Dependency Scanning vulnerability reports a lot of duplicate links

Summary

A vulnerability page is reporting the same links multiple times.

Steps to reproduce

Example Project

See above

What is the current bug behavior?

Long list of duplicate links

What is the expected correct behavior?

Just two links

Relevant logs and/or screenshots

Output of checks

This bug happens on GitLab.com

Results of GitLab environment info

Expand for output related to GitLab environment info


(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)
(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)
(we will only investigate if the tests are passing)

Implementation Plan

backend Put feature flag to block pulling from FindingLinks model
backend Use the feature flag to disable the service worker from creating new links
database Wipe the finding_links table with a background migration )!70729 (closed))
database Implement new unique indices. These will fix the call in StoreReportService to only update links instead of always adding new links (!67993 (merged))
- occurence_id name url
- occurence_id url with a null name)

Subsequent issues (already created) will handle:

Removal of feature flag
Population of missing data (which needs to be updated to specify data to be populated)

/cc @NicoleSchwartz @gonzoyumo

Edited Nov 12, 2021 by Thiago Figueiró