Skip to content

Fix bulk insert of vulnerability reads in Rails 7.2

Heinrich Lee Yurequested to merge
hly-rails-7-2-insert-all-id into master

What does this MR do and why?

The Vulnerabilities::Read model has vulnerability_id as the primary key but it also has an id column.

Rails treats id as a special attribute and reading / writing id actually writes to the primary key.

We need to remove id from the attributes hash so that the value can be auto-generated from the sequence.

In Rails 7.1:

Loading development environment (Rails 7.1.5.2)
[1] pry(main)> vr = Vulnerabilities::Read.new(vulnerability_id: 5)
=> #<Vulnerabilities::Read:0x000000034443c280
 id: nil,
 vulnerability_id: 5,
 project_id: nil,
 scanner_id: nil,
 report_type: nil,
 severity: nil,
 state: nil,
 has_issues: false,
 resolved_on_default_branch: false,
 uuid: nil,
 location_image: nil,
 cluster_agent_id: nil,
 casted_cluster_agent_id: nil,
 dismissal_reason: nil,
 has_merge_request: false,
 has_remediations: false,
 owasp_top_10: "undefined",
 traversal_ids: [],
 archived: false,
 identifier_names: [],
 has_vulnerability_resolution: false,
 auto_resolved: false,
 security_project_tracked_context_id: nil,
 vulnerability_occurrence_id: nil>
[2] pry(main)> vr.id
=> 5
[3] pry(main)> vr.read_attribute(:id)
DEPRECATION WARNING: Using read_attribute(:id) to read the primary key value is deprecated. Use #id instead. (called from __pry__ at (pry):3)
=> 5

In Rails 7.2:

Loading development environment (Rails 7.2.2.2)
[1] pry(main)> vr = Vulnerabilities::Read.new(vulnerability_id: 5)
=> #<Vulnerabilities::Read:0x0000000337ddc4c8
 id: nil,
 vulnerability_id: 5,
 project_id: nil,
 scanner_id: nil,
 report_type: nil,
 severity: nil,
 state: nil,
 has_issues: false,
 resolved_on_default_branch: false,
 uuid: nil,
 location_image: nil,
 cluster_agent_id: nil,
 casted_cluster_agent_id: nil,
 dismissal_reason: nil,
 has_merge_request: false,
 has_remediations: false,
 owasp_top_10: "undefined",
 traversal_ids: [],
 archived: false,
 identifier_names: [],
 has_vulnerability_resolution: false,
 auto_resolved: false,
 security_project_tracked_context_id: nil,
 vulnerability_occurrence_id: nil>
[2] pry(main)> vr.id
=> 5
[3] pry(main)> vr.read_attribute(:id)
=> nil

References

How to set up and validate locally

Example Rails 7.2 failure: https://gitlab.com/gitlab-org/gitlab/-/jobs/11768358563

BUNDLE_GEMFILE=Gemfile.next bundle exec rspec ./ee/spec/services/vulnerabilities/reads/upsert_service_spec.rb

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Heinrich Lee Yu

Merge request reports