Display the description result incorrectly if the vulnerability contains quotation (AST-40454)

internal/commands/result.go

@@ -3,6 +3,7 @@ package commands
 import (
 	"encoding/json"
 	"fmt"
+	"html"
 	"log"
 	"net/url"
 	"os"
@@ -1559,7 +1560,21 @@ func exportSonarResults(targetFile string, results *wrappers.ScanResultsCollecti
 	_ = f.Close()
 	return nil
 }
+
+// Function to decode HTML entities in the ScanResultsCollection
+func decodeHTMLEntitiesInResults(results *wrappers.ScanResultsCollection) {
+	for _, result := range results.Results {
+		result.Description = html.UnescapeString(result.Description)
+		result.DescriptionHTML = html.UnescapeString(result.DescriptionHTML)
+		for _, node := range result.ScanResultData.Nodes {
+			node.FullName = html.UnescapeString(node.FullName)
+			node.Name = html.UnescapeString(node.Name)
+		}
+	}
+}
+
 func exportJSONResults(targetFile string, results *wrappers.ScanResultsCollection) error {
+	decodeHTMLEntitiesInResults(results)
 	var err error
 	var resultsJSON []byte
 	log.Println("Creating JSON Report: ", targetFile)

internal/commands/result_test.go

@@ -238,6 +238,24 @@ func TestRunGetResultsByScanIdJsonFormat(t *testing.T) {
 	removeFileBySuffix(t, printer.FormatJSON)
 }
 
+func TestDecodeHTMLEntitiesInResults(t *testing.T) {
+	// Setup: Creating test data with HTML entities
+	results := createTestScanResultsCollection()
+
+	decodeHTMLEntitiesInResults(results)
+
+	expectedFullName := `SomeClass<T>`
+	expectedName := `Name with "quotes"`
+
+	if results.Results[0].ScanResultData.Nodes[0].FullName != expectedFullName {
+		t.Errorf("expected FullName to be %q, got %q", expectedFullName, results.Results[0].ScanResultData.Nodes[0].FullName)
+	}
+
+	if results.Results[0].ScanResultData.Nodes[0].Name != expectedName {
+		t.Errorf("expected Name to be %q, got %q", expectedName, results.Results[0].ScanResultData.Nodes[0].Name)
+	}
+}
+
 func TestRunGetResultsByScanIdJsonFormatWithContainers(t *testing.T) {
 	clearFlags()
 	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
@@ -310,6 +328,25 @@ func TestRunGetResultsByScanIdSummaryMarkdownFormat(t *testing.T) {
 	removeFileBySuffix(t, "md")
 }
 
+func createTestScanResultsCollection() *wrappers.ScanResultsCollection {
+	return &wrappers.ScanResultsCollection{
+		Results: []*wrappers.ScanResult{
+			{
+				Description:     "Vulnerability in SomeComponent",
+				DescriptionHTML: "Description with quotes",
+				ScanResultData: wrappers.ScanResultData{
+					Nodes: []*wrappers.ScanResultNode{
+						{
+							FullName: "SomeClass&lt;T&gt;",
+							Name:     "Name with &quot;quotes&quot;",
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
 func removeFileBySuffix(t *testing.T, suffix string) {
 	removeFile(t, fileName, suffix)
 }