Merge branch 'dont_try_to_update_statistics_if_there_no_new_vulnerability' into 'master'

Skip updating vulnerability statistics if there are no new records See merge request gitlab-org/gitlab!77056

Merge branch 'dont_try_to_update_statistics_if_there_no_new_vulnerability' into 'master'
Skip updating vulnerability statistics if there are no new records See merge request gitlab-org/gitlab!77056
26a6a3f2 · Tetiana Chupryna · 0622fad1 · e580999f · 26a6a3f2 · 26a6a3f2
Commit 26a6a3f2 authored Dec 20, 2021 by Tetiana Chupryna
2 changed files
--- a/ee/app/services/security/ingestion/tasks/ingest_vulnerability_statistics.rb
+++ b/ee/app/services/security/ingestion/tasks/ingest_vulnerability_statistics.rb
@@ -24,6 +24,8 @@ module Security
        SQL
        def execute
+          return unless severity_counts.present?
          connection.execute(upsert_sql)
        end

--- a/ee/spec/services/security/ingestion/tasks/ingest_vulnerability_statistics_spec.rb
+++ b/ee/spec/services/security/ingestion/tasks/ingest_vulnerability_statistics_spec.rb
@@ -12,11 +12,21 @@ RSpec.describe Security::Ingestion::Tasks::IngestVulnerabilityStatistics do
    let_it_be(:finding_map_1) { create(:finding_map, :new_record, security_finding: security_finding_1) }
    let_it_be(:finding_map_2) { create(:finding_map, :new_record, security_finding: security_finding_2) }
    let_it_be(:finding_map_3) { create(:finding_map, :with_finding, security_finding: security_finding_3) }
-    let_it_be(:finding_maps) { [finding_map_1, finding_map_2, finding_map_3] }
    subject(:ingest_statistics) { described_class.new(pipeline, finding_maps).execute }
    context 'when there is no statistics record for the project' do
+      context 'when there are no new vulnerabilities' do
+        let(:finding_maps) { [finding_map_3] }
+        it 'does not create a new Vulnerabilities::Statistic record' do
+          expect { ingest_statistics }.not_to change { Vulnerabilities::Statistic.where(project: project).count }
+        end
+      end
+      context 'when there are new vulnerabilities' do
+        let(:finding_maps) { [finding_map_1, finding_map_2, finding_map_3] }
        it 'creates a new Vulnerabilities::Statistic record' do
          expect { ingest_statistics }.to change { Vulnerabilities::Statistic.where(project: project).count }.by(1)
        end
@@ -27,10 +37,24 @@ RSpec.describe Security::Ingestion::Tasks::IngestVulnerabilityStatistics do
          expect(project.vulnerability_statistic).to have_attributes(critical: 1, high: 0, unknown: 0, medium: 1, low: 0, letter_grade: 'f')
        end
      end
+    end
    context 'when there is already a statistics record for the project' do
      let_it_be(:vulnerability_statistic) { create(:vulnerability_statistic, :grade_c, project: project) }
+      context 'when there are no new vulnerabilities' do
+        let(:finding_maps) { [finding_map_3] }
+        it 'does not create a new record and does not change the existing record' do
+          expect { ingest_statistics }.to not_change { vulnerability_statistic.reload.letter_grade }
+                                      .and not_change { vulnerability_statistic.reload.low }
+                                      .and not_change { Vulnerabilities::Statistic.count }
+        end
+      end
+      context 'when there are new vulnerabilities' do
+        let(:finding_maps) { [finding_map_1, finding_map_2, finding_map_3] }
        it 'does not create a new record and updates the existing one' do
          expect { ingest_statistics }.to change { vulnerability_statistic.reload.letter_grade }.from('c').to('f')
                                      .and change { vulnerability_statistic.reload.critical }.from(0).to(1)
@@ -39,4 +63,5 @@ RSpec.describe Security::Ingestion::Tasks::IngestVulnerabilityStatistics do
        end
      end
    end
+  end
 end