Merge branch '327015-vuln-issue-link' into 'master'

Check if an issue is already linked to the same vulnerability before creating the issue link See merge request gitlab-org/gitlab!60753

Merge branch '327015-vuln-issue-link' into 'master'
Check if an issue is already linked to the same vulnerability before creating the issue link See merge request gitlab-org/gitlab!60753
62795d2f · Robert Speicher · e837d5a0 · 1bd02f4d · 62795d2f · 62795d2f
Commit 62795d2f authored May 04, 2021 by Robert Speicher
3 changed files
--- a/ee/app/services/security/store_report_service.rb
+++ b/ee/app/services/security/store_report_service.rb
@@ -462,7 +462,7 @@ module Security
      vulnerability_issue_feedback = vulnerability.finding.feedback(feedback_type: 'issue')
      return unless vulnerability_issue_feedback

-      vulnerability.issue_links.create!(issue_id: vulnerability_issue_feedback.issue_id)
+      vulnerability.issue_links.safe_find_or_create_by!(issue_id: vulnerability_issue_feedback.issue_id)
    end

    def scanners_objects

--- a/ee/changelogs/unreleased/327015-vuln-issue-link.yml
+++ b/ee/changelogs/unreleased/327015-vuln-issue-link.yml
+---
+title: Check if an issue is already linked to the same vulnerability before creating
+  the issue link
+merge_request: 60753
+author:
+type: fixed
--- a/ee/spec/services/security/store_report_service_spec.rb
+++ b/ee/spec/services/security/store_report_service_spec.rb
@@ -482,6 +482,30 @@ RSpec.describe Security::StoreReportService, '#execute' do
            expect(issue_link).not_to be_nil
          end
        end
+
+        context 'when there is an issue link created for an issue for a vulnerabiltiy' do
+          let(:issue) { create(:issue, project: project) }
+          let!(:issue_feedback) do
+            create(
+              :vulnerability_feedback,
+              :sast,
+              :issue,
+              issue: issue,
+              project: project,
+              project_fingerprint: new_report.findings.find { |f| f.location.fingerprint == finding.location_fingerprint }.project_fingerprint
+            )
+          end
+
+          let!(:issue_link) { create(:vulnerabilities_issue_link, issue: issue, vulnerability_id: vulnerability.id) }
+
+          it 'will not raise an error' do
+            expect { subject }.not_to raise_error(ActiveRecord::RecordInvalid)
+          end
+
+          it 'does not insert issue link from the new pipeline' do
+            expect { subject }.to change { Vulnerabilities::IssueLink.count }.by(0)
+          end
+        end
      end
    end