How to deal with Vulnerabilities::Finding objects with no associated Vulnerability
Context
One of the issues in &4167 (closed) was the fact that we were missing Vulnerabilities::IssueLink objects for some of our vulnerabilities.
I initially tried to solve it in !39098 (merged) but the migration failed in staging - gitlab-com/gl-infra/production#2539 (closed)
Description
In the staging environment it turned out we do have some records in the vulnerability_occurrences table that do not have an vulnerability_id set BUT they do have an Vulnerabilities::Feedback object which has an issue_id present.
Any ideas what should we do with them?
Vulnerabilities::Findings with an issue feedback but no vulnerability_id
Ran on staging
Query
SELECT vo.id, vo.project_id, vo.created_at FROM vulnerability_occurrences vo
JOIN vulnerability_feedback vfb
ON vfb.project_id = vo.project_id
AND vfb.category = vo.report_type
AND vfb.project_fingerprint = encode(vo.project_fingerprint, 'hex')
WHERE vfb.feedback_type = 1 AND vo.vulnerability_id IS NULL AND vfb.issue_id IS NOT NULL;Results
id | project_id | created_at
--------+------------+-------------------------------
6 | 4342838 | 2018-11-08 10:03:39.860923+00
125583 | 4401583 | 2019-08-19 13:38:02.70392+00
125567 | 4401583 | 2019-08-19 13:38:02.079218+00
125569 | 4401583 | 2019-08-19 13:38:02.230388+00
76 | 4342748 | 2019-01-14 11:26:04.756536+00
68 | 4342748 | 2018-12-04 13:36:47.538053+00
71 | 4342748 | 2019-01-08 15:57:07.702315+00
125573 | 4401583 | 2019-08-19 13:38:02.398122+00
124803 | 4385157 | 2019-06-07 01:30:27.605346+00
124804 | 4385157 | 2019-06-07 01:30:27.747408+00
124805 | 4385157 | 2019-06-07 01:30:27.819594+00
124806 | 4385157 | 2019-06-07 01:30:27.867204+00
124807 | 4385157 | 2019-06-07 01:30:27.91794+00
124808 | 4385157 | 2019-06-07 01:30:27.969315+00
124809 | 4385157 | 2019-06-07 01:30:28.022314+00
124810 | 4385157 | 2019-06-07 01:30:28.072541+00
124811 | 4385157 | 2019-06-07 01:30:28.148087+00
124812 | 4385157 | 2019-06-07 01:30:28.21922+00
124813 | 4385157 | 2019-06-07 01:30:28.291041+00
124814 | 4385157 | 2019-06-07 01:30:28.347118+00
124815 | 4385157 | 2019-06-07 01:30:28.39819+00
124816 | 4385157 | 2019-06-07 01:30:28.452394+00
124817 | 4385157 | 2019-06-07 01:30:28.503108+00
124818 | 4385157 | 2019-06-07 01:30:28.551222+00
124819 | 4385157 | 2019-06-07 01:30:28.596572+00
124820 | 4385157 | 2019-06-07 01:30:28.643745+00
124821 | 4385157 | 2019-06-07 01:30:28.69058+00
124822 | 4385157 | 2019-06-07 01:30:28.741144+00
125581 | 4401583 | 2019-08-19 13:38:02.647183+00Edited by Michał Zając