Fix #17 - fuzzy match is optional

README.md

@@ -78,7 +78,9 @@ The following methods call Veracode REST APIs and return JSON.
 - `add_annotation(app,issue_list,comment,action,sandbox(opt))`: add an annotation (comment, mitigation proposal/acceptance/rejection) to the findings in `issue_list` for `app` (guid) (or optionally `sandbox` (guid)). Note that you must have the Mitigation Approver role (regular user) to use the ACCEPTED or REJECTED action, or the Mitigation and Comments API role for an API service account to use this call.
   - `issue_list`: must be passed as a Python list of `issue_id`s
   - `action`: must be one of COMMENT, POTENTIAL_FALSE_POSITIVE, APP_BY_DESIGN, OS_ENV, NET_ENV, LIBRARY, ACCEPT_RISK, ACCEPTED, REJECTED
-- `match_findings(origin_finding,potential_matches,approved_findings_only(opt))`: return a matching finding from `potential_matches` for the `origin_finding`, based on the finding type.
+- `match_findings(origin_finding,potential_matches,approved_findings_only(opt),allow_fuzzy_match(opt))`: return a matching finding from `potential_matches` for the `origin_finding`, based on the finding type.
+  - `approved_findings_only`: limits matches to findings with approved mitigations.
+  - `allow_fuzzy_match`: look for matches within a range of source lines around the origin finding. This allows for code movement but can result in flaws being mismatched; use sparingly.
 
 #### Collections
 

requirements.txt

@@ -1,4 +1,4 @@
 requests>=2.24.0
 veracode-api-signing>=19.9.0
-urllib3 == 1.26.5
-Pygments == 2.7.4
+urllib3 == 1.26.6
+Pygments == 2.9.0

setup.py

@@ -3,7 +3,7 @@
 setup(
   name = 'veracode_api_py',         
   packages = ['veracode_api_py'],   
-  version = '0.9.17',      
+  version = '0.9.18',      
   license='MIT',        
   description = 'Python helper library for working with the Veracode APIs. Handles retries, pagination, and other features of the modern Veracode REST APIs.',   
   author = 'Tim Jarrett',                  

veracode_api_py/findings.py

@@ -55,7 +55,7 @@ def add_annotation(self,app,issue_list,comment,action,sandbox=None):
         payload = json.dumps(annotation_def)
         return APIHelper()._rest_request(uri,"POST",body=payload,params=params)
 
-    def match(self,origin_finding,potential_matches,approved_matches_only=True):
+    def match(self,origin_finding,potential_matches,approved_matches_only=True,allow_fuzzy_match=False):
         # match a finding against an array of potential matches
         match = None
 
@@ -68,7 +68,7 @@ def match(self,origin_finding,potential_matches,approved_matches_only=True):
         pm = self._create_match_format_policy(policy_findings=potential_matches,finding_type=scan_type)
 
         if scan_type == 'STATIC':
-            match = self._match_static (of[0], pm)
+            match = self._match_static (of[0], pm, allow_fuzzy_match)
         elif scan_type == 'DYNAMIC':
             match = self._match_dynamic (of[0], pm)
         return match
@@ -93,15 +93,15 @@ def format_file_path(self,file_path):
 
         return formatted_file_path
 
-    def _match_static(self,origin_finding,potential_matches):
+    def _match_static(self,origin_finding,potential_matches,allow_fuzzy_match=False):
         match = None
         if origin_finding['source_file'] not in ('', None):
             #attempt precise match first
             match = next((pf for pf in potential_matches if ((origin_finding['cwe'] == int(pf['cwe'])) & 
                 (origin_finding['source_file'].find(pf['source_file']) > -1 ) & 
                 (origin_finding['line'] == pf['line'] ))), None)
 
-            if match is None:
+            if match is None and allow_fuzzy_match:
                 #then fall to fuzzy match
                 match = next((pf for pf in potential_matches if ((origin_finding['cwe'] == int(pf['cwe'])) & 
                     (origin_finding['source_file'].find(pf['source_file']) > -1 ) &