Commit 1e4cf2b0 authored by Daniel Paul Searles's avatar Daniel Paul Searles

Fix vulnerability_feedback create service

Why:

* The create service would return as successful when the record is
  invalid if the record already preexisted.

This change addresses the need by:

* Only return as successful if feedback is persisted AND valid
parent 9056b5ef
...@@ -19,7 +19,7 @@ module VulnerabilityFeedback ...@@ -19,7 +19,7 @@ module VulnerabilityFeedback
vulnerability_feedback.save vulnerability_feedback.save
end end
if vulnerability_feedback.persisted? if vulnerability_feedback.persisted? && vulnerability_feedback.valid?
success(vulnerability_feedback) success(vulnerability_feedback)
else else
rollback_merge_request(vulnerability_feedback.merge_request) if vulnerability_feedback.merge_request rollback_merge_request(vulnerability_feedback.merge_request) if vulnerability_feedback.merge_request
......
---
title: Enforce existing vulnerability feedback pipeline is in the same project
merge_request:
author:
type: security
...@@ -208,6 +208,26 @@ describe VulnerabilityFeedback::CreateService, '#execute' do ...@@ -208,6 +208,26 @@ describe VulnerabilityFeedback::CreateService, '#execute' do
end end
end end
context 'when feedback exists' do
let!(:feedback) { create(:vulnerability_feedback, project: project) }
let(:another_pipeline) { create(:ci_pipeline) }
let(:feedback_params) do
{
feedback_type: feedback.feedback_type, pipeline_id: another_pipeline.id, category: feedback.category,
project_fingerprint: feedback.project_fingerprint,
comment: feedback.comment,
vulnerability_data: feedback.vulnerability_data
}
end
it 'returns error when params are invalid' do
result = described_class.new(project, user, feedback_params).execute
expect(result[:status]).to eq(:error)
expect(result[:message][:pipeline]).to eq(["must associate the same project"])
end
end
context 'when params are invalid' do context 'when params are invalid' do
context 'when vulnerability_data params is missing and feedback_type is issue' do context 'when vulnerability_data params is missing and feedback_type is issue' do
let(:feedback_params) do let(:feedback_params) do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment