Fix locations for vulnerabilities created via api
What does this MR do and why?
Describe in detail what your merge request does and why.
This MR fixes #347145 (closed).
Vulnerability creation APIs were setting finding.raw_metadata to a Hash. However, raw_metadata is a text field rather than jsonb, which means that raw_metadata needs to be converted to JSON. This MR does the following:
- Begin making using of the
locationfield in vulnerability creation APIs. This field isjsonbrather thantextand will eventually replaceraw_metadata. - Fix how the vulnerability creation APIs populate
raw_metadataby making them pass JSON rather than a Hash. - Create a background migration which fixes the existing records in the database.
Query Plans
| Purpose | Query | Plan Link |
|---|---|---|
| Queue batches of IDs | SELECT "vulnerability_occurrences"."id" FROM "vulnerability_occurrences" WHERE "vulnerability_occurrences"."report_type" IN (7, 99) AND "vulnerability_occurrences"."id" >= 1 ORDER BY "vulnerability_occurrences"."id" ASC LIMIT 500 |
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/7854/commands/28054 |
| Get min and max ID | SELECT MIN("vulnerability_occurrences"."id"), MAX("vulnerability_occurrences"."id") FROM "vulnerability_occurrences" WHERE "vulnerability_occurrences"."report_type" IN (7, 99) AND "vulnerability_occurrences"."id" >= 20000000 AND "vulnerability_occurrences"."id" < 20000500 |
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/7854/commands/28056 |
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Brian Williams