Fix NoMethodError when security report lacks scanner information

Vasilii Iakliushinrequested to merge
586607-fix-no-method-error into master

What does this MR do and why?

Contributes to #586607 (closed)

Sentry: https://new-sentry.gitlab.net/organizations/gitlab/issues/3010954

Error Details 

NoMethodError: undefined method `external_id' for nil:NilClass (NoMethodError)

      project.vulnerability_scanners.safe_find_or_create_by!(external_id: security_report.scanner.external_id) do |scanner|
                                                                                                 ^^^^^^^^^^^^
  from security/store_scan_service.rb:154:in `vulnerability_scanner'
  from security/store_scan_service.rb:97:in `store_findings'
  from security/store_scan_service.rb:38:in `execute'

Problem

Security scan ingestion crashes with NoMethodError when processing empty artifact files. When an artifact file is empty, the each_blob method yields nothing, so the parser is never invoked. This results in a dummy report without errors, bypassing validation and causing a crash when accessing scanner.external_id on nil.

Solution

Add a check in parse_security_report to detect empty files by verifying size > 0 before parsing. When the file is empty, add an EmptyFile error to the report, which triggers proper error handling downstream and marks the scan as failed.

References

Fix NoMethodError when security report has no s... (#586607 - closed)

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #586607 (closed)

Edited by Vasilii Iakliushin

Merge request reports