Create missing IssueLink objects

As mentioned in https://gitlab.com/gitlab-org/gitlab/-/issues/224457 we
need to create missing `Vulnerabilities::IssueLink` objects for
Vulnerabilities that do not have them yet but have an associated
`Vulnerabilities::Feedback` with type of `issue`.

changelogs/unreleased/234066-create-issuelink-for-vulnerabilities-that-do-not-have-them.yml

+---
+title: Create IssueLink for Vulnerabilities that do not have them
+merge_request: 40726
+author:
+type: fixed

db/post_migrate/20200811130433_create_missing_vulnerabilities_issue_links.rb

+# frozen_string_literal: true
+
+class CreateMissingVulnerabilitiesIssueLinks < ActiveRecord::Migration[6.0]
+  class VulnerabilitiesFeedback < ActiveRecord::Base
+    include EachBatch
+    self.table_name = 'vulnerability_feedback'
+  end
+
+  class VulnerabilitiesIssueLink < ActiveRecord::Base
+    self.table_name = 'vulnerability_issue_links'
+    LINK_TYPE_CREATED = 2
+  end
+
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    VulnerabilitiesFeedback.where('issue_id IS NOT NULL').each_batch do |relation|
+      timestamp = Time.now
+      issue_links = relation
+        .joins("JOIN vulnerability_occurrences vo ON vo.project_id = vulnerability_feedback.project_id AND vo.report_type = vulnerability_feedback.category AND encode(vo.project_fingerprint, 'hex') = vulnerability_feedback.project_fingerprint")
+        .where('vo.vulnerability_id IS NOT NULL')
+        .pluck(:vulnerability_id, :issue_id)
+        .map do |v_id, i_id|
+          {
+            vulnerability_id: v_id,
+            issue_id: i_id,
+            link_type: VulnerabilitiesIssueLink::LINK_TYPE_CREATED,
+            created_at: timestamp,
+            updated_at: timestamp
+          }
+        end
+
+      next if issue_links.empty?
+
+      VulnerabilitiesIssueLink.insert_all(
+        issue_links,
+        returning: false
+      )
+    end
+  end
+
+  def down
+  end
+end

db/schema_migrations/20200811130433

+e8fc0809b5bd3248dc625602deeaaef16e2db6b33d8eaf51fdcc1c67dee49e17
\ No newline at end of file

spec/migrations/20200811130433_create_missing_vulnerabilities_issue_links_spec.rb

+# frozen_string_literal: true
+require 'spec_helper'
+require Rails.root.join('db', 'post_migrate', '20200811130433_create_missing_vulnerabilities_issue_links.rb')
+
+RSpec.describe CreateMissingVulnerabilitiesIssueLinks, :migration do
+  let(:namespace) { table(:namespaces).create!(name: 'user', path: 'user') }
+  let(:users) { table(:users) }
+  let(:user) { create_user! }
+  let(:project) { table(:projects).create!(id: 123, namespace_id: namespace.id) }
+  let(:scanners) { table(:vulnerability_scanners) }
+  let(:scanner) { scanners.create!(project_id: project.id, external_id: 'test 1', name: 'test scanner 1') }
+  let(:different_scanner) { scanners.create!(project_id: project.id, external_id: 'test 2', name: 'test scanner 2') }
+  let(:issues) { table(:issues) }
+  let(:issue1) { issues.create!(id: 123, project_id: project.id) }
+  let(:issue2) { issues.create!(id: 124, project_id: project.id) }
+  let(:issue3) { issues.create!(id: 125, project_id: project.id) }
+  let(:vulnerabilities) { table(:vulnerabilities) }
+  let(:vulnerabilities_findings) { table(:vulnerability_occurrences) }
+  let(:vulnerability_feedback) { table(:vulnerability_feedback) }
+  let(:vulnerability_issue_links) { table(:vulnerability_issue_links) }
+  let(:vulnerability_identifiers) { table(:vulnerability_identifiers) }
+  let(:vulnerability_identifier) { vulnerability_identifiers.create!(project_id: project.id, external_type: 'test 1', external_id: 'test 1', fingerprint: 'test 1', name: 'test 1') }
+  let(:different_vulnerability_identifier) { vulnerability_identifiers.create!(project_id: project.id, external_type: 'test 2', external_id: 'test 2', fingerprint: 'test 2', name: 'test 2') }
+
+  let!(:vulnerability) do
+    create_vulnerability!(
+      project_id: project.id,
+      author_id: user.id
+    )
+  end
+
+  before do
+    create_finding!(
+      vulnerability_id: vulnerability.id,
+      project_id: project.id,
+      scanner_id: scanner.id,
+      primary_identifier_id: vulnerability_identifier.id
+    )
+    create_feedback!(
+      issue_id: issue1.id,
+      project_id: project.id,
+      author_id: user.id
+    )
+
+    # Create a finding with no vulnerability_id
+    # https://gitlab.com/gitlab-com/gl-infra/production/-/issues/2539
+    create_finding!(
+      vulnerability_id: nil,
+      project_id: project.id,
+      scanner_id: different_scanner.id,
+      primary_identifier_id: different_vulnerability_identifier.id,
+      location_fingerprint: 'somewhereinspace',
+      uuid: 'test2'
+    )
+    create_feedback!(
+      category: 2,
+      issue_id: issue2.id,
+      project_id: project.id,
+      author_id: user.id
+    )
+  end
+
+  context 'with no Vulnerabilities::IssueLinks present' do
+    it 'creates missing Vulnerabilities::IssueLinks' do
+      expect(vulnerability_issue_links.count).to eq(0)
+
+      migrate!
+
+      expect(vulnerability_issue_links.count).to eq(1)
+    end
+  end
+
+  context 'when an Vulnerabilities::IssueLink already exists' do
+    before do
+      vulnerability_issue_links.create!(vulnerability_id: vulnerability.id, issue_id: issue1.id)
+    end
+
+    it 'creates no duplicates' do
+      expect(vulnerability_issue_links.count).to eq(1)
+
+      migrate!
+
+      expect(vulnerability_issue_links.count).to eq(1)
+    end
+  end
+
+  context 'when an Vulnerabilities::IssueLink of type created already exists' do
+    before do
+      vulnerability_issue_links.create!(vulnerability_id: vulnerability.id, issue_id: issue3.id, link_type: 2)
+    end
+
+    it 'creates no duplicates' do
+      expect(vulnerability_issue_links.count).to eq(1)
+
+      migrate!
+
+      expect(vulnerability_issue_links.count).to eq(1)
+    end
+  end
+
+  private
+
+  def create_vulnerability!(project_id:, author_id:, title: 'test', severity: 7, confidence: 7, report_type: 0)
+    vulnerabilities.create!(
+      project_id: project_id,
+      author_id: author_id,
+      title: title,
+      severity: severity,
+      confidence: confidence,
+      report_type: report_type
+    )
+  end
+
+  # rubocop:disable Metrics/ParameterLists
+  def create_finding!(
+    vulnerability_id:, project_id:, scanner_id:, primary_identifier_id:,
+                      name: "test", severity: 7, confidence: 7, report_type: 0,
+                      project_fingerprint: '123qweasdzxc', location_fingerprint: 'test',
+                      metadata_version: 'test', raw_metadata: 'test', uuid: 'test')
+    vulnerabilities_findings.create!(
+      vulnerability_id: vulnerability_id,
+      project_id: project_id,
+      name: name,
+      severity: severity,
+      confidence: confidence,
+      report_type: report_type,
+      project_fingerprint: project_fingerprint,
+      scanner_id: scanner.id,
+      primary_identifier_id: vulnerability_identifier.id,
+      location_fingerprint: location_fingerprint,
+      metadata_version: metadata_version,
+      raw_metadata: raw_metadata,
+      uuid: uuid
+    )
+  end
+  # rubocop:enable Metrics/ParameterLists
+
+  # project_fingerprint on Vulnerabilities::Finding is a bytea and we need to match this
+  def create_feedback!(issue_id:, project_id:, author_id:, feedback_type: 1, category: 0, project_fingerprint: '3132337177656173647a7863')
+    vulnerability_feedback.create!(
+      feedback_type: feedback_type,
+      issue_id: issue_id,
+      category: category,
+      project_fingerprint: project_fingerprint,
+      project_id: project_id,
+      author_id: author_id
+    )
+  end
+
+  def create_user!(name: "Example User", email: "user@example.com", user_type: nil, created_at: Time.now, confirmed_at: Time.now)
+    users.create!(
+      name: name,
+      email: email,
+      username: name,
+      projects_limit: 0,
+      user_type: user_type,
+      confirmed_at: confirmed_at
+    )
+  end
+end