False posivites are not filtered out in report view

[mum-viadee]

After including a false positive file false positives are filtered out in the graph view, but not in the interactive report view.

The report currently shows 10 low risks and 0 false positives. In the graph there are 6 low risks and 4 false positives shown, which is correct.

[mum-viadee]

After examining the code I think I found the error. In line 75 of the file main.js the fields of the falsePositive are compared to the alert or instances fields by using equals.

return !falsePositive.hasOwnProperty(key) || falsePositive[key] === alert[key] || falsePositive[key] === instance[key]

The false positive URI is, as the documentation says, a regex string. So a equals is wrong. The URI must be compared using reqular expression matching!!!

[Viktork25]

@mum-viadee what have you done with the issue above about the False Positive?

[mum-viadee]

@Viktork25 I've done nothing so far. There are two places in the code where supressions are evaluated. In the Java code of the plugin and in the Javascript code of the report view. Two places with the same business logic. In my opinion this is not a good design.
The best solution would be, if the Java code could handle all the business logic and writes an enriched result file which the result view only has to display. Only one central piece of Code with business logic.
But that would be a bit of refactoring the plugin, not just fixing a bug.

[shardy-lbar]

As a quick fix, we have implemented regex checking in the Javascript as well. However as @mum-viadee mentioned, we should aim to get in a reworking of the plugin to have a centralised business logic in just the JAVA code, passing the data via the results file. I will leave this issue open until the rework is done.

Sorry for the very slow responses, we have been neglectful of this plugin recently due to workload, but will aim to be more vigilant and productive moving forwards.