Merge branch 'sk/342025-fix-vuln-location' into 'master'

Fix nil value in location column in vulnerability_occurrences See merge request gitlab-org/gitlab!72224

Merge branch 'sk/342025-fix-vuln-location' into 'master'
Fix nil value in location column in vulnerability_occurrences See merge request gitlab-org/gitlab!72224
5389c736 · James Fargher · c83f9af2 · 9f192fd6 · 5389c736 · 5389c736
Commit 5389c736 authored Oct 20, 2021 by James Fargher
Showing with 20 additions and 2 deletions

ee/app/services/security/store_report_service.rb ee/app/services/security/store_report_service.rb +3 -2

ee/spec/services/security/store_report_service_spec.rb ee/spec/services/security/store_report_service_spec.rb +17 -0

No files found.
--- a/ee/app/services/security/store_report_service.rb
+++ b/ee/app/services/security/store_report_service.rb
@@ -88,14 +88,15 @@ module Security
      end

      vulnerability_params = finding.to_hash.except(:compare_key, :identifiers, :location, :scanner, :scan, :links, :signatures, :flags)
-      entity_params = Gitlab::Json.parse(vulnerability_params&.dig(:raw_metadata)).slice('description', 'message', 'solution', 'cve', 'location')
+      entity_params = Gitlab::Json.parse(vulnerability_params&.dig(:raw_metadata)).slice('description', 'message', 'solution', 'cve', 'location').symbolize_keys
+
      # Vulnerabilities::Finding (`vulnerability_occurrences`)
      vulnerability_finding = vulnerability_findings_by_uuid[finding.uuid] ||
        find_or_create_vulnerability_finding(finding, vulnerability_params.merge(entity_params))

      vulnerability_finding_to_finding_map[vulnerability_finding] = finding

-      update_vulnerability_finding(vulnerability_finding, vulnerability_params)
+      update_vulnerability_finding(vulnerability_finding, vulnerability_params.merge(location: entity_params[:location]))
      reset_remediations_for(vulnerability_finding, finding)

      if project.licensed_feature_available?(:vulnerability_finding_signatures)

--- a/ee/spec/services/security/store_report_service_spec.rb
+++ b/ee/spec/services/security/store_report_service_spec.rb
@@ -749,4 +749,21 @@ RSpec.describe Security::StoreReportService, '#execute', :snowplow do
        .and change { Vulnerabilities::Finding.last.location['end_line'] }.from(29).to(30)
    end
  end
+
+  context 'for container scanning' do
+    let(:trait) { :container_scanning }
+
+    before do
+      stub_licensed_features(container_scanning: true, security_dashboard: true)
+
+      allow(pipeline).to receive(:user).and_return(project.owner)
+    end
+
+    it 'populates finding location' do
+      subject
+
+      last_finding = Vulnerabilities::Finding.last
+      expect(last_finding.read_attribute(:location)).to eq(last_finding.location)
+    end
+  end
 end