MR widget for comparing security reports uses wrong location data
Summary
Container Scanning shows the same issues as new and fixed, but they are all exposed to the same CVE. This happens because the comparison of Occurrence#location
in the active record model is using the full object instead of a subset of it depending on the report type.
Steps to reproduce
Enable CS (container scanning) and create MR you will see a comparison of vulnerabilities isn't correct.
https://gitlab.com/fjdiaz/simply-simple-notes/merge_requests/4
Example Project
https://gitlab.com/fjdiaz/simply-simple-notes/
What is the current bug behavior?
(check image above) We see the same vulnerabilities as new and fixed
What is the expected correct behavior?
(check image above) We shouldn't see the same vulnerabilities as new and fixed
Output of checks
This bug happens on GitLab.com
Possible fixes
Use location fingerprint instead of the full location object in occurrence model for comparison.