Disable trimming prefix of the vulnerability's file location
What does this MR do?
As mentioned in Further Reasoning section of the issue: We've been passing the relative project path to the upstream scanner instead of the absolute path containing $CI_PROJECT_DIR
value as the prefix. So, the need for prefix-trimming the vulnerability's location.file
is not needed anymore. It is rather causing the issues like this one.
This MR does the following:
- Passes an empty value as the prefix to trim from the vulnerability's location path, which also fixes the mentioned issue
- Modifies the unit test to use the latest
semgrep.sarif
template and the coverage for the changes made.
NOTE:
The MR pipeline(integration-test
and integration-test-fips
) is expected to fail since the expectation SAST artifacts for Python are impacted by the above-mentioned issue, which this MR intends to solve. I've created a subsequent MR that includes the re-generated expectation artifacts. Since there is a cyclic dependency on the issue-fix <> incorrect-python-artifacts, this whole thing might sound messy. Once this MR gets merged, the pipeline for the subsequent MR should start passing, merging which will bring this whole mess into a stable state.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer