Merge branch 'improve-security-scopes' into 'master'

Break up cross-model Security::Scan/Finding scope See merge request gitlab-org/gitlab!71779

Merge branch 'improve-security-scopes' into 'master'
Break up cross-model Security::Scan/Finding scope See merge request gitlab-org/gitlab!71779
27478904 · Max Woolf · a755a6ef · 9f43f28b · 27478904 · 27478904
Commit 27478904 authored Oct 07, 2021 by Max Woolf
4 changed files
--- a/ee/app/models/security/finding.rb
+++ b/ee/app/models/security/finding.rb
@@ -22,7 +22,7 @@ module Security
    validates :uuid, presence: true
    scope :by_uuid, -> (uuids) { where(uuid: uuids) }
-    scope :by_build_ids, -> (build_ids) { joins(:scan).where(security_scans: { build_id: build_ids }) }
+    scope :by_build_ids, -> (build_ids) { joins(:scan).merge(Security::Scan.by_build_ids(build_ids)) }
    scope :by_project_fingerprints, -> (fingerprints) { where(project_fingerprint: fingerprints) }
    scope :by_severity_levels, -> (severity_levels) { where(severity: severity_levels) }
    scope :by_confidence_levels, -> (confidence_levels) { where(confidence: confidence_levels) }

--- a/ee/app/models/security/scan.rb
+++ b/ee/app/models/security/scan.rb
@@ -44,6 +44,7 @@ module Security
    # We are going to deprecate the following scope soon as this requires join between ci and non-ci table
    # which will not be possible after database decomposition (https://gitlab.com/groups/gitlab-org/-/epics/6373)
    scope :latest_successful_by_build, -> { joins(:build).where(ci_builds: { retried: [nil, false], status: 'success' }) }
+    scope :by_build_ids, ->(build_ids) { where(build_id: build_ids) }
    scope :without_errors, -> { where("jsonb_array_length(COALESCE(info->'errors', '[]'::jsonb)) = 0") }
    delegate :name, to: :build

--- a/ee/spec/models/security/finding_spec.rb
+++ b/ee/spec/models/security/finding_spec.rb
@@ -33,7 +33,7 @@ RSpec.describe Security::Finding do
  describe '.by_build_ids' do
    subject { described_class.by_build_ids(finding_1.scan.build_id) }
-    it { is_expected.to eq([finding_1]) }
+    it { with_cross_joins_prevented { is_expected.to match_array([finding_1]) } }
  end
  describe '.by_severity_levels' do

--- a/ee/spec/models/security/scan_spec.rb
+++ b/ee/spec/models/security/scan_spec.rb
@@ -96,6 +96,16 @@ RSpec.describe Security::Scan do
    it { is_expected.to match_array([second_successful_scan]) }
  end
+  describe '.by_build_ids' do
+    let!(:sast_scan) { create(:security_scan, scan_type: :sast) }
+    let!(:dast_scan) { create(:security_scan, scan_type: :dast, build: sast_scan.build) }
+    let(:expected_scans) { [sast_scan, dast_scan] }
+    subject { described_class.by_build_ids(expected_scans.map(&:build_id)) }
+    it { with_cross_joins_prevented { is_expected.to match_array(expected_scans) } }
+  end
  describe '.has_dismissal_feedback' do
    let(:project_1) { create(:project) }
    let(:project_2) { create(:project) }