Skip to content
This repository was archived by the owner on Jun 24, 2025. It is now read-only.

Commit e421cd2

Browse files
rsendenrsenden
committed
fix: Work-around for collision with IID's generated by Symfony parser
1 parent 00839c6 commit e421cd2

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

src/main/java/com/fortify/ssc/parser/php/security_checker/parser/VulnerabilitiesParser.java

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -84,14 +84,16 @@ private final void buildVulnerabilityForDependency(String dependencyName, String
8484
}
8585

8686
/**
87-
* Calculate the issue instance id, using a combination of feature name, feature version, and vulnerability name
87+
* Calculate the issue instance id, using a combination of feature name, feature version, and vulnerability name.
88+
* The calculated instance id is prepended with a 'P' to avoid collision with IID's generated by the legacy Symfony
89+
* Security Checker parser plugin.
8890
*/
8991
private final String getInstanceId(String dependencyName, String dependencyVersion, DependencyAdvisory dependencyAdvisory) {
9092
String cveOrTitleOrLink = getFirstNonBlank(
9193
dependencyAdvisory.getCve(),
9294
dependencyAdvisory.getTitle(),
9395
dependencyAdvisory.getLink());
94-
return DigestUtils.sha256Hex(String.join("|", dependencyName, dependencyVersion, cveOrTitleOrLink));
96+
return 'P'+DigestUtils.sha256Hex(String.join("|", dependencyName, dependencyVersion, cveOrTitleOrLink));
9597
}
9698

9799
private final String getFirstNonBlank(String... strings) {

0 commit comments

Comments
 (0)