Starboard int. API: Query existing vulnerability by UUID

54068f92 · Dominic Bauer · 1370b083 · 54068f92 · 54068f92 · 54068f92
Commit 54068f92 authored Feb 11, 2022 by Dominic Bauer
4 changed files
--- a/ee/app/models/ee/vulnerability.rb
+++ b/ee/app/models/ee/vulnerability.rb
@@ -72,6 +72,7 @@ module EE

      scope :with_author_and_project, -> { includes(:author, :project) }
      scope :with_findings, -> { includes(:findings) }
+      scope :with_findings_by_uuid, -> (uuid) { with_findings.where(findings: { uuid: uuid }) }
      scope :with_findings_by_uuid_and_state, -> (uuid, state) { with_findings.where(findings: { uuid: uuid }, state: state) }
      scope :with_findings_scanner_and_identifiers, -> { includes(findings: [:scanner, :identifiers, finding_identifiers: :identifier]) }
      scope :with_created_issue_links_and_issues, -> { includes(created_issue_links: :issue) }

--- a/ee/app/services/vulnerabilities/starboard_vulnerability_create_service.rb
+++ b/ee/app/services/vulnerabilities/starboard_vulnerability_create_service.rb
@@ -30,6 +30,10 @@ module Vulnerabilities
        solution: vulnerability_hash[:solution]
      )

+      if existing_vulnerability = Vulnerability.with_findings_by_uuid(finding.uuid).first
+        return ServiceResponse.success(payload: { vulnerability: existing_vulnerability })
+      end
+
      Vulnerability.transaction do
        vulnerability.save!
        finding.save!
@@ -39,9 +43,6 @@ module Vulnerabilities

        ServiceResponse.success(payload: { vulnerability: vulnerability })
      end
-    rescue ActiveRecord::RecordNotUnique
-      # Requests to this service should be idempotent, so we will return success and do nothing.
-      ServiceResponse.success
    rescue ActiveRecord::RecordInvalid => e
      ServiceResponse.error(message: e.message)
    end

--- a/ee/spec/models/ee/vulnerability_spec.rb
+++ b/ee/spec/models/ee/vulnerability_spec.rb
@@ -832,6 +832,28 @@ RSpec.describe Vulnerability do
    end
  end

+  describe '.with_findings_by_uuid' do
+    let_it_be(:vulnerability) { create(:vulnerability) }
+
+    let(:uuid) { [SecureRandom.uuid] }
+
+    subject { described_class.with_findings_by_uuid(uuid) }
+
+    it { is_expected.to be_empty }
+
+    context 'with findings' do
+      let_it_be(:finding) { create(:vulnerabilities_finding, vulnerability: vulnerability) }
+
+      it { is_expected.to be_empty }
+
+      context 'with matching uuid' do
+        let(:uuid) { [finding.uuid] }
+
+        it { is_expected.to contain_exactly(vulnerability) }
+      end
+    end
+  end
+
  describe '.with_findings_by_uuid_and_state scope' do
    let_it_be(:vulnerability) { create(:vulnerability, state: :detected) }


--- a/ee/spec/requests/api/internal/kubernetes_spec.rb
+++ b/ee/spec/requests/api/internal/kubernetes_spec.rb
@@ -276,6 +276,15 @@ RSpec.describe API::Internal::Kubernetes do
        expect(Vulnerability.all.first.finding.name).to eq(payload[:vulnerability][:name])
      end

+      it 'accepts the same payload twice' do
+        send_request(params: payload)
+        send_request(params: payload)
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(Vulnerability.count).to eq(1)
+        expect(json_response).to match("uuid" => Vulnerability.last.finding.uuid)
+      end
+
      it "responds with the created vulnerability's UUID" do
        send_request(params: payload)