Don't reuse vulnerability identifiers across projects
Similiar to !84160 (merged), not only vulnerability scanner records, but also vulnerability findings are erroneously getting shared between projects.
This is a permission issue, because project owners cannot access their vulnerability findings, as they belong to another project.
Query (postgres.ai):
SELECT
"vulnerability_identifiers".*
FROM
"vulnerability_identifiers"
WHERE
"vulnerability_identifiers"."name" = 'Test identifier 1'
AND "vulnerability_identifiers"."project_id" = 105
AND "vulnerability_identifiers"."external_type" = 'other'
AND "vulnerability_identifiers"."external_id" = 'Test identifier 1'
LIMIT
1
Limit (cost=0.56..115.13 rows=1 width=159) (actual time=12.174..12.176 rows=0 loops=1)
Buffers: shared read=4
I/O Timings: read=12.119 write=0.000
-> Index Scan using index_vulnerability_identifiers_on_project_id_and_fingerprint on public.vulnerability_identifiers (cost=0.56..115.13 rows=1 width=159) (actual time=12.172..12.173 rows=0 loops=1)
Index Cond: (vulnerability_identifiers.project_id = 105)
Filter: (((vulnerability_identifiers.name)::text = 'Test identifier 1'::text) AND ((vulnerability_identifiers.external_id)::text = 'Test identifier 1'::text) AND ((vulnerability_identifiers.external_type)::text = 'other'::text))
Rows Removed by Filter: 0
Buffers: shared read=4
I/O Timings: read=12.119 write=0.000
Related to #354082
Edited by Dominic Bauer