Remove elements from base json file

Use base file and remove elements for invalid data

Remove elements from base json file
Use base file and remove elements for invalid data
17a069ae · Jonathan Schafer · b24538af · 17a069ae · 17a069ae · b24538af
Commit 17a069ae authored Aug 19, 2020 by Jonathan Schafer
4 changed files
--- a/ee/app/services/security/store_report_service.rb
+++ b/ee/app/services/security/store_report_service.rb
@@ -17,6 +17,7 @@ module Security
    def execute
      # Ensure we're not trying to insert data twice for this report
      return error("#{@report.type} report already stored for this pipeline, skipping...") if executed?
+      raise ParseError, 'JSON parsing failed' if report.error.is_a?(Gitlab::Ci::Parsers::Security::Common::SecurityReportParserError)

      vulnerability_ids = create_all_vulnerabilities!
      mark_as_resolved_except(vulnerability_ids)

--- a/ee/spec/factories/ci/job_artifacts.rb
+++ b/ee/spec/factories/ci/job_artifacts.rb
@@ -184,8 +184,12 @@ FactoryBot.define do
      file_format { :raw }

      after(:build) do |artifact, _|
-        artifact.file = fixture_file_upload(
-          Rails.root.join('ee/spec/fixtures/security_reports/master/gl-sast-missing-identifiers.json'), 'application/json')
+        file = fixture_file_upload(
+          Rails.root.join('ee/spec/fixtures/security_reports/master/gl-sast-report.json'), 'application/json')
+        data = Gitlab::Json.parse(file.tempfile.read)['vulnerabilities'].each { |v| v.delete('identifiers') }.to_json
+        output = Tempfile.new("gl-sast-missing-identifiers")
+        output.write(data)
+        artifact.file = fixture_file_upload(output.path, 'application/json')
      end
    end


--- a/ee/spec/fixtures/security_reports/master/gl-sast-missing-identifiers.json
+++ b/ee/spec/fixtures/security_reports/master/gl-sast-missing-identifiers.json
-{
-  "version": "1.2",
-  "vulnerabilities": [
-    {
-      "category": "sast",
-      "message": "Probable insecure usage of temp file/directory.",
-      "cve": "python/hardcoded/hardcoded-tmp.py:52865813c884a507be1f152d654245af34aba8a391626d01f1ab6d3f52ec8779:B108",
-      "severity": "Medium",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-tmp.py",
-        "start_line": 1,
-        "end_line": 1
-      },
-      "priority": "Medium",
-      "file": "python/hardcoded/hardcoded-tmp.py",
-      "line": 1,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "name": "Predictable pseudorandom number generator",
-      "message": "Predictable pseudorandom number generator",
-      "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM",
-      "severity": "Medium",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "find_sec_bugs",
-        "name": "Find Security Bugs"
-      },
-      "location": {
-        "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-        "start_line": 47,
-        "end_line": 47,
-        "class": "com.gitlab.security_products.tests.App",
-        "method": "generateSecretToken2"
-      },
-      "priority": "Medium",
-      "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-      "line": 47,
-      "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
-      "tool": "find_sec_bugs"
-    },
-    {
-      "category": "sast",
-      "name": "Predictable pseudorandom number generator",
-      "message": "Predictable pseudorandom number generator",
-      "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM",
-      "severity": "Medium",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "find_sec_bugs",
-        "name": "Find Security Bugs"
-      },
-      "location": {
-        "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-        "start_line": 41,
-        "end_line": 41,
-        "class": "com.gitlab.security_products.tests.App",
-        "method": "generateSecretToken1"
-      },
-      "priority": "Medium",
-      "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-      "line": 41,
-      "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
-      "tool": "find_sec_bugs"
-    },
-    {
-      "category": "sast",
-      "message": "Use of insecure MD2, MD4, or MD5 hash function.",
-      "cve": "python/imports/imports-aliases.py:cb203b465dffb0cb3a8e8bd8910b84b93b0a5995a938e4b903dbb0cd6ffa1254:B303",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 11,
-        "end_line": 11
-      },
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 11,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Use of insecure MD2, MD4, or MD5 hash function.",
-      "cve": "python/imports/imports-aliases.py:a7173c43ae66bd07466632d819d450e0071e02dbf782763640d1092981f9631b:B303",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 12,
-        "end_line": 12
-      },
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 12,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Use of insecure MD2, MD4, or MD5 hash function.",
-      "cve": "python/imports/imports-aliases.py:017017b77deb0b8369b6065947833eeea752a92ec8a700db590fece3e934cf0d:B303",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 13,
-        "end_line": 13
-      },
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 13,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Use of insecure MD2, MD4, or MD5 hash function.",
-      "cve": "python/imports/imports-aliases.py:45fc8c53aea7b84f06bc4e590cc667678d6073c4c8a1d471177ca2146fb22db2:B303",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 14,
-        "end_line": 14
-      },
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 14,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Pickle library appears to be in use, possible security issue.",
-      "cve": "python/imports/imports-aliases.py:5f200d47291e7bbd8352db23019b85453ca048dd98ea0c291260fa7d009963a4:B301",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 15,
-        "end_line": 15
-      },
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 15,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "name": "ECB mode is insecure",
-      "message": "ECB mode is insecure",
-      "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:ECB_MODE",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "find_sec_bugs",
-        "name": "Find Security Bugs"
-      },
-      "location": {
-        "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-        "start_line": 29,
-        "end_line": 29,
-        "class": "com.gitlab.security_products.tests.App",
-        "method": "insecureCypher"
-      },
-      "priority": "Medium",
-      "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-      "line": 29,
-      "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE",
-      "tool": "find_sec_bugs"
-    },
-    {
-      "category": "sast",
-      "name": "Cipher with no integrity",
-      "message": "Cipher with no integrity",
-      "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:CIPHER_INTEGRITY",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "find_sec_bugs",
-        "name": "Find Security Bugs"
-      },
-      "location": {
-        "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-        "start_line": 29,
-        "end_line": 29,
-        "class": "com.gitlab.security_products.tests.App",
-        "method": "insecureCypher"
-      },
-      "priority": "Medium",
-      "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-      "line": 29,
-      "url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY",
-      "tool": "find_sec_bugs"
-    },
-    {
-      "category": "sast",
-      "message": "Probable insecure usage of temp file/directory.",
-      "cve": "python/hardcoded/hardcoded-tmp.py:63dd4d626855555b816985d82c4614a790462a0a3ada89dc58eb97f9c50f3077:B108",
-      "severity": "Medium",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-tmp.py",
-        "start_line": 14,
-        "end_line": 14
-      },
-      "priority": "Medium",
-      "file": "python/hardcoded/hardcoded-tmp.py",
-      "line": 14,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Probable insecure usage of temp file/directory.",
-      "cve": "python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108",
-      "severity": "Medium",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-tmp.py",
-        "start_line": 10,
-        "end_line": 10
-      },
-      "priority": "Medium",
-      "file": "python/hardcoded/hardcoded-tmp.py",
-      "line": 10,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with Popen module.",
-      "cve": "python/imports/imports-aliases.py:2c3e1fa1e54c3c6646e8bcfaee2518153c6799b77587ff8d9a7b0631f6d34785:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 1,
-        "end_line": 1
-      },
-      "priority": "Low",
-      "file": "python/imports/imports-aliases.py",
-      "line": 1,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with pickle module.",
-      "cve": "python/imports/imports.py:af58d07f6ad519ef5287fcae65bf1a6999448a1a3a8bc1ac2a11daa80d0b96bf:B403",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports.py",
-        "start_line": 2,
-        "end_line": 2
-      },
-      "priority": "Low",
-      "file": "python/imports/imports.py",
-      "line": 2,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with subprocess module.",
-      "cve": "python/imports/imports.py:8de9bc98029d212db530785a5f6780cfa663548746ff228ab8fa96c5bb82f089:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports.py",
-        "start_line": 4,
-        "end_line": 4
-      },
-      "priority": "Low",
-      "file": "python/imports/imports.py",
-      "line": 4,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'blerg'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:97c30f1d76d2a88913e3ce9ae74087874d740f87de8af697a9c455f01119f633:B106",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 22,
-        "end_line": 22
-      },
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 22,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'root'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:7431c73a0bc16d94ece2a2e75ef38f302574d42c37ac0c3c38ad0b3bf8a59f10:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 5,
-        "end_line": 5
-      },
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 5,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: ''",
-      "cve": "python/hardcoded/hardcoded-passwords.py:d2d1857c27caedd49c57bfbcdc23afcc92bd66a22701fcdc632869aab4ca73ee:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 9,
-        "end_line": 9
-      },
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 9,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'ajklawejrkl42348swfgkg'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:fb3866215a61393a5c9c32a3b60e2058171a23219c353f722cbd3567acab21d2:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 13,
-        "end_line": 13
-      },
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 13,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'blerg'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:63c62a8b7e1e5224439bd26b28030585ac48741e28ca64561a6071080c560a5f:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 23,
-        "end_line": 23
-      },
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 23,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'blerg'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:4311b06d08df8fa58229b341c531da8e1a31ec4520597bdff920cd5c098d86f9:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 24,
-        "end_line": 24
-      },
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 24,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with subprocess module.",
-      "cve": "python/imports/imports-function.py:5858400c2f39047787702de44d03361ef8d954c9d14bd54ee1c2bef9e6a7df93:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-function.py",
-        "start_line": 4,
-        "end_line": 4
-      },
-      "priority": "Low",
-      "file": "python/imports/imports-function.py",
-      "line": 4,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with pickle module.",
-      "cve": "python/imports/imports-function.py:dbda3cf4190279d30e0aad7dd137eca11272b0b225e8af4e8bf39682da67d956:B403",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-function.py",
-        "start_line": 2,
-        "end_line": 2
-      },
-      "priority": "Low",
-      "file": "python/imports/imports-function.py",
-      "line": 2,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with Popen module.",
-      "cve": "python/imports/imports-from.py:eb8a0db9cd1a8c1ab39a77e6025021b1261cc2a0b026b2f4a11fca4e0636d8dd:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-from.py",
-        "start_line": 7,
-        "end_line": 7
-      },
-      "priority": "Low",
-      "file": "python/imports/imports-from.py",
-      "line": 7,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell",
-      "cve": "python/imports/imports-aliases.py:f99f9721e27537fbcb6699a4cf39c6740d6234d2c6f06cfc2d9ea977313c483d:B602",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 9,
-        "end_line": 9
-      },
-      "priority": "Low",
-      "file": "python/imports/imports-aliases.py",
-      "line": 9,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with subprocess module.",
-      "cve": "python/imports/imports-from.py:332a12ab1146698f614a905ce6a6a5401497a12281aef200e80522711c69dcf4:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-from.py",
-        "start_line": 6,
-        "end_line": 6
-      },
-      "priority": "Low",
-      "file": "python/imports/imports-from.py",
-      "line": 6,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with Popen module.",
-      "cve": "python/imports/imports-from.py:0a48de4a3d5348853a03666cb574697e3982998355e7a095a798bd02a5947276:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-from.py",
-        "start_line": 1,
-        "end_line": 2
-      },
-      "priority": "Low",
-      "file": "python/imports/imports-from.py",
-      "line": 1,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with pickle module.",
-      "cve": "python/imports/imports-aliases.py:51b71661dff994bde3529639a727a678c8f5c4c96f00d300913f6d5be1bbdf26:B403",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 7,
-        "end_line": 8
-      },
-      "priority": "Low",
-      "file": "python/imports/imports-aliases.py",
-      "line": 7,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with loads module.",
-      "cve": "python/imports/imports-aliases.py:6ff02aeb3149c01ab68484d794a94f58d5d3e3bb0d58557ef4153644ea68ea54:B403",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 6,
-        "end_line": 6
-      },
-      "priority": "Low",
-      "file": "python/imports/imports-aliases.py",
-      "line": 6,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
-      "cve": "c/subdir/utils.c:b466873101951fe96e1332f6728eb7010acbbd5dfc3b65d7d53571d091a06d9e:CWE-119!/CWE-120",
-      "confidence": "Low",
-      "solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
-      "scanner": {
-        "id": "flawfinder",
-        "name": "Flawfinder"
-      },
-      "location": {
-        "file": "c/subdir/utils.c",
-        "start_line": 4
-      },
-      "file": "c/subdir/utils.c",
-      "line": 4,
-      "url": "https://cwe.mitre.org/data/definitions/119.html",
-      "tool": "flawfinder"
-    },
-    {
-      "category": "sast",
-      "message": "Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)",
-      "cve": "c/subdir/utils.c:bab681140fcc8fc3085b6bba74081b44ea145c1c98b5e70cf19ace2417d30770:CWE-362",
-      "confidence": "Low",
-      "scanner": {
-        "id": "flawfinder",
-        "name": "Flawfinder"
-      },
-      "location": {
-        "file": "c/subdir/utils.c",
-        "start_line": 8
-      },
-      "file": "c/subdir/utils.c",
-      "line": 8,
-      "url": "https://cwe.mitre.org/data/definitions/362.html",
-      "tool": "flawfinder"
-    },
-    {
-      "category": "sast",
-      "message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
-      "cve": "cplusplus/src/hello.cpp:c8c6dd0afdae6814194cf0930b719f757ab7b379cf8f261e7f4f9f2f323a818a:CWE-119!/CWE-120",
-      "confidence": "Low",
-      "solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
-      "scanner": {
-        "id": "flawfinder",
-        "name": "Flawfinder"
-      },
-      "location": {
-        "file": "cplusplus/src/hello.cpp",
-        "start_line": 6
-      },
-      "file": "cplusplus/src/hello.cpp",
-      "line": 6,
-      "url": "https://cwe.mitre.org/data/definitions/119.html",
-      "tool": "flawfinder"
-    },
-    {
-      "category": "sast",
-      "message": "Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120)",
-      "cve": "cplusplus/src/hello.cpp:331c04062c4fe0c7c486f66f59e82ad146ab33cdd76ae757ca41f392d568cbd0:CWE-120",
-      "confidence": "Low",
-      "solution": "Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",
-      "scanner": {
-        "id": "flawfinder",
-        "name": "Flawfinder"
-      },
-      "location": {
-        "file": "cplusplus/src/hello.cpp",
-        "start_line": 7
-      },
-      "file": "cplusplus/src/hello.cpp",
-      "line": 7,
-      "url": "https://cwe.mitre.org/data/definitions/120.html",
-      "tool": "flawfinder"
-    }
-  ]
-}
--- a/ee/spec/services/security/store_report_service_spec.rb
+++ b/ee/spec/services/security/store_report_service_spec.rb
@@ -205,14 +205,14 @@ RSpec.describe Security::StoreReportService, '#execute' do
    end

    context 'when the finding does not include a primary identifier' do
-      let(:bad_pipeline) { create(:ci_pipeline, project: project) }
-      let(:bad_build) { create(:ci_build, pipeline: bad_pipeline) }
-      let!(:bad_artifact) { create(:ee_ci_job_artifact, :sast_with_missing_identifiers, job: bad_build) }
+      let(:bad_project) { bad_artifact.project }
+      let(:bad_pipeline) { bad_artifact.job.pipeline }
+      let!(:bad_artifact) { create(:ee_ci_job_artifact, :sast_with_missing_identifiers) }
      let(:bad_report) { bad_pipeline.security_reports.get_report(report_type.to_s, bad_artifact) }
      let(:report_type) { :sast }

      before do
-        project.add_developer(user)
+        bad_project.add_developer(user)
        allow(bad_pipeline).to receive(:user).and_return(user)
      end