Unique Index for Vulnerability LInks
requested to merge 330882-dependency-scanning-vulnerability-reports-a-lot-of-duplicate-links-index into master
What does this MR do?
This MR adds a unique key index for vulnerability links to prevent duplicate insertion
Screenshots or Screencasts (strongly suggested)
How to setup and validate locally (strongly suggested)
- Start on
master
branch. - Enable the finding link storage
Feature.enable(:vulnerability_finding_replace_metadata)
- Import https://gitlab.com/gitlab-examples/security/security-reports into your local environment.
- Run the pipeline twice.
- Find a vulnerability that has links, usually a Dependency Scanning vulnerability will have some.
- Confirm that there are 2 links for the vulnerability finding
Vulnerability.find(<vulnerability_id>).finding.finding_links.count
- Clear findings table
Vulnerabilities::FindingLink.all.each { |l| l.destroy }
- Go to the
330882-dependency-scanning-vulnerability-reports-a-lot-of-duplicate-links-index
branch and run the database migration (rails db:migrate
) - Run the pipeline twice.
- Confirm that there is only 1 link for the vulnerability finding
Vulnerability.find(<vulnerability_id>).finding.finding_links.count
Does this MR meet the acceptance criteria?
Conformity
-
I have included changelog trailers, or none are needed. (Does this MR need a changelog?) -
I have added/updated documentation, or it's not needed. (Is documentation required?) -
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?) -
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?) -
I have self-reviewed this MR per code review guidelines. -
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines) -
I have followed the style guides. -
This change is backwards compatible across updates, or this does not apply.
Availability and Testing
-
I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.) -
I have tested this MR in all supported browsers, or it's not needed. -
I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.
Database
Migration
== 20210811193033 AddUniqueIndexToVulnerabilityFindingLinks: migrating ========
-- transaction_open?()
-> 0.0000s
-- index_exists?(:vulnerability_finding_links, [:vulnerability_occurrence_id, :name, :url], {:unique=>true, :name=>"finding_link_name_url_idx", :algorithm=>:concurrently})
-> 0.0039s
-- execute("SET statement_timeout TO 0")
-> 0.0005s
-- add_index(:vulnerability_finding_links, [:vulnerability_occurrence_id, :name, :url], {:unique=>true, :name=>"finding_link_name_url_idx", :algorithm=>:concurrently})
-> 0.0033s
-- execute("RESET statement_timeout")
-> 0.0004s
-- transaction_open?()
-> 0.0000s
-- index_exists?(:vulnerability_finding_links, [:vulnerability_occurrence_id, :url], {:unique=>true, :where=>"name is null", :name=>"finding_link_url_idx", :algorithm=>:concurrently})
-> 0.0017s
-- add_index(:vulnerability_finding_links, [:vulnerability_occurrence_id, :url], {:unique=>true, :where=>"name is null", :name=>"finding_link_url_idx", :algorithm=>:concurrently})
-> 0.0020s
== 20210811193033 AddUniqueIndexToVulnerabilityFindingLinks: migrated (0.0162s)
Rollback
== 20210811193033 AddUniqueIndexToVulnerabilityFindingLinks: reverting ========
-- transaction_open?()
-> 0.0000s
-- index_exists?(:vulnerability_finding_links, [:vulnerability_occurrence_id, :name, :url], {:name=>"finding_link_name_url_idx", :algorithm=>:concurrently})
-> 0.0031s
-- execute("SET statement_timeout TO 0")
-> 0.0006s
-- remove_index(:vulnerability_finding_links, {:name=>"finding_link_name_url_idx", :algorithm=>:concurrently, :column=>[:vulnerability_occurrence_id, :name, :url]})
-> 0.0082s
-- execute("RESET statement_timeout")
-> 0.0006s
-- transaction_open?()
-> 0.0000s
-- index_exists?(:vulnerability_finding_links, [:vulnerability_occurrence_id, :url], {:name=>"finding_link_url_idx", :algorithm=>:concurrently})
-> 0.0015s
-- remove_index(:vulnerability_finding_links, {:name=>"finding_link_url_idx", :algorithm=>:concurrently, :column=>[:vulnerability_occurrence_id, :url]})
-> 0.0032s
== 20210811193033 AddUniqueIndexToVulnerabilityFindingLinks: reverted (0.0248s)
Related to #330882 (closed)
Edited by Jonathan Schafer