The vulnerability scanning create vulnerability service reports successful project ids on unrecoverable error
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Why are we doing this work
The vulnerability creation service for CVS produces confusing stack traces when it
encounters an unrecoverable error. As show in GITLABCOM-1R6D (internal),
the field project_ids_with_error is empty, but the project_ids_with_upsert field
contains all the project IDs of the current batch. This behavior is incorrect because the
entire batch failed and thus the IDs should be in the project_ids_with_error field.
Relevant links
- GITLABCOM-1R6D: Sentry issue link (internal)
- SQL error logs: Kibana link (internal)
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing: Simulate an unrecoverable error in a new spec context and ensure that the project_ids_with_upsertfield is completely empty.
Proposal
Rename the variables for clarity.
- Rename
project_ids_with_errortoproject_ids_with_invalid_findings. - Rename
project_ids_with_upserttoproject_ids_with_valid_findings.
Also, only report project_ids_with_valid_findings when logging an error.
Implementation plan
- Rename
project_ids_with_errortoproject_ids_with_invalid_findings. - Rename
project_ids_with_upserttoproject_ids_with_valid_findings. - Do not report
project_ids_with_invalid_findingswhen logging an error.
previous implementation plan
Update the Security::VulnerabilityScanning::CreateVulnerabilityService#process_unrecoverable_error method so that it always returns the IDs of all the projects in the error field. This is the correct behavior because an unrecoverable error means we discarded the entire batch.