Commit a06867f1 authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Sanitize given scan types before querying the security_scans

After migrating the Rails version 6.1.4.1, we've found a regression in
one of our model scopes that was causing exceptions if an invalid enum
key is provided. This commit fixes that regression.

Changelog: fixed
parent f10ed003
...@@ -27,7 +27,7 @@ module Security ...@@ -27,7 +27,7 @@ module Security
cluster_image_scanning: 8 cluster_image_scanning: 8
} }
scope :by_scan_types, -> (scan_types) { where(scan_type: scan_types) } scope :by_scan_types, -> (scan_types) { where(scan_type: sanitize_scan_types(scan_types)) }
scope :scoped_project, -> { where('security_scans.project_id = projects.id') } scope :scoped_project, -> { where('security_scans.project_id = projects.id') }
...@@ -50,6 +50,10 @@ module Security ...@@ -50,6 +50,10 @@ module Security
before_save :ensure_project_id_pipeline_id before_save :ensure_project_id_pipeline_id
def self.sanitize_scan_types(given_types)
scan_types.keys & Array(given_types).map(&:to_s)
end
def has_errors? def has_errors?
processing_errors.present? processing_errors.present?
end end
......
...@@ -414,9 +414,9 @@ module EE ...@@ -414,9 +414,9 @@ module EE
start_id, finish_id = min_max_security_scan_id(time_period) start_id, finish_id = min_max_security_scan_id(time_period)
::Security::Scan.scan_types.each do |name, scan_type| ::Security::Scan.scan_types.each do |name, _|
relation = ::Security::Scan relation = ::Security::Scan
.by_scan_types(scan_type) .by_scan_types(name)
.where(time_period) .where(time_period)
metric_name = "#{name}_pipeline" metric_name = "#{name}_pipeline"
......
...@@ -70,13 +70,20 @@ RSpec.describe Security::Scan do ...@@ -70,13 +70,20 @@ RSpec.describe Security::Scan do
end end
describe '.by_scan_types' do describe '.by_scan_types' do
let!(:sast_scan) { create(:security_scan, scan_type: :sast) } let_it_be(:sast_scan) { create(:security_scan, scan_type: :sast) }
let!(:dast_scan) { create(:security_scan, scan_type: :dast) } let_it_be(:dast_scan) { create(:security_scan, scan_type: :dast) }
let(:expected_scans) { [sast_scan] } let(:expected_scans) { [sast_scan] }
subject { described_class.by_scan_types(:sast) } subject { described_class.by_scan_types(:sast) }
it { is_expected.to match_array(expected_scans) } it { is_expected.to match_array(expected_scans) }
context 'when an invalid enum value is given' do
subject { described_class.by_scan_types([:sast, :generic]) }
it { is_expected.to match_array(expected_scans) }
end
end end
describe '.latest_successful_by_build' do describe '.latest_successful_by_build' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment