Use `PureFindingsFinder` if available in GraphQL
What does this MR do and why?
This MR changes the finder class used in pipeline security report findings GraphQL resolver with the new more performant one if it's available.
Related to Very large log line and query in StoreSecurityR... (#346581 - closed).
Database review
This MR introduces filtering security findings by state and scanners. There are 4 different queries when we account for active feature flags;
Filtering by scanners
SELECT
"security_findings".*
FROM
"security_findings"
INNER JOIN "security_scans" ON "security_findings"."scan_id" = "security_scans"."id"
INNER JOIN "security_scans" "scans_security_findings" ON "scans_security_findings"."id" = "security_findings"."scan_id"
WHERE
"security_scans"."pipeline_id" = 728002676
AND "security_findings"."deduplicated" = TRUE
AND "security_scans"."latest" = TRUE
AND "security_scans"."status" = 1
AND "security_findings"."scanner_id" IN (
SELECT
"vulnerability_scanners"."id"
FROM
"vulnerability_scanners"
WHERE
"vulnerability_scanners"."project_id" = 40932235
AND "vulnerability_scanners"."external_id" = 'find_sec_bugs')
ORDER BY
"security_findings"."severity" DESC,
"security_findings"."id" ASC
LIMIT 20 OFFSET 0
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/14142/commands/49503
Filtering by state(detected)
SELECT
"security_findings".*
FROM
"security_findings"
INNER JOIN "security_scans" ON "security_findings"."scan_id" = "security_scans"."id"
INNER JOIN "security_scans" "scans_security_findings" ON "scans_security_findings"."id" = "security_findings"."scan_id"
WHERE
"security_scans"."pipeline_id" = 728002676
AND "security_findings"."deduplicated" = TRUE
AND "security_scans"."latest" = TRUE
AND "security_scans"."status" = 1
AND (EXISTS (
SELECT
1
FROM
"vulnerabilities"
INNER JOIN "vulnerability_occurrences" ON "vulnerability_occurrences"."vulnerability_id" = "vulnerabilities"."id"
WHERE
"vulnerabilities"."state" = 1
AND (vulnerability_occurrences.uuid = security_findings.uuid::text))
OR NOT EXISTS (
SELECT
1
FROM
"vulnerability_occurrences"
WHERE (vulnerability_occurrences.uuid = security_findings.uuid::text)))
ORDER BY
"security_findings"."severity" DESC,
"security_findings"."id" ASC
LIMIT 20 OFFSET 0
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/14142/commands/49505
Filtering by state(dismissed when FF is off)
SELECT
"security_findings".*
FROM
"security_findings"
INNER JOIN "security_scans" ON "security_findings"."scan_id" = "security_scans"."id"
INNER JOIN "security_scans" "scans_security_findings" ON "scans_security_findings"."id" = "security_findings"."scan_id"
WHERE
"security_scans"."pipeline_id" = 728002676
AND "security_findings"."deduplicated" = TRUE
AND "security_scans"."latest" = TRUE
AND "security_scans"."status" = 1
AND (EXISTS (
SELECT
1
FROM
"vulnerabilities"
INNER JOIN "vulnerability_occurrences" ON "vulnerability_occurrences"."vulnerability_id" = "vulnerabilities"."id"
WHERE
"vulnerabilities"."state" = 2
AND (vulnerability_occurrences.uuid = security_findings.uuid::text))
OR EXISTS (
SELECT
1
FROM
"security_scans"
INNER JOIN "projects" ON "projects"."id" = "security_scans"."project_id"
INNER JOIN "vulnerability_feedback" ON "vulnerability_feedback"."project_id" = "projects"."id"
WHERE (vulnerability_feedback.category = (security_scans.scan_type - 1))
AND "vulnerability_feedback"."feedback_type" = 0
AND (security_scans.id = security_findings.scan_id)
AND (vulnerability_feedback.finding_uuid = security_findings.uuid)))
ORDER BY
"security_findings"."severity" DESC,
"security_findings"."id" ASC
LIMIT 20 OFFSET 0
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/14142/commands/49510
Filtering by state(dismissed when FF is on)
SELECT
"security_findings".*
FROM
"security_findings"
INNER JOIN "security_scans" ON "security_findings"."scan_id" = "security_scans"."id"
INNER JOIN "security_scans" "scans_security_findings" ON "scans_security_findings"."id" = "security_findings"."scan_id"
WHERE
"security_scans"."pipeline_id" = 728002676
AND "security_findings"."deduplicated" = TRUE
AND "security_scans"."latest" = TRUE
AND "security_scans"."status" = 1
AND (EXISTS (
SELECT
1
FROM
"vulnerabilities"
INNER JOIN "vulnerability_occurrences" ON "vulnerability_occurrences"."vulnerability_id" = "vulnerabilities"."id"
WHERE
"vulnerabilities"."state" = 2
AND (vulnerability_occurrences.uuid = security_findings.uuid::text)))
ORDER BY
"security_findings"."severity" DESC,
"security_findings"."id" ASC
LIMIT 20 OFFSET 0
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/14142/commands/49509
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.