Telemetry of false-positive flag for vulnerability_finding

40a57f28 · Saikat Sarkar · 1b70d217 · 40a57f28 · 40a57f28
Commit 40a57f28 authored Aug 25, 2021 by Saikat Sarkar
Showing with 31 additions and 3 deletions

ee/app/services/security/store_report_service.rb ee/app/services/security/store_report_service.rb +10 -0

ee/spec/services/security/store_report_service_spec.rb ee/spec/services/security/store_report_service_spec.rb +21 -3

No files found.
--- a/ee/app/services/security/store_report_service.rb
+++ b/ee/app/services/security/store_report_service.rb
@@ -269,11 +269,21 @@ module Security
        records.uniq!

        Vulnerabilities::Flag.insert_all(records) if records.present?
+
+        track_events(records) if records.present?
      end
    rescue StandardError => e
      Gitlab::ErrorTracking.track_exception(e, project_id: project.id, pipeline_id: pipeline.id)
    end

+    def track_events(records)
+      records.each do |record|
+        Gitlab::Tracking.event(
+          self.class.to_s, 'flag_vulnerability', label: record[:flag_type].to_s
+        )
+      end
+    end
+
    def update_vulnerability_links_info
      timestamps = { created_at: Time.current, updated_at: Time.current }


--- a/ee/spec/services/security/store_report_service_spec.rb
+++ b/ee/spec/services/security/store_report_service_spec.rb
@@ -2,7 +2,7 @@

 require 'spec_helper'

-RSpec.describe Security::StoreReportService, '#execute' do
+RSpec.describe Security::StoreReportService, '#execute', :snowplow do
  using RSpec::Parameterized::TableSyntax

  let_it_be(:user) { create(:user) }
@@ -67,7 +67,19 @@ RSpec.describe Security::StoreReportService, '#execute' do

          context 'vulnerability flags' do
            it 'inserts all finding flags' do
-              expect { subject }.to change(Vulnerabilities::Flag, :count).by(finding_flags)
+              expect { subject }.to change { Vulnerabilities::Flag.count }.by(finding_flags)
+            end
+
+            it 'tracks the snowplow event' do
+              subject
+
+              if case_name == 'with vulnerability flags'
+                expect_snowplow_event(
+                  category: 'Security::StoreReportService',
+                  action: 'flag_vulnerability',
+                  label: 'false_positive'
+                )
+              end
            end

            context 'with vulnerability_flags disabled' do
@@ -76,7 +88,13 @@ RSpec.describe Security::StoreReportService, '#execute' do
              end

              it 'does not insert any vulnerability flag' do
-                expect { subject }.not_to change(Vulnerabilities::Flag, :count)
+                expect { subject }.to change { Vulnerabilities::Flag.count }.by(0)
+              end
+
+              it 'does not track a snowplow event' do
+                subject
+
+                expect_no_snowplow_event
              end
            end
          end