Add details column to vulnerability findings table

This change adds new column to vulnerability findings table that is needed to store Generic Security Report details.

Add details column to vulnerability findings table
This change adds new column to vulnerability findings table that is needed to store Generic Security Report details.
bd862761 · Alan (Maciej) Paruszewski · Rémy Coutable · bc94b1ff · bd862761 · bd862761
Commit bd862761 authored Dec 03, 2020 by Alan (Maciej) Paruszewski Committed by Rémy Coutable Dec 03, 2020
7 changed files
--- a/app/validators/json_schemas/vulnerability_finding_details.json
+++ b/app/validators/json_schemas/vulnerability_finding_details.json
+{
+  "type": "object",
+  "description": "The schema for vulnerability finding details",
+  "additionalProperties": false
+}
--- a/changelogs/unreleased/263497-add-details-column-to-vulnerability-findings.yml
+++ b/changelogs/unreleased/263497-add-details-column-to-vulnerability-findings.yml
+---
+title: Add details column to vulnerability findings table
+merge_request: 49005
+author:
+type: added
--- a/db/migrate/20201202150001_add_details_to_vulnerability_findings.rb
+++ b/db/migrate/20201202150001_add_details_to_vulnerability_findings.rb
+# frozen_string_literal: true
+
+class AddDetailsToVulnerabilityFindings < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def up
+    with_lock_retries do
+      add_column :vulnerability_occurrences, :details, :jsonb, default: {}, null: false
+    end
+  end
+
+  def down
+    with_lock_retries do
+      remove_column :vulnerability_occurrences, :details
+    end
+  end
+end
--- a/db/schema_migrations/20201202150001
+++ b/db/schema_migrations/20201202150001
+af9d8c7cda142e2a96a289ebd7afef73367bd544a60794c9e0414c7b82bef8a2
\ No newline at end of file
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -17504,7 +17504,8 @@ CREATE TABLE vulnerability_occurrences (
    name character varying NOT NULL,
    metadata_version character varying NOT NULL,
    raw_metadata text NOT NULL,
-    vulnerability_id bigint
+    vulnerability_id bigint,
+    details jsonb DEFAULT '{}'::jsonb NOT NULL
 );

 CREATE SEQUENCE vulnerability_occurrences_id_seq

--- a/ee/app/models/vulnerabilities/finding.rb
+++ b/ee/app/models/vulnerabilities/finding.rb
@@ -34,6 +34,8 @@ module Vulnerabilities
    has_many :finding_pipelines, class_name: 'Vulnerabilities::FindingPipeline', inverse_of: :finding, foreign_key: 'occurrence_id'
    has_many :pipelines, through: :finding_pipelines, class_name: 'Ci::Pipeline'

+    serialize :config_options, Serializers::JSON # rubocop:disable Cop/ActiveRecordSerialize
+
    attr_writer :sha
    attr_accessor :scan

@@ -90,6 +92,7 @@ module Vulnerabilities

    validates :metadata_version, presence: true
    validates :raw_metadata, presence: true
+    validates :details, json_schema: { filename: 'vulnerability_finding_details' }

    delegate :name, :external_id, to: :scanner, prefix: true, allow_nil: true


--- a/ee/spec/models/vulnerabilities/finding_spec.rb
+++ b/ee/spec/models/vulnerabilities/finding_spec.rb
@@ -36,6 +36,23 @@ RSpec.describe Vulnerabilities::Finding do
    it { is_expected.to validate_presence_of(:raw_metadata) }
    it { is_expected.to validate_presence_of(:severity) }
    it { is_expected.to validate_presence_of(:confidence) }
+
+    context 'when value for details field is valid' do
+      it 'is valid' do
+        finding.details = {}
+
+        expect(finding).to be_valid
+      end
+    end
+
+    context 'when value for details field is invalid' do
+      it 'returns errors' do
+        finding.details = { invalid: 'data' }
+
+        expect(finding).to be_invalid
+        expect(finding.errors.full_messages).to eq(["Details must be a valid json schema"])
+      end
+    end
  end

  context 'database uniqueness' do