Merge pull request Netflix-Skunkworks#243 from Netflix/bugfix/vuln-deduplication

loosen vuln deduplication matching to prevent edge cases

Author: sbehrens

lib/helpers/vulnerability_helpers.rb

@@ -424,14 +424,14 @@ def find_duplicate_vulnerability(vulnerability, options={})
     case vulnerability.match_location
     when "content"
       # This is a static analyzer match for content
-      return existing_vulnerabilities.select{|v| v["url"] == vulnerability.url && v["code_fragment"] == vulnerability.code_fragment && v["term"] == vulnerability.term }
+      return existing_vulnerabilities.select{|v| v["url"] == vulnerability.url && v["term"] == vulnerability.term }
     when "file"
       # This is a static analyzer match for file and github event monitor
-      return existing_vulnerabilities.select{|v| v["file_name"] == vulnerability.file_name && v["code_fragment"] == vulnerability.code_fragment && v["term"] == vulnerability.term }
+      return existing_vulnerabilities.select{|v| v["file_name"] == vulnerability.file_name && v["term"] == vulnerability.term }
     when "source_code"
       # This is a static analyzer match for any static analyzer which has
       # source_code_line, source_code_file, and type
-      return existing_vulnerabilities.select{|v| v["source_code_file"] == vulnerability.source_code_file && v["source_code_line"] == vulnerability.source_code_line && v["type"] == vulnerability.type}
+      return existing_vulnerabilities.select{|v| v["source_code_file"] == vulnerability.source_code_file && v["type"] == vulnerability.type}
     when "path"
       # This is a static analyzer match for paths
       return existing_vulnerabilities.select{|v| v["url"] == vulnerability.url && v["term"] == vulnerability.term}