Skip to content

deduplication logic: add cross scanner unique_id tests and fix bug #13499

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 24, 2025
Merged

deduplication logic: add cross scanner unique_id tests and fix bug #13499

merged 5 commits into from
Oct 24, 2025

Conversation

@valentijnscholten
Copy link
Member

@valentijnscholten valentijnscholten commented Oct 22, 2025
edited
Loading

Fixes #13500
In certain scenario's the DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL algorithm can set a finding from scanner type A as duplicate of a finding from scanner type B. For this algorithm this is invalid as the unique_id_from_tool field is a parser specific value.

This only happens when deduplication_on_engagement==True. The product scope code branch already has the correct filter.

django-DefectDojo/dojo/utils.py

Lines 439 to 440 in 7c0d92a

# the unique_id_from_tool is unique for a given tool: do not compare with other tools
test__test_type=new_finding.test.test_type,

In practice I doubt many people will run into this small bug. It has been around for 5 years, so we would have noticed. So the real world impact of the bug and this PR is limited, but still I would like to get this corrected.

@valentijnscholten valentijnscholten linked an issue Oct 22, 2025 that may be closed by this pull request
DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL matches unique ids from different parsers #13500
Closed
@valentijnscholten valentijnscholten marked this pull request as ready for review October 22, 2025 20:34
@valentijnscholten valentijnscholten added this to the 2.51.3 milestone Oct 23, 2025
@valentijnscholten valentijnscholten merged commit 60e33e4 into DefectDojo:bugfix Oct 24, 2025
150 checks passed
@valentijnscholten valentijnscholten mentioned this pull request Nov 7, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dogboat dogboat dogboat approved these changes

@Maffooch Maffooch Maffooch approved these changes

@Jino-T Jino-T Jino-T approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

Assignees

No one assigned

Labels

bugfix unittests

Projects

None yet

Milestone

2.51.3

Development

Successfully merging this pull request may close these issues.

DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL matches unique ids from different parsers

5 participants

@valentijnscholten @dogboat @Maffooch @Jino-T @blakeaowens