app/models/concerns/vulnerability_finding_helpers.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

# frozen_string_literal: true

module VulnerabilityFindingHelpers
  extend ActiveSupport::Concern

  # Manually resolvable report types cannot be considered fixed once removed from the
  # target branch due to requiring active triage, such as rotation of an exposed token.
  REPORT_TYPES_REQUIRING_MANUAL_RESOLUTION = %w[secret_detection].freeze

  def requires_manual_resolution?
    REPORT_TYPES_REQUIRING_MANUAL_RESOLUTION.include?(report_type)
  end

  def matches_signatures(other_signatures, other_uuid)
    other_signature_types = other_signatures.index_by(&:algorithm_type)

    # highest first
    match_result = nil
    signatures.sort_by(&:priority).reverse_each do |signature|
      matching_other_signature = other_signature_types[signature.algorithm_type]
      next if matching_other_signature.nil?

      match_result = matching_other_signature == signature
      break
    end

    if match_result.nil?
      [uuid, *signature_uuids].include?(other_uuid)
    else
      match_result
    end
  end

  def signature_uuids
    signatures.map do |signature|
      hex_sha = signature.signature_hex
      ::Security::VulnerabilityUUID.generate(
        report_type: report_type,
        location_fingerprint: hex_sha,
        primary_identifier_fingerprint: primary_identifier&.fingerprint,
        project_id: project_id
      )
    end
  end
end