Compute UUID before creating or updating Finding

Additional, minor changes: * Remove debugging logs * Update specs

Compute UUID before creating or updating Finding
Additional, minor changes: * Remove debugging logs * Update specs
5a98e0ce · Michał Zając · Mark Chao · 573a263c · 5a98e0ce · 5a98e0ce
Commit 5a98e0ce authored Oct 29, 2020 by Michał Zając Committed by Mark Chao Nov 05, 2020
3 changed files
--- a/ee/app/services/security/store_report_service.rb
+++ b/ee/app/services/security/store_report_service.rb
@@ -48,6 +48,7 @@ module Security
      end

      vulnerability_params = finding.to_hash.except(:compare_key, :identifiers, :location, :scanner, :scan, :links)
+      vulnerability_params[:uuid] = calculcate_uuid_v5(finding)
      vulnerability_finding = create_or_find_vulnerability_finding(finding, vulnerability_params)

      update_vulnerability_scanner(finding)
@@ -81,8 +82,6 @@ module Security
          .create_with(create_params)
          .find_or_initialize_by(find_params)

-        vulnerability_finding.uuid = calculcate_uuid_v5(vulnerability_finding, find_params)
-
        vulnerability_finding.save!
        vulnerability_finding
      rescue ActiveRecord::RecordNotUnique
@@ -92,11 +91,11 @@ module Security
      end
    end

-    def calculcate_uuid_v5(vulnerability_finding, finding_params)
+    def calculcate_uuid_v5(vulnerability_finding)
      uuid_v5_name_components = {
        report_type: vulnerability_finding.report_type,
-        primary_identifier_fingerprint: vulnerability_finding.primary_identifier&.fingerprint || finding_params.dig(:primary_identifier, :fingerprint),
-        location_fingerprint: vulnerability_finding.location_fingerprint,
+        primary_identifier_fingerprint: vulnerability_finding.primary_fingerprint,
+        location_fingerprint: vulnerability_finding.location.fingerprint,
        project_id: project.id
      }

@@ -106,8 +105,6 @@ module Security

      name = uuid_v5_name_components.values.join('-')

-      Gitlab::AppLogger.debug(message: "Generating UUIDv5 with name: #{name}") if Gitlab.dev_env_or_com?
-
      Gitlab::Vulnerabilities::CalculateFindingUUID.call(name)
    end


--- a/ee/lib/gitlab/ci/reports/security/finding.rb
+++ b/ee/lib/gitlab/ci/reports/security/finding.rb
@@ -97,8 +97,6 @@ module Gitlab
            end
          end

-          protected
-
          def primary_fingerprint
            primary_identifier&.fingerprint
          end

--- a/ee/spec/services/security/store_report_service_spec.rb
+++ b/ee/spec/services/security/store_report_service_spec.rb
@@ -2,6 +2,17 @@

 require 'spec_helper'

+UUID_REGEXP = Regexp.new("^([0-9a-f]{8})-([0-9a-f]{4})-([0-9a-f]{4})-" \
+                         "([0-9a-f]{2})([0-9a-f]{2})-([0-9a-f]{12})$").freeze
+
+def is_uuid_v5?(uuid_string)
+  raise TypeError unless uuid_string.is_a?(String)
+
+  uuid_components = uuid_string.downcase.scan(UUID_REGEXP).first
+  time_hi_and_version = uuid_components[2].to_i(16)
+  (time_hi_and_version >> 12) == 5
+end
+
 RSpec.describe Security::StoreReportService, '#execute' do
  let_it_be(:user) { create(:user) }
  let(:artifact) { create(:ee_ci_job_artifact, trait) }
@@ -57,7 +68,9 @@ RSpec.describe Security::StoreReportService, '#execute' do
      end

      it 'calculates UUIDv5 for all findings' do
-        expect(Vulnerabilities::Finding.pluck(:uuid)).to all(be_a(String))
+        uuids = Vulnerabilities::Finding.pluck(:uuid)
+        expect(uuids).to all(be_a(String))
+        expect(uuids.all? { |uuid| is_uuid_v5?(uuid) }).to be_truthy
      end
    end