Skip to content

Commit

Permalink
fix: Work-around for collision with IID's generated by Symfony parser
Browse files Browse the repository at this point in the history
  • Loading branch information
rsenden committed Mar 22, 2021
1 parent 00839c6 commit e421cd2
Showing 1 changed file with 4 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -84,14 +84,16 @@ private final void buildVulnerabilityForDependency(String dependencyName, String
}

/**
* Calculate the issue instance id, using a combination of feature name, feature version, and vulnerability name
* Calculate the issue instance id, using a combination of feature name, feature version, and vulnerability name.
* The calculated instance id is prepended with a 'P' to avoid collision with IID's generated by the legacy Symfony
* Security Checker parser plugin.
*/
private final String getInstanceId(String dependencyName, String dependencyVersion, DependencyAdvisory dependencyAdvisory) {
String cveOrTitleOrLink = getFirstNonBlank(
dependencyAdvisory.getCve(),
dependencyAdvisory.getTitle(),
dependencyAdvisory.getLink());
return DigestUtils.sha256Hex(String.join("|", dependencyName, dependencyVersion, cveOrTitleOrLink));
return 'P'+DigestUtils.sha256Hex(String.join("|", dependencyName, dependencyVersion, cveOrTitleOrLink));
}

private final String getFirstNonBlank(String... strings) {
Expand Down

0 comments on commit e421cd2

Please sign in to comment.