Commit fa814c9e authored by Mayra Cabrera's avatar Mayra Cabrera

Merge branch '351522_use_signatures_in_deduplication_logic' into 'master'

Use finding signatures in deduplication logic

See merge request gitlab-org/gitlab!79491
parents 04f70599 7b452dba
...@@ -357,11 +357,14 @@ RSpec.describe Gitlab::Ci::Reports::Security::Finding do ...@@ -357,11 +357,14 @@ RSpec.describe Gitlab::Ci::Reports::Security::Finding do
let(:identifier_1) { build(:ci_reports_security_identifier) } let(:identifier_1) { build(:ci_reports_security_identifier) }
let(:identifier_2) { build(:ci_reports_security_identifier) } let(:identifier_2) { build(:ci_reports_security_identifier) }
let(:location) { build(:ci_reports_security_locations_sast) } let(:location) { build(:ci_reports_security_locations_sast) }
let(:finding) { build(:ci_reports_security_finding, identifiers: [identifier_1, identifier_2], location: location) } let(:signature) { build(:ci_reports_security_finding_signature, signature_value: 'value') }
let(:finding) { build(:ci_reports_security_finding, identifiers: [identifier_1, identifier_2], location: location, vulnerability_finding_signatures_enabled: true, signatures: [signature]) }
let(:expected_keys) do let(:expected_keys) do
[ [
build(:ci_reports_security_finding_key, location_fingerprint: location.fingerprint, identifier_fingerprint: identifier_1.fingerprint), build(:ci_reports_security_finding_key, location_fingerprint: location.fingerprint, identifier_fingerprint: identifier_1.fingerprint),
build(:ci_reports_security_finding_key, location_fingerprint: location.fingerprint, identifier_fingerprint: identifier_2.fingerprint) build(:ci_reports_security_finding_key, location_fingerprint: location.fingerprint, identifier_fingerprint: identifier_2.fingerprint),
build(:ci_reports_security_finding_key, location_fingerprint: signature.signature_hex, identifier_fingerprint: identifier_1.fingerprint),
build(:ci_reports_security_finding_key, location_fingerprint: signature.signature_hex, identifier_fingerprint: identifier_2.fingerprint)
] ]
end end
......
...@@ -122,8 +122,10 @@ module Gitlab ...@@ -122,8 +122,10 @@ module Gitlab
end end
def keys def keys
@keys ||= identifiers.reject(&:type_identifier?).map do |identifier| @keys ||= identifiers.reject(&:type_identifier?).flat_map do |identifier|
FindingKey.new(location_fingerprint: location&.fingerprint, identifier_fingerprint: identifier.fingerprint) location_fingerprints.map do |location_fingerprint|
FindingKey.new(location_fingerprint: location_fingerprint, identifier_fingerprint: identifier.fingerprint)
end
end end
end end
...@@ -171,8 +173,10 @@ module Gitlab ...@@ -171,8 +173,10 @@ module Gitlab
original_data['location'] original_data['location']
end end
# Returns either the max priority signature hex
# or the location fingerprint
def location_fingerprint def location_fingerprint
max_priority_signature_hex || location&.fingerprint location_fingerprints.first
end end
private private
...@@ -181,10 +185,15 @@ module Gitlab ...@@ -181,10 +185,15 @@ module Gitlab
Digest::SHA1.hexdigest(compare_key) Digest::SHA1.hexdigest(compare_key)
end end
def max_priority_signature_hex def location_fingerprints
return unless @vulnerability_finding_signatures_enabled && signatures.present? @location_fingerprints ||= signature_hexes << location&.fingerprint
end
# Returns the signature hexes in reverse priority order
def signature_hexes
return [] unless @vulnerability_finding_signatures_enabled && signatures.present?
signatures.max_by(&:priority).signature_hex signatures.sort_by(&:priority).map(&:signature_hex).reverse
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment