同一url三个sink点却只会检出一个漏洞

[Maskhe]

Preflight Checklist

• [X] I agree to follow the Code of Conduct that this project adheres to.
• [X] I have searched the issue tracker for an issue that matches the one I want to file, without success.
• [X] I am not looking for support or already pursued the available support channels without success.

Version

1.1.1

Installation Type

Official Docker Compose

Service Name

DongTai-agent-java

Describe the details of the bug and the steps to reproduce it

三个xss sink点:

检出漏洞只有一个：

Additional Information

No response

Logs

No response

[Maskhe]

备忘：

排查后发现是此处引入的该问题：

通过strategy_id来判断当前漏洞是否已经存在，而不是使用hook_strategy_id来判断，这就导致同一类型的漏洞，比如上述的反射型xss，一次请求触发了多个xss sink点，由于都是xss，他们的strategy_id相同，故一次请求中的多个xss sink点只会报出一次，如果一次请求中既有xss又有sqli，则可以两种类型的漏洞都报出。此处更改可能需要修改数据表iast_vulnerability的结构

[exexute]

Please push to fix this issue. thanks.