Recalculate UUIDs for Vulnerabilities::Findings using UUIDv5
Summary
During discussion on #205489 (closed) it was mentioned we could reuse uuid column present on Vulnerabilities::Finding model to store UUIDv5 which would be stable enough for us to use when matching Vulnerabilities::Feedback with Vulnerabilities::Finding models.
Implementation plan
-
backend Create GenerateFindingUUIDService which takes https://github.com/rails/rails/issues/37681 into consideration (see #212322 (comment 418715710) for more context) -
backend Change the StoreReport service to save findings with their UUID V5 values. Calculate them using report_type + <fingerprint of the primary_identifier> + <fingerprint of the location> + project_id -
database Remove the default value from UUID column. -
backend Adjust Security::StoreReportServiceto look up findings using UUIDv5 (#292236 (closed)) -
database Remove duplicate rows from vulnerability_occurrencestable (#292239 (closed)) -
database Implement a migration to update the existing data (!47529 (merged))
Edited by Michał Zając