Commit 4a8d23ee authored by Sean McGivern's avatar Sean McGivern

Merge branch 'hot_fix_store_report_service' into 'master'

Fix `StoreReportService` by falling back to find by location approach

See merge request gitlab-org/gitlab!67568
parents dda67bb3 5274e118
...@@ -165,9 +165,6 @@ module Security ...@@ -165,9 +165,6 @@ module Security
vulnerability_finding vulnerability_finding
rescue ActiveRecord::RecordNotUnique => e rescue ActiveRecord::RecordNotUnique => e
# the uuid is the only unique constraint on the vulnerability_occurrences
# table - no need to use get_matched_findings(...).first here. Fetching
# the finding with the same uuid will be enough
vulnerability_finding = project.vulnerability_findings.reset.find_by(uuid: finding.uuid) vulnerability_finding = project.vulnerability_findings.reset.find_by(uuid: finding.uuid)
if vulnerability_finding if vulnerability_finding
sync_vulnerability_finding(vulnerability_finding, finding, create_params.dig(:location)) sync_vulnerability_finding(vulnerability_finding, finding, create_params.dig(:location))
...@@ -175,6 +172,19 @@ module Security ...@@ -175,6 +172,19 @@ module Security
return vulnerability_finding return vulnerability_finding
end end
find_params = {
scanner: scanners_objects[finding.scanner.key],
primary_identifier: identifiers_objects[finding.primary_identifier.key],
location_fingerprint: finding.location.fingerprint
}
vulnerability_finding = project.vulnerability_findings.reset.find_by(find_params)
if vulnerability_finding
sync_vulnerability_finding(vulnerability_finding, finding, create_params.dig(:location))
vulnerability_finding.save!
return vulnerability_finding
end
Gitlab::ErrorTracking.track_and_raise_exception(e, find_params: find_params, uuid: finding.uuid) Gitlab::ErrorTracking.track_and_raise_exception(e, find_params: find_params, uuid: finding.uuid)
rescue ActiveRecord::RecordInvalid => e rescue ActiveRecord::RecordInvalid => e
Gitlab::ErrorTracking.track_and_raise_exception(e, create_params: create_params&.dig(:raw_metadata)) Gitlab::ErrorTracking.track_and_raise_exception(e, create_params: create_params&.dig(:raw_metadata))
......
...@@ -319,6 +319,23 @@ RSpec.describe Security::StoreReportService, '#execute' do ...@@ -319,6 +319,23 @@ RSpec.describe Security::StoreReportService, '#execute' do
location_fingerprint: '34661e23abcf78ff80dfcc89d0700437612e3f88') location_fingerprint: '34661e23abcf78ff80dfcc89d0700437612e3f88')
end end
let(:identifier_of_corrupted_finding) do
create(:vulnerabilities_identifier,
project: project,
fingerprint: '5848739446034d982ef7beece3bb19bff4044ffb')
end
let!(:finding_with_wrong_uuidv5) do
create(:vulnerabilities_finding,
pipelines: [pipeline],
identifiers: [identifier_of_corrupted_finding],
primary_identifier: identifier_of_corrupted_finding,
scanner: scanner,
project: project,
uuid: 'd588ff5c-7f65-5ac1-9d11-4f57d65f3faf',
location_fingerprint: '650bd2dbdad33d2859747c6ae83dcf448ce02394')
end
let!(:vulnerability_with_uuid5) { create(:vulnerability, findings: [finding_with_uuidv5], project: project) } let!(:vulnerability_with_uuid5) { create(:vulnerability, findings: [finding_with_uuidv5], project: project) }
before do before do
...@@ -351,11 +368,11 @@ RSpec.describe Security::StoreReportService, '#execute' do ...@@ -351,11 +368,11 @@ RSpec.describe Security::StoreReportService, '#execute' do
end end
it 'inserts only new identifiers and reuse existing ones' do it 'inserts only new identifiers and reuse existing ones' do
expect { subject }.to change { Vulnerabilities::Identifier.count }.by(5) expect { subject }.to change { Vulnerabilities::Identifier.count }.by(4)
end end
it 'inserts only new findings and reuse existing ones' do it 'inserts only new findings and reuse existing ones' do
expect { subject }.to change { Vulnerabilities::Finding.count }.by(4) expect { subject }.to change { Vulnerabilities::Finding.count }.by(3)
end end
it 'inserts all finding pipelines (join model) for this new pipeline' do it 'inserts all finding pipelines (join model) for this new pipeline' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment