Finding Jira Mapping API allows assignment of a single Jira Issue to multiple findings

[ccronca]

Bug Description:

When using the jira_finding_mappings API endpoint in DefectDojo, it is possible to update a finding's Jira mapping with a Jira issue that is already assigned to another finding. This action does not raise any errors, but it results in unexpected behavior. Specifically, after updating the mapping, the integration between Jira and DefectDojo only works with the original finding. For instance, if the Jira issue is closed, only the original issue will be affected, not the new assigned finding.

Additionally, attempting to map an already existing Jira issue through the UI results in an "already linked" error, indicating that the UI correctly prevents this action.

Steps to reproduce
Steps to reproduce the behavior:

1. Use the PUT jira_finding_mappings API endpoint to update a finding's Jira mapping with a Jira issue already assigned to another finding
2. Observe that no errors are raised
3. Notice that the integration between Jira and DefectDojo only affects the original finding, not the new assigned finding

Expected behavior
The API jira_finding_mappings endpoint should raise an error or prevent updating a finding's Jira mapping with a Jira issue that is already assigned to another finding.

Deployment method (select with an X)

• Docker Compose
• Kubernetes
• GoDojo

Environment information

• DefectDojo version v. 2.31.4