Fix JQL fuzzy search for Jira vulnerability issues
What does this MR do and why?
Adjusts the JQL builder query used for finding linked Jira issues.
Currently a fuzzy-match query is constructed for the partial URL of the linked vulnerability in the issue description (description ~ "/-/security/vulnerabilities/[vulnerability_id]"), but this is incorrect as JQL does not search the content of hyperlinks. Also, due to the nature of the "~" operator in JQL, the query is actually searching for the presence of "security" "vulnerabilities" & "[vulnerability_id]". These tokens are not always present in the actual text (especially for manually added vulnerabilities), surfacing the bug.
The fix:
Build an exact match query (using escaped double quotes around the query string) for a string present in all vulnerability Jira issues ("Issue created from vulnerability [vulnerability_id]" is always printed at the top of the issue).
References
https://support.atlassian.com/jira-software-cloud/docs/search-for-work-items-using-the-text-field/
Screenshots or screen recordings
| Before | After |
|---|---|
|
|
How to set up and validate locally
- Setup Jira integration
- Manually create a vulnerability for a project
- Click the 'Create Jira Issue' button inside the vulnerability view
- [*Sometimes a page reload seems to be necessary] Link to Jira issue should be present
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #551648 (closed)