Manually create a Vulnerability: should we accept more than one Vulnerability with the same primary identifier?

Facts

  1. A Vulnerability must have a location_fingerprint
  2. Vulnerabilities created by Mutations::Vulnerabilities::Create have the location_fingerprint set to Digest::SHA1.hexdigest("manually added")
  3. We're not doing the Evidence section of #204818[m02_Manual-result_vuln-info-added.png] for the MVC

Considering the 3 points above the following is true:

Within one project, one can't manually create TWO Vulnerabilities with the same primary identifier

And primary identifier is simply the first identifier in the Identifiers section of #204818[m02_Manual-result_vuln-info-added.png]

Question

Should we allow manual creation of more than one Vulnerability with the same primary identifier?

If no, then no further action is required.

If yes, then for MVC we want to do the simplest thing possible which is:

  1. backend Extend Mutations::Vulnerabilities::Create to accept location:String
  2. backend Change Vulnerabilities::ManuallyCreateService to use the location
  3. frontend Add a simple text field to the Details section
Edited by Michał Zając