Merge branch '263497-add-details-column-to-vulnerability-findings' into 'master'

Add details column to vulnerability findings table See merge request gitlab-org/gitlab!49005

Merge branch '263497-add-details-column-to-vulnerability-findings' into 'master'
Add details column to vulnerability findings table See merge request gitlab-org/gitlab!49005
4a92beb1 · Rémy Coutable · 7747578d · bd862761 · 4a92beb1 · 4a92beb1
Commit 4a92beb1 authored Dec 03, 2020 by Rémy Coutable
7 changed files
--- a/app/validators/json_schemas/vulnerability_finding_details.json
+++ b/app/validators/json_schemas/vulnerability_finding_details.json
+{
+  "type": "object",
+  "description": "The schema for vulnerability finding details",
+  "additionalProperties": false
+}
--- a/changelogs/unreleased/263497-add-details-column-to-vulnerability-findings.yml
+++ b/changelogs/unreleased/263497-add-details-column-to-vulnerability-findings.yml
+---
+title: Add details column to vulnerability findings table
+merge_request: 49005
+author:
+type: added
--- a/db/migrate/20201202150001_add_details_to_vulnerability_findings.rb
+++ b/db/migrate/20201202150001_add_details_to_vulnerability_findings.rb
+# frozen_string_literal: true
+
+class AddDetailsToVulnerabilityFindings < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def up
+    with_lock_retries do
+      add_column :vulnerability_occurrences, :details, :jsonb, default: {}, null: false
+    end
+  end
+
+  def down
+    with_lock_retries do
+      remove_column :vulnerability_occurrences, :details
+    end
+  end
+end
--- a/db/schema_migrations/20201202150001
+++ b/db/schema_migrations/20201202150001
+af9d8c7cda142e2a96a289ebd7afef73367bd544a60794c9e0414c7b82bef8a2
\ No newline at end of file
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -17539,7 +17539,8 @@ CREATE TABLE vulnerability_occurrences (
    name character varying NOT NULL,
    metadata_version character varying NOT NULL,
    raw_metadata text NOT NULL,
-    vulnerability_id bigint
+    vulnerability_id bigint,
+    details jsonb DEFAULT '{}'::jsonb NOT NULL
 );

 CREATE SEQUENCE vulnerability_occurrences_id_seq

--- a/ee/app/models/vulnerabilities/finding.rb
+++ b/ee/app/models/vulnerabilities/finding.rb
@@ -34,6 +34,8 @@ module Vulnerabilities
    has_many :finding_pipelines, class_name: 'Vulnerabilities::FindingPipeline', inverse_of: :finding, foreign_key: 'occurrence_id'
    has_many :pipelines, through: :finding_pipelines, class_name: 'Ci::Pipeline'

+    serialize :config_options, Serializers::JSON # rubocop:disable Cop/ActiveRecordSerialize
+
    attr_writer :sha
    attr_accessor :scan

@@ -90,6 +92,7 @@ module Vulnerabilities

    validates :metadata_version, presence: true
    validates :raw_metadata, presence: true
+    validates :details, json_schema: { filename: 'vulnerability_finding_details' }

    delegate :name, :external_id, to: :scanner, prefix: true, allow_nil: true


--- a/ee/spec/models/vulnerabilities/finding_spec.rb
+++ b/ee/spec/models/vulnerabilities/finding_spec.rb
@@ -36,6 +36,23 @@ RSpec.describe Vulnerabilities::Finding do
    it { is_expected.to validate_presence_of(:raw_metadata) }
    it { is_expected.to validate_presence_of(:severity) }
    it { is_expected.to validate_presence_of(:confidence) }
+
+    context 'when value for details field is valid' do
+      it 'is valid' do
+        finding.details = {}
+
+        expect(finding).to be_valid
+      end
+    end
+
+    context 'when value for details field is invalid' do
+      it 'returns errors' do
+        finding.details = { invalid: 'data' }
+
+        expect(finding).to be_invalid
+        expect(finding.errors.full_messages).to eq(["Details must be a valid json schema"])
+      end
+    end
  end

  context 'database uniqueness' do