Commit 9f192fd6 authored by Sashi's avatar Sashi

Fix nil value in location column in vulnerability_occurrences

This change fixes the bug of persisting
nil value in location column of vulnerability_occurrences
table. Currently it does not break any other components
because if location is nil, it is fetched from raw_metadata
column. But in order to add index to location column, the
value has to be persisted.

EE: true
Changelog: fixed
parent 0ac2f3df
...@@ -88,14 +88,15 @@ module Security ...@@ -88,14 +88,15 @@ module Security
end end
vulnerability_params = finding.to_hash.except(:compare_key, :identifiers, :location, :scanner, :scan, :links, :signatures, :flags) vulnerability_params = finding.to_hash.except(:compare_key, :identifiers, :location, :scanner, :scan, :links, :signatures, :flags)
entity_params = Gitlab::Json.parse(vulnerability_params&.dig(:raw_metadata)).slice('description', 'message', 'solution', 'cve', 'location') entity_params = Gitlab::Json.parse(vulnerability_params&.dig(:raw_metadata)).slice('description', 'message', 'solution', 'cve', 'location').symbolize_keys
# Vulnerabilities::Finding (`vulnerability_occurrences`) # Vulnerabilities::Finding (`vulnerability_occurrences`)
vulnerability_finding = vulnerability_findings_by_uuid[finding.uuid] || vulnerability_finding = vulnerability_findings_by_uuid[finding.uuid] ||
find_or_create_vulnerability_finding(finding, vulnerability_params.merge(entity_params)) find_or_create_vulnerability_finding(finding, vulnerability_params.merge(entity_params))
vulnerability_finding_to_finding_map[vulnerability_finding] = finding vulnerability_finding_to_finding_map[vulnerability_finding] = finding
update_vulnerability_finding(vulnerability_finding, vulnerability_params) update_vulnerability_finding(vulnerability_finding, vulnerability_params.merge(location: entity_params[:location]))
reset_remediations_for(vulnerability_finding, finding) reset_remediations_for(vulnerability_finding, finding)
if project.licensed_feature_available?(:vulnerability_finding_signatures) if project.licensed_feature_available?(:vulnerability_finding_signatures)
......
...@@ -749,4 +749,21 @@ RSpec.describe Security::StoreReportService, '#execute', :snowplow do ...@@ -749,4 +749,21 @@ RSpec.describe Security::StoreReportService, '#execute', :snowplow do
.and change { Vulnerabilities::Finding.last.location['end_line'] }.from(29).to(30) .and change { Vulnerabilities::Finding.last.location['end_line'] }.from(29).to(30)
end end
end end
context 'for container scanning' do
let(:trait) { :container_scanning }
before do
stub_licensed_features(container_scanning: true, security_dashboard: true)
allow(pipeline).to receive(:user).and_return(project.owner)
end
it 'populates finding location' do
subject
last_finding = Vulnerabilities::Finding.last
expect(last_finding.read_attribute(:location)).to eq(last_finding.location)
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment