Use overridden_uuid to perform Vulnerabilities::Finding lookup
What does this MR do and why?
Use overridden_uuid
to perform Vulnerabilities::Finding
lookup
Related to #416087 (closed)
How to set up and validate locally
master
branch
On - Apply the following patch
Test case
diff --git a/ee/spec/lib/ee/gitlab/background_migration/migrate_vulnerabilities_feedback_to_vulnerabilities_state_transition_spec.rb b/ee/spec/lib/ee/gitlab/background_migration/migrate_vulnerabilities_feedback_to_vulnerabilities_state_transition_spec.rb
index c2a1afaea65e..a1d0c71b5c7d 100644
--- a/ee/spec/lib/ee/gitlab/background_migration/migrate_vulnerabilities_feedback_to_vulnerabilities_state_transition_spec.rb
+++ b/ee/spec/lib/ee/gitlab/background_migration/migrate_vulnerabilities_feedback_to_vulnerabilities_state_transition_spec.rb
@@ -90,6 +90,38 @@
subject { described_class.new(**migration_attrs).perform }
+ context "when there's a Security::Finding with an overriden UUID" do
+ before do
+ sast_category = 0
+ sast_scan_type = 1
+
+ nonexistent_project_fingerprint = SecureRandom.hex(20)
+ known_uuid = "7099388a-d37c-5940-9a44-4e3645f2fd23"
+ # This UUID would be calculated by our pipeline ingestion process
+ overridden_uuid = "429005aa-8b32-58a9-b2ea-bc8ae80b0963"
+ ci_pipeline = create_ci_pipeline(project_id: project.id)
+ ci_build = create_ci_build(
+ project_id: project.id,
+ status: "success",
+ commit_id: ci_pipeline.id
+ )
+ # rubocop:disable RSpec/FactoriesInMigrationSpecs
+ create(:ee_ci_job_artifact, :sast_with_signatures_and_vulnerability_flags, job_id: ci_build.id)
+ # rubocop:enable RSpec/FactoriesInMigrationSpecs
+ security_scan = create_security_scan(ci_build, sast_scan_type, project_id: project.id)
+ @security_finding = create_security_finding(security_scan, scanner, uuid: known_uuid, overridden_uuid: overridden_uuid)
+ @vulnerability_feedback = create_feedback(
+ project, user, finding.report_type, feedback_types[:dismissal], finding.project_fingerprint, known_uuid,
+ comment: "this feedback uses the non-overridden UUID"
+ )
+ finding.update(uuid: overridden_uuid)
+ end
+
+ it "fails with ActiveRecord::RecordNotUnique" do
+ expect { subject }.to raise_error(ActiveRecord::RecordNotUnique)
+ end
+ end
+
context "when a Finding has no Vulnerability" do
before do
create_feedback(
- Verify it fails
416087-confidential-issue
branch
On - There should be a context for this case already
- Copy over the
"fails with ActiveRecord::RecordNotUnique"
test case - It shouldn't fail
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.