Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
5274e118
Commit
5274e118
authored
Aug 05, 2021
by
Mehmet Emin INAC
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix `StoreReportService` by falling back to find by location approach
Changelog: fixed EE: true
parent
1716bf84
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
32 additions
and
5 deletions
+32
-5
ee/app/services/security/store_report_service.rb
ee/app/services/security/store_report_service.rb
+13
-3
ee/spec/services/security/store_report_service_spec.rb
ee/spec/services/security/store_report_service_spec.rb
+19
-2
No files found.
ee/app/services/security/store_report_service.rb
View file @
5274e118
...
...
@@ -165,9 +165,6 @@ module Security
vulnerability_finding
rescue
ActiveRecord
::
RecordNotUnique
=>
e
# the uuid is the only unique constraint on the vulnerability_occurrences
# table - no need to use get_matched_findings(...).first here. Fetching
# the finding with the same uuid will be enough
vulnerability_finding
=
project
.
vulnerability_findings
.
reset
.
find_by
(
uuid:
finding
.
uuid
)
if
vulnerability_finding
sync_vulnerability_finding
(
vulnerability_finding
,
finding
,
create_params
.
dig
(
:location
))
...
...
@@ -175,6 +172,19 @@ module Security
return
vulnerability_finding
end
find_params
=
{
scanner:
scanners_objects
[
finding
.
scanner
.
key
],
primary_identifier:
identifiers_objects
[
finding
.
primary_identifier
.
key
],
location_fingerprint:
finding
.
location
.
fingerprint
}
vulnerability_finding
=
project
.
vulnerability_findings
.
reset
.
find_by
(
find_params
)
if
vulnerability_finding
sync_vulnerability_finding
(
vulnerability_finding
,
finding
,
create_params
.
dig
(
:location
))
vulnerability_finding
.
save!
return
vulnerability_finding
end
Gitlab
::
ErrorTracking
.
track_and_raise_exception
(
e
,
find_params:
find_params
,
uuid:
finding
.
uuid
)
rescue
ActiveRecord
::
RecordInvalid
=>
e
Gitlab
::
ErrorTracking
.
track_and_raise_exception
(
e
,
create_params:
create_params
&
.
dig
(
:raw_metadata
))
...
...
ee/spec/services/security/store_report_service_spec.rb
View file @
5274e118
...
...
@@ -319,6 +319,23 @@ RSpec.describe Security::StoreReportService, '#execute' do
location_fingerprint:
'34661e23abcf78ff80dfcc89d0700437612e3f88'
)
end
let
(
:identifier_of_corrupted_finding
)
do
create
(
:vulnerabilities_identifier
,
project:
project
,
fingerprint:
'5848739446034d982ef7beece3bb19bff4044ffb'
)
end
let!
(
:finding_with_wrong_uuidv5
)
do
create
(
:vulnerabilities_finding
,
pipelines:
[
pipeline
],
identifiers:
[
identifier_of_corrupted_finding
],
primary_identifier:
identifier_of_corrupted_finding
,
scanner:
scanner
,
project:
project
,
uuid:
'd588ff5c-7f65-5ac1-9d11-4f57d65f3faf'
,
location_fingerprint:
'650bd2dbdad33d2859747c6ae83dcf448ce02394'
)
end
let!
(
:vulnerability_with_uuid5
)
{
create
(
:vulnerability
,
findings:
[
finding_with_uuidv5
],
project:
project
)
}
before
do
...
...
@@ -351,11 +368,11 @@ RSpec.describe Security::StoreReportService, '#execute' do
end
it
'inserts only new identifiers and reuse existing ones'
do
expect
{
subject
}.
to
change
{
Vulnerabilities
::
Identifier
.
count
}.
by
(
5
)
expect
{
subject
}.
to
change
{
Vulnerabilities
::
Identifier
.
count
}.
by
(
4
)
end
it
'inserts only new findings and reuse existing ones'
do
expect
{
subject
}.
to
change
{
Vulnerabilities
::
Finding
.
count
}.
by
(
4
)
expect
{
subject
}.
to
change
{
Vulnerabilities
::
Finding
.
count
}.
by
(
3
)
end
it
'inserts all finding pipelines (join model) for this new pipeline'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment