Commit 80e79c7a authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Mark vulnerabilities as not resolved on default branch on ingestion

It's possible that a vulnerability can be marked as resolved on default
branch that later can be re-introduced by a new pipeline. In that case
we need to mark it as not resolved on default branch.

Changelog: fixed
EE: true
parent ba14ce92
......@@ -23,6 +23,7 @@ module Security
title: report_finding.name.truncate(::Issuable::TITLE_LENGTH_MAX),
severity: report_finding.severity,
confidence: report_finding.confidence,
resolved_on_default_branch: false,
updated_at: Time.zone.now
}
end
......
......@@ -7,20 +7,24 @@ RSpec.describe Security::Ingestion::Tasks::IngestVulnerabilities do
let_it_be(:user) { create(:user) }
let_it_be(:pipeline) { create(:ci_pipeline, user: user) }
let_it_be(:identifier) { create(:vulnerabilities_identifier) }
let_it_be(:existing_vulnerability) { create(:vulnerability, :detected, :with_finding, resolved_on_default_branch: true) }
let(:finding_maps) { create_list(:finding_map, 4) }
let(:existing_finding) { create(:vulnerabilities_finding, :detected) }
subject(:ingest_vulnerabilities) { described_class.new(pipeline, finding_maps).execute }
before do
finding_maps.first.vulnerability_id = existing_finding.vulnerability_id
finding_maps.first.vulnerability_id = existing_vulnerability.id
finding_maps.each { |finding_map| finding_map.identifier_ids << identifier.id }
end
it 'ingests vulnerabilities' do
it 'creates new vulnerabilities' do
expect { ingest_vulnerabilities }.to change { Vulnerability.count }.by(3)
end
it 'marks the existing vulnerability as not resolved on default branch' do
expect { ingest_vulnerabilities }.to change { existing_vulnerability.reload.resolved_on_default_branch }.to(false)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment