Commit 3599bf45 authored by Luke Duncalfe's avatar Luke Duncalfe

Merge branch '355802-find-or-initialize-scanner-with-project_id' into 'master'

Find or initialize Scanners using project_id

See merge request gitlab-org/gitlab!82923
parents 89829fc8 8090f3da
...@@ -65,10 +65,9 @@ module Vulnerabilities ...@@ -65,10 +65,9 @@ module Vulnerabilities
# In the GraphQL mutation mutation arguments we want to respect the security scanner schema: # In the GraphQL mutation mutation arguments we want to respect the security scanner schema:
# https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/src/security-report-format.json#L339 # https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/src/security-report-format.json#L339
# So the id provided to the mutation is actually external_id in our database # So the id provided to the mutation is actually external_id in our database
Vulnerabilities::Scanner.find_or_initialize_by(external_id: scanner_hash[:id]) do |s| Vulnerabilities::Scanner.find_or_initialize_by(external_id: scanner_hash[:id], project_id: @project.id) do |s|
s.name = scanner_hash[:name] s.name = scanner_hash[:name]
s.vendor = scanner_hash.dig(:vendor, :name).to_s s.vendor = scanner_hash.dig(:vendor, :name).to_s
s.project = @project
end end
end end
# rubocop: enable CodeReuse/ActiveRecord # rubocop: enable CodeReuse/ActiveRecord
......
...@@ -10,6 +10,7 @@ RSpec.describe Vulnerabilities::ManuallyCreateService do ...@@ -10,6 +10,7 @@ RSpec.describe Vulnerabilities::ManuallyCreateService do
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
let(:project) { create(:project) } # cannot use let_it_be here: caching causes problems with permission-related tests let(:project) { create(:project) } # cannot use let_it_be here: caching causes problems with permission-related tests
let(:different_project) { create(:project) }
subject { described_class.new(project, user, params: params).execute } subject { described_class.new(project, user, params: params).execute }
...@@ -108,10 +109,21 @@ RSpec.describe Vulnerabilities::ManuallyCreateService do ...@@ -108,10 +109,21 @@ RSpec.describe Vulnerabilities::ManuallyCreateService do
end end
context 'when Scanner already exists' do context 'when Scanner already exists' do
let!(:scanner) { create(:vulnerabilities_scanner, external_id: scanner_attributes[:id]) } let!(:scanner) { create(:vulnerabilities_scanner, external_id: scanner_attributes[:id], project: project) }
it 'does not create a new Scanner' do it 'does not create a new Scanner' do
expect { subject }.to change(Vulnerabilities::Scanner, :count).by(0) expect { subject }.to change(Vulnerabilities::Scanner, :count).by(0)
expect(vulnerability.finding.scanner_id).to eq(scanner.id)
end
end
# See https://gitlab.com/gitlab-org/gitlab/-/issues/355802#note_874700035
context 'when Scanner with the same name exists in a different project' do
let!(:scanner) { create(:vulnerabilities_scanner, external_id: scanner_attributes[:id], project: different_project) }
it 'creates a new Scanner in the correct project', :aggregate_failures do
expect { subject }.to change(Vulnerabilities::Scanner, :count).by(1)
expect(vulnerability.finding.scanner_id).not_to eq(scanner.id)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment