Break up cross-model Security::Scan/Finding scope

9f43f28b · drew cimino · c9555383 · 9f43f28b · 9f43f28b · 9f43f28b
Commit 9f43f28b authored Oct 05, 2021 by drew cimino
4 changed files
--- a/ee/app/models/security/finding.rb
+++ b/ee/app/models/security/finding.rb
@@ -22,7 +22,7 @@ module Security
    validates :uuid, presence: true

    scope :by_uuid, -> (uuids) { where(uuid: uuids) }
-    scope :by_build_ids, -> (build_ids) { joins(:scan).where(security_scans: { build_id: build_ids }) }
+    scope :by_build_ids, -> (build_ids) { joins(:scan).merge(Security::Scan.by_build_ids(build_ids)) }
    scope :by_project_fingerprints, -> (fingerprints) { where(project_fingerprint: fingerprints) }
    scope :by_severity_levels, -> (severity_levels) { where(severity: severity_levels) }
    scope :by_confidence_levels, -> (confidence_levels) { where(confidence: confidence_levels) }

--- a/ee/app/models/security/scan.rb
+++ b/ee/app/models/security/scan.rb
@@ -44,6 +44,7 @@ module Security
    # We are going to deprecate the following scope soon as this requires join between ci and non-ci table
    # which will not be possible after database decomposition (https://gitlab.com/groups/gitlab-org/-/epics/6373)
    scope :latest_successful_by_build, -> { joins(:build).where(ci_builds: { retried: [nil, false], status: 'success' }) }
+    scope :by_build_ids, ->(build_ids) { where(build_id: build_ids) }
    scope :without_errors, -> { where("jsonb_array_length(COALESCE(info->'errors', '[]'::jsonb)) = 0") }

    delegate :name, to: :build

--- a/ee/spec/models/security/finding_spec.rb
+++ b/ee/spec/models/security/finding_spec.rb
@@ -33,7 +33,7 @@ RSpec.describe Security::Finding do
  describe '.by_build_ids' do
    subject { described_class.by_build_ids(finding_1.scan.build_id) }

-    it { is_expected.to eq([finding_1]) }
+    it { with_cross_joins_prevented { is_expected.to match_array([finding_1]) } }
  end

  describe '.by_severity_levels' do

--- a/ee/spec/models/security/scan_spec.rb
+++ b/ee/spec/models/security/scan_spec.rb
@@ -89,6 +89,16 @@ RSpec.describe Security::Scan do
    it { is_expected.to match_array([second_successful_scan]) }
  end

+  describe '.by_build_ids' do
+    let!(:sast_scan) { create(:security_scan, scan_type: :sast) }
+    let!(:dast_scan) { create(:security_scan, scan_type: :dast, build: sast_scan.build) }
+    let(:expected_scans) { [sast_scan, dast_scan] }
+
+    subject { described_class.by_build_ids(expected_scans.map(&:build_id)) }
+
+    it { with_cross_joins_prevented { is_expected.to match_array(expected_scans) } }
+  end
+
  describe '.has_dismissal_feedback' do
    let(:project_1) { create(:project) }
    let(:project_2) { create(:project) }