@@ -865,46 +865,37 @@ public void removeIgnoreEntriesForFileIfEmpty(String filePath) {
865865 }
866866
867867 /**
868- * Checks if a specific vulnerability is ignored based on its ruleId.
869- * This method is ASCA-specific and checks whether the given vulnerability
870- * should be ignored by matching its ruleId against the ignore entries.
871- * This allows multiple vulnerabilities on the same line to be ignored independently.
868+ * Checks if a specific ASCA vulnerability is ignored based on its problematicLine and rule name.
869+ * This is used to filter individual vulnerabilities within a ScanIssue that may contain
870+ * multiple vulnerabilities on the same line.
871+ * <p>
872+ * Matching uses both the problematicLine (code content) and the rule name (entry.packageName vs vulnerability.title)
873+ * because multiple different rules can flag the same line of code, producing the same problematicLine value.
872874 *
873- * @param vulnerability the vulnerability to check
874- * @param ignoreEntries the list of ignore entries
875- * @param normalizedPath the normalized file path
876- * @return true if the vulnerability should be ignored, false otherwise
875+ * @param vulnerability The specific vulnerability to check
876+ * @param ignoreEntries The list of ignore entries to check against
877+ * @param filePath The file path of the issue
878+ * @return {@code true} if this specific vulnerability is ignored; {@code false} otherwise
877879 */
878- public boolean isVulnerabilityIgnored (Vulnerability vulnerability , List <IgnoreEntry > ignoreEntries , String normalizedPath ) {
879- Integer vulnRuleId = vulnerability .getRuleId ();
880+ public boolean isAscaVulnerabilityIgnored (Vulnerability vulnerability , List <IgnoreEntry > ignoreEntries , String filePath ) {
881+ String normalizedPath = ignoreFileManager .normalizePath (filePath );
882+ String issueProblematicLine = vulnerability .getProblematicLine ();
883+ String vulnTitle = vulnerability .getTitle ();
880884 for (IgnoreEntry entry : ignoreEntries ) {
881885 if (entry .getType () != ScanEngine .ASCA ) {
882886 continue ;
883887 }
884- // The ignore entry's ruleId stores the ASCA rule ID — must match to avoid
885- // ignoring a different rule that happens to flag the same line of code
886- if (vulnRuleId == null || !vulnRuleId .equals (entry .getRuleId ())) {
888+ // Match by rule name: the ignore entry's packageName must match the vulnerability's title (rule name)
889+ boolean ruleNameMatch = (entry .getPackageName () != null && entry .getPackageName ().equals (vulnTitle ))
890+ || (entry .getPackageName () == null && vulnTitle == null );
891+ if (!ruleNameMatch ) {
887892 continue ;
888893 }
889894 for (IgnoreEntry .FileReference ref : entry .getFiles ()) {
890- if (ref .isActive () && ref .getPath ().equals (normalizedPath )) {
891- return true ;
892- }
893- }
894- }
895- return false ;
896- }
897-
898- public boolean isIgnored (ScanIssue issue , List <IgnoreEntry > ignoreEntries , String filePath ) {
899- String normalizedPath = ignoreFileManager .normalizePath (filePath );
900- // Match by path and line (for OSS, Secrets, Containers, IAC, and other scanners)
901- // Note: ASCA filtering is handled in AscaScanResultAdaptor during issue creation
902- int issueLine = issue .getLocations () != null && !issue .getLocations ().isEmpty ()
903- ? issue .getLocations ().get (0 ).getLine ()
904- : -1 ;
905- for (IgnoreEntry entry : ignoreEntries ) {
906- for (IgnoreEntry .FileReference ref : entry .getFiles ()) {
907- if (ref .isActive () && ref .getPath ().equals (normalizedPath ) && ref .getLine () == issueLine ) {
895+ boolean pathMatch = ref .isActive () && ref .getPath ().equals (normalizedPath );
896+ boolean problematicLineMatch = (issueProblematicLine == null && ref .getProblematicLine () == null )
897+ || (issueProblematicLine != null && issueProblematicLine .equals (ref .getProblematicLine ()));
898+ if (pathMatch && problematicLineMatch ) {
908899 return true ;
909900 }
910901 }
0 commit comments