Validation failed: Name can't be blank when saving Finding with empty message

Summary

https://sentry.gitlab.net/gitlab/gitlabcom/issues/2288589/?referrer=gitlab_plugin

ActiveRecord::RecordInvalid: Validation failed: Name can't be blank
  active_record/validations.rb:80:in `raise_validation_error'
    raise(RecordInvalid.new(self))
  active_record/validations.rb:53:in `save!'
    perform_validations(options) ? super : raise_validation_error
  active_record/transactions.rb:318:in `block in save!'
    with_transaction_returning_status { super }
  active_record/transactions.rb:375:in `block in with_transaction_returning_status'
    status = yield
  active_record/connection_adapters/abstract/database_statements.rb:280:in `block in transaction'
    transaction_manager.within_new_transaction(isolation: isolation, joinable: joinable) { yield }
...
(106 additional frame(s) were not displayed)

Validation failed: Name can't be blank

There is a problem in StoreReportService that prevents findings and vulnerabilities from being created even when report provided by scanner is valid according to security report schema. The problem is happening when message property is empty for vulnerability in the report.

Steps to reproduce

Clone project with analyzer that returns no vulnerabilities[].message in security report.
Run pipeline
Take a look at Pipeline Security Tab, verify if findings are visible there, notice that they have no title
Go to Security Dashboard and you will notice that there are no vulnerabilities

Example Project

https://gitlab.com/mparuszewski/sharp-nuget-dotnetcore-no-vulnerability-message/-/pipelines/219228455/security

What is the current bug behavior?

Vulnerabilities are not created in Security Dashboard, they are only visible in pipeline security tab

What is the expected correct behavior?

Name is generated according to this schema:

IF `message` is not empty in `vulnerabilties[]` USE `message`
ELSE IF `name` is not empty in `vulnerabilties[]` USE `name`
ELSE use `[Primary Identifier] in [Location]`

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info


(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)
(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)
(we will only investigate if the tests are passing)

Possible fixes

backend modify creating finding name (https://gitlab.com/gitlab-org/gitlab/blob/61dd0a1c341f2a05b4a9bf0ff6bbeae76ccf3822/ee%2Flib%2Fgitlab%2Fci%2Fparsers%2Fsecurity%2Fcommon.rb) to use proposed schema

Edited Nov 21, 2020 by Alan (Maciej) Paruszewski