Skip to content

Deduplication: Do not reopen original finding #9558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
devGregA merged 1 commit into from
Feb 20, 2024
Merged

Deduplication: Do not reopen original finding #9558

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 18 additions & 8 deletions dojo/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -483,14 +483,19 @@ def deduplicate_uid_or_hash_code(new_finding):


def set_duplicate(new_finding, existing_finding):
deduplicationLogger.debug(f"new_finding.status(): {new_finding.id} {new_finding.status()}")
deduplicationLogger.debug(f"existing_finding.status(): {existing_finding.id} {existing_finding.status()}")
if existing_finding.duplicate:
logger.debug('existing finding: %s:%s:duplicate=%s;duplicate_finding=%s', existing_finding.id, existing_finding.title, existing_finding.duplicate, existing_finding.duplicate_finding.id if existing_finding.duplicate_finding else 'None')
deduplicationLogger.debug('existing finding: %s:%s:duplicate=%s;duplicate_finding=%s', existing_finding.id, existing_finding.title, existing_finding.duplicate, existing_finding.duplicate_finding.id if existing_finding.duplicate_finding else 'None')
raise Exception("Existing finding is a duplicate")
if existing_finding.id == new_finding.id:
raise Exception("Can not add duplicate to itself")
deduplicationLogger.debug('Setting new finding ' + str(new_finding.id) + ' as a duplicate of existing finding ' + str(existing_finding.id))
if is_duplicate_reopen(new_finding, existing_finding):
set_duplicate_reopen(new_finding, existing_finding)
raise Exception("Found a regression. Ignore this so that a new duplicate chain can be made")
if new_finding.duplicate and finding_mitigated(existing_finding):
raise Exception("Skip this finding as we do not want to attach a new duplicate to a mitigated finding")

deduplicationLogger.debug('Setting new finding ' + str(new_finding.id) + ' as a duplicate of existing finding ' + str(existing_finding.id))
new_finding.duplicate = True
new_finding.active = False
new_finding.verified = False
Expand All @@ -509,11 +514,16 @@ def set_duplicate(new_finding, existing_finding):
super(Finding, existing_finding).save()


def is_duplicate_reopen(new_finding, existing_finding):
if (existing_finding.is_mitigated or existing_finding.mitigated) and not existing_finding.out_of_scope and not existing_finding.false_p and new_finding.active and not new_finding.is_mitigated:
return True
else:
return False
def is_duplicate_reopen(new_finding, existing_finding) -> bool:
return finding_mitigated(existing_finding) and finding_not_human_set_status(existing_finding) and not finding_mitigated(new_finding)


def finding_mitigated(finding: Finding) -> bool:
return finding.active is False and (finding.is_mitigated is True or finding.mitigated is not None)


def finding_not_human_set_status(finding: Finding) -> bool:
return finding.out_of_scope is False and finding.false_p is False


def set_duplicate_reopen(new_finding, existing_finding):
Expand Down