Fix `StoreReportService` by falling back to find by location approach

Changelog: fixed EE: true

Fix `StoreReportService` by falling back to find by location approach
Changelog: fixed EE: true
5274e118 · Mehmet Emin INAC · 1716bf84 · 5274e118 · 5274e118
Commit 5274e118 authored Aug 05, 2021 by Mehmet Emin INAC
Showing with 32 additions and 5 deletions

ee/app/services/security/store_report_service.rb ee/app/services/security/store_report_service.rb +13 -3

ee/spec/services/security/store_report_service_spec.rb ee/spec/services/security/store_report_service_spec.rb +19 -2

No files found.
--- a/ee/app/services/security/store_report_service.rb
+++ b/ee/app/services/security/store_report_service.rb
@@ -165,9 +165,6 @@ module Security
        vulnerability_finding
      rescue ActiveRecord::RecordNotUnique => e
-        # the uuid is the only unique constraint on the vulnerability_occurrences
-        # table - no need to use get_matched_findings(...).first here. Fetching
-        # the finding with the same uuid will be enough
        vulnerability_finding = project.vulnerability_findings.reset.find_by(uuid: finding.uuid)
        if vulnerability_finding
          sync_vulnerability_finding(vulnerability_finding, finding, create_params.dig(:location))
@@ -175,6 +172,19 @@ module Security
          return vulnerability_finding
        end
+        find_params = {
+          scanner: scanners_objects[finding.scanner.key],
+          primary_identifier: identifiers_objects[finding.primary_identifier.key],
+          location_fingerprint: finding.location.fingerprint
+        }
+        vulnerability_finding = project.vulnerability_findings.reset.find_by(find_params)
+        if vulnerability_finding
+          sync_vulnerability_finding(vulnerability_finding, finding, create_params.dig(:location))
+          vulnerability_finding.save!
+          return vulnerability_finding
+        end
        Gitlab::ErrorTracking.track_and_raise_exception(e, find_params: find_params, uuid: finding.uuid)
      rescue ActiveRecord::RecordInvalid => e
        Gitlab::ErrorTracking.track_and_raise_exception(e, create_params: create_params&.dig(:raw_metadata))

--- a/ee/spec/services/security/store_report_service_spec.rb
+++ b/ee/spec/services/security/store_report_service_spec.rb
@@ -319,6 +319,23 @@ RSpec.describe Security::StoreReportService, '#execute' do
               location_fingerprint: '34661e23abcf78ff80dfcc89d0700437612e3f88')
      end
+      let(:identifier_of_corrupted_finding) do
+        create(:vulnerabilities_identifier,
+               project: project,
+               fingerprint: '5848739446034d982ef7beece3bb19bff4044ffb')
+      end
+      let!(:finding_with_wrong_uuidv5) do
+        create(:vulnerabilities_finding,
+               pipelines: [pipeline],
+               identifiers: [identifier_of_corrupted_finding],
+               primary_identifier: identifier_of_corrupted_finding,
+               scanner: scanner,
+               project: project,
+               uuid: 'd588ff5c-7f65-5ac1-9d11-4f57d65f3faf',
+               location_fingerprint: '650bd2dbdad33d2859747c6ae83dcf448ce02394')
+      end
      let!(:vulnerability_with_uuid5) { create(:vulnerability, findings: [finding_with_uuidv5], project: project) }
      before do
@@ -351,11 +368,11 @@ RSpec.describe Security::StoreReportService, '#execute' do
      end
      it 'inserts only new identifiers and reuse existing ones' do
-        expect { subject }.to change { Vulnerabilities::Identifier.count }.by(5)
+        expect { subject }.to change { Vulnerabilities::Identifier.count }.by(4)
      end
      it 'inserts only new findings and reuse existing ones' do
-        expect { subject }.to change { Vulnerabilities::Finding.count }.by(4)
+        expect { subject }.to change { Vulnerabilities::Finding.count }.by(3)
      end
      it 'inserts all finding pipelines (join model) for this new pipeline' do