fix(github_sast): set unique_id_from_tool for dedup

Author: samiat4911

dojo/settings/settings.dist.py

@@ -1680,7 +1680,7 @@ def saml2_attrib_map_format(din):
     "Scout Suite Scan": DEDUPE_ALGO_HASH_CODE,
     "AWS Security Hub Scan": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
     "Meterian Scan": DEDUPE_ALGO_HASH_CODE,
-    "Github SAST Scan": DEDUPE_ALGO_HASH_CODE,
+    "Github SAST Scan": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE,
     "Github Vulnerability Scan": DEDUPE_ALGO_HASH_CODE,
     "Github Secrets Detection Report": DEDUPE_ALGO_HASH_CODE,
     "Cloudsploit Scan": DEDUPE_ALGO_HASH_CODE,

dojo/tools/github_sast/parser.py

@@ -71,6 +71,7 @@ def get_findings(self, filename, test):
                 static_finding=True,
                 dynamic_finding=False,
                 vuln_id_from_tool=rule_id,
+                unique_id_from_tool=str(vuln.get("number")),
             )
 
             # File path & line

unittests/tools/test_github_sast_parser.py

@@ -30,6 +30,7 @@ def test_parse_file_with_one_vuln_parsed_correctly(self):
             self.assertEqual("src/file.py", finding.file_path)
             self.assertEqual(42, finding.line)
             self.assertEqual("py/clear-text-storage-sensitive-data", finding.vuln_id_from_tool)
+            self.assertEqual("35", finding.unique_id_from_tool)
             self.assertEqual("High", finding.severity)
             self.assertEqual("https://github.com/OWASP/test-repository/security/code-scanning/35", finding.url)
             self.assertIn("This expression stores sensitive data", finding.description)