brief.go
index 78d662ea9..1c5eceefe 100644
--- a/pkg/render/terminal_brief.go
+++ b/pkg/render/terminal_brief.go
@@ -15,9 +15,9 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"strings"
 
 	"github.com/chainguard-dev/malcontent/pkg/malcontent"
-	"github.com/fatih/color"
 )
 
 type TerminalBrief struct {
@@ -37,10 +37,25 @@ func (r TerminalBrief) File(_ context.Context, fr *malcontent.FileReport) error
 		return nil
 	}
 
-	fmt.Fprintf(r.w, "├── 📄 %s %s%s%s\n", fr.Path, color.HiBlackString("["), riskInColor(fr.RiskLevel), color.HiBlackString("]"))
+	fmt.Fprintf(r.w, "├─ %s %s\n", riskEmoji(fr.RiskScore), fr.Path)
 
 	for _, b := range fr.Behaviors {
-		fmt.Fprintf(r.w, "│      %s %s: %s\n", riskEmoji(fr.RiskScore), riskColor(fr.RiskLevel, b.ID), b.Description)
+		evidence := []string{}
+		for _, m := range b.MatchStrings {
+			if len(m) > 2 && !strings.Contains(b.Description, m) {
+				evidence = append(evidence, m)
+			}
+		}
+
+		e := strings.Join(evidence, ", ")
+		if len(e) > 32 {
+			e = e[0:31] + "…"
+		}
+		if len(e) > 0 {
+			e = ": " + e
+		}
+
+		fmt.Fprintf(r.w, "│  %s %s — %s%s\n", riskColor(fr.RiskLevel, "•"), riskColor(fr.RiskLevel, b.ID), b.Description, e)
 	}
 
 	return nil