Add vulnerability_advisories and sbom_vulnerable_component_versions tables (!95622) · Merge requests · GitLab.org / GitLab

Dominic Bauer requested to merge 367316-add-vulnerability_advisories-database-table-and-model into master Aug 17, 2022

What does this MR do and why?

Adds two tables and accompanying models:

vulnerability_advisories/Vulnerabilities::Advisory
sbom_vulnerable_component_versions/Sbom::VulnerableComponentVersion

Migration

Up

main: == 20220815152905 CreateVulnerabilityAdvisories: migrating ====================
main: -- create_table(:vulnerability_advisories, {:id=>false})
main: -- quote_column_name(:description)
main:    -> 0.0000s
main: -- quote_column_name(:title)
main:    -> 0.0000s
main: -- quote_column_name(:component_name)
main:    -> 0.0000s
main: -- quote_column_name(:solution)
main:    -> 0.0000s
main: -- quote_column_name(:not_impacted)
main:    -> 0.0000s
main: -- quote_column_name(:cvss_v2)
main:    -> 0.0000s
main: -- quote_column_name(:cvss_v3)
main:    -> 0.0000s
main: -- quote_column_name(:affected_range)
main:    -> 0.0000s
main:    -> 0.0238s
main: == 20220815152905 CreateVulnerabilityAdvisories: migrated (0.0245s) ===========

main: == 20220816135816 CreateSbomVulnerableComponentVersions: migrating ============
main: -- create_table(:sbom_vulnerable_component_versions, {})
main:    -> 0.0085s
main: == 20220816135816 CreateSbomVulnerableComponentVersions: migrated (0.0086s) ===

main: == 20220819153725 AddVulnerabilityAdvisoryForeignKeyToSbomVulnerableComponentVersions: migrating
main: -- transaction_open?()
main:    -> 0.0000s
main: -- foreign_keys(:sbom_vulnerable_component_versions)
main:    -> 0.0059s
main: -- transaction_open?()
main:    -> 0.0000s
main: -- execute("ALTER TABLE sbom_vulnerable_component_versions\nADD CONSTRAINT fk_d720a1959a\nFOREIGN KEY (vulnerability_advisory_id)\nREFERENCES vulnerability_advisories (id)\nON DELETE CASCADE\nNOT VALID;\n")
main:    -> 0.0027s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0004s
main: -- execute("ALTER TABLE sbom_vulnerable_component_versions VALIDATE CONSTRAINT fk_d720a1959a;")
main:    -> 0.0015s
main: -- execute("RESET statement_timeout")
main:    -> 0.0004s
main: == 20220819153725 AddVulnerabilityAdvisoryForeignKeyToSbomVulnerableComponentVersions: migrated (0.0209s)

main: == 20220819162852 AddSbomComponentVersionForeignKeyToSbomVulnerableComponentVersions: migrating
main: -- transaction_open?()
main:    -> 0.0000s
main: -- foreign_keys(:sbom_vulnerable_component_versions)
main:    -> 0.0032s
main: -- transaction_open?()
main:    -> 0.0000s
main: -- execute("ALTER TABLE sbom_vulnerable_component_versions\nADD CONSTRAINT fk_8a2a1197f9\nFOREIGN KEY (sbom_component_version_id)\nREFERENCES sbom_component_versions (id)\nON DELETE CASCADE\nNOT VALID;\n")
main:    -> 0.0017s
main: -- execute("ALTER TABLE sbom_vulnerable_component_versions VALIDATE CONSTRAINT fk_8a2a1197f9;")
main:    -> 0.0019s
main: == 20220819162852 AddSbomComponentVersionForeignKeyToSbomVulnerableComponentVersions: migrated (0.0099s)

Down

main: == 20220819162852 AddSbomComponentVersionForeignKeyToSbomVulnerableComponentVersions: reverting
main: -- transaction_open?()
main:    -> 0.0000s
main: -- remove_foreign_key(:sbom_vulnerable_component_versions, {:column=>:sbom_component_version_id})
main:    -> 0.0127s
main: == 20220819162852 AddSbomComponentVersionForeignKeyToSbomVulnerableComponentVersions: reverted (0.0323s)

main: == 20220819153725 AddVulnerabilityAdvisoryForeignKeyToSbomVulnerableComponentVersions: reverting
main: -- transaction_open?()
main:    -> 0.0000s
main: -- remove_foreign_key(:sbom_vulnerable_component_versions, {:column=>:vulnerability_advisory_id})
main:    -> 0.0049s
main: == 20220819153725 AddVulnerabilityAdvisoryForeignKeyToSbomVulnerableComponentVersions: reverted (0.0081s)

main: == 20220816135816 CreateSbomVulnerableComponentVersions: reverting ============
main: -- drop_table(:sbom_vulnerable_component_versions, {})
main:    -> 0.0027s
main: == 20220816135816 CreateSbomVulnerableComponentVersions: reverted (0.0055s) ===

main: == 20220815152905 CreateVulnerabilityAdvisories: reverting ====================
main: -- drop_table(:vulnerability_advisories, {:id=>false})
main:    -> 0.0023s
main: == 20220815152905 CreateVulnerabilityAdvisories: reverted (0.0024s) ===========

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #367316 (closed)

Edited Aug 22, 2022 by Dominic Bauer

Add vulnerability_advisories and sbom_vulnerable_component_versions tables

What does this MR do and why?

Migration

Up

Down

MR acceptance checklist

Merge request reports