Commit dd8eeb87 authored by Igor Drozdov's avatar Igor Drozdov

Merge branch 'set_finding_uuid_on_feedback_services' into 'master'

Set finding_uuid while creating feedback records

See merge request gitlab-org/gitlab!50495
parents 4ce3142e 690c4776
...@@ -361,6 +361,12 @@ module Vulnerabilities ...@@ -361,6 +361,12 @@ module Vulnerabilities
self.class.confidences[self.confidence] self.class.confidences[self.confidence]
end end
# We will eventually have only UUIDv5 values for the `uuid`
# attribute of the finding records.
def uuid_v5
Gitlab::UUID.v5?(uuid) ? uuid : Gitlab::UUID.v5(uuid_v5_name)
end
protected protected
def first_fingerprint def first_fingerprint
...@@ -376,5 +382,14 @@ module Vulnerabilities ...@@ -376,5 +382,14 @@ module Vulnerabilities
project_fingerprint: project_fingerprint project_fingerprint: project_fingerprint
} }
end end
def uuid_v5_name
[
report_type,
primary_identifier.fingerprint,
location_fingerprint,
project_id
].join('-')
end
end end
end end
...@@ -46,6 +46,7 @@ module Vulnerabilities ...@@ -46,6 +46,7 @@ module Vulnerabilities
project_fingerprint: finding.project_fingerprint, project_fingerprint: finding.project_fingerprint,
comment: @comment, comment: @comment,
pipeline: @project.latest_pipeline_with_security_reports(only_successful: true), pipeline: @project.latest_pipeline_with_security_reports(only_successful: true),
finding_uuid: finding.uuid_v5,
dismiss_vulnerability: false dismiss_vulnerability: false
} }
end end
......
...@@ -876,4 +876,45 @@ RSpec.describe Vulnerabilities::Finding do ...@@ -876,4 +876,45 @@ RSpec.describe Vulnerabilities::Finding do
expect(subject).to eq({ "test" => true }) expect(subject).to eq({ "test" => true })
end end
end end
describe '#uuid_v5' do
let(:project) { create(:project) }
let(:report_type) { :sast }
let(:identifier_fingerprint) { 'fooo' }
let(:location_fingerprint) { 'zooo' }
let(:identifier) { build(:vulnerabilities_identifier, fingerprint: identifier_fingerprint) }
let(:expected_uuid) { 'this-is-supposed-to-a-uuid' }
let(:finding) do
build(:vulnerabilities_finding, report_type,
uuid: uuid,
project: project,
primary_identifier: identifier,
location_fingerprint: location_fingerprint)
end
subject(:uuid_v5) { finding.uuid_v5 }
before do
allow(::Gitlab::UUID).to receive(:v5).and_return(expected_uuid)
end
context 'when the finding has a version 4 uuid' do
let(:uuid) { SecureRandom.uuid }
let(:uuid_name_value) { "#{report_type}-#{identifier_fingerprint}-#{location_fingerprint}-#{project.id}" }
it 'returns the calculated uuid for the finding' do
expect(uuid_v5).to eq(expected_uuid)
expect(::Gitlab::UUID).to have_received(:v5).with(uuid_name_value)
end
end
context 'when the finding has a version 5 uuid' do
let(:uuid) { '6756ebb6-8465-5c33-9af9-c5c8b117aefb' }
it 'returns the uuid of the finding' do
expect(uuid_v5).to eq(uuid)
expect(::Gitlab::UUID).not_to have_received(:v5)
end
end
end
end end
...@@ -41,13 +41,14 @@ RSpec.describe Vulnerabilities::DismissService do ...@@ -41,13 +41,14 @@ RSpec.describe Vulnerabilities::DismissService do
end end
context 'when the `dismiss_findings` argument is not false' do context 'when the `dismiss_findings` argument is not false' do
it 'dismisses a vulnerability and its associated findings' do it 'dismisses a vulnerability and its associated findings with correct attributes' do
freeze_time do freeze_time do
dismiss_vulnerability dismiss_vulnerability
expect(vulnerability.reload).to( expect(vulnerability.reload).to(
have_attributes(state: 'dismissed', dismissed_by: user, dismissed_at: be_like_time(Time.current))) have_attributes(state: 'dismissed', dismissed_by: user, dismissed_at: be_like_time(Time.current)))
expect(vulnerability.findings).to all have_vulnerability_dismissal_feedback expect(vulnerability.findings).to all have_vulnerability_dismissal_feedback
expect(vulnerability.finding.dismissal_feedback.finding_uuid).to eq(vulnerability.finding.uuid_v5)
end end
end end
end end
......
...@@ -9,6 +9,7 @@ module Gitlab ...@@ -9,6 +9,7 @@ module Gitlab
production: "58dc0f06-936c-43b3-93bb-71693f1b6570" production: "58dc0f06-936c-43b3-93bb-71693f1b6570"
}.freeze }.freeze
UUID_V5_PATTERN = /\h{8}-\h{4}-5\h{3}-\h{4}-\h{4}\h{8}/.freeze
NAMESPACE_REGEX = /(\h{8})-(\h{4})-(\h{4})-(\h{4})-(\h{4})(\h{8})/.freeze NAMESPACE_REGEX = /(\h{8})-(\h{4})-(\h{4})-(\h{4})-(\h{4})(\h{8})/.freeze
PACK_PATTERN = "NnnnnN".freeze PACK_PATTERN = "NnnnnN".freeze
...@@ -17,6 +18,10 @@ module Gitlab ...@@ -17,6 +18,10 @@ module Gitlab
Digest::UUID.uuid_v5(namespace_id, name) Digest::UUID.uuid_v5(namespace_id, name)
end end
def v5?(string)
string.match(UUID_V5_PATTERN).present?
end
private private
def default_namespace_id def default_namespace_id
......
...@@ -49,4 +49,23 @@ RSpec.describe Gitlab::UUID do ...@@ -49,4 +49,23 @@ RSpec.describe Gitlab::UUID do
it { is_expected.to eq(production_proper_uuid) } it { is_expected.to eq(production_proper_uuid) }
end end
end end
describe 'v5?' do
using RSpec::Parameterized::TableSyntax
where(:test_string, :is_uuid_v5) do
'not even a uuid' | false
'this-seems-like-a-uuid' | false
'thislook-more-5lik-eava-liduuidbutno' | false
'9f470438-db0f-37b7-9ca9-1d47104c339a' | false
'9f470438-db0f-47b7-9ca9-1d47104c339a' | false
'9f470438-db0f-57b7-9ca9-1d47104c339a' | true
end
with_them do
subject { described_class.v5?(test_string) }
it { is_expected.to be(is_uuid_v5) }
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment