Store fingerprint from bearer in unique_id_from_tool

wolframite · wolframite · commit 5beb6dbd9f04 · 2025-05-16T11:02:31.000+02:00
diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py
@@ -1584,6 +1584,7 @@ def saml2_attrib_map_format(din):
     "MobSF Scorecard Scan": DEDUPE_ALGO_HASH_CODE,
     "OSV Scan": DEDUPE_ALGO_HASH_CODE,
     "Nosey Parker Scan": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE,
+    # The bearer fingerprint is not unique across multiple scans, so it shouldn't be used for deduplication (https://github.com/DefectDojo/django-DefectDojo/pull/12346#issuecomment-2841561634)
     "Bearer CLI": DEDUPE_ALGO_HASH_CODE,
     "Wiz Scan": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE,
     "Deepfence Threatmapper Report": DEDUPE_ALGO_HASH_CODE,
diff --git a/dojo/tools/bearer_cli/parser.py b/dojo/tools/bearer_cli/parser.py
@@ -46,6 +46,7 @@ def get_findings(self, file, test):
                     sast_source_line=bearerfinding["source"]["start"],
                     sast_source_file_path=bearerfinding["filename"],
                     vuln_id_from_tool=bearerfinding["id"],
+                    unique_id_from_tool=bearerfinding["fingerprint"],
                 )
 
                 items.append(finding)

Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,7 @@ def get_findings(self, file, test):`
`46`	`46`	`sast_source_line=bearerfinding["source"]["start"],`
`47`	`47`	`sast_source_file_path=bearerfinding["filename"],`
`48`	`48`	`vuln_id_from_tool=bearerfinding["id"],`
	`49`	`+ unique_id_from_tool=bearerfinding["fingerprint"],`
`49`	`50`	`)`
`50`	`51`
`51`	`52`	`items.append(finding)`