remove unique_id_from_tool

rl-maartenb · rl-maartenb · commit 2f4b82c7fe0e · 2025-06-17T10:20:14.000+02:00
diff --git a/dojo/tools/reversinglabs_spectraassure/parser.py b/dojo/tools/reversinglabs_spectraassure/parser.py
@@ -51,13 +51,12 @@ def _one_finding(
             cvssv3_score=node.score,
             severity=node.score_severity,
             vuln_id_from_tool=node.vuln_id_from_tool,
-            unique_id_from_tool=node.unique_id_from_tool,  # purl if we have one ?
             file_path=node.component_file_path,
             component_name=node.component_name,
             component_version=node.component_version,
             nb_occurences=1,
             hash_code=key,  # sha256 on title
-            references=None,  # future urls
+            references=None,  # future: urls
             active=True,  # this is the DefectDojo active field, nothing to do with node.active field
             test=test,
             static_finding=True,
@@ -108,7 +107,7 @@ def get_findings(
                 self._duplicates[key] = finding
                 continue
 
-            dup = self._duplicates[key]  # but that may be on a different component file, name, version
+            dup = self._duplicates[key]
             if dup:
                 dup.description += finding.description
                 dup.nb_occurences += 1
diff --git a/dojo/tools/reversinglabs_spectraassure/rlJsonInfo/__init__.py b/dojo/tools/reversinglabs_spectraassure/rlJsonInfo/__init__.py
@@ -1,9 +1,7 @@
 import copy
 import datetime
-import gc
 import json
 import logging
-import os
 import sys
 from typing import Any
 
@@ -90,18 +88,10 @@ def __init__(
 
         self.data: dict[str, Any] = json.load(file_handle)
         self._results = {}
-
-        self.RL_JSON_WITH_CG_COLLECT: bool = False
-        if os.getenv("RL_JSON_WITH_CG_COLLECT"):
-            self.RL_JSON_WITH_CG_COLLECT = True
-
         self._get_info()
         self._get_meta()
         self._get_rest()
 
-        if self.RL_JSON_WITH_CG_COLLECT is True:
-            gc.collect()
-
     def _get_info(
         self,
     ) -> None:
@@ -407,7 +397,10 @@ def _do_one_cve_component_dependency(
         if len(tail) == 0:
             tail = f"{dep_name}@{dep_version}"
 
-        cin.unique_id_from_tool = f"{cin.component_file_sha256}:{cve}:{tail}"
+        # should be constant over multiple re-scans (repeatable)
+        # see: https://github.com/DefectDojo/django-DefectDojo/pull/12463
+        # cin.unique_id_from_tool = f"{cin.component_file_sha256}:{cve}:{tail}"
+        # downvoted as not originally from the tool itself.
 
         logger.debug("%s", cin)
         return cin
@@ -448,7 +441,8 @@ def _do_one_cve_component_without_dependencies(
 
         # should be constant over multiple re-scans (repeatable)
         # see: https://github.com/DefectDojo/django-DefectDojo/pull/12463
-        cin.unique_id_from_tool = f"{cin.component_file_sha256}:{cve}"
+        # cin.unique_id_from_tool = f"{cin.component_file_sha256}:{cve}"
+        # downvoted as not originally from the tool itself.
 
         logger.debug("%s", cin)
 
