Set finding_uuid while creating feedback records

690c4776 · Mehmet Emin INAC · Igor Drozdov · da7bb81a · 690c4776 · 690c4776
Commit 690c4776 authored Dec 28, 2020 by Mehmet Emin INAC Committed by Igor Drozdov Dec 28, 2020
6 changed files
--- a/ee/app/models/vulnerabilities/finding.rb
+++ b/ee/app/models/vulnerabilities/finding.rb
@@ -361,6 +361,12 @@ module Vulnerabilities
      self.class.confidences[self.confidence]
    end

+    # We will eventually have only UUIDv5 values for the `uuid`
+    # attribute of the finding records.
+    def uuid_v5
+      Gitlab::UUID.v5?(uuid) ? uuid : Gitlab::UUID.v5(uuid_v5_name)
+    end
+
    protected

    def first_fingerprint
@@ -376,5 +382,14 @@ module Vulnerabilities
        project_fingerprint: project_fingerprint
      }
    end
+
+    def uuid_v5_name
+      [
+        report_type,
+        primary_identifier.fingerprint,
+        location_fingerprint,
+        project_id
+      ].join('-')
+    end
  end
 end
--- a/ee/app/services/vulnerabilities/dismiss_service.rb
+++ b/ee/app/services/vulnerabilities/dismiss_service.rb
@@ -46,6 +46,7 @@ module Vulnerabilities
        project_fingerprint: finding.project_fingerprint,
        comment: @comment,
        pipeline: @project.latest_pipeline_with_security_reports(only_successful: true),
+        finding_uuid: finding.uuid_v5,
        dismiss_vulnerability: false
      }
    end

--- a/ee/spec/models/vulnerabilities/finding_spec.rb
+++ b/ee/spec/models/vulnerabilities/finding_spec.rb
@@ -876,4 +876,45 @@ RSpec.describe Vulnerabilities::Finding do
      expect(subject).to eq({ "test" => true })
    end
  end
+
+  describe '#uuid_v5' do
+    let(:project) { create(:project) }
+    let(:report_type) { :sast }
+    let(:identifier_fingerprint) { 'fooo' }
+    let(:location_fingerprint) { 'zooo' }
+    let(:identifier) { build(:vulnerabilities_identifier, fingerprint: identifier_fingerprint) }
+    let(:expected_uuid) { 'this-is-supposed-to-a-uuid' }
+    let(:finding) do
+      build(:vulnerabilities_finding, report_type,
+            uuid: uuid,
+            project: project,
+            primary_identifier: identifier,
+            location_fingerprint: location_fingerprint)
+    end
+
+    subject(:uuid_v5) { finding.uuid_v5 }
+
+    before do
+      allow(::Gitlab::UUID).to receive(:v5).and_return(expected_uuid)
+    end
+
+    context 'when the finding has a version 4 uuid' do
+      let(:uuid) { SecureRandom.uuid }
+      let(:uuid_name_value) { "#{report_type}-#{identifier_fingerprint}-#{location_fingerprint}-#{project.id}" }
+
+      it 'returns the calculated uuid for the finding' do
+        expect(uuid_v5).to eq(expected_uuid)
+        expect(::Gitlab::UUID).to have_received(:v5).with(uuid_name_value)
+      end
+    end
+
+    context 'when the finding has a version 5 uuid' do
+      let(:uuid) { '6756ebb6-8465-5c33-9af9-c5c8b117aefb' }
+
+      it 'returns the uuid of the finding' do
+        expect(uuid_v5).to eq(uuid)
+        expect(::Gitlab::UUID).not_to have_received(:v5)
+      end
+    end
+  end
 end
--- a/ee/spec/services/vulnerabilities/dismiss_service_spec.rb
+++ b/ee/spec/services/vulnerabilities/dismiss_service_spec.rb
@@ -41,13 +41,14 @@ RSpec.describe Vulnerabilities::DismissService do
    end

    context 'when the `dismiss_findings` argument is not false' do
-      it 'dismisses a vulnerability and its associated findings' do
+      it 'dismisses a vulnerability and its associated findings with correct attributes' do
        freeze_time do
          dismiss_vulnerability

          expect(vulnerability.reload).to(
            have_attributes(state: 'dismissed', dismissed_by: user, dismissed_at: be_like_time(Time.current)))
          expect(vulnerability.findings).to all have_vulnerability_dismissal_feedback
+          expect(vulnerability.finding.dismissal_feedback.finding_uuid).to eq(vulnerability.finding.uuid_v5)
        end
      end
    end

--- a/lib/gitlab/uuid.rb
+++ b/lib/gitlab/uuid.rb
@@ -9,6 +9,7 @@ module Gitlab
      production: "58dc0f06-936c-43b3-93bb-71693f1b6570"
    }.freeze

+    UUID_V5_PATTERN = /\h{8}-\h{4}-5\h{3}-\h{4}-\h{4}\h{8}/.freeze
    NAMESPACE_REGEX = /(\h{8})-(\h{4})-(\h{4})-(\h{4})-(\h{4})(\h{8})/.freeze
    PACK_PATTERN = "NnnnnN".freeze

@@ -17,6 +18,10 @@ module Gitlab
        Digest::UUID.uuid_v5(namespace_id, name)
      end

+      def v5?(string)
+        string.match(UUID_V5_PATTERN).present?
+      end
+
      private

      def default_namespace_id

--- a/spec/lib/gitlab/uuid_spec.rb
+++ b/spec/lib/gitlab/uuid_spec.rb
@@ -49,4 +49,23 @@ RSpec.describe Gitlab::UUID do
      it { is_expected.to eq(production_proper_uuid) }
    end
  end
+
+  describe 'v5?' do
+    using RSpec::Parameterized::TableSyntax
+
+    where(:test_string, :is_uuid_v5) do
+      'not even a uuid'                      | false
+      'this-seems-like-a-uuid'               | false
+      'thislook-more-5lik-eava-liduuidbutno' | false
+      '9f470438-db0f-37b7-9ca9-1d47104c339a' | false
+      '9f470438-db0f-47b7-9ca9-1d47104c339a' | false
+      '9f470438-db0f-57b7-9ca9-1d47104c339a' | true
+    end
+
+    with_them do
+      subject { described_class.v5?(test_string) }
+
+      it { is_expected.to be(is_uuid_v5) }
+    end
+  end
 end