Introduce `Security::Finding` model
What does this MR do?
This model will represent all the findings discovered on all pipelines.
Unlike Vulnerabilities::Finding this model stores only the subset of finding data which will be used to optimize the performance of the pipeline security tab by identifying which report artifact(s) to download and parse instead of downloading and parsing all report artifacts which requires way more memory usage and execution power while generating the paginated list of findings.
Related to #238156.
rake db:migrate:up
VERSION 20200825084819
== 20200825084819 CreateSecurityFindingsTable: migrating ======================
-- create_table(:security_findings, {:if_not_exists=>true})
-> 0.0162s
-- transaction_open?()
-> 0.0000s
-- execute("ALTER TABLE security_findings\nADD CONSTRAINT check_b9508c6df8\nCHECK ( char_length(project_fingerprint) <= 40 )\nNOT VALID;\n")
-> 0.0008s
-- execute("ALTER TABLE security_findings VALIDATE CONSTRAINT check_b9508c6df8;")
-> 0.0006s
== 20200825084819 CreateSecurityFindingsTable: migrated (0.0258s) =============VERSION 20200826092324
== 20200826092324 AddProjectsIndexOnImportTypeCreatorIdCreatedAt: migrating ===
-- transaction_open?()
-> 0.0000s
-- index_exists?(:projects, [:import_type, :creator_id, :created_at], {:where=>"import_type IS NOT NULL", :name=>"index_imported_projects_on_import_type_creator_id_created_at", :algorithm=>:concurrently})
-> 0.0146s
-- add_index(:projects, [:import_type, :creator_id, :created_at], {:where=>"import_type IS NOT NULL", :name=>"index_imported_projects_on_import_type_creator_id_created_at", :algorithm=>:concurrently})
-> 0.0065s
== 20200826092324 AddProjectsIndexOnImportTypeCreatorIdCreatedAt: migrated (0.0215s)VERSION 20200825084819
== 20200828155134 AddForeignKeyOnScanIdToSecurityScans: migrating =============
-- add_foreign_key(:security_findings, :security_scans, {:column=>:scan_id, :on_delete=>:cascade})
-> 0.0027s
== 20200828155134 AddForeignKeyOnScanIdToSecurityScans: migrated (0.0039s) ====
== 20200828155205 AddForeignKeyOnScannerIdToVulnerabilityScanners: migrating ==
-- add_foreign_key(:security_findings, :vulnerability_scanners, {:column=>:scanner_id, :on_delete=>:cascade})
-> 0.0009s
== 20200828155205 AddForeignKeyOnScannerIdToVulnerabilityScanners: migrated (0.0020s)rake db:migrate:down
VERSION 20200825084819
== 20200825084819 CreateSecurityFindingsTable: reverting ======================
-- drop_table(:security_findings)
-> 0.0044s
== 20200825084819 CreateSecurityFindingsTable: reverted (0.0044s) =============VERSION 20200828155134
== 20200828155134 AddForeignKeyOnScanIdToSecurityScans: reverting =============
-- remove_foreign_key(:security_findings, {:column=>:scan_id})
-> 0.0045s
== 20200828155134 AddForeignKeyOnScanIdToSecurityScans: reverted (0.0075s) ====VERSION 20200828155205
== 20200828155205 AddForeignKeyOnScannerIdToVulnerabilityScanners: reverting ==
-- remove_foreign_key(:security_findings, {:column=>:scanner_id})
-> 0.0043s
== 20200828155205 AddForeignKeyOnScannerIdToVulnerabilityScanners: reverted (0.0084s)Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
- [-] Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
- [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec - [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Mehmet Emin INAC