3 files changed, 50 insertions, 13 deletions

diff --git a/lib/gitlab/ci/reports/security/finding.rb b/lib/gitlab/ci/reports/security/finding.rb
index 39531e12f69..47ec82ac86c 100644
--- a/lib/gitlab/ci/reports/security/finding.rb
+++ b/lib/gitlab/ci/reports/security/finding.rb
@@ -17,7 +17,6 @@ module Gitlab
           attr_reader :name
           attr_reader :old_location
           attr_reader :project_fingerprint
-          attr_reader :raw_metadata
           attr_reader :report_type
           attr_reader :scanner
           attr_reader :scan
@@ -28,10 +27,13 @@ module Gitlab
           attr_reader :details
           attr_reader :signatures
           attr_reader :project_id
+          attr_reader :original_data
 
           delegate :file_path, :start_line, :end_line, to: :location
 
-          def initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, metadata_version:, name:, raw_metadata:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false) # rubocop:disable Metrics/ParameterLists
+          alias_method :cve, :compare_key
+
+          def initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false) # rubocop:disable Metrics/ParameterLists
             @compare_key = compare_key
             @confidence = confidence
             @identifiers = identifiers
@@ -40,7 +42,7 @@ module Gitlab
             @location = location
             @metadata_version = metadata_version
             @name = name
-            @raw_metadata = raw_metadata
+            @original_data = original_data
             @report_type = report_type
             @scanner = scanner
             @scan = scan
@@ -74,6 +76,10 @@ module Gitlab
               uuid
               details
               signatures
+              description
+              message
+              cve
+              solution
             ].each_with_object({}) do |key, hash|
               hash[key] = public_send(key) # rubocop:disable GitlabSecurity/PublicSend
             end
@@ -88,8 +94,8 @@ module Gitlab
             @location = new_location
           end
 
-          def unsafe?(severity_levels)
-            severity.in?(severity_levels)
+          def unsafe?(severity_levels, report_types)
+            severity.to_s.in?(severity_levels) && (report_types.blank? || report_type.to_s.in?(report_types) )
           end
 
           def eql?(other)
@@ -141,6 +147,30 @@ module Gitlab
             scanner <=> other.scanner
           end
 
+          def has_signatures?
+            signatures.present?
+          end
+
+          def raw_metadata
+            @raw_metadata ||= original_data.to_json
+          end
+
+          def description
+            original_data['description']
+          end
+
+          def message
+            original_data['message']
+          end
+
+          def solution
+            original_data['solution']
+          end
+
+          def location_data
+            original_data['location']
+          end
+
           private
 
           def generate_project_fingerprint
diff --git a/lib/gitlab/ci/reports/security/report.rb b/lib/gitlab/ci/reports/security/report.rb
index 1ba2d909d99..417319cb5be 100644
--- a/lib/gitlab/ci/reports/security/report.rb
+++ b/lib/gitlab/ci/reports/security/report.rb
@@ -69,6 +69,10 @@ module Gitlab
 
             primary_scanner <=> other.primary_scanner
           end
+
+          def has_signatures?
+            findings.any?(&:has_signatures?)
+          end
         end
       end
     end
diff --git a/lib/gitlab/ci/reports/security/reports.rb b/lib/gitlab/ci/reports/security/reports.rb
index b7a5e36b108..b6372349f68 100644
--- a/lib/gitlab/ci/reports/security/reports.rb
+++ b/lib/gitlab/ci/reports/security/reports.rb
@@ -22,21 +22,24 @@ module Gitlab
             reports.values.flat_map(&:findings)
           end
 
-          def violates_default_policy_against?(target_reports, vulnerabilities_allowed, severity_levels)
-            unsafe_findings_count(target_reports, severity_levels) > vulnerabilities_allowed
+          def violates_default_policy_against?(target_reports, vulnerabilities_allowed, severity_levels, vulnerability_states, report_types = [])
+            unsafe_findings_count(target_reports, severity_levels, vulnerability_states, report_types) > vulnerabilities_allowed
           end
 
-          private
-
-          def findings_diff(target_reports)
-            findings - target_reports&.findings.to_a
+          def unsafe_findings_uuids(severity_levels, report_types)
+            findings.select { |finding| finding.unsafe?(severity_levels, report_types) }.map(&:uuid)
           end
 
-          def unsafe_findings_count(target_reports, severity_levels)
-            findings_diff(target_reports).count {|finding| finding.unsafe?(severity_levels)}
+          private
+
+          def unsafe_findings_count(target_reports, severity_levels, vulnerability_states, report_types)
+            new_uuids = unsafe_findings_uuids(severity_levels, report_types) - target_reports&.unsafe_findings_uuids(severity_levels, report_types).to_a
+            new_uuids.count
           end
         end
       end
     end
   end
 end
+
+Gitlab::Ci::Reports::Security::Reports.prepend_mod_with('Gitlab::Ci::Reports::Security::Reports')