Do not propagate parsing exceptions to clients for `pipelineFindings`

af4eb9be · Mehmet Emin INAC · Stan Hu · 32fe1691 · af4eb9be · af4eb9be
Commit af4eb9be authored Nov 12, 2021 by Mehmet Emin INAC Committed by Stan Hu Nov 16, 2021
2 changed files
--- a/ee/app/graphql/resolvers/pipeline_security_report_findings_resolver.rb
+++ b/ee/app/graphql/resolvers/pipeline_security_report_findings_resolver.rb
@@ -23,7 +23,12 @@ module Resolvers
             description: 'Filter vulnerability findings by state.'

    def resolve(**args)
+      # This finder class has been deprecated and will be removed by
+      # https://gitlab.com/gitlab-org/gitlab/-/issues/334488.
+      # We can remove the rescue block while addressing that issue.
      Security::PipelineVulnerabilitiesFinder.new(pipeline: pipeline, params: args).execute.findings
+    rescue Security::PipelineVulnerabilitiesFinder::ParseError
+      []
    end
  end
 end
--- a/ee/spec/graphql/resolvers/pipeline_security_report_findings_resolver_spec.rb
+++ b/ee/spec/graphql/resolvers/pipeline_security_report_findings_resolver_spec.rb
@@ -63,5 +63,17 @@ RSpec.describe Resolvers::PipelineSecurityReportFindingsResolver do
        expect(Security::PipelineVulnerabilitiesFinder).to have_received(:new).with(pipeline: pipeline, params: params)
      end
    end
+
+    context 'when the finder class raises parsing error' do
+      before do
+        allow_next_instance_of(Security::PipelineVulnerabilitiesFinder) do |finder|
+          allow(finder).to receive(:execute).and_raise(Security::PipelineVulnerabilitiesFinder::ParseError)
+        end
+      end
+
+      it 'does not propagate the error to the client' do
+        expect { resolve_query }.not_to raise_error
+      end
+    end
  end
 end