chore(detectors): Use new group type for Query Injection Issues (#94540)

this pr replaces the group type that is being created by the query
injection detectors. the previous group type contains issues that we
don't want to show users as we have updated the detectors since, and
creating a new group type is the most straightforward way to achieve
that.

Author: roggenkemper

src/sentry/api/endpoints/project_performance_issue_settings.py

@@ -11,7 +11,6 @@
 from sentry.api.bases.project import ProjectEndpoint, ProjectSettingPermission
 from sentry.auth.superuser import superuser_has_permission
 from sentry.issues.grouptype import (
-    DBQueryInjectionVulnerabilityGroupType,
     GroupType,
     PerformanceConsecutiveDBQueriesGroupType,
     PerformanceConsecutiveHTTPQueriesGroupType,
@@ -26,6 +25,7 @@
     PerformanceSlowDBQueryGroupType,
     PerformanceUncompressedAssetsGroupType,
     ProfileFunctionRegressionType,
+    QueryInjectionVulnerabilityGroupType,
 )
 from sentry.performance_issues.performance_detection import get_merged_settings
 
@@ -91,7 +91,7 @@ class ConfigurableThresholds(Enum):
     ConfigurableThresholds.HTTP_OVERHEAD.value: PerformanceHTTPOverheadGroupType,
     InternalProjectOptions.TRANSACTION_DURATION_REGRESSION.value: PerformanceP95EndpointRegressionGroupType,
     InternalProjectOptions.FUNCTION_DURATION_REGRESSION.value: ProfileFunctionRegressionType,
-    ConfigurableThresholds.DB_QUERY_INJECTION.value: DBQueryInjectionVulnerabilityGroupType,
+    ConfigurableThresholds.DB_QUERY_INJECTION.value: QueryInjectionVulnerabilityGroupType,
 }
 """
 A mapping of the management settings to the group type that the detector spawns.

src/sentry/issues/grouptype.py

@@ -502,6 +502,7 @@ class PerformanceStreamedSpansGroupTypeExperimental(GroupType):
     default_priority = PriorityLevel.LOW
 
 
+# Experimental Group Type for Query Injection Vulnerability
 @dataclass(frozen=True)
 class DBQueryInjectionVulnerabilityGroupType(GroupType):
     type_id = 1020
@@ -515,6 +516,19 @@ class DBQueryInjectionVulnerabilityGroupType(GroupType):
     default_priority = PriorityLevel.MEDIUM
 
 
+@dataclass(frozen=True)
+class QueryInjectionVulnerabilityGroupType(PerformanceGroupTypeDefaults, GroupType):
+    type_id = 1021
+    slug = "query_injection_vulnerability"
+    description = "Potential Query Injection Vulnerability"
+    category = GroupCategory.PERFORMANCE.value
+    category_v2 = GroupCategory.DB_QUERY.value
+    enable_auto_resolve = False
+    enable_escalation_detection = False
+    noise_config = NoiseConfig(ignore_limit=5)
+    default_priority = PriorityLevel.MEDIUM
+
+
 # 2000 was ProfileBlockingFunctionMainThreadType
 @dataclass(frozen=True)
 class ProfileFileIOGroupType(GroupType):

src/sentry/performance_issues/detectors/query_injection_detector.py

@@ -3,7 +3,7 @@
 import hashlib
 from typing import Any
 
-from sentry.issues.grouptype import DBQueryInjectionVulnerabilityGroupType
+from sentry.issues.grouptype import QueryInjectionVulnerabilityGroupType
 from sentry.issues.issue_occurrence import IssueEvidence
 from sentry.models.organization import Organization
 from sentry.models.project import Project
@@ -85,7 +85,7 @@ def visit_span(self, span: Span) -> None:
         )
 
         self.stored_problems[fingerprint] = PerformanceProblem(
-            type=DBQueryInjectionVulnerabilityGroupType,
+            type=QueryInjectionVulnerabilityGroupType,
             fingerprint=fingerprint,
             op=op,
             desc=issue_description[:MAX_EVIDENCE_VALUE_LENGTH],
@@ -138,4 +138,4 @@ def is_span_eligible(cls, span: Span) -> bool:
     def _fingerprint(self, description: str) -> str:
         signature = description.encode("utf-8")
         full_fingerprint = hashlib.sha1(signature).hexdigest()
-        return f"1-{DBQueryInjectionVulnerabilityGroupType.type_id}-{full_fingerprint}"
+        return f"1-{QueryInjectionVulnerabilityGroupType.type_id}-{full_fingerprint}"

src/sentry/performance_issues/detectors/sql_injection_detector.py

@@ -5,7 +5,7 @@
 from collections.abc import Sequence
 from typing import Any
 
-from sentry.issues.grouptype import DBQueryInjectionVulnerabilityGroupType
+from sentry.issues.grouptype import QueryInjectionVulnerabilityGroupType
 from sentry.issues.issue_occurrence import IssueEvidence
 from sentry.models.organization import Organization
 from sentry.models.project import Project
@@ -164,7 +164,7 @@ def visit_span(self, span: Span) -> None:
         )
 
         self.stored_problems[fingerprint] = PerformanceProblem(
-            type=DBQueryInjectionVulnerabilityGroupType,
+            type=QueryInjectionVulnerabilityGroupType,
             fingerprint=fingerprint,
             op=op,
             desc=issue_description[:MAX_EVIDENCE_VALUE_LENGTH],
@@ -233,4 +233,4 @@ def is_event_eligible(cls, event: dict[str, Any], project: Project | None = None
     def _fingerprint(self, description: str) -> str:
         signature = description.encode("utf-8")
         full_fingerprint = hashlib.sha1(signature).hexdigest()
-        return f"1-{DBQueryInjectionVulnerabilityGroupType.type_id}-{full_fingerprint}"
+        return f"1-{QueryInjectionVulnerabilityGroupType.type_id}-{full_fingerprint}"

tests/sentry/performance_issues/test_query_injection_detector.py

@@ -4,7 +4,7 @@
 
 import pytest
 
-from sentry.issues.grouptype import DBQueryInjectionVulnerabilityGroupType
+from sentry.issues.grouptype import QueryInjectionVulnerabilityGroupType
 from sentry.performance_issues.detectors.query_injection_detector import QueryInjectionDetector
 from sentry.performance_issues.performance_detection import (
     get_detection_settings,
@@ -32,8 +32,9 @@ def test_query_injection_detection_in_query_params(self):
         problems = self.find_problems(injection_event)
         assert len(problems) == 1
         problem = problems[0]
-        assert problem.type == DBQueryInjectionVulnerabilityGroupType
-        assert problem.fingerprint == "1-1020-1c333b3c472df81fde8a61cdfae24c86676bd582"
+
+        assert problem.type == QueryInjectionVulnerabilityGroupType
+        assert problem.fingerprint == "1-1021-1c333b3c472df81fde8a61cdfae24c86676bd582"
         assert problem.op == "db"
         assert (
             problem.desc

tests/sentry/performance_issues/test_sql_injection_detector.py

@@ -4,7 +4,7 @@
 
 import pytest
 
-from sentry.issues.grouptype import DBQueryInjectionVulnerabilityGroupType
+from sentry.issues.grouptype import QueryInjectionVulnerabilityGroupType
 from sentry.performance_issues.detectors.sql_injection_detector import SQLInjectionDetector
 from sentry.performance_issues.performance_detection import (
     get_detection_settings,
@@ -32,8 +32,9 @@ def test_sql_injection_detection_in_query_params(self):
         problems = self.find_problems(injection_event)
         assert len(problems) == 1
         problem = problems[0]
-        assert problem.type == DBQueryInjectionVulnerabilityGroupType
-        assert problem.fingerprint == "1-1020-20e736601b897f6698ef6bca5082d27f5fa765e4"
+
+        assert problem.type == QueryInjectionVulnerabilityGroupType
+        assert problem.fingerprint == "1-1021-20e736601b897f6698ef6bca5082d27f5fa765e4"
         assert problem.op == "db"
         assert (
             problem.desc
@@ -49,8 +50,10 @@ def test_sql_injection_detection_in_body(self):
         problems = self.find_problems(injection_event)
         assert len(problems) == 1
         problem = problems[0]
-        assert problem.type == DBQueryInjectionVulnerabilityGroupType
-        assert problem.fingerprint == "1-1020-da364c9819759827b8401d54783b2462683d461a"
+
+        assert problem.type == QueryInjectionVulnerabilityGroupType
+        assert problem.fingerprint == "1-1021-da364c9819759827b8401d54783b2462683d461a"
+
         assert problem.op == "db"
         assert (
             problem.desc