reimporter: make it clear that on reimport we work with matched findi…

…ngs which not marked as duplicate
netceteragroup · Sep 2, 2024 · e7d615c · e7d615c
1 parent f628d08
commit e7d615c
Showing 1 changed file with 25 additions and 2 deletions.
diff --git a/dojo/importers/default_reimporter.py b/dojo/importers/default_reimporter.py
@@ -194,10 +194,13 @@ def process_findings(
             unsaved_finding.hash_code = self.calculate_unsaved_finding_hash_code(unsaved_finding)
             deduplicationLogger.debug(f"unsaved finding's hash_code: {unsaved_finding.hash_code}")
             # Match any findings to this new one coming in
-            matched_findings = self.match_new_finding_to_existing_finding(unsaved_finding)
-            deduplicationLogger.debug(f"found {len(matched_findings)} findings matching with current new finding")
+            matched_findings = self.match_new_finding_to_existing_finding_nonduplicate(unsaved_finding)
+            deduplicationLogger.debug(f"found {len(matched_findings)} original (non-duplicate) findings matching with current new finding")
             # Determine how to proceed based on whether matches were found or not
             if matched_findings:
+                # We take the first finding because we expect only one actually
+                # (if any). If there are more than one finding, this should not
+                # happen and indicates inconsistency.
                 existing_finding = matched_findings[0]
                 finding, force_continue = self.process_matched_finding(
                     unsaved_finding,
@@ -420,6 +423,26 @@ def match_new_finding_to_existing_finding(
             logger.error(f'Internal error: unexpected deduplication_algorithm: "{self.deduplication_algorithm}"')
             return None
 
+    def match_new_finding_to_existing_finding_nonduplicate(
+        self,
+        unsaved_finding: Finding,
+    ) -> List[Finding]:
+        """
+        Matches a single new finding to N existing findings and then returns those
+        matches, but only those which are not 'duplicate'. This normally should end
+        up in a single finding. In case it returns more than one, it means that the
+        internal state is inconsistent and hardly usable.
+        """
+        non_duplicate_findings = []
+        # we could do the same by proper database query, but it would lead to
+        # large chunk of copy-pasted code
+        matched_findings = self.match_new_finding_to_existing_finding(unsaved_finding)
+        for finding in matched_findings:
+            if not finding.duplicate:
+                non_duplicate_findings.append(finding)
+
+        return non_duplicate_findings
+
     def process_matched_finding(
         self,
         unsaved_finding: Finding,