Similar Findings: Restrict to Product Scope

Author: Maffooch

dojo/finding/views.py

@@ -539,7 +539,9 @@ def get_similar_findings(self, request: HttpRequest, finding: Finding):
         finding_filter_class = SimilarFindingFilterWithoutObjectLookups if filter_string_matching else SimilarFindingFilter
         similar_findings_filter = finding_filter_class(
             request.GET,
-            queryset=get_authorized_findings(Permissions.Finding_View),
+            queryset=get_authorized_findings(Permissions.Finding_View)
+            .filter(test__engagement__product=finding.test.engagement.product)
+            .exclude(id=finding.id),
             user=request.user,
             finding=finding,
         )
@@ -3027,7 +3029,10 @@ def get_missing_mandatory_notetypes(finding):
 def mark_finding_duplicate(request, original_id, duplicate_id):
 
     original = get_object_or_404(Finding, id=original_id)
-    duplicate = get_object_or_404(Finding, id=duplicate_id)
+    duplicate = get_object_or_404(
+        Finding.objects.filter(test__engagement__product=original.test.engagement.product),
+        id=duplicate_id,
+    )
 
     if original.test.engagement != duplicate.test.engagement:
         if (original.test.engagement.deduplication_on_engagement
@@ -3112,7 +3117,10 @@ def reset_finding_duplicate_status(request, duplicate_id):
 
 def set_finding_as_original_internal(user, finding_id, new_original_id):
     finding = get_object_or_404(Finding, id=finding_id)
-    new_original = get_object_or_404(Finding, id=new_original_id)
+    new_original = get_object_or_404(
+        Finding.objects.filter(test__engagement__product=finding.test.engagement.product),
+        id=new_original_id,
+    )
 
     if finding.test.engagement != new_original.test.engagement:
         if (finding.test.engagement.deduplication_on_engagement

dojo/templates/dojo/finding_related_list.html

@@ -12,7 +12,6 @@
         <th>Status</th>
         <th>Test</th>
         <th>Engagement</th>
-        <th>Product</th>
         <th>CWE</th>
         <th>Vulnerability Id</th>
         <th>EPSS Score</th>

dojo/templates/dojo/finding_related_row.html

@@ -40,7 +40,6 @@
         </sup>
     {% endif %}
     </td>
-    <td><a href="{% url 'view_product' similar_finding.test.engagement.product.id %}">{{ similar_finding.test.engagement.product.name }}</a>
     <td>
         {% if similar_finding.cwe > 0 %}
         <a target="_blank" href="{{ similar_finding.cwe|cwe_url }}">

dojo/templates/dojo/view_finding.html

@@ -728,8 +728,7 @@ <h4 class="has-filters">Similar Findings ({{ similar_findings.paginator.count }}
                     <i class="fa-solid fa-circle-question has-popover" data-trigger="hover"
                        data-content="Opening this panel shows findings that are not exact duplicates,
                         but have similar values for Vulnerability Id, CWE, file_path, line number, unique_id_from_tool.
-                        It has a filter panel where filtering can be made less or more strict, and across
-                        product boundaries. The resulting findings can be view, marked as duplicate or original.
+                        It has a filter panel where filtering can be made less or more strict. The resulting findings can be view, marked as duplicate or original.
                         Clear filters will empty all filters. Restart will start over by matching against the fields
                         mentioned above."
                         data-placement="bottom" data-container="body">