fix: use pkgID to filter vulns

aquasecurity · Nov 6, 2024 · 68aa1f0 · 68aa1f0
1 parent c5ae33b
commit 68aa1f0
Show file tree

Hide file tree

Showing 2 changed files with 97 additions and 1 deletion.
diff --git a/pkg/result/filter.go b/pkg/result/filter.go
@@ -103,7 +103,7 @@ func filterVulnerabilities(result *types.Result, severities []string, ignoreStat
 		}
 
 		// Check if there is a duplicate vulnerability
-		key := fmt.Sprintf("%s/%s/%s/%s", vuln.VulnerabilityID, vuln.PkgName, vuln.InstalledVersion, vuln.PkgPath)
+		key := fmt.Sprintf("%s/%s/%s/%s/%s", vuln.VulnerabilityID, vuln.PkgID, vuln.PkgName, vuln.InstalledVersion, vuln.PkgPath)
 		if old, ok := uniqVulns[key]; ok && !shouldOverwrite(old, vuln) {
 			continue
 		}

diff --git a/pkg/result/filter_test.go b/pkg/result/filter_test.go
@@ -998,6 +998,102 @@ func TestFilter(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "happy path with duplicates and different package IDs",
+			args: args{
+				report: types.Report{
+					Results: types.Results{
+						{
+							Vulnerabilities: []types.DetectedVulnerability{
+								{
+									VulnerabilityID:  "CVE-2019-0001",
+									PkgID:            "3ff14136-e09f-4df9-80ea-000000000001",
+									PkgName:          "foo",
+									InstalledVersion: "1.2.3",
+									FixedVersion:     "1.2.4",
+									Vulnerability: dbTypes.Vulnerability{
+										Severity: dbTypes.SeverityCritical.String(),
+									},
+								},
+								{
+									VulnerabilityID:  "CVE-2019-0001",
+									PkgID:            "3ff14136-e09f-4df9-80ea-000000000002",
+									PkgName:          "foo",
+									InstalledVersion: "1.2.3",
+									FixedVersion:     "1.2.4",
+									Vulnerability: dbTypes.Vulnerability{
+										Severity: dbTypes.SeverityCritical.String(),
+									},
+								},
+								{
+									VulnerabilityID:  "CVE-2019-0002",
+									PkgID:            "[email protected]",
+									PkgName:          "bar",
+									InstalledVersion: "1.2.3",
+									FixedVersion:     "1.2.4",
+									Vulnerability: dbTypes.Vulnerability{
+										Severity: dbTypes.SeverityCritical.String(),
+									},
+								},
+								{
+									VulnerabilityID:  "CVE-2019-0002",
+									PkgID:            "[email protected]",
+									PkgName:          "bar",
+									InstalledVersion: "1.2.3",
+									FixedVersion:     "1.2.4",
+									Vulnerability: dbTypes.Vulnerability{
+										Severity: dbTypes.SeverityCritical.String(),
+									},
+								},
+							},
+						},
+					},
+				},
+				severities: []dbTypes.Severity{
+					dbTypes.SeverityCritical,
+					dbTypes.SeverityHigh,
+					dbTypes.SeverityUnknown,
+				},
+			},
+			want: types.Report{
+				Results: types.Results{
+					{
+						Vulnerabilities: []types.DetectedVulnerability{
+							{
+								VulnerabilityID:  "CVE-2019-0002",
+								PkgID:            "[email protected]",
+								PkgName:          "bar",
+								InstalledVersion: "1.2.3",
+								FixedVersion:     "1.2.4",
+								Vulnerability: dbTypes.Vulnerability{
+									Severity: dbTypes.SeverityCritical.String(),
+								},
+							},
+							{
+								VulnerabilityID:  "CVE-2019-0001",
+								PkgID:            "3ff14136-e09f-4df9-80ea-000000000001",
+								PkgName:          "foo",
+								InstalledVersion: "1.2.3",
+								FixedVersion:     "1.2.4",
+								Vulnerability: dbTypes.Vulnerability{
+									Severity: dbTypes.SeverityCritical.String(),
+								},
+							},
+							{
+								VulnerabilityID:  "CVE-2019-0001",
+								PkgID:            "3ff14136-e09f-4df9-80ea-000000000002",
+								PkgName:          "foo",
+								InstalledVersion: "1.2.3",
+								FixedVersion:     "1.2.4",
+								Vulnerability: dbTypes.Vulnerability{
+									Severity: dbTypes.SeverityCritical.String(),
+								},
+							},
+						},
+					},
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {