Skip to content

Migrate dismissed data from dismissal feedback to Vulnerabilities

Jonathan Schafer requested to merge 217600-migrate-dismissed_data-for-vulnerabilities into master

What does this MR do?

This MR migrates dismissed feedback, specifically dismissed_by_id and dismissed_at fields from vulnerability occurrences to Vulnerabilities, as described in #217600 (closed). This is a follow-on MR from !32147 (merged). This will require an additional MR to remove the change made in !32147 (merged), ensuring the migration has completed before removing that code.

1. Find all projects that have dimissed vulnerabilities records

https://gitlab.slack.com/archives/CLJMDRD8C/p1590599053294500 (GitLab internal)

Time: 9.320 s
  - planning: 0.115 ms
  - execution: 9.320 s
    - I/O read: 8.521 s
    - I/O write: 0.000 ms

Shared buffers:
  - hits: 91925 (~718.20 MiB) from the buffer pool
  - reads: 8524 (~66.60 MiB) from the OS file cache, including disk I/O
  - dirtied: 0
  - writes: 0

https://explain.dalibo.com/plan/Ra

EXPLAIN
SELECT vulnerabilities.project_id
  FROM vulnerabilities
  GROUP BY vulnerabilities.project_id
  ORDER BY vulnerabilities.project_id

2. Migrate dismissal data from dismissal feedback

https://gitlab.slack.com/archives/CLJMDRD8C/p1590521400104500 (Gitlab Internal)

Time: 5.431 ms
  - planning: 1.122 ms
  - execution: 4.309 ms
    - I/O read: 4.014 ms
    - I/O write: 0.000 ms

Shared buffers:
  - hits: 0 from the buffer pool
  - reads: 3 (~24.00 KiB) from the OS file cache, including disk I/O
  - dirtied: 0
  - writes: 0

https://explain.dalibo.com/plan/2GS

EXPLAIN
UPDATE vulnerabilities AS v
SET dismissed_by_id = vf.author_id, dismissed_at = vf.created_at
FROM vulnerability_occurrences AS vo, vulnerability_feedback AS vf
WHERE vo.vulnerability_id = v.id
  AND v.state = 2
  AND vo.project_id = vf.project_id
  AND ENCODE(vo.project_fingerprint, HEX) = vf.project_fingerprint
  AND vo.project_id = 1
  AND vo.report_type = vf.category
  AND vf.feedback_type = 0;

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Edited by Jonathan Schafer

Merge request reports