Add analytics pixel as prefix (#277)

tests/testdata/output/jobSummary/binary_analytics_vulnerabilities.md

@@ -1 +1 @@
-<pre>44 Security issues are grouped by CVE number:&Tab;44 SCA<br><br><div style="display: flex; align-items: center; text-align: center">❗️ 33 Critical</div><br><div style="display: flex; align-items: center; text-align: center">🟡 11 Low</div><br><a href="https://test-platform-url.jfrog.io/ui/onDemandScanning/3d90ec4b-cf33-4846-6831-4bf9576f2235?gh_job_id=some%20job%20id&gh_section=on_demand_scan">See the results of the scan in JFrog</a></pre>
+<pre>44 Security issues are grouped by CVE number:&Tab;44 SCA<br><br><div style="display: flex; align-items: center; text-align: center">❗️ 33 Critical</div><br><div style="display: flex; align-items: center; text-align: center">🟡 11 Low</div><br><a href="https://test-platform-url.jfrog.io/ui/onDemandScanning/3d90ec4b-cf33-4846-6831-4bf9576f2235?s=1&m=3&gh_job_id=some+job+id&gh_section=on_demand_scan">See the results of the scan in JFrog</a></pre>

tests/testdata/output/jobSummary/build_scan_analytics_vulnerabilities.md

@@ -1 +1 @@
-<pre>24 Security Issues:&Tab;24 SCA<br><br><div style="display: flex; align-items: center; text-align: center">🔴 3 High</div><br><div style="display: flex; align-items: center; text-align: center">🟠 1 Medium</div><br><div style="display: flex; align-items: center; text-align: center">⚪️ 20 Unknown</div><br><a href="https://test-more-info-url.jfrog.io/?gh_job_id=some%20job%20id&gh_section=build">See the results of the scan in JFrog</a></pre>
+<pre>24 Security Issues:&Tab;24 SCA<br><br><div style="display: flex; align-items: center; text-align: center">🔴 3 High</div><br><div style="display: flex; align-items: center; text-align: center">🟠 1 Medium</div><br><div style="display: flex; align-items: center; text-align: center">⚪️ 20 Unknown</div><br><a href="https://test-more-info-url.jfrog.io/?s=1&m=3&gh_job_id=some+job+id&gh_section=build">See the results of the scan in JFrog</a></pre>

tests/testdata/output/jobSummary/violations_analytics.md

@@ -1 +1 @@
-<pre>watches: <br>watch1, watch2, watch3, watch4<br>watch5</pre><br><pre>23 Policy Violations:&Tab;17 Security&Tab;2 Operational&Tab;1 License&Tab;3 Secrets<br><br><div style="display: flex; align-items: center; text-align: center">❗️ 8 Critical (2 Not Applicable)</div><br><div style="display: flex; align-items: center; text-align: center">🔴 6 High</div><br><div style="display: flex; align-items: center; text-align: center">🟠 3 Medium</div><br><div style="display: flex; align-items: center; text-align: center">🟡 5 Low (3 Not Applicable)</div><br><div style="display: flex; align-items: center; text-align: center">⚪️ 1 Unknown</div><br><a href="https://test-more-info-url.jfrog.io/scan-descendants/master?repoId=10gh_job_id=some%20job%20id&gh_section=on_demand_scan">See the results of the scan in JFrog</a></pre>
+<pre>watches: <br>watch1, watch2, watch3, watch4<br>watch5</pre><br><pre>23 Policy Violations:&Tab;17 Security&Tab;2 Operational&Tab;1 License&Tab;3 Secrets<br><br><div style="display: flex; align-items: center; text-align: center">❗️ 8 Critical (2 Not Applicable)</div><br><div style="display: flex; align-items: center; text-align: center">🔴 6 High</div><br><div style="display: flex; align-items: center; text-align: center">🟠 3 Medium</div><br><div style="display: flex; align-items: center; text-align: center">🟡 5 Low (3 Not Applicable)</div><br><div style="display: flex; align-items: center; text-align: center">⚪️ 1 Unknown</div><br><a href="https://test-more-info-url.jfrog.io/scan-descendants/master?repoId=10&s=1&m=3&gh_job_id=some+job+id&gh_section=on_demand_scan">See the results of the scan in JFrog</a></pre>

utils/results/conversion/sarifparser/sarifparser.go

@@ -649,7 +649,7 @@ func patchRules(platformBaseUrl string, commandType utils.CommandType, subScanTy
 		}
 		// Add analytics hidden pixel to the help content if needed (Github code scanning)
 		if analytics := getAnalyticsHiddenPixel(platformBaseUrl, subScanType); rule.Help != nil && analytics != "" {
-			rule.Help.Markdown = utils.NewStringPtr(fmt.Sprintf("%s %s", sarifutils.GetRuleHelpMarkdown(rule), analytics))
+			rule.Help.Markdown = utils.NewStringPtr(fmt.Sprintf("%s\n%s", analytics, sarifutils.GetRuleHelpMarkdown(rule)))
 		}
 		patched = append(patched, rule)
 	}
@@ -936,7 +936,7 @@ func getAnalyticsHiddenPixel(baseUrl string, resultOfSubScan utils.SubScanType)
 	return fmt.Sprintf(
 		"![](%sui/api/v1/u?s=1&m=2&job_id=%s&run_id=%s&git_repo=%s&type=%s)",
 		baseUrl,
-		url.PathEscape(jobId),
+		url.QueryEscape(jobId),
 		runId,
 		gitRepo,
 		resultOfSubScan.String(),

utils/results/conversion/sarifparser/sarifparser_test.go

@@ -371,7 +371,7 @@ func TestPatchRunsToPassIngestionRules(t *testing.T) {
 				),
 			},
 			expectedResults: []*sarif.Run{
-				sarifutils.CreateRunWithDummyResultsWithRuleInformation("", "", "rule-msg", "rule-markdown ![](url/ui/api/v1/u?s=1&m=2&job_id=job-id&run_id=run-id&git_repo=repo&type=sca)", "rule-msg", "rule-markdown ![](url/ui/api/v1/u?s=1&m=2&job_id=job-id&run_id=run-id&git_repo=repo&type=sca)", wd,
+				sarifutils.CreateRunWithDummyResultsWithRuleInformation("", "", "rule-msg", "![](url/ui/api/v1/u?s=1&m=2&job_id=job-id&run_id=run-id&git_repo=repo&type=sca)\nrule-markdown", "rule-msg", "![](url/ui/api/v1/u?s=1&m=2&job_id=job-id&run_id=run-id&git_repo=repo&type=sca)\nrule-markdown", wd,
 					sarifutils.CreateDummyResultWithFingerprint(fmt.Sprintf("some-msg\nGithub Actions Workflow: %s\nRun: 123\nImage: dockerImage:imageVersion\nLayer (sha256): f752cb05a39e65f231a3c47c2e08cbeac1c15e4daff0188cb129c12a3ea3049d", filepath.Join(GithubBaseWorkflowDir, "workflowFile.yml")), "some-msg", jfrogFingerprintAlgorithmName, "eda26ae830c578197aeda65a82d7f093",
 						sarifutils.CreateDummyLocationWithPathAndLogicalLocation("", "f752cb05a39e65f231a3c47c2e08cbeac1c15e4daff0188cb129c12a3ea3049d", "layer", "algorithm", "sha256").WithPhysicalLocation(
 							sarif.NewPhysicalLocation().WithArtifactLocation(sarif.NewSimpleArtifactLocation(filepath.Join(GithubBaseWorkflowDir, "workflowFile.yml"))),
@@ -393,7 +393,7 @@ func TestPatchRunsToPassIngestionRules(t *testing.T) {
 				),
 			},
 			expectedResults: []*sarif.Run{
-				sarifutils.CreateRunWithDummyResultsWithRuleInformation("", "", "rule-msg", "rule-markdown ![](url/ui/api/v1/u?s=1&m=2&job_id=job-id&run_id=run-id&git_repo=repo&type=sca)", "rule-msg", "rule-markdown ![](url/ui/api/v1/u?s=1&m=2&job_id=job-id&run_id=run-id&git_repo=repo&type=sca)", dockerfileDir,
+				sarifutils.CreateRunWithDummyResultsWithRuleInformation("", "", "rule-msg", "![](url/ui/api/v1/u?s=1&m=2&job_id=job-id&run_id=run-id&git_repo=repo&type=sca)\nrule-markdown", "rule-msg", "![](url/ui/api/v1/u?s=1&m=2&job_id=job-id&run_id=run-id&git_repo=repo&type=sca)\nrule-markdown", dockerfileDir,
 					sarifutils.CreateDummyResultWithFingerprint(fmt.Sprintf("some-msg\nGithub Actions Workflow: %s\nRun: 123\nImage: dockerImage:imageVersion\nLayer (sha256): f752cb05a39e65f231a3c47c2e08cbeac1c15e4daff0188cb129c12a3ea3049d", filepath.Join(GithubBaseWorkflowDir, "workflowFile.yml")), "some-msg", jfrogFingerprintAlgorithmName, "8cbd7268a4d20f2358ba2667ebd18956",
 						sarifutils.CreateDummyLocationWithPathAndLogicalLocation("", "f752cb05a39e65f231a3c47c2e08cbeac1c15e4daff0188cb129c12a3ea3049d", "layer", "algorithm", "sha256").WithPhysicalLocation(
 							sarif.NewPhysicalLocation().WithArtifactLocation(sarif.NewSimpleArtifactLocation("Dockerfile")),
@@ -436,7 +436,7 @@ func TestPatchRunsToPassIngestionRules(t *testing.T) {
 				}),
 			},
 			expectedResults: []*sarif.Run{
-				sarifutils.CreateRunWithDummyResultsWithRuleInformation(BinarySecretScannerToolName, "[Secret in Binary found] ", "rule-msg", "rule-markdown ![](url/ui/api/v1/u?s=1&m=2&job_id=job-id&run_id=run-id&git_repo=repo&type=secrets)", "rule-msg", "rule-markdown ![](url/ui/api/v1/u?s=1&m=2&job_id=job-id&run_id=run-id&git_repo=repo&type=secrets)", wd,
+				sarifutils.CreateRunWithDummyResultsWithRuleInformation(BinarySecretScannerToolName, "[Secret in Binary found] ", "rule-msg", "![](url/ui/api/v1/u?s=1&m=2&job_id=job-id&run_id=run-id&git_repo=repo&type=secrets)\nrule-markdown", "rule-msg", "![](url/ui/api/v1/u?s=1&m=2&job_id=job-id&run_id=run-id&git_repo=repo&type=secrets)\nrule-markdown", wd,
 					sarifutils.CreateDummyResultWithFingerprint(fmt.Sprintf("🔒 Found Secrets in Binary docker scanning:\nGithub Actions Workflow: %s\nRun: 123\nImage: dockerImage:imageVersion\nLayer (sha1): 9e88ea9de1b44baba5e96a79e33e4af64334b2bf129e838e12f6dae71b5c86f0\nFilepath: %s\nEvidence: snippet", filepath.Join(GithubBaseWorkflowDir, "workflowFile.yml"), filepath.Join("usr", "src", "app", "server", "index.js")), "result-msg", jfrogFingerprintAlgorithmName, "e721eacf317da6090eca3522308abd28",
 						sarifutils.CreateDummyLocationWithPathAndLogicalLocation("", "9e88ea9de1b44baba5e96a79e33e4af64334b2bf129e838e12f6dae71b5c86f0", "layer", "algorithm", "sha1").WithPhysicalLocation(
 							sarif.NewPhysicalLocation().WithArtifactLocation(sarif.NewSimpleArtifactLocation(filepath.Join(GithubBaseWorkflowDir, "workflowFile.yml"))),

utils/results/output/securityJobSummary.go

@@ -549,7 +549,8 @@ func addAnalyticsQueryParamsIfNeeded(platformUrl string, index commandsummary.In
 		// Not running in Github no need to add analytics
 		return platformUrl
 	}
-	suffixValues := []string{fmt.Sprintf("gh_job_id=%s", url.PathEscape(githubJobId))}
+	// M=3 (type of event)
+	suffixValues := []string{"s=1", "m=3", fmt.Sprintf("gh_job_id=%s", url.QueryEscape(githubJobId))}
 	// Add section analytics
 	indexValue := "gh_section="
 	switch index {
@@ -561,7 +562,7 @@ func addAnalyticsQueryParamsIfNeeded(platformUrl string, index commandsummary.In
 	suffixValues = append(suffixValues, indexValue)
 	// Add the suffix to the url
 	if strings.Contains(platformUrl, "?") {
-		return fmt.Sprintf("%s%s", platformUrl, strings.Join(suffixValues, "&"))
+		return fmt.Sprintf("%s&%s", platformUrl, strings.Join(suffixValues, "&"))
 	}
 	return fmt.Sprintf("%s?%s", platformUrl, strings.Join(suffixValues, "&"))
 }