Commit 5274e118 authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Fix `StoreReportService` by falling back to find by location approach

Changelog: fixed
EE: true
parent 1716bf84
......@@ -165,9 +165,6 @@ module Security
vulnerability_finding
rescue ActiveRecord::RecordNotUnique => e
# the uuid is the only unique constraint on the vulnerability_occurrences
# table - no need to use get_matched_findings(...).first here. Fetching
# the finding with the same uuid will be enough
vulnerability_finding = project.vulnerability_findings.reset.find_by(uuid: finding.uuid)
if vulnerability_finding
sync_vulnerability_finding(vulnerability_finding, finding, create_params.dig(:location))
......@@ -175,6 +172,19 @@ module Security
return vulnerability_finding
end
find_params = {
scanner: scanners_objects[finding.scanner.key],
primary_identifier: identifiers_objects[finding.primary_identifier.key],
location_fingerprint: finding.location.fingerprint
}
vulnerability_finding = project.vulnerability_findings.reset.find_by(find_params)
if vulnerability_finding
sync_vulnerability_finding(vulnerability_finding, finding, create_params.dig(:location))
vulnerability_finding.save!
return vulnerability_finding
end
Gitlab::ErrorTracking.track_and_raise_exception(e, find_params: find_params, uuid: finding.uuid)
rescue ActiveRecord::RecordInvalid => e
Gitlab::ErrorTracking.track_and_raise_exception(e, create_params: create_params&.dig(:raw_metadata))
......
......@@ -319,6 +319,23 @@ RSpec.describe Security::StoreReportService, '#execute' do
location_fingerprint: '34661e23abcf78ff80dfcc89d0700437612e3f88')
end
let(:identifier_of_corrupted_finding) do
create(:vulnerabilities_identifier,
project: project,
fingerprint: '5848739446034d982ef7beece3bb19bff4044ffb')
end
let!(:finding_with_wrong_uuidv5) do
create(:vulnerabilities_finding,
pipelines: [pipeline],
identifiers: [identifier_of_corrupted_finding],
primary_identifier: identifier_of_corrupted_finding,
scanner: scanner,
project: project,
uuid: 'd588ff5c-7f65-5ac1-9d11-4f57d65f3faf',
location_fingerprint: '650bd2dbdad33d2859747c6ae83dcf448ce02394')
end
let!(:vulnerability_with_uuid5) { create(:vulnerability, findings: [finding_with_uuidv5], project: project) }
before do
......@@ -351,11 +368,11 @@ RSpec.describe Security::StoreReportService, '#execute' do
end
it 'inserts only new identifiers and reuse existing ones' do
expect { subject }.to change { Vulnerabilities::Identifier.count }.by(5)
expect { subject }.to change { Vulnerabilities::Identifier.count }.by(4)
end
it 'inserts only new findings and reuse existing ones' do
expect { subject }.to change { Vulnerabilities::Finding.count }.by(4)
expect { subject }.to change { Vulnerabilities::Finding.count }.by(3)
end
it 'inserts all finding pipelines (join model) for this new pipeline' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment