Merge branch 'do_not_propagate_the_parse_error_to_callers' into 'master'

Don't propagate the parse errors to the client for `vulnerability_findings` endpoint

See merge request gitlab-org/gitlab!73988

ee/lib/api/vulnerability_findings.rb

@@ -26,6 +26,9 @@ module API
         end
       end
 
+      # We are using this fallback to provide an early response to the users
+      # until the `security_findings` are stored.
+      # We will remove this fallback by https://gitlab.com/gitlab-org/gitlab/-/issues/334488
       def with_vulnerabilities_finder
         aggregated_report = Security::PipelineVulnerabilitiesFinder.new(pipeline: pipeline, params: declared_params).execute
 
@@ -35,6 +38,8 @@ module API
         # See https://gitlab.com/gitlab-org/gitlab/issues/33588#note_291849433
         # for discussion
         paginate(Kaminari.paginate_array(aggregated_report.findings))
+      rescue Security::PipelineVulnerabilitiesFinder::ParseError
+        paginate(Kaminari.paginate_array([]))
       end
 
       def with_adaptive_finder

ee/spec/requests/api/vulnerability_findings_spec.rb

@@ -100,6 +100,20 @@ RSpec.describe API::VulnerabilityFindings do
 
             expect(Security::PipelineVulnerabilitiesFinder).to have_received(:new)
           end
+
+          context 'when the `Security::PipelineVulnerabilitiesFinder` raises exception' do
+            before do
+              allow_next_instance_of(Security::PipelineVulnerabilitiesFinder) do |finder|
+                allow(finder).to receive(:execute).and_raise(Security::PipelineVulnerabilitiesFinder::ParseError.new('failed'))
+              end
+            end
+
+            it 'does not propagate the error to the client' do
+              get api(project_vulnerability_findings_path, user), params: pagination
+
+              expect(response).to have_gitlab_http_status(:ok)
+            end
+          end
         end
       end