add line number to jas location detection

attiasas · attiasas · commit df9235ef4f1c · 2025-11-11T13:09:00.000+02:00
diff --git a/policy/enforcer/policyenforcer.go b/policy/enforcer/policyenforcer.go
@@ -339,8 +339,7 @@ func isLocationMatchingJasViolation(location *sarif.Location, invocations []*sar
 	if relative := sarifutils.GetRelativeLocationFileName(location, invocations); !slices.Contains(violation.InfectedFilePaths, relative) {
 		return false
 	}
-	// TODO: Improve matching logic when more data is available in Xray violations (Line + Column)
-	return true
+	return sarifutils.GetLocationStartLine(location) == violation.LineNumber
 }
 
 func getJasVulnerabilityId(violation services.XrayViolation, jasType jasutils.JasScanType) string {

Original file line number	Diff line number	Diff line change
`@@ -339,8 +339,7 @@ func isLocationMatchingJasViolation(location sarif.Location, invocations []sar`
`339`	`339`	`if relative := sarifutils.GetRelativeLocationFileName(location, invocations); !slices.Contains(violation.InfectedFilePaths, relative) {`
`340`	`340`	`return false`
`341`	`341`	`}`
`342`		`- // TODO: Improve matching logic when more data is available in Xray violations (Line + Column)`
`343`		`- return true`
	`342`	`+ return sarifutils.GetLocationStartLine(location) == violation.LineNumber`
`344`	`343`	`}`
`345`	`344`
`346`	`345`	`func getJasVulnerabilityId(violation services.XrayViolation, jasType jasutils.JasScanType) string {`