Set finding_uuid while creating feedback records

ee/app/models/vulnerabilities/finding.rb

@@ -361,6 +361,12 @@ module Vulnerabilities
       self.class.confidences[self.confidence]
     end
 
+    # We will eventually have only UUIDv5 values for the `uuid`
+    # attribute of the finding records.
+    def uuid_v5
+      Gitlab::UUID.v5?(uuid) ? uuid : Gitlab::UUID.v5(uuid_v5_name)
+    end
+
     protected
 
     def first_fingerprint
@@ -376,5 +382,14 @@ module Vulnerabilities
         project_fingerprint: project_fingerprint
       }
     end
+
+    def uuid_v5_name
+      [
+        report_type,
+        primary_identifier.fingerprint,
+        location_fingerprint,
+        project_id
+      ].join('-')
+    end
   end
 end

ee/app/services/vulnerabilities/dismiss_service.rb

@@ -46,6 +46,7 @@ module Vulnerabilities
         project_fingerprint: finding.project_fingerprint,
         comment: @comment,
         pipeline: @project.latest_pipeline_with_security_reports(only_successful: true),
+        finding_uuid: finding.uuid_v5,
         dismiss_vulnerability: false
       }
     end

ee/spec/models/vulnerabilities/finding_spec.rb

@@ -876,4 +876,45 @@ RSpec.describe Vulnerabilities::Finding do
       expect(subject).to eq({ "test" => true })
     end
   end
+
+  describe '#uuid_v5' do
+    let(:project) { create(:project) }
+    let(:report_type) { :sast }
+    let(:identifier_fingerprint) { 'fooo' }
+    let(:location_fingerprint) { 'zooo' }
+    let(:identifier) { build(:vulnerabilities_identifier, fingerprint: identifier_fingerprint) }
+    let(:expected_uuid) { 'this-is-supposed-to-a-uuid' }
+    let(:finding) do
+      build(:vulnerabilities_finding, report_type,
+            uuid: uuid,
+            project: project,
+            primary_identifier: identifier,
+            location_fingerprint: location_fingerprint)
+    end
+
+    subject(:uuid_v5) { finding.uuid_v5 }
+
+    before do
+      allow(::Gitlab::UUID).to receive(:v5).and_return(expected_uuid)
+    end
+
+    context 'when the finding has a version 4 uuid' do
+      let(:uuid) { SecureRandom.uuid }
+      let(:uuid_name_value) { "#{report_type}-#{identifier_fingerprint}-#{location_fingerprint}-#{project.id}" }
+
+      it 'returns the calculated uuid for the finding' do
+        expect(uuid_v5).to eq(expected_uuid)
+        expect(::Gitlab::UUID).to have_received(:v5).with(uuid_name_value)
+      end
+    end
+
+    context 'when the finding has a version 5 uuid' do
+      let(:uuid) { '6756ebb6-8465-5c33-9af9-c5c8b117aefb' }
+
+      it 'returns the uuid of the finding' do
+        expect(uuid_v5).to eq(uuid)
+        expect(::Gitlab::UUID).not_to have_received(:v5)
+      end
+    end
+  end
 end

ee/spec/services/vulnerabilities/dismiss_service_spec.rb

@@ -41,13 +41,14 @@ RSpec.describe Vulnerabilities::DismissService do
     end
 
     context 'when the `dismiss_findings` argument is not false' do
-      it 'dismisses a vulnerability and its associated findings' do
+      it 'dismisses a vulnerability and its associated findings with correct attributes' do
         freeze_time do
           dismiss_vulnerability
 
           expect(vulnerability.reload).to(
             have_attributes(state: 'dismissed', dismissed_by: user, dismissed_at: be_like_time(Time.current)))
           expect(vulnerability.findings).to all have_vulnerability_dismissal_feedback
+          expect(vulnerability.finding.dismissal_feedback.finding_uuid).to eq(vulnerability.finding.uuid_v5)
         end
       end
     end

lib/gitlab/uuid.rb

@@ -9,6 +9,7 @@ module Gitlab
       production: "58dc0f06-936c-43b3-93bb-71693f1b6570"
     }.freeze
 
+    UUID_V5_PATTERN = /\h{8}-\h{4}-5\h{3}-\h{4}-\h{4}\h{8}/.freeze
     NAMESPACE_REGEX = /(\h{8})-(\h{4})-(\h{4})-(\h{4})-(\h{4})(\h{8})/.freeze
     PACK_PATTERN = "NnnnnN".freeze
 
@@ -17,6 +18,10 @@ module Gitlab
         Digest::UUID.uuid_v5(namespace_id, name)
       end
 
+      def v5?(string)
+        string.match(UUID_V5_PATTERN).present?
+      end
+
       private
 
       def default_namespace_id

spec/lib/gitlab/uuid_spec.rb

@@ -49,4 +49,23 @@ RSpec.describe Gitlab::UUID do
       it { is_expected.to eq(production_proper_uuid) }
     end
   end
+
+  describe 'v5?' do
+    using RSpec::Parameterized::TableSyntax
+
+    where(:test_string, :is_uuid_v5) do
+      'not even a uuid'                      | false
+      'this-seems-like-a-uuid'               | false
+      'thislook-more-5lik-eava-liduuidbutno' | false
+      '9f470438-db0f-37b7-9ca9-1d47104c339a' | false
+      '9f470438-db0f-47b7-9ca9-1d47104c339a' | false
+      '9f470438-db0f-57b7-9ca9-1d47104c339a' | true
+    end
+
+    with_them do
+      subject { described_class.v5?(test_string) }
+
+      it { is_expected.to be(is_uuid_v5) }
+    end
+  end
 end