From 1870f28461c0faa9c1cf2a7b1d756356a16af4fc Mon Sep 17 00:00:00 2001
From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Date: Sun, 24 Mar 2024 15:44:40 +0600
Subject: [PATCH] fix(report): don't include empty strings in
 `.vulnerabilities[].identifiers[].url` when `gitlab.tpl` is used (#6348)

---
 contrib/gitlab.tpl | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/contrib/gitlab.tpl b/contrib/gitlab.tpl
index 187438776b72..744c0c9394cb 100644
--- a/contrib/gitlab.tpl
+++ b/contrib/gitlab.tpl
@@ -73,8 +73,11 @@
 	  {{- /* TODO: Type not extractable - https://github.com/aquasecurity/trivy-db/pull/24 */}}
           "type": "cve",
           "name": "{{ .VulnerabilityID }}",
-          "value": "{{ .VulnerabilityID }}",
+          "value": "{{ .VulnerabilityID }}"
+          {{- /* cf. https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/e3d280d7f0862ca66a1555ea8b24016a004bb914/dist/container-scanning-report-format.json#L157-179 */}}
+          {{- if .PrimaryURL | regexMatch "^(https?|ftp)://.+" -}},
           "url": "{{ .PrimaryURL }}"
+          {{- end }}
         }
       ],
       "links": [
@@ -85,9 +88,13 @@
         {{- else -}}
           ,
         {{- end -}}
+        {{- if . | regexMatch "^(https?|ftp)://.+" -}}
         {
-          "url": "{{ regexFind "[^ ]+" . }}"
+          "url": "{{ . }}"
         }
+        {{- else -}}
+          {{- $l_first = true }}
+        {{- end -}}
         {{- end }}
       ]
     }